Q: I’m concerned about the security implications of a web server constantly running in the background by default. Can I turn it off? Can you advise best practices?
A: IPMI is deeply integrated into the motherboard hardware, so there is no way to completely disable IPMI. The motherboard relies on the BMC for temperature monitoring, setting fan speeds, and logging serious hardware issues such as a faulty DIMM.
The easiest way to limit access to IPMI is to isolate it from your production VLAN, or leave the Ethernet cables on the motherboard unplugged. Beyond that, you can also change the default password, add user accounts, and close off ports on the firewall. SuperMicro has provided their recommended best practices in the following document: