Comment IPMI and other "lights-out" (Score 2) 564
Don't underestimate IPMI and its equivalent (what was Intel's name for their proprietary alternative? ME ?)
With this kind of technologies, you have a small mini-embed system in the motherboard, which talk over a TCP/IP network and provides all functionnality (including wake-on-lan, including shutdown, including reboots (AND specifying what resource to reboot to - like starting PXE or emulated-over-network USB driver), including VNC remoting, and Serial-over-IP (for some server remoting).
Think of all the niceties you have inside a VirtualBOX or VMWare emulator, but on actual real hardware.
It's very popular in enterprise settings so sysadmins can update a whole division's computers, instead to having to walk to each one of hundreds of machine).
So it available under some form on most workstations, servers, and enterprise laptops.
If you need to upgrade machines, the usual procedure is:
1. you politely ask the user to not start any over-night computation and if possible leave their machine off.
2. when the evening comes you log into the lights-out management of each of the target the workstation over *IP* (no MAC-address shenningans, straith IP address) (you either have simple accounts with password, or you can have it integrated to some larger systems)
3. because none of the user would have actually left the workstation off as requested, you first try to nicely shutdown the machines (you send an ACPI soft-off signal, and hope that the OS will react and nicely save and shutdown).
4. after a timeout you force shutdown the remaining machines (you send a Reset or Power OFF signal)
5. you boot all the machine and ask them to load your payload instead of the disk (it can be either classical PXE, or you can remotely emulate a USB drive) so all machine boot the management software even that bizare guy who insist on having CD as his primary boot device on his workstation.
6. you remotely launch the necessary administration. Either it runs unattended, or you can remotely control if needed (depending on the tool used, you might use a proprietary administration tool, or SSH, or Serial-over-Internet. If it's an asinine tool, you might need to VNC)
7. you reboot the machine and let them follow normal boot order.
The system has lots of advantage:
- it can be scripted with command line tools.
- you can even change BIOS settings, etc.
- it's handled by an embed system (usually part of the chipset) so this is completely independent of what the main CPU is doing (the workstation might be running or might be powered off).
The system has a few drawbacks:
- massive security problems: the user-friendly web-interface of lots of "lights-out" implementation is buggy and an exploit-nightmare (most securing recommandation start by "turn the web console off").
- security problem: you need to setup proper accounts and passwords (to avoid a script kiddie wrecking havock after having guessed a few standard passwords. Minimum is setting acceptable local accounts)
So, going back to the discussion:
- if the workstations have Lights-out remote administration (virtually all enterprise hardware is sold with)
- if the remote administration is properly setup...
You have full control possibilities on the whole fleet of workstations, without any of the hassle of dealing with low-level functionnalities like PXE, WOL, etc.
If an administrator has done a bad job at automating it all, you might end up with the whole enterprise being remotely reformated.
At least the students machine are probaly safe:
- the consumer grade laptops don't usually feature "lights-out" management.
- the student who has bought an enterprise-class laptop probably hasn't it activated (and if the student is savvy enough to turn it on for own use, the student has sure enough setup decent accounts).
Given the security problems mentionned above, that means NSA and China have probably full administrative access to 1/3 of all enterprise workstations running everywhere.