Skip to main content

IPMI over Keyboard Controller Style (KCS) Access

Use the information in this topic to control IPMI over Keyboard Controller Style (KCS) access to the XClarity Controller.

The XClarity Controller provides an IPMI interface via the KCS channel that does not require authentication. Click Security under BMC Configuration to view or modify IPMI over KCS Access settings. Select an option from the drop-down menu to configure the IPMI over KCS Access settings. The following options are available:

Enabled
Permanently enable IPMI over KCS.
Disabled
Permanently disable IPMI over KCS.
Disabled (enable on demand)
Disable the KCS channel most of the time, but allow some Lenovo tools to exchange information with the XClarity Controller during the system firmware update window. When that occurs, the KCS channel is enabled briefly for a few minutes and then disabled upon completion or upon timeout.
Note
After you change the settings, you must restart the XClarity Controller for your changes to take effect.
Important
If you are not running any tools or applications on the server that access the XClarity Controller through the IPMI protocol, it is highly recommended that you disable the IPMI KCS access for improved security. XClarity Essentials does use the IPMI over KCS interface to the XClarity Controller. If you disabled the IPMI over KCS interface, re-enable it prior to running XClarity Essentials on the server. Then disable the interface after you have finished.
Enable Restrict Host Interface Bootstrap Account Privileges to govern specific operational privileges for the Redfish Host Bootstrap account, a special account generated during bootstrapping (DSP0270) and utilized by XClarity Essentials OneCLI for in-band BMC configuration. When this setting is enabled, the Bootstrap account's functionality is curtailed, specifically preventing it from:

  • Performing manipulation of BMC user accounts, Roles, LDAP and Global Login Settings.

  • Initiating a reset of BMC or UEFI settings to factory defaults.

  • Configuration Backup and Restore.

Note

  • Other operations not listed above require Administrator or User Account Management permissions.

  • This setting enforces stricter security controls on the Bootstrap account and cannot be changed once the account is created.