Information Technology professionals commonly use network management tools for monitoring and restoring the operation of network nodes such as computer servers, network appliances, security appliances, storage devices, and telecommunication equipment. These typical network management tools permit the IT professional to manage and restore the operations of the network nodes remotely. Typically, these network management tools are divided in two categories: in-band management tools and out-of-band management tools. An in-band management tool communicates with the managed network node using the same network interface utilized by the node for connection to the data network. An out-of-band management tool communicates with the managed network node using a separate access media (such as a serial console port) that is used exclusively for management. The out-of-band management tool permits the supervisor to access the managed network nodes even when the network nodes lose network connectivity.
The in-band management tools use network protocols, such as Simple Network Management Protocol (SNMP), which are commonly used to manage large networks. Several examples of commercial in-band management tools using the network protocols are the HP® Open View, IBM® Tivoli, BMC® Patrol, and CA® Unicenter products. However, these in-band tools become ineffective whenever the data network associated with the network nodes fails or a managed device loses network connectivity. Thus, these in-band network management tools leave network administrators in a deadlock position (e.g., the device fails and brings the data network down and the IT professional cannot reach the device because the data network is down). Examples of common causes of the deadlock position include software crashes, configuration errors, hardware malfunctions caused by power surges, need to upgrade firmware and/or network failures. Thus, failures that cause the network node to be disconnected from the data network require a human operator to travel to the location of the network node so that the human operator can interact with the piece of failing equipment through a terminal directly connected to a management port or actuate physical control switches to restore functionality of the failing equipment. The need to have a human operator travel to the location of the network node is expensive, causes a great amount of time to be spent by the human operator, and incurs business losses by causing long data network downtime.
To overcome this limitation of in-band network management tools, systems were created that enable the remote access to the out-of-band management ports and other control functions of the network node, such as power-cycling, monitoring of temperature and other health indicators, without the need for a human operator to physically travel to the location where the incident occurred. Typically, the physical interfaces for out-of-band access include serial consoles, KVM ports, power circuits, temperature and humidity probes and/or remote actuators. Examples of monitoring and access systems that provide remote access to those physical interfaces include Console Servers, KVM Switches, and Intelligent Power Distribution Units. While effective, building an alternative, independent network using different connection media for out-of-band access increases the cost of building a data center.
In an effort to standardize the physical interfaces and reduce the cost of out-of-band access, server and telecommunication hardware manufacturers started to install service processors into hardware platforms such as stand-alone server motherboards, telecommunications chassis, and blade computers. Service processors, sometimes also called Baseboard Management Cards (BMCs) can take the form of a small processor embedded into the system motherboard of a stand-alone server, an add-on daughter card, or a more sophisticated management module installed in a large system such as a blade computer or telecommunication system chassis. The service processor is designed to remain active and accessible even when modules of the host equipment lock up or otherwise become disconnected from the data network due to a configuration error, hardware or software failure. Service processors may support functionality such as remote power cycling, remote diagnostics, sensor reading, system reset, system console and KVM access.
An industry consortium has developed a standard interface called Intelligent Platform Management Interface (IPMI) for communication with service processors. Other vendors have created similar proprietary interfaces. For example, HP® has its Integrated Lights-Out (iLO) interface and Sun Microsystems® has its Advanced Lights Out Module (ALOM) interface. More sophisticated service processors may support a variety of other interfaces and network protocols. The protocols for these interfaces are well known. These out-of-band management interfaces define a protocol above TCP/IP and utilize common Ethernet media for transport of the management information. Ethernet media was selected by the designers of those systems for its compatibility with structured cabling systems already deployed in large data centers and to facilitate the deployment and use of server processor technology.
Service Processors can in some cases share the same Ethernet port used for connection of the network node with the data network (this is sometimes called “side-band” connection). Sharing of the same network connection to the data network is not a good solution because it defeats the original purpose of offering remote access when data network connectivity is lost. Therefore most service processors are deployed with an Ethernet port that is dedicated for out-of-band management and is independent of the primary data network connection.
However, adoption of service processor technology has been slowed down by the high cost of deployment and the management overhead introduced by a second Ethernet connection per managed network node, an obstacle that had not been foreseen when that media was selected. For example, every device connected to the Ethernet switching system in a data network requires a unique network address (IP address in a TCP/IP network). Typically, the number of network addresses available for use by one organization is limited and doubling the need for network addresses poses a serious problem. Those network addresses must be managed and properly secured by setting and maintaining access policies in a firewall, tasks that increase network complexity and demand substantial amount of work and recurrent cost. The Ethernet LAN connections available in a typical data center are dimensioned for carrying data traffic and use switching equipment with far more capacity and bandwidth than required by the management application so that contributes to further increase the cost of deployment. By exposing the low-level management protocols used by service processors to the Ethernet switching systems, this architecture can also increase the vulnerability of out-of-band management systems to attacks by individuals trying to gain undue control over the systems.
So, cost of deployment and security concerns become prohibitive and a significant obstacle to the adoption of service processor technology. The evidence is that, even with a compelling set of features, support by major vendors in the industry, and several years of widespread availability, service processor architectures such as IPMI, iLO and ALOM have not yet been adopted as widely as expected when those architectures were proposed. Demand for external access and monitoring systems (console servers, KVM switches, intelligent power distribution units, etc) meant to be displaced by service processor technologies have continued to rise. Thus, there is a need for a service processor gateway system in accordance with the invention that overcomes these limitation of conventional systems and it is to this end that the present invention is directed.