HP Virtual Connect for c-Class BladeSystem Version 4.30/4.31 User Guide Abstract This document contains user information for HP Virtual Connect. This document is for the person who installs, administers, and troubleshoots servers and storage systems. HP assumes you are qualified in the servicing of computer equipment and trained in recognizing hazards in products with hazardous energy levels.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Microsoft®, Windows®, and Windows Server® are U.S.
Contents Introduction .................................................................................................................................. 8 What's new .............................................................................................................................................. 8 Virtual Connect documentation.................................................................................................................... 9 Virtual Connect overview.............................
Local Users screen ......................................................................................................................... 67 Configuring LDAP, RADIUS, and TACACS+ ...................................................................................... 69 Virtual Connect networks ............................................................................................................. 86 Understanding networks and shared uplink sets........................................................
Advanced Profile Settings ............................................................................................................. 181 Managing server profiles ....................................................................................................................... 182 Define Server Profile screen .......................................................................................................... 182 Server Profiles screen ............................................................
Maintenance and troubleshooting ............................................................................................... 281 Domain Status summary ......................................................................................................................... 281 Status icon definitions .................................................................................................................. 281 Domain Status screen.....................................................................
Migrations .................................................................................................................................. 309 Disabling IPv6 support ........................................................................................................................... 310 Importing enclosures .............................................................................................................................. 310 VC FW update considerations ...................................
Introduction What's new • Enhancements: o UEFI boot mode support Configure server boot modes. o PXE IP boot order Configure PXE IP boot order. o FIPS mode 140-2 support For a current status on FIPS certification, see the HP website (http://government.hp.com/Certifications.aspx). o Configure partially stacked domains to isolate specific networks and fabrics. o 40Gb FIP snooping support o Monitor, detect, and report pause flood conditions on uplink and stacking link ports.
o Configurable role operations must be delegated to one of the following roles if they are to be performed while the domain is in Maintenance Mode: Network, Storage, or Domain. Administrators logging into VCM with a Server role account while the domain is in Maintenance mode will be denied access to perform delegated operations such as exporting support files, updating firmware, configuring port monitoring, or saving or restoring domain configuration. o In VC 4.30/4.
• HP Virtual Connect with iSCSI Cookbook This guide describes how to configure HP Virtual Connect for an iSCSI environment. It provides tips and troubleshooting information for iSCSI boot and installation. • HP Virtual Connect FlexFabric Cookbook This guide provides users with an understanding of the concepts and steps required when integrating HP BladeSystem and Virtual Connect Flex-10 or FlexFabric components into an existing network.
o HP VC 8Gb 24-Port Fibre Channel Module for BladeSystem c-Class o HP VC 8Gb 20-Port Fibre Channel Module for BladeSystem c-Class NOTE: Beginning with VC 4.10, the HP 4GB Virtual Connect Fibre Channel Module is no longer supported. VC modules support HP BladeSystem Enclosures and all server blades and networks contained within the enclosure: • VC-Enet modules enable connectivity to data center Ethernet switches.
HP Virtual Connect Manager Configuring browser support Access to the VCM GUI is provided through HTTPS (HTTP exchanged over an SSL-encrypted session) and requires HTTPS (port 443) to be enabled on the management network. The minimum supported screen resolution is 1024 x 768 with 256 colors. For optimal viewing, HP recommends setting the screen resolution to 1280 x 1024. Requirements The VCM web interface requires an XSLT-enabled browser with support for JavaScript 1.3 or the equivalent.
Pop-up windows must be enabled for certain features to function correctly. Check the browser settings to make sure pop-up blockers are not enabled before running the application. • Cookies Cookies must be enabled for certain features to function correctly. Check your browser settings to make sure cookies are enabled before running the application. • TLS 1.2 When managing Virtual Connect domains in FIPS mode, TLSv1.2 must be enabled in the browser. The following browser versions support TLS 1.
• Log on to the enclosure Onboard Administrator. From the rack overview screen, select the Virtual Connect Manager link from the left navigation tree. • Log on to the enclosure Onboard Administrator. To display the Interconnect Bays summary screen, select Interconnect Bays in the left navigation tree of the Onboard Administrator user interface. Select the Management URL link for the primary VC-Enet module.
Logging on to the HP Virtual Connect Manager GUI Log on using the user name (Administrator) and password. You can optionally specify the authentication method or VCM role at logon. To specify the authentication method (local, ldap, radius, tacacs), enter the authentication method followed by a colon before the user name. For example, ldap:user1. To specify the VCM role (domain, network, server, storage), enter the role followed by a colon before the user name. For example, network:user1.
• The attempted IP sign-in address is for a VC-Enet module not running the primary VCM. • The browser settings are incorrect. See "Configuring browser support (on page 12)." • You have entered an invalid role or authentication service name. • Authentication service is disabled, is not correctly configured, or is not up in the server.
HP Virtual Connect Home This screen provides access for the management of enclosures, servers, networking, and storage. If a red icon with a horizontal white bar appears, an external manager such as VCEM is managing the VCM. Mouse over the icon to display a tool tip with information about the external manager.
About HP Virtual Connect Manager To view detailed product information, select About HP Virtual Connect Manager from the Help pull-down menu. Navigating the HP Virtual Connect Manager GUI Navigation overview The HP Virtual Connect Manager navigation system consists of a tree view on the left side of the screen that lists all of the system devices. The tree view remains visible at all times, except when using any of the VC wizards.
Menu items The following table lists the items available from the pull-down menu at the top of the screen.
Virtual Connect domains Understanding Virtual Connect domains A basic VC domain includes a single HP c-Class BladeSystem c7000 Enclosure for a total of 16 servers (or up to 32 servers if the double-dense option is enabled), or a single HP c-Class BladeSystem c3000 Enclosure for a total of 8 servers (or up to 16 servers if the double-dense option is enabled).
Managing domains Use the following screens to manage the VC domain: • • Domain Settings (Configuration) screen (on page 22) o Change the domain name o Delete a domain o Configure a customized login screen message Domain Settings (IP Address) screen (on page 24) o • • • Set a domain IP address for the VC domain Domain Settings (Enclosures) screen (on page 25) o View enclosures in the domain o Add enclosures to the domain o Remove enclosures from the domain Domain Settings (Backup/Restore)
Domain Settings (Configuration) screen Use this screen to change the domain name, delete a domain, configure and view auto-deployment, and configure a customized login screen message. To access this screen, click Configuration in the left navigation tree, or select Domain Settings from the Configure menu. Only users with domain role permissions can make changes on this screen. The following table describes the available actions in the Domain Settings (Configuration) screen.
Deleting a domain CAUTION: Deleting a domain returns all settings to factory default. This action cannot be undone. 1. Power off all servers that are associated with profiles. See "Server Bay Status screen (on page 270)." 2. Navigate to the Domain Settings (Configuration) screen (on page 22). 3. If necessary, select the Remove all unencrypted keys and CSPs (zeroize) check box to zeroize all unencrypted keys and CSPs. When a module enters or exits FIPS mode, all unencrypted CSPs must be zeroized.
The Auto-Deployment Status section on the Domain Settings (Configuration) screen displays the current deployment status, the last deployment timestamp, and links to the viewable configuration file, deployment log, and CLI output. Task Action View the configuration file Click View next to Configuration File. View the deployment log Click View next to Deployment Log. View the CLI output Click View next to CLI Output.
The following table describes the available actions in the Domain Settings (IP Address) screen. Clicking another link in the pull-down menu or left navigation tree causes current edits that have not been applied to be lost. Task Action Use a Virtual Connect Domain IPv4 or IPv6 Address setting • • For IPv4, select the box next to Use Virtual Connect Domain IPv4 Address, and then enter the IPv4 Address, Subnet Mask, and Gateway.
Column Description Rack Name Name of the rack (assigned through the Onboard Administrator) OA IPv4 Address IPv4 IP address of the OA. "Local Enclosure" indicates this enclosure is managed by the local Onboard Administrator. OA IPv6 Address IPv6 IP address of the OA. "Local Enclosure" indicates this enclosure is managed by the local Onboard Administrator. Status Displays whether the enclosure has been imported Action Perform import and delete operations.
3. o Onboard Administrator User Name o Onboard Administrator Password Click OK. IMPORTANT: No more than four enclosures can be found or imported. If an enclosure is unintentionally found, it can be removed by clicking Delete. 4. Click the Import link in the Action column. -orLeft-click on the enclosure row, right-click to display a menu, and then select Import. Virtual Connect Manager imports the enclosure and provides status information.
Domain Settings (Backup/Restore) screen Use this screen to create a backup file of the Virtual Connect domain configuration to restore a configuration that has been lost, or to revert to a previously saved configuration. The domain configuration includes network definitions, MAC address settings, WWN settings, Fibre Channel fabric settings, local user accounts, and server profile definitions.
CAUTION: Restoring a Virtual Connect domain configuration from a backup file that was created on another Virtual Connect domain is not supported and can cause serious faults within this and other Virtual Connect Domains within the environment. The restore selection and configuration files should only be used to restore the same previously existing domain. 3.
The following table describes the available actions in the Domain Settings (Storage Management Credentials) screen. Clicking another link in the pull-down menu or left navigation tree causes current edits that have not been applied to be lost. Task Action Click Add below the table, or right-click inside the table, and then select Add a credential ("Adding or editing a credential" on page 30) Add.
6. Click Apply.
SNMP overview SNMP is the protocol used by network management systems to monitor network devices for conditions that require administrative attention. SNMP consists of a set of standards for network management, including an Application Layer protocol, a database schema, and a set of data objects. The SNMP agent software resides on the module and provides access to management information. The management information is structured as a hierarchical database known as a MIB.
MIB VC-Enet VC-FC RFC 1213 Network Mgmt X — RFC 4293 IP-MIB X — Fibre Alliance MIB (FC Mgmt Integ) — X RFC 2837 Fabric Element MIB — X VC Module MIB (VCM-MIB) X — VC Domain MIB (VCD-MIB) X — IEEE LLDP MIB (LLDP-MIB) X — IEEE LLDPv2 MIB (LLDPv2-MIB) X — IEEE8023 LAG MIB (LAG-MIB) X — VC QOS MIB (VC-QOS-MIB) X — * Not supported by the HP 8Gb 24-Port FC Module The VC Module MIB is a VC-specific MIB that describes the state of a specific VC module.
The following table describes the fields within the SNMP Configuration screen. Field name Description Enable V1, V2 Select to enable V1, V2 SNMP. Enable V3 Select to enable V3 SNMP. Enable SMI-S (FC only) Select to enable SMI-S. System Contact Specify a contact name for this system when SNMP is enabled. The maximum length is 20 characters. Read Community Controls SNMP read access when SNMP is enabled. The default value is "public".
Task Action Add an SNMP trap destination ("Adding an SNMP trap destination" on page 39) Click Add below the destination table, or right-click on the header row of the destination table, and then select Add Destination. Edit an SNMP trap destination Click Edit in the Action column, or right-click on the trap destination row, and then select Edit Destination. Delete an SNMP trap destination Click Delete in the Action column, or right-click on the trap destination row, and then select Delete Destination.
Field name Description IP Address IPv4 or IPv6 address for the allowed network Network Mask Bits Network mask bits for the allowed network Type Type of network Action Perform add and delete actions SNMP Trap Destinations SNMP trap destination table Destination User-designated name for the trap destination. The Destination name must be unique. IP Address IPv4 or IPv6 address for the trap destination. DNS name is not supported.
• Supported CIM classes: o CIM_ComputerSystem o CIM_FCPort o CIM_Location o CIM_SoftwareIdentity o CIM_Product o CIM_PhysicalPackage o CIM_FCPortCapabilities o CIM_FCPortSettings o CIM_FCSwitchSettings o CIM_RemoteSeviceAccessPoint o CIM_SettingData o CIM_Namespace o CIM_ConnectivityCollection Supported CIM clients have no restrictions. SNMP Configuration (Users) Use this screen to create SNMPv3 users. SNMPv3 users are required before adding an SNMPv3 trap destination.
Field name Description Action Perform edit and delete actions To add an SNMP user: 1. Click Add. 2. Type in a user name, 1 to 31 alphanumeric characters including - and _. 3. Select the User Type. 4. If the User Type is remote, type in an Engine ID. The Engine ID must begin with 0x followed by an even number of hexadecimal characters, up to 64. 5. Select the minimum level of security required for operation. 6. Select the authentication protocol. 7.
Adding an SNMP trap destination To add an SNMP trap destination, right-click the header row of the SNMP Trap Destination table, or click Add at the bottom of the SNMP Trap Destination table. You can configure up to five VC-Enet and five VC-FC SNMP trap destinations. SNMPv1 and SNMPv2 trap formats are disabled when the domain is in FIPS mode. To add an SNMP trap destination: 1. Select the Trap Format: SNMPv1, SNMPv2, or SNMPv3. SNMPv2 is not supported for VC-FC modules. 2.
To select trap categories, click the check box. For VC-FC modules, selecting either the Port Status or Other check box results in all SNMP traps being sent to the trap destination. VC-FC modules do not differentiate between trap types. To select a VCM trap category, do one of the following: • Highlight the item, and then click the right arrow. • Highlight the item, and then drag and drop it into the right window.
Trap Category vcEnetNetworkManagedStatusChanged VCM Network Status 3 Fabric status change (deprecated) vcFcFabricManagedStatusChanged 3 Severity MIB Corresponds to the VCD-MIB name of the new state — — — VCM Fabric Status Corresponds to the VCD-MIB name of the new state — — VC module status change (deprecated) — vcModuleManagedStatusChanged Profile status change (deprecated) VC-Enet Module Status or Corresponds to the VCD-MIB VC-FC Module Status name of the new state — — — vcProfileManagedS
connUnitPortStatus value Severity unknown INFO unused INFO ready NORMAL warning WARNING failure CRITICAL nonparticipating INFO initializing INFO bypass INFO ols MAJOR other INFO Trap categories and required user role permissions In general, users with domain role permission can perform any SNMP configuration change operations.
• WARNING—The component has a potential problem. • INFO—Operational information on the fully functioning component. • UNKNOWN—VC Manager has not yet established communication with the component. • NORMAL—The component is fully functional. Trap severities are only supported for VC-Enet or VCM traps. VC Module MIB traps The following table lists traps in the VC Module MIB. Trap name Trap data Description vcModRoleChange moduleRole The VCM role of the module has changed.
Trap name Trap data Description vcModPortBpduLoopCleared port identification loop status A network loop condition is cleared on this port. The trap data indicates the physical port associated with a Flex10 port. For Flex10 ports, this trap is sent only after all Flex10 ports on a physical port are cleared from a loop condition.
• The ReasonCode provides an object specific reason for the managed state transition. The reason codes are unique between objects, allowing more specific actions to be taken programmatically from SNMP management stations.
Enclosure reason code Description vcEnclosureSomeServersAbnormal At least one server is in a known state and no servers are OK, or at least one server is degraded. vcEnclosureUnknown The condition of the enclosure cannot be determined, or the state of servers or modules is unknown.
The following is an example of a FC fabric Cause string: 1 of 2 uplink ports are abnormal on BackupSAN fabric The following is an example of a FC fabric RootCause string: 1 of 2 uplink ports are abnormal on BackupSAN fabric The FC fabric managed status ReasonCodes are provided in the following table. FC fabric reason code Description vcFabricOk The fabric is functioning normally. vcFabricNoPortsConfigured The fabric does not have any uplink port configured.
Profile reason code Description vcProfileAllConnectionsAbnormal All connections in profile are abnormal. vcProfileSomeConnectionsAbnormal Some connections in the profile are abnormal. VC domain checkpoint traps The domain checkpoint trap indicates configuration changes have been saved in non-volatile memory and copied (check-pointed) to the horizontally adjacent module. vcCheckpointTimeout The checkpoint valid status remained false for more than five minutes.
Click Refresh to display the most current information. System Log entry format A wide variety of events are generated by Virtual Connect and logged into the System Log, or SysLog. The remote logging capability is supported using the syslog protocol defined in RFC 3164. The remote logging feature provides the option of transmitting traffic over TCP and securing traffic using stunnel. Stunnel is required when the domain is in FIPS mode.
• The object short name is VCD (domain). • The object name is aus-c7000-82_vc_domain. • The event code is 1011. • The event severity is Info (informational). • The event message is VCM user logout : Administrator@16.85.18.209. The following table describes the Virtual Connect managed objects that are capable of generating System Log events, along with the corresponding event ID ranges.
System Log (Configuration) screen Use this screen to view or set remote log destination settings. Column Description Log host The IP address or the DNS of the configured remote log destination Log severity Severity of the log messages that should be sent to the specified destination. Valid values include "Critical", "Error", "Warning", and "Informational". Transport The transport protocol to be used for sending the log messages to the destination. Valid values include "TCP" and "UDP".
To delete a remote log destination, select the checkbox next the preferred destination, and then click Delete.
If VCM is configured with a VC domain IP address, then future certificate requests generated will reflect this domain IP address. For information on generating a new certificate, see "SSL Certificate Administration (Certificate Signing Request) screen (on page 55)." For information on uploading certificates for use in the VC-Enet module, see "SSL Certificate Administration (Certificate Upload) screen (on page 57).
Row Description Serial Number Serial number of the certificate. This serial number is unique per Certificate Authority that issued it. Version Version of the certificate MD5 Fingerprint Unique fingerprint of the certificate, calculated using cryptographic hash function Message-Digest algorithm 5 (MD5). This fingerprint can be used to further verify that the correct certificate is being used. This row is not displayed when the domain is in FIPS mode.
SSL Certificate Administration (Certificate Signing Request) screen This screen allows a certificate request to be generated for the domain if the existing certificate has a Key Length of 2048. A warning appears if the key for the existing certificate is not 2048 bits. The key must be updated before you can enter data or generate a signature request.
The following table describes the fields on the SSL Certificate Administration (Certificate Signing Request) screen. Clicking another link in the pull-down menu or left navigation tree causes current edits that have not been applied to be lost. Field Possible values Description Required Information Country (C) State or Province (ST) Must be a two character country The two character country code that identifies code. Only alphabetic characters the country where the VC domain is located are allowed.
Field Possible values Description Alternative Name 0 to 500 characters in length Alternative identifiers for the VC domain that the certificate should also cover. Examples include DNS names and IP addresses.
When renewing certificates, the upload removes any previous Signed Certificate from VCM. You must add a new certificate or update with a renewed certificate in your browser. See browser Help for information on installing or renewing certificates. SSH Key Administration screen This screen lists the current user (assuming administrator privileges) of each authorized SSH key and enables the user to add new keys. Only local users can have authorized SSH keys.
After you have authorized one or more SSH keys, you can delete all of them by clicking Clear SSH Keys. Removing the authorized SSH keys does not affect current SSH sessions. Web SSL Configuration screen This screen enables you to modify the SSL encryption strength. This screen is only available to users with domain user role permission.
OA firmware versions prior to 4.10 do not support TLS 1.2. If the OA version is less than 4.10, configure the VCM to support all TLS versions.
HP BladeSystem c-Class enclosures Enclosure serial numbers The enclosure serial number is used by the Virtual Connect Manager to associate a Virtual Connect domain with a particular enclosure. The enclosure serial number can be altered for maintenance purposes, such as replacement of the enclosure midplane. For more information, see SET ENCLOSURE SERIAL_NUMBER in the HP BladeSystem Onboard Administrator Command Line Interface User Guide on the HP website (http://www.hp.com/go/vc/manuals).
Wizard. There are 16 half-height or 8 full-height server bays in a c7000 enclosure. A combination of full-height and half-height servers can be used in the same enclosure. Multiple enclosure domains are not supported on c3000 enclosures. The VC-Enet or FlexFabric modules use stacking cables between c7000 enclosures so that network traffic can be routed from any server Ethernet port to any uplink within the VC domain.
• The Onboard Administrator firmware must be version 3.11 or higher. HP recommends using the latest version available. • All Onboard Administrators must use the same user credentials. VCSU uses the primary credentials for the remote enclosure. • When both Primary and Standby modules in the base enclosure are taken down for maintenance or lose power and are no longer present in the domain, the management capabilities in the VC domain are lost.
Enclosures view (multiple enclosures) When more than one enclosure has been imported, each enclosure is displayed on the Enclosures View screen.
Virtual Connect users and roles Understanding VC administrative roles Each user account can be set up to have a combination of up to four user role permissions: • • • • Domain o Define local user accounts, set passwords, define roles o Configure role-based user authentication o Import enclosures o Name the VC domain o Set the domain IP address o Administer SSL certificates o Delete the VC domain o Configure SNMP settings Network o Configure network default settings o Select the MAC a
o Update firmware o Save configuration to disk o Restore the configuration from a backup It is possible to create users with read-only access and no user role permissions. These users can only view status and settings.
Local Users screen The first time this screen appears, the Administrator account, which has all administrative user role permissions, might be the only user listed. The Administrator account cannot be deleted or have domain user role permissions removed. However, the Administrator password can be changed, and the network, server, and storage user role permissions can be removed. The default Administrator password is identified on the Default Network Settings label on the primary VC module.
o Numeric character o Non-alphanumeric character Click Apply to save your changes. • To set a session timeout period, enter a number between 10 and 1440 in the Session Timeout box. To disable a session timeout period, enter 0. Click Apply to save your changes. Any change in the timeout value affects all open sessions and is applied to new sessions. • To edit the delete confirmation preference, select or clear Auto Populate Name During Delete Confirmation, and then click Apply.
Adding a new user Observe the following user settings guidelines: • Username is a required field. • The Username field must contain an alpha-numeric value with 1 to 31 characters. • The Password field must contain an alpha-numeric value with 3 to 40 characters. The default password length is 8 characters.
For LDAP authentication, the VCM contacts and external LDAP server on which user accounts have been set up. During login, VCM sends an authentication request to the server and waits for a login accept or login reject response from the server. RADIUS and TACACS+ provide remote user authentication. At login, an external RADIUS or TACACS+ server is contacted by the VCM to authenticate the user login.
Local users can test an LDAP configuration before applying it. For more information, see "Test LDAP authentication (on page 71)." The following table describes the fields within the LDAP Server Settings (LDAP Server) screen. Clicking another link in the pull-down menu or left navigation tree causes current edits that have not been applied to be lost. Field Description Enable LDAP Authentication Select to enable LDAP authentication.
7. Click Test. The status window displays any problems encountered during the test. When testing is complete, click Close. LDAP Server Settings (LDAP Groups) screen Use this screen to manage the LDAP Group settings for VCM. The following table describes the fields within the LDAP Server Settings (LDAP Groups) screen. Field Description Group Name The Directory Server group name. Microsoft Active Directory servers have a reverse mapping from the user to the groups the user belongs to.
Field Description Roles Zero or more roles (Domain, Network, Storage, Server) assigned to the group. A user can be a member of multiple groups, in which case the roles are cumulative. If the user is only a member of a group (or groups) with no roles, the user can log in and view the Virtual Connect configuration but cannot make any changes. If a user is not a member of any group, the user cannot log in. Role Operations Permitted operations for the assigned roles.
LDAP Server Settings (LDAP Certificate) screen Use this screen to manage LDAP server certificates. Directory Certificates provide authentication of the Directory Server. There are two ways to verify the identity of the Directory Server: • Install certificates that complete a certificate chain to a root Certificate Authority. • Install a certificate that exactly matches the certificate provided by the Directory Server.
Column Description Valid From The date and time when this certificate became valid Valid To The date and time when this certificate becomes invalid Delete Click X in the line of the certificate to delete. RADIUS Settings (RADIUS Server) screen This screen enables domain administrators to configure a RADIUS server to authenticate users accessing the CLI or GUI based on user name and password and to provide role-based authorization.
Field Description Server Key A shared secret text string to be used for encrypting user details. This string must match between VCM and the RADIUS server. The secret-key is a plain text string of 1 to 128 characters. Add/Remove Secondary Server Select to add or remove a secondary RADIUS server. To add a secondary server, select the Add/Remove Secondary Server check box to display the Secondary Server Parameters, complete the fields as described in the table above, and then click Apply.
secret = require_message_authenticator = no } nastype = other The RADIUS server ignores authentication requests from an unknown client. Therefore, if the client entry is absent, the server ignores it. The server does not send a reject response. 4. Add the following to the dictionary file /usr/local/share/freeradius/dictionary.hp for HP: ATTRIBUTE HP-VC-groups 192 string HP The RADIUS server logs are available in the logfile /usr/local/var/log/radius/radius.log.
RADIUS Settings (RADIUS Groups) screen Use this screen to manage the RADIUS Group settings for Virtual Connect Manager. Use this screen to manage the RADIUS Group settings for Virtual Connect Manager. This screen is disabled if the domain is in FIPS mode ("Virtual Connect FIPS mode of operation" on page 314). The following table describes the fields within the RADIUS Settings (RADIUS Groups) screen. Field Description Group Name The RADIUS group name.
Add or Edit RADIUS Group Use this screen to add or edit a RADIUS Group. The following table describes the fields within the Add/Edit RADIUS Group screen. Field Description Group Name This is the group name value configured as the vendor-specific attribute HP-VC-Groups on the RADIUS server. The name can consist of 1 to 255 standard text-string characters (alphanumeric characters, hyphen (-), underscore (_), period (.)) except backslash (\) and single quote ('). You cannot change the name on edit.
Users with domain user role permissions can test a TACACS+ configuration before applying it. For more information, see "Test TACACS+ authentication (on page 83)." The following table describes the fields within the TACACS+ Settings screen. Clicking another link in the pull-down menu or left navigation tree causes current edits that have not been applied to be lost. Field Description Enable TACACS Authentication Select to enable TACACS+ authentication.
Required TACACS+ server settings The following TACACS+ server settings must be configured on VC to enable TACACS+-based authentication: • Enable or disable flag • TACACS+ server IP address • Server SSL port number—the default (well-known) value for TACACS+ authentication is 49. • Shared secret server key—this is a plain text key that must be configured both on VC and on the server. Both keys should match. The length of the secret key can vary from 1 to 128 characters.
autocmd = domain:network of privileges } <------- Colon-separated list } group = ALL_STAFF { } # End config file In this example, two different usages of autocmd= are shown: • Separate lines used for each privilege, supported in VC 3.30 and higher • Colon-separated privilege list, supported in VC 4.10 and higher Configuration can differ from one TACACS+ server to another. For more information, see the TACACS+ server documentation during configuration.
autocmd = network:server of privileges } <------- Colon-separated list } group = ALL_STAFF { } # End config file The configuration above is supported for the TACACS+ server downloaded from the tac plus website (http://www.pro-bono-publico.de/projects/tac_plus.html). Configuration can differ from one TACACS+ server to another. For more information, see the TACACS+ server documentation during configuration.
Role Management (Role Authentication Order) screen Use this screen to specify the authentication services to be used during log in and to set the order in which each authentication method is queried for each role. Role authentication order is followed for role-prefixed logins only, such as "domain:user1".
Clicking another link in the pull-down menu or left navigation tree causes current edits that have not been applied to be lost. Role Management (Role Operations) screen Use this screen to change the role operations allowed for Network, Server, Storage, and Domain roles. You must have Domain Administrator role permission to make these changes. Changes apply to all users assigned to a given role.
Virtual Connect networks Understanding networks and shared uplink sets The VC-Enet modules use standard Ethernet bridge circuitry with special firmware so that they function as a configurable Ethernet port aggregator. For a specific external data center connection, only the selected server Ethernet NIC ports are visible on what appears to be an isolated, private, loop-free network.
Identifying an associated network as the native VLAN causes all untagged incoming Ethernet packets to be placed onto this network. Only one associated network can be designated as the native VLAN. All outgoing Ethernet packets are VLAN-tagged. To enable native VLAN when defining a shared uplink set, select the box under Native. To enable or disable native VLAN on an existing network, go to the Edit Shared Uplink Set screen (on page 140).
VLAN tags are mapped to networks. Untagged frames are mapped to the native VLAN, if present. Otherwise, they are dropped. Server frames are untagged only, and tagged frames are dropped. Each server port is connected to a single network.
• o Set VLAN Capacity o Use the Multiple Networks Link Speed Settings to set a custom value for preferred link connection speed or maximum link connection speed o Enable or disable MAC Cache Failover o Modify the refresh interval for MAC Cache Failover o Enable or disable network loop protection for all VC-Enet modules in the domain o Reset network loop protection for all server ports in a loop-detected error state o Enable or disable pause flood protection for all VC-Enet modules in the domai
o Illuminate the PID for all uplink ports associated with a network Network Access Groups screen Before VC 3.30, any server profile could be assigned any set of networks. If policy dictated that some networks should not be accessed by a system that accessed other networks (for example, the Intranet and the Extranet) there was no way to enforce that policy automatically. With VC 3.
The following table describes the available actions in the Network Access Groups screen. Task Action View networks that are members of a network access group Click the network access group name. Filter the list of networks in a network access group On the Alphabetic tab, click a letter to show only network names that begin with that group of letters, or click All to show all networks alphabetically. On the Filter tab, use the pull-down menus to select the networks you want to view, and then click Go.
o On the Filtered tab, use the pull-down menus to define the filter criteria, and then click Go. 3. Drag and drop the networks that should be included as members of the network access group from the Excluded Networks field to the Included Networks field. 4. Click Apply. Edit Network Access Group screen To access this screen: • Click the Edit link for a network access group on the Network Access Groups screen (on page 90).
5. Click Apply. Ethernet Settings (Port Monitoring) screen To access this screen, do one of the following: • Under Ethernet Settings in the left navigation tree, click Port Monitoring. • On the home page, in the Network section, click Port Monitoring. The port monitoring screen is accessible to all users with the Port Monitoring role assigned to their VC role. All other users have read-only access.
CAUTION: The network analyzer port should only be connected directly to a network analyzer. Improper connection of this port or improper configuration of port monitoring could result in network loops and cause a network outage. IMPORTANT: HP recommends that you do not use port monitoring with an analyzer in loopback configuration with any VC module. When port monitoring is enabled, a warning icon appears in the banner at the top of the page.
Field name Description Server", "To Server", or "Both". The default is "Both". Server Profile Identifies the server profile associated with the monitored port, if one exists. The assigned networks are listed by each subport. If multiple networks are assigned, mouse over the label to see a listing of all networks associated with the subport. MAC MAC address of the monitored port Server Bay Port Enclosure and server device bay the monitored port is associated with Delete Displays the Delete icon.
Although you can select individual FlexNICs as monitored ports, VCM mirrors traffic on a physical port basis. To filter the list of ports, select one or more of the boxes at the top of the screen. The following table describes the available actions in the Select Monitored Ports screen. Task Action Select a port to be monitored Select the check box corresponding to the port. When 16 ports have been selected, no additional check boxes are displayed. You must clear a check box to select a different port.
Task Action Accept selected ports and return to the Port Monitoring screen Click OK. Clear newly selected ports without saving and return to the Port Monitoring screen Click Cancel. Reset the filter criteria to include all items in each filter Click Reset Filters. Only display selected ports Select the Only display selected ports check box. Ethernet Networks (Advanced Settings) Use this screen to perform the following tasks: • Set Server VLAN Tagging Support (on page 97).
ID mappings can be manually edited. However, administrators must ensure that no server connection VLAN ID conflict exists. The 'Force server connections to use the same VLAN mappings as shared uplink sets' check box can be selected if no server profile connections are assigned to multiple networks that are not linked to a shared uplink set. VLAN Capacity When the domain is configured with the Expanded VLAN capacity mode, observe the following: • 1,000 networks can be in-use at any time.
Gb for Ethernet connections. The 20Gb maximum speed is dependent on 20Gb NICs and the HP VC FlexFabric-20/40 F8 Module being present in the domain. The pre-4.01 behavior can be retained by setting "maximum speed" to the same value as "preferred speed". When the maximum speed and preferred speed for a network are set to the same bandwidth, then the profile connection bandwidth does not exceed the custom speed set on the connection.
IMPORTANT: Be sure to set switches to allow MAC addresses to move from one port to another without waiting for an expiration period or causing a lock out. Always enable the "spanning tree portfast" feature to allow the switch port to bypass the "listening" and "learning" stages of spanning tree and quickly transition to the "forwarding" stage, allowing edge devices to immediately begin communication on the network.
• Unassign all networks from the port in "loop detected" state The SNMP agent supports trap generation when a loop condition is detected or cleared. Virtual Connect provides the ability to enable or disable network loop protection. The feature is enabled by default and applies to all VC-Enet modules in the domain. Network loops are detected and server ports can be disabled even prior to any enclosure being imported.
Virtual Connect provides the ability to enable or disable port pause flood protection. The feature is enabled by default and applies to all VC-Enet modules in the domain. Port pause floods are detected and server ports can be disabled even prior to any enclosure being imported. The default polling interval is 10 seconds and is not customer configurable. VC provides system logs and SNMP traps for events related to pause flood detection.
Networks (Advanced Settings)" on page 97). Additionally, each Network or Shared Uplink Set also has a LACP timer setting. There are three possible values: Domain-Default, Short, or Long. The domain default option sets the LACP timer to the domain-wide default value that is specified on the Advanced Ethernet Settings screen. This setting specifies the domain-wide default LACP timer.
or traffic shaping for Ethernet traffic flows. FCoE traffic is prioritized and classified in FlexFabric modules but controls were fixed and not exposed to administrators. The diagram below illustrates a pass-through configuration where packets are transmitted in the same order as they are received. The QoS feature introduced in VC 4.
The QoS screen is accessible to all users with network or domain role permissions. All other users have read-only access. Select the configuration type from the pull-down list: • Passthrough—Incoming non-FCoE packets are not classified or altered. There are no traffic classes, maps, or rules. • Custom (with FCoE Lossless) (on page 105)—Enable QoS and allow a customized configuration that includes FCoE class. The configuration defines two system classes: Best Effort and FCoE Lossless.
Traffic Classes A traffic class allows you to categorize packets requiring similar traffic management. The following table describes the columns on the traffic class screen. Clicking another link in the pull-down menu or left navigation tree causes current edits that have not been applied to be lost. Item Description Name Name of the traffic class. Real Time One user-defined class can be designated as real time.
Action Description Edit the Share for a traffic class Click on the number in the Share column, and then type in a new number. Click Apply. Edit the Max Share for a traffic class Click on the number in the Max Share column, and then type in a new number. Click Apply. Edit the egress DOT1P priority for a traffic class Click on the number in the Max Share column, and then select a new number from the pull-down list.
Virtual Connect uses the 802.1 Q priority for all other traffic. VC administrators can map DSCP/ToS values to 802.1p egress priorities to be set on packets before they are placed on an egress queue. Virtual Connect retains and obeys L2 markings on tunneled vNets without applying any changes to them. To change the traffic class for an Ingress DOT1P Value or Ingress DSCP Value, select a traffic class from the drop-down list, and then click Apply.
Item Description Share Minimum guaranteed bandwidth that each traffic class gets. The sum of shares of all enabled classes and the Best_Effort class equals 100. Max Share Maximum share that the traffic class can use when other traffic classes are not using their maximum share. Egress DOT1P Priority The egress dot1p priority marking on the VLAN tag. Enabled The FCoE Lossless and Best_Effort classes are enabled by default. Other classes are enabled if the checkbox in the Enabled column is selected.
Ingress Traffic Classifiers The Classification for uplinks and Classification for downlinks pull-down lists allow you to choose what classification method is applied to traffic in the specified direction. The default classification for uplinks is DOT1P. The default classification for downlinks is DSCP/DOT1P. When both DOT1P and DSCP are being used for one traffic flow, DSCP is used for IP traffic and DOT1P is used for non-IP traffic.
sFlow Settings (General) screen The sFlow feature allows network administrators to monitor and analyze the network traffic flow in the datacenter. The sFlow settings can be modified by users with Network, Domain, or Server user role permissions. VC sends sFlow datagrams containing traffic information to an external sFlow collector. Clicking another link in the pull-down menu or left navigation tree causes current edits that have not been applied to be lost.
If there is no network selected, you can click Add to select the network through which sFlow datagrams will be sent to the sFlow collector. A list of available networks is displayed. Select one network, and then click OK. Click Apply to save your changes. The network can be either a dedicated network, or it can be a shared network. You cannot choose a private network. FCoE networks are not allowed for sFlow configuration. If a network is already selected, you must delete it before adding a different one.
You cannot reset a module if ports are configured on it. If ports are configured on the module you want to reset, go to the Ports tab and edit the port to stop sampling and polling. You can delete any receivers that have ports assigned from the given module. Deleting a receiver deletes all of the ports assigned to that receiver. The Status column displays the current status of the modules in the enclosure, and is not editable. Statuses: • Running—sFlow monitoring is running.
To configure a port for polling: 1. Select the Configure checkbox under Polling. 2. Use the arrows to select a polling interval. 3. Use the pull-down arrow to select a receiver. When you are finished editing the port, click OK. There are several options to view available ports: • Use the Show pull-down menu to show All, Configured Ports, or Unconfigured ports.
• Monitor and manage multicast group membership for hosts subscribing to IGMP multicast traffic • Manage new Multicast Filter rules for a Multicast filter ("Multicast Filtering" on page 116) • Configure IGMP multicast filters and associate them with one or more profile connections IMPORTANT: Users with server role permissions cannot modify IGMP settings when the VC domain is under VCEM control.
Multicast Filtering A multicast filter is a set of rules for filtering the IGMP Reports. The server administrator defines the rules that filter the IGMP report by specifying the multicast group IP address and the multicast group IP prefix length. This defined filter can then be associated with a profile Ethernet connection. A multicast filter can contain up to a maximum of 32 filter rules. A multicast filter without any rules is defined as an empty filter.
• Multicast traffic targeted to link-local addresses (224.0.0.0 – 224.0.0.255) is flooded to all VC ports in the configured network. • Any other L2 multicast traffic is forwarded to all VC ports in the network. With IGMP Snooping disabled, multicast traffic is flooded to all VC ports. Modifying a multicast filter or filter set that is in use by one or more profile connections impacts all profile connections.
To edit a multicast filter: 1. Highlight the filter to edit. 2. Right-click the filter and select Edit from the pull-down menu, or select Edit in the action column. To delete a multicast filter: 1. Highlight the filter to delete. 2. Right-click the filter and select Delete from the pull-down menu, select Delete in the action column, or select the filter checkbox, and then click Delete.
A multicast filter set allows server ports to have multiple multicast filters assigned to them. Administrators can create a multicast filter set by grouping multicast filters using some unique criteria such as service-based grouping. Users can create a maximum of 128 filter sets in a domain. The Multicast Filter Set screen is accessible to all users, but only users with domain, server, or network role permissions can add, edit, and delete multicast filter sets.
Define Ethernet Network screen The Define Ethernet Network screen is accessible to all users with network role permissions from the Define a Network link on the Virtual Connect Manager homepage or the Define pull-down menu. The following table describes the fields within the Define Ethernet Network screen. Field name Description Network Network Name Name of the network Color A network can have a user-defined color to group and identify the network within VCM.
Field name Description discarded. If this network is assigned to a server profile or associated with a shared uplink set, this option cannot be modified. Advanced Network Settings (on page 124) Select to display options for setting the connection speed. External Uplink Ports Port Network port locations (enclosure, bay, and port numbers) Port Role Applicable when Failover Connection Mode is selected. The port can be designated as Primary or Secondary.
Task Action network Change the uplink interface port speed or disable the port Click the pull-down box under Speed/Duplex, and then select a setting. Delete an added port Click the Delete link in the Action column, or left-click to select the line item, right-click to display a pull-down menu, and then select Delete. Add this network to Network Access Groups In the Network Access Groups field, begin typing the name of a Network Access Group that should include this network.
Field name Description Network Network Name Name of the network Enabled Displays the current state of the network as enabled (checked) or disabled (unchecked) Status Displays the current status of the network PID Shows whether the PID is on or off for the port Color A network can have a user-selected color to group and identify the network within VCM. Labels A network can have up to 16 user-defined labels to group and identify the network within VCM.
Task Action Enable or disable Smart Link on the network being defined Select the Smart Link checkbox. Designate or do not designate the network as a private network Select the Private Network checkbox. Enable or disable VLAN tunneling Select the Enable VLAN Tunneling checkbox. Enable or disable the network Select the Enabled checkbox. Set a custom value for preferred link connection speed or maximum link connection speed Select the Advanced Network Settings checkbox.
IMPORTANT: Depending on the NIC firmware versions in use, you might need to upgrade the NIC firmware for these speed enforcement settings to work correctly. To change these settings: 1. Click the selection box, and then select a setting (100Mb to 20Gb): o Set preferred connection speed. This value is the default speed for server profile connections mapped to this network. The server administrator can increase or decrease this setting on an individual profile connection.
o Auto (recommended)—This mode enables the uplinks to attempt to form aggregation groups using IEEE 802.3ad link aggregation control protocol, and to select the highest performing uplink as the active path to external networks. Aggregation groups require multiple ports from a single VC-Enet module to be connected to a single external switch that supports automatic formation of LACP aggregation groups, or multiple external switches that utilize distributed link aggregation.
This summary screen displays the external connections for each network and is available to all authorized users. The following table describes the columns within the summary table on the Ethernet Networks (External Connections) screen. Column name Description Ethernet Networks Shows the overall network status and network name In-Use Shows whether the network is in use or not.
Column name Description All Networks When a network is not selected, the status of all networks and network ports in the domain is displayed. When a network is selected, the status of that network is displayed. The following table describes the available actions in the Ethernet Networks (External Connections) screen. Clicking another link in the pull-down menu or left navigation tree causes current edits that have not been applied to be lost.
The following table describes the columns within the Ethernet Networks (Server Connections) screen.
Shared Uplink Sets (External Connections) screen To access this screen, click the Shared Uplink Sets link in the left navigation tree, or select Shared Uplink Set from the Define menu at the top of the screen. This summary screen provides an overview of external shared uplink connections. This screen is only applicable if multiple networks identified by VLAN tags are being connected over a single external uplink set.
Task Action Add a shared uplink set Click Add below the table, or right-click on the header row to display a menu, and then select Add. Edit a shared uplink set Click the Edit link in the Action column, or left-click to select an uplink set, right-click to display a menu, and then select Edit. Delete a shared uplink set Click the Delete link in the Action column, or left-click to select an uplink set, right-click to display a menu, and then select Delete.
This screen allows you to create a copy of a shared uplink set. This can facilitate the setup of an Active/Active shared uplink set configuration. All of the associated networks and their properties are duplicated during the copy. A new name for the shared uplink set must be selected and all networks must be renamed using a common renaming scheme. To copy a shared uplink set: 1. Enter a name for the new shared uplink set in the Shared Uplink Set Name field. 2.
o The replacement string can be empty. o The new associated network names cannot be duplicates of existing network names, and the names must follow the normal network name rules. o You cannot edit the associated network names individually on this screen. After the associated networks are created, you can rename the networks as normal.
This summary screen displays the mapping of networks to external shared uplink connections. This screen is only applicable if multiple networks identified by VLAN tags are being connected over a single external uplink set. The following table describes the fields within the Shared Uplink Sets (Associated Networks) screen.
• In VC 4.30 and later, the VLAN Capacity (on page 98) places restrictions on the number of networks that can be added to a shared uplink set. • If the domain stacking mode is configured with horizontal or primary slice stacking links, only uplink ports on the same logical interconnect can be added. o Based on the first uplink port selected, the list of external uplink ports is filtered to display only ports in the same logical interconnect. o Remove all uplink ports to reset the filtering.
Field name Description uplink port. For shared uplink sets with an associated FCoE network, the speed/duplex is Auto. Action Perform delete operations Connection Mode Connection mode of the uplink ports for this network. For a description of the connection modes, see "Defining a network (on page 125)." This setting cannot be changed for shared uplink sets with an associated FCoE network. LACP Timer If the connection mode is set to Auto, displays the default LACP timer setting for the domain.
Task Action the network being defined Designate or do not designate this network as a private network Select the Private Network checkbox. Set a custom value for preferred Select the Advanced Network Settings checkbox. link connection speed or maximum link connection speed Click the Edit link in the Action column, or left-click to select an associated Edit associated network network, right-click to display a menu, and then select Edit.
o Domain Default—If this mode is selected, the network uses the domain-wide LACP timer configuration setting. The current setting is displayed as part of the radio button label. See the descriptions for Short and Long. o Short—If this mode is selected, VC requests short (every 1 second) LACP control messages on a LAG that is formed with the uplink ports. o Long—If this mode is selected, VC requests long (every 30 seconds) LACP control messages on a LAG that is formed with the uplink ports. 6.
i. Click the selection box. ii. Select a setting (100Mb to 20Gb): Set preferred connection speed. This value is the default speed for server profile connections mapped to this network. The server administrator can override this setting on an individual profile connection. Set maximum connection speed. This value is the maximum speed for server profile connections mapped to this network.
• FCoE traffic does not cross stacking links and a configuration using uplinks from different bays is not allowed. • FCoE is not supported on c3000 enclosures. You cannot create an FCoE network on a c3000 enclosure. • Double-dense server blades are not supported by this feature. • FCoE networks are not supported on uplink ports with SFP-LR transceivers. Add any FCoE networks before adding ports. If you add the ports first, the port selection must be eligible for an FCoE network.
• Click the Edit link for a shared uplink set on the Shared Uplink Sets (External Connections) screen (on page 130). • Enter a shared uplink set name in the Find Configuration Items search field in the left navigation tree, and then select the shared uplink set. Use this screen to edit the properties of an existing shared uplink set, add an associated network, or delete an associated network. This screen has the same fields as the Define Shared Uplink screen.
Field name Description Set Uplink Set Name Descriptive name for the shared uplink set. Do not use spaces. External Uplink Ports Port Enclosure, bay, and port number Port Role Displays whether the port is designated as primary or secondary. For shared uplink sets with an associated FCoE network, this is N/A. Port Status Shows the link status, link speed, and connectivity of the port. • • • • • Linked-Active—The VC port is physically connected to a switch.
Field name Description Connection Mode Connection mode of the uplink ports for this network. For a description of the connection modes, see "Defining a shared uplink set (on page 137)." This mode cannot be changed for shared uplink sets using an associated FCoE network. LACP Timer Applicable if Connection Mode is Auto. Shows the LACP timer configuration for this network. This setting controls the requested frequency of LACP control messages on a LACP capable interface.
Task Action Delete an associated network Click the Delete link in the Action column; left-click to select an associated network, right-click to display a menu, and then select Delete; or select the checkboxes for the associated networks you want to delete, and then click Delete. Save changes Click Apply. Cancel without saving changes Click Cancel.
Virtual Connect fabrics Understanding FC fabrics Beginning with Virtual Connect 3.70, there are two supported VC SAN fabric types, FabricAttach fabrics and DirectAttach fabrics. A FabricAttach fabric uses the traditional method of connecting VC-FC and VC FlexFabric modules, which requires an upstream NPIV-enabled SAN switch.
• By default, all of the FlexFabric FC-capable uplinks are configured as Ethernet until they are configured as part of the VC SAN fabric. After the FC-capable uplinks are configured as part of the VC SAN fabric, the FC SFP transceivers connected to those uplinks become enabled and allow connectivity to the data center SAN fabric.
• The VC-FC and FlexFabric modules use dynamic login distribution to equally distribute server logins across all available uplink ports. The port with the least number of active logins is used for server connectivity. When the number of logins is equal, VC-FC or FlexFabric modules utilize a round-robin technique. • The VC-FC and FlexFabric modules use dynamic login distribution to provide an uplink port failover path that enables server connections to fail over within the VC SAN fabric.
Re-distribution allows server logins to be automatically redistributed to the newly available uplink ports to avoid an unbalanced situation. In addition, VCM enables you to manually re-distribute server logins at any time using the GUI or the CLI. For more information, see "Login re-distribution (on page 155).
• When creating the DirectAttach fabric, all participating uplinks can be connected to the same 3PAR storage system in order to form a VC SAN fabric correctly. When a DirectAttach VC SAN fabric is using multiple uplink ports, features of login balancing and login re-distribution are not applicable. These features apply only on the uplinks within a FabricAttach VC SAN fabric.
A four HP 3PAR storage system setup is shown. For more information about setting up direct attached storage systems, see the FC Cookbook for HP Virtual Connect in the Virtual Connect Information Library (http://www.hp.com/go/vc/manuals). Mixed FabricAttach and DirectAttach VC SAN fabrics Mixing FabricAttach and DirectAttach VC SAN fabrics is fully supported in the same Virtual Connect domain.
Bay groups In a multi-enclosure environment, all enclosures must have the same VC-FC and FlexFabric module configuration. For example, if the local enclosure has VC-FC modules in bays 3 and 4, each remote enclosure must also have VC-FC modules in bays 3 and 4. This is called an FC bay group. The concept of the FC bay group is applicable to both the FabricAttach and DirectAttach VC SAN fabric.
• • • o Add, edit, or delete a fabric o Redistribute logins on a SAN fabric SAN Fabrics (Server Connections) screen (on page 161) o View a list of SAN fabrics with server connection information o Delete a fabric o Redistribute logins on a SAN fabric o Define a SAN fabric Edit SAN Fabric screen (on page 157) o Modify a fabric name o Set the uplink port speed o Change the login re-distribution o Add or delete an uplink port Fibre Channel Settings (Misc.
• Single enclosure domain • Multi-enclosure domain The following table describes the columns and fields within the Define SAN Fabric screen. Column Description Fabric Name Descriptive name for the virtual fabric. Do not use spaces. Fabric Type The type of fabric. This option is available after a FlexFabric module port is added. Supported fabric types are FabricAttach and DirectAttach.
Column Description FabricAttach. Select FabricAttach if the FlexFabric module is connected using traditional SAN switches. For this fabric type, the advanced settings appear, allowing you to change the login re-distribution and set the preferred and maximum connection speed. Select DirectAttach if the FlexFabric module is directly connected to a supported storage target.
Task Description Set the preferred or maximum FCoE connection speed After a FlexFabric module port has been added, select the Show Advanced Settings checkbox, click the selection box, and then select a setting (0.1Gb to 8 Gb): • • Set Preferred FCoE Connection Speed—Applies to server profiles with an FCoE connection specified. Select a speed value for the FCoE connection and server port associated with this fabric.
• Set a custom value for the Maximum FCoE Connection Speed. This value is the maximum speed for server profile connections mapped to this fabric. To see how logins are currently distributed on the VC-FC module, navigate to the Interconnect Bays Status and Summary screen (on page 238) and select the desired VC-FC module. A new Uplink Port column is added to the Server Ports section of the screen.
To see how logins are currently distributed on the VC FlexFabric module, navigate to the Interconnect Bays Status and Summary screen (on page 238) and select the desired VC FlexFabric module. A new SAN Uplink Port column is added to the Server Ports tab. You can also see how logins are currently distributed on the VC-FC or FlexFabric modules by logging in to the upstream FC SAN fabric switch.
Use this screen to edit a SAN fabric configuration. The following table describes the fields within the Edit SAN Fabric screen. Field Description Fabric Fabric Name Descriptive name for the fabric. Do not use spaces. Status Status of the fabric Fabric Type The type of fabric, FabricAttach or DirectAttach. After a fabric is defined, its type cannot be changed. Login Re-distribution Login Re-distribution setting for the fabric. For all standard VC-FC modules, this is always Manual.
Task Description Modify a fabric name Type a name in the Fabric Name field. Do not use spaces. Set the uplink port speed Click the pull-down arrow in the Configured Speed field, and then select a speed. The default value is Auto, which auto-negotiates the speed with the FC switch to which the ports are connected. If 8Gb is chosen for the uplink speed on an FC module that does not support 8Gb, the value is automatically translated to "Auto" within VCM.
This screen lists all of the SAN fabrics that have been created and displays the external connection information. The following table describes the fields within the SAN Fabrics (External Connections) screen. Field Description Status Status of the fabric SAN Fabric Name of the fabric Fabric Type The type of fabric, FabricAttach or DirectAttach Login Re-Distribution Login Re-distribution setting for the fabric. For all standard VC-FC modules, this is always Manual.
Task Action Delete a SAN fabric Click the Delete link in the Action column, or left-click to select a fabric, right-click to display a menu, and then select Delete. Re-distribute logins Click the ReDistribute link in the Action column, or left-click to select a fabric, right-click to display a menu, and then select Redistribute Logins. SAN Fabrics (Server Connections) screen To access this screen, click SAN Fabrics in the left navigation tree, and then click the Server Connections tab.
Task Action Edit a SAN fabric Click the Go To Fabric link in the Action column, or highlight the desired SAN, right-click, and then select Go To Fabric. Edit a profile If necessary, click the + next to the fabric name to expand the information. Click the Go To Profile link in the Action column, or highlight the desired profile row, right-click, and then select Go To Profile.
Virtual Connect server profiles Understanding server profiles The I/O connection profile, or server profile, provides a link between the server and the networks and fabrics defined in VC. The server profile can include MAC and WWN addresses, as well as boot parameters for the various connection protocols supported by VC. After being defined, the server profile can be assigned to any server blade within the Virtual Connect domain. VCM supports up to 256 profiles within the domain.
• Before creating the first server profile, do the following: o Select whether to use assigned serial numbers or factory default serial numbers. o Select whether to use movable, VC-administered MAC addresses and WWNs, or the local server blade factory default MAC addresses and WWNs. • After an enclosure is imported into a Virtual Connect domain, server blades are isolated from the networks and SAN fabrics until a server profile is created and assigned.
and SAN boot settings and connects the appropriate networks and fabrics. Server blades that have been assigned a profile and remain in the same device bay do not require further Virtual Connect Manager configuration during a server or enclosure power cycle. They boot and gain access to the network and fabric when the server and interconnect modules are ready.
For more information, see "iSCSI and FCoE port assignments (on page 173)" and "Creating FCoE HBA connections for a BL890c i4 (on page 190)." • FC profile connection entries are mapped to blades such that all of the FC HBAs on the first blade are mapped first, then the HBAs on the second blade, and so on. When a profile is first created, it has enough FC profile connections for the HBAs on one blade. The maximum number of FC connections allowed is 4 times the original number of entries.
bandwidth settings can exceed a total of 10Gb, allowing ports to take advantage of unused bandwidth when available. IMPORTANT: In Flex-10 environments, four FlexNICs must share a single 10Gb link or 20Gb link when using Flex-10/20 Adapters together with FlexFabric-20/40 F8 modules. Each FlexNIC is allocated a guaranteed portion of that 10Gb or 20Gb link's bandwidth and can transmit up to 10Gb or 20Gb. The same rules for setting different bandwidths apply.
2012-11-07T09:33:19-06:00 VCEFXTW210600GN vcm_svr: [PRO::6044:Info] SR-IOV Virtual Functions added to powered on server. SR-IOV will not be available until server is rebooted. : Profile: p_sriov, Server bay: 1 Virtual Connect does not send traffic back on the same downlink port on which it was received. This means that if two or more VMs are using VFs on the same PF on the host, they are not able to communicate with each other over those VFs.
Even though the system might not prompt for a server reboot, a server reboot is required after the server is upgraded successfully with the latest firmware and drivers for HP Dual Port Flex-10 10GbE Multifunction BL-c Adapters, NC532i adapters, or NC532m adapters. The reboot enables the newly upgraded drivers and boot code to run, which then enables Virtual Connect to configure the "Dynamic Changes to FlexNICs" feature.
HP VC FlexFabric 10Gb/24-port Module uplink ports X1-X4 can be configured as FC fabric ports or Ethernet network ports. If a port is configured as an FC fabric port, the protocol used is FCoE, and the server profile connection to that fabric is an FCoE connection. Because of the many possible configurations of the FlexFabric module, pluggable modules can differ for each uplink port on the FlexFabric module. If the uplink port is being used for an FC fabric, an SFP-FC connector is required.
• Disable—VC Manager sends a configuration update to the associated mezzanine NIC or embedded NIC to disable PXE operations. • Use BIOS—Current BIOS settings are used for embedded NICs and mezzanine NIC PXE operations. VC Manager makes no changes to the current settings. This is not applicable to Flex-10 LOM ports when used with Flex-10 interconnect modules.
In each configuration above, only one embedded NIC port can have PXE enabled (any embedded NIC port is eligible), but any and all mezzanine NIC ports can be enabled whether or not an embedded NIC port is being enabled. For more information on RBSU, see the HP ROM-Based Setup Utility User Guide on the Documentation CD or the HP website (http://www.hp.com/support/smartstart/documentation).
It is not possible to enable both SAN boot (FC or FCoE) and iSCSI boot in a server profile at the same time. The priority is given to the first connection that is enabled, which might be FC/FCoE or iSCSI. Be sure that your Ethernet adapter, operating system, and device drivers support iSCSI boot. An iSCSI connection cannot be assigned to multiple networks. The following steps provide an overview of the procedure to enable iSCSI boot: 1. Create iSCSI connections on the Profile page. 2.
• MZ1:1-c • MZ1:1-d Observe the following configuration guidelines: • The corresponding physical functions for each port on the same adapter must have the same personality. For example, if MZ1:1-b is iSCSI, MZ1:2-b must also be iSCSI; it cannot be Ethernet. • PXE and iSCSI can be enabled at the same time on a single port (PXE on a, iSCSI on b). • PXE and FCoE can be enabled at the same time on a single port (PXE on a, FCoE on b).
The third example is similar to the second except that the LOM is the NC551i. The example compares ten Ethernet, one iSCSI, and four FCoE connections. The second PF on MEZZ2:Port 2 has to be enumerated as iSCSI since the corresponding PF on port 1 is iSCSI. But, since there is only one iSCSI connection defined in the Profile, the second PF on MEZZ2:Port 2 is disabled.
Requested Allocated FlexNIC a 1Gb 1Gb FlexNIC b Auto 3Gb FlexNIC c Auto 3Gb FlexNIC d Auto 3Gb In cases where the requested bandwidth settings you specified for the four FlexNICs in a single physical port exceed 10Gb, the following rules are applied in this order: 1. If FlexNICs with a "preferred" or "custom" value for requested bandwidth exceed 10Gb, each FlexNIC is allocated bandwidth proportional to its requested bandwidth setting.
• Fibre Channel Settings (WWN Settings) screen (on page 179) o • Select WWN ranges for server profiles Serial Number Settings screen (on page 180) o Add a serial number and UUID to server profiles Ethernet Settings (MAC Addresses) screen To access this screen, click and expand the Ethernet link in the left navigation tree and select MAC Addresses, click Network Settings in the Network section of the home page, or select Ethernet Network Settings from the Configure menu at the top of the screen.
For more information, see "MAC address settings (on page 178)." MAC address settings IMPORTANT: Configuring Virtual Connect to assign server blade MAC addresses requires careful planning to ensure that the configured range of MAC addresses is used once within the environment. Duplicate MAC addresses on an Ethernet network can result in a server network outage. Each server blade Ethernet NIC ships with a factory default MAC address.
• When FlexFabric adapters are in use, Virtual Connect assigns a MAC address to each FCoE connection in the server profile. Fibre Channel Settings (WWN Settings) screen Use this screen to select World Wide Name ranges for server profiles. Each server blade FC HBA mezzanine card ships with factory default port and node WWNs for each FC HBA port. Each WWN is a 64-bit number that uniquely identifies the FC HBA port/node to other devices on the network.
• Select Fibre Channel Settings from the Configure pull-down menu. Serial Number Settings screen The serial number settings feature enables you to add a serial number and UUID to server profiles. The UUIDs that Virtual Connect assigns are randomly generated. A UUID pool is not required. By configuring VCM to assign serial numbers, a profile can present a single serial number regardless of the physical server.
Advanced Profile Settings MAC addresses for the domain are provided by Virtual Connect. You can override this setting and use the MAC addresses that were assigned to the hardware during manufacture by selecting the Use Server Factory Defaults for Ethernet MAC addresses checkbox. This action applies to every Ethernet connection in the profile. For additional information, see "MAC Address Settings (on page 178)." WWNs for the domain are provided by Virtual Connect.
Virtual Connect assigns or migrates WWNs for server FC ports connected to HP Virtual Connect modules. Virtual Connect also assigns WWNs to FC ports that are not connected to an I/O module because Virtual Connect modules can be added later. Server FC ports connected to non-Virtual Connect modules retain the server factory default WWNs. Configuring Virtual Connect to assign WWNs in server blades maintains a consistent storage identity (WWN) even when the underlying server hardware is changed.
The following table describes the fields within the Define Server Profile screen. Column name Description Profile Profile Name Descriptive name for the server profile. The text can be up to 64 alpha-numeric characters, dashes, and underscores. Do not use spaces. Network Access Group Associates a network access group to the profile. The default network access group is "default.
Column name Description Boot Mode Configures the boot mode for the server profile: • • • Legacy mode boots the server from BIOS. UEFI mode boots the server using UEFI. Auto mode allows the server to control its boot mode and is the default value. Hide Unused Flex NICs Prevents the operating system from enumerating FlexNICs, including those that are not mapped to profile connections. Enumerating the unmapped network resources might consume shared resources.
Column name Description MAC Type of MAC address assignment configured for the Virtual Connect domain Action Perform delete operations iSCSI HBA Connections Port Relative order of the port on the server receiving the profile Network Name Unassigned or name of the network associated with this port Status Displays the current linked status of the selected port Port Speed Type The requested operational speed for the server port. Valid values include "Auto", "Preferred", "Custom", and "Disabled".
Column name Description FC SAN/FCoE Network Name Name of the SAN fabric or FCoE network to which the port is connected, or Unassigned Type Type of connection, SAN or FCOE depending on the fabric or FCoE selection Status Status of the Fibre Channel module port connected to the server HBA port. The FCoE downlink port status of LOGGED-IN means that the Ethernet virtual port is in a linked state and that there is at least one FCoE login.
Task Action Select to use server factory defaults for Ethernet MAC addresses Select the Advanced Profile Settings check box, and then select the Use Server Factory Defaults for Ethernet MAC addresses check box. Select to use server factory defaults for Fibre Channel WWNs Select the Advanced Profile Settings check box, and then select the Use Server Factory Defaults for Fibre Channel WWNs check box.
Task Action port 2 3 Click the pull-down arrow in the SAN Boot box. Select Disabled. Revert to BIOS settings for Fibre Channel Boot 1 2 3 Select the Fibre Channel Boot Parameters check box. Click the pull-down arrow in the SAN Boot box. Select Use BIOS. Change the profile bay assignment 1 2 Click the pull-down arrow in the Server column. Select the device bay, or select Unassigned. Save changes and go to the Edit Click Apply.
only, the 'Use BIOS' selection allows more than one NIC port to have PXE enabled. Only one embedded NIC can have PXE enabled. The MAC field indicates whether the profile uses a server factory default or a VC-defined MAC address. VC-defined MAC addresses are not assigned until the profile is created. PXE allows an Ethernet port to be used for a network boot. PXE should only be enabled on a port that is connected to a network with a properly configured PXE environment. f.
If a server blade is present in the selected location, it must be powered off for the profile to be saved and assigned properly. For more information on server power requirements when assigning or removing server profiles, see "Server profile troubleshooting (on page 285)." Click Apply to save current changes and remain on this screen. Click Apply & Close to apply the changes and go to the Server Profiles summary screen.
With the extension of the support for FCoE to Flex-10/10D modules, mapping of the Ethernet and FCoE connections to the FlexNIC and FlexHBA ports on the FlexFabric adapters changed. In the newly created profiles, if a FlexFabric adapter was found in a LOM or Flexible LOM location while being connected to a Flex-10/10D module, the first FCoE connection was assigned to that adapter.
Ethernet profile connection Map to bay Map to server port 3 3 Mezz1:1A (same) 4 4 Mezz1:2A (same) 5 1 LOM1:1C (same) 6 2 LOM1:2C 7 3 Mezz1:1C 8 4 Mezz1:2C 9 1 LOM1:1D 10 2 LOM1:2D 11 3 Mezz1:1D 12 4 Mezz1:2D 13 1 Not mapped 14 2 Not mapped FCoE connections for new profiles have changed to the connections shown in the following table.
IMPORTANT: After a profile has been created with iSCSI offload and assigned to a server, this iSCSI offload configuration remains until it is manually removed through the system BIOS or OS utility, even if the iSCSI offload is removed from the profile. Additionally, if iSCSI targets are added using the system BIOS or the OS utility, those targets remain until they are manually removed. iSCSI HBA connections screen Use this screen to set the Flex-10 iSCSI connections.
Item Description Use Boot Assistant Launches the iSCSI Boot Assistant (on page 196). For LHN, you can use the iSCSI Boot Assistant to retrieve and populate most of the configuration and authentication data in this screen. iSCSI Boot Configuration Initiator Name Name used for the iSCSI initiator on the booting system. This name is the IQN name for the host that is created by the storage administrator. The initiator name length can be a maximum of 223 characters.
To use DHCP when configuring the iSCSI boot configuration, select the Use DHCP to retrieve iSCSI parameters check box. Selecting this option requires a DHCP server to be set up with iSCSI extensions to provide boot parameters to servers. The DHCP Vendor ID is offered by the initiator to the DHCP server to retrieve the iSCSI boot configured data. For more information, see the documentation that ships with the DHCP server and "DHCP option 43 (on page 197).
iSCSI Boot Assistant The iSCSI Boot Assistant retrieves the iSCSI boot and authentication data for HP LeftHand P4000 series devices, and then automatically populates most fields on the iSCSI HBA Connections screen (on page 193). This information enables you to configure a server to boot from an LHN target as part of the VC server profile. Before using the iSCSI Boot Assistant, you must complete the following: • Configure the LHN target with the boot volumes appropriately.
DHCP option 43 The format of DHCP option 43 is as follows: ‘iscsi:’’:’’:’’:’’:’’:’’:’’:’ • Strings shown in quotes are part of the syntax and are mandatory. • Fields enclosed in angular brackets (including the angular brackets) should be replaced with their corresponding values. Some of these fields are optional and can be skipped.
iscsi:”192.168.0.2”:”3261”:”000000000000000E”:”iqn.2009-4.com:1234567890 ”::”E”::”E” • o Target IP address: 192.168.0.2 o Target TCP port: 3261 o Target boot LUN: 0x0E o Target iqn name: iqn.2009-04.com:1234567890 o Initiator name: Not specified. Use the Initiator name already configured. Use the default name if none was configured. o Header Digest: Enabled o Data digest: Not specified. Assume disabled. o Authentication Type: One-way CHAP Default TCP Port and Mutual CHAP: iscsi:”192.168.0.
Define Server Profile screen (multiple enclosures) When defining server profiles in a multi-enclosure configuration, profiles can be assigned to server bays in any of the enclosures that have been added and imported into the domain. Multiple network connections for a server port Server port connections to virtual networks are defined on the Define Server Profile screen (on page 182).
To use this feature, under Ethernet Adapter Connections, select Unassigned or a network name, click the down-arrow, and then select Multiple Networks from the pull-down list. When the 'Multiple Networks' option is selected, a separate window is displayed to enable the defining and editing of virtual networks and VLAN ID mappings. A window appears and displays additional options.
If the 'Force same VLAN mappings as Shared Uplink Sets' option is selected, server VLAN mappings are the same as the shared uplink set VLAN mappings. You can choose only from a list of shared uplink sets when selecting Multiple Networks. After selecting a shared uplink set from the pull-down list, a list of VLANs that belong to the chosen shared uplink set is displayed. The server VLAN mappings are the same as those used on the shared uplink set, which are automatically displayed and cannot be changed.
Server VLAN mappings are not linked to the uplink VLAN mappings. If a pre-populated server VLAN mapping is accepted, and later the uplink VLAN mapping is changed, the changes are not propagated to the server side. VLAN ID mapping guidelines • For each server port, all VLAN mappings must be unique. When the 'Force same VLAN mappings as Shared Uplink Sets' option is selected, this setting is handled automatically because all networks within a shared uplink set must have unique VLAN IDs.
IMPORTANT: Care must be taken not to exceed the limit per physical server port. For example, if you configure 150 VLAN mappings for a server connection (FlexNIC-a) of a Flex-10 physical server port, then you can only map 12 VLANs to the remaining three server connections (FlexNIC-b, FlexNIC-c, and FlexNIC-d) of the same physical server port. If you exceed the 162 VLAN limit, the physical server port is disabled and the four server connections are marked as Failed.
Server Profiles screen This screen lists all server profiles that have been defined within the domain, including assigned and unassigned profiles. From this screen, you can see the assigned device bays, NIC MAC addresses, FC HBA WWNs, network connections, and Fibre Channel Fabric and Boot Parameters for all server profiles, as well as generate a printable report of this information.
Task Action profiles, or only unassigned profiles Define a new profile Left-click in the table, right-click to display a menu, and then click Add; or select Server Profile from the Define menu at the top of the screen; or click Add at the bottom of the screen. Edit a server profile Left-click on the profile row, right-click to display a menu, and then click Edit; or click the Edit link in the Action column.
• Modify iSCSI HBA connections • Modify FC HBA connection settings, if there are one or more VC Fibre Channel modules in the Virtual Connect domain • Assign, unassign, or re-assign the profile to a device bay • Copy the profile • Delete the profile • Modify FCoE HBA connections • Set FC boot parameters NOTE: The process to assign, modify, or unassign a profile to an Integrity BL8x0c i2 server blade can take up to several minutes.
The screen can be edited only by users with server role permissions, but it is viewable by all authorized users. The following table describes the fields within the Edit Server Profile screen. Column name Description Profile Profile Name Descriptive name for the server profile. Do not use spaces.
Column name Description Hide Unused FlexNICs Prevents the operating system from enumerating FlexNICs, including those that are not mapped to profile connections. Enumerating the unmapped network resources might consume shared resources. Selecting this option might reorder NIC enumeration in the host operating system. This can disrupt server communications and require the server administrator to manually readjust the network configuration, such as NIC teaming, to restore communication.
Column name Description • • • • IPv4Only IPv6Only IPv4ThenIPv6 IPv6ThenIPv4 Multicast Filter Shows the name of the multicast filter or filter set that has been selected for the connection MAC As of VC 3.70, the actual hardware MAC for mapped connections appears. For unmapped connections, FACTORY-DEFAULT continues to appear. If the profile is assigned, the MAC address assigned to the port appears.
Column name Description MAC addresses, the VC-defined MAC address appears. If the profile is using hardware MAC addresses, FACTORY-DEFAULT appears. Mapping Server hardware mapping assignment. See "iSCSI and FCoE port assignments (on page 173)." Action Delete a connection. Connections can be removed starting with the last connection in the list.
Column name Description determines the speed. Custom—Allows you to select a custom port speed setting between 100Mb and the configured maximum connection speed in 100Mb increments. Disabled—The FCoE connection is disabled and no bandwidth is allocated. 1,2,4, and 8Gb—Predefined custom port speed selection that can be used for the FCoE connection assigned to a SAN Fabric. Allocated Port Speed (Min-Max) Allocated bandwidth of the port. See "Bandwidth assignment (on page 175)." WWPN As of VC 3.
Task Action Configure the boot mode Click the Boot Mode pull-down arrow, and then select the preferred server boot mode: • • • Auto UEFI Legacy Be sure the server supports UEFI before configuring the boot mode. Assign a Network Name 1 2 Click Unassigned in the Network Name field, and then click the pull-down arrow. Click Select a network... or Multiple Networks to find and select a network for this connection. You can also select multiple networks.
Task Action Change or disable the port speed Click the pull-down arrow in the Port Speed box. Select the Fibre Channel Boot Parameters checkbox. View Fibre Channel Boot Parameters Enable Fibre Channel Boot on a port Select the Fibre Channel Boot Parameters checkbox. Click the pull-down arrow in the SAN Boot box, and then select the boot order. Enter a valid Boot Target name and LUN in the edit boxes. Disable Fibre Channel Boot on a Select the Fibre Channel Boot Parameters checkbox.
b. Hover the mouse over each server blade in the Front View of the enclosure to find the HP ProLiant BL680c G7 Server Blade, and then click the server blade. The Server Bay Status screen appears. You can also view this screen by clicking the HP ProLiant BL680c G7 Server Blade device bay from the Device Bays link in the Hardware section in the left navigation tree. c. 2. Be sure that the Power Status/Control status value is Off. If the status is On, click Momentary Press to power down the server blade.
b. Right-click the heading row on the External Connections tab on the SAN Fabrics screen, and then select Add or click the Add button. The Define SAN Fabric screen appears. c. Enter a Fabric Name, and then select an available port of an available bay for the SAN fabric from the Add Port pull-down list. Select one or more uplink ports for an HP VC FlexFabric 10Gb/24-port Module. d. Click Apply to save the changes.
e. Be sure that the SAN fabric appears on the SAN Fabrics screen with the appropriate bay and ports assigned. 3. Add a server profile for the HP ProLiant BL680c G7 Server Blade. a. Click Server Profiles in the left navigation tree or select Server Profile from the Define menu at the top of the screen. b. Right-click the Server Profiles list on the Server Profiles screen, and then select Add, or click the Add button. The Define Server Profile screen appears. c. Enter a Profile Name.
d. If necessary, click Unassigned in the Ethernet Adapter Connections section, and then select an available network from the pull-down list. e. In the FCoE HBA Connections section, click the Unassigned FC SAN Name for the bay you used when you created the SAN fabric in step 2, and then select the SAN fabric you created from the pull-down list.
f. In the Assign Profile to Server Bay section, select the bay for the HP ProLiant BL680c G7 Server Blade to which you want to assign the server profile from the Unassigned Server pull-down list. g. Click Apply to save changes and stay on this screen, or click Apply & Close to save changes and to go the Server Profiles summary screen. h. On the Server Profiles screen, be sure that the server profile with FCoE connections has been properly assigned. 4.
b. Click Momentary Press to power up the server blade. c. 5. Be sure that the Power Status/Control indicator turns green and the status value is On. Verify the HP ProLiant BL680c G7 Server Blade FCoE connections: a. On the Server Bay Status screen for the HP ProLiant BL680c G7 Server Blade, scroll down to the correct port in the Server Ethernet Adapter Information section to view the FCoE information. b. Be sure that the SAN fabric and bay information is correct for the server.
Unassigning a server profile with FCoE connections to an HP ProLiant BL680c G7 Server Blade and deleting the SAN fabric To unassign a server profile with FCoE connections from an HP ProLiant BL680c G7 Server Blade and delete the SAN fabric: 1. Be sure that the HP ProLiant BL680c G7 Server Blade is powered down: a. Click the HP ProLiant BL680c G7 Server Blade device bay in the Device Bays link in the Hardware section in the left navigation tree. The Server Bay Status screen appears. b.
c. Click Apply to save changes and remain on the Edit Server Profile screen, or click Apply & Close to save changes and go to the Server Profiles screen. d. On the Server Profiles screen, be sure that the Server Bay Assignment for the server profile with FCoE connections is Unassigned.
e. Right-click the server profile with FCoE connections, and then select Delete. f. 3. In the Confirmation dialog box, enter the name of the server profile, and then click OK. Delete the SAN fabric: a. Click SAN Fabrics in the left navigation tree. The SAN Fabrics screen appears.
b. On the External Connections tab, right-click the SAN fabric you want to delete, and then select Delete. c. In the Confirmation dialog box, enter the name of the SAN fabric, and then click OK.
d. Click the HP ProLiant BL680c G7 Server Blade device bay in the Hardware Overview section in the left navigation tree. The Server Bay Status screen appears. Be sure that the Power Status/Control status value is Off. e. Scroll down to the Server Ethernet Adapter Information section and be sure that no assigned SAN fabric appears in the Network column for the HP ProLiant BL680c G7 Server Blade.
• When a profile is added, the FC/FCoE connections initially displayed are based on the FC/FCoE module configuration in the domain. A pair of horizontally adjacent FC/FCoE-capable modules has two connections. • Connections can only be added or removed from the bottom. You can only add or delete connections at the end of the list. • You can remove connections at any time (one at a time, from the bottom).
4 Start with modules in Bays 3 and 4, create a profile (add 2 connections), install modules into Bays 5 and 6, then edit the profile. Port 1 2 3 4 Connected to — Bay 3 Bay 3 Bay 4 Bay 5 Bay 3 — Bay 4 — Bay 4 Bay 6 — Add connection is disallowed because the current FC module configurations do not match the existing connections in the profile. This profile is not useful after the hot-plug install. To resolve this issue, delete connections 3 and 4, save the profile, and then scenario 3 applies.
9 Start with FCoE-capable modules in Bays 1 and 2, then create a profile and add connections. Port 1 2 Connected to Bay 1 Bay 1 — Bay 2 — — Bay 2 — — — Port Connected to 1 Bay 1 2 Bay 2 3 Bay 1 4 Bay 2 5 Bay 1 6 Bay 2 7 Bay 1 8 Bay 2 Add connection, 6 times* 10 Port Start with 8 FCoE-capable 1 modules, then create a profile and add connections.
IMPORTANT: If you plan to use Insight Control Server Deployment for RedHat Linux installation and also plan to use User- or HP-defined MAC addresses, you must import the enclosure and assign profiles before running Insight Control Server Deployment. "Rip and replace" is not supported in a Virtual Connect environment. For more information on HP Insight Control Server Deployment, see the HP website (http://www.hp.com/servers/rdp).
Virtual Connect modules Firmware updates To update firmware, use the HP BladeSystem c-Class Virtual Connect Support Utility v1.10.0. For more information on updating the firmware, see the HP BladeSystem c-Class Virtual Connect Support Utility documentation on the HP website (http://www.hp.com/go/vc/manuals). Before updating firmware, observe the following guidelines.
Domain deletion is not required when a firmware downgrade is performed to a firmware version that existed prior to the firmware upgrade. However, if no previous firmware upgrade has been performed, downgrading without domain deletion is not allowed. When attempting a firmware downgrade, consider the following: • The domain must not be in FIPS mode. • Multiple, consecutive firmware downgrades are not supported.
Stacking Links screen To access this screen, click the Stacking Links link in the left navigation tree. Be sure to connect any Ethernet module stacking cables before running the network setup wizard. IMPORTANT: HP strongly recommends that redundancy be maintained in stacking links to ensure continued connectivity of servers to the external networks.
When configuring horizontal or primary slice stacking, observe the following: • A brief network outage occurs when you change the domain stacking mode. • The following connections must reside within their configured logical interconnect for proper functionality.
o Degraded indicates that additional stacking cables should be connected to provide full redundancy. Redundancy status depends on the stacking mode of the domain. The table lists all of the Ethernet stacking links found in the Virtual Connect domain. Each row of the table identifies the link speed and the module and port number of the connections on both sides of the link.
• Received Non-Unicast Packets (pkts/s) • Transmitted Packets (pkts/s) • Transmitted Non-Unicast Packets (pkts/s) Some conditions can clear existing Throughput Statistics for a particular module: • Disabling the collection of Throughput Statistics clears all existing samples. • Changing the sampling rate clears all existing samples. • Power cycling a VC-Enet module clears all Throughput Statistics samples for that module. Throughput Statistics are not supported by VC-FC modules.
Enclosure Information screen The following table describes the rows within the Enclosure Information screen.
3. Click Remove Enclosure. You can also remove an enclosure by selecting the Enclosures link under Domain Settings in the left navigation tree. Ethernet Bay Summary (Server Port Information) screen This screen provides a summary of the server port information. To remove a module, see "Interconnect module removal and replacement (on page 275)." The following table describes the columns within the Server Port Information table.
Column Description Label Server side port number (determined by the device bay and NIC) Flex NIC Flexible network interface card port Physical Server Number of the device bay and a description of the installed server blade Network Network name or the name of the shared uplink associated with this port SAN Fabric Name of the SAN fabric associated with this port SAN Uplink Port SAN uplink port associated with this server port Profile Name of the server blade profile Status Shows the link stat
Row Description VC Status Enclosure health status from the Virtual Connect Manager OA Communication Status Current Virtual Connect Manager to Onboard Administrator communication state Interconnect Bays Status and Summary screen The following table describes the rows within the Interconnect Bays Status table in the Interconnect Bays Status and Summary screen.
Column Description Firmware Rev Firmware revision of the interconnect module installed in this bay Causes for INCOMPATIBLE status When an interconnect module status is INCOMPATIBLE, details can be viewed in the System log ("System Log (System Log) screen" on page 48). The system log provides information about why an interconnect module is marked incompatible so that proper corrective action can be taken.
Corrective action: Configure FIPS mode on the module. To configure FIPS mode, see "Enabling FIPS mode (on page 316)." • FC bay groups In a multi-enclosure environment, all enclosures must have the same FC module configuration. For more information, see "Multiple enclosure requirements (on page 62)." Corrective action: Remove the incompatible module and replace it with the correct module for the existing FC bay group. In a c3000 enclosure, VC-FC modules are not supported in bay 2.
Row Description OA Communication Status Current Virtual Connect Manager to Onboard Administrator communication state Status Cause Current interconnect status cause Root Cause Root cause of the interconnect status Rack Name Name of the enclosure rack (assigned through the Onboard Administrator) Enclosure Name Name of the enclosure (assigned through the Onboard Administrator) Bay Number of the bay being summarized on this screen Module Host Name Includes controls that enable you to set a custom
The following table describes the columns within the Uplink Port Information (Enet) table. Column Description Label Uplink port number Network(s) Network name or the name of the shared uplink associated with this port Status Shows the link status, link speed, and connectivity of the port. If the port is unlinked and no connectivity exists, the cause is displayed. For more information about possible causes, see "Port status conditions (on page 274).
Column Description Detailed Stats / Info ("FC Port Detailed Statistics screen" on page 257) Click to display detailed statistics about this FC port. Ethernet Bay Summary (Server Port Information) screen This screen provides a summary of the server port information. To remove a module, see "Interconnect module removal and replacement (on page 275)." The following table describes the columns within the Server Port Information table.
Interconnect Bay Summary (Details) Enet Click the Details tab to display information on the following items: • MAC Address ("MAC address settings" on page 178) • IGMP Multicast ("Ethernet Bay Summary (IGMP Multicast Groups) screen" on page 245) • Name Server ("Ethernet Bay Summary (Name Server) screen" on page 246) • FIP Snooping ("Interconnect Bay Summary (FIP Snooping) Enet" on page 247) Ethernet Bay Summary (MAC Address Table) screen This screen shows the MAC addresses that have been seen on the
Column Description LAG ID LAG IDs for this module Uplink Port(s) Uplink ports that are a member of the LAG ID Ethernet Bay Summary (IGMP Multicast Groups) screen This screen shows the IGMP multicast groups that are active on ports of this VC-Enet module. The multicast group IP address, the port, and its MAC address are shown in the table. The following table describes the columns within the IGMP Multicast Groups table.
Ethernet Bay Summary (Name Server) screen This screen contains a list of entries in the name server table for the VC FlexFabric module. The following table describes the columns within the Name Server table.
Interconnect Bay Summary (FIP Snooping) Enet This screen displays FCoE Initialization Protocol (FIP) snooping information for the selected module. IMPORTANT: All reachable FCFs and fabrics with FCoE network-defined VLANs configured in VC appear in the FIP uplink information. If the FCoE network-defined VLAN is configured in VC and the switch, then FIP uplink information is displayed. The information is displayed even if the FCoE network has not been assigned to any profile.
Column Description Connected To Displays the system name or management IP address of the FCoE-capable switch that this uplink port is connected to on the other end. The remote device must support LLDP to display this information. FCF Name FCF switch node WWN name associated with the FCoE VLAN. The name is provided by the FCF in snooped FIP messages. Fabric Name The fabric name associated with the FCoE VLAN. It is provided by the FCF in snooped FIP messages.
Ethernet Port Detailed Statistics screen This screen provides details on Port Information, Port Status, Port Statistics, and Remote Device Information. To reset the statistics, click Reset Statistics. This option is only available for physical uplink and downlink ports. It is not available for Flex-10 subports. To refresh the statistics, click Refresh Statistics. The following tables describe the rows within the Ethernet Port Detailed Statistics screen.
Port Status Description Link Status Shows the link status, link speed, and connectivity of the port. If the port is unlinked and no connectivity exists, the cause is displayed. For more information about possible causes, see "Port status conditions (on page 274)." Trunking Mode Trunking mode of the port, for example AUTO CFG Speed Configured speed of the port, for example AUTO DCBX Information* Description Overall Status The overall status of DCBX protocol exchange with peer entity.
Port Statistic Description IfOutDiscards The number of outbound packets that were chosen to be discarded, even though no errors had been detected, to prevent their being transmitted. One possible reason for discarding such a packet is to free up buffer space.
Port Statistic Description EtherStatsFragments The total number of packets received that were less than 64 octets in length (excluding framing bits, but including FCS octets) and had either a bad FCS with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error). It is normal for StatsFragments to increment because both runts, which are normal occurrences caused by collisions, and noise hits are counted.
Port Statistic Description EtherStatsCollisions The best estimate of the total number of collisions on this Ethernet segment. The value returned depends on the location of the RMON probe. Section 8.2.1.3 (10BASE-5) and section 10.3.1.3 (10BASE-2) of IEEE standard 802.3 states that a station must detect a collision, in the receive mode, if three or more stations are transmitting simultaneously. A repeater port must detect a collision when two or more stations are transmitting simultaneously.
Port Statistic Description Dot3StatsMultipleCollisionFrames A count of successfully transmitted frames on a particular interface for which transmission is inhibited by more than one collision. A frame that is counted by an instance of this object is also counted by the corresponding instance of either the ifOutUcastPkts, ifOutMulticastPkts, or ifOutBroadcastPkts, and is not counted by the corresponding instance of the dot3StatsSingleCollisionFrames object.
Port Statistic Description Dot3StatsInternalMacReceiveErrors A count of frames for which reception on a particular interface fails due to an internal MAC sublayer receive error. A frame is only counted by an instance of this object if it is not counted by the corresponding instance of either the dot3StatsFrameTooLongs object, the dot3StatsAlignmentErrors object, or the dot3StatsFCSErrors object. The precise meaning of the count represented by an instance of this object is implementation-specific.
Port Statistic Description IfHCOutMulticastPkts The total number of packets that higher-level protocols requested be transmitted, and which were addressed to a multicast address at this sublayer, including those that were discarded or not sent. For a MAC layer protocol, this includes both Group and Functional addresses. This object is a 64-bit version of ifOutMulticastPkts.
Pluggable Module Information* Description ext-identifier Extended identifier for the type of serial transceiver. The values are defined in SFF-8472 in the Extended Identifier [Address A0h, Byte 1] field. connector Connector type of the serial transceiver. The binary values are defined in SFF-8472 in the Connector [Address A0h, Byte 2] field. This field displays an ASCII representation of those binary values, such as “RJ45”. vendor-name Name of the manufacturer (not HP).
To refresh the statistics, click Refresh Statistics. The following tables describe the rows within the FC Port Detailed Statistics screen.
Port Statistics Description fcRxByteRate Average receive byte rate (B/s) for the sample period fcTxByteRate Average transmit byte rate (B/s) for the sample period fcTotalRxFrames Number of frames received fcTotalTxFrames Number of frames transmitted fcAddressErrors Number of frame address ID errors fcClass2RxFrames Number of Class 2 frames received fcClass2TxFrames Number of Class 2 frames transmitted fcClass3RxFrames Number of Class 3 frames received fcClass3TxFrames Number of Class 3 fr
The following table describes the rows within the Interconnect Bay Status (VC-FC Module) table in the Bay Summary screen.
Row Description VC Status Component health status from the Virtual Connect Manager OA Communication Status Current Virtual Connect Manager to Onboard Administrator communication state Status Cause Current interconnect status cause Root Cause Root cause of interconnect status Rack Name Name of the enclosure rack (assigned through the Onboard Administrator) Enclosure Name Name of the enclosure (assigned through the Onboard Administrator) Bay Number of the bay being summarized on this screen Po
Column Description HBA WWPN World Wide Port Name of the port, either assigned by Virtual Connect or as provided by the hardware Interconnect Bay Overall Status icon definitions Icon Operational state Meaning Corrective action OK Device is fully operational. None Unknown Device operational state cannot be Check Onboard Administrator determined. communication. Initializing Device is initializing. Wait until initialization is complete. (This icon should only be seen at startup.
Icon Operational state Meaning Corrective action Initializing Device is initializing. Wait until initialization is complete. (This icon should only be seen at startup.) Unavailable Device is active but unable to provide service. Attempt to re-establish connection. Degraded Device is partially operational, but capacity is lost. Check and correct the Onboard Administrator error condition. Misconfigured Device has a configuration error.
Server Bays Summary screen Device bay numbering is affected by whether the 'Allow the double density device bays' option was selected while using the Domain Setup Wizard. Bays might appear as 'Covered' or 'Unknown.' For more information, see "Double-dense server bay option (on page 264)." If a multi-blade server is installed, the bay numbering shows a span of bays, for example, Bays 1-4, in the Bay column. For more information, see "Multi-blade servers (on page 165).
If the VC domain is configured for double-dense server mode, and a profile is assigned to an empty double-dense server bay, then a hot-plug installation of a single-dense server into the corresponding single-dense server bay results in the profile not being activated because the profile is not assigned to the single-dense server bay. To recover the profile, assign the profile to the single-dense server bay.
If the Onboard Administrator is downgraded to a version lower than 3.70, subsequent recovery of the double-dense enabled enclosure might result in bays A and B being marked 'Unknown.
Integrity blade devices Server Bay Overall Status icon definitions Icon Operational state Meaning Corrective action OK Device is fully operational. None Unknown Device operational state cannot be Check Onboard Administrator determined. communication. Initializing Device is initializing. Wait until initialization is complete. (This icon should only be seen at startup.) Profile pending Device has a pending profile assignment. The profile might need changes that require power cycling the server.
Icon Operational state Meaning Incompatible Device does not match the configuration. BIOS version level is not at a level that supports Virtual Connect. No communication Cannot communicate with the device. Check the physical connections and IP address. Missing data VCM is missing data about one or more blades in the multi-blade server. Check that the blades and Blade Link that comprise the multi-blade server are installed correctly and functioning properly.
Icon Operational state Meaning Corrective action Missing Device is configured but not accessible. Device is not operational because of an error. Insert the correct hardware module. Failed Reset the device or application, or replace the device. Server Bay OA Communication Status icon definitions Icon Operational state Meaning Corrective action OK Device is fully operational. None Failed Cannot communicate with the device.
Server Bay Status screen To change the power state of the server, click Momentary Press. If the server is powered on, click Press and Hold to force a shutdown. The following table describes the rows within the Server Bay Status table in the Server Bay Status screen. Server Bay Status NOTE: Servers connected through VC 8Gb 24-Port FC Modules can take between 15 and 25 seconds to recover from a module uplink port failure.
Row Description Overall Status Represents the worst condition of Hardware Status, VC Status, and OA Communication Status Hardware Status Component health status from the Onboard Administrator VC Status Component health status from the Virtual Connect Manager Assigned Server Profile Name of the profile currently assigned to the server blade in this bay Enclosure Name Name of the enclosure where this server blade is installed UID Icon indicates whether the UID is on or off.
Column Description Port Number Relative Fibre Channel Port number Adapter Mezzanine number where the HBA is connected Module Port Module bay number and module port number to which the device is connected Model Type of mezzanine installed WWN World Wide Port Name of the port, either assigned by Virtual Connect or as provided by the hardware SAN Fabric Module bay number and module port number of the SAN fabric Server Bay Status screen - multi-blade servers To change the power state of the serve
The following table describes the rows within the Server Blade Information table in the Server Bay Status screen.
Port status conditions Port status information appears on several screens throughout the GUI. If a port status is unlinked and no connectivity exists, one of the following appears: • Not Linked/E-Key—The port is not linked because of an electronic keying error. For example, a mismatch in the type of technology exists between the server and module ports.
Interconnect module removal and replacement Removing or replacing Virtual Connect modules It is not necessary to remove the module from the domain if the module is not in use. The module is removed automatically from the domain without user intervention. Replacing a primary or backup VC module with a different VC module type is not allowed without first deleting the domain.
Replacing an HP 4Gb VC-FC Module, HP VC 4Gb FC Module, or HP 8Gb 20-Port FC Module with an HP VC 8Gb 24-Port FC Module 1. If necessary, upgrade the VC domain firmware. (Minimum v2.10 or higher is required to support the HP VC 8Gb 24-Port FC Module). 2. Verify that the replacement will result in a good configuration. See "Multiple enclosure requirements (on page 62)." 3. Verify that the user has server and storage role permissions. 4.
10. Re-assign the server profiles, and then add the FC connections to the profiles. Possible errors If the previous steps are not followed exactly, the module might be set to the UNKNOWN or INCOMPATIBLE state depending on how the error state was reached. The module should be physically removed. Then, the correct module type can be inserted. If the previous steps have been followed and the server is not connecting properly to the network, power down the server, and then power it back up.
3. If any Flex-10 NICs with profile connections are connected to the interconnect bays being upgraded, the profile connections must be removed. To remove a profile connection, unassign the profile (recommended) or delete the connection from the profile. 4. Remove all network uplinks from the modules to be removed. 5. Remove the existing modules from both horizontally adjacent bays. 6. Ensure that the modules are removed from the Virtual Connect GUI.
6. Reassign the server profiles or add the connections to the profiles, depending on what was done in step 1. Possible errors If the previous steps are not followed exactly, the newly inserted module might be set to the UNKNOWN or INCOMPATIBLE state, depending on how the error state was reached. To correct this error: 1. Physically remove the module. 2. Insert the original module. 3. Ensure that all profiles have been unassigned. 4. Remove the module. 5.
power-cycled while the credential recovery occurs, the MAC addresses and WWNs might be returned to the factory default settings.
Maintenance and troubleshooting Domain Status summary The Domain Status summary provides a count of Virtual Connect elements that are in an alert status other than OK. Virtual Connect elements summarized here include networks, shared uplink sets, server profiles, interconnect modules, and server blades. To view a summary of systems that have an alert icon displayed, click the Domain Status link. See "Domain Status screen (on page 282).
Icon Status Description Disabled A device or item is disabled. Warning A device is initializing or susceptible to outage. Unknown Status of this item is unknown. Normal Status of this line item is okay. Informational — (blue) Domain Status screen This screen provides an overall domain status and a detailed summary of systems that currently have an alert status other than OK. To access this screen, click the Domain Status link at the top left of the screen.
VC displays cause and root cause information for domain status alerts. To view detailed information about a device, click that device name in the list. Module status definitions and causes INCOMPATIBLE—Module is incompatible with the module in the horizontally adjacent bay. UNKNOWN—Status is unknown. The following table lists module status definitions and possible causes.
Status Possible cause Suggested action INCOMPATIBLE The module is not supported by the enclosure. Verify the module is compatible with the enclosure. INCOMPATIBLE The module type is not supported by the VCM. Replace the module. Export support information Virtual Connect Manager enables you to generate a support log, which can then be exported for technical support assistance. This operation is available to users with the Export Support Files role operation assigned their VC role.
• French (http://www.hp.com/support/ProLiant_EMG_v1_fr) • Spanish (http://www.hp.com/support/ProLiant_EMG_v1_sp) • German (http://www.hp.com/support/ProLiant_EMG_v1_gr) • Japanese (http://www.hp.com/support/ProLiant_EMG_v1_jp) • Simplified Chinese (http://www.hp.com/support/ProLiant_EMG_v1_sc) Reset Virtual Connect Manager You must have domain role permissions to reset VCM. In a multi-enclosure environment, the VC-Enet modules in bays 1 and 2 of the local enclosure host VCM. With VC 3.
• If the number of Fibre Channel connections in the profile is more than the number of physical Fibre Channel HBA ports, the profile is assigned, but the connections display a status of “Not mapped” when you view the profile. • If the number of iSCSI connections in the profile is more than the number of available iSCSI ports on the server, the profile assignment succeeds, but the connections display a status of "Not mapped" when you view the profile.
a. Power down the server blade using the Momentary Press option. b. Re-apply the VC server profile. c. Power up the server.
Restart after OA credential recovery The state "profile recovered," is applied to servers that are powered up when VC Manager restarts after an OA credential recovery. When VC Manager detects a restart after a credential recovery, it rewrites the profile parameters for any server that is powered up, connects the server to the appropriate Ethernet networks and FC fabrics, and then puts the server and profile in the "profile recovered" state.
Appendix A: Using Virtual Connect with nPartitions Understanding nPartitions The HP BL870c i4 or HP BL980c i4 servers can be partitioned into separate, smaller servers, called nPartitions, using iLO. Each nPartition is treated identically to a server of comparable size and type. The set of blades that are conjoined by a Blade Link is referred to as a Blade Link Domain. An nPartition must be wholly contained within a blade link domain. The configuration of nPars is explained below.
o Bay 4 (HP Integrity BL890c i4 nPar) iLO controls the blade link to change the configuration of nPars in the blade link domain, and the information about the new configuration is communicated through the OA to VCM.
When the reconfiguration is done, the OA generates blade remove events for the first two blades, resulting in VCM treating the AA partition as having been removed. Then the OA generates a blade add event for the first blade that identifies it as a single-blade partition, and likewise for the second blade. No events (remove or add) occur for the third and fourth blades because the C and D partitions are not affected by the reconfiguration.
Appendix B: Auto-deployment process Overview of the auto deployment process Auto-deployment enables administrators to set up a configuration on the local management network to allow a form of pre-provisioning for Virtual Connect domain configurations. The deployment configuration provides easy, automated initial setup of domain configurations for one or more enclosures available on the network. If the domain is in FIPS mode, auto-deployment is not supported.
CentOS DHCP setup The setup on a Linux CentOS or RedHat distribution requires modification of the DHCP configuration file to support VC auto-deployment capabilities. Install the DHCP service if it is not already installed: >yum install dhcp If the DHCP server installation was installed at the time the OS was installed, then you must edit the /etc/dhcp/dhcpd.conf file. An example DHCP configuration file is provided below.
} } option bootfile-name “myconfig-1.script” hardware ethernet 00:02:c3:d0:e5:83; fixed-address 192.168.1.100; host enclosure2 { option tftp-server-name “192.168.1.3”; option bootfile-name “myconfig-2.script” hardware ethernet 00:02:c3:d0:e5:84; fixed-address 192.168.1.
>cp myconfig-2.script /tftpboot VC configuration file The following sample configuration script can be used for basic deployment testing of the DHCP and TFTP setup. After deployment, the domain configuration can be validated through the GUI or VCMCLI. Example myconfig.script #============================================ # myconfig.script # # A simple VCMCLI configuration script used # for Auto-Deployment testing # # Version 2012.0728.
NOTE: No enclosures currently exist in the domain. Please use the 'import enclosure' command to import an enclosure. GETTING STARTED: help : Displays a list of available subcommands exit : Quits the command shell ? : Displays a list of managed elements for a subcommand ? : Displays detailed help for a command ->import enclosure username=Administrator password=MyPassword Importing enclosure, please wait...
--- ->show auto-deployment ==================================================================== Status Last TFTP TFTP Server TFTP File Deployment Mode ==================================================================== Configuring -- -AUTO 192.168.1.102 myconfig.
Property Description TFTP Server The TFTP Server property displays the TFTP server used for the deployment operation. If the TFTP Mode is "AUTO", then the value is populated with the server provided by DHCP. If the TFTP Mode is "MANUAL", the value of the property is expected to be provided by the user with the VCMCLI set autodeployment command, and can also be configured in the GUI. This field allows an IPv4 or IPv6 address as well as a DNS name.
Typical failure deployment status values Status Comment Resolution Waiting for DHCP Cause: The DHCP server might not be properly configured to support auto-deployment (BOOTP settings). This status does not result in a failed deployment, but the deployment process enters a "polling" state waiting for DHCP to provide the appropriate TFTP settings to VC. If the deployment is in this state, the process can be stopped with the stop auto-deployment command if it cannot proceed.
Status Comment Resolution Configuration File Too Big The VC configuration file on the TFTP server is too Remove commands or comments from big. Configuration files are currently limited to 512K the file to make sure that it is smaller than in size. 512K, and start the deployment process again. Failed to Clear Domain Configuration A failure occurred while attempting to clear the domain configuration. This failure is generally caused by an internal failure, and typically should not occur.
add profile Profile1 add profile Profile2 add user Admin password=Admin123 privileges=* poweron server * Configuration file output During the processing of the configuration script downloaded from the TFTP server, the VCMCLI commands are executed appropriately to configure the domain. During this processing, VCMCLI might display SUCCESS or ERROR messages as a part of the command processing. The show auto-deployment output can be used to display the VCMCLI output during deployment.
Stopping a deployment operation If a deployment process is currently in progress, you can cancel the deployment process by using the stop auto-deployment command. A canceled deployment process results in the deployment status showing "Aborted by user". If the deployment was stopped while the domain was being configured, the domain is left in the state of the last executed configuration command.
VC GUI auto-deployment status and settings The Auto-Deployment Settings are available in the GUI under the Domain Settings page, as shown in the following figure. Deployment wait and retry states During the deployment process, three states exist that could cause the process to stall until a condition is resolved by the user.
Waiting for TFTP This wait/retry state can occur if the TFTP server to be used by the deployment is offline or is not accessible on the network, or if the TFTP configuration file cannot be downloaded from the TFTP server. Resolution includes testing the TFTP server to ensure it is accessible by other TFTP clients on the management network, and verifying the file referenced in the DHCP configuration to ensure it is correct for the TFTP server address and the configuration file on the TFTP server.
TFTP logging and enablement When deploying a large number of enclosures with the auto-deployment capability, it might be difficult to know which configurations completed (and when), and which configurations might have a failure or are stuck in a waiting loop because of a configuration issue. To help with deployment status awareness and provide a common place for TFTP logs, you can have the TFTP status and logs posted back to the TFTP server.
Appendix C: Using IPv6 with Virtual Connect Minimum requirements to support IPv6 To support IPv6 with Virtual Connect, the following requirements must be met: • Install SPP 2013.09.0 (B) or later • VC 4.10 or later • OA 4.01 or later IPv6 addresses in VC Beginning with VC 4.10, Virtual Connect interconnect modules can be configured to use IPv6 addresses for communication over an IPv6 management network. IPv6 address configuration is controlled by the OA.
DHCPv6 address To obtain a DHCPv6 address from a DHCPv6 server in the management network, the DHCPv6 option must be enabled in the OA web GUI or enabled through the OA CLI. The IPv6 option should also be enabled. The DHCPv6 address is a global address and packets with this address can be routed. IMPORTANT: If EBIPAv6 is enabled, VC does not configure a DHCPv6 address from the DHCPv6 server even if the DHCPv6 option is enabled.
The scope and function of the domain static IPv6 address is the same as that of the domain static IPv4 address already available prior to VC 4.10. Enabling IPv6 support To enable IPv6 support in VC, VCSU version 1.9.0 can be used to update VC to 4.10 using IPv4 as target addresses. Observe the following additional requirements for enabling IPv6 support in VC: • The ability to enable or disable IPv6 as a stack is an enclosure-wide configuration, and can be done using the OA CLI or the OA Web GUI.
IMPORTANT: Avoid deploying an IPv6-only configuration until the availability of IPv6-only support for the iLOs. o Import remote enclosures using IPv6 addresses because IPv4 addresses would not exist in an IPv6-only environment. o Importing an enclosure with dual configuration fails because it is mandatory to have a uniform IP configuration on all enclosures of the domain. Migrations Migration from IPv4 to a dual configuration VC version OA version <4.01 VC version <4.10 • • • OA version 4.
Disabling IPv6 support The enclosure-wide IPv6 support can be disabled by unselecting the Enable IPv6 check box in the OA GUI or by using the disable IPv6 command in the OA CLI. This functionality is implemented in OA version 4.01 and higher. To prevent NO-COMM states, enclosure-wide IPv6 support should be disabled only after IPv4 addresses are configured and reachable.
VC FW update considerations The support for IPv6, introduced in VC 4.10, requires the minimum requirements listed in "Minimum requirements to support IPv6 (on page 306)" to be met. VCSU 1.9.0 or later is required to upgrade VC IPv6 configurations. VC maintains IP address configuration status as shown in the following table. IP address configurations Details IPv4 only OA and VCs are configured with IPv4-only addresses. This is the default configuration.
• iscsi-boot-param • MLDv2 • storage-management • auto-deployment Appendix C: Using IPv6 with Virtual Connect 312
Appendix D: Virtual Connect Security Insecure protocols and secure alternatives HP recommends using secure alternatives for the following protocols when managing the VC domain: • TFTP • SNMPv1/v2 When the domain is in FIPS mode, these protocols are automatically restricted. For more information about FIPS mode, see "Virtual Connect FIPS mode of operation (on page 314)." Telnet and Secure Shell Telnet sends all traffic across the network in clear text. This includes user names and passwords.
SNMPv1/v2 and SNMPv3 SNMPv1 and v2 use community strings for read and write access on SNMP enabled devices. These community strings are sent as clear text and can be easily read. VCM supports read only SNMP access. No changes can be made to VCM using SNMP. VCM also supports SNMP access controls, so when SNMP management devices send SNMP queries, VC administrators can specify which queries to respond to. HP recommends using SNMPv3 as the network management protocol.
o If it exists, delete the VC domain ("Deleting a domain" on page 23). o Clear the VC mode from the OA. A partial VC domain state is created when VCM discovers the local OA in VC mode. Be sure to clear the partial VC domain state by powering off and then powering on the primary VC Enet module. • When entering or exiting FIPS mode, the VC domain is deleted. • The firmware must be updated to version 4.30 or higher before FIPS mode can be enabled. • A rollback or downgrade to firmware earlier than 4.
• The browser you use to access the VCM web interface If a component does not support TLS 1.2, you can use the VCM CLI or web interface to configure VCM to support all TLS versions. To verify browser settings, see "Configuring browser support (on page 12)." Enabling FIPS mode FIPS mode is enabled by setting the DIP switch on the primary VC-Enet or FlexFabric module.
Acronyms and abbreviations BPDU Bridge Protocol Data Unit CFG constant frequency generator CHAP Challenge Handshake Authentication Protocol CMC centralized management console DNS domain name system DO data object FC Fibre Channel FCoE Fibre Channel over Ethernet FCS Frame Check Sequence FIPS Federal Information Processing Standard GMII Gigabit media independent interface HBA host bus adapter Acronyms and abbreviations 317
IGMP Internet Group Management Protocol IQN iSCSI qualified name LACP Link Aggregation Control Protocol LAG link aggregation group LAG ID link aggregation group ID LDAP Lightweight Directory Access Protocol LHN LeftHand Networks LLA link local address LLDP Link Layer Discovery Protocol LUN logical unit number MAC Media Access Control NPIV N_Port ID Virtualization OA Onboard Administrator PF Flex-10 physical function Acronyms and abbreviations 318
PHY physical layer device PLS physical signaling POST Power-On Self Test QoS Quality of Service RADIUS Remote Authentication Dial-In User Service RBSU ROM-Based Setup Utility RD receive data RMON remote monitoring SIM Systems Insight Manager SLAAC stateless address autoconfiguration SMI-S Storage Management Initiative Specification SNIA Storage Networking Industry Association SPOCK Single Point of Connectivity Knowledge SR-IOV Single root I/O Virtualization Acronyms and abbreviations 319
SSH Secure Shell SSL Secure Sockets Layer TACACS+ Terminal Access Controller Access Control System Plus TCN Spanning Tree Topology Change Notification UDP User Datagram Protocol VCDG Virtual Connect Domain Group VCEM Virtual Connect Enterprise Manager VCM Virtual Connect Manager VCSU Virtual Connect Support Utility VLAN virtual local-area network WWN World Wide Name WWPN worldwide port name Acronyms and abbreviations 320
Documentation feedback HP is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (mailto:docsfeedback@hp.com). Include the document title and part number, version number, or the URL when submitting your feedback.
Index A About menu 17 accessing HP Virtual Connect Manager 13 ActiveX 12 adding a credential 30 adding a RADIUS group 79 adding a user 67 adding an LDAP group 73 adding an SNMP trap destination 39 adding enclosures 26 adding FC connections 224 adding FCoE connections 224 adding new users 69 adding SNMP access 38 additional information 288 Advanced Network Settings 124 Advanced Profile Settings 180 assign server profiles 213, 290 attribute number 79 auto-deployment 23, 292 auto-deployment settings after encl
Domain Settings (Configuration) screen 22 Domain Settings (Domain IP Address) 24 Domain Settings (Enclosures) 25 Domain Settings (Local Users) 67 Domain Settings (Storage Management Credentials) 29 domain static addressing 307 Domain Status screen 282 Domain Status summary 281 domain, deleting 22, 23 domain, managing 21 double-dense server blades 264 dynamic DNS 13 E EBIPAv6 address 307 edit a network access group 92 edit a RADIUS group 79 edit a server profile 205 edit a shared uplink set 140 edit an Ethe
Internet Explorer support 12 IPv6 addresses in VC 306 iSCSI boot 172 iSCSI Boot Assistant 196 iSCSI boot configuration 193, 197 iSCSI connections 182, 192 iSCSI offload 172 iSCSI port assignments 173 Mozilla support 12 multi-blade servers 165 multicast filtering 114, 116, 117, 118 multiple enclosure guidelines 62 multiple enclosures, adding and importing 26 multiple enclosures, using 61 multiple networks link speed settings 98 multiple networks option 199 J N Javascript 12 name servers, interconnect ba
Q Quality of Service 103, 104 R RADIUS authentication, testing 77 RADIUS group, adding 79 RADIUS Settings (RADIUS Groups) 78 RADIUS Settings (RADIUS Server) 75, 76 RADIUS, configuration 69, 76 read community 33, 35 reconfiguring nPars 290 recovering remote enclosures 285 Red Hat procedures 227 redeployment scenarios 302 remote enclosures, recovering 285 remote log test 51 remote logging 51 removing an enclosure 27, 235 required user role permissions, trap categories 42 resetting the system 285 restore doma
test TACACS authentication 83 TFTP logging and enablement 305 TFTP server 294 Throughput Statistics screen 233 throughput statistics, configuring 102 throughput statistics, enabling 102 throughput statistics, viewing 233 traffic classes 105, 108 trap categories 42 tree navigation 18 troubleshooting 281, 284 troubleshooting, server profiles 285 tunnel VLAN tags 87 typical failure deployment status values 299 viewing deployment information, status, and logs 297 viewing throughput statistics 233 Virtual Conne
