2025-10-07 –, Main
This presentation presents a secure alternative to the IPMI lanplus protocol for remote server management, employing an HTTPS interface with WebSocket technology. This design eliminates the need to store plaintext passwords on the BMC, thus mitigating credential leakage risks, and this presentation will demonstrate how this enables completely password-free access to the BMC. By integrating IPMI command passthrough into the bmcweb Redfish implementation, the design reuses Redfish session authentication and privilege models, enabling advanced authentication methods like mutual TLS and SSO. Performance evaluations show that this binary protocol over HTTPS-WebSocket matches native lanplus speed while improving security. The modifications to ipmitool, bmcweb, and ipmid provide a practical, secure, and scalable remote server management solution.
The design doc and the implementation are open-sourced and submitted to OpenBMC and ipmitool for review.
Lei Yu is the firmware architect at ByteDance, bringing extensive expertise in OpenBMC community contributions and complex system design. With years of hands-on experience, he is dedicated to enhancing system reliability, increasing observability, and simplifying architectures to improve usability for Site Reliability Engineers (SREs). Lei is passionate about driving innovations that make firmware and system management more transparent, efficient, and robust, ultimately enabling smoother operations and faster issue resolution.