Servers: The Right Compute
cancel
Showing results for 
Search instead for 
Did you mean: 

DMTF’s Redfish a More Secure Alternative to IPMI

ServerExperts

shutterstock_669226204.jpgIntel has just announced the end of life of Intelligent Platform Management Interface (IPMI). The good news? DMTF Redfish standard API offers a more secure alternative for computer interface specifications that help provision and monitor servers.

In 1998 Intel® broke new ground in the industry with the announcement of their Intelligent Platform Management Interface, or IPMI. IPMI introduced a new way to standardize on provisioning and managing of servers, and in the ensuing years, IPMI was leveraged by many technology vendors, including Hewlett Packard Enterprise (HPE), within both enterprise and midsize business accounts.

We all know that nothing in the world of technology stands still. The computing industry has significantly evolved over the last twenty years, with newer technologies enabling enterprises to reimagine how their businesses can benefit from IT. Recently, Intel announced that IPMI will be set for end of life. That means companies that have based the way they manage servers with IPMI must now look for an alternative. Luckily, such an alternative exists in the form of Distributed Management Task Force (DMTF) Redfish®, an industry standard API designed to deliver simple and secure management for converged, hybrid IT, and Software Defined Data Center (SDDC).

Watch this video to learn more:

Secure management for the scalable data center

The Redfish API ecosystem delivers secure management of today’s scalable data center hardware—delivering all that IPMI does and more. It’s an open, industry-standard specification schema that enables companies to integrate solutions within their existing tools. iLO RESTful API, supported on HPE ProLiant Gen10 servers, enables companies to gain even more capabilities that go beyond scripting. By leveraging Redfish API, conformance IT managers can oversee the complete server lifecycle to perform secure, remote server provisioning, configuration, inventory and monitoring to industry standards.

In today's world, with applications and data that create and run our enterprises living in multiple locations, IT security, including governance, compliance and controls, is of paramount importance. Cybersecurity Ventures predicts that cybercrime will cost the world $6.0 trillion annually by 2021, doubling from $3.0 trilion in 2015. This represents the greatest transfer of economic wealth in history, and is even more profitable than the global trade of all major illegal drugs combined. (1) Until  now, the focus of IT security has been on protecting software and networks, but with the rise in firmware attacks, corporations and cybersecurity companies are now paying more attention to the hardware threat.

With IPMI set to end of life, companies should look to a more secure solution that provides all the great capabilities of IPMI, without the security risk. In the past, attacks were at the operating system level, but as threats have evolved, we are starting to see more attacks at the firmware and hardware level where IPMI vulnerabilities are much more exploitable. According to the National Cybersecurity and Communication Integration Center (NCCIC), IPMI attackers can leverage IPMI to get physical-level access to servers. Some issues identified include:

  • Passwords for IPMI authentication are saved in clear text.
  • Knowledge of one IPMI password gives you the password for all computers in the IPMI managed group.
  • Root access on an IPMI system grants complete control over hardware, software, firmware on the system.
  • BMCs often run excess and older network services that may be vulnerable.
  • IPMI access may also grant remote console access to the system, resulting in access to the BIOS.
  • There are few, if any, monitoring tools available to detect if the BMC is compromised.
  • Certain types of traffic to and from the BMC are not encrypted.
  • There is unclear documentation on how to sanitize IPMI passwords without destruction of the motherboard.  

Interested in learning more about how DMTF Redfish and iLO RESTful API help address server management in a secure environment.? Visit the RESTful Interface Tool.

(1) 2017 Cybercrime Report, Cybersecurity Ventures, October 2017, Steve Morgan


Ruben-Ramirez_1024px_B290035.jpg

Meet Ruben Ramirez, WW Product Marketing Manager, HPE

Ruben is the product marketing lead for server software and security at Hewlett Packard Enterprise. He is responsible for messaging and bringing HPE security technologies to market—while providing a comprehensive view across server management, security, and artificial intelligence.

 

About the Author

ServerExperts

Our team of Hewlett Packard Enterprise server experts helps you to dive deep into relevant infrastructure topics.

Events
Read for dates
HPE Webinars - 2019
Find out about this year's live broadcasts and on-demand webinars.
Read more
Read for dates
HPE at 2019 Technology Events
Learn about the technology events where Hewlett Packard Enterprise will have a presence in 2019.
Read more
View all