HP Integrity iLO 2 MP Operations Guide HP Part Number: 5991-6005 Published: January 2008
© Copyright 2008, Hewlett-Packard Development Company, L.P. Legal Notices The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Table of Contents About This Document.......................................................................................................15 Intended Audience................................................................................................................................15 New and Changed Information in This Edition...................................................................................15 Publishing History..........................................................................
HP Integrity rx3600 and rx6600 Server Components...........................................................................29 iLO 2 MP Status LEDs...........................................................................................................................30 iLO 2 MP Reset Button..........................................................................................................................31 Resetting Local User Accounts and Passwords to Default Values.................................
Text User Interface................................................................................................................................59 MP Command Interfaces.................................................................................................................59 MP Main Menu................................................................................................................................60 MP Main Menu Commands.............................................................
Status Summary > Active Users.................................................................................................83 Server Status > General..............................................................................................................84 Server Status > Identification.....................................................................................................85 System Event Log.................................................................................................
Command Options...................................................................................................................128 Level Option........................................................................................................................128 Display Option....................................................................................................................128 Character Set, Delimiters, Special, and Reserved Characters.................................................
Target: map1/group1................................................................................................................143 Target: map1/group1/account#.................................................................................................143 User Account Examples...........................................................................................................144 LDAP Configuration..................................................................................................
Certificate Services..............................................................................................................................173 Installing Certificate Services........................................................................................................173 Verifying Directory Services..........................................................................................................173 Configuring an Automatic Certificate Request.........................................
List of Figures 2-1 2-2 2-3 2-4 2-5 2-6 3-1 3-2 3-3 4-1 4-2 6-1 6-2 6-3 6-4 6-5 6-6 6-7 6-8 6-9 6-10 6-11 6-12 6-13 6-14 6-15 6-16 6-17 6-18 6-19 6-20 6-21 6-22 6-23 6-24 6-25 6-26 6-27 6-28 6-29 6-30 6-31 7-1 7-2 7-3 7-4 7-5 7-6 7-7 7-8 7-9 7-10 OA/iLO Network Port and Components......................................................................................28 Onboard Administrator LEDs and Buttons..................................................................................
7-11 7-12 7-13 7-14 7-15 7-16 7-17 7-18 7-19 7-20 7-21 7-22 7-23 7-24 7-25 7-26 7-27 12 Logon Hours Screen....................................................................................................................161 New IP/Mask Dialog Box............................................................................................................161 Lights Out Management Tab.......................................................................................................
List of Tables 1 1-1 1-2 2-1 2-2 2-3 2-4 2-5 3-1 3-2 3-3 3-4 6-1 6-2 6-3 6-4 6-5 6-6 6-7 6-8 6-9 6-10 6-11 6-12 6-13 6-14 6-15 6-16 6-17 6-18 6-19 6-20 6-21 6-22 6-23 6-24 6-25 6-26 6-27 6-28 6-29 6-30 6-31 6-32 6-33 6-34 6-35 6-36 6-37 6-38 6-39 6-40 Publishing History Details............................................................................................................16 Supported Systems and Required Components Matrix...............................................................
6-41 6-42 6-43 6-44 6-45 6-46 6-47 6-48 6-49 6-50 6-51 6-52 7-1 7-2 7-3 7-4 7-5 7-6 7-7 7-8 7-9 7-10 7-11 7-12 7-13 7-14 7-15 7-16 7-17 7-18 7-19 7-20 7-21 7-22 14 enetport1 Properties....................................................................................................................138 lanedpt1 Properties......................................................................................................................138 ipendpt1 Properties..............................................
About This Document This document provides information and instructions on how to use the HP Integrated Lights Out 2 Management Processor (iLO 2 MP) for Integrity. The document printing date and part number indicate the document’s current edition. The printing date changes when a new edition is printed. Minor changes may be made at reprint without changing the printing date. The document part number changes when extensive changes are made.
Table 1 Publishing History Details Document Manufacturing Part Number 5991–6005 Operating Systems Supported Supported Servers Publication Date HP-UX 11i v2 BL870c January 2008 OpenVMS 8.3 1H1 BL860c Microsoft Windows Server 2003 rx2660 Red Hat Linux and SuSE rx3600 rx6600 rx76401 rx86401 Superdome sx20001 5991-5992 HP-UX 11i v2 BL860c OpenVMS 8.
Chapter 5 Chapter 6 Chapter 7 Glossary Configuring DHCP, DNS, LDAP, and LDAP Lite Use this chapter to configure DHCP, DNS, LDAP extended schema, and LDAP Lite default schema. Using the iLO 2 MP This chapter provides information on the different interfaces you can use to interact with the iLO 2 MP such as text user interface, web GUI, and SMASH SM CLP. Installing and Configuring Directory Services Use this chapter to learn about installing and configuring directory services functions.
Windows Operating System Information Find information about administration of the Microsoft Windows operating system at the following websites • • http://www.docs.hp.com/windows_nt/ http://www.microsoft.com/technet/ Diagnostics and Event Monitoring: Hardware Support Tools Complete information about HP hardware support tools, including online and offline diagnostics and event monitoring tools, is at: http://www.docs.hp.com/HP-UX/diag/ Website for HP Technical Support http://us-support2.external.hp.
1 Introduction to iLO 2 MP The Integrated Lights-Out Management Processor (iLO MP) for entry class Integrity servers is an autonomous management subsystem embedded directly on the server. It is the foundation of the server’s High Availability (HA) embedded server and fault management. It also provides system administrators secure remote management capabilities regardless of server status or location.
Always-on Capability The iLO 2 MP is active and available through the iLO 2 MP LAN connection and the local serial port connection as long as the power cord is plugged in. In the event of a complete power failure, the iLO 2 MP data is protected by an onboard battery backup. Virtual Front Panel The virtual front panel (VFP) presents a summary of the system front panel using direct console addressing.
IMPORTANT: Although the iLO 2 MP can support multiple simultaneous connections, to do so can impact performance. HP does not recommend running more than eight simultaneous connections.
SNMP The SNMP is part of the TCP/IP protocol suit developed to manage servers on an IP network. SNMP enables you to manage network performance, find and solve network problems, and plan for network growth.
logging in to the iLO 2 MP and authorization is given each time an iLO 2 MP command runs. This provides a centralized database (LDAP server) of all user accounts and avoids the overhead of creating users in each iLO 2 MP. Directory authentication occurs by enabling Extended Schema or Default Schema. When Extended Schema is used, the schema in the directory server must be extended. When Default Schema is selected, schema extension is not needed.
IMPORTANT: On HP Integrity server blades, the Advanced Pack license is standard. Remember to save the Advanced Pack license key information that was provided by HP. If you ever need to replace your server blade under warranty, you will need to transfer the key by typing the code on the replacement server blade. NOTE: A HP ProLiant iLO 2 Advanced Pack license key will not work on an HP Integrity server, and vice versa.
Table 1-2 iLO 2 MP Supported Browsers and Client Operating Systems Browsers Java Plug-in 1.5.0_08 Firefox 2.0.0.4 Client Operating System HP-UX Windows Linux OpenVMS 11i 23/11.31 WS 2003 Enterprise XP Red Hat Enterprise SuSE X X X X X X X Internet Explorer 6.0 HP Secure Web Browser 1.7.13 8.3 X Related Links • Java for HP-UX — http://www.hp.com/products1/unix/java/versions/index.html — http://www.hp.com/products1/unix/java/archives/index.html • Java for OpenVMS — http://h18012.www1.
Because iLO 2 MP devices are completely autonomous and can be used to control the server, treat them the same as other servers. For example, include the iLO 2 MP devices in the security and network audits. IMPORTANT: Ensure that physical access to the server is limited. Anyone can clear passwords by pressing the power button for longer than four seconds.
2 Ports and LEDs All iLO 2 MP functions are available through the server iLO 2 MP LAN port and the local and remote serial ports. On HP Integrity server blades, all iLO 2 MP functions are available on the Onboard Administrator. This chapter describes the available iLO 2 MP ports, connectors, and LEDs on the HP Integrity server blades, and the rx2660, rx3600, and rx6600 servers.
Figure 2-1 OA/iLO Network Port and Components 1 2 3 OA/iLO Network Port Onboard Administrator Bay 1 Onboard Administrator Bay 2 (redundant if used) 4 5 Enclosure Link-Up Port Enclosure Link-Down Port Figure 2-2 shows the Onboard Administrator LEDs and buttons.
HP Integrity rx2660 Server Components Figure 2-3 shows the rear view of the HP Integrity rx2660 server. The system LAN functionality is integrated into the system board.
NOTE: This figure is oriented vertically to match the orientation of the core I/O board. Figure 2-4 HP Integrity rx3600 and rx6600 Server Rear Ports and LEDs 1 2 iLO 2 MP Serial Console Port (RS-232) (DB-9F to DB-9F cable) Connected to emulation terminal device (PC, laptop, or ASCII terminal) General Use Serial Port (Printers, etc.) 3 4 USB 2.
Table 2-1 iLO 2 MP Status LEDs (continued) iLO 2 MP Status LED LED State iLO 2 MP Heartbeat Flashing green. BMC Heartbeat Flashing green. iLO 2 MP Reset Button The iLO 2 MP Reset button enables you to reset the iLO 2 MP and reset the user-specific values to factory default values. A momentary press causes a soft reset of the iLO 2 MP when the button is released.
Table 2-2 Console Serial Port Pinouts (continued) Pin Number Signal Description 7 Requests to send 8 Clears to send 9 Not used iLO 2 MP LAN Port Figure 2-6 shows the iLO 2 MP LAN port connector pins and LEDs. Figure 2-6 iLO 2 MP LAN Port Amber 1 Green 8 Table 2-3 maps the iLO 2 MP LAN port connector pin numbers to their signal descriptions.
3 Setting Up and Connecting the Console To set up the console, follow these steps: 1. Determine the physical access method to connect cables. There are two physical connections to the Integrity iLO 2 MP: • Console serial port (RS-232) • iLO 2 MP LAN port 2. Configure the Integrity iLO 2 MP and assign an IP address if necessary. Though there are several methods to configuring the LAN, HP recommends DHCP with DNS.
Setup Checklist Use the checklist in Table 3-1 to help set up iLO 2 MP. Table 3-1 Setup Checklist Step Action Standard 1 Prepare 1. Determine the access method to select and connect cables. 2. Determine the LAN configuration method and assign an IP address if necessary.
Setup Flowchart Use this console setup flowchart as a guide to help set up the Integrity iLO 2 MP.
Preparing to Set Up iLO 2 MP Perform the following tasks before you configure the iLO 2 MP LAN: • Determine the physical access method to select and connect cables. • Determine the iLO 2 MP LAN configuration method and assign an IP address if necessary. Determining the Physical iLO 2 MP Access Method Before you can access the iLO 2 MP, you must determine the correct physical connection method. The iLO 2 MP has a separate LAN port from the system LAN port.
Configuring the iLO 2 MP LAN Using DHCP and DNS DHCP automatically configures all DHCP-enabled servers with IP addresses, subnet masks, and gateway addresses. All HP Integrity entry class servers with the iLO 2 MP are shipped from the factory with DHCP enabled. HP recommends using the DHCP and DNS method to simplify access to the iLO 2 MP. NOTE: You can use ARP Ping regardless of the status of DHCP unless an IP address has ever been acquired using DHCP.
ARP Ping has the following operational issues: • The PC and the server must be on the same physical subnet. • When a new server is first booted, DHCP is automatically available (factory-set default), but ARP Ping does not start until three minutes after the iLO 2 MP is booted. This applies to every subsequent boot of the iLO 2 MP until an IP address is obtained by DHCP or is assigned using the LC command. • Upon successfully assigning an IP address using ARP Ping, DHCP is automatically disabled.
ping 192.0.2.1 7. 8. Use this IP address to connect to the iLO 2 MP LAN. Use web or telnet access to connect to the iLO 2 MP from a host on the local subnet and configure the rest of the LAN parameters (gateway, subnet). Configuring the iLO 2 MP LAN Using the Console Serial Port The terminal emulation device runs software that interfaces with the server. The software emulates console output as it would appear on an ASCII terminal screen and displays it on a console device screen.
9. Use the LC command to enter information for the IP address, host, subnet mask, gateway parameters, and so on. 10. Enter XD -R -NC to reset the iLO 2 MP. 11. After the iLO 2 MP resets, log in to the iLO 2 MP again and enter CM at the MP> prompt. 12. To confirm that DHCP is disabled and display a list of updated LAN configuration settings, enter the LS command. Logging In to the iLO 2 MP To log in to the iLO 2 MP, follow these steps: 1. 2.
NOTE: The local video port can be used to access the console at EFI or potentially the OS, but is not a connection to the iLO 2 MP. The USB provides keyboard and mouse to the operating system on HP Integrity server blades. Also, server blades do not support directly connecting a modem to the MP (called the remote RS-232 port on servers), so there is no remote RS-232 connection on the server blade. In addition, there is no LAN connection on the front of the server blade.
• • • • • • User accounts for the Auto-Login feature are created in the MP database when an Auto-Login session is established. These accounts are deleted when the Auto-Login session is terminated. If a maximum number of user accounts has already been reached, and OA creates another account on iLO 2 MP. The OA sends a request to iLO 2 MP to delete one of the previously created accounts, before attempting to create a new one.
Terminating an Auto-Login Session When the Auto-Login CLI or Web GUI session is terminated, the following user clean up is preformed: • For Auto-Login sessions, the temporary Auto-Login iLO 2 MP account is deleted when the session with the iLO 2 MP is terminated.
NOTE: On the HP Integrity server blades, you have access to two serial ports through the RS-232 connector. The default setting is for the iLO 2 MP interface, the other is for an AUX UART directly connected to the host operating system and can be used for any serial device (terminal, debug port, and so on). HP recommends using the AUX UART for server blade setup and debug purposes only. You can use a command to toggle between the two ports.
Figure 3-2 SUV Cable 1 2 3 4 5 6 7 Server Blade Connector 2-Port USB VGA (no access to iLO 2 MP) 9-Pin Console Serial Port (RS-232) USB Label USB-1 USB-0 Physically Connecting the Server Blade to the iLO 2 MP 45
Figure 3-3 Connecting the SUV Cable to the Server Blade Additional Setup This section provides additional information to set up the iLO 2 MP. Modifying User Accounts and Default Passwords The iLO 2 MP comes preconfigured with default factory settings, including a default user account and password.
Setting Up Security For greater security and reliability, HP recommends that iLO 2 MP management traffic be on a separate dedicated management network and that only administrators be granted access to that network. This not only improves performance by reducing traffic load across the main network, it also acts as the first line of defense against security attacks. A separate network enables you to physically control which workstations are connected to the network.
4 Accessing the Host Console This chapter describes several ways to access the host console of an HP Integrity server.
Figure 4-2 Status Summary Page 4. 5. 6. Select the web interface functions by clicking the Primary tabs at the top of the page. Each function lists options in the Navigation Control on the left side of the page. To display data in the content area; select an option and click Refresh to update the display. Click the Remote Console tab.
TOPics HElp Q : : : : Enter the command name for help on individual command Show all MP Help topics and commands Display this screen Quit help ==== MP:HE To display the Main Menu Command List, enter LI at the MP HE: prompt. To return to the MP Main Menu, enter Q. To access help from the web GUI, click Help. You can also click the ? at the top right corner of each page to display help about that page.
IMPORTANT: The server console output does not display on the console device screen until the server boots to the EFI Shell. Start a console session using the console serial port (RS-232) method to view console output prior to booting to the EFI Shell, or to access the iLO 2 MP. See“Configuring the iLO 2 MP LAN Using the Console Serial Port” (page 39). To access the graphic console with VGA, follow these steps: 52 1. 2. Perform preparation tasks. Connect the cables.
5 Configuring DHCP, DNS, LDAP, and LDAP Lite This chapter provides information on how to configure DHCP, DNS, LDAP extended schema, and LDAP Lite default schema. This chapter addresses the following topics: • “Configuring DHCP” (page 53) • “Configuring DNS” (page 54) • “Configuring LDAP Extended Schema” (page 55) • “Configuring LDAP Lite Default Schema” (page 56) Configuring DHCP DHCP enables you to automatically assign reusable IP addresses to DHCP clients.
• Modify the MP subnet mask. MP:CM> LC -s 192.0.2.1 • Modify the MP gateway address. MP:CM> LC -g 192.0.2.1 • Set the link state to autonegotiate. MP:CM> LC –link auto • Set the link state to 10 BaseT. MP:CM> LC –link t • Set the remote console serial port address. MP:CM> LC –web 2023 • Set the SSH console port address. MP:CM> LC –ssh 22 Configuring DNS To use the DNS command to display and modify the DNS configuration, follow these steps: 1. 2. 3. From the MP Main Menu, enter command mode.
Configuring LDAP Extended Schema The following procedure shows how to configure the iLO 2 MP to use a directory server to authenticate a user login using the iLO 2 MP TUI. NOTE: The LDAP connection times out after 30 minutes of inactivity in Active Directory. For Novell directory, there is no inactivity timeout. To configure using the web interface, see “Group Accounts” (page 112). NOTE: The LDAP feature is only available if you have the iLO 2 Advanced Pack license.
Login Process Using Directory Services with Extended LDAP You can choose to enable directory services to authenticate users and authorize user privileges for groups of iLO 2 MPs. The iLO 2 MP directory services feature uses the industry-standard LDAP. HP layers LDAP on top of SSL to transmit the directory services information securely to the directory servers. More information about directory services is available from the HP website at: http://www.hp.
• Easy implementation without schema extensions. The iLO 2 MP schema-free integration is configured from any iLO 2 MP user interface (browser, command line, or script). • Minimal administration and maintenance. — After initial setup, only groups and permissions require maintenance support on the iLO 2 MP; typically group and permission changes occur infrequently. — The schema-free approach does not require updating directory databases with new iLO 2 MP devices objects. • Reliable security.
1 2 3 4 5 6 - Administrator User Custom1 Custom2 Custom3 Custom4 C, P, M, U C, P None None None None Only the first 30 characters of the Group Distinguished Names are displayed. Enter number to view or modify, or [Q] to Quit: 3. 4. 5. 6. Enter the number for the group you want to view or modify. The current LDAP group settings appear. Set up a group distinguished name. Select rights for the group. Enter Y to confirm.
6 Using iLO 2 MP This chapter provides information and instructions on how to use the iLO 2 MP. This chapter addresses the following topics: • • • • • • “Text User Interface” (page 59) “Web GUI” (page 82) “Integrated Remote Console (vKVM)” (page 88) “Virtual Media” (page 95) “Power Management” (page 103) “SMASH Server Management Command Line Protocol” (page 123) Text User Interface This section provides information on the text user interface commands you can run in the iLO 2 MP.
Figure 6-1 MP Command Interfaces MP Main Menu After logging in to the iLO 2 MP, the MP Main Menu appears. The MP Main Menu runs as a private session. Other iLO 2 MP users do not see the actions you perform in the private session. The iLO 2 MP can support multiple sessions to perform independent tasks: • • Multiple windows logged into the iLO 2 MP to monitor VFP or study event logs in one window while administering the server from another window.
CO (Console): Leave the Main Menu and enter console mode CO switches the console terminal from the MP Main Menu to mirrored/redirected console mode. All console output is mirrored to all users in console mode. Only one of the mirrored users at a time has write access to the console. To get console write access, press Ctrl-Ecf. Press either Ctrl-B or Esc and ( to return to the iLO 2 MP command interface. Verify that all mirrored consoles are of the same terminal type for proper operation.
Events are data items that communicate system information from the source of the event to other parts of the system, then to you. Events are produced by intelligent hardware modules, the operating system, and system firmware. Events funnel into BMC from different sources throughout the server. The iLO 2 MP polls the BMC for new events and stores them in nonvolatile memory. • • • • SEL: High attention events and errors. Forward progress: All events.
HE (Help): Display help for the menu or command in the MP Main Menu HE displays the MP hardware and firmware version identity, and the date and time of firmware generation. If executed from the MP Main Menu, HE displays general information about the iLO 2 MP, and those commands available in the MP Main Menu. If executed in command mode, HE displays a list of Command menu commands available. It also displays detailed help information in response to a topic or command at the help prompt.
Table 6-5 Command Menu Commands (continued) Command SA SNMP Description Sets access options Configures SNMP parameters SO Configures security options SS Displays system processor status SYSREV Displays all firmware revisions TC Resets through transfer of control (TOC) TE “Tell” (sends a message to other users) UC Displays a user configuration WHO XD Displays connected the iLO 2 MP users Diagnoses or resets the iLO 2 MP The following is a quick reference list that provides MP Command mode act
NOTE: This guide is not meant as a substitute for instruction on various scripting tools that are available for automating command-line interfaces. The iLO 2 MP TUI (when used with command-line arguments) and the SMASH command-line interface were created with these types of scripting tools in mind to facilitate powerful automation capabilities. Expect Script Example The following provides a simple Expect script example with no timeouts and no error checking using telnet instead of SSH.
send_user "Password: " expect_user -re "(.*)\n" set mp_password $expect_out(1,string) stty echo # Other Constants set timeout 20 ######################################################################## ## BEGIN ## spawn $env(SHELL) match_max 100000 #foreach mp_name {puma_mp lion_mp cougar_mp} { set mp_name "puma_mp" send_user "\n\n----- $mp_name -----\n\n" # Frequently used Strings set MA_PROMPT "$mp_name\] MP> $" set CM_PROMPT "$mp_name\] MP:CM> $" # Expect the UNIX prompt...
commands that require a password can have that password entered on the command line (FW, UC). If -nc is specified on a command with no other parameters or with only a specific multilevel selector, the command displays all or just the specific multilevel parameters. The absence of a specific multilevel parameter on a command that has multilevels causes all the multilevel parameters to display. • • • • • • • Most commands accept -all default.
OK Degraded Critical Normal operation, any issues have been acknowledged. Typically loss of redundancy or partial failure of a component. Failure with loss or imminent loss of system function. Command line usage and scripting: BLADE [ -nc ] blade -? Example of the BLADE Command With Output [gstlhpg1] MP:CM> blade BLADE Onboard Administrator Information: IP Address : 192.0.2.
NOTE: Both short and long reset button presses return the port default connection to the MP. The iLO 2 MP mirrors the system console to the iLO 2 MP local and LAN ports. One console output stream is reflected to all connected console users. If several different terminal types are used simultaneously, some users can see unexpected results.
DF displays FRU information for FRU devices located behind the BMC. Information provided includes serial number, part number, model designation, name and version number, and manufacturer. Command line usage and scripting: DF [ -specific[ ] | -all ] [ -view ] [ -nc ] -? DI: Disconnect LAN, WEB, SSH or Console Command access level: MP configuration access DI disconnects LAN, web SSL, or SSH users from the iLO 2 MP. It does not disable the ports.
HE displays the MP hardware and firmware version identity, and the date and time of firmware generation. • • If executed from the MP Main Menu, HE displays general information about the iLO 2 MP and those commands available in the MP Main Menu. If executed in command mode, HE displays the MP Help: Command Menu List. HE also displays detailed help information in response to a topic or command at the help prompt.
LC: LAN configuration usage Command access level: MP configuration access LC modifies the LAN configuration parameters. IMPORTANT: If you are connected through a network and you make any changes to DHCP status, IP address, subnet mask, or gateway IP address, the iLO 2 MP automatically resets once you confirm the change. If you are connected through a serial console and you make any changes to DHCP status, IP address, subnet mask, or gateway IP address, the iLO 2 MP alerts you to manually reset the iLO 2 MP.
LDAP displays and modifies the following LDAP directory settings: • Directory Authentication: Activates or deactivates directory support on the iLO 2 MP. — Enable with Extended Schema: Selects directory authentication and authorization using directory objects created with the HP schema. Select this option if the directory server is extended with the HP schema and you plan to use it.
| -nc ] -? See also: LOGIN, US LDAP: LDAP group administration LDAP enters one or more directory groups by specifying the distinguished name of the group and privileges to be granted to users who are members of that group. You must configure group administration information when the directory is enabled with the default schema.
Command line usage and scripting: LS [ -nc ] -? See also: DNS, LC, SA PC: Power control access Command access level: Power control access PC enables control of the power management module. It provides the following options for remote control of system power: ON OFF CYCLE Graceful Shutdown Turns the system power on. This command has no affect if the power is already on. Turns the system power off. This command is equivalent to turning the system power off at the front panel switch.
Example [gstl0074] MP:CM> pm PM [ -dynamic | -low | -high | -os ] [ -nc ] PM -? [gstl0074] MP:CM> pm PM Current System Power Mode : Dynamic Mode Power Regulator Menu: D - Dynamic Power Savings Mode L - Static Low Power Mode H - Static High Performance Mode O - OS Control Mode Enter menu item or [Q] to Quit: O O Power mode will be set to OS Control. Confirm? (Y/[N]): y y Please wait ..
RB [ -nc ] -? See also: PC, SS RS: Reset system through the RST signal Command access level: Power control access IMPORTANT: command. During normal system operation, shut down the OS before issuing the RS RS resets the system (except iLO 2 MP) through the RST signal. Running this command irrecoverably halts all system processing and I/O activity and restarts the system. The effect of this command is similar to cycling the system power.
5. Enter E to enable or D to disable all SNMP alerts. The screen displays the new SNMP configuration settings. NOTE: 6. 7. Currently, the SNMP alert feature is supported on HP Integrity server blades only. To configure a destination IP address for SNMP alerts, enter 1 2 3 4. The default is blank (unused). To configure the community string to secure the access to the MIB objects, enter C. The default is public.
SS displays the status of the system processors and which processor is the monarch. The iLO 2 MP learns the system configuration through the events it receives from the system. There is usually a delay between any processor configuration change and what is displayed by this command. For the most up-to-date processor configuration information, use the EFI or BCH prompt.
TE [ -nc ] -? UC: User Configuration (users, passwords, and so on) Command access level: User administration access UC adds, modifies, re-enables, or deletes any of the following user parameters: • • • • • • • Login ID Password User Name User Workgroup User Access Rights User Operating Mode User Enabled There are two default users, Admin and Oper. The Admin user has all rights (C, P, M, U, and V). The Oper user has the console access right by default.
[ -enable \ [ -password [ ] [ -delete ] | [ -list ] ] [ -nc ] -? Example: [gstlhpg1] MP:CM> uc -delete Oper -nc UC -delete Oper -nc Current User Parameters: User Login ID User Password User Name User Workgroup User Access Rights User Operating Mode User Enabled/Disabled : : : : : : : Oper ************ Default Operator Console access, Virtual Media Multiple Enabled -> Current User will be deleted User may be disconnected in this process -> User Configuration has been update
XD performs simple checks to confirm the iLO 2 MP health and its connectivity status. The following tests are available: • • • • iLO 2 MP Parameter Checksum in NVRAM Verify I2C connection (get BMC device ID) LAN connectivity test using the ping command History of firmware updates and other activities You can use the XD command plus its R command option to reset the iLO 2 MP. You can safely perform an iLO 2 MP reset without affecting the operation of the server.
Figure 6-2 Status Summary General Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. Table 6-6 lists the fields and descriptions. Table 6-6 Status Summary General Page Description Field Description System Power The current power state (ON/OFF/STANDBY) of the system and the corresponding power LED state. Latest SEL Entry The most recent entry in the SEL. Firmware Revisions Displays the current firmware revisions for iLO MP, BMC, EFI, system firmware, PDH, UCIO, and PRS.
Figure 6-3 Status Summary Active Users Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. Table 6-7 lists the fields and descriptions. Table 6-7 Active Users Page Description Field Description Access Type Multiple access methods are available: Serial, telnet, SSH, SSL web or IPMI over LAN. IPMI, vMedia, and vKVM/IRC users are not listed in web GUI sessions. User Login The user currently logged in through a particular access type.
Figure 6-4 Server Status General Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. Table 6-8 lists the fields and descriptions. Table 6-8 Server Status General Page Description Field Description System Power Displays the current power state of the system and the corresponding power LED state. Temperature Displays the temperature status. Power Supplies Lists the power supplies and their status and type. Fans Lists the fans and fan status.
Figure 6-5 Server Status Identification Page Table 6-9 lists the fields and descriptions. Table 6-9 Server Status Identification Page Description Field Description Server Host Name Displays the server host name. Rack UID Displays the rack unique identifier: a known unique identifier for the rack. Bay Displays the bay number. The blade enclosure can support as many as eight HP Integrity server blades. When viewed from the rack front, the bays are numbered from left to right and from 1 to 8.
Figure 6-6 System Event Log Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. Table 6-10 lists the fields, buttons, and descriptions. Table 6-10 System Event Log Page Description Fields and Buttons Description System Event Log High attention events and errors. Reading the SEL off the attention LED (blinking yellow light). Forward Progress Log Contains events of all types. Does not need to be cleared.
from the source of the event to other parts of the system, and ultimately to the system administrator. The log viewer contains an event decoder to help you interpret events. The following event severity (or alert) levels are defined: 0: Minor forward progress 1: Major forward progress 2: Informational 3: Warning 5: Critical 7: Fatal Integrated Remote Console (vKVM) The Integrated Remote Console (IRC) offers a remote console interface for Windows clients running Internet Explorer.
NOTE: When working on multiple systems, controls for each system are displayed on a separate screen for each server. Additionally, you must allow downloading and usage of signed ActiveX controls. Before running the IRC, note the following: 1. 2. 3. 4. 5. Verify that the IRC is available. Only one user can control the IRC at a time. If a remote console session already exists on the system, you are notified that IRC use is unavailable.
Server Display Properties • • • Set the background to plain (no wallpaper pattern) on the host server. Set the client screen resolution higher than the host server for best remote console performance. Set the display resolution to 800 x 600 pixels, or the maximum supported resolution of 1024 x 768 pixels. NOTE: The resolution on the host server must not exceed 1024 x 768 pixels. Higher resolutions can produce unpredictable results. • Set the display color mode to 256 colors, or 24-bit colors.
Figure 6-7 Integrated Remote Console Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. Table 6-11 lists the fields, buttons, and actions. Table 6-11 IRC Page Description Fields and Buttons Action Fullscreen Resizes the IRC page. For fullscreen with multi-head client, launch the browser from the primary display. Launch Resizes the IRC page to the same display resolution as the remote host. To open the server’s graphic console in a new browser window, click Launch.
Figure 6-8 Integrated Remote Console Window Table 6-12 lists the menu bar, buttons, and actions you can perform in the IRC window. Table 6-12 IRC Window Description Menu Bar Buttons Action Thumb Tack Enables you to keep the menu open, or retracts it when the mouse is moved away. Ctrl+Alt+Del Enables you to simulate the Ctrl Alt Del keyboard sequence on a remote console. Exit (red button) Enables you to close and exit the console and return to the client desktop.
however, some monitors have trouble with the highest screen refresh rates supported by the video adapter. If this occurs, follow these steps: 1. 2. 3. 4. To check our desktop properties, right-click the desktop and select Properties>Settings>Advanced>Monitor. Select a lower screen refresh rate. To resize the IRC to the same display resolution as the remote host, select Fullscreen before you click Launch. Use the red X to exit the IRC and return to your client desktop.
types are used simultaneously by the users, some users may see unexpected results. Only one of the mirrored users at a time has write access to the console. Write access is retained until another user requests console write access. To get console write access, enter Ctrl-Ecf. To ensure proper operation of the remote serial console, verify the following conditions: • Your emulator can run the supported terminal type. • The iLO 2 MP terminal setting in the applet is a supported setting.
• • • View and interact with the boot sequence of your server. Perform maintenance activities in text mode. Manage non-graphical mode operating systems. The console window remains open until you sign out of the iLO 2 MP interface using the provided link in the banner, leave the iLO 2 MP site, or refresh the entire page. The remote serial console provides the console, and the GUI provides the iLO 2 MP Main Menu functionality.
Using iLO 2 MP Virtual Media Devices Connect client-based vMedia to a host HP Integrity server through a graphical interface using a signed Java applet. Refusing to accept the applet certificate prevents browser-based vMedia from functioning (a red X appears). It also prevents the remote console applet from functioning because it is also signed using the same certificate.
NOTE: When you disconnect the iLO 2 MP vMedia, you might receive a warning message from the host operating system regarding unsafe removal of a device. This warning can be avoided by using the operating system's-stop-device function before disconnecting it from the vMedia. Virtual CD/DVD The iLO 2 MP virtual CD/DVD is available during server boot for operating systems specified in “Supported Operating Systems and USB Support for vMedia” (page 102).
2. Click Launch to load the applet and connect to USB CD/DVD devices and disk image files available on the client as virtual devices on the server. The vMedia applet appears (Figure 6-12). NOTE: Only one user and one device can be connected at a time. Figure 6-12 Virtual Media Dialog Box (Before Connection) 3. 4. 98 Select Local Media Drive. Select the drive letter of the desired physical CD/DVD drive on your client system from the list.
5. Click Connect. The connected drive icon and LED changes states to reflect the current status of the virtual CD/DVD. Figure 6-13 Virtual Media Dialog Box (after connection) After you are connected, virtual devices are available to the host server until you close the vMedia applet or sign out from a web session. When you are finished using the virtual CD/DVD, disconnect the device from the host server or close the applet. NOTE: The vMedia applet must remain open when using a vMedia device.
Creating the iLO 2 MP Disk Image Files The iLO 2 MP vMedia feature enables you to create CD and DVD image files within the same applet. The image files created are ISO-9660 file system images and El Torito bootable CD images. The performance of the iLO 2 MP vMedia is faster when image files are used. The utility to create the iLO 2 MP CD/DVD disk image files is integrated into the vMedia applet.
Figure 6-15 Create Media Image Dialog Box 4. Click Create Disk Image. The vMedia applet begins the process of creating the image file. The process is complete when the progress bar reaches 100%. This creates a file that emulates a CD/DVD on the local system. To cancel the creation of an image file, click Cancel. To insert the next CD during an OS installation or any application installation with multiple image files, follow these steps: 1. 2.
If the host server operating system supports USB mass storage devices, the iLO 2 virtual floppy/USB key is also available after the host server operating system loads. You can use the iLO 2 virtual floppy/USB key when the host server operating system is running to upgrade device drivers, create an emergency repair diskette, and perform other tasks. Having the virtual floppy available when the server is running can be especially useful if you must diagnose and repair a problem with the NIC driver.
Table 6-13 Operating System Support for vMedia Operating system installation using Virtual USB CD Operating system run-time using Virtual USB CD* Linux Red Hat ES/RHEL 4 U3 Yes Yes Linux SuSE SLEX 10 SP3 Yes Yes HP-UX 11.23 HWE 0606 Yes Yes OpenVMS 8.3–1H1 Yes Yes Windows Enterprise Edition Yes Yes * Any additional software packages that must be installed can be installed using the system run-time method.
Figure 6-17 Power & Reset Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. For information on how to set the power management options in Onboard Administrator, see the HP BladeSystem Onboard Administrator User Guide on the HP website at: http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00705292/c00705292.pdf Table 6-15 lists the fields, buttons, and descriptions.
Table 6-15 Power & Reset Page Description (continued) Fields and Buttons Description System Power Restore Settings This option enables you to configure the power restore policy. The power restore policy determines how the system behaves when ac power returns after an ac power loss. You must have iLO configuration access right to use this option. • Restore Previous Power State: The power is restored to the state that was in effect when ac was removed or lost.
Figure 6-18 Power Meter Readings Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. IMPORTANT: Power consumption data readings are dependent on the configuration, architecture, components, and levels of activity of the server at any given time. Table 6-16 lists the fields, buttons, and descriptions. Table 6-16 Power Meter Readings Page Description Fields and Buttons 106 Description Power Meter Readings Data is displayed using a bar graph.
Table 6-16 Power Meter Readings Page Description (continued) Fields and Buttons Description Maximum Power Displays the maximum power reading from the server over the last 24-hour period. If the server has not been running for 24 hours, the value is the maximum of all the readings since the server was booted. Minimum Power Displays the minimum power reading from the server over the last 24-hour period.
Table 6-17 Power Regulator Page Description Fields and Buttons Description Power Regulator Mode Three are four modes in which the power regulator can operate. The power regulator modes (Static Low, Static High and Dynamic) are independent of the operating system and work for any operating system. The OS Control Mode requires Microsoft Windows Server 2003 SP1 or later or Red Hat Linux 4 Update 2 or later.
• • • • • • • • • Local Accounts Group Accounts Settings Access Settings: LAN, Serial, and Login Options Directory Settings: LDAP Parameters Network Settings: Standard and Domain Name Server BL c-Class (Available only for server blade.) SNMP Settings Help Firmware Upgrade The Firmware Upgrade page functionality is only available to authorized HP service personnel. The MP firmware is packaged along with system, BMC, and FPGA/PSOC firmware.
NOTE: A HP ProLiant iLO 2 Advanced Pack license key will not work on an HP Integrity server, and vice versa. Figure 6-20 Licensing Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. IMPORTANT: On HP Integrity server blades, an Advanced Pack license is standard. Remember to save the Advanced Pack license key information that was provided by HP.
Table 6-18 Licensing Page Description (continued) Fields and Buttons Description Submit Submits the key for activation. Cancel Cancels the action. iLO provides a mechanism to install a license key which unlocks the advanced pack features. There are two types of licenses: 1. iLO 2 MP Advanced Evaluation License, a 30-day evaluation license allows usage of advanced features for 720 hours of iLO 2 MP uptime. 2. iLO 2 MP Advanced Permanent License allows perpetual use of the advanced features.
Table 6-19 Local Accounts Page Description Field Description Select User Select an existing user from the list of user names to edit or delete that account or select New User to add a new user. Add/Edit Click this button after selecting the user account to modify or to add a new account. For an existing account, you can modify any of the parameters shown, provided the user has sufficient privileges.
Table 6-20 Group Accounts Page Description Fields and Buttons Description Administrator Click Administrator and click Edit to open the Group Settings page and enter information. User Click User and click Edit to open the Group Settings page and enter information. Custom (1,2,3,4) Click Custom 1,2,3,4 and click Edit to open the Group Settings page and enter information Edit Opens the Group Settings page. Cancel Cancels the action.
Table 6-21 LAN Page Description Fields and Buttons Description Telnet You can enable or disable telnet access to the iLO 2 MP using the enable or disable option. SSH You can enable or disable SSH access to the iLO 2 MP using the enable or disable option. An industry-standard client-server connectivity protocol that provides a secure remote connection.
NOTE: The BL c-Class tab is available only on HP Integrity server blades. Table 6-22 lists the fields, buttons, and descriptions. Table 6-22 Serial Page Description Fields and Buttons Description Bit Rate in Bits per Second This option enables you to set the baud rate. Input and output data rates are the same. Flow Control Flow control can be through hardware or software. Hardware uses RTS/CTS; software uses Xon or Xoff. Submit Submits the information. Cancel Cancels the action.
Table 6-23 Login Options Page Description (continued) Fields and Buttons Description Submit Submits the information. Cancel Cancels the action. Current LDAP Parameters The Current LDAP Parameters page (Figure 6-26) enables you to edit LDAP parameters. You must have iLO configuration access right to use this feature. NOTE: The LDAP feature is only available if you have the iLO 2 MP Advanced Pack license.
Table 6-24 Current LDAP Parameters Page Description Field Description Directory Authentication Choosing enable or disable, activates or deactivates directory support on iLO 2 MP: • Enable with Extended Schema: selects directory authentication and authorization using directory objects created with HP schema. Select this option if the directory server has been extended with the HP schema.
Figure 6-27 Standard Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. Table 6-25 lists the fields, buttons, and descriptions. Table 6-25 Standard Page Description Fields and Buttons Description MAC Address The 12 digit (hexadecimal) MAC address. DHCP Status Enable or Disable. iLO 2 MP Host Name The host name set here is displayed at the iLO 2 MP Command interface prompt. IP Address The iLO 2 MP IP address.
NOTE: You can only configure the DNS server if DHCP is enabled. Figure 6-28 Domain Name Server Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. Table 6-26 lists the fields, buttons, and descriptions. Table 6-26 DNS Page Description Fields and Buttons Description Use DHCP supplied domain name Use the DHCP server-supplied domain name. Domain name This represents the factory-default DNS name of the subsystem, for example, “hp.com” in “ilo.hp.com”.
Figure 6-29 SNMP Settings Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. Table 6-27 lists the fields and descriptions. Table 6-27 SNMP Settings Page Description Field SNMP SNMP Alerts Description Choosing Enable or Disable, activates or deactivates the SNMP feature support on this iLO 2 MP. NOTE: Currently, the SNMP alert feature is only supported on HP Integrity server blades. Enter E to enable or D to disable all SNMP alerts.
NOTE: If SNMP was disabled earlier and then enabled, you will receive the following message: Reset MP (XD command option ‘R’) for configuration to take effect. Click OK and reset the iLO 2 MP. BL c-Class The Onboard Administrator page (Figure 6-30) is used to facilitate the cabling and initial installation of servers blade. It also provides a quick view of the enclosure status. You must have configuration access right to turn the enclosure locator UID LED on or off.
Table 6-28 Onboard Administrator Page Description (continued) Field Description Enclosure Name This is used to logically group together the server blades installed in the same enclosure. The enclosure name is shared with the other servers in the enclosure. Enclosure Health This displays the health of the enclosure. Enclosure Locator UID LED This allows you to turn the enclosure Locator UID LED on or off. The iLO Configuration access right is needed.
Figure 6-31 Help Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. You can also click the ? at the top right corner of each page to display help about the page you are on. Select any of the topics listed in the left navigation bar to access that particular help screen.
• • • CLP sessions are independent from each other and nonmirrored. Provides a subset of MP CLI commands. Provides access to the MP Main Menu interface and system console interface. SM CLP Session Sessions between a client and an SM CLP service are established over a transport protocol. Once the session is authenticated, the client begins to submit commands using the SM CLP service. The CLP is a command and response protocol (not a command-line interface).
3. Use the following example as you follow the prompts on the screen to change the default interface from MP Main Menu to SM CLP. MP:CM>SA This command allows you to modify MP access configuration.
hpiLO-> If an invalid target is specified, the response differs as follows: hpiLO-> show /badtarget1 status=3 status_tag=COMMAND PROCESSING FAILED error_tag=COMMAND SYNTAX ERROR ‘/badtarget1’ is an invalid target. hpiLO-> SM CLP Syntax The following sections provide terms, descriptions, and examples of the SM CLP syntax. Command Line Terms The command syntax consists of a command verb, options, target address, and properties.
Table 6-29 Supported Command Verbs (continued) Command help Action Displays context-sensitive help. help displays general help and all supported commands. help displays help for the specified verb. help displays help for the specified target. help displays help for the specified property. load Moves a binary image to iLO 2 MP from a URI. reset Causes a target to cycle from enabled to disabled and back to enabled. set show Sets a property to a specific value.
Command Options Command options control verb behavior. Command options can appear immediately after the verb and must be prefaced with a dash (-). Most command options have both a full name and a short form; for example: show –level all or show –l all Level Option The level option instructs the command verb to include n number of levels in the scope of its execution. A level typically refers to the depth of containment to be processed by the verb.
Find and display all targets that have the EnabledState property: hpiLO-> show -l all -d properties=”enabled state” Find and display all Account targets in the system and their information: hpiLO-> show -l all account* Table 6-30 shows the available command options. Table 6-30 Command Options Option Short Form Description -display -d Selects the data you want to display. -force -f Instructs the verb to ignore warning conditions that otherwise prevent execution.
Table 6-31 SM CLP Reserved Characters and Character Sequences (continued) Character or Sequence Name Description and Uses - Hyphen When preceded by a space, the hyphen is the SM CLP option indicator. / Address term separator Separates the UFiT terms of a target address. . Dot Recognized as a special target address token meaning this container. .. Dot-dot Recognized as a special target address token meaning the container of this container.
hpiLO-> reset system1 status=0 status_tag=COMMAND COMPLETED system1 has been issued a reset Displaying Power Status To display the power state of the system, query the value of the enabledstate property of the system1 target.
reset Resets the iLO 2 MP.
Table 6-34 /map1/textredirectsap1 Properties Property Name EnabledState Description Access and Values Shows whether the text redirection is Read-only enabled. The value is set to Enabled. SessionTerminateSequence A string sequence used for terminating text redirection session and returning to SM CLP. Read-only The value is set to SMCLP. Description Description of this text redirection service access point. Read-only The value is set to MP Main Menu Interface.
Starting a System Console Session To start a system console session, enter the following command: hpiLO->start /system1/consoles1/textredirectsap1 Determining the Session Termination Character Sequence for the System Console To determine the session termination character sequence for the system console, enter the following command: hpiLO-> show -d properties=SessionTerminateSequence /system1/consoles1/testredirectsap1 status 0 status_tag=COMMAND COMPLETED /system1/consoles1/testredirectsap1 Propertie
cd help show Changes the current default target. Displays context-sensitive help. Displays information. Target: map1/swinventory1 SoftwareInventory is a dedicated collection for all firmware in the system known to the iLO 2 MP. Table 6-37 shows swinventory1 target properties. Table 6-37 swinventory1 Properties Property Name Description Description Access and Values Provides a textual description of the object. Read-only The value is set to firmware inventory.
Properties VersionString=F.01.57 This example displays all the firmware revisions. hpiLO-> show /map1/swinventory1/swid* /map1/swinventory1/swid1 TargetType=MP FW VersionString=F.01.57 /map1/swcollection1/swid2 TargetType=BMC FW VersionString=01.60 /map1/swcollection1/swid3 TargetType=EFI FW VersionString=ROM A 05.11, ROM B 255.255 /map1/swcollection1/swid4 TargetType=System FW VersionString=ROM A 62.03, ROM B 255.255, Boot ROM B /map1/swcollection1/swid5 TargetType=PDH FW VersionString=00.
Target: map1/telnetsvc1 The telnetsvc1 target represents the telnetsvc service provided by map1. Table 6-39 shows telnetsvc1 target properties. Table 6-39 telnetsvc1 Properties Property Name EnabledState Description Access and Values Shows whether telnet is enabled or disabled. Read-only The following are valid values: Enabled, Disabled Protocol The protocol this service provides. Read-only Set to telnet Verbs start show stop help Enables iLO 2 MP telnet service. Displays information.
SSH Examples The following examples show specific SSH commands. Enable SSH Service -> start /map1/sshsvc1 Disable SSH Service -> stop /map1/sshsvc1 Network Configuration Network commands enable you to display or modify network settings. SM CLP Network Targets, Properties, and Verbs This section describes targets, target properties, and supported verbs necessary to implement the iLO 2 MP network configuration through SM CLP.
cd help show Changes the current default target. Displays context-sensitive help. Displays information. Target: map1/enetport1/lanendpt1/ipendpt1 The ipendpt1 target represents the iLO IP endpoint settings. Table 6-43 shows ipendpt1 target properties. Table 6-43 ipendpt1 Properties Property Name Description Access and Values IPv4Address iLO 2 MP IP address. Read/write The value of the property must be expressed in dotted decimal notation. SubnetMask iLO 2 MP subnet mask.
Target: map1/dnsendpt1 The dnsendpt1 target represents the iLO 2 MP DNS client. Table 6-45 shows dnsendpt1 target properties. Table 6-45 dnsendpt1 Properties Property Name EnabledState Description Represents the state of iLO 2 MP DNS. Access and Values Read only The following are valid values: Enabled: The iLO 2 MP DNS client is enabled. Disabled: The iLO 2 MP DNS client is disabled. Hostname Represents the host name currently assigned to the iLO 2 MP. Read-only iLO 2 MP current host name.
set Sets a property to a specific value. Target: map1/settings1/dnssettings1 The dnssettings1 target contains iLO 2 MP DNS settings. Table 6-48 shows dnssettings1 target properties. Table 6-48 dnssettings1 Properties Property Name DNSServerAddress DomainName Description Access and Values Contains the IP addresses of the primary, secondary, and tertiary DNS servers. Read/write This is an array property. iLO 2 MP domain name.
Determine Gateway Address hpiLO-> show -d properties=accessinfo /map1/enetport1/lanendpt1/ipendpt1/gateway1 Set Gateway Address hpiLO-> set /map1/enetport1/lanendpt1/ipendpt1/gateway1 AccessInfo=192.0.2.1 Determine Link State (Autosense) hpiLO-> show -d properties=autosense /map1/enetport1 Set Link (Autosense) hpiLO-> set /map1/enetport1 autosense=true AccessInfo=192.0.2.
Verbs show help set Displays information. Displays context-sensitive help. Sets a property to a specific value. SM CLP vMedia Use Cases The following examples show actions you can perform using SM CLP for vMedia. Change the current context to the CD drive. –> cd / map1 / oemhp_vm1 / cddr1 Show the current status to verify that the media is not in use. –> show Insert the desired image into the drive. –> set / oemhp_image=http://my.imageserver.com/ISO/install_disk1.iso Connect the media.
Table 6-51 account# Properties (continued) Property Name Name Description User name of this account. Access and Values Read/write. Specified in ASCII characters up to 24 characters long. oemhp_privileges Privileges of this user account. Read/write. The following are valid values: or . Verbs cd help show set create delete Changes the current default target. Displays context-sensitive help. Displays information. Sets a property to a specific value.
Table 6-52 oemhp_ldapsettings1 Properties Property Name oemhp_dirauth Description Access and Values Represents the iLO 2 MP directory access setting Read write. Valid values are: DefaultSchema: enable directory authentication using default schema. ExtendedSchema: enable directory authentication using extended HP schema. Disabled: disable directory authentication oemhp_localacct Represents iLO 2 local user accounts access setting. Read write.
7 Installing and Configuring Directory Services You can install and configure the iLO 2 MP directory services to leverage the benefits of a single point of administration for the iLO 2 MP user accounts. This chapter provides information on how to install and configure iLO 2 MP directory services.
Features Supported by Directory Integration The iLO 2 MP directory services functionality enables you to do the following: • • • Authenticate users from a shared, consolidated, scalable user database. Control user privileges (authorization) using the directory service. Use roles in the directory service for group-level administration of iLO 2 MP and iLO 2 MP users. To install directory services for the iLO 2 MP, a schema administrator must extend the directory schema. The local user database is retained.
Schema Documentation To assist with the planning and approval process, HP documents the changes made to the schema during the schema setup process. To review the changes made to your existing schema, see “Directory Services Schema (LDAP)” (page 179). Directory Services Support The iLO 2 MP supports the following directory services: • • • • Microsoft Active Directory Microsoft Windows Server 2003 Active Directory Novell eDirectory 8.6.2 Novell eDirectory 8.
Required Schema Software The iLO 2 MP requires specific software to extend the schema and provide snap-ins to manage the iLO 2 network. An HP Smart Component that contains the schema installer and the management snap-in installer is available for download from the HP website at: http://www.hp.com/servers/lights-out. Schema Installer One or more .xmlfiles are bundled with the schema installer. These files contain the schema that is added to the directory.
Figure 7-2 Schema Setup Screen The Directory Server section of the Setup screen enables you to select whether to use Active Directory or eDirectory, and to set the computer name and the port to be used for LDAP communications. IMPORTANT: To extend the schema on Active Directory you must be an authenticated schema administrator, the schema must not be write protected, and the directory must be the flexible single master operation (FSMO) role owner in the tree.
Figure 7-3 Schema Results Screen Management Snap-In Installer The management snap-in installer installs the snap-ins required to manage the iLO 2 MP objects in a Microsoft Active Directory Users and Computers directory or in a Novell ConsoleOne directory. To create an iLO 2 MP directory using iLO 2 MP snap-ins, perform the following tasks: 1. 2. Create and manage the iLO 2 MP objects and role objects. Make the associations between iLO 2 MP objects and role objects.
IMPORTANT: To install directory services for the iLO 2 MP, an Active Directory schema administrator must extend the schema. • • • Extending the schema in the Microsoft Windows 2000 Server Resource Kit, available at: http://www.microsoft.com Installing Active Directory in the Microsoft Windows 2000 Server Resource Kit, available at: http://www.microsoft.com Microsoft Knowledge Base articles: — 216999 “How to Install the Remote Server Administration Tools in Windows” — 314978 “How to Use Adminpak.
The Active Directory schema folder may need to be expanded for the checkbox to be available. 4. 5. 6. 7. Create a certificate or install Certificate Services. This step is necessary because the iLO 2 MP uses SSL to communicate with Active Directory. To specify that a certificate be issued to the server running Active Directory, do the following: a. Launch MMC on the server and add the default domain policy snap-in (Group policy and browse to default domain policy object). b.
NOTE: Roles, such as hpqTargets and so on, are for extended schema LDAP only. They are not used in LDAP Lite. Assume that a company has an enterprise directory including the domain mpiso.com, arranged as shown in Figure 7-4. Figure 7-4 Directory Example 1. 2. Create an organizational unit to contain the iLO 2 devices managed by the domain. In this example, two organizational units are created, Roles and MPs.
b. In the Create New HP Management Object dialog box (Figure 7-5), select Device for the type. Figure 7-5 Create New HP Management Object Dialog Box c. d. e. 3. 4. 5. 156 In the Name field of the dialog box, enter an appropriate name In this example, the DNS host name of the iLO 2 device, lpmp, is used as the name of the iLO 2 object, and the surname is iLO 2. Enter and confirm a password in the Device LDAP Password and Confirm fields (this is optional). Click OK.
c. From the Select Users dialog box (Figure 7-6), select the iLO 2 object created in step 2: (lpmp in folder mpiso.com/MPs). Click OK. Figure 7-6 Select Users Dialog Box d. e. 6. To save the list, click Apply. To add users to the role, click the Members tab and use the Add button and the Select Users dialog box. Devices and users are now associated. To set the rights for the role, use the Lights Out Management tab (Figure 7-7).
10. Click Apply and OK. Members of the remoteMonitors role are able to authenticate and view the server status. User rights to any iLO 2 are calculated as the sum of all the rights assigned by all the roles in which the user is a member and the iLO 2 is a managed device. Following the preceding examples, if a user is included in both the remoteAdmins and remoteMonitors roles, he or she has all the rights of those roles, because the remoteAdmins role also has those rights.
Figure 7-8 HP Devices Tab Managing Users In a Role After user objects are created, use the Members tab (Figure 7-9) to manage the users within the role. • To add a user, browse to the specific user you want to add, and click Add. • To remove a user from the list of valid members, highlight an existing user and click Remove.
Setting Login Restrictions The Role Restrictions tab (Figure 7-10) enables you to set login restrictions for a role. These restrictions include: • • Time Restrictions IP Network Address Restrictions — IP/Mask — IP Range — DNS Name Figure 7-10 Role Restrictions Tab Setting Time Restrictions • • • 160 To manage the hours available for login by members of the role, click the Effective Hours button. The Logon Hours screen appears (Figure 7-11.
Figure 7-11 Logon Hours Screen Defining Client IP Address or DNS Name Access From the Role Restrictions tab you can grant or deny access to an IP address, IP address range, or DNS names. In the By Default list, select whether to grant or deny access from all addresses except for specified IP addresses, IP address ranges, and DNS names. To restrict an IP address, follow these steps: 1. From the Role Restrictions tab, select IP/MASK and click Add.
4. 5. on a single DNS name or a subdomain, entered in the form of host.company.com or *.domain.company.com. Enter the information and click OK. To save the changes, click OK. To remove any of the entries, highlight the entry in the display list and click Remove. Setting User or Group Role Rights After you create a role, you can select rights for that role. You can enable users and group objects to be members of the role, giving each the rights granted by the role.
Directory Services for eDirectory The following sections provide installation prerequisites, preparation, and a working example of directory services for eDirectory. NOTE: LDAP Lite is not supported with eDirectory. Installing and Initializing Snap-In for eDirectory For instructions on using the snap-in installation application, see “Installing and Initializing Snap-Ins for Active Directory” (page 154). NOTE: After you install snap-ins, restart ConsoleOne and MMC to show the new entries.
2. From in the region1 organizational unit, right-click the HP devices organizational unit. Select New, and select Object. a. Select hpqTarget from the list of classes, and click OK. b. Enter an appropriate name and surname in the New hpqTarget dialog box. In this example, the DNS host name of the iLO 2 MP device, rib-email-server, is used as the name of the iLO 2 MP object, and the surname is RILOEII (iLO 2 MP). Click OK. The Select Object Subtype dialog box (Figure 7-15) appears.
a. b. c. d. e. Right-click the remoteAdmins role in the roles organizational unit in the region1 organizational unit, and select Properties. Select the Role Managed Devices subtab of the HP Management tab, and click Add. Using the Select Objects dialog box, browse to the HP devices organizational unit in the region1 organizational unit. Select the three iLO 2 MP objects created in step 2. Click OK and click Apply. Add users to the role.
devices,ou=region1,o=samplecorp Directory User Context 1 = ou=users,o=samplecorp For example, user CSmith (located in the users organizational unit within the samplecorp organization, who is also a member of one of the remoteAdmins or remoteMonitors roles) would be allowed to log in to the iLO 2 MP. He would type csmith (case insensitive) in the Login Name field of the iLO 2 MP login, and use his eDirectory password in the Password field to gain access.
Figure 7-18 Members Tab (eDirectory) To browse to the specific user you want to add, click Add. To remove a user from the list of valid members, highlight the user name and click Delete. Setting Role Restrictions The Role Restrictions subtab (Figure 7-19) enables you to set login restrictions for a role.
Setting Time Restrictions You can manage the hours available for login by members of a role using the time grid displayed in the Role Restrictions subtab (Figure 7-19). You can select the times available for login for each day of the week in half-hour increments. You can change a single square by clicking it or change a section of squares by clicking and holding the mouse button, dragging the cursor across the squares to be changed, and releasing the mouse button.
Figure 7-21 Lights-Out Management Device Rights Tab Table 7-2 lists the available management device rights. Table 7-2 Management Device Rights Option Description Login This option controls whether users can log in to the associated devices and execute status or read-only commands (view event logs and console logs, check system status, power status, and so on) but not execute any commands that would alter the state of iLO 2 MP or the system.
To ensure you have the correct version of JRE installed on your system, follow these steps: 1. To determine the Java version, execute the following command: # java -version The Java version installed on your system is displayed. 2. If Java is not installed on your system, execute the following command: # rpm –iv j2re-1_4_2_04-linux-i586.rpm NOTE: 3. You can download this rpm file from the Java website. Execute the following command if: • Java is installed and the version is older than 1.4.2.
Verifying Snap-In Installation and Schema Extension To verify the installation of snap-ins and schema extension, follow these steps: 1. 2. Run ConsoleOne and log on to the tree. Verify the new classes by opening the Schema Manager from the Tools list. All the classes related to the HP directory services must be present in the classes list. The classes are hpqRole, hpqTarget, hpqPolicy, and hpqLOMv100.
-> Current Distinguished Name has been retained User Search Context 1: Current -> o=mp Enter new value, or Q to Quit: -> Current User Search Context 1 has been retained User Search Context 2: Current -> o=demo Enter new value, or Q to Quit: -> Current User Search Context 2 has been retained User Search Context 3: Current -> o=test Enter new value, or Q to Quit: -> Current User Search Context 3 has been retained New Directory Configuration (* modified values): *L – LDAP Directory Authenticatio
Certificate Services The following sections provide instructions for installing Certificate Services, verifying directory services, and configuring automatic certificate requests. Installing Certificate Services To install Certificate Services, follow these steps: 1. 2. 3. 4. 5. 6. 7. 8. 9. Select Start>Settings>Control Panel. Double-click Add/Remove Programs. Click Add/Remove Windows Components to start the Windows Components wizard. Select Certificate Services and click Next.
In general, you can use the HP provided snap-ins to create objects. It is useful to give the iLO 2 MP device objects meaningful names, such as the device's network address, DNS name, host server name, or serial number. Directory-enabled remote management enables you to: • Create iLO 2 MP objects: Each device object created represents each device that will use the directory service to authenticate and authorize users.
devices, but grant different rights. Sometimes, it is useful to assign generic rights to the lesser role, and include the iLO 2 MP administrators in that role, and the administrative role. Figure 7-22 shows one way that an administrative user gains admin role right. The admin user’s initial login right is granted through the regular user role. After the initial login, more advanced rights are assigned to the admin user through the admin role such as server reset and remote console.
The iLO 2 MP devices use local host time to enforce time restrictions. If the iLO 2 MP device clock is not set, the role time restriction fails (unless no time restrictions are specified on the role). Role-based time restrictions can only be enforced if the time is set on the iLO 2 MP device.
Role access restrictions limit an authenticated user's ability to receive iLO 2 MP privileges based on rights specified in one or more roles. Figure 7-24 shows the user and role access restrictions. Figure 7-24 User and Role Access Restrictions How User Time Restrictions Are Enforced You can place a time restriction on directory user accounts. Time restrictions limit the ability of the user to log in (authenticate) to the directory.
Figure 7-25 User Time Restrictions User Address Restrictions You can place network address restrictions on a directory user account, and the directory server enforces these restrictions. See the directory service documentation for information about the enforcement of address restrictions on LDAP clients, such as a user logging in to an iLO 2 MP device.
Figure 7-26 Restricting General Use Alternatively, the directory administrator could create a role that grants the login right and restrict it to the corporate network, create another role that grants only the server reset right and restrict it to after-hours operation.
Changes made to the schema during the schema setup process include changes to the following: • • Core classes Core attributes NOTE: Roles such as hpqTargets, and so on, are for extended schema LDAP only. They are not used in LDAP Lite. Core Classes Table 7-3 lists the core LDAP OID classes. Table 7-3 Core Classes Class Name Assigned OID hpqTarget 1.3.6.1.4.1.232.1001.1.1.1.1 hpqRole 1.3.6.1.4.1.232.1001.1.1.1.2 hpqPolicy 1.3.6.1.4.1.232.1001.1.1.1.
hpqRole Table 7-6 hpqRole OID 1.3.6.1.4.1.232.1001.1.1.1.2 Description This class defines role objects, providing the basis for HP products using directory-enabled management. Class Type Structural SuperClasses Group Attributes hpqRoleIPRestrictions—1.3.6.1.4.1.232.1001.1.1.2.5hpqRoleIPRestrictionDefault—1.3.6.1.4.1.232.1001.1.1.2.4 hpqRoleTimeRestriction—1.3.6.1.4.1.232.1001.1.1.2.6hpqTargetMembership—1.3.6.1.4.1.232.1001.1.1.2.3 Remarks None hpqPolicy Table 7-7 hpqPolicy OID 1.3.6.1.4.1.232.
hpqTargetMembership Table 7-10 hpqTargetMembership OID 1.3.6.1.4.1.232.1001.1.1.2.3 Description This attribute provides a list of hpqTarget objects that belong to this object. Syntax Distinguished Name—1.3.6.1.4.1.1466.115.121.1.12 Options Multi Valued Remarks None hpqRoleIPRestrictionDefault Table 7-11 hpqRoleIPRestrictionDefault OID 1.3.6.1.4.1.232.1001.1.1.2.
Table 7-13 hpqRoleTimeRestriction (continued) OID 1.3.6.1.4.1.232.1001.1.1.2.6 Options Single Valued Remarks This attribute is only used on role objects. Time restrictions are satisfied when the bit corresponding to the current local side real time of the device is 1, and unsatisfied when the bit is 0. The least significant bit of the first byte corresponds to Sunday, from 12 midnight, to Sunday 12:30 AM.
iLO 2 MP Attribute Definitions Table 7-17 through Table 7-22 define the iLO 2 MP core class attributes. hpqLOMRightLogin Table 7-17 hpqLOMRightLogin OID 1.3.6.1.4.1.232.1001.1.8.2.1 Description Login right for HP iLO 2 MP products. Syntax Boolean—1.3.6.1.4.1.1466.115.121.1.7 Options Single Valued Remarks The attribute is meaningful only on role objects. If TRUE, members of the role are granted the right. hpqLOMRightRemoteConsole Table 7-18 hpqLOMRightRemoteConsole OID 1.3.6.1.4.1.232.1001.1.8.2.
hpqLOMRightLocalUserAdmin Table 7-21 hpqLOMRightLocalUserAdmin OID 1.3.6.1.4.1.232.1001.1.8.2.5 Description Local user database administration right for HP iLO 2 MP products. Syntax Boolean—1.3.6.1.4.1.1466.115.121.1.7 Options Single valued Remarks This attribute is only used on role objects. If this attribute is TRUE, members of the role are granted the right. hpqLOMRightConfigureSettings Table 7-22 hpqLOMRightConfigureSettings OID 1.3.6.1.4.1.232.1001.1.8.2.
Glossary A Address In networking, a unique code that identifies a node in the network. Names such as host1.hp.com are translated to dott-quad addresses such as 168.124.3.4 by the Domain Name Service (DNS). Address Path An address path is one in which each term has the appropriate intervening addressing association. Administrator A person managing a system through interaction with management clients, transport clients, and other policies and procedures. ARP Address Resolution Protocol.
The CLP consists of a set of command verbs that manipulate command targets representing Managed Elements (ME) that are within the scope of access by a MAP. Each CLP interaction consists of a command line transmitted to the CLP service and a subsequent response transmitted back to the client. Each command transmitted generates only one response data transmission to the client.
Domain A grouping of hosts that is identified by a name. The hosts usually belong to the same Internet Protocol (IP) network address. Domain Name The unique name assigned to a system or group of systems on the Internet. The host names of all the systems in the group have the same domain name suffix. Domain names are interpreted from right to left. E Ethernet An industry-standard type of local area network (LAN) that enables real-time communication between systems connected directly through cables.
I In-band System Management A server management capability that is enabled only when the operating system is initialized and the server is functioning properly. Integrated Lights Out (iLO) The iLO functionality offers remote server management through an independent management processor (MP). iLO was introduced into most HP Integrity entry class servers in late 2004. Prior to that, embedded remote server management was referred to as MP functionality.
MAP address space This is the hierarchical graph of the UFiTs contained in the MAP’s AdminDomain. Each instance starting at the AdminDomain is a node in the graph. Each supported association forms a link in the graph to another instance node, and so on, until a terminating instance node is encountered. Media Access Control (MAC) Worldwide unique, 48-bit, hardware address number that is programmed in to each local area network interface card (NIC) at the time of manufacture.
S Schema Definitions that describe what type of information can be stored as entries in the directory. When information that does not match the schema is stored in the directory, clients attempting to access the directory may be unable to display the proper results. Schemas come in many forms, such as a text file, information in a repository, or diagrams. Serial Console A terminal connected to the serial port on the service processor.
User The CLP User represents an instance of a client which transmits and receives CLP-compliant messages. The CLP is part of the SM CLP architecture. It is intended to either be a person or a script interacting with a terminal service such as telnet or SSHv2. User Account A record of essential user information that is stored on the system. Each user who accesses a system has a user account. User Friendly class Tag (UFcT) A short, user-friendly synonym for a CIM class name.
Index A access options, 77 access rights, configuring, 20 alert levels, system status logs, 62 ARP ping commands, 38 using to configure a static IP address, 38 using to configure iLO 2 MP LAN, 37 auto-login CLI SSH connection, 41 features and usage, 41 initiating a session, 42 terminating a session, 43 web GUI connection, 41 B BLADE command, 67 BMC command, 67 password resetting, 67 resetting, 76 boot log, 62, 87 broadcast messages, sending, 79 C CA command, 68 CD/DVD disk image files, 100 certificate ser
preparation, 153 setting login restrictions, 160 setting time restrictions, 160 setting user or group role rights, 162 snap-in installation and initialization, 154 snap-ins, 158 directory services for eDirectory, 163–171 adding members, 166, 167 adding role-managed devices, 166 creating and configuring directory objects, 163 creating objects, 163 creating roles, 164 defining client IP address or DNS name access, 168 directory services objects, 166–171 installation prerequisites, 152 preparation, 153 setting
directory services, 148 Integrated Lights-Out Management Processor (see iLO 2 MP) integrated remote console (IRC) accessing, 90 full screen, 93 introduction, 88 mouse and keyboard limitations, 89 mouse properties, 90 usage, 88 vKVM supported browsers, 89 vKVM supported operating systems, 89 vKVM supported resolutions and browser configurations, 89 IP address, how iLO 2 MP acquires, 36 IPMI over LAN, 21 IT command, 71 J Java runtime environment, installing, 170 L LAN configuration methods, 36 configure usi
R RB command, 76 remote console, disconnecting, 70 required components, 24 reset button, iLO 2 MP, 31 reset password to factory default, 31 reset, BMC password, 67 rights configuration access, 20 console access, 20 local user administration, 20 power control access, 20 virtual media access, 20 roles address restrictions, 176 creating multiple, 178 creating multiple restrictions, 178 creating to follow organizational structure, 175 DNS-based restrictions, 176 enforcing login restrictions, 177 enforcing user
accessing graphic console, 51 virtual front panel (VFP), 61 virtual media access right, 20 CD/DVD, 97 disk image files, 100 SM CLP command verbs, 142 vKVM, 88 W web GUI active users, 83 DNS settings, configure, 118 firmware upgrade, 109 group accounts, 112 help, 122 interacting with, 49 LAN access settings, 113 LDAP parameters, 116 licensing, 110 local accounts, 111 login options, 115 network settings, 117 Onboard Administrator, 121 power & reset, 103 power meter readings, 105 power regulator, 107 remote c