Lights out management for workstation machines?

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
Jul 19, 2020
51
20
8
I'm wondering what options might be available for lights-out management of workstation machines. Mainly what I mean by lights out management is the ability to power on/shut down/reboot the machine over the network without any involvement of the host OS (so it works when the OS is hung, crashed, etc.), coupled with the ability to poke at BIOS and bootloader settings (grub, etc.) to change settings, select a different OS to boot, etc. (as in remote desktop/KVM over IP without an OS running). It's common for servers to have some sort of integrated management controller that's separate from the host CPU to provide these kinds of features. More recently, Intel AMT/vPro I think can provide similar features, at least when not disabled by the mfr at the factory.

So, given a workstation machine that doesn't have an integrated LOM on the motherboard and has had AMT/vPro/MEB/MEBx disabled at the factory, are there any decent solutions for this type of functionality?

I have seen Teradici PCoIP cards available which seem like some sort of a hardware remote access solution, and some seem to have wires to connect to the power switch of the host system, does anyone familiar with these cards know if they could be used in this way?
 

Tom5051

Active Member
Jan 18, 2017
359
79
28
46
 

Stephan

Well-Known Member
Apr 21, 2017
929
706
93
Germany
You didn't mention the budget. Easiest: Dump/sell the machine or its motherboard+CPU+RAM, get something with an Aspeed 2400/2500/2600. vPro AMT is not a professional solution, can and will fail when you need it most. Like IP connectivity going AWOL.
 

i386

Well-Known Member
Mar 18, 2016
4,243
1,546
113
34
Germany

Tom5051

Active Member
Jan 18, 2017
359
79
28
46
If I was doing this and I didn't want to spend the $$ on server grade motherboards, I would get a KVM over IP device and if I wanted power and reset control, I would use an hobby grade micro controller board such as the ESP32 or an Arduino UNO with Ethernet, write a program to accept remote commands either via serial or html.
 

mrpasc

Well-Known Member
Jan 8, 2022
481
253
63
Munich, Germany
And that's PCI, good luck finding a slot for it.
Why not, OP asked for Workstations. At least Dell Precision comes with one PCI slot today (T7820, T7920).
Using a quite similar product(RARITAN ERIC-G4 REMOTE MANAGEMENT CARD PCI KVM-over-IP Box) with my T7920 as it's true, Intel AMT sucks and fails if you need it most.

Looking around for this ASRock Rack "Paul" but never seen in the wild here in Eirope
Asrock Rack Paul IPMI add on card
 
Last edited:
Jul 19, 2020
51
20
8
Funny you mention the T7920, that's actually the machine that I'm looking at doing this to. And it doesn't have a PCI slot, only the T7820 has one. And in this case, tower vs. rack mount server is less about cost and more about acoustics.
 

anthros

New Member
Dec 16, 2021
10
4
3
Portland, OR USA
If I was doing this and I didn't want to spend the $$ on server grade motherboards, I would get a KVM over IP device and if I wanted power and reset control, I would use an hobby grade micro controller board such as the ESP32 or an Arduino UNO with Ethernet, write a program to accept remote commands either via serial or html.
I recently dealt with this for my group at work. We ended up going with a 16-port Raritan Dominion LX II for KVM-over-IP goodness (though the required dongles were as much as the unit itself--$1200). For reboots, we went with 3 of Dataprobe's 8-socket iBoot switched PDUs. That gives us 24 switched AC sockets for about $1650.

I wasn't able to find much info on the Dataprobe PDUs prior to purchasing them, but they're surprisingly straightforward. Two of the units are controlled by the the third, so everyone can reboot their own machines (and no one else's) from a single web interface. LDAP/AD integration requires the use of Dataprobe's cloud service, and that was a non-starter for us, but it's still not too bad with only about 16 users. It obviously wouldn't scale to more than a few dozen.


None of this was cheap, but compared to the hassle and time-cost of individual users going in to reboot their machines in a time of cholera, it was worth it. Management couldn't approve the request fast enough.

I'd be curious to hear from anyone else who has used the iBoot switched PDUs.
 

jabuzzard

Member
Mar 22, 2021
45
18
8
You didn't mention the budget. Easiest: Dump/sell the machine or its motherboard+CPU+RAM, get something with an Aspeed 2400/2500/2600. vPro AMT is not a professional solution, can and will fail when you need it most. Like IP connectivity going AWOL.
Anything can fail. I have a server at work right now with a dead BMC, the server itself is just fine. I have found vPro AMT to be perfectly reliable myself, and not seen issues with it loosing it's IP connectivity. I would also for the record note that something like MeshCommander is like a zillion times more secure than a motherboard with an Aspeed that never gets updates from the manufacturer. Looking at you Supermicro and Asrock. Then even if they do get updates they get dropped so the rack full of Dell C6220's at work that provide an undergraduate HPC facility, well yeah I have to maintain an old version of Chromium to access the iDRAC now and don't get me started on the KVM for which I had to write a custom Perl script to fire up the Java applet outside of a web browser a couple of years ago now.
 

Stephan

Well-Known Member
Apr 21, 2017
929
706
93
Germany
Updates for AsrockRack are indeed abysmal. Like two for entire lifetime. Must be a small 5 people shop in Taiwan... ;-) AMT security not better though, just look at all the CVEs from Intel. I suppose if you really try hard, there are still holes like timing attacks possible to crack it from the Internet. So never expose your management interfaces to outside. As for AMT stability, it varies. Some versions are rock stable but then a security bug appears and you are encouraged by management to update. Try this: Poweroff PC and leave connected over night. Two days later, come back and try to install Windows 7 or Linux on that PC, without touching it. If it works, you got a good AMT version running. If AMT is dead, version is bad.

Keeping old browsers around is sadly standard for us too. Still have a VM with old Firefox and old Sun Java 1.7 for old IBM Java SAN configuration, mostly these days to wipe flash back to factory before decomissioning or donation. There is also Java Web Start is dead. Long live OpenWebStart! - openwebstart.com but I found old Java does not like new runtimes most of the time.
 

jabuzzard

Member
Mar 22, 2021
45
18
8
my x10srl-f is eol for 2 years now and it got an update for ipmi in that time...
Lucky you the X7SPA-HF-D525 never got an update as far as I can tell. The J1900D2Y from AsrockRack had one update back in 2015. That is typical for Supermicro and AsrockRack. To be fair many of the major hardware vendors are the same. I remember Sun X2770's that won't work with latest Sun Java and where still under the original five year maintenance contract from their purchase.
So for my latest home server I went with a Q370 chipset motherboard and MeshCommander. Sure I needed to get a HDMI monitor emulator to plug into the back but the whole thing works better than the Supermicro IPMI or AsrockRack ever did. I would note that I have burnt the i210 for exclusive IPMI management duties, but I have fitted a 10Gbps card anyway for actual usage, and the motherboard did come witht two 1Gb interfaces anyway.