A resposta curta é sim, HTTPS é possível e a porta 621 do udp não é necessariamente necessária. A página atual da Wikipedia diz isso em "Status de segurança atual" aqui .
IPMI supports the use of SSL by way of HTTPS for secure communication with certificates.
The use of default short passwords, or "cipher 0" hacks can be easily overcome with the use of a RADIUS server for Authentication, Authorization, and Accounting over SSL as is typical in a datacenter or any medium to large deployment. The user's RADIUS server can be configured to store AAA securely in an LDAP database in a secure manner using either FreeRADIUS/OpenLDAP or Microsoft Active Directory and related services.
...
Therefore, the prudent best practice is to disable the use of the Operator and Administrator roles in LDAP/RADIUS, and only enable them when needed by the LDAP/RADIUS administrator. For example, in RADIUS a role can have its setting Auth-Type changed to:
Auth-Type := Reject
Doing so will prevent RAKP hash attacks from succeeding since the username will be rejected by the RADIUS server.