1. Manuals
  2. Brands
  3. HP Manuals
  4. Server
  5. ntegrity iLO 2 MP
  6. Operation manual

HP ntegrity iLO 2 MP Operation Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
HP Integrity iLO 2 MP Operations Guide
HP Part Number: 5991-5992
Published: November 2007

Advertisement

Table of Contents
loading

Related Manuals for HP ntegrity iLO 2 MP

Summary of Contents for HP ntegrity iLO 2 MP

  • Page 1 HP Integrity iLO 2 MP Operations Guide HP Part Number: 5991-5992 Published: November 2007...
  • Page 2 Legal Notices The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Table Of Contents

    Supported Systems and Required Components and Cables..............24 iLO 2 MP Supported Browsers and Client Operating Systems............24 Security..............................25 Protecting SNMP Traffic........................26 Lights-Out Advanced/KVM Card......................26 2 Ports and LEDs......................27 HP Integrity Server Blade Components....................27 Onboard Administrator........................27 HP Integrity rx2660 Server Components....................29 Table of Contents...
  • Page 4 HP Integrity rx3600 and rx6600 Server Components................29 iLO 2 MP Status LEDs...........................30 iLO 2 MP Reset Button..........................31 Resetting Local User Accounts and Passwords to Default Values..........31 Console Serial Port and Auxiliary Serial Port..................31 iLO 2 MP LAN Port..........................32 iLO 2 MP LAN LEDs........................32 3 Setting Up and Connecting the Console..............33...
  • Page 5 Text User Interface..........................59 MP Command Interfaces.........................59 MP Main Menu..........................60 MP Main Menu Commands.......................60 CO (Console): Leave the Main Menu and enter console mode..........61 VFP (Virtual Front Panel): Simulate the display panel............61 CM (Command Mode): Enter command mode..............61 SMCLP (Server Management Command Line Protocol): Switch to the SMASH SMCLP..61 CL (Console Log): View the history of the console output...........61 SL (Show Logs): View events in the log history..............61 HE (Help): Display help for the menu or command in the MP Main Menu......63...
  • Page 6 Status Summary > Active Users....................83 Server Status > General......................84 Server Status > Identification.....................85 System Event Log........................86 Events............................87 Integrated Remote Console (vKVM)....................88 IRC Requirements and Usage....................88 Limitations of the vKVM Mouse and Keyboard..............89 Browsers and Client Operating Systems that Support vKVM..........89 vKVM-Supported Resolutions and Browser Configurations..........89 Accessing the IRC........................90 Integrated Remote Console Fullscreen.................92...
  • Page 7 Command Options........................128 Level Option........................128 Display Option........................128 Character Set, Delimiters, Special, and Reserved Characters..........129 System1 Target..........................130 Target: SYSTEM1........................130 System Reset Power Status and Power Control................130 Resetting the System........................130 Displaying Power Status......................131 Powering Off the System......................131 Powering On the System......................131 Map1 (iLO 2) Target........................131 Target: map1..........................131 Map1 Example..........................132 Resetting the iLO 2 MP......................132...
  • Page 8 Installing and Initializing Snap-Ins for Active Directory..............154 Example: Creating and Configuring Directory Objects for Use with iLO 2 in Active Directory...154 Directory Services Objects......................158 Active Directory Snap-Ins......................158 Managing HP Devices In a Role..................158 Managing Users In a Role....................159 Setting Login Restrictions......................160 Setting Time Restrictions....................160 Defining Client IP Address or DNS Name Access.............161...
  • Page 9 How Directory Login Restrictions Are Enforced................176 How User Time Restrictions Are Enforced...................177 User Address Restrictions......................178 Creating Multiple Restrictions and Roles..................178 Directory Services Schema (LDAP)....................179 HP Management Core LDAP Object Identifier Classes and Attributes........179 Core Classes..........................180 Core Attributes.........................180 Core Class Definitions......................180 hpqTarget..........................180 hpqRole..........................181...
  • Page 11 List of Figures OA/iLO Network Port and Components..................28 Onboard Administrator LEDs and Buttons..................28 HP Integrity rx2660 Server Rear View..................29 HP Integrity rx3600 and rx6600 Server Rear Ports and LEDs............30 Console Serial Port (RS-232) Connector..................31 iLO 2 MP LAN Port........................32 Setup Flowchart..........................35 SUV Cable............................45...
  • Page 12 7-11 Logon Hours Screen........................161 7-12 New IP/Mask Dialog Box......................161 7-13 Lights Out Management Tab.......................162 7-14 Roles and Devices Example......................163 7-15 Select Object Subtype Dialog Box....................164 7-16 Setting Role Rights........................165 7-17 Role Managed Devices Subtab....................166 7-18 Members Tab (eDirectory)......................167 7-19 Role Restrictions Subtab (eDirectory)..................167 7-20 Add New Restriction Dialog Box....................168 7-21...
  • Page 13 List of Tables Publishing History Details......................16 Supported Systems and Required Components Matrix...............24 iLO 2 MP Supported Browsers and Client Operating Systems............25 iLO 2 MP Status LEDs........................30 Console Serial Port Pinouts......................31 iLO 2 MP LAN Port Pinouts......................32 iLO 2 MP LAN Link Status LEDs....................32 iLO 2 MP LAN Link Speed LEDs....................32 Setup Checklist..........................34 Physical Connection Matrix......................36...
  • Page 14 6-41 enetport1 Properties........................138 6-42 lanedpt1 Properties........................138 6-43 ipendpt1 Properties........................139 6-44 dhcpendpt1 Properties........................139 6-45 dnsendpt1 Properties........................140 6-46 gateway1 Properties........................140 6-47 dnsserver1, dnsserver2, dnsserver3 Properties................140 6-48 dnssettings1 Properties........................141 6-49 cddr1 Properties..........................142 6-50 group1 Properties........................143 6-51 account# Properties........................143 6-52 oemhp_ldapsettings1 Properties....................145 Lights Out Management Rights....................162 Management Device Rights......................169 Core Classes..........................180 Core Attributes..........................180...

  • Page 15: About This Document

    Power Management • Auto-Login • vMedia - SM CLP command verbs • vMedia - virtual floppy/USB key This document is also a reference for the following HP Integrity servers with Integrity iLO: • rx7640 • rx8640 • Superdome sx2000 Publishing History The publishing history below identifies the edition dates of this manual.

  • Page 16: Document Organization

    Chapter 4 Accessing the Host Console Use this chapter to learn how to access the host console of an HP Integrity server through the iLO 2 MP. Chapter 5 Configuring DHCP, DNS, LDAP, and LDAP Lite Use this chapter to configure DHCP, DNS, LDAP extended schema, and LDAP Lite default schema.

  • Page 17: Typographic Conventions

    The preceding element can be repeated an arbitrary number of times. Separates items in a list of choices. Related Information You can find other information on HP server hardware management, Microsoft® Windows®, and diagnostic support tools in the following publications. HP Technical Documentation Website http://www.docs.hp.com...

  • Page 18: Warranty Information

    Website for HP Technical Support http://us-support2.external.hp.com/ Books about HP-UX Published by Prentice Hall The HP Books website lists the HP books that Prentice Hall currently publishes, including the following: • HP-UX 11i System Administration Handbook http://www.hp.com/hpbooks/prentice/ptr_0130600814.html • HP-UX Virtual Partitions http://www.hp.com/hpbooks/prentice/ptr_0130352128.html...

  • Page 19: Introduction To Ilo 2 Mp

    The iLO MP is available whenever the system is connected to a power source, even if the server main power switch is in the off position. HP has used several different names to describe the management functionality embedded in servers, including “the management processor.” In addition, HP uses the term “management processor”...

  • Page 20: Always-On Capability

    Always-on Capability The iLO 2 MP is active and available through the iLO 2 MP LAN connection and the local serial port connection as long as the power cord is plugged in. In the event of a complete power failure, the iLO 2 MP data is protected by an onboard battery backup.

  • Page 21: Ipmi Over Lan

    HP Systems Insight Manager (HP SIM) is a system-level management tool that supports executing commands from HP SIM using the SSH interface. HP SIM enables you to perform similar management activities across multiple iLO 2s (group actions) without requiring you to access each iLO 2 MP individually.

  • Page 22: Snmp

    (page 23). NOTE: A HP ProLiant iLO 2 Advanced Pack license key will not work on an HP Integrity server, and vice versa. iLO 2 MP advanced features include the iLO 2 MP standard features and the following features: Virtual Media...

  • Page 23: Ldap Lite

    HP Insight Power Manager HP Insight Power Manager (HP IPM), a plug-in to HP Systems Insight Manager (HP SIM), is an integrated power monitoring and management application that provides centralized control of server power consumption and thermal output. It extends the unified infrastructure management framework of HP SIM by providing new energy levers into the server.

  • Page 24: Obtaining And Activating Ilo 2 Mp Advanced Pack Licensing

    On HP Integrity server blades, the Advanced Pack license is standard. Remember to save the Advanced Pack license key information that was provided by HP. If you ever need to replace your server blade under warranty, you will need to transfer the key by typing the code on the replacement server blade.

  • Page 25: Security

    — http://psweb1.cup.hp.com/~projects/sisl_prgm_mgmt/mvx%20(Low-end%20Montvale)/mvx%20info.htm Security It is important to have strong security surrounding the iLO 2 MP device. HP security requirements of the enterprise and architected the iLO 2 MP include the following: Authentication iLO 2 MP incorporates authentication techniques with the use of 128-bit Secure Socket Layer (SSL) encryption.

  • Page 26: Protecting Snmp Traffic

    SNMP traffic into the host server only if it comes from one of the predetermined management workstations. TIP: Telnet sends data without encryption and is not a secure connection. HP recommends using SSH instead of telnet because SSH uses encryption. To enable and disable telnet access, use the SA command.

  • Page 27: Ports And Leds

    All iLO 2 MP functions are available through the server iLO 2 MP LAN port and the local and remote serial ports. On HP Integrity server blades, all iLO 2 MP functions are available on the Onboard Administrator. This chapter describes the available iLO 2 MP ports, connectors, and LEDs on the HP Integrity server blades, and the rx2660, rx3600, and rx6600 servers.

  • Page 28: Oa/Ilo Network Port And Components

    Figure 2-1 OA/iLO Network Port and Components OA/iLO Network Port Enclosure Link-Up Port Onboard Administrator Bay 1 Enclosure Link-Down Port Onboard Administrator Bay 2 (redundant if used) Figure 2-2 shows the Onboard Administrator LEDs and buttons. Figure 2-2 Onboard Administrator LEDs and Buttons Onboard Administrator UID LED Onboard Administrator Health LED Enclosure UID LED...

  • Page 29: Hp Integrity Rx2660 Server Components

    Console Serial Port UID Button/LED (RS-232) Smart Array P400 Controller Slot HP Integrity rx3600 and rx6600 Server Components Figure 2-4 shows the controls, ports, and LEDs on the rear of the HP Integrity rx3600 and rx6600 servers. HP Integrity rx2660 Server Components...

  • Page 30: Ilo 2 Mp Status Leds

    NOTE: This figure is oriented vertically to match the orientation of the core I/O board. Figure 2-4 HP Integrity rx3600 and rx6600 Server Rear Ports and LEDs iLO 2 MP Serial Console USB 2.0 Ports (any USB VGA Port (No iLO 2 MP...

  • Page 31: Ilo 2 Mp Reset Button

    Table 2-1 iLO 2 MP Status LEDs (continued) iLO 2 MP Status LED LED State iLO 2 MP Heartbeat Flashing green. BMC Heartbeat Flashing green. iLO 2 MP Reset Button The iLO 2 MP Reset button enables you to reset the iLO 2 MP and reset the user-specific values to factory default values.

  • Page 32: Ilo 2 Mp Lan Port

    Table 2-2 Console Serial Port Pinouts (continued) Pin Number Signal Description Requests to send Clears to send Not used iLO 2 MP LAN Port Figure 2-6 shows the iLO 2 MP LAN port connector pins and LEDs. Figure 2-6 iLO 2 MP LAN Port Amber Green Table 2-3...

  • Page 33: Setting Up And Connecting The Console

    Configure the Integrity iLO 2 MP and assign an IP address if necessary. Though there are several methods to configuring the LAN, HP recommends DHCP with DNS. DHCP with DNS comes preconfigured with default factory settings, including a default user account and password.

  • Page 34: Setup Checklist

    Set up the security access settings. Access the host console Access the host console using your method of choice. Advanced Activate Advanced Pack features Activate advanced features by entering your HP Integrity Advanced Pack license key. Setting Up and Connecting the Console...

  • Page 35: Setup Flowchart

    Setup Flowchart Use this console setup flowchart as a guide to help set up the Integrity iLO 2 MP. Figure 3-1 Setup Flowchart Setup Flowchart...

  • Page 36: Preparing To Set Up Ilo 2 Mp

    Preparing to Set Up iLO 2 MP Perform the following tasks before you configure the iLO 2 MP LAN: • Determine the physical access method to select and connect cables. • Determine the iLO 2 MP LAN configuration method and assign an IP address if necessary. Determining the Physical iLO 2 MP Access Method Before you can access the iLO 2 MP, you must determine the correct physical connection method.

  • Page 37: Configuring The Ilo 2 Mp Lan Using Dhcp And Dns

    Configuring the iLO 2 MP LAN Using DHCP and DNS DHCP automatically configures all DHCP-enabled servers with IP addresses, subnet masks, and gateway addresses. All HP Integrity entry class servers with the iLO 2 MP are shipped from the factory with DHCP enabled.

  • Page 38: Arp Ping Commands

    ARP Ping has the following operational issues: • The PC and the server must be on the same physical subnet. • When a new server is first booted, DHCP is automatically available (factory-set default), but ARP Ping does not start until three minutes after the iLO 2 MP is booted. This applies to every subsequent boot of the iLO 2 MP until an IP address is obtained by DHCP or is assigned using the LC command.

  • Page 39: Configuring The Ilo 2 Mp Lan Using The Console Serial Port

    ping 192.0.2.1 Use this IP address to connect to the iLO 2 MP LAN. Use web or telnet access to connect to the iLO 2 MP from a host on the local subnet and configure the rest of the LAN parameters (gateway, subnet). Configuring the iLO 2 MP LAN Using the Console Serial Port The terminal emulation device runs software that interfaces with the server.

  • Page 40: Logging In To The Ilo 2 Mp

    The iLO 2 MP login prompt appears. Log in using the default the iLO 2 MP user name and password (Admin/Admin). TIP: For security reasons, HP strongly recommends you modify the default settings during the initial login session. See “Modifying User Accounts and Default Passwords” (page 46).

  • Page 41: Connecting The Server Blade To The Ilo 2 Mp Using The Onboard Administrator

    2 MP. The USB provides keyboard and mouse to the operating system on HP Integrity server blades. Also, server blades do not support directly connecting a modem to the MP (called the remote RS-232 port on servers), so there is no remote RS-232 connection on the server blade.

  • Page 42: Initiating An Auto-Login Session

    This level equates to an iLO 2 MP user with no privileges set. NOTE: For information on how to set user roles and privilege levels in the OA, see the HP BladeSystem Onboard Administrator User Guide. Initiating an Auto-Login Session...

  • Page 43: Terminating An Auto-Login Session

    Terminating an Auto-Login Session When the Auto-Login CLI or Web GUI session is terminated, the following user clean up is preformed: • For Auto-Login sessions, the temporary Auto-Login iLO 2 MP account is deleted when the session with the iLO 2 MP is terminated. User Account Cleanup during IPF Blade Initialization OA and iLO 2 MP perform the following during an IPF blade initialization •...

  • Page 44: Connecting The Suv Cable To The Server Blade

    RS-232 connector. The default setting is for the iLO 2 MP interface, the other is for an AUX UART directly connected to the host operating system and can be used for any serial device (terminal, debug port, and so on). HP recommends using the AUX UART for server blade setup and debug purposes only.

  • Page 45: Suv Cable

    Figure 3-2 SUV Cable Server Blade Connector 2-Port USB VGA (no access to iLO 2 MP) 9-Pin Console Serial Port (RS-232) USB Label USB-1 USB-0 Physically Connecting the Server Blade to the iLO 2 MP...

  • Page 46: Additional Setup

    = Oper Login and password are case sensitive. TIP: For security reasons, HP strongly recommends you modify the default settings during the initial login session. Make the following changes using any of the iLO 2 MP user interfaces. To modify default account configuration settings, follow these steps:...

  • Page 47: Setting Up Security

    Setting Up Security For greater security and reliability, HP recommends that iLO 2 MP management traffic be on a separate dedicated management network and that only administrators be granted access to that network. This not only improves performance by reducing traffic load across the main network, it also acts as the first line of defense against security attacks.

  • Page 49: Accessing The Host Console

    4 Accessing the Host Console This chapter describes several ways to access the host console of an HP Integrity server. This chapter addresses the following topics: • “Interacting with the iLO 2 MP Using the Web GUI” (page 49) •...

  • Page 50: Accessing Online Help

    To access the Help menu from the TUI, enter HE at the MP> prompt. The following is the MP Help Main Menu: ==== MP Help: Main Menu =============================================== Integrated Lights-Out for HP Integrity and HP 9000 - Management Processor (MP) MP Help System Enter a command at the help prompt: OVerview...

  • Page 51: Accessing The Host Console Using Vkvm (Integrated Remote Console)

    124). Accessing iLO 2 MP Using Onboard Administrator NOTE: The HP BladeSystem Onboard Administrator is only available on HP Integrity server blades. To access the iLO 2 MP using Onboard Administrator, follow these steps: Establish a network connection through the OA/iLO network port.
  • Page 52 IMPORTANT: The server console output does not display on the console device screen until the server boots to the EFI Shell. Start a console session using the console serial port (RS-232) method to view console output prior to booting to the EFI Shell, or to access the iLO 2 MP. See“Configuring the iLO 2 MP LAN Using the Console Serial Port”...

  • Page 53: Configuring Dhcp, Dns, Ldap, And Ldap Lite

    Its primary purpose is to identify the iLO 2 MP LAN interface in a DNS database. NOTE: The HP-UX system name displayed by the uname -a command is different than the iLO 2 MP host name. If the IP address, gateway IP address, and subnet mask are obtained through DHCP, you cannot change them without first disabling DHCP.

  • Page 54: Configuring Dns

    • Modify the MP subnet mask. MP:CM> LC -s 192.0.2.1 • Modify the MP gateway address. MP:CM> LC -g 192.0.2.1 • Set the link state to autonegotiate. MP:CM> LC link auto • Set the link state to 10 BaseT. MP:CM> LC link t •...

  • Page 55: Configuring Ldap Extended Schema

    For example, CN=Users, DC=HP, DC=com. Directory user contexts are limited to 127 characters maximum plus one for the NULL terminator character for each directory user context.

  • Page 56: Login Process Using Directory Services With Extended Ldap

    2 MPs. The iLO 2 MP directory services feature uses the industry-standard LDAP. HP layers LDAP on top of SSL to transmit the directory services information securely to the directory servers. More information about directory services is available from the HP website http://www.hp.com/servers/lights-out...

  • Page 57: Setting Up Directory Security Groups

    NOTE: If you have already extended your directory with HP schema, there is no need to switch to the schema-free approach. Schema extension provides the lowest maintenance approach for directory integration. Once this process has taken place, there is no advantage for the schema-free approach until a schema change is required.

  • Page 58: Login Process Using Directory Services Without Schema Extensions

    1 - Administrator C, P, M, U 2 - User C, P 3 - Custom1 None 4 - Custom2 None 5 - Custom3 None 6 - Custom4 None Only the first 30 characters of the Group Distinguished Names are displayed. Enter number to view or modify, or [Q] to Quit: Enter the number for the group you want to view or modify.

  • Page 59: Using Ilo 2 Mp

    This section provides information on the text user interface commands you can run in the iLO 2 MP. NOTE: HP Integrity server blades do not have fans or power supplies. Therefore, their response to certain commands are different than a rack-mount server. MP Command Interfaces Table 6-1 lists and describes the available MP command interfaces.

  • Page 60: Mp Main Menu

    Figure 6-1 MP Command Interfaces MP Main Menu After logging in to the iLO 2 MP, the MP Main Menu appears. The MP Main Menu runs as a private session. Other iLO 2 MP users do not see the actions you perform in the private session. The iLO 2 MP can support multiple sessions to perform independent tasks: •...

  • Page 61: Co (Console): Leave The Main Menu And Enter Console Mode

    To run an ASCII screen-oriented application (SAM) or a file transfer program (ftp), the console is not the recommended connection. HP recommends using the LAN and connecting directly with telnet or the web to the system over the system LAN.

  • Page 62: Alert Levels

    Events are data items that communicate system information from the source of the event to other parts of the system, then to you. Events are produced by intelligent hardware modules, the operating system, and system firmware. Events funnel into BMC from different sources throughout the server.

  • Page 63: He (Help): Display Help For The Menu Or Command In The Mp Main Menu

    Displays field replaceable unit (FRU) information Disconnects the LAN console Sets the DNS configuration This command is only available to authorized HP service personnel Displays help for the menu or command Displays or modifies system information Modifies the iLO 2 MP inactivity timeouts...

  • Page 64: Command Line Interface Scripting

    Table 6-5 Command Menu Commands (continued) Command Description Sets access options Configures SNMP parameters SNMP Configures security options Displays system processor status Displays all firmware revisions SYSREV Resets through transfer of control (TOC) “Tell” (sends a message to other users) Displays a user configuration Displays connected the iLO 2 MP users Diagnoses or resets the iLO 2 MP...

  • Page 65: Expect Script Example

    NOTE: This guide is not meant as a substitute for instruction on various scripting tools that are available for automating command-line interfaces. The iLO 2 MP TUI (when used with command-line arguments) and the SMASH command-line interface were created with these types of scripting tools in mind to facilitate powerful automation capabilities.

  • Page 66: Command Menu Commands And Standard Command Line Scripting Syntax

    send_user "Password: " expect_user -re "(.*)\n" set mp_password $expect_out(1,string) stty echo # Other Constants set timeout 20 ######################################################################## ## BEGIN spawn $env(SHELL) match_max 100000 #foreach mp_name {puma_mp lion_mp cougar_mp} { set mp_name "puma_mp" send_user "\n\n----- $mp_name -----\n\n" # Frequently used Strings set MA_PROMPT "$mp_name\] MP>...

  • Page 67: Bp: Reset Bmc Passwords

    This command is available only on a server blade. Command access level: Login access BLADE facilitates the cabling and initial installation of HP Integrity server blades. It also provides a quick view of the enclosure status. You must have configuration access right to turn the enclosure locator UID LED on or off.

  • Page 68: Ca: Configure Asynchronous Local Serial Port

    Command access level: MP configuration access CA sets the parameters for the local and the remote serial console. Input and output data rates are the same. The value returned by the stty command on HP-UX is the local serial port console speed.

  • Page 69: Date: Display Date

    In the UC command, change individual users or reset all users to default values. • Reset passwords by pressing the iLO 2 MP reset button on the back panel of your HP server for longer than four seconds. After the iLO 2 MP reboots, the local console terminal displays a message for five seconds.

  • Page 70: Di: Disconnect Lan, Web, Ssh Or Console

    FW: Upgrade the MP firmware This command is only available to authorized HP service personnel. The MP firmware is packaged along with system, BMC, and FPGA/PSOC firmware. You can download and upgrade the firmware package from the HP website at: http://www.hp.com/go/bizsupport. IMPORTANT:...

  • Page 71: Id: System Information Settings

    HE displays the MP hardware and firmware version identity, and the date and time of firmware generation. • If executed from the MP Main Menu, HE displays general information about the iLO 2 MP and those commands available in the MP Main Menu. •...

  • Page 72: Lc: Lan Configuration Usage

    LC: LAN configuration usage Command access level: MP configuration access LC modifies the LAN configuration parameters. IMPORTANT: If you are connected through a network and you make any changes to DHCP status, IP address, subnet mask, or gateway IP address, the iLO 2 MP automatically resets once you confirm the change.
  • Page 73 HP schema and you plan to use it. — Enable with Default Schema: Selects directory authentication and authorization using user accounts in the directory which has not been extended with the HP schema. User accounts and group memberships are used to authenticate and authorize users. Data in the Group Administration page must be configured after you select this option.

  • Page 74: Ldap: Ldap Group Administration

    LOC displays the current status of the locator UID LED and enables you to turn the locator UID LED on or off. In HP Integrity server blades, this command also enables you to turn the enclosure locator UID LED on or off. The UID LED physically identifies the blade in a data center environment. It emits a blue light when turned on.

  • Page 75: Pc: Power Control Access

    Command line usage and scripting: LS [ -nc ] See also: DNS, LC, SA PC: Power control access Command access level: Power control access PC enables control of the power management module. It provides the following options for remote control of system power: Turns the system power on.

  • Page 76: Pr: Power Restore Policy Configuration

    Example [gstl0074] MP:CM> pm PM [ -dynamic | -low | -high | -os ] [ -nc ] PM -? [gstl0074] MP:CM> pm Current System Power Mode : Dynamic Mode Power Regulator Menu: D - Dynamic Power Savings Mode L - Static Low Power Mode H - Static High Performance Mode O - OS Control Mode Enter menu item or [Q] to Quit: O...

  • Page 77: Rs: Reset System Through The Rst Signal

    Enable or disable the SNMP alerts feature separate from the general SNMP server. NOTE: Currently, the SNMP alert feature is only supported on HP Integrity server blades. • Configure up to four destination IP addresses where SNMP alerts will be sent. Alerts are sent by the iLO 2 MP to these destinations for power shutdown, system reset, and system fatal error events.

  • Page 78: So: Security Option Help

    Enter E to enable or D to disable all SNMP alerts. The screen displays the new SNMP configuration settings. NOTE: Currently, the SNMP alert feature is supported on HP Integrity server blades only. To configure a destination IP address for SNMP alerts, enter 1 2 3 4. The default is blank (unused).

  • Page 79: Sysrev: Firmware Revisions

    SS displays the status of the system processors and which processor is the monarch. The iLO 2 MP learns the system configuration through the events it receives from the system. There is usually a delay between any processor configuration change and what is displayed by this command.

  • Page 80: Uc: User Configuration (Users, Passwords, And So On)

    TE <text> [ -nc ] UC: User Configuration (users, passwords, and so on) Command access level: User administration access UC adds, modifies, re-enables, or deletes any of the following user parameters: • Login ID • Password • User Name • User Workgroup •...

  • Page 81: Who: Display A List Of Ilo 2 Mp Connected Users

    [ -enable <e|d> \ [ -password [ <value> ] [ -delete <login> ] | [ -list <login> ] ] [ -nc ] Example: [gstlhpg1] MP:CM> uc -delete Oper -nc UC -delete Oper -nc Current User Parameters: User Login ID : Oper User Password : ************ User Name...

  • Page 82: Web Gui

    For more information on the iLO 2 MP Advanced Pack license, see “Advanced Pack License” (page 23) and the HP website at: http://h71028.www7.hp.com/enterprise/cache/279991-0-0-0-121.html NOTE: Cookies must be enabled on the web browser in order to successfully login to the iLO 2 MP web GUI.

  • Page 83: Status Summary > Active Users

    Figure 6-2 Status Summary General Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. Table 6-6 lists the fields and descriptions. Table 6-6 Status Summary General Page Description Field Description System Power The current power state (ON/OFF/STANDBY) of the system and the corresponding power LED state.

  • Page 84: Server Status > General

    Figure 6-3 Status Summary Active Users Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. Table 6-7 lists the fields and descriptions. Table 6-7 Active Users Page Description Field Description Access Type Multiple access methods are available: Serial, telnet, SSH, SSL web or IPMI over LAN.

  • Page 85: Server Status > Identification

    Figure 6-4 Server Status General Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. Table 6-8 lists the fields and descriptions. Table 6-8 Server Status General Page Description Field Description System Power Displays the current power state of the system and the corresponding power LED state.

  • Page 86: System Event Log

    Displays the rack unique identifier: a known unique identifier for the rack. Displays the bay number. The blade enclosure can support as many as eight HP Integrity server blades. When viewed from the rack front, the bays are numbered from left to right and from 1 to 8.

  • Page 87: Events

    Figure 6-6 System Event Log Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. Table 6-10 lists the fields, buttons, and descriptions. Table 6-10 System Event Log Page Description Fields and Buttons Description System Event Log High attention events and errors.

  • Page 88: Integrated Remote Console (Vkvm)

    Internet Explorer version 6 with Service Pack 1 and above is the only supported browser for this feature. Windows is the only supported client operating system on HP Integrity servers for vKVM. Additionally you must allow downloading and usage of signed ActiveX controls.

  • Page 89: Limitations Of The Vkvm Mouse And Keyboard

    Currently, vKVM is not supported on HP-UX, Linux, or OpenVMS. vKVM-Supported Resolutions and Browser Configurations Set your Windows-based HP Integrity server to the following specifications to properly access and view the IRC and optimize performance. Microsoft Windows Server 2003 Console Resolution Settings for vKVM...

  • Page 90: Accessing The Irc

    Select Motion or Pointer Options, and set the pointer speed slider to the middle position. • Deselect Enhanced pointer precision. To automate setting an optimal mouse configuration, download the Lights-Out Optimization utility from the HP website at: http://www.hp.com/servers/lights-out Click the Best Practices graphic and click the Maximize Performance links. Accessing the IRC To access the IRC, select Remote Console >...

  • Page 91: Integrated Remote Console Page

    Figure 6-7 Integrated Remote Console Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. Table 6-11 lists the fields, buttons, and actions. Table 6-1 1 IRC Page Description Fields and Buttons Action Fullscreen Resizes the IRC page.

  • Page 92: Integrated Remote Console Fullscreen

    Figure 6-8 Integrated Remote Console Window Table 6-12 lists the menu bar, buttons, and actions you can perform in the IRC window. Table 6-12 IRC Window Description Menu Bar Buttons Action Thumb Tack Enables you to keep the menu open, or retracts it when the mouse is moved away.

  • Page 93: Remote Serial Console

    Figure 6-9 Remote Serial Console Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. The remote serial console is a Java applet that requires Java Plug-in 1.4.2-10 to be installed on the client system. This applet enables connection to the server serial console over default port 2023.

  • Page 94: Remote Serial Console Window

    types are used simultaneously by the users, some users may see unexpected results. Only one of the mirrored users at a time has write access to the console. Write access is retained until another user requests console write access. To get console write access, enter Ctrl-Ecf. To ensure proper operation of the remote serial console, verify the following conditions: •...

  • Page 95: Virtual Serial Port

    Linux operating system over the network. For more information on using the virtual serial port, see Integrated Lights-Out Virtual Serial Port configuration and operation HOW TO on the HP website at: http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00263709/c00263709.pdf Virtual Media...

  • Page 96: Using Ilo 2 Mp Virtual Media Devices

    Using iLO 2 MP Virtual Media Devices Connect client-based vMedia to a host HP Integrity server through a graphical interface using a signed Java applet. Refusing to accept the applet certificate prevents browser-based vMedia from functioning (a red X appears). It also prevents the remote console applet from functioning because it is also signed using the same certificate.

  • Page 97: Virtual Cd/Dvd

    For maximum performance, HP recommends using local image files stored either on the hard drive of your client system or on a network drive accessible through a high-speed network link.

  • Page 98: Virtual Media Dialog Box (Before Connection)

    Click Launch to load the applet and connect to USB CD/DVD devices and disk image files available on the client as virtual devices on the server. The vMedia applet appears (Figure 6-12). NOTE: Only one user and one device can be connected at a time. Figure 6-12 Virtual Media Dialog Box (Before Connection) Select Local Media Drive.

  • Page 99: Virtual Media Dialog Box (After Connection)

    On servers with a locally attached IDE CD/DVD, the virtual CD/DVD device is accessible at /dev/cdrom1. However, on servers without a locally attached CD/DVD (such as the HP Integrity server blades) the virtual CD/DVD is the first CD/DVD accessible at/dev/cdrom.

  • Page 100: Creating The Ilo 2 Mp Disk Image Files

    Creating the iLO 2 MP Disk Image Files The iLO 2 MP vMedia feature enables you to create CD and DVD image files within the same applet. The image files created are ISO-9660 file system images and El Torito bootable CD images. The performance of the iLO 2 MP vMedia is faster when image files are used.

  • Page 101: Virtual Floppy/Usb Key

    For maximum performance, HP recommends using the local image files stored either on the hard drive of your client PC or on a network drive accessible through a high-speed network link.

  • Page 102: Virtual Media Applet Timeout

    2 MP vMedia. In general, any operating system issues that affect a USB CD/DVD drive also impacts the iLO 2 MP vMedia. The HP server ROM provides support during server boot for vMedia with the El Torito bootable CD format.

  • Page 103: Java Plug-In Version

    Mozilla 1.7.12.01.00 Mozilla 1.7.13 Internet Explorer 6.0 HP Secure Web Browser 1.7.13 Power Management The iLO 2 MP power management feature enables you to view and control the power state of the server, monitor power usage, monitor the processor, and modify power settings. The Power Management page has three menu options: •...

  • Page 104: Power & Reset Page

    Figure 6-17 Power & Reset Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. For information on how to set the power management options in Onboard Administrator, see the HP BladeSystem Onboard Administrator User Guide on the HP website at: http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00705292/c00705292.pdf...

  • Page 105: Power Meter Readings

    Table 6-15 Power & Reset Page Description (continued) Fields and Buttons Description System Power Restore This option enables you to configure the power restore policy. The power restore policy Settings determines how the system behaves when ac power returns after an ac power loss. You must have iLO configuration access right to use this option.

  • Page 106: Power Meter Readings Page

    Figure 6-18 Power Meter Readings Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. IMPORTANT: Power consumption data readings are dependent on the configuration, architecture, components, and levels of activity of the server at any given time.

  • Page 107: Power Regulator

    IPM license and an iLO (select or advanced ) license. NOTE: Power regulation does not require the Advanced Pack license. Figure 6-19 Power Regulator Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. Table 6-17 lists the fields, buttons, and descriptions. Web GUI...

  • Page 108: Administration

    • Power Regulation through HP SIM (using the HP IPM plug in) HP Insight Power Manager (HP IPM), a plug-in to HP Systems Insight Manager (HP SIM), is an integrated power monitoring and management application that provides centralized control of server power consumption and thermal output. It extends the unified infrastructure management framework of HP SIM by providing new energy levers into the server.

  • Page 109: Firmware Upgrade

    The Firmware Upgrade page functionality is only available to authorized HP service personnel. The MP firmware is packaged along with system, BMC, and FPGA/PSOC firmware. To perform a firmware upgrade, you can download and upgrade the firmware package from the HP website at: http://www.hp.com/go/bizsupport.

  • Page 110: Licensing Page

    On HP Integrity server blades, an Advanced Pack license is standard. Remember to save the Advanced Pack license key information that was provided by HP. If you ever need to replace your server blade under warranty, you will need to transfer the key by typing the code on the replacement server blade.

  • Page 111: User Administration > Local Accounts

    You must have administration access right to use this feature. Figure 6-21 Local Accounts Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. There are two default users: Admin: The Admin user has all five rights (console access, power control, MP configuration, user administration, virtual media).

  • Page 112: Group Accounts

    This feature is only available if you have the iLO 2 MP Advanced Pack license. Figure 6-22 Group Accounts Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. Table 6-20 lists the fields, buttons, and descriptions.

  • Page 113: Access Settings

    6-23) enables you to modify LAN settings. You must have iLO configuration access right to use this feature. Figure 6-23 LAN Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. Table 6-21 lists the fields, buttons, and descriptions. Web GUI...

  • Page 114: Serial Page

    Table 6-21 LAN Page Description Fields and Buttons Description Telnet You can enable or disable telnet access to the iLO 2 MP using the enable or disable option. You can enable or disable SSH access to the iLO 2 MP using the enable or disable option. An industry-standard client-server connectivity protocol that provides a secure remote connection.

  • Page 115: Login Options Page

    NOTE: The BL c-Class tab is available only on HP Integrity server blades. Table 6-22 lists the fields, buttons, and descriptions. Table 6-22 Serial Page Description Fields and Buttons Description Bit Rate in Bits per Second This option enables you to set the baud rate. Input and output data rates are the same.

  • Page 116: Current Ldap Parameters

    The LDAP feature is only available if you have the iLO 2 MP Advanced Pack license. Figure 6-26 Current LDAP Parameters Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. Table 6-24 lists the fields and descriptions.

  • Page 117: Network Settings

    HP schema. • Enable with Default Schema: selects directory authentication and authorization using user accounts in the directory which has not been extended with the HP schema. User accounts and group memberships are used to authenticate and authorize users.

  • Page 118: Domain Name Server

    Figure 6-27 Standard Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. Table 6-25 lists the fields, buttons, and descriptions. Table 6-25 Standard Page Description Fields and Buttons Description MAC Address The 12 digit (hexadecimal) MAC address.

  • Page 119: Snmp Settings

    You can only configure the DNS server if DHCP is enabled. Figure 6-28 Domain Name Server Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. Table 6-26 lists the fields, buttons, and descriptions. Table 6-26 DNS Page Description...

  • Page 120: Snmp Settings Page

    Figure 6-29 SNMP Settings Page NOTE: The BL c-Class tab is available only on HP Integrity server blades. Table 6-27 lists the fields and descriptions. Table 6-27 SNMP Settings Page Description Field Description SNMP Choosing Enable or Disable, activates or deactivates the SNMP feature support on this iLO 2 MP.

  • Page 121: Bl C-Class

    This is the rack unique identifier. Bay Number The enclosure can support as many as eight HP Integrity server blades. When viewed from the rack front, the bays are numbered from left to right and from 1 to 8. The bay number is used to locate and identify a server blade.

  • Page 122: Help

    If a user does not have sufficient rights, the button is disabled. Before setting up the HP BladeSystem OA, HP recommends that you read the HP BladeSystem Onboard Administrator User Guide on the HP website at: http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00705292/c00705292.pdf...

  • Page 123: Smash Server Management Command Line Protocol

    At this time, SMASH SM CLP is not the primary text user interface (TUI) or the primary scripting interface for the iLO 2 MP. The HP proprietary TUI is the primary text interface of the iLO 2 MP. The entire text user interface of the iLO 2 MP, available on telnet and SSH, supports all MP functionality.

  • Page 124: Sm Clp Session

    HE: Main Help Menu X: Exit Connection [hqgstlv7] MP> [hqgstlv7] MP> SMCLP HP SMASH SM CLP interface. Type "help" to display all supported commands. Type "show" to display information about the current target. Type "start /map1/textredirectsap1" to switch to iLO Main Menu interface.

  • Page 125: Using The Sm Clp Interface

    Use the following example as you follow the prompts on the screen to change the default interface from MP Main Menu to SM CLP. MP:CM>SA This command allows you to modify MP access configuration. Current Set Access Configuration: R - Remote : OS SESSION T - Telnet : Enabled...

  • Page 126: Sm Clp Syntax

    </>hpiLO-> If an invalid target is specified, the response differs as follows: </> hpiLO-> show /badtarget1 status=3 status_tag=COMMAND PROCESSING FAILED error_tag=COMMAND SYNTAX ERROR ‘/badtarget1’ is an invalid target. </>hpiLO-> SM CLP Syntax The following sections provide terms, descriptions, and examples of the SM CLP syntax. Command Line Terms The command syntax consists of a command verb, options, target address, and properties.

  • Page 127: Command Targets

    Table 6-29 Supported Command Verbs (continued) Command Action help Displays context-sensitive help. help displays general help and all supported commands. help <some verb> displays help for the specified verb. help <some target>displays help for the specified target. help <some property> displays help for the specified property. load Moves a binary image to iLO 2 MP from a URI.

  • Page 128: Command Options

    Command Options Command options control verb behavior. Command options can appear immediately after the verb and must be prefaced with a dash (-). Most command options have both a full name and a short form; for example: show –level all or show –l all Level Option The level option instructs the command verb to include n number of levels in the scope of its execution.

  • Page 129: Character Set, Delimiters, Special, And Reserved Characters

    Find and display all targets that have the EnabledState property: </map1> hpiLO-> show -l all -d properties=”enabled state” Find and display all Account targets in the system and their information: </> hpiLO-> show -l all account* Table 6-30 shows the available command options. Table 6-30 Command Options Option Short Form...

  • Page 130: System1 Target

    Table 6-31 SM CLP Reserved Characters and Character Sequences (continued) Character or Name Description and Uses Sequence Hyphen When preceded by a space, the hyphen is the SM CLP option indicator. Address term separator Separates the UFiT terms of a target address. Recognized as a special target address token meaning this container.

  • Page 131: Displaying Power Status

    (for example, dedicated to a particular use), or a general-purpose system. Name Name that identifies the iLO 2 MP. Read-only Set to iLO 2 Advanced, HP Integrity. Verbs show Displays information. help Displays context-sensitive help. SMASH Server Management Command Line Protocol...

  • Page 132: Map1 Example

    Properties Name=iLO Advanced, HP Integrity Dedicated=Management Verbs cd help show load reset </> hpiLO-> Resetting the iLO 2 MP To reset the iLO 2 MP, run the reset command to the MAP1 target as in the following example: </>hpiLO->...

  • Page 133: Opening The System Console Interface From Sm Clp

    Table 6-34 /map1/textredirectsap1 Properties Property Name Description Access and Values EnabledState Shows whether the text redirection is Read-only enabled. The value is set to Enabled. SessionTerminateSequence A string sequence used for Read-only terminating text redirection session The value is set to SMCLP. and returning to SM CLP.

  • Page 134: Starting A System Console Session

    Starting a System Console Session To start a system console session, enter the following command: </>hpiLO->start /system1/consoles1/textredirectsap1 Determining the Session Termination Character Sequence for the System Console To determine the session termination character sequence for the system console, enter the following command: </>...

  • Page 135: Target: Map1/Swinventory1

    Changes the current default target. help Displays context-sensitive help. show Displays information. Target: map1/swinventory1 SoftwareInventory is a dedicated collection for all firmware in the system known to the iLO 2 Table 6-37 shows swinventory1 target properties. Table 6-37 swinventory1 Properties Property Name Description Access and Values...

  • Page 136: Firmware Upgrade

    Firmware Upgrade Firmware upgrades enhance the functionality of iLO 2 MP. The MP firmware is packaged along with system, BMC, and FPGA/PSOC firmware. You can download and upgrade the firmware package from the HP website at: http://www.hp.com/go/bizsupport. IMPORTANT: When performing a firmware upgrade that contains system programmable hardware, you must properly shut down any OS that is running before starting the firmware upgrade process.

  • Page 137: Target: Map1/Telnetsvc1

    Target: map1/telnetsvc1 The telnetsvc1 target represents the telnetsvc service provided by map1. Table 6-39 shows telnetsvc1 target properties. Table 6-39 telnetsvc1 Properties Property Name Description Access and Values EnabledState Shows whether telnet is enabled or disabled. Read-only The following are valid values: Enabled, Disabled Protocol The protocol this service provides.

  • Page 138: Ssh Examples

    SSH Examples The following examples show specific SSH commands. Enable SSH Service </>-> start /map1/sshsvc1 Disable SSH Service </>-> stop /map1/sshsvc1 Network Configuration Network commands enable you to display or modify network settings. SM CLP Network Targets, Properties, and Verbs This section describes targets, target properties, and supported verbs necessary to implement the iLO 2 MP network configuration through SM CLP.

  • Page 139: Target: Map1/Enetport1/Lanendpt1/Ipendpt1

    Changes the current default target. help Displays context-sensitive help. show Displays information. Target: map1/enetport1/lanendpt1/ipendpt1 The ipendpt1 target represents the iLO IP endpoint settings. Table 6-43 shows ipendpt1 target properties. Table 6-43 ipendpt1 Properties Property Name Description Access and Values IPv4Address iLO 2 MP IP address.

  • Page 140: Target: Map1/Dnsendpt1

    Target: map1/dnsendpt1 The dnsendpt1 target represents the iLO 2 MP DNS client. Table 6-45 shows dnsendpt1 target properties. Table 6-45 dnsendpt1 Properties Property Name Description Access and Values EnabledState Represents the state of iLO 2 MP Read only DNS. The following are valid values: Enabled: The iLO 2 MP DNS client is enabled.

  • Page 141: Target: Map1/Settings1/Dnssettings1

    Sets a property to a specific value. Target: map1/settings1/dnssettings1 The dnssettings1 target contains iLO 2 MP DNS settings. Table 6-48 shows dnssettings1 target properties. Table 6-48 dnssettings1 Properties Property Name Description Access and Values DNSServerAddress Contains the IP addresses of the Read/write primary, secondary, and tertiary This is an array property.

  • Page 142: Vmedia

    Determine Gateway Address </>hpiLO-> show -d properties=accessinfo /map1/enetport1/lanendpt1/ipendpt1/gateway1 Set Gateway Address </>hpiLO-> set /map1/enetport1/lanendpt1/ipendpt1/gateway1 AccessInfo=192.0.2.1 Determine Link State (Autosense) </>hpiLO-> show -d properties=autosense /map1/enetport1 Set Link (Autosense) </>hpiLO-> set /map1/enetport1 autosense=true AccessInfo=192.0.2.1 Enable/Disable DHCP </>hpiLO-> stop /map1/dhcpendpt1 </>hpiLO-> start /map1/dhcpendpt1 Determine all DNS settings </>hpiLO->...

  • Page 143: Sm Clp Vmedia Use Cases

    Verbs show Displays information. help Displays context-sensitive help. Sets a property to a specific value. SM CLP vMedia Use Cases The following examples show actions you can perform using SM CLP for vMedia. Change the current context to the CD drive. –>...

  • Page 144: User Account Examples

    2 MP LDAP settings using SM CLP. NOTE: You can only configure LDAP with extended HP schema from the SM CLP interface. You can configure LDAP with default schema using the iLO 2 MP web GUI or the iLO 2 MP Command menu.

  • Page 145: Ldap Configuration Examples

    Set iLO 2 DN name as it is configured in the directory server. In this example it is set to cn=iLO2,ou=ManagementDevices,o=hp. • Set user search context #1. In this example it is set to cn=user,ou= engineering,o=hp. SMASH Server Management Command Line Protocol...

  • Page 147: Installing And Configuring Directory Services

    7 Installing and Configuring Directory Services You can install and configure the iLO 2 MP directory services to leverage the benefits of a single point of administration for the iLO 2 MP user accounts. This chapter provides information on how to install and configure iLO 2 MP directory services. This chapter addresses the following topics: •...

  • Page 148: Features Supported By Directory Integration

    “Directory Services Schema (LDAP)” (page 179) • “Directory-Enabled Remote Management” (page 173) Install Download the HP Lights-Out Directory Package containing the schema installer, the management snap-in installer, and the migrations utilities from the HP website (http://www.hp.com/servers/lights-out). Run the schema installer once to extend the schema.

  • Page 149: Schema Documentation

    Schema Documentation To assist with the planning and approval process, HP documents the changes made to the schema during the schema setup process. To review the changes made to your existing schema, see “Directory Services Schema (LDAP)” (page 179). Directory Services Support The iLO 2 MP supports the following directory services: •...

  • Page 150: Required Schema Software

    The iLO 2 MP requires specific software to extend the schema and provide snap-ins to manage the iLO 2 network. An HP Smart Component that contains the schema installer and the management snap-in installer is available for download from the HP website at: http://www.hp.com/servers/lights-out.

  • Page 151: Results Screen

    Figure 7-2 Schema Setup Screen The Directory Server section of the Setup screen enables you to select whether to use Active Directory or eDirectory, and to set the computer name and the port to be used for LDAP communications. IMPORTANT: To extend the schema on Active Directory you must be an authenticated schema administrator, the schema must not be write protected, and the directory must be the flexible single master operation (FSMO) role owner in the tree.

  • Page 152: Management Snap-In Installer

    Make the associations between iLO 2 MP objects and role objects. Directory Services for Active Directory HP provides a utility to automate much of the directory setup process. You can download the HP Directories Support for the iLO 2 MP on the HP website at: http://h18004.www1.hp.com/support/files/lights-out/us/index.html...

  • Page 153: Preparing Directory Services For Active Directory

    Extending the Schema” section of the Installation of Schema Extensions in the Windows 2000 Server Resource Kit), or by doing the following: CAUTION: Incorrectly editing the registry can severely damage your system. HP recommends creating a backup of any valued data on the computer before making changes to the registry.

  • Page 154: Installing And Initializing Snap-Ins For Active Directory

    Example: Creating and Configuring Directory Objects for Use with iLO 2 in Active Directory The following example shows how to set up roles and HP devices in an enterprise directory with the domain mpiso.com, which consists of two organizational units: Roles and MPs.

  • Page 155: Directory Example

    Create an organizational unit to contain the iLO 2 devices managed by the domain. In this example, two organizational units are created, Roles and MPs. Use the Active Directory Users and Computers snap-ins provided by HP to create iLO 2 objects for several iLO 2 devices in the MP organizational unit.

  • Page 156: Create New Hp Management Object Dialog Box

    Click OK Repeat the process, creating a role for remote server monitors named remoteMonitors. Use the Active Directory Users and Computers snap-ins provided by HP to assign the roles rights, and associate the roles with users and devices. In the Roles organizational unit in the mpiso.com domain, right-click the remoteAdmins role , and select Properties.

  • Page 157: Select Users Dialog Box

    Using the same procedure in step 4, edit the properties of the remoteMonitors role, add the lpmp device to the Managed Devices list on the HP Devices tab, and use the Members tab to add users to the remoteMonitors role.

  • Page 158: Directory Services Objects

    (Figure 7-8). • To browse to a specific HP device and add it to the list of member devices, click Add. • To browse to a specific HP device and remove it from the list of member devices, click Remove.

  • Page 159: Managing Users In A Role

    Figure 7-8 HP Devices Tab Managing Users In a Role After user objects are created, use the Members tab (Figure 7-9) to manage the users within the role. • To add a user, browse to the specific user you want to add, and click Add.

  • Page 160: Setting Login Restrictions

    Setting Login Restrictions The Role Restrictions tab (Figure 7-10) enables you to set login restrictions for a role. These restrictions include: • Time Restrictions • IP Network Address Restrictions — IP/Mask — IP Range — DNS Name Figure 7-10 Role Restrictions Tab Setting Time Restrictions •...

  • Page 161: Defining Client Ip Address Or Dns Name Access

    Figure 7-1 1 Logon Hours Screen Defining Client IP Address or DNS Name Access From the Role Restrictions tab you can grant or deny access to an IP address, IP address range, or DNS names. In the By Default list, select whether to grant or deny access from all addresses except for specified IP addresses, IP address ranges, and DNS names.

  • Page 162: Setting User Or Group Role Rights

    on a single DNS name or a subdomain, entered in the form of host.company.com or *.domain.company.com. Enter the information and click OK. To save the changes, click OK. To remove any of the entries, highlight the entry in the display list and click Remove. Setting User or Group Role Rights After you create a role, you can select rights for that role.

  • Page 163: Directory Services For Edirectory

    Creating Objects To create iLO 2 MP objects, follow these steps: Use the ConsoleOne snap-ins provided by HP to create iLO 2 MP objects in the HP devices organizational unit for several iLO 2 MP devices. Directory Services for eDirectory...

  • Page 164: Creating Roles

    Repeat the process, creating a role for remote server monitors named remoteMonitors in region1 roles, and a remoteAdmins and remoteMonitors role in region2. Use the ConsoleOne snap-ins provided by HP to assign rights to the role and associate the roles with users and devices.

  • Page 165: Setting Role Rights

    Using the same procedure as in step 3, edit the properties of the remoteMonitors role: Add the three iLO 2 MP devices within HP devices under region1 to the Managed Devices list on the Role Managed Devices subtab of the HP Management tab.

  • Page 166: Directory Services Objects For Edirectory

    Figure 7-17 Role Managed Devices Subtab To browse to the specific HP device and add it as a managed device, click Add. Adding Members After you create user objects, use the Members tab (Figure 7-18) to manage users within a role.

  • Page 167: Setting Role Restrictions

    Figure 7-18 Members Tab (eDirectory) To browse to the specific user you want to add, click Add. To remove a user from the list of valid members, highlight the user name and click Delete. Setting Role Restrictions The Role Restrictions subtab (Figure 7-19) enables you to set login restrictions for a role.

  • Page 168: Setting Time Restrictions

    After you create a role, you can select rights for the role and make users and group objects members of the role, which gives users or groups of users the rights granted by that role. Use the Lights Out Management Device Rights subtab of the HP Management tab (Figure 7-21) to manage rights.

  • Page 169: Installing Snap-Ins And Extending Schema For Edirectory On A Linux Platform

    New classes are added, such as hpqTarget, hpqPolicy and hpq role. HP has created objects using these classes to support iLO 2 MP devices (created using the hpqTarget class), and iLO 2 MP admins and monitors (created using the hpqRole class).

  • Page 170: Installing Snap-Ins

    Create the HP directory under the /usr/ConsoleOne/snapins/ directory, and copy the two .jar snap-in files, hpqLOMv100.jar and hpqMgmtCore.jar, to the HP directory. When the hpdsse.sh file is executed, the HP directory is automatically created and the two .jar files are copied to it.

  • Page 171: Verifying Snap-In Installation And Schema Extension

    Run ConsoleOne and log on to the tree. Verify the new classes by opening the Schema Manager from the Tools list. All the classes related to the HP directory services must be present in the classes list. The classes are hpqRole, hpqTarget, hpqPolicy, and hpqLOMv100.

  • Page 172: User Login Using Directory Services

    • LDAP Fully Distinguished Names Example: CN=John Smith,CN=Users,DC=HP,DC=COM, or @HP.com The short form of the login name by itself does not identify which domain you are trying to access. To identify the domain, provide the domain name or use the LDAP Distinguished Name of your account.

  • Page 173: Certificate Services

    Certificate Services The following sections provide instructions for installing Certificate Services, verifying directory services, and configuring automatic certificate requests. Installing Certificate Services To install Certificate Services, follow these steps: Select Start>Settings>Control Panel. Double-click Add/Remove Programs. Click Add/Remove Windows Components to start the Windows Components wizard. Select Certificate Services and click Next.

  • Page 174: Using Existing Groups

    In general, you can use the HP provided snap-ins to create objects. It is useful to give the iLO 2 MP device objects meaningful names, such as the device's network address, DNS name, host server name, or serial number. Directory-enabled remote management enables you to: •...

  • Page 175: Creating Roles That Follow Organizational Structure

    devices, but grant different rights. Sometimes, it is useful to assign generic rights to the lesser role, and include the iLO 2 MP administrators in that role, and the administrative role. Figure 7-22 shows one way that an administrative user gains admin role right. The admin user’s initial login right is granted through the regular user role.

  • Page 176: Ip Address Range Restrictions

    DNS-based restrictions can limit access to a single, specific machine name or to machines sharing a common domain suffix. For example, the DNS restriction www.hp.com matches hosts that are assigned the domain name www.hp.com. However, the DNS restriction *.hp.com matches any machine originating from HP.

  • Page 177: How User Time Restrictions Are Enforced

    Role access restrictions limit an authenticated user's ability to receive iLO 2 MP privileges based on rights specified in one or more roles. Figure 7-24 shows the user and role access restrictions. Figure 7-24 User and Role Access Restrictions How User Time Restrictions Are Enforced You can place a time restriction on directory user accounts.

  • Page 178: User Address Restrictions

    Figure 7-25 User Time Restrictions User Address Restrictions You can place network address restrictions on a directory user account, and the directory server enforces these restrictions. See the directory service documentation for information about the enforcement of address restrictions on LDAP clients, such as a user logging in to an iLO 2 MP device.

  • Page 179: Directory Services Schema (Ldap)

    A directory schema specifies the types of objects that a directory can have and the mandatory and optional attributes of each object type. The following sections describe both the HP management core, and the LDAP object identifier classes and attributes that are specific to iLO 2 MP.

  • Page 180: Core Classes

    7-5, Table 7-6, and Table 7-7 define the HP management core classes. hpqTarget Table 7-5 hpqTarget 1.3.6.1.4.1.232.1001.1.1.1.1 Description This class defines target objects, providing the basis for HP products using directory-enabled management. Class Type Structural SuperClasses User Attributes hpqPolicyDN—1.3.6.1.4.1.232.1001.1.1.2.1hpqRoleMembership—1.3.6.1.4.1.232.1001.1.1.2.2 Remarks...

  • Page 181: Hpqrole

    Table 7-6 hpqRole 1.3.6.1.4.1.232.1001.1.1.1.2 Description This class defines role objects, providing the basis for HP products using directory-enabled management. Class Type Structural SuperClasses Group Attributes hpqRoleIPRestrictions—1.3.6.1.4.1.232.1001.1.1.2.5hpqRoleIPRestrictionDefault—1.3.6.1.4.1.232.1001.1.1.2.4 hpqRoleTimeRestriction—1.3.6.1.4.1.232.1001.1.1.2.6hpqTargetMembership—1.3.6.1.4.1.232.1001.1.1.2.3 Remarks None hpqPolicy Table 7-7 hpqPolicy 1.3.6.1.4.1.232.1001.1.1.1.3 Description This class defines policy objects, providing the basis for HP products using directory-enabled management.

  • Page 182: Hpqtargetmembership

    hpqTargetMembership Table 7-10 hpqTargetMembership 1.3.6.1.4.1.232.1001.1.1.2.3 Description This attribute provides a list of hpqTarget objects that belong to this object. Syntax Distinguished Name—1.3.6.1.4.1.1466.115.121.1.12 Options Multi Valued Remarks None hpqRoleIPRestrictionDefault Table 7-1 1 hpqRoleIPRestrictionDefault 1.3.6.1.4.1.232.1001.1.1.2.4 Description This attribute is a Boolean expression representing access by unspecified clients, which partially specifies rights restrictions under an IP network address constraint.

  • Page 183: Ilo 2 Mp-Specific Ldap Oid Classes And Attributes

    1.3.6.1.4.1.232.1001.1.8.2.5 hpqLOMRightConfigureSettings 1.3.6.1.4.1.232.1001.1.8.2.6 iLO 2 MP Class Definitions hpqLOMv100 Table 7-16 hpqLOMv100 1.3.6.1.4.1.232.1001.1.8.1.1 Description This class defines the rights and settings used with HP iLO 2 MP products. Class Type Auxiliary SuperClasses None Attributes hpqLOMRightConfigureSettings—1.3.6.1.4.1.232.1001.1.8.2.1 hpqLOMRightLocalUserAdmin—1.3.6.1.4.1.232.1001.1. 8.2.2 hpqLOMRightLogin—1.3.6.1.4.1.232.1001.1.8.2.3 hpqLOMRightRemoteConsole—1.3.6.1.4.1.232.1001.1.8.2.4 hpq LOMRightServerReset—1.3.6.1.4.1.232.1001.1.8.2.5...

  • Page 184: Ilo 2 Mp Attribute Definitions

    This attribute is only used on role objects. If this attribute is TRUE, members of the role are granted the right. hpqLOMRightServerReset Table 7-20 hpqLOMRightServerReset 1.3.6.1.4.1.232.1001.1.8.2.4 Description Remote server reset and power button right for HP iLO 2 MP products. Syntax Boolean—1.3.6.1.4.1.1466.115.121.1.7 Options Single valued Remarks This attribute is only used on role objects.

  • Page 185: Hpqlomrightlocaluseradmin

    Table 7-21 hpqLOMRightLocalUserAdmin 1.3.6.1.4.1.232.1001.1.8.2.5 Description Local user database administration right for HP iLO 2 MP products. Syntax Boolean—1.3.6.1.4.1.1466.115.121.1.7 Options Single valued Remarks This attribute is only used on role objects. If this attribute is TRUE, members of the role are granted the right.

  • Page 187: Glossary

    Glossary Address In networking, a unique code that identifies a node in the network. Names such as host1.hp.com are translated to dott-quad addresses such as 168.124.3.4 by the Domain Name Service (DNS). Address Path An address path is one in which each term has the appropriate intervening addressing association.
  • Page 188 Domain Name System. A distributed, name resolution system that enables computers to locate other computers on a network or the Internet by domain name. The system associates standard Internet Protocol (IP) addresses, such as 00.120.000.168, with host names, such as www.hp.com. Machines typically acquire this information from a DNS server.
  • Page 189 Domain A grouping of hosts that is identified by a name. The hosts usually belong to the same Internet Protocol (IP) network address. Domain Name The unique name assigned to a system or group of systems on the Internet. The host names of all the systems in the group have the same domain name suffix.
  • Page 190 The iLO functionality offers remote server management through an independent management Out (iLO) processor (MP). iLO was introduced into most HP Integrity entry class servers in late 2004. Prior to that, embedded remote server management was referred to as MP functionality. All legacy MP functionality has been carried forward and combined with new features, all under the heading of "iLO".
  • Page 191 The Onboard Administrator (OA) is the enclosure management processor, subsystem, and Administrator firmware base used to support HP Integrity server blades and all the managed devices contained within the enclosure. The OA provides a single point from which to perform basic management tasks on server blades or switches within the enclosure.
  • Page 192 Schema Definitions that describe what type of information can be stored as entries in the directory. When information that does not match the schema is stored in the directory, clients attempting to access the directory may be unable to display the proper results. Schemas come in many forms, such as a text file, information in a repository, or diagrams.
  • Page 193 User The CLP User represents an instance of a client which transmits and receives CLP-compliant messages. The CLP is part of the SM CLP architecture. It is intended to either be a person or a script interacting with a terminal service such as telnet or SSHv2. User Account A record of essential user information that is stored on the system.

  • Page 195: Index

    Index PS, 76 RB, 76 access options, 77 RS, 77 access rights, configuring, 20 SA, 77 alert levels, system status logs, 62 SNMP, 77 ARP ping SO, 78 commands, 38 SS, 79 using to configure a static IP address, 38 SYSREV, 79 using to configure iLO 2 MP LAN, 37 TC, 79...
  • Page 196 152 MP main menu command, 63 preparation, 153 web GUI, 123 setting lights-out management device rights, 168 HP management object identifiers, 179–182 setting role restrictions, 167 core attribute definitions, 181–182 setting time restrictions, 168 core attributes, 180 snap-in installation and initialization, 163...
  • Page 197 Object Identifiers (see HP management object identifiers or iLO 2 MP-specific object identifiers) configuration methods, 36 OIDs (see HP management object identifiers or iLO 2 configure using ARP ping, 37 MP-specific object identifiers) configure using console serial port (RS-232), 39...
  • Page 198 firmware revision display, 134 invoke system console, 133 RB command, 76 LDAP configuration, 144 remote console, disconnecting, 70 level option, 128 required components, 24 map1 target, 131 reset button, iLO 2 MP, 31 network configuration, 138 reset password to factory default, 31 remote access configuration, 136 reset, BMC password, 67 syntax, 126...
  • Page 199 accessing graphic console, 51 virtual front panel (VFP), 61 virtual media access right, 20 CD/DVD, 97 disk image files, 100 SM CLP command verbs, 142 vKVM, 88 web GUI active users, 83 DNS settings, configure, 118 firmware upgrade, 109 group accounts, 112 help, 122 interacting with, 49 LAN access settings, 113...

Table of Contents