Out-of-band management is an important part of managing a data center and even your home lab. What is it exactly, and what are the best out-of-band management solutions for your home lab to maintain access to everything?
Table of contents
- What is Out of Band Management?
- 5 Best Out of Band Management solutions
- Benefits of OOB Management
- Be sure to secure your OOB management
- Wrapping up Out-of-band management
What is Out of Band Management?
Out-of-band management allows you to access network devices like switches and routers (remote consoles to access CLI like you would with serial console ports). You can manage networks (lan, wan), and administer your server resources from “outside” the operating system. In other words, we are not talking about RDP’ing into a Windows box, or SSH’ing into your Linux server. These are in band management). We are referring to the management of your server that is outside the confines of the OS, and that can be done from another location, remotely.
It gives an administrator a range of functionality, including KVM (keyboard, video, mouse, even through a reboot with relatively good performance for applications), console servers, power control (resetting, powering off, powering on, etc), ability to update, and other capabilities, like mounting installation media all protected by authentication and encryption over their company IT infrastructure. You can think of it as a dedicated access mechanism outside your normal network or operating system functionality for maintenance, configuration, troubleshooting, remediation, provisioning, and other activities, even if the server OS or networking is experiencing problems, disruptions with availability, causing outages or other negative impact.
What makes OOB management possible?
Enterprises prefer OOB management since it uses a secondary network connection or management plane (usually dedicated management ports), separate from the production network for resilience, to manage network devices and server infrastructure. Some organizations have a combination of failover ethernet networks with automation that may even failover to LTE connections if hard-line connections are down to administer OOB management services. This may be especially critical in edge environments.
You can get console server connections to the server, even if the server is “down,” crashed, or otherwise unavailable. The same goes for critical network devices. With out-of-band remote management, an engineer can start working on issues to minimize downtime instead of having to take the time to travel physically on-site to the server.
5 Best Out of Band Management solutions
Let’s consider the five best out of band management solutions that you can use if you want to take advantage of out of band management in your home lab environment. We will consider the following:
- Intelligent Platform Management Interface (IPMI)
- TinyPilot, PiKVM, and other IP KVM solutions
- Dell iDRAC
- HP Integrated Lights-Out (iLO)
- Opengear devices
- Intel vPro
- Add-in management cards
1. Intelligent Platform Management Interface (IPMI)
IPMI is one of the solutions I am most familiar with since I have had Supermicro servers in the home lab now for quite some time. All of my Supermicro servers are outfitted with the Supermicro IPMI that allows out-of-band management.
With the Supermicro IPMI connection, you have power controls, HTML5 KVM capabilities, firmware updates, and more. You can mount remote media like ISOs to load operating systems, etc.
You can tag your IPMI management traffic to connect over a separate network, instead of your primary network. With Supermicro servers, you have the choice to use your dedicated management port (preferred as this way you can plumb it into a totally different physical network), or you can use your existing network adapter that will dual as your network connection and management connection for the IPMI interface.
2. TinyPilot, PiKVM, and other IP KVM solutions
Another really cool out-of-band management solution is the Raspberry Pi-based KVM solution. These are relatively inexpensive when compared to enterprise IP KVM solutions. Not long ago, I reviewed the TinyPilot unit, which is a commercial take on the Raspberry PI KVM solutions with really nice proprietary software that makes the experience really great.
These Raspberry Pi KVM devices provide remote console access to servers and enable network administrators to access the server console just like they are physically in front of the console.
Below I have a TinyPilot connection to my new Minisforum MS-01 home lab server and controlling the screen and inputs remotely. I am even in the BIOS making changes.
The limitation with these though is they can only control one device, the device they are connected to. Now, unofficially, there are many who have hacked away at adding other devices in between that can switch between them and have got it working to control multiple devices. Just know this is not supported if you run into issues doing this.
You can check out my review of the TinyPilot here: TinyPilot: Raspberry Pi KVM over IP Solution Review.
3. Dell iDRAC
There are many second-hand Dell PowerEdge servers to be found on eBay and other second-hand markets that can be of incredible value for the home lab. For $100-$300 you can often get a dual processor 512 GB of RAM server with all the enterprise bells and whistles.
I have a fondness of Dell hardware as PowerEdge servers make up the majority of the server environments I have worked with. I really like the hardware configurations and software solutions with the Dell ecosystem, including Dell iDRAC.
If you have worked with the Dell Integrated Dell Remote Access Controller (iDRAC), you know it is a proprietary solution from Dell with comprehensive remote management capabilities. iDRAC operates independently of the server’s CPU and operating system and provides out-of-band management, even when the server is offline for true lights-out capabilities. With iDRAC you get a lot of features, including monitoring, updating, remote KVM, and troubleshooting.
4. HP Integrated Lights-Out (iLO)
HP also offers their version of iDRAC or out-of-band management. Theirs is called Integrated Lights-Out (iLO) technology. Like iDRAC, iLO operates independently of the main operating system, providing remote administration capabilities. iLO allows admins to control servers, even if these are offline, crashed, or otherwise impaired. This can be done remotely.
5. Opengear devices
You may not have heard about Opengear. They offer an OOB solution for enterprise environments that focus on secure remote access and network resilience for accessing critical resources. They are especially used for managing routers, switches, and servers across locations, including edge environments. It features things like advanced console server functionality that allows remote console access to manage devices through console ports.
They also focus on security as part of the solution. They include secure access protocols and encryption for management traffic between admins and network devices. Opengear also operates independently of the primary network, making sure of network accessibility even if a primary link goes down.
6. Intel vPro
Intel vPro technology, integrated into various Intel processors, provides advanced management features. It includes capabilities for remote management, even when the device is powered off or the operating system is unresponsive. Intel vPro utilizes a separate management plane, allowing IT teams to remotely diagnose and repair systems, ensuring business continuity and secure access to network equipment.
I will say the Intel vPro management solutions are a bit unreliable. The Meshcommander tool has been deprecated. The Intel Manageability Commander I have also found to be unreliable with a new vPro machine.
7. Add-in management cards
Several options are available in the market for add-in management cards designed to retro-add OOB management to existing devices and equipment. Common examples include:
- Remote Management Cards: These are designed for servers and workstations, allowing network administrators to gain full control over the system remotely. They typically include features like remote power management, system health monitoring, and the ability to interface with the system independently of its operating system status.
- Network Interface Cards with Management Features: Some network cards come equipped with integrated management features. These not only provide network connectivity but also allow for certain levels of remote management and monitoring, adding an extra layer of functionality to the standard network interface card.
- Specialized KVM Cards: Similar in function to KVM switches, these cards provide KVM-over-IP functionality directly from within a server. This allows for remote console access, which is essential for managing systems without the need for physical presence.
Keep in mind that many of these are specialized and only compatible with a specific vendor or manufacturer, so pay close attention to the details when you purchase.
Benefits of OOB Management
Businesses benefit from OOB management solutions like IPMI, Intel vPro, TinyPilot, Dell iDRAC, and HP iLO products since these offer network management of server hardware in the enterprise with minimal costs in the grand scheme of things for advanced admin tasks. However, these are also very viable in your home lab environment. By using a separate management plane, these solutions help to eliminate the risks associated with in-band network issues, including server crashes, and operating system issues.
As a case in point, I had to reload ESXi on one of my Supermicro hosts remotely and was able to do that with my IPMI connection, all without physically being there with the server. It was a pretty cool feeling to be able to do that remotely.
Be sure to secure your OOB management
One point that is worth considering with OOB management is the attack surface. You are, in a sense, providing another way to administer the server physically. So, there is definitely the potential attack and vulnerability concerns that come with OOB. However, in general, all the security best practices that apply to other systems, apply here. Make sure to use the security features provided by the OOB solution, such as HTTPS, non-admin users, in addition to a dedicated management network.
Some solutions even let you integrate with additional security, such as RADIUS servers for login information. Also, in many cases, OOB management will come with default credentials such as Dell’s iDRAC solution with the well-known account root/calvin. Make sure you change the defaults on these types of systems. Some even consider changing the default port configuration if possible for obscurity. However, these mechanisms are really not that effective anymore. Good
The implementation of OOB management solutions contributes to overall business efficiency. It enables centralized management of network equipment, reduces the need for physical presence at remote locations, and allows for faster response times in managing network issues. Moreover, these solutions enhance network security by separating user and management traffic, safeguarding critical infrastructure.
Wrapping up Out-of-band management
In my opinion, having out-of-band management is one of the requirements I have for managing a home lab and for enterprise organization environments. It just makes life easier from so many different angles. Being limited to only managing a server within the OS and having to rely on OS or even normal network connectivity can lead to some very difficult situations if you are remote from your home lab or enterprise environment.
Solutions like IPMI, TinyPilot, Dell iDRAC, HP iLO, and Intel vPro are just a few of the solutions that can be used for out-of-band management. Keep in mind, there are also add in cards you can buy to add IPMI-type functionality, even USB appliance access. However, many of these cards only work with specific hardware and certain configurations. So, be careful and make sure you are using these in a supported way.