Blog
IPMI and iDRAC Physical Server Monitoring Guide
Server Management

IPMI and iDRAC Physical Server Monitoring Guide

Remotely manage your physical server with IPMI and iDRAC: hardware monitoring, remote console, power control, and out-of-band management guide.

E

Elif Demir

Cloud Solutions Architect

March 20, 202612 min read0

Your physical server is locked up, the operating system is unresponsive, and SSH connections fail - what do you do if you have no physical access to the data center? IPMI and iDRAC out-of-band (OOB) management technologies allow you to manage your server remotely, independent of the operating system: power on/off, BIOS configuration, hardware sensor monitoring, and remote console access. In this guide, we cover the OOB management concept, the differences between IPMI/iDRAC/iLO, and practical usage steps.

What Is Out-of-Band Management?

Server management falls into two main categories: in-band (through the operating system - SSH, RDP) and out-of-band (OOB - independent of the OS, at the hardware level). In-band management works as long as the OS is running; however, access is completely lost in situations like kernel panic, disk failure, or network misconfiguration.

OOB management works through the BMC (Baseboard Management Controller), an independent microcontroller on the motherboard. The BMC has its own processor, memory, and network connection; it remains active even when the server is powered off (standby power is sufficient). This allows you to remotely power the server on and off, access the BIOS, read sensor data, and install an operating system via the virtual console.

💡 Tip: OOB management is critically important for colocated or rented servers where you have no physical access to the data center. Instead of submitting an intervention request to the data center when your server is unresponsive, you can intervene within seconds through the OOB interface.

IPMI, iDRAC and iLO Comparison

IPMI (Intelligent Platform Management Interface) is an open standard defined by Intel (current version: IPMI 2.0). All major server manufacturers support this standard. iDRAC (Integrated Dell Remote Access Controller) and iLO (Integrated Lights-Out) are proprietary solutions built on top of IPMI by Dell and HPE respectively, offering additional features. Manufacturers like Supermicro typically use the standard IPMI web interface.

Feature IPMI 2.0 (Standard) Dell iDRAC 9 HPE iLO 6
Type Open standard (Intel) Proprietary (Dell) Proprietary (HPE)
Web Interface Basic (varies by manufacturer) Advanced HTML5 console Advanced HTML5 console
Remote Console SOL (Serial over LAN) Virtual Console (HTML5/Java) Integrated Remote Console
Virtual Media Limited ISO mount, NFS/CIFS share ISO mount, URL-based media
API Support ipmitool CLI Redfish REST API + racadm CLI Redfish REST API + iLO RESTful API
Licensing Model Free (included with hardware) Express (free) / Enterprise (paid) Standard (free) / Advanced (paid)
Firmware Update Manual Automatic (Dell Repository) Automatic (SPP)

In short: IPMI is sufficient for basic hardware management; iDRAC and iLO offer additional layers such as advanced web interfaces, automation APIs, and firmware management. Which solution you use depends on your server manufacturer - Dell servers come with iDRAC, HPE servers with iLO, and Supermicro and others with the standard IPMI interface. For more technical details, you can refer to the Intel IPMI specification.

Key Features and Use Cases

The core capabilities offered by OOB management tools allow you to perform virtually all physical server operations remotely. Here are the most critical features:

  • Power Control (Power Management) Remotely power on, power off, reboot, and power cycle the server. You can perform a hard reset when the OS is locked up.
  • Remote Console (KVM) View the server's screen output through a browser and control keyboard/mouse. Provides access to BIOS settings, OS installation, and the ability to diagnose boot issues.
  • Hardware Sensor Monitoring Real-time monitoring of hardware metrics such as CPU/system temperature, fan speeds, voltage levels, power consumption, and disk status. Sends automatic alerts when threshold values are exceeded.
  • Virtual Media Remotely mount an ISO file to install an operating system or boot a recovery disk. No need to physically plug in a USB drive.
  • Event Logs (SEL - System Event Log) Permanently records hardware events (disk failure, memory error, temperature warning, power outage). A critical data source for troubleshooting and root cause analysis.

Command-Line Management with ipmitool

ipmitool is the standard command-line tool that works on all IPMI-compatible servers. It can be used both locally (on the server) and remotely (over the network, with the -I lanplus parameter). Below you can find the most commonly used commands.

Installation and Connection

terminal - ipmitool installation and connection
# Debian/Ubuntu installation
sudo apt install ipmitool -y

# RHEL/CentOS installation
sudo dnf install ipmitool -y

# Local usage (on the server)
sudo ipmitool chassis status

# Connect to remote server (over LAN)
ipmitool -I lanplus -H 10.0.1.100 -U admin -P password chassis status

Power Control Commands

terminal - power management
# Query current power status
ipmitool -I lanplus -H 10.0.1.100 -U admin -P password power status
# Output: Chassis Power is on

# Power off the server (not graceful shutdown - hard power off)
ipmitool -I lanplus -H 10.0.1.100 -U admin -P password power off

# Power on the server
ipmitool -I lanplus -H 10.0.1.100 -U admin -P password power on

# Power cycle (power off and back on)
ipmitool -I lanplus -H 10.0.1.100 -U admin -P password power cycle

# Hard reset (when OS is unresponsive)
ipmitool -I lanplus -H 10.0.1.100 -U admin -P password power reset

⚠️ Important Warning: The power off and power reset commands do not send a signal to the operating system - they cut power directly at the hardware level. To prevent data loss, try shutdown through the OS first; only use IPMI power commands when the OS is unresponsive.

Sensor and Event Log Commands

terminal - sensor monitoring and SEL
# List all sensors (temperature, fan, voltage)
ipmitool -I lanplus -H 10.0.1.100 -U admin -P password sensor list

# Query a specific sensor
ipmitool -I lanplus -H 10.0.1.100 -U admin -P password sensor get "CPU Temp"

# View System Event Log (SEL) records
ipmitool -I lanplus -H 10.0.1.100 -U admin -P password sel list

# Summarize SEL information (total records, capacity)
ipmitool -I lanplus -H 10.0.1.100 -U admin -P password sel info

# Clear SEL log (new events won't be recorded if full)
ipmitool -I lanplus -H 10.0.1.100 -U admin -P password sel clear

Network and User Configuration

terminal - BMC network and user settings
# View BMC network configuration
sudo ipmitool lan print 1

# Assign static IP
sudo ipmitool lan set 1 ipsrc static
sudo ipmitool lan set 1 ipaddr 10.0.1.100
sudo ipmitool lan set 1 netmask 255.255.255.0
sudo ipmitool lan set 1 defgw ipaddr 10.0.1.1

# List users
sudo ipmitool user list 1

# Change user password (user ID 2)
sudo ipmitool user set password 2 "NewStrongPassword123!"

# Restart BMC (to apply configuration changes)
sudo ipmitool mc reset warm

For detailed explanations of all ipmitool commands, you can refer to the ipmitool man page. IPMI access is provided as standard on Hosted Cloud physical servers.

OOB Management Security

Since BMC/IPMI interfaces provide full hardware-level access to your server, they are one of the most critical attack surfaces from a security perspective. Historically, many BMC implementations have had serious security vulnerabilities. Make sure to implement the following measures:

  • Use a Separate Management VLAN Isolate BMC traffic from the production network physically or logically. Use the dedicated management port if available; otherwise, configure a separate VLAN. The BMC interface should never be exposed to the internet.
  • Change Default Passwords Immediately Many BMCs ship with well-known default credentials like "admin/admin" or "ADMIN/ADMIN". Assign strong, unique passwords during initial setup. If possible, disable the default "admin" user and create a new administrator account.
  • Keep Firmware Up to Date BMC firmware updates contain security patches. Regularly check manufacturer update channels for Dell iDRAC and HPE iLO. For Supermicro BMC, download firmware from the manufacturer's support page.
  • Disable Unused Services Disable protocols you don't use such as IPMI over LAN, SOL (Serial over LAN), SNMP, and HTTP. Enforce HTTPS on the web interface. Use IPMI 2.0 (lanplus) which offers encrypted communication instead of IPMI 1.5.
  • Access via VPN or Bastion Host Connect to the OOB management network through a VPN tunnel or bastion (jump) host instead of direct access. This layer significantly reduces the risk of unauthorized access. For more information, check out our SSH hardening guide.

For a comprehensive assessment of BMC security, we recommend reviewing Rapid7's IPMI security guide.

Frequently Asked Questions

What is the difference between IPMI and iDRAC?

IPMI is an open standard defined by Intel and supported by all manufacturers. iDRAC is Dell's proprietary solution built on top of IPMI; it offers additional features such as an advanced web interface, Redfish API, automatic firmware updates, and Lifecycle Controller.

Does the server need to be powered on for IPMI access?

No. The BMC is an independent microcontroller on the motherboard and remains active with standby power (as long as the power cable is plugged in). You can power on the server, read sensors, and configure the network via IPMI even when the server is completely powered off.

Is it safe to expose the IPMI interface to the internet?

Absolutely not. BMC interfaces have historically contained serious security vulnerabilities. Provide IPMI/iDRAC/iLO access only through an isolated management VLAN and behind a VPN/bastion host. A BMC directly exposed to the internet can lead to complete loss of control over your server.

Does Hosted Cloud provide IPMI access on physical servers?

Yes. IPMI/iDRAC access is provided as standard on Hosted Cloud dedicated servers. OOB management credentials (IP, username, password) are provided upon server delivery, and access is provided through a secure management network.

What is the difference between iDRAC Express and Enterprise?

iDRAC Express comes free and offers basic monitoring, power control, and alerting features. iDRAC Enterprise (paid license) adds HTML5 remote console, virtual media, vFlash SD card support, directory service integration (LDAP/AD), and advanced automation APIs.

Conclusion

Out-of-band management tools like IPMI and iDRAC are indispensable for physical server operations. Remote intervention when the operating system is unresponsive, proactive hardware sensor monitoring, OS installation via remote console, and root cause analysis through event logs - none of these are possible without OOB management. On the security side, keeping BMC interfaces on an isolated network, changing default passwords, and keeping firmware up to date are fundamental steps. Combined with backup strategies and RAID configuration, OOB management maximizes the reliability of your server infrastructure.

Physical Server with IPMI Access

Hosted Cloud dedicated servers come standard with IPMI/iDRAC access, NVMe SSD storage, RAID configuration, and 24/7 technical support.

View Dedicated Server Plans →
#guvenlik#rehber

Share

Twitter/X LinkedIn
E

Elif Demir

Cloud Solutions Architect

Specializing in enterprise cloud migration projects and hybrid infrastructure design with 8 years of experience in AWS, Azure, and private cloud environments.

Comments coming soon