 |
This article needs additional citations for verification. Please help improve this articlebyadding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Out-of-band management" – news · newspapers · books · scholar · JSTOR (August 2023) (Learn how and when to remove this message) |
In systems management, out-of-band management (OOB; also lights-out managementorLOM) is a process for accessing and managing devices and infrastructure at remote locations through a separate management plane from the production network. OOB allows a system administrator to monitor and manage servers and other network-attached equipment by remote control regardless of whether the machine is powered on or whether an OS is installed or functional. It is contrasted to in-band management which requires the managed systems to be powered on and available over their operating system's networking facilities.
OOB can use dedicated management interfaces, serial ports, or cellular 4G and 5G networks for connectivity.
Out-of-band management is now considered an essential network component to ensure business continuity and many manufacturers have it as a product offering.
By contrast, in-band management through VNC or SSH is based on in-band connectivity (the usual network channel). It typically requires software that must be installed on the remote system being managed and only works after the operating system has been booted and networking is brought up. It does not allow management of remote network components independently of the current status of other network components. A classic example of this limitation is when a sysadmin attempts to reconfigure the network on a remote machine only to find themselves locked out and unable to fix the problem without physically going to the machine. Despite these limitations, in-band solutions are still common because they are simpler and much lower-cost.
A complete remote management system allows remote reboot, shutdown, powering on; hardware sensor monitoring (fan speed, power voltages, chassis intrusion, etc.); broadcasting of video output to remote terminals and receiving of input from remote keyboard and mouse (KVM over IP). It also can access local media like a DVD drive, or disk images, from the remote machine. If necessary, this allows one to perform remote installation of the operating system. Remote management can be used to adjust BIOS settings that may not be accessible after the operating system has already booted. Settings for hardware RAIDorRAM timings can also be adjusted as the management card needs no hard drives or main memory to operate.[1]
As management via serial port has traditionally been important on servers, a complete remote management system also allows interfacing with the server through a serial over LAN cable.
As sending monitor output through the network is bandwidth intensive, cards like AMI's MegaRAC use built-in video compression[2] (versions of VNC are often used in implementing this[3]). Devices like Dell DRAC also have a slot for a memory card where an administrator may keep server-related information independently from the main hard drive.
The remote system can be accessed either through an SSH command-line interface, specialized client software, or through various web-browser-based solutions.[4] Client software is usually optimized to manage multiple systems easily.
There are also various scaled-down versions, up to devices that only allow remote reboot by power cycling the server. This helps if the operating system hangs, but only needs a reboot to recover.
An older version of out-of-band management is a layout involving the availability of a separate network that allows network administrators to get command-line interface access over the console portsofnetwork equipment, even when those devices are not forwarding any payload traffic.
If a location has several network devices, a terminal server can provide access to different console ports for direct CLI access. In case there is only one or just a few network devices, some of them provide AUX ports making it possible to connect a dial-in modem for direct CLI access. The mentioned terminal server can often be accessed via a separate network that does not use managed switches and routers for a connection to the central site, or it has a modem connected via dial-in access through POTSorISDN.
Remote management can be enabled on many computers (not necessarily only servers) by adding a remote management card (while some cards only support a limited list of motherboards). Newer server motherboards often have built-in remote management and need no separate management card.
Internally, Ethernet-based out-of-band management can either use a dedicated separate Ethernet connection, or some kind of traffic multiplexing can be performed on the system's regular Ethernet connection. That way, a common Ethernet connection becomes shared between the computer's operating system and the integrated baseboard management controller (BMC), usually by configuring the network interface controller (NIC) to perform Remote Management Control Protocol (RMCP) ports filtering, use a separate MAC address, or to use a virtual LAN (VLAN). Thus, out-of-band nature of the management traffic is ensured in a shared-connection scenario, as the system configures the NIC to extract the management traffic from the incoming traffic flow on the hardware level, and to route it to the BMC before reaching the host and its operating system.[5]
Both in-band and out-of-band management are usually done through a network connection, but an out-of-band management card can use a physically separated network connector if preferred. A remote management card usually has at least a partially independent power supply and can switch the main machine on and off through the network. Because a special device is required for each machine, out-of-band management can be much more expensive.
Serial consoles are an in-between case: they are technically OOB as they do not require the primary network to be functioning for remote administration. However, without special hardware, a serial console cannot configure the UEFI (or BIOS) settings, reinstall the operating system remotely, or fix problems that prevent the system from booting.
