Service Processor Management
What is a Service Processor?
A service processor is a separate, dedicated internal processor located on the motherboard of a server, a PCI card, or on the chassis of a blade server or telecommunications platform. It operates independently from the server’s CPU and operating system (OS), even if the CPU or OS is locked up or otherwise inaccessible.
Service processors monitor a server’s on-board instrumentation (temperature sensors, CPU status, fan speed, voltages), provide remote reset or power-cycle capabilities, enable remote access to basic input/output system (BIOS) configuration or OS console information, and, in some cases, provide keyboard and mouse control.
Depending on the manufacturer, service processors may also provide console redirection capabilities to view server processes or to configure server parameters, system information on components installed, including ports used and devices connected, and event logs, notifications and alarms.
Some leading service processor technologies include:
- Intelligent Platform Management Interface (IPMI)
- HP Integrated Lights Out (iLO)
- IBM® Remote Supervisor Adapter (RSA)
- Dell Remote Assistant Card (DRAC)
- Sun Advanced Lights Out Management (ALOM)
- Sun Integrated Lights Out Management (ILOM)
Service processors are accessible through either a dedicated Ethernet interface (out-of-band) or a shared data Ethernet interface (sideband).Features
The feature set of service processors varies depending on the service processor type.
Nevertheless, there are some features common to all service processors. All service processors provide remote power control (on/off/cycle/status) and enable remote console access via Serial over LAN (SoL). Depending on the service processor type, however, they can also provide more advanced functionality, such as server health monitoring (fan speed and status, temperature, voltages), graceful (OS-level) shutdown capabilities, remote keyboard, video and mouse (KVM) and Virtual Media capabilities. These features are discussed in more detail below.
- Remote power control – Servers can be remotely powered off, on, or cycled through service processors. This is one of the most useful features of service processors. Remote power control is used to restore servers that are locked up, to power down overheated servers, or any other function that requires low-level interaction with the server.
- Graceful shutdown support – Certain service processors support a remote power control command that actually sends a signal to the server OS to shut down gracefully before actually power cycling or turning off the server. This prevents the possible effects of a “brute force” power cycle or shutdown, such as data corruption in the server hard drives and other undesirable outcomes.
- Remote SoL console access – The server console can be accessed through the Ethernet interface of its service processor by using a standard telnet or SSH client in the same way it would be available through a regular serial port. If the server supports BIOS redirection to the serial port (which is usually the case with servers equipped with service processors), a user can have full access to the server console from the time it is booted up, through the BIOS and all the way up to the OS login prompt. This is very useful for remote troubleshooting.
- Health monitoring – Service processors communicate with the appropriate sensor hardware in the server (e.g., fan speed monitors, voltage meters and temperature readers) to access and monitor vital server statistics so that server problems can be detected quickly. The health information can be stored on the server, sent to a remote storage device or communicated directly to the user workstation.
- Remote ID LED control – Service processors allow the administrator to turn on or off the server’s ID LED, which can be used to identify a specific server in a rack of multiple similar servers. This is especially useful when maintenance is needed on a server and the local technician who has physical access to the server does not have access to server information. In that case, the administrator can turn on the ID LED to visually designate for the local technician which server needs maintenance.
- Local and server-based authentication – In order to access the service processor features, a user needs to log in to it first. The user database is usually stored locally in the service processor. Some service processors can also communicate with central authentication server mechanisms, such as LDAP and Active Directory.
- Data encryption – The communication between the service processor and the user may be encrypted if the service processor supports communication protocols that allow for encryption, such as Secure Shell (SSH) or Secure Socket Layer (SSL). Most recent service processors support some level of data encryption.
- System event log (SEL) – Service processors can store information about events related to the server hardware, such as chassis opening and closing, hard drive functional alarms, RAM test errors and so on. Those event logs can then be verified by the server administrators directly, or be used as the source for automated alerts.
- Platform Event Traps (PET) – Service processors can be programmed with information about critical thresholds for server environmental variables, such as the maximum operating temperature, minimum CPU fan speed, etc. Based on those thresholds, it can then send out alerts (traps) to a management system, usually in SNMP format, so that the server administrator can take immediate action to remediate the issue at hand.
- Data logging – Some service processors provide the ability to log the data flowing through the server’s serial console, regardless of whether there is a user directly connected to that session at that time. This enables administrators to review the history of events that happened to the server before a certain issue occurred, providing a useful audit trail for change tracking and troubleshooting.Virtual KVM – This is similar to the SoL feature, but instead of exposing the server’s text-based serial console to the user, Virtual KVM provides access to the server’s GUI. This is especially important for operating systems that rely heavily on their GUIs, such as Windows
- Virtual Media – Certain service processors allow the server to access storage media such as CD-ROMs, floppy disks and even DVD-ROMs anywhere on the network - just as if they were directly attached to that server. This allows users to quickly move and copy data between their user workstations to the server (and vice versa), which is useful for emergency OS and application patch installations, as well as diagnostic testing and BIOS upgrades. Virtual Media along with Virtual KVM enable a true lights-out management experience using the interfaces and tools that users are already accustomed to in their daily routine.
Most of the features provided by service processors are not new, as many of these features are available in some shape or form through other remote management solutions, such as console servers, KVM switches, IPDUs, etc. The obvious question, therefore, is: what new benefits do service processors provide?
All the benefits provided by remote out-of-band management tools are available through service processors – lower mean time to repair (MTTR), operating cost savings and improved asset productivity. However, the key difference is that in the case of service processors the complete feature set needed to reap those benefits is already included in the server, and is accessible through a single interface. Moreover, the single interface is Ethernet, the most ubiquitous network interface in the IT marketplace. This greatly simplifies the deployment of the remote server management infrastructure, making it easier for IT managers to take advantage of these technologies. Additionally, the fact that service processors are embedded inside the server provides more granular and thorough visibility of the server’s status, which allows for proactive and preventive management, as well as greater control of the overall server infrastructure. Features such as hardware environmental monitoring and platform event traps are a direct result of the internal presence of service processors in the server.Challenges
The demand for remote lights-out management has been increasing significantly due to the general dynamics of the IT industry – demand for data center consolidation, lower facility costs and outsourcing often physically separates data centers from the people who manage them. In addition, data centers are becoming uninhabitable due to environmental conditions, such as temperature, noise levels and other factors.
At the same time, service processors are widely deployed in these environments, since the vast majority of servers purchased in the past three years includes some form of embedded service processor. According to estimates from leading server manufacturers Dell, HP, IBM and Sun, approximately 9 million servers with service processors were shipped in 2005. It has been estimated that this figure will grow to 13 million servers in 2006. It should be the perfect marriage between demand and supply, especially considering that the investment in the service processors needed for remote server management has already been made.
However, service processor adoption has been slow. In spite of all the benefits service processors provide, IT managers are still leaving them unplugged or disabled, not taking advantage of an asset that can provide the exact capabilities they are looking for. The same leading server manufacturers estimate that by the end of 2005, only 1.4 million of the available service processors in the market were being utilized, with an estimated total of 2.2 million used by the end of 2006.
Mainstream adoption of service processors has been hampered by a number of factors. Server vendors are reluctant to adhere to a standard service processor interface such as IPMI, because of its perceived limitations. In fact, most server vendors include IPMI in their platforms, but hide it behind proprietary service processor firmware extensions and bundled management solutions. These vendor-specific features only support their own servers and fail to work with products from other vendors.
To add to that issue, many enterprises are completely unaware of the potential power of service processors; and even when they are aware, specific concerns about how to integrate service processors into their existing management framework prevent their adoption. Some are simply encumbered by compatibility concerns, cost issues and the lack of centralized management, while others are hampered by security and functionality concerns.
- Service processors require an extra Ethernet connection and IP address per server, which translates into extra costs. These costs do not only arise from the need to have an additional Ethernet switch port available, but also from maintenance of that connection in accordance to the company’s policies. This issue only affects service processors that require a dedicated Ethernet port.
- Lack of proper authentication, authorization and accounting (AAA) security support built in to service processors, which prevents integration and compliance with existing security mechanisms and policies. The exception to this rule is HP’s iLO.
- Specifically for sideband deployments, IPMI comes disabled in the server, due to security concerns. In order to enable IPMI in that server, the IT manager would need to either access the server BIOS or PXE boot the server with a specific OS image that contains the proper BIOS configuration commands. This is a challenging task, especially in large environments with many servers already deployed.
- Lack of a discovery mechanism for service processor capabilities already deployed, which prevents IT managers from taking immediate advantage of service processors already present and available in their IT environment.
- Consolidation tools for multiple servers are either vendor-specific or do not offer enough features, which causes interoperability and scalability issues in service processor adoption.
- Integration of service processor management into the existing management framework is hard, due to the lack of standardization and the limitations of vendor-specific tools. Also service processors do not integrate with existing remote server management tools such as console servers and KVM switches.
Avocent offers industry-first server management solutions that will help IT organizations leverage the service processor technologies already present in their servers, enabling reduced operational costs and faster troubleshooting and problem resolution through proactive monitoring and maintenance of server health. For companies that need to achieve optimum service levels with fewer staff resources, Avocent’s server management solutions are the best way to fully capitalize on the service processor technologies present in today’s servers. Click for more