HP Integrated Lights-Out 2 User Guide for Firmware 1.75 and 1.
© Copyright 2005, 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Confidential computer software.
Contents Operational overview ................................................................................................................... 9 Guide overview ........................................................................................................................................ 9 New in this release of iLO 2 ....................................................................................................................... 9 iLO 2 overview ...........................................
User accounts and access............................................................................................................... 44 SSH key administration .................................................................................................................. 45 SSL certificate administration........................................................................................................... 45 Two-factor authentication..................................................................
iLO 2 BL c-Class tab..................................................................................................................... 128 Enclosure bay IP addressing ......................................................................................................... 128 Dynamic power capping for server blades...................................................................................... 130 iLO 2 Virtual Fan ....................................................................................
Configuring directories when schema-free integration is selected ....................................................... 180 Setting up management processors for directories............................................................................ 181 HP Systems Insight Manager integration ...................................................................................... 183 Integrating iLO 2 with HP SIM.................................................................................................
No console replay while server is powered down............................................................................ 203 Skipping information during boot and fault buffer playback .............................................................. 203 Out of Memory error starting Integrated Remote Console.................................................................. 203 Session leader does not receive connection request when IRC is in replay mode..................................
Lights-Out Management attribute definitions .................................................................................... 218 Technical support...................................................................................................................... 220 Support information ............................................................................................................................... 220 HP contact information ...............................................................
Operational overview Guide overview HP iLO 2 provides multiple ways to configure, update, and operate servers remotely. The HP Integrated Lights-Out 2 User Guide describes these features and how to use them with the browser-based interface and RBSU. Some features are licensed features and may only be accessed after purchasing an optional license. For more information, see "Licensing (on page 26).
iLO 2 overview iLO 2 can remotely perform most functions that otherwise require a visit to servers at the data center, computer room, or remote location. The following are just a few examples of using iLO 2 features. • iLO 2 Remote Console and virtual power enables you to view a stalled remote server with blue screen conditions and restart the server without onsite assistance. • iLO 2 Remote Console enables you to change BIOS settings when necessary.
Feature iLO 2 iLO Support for Microsoft® JVM Yes No Remote Console Acquire button Yes Yes Terminal Services integration Yes Yes HP schema directory integration Yes Yes Schema-free directory integration Yes Yes Two-factor authentication Yes Yes Power Regulator reporting Yes Yes Virtual Floppy and CD/DVD-ROM Yes Yes USB key virtual media Yes Yes Virtual folder Yes No HP Insight Essentials Rapid Deployment Pack integration HP Insight Essentials Rapid Deployment Pack integrates
iLO 2 provides the KCS interface, or open interface, for SMS communications. The KCS interface provides a set of I/O mapped communications registers. The default system base address for the I/O mapped SMS Interface is 0xCA2 and is byte aligned at this system address. The KCS interface is accessible to SMS software that is running on the local system. Examples of compatible SMS software applications are as follows: • IPMI version 2.
• UID Status The WS-Management in iLO 2 returns status information for fans, temperatures, power supplies, and VRMs. iLO 2 browser interface overview The iLO 2 browser interface groups similar tasks for easy navigation and workflow. These tasks are organized under high-level tabs across the top of the iLO 2 interface. These tabs are always visible and include System Status, Remote Console, Virtual Media, Power Management, and Administration.
o • HP supports Microsoft® JVM and SUN Java™ 1.4.2_13. To download the recommended JVM for your system configuration, refer to the HP website (http://www.hp.com/servers/manage/jvm). Firefox 2.0 o This browser is supported on Red Hat Enterprise Linux Desktop 4 and Novell Linux Desktop 9. o HP supports Microsoft® JVM and SUN Java™ 1.4.2_13. To download the recommended JVM for your system configuration, refer to the HP website (http://www.hp.com/servers/manage/jvm).
o SUSE LINUX Enterprise Server 10 Operational overview 15
iLO 2 setup Quick setup To quickly setup iLO 2 using the default settings for iLO 2 Standard and iLO Advanced features, follow the steps below: 1. Prepare—Decide how you want to handle networking and security ("Preparing to setup iLO 2" on page 16) 2. Connect iLO 2 to the network ("Connecting to the network" on page 18). 3. If you are not using dynamic IP addressing, use the iLO 2 RBSU to configure a static IP address ("Configuring the IP address" on page 18). 4.
To access iLO 2 after connecting it to the network, the management processor must acquire an IP address and subnet mask using either a dynamic or static process: o Dynamic IP address is set by default. iLO 2 obtains the IP address and subnet mask from DNS/DHCP servers. This method is the simplest. o Static IP address is used to configure a static IP address if DNS/DHCP servers are not available on the network. A static IP address can be configured in iLO 2 using the RBSU.
Connecting to the network Typically iLO 2 is connected to the network in one of two ways. iLO 2 can be connected through a: • Corporate network where both ports are connected to the corporate network. In this configuration, the server has two network ports (one server NIC, and one iLO 2 NIC) connected to a corporate network. • Dedicated management network where the iLO 2 port is on a separate network. Configuring the IP address This step is necessary only if you are using a static IP address.
To configure a static IP address, use the iLO 2 RBSU with the following procedure to disable DNS and DHCP and configure the IP address and the subnet mask: 1. Restart or power up the server. 2. Press the F8 key when prompted during POST. The iLO 2 RBSU runs. 3. Select Network>DNS/DHCP, press the Enter key, and then select DHCP Enable. Press the spacebar to turn off DHCP. Be sure that DHCP Enable is set to Off, and save the changes. 4.
Setting up iLO 2 using iLO 2 RBSU HP recommends iLO 2 RBSU to initially set up iLO 2 and configure iLO 2 network parameters for environments that do not use DHCP and DNS or WINS. RBSU provides the basic tools to configure iLO 2 network settings and user accounts to get iLO 2 on the network. You can use RBSU to configure network parameters, directory settings, global settings, and user accounts. iLO 2 RBSU is not intended for continued administration.
2. Click Administration>Licensing to display the iLO 2 license activation screen. 3. Enter the license key. Press the Tab key or click inside a field to move between fields. The Activation Key field advances automatically as you enter data. Click Licensing to clear the fields and reload the page. 4. Click Install. The EULA confirmation appears. The EULA details are available on the HP website (http://www.hp.com/servers/lights-out) and with the license kit. 5. Click OK.
• CPQASM2.SYS, SYSMGMT.SYS, and SYSDOWN.SYS provide the iLO 2 Advanced Server Management Controller Driver support. PSP for Microsoft® Windows® products includes an installer that analyzes system requirements and installs all drivers. The PSP is available on the HP website (http://www.hp.com/support) or on the SmartStart CD. To install the drivers in the PSP: 1. Download the PSP from the HP website (http://www.hp.com/support). 2. Run the SETUP.
To install the drivers download the PSP from the HP website (http://www.hp.com/support) to a NetWare server. After downloading the PSP, follow the Novell NetWare component installation instructions to complete the installation. For additional information about the PSP installation, read the text file included in the PSP download. When using Novell NetWare 6.X, use the ATI ES1000 video driver that is provided by the operating system for best results.
Configuring iLO 2 iLO 2 configuration overview Typically, an advanced or administrative user who must manage users and configure global and network settings configures iLO 2. You can configure iLO 2 using the iLO 2 browser-based GUI or scripting tools such as CPQLOCFG and HPONCFG (described in the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide.
• Firmware Maintenance CD-ROM—Download the component to create a bootable CD that contains many firmware updates for ProLiant servers and options. • Scripting with CPQLOCFG—Download the CPQLOCFG component to get the network-based scripting utility, CPQLOCFG. CPQLOCFG enables you to use RIBCL scripts that perform firmware updates, iLO 2 configuration, and iLO 2 operations in bulk, securely over the network. Linux users should consider reviewing the HP Lights-Out XML PERL Scripting Samples for Linux.
If the firmware upgrade is interrupted or fails, attempt the upgrade again immediately. Do not reset the iLO 2 system before reattempting a firmware upgrade. Updating the firmware using the maintenance CD To use HP Smart Update Manager on the Firmware Maintenance CD: 1. Place the Firmware Maintenance CD on a USB key using the USB Key Creator Utility. 2. Copy CP009768.exe to /compaq/swpackages directory on the USB Key. 3. Follow HP Smart Update Manager steps to complete firmware update.
If you purchase the iLO Advanced Pack or the iLO Advanced Pack for BladeSystem with any Insight Control software suite or iLO Power Management Pack, HP provides Technical Support and Update Services. For more information, see "Support information (on page 220)." If you purchase the iLO Advanced Pack or the iLO Advanced Pack for Blade System as a one-time activation of licensed features, you must purchase future functional upgrades. For more information, see "Support information (on page 220).
Feature iLO 2 Advanced iLO 2 Advanced for BladeSystem iLO 2 Standard iLO 2 Standard Blade Edition Power-related reporting* √ √ — — Dynamic power capping √ √ — — Group power capping √ √ — — Two-factor smart card authentication √ √ — — HP SIM single sign-on √ √ — — Kernel debugger for Windows √ √ — — Console replay √ √ — — Shared remote console √ √ — — Boot/fault console capture √ √ — — iLO video player (license required for capture) √ √ √ √ In addition t
To access local accounts, click Administration>User Administration>Local Accounts. iLO 2 Directory Accounts enables you to view iLO 2 groups and modify the settings for those groups. You must have the Administer Directory Groups privilege. To access Directory Accounts, click Administration>User Administration>Group Accounts. Adding a new user IMPORTANT: Only users with the Administer User Accounts privilege can manage other users on iLO 2. You can assign a different access privilege to each user.
3. Select User Administration>Local Accounts. 4. Click New. 5. Complete the fields. The following options are available: o User Name is displayed in the user list and on the home page. It is not necessarily the same as the Login name. The maximum length for a User Name is 39 characters. The User Name must use printable characters. o Login Name is the name that you must use when logging into iLO 2. The maximum length for a Login Name is 39 characters. The Login Name may only use printable characters.
Certificate button. Click this button to map a certificate to the user. After a certificate is mapped to the user account, a 40-digit thumbprint of the certificate appears, along with the Remove this Certificate button, which can be used to remove the certificate. If Two-Factor Authentication is enabled, a different certificate should be mapped to each user. A user who presents a certificate when connecting to iLO 2 is authenticated as the user to whom the certificate is mapped.
2. Click User Administration and select from the list the name of the user whose information you want to change. 3. Click Delete User. A pop-up window is displayed asking, Are you sure you want to delete the selected user? Click OK. Group administration iLO 2 enables you to view iLO 2 groups and modify settings for those groups. You must have the Administer Directory Groups privilege. To view or modify a group: 1. Click Administration>User Administration>Group Accounts. 2.
After iLO 2 is correctly configured, revoking this privilege from all groups prevents reconfiguration. Users with the Administer Group Accounts privilege can enable or disable this privilege. iLO 2 can also be reconfigured if iLO 2 RBSU is enabled. Click Save Group Information to save updated information, or click Cancel to discard changes and return to the Group Administration page. Configuring iLO 2 access iLO 2 allows you to configure which services are enabled on iLO 2 and user access to iLO 2.
Parameter Default value Description Secure shell (SSH) Port 22 This setting enables you to configure the iLO 2 SSH port to be used for SSH communications. Telnet Access Disabled This setting enables you to connect a telnet client to the Remote Console/Telnet port, providing access to the iLO 2 CLP. The following settings are valid: • Enabled—iLO 2 enables telnet clients to connect to the Remote Console/Telnet port. Network port scanners can detect that iLO 2 is listening on this port.
Parameter Default value Description Console Replay Port 17990 This setting enables you to specify the Console Replay Port. The Console Replay Port is opened on the client to enable the transfer of internal capture buffers to the client for replay. This port is only open when a capture buffer is being transferred to the client. Raw Serial Data Port 3002 This setting specifies the Raw Serial Data port address.The Raw Serial Data port is only open while the WiLODbg.
• Windows® XP On Windows® XP servers, the Terminal Services client and RDP connection is built in. The client is part of the operating system and is activated using Remote Desktop sharing. To activate desktop sharing, select Start>Programs>Accessories>Communications>Remote Desktop. The Terminal Services client in Windows® XP provides command line options and launches from the remote console applet.
Enabling the Terminal Services Passthrough option By default, the Terminal Services Passthrough feature is disabled and can be enabled on the Administration>Access>Services page. The Terminal Services button in the Remote Console is deactivated until the Terminal Services Pass-Through feature is enabled. To use of the Terminal Services Passthrough feature, install the latest Lights-Out Management Interface Driver and then install Terminal Services passthrough service for Microsoft® Windows® on the server.
When using the Terminal Services pass-through option with Windows Server® 2003 and Windows Server® 2008, there is approximately a 30-second delay after the CTRL-ALT-DEL dialog box appears before the Terminal Services client launches. The 30-second delay represents how long it takes for the service to connect to the RDP client running on the server.
Access options iLO 2 enables you to modify iLO 2 access, including connection idle time, iLO 2 functionality, iLO 2 RBSU, login requirements, CLI parameters, minimum password length, and server name. Settings on the Access Options page apply to all iLO 2 users. You must have the Configure iLO 2 Settings privilege to modify settings on this page. To view or modify iLO 2 access, click Administration>Access>Options and click Apply to save any updated information.
Parameter Default value Descriptions iLO 2 ROM-Based Setup Utility Enabled This setting enables or disables the iLO 2 ROM-Based Setup Utility. Normally, the iLO2 Option ROM prompts you to press F8 to enter RBSU, but if iLO 2 is disabled or iLO 2 RBSU is disabled, the RBSU prompt is bypassed. Require Login for iLO 2 RBSU Disabled This setting enables RBSU access with or without a usercredentials challenge.
When logging in to iLO 2 with Telnet or SSH clients, the number of login name and password prompts offered by iLO 2 matches the value of the Authentication Failure Logging parameter (or 3 when it is disabled.) However, the number of prompts might also be affected by your Telnet and SSH client configurations. Telnet and SSH logins also implement delays after login failure. During the delay, login is disabled so no login failure occurs.
• • Encrypted communication using: o SSH key administration o SSL certificate administration Support for optional LDAP-based directory services Some of these options are licensed features. To verify your available options, see the section, "Licensing (on page 26)." General security guidelines The following are general guidelines concerning security for iLO 2: • For maximum security, iLO 2 should be set up on a separate management network. • iLO 2 should not be connected directly to the Internet.
• RBSU Disabled (most secure) If iLO 2 RBSU is disabled, user access is prohibited. This prevents modification using the RBSU interface. iLO 2 Security Override Switch administration The iLO 2 Security Override Switch allows the administrator full access to the iLO 2 processor. This access may be necessary for any of the following conditions: • iLO 2 must be re-enabled after it has been disabled. • All user accounts with the Administer User Accounts privilege have been locked out.
iLO 2 provides support for the TPM mezzanine module in ProLiant 100 and ProLiant 300/500 series servers. On a supported system, iLO 2 decodes the TPM record and passes the configuration status to iLO 2, CLP, and XML interface. The System Status page displays the TPM configuration status. If the host system or System ROM does not support TPM, TPM Status is not displayed in Status Summary page. The Status Summary displays the following TPM status information: • Not Present—A TPM module is not installed.
iLO 2 saves a detailed log entry for failed login attempts, which imposes a delay of 60 seconds. SSH key administration iLO 2 enables you to authorize up to four SSH keys at one time on the SSH Key tab. The SSH Key tab also displays the owner (if any keys are authorized) of each authorized SSH key. Multiple keys can belong to a single user. To add an authorized key to iLO 2, the public key path must be submitted to iLO 2. The key file must contain the user name after the end of the key.
Base64-encoded. A CA processes this request and returns a response (X.509 certificate) that can be imported into iLO 2. The CR contains a public/private key pair that validates communications between the client browser and iLO 2. The generated CR is held in memory until a new CR is generated, iLO 2 is reset, or a certificate is imported by the generation process.
When two-factor authentication is enabled, access by the CPQLOCFG utility is disabled because CPQLOCFG does not meet all authentication requirements. However, the HPONCFG utility works because administrator privileges on the host system are required to execute the utility. A trusted CA certificate is required for two-factor authentication to function. You cannot change the TwoFactor Authentication Enforcement setting to Enabled if a trusted CA certificate is not configured.
10. From your desktop, open the file for the user certificate in Notepad, select all the text, and copy the text to the clipboard by pressing the Ctrl+C keys. 11. Browse to the User Administration page on iLO 2, and select the user for which you have obtained a public certificate or create a new user. 12. Click View/Modify. 13. Click Add a certificate. 14. Click inside the white text area so that your cursor is in the text area, and paste the contents of the clipboard by pressing the CTRL+V keys.
12. Select the certificate added to the user in iLO 2. Click OK. 13. If prompted to do so, insert your smart card, or enter your PIN or password. The login page should be displayed with the e-mail address for the user in the Directory User field. You cannot change the Directory User field. 14. Enter the password for the directory user. Click Login. After completing the authentication process, you have access to iLO 2.
After you have selected a certificate, if the certificate is protected with a password or if the certificate is stored on a smart card, a second page appears prompting you to enter the PIN or password associated with the chosen certificate. The certificate is examined by iLO 2 to ensure it was issued by a trusted CA by checking the signature against the CA certificate configured in iLO 2. iLO 2 determines if the certificate has been revoked and if it maps to a user in the iLO 2 local user database.
with CN=John Doe,OU=IT,DC=MyCompany,DC=com, which is the user's actual distinguished name. If the correct password is entered, the user is authenticated. Authentication using Default Directory Schema, part 2: The distinguished name for a user in the directory is CN=john.doe@MyCompany.com,OU=IT,DC=MyCompany,DC=com, and the following are the attributes of John Doe's certificate: • Subject: DC=com/DC=MyCompany/OU=Employees/CN=John Doe/E=john.doe@MyCompany.com • SAN/UPN: john.doe@MyCompany.
Configuring directory settings iLO 2 enables administrators to centralize user account administration using directory services. You must have the Configure iLO 2 Settings privilege to configure and test the iLO 2 directory services. To access Directory Settings, click Administration>Security>Directory. iLO 2 directory settings enable you to control directory-related behavior for the iLO 2 directory you are logged into.
• • Directory Server Address—Enables you to specify the network DNS name or IP address of the directory server. You can specify multiple servers, separated by a comma (,) or space ( ). If Use Directory Default Schema is selected, enter a DNS name in the Directory Server Address field to allow authentication with user ID. For example: directory.hp.com 192.168.1.250, 192.168.1.251 Directory Server LDAP Port—Specifies the port number for the secure LDAP service on the server.
To test the communication between the directory server and iLO 2, click Test Settings. For more information, see the section, "Directory Tests (on page 54)." Directory tests To validate current directory settings for iLO 2, click Test Settings on the Directory Settings page. The Directory Tests page appears. The test page displays the results of a series of simple tests designed to validate the current directory settings.
By default, remote console data uses 128-bit RC4 bi-directional encryption. The CPQLOCFG utility uses a 168-bit Triple DES with RSA and a SHA1 MAC cipher to securely send RIBCL scripts to iLO 2 over the network. Encryption settings You can view or modify the current encryption settings using the iLO 2 interface, CLP, or RIBCL. To view or modify current encryption settings using the iLO 2 interface: 1. Click Administration>Security>Encryption.
IMPORTANT: Incorrectly editing the registry can severely damage your system. HP recommends creating a back up of any valued data on the computer before making changes to the registry. For information on how to restore your registry, see the Microsoft Knowledge base article (http://support.microsoft.com/kb/307545). To connect to iLO 2 through an SSH connection, see your SSH utility documentation to set the cipher strength.
certificates and iLO 2 server names. When the allocated storage is used, no more imports are accepted. After setting up SSO in iLO 2, log into HP SIM, locate the LOM processor, select Tools>System Information>iLO as... HP SIM launches a new browser that is logged in to the LOM management processor. Adding HP SIM trusted servers You can install HP SIM server certificates using scripting that is suitable for mass deployment.
Setting up HP SIM SSO The HP SIM SSO page allows you to view and configure the existing iLO 2 Single Sign-On settings. You must have the Configure iLO 2 privilege to alter these settings. To access iLO 2 SSO settings, click Administration>Security>HP SIM SSO.
by Certificate, SSO is not allowed from that server. Likewise, if a HP SIM server certificate is imported, but the certificate has expired, SSO is not allowed from that server. Additionally, the records are not used when SSO is disabled. iLO 2 does not enforce SSO server certificate revocation. o Status—Indicates the status of the record (if any are installed). o Description—Displays the server name (or certificate subject).
R_ALT F6 3 g R_SHIFT F8 5 i L_SHIFT L-CTRL R_CTRL L_GUI R_GUI INS DEL HOME END PG_UP PG_DN ENTER F7 4 F9 F10 F11 F12 6 7 8 9 " " (Space) : " < ! # $ % & ; = > ? @ h j k l m n o p q r s t TAB ' [ u BACKSPACE ) ] w BREAK NUM PLUS ( * \ ^ v x NUM MINUS + _ y SCRL LCK , ' z F1 . b } SYS RQ F2 / F3 4. - 0 a c d { | ~ Click Apply to save changes. This feature can also be configured using scripting or command lines.
Network Settings The Network Settings page displays the NIC IP address, subnet mask, and other TCP/IP-related information and settings. From the Network Settings screen, you can enable or disable DHCP and configure a static IP address for servers not using DHCP. All users can view the network settings, but only users with the Configure iLO 2 Settings privilege can change these settings. To access the Network Settings page, click Administration>Network>Network.
iLO 2 subsystem name limitations The iLO 2 subsystem name represents the DNS name of the iLO 2 subsystem. For example, ilo instead of ilo.hp.com. This name can only be used, if DHCP and DNS are configured properly to connect to the iLO 2 subsystem name instead of the IP address. • Name service limitations—The subsystem name is used as part of the DNS name and WINS name. However DNS and WINS limitations differ: o DNS allows alphanumeric and hyphen. WINS allows alphanumeric, hyphen and underscore.
NIC port for iLO 2 server management. The iLO 2 Shared Network Port and the iLO 2 Dedicated Management NIC port cannot operate simultaneously. If you enable the dedicated iLO 2 NIC, you will disable the iLO 2 Shared Network Port. If you enable the iLO 2 Shared Network Port, you will disable the dedicated iLO 2 Dedicated Management NIC. However, disabling the Shared Network Port does not completely disable the system NIC. Regular network traffic still passes through the system NIC.
After iLO 2 resets, the Shared Network Port feature is active. Any network traffic going to or originating from iLO 2 is directed through the system's NIC port 1. Enabling the iLO 2 Shared Network Port feature through the web interface 1. Connect iLO 2 NIC port 1 to a LAN. 2. Open a browser, and browse to the iLO 2 IP address or DNS name. 3. Select Administration>Network Settings. 4. On the Network Settings page, select Shared Network Port.
DHCP/DNS Settings The iLO 2 DHCP/DNS Settings page displays DHCP/DNS configuration information for iLO 2. All users can view the DHCP/DNS settings, but you must have the Configure iLO 2 Settings privilege to change them. These settings can also be changed using the iLO 2 RBSU (F8 during POST). To access DHCP/DNS settings, click Administration>Network>DHCP/DNS. The DHCP/DNS Settings page appears.
o Use DHCP Supplied Domain Name—Toggles if iLO 2 uses the DHCP server-supplied domain name. If not, enter a domain name in the Domain Name box. • WINS Server Registration toggles if iLO 2 registers its name with a WINS server. • DDNS Server Registration toggles if iLO 2 registers its name with a DDNS server. • Ping Gateway on Startup option causes iLO 2 to send four ICMP echo request packets to the gateway when iLO 2 initializes.
For more information see to the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide. To configure alerts: 1. Log in to iLO 2 using an account that has the Configure iLO 2 Settings privilege. 2. Select Management in the Administration tab. The SNMP/Insight Manager Settings screen appears. 3. In the SNMP Alert Destination(s) fields, enter up to three IP addresses that you want to receive the SNMP alerts and select the alert options you want iLO 2 to support. 4.
the iLO 2 interface, CLI, RIBCL or other management feature. If the server is powered down because of the operating system, physical power button presses, or other methods, the alert is generated and sent. • ALERT_SERVER_RESET occurs when the iLO 2 management processor is used to perform a cold boot or warm boot of the host system. This alert is also sent when the iLO 2 management processor detects the host system is in reset because of events unknown to the management processor.
To see the results of changes made, click Apply Settings to save the changes. Click Reset Settings to return the page to its clear the fields and return to its previous state. The Reset Settings button does not save any changes. For more information on Insight Agents, click System Status>Insight Agent.
Static IP Bay Configuration is not supported in G1 BL-series blade enclosures. To view the enclosure generation, click BL p-Class>Rack View>Details for a specific enclosure. Static IP Bay configuration is not supported on an enclosure when Enclosure Type details displays the message BL Enclosure G1. When a blade is redeployed, Static IP Bay Configuration might not complete as expected.
The Enable Static IP Bay Configuration Settings checkbox, available on the Network Settings tab (not shown), allows you to enable or disable Static IP Bay Configuration. The new Enable Static IP Bay Configuration Settings option is only available on blade servers. When Static IP Bay Configuration is enabled, all fields except iLO 2 Subsystem Name are disabled. Only Static IP Bay Configuration or DHCP can be enabled at one time.
Static Route #1, #2, and #3 (destination gateway)—Assigns the appropriate static route destination and gateway IP address on your network (the default IP values are 0.0.0.0 and 0.0.0.0, where the first IP address corresponds to the destination IP, and the second IP address corresponds to the gateway IP). Enabling iLO 2 IP address assignment The bay #1 through bay #16 checkboxes enable you to select which BL p-Class blade servers will be configured. You can Enable All, Clear All, or Apply your selection.
1. iLO 2 configuration 2. Server RAID verification 3. Virtual media connection 4. Software installation iLO 2 configuration screen This screen enables you to change the following settings: • Administrator password. HP recommends changing the default password. • Network configuration settings.
indicating that this action is occurring. The page is refreshed automatically every 10 seconds. After the server reboots, the next page in the installation wizard displays again. If an error occurs during the RAID reset process, the RAID Configuration page will redisplay with an indication of the error. An error is most likely to occur if the server is in POST. If this is the case, exit any RBSU program you are running, allow POST to complete, and try the operation again.
• Speed • Duplex • IP Address Use this parameter to assign a static IP address to iLO 2 on your network. By default, the IP address is assigned by DHCP. By default, the IP address is 192.168.1.1 for all iLO 2 Diagnostic Ports. • Subnet Mask o Use the subnet mask parameter to assign the subnet mask for the iLO 2 Diagnostic Port. By default, the subnet mask is 255.255.255.0 for all iLO 2 Diagnostic Ports.
Using iLO 2 System status and status summary information When you first access iLO 2, the interface displays the Status Summary page with system status and status summary information, and provides access to health information, system logs, and Insight Agent information. The options available in the System Status section are: Summary, System Information, iLO 2 Log, IML, Diagnostics, iLO 2 User Tips, and Insight Agents.
• Internal Health LED—Represents the server internal health indicator (if supported). It summarizes problems with fans, temperature sensors, VRMs, and other monitored subsystems in the server. For more information, see "System Information Summary (on page 78)." • TPM Status—Displays TPM status configuration. If the host system or System ROM does not support TPM, TPM Status does not appear in Status Summary page. For more information, see "Trusted Platform Module support.
System Information Summary System Information displays the health of the monitored system. Many of the features necessary to operate and manage the components of the HP ProLiant server have migrated from the health driver to the iLO 2 microprocessor. These features are available without installing and loading the health driver for the installed operating system. The iLO 2 microprocessor monitors these devices when the server is powered on during server boot, operating system initialization, and operation.
Monitoring the fan sub-system includes the sufficient, redundant, and non-redundant configurations of the fans. Fan failure is a rare occurrence, but to ensure reliability and uptime, ProLiant servers have redundant fan configurations. In ProLiant servers that support redundant configurations, fan or fans might fail and still provide sufficient cooling to continue operation.
Processors The Processors tab displays the available processor slots, the type of processor installed in the slot, and a brief status summary of the processor subsystem. If available, installed processor speed in MHz and cache capabilities are displayed. Memory The Memory tab displays the available memory slots and the type of memory, if any, installed in the slot. NIC The NIC tab displays the MAC addresses of the integrated NICs. This page does not display add-in network adapters.
view the event log even when the server is off can be helpful when troubleshooting remote host server problems. You can sort the log by clicking the header of any column of data. After the sort completes, clicking the same column header again sorts the log in reverse of its current order. Very large logs will take several minutes to sort and display. You can clear the events in this log on the server's Insight Manager Web Agents home page.
o Use the Debug feature if a software application hangs the system. The Generate NMI to System button can be used to engage the operating system debugger. o Initiate the dump of an unresponsive host if you want to capture the server context. The Virtual Power and Reset privilege is required to generate an NMI. An unexpected NMI typically signals a fatal condition on the host platform.
iLO 2 Remote Console iLO 2 Remote Console redirects the host server console to the network client browser, providing full text (standard), graphical mode video, keyboard, and mouse access to the remote host server (if licensed). iLO 2 uses virtual KVM technology to improve remote console performance comparable with other KVM solutions.
Remote console access to the host server after server POST is a licensed feature available with the purchase of optional licenses. For more information, see "Licensing (on page 26)". To access iLO 2 Remote Console, click Remote Console. The Remote Console Information page appears. Remote Console overview and licensing options Remote Console and Integrated Remote Console connections are graphical and must be rendered using a client program that can process iLO 2 graphics commands.
• High Performance Mouse settings can help alleviate remote console mouse synchronization issues, but this feature is not supported on all operating systems. The effects of changing the settings take place when remote console is started or restarted. The following options are available: o Disabled—Enables the mouse to use the relative coordinates mode which is compatible with most host operating systems.
o Export enables you to trigger an export manually. o Export username is the username for the web server that is specified in the URL. o Password is the password of the web server that is specified in the URL. After making changes, click Apply. • Serial Port Configuration displays the current settings of the system serial ports and the Virtual Serial Port. The Settings for the system and virtual serial ports are also displayed, showing the COM ports in use and IRQ numbers.
information, refer to "Remote Console hot keys (on page 86)." The following table lists keys available to combine in a Remote Console hot key sequence. ESC F12 : o L_ALT "" (Space) < p R_ALT ! > q L_SHIFT # = r R_SHIFT $ ? s INS % @ t DEL & [ u HOME ~ ] v END ( \ w PG UP ) ^ x PG DN * _ y ENTER + a z TAB - b { BREAK .
Hot keys and international keyboards To set up hot keys on an international keyboard, select keys on your keyboard in the same position on a US keyboard. To create a hot key using the international AltGR key, use R_ALT in the key list. Use the US keyboard layout shown to select your keys. Shaded keys do not exist on a US keyboard. • The green shaded key is known as the Non-US \ and | keys on an international keyboard.
feature available with the purchase of optional licenses. For more information, see "Licensing (on page 26)". The Integrated Remote Console supports four simultaneous remote console sessions with the same server if enabled through the Remote Console Settings screen, SMASH CLI (OEM), or RIBCL. For more information about using multiple remote console sessions, see the section, "Shared Remote Console (on page 93).
o • Replay file—Displays an Open dialog box enabling you to view a previously saved file. After you select a file and click Open, the Remote Console menu changes to the Replay Console menu. Replay (play icon on the main menu)—Displays the Replay Console. The Replay Console provides playback control of the selected data buffer and displays elapsed playback time. The Replay Console has the following options: o Click Play to start the playback.
• Drive—Displays all available media. • Power (green power icon)—Displays the power status and allows you to access the power options. The power button is green when the server is powered up. When you press Power the Virtual Power Button screen appears with four options: Momentary Press, Press and Hold, Cold Boot, and Reset System. When either the Drives or Power button is pressed, the menu displayed remains open even when the mouse is moved away from the menu bar.
location similar to a USB tablet mouse. A conventional mouse sends relative position information (such as the mouse has moved 12 pixels to the right). The host computer can modify relative position information to enable features like mouse acceleration. When using the Remote Console, the client is not aware of these modifications. Therefore, synchronization between the client and host mouse cursors fails.
Shared Remote Console Shared Remote Console is an iLO 2 feature that allows the connection of up to four sessions on the same on the same server. This feature does not replace the Acquire feature described in "Acquiring the Remote console (on page 96)" or allow full-access clients (read/write) to control power. Shared Remote Console does not support passing server host designation to another user or a failed user connection to reconnect after failure.
Using HP iLO Video Player HP iLO Video Player enables you to playback iLO 2 console capture files without installing iLO 2 on your local system. iLO Video Player is designed as a typical media player with similar controls. You can run iLO Video Player as a standalone application on either a server or client. Typically, the application is located on the client. iLO 2 capture files are created using iLO 2 Console Capture feature, see "Using Console Capture (on page 93).
• Help o Help Topics—Opens the iLO Video Player help file. o About—Opens the iLO Video Player About page. iLO Video Player controls Control Name Function Play/Pause Starts playback if the currently selected file is not playing or is paused. If playback is in progress, it pauses the file. If no file is selected, the button is disabled. Stop Stops playback. If no file is selected, the button is disabled. Skip to Start Restarts playback from the beginning of the file.
Acquiring the Remote Console When the Remote Console Acquire setting on the Remote Console Settings screen is enabled, the Remote Console page displays the Acquire button. If you have opened the Remote Console page and are notified that another user is currently using Remote Console, clicking the Acquire button ends the other user's Remote Console session and starts a Remote Console session in your current window.
client operating systems (on page 13)" section. Remote Console is a licensed feature available with the purchase of optional licenses. For more information, see "Licensing (on page 26)". Remote Console uses dual cursors to help you distinguish between the local and remote mouse pointers. The client computer's mouse cursor appears in the Remote Console as a crosshair symbol.
• Close ends the Remote Console session and closes the Remote Console window. Recommended client settings Ideally, the remote server operating system display resolution should be the same resolution, or smaller, than that of the browser computer. Higher server resolutions transmit more information, slowing the overall performance. Use the following client and browser settings to optimize performance: • • • Display Properties o Select an option greater than 256 colors.
The Remote Console uses Virtual KVM and does not provide a true text-based console. iLO 2 uses the video adapter DVO port to access video memory directly. This method significantly increases iLO 2 performance. However, the digital video stream does not contain useful text data. Data obtained from the DVO port represents graphical data (non-character-based), and is not comprehensible ASCII or text data. This video data cannot be rendered by a text-based client application such as telnet or SSH.
o Other text-based operating systems Text mode screen support does not include graphics, other VGA text resolutions (132x48, 80x48), or other text resolutions implemented through a driver (implemented graphically).
To control the translation, use the xlt option with the appropriate reference number.
Character value Description Mapped equivalent 0x1F Down pointer v 0xFF Shaded block blank space Using a Linux session You can run an iLO 2 virtual serial port on a Linux system, if the system is configured to present a terminal session on the serial port. This feature enables you to use a remote logging service. You can remotely log on to the serial port and redirect output to a log file. Any system messages directed to the serial port are logged remotely.
operating system, interacting with the operating system; and executing and interacting with applications on the server operating system. Users of the Microsoft® Windows Server™ 2003 operating system have the ability to execute the EMS subsystem through the remote serial console. EMS is useful for debugging operating system boot and problems at the operating system kernel level.
After the server completes POST, the server system ROM transfers control to the operating system boot loader. If you are using Linux, you can configure the operating system boot loader to interact with the server serial port instead of the keyboard, mouse, and VGA console. This configuration enables you to view and interact with the operating system boot sequence through the Remote Serial console.
ROM that the session is no longer active. Then, the server system ROM cancels the redirection to the server serial port. The system ROM RBSU setup must be configured to use iLO 2 Virtual Serial Port for this enhancement to be operational. For more information, see the section, "Configuring Remote Serial Console (on page 103).
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Debug (com2)" /fastdetect /debug /debugport=com2 /baudrate=115200 If the server is configured to boot into debug mode, and a normal virtual serial port connection is established while the server is booting, several bytes of debug data are sent to the virtual serial port client. To avoid this, do not boot the server into debug mode while a normal virtual serial port connection is in use.
• -u Username = —Sets the Username for iLO 2 login. If not provided username is requested. is a series of characters. Options can occur in any order. Example command lines: • To connect to iLO 2 at 16.100.226.57, validate the user with the user name of admin with the password mypass, and start WinDBG.exe with the additional command line: wilodbg 16.100.226.57 -c "-b" -u admin -p mypass This example starts WinDBG.
You can also access virtual media through the Integrated Remote Console. The Integrated Remote Console enables you to access the system KVM and control Virtual Power and Virtual Media from a single console under Microsoft® Internet Explorer. For more information on accessing Virtual Power and Virtual Media using the Integrated Remote Console, see the section, "Integrated Remote Console option (on page 88).
3. Click Connect. The connected drive icon and LED will change state to reflect the current status of the Virtual Floppy Drive. To use an image file: 1. Select Local Image File within the Virtual Floppy/USBKey section of the Virtual Media applet. 2. Enter the path or file name of the image in the text-box, or click Browse to locate the image file using the Choose Disk Image File dialog. To ensure the source diskette or image file is not modified during use, select the Force read-only access option.
During boot and MS-DOS sessions, the Virtual Floppy device appears as a standard BIOS floppy drive. This device appears as drive A. If a physically attached floppy drive exists, is obscured and unavailable during this time. You cannot use a physical local floppy drive and the Virtual Floppy simultaneously. • Windows Server® 2008 or later and Windows Server® 2003 Virtual Floppy and USB key drives appear automatically after Microsoft® Windows® has recognized the mounting of the USB device.
In NetWare 6.5, use the lfvmount command on the server console to assign the device a drive letter. The NetWare 6.5 operating system will pick the first available drive letter for the Virtual Floppy drive. The volumes command can now be used by the server console to show the mount status of this new drive. When the drive letter shows as mounted, the drive will now be accessible through the server GUI as well as the system console.
mcopy /tmp/XXX.dat v: mdir v: mcopy v:foo.dat /tmp/XXX Changing diskettes When using the iLO 2 Virtual Floppy or USB key drive, and the physical diskette drive on the client machine is a USB diskette drive, disk change operations will not be recognized. For example, in this configuration, if a directory listing is obtained from a floppy diskette and the diskette is changed, a subsequent directory listing will show the listing for the first diskette.
3. Click Connect. To use an image file: 1. Select Local Image File within the Virtual CD/DVD-ROM section of the Virtual Media applet. 2. Enter the path or file name of the image in the text box or click Browse to locate the image file using the Choose Disk Image File dialog. 3. Click Connect. The connected drive icon and LED will change state to reflect the current status of the Virtual CD/DVDROM.
• Linux o Red Hat Linux On servers with a locally attached IDE CD/DVD-ROM, the virtual CD/DVD-ROM device is accessible at /dev/cdrom1. However, on servers without a locally attached CD/DVD-ROM, such as the BL-class blade systems, the virtual CD/DVD-ROM is the first CD/DVD-ROM accessible at /dev/cdrom.
4. Click Create. The virtual media applet begins the process of creating the image file. The process is complete when the progress bar reaches 100%. To cancel the creation of an image file, click Cancel. The Disk>>Image option is used to create image files from physical diskettes or CD-ROMs. The Image>>Disk option is not valid for a Virtual CD-ROM image. The Disk>>Image button changes to Image>>Disk when clicked.
• Red Hat and SLES Linux Linux supports the use of Virtual Folder. Virtual Folder uses a FAT 16 file system format. For more information, see the section, "Mounting USB Virtual Media/USBKey in Linux (on page 111)." Power management iLO 2 Power Management enables you to view and control the power state of the server, monitor power usage, monitor the processor, and modify power settings. The Power Management page has four menu options: Server Power, Power Meter, Processor States, and Settings.
• Automatically Power On Server enables iLO 2 to turn on a server when power is applied, such as when the server is plugged in, or when a UPS is activated after a power outage. You must have Virtual Power and Reset privilege to alter this setting. If power is unexpectedly lost while the server is powering up, the server always powers back on, even if Automatically Power On Server is set to No. • Power On Delay is used to stagger server power-on in a data center.
o HP Static High Performance Mode sets the processor to the highest supported processor state and forces it to stay in that state. o Enable OS Control Mode sets the processor to maximum power. After selecting a Power Regulator for ProLiant option, click Apply to save the setting. The server requires a reboot for the change to take affect. These settings cannot be changed while the server is in POST.
o Warnings Triggered By—Determines if warnings are based on peak power consumption, average power consumption, or disabled. o Warning Threshold—Sets the threshold at which power consumption must remain above in order to trigger an SNMP alert. o Duration—Sets the length of time, in minutes, that power consumption must remain above the warning threshold before an SNMP alert is triggered. The maximum duration allowed is 240 minutes and must be a multiple of 5. To use your selected settings, click Apply.
• Present Power Cap displays the current power cap setting. The 24-Hour History section displays the following: • Average Power Reading displays the average of the power readings from the server over the last 24hour period. If the server has not been running for 24 hours, the value is the average of all the readings since the server was booted. • Maximum Power displays the maximum power reading from the server over the last 24-hour period.
differently for each p-state the processor was in, with each colored portion scaled to represent the percentage of the total time the processor spent in that p-state. Pausing the mouse over the bar graph displays a tool tip that indicates the numeric percentage that portion of the bar represents. Power efficiency iLO 2 enables you to implement improved power usage using a High Efficiency Mode (HEM). HEM improves the power efficiency of the system by placing the secondary power supplies into step-down mode.
Graceful shutdown The ability of the iLO 2 microprocessor to perform a graceful shutdown requires cooperation from the operating system. In order to perform a graceful shutdown, the health driver must be loaded. iLO 2 communicates with the health driver, and the appropriate operating system method of safely shutting the system down to ensure data integrity is performed.
The server blade must be properly cabled for iLO 2 connectivity. Connect to the server blade with one of the following methods: • Through an existing network (in the rack)—This method requires you to install the server blade in its enclosure and assign it an IP address manually or using DHCP. • Through the server blade I/O port o In the rack—This method requires you to connect the local I/O cable to the I/O port and a client PC.
• Rack name • Logged-in iLO Location This section annotates the blade you are logged into. You can only configure blade settings for this blade. • Selected Bay Location This section annotates the currently selected bay. You can view information for many different types of components, including blades, power supplies, network components, and enclosures. • Enclosure Details Information about a particular enclosure is viewed by selecting Details located on the enumerated enclosure headers.
• Power On Control o Power Source o Enable Automatic Power On o Enable Rack Alert Logging (IML) Enclosure information Enclosure information is specific to the selected enclosure. Information about a particular enclosure is viewed by selecting Details located on the enumerated enclosure headers. A limited amount of rack information is available, including the name and serial number A basic set of information is available for the enclosures that do not contain the blade that you are logged into.
Power enclosure information The Power Enclosure Information page provides diagnostic information regarding the power management module and the power components contained in the power enclosure. This information provides an overview on the health and condition of the power enclosure and components.
iLO 2 control of ProLiant BL p-Class server LEDs iLO 2 can monitor BL p-Class servers through POST tracking and the Server Health LED. Server POST tracking Feedback is limited while the server is booting because of the headless nature of the ProLiant BL p-Class servers. iLO 2 provides boot-time feedback by flashing the Server Health LED green during server POST. The LED is set to solid amber if the boot is unsuccessful. The LED is set to solid green at the end of a successful boot.
You can access iLO 2 through the HP Onboard Administrator iLO option (on page 131) using the Web Administration (on page 132) link or directly. To log in to iLO 2 directly, see the "Log into iLO 2 for the first time ("Logging in to iLO 2 for the first time" on page 19)" section for more information. iLO 2 BL c-Class tab The BL c-Class tab of the iLO 2 web interface enables you to access the Onboard Administrator and the BladeSystem Configuration Wizard.
o Manual—If your facility prefers static IP address assignment, you can individually change each of the server blade iLO 2 ports and interconnect module management ports to unique static addresses or use EBIPA to assign a range of static IP addresses to individual server blade and interconnect module bays.
Field Possible value Description Subnet Mask ###.###.###.### where ### ranges from 0 to 255 Subnet mask for the device or interconnect bays Gateway ###.###.###.### where ### ranges from 0 to 255 Gateway address for the device or interconnect bays Domain A character string, including all alphanumeric characters and the dash (-) The domain name for the device or interconnect bays DNS Server 1 ###.###.###.
As the servers run, the demand for power varies for each server. A power cap for each server is set to provide the server with enough power to meet its workload demands while still conforming to the Enclosure Dynamic Power Cap. You can use either the Static Power Limit or the Enclosure Dynamic Power Cap in the following situations: o If the facility power is limited to the enclosure, you can enter a fixed limit into each enclosure. For example, if the hosted location limits the enclosure to 5000 W.
If your browser settings prevent new windows from opening, the links will not function properly. For help with turning off pop-up window blockers, see online help. Web Administration The Web Administration link on the HP Onboard Administrator interface accesses the iLO 2 GUI. The System Status page is displayed giving an overview of the health of the server. BL p-Class and BL c-Class features The HP ProLiant BL p-Class and ProLiant c-Class servers share common features.
Feature BL c-Class BL p-Class Enclosure communications Ethernet i2c Enclosure-based IP addressing DHCP SBIPC Enclosure authentication to iLO 2 Mutual Not supported Server fan Virtual Physical Blade server information and configuration Unrestricted Restricted Power-on override Not supported Supported Front dongle SUV (no iLO 2) SUVi Rack management Full support through HP Onboard Administrator Limited support through iLO 2 Using iLO 2 133
Directory services Overview of directory integration iLO 2 can be configured to use a directory to authenticate and authorize its users. Before configuring iLO 2 for directories, you must decide whether or not you want to use the HP Extended schema option. The advantages of using the HP Extended schema option are: • There is much more flexibility in controlling access. For example, access can be limited to a time of day or from a certain range of IP addresses.
• Compatibility—Lights-Out directory integration applies to iLO 2, RILOE and RILOE II products. The integration supports the popular Active Directory and eDirectory. • Standards—Lights-Out directory support builds on top of the LDAP 2.0 standard for secure directory access. Advantages and disadvantages of schema-free directories and HP schema directory Directories enhance security, enabling you to manage access and rights from a centralized location. Directories also enable flexible configuration.
Schema-free directory integration Using the schema-free directory integration method, users and group memberships reside in the directory, but group privileges reside in the individual iLO 2. iLO 2 uses login credentials to read the user object in the directory and retrieve the user group memberships, which are compared to those stored in iLO 2. If there is a match, authorization is granted.
A role contains one or more iLO 2 and one or more users, and has a list of privileges that these users have with the iLO 2 in the role. All iLO 2 access is managed by adding and removing users and iLO 2 to and from the role, and by managing the privileges on the role. For example: Advantages of using HP schema directory integration: o Greater flexibility controlling access. For example, you can limit access to a time of day or by a certain range of IP addresses.
• Multiple targets You do not need to use multiple targets in the directory. HP schema directory integration only requires one hpqTarget object, which can represent many LOM devices. Setup for Schema-free directory integration Before setting up the Schema-free option, your system must meet all the prerequisites outlined in the "Active Directory Preparation (on page 138)" section.
5. Click OK at the warning that the server cannot be renamed. The Enterprise root CA option is selected because there is no CA registered in the active directory. 6. Enter the information appropriate for your site and organization. Accept the default time period of two years for the Valid for field. Click Next. 7. Accept the default locations of the certificate database and the database log. Click Next. 8. Browse to the c:\I386 folder when prompted for the Windows® 2000 Advanced Server CD. 9.
4. Click Apply Settings. 5. Click Test Settings. Schema-free scripted setup To setup the schema-free directories option using RIBCL XML scripting: 1. Download and review the scripting and command line resource guide. 2. Write a script that configures iLO 2 for schema-free directories support and run it. The following script can be used as a template. PAGE 141At login time, the login name and user context are combined to make the user's distinguished name. For instance, if the user logs in as "JOHN.SMITH" and a user context is set up as "CN=USERS,DC=HP,DC=COM", then the distinguished name that iLO 2 will try will be "CN=JOHN.SMITH,CN=USERS,DC=HP,DC=COM." Maximum Login Flexibility • Configure iLO 2 as described. • Configure iLO 2 with a DNS name, not an IP address for the directory server's network address.
Setting up HP schema directory integration When using the HP schema directory integration, iLO 2 supports both Active Directory and eDirectory. However, these directory services require the schema being extended. Features supported by HP schema directory integration iLO 2 Directory Services functionality enables you to: • Authenticate users from a shared, consolidated, scalable user database. • Control user privileges (authorization) using the directory service.
c. Add users to the role object. For more information on managing the directory service, refer to "Directory-enabled remote management (on page 166)." Examples are available in the "Directory services for Active Directory (on page 147)" and "Directory services for eDirectory (on page 157)" sections. 5. Handle exceptions o Lights-Out migration utilities are easier to use with a single Lights-Out role.
• Windows Server® 2008 • Windows Server® 2003 iLO 2 supports eDirectory running on Novell. Schema required software iLO 2 requires specific software, which will extend the schema and provide snap-ins to manage the iLO 2 network. An HP Smart Component is available for download that contains the schema installer and the management snap-in installer. The HP Smart Component can be downloaded from the HP website (http://www.hp.com/servers/lights-out).
Schema Preview The Schema Preview screen enables the user to view the proposed extensions to the schema. This screen reads the selected schema files, parses the XML, and displays it as a tree view. It lists all of the details of the attributes and classes that will be installed. Setup The Setup screen is used to enter the appropriate information before extending the schema.
The Directory Login section of the Setup screen enables you to enter your login name and password. These might be required to complete the schema extension. The Use SSL during authentication option sets the form of secure authentication to be used. If selected, directory authentication using SSL is used. If not selected and Active Directory is selected, Windows NT® authentication is used.
Management snap-in installer The management snap-in installer installs the snap-ins required to manage iLO 2 objects in a Microsoft® Active Directory Users and Computers directory or Novell ConsoleOne directory.
iLO 2 requires a secure connection to communicate with the directory service. This requires the installation of the Microsoft® CA. Refer to the Microsoft® technical reference Knowledge Base Article 321051: How to Enable LDAP over SSL with a Third-Party Certification Authority. Installing Active Directory on Windows Server 2008 For the Default Schema: 1. Disable IPV6, and install Active Directory, DNS, and root CA to Windows Server® 2008. 2. Log in to iLO, and access the Directory Settings page.
IMPORTANT: Incorrectly editing the registry can severely damage your system. HP recommends creating a back up of any valued data on the computer before making changes to the registry. a. Start MMC. b. Install the Active Directory Schema snap-in in MMC. c. Right-click Active Directory Schema and select Operations Master. d. Select The Schema may be modified on this Domain Controller. e. Click OK. The Active Directory Schema folder might need to be expanded for the checkbox to be available. 4.
• One iLO 2 object corresponding to each iLO 2 management processor that will be using the directory. Example: Creating and configuring directory objects for use with iLO 2 in Active Directory The following example shows how to set up roles and HP devices in an enterprise directory with the domain testdomain.local, which consists of two organizational units, Roles and RILOES. Assume that a company has an enterprise directory including the domain testdomain.local, arranged as shown in the following screen.
d. Click OK. 2. Use the HP provided Active Directory Users and Computers snap-ins to create HP Role objects in the Roles organizational unit. a. Right-click the Roles organizational unit, select New then Object. b. Select Role for the field type in the Create New HP Management Object dialog box. c. Enter an appropriate name in the Name field of the New HP Management Object dialog box. In this example, the role will contain users trusted for remote server administration and will be called remoteAdmins.
d. Add users to the role. Click the Members tab, and add users using the Add button and the Select Users dialog box. The devices and users are now associated. 4. Use the Lights Out Management tab to set the rights for the role. All users and groups within a role will have the rights assigned to the role on all of the iLO 2 devices managed by the role. In this example, the users in the remoteAdmins role will be given full access to the iLO 2 functionality.
• Role object • User objects Each object represents a device, user, or relationship that is required for directory-based management. NOTE: After the snap-ins are installed, ConsoleOne and MMC must be restarted to show the new entries. After the snap-in is installed, iLO 2 objects and iLO 2 roles can be created in the directory. Using the Users and Computers tool, the user will: • Create iLO 2 and role objects. • Add users to the role objects. • Set the rights and restrictions of the role objects.
Members After user objects are created, the Members tab enables you to manage the users within the role. Clicking Add enables you to browse to the specific user you want to add. Highlighting an existing user and clicking Remove removes the user from the list of valid members. Active Directory role restrictions The Role Restrictions subtab allows you to set login restrictions for the role.
Time restrictions You can manage the hours available for logon by members of the role by clicking Effective Hours in the Role Restrictions tab. In the Logon Hours pop-up window, you can select the times available for logon for each day of the week in half-hour increments. You can change a single square by clicking it, or you can change a section of squares by clicking and holding the mouse button, dragging the cursor across the squares to be changed, and releasing the mouse button.
To remove any of the entries, highlight the entry in the display list and click Remove. Active Directory Lights-Out management After a role is created, rights for the role can be selected. Users and group objects can now be made members of the role, giving the users or group of users the rights granted by the role. Rights are managed on the Lights Out Management tab. The available rights are: • Login—This option controls whether users can log in to the associated devices.
• Administer Local Device Settings—This option enables the user to configure the iLO 2 management processor settings. These settings include the options available on the Global Settings, Network Settings, SNMP Settings, and Directory Settings screens of the iLO 2 Web browser. Directory services for eDirectory The following sections provide installation prerequisites, preparation, and a working example of Directory Services for eDirectory.
Assume samplecorp has an enterprise directory arranged according to the following screen. 1. Create organizational units in each region. Each organizational unit should contain the LOM devices and roles specific to that region. In this example, two organizational units are created, called "roles" and "hp devices", in each organizational unit, "region1" and "region2". 2. Create LOM objects in the hp devices organizational units for several iLO 2 devices using the HP provided ConsoleOne snap-ins tool. a.
e. Repeat the process for several more iLO 2 devices with DNS names "rib-nntp-server" and "rib-file- server-users1" in hp devices under region1, and "rib-file-server-users2" and "rib-app-server" in hp devices under region2. 3. Create HP Role objects in the roles organizational unit using the HP provided ConsoleOne snap-ins tool. a. Right-click the roles organizational unit found in the region2 organizational unit, and select New>Object. b. Select hpqRole from the list of classes, and click OK. c.
given full access to the iLO 2 functionality. Select the check boxes next to each right, and click Apply. To close the property sheet, click Close. 5. Using the same procedure as in step 4, edit the properties of the remoteMonitors role: a. Add the three iLO 2 devices within hp devices under region1 to the Managed Devices list on the Role Managed Devices option of the HP Management tab. b. Add users to the remoteMonitors role using the Members tab. c. Select the Login check-box, and click Apply>Close.
Directory Services objects for eDirectory Directory Services objects enable virtualization of the managed devices and the relationships between the managed device and user or groups already contained within the directory service. Role managed devices The Role Managed Devices subtab under the HP Management tab is used to add the HP devices to be managed within a role. Clicking Add allows you to browse to the specific HP device and add it as a managed device.
Members After user objects are created, the Members tab allows you to manage the users within the role. Clicking Add allows you to browse to the specific user you want to add. Highlighting an existing user and clicking Delete removes the user from the list of valid members. eDirectory Role Restrictions The Role Restrictions subtab allows you to set login restrictions for the role.
• DNS name Time restrictions You can manage the hours available for logon by members of the role by using the time grid displayed in the Role Restrictions subtab. You can select the times available for logon for each day of the week in halfhour increments. You can change a single square by clicking it, or a section of squares by clicking and holding the mouse button, dragging the cursor across the squares to be changed, and releasing the mouse button. The default setting is to allow access at all times.
To remove any of the entries, highlight the entry in the display field and click Delete. eDirectory Lights-Out Management After a role is created, rights for the role can be selected. Users and group objects can now be made members of the role, giving the users or group of users the rights granted by the role. Rights are managed on the Lights Out Management Device Rights subtab of the HP Management tab.
• Remote Console—This option allows the user access to the Remote Console. • Virtual Media—This option allows the user access to the iLO 2 Virtual Floppy and Virtual Media functionality. • Server Reset and Power—This option allows the user to remotely reset the server or power it down. • Administer Local User Accounts—This option allows the user to administer accounts. The user can modify their account settings, modify other user account settings, add users, and delete users.
Directory-enabled remote management Introduction to directory-enabled remote management This section is for administrators who are familiar with directory services and the iLO 2 product and want to use the HP schema directory integration option for iLO 2. You must be familiar with the “Directory services (on page 134)" section and comfortable with setting up and understanding the examples.
nested group directly to the role, and assign the appropriate rights and restrictions. New users can be added to either the existing group or the role. Novell eDirectory does not allow nested groups. In eDirectory, any user that can read a role is considered a member of that role. When adding an existing group, organizational unit or organization to a role, add the object as a read trustee of the role. All the members of the object are considered members of the role.
How directory login restrictions are enforced Two sets of restrictions potentially limit a directory user's access to LOM devices. User access restrictions limit a user's access to authenticate to the directory. Role access restrictions limit an authenticated user's ability to receive LOM privileges based on rights specified in one or more Roles. Restricting roles Restrictions allow administrators to limit the scope of a role. A role only grants rights to those users that satisfy the role's restrictions.
host. Events, such as unexpected power loss or flashing LOM firmware, can cause the LOM device clock to not be set. Also, the host time must be correct for the LOM device to preserve time across firmware flashes. Role address restrictions Role address restrictions are enforced by the LOM firmware, based on the client's IP network address. When the address restrictions are met for a role, the rights granted by the role apply.
name server. If the name service goes down or cannot be reached, DNS restrictions cannot be matched and will fail. DNS-based restrictions can limit access to a single, specific machine name or to machines sharing a common domain suffix. For example, the DNS restriction, www.hp.com, matches hosts that are assigned the domain name www.hp.com. However, the DNS restriction, *.hp.com, matches any machine originating from HP. DNS restrictions can cause some ambiguity because a host can be multi-homed.
Directory administrators might be tempted to create two roles to address this situation, but extra caution is required. Creating a role that provides the required server reset rights and restricting it to an after-hours application might allow administrators outside the corporate network to reset the server, which is contrary to most security policies.
• HP Lights-Out Migration Command utility The HP Lights-Out Migration Command utility, HPQLOMGC.EXE, offers a command-line approach to migration, rather than a GUI-based approach. This utility works in conjunction with the Application Launch and query features of HP SIM to configure many devices at a time. Customers that must configure only a few LOM devices to use directory services might also prefer the command-line approach.
HPQLOMIG directory migration utility Introduction to HPQLOMIG utility The HPQLOMIG utility is for customers with previously installed management processors who want to simplify the migration of these processors to management by directories. HPQLOMIG automates some of the migration steps necessary for the management processors to support Directory Services. HPQLOMIG can do the following: • Discover management processors on the network.
NOTE: The installation utility will present an error message and exit if it detects that the .NET Framework is not installed. Using HPQLOMIG The HPQLOMIG utility automates the process of migrating management processors by creating objects in the directory corresponding to each management processor and associating them to a role. HPQLOMIG has a GUI and provides the user with a wizard approach to implementing or upgrading large amounts of management processors.
If you click Next, Back, or exit the application during discovery, operations on the current network address are completed, but those on subsequent network addresses are canceled. To start the process of discovering your management processors: 1. Click Start and select Programs>Hewlett-Packard, Lights-Out Migration Utility to start the migration process. 2. Click Next to move past the Welcome screen. 3. Enter the variables to perform the management processor search in the Addresses field. 4.
If for security reasons the user name and password cannot be in the file, then leave these fields blank, but keep the semicolons. Upgrading firmware on management processors The Upgrade Firmware screen enables you to update the management processors to the firmware version that supports directories. This screen also enables you to designate the location of the firmware image for each management processor by either entering the path or clicking Browse.
4. After the upgrade is complete, click Next. During the firmware upgrade process, all buttons are deactivated to prevent navigation. You can still close the application using the "X" at the top right of the screen. If the GUI is closed while programming firmware, the application continues to run in the background and completes the firmware upgrade on all selected devices. HPLOMIG supports firmware flash on servers with a TPM chip.
The Select Directory Access Method page helps to prevent an accidental overwrite of iLO 2s already configured for HP schema or those that have directories turned off. This page determines if the HP Extended schema, schema-free (default schema), or no directories support configuration pages follow. To configure the management processor for: • Directory Services, refer to the "Configuring directories when HP Extended schema is selected (on page 179)" section.
To name the management processors, click the Name field, and enter the name, or: 1. Select Use Network Address, Use DNS Names, or Create Name Using Index. You can also name each management processor directory object by clicking twice in the name field with a delay between clicks. 2. Enter the text to add (suffix or prefix) to all names (optional). 3. Click Generate Names. The names display in the Name column as they are generated.
• Login Name and Password—These fields are used to log in with an account that has domain administrator access to the directory. • Container DN—After you have the network address, port, and login information, you can click Browse to navigate for the container and role distinguished name. The container Distinguished Name is where the migration utility will create all of the management processor objects in the directory.
• Login Name and Password—These fields are used to log in with an account that has domain administrator access to the directory. • Security Group Distinguished Name—The distinguished name of the group in the directory that contains a set of iLO 2 users with a common set of privileges. If the directory name, login name, and password are correct, you can click the Browse button to navigate to and select the group. • Privileges—The iLO 2 privileges associated with the selected group.
2. For Directories Support and Local Accounts option, select Enabled or Disabled. Remote access is disabled if both Directory Support and Local Accounts are disabled. To reestablish access, reboot the server and use RBSU F8 to restore access. 3. Click Configure. The migration utility connects to all of the selected management processors and updates their configuration as you have specified. HPLOMIG supports configuring 15 user contexts. To access the user context fields, use the scroll bar.
HP Systems Insight Manager integration Integrating iLO 2 with HP SIM iLO 2 fully integrates with HP SIM in key operating environments. Full integration with Systems Insight Manager also provides a single management console for launching a standard Web browser to access. While the operating system is running, you can establish a connection to iLO 2 using HP SIM.
The following sections give a summary of each function. For detailed information on these benefits and how to use HP SIM, see the HP Systems Insight Manager Technical Reference Guide, provided with HP SIM and available on the HP website (http://www.hp.com/go/hpsim). Establishing SSO with HP SIM 1. Browse to an iLO 2 and login using Administrator credentials. 2. Select the Administration tab 3. In the menu, select Security. 4. Select the HP SIM SSO tab. 5.
The iLO 2 management processor is displayed as an icon in the device list on the same row as its host server. The color of the icon represents the status of the management processor. For a complete list of device statuses, see the HP Systems Insight Manager Technical Reference Guide located on the HP website (http://www.hp.com/go/hpsim).
Receiving SNMP alerts in HP SIM You can configure iLO 2 to forward alerts from the host operating system management agents and to send iLO 2-generated alerts to HP SIM. HP SIM provides support for full SNMP management, and iLO 2 supports SNMP trap delivery to HP SIM. You can view the event log, select the event, and view the additional information about the alert. Configuring receipt of SNMP alerts in HP SIM is a two-step process.
needs to be in this file for iLO 2 if it remains at the standard Port 80. It is very important that the entry is on a single line and the port number is first, with all other items identical to the following example (including capitalization). The following example shows what the entry is if iLO 2 is to be discovered at port 55000 (this should all be on one line in the file): 55000=iLO 2, ,true,false,com.hp.mx.core.tools.identification.mgmtproc.
Troubleshooting iLO 2 iLO 2 POST LED indicators During the initial boot of iLO 2, the POST LED indicators flash to display the progress through the iLO 2 boot process. After the boot process is complete, the HB LED flashes every second. LED 7 also flashes intermittently during normal operation. The LED indicators (1 through 6) light up after the system has booted to indicate a hardware failure. If a hardware failure is detected, reset iLO 2.
LED indicator POST code (activity completed) Description Failure indicated 4, 3, and 1 0d Boot Block Main started. Boot block could not find a valid image. None Start C Run time initialization. 4, 3, and 2 0e Main() has received control. Varies Varies Each subsystem may selftest. 4, 3, 2, and 1 0f Start ThreadX. RTOS startup failed. 00 Main_init() completed. Subsystem startup failed. None HB and 7 Main self-test failed. Flashes as the iLO 2 processor executes firmware code.
Event log display Event log explanation iLO 2 Self Test Error: # Displays when iLO 2 has failed an internal test. The probable cause is that a critical component has failed. Further use of iLO 2 on this server is not recommended. iLO 2 reset Displays when iLO 2 is reset. On-board clock set; was #:#:#:#:#:# Displays when the onboard clock is set. Server logged critical error(s) Displays when the server logs critical errors. Event log cleared by: User Displays when a user clears the event log.
Event log display Event log explanation Virtual Floppy in use by: User Displays when a user begins using a Virtual Floppy. Remote Console login: User Displays when a user logs on a Remote Console session. Remote Console Closed Displays when a Remote Console session is closed. Failed Console login - IP Address: IP address Displays a failed console login and IP address. Added User: User Displays when a local user is added. User Deleted by: User Displays when a local user is deleted.
Event log display Event log explanation Virtual Floppy connected by User Displays when an authorized user connects the Virtual Floppy. Virtual Floppy disconnected by User Displays when an authorized user disconnects the Virtual Floppy. License added by: User Displays when an authorized user adds a license. License removed by: User Displays when an authorized user removes a license. License activation error by: User Displays when there is an error activating the license.
JVM support To ensure that the iLO 2 Remote Console applet and Virtual Media applet operate as expected, install Java Runtime Environment, Standard Edition 1.4.2_13. To locate a link to the latest supported version of JRE, from the iLO 2 browser interface, select Remote Console>Settings>Java. The iLO 2 Remote Console, Remote Serial Console, and Virtual Media applets require that JVM be installed on the client server.
privilege log in and change your password. If you are still unable to connect, have the user log in again and delete and re-add your user account. NOTE: The RBSU can also be used to correct login problems. Directory user premature logout Network errors can cause iLO 2 to conclude that a directory connection is no longer valid. If iLO 2 cannot detect the directory, iLO 2 terminates the directory connection.
Inability to access the login page If you cannot access the login page, you must verify the SSL encryption level of your browser is set to 128 bits. The SSL encryption level in iLO 2 is set to 128 bits and cannot be changed. The browser and iLO 2 encryption levels must be the same. Inability to access iLO 2 using telnet If you cannot access iLO 2 using telnet, you must verify the Remote Console Port Configuration and Remote Console Data Encryption on the Global Settings screen.
Inability to connect to the iLO 2 processor through the NIC If you cannot connect to the iLO 2 processor through the NIC, try any or all of the following troubleshooting methods: • Confirm that the green LED indicator (link status) on the iLO 2 RJ-45 connector is on. This condition indicates a good connection between the PCI NIC and the network hub. • Look for intermittent flashes of the green LED indicator, which indicates normal network traffic.
2. For example, in Internet Explorer, select Tools>Internet Options>Connections>LAN Settings>Advanced, and then enter the iLO 2 IP address or DNS name in the Exceptions field. Two-factor authentication error When attempting to authenticate to iLO 2 using two-factor authentication, you might receive the message The page cannot be displayed. This message may appear for the following reasons: • No user certificates are registered on the client system.
Alert Explanation Rack Server Power On Manual Override The server was manually forced by the customer to power on despite the BL p-Class reporting insufficient power. Rack Name Changed The name of the ProLiant BL p-Class rack was changed. Inability to receive HP SIM alarms (SNMP traps) from iLO 2 A user with the Configure iLO 2 Settings privilege must connect to iLO 2 to configure SNMP trap parameters.
Domain/name format login issues To login using the domain/name format, ActiveX controls must be enabled. To verify that your browser is letting the login script call ActiveX controls open Internet Explorer and set ActiveX controls to Prompt. You should see a similar to the following figure. ActiveX controls are enabled and I see a prompt but the domain/name login format does not work 1. Log in with a local account and determine the directory server name. 2.
Remote Console applet has a red X when running Linux client browser Mozilla browsers must be configured to accept cookies. 1. Open the Preferences menu, and select Privacy & Security>Cookies. 2. On the Level of Privacy screen, select Allow cookies based on privacy settings and click View. 3. On the Cookies screen, select Allow cookies based on privacy settings. The level of privacy must be set to Medium or Low.
while the rest of the text window remains static. After the scrolling is complete, click Refresh to properly update the text window. One known example of this issue is during the Linux booting and posting process, in which some of the POST messages can be lost. A possible repercussion is that a keyboard response will be requested by the boot process and will be missed.
Configuring Apache to accept exported capture buffers To enable the Console Replay Export feature to work correctly, you must configure a web server to accept the buffer data. The following is an example of configuration changes made to Apache version 2.0.59(Win32) on a server running Microsoft Windows Server™ 2003. You must select a location to store the exported data, set Apache permissions to write to this location, and configure authentication. To configure authentication, you must run htpasswd.
No console replay while server is powered down Playback of capture buffers and recorded console sessions are not available any time the server is powered down. You can play back the captured buffers by exporting the buffers to a web server and playing the files on another server IRC console. Manually export the buffer with the export button located on the Remote Console>Settings page after configuring the web server and export location.
Inactive IRC The iLO 2 IRC might become inactive or disconnected during periods of high activity. The problem is indicated by an inactive IRC. IRC activity slows before becoming inactive. Symptoms of an affected IRC include: • The IRC display does not update. • Keyboard and mouse activity are not recorded. • Shared Remote Console requests do not register. • The Virtual Media connection displays an empty (blank) virtual media device.
3. Click View Objects. 4. Right-click iLO 2 Remote Console Applet and click Remove. 5. Click OK to remove the object, and then click OK to close. GNOME interface does not lock Terminating an iLO 2 Remote Console or losing iLO 2 network connectivity does not lock the GNOME interface when iLO 2 and the GNOME interface are configured for the Remote Console Lock feature. The GNOME keyboard handler requires time to process key sequences that contain modifier keystrokes.
SSH text support from a Remote Console session The telnet and SSH access from text Remote Console supports the standard 80 x 25 configuration of the text screen. This mode is compatible for text Remote Console for the majority of available text mode interfaces in current operating systems. Extended text configuration beyond the 80 x 25 configuration is not displayed correctly when using telnet or SSH.
To correct this adjust the DOS® windows properties to limit its size to 80x25, before maximizing the DOS window. • On the title bar of the DOS® window, right-click the mouse and select Properties and select Layout. • On the Layout tab, change the Screen Buffer Size height to 25. Video applications not displaying in the Remote Console Some video applications, such as Microsoft® Media Player, will not display, or will display incorrectly, in the Remote Console.
Video capture file plays erratically iLO 2 capture files are recordings of screen activity. During long periods of screen inactivity, the recorded inactivity is truncated to reduce file size and improve playback performance. This can cause the playback to appear to start and stop, or play erratically. Troubleshooting Remote Text Console problems The following sections discuss items to be aware of when attempting to resolve Remote Text Console issues.
server based redirection, selecting File>New>Window or pressing the Ctrl+N keys, opens a duplicate instance of the original browser. Cookie order behavior During login, the login page builds a browser session cookie that links the window to the appropriate session in the firmware. The firmware tracks browser logins as separate sessions listed in the Active Sessions section of the iLO 2 Status page.
Preventing cookie-related user issues To prevent cookie-based behavioral problems: • Start a new browser for each login by double-clicking the browser icon or shortcut. • Click the Log Out link to close the iLO 2 session before closing the browser window. Inability to access ActiveX downloads If your network does not allow ActiveX controls you can capture the DVC.DLL from a single system and then distribute the file to client machines on the network. 1. Log into iLO 2. 2. Type https://ilo_name/dvc.
• Scripting with CPQLOCFG—Download CPQLOCFG component to get the network-based scripting utility, CPQLOCFG. CPQLOCFG allows you to use RIBCL scripts that perform firmware updates, iLO 2 configuration, and iLO 2 operations in bulk, securely over the network. Linux users should consider reviewing the HP Lights-Out XML PERL scripting samples for Linux. • Scripting with HPONCFG—Download the HPONCFG component to get the host-based scripting utility, HPONCFG.
You can also use Microsoft® LDP tool to verify SSL connections. For more information on the LDP tool, go to the Microsoft® website (http://www.microsoft.com/support). An old certificate can cause problems with SSL can on the domain controller when it points to a previously trusted CA with the same name, which is rare but might happen if a certificate service is added and removed and then added again on the domain controller. To remove old certificates and issue a new one follow the instructions in Step 2.
Directory services schema HP Management Core LDAP OID classes and attributes Changes made to the schema during the schema setup process include changes to the: • Core classes (on page 213) • Core attributes (on page 213) Core classes Class name Assigned OID hpqTarget 1.3.6.1.4.1.232.1001.1.1.1.1 hpqRole 1.3.6.1.4.1.232.1001.1.1.1.2 hpqPolicy 1.3.6.1.4.1.232.1001.1.1.1.3 Core attributes Attribute name Assigned OID hpqPolicyDN 1.3.6.1.4.1.232.1001.1.1.2.1 hpqRoleMembership 1.3.6.1.4.1.232.
Attributes hpqPolicyDN—1.3.6.1.4.1.232.1001.1.1.2.1 hpqRoleMembership—1.3.6.1.4.1.232.1001.1.1.2.2 Remarks None OID 1.3.6.1.4.1.232.1001.1.1.1.2 Description This class defines Role objects, providing the basis for HP products using directory-enabled management. Class type Structural SuperClasses group Attributes hpqRoleIPRestrictions—1.3.6.1.4.1.232.1001.1.1.2.5 hpqRole hpqRoleIPRestrictionDefault— 1.3.6.1.4.1.232.1001.1.1.2.4 hpqRoleTimeRestriction—1.3.6.1.4.1.232.1001.1.1.2.
hpqRoleMembership OID 1.3.6.1.4.1.232.1001.1.1.2.2 Description Provides a list of hpqTarget objects to which this object belongs. Syntax Distinguished Name—1.3.6.1.4.1.1466.115.121.1.12 Options Multi Valued Remarks None hpqTargetMembership OID 1.3.6.1.4.1.232.1001.1.1.2.3 Description Provides a list of hpqTarget objects that belong to this object. Syntax Distinguished Name—1.3.6.1.4.1.1466.115.121.1.12 Options Multi Valued Remarks None hpqRoleIPRestrictionDefault OID 1.3.6.1.4.1.232.
Remarks This attribute is only used on role objects. IP restrictions are satisfied when the address matches and general access is denied, and unsatisfied when the address matches and general access is allowed. Values are an identifier byte followed by a type-specific number of bytes specifying a network address. • For IP subnets, the identifier is <0x01>, followed by the IP network address in network order, followed by the IP network subnet mask in network order. For example, the IP subnet 127.0.0.1/255.
Lights-Out Management specific LDAP OID classes and attributes The following schema attributes and classes might depend on attributes or classes defined in the HP Management core classes and attributes. Lights-Out Management classes Class name Assigned OID hpqLOMv100 1.3.6.1.4.1.232.1001.1.8.1.1 Lights-Out Management attributes Class name Assigned OID hpqLOMRightLogin 1.3.6.1.4.1.232.1001.1.8.2.1 hpqLOMRightRemoteConsole 1.3.6.1.4.1.232.1001.1.8.2.2 hpqLOMRightVirtualMedia 1.3.6.1.4.1.232.1001.
Attributes hpqLOMRightConfigureSettings— 1.3.6.1.4.1.232.1001.1.8.2.1 hpqLOMRightLocalUserAdmin— 1.3.6.1.4.1.232.1001.1.8.2.2 hpqLOMRightLogin—1.3.6.1.4.1.232.1001.1.8.2.3 hpqLOMRightRemoteConsole— 1.3.6.1.4.1.232.1001.1.8.2.4 hpqLOMRightServerReset— 1.3.6.1.4.1.232.1001.1.8.2.5 hpqLOMRightVirtualMedia— 1.3.6.1.4.1.232.1001.1.8.2.6 Remarks None Lights-Out Management attribute definitions The following defines the Lights-Out Management core class attributes. hpqLOMRightLogin OID 1.3.6.1.4.1.232.1001.1.
hpqLOMRightServerReset OID 1.3.6.1.4.1.232.1001.1.8.2.4 Description Remote Server Reset and Power Button Right for HP LightsOut Management products Syntax Boolean—1.3.6.1.4.1.1466.115.121.1.7 Options Single valued Remarks This attribute is only used on ROLE objects. If this attribute is TRUE, members of the role are granted the right. hpqLOMRightLocalUserAdmin OID 1.3.6.1.4.1.232.1001.1.8.2.5 Description Local User Database Administration Right for HP Lights-Out Management products.
Technical support Support information HP iLO Advanced Pack and HP iLO Advanced Pack for Blade System included with Insight Control suites and iLO Power Management Pack include one year of 24 x 7 HP Software Technical Support and Update Service. This service provides access to HP technical resources for help in resolving software implementation or operations problems.
• Join the discussion (http://forums.itrc.hp.com)—The HP Support Forum is a community-based, usersupported tool designed so that HP customers can discuss HP products. To discuss Insight Control and Insight Essentials software, click Management Software and System Tools. • Software and Drivers download pages (http://www.hp.com/support)—These pages provide the latest software and drivers for your ProLiant products. • Management Security (http://www.hp.
Acronyms and abbreviations ACPI Advanced Configuration and Power Interface ARP Address Resolution Protocol ASCII American Standard Code for Information Interchange ASM Advanced Server Management ASR Automatic Server Recovery BMC baseboard management controller CA certificate authority CLI Command Line Interface CLP command line protocol CR Certificate Request CRL certificate revocation list DAV Distributed Authoring and Versioning Acronyms and abbreviations 222
DDNS Dynamic Domain Name System DHCP Dynamic Host Configuration Protocol DLL dynamic link library DMTF Distributed Management Task Force DNS domain name system DVO Digital Video Out EAAS Environment Abnormality Auto-Shutdown EBIPA Enclosure Bay IP Addressing EMS Emergency Management Services EULA end user license agreement FEH fatal exception handler GNOME GNU Network Object Model Environment GUI graphical user interface HB heartbeat Acronyms and abbreviations 223
HEM High Efficiency Mode HID human interface device HP SIM HP Systems Insight Manager HPONCFG HP Lights-Out Online Configuration utility HPQLOMGC HP Lights-Out Migration Command Line HPQLOMIG HP Lights-Out Migration ICMP Internet Control Message Protocol iLO Integrated Lights-Out iLO 2 Integrated Lights-Out 2 IML Integrated Management Log IP Internet Protocol IPMI Intelligent Platform Management Interface IRC Integrated Remote Console IRQ interrupt request Acronyms and abbreviations 224
JVM Java Virtual Machine KCS Keyboard Controller Style KDE K Desktop Environment (for Linux) KVM keyboard, video, and mouse LAN local-area network LDAP Lightweight Directory Access Protocol LED light-emitting diode LOM Lights-Out Management LSB least significant bit MAC Media Access Control MLA Master License Agreement MMC Microsoft® Management Console MP Multilink Point-to-Point Protocol MTU maximum transmission unit Acronyms and abbreviations 225
NIC network interface controller NMI non-maskable interrupt NVRAM non-volatile memory PERL Practical Extraction and Report Language PKCS Public-Key Cryptography Standards POST Power-On Self Test PSP ProLiant Support Pack RAS remote access service RBSU ROM-Based Setup Utility RDP Remote Desktop Protocol RIB Remote Insight Board RIBCL Remote Insight Board Command Language RILOE Remote Insight Lights-Out Edition RILOE II Remote Insight Lights-Out Edition II Acronyms and abbreviations 226
ROM read-only memory RSA Rivest, Shamir, and Adelman public encryption key RSM Remote Server Management SAID Service Agreement Identifier SBIPC Static Bay IP Configuration SLES SUSE Linux Enterprise Server SMASH System Management Architecture for Server Hardware SNMP Simple Network Management Protocol SSH Secure Shell SSL Secure Sockets Layer SSO single sign-on SUM software update manager SUV serial, USB, video TCP Transmission Control Protocol Acronyms and abbreviations 227
TPM trusted platform module UART universal asynchronous receiver-transmitter UID unit identification USB universal serial bus VM Virtual Machine VPN virtual private networking VRM voltage regulator module WINS Windows® Internet Naming Service WS web services XML extensible markup language Acronyms and abbreviations 228
Index A access options 33, 39, 41, 84 access, VT320 serial console 103 accessing Onboard Administrator 127 accessing software, browser 20 ACPI (Advanced Configuration and Power Interface) 116 acquire, remote console 96 Active Directory 138, 139, 145, 147, 148, 150, 156, 165, 166, 168 Active Directory integration 138, 147, 166 ActiveX 199, 210 adding HP SIM trusted servers 57 adding new users 29 Address Resolution Protocol (ARP) 65 administration 28, 45, 183 Advanced Configuration and Power Interface, ACPI 1
Console Capture, using 93 console replay, troubleshooting 203 console, remote 96 console, remote serial 103 contacting HP 221 cookie behavior 208, 209 cookie, displaying 209 cookie, shared 208 cookie, user-related issues 210 core attributes 213, 214 core classes 213 CR (Certificate Request) 45, 49, 138, 139, 148 D data protection methods 54 defining hot keys 86 device drivers, installing 21, 22 DHCP (Dynamic Host Configuration Protocol) 16, 60, 61, 65, 80, 132 DHCP/DNS settings 65 diagnosing problems 188 d
features, new 9 file transfer, virtual folder 115 Firefox support 13 firewall, allowing traffic 196 firmware, downgrading 26 firmware, updating 24, 25, 26, 176, 210 folder, virtual 115 G G1 BL-series blade enclosure 69 GNOME, troubleshooting 205 graceful shutdown 122 graphical remote console 83 graphical user interface (GUI) 13 Group Administration 32 groups 166 GUI (graphical user interface) 13 H hardware troubleshooting 192 health, system 78 high performance mouse 91 host server troubleshooting 212 hot
K KCS (Keyboard Controller Style) kernel debugger, using 106 Keyboard Controller Style (KCS) keyboard, video, mouse (KVM) KVM, (keyboard, video, mouse) 11, 45 11, 45 83, 88, 98, 107 83, 88, 98, 107 L LDAP (Lightweight Directory Access Protocol) 41, 51, 52, 134, 135, 138, 140, 145, 147, 150, 157, 165, 169, 173, 213, 217 LDAP OID core classes and attributes 213 LDAP OID HP specific classes and attributes 217 LED behavior 203 LED, p-Class server 127 LED, POST 188 license information, viewing 187 license key,
power regulator 116 power regulator settings 116, 117, 130 power supply, status 79, 116 power, monitoring 119 powering down 116, 122 powering up/down 116 Practical Extraction and Report Language (Perl) 16, 24, 45, 183, 210 preinstallation, guidelines 138, 144, 147 preinstallation, overview 16 preparation procedures 148 privilege levels 29, 31, 32, 56 processor information 80 processor states 120 ProLiant Support Pack (PSP) 21, 22 proxy settings 196 PSP (ProLiant Support Pack) 21, 22 p-state 120 PuTTY utilit
serial console, remote 103 serial port, virtual 102 server POST tracking, BL p-Class 127 server status 76 server warnings and cautions 186 services 33 session options 203 setting up single sign-on 56 settings 45, 52, 98, 134, 140 settings, 69 settings, BladeSystem HP Onboard Administrator 127 settings, directory services 51 settings, HP SIM 56, 58 settings, iLO 2 access 33 settings, iLO 2 and c-Class enclosure addressing 128 settings, iLO 2 encryption options 54 settings, iLO 2 HP SIM 66 settings, iLO 2 net
trap messages 198 troubleshooting, console replay 203 troubleshooting, directory services 198 troubleshooting, GNOME interface 205 troubleshooting, IRC 201, 204, 205 troubleshooting, miscellaneous 208 troubleshooting, remote console playback 205 troubleshooting, remote serial console 201 troubleshooting, repeating keys 205 troubleshooting, using event log entries 189 two-factor authentication 46, 197 two-factor authentication, directory authentication 50 two-factor authentication, first time use 47 two-fact
