Q: I’m concerned about the security implications of a web server constantly running in the background by default. Can I turn it off? Can you advise best practices?
A: IPMI is deeply integrated into the motherboard hardware, so there is no way to completely disable IPMI. The motherboard relies on the BMC for temperature monitoring, setting fan speeds, and logging serious hardware issues such as a faulty DIMM.
The easiest way to limit access to IPMI is to isolate it from your production VLAN, or leave the Ethernet cables on the motherboard unplugged. Beyond that, you can also change the default password, add user accounts, and close off ports on the firewall. SuperMicro has provided their recommended best practices in the following document:
BMC Security Best Practices
Related Articles
Default IPMI credentials
Q: What is the default username and password for IPMI? A: Both the default username and password are “ADMIN”, case-sensitive. You can change this default password after logging in with the default credentials.
Ensuring IPMI is active
Q: How do I know if IPMI is working? A: Most motherboards have an IPMI heartbeat LED that blinks slowly after IPMI has initialized. Other than that, the interface should respond to pings, and will have HTTP and HTTPS web interfaces running on ports ...
Firewall and port settings
Q: I can’t seem to get a connection to IPMI, regardless of the IP address settings being used. Do I need to open certain ports on my firewall? A: IPMI needs additional ports opened to access various services. The ports will vary depending on your ...
Introduction to IPMI
Q: What is IPMI? A: IPMI stands for Intelligent Platform Management Interface. It is in essence a web server that runs internally on your motherboard, powered by a separate ARM-based chip, also known as the baseboard management controller (BMC). The ...
Frequently Asked Questions: Setting Up IPMI
Frequently Asked Questions: Setting Up IPMI Q: What is IPMI? A: IPMI stands for Intelligent Platform Management Interface. It is in essence a web server that runs internally on your motherboard, powered by a separate chip known as the baseboard ...