Remote Management Module
Overview
The integrated BMC has support for basic and advanced server management features.
Basic management features are available by default. Advanced management features
are enabled with the addition of an optionally installed Remote Management Module
4 Lite key (AXXRMM4LITE2).
When the BMC FW initializes, it attempts to access the Intel® RMM4 Lite. If the
attempt to access Intel® RMM4 Lite is successful, then the BMC activates the Advanced
features.
The following table identifies both Basic and Advanced server management features.
Dedicated Management Port
The server board includes a dedicated 1GbE RJ45 Management Port. The management
port is active with or without the RMM4 Lite key installed.
Embedded Web Server
BMC Base manageability provides an embedded web server and an OEM-customizable web
GUI which exposes the manageability features of the BMC base feature set. It is
supported over all on-board NICs that have management connectivity to the BMC as
well as an optional dedicated add-in management NIC. At least two concurrent web
sessions from up to two different users is supported. The embedded web user interface
shall support the following client web browsers:
- Microsoft Internet Explorer*
- Mozilla Firefox*
The embedded web user interface supports strong security (authentication, encryption,
and firewall support) since it enables remote server configuration and control.
The user interface presented by the embedded web user interface, shall authenticate
the user before allowing a web session to be initiated. Encryption using 128-bit
SSL is supported. User authentication is based on user id and password.
The GUI presented by the embedded web server authenticates the user before allowing
a web session to be initiated. It presents all functions to all users but grays-out
those functions that the user does not have privilege to execute. For example, if
a user does not have privilege to power control, then the item shall be displayed
in grey-out font in that user’s UI display. The web GUI also provides a launch point
for some of the advanced features, such as KVM and media redirection. These features
are grayed out in the GUI unless the system has been updated to support these advanced
features. The embedded web server only displays US English or Chinese language output.
Additional features supported by the web GUI includes:
- Presents all the Basic features to the users
- Power on/off/reset the server and view current power state
- Displays BIOS, BMC, ME and SDR version information
- Display overall system health
- Configuration of various IPMI over LAN parameters for both IPV4 and IPV6
- Configuration of alerting (SNMP and SMTP)
- Display system asset information for the product, board, and chassis
- Display of BMC-owned sensors (name, status, current reading, enabled thresholds),
including colorcode status of sensors
- Provides ability to filter sensors based on sensor type (Voltage, Temperature, Fan
and Power supply related)
- Automatic refresh of sensor data with a configurable refresh rate
- On-line help
- Display/clear SEL (display is in easily understandable human readable format)
- Supports major industry-standard browsers (Microsoft Internet Explorer* and Mozilla
Firefox*)
- TAutomatic time-out of the GUI session after a user-configurable inactivity period
(30 minutes, by default)
- Embedded Platform Debug feature - Allow the user to initiate a "debug dump" to a
file that can be sent to Intel for debug purposes
- A Virtual Front Panel provides the same functionality as the local front panel.
The displayed LEDs match the current state of the local panel LEDs. The displayed
buttons (for example, power button) can be used in the same manner as the local
buttons
- Display of ME sensor data. Only sensors that have associated SDRs loaded will be
displayed
- Ability to save the SEL to a file
- Ability to force HTTPS connectivity for greater security. This is provided through
a configuration option in the UI
- Display of processor and memory information as is available over IPMI over LAN
- Ability to get and set Node Manager (NM) power policies
- Display of power consumed by the server
- Ability to view and configure VLAN settings
- Warn user the reconfiguration of IP address will cause disconnect
- Capability to block logins for a period of time after several consecutive failed
login attempts. The lock-out period and the number of failed logins that initiates
the lock-out period are configurable by the user
- Server Power Control – Ability to force into Setup on a reset
- System POST results – The web server provides the system’s Power-On Self Test (POST)
sequence for the previous two boot cycles, including timestamps. The timestamps
may be viewed in relative to the start of POST or the previous POST code
- Customizable ports – The web server provides the ability to customize the port numbers
used for SMASH, http, https, KVM, secure KVM, remote media, and secure remote media
Advanced Management Feature Support (RMM4 Lite)
The integrated baseboard management controller has support for advanced management
features which are enabled when an optional Intel® Remote Management Module 4 Lite
(RMM4 Lite) is installed. The Intel RMM4 add-on offers convenient, remote KVM access
and control through LAN and internet. It captures, digitizes, and compresses video
and transmits it with keyboard and mouse signals to and from a remote computer.
Remote access and control software runs in the integrated baseboard management controller,
utilizing expanded capabilities enabled by the Intel RMM4 (AXXRMM4LITE2) hardware.
Key Features of the RMM4 add-on are:
- KVM redirection from either the dedicated management NIC or the server board NICs
used for management traffic; upto to two KVM sessions
- Media Redirection – The media redirection feature is intended to allow system administrators
or users to mount a remote IDE or USB CDROM, floppy drive, or a USB flash disk as
a remote device to the server. Once mounted, the remote device appears just like
a local device to the server allowing system administrators or users to install
software (including operating systems), copy files, update BIOS, or boot the server
from this device
- KVM – Automatically senses video resolution for best possible screen capture, high
performance mouse tracking and synchronization. It allows remote viewing and configuration
in pre-boot POST and BIOS setup
Keyboard, Video, Mouse (KVM) Redirection
The BMC firmware supports keyboard, video, and mouse redirection (KVM) over LAN.
This feature is available remotely from the embedded web server as a Java applet.
This feature is only enabled when the Intel® RMM4 lite is present. The client system
must have a Java Runtime Environment (JRE) version 6.0 or later to run the KVM or
media redirection applets.
The BMC supports an embedded KVM application (Remote Console) that can be launched
from the embedded web server from a remote console. USB1.1 or USB 2.0 based mouse
and keyboard redirection are supported. It is also possible to use the KVM-redirection
(KVM-r) session concurrently with media-redirection (media-r). This feature allows
a user to interactively use the keyboard, video, and mouse (KVM) functions of the
remote server as if the user were physically at the managed server. KVM redirection
console supports the following keyboard layouts: English, Dutch, French, German,
Italian, Russian, and Spanish.
KVM redirection includes a "soft keyboard" function. The "soft keyboard" is used
to simulate an entire keyboard that is connected to the remote system. The "soft
keyboard" functionality supports the following layouts: English, Dutch, French,
German, Italian, Russian, and Spanish.
The KVM-redirection feature automatically senses video resolution for best possible
screen capture and provides high-performance mouse tracking and synchronization.
It allows remote viewing and configuration in pre-boot POST and BIOS setup, once
BIOS has initialized video.
Other attributes of this feature include:
- Encryption of the redirected screen, keyboard, and mouse
- Compression of the redirected screen
- Ability to select a mouse configuration based on the OS type
- Supports user definable keyboard macros
KVM redirection feature supports the following resolutions and refresh rates:
- 640x480 at 60Hz, 72Hz, 75Hz, 85Hz
- 800x600 at 60Hz, 72Hz, 75Hz, 85Hz
- 1024x768 at 60Hx, 72Hz, 75Hz, 85Hz
- 1152x864 at 75Hz
- 1280x800 at 60Hz
- 1280x1024 at 60Hz
- 1440x900 at 60Hz
- 1600x1200 at 60Hz
Remote Console
The Remote Console is the redirected screen, keyboard and mouse of the remote host
system. To use the Remote Console window of your managed host system, the browser
must include a Java* Runtime Environment plug-in. If the browser has no Java support,
such as with a small handheld device, the user can maintain the remote host system
using the administration forms displayed by the browser.
The Remote Console window is a Java Applet that establishes TCP connections to the
BMC. The protocol that is run over these connections is a unique KVM protocol and
not HTTP or HTTPS. This protocol uses ports #7578 for KVM, #5120 for CDROM media
redirection, and #5123 for Floppy/USB media redirection. When encryption is enabled,
the protocol uses ports #7582 for KVM, #5124 for CDROM media redirection, and #5127
for Floppy/USB media redirection. The local network environment must permit these
connections to be made, that is, the firewall and, in case of a private internal
network, the NAT (Network Address Translation) settings have to be configured accordingly.
Performance
The remote display accurately represents the local display. The feature adapts to
changes to the video resolution of the local display and continues to work smoothly
when the system transitions from graphics to text or vice-versa. The responsiveness
may be slightly delayed depending on the bandwidth and latency of the network.
Enabling KVM and/or media encryption will degrade performance. Enabling video compression
provides the fastest response while disabling compression provides better video
quality.
For the best possible KVM performance, a 2Mb/sec link or higher is recommended.
The redirection of KVM over IP is performed in parallel with the local KVM without
affecting the local KVM operation.
Security
The KVM redirection feature supports multiple encryption algorithms, including RC4
and AES. The actual algorithm that is used is negotiated with the client based on
the client’s capabilities.
Availability
The remote KVM session is available even when the server is powered-off (in stand-by
mode). No re-start of the remote KVM session shall be required during a server reset
or power on/off. A BMC reset (for example, due to an BMC Watchdog initiated reset
or BMC reset after BMC FW update) will require the session to be reestablished.
KVM sessions persist across system reset, but not across an AC power loss.
Usage
As the server is powered up, the remote KVM session displays the complete BIOS boot
process. The user is able interact with BIOS setup, change and save settings as
well as enter and interact with option ROM configuration screens.
At least two concurrent remote KVM sessions are supported. It is possible for at
least two different users to connect to same server and start remote KVM sessions.
Force-enter BIOS Setup
KVM redirection can present an option to force-enter BIOS Setup. This enables the
system to enter F2 setup while booting which is often missed by the time the remote
console redirects the video.
Media Redirection
The embedded web server provides a Java applet to enable remote media redirection.
This may be used in conjunction with the remote KVM feature, or as a standalone
applet.
The media redirection feature is intended to allow system administrators or users
to mount a remote IDE or USB CD-ROM, floppy drive, or a USB flash disk as a remote
device to the server. Once mounted, the remote device appears just like a local
device to the server, allowing system administrators or users to install software
(including operating systems), copy files, update BIOS, and so on, or boot the server
from this device.
The following capabilities are supported:
- The operation of remotely mounted devices is independent of the local devices on
the server. Both remote and local devices are useable in parallel.
- Either IDE (CD-ROM, floppy) or USB devices can be mounted as a remote device to
the server.
- It is possible to boot all supported operating systems from the remotely mounted
device and to boot from disk IMAGE (*.IMG) and CD-ROM or DVD-ROM ISO files. See
the Tested/supported Operating System List for more information.
- Media redirection supports redirection for both a virtual CD device and a virtual
Floppy/USB device concurrently. The CD device may be either a local CD drive or
else an ISO image file; the Floppy/USB device may be a local Floppy drive, a local
USB device, or a disk image file.
- The media redirection feature supports multiple encryption algorithms, including
RC4 and AES. The actual algorithm that is used is negotiated with the client based
on the client’s capabilities.
- A remote media session is maintained even when the server is powered-off (in standby
mode). No restart of the remote media session is required during a server reset
or power on/off. An BMC reset (for example, due to an BMC reset after BMC FW update)
will require the session to be re-established
- The mounted device is visible to (and useable by) managed system’s OS and BIOS in
both pre-boot and post-boot states.
- The mounted device shows up in the BIOS boot order and it is possible to change
the BIOS boot order to boot from this remote device.
- It is possible to install an operating system on a bare metal server (no OS present)
using the remotely mounted device. This may also require the use of KVM-r to configure
the OS during install.
USB storage devices will appear as floppy disks over media redirection. This allows
for the installation of device drivers during OS installation.
If either a virtual IDE or virtual floppy device is remotely attached during system
boot, both the virtual IDE and virtual floppy are presented as bootable devices.
It is not possible to present only a single-mounted device type to the system BIOS.
Availability
The default inactivity timeout is 30 minutes and is not user-configurable. Media
redirection sessions persist across system reset but not across an AC power loss
or BMC reset.
Network Port Usage
The KVM and media redirection features use the following ports:
- 5120 – CD Redirection
- 5123 – FD Redirection
- 5124 – CD Redirection (Secure)
- 5127 – FD Redirection (Secure)
- 7578 – Video Redirection
- 7582 – Video Redirection (Secure)