White Papers
PAGE 24 OF 24
IPMI Out-of-Band Access Security
DRAC 5 implements IPMI version 2.0 which dramatically improved security over IPMI version 1.5.
IPMI out-of-band including IPMI over LAN and SOL can be disabled if these features are not used
in your environment.
Dell strongly recommends disabling the IPMI over LAN and SOL features if they are not required.
IPMI version 2.0 uses RMCP+ for authentication and encryption key exchange. The new
algorithms provide a more robust key exchange process for establishing sessions and
authenticating users.
The IPMI message includes SOL payload carried over RMCP+ which can be encrypted. This
option enables confidential remote configuration of parameters such as passwords and transfer of
sensitive payload data over SOL. Please see IPMI RMCP+ encryption section
for all supported
encryption algorithms.
IPMI authorization and access to a system can be restricted through connection level, channel
level privilege and user level privilege. Each channel, like IPMI LAN, can be limited to operate at
one of three different privilege levels: user, operator or administrator. Similarly, each user can be
created with any of these privileges for each channel. For example, when a particular channel is
limited to operator level, only operator level operations can be performed on that channel. Refer to
the IPMI version 2.0 specification for more details.