Every administrator eventually hits the moment where SSH simply will not connect — a bad firewall rule, a kernel that will not boot after an update, a network config change that cut off the only path in — and discovers whether they actually have a way back onto the server that does not depend on the network stack that just broke. That path is IPMI, and understanding it before an emergency is the difference between a five-minute fix and a support ticket asking a data center technician to physically walk over with a monitor and keyboard.
What IPMI Actually Is
IPMI (Intelligent Platform Management Interface) is a dedicated management controller built into the server's motherboard — physically separate from the main CPU, OS, and network stack — with its own network port, its own power, and its own tiny embedded OS. Because it lives entirely outside the main server's operating system and network configuration, it keeps working even when the main OS has crashed, the network is misconfigured, or the server will not boot at all. This is what "out-of-band management" means: a management path that does not depend on anything you are trying to manage actually being functional.
What You Can Do With IPMI
- KVM-over-IP — a remote virtual keyboard, video, and mouse session, exactly as if you were sitting in front of the physical machine, usable even before an OS has loaded (BIOS/UEFI screens included)
- Power control — power on, power off, and hard reset the server remotely, independent of whether the OS is responsive enough to accept a graceful
rebootcommand - Virtual media mounting — mount an ISO image remotely as if it were a physical CD/USB drive, letting you boot a rescue environment or reinstall an OS without physical media or data center hands-on access
- Sensor and hardware monitoring — CPU temperature, fan speed, PSU status, and memory error reporting, all readable even when the main OS is completely down
- Serial-over-LAN (SOL) — a remote text console session, useful for headless troubleshooting without the overhead of a full graphical KVM session
IPMI vs SSH: Different Layers, Different Purposes
| Aspect | SSH | IPMI |
|---|---|---|
| Depends on OS being up | Yes | No |
| Depends on network config being correct | Yes | No (separate NIC/network path) |
| Works before OS boots (BIOS/UEFI) | No | Yes |
| Typical use | Day-to-day administration | Emergency recovery, OS installs, hardware diagnostics |
| Access speed | Fast, lightweight | Slower (KVM video), used less frequently |
SSH and IPMI are not competitors — they solve different problems. SSH is your daily driver; IPMI is the insurance policy you hope to rarely use but absolutely need on the day the main network path fails.
IPMI Interfaces and Vendor Names
| Vendor | IPMI Implementation Name |
|---|---|
| Dell | iDRAC (Integrated Dell Remote Access Controller) |
| HPE | iLO (Integrated Lights-Out) |
| Supermicro | IPMI (often just branded generically, sometimes with SuperDoctor tools) |
| Lenovo | XClarity Controller (XCC) |
All of these implement the same core IPMI functionality under different branding, with varying degrees of extra web UI polish and feature depth (Dell's iDRAC and HPE's iLO are generally considered the most fully-featured commercial implementations).
Setting Up IPMI Access Securely
Step 1: Change the Default Credentials Immediately
IPMI interfaces have historically shipped with well-known default credentials (and some older firmware versions have had serious documented vulnerabilities) — changing the default password is the single most important IPMI security step and is often skipped precisely because admins do not think of it as "real" server access.
Step 2: Restrict IPMI Network Access
Never expose the IPMI interface directly to the public internet. Restrict it to a specific management VLAN, a VPN-only access path, or an explicit IP allowlist at the network level — an exposed, default-credentialed IPMI interface is a well-documented attack vector for full hardware-level compromise.
Step 3: Keep IPMI Firmware Updated
IPMI firmware has had its own share of CVEs over the years, just like any other network-facing service — check your vendor's firmware release notes periodically and apply updates during a scheduled maintenance window.
Step 4: Use IPMI's Own User Roles, Not a Shared Admin Login
Most IPMI implementations support multiple user accounts with different privilege levels — create named individual accounts for each administrator rather than sharing one login, for the same audit-trail reasons you would not share a single root SSH account.
Common IPMI Use Cases in Practice
| Scenario | How IPMI Helps |
|---|---|
| Server will not boot after a kernel update | KVM console shows the actual boot error; mount a rescue ISO to fix GRUB/kernel config |
| Locked yourself out with a bad firewall rule | KVM console gives full local shell access to fix or flush the rule |
| Need a full OS reinstall | Mount an installer ISO via virtual media, no physical data center visit required |
| Suspected hardware issue (overheating, fan failure) | Sensor readings confirm the issue without needing physical inspection |
| Server hung/unresponsive, SSH times out | Power-cycle remotely via IPMI instead of filing a "please reboot my server" ticket |
Troubleshooting IPMI Itself
- Can't reach the IPMI web interface — confirm you are on the correct management network/VLAN or VPN; IPMI is deliberately not reachable from the general public internet
- KVM console is slow or laggy — this is largely inherent to remote video-over-IP technology and is generally acceptable for occasional emergency use, not meant for daily driving
- Forgot IPMI credentials — typically requires a physical BMC reset (often a jumper or button on the motherboard), which does mean an actual data-center-hands request in this specific case
Buyer's Checklist
- Confirm IPMI/KVM-over-IP access is included with the dedicated server, not an expensive add-on
- Ask whether virtual media mounting is supported, for remote OS reinstalls without a data-center visit
- Check how IPMI network access is secured by default (VPN-only, allowlist, or exposed — the last option is a red flag)
- Confirm the provider's process for a BMC/IPMI credential reset if you are ever locked out of it too
Frequently Asked Questions
Is IPMI the same as a VPS control panel console?
No — a VPS "console" is typically a software/hypervisor-level feature. IPMI is real, physical, motherboard-level hardware management on a dedicated server, working even below the operating system.
Can IPMI be used to reinstall the OS remotely?
Yes, via virtual media — mount an installer ISO through the IPMI web interface exactly as if you had inserted physical installation media into the server.
Is IPMI access included with dedicated servers by default?
It should be, and most reputable providers include it standard — always confirm explicitly before ordering, since it is genuinely essential for emergency recovery rather than a nice-to-have extra.
What happens if I lose my IPMI password too?
Recovery typically requires a physical BMC reset by data center staff, which is why using a securely stored password manager entry for IPMI credentials (separate from your regular SSH keys) matters.
Does IPMI slow down the main server or use its resources?
No — it runs on entirely separate, dedicated hardware (its own tiny processor and memory) and has no measurable impact on the main server's CPU, RAM, or performance.
Should IPMI be exposed to the public internet for convenience?
No, never — restrict it to a VPN or allowlisted management network. An internet-exposed IPMI interface with weak or default credentials is one of the most severe possible compromise vectors, since it grants hardware-level control below the OS.
Every WebsNP dedicated server includes IPMI/KVM access as standard, so you are never dependent on a support ticket to recover from a lockout. View our dedicated server plans or contact us to confirm remote management details for your configuration.