Intel® Remote Management Module 2 User Guide Order Number: E27084-001
Disclaimer Information in this document is provided in connection with Intel® products. No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted by this document.
Preface About this Manual Thank you for purchasing and using the Intel® Remote Management Module 2. This manual is written for system technicians who are responsible for installing, troubleshooting, upgrading, and repairing this management module. This document provides a brief overview of the features of the module, and instructions on how to use and operate the Intel® Remote Management Module 2. Manual Organization Chapter 1 provides a brief overview of the Intel® Remote Management Module 2.
Contents Safety Information WARNING Before working with your Intel® RMM2 product, whether you are using this guide or any other resource as a reference, pay close attention to the safety instructions. You must adhere to the assembly instructions in this guide to ensure and maintain compliance with existing product certifications and approvals. Use only the described, regulated components specified in this guide.
Contents Safety Cautions Read all caution and safety statements in this document before performing any of the instructions. See also Intel Server Boards and Server Chassis Safety Information at http://support.intel.com/support/motherboards/server/sb/cs-010770.htm. SAFETY STEPS: Whenever you remove the chassis covers to access the inside of the system, follow these steps: 1. Turn off all peripheral devices connected to the system. 2. Turn off the system by pressing the power button. 3.
Contents 重要安全指导 在执行任何指令之前,请阅读本文档中的所有注意事项及安全声明。参见 Resource CD(资源光盘) 和/或http://support.intel.com/support/motherboards/server/sb/cs-010770.htm 上的 Intel Server Boards and Server Chassis Safety Information(《Intel 服务器主板与服务器机箱安全信息》)。 Consignes de sécurité Lisez attention toutes les consignes de sécurité et les mises en garde indiquées dans ce document avant de suivre toute instruction.
Contents electrostática (ESD). Puede hacerlo si utiliza una muñequera antiestática sujetada a la toma de tierra del chasis — o a cualquier tipo de superficie de metal sin pintar. 6. No ponga en marcha el sistema si se han extraído las tapas del chasis. Si el sistema ha estado en funcionamiento, el microprocesador y el disipador de calor pueden estar aún calientes. También conviene tener en cuenta que en el chasis o en el tablero puede haber piezas cortantes o punzantes.
Contents About this Manual ......................................................................................................................iii Manual Organization..................................................................................................................iii Safety Information..................................................................................................................... iv 1. Intel® Remote Management Module 2 Features.........................................
Contents 4.1.4 KiraTool Options for the Authentication Type ........................................................ 20 4.1.5 KiraTool Options for Other Purposes..................................................................... 21 4.1.6 KiraTool Commands .............................................................................................. 21 4.2 4.2.1 General Commands............................................................................................... 22 4.2.
Contents 6.4.3 Screenshot to Clipboard ........................................................................................ 47 6.4.4 Readability Filter .................................................................................................... 47 6.4.5 Scaling ................................................................................................................... 47 6.4.6 Mouse Handling...........................................................................................
Contents 7.5.2 7.6 Keyboard/Mouse.................................................................................................... 68 Device Setting........................................................................................................ 69 7.6.1 Network.................................................................................................................. 69 7.6.2 Dynamic DNS ..................................................................................................
Contents Properties: .......................................................................................................................... 102 Supported commands: ....................................................................................................... 102 Associations: ...................................................................................................................... 102 Examples of SMASH CLP Commands ...................................................................
Figures Figure 1: Intel® Remote Management Module 2 and Network Interface Card ............................. 6 Figure 2: Installing the Intel® RMM2............................................................................................ 10 Figure 3: Installing the Intel® RMM2 Dedicated NIC Module ...................................................... 11 Figure 4: Installing the Intel® RMM2............................................................................................
Figures Figure 32: Redirecting a Local Drive........................................................................................... 45 Figure 33: Redirecting an ISO Image ......................................................................................... 45 Figure 34: Remote Console Options Menu................................................................................ 46 Figure 35: Remote Console Options Menu: Scaling...................................................................
Figures Figure 66: Example of Group Based System Access Control .................................................... 77 Figure 67: Certificate Menu......................................................................................................... 79 Figure 68: Certificate Upload ...................................................................................................... 80 Figure 69: USB Settings ...............................................................................................
1. Intel® Remote Management Module 2 Features This chapter briefly describes the main features of Intel® Remote Management Module 2 (Intel® RMM2). This chapter provides a photograph of the product and a list of module features. The Intel® Remote Management Module 2 is shown in the following photo.
1.1 Feature Summary The Intel® RMM2 works as an integrated solution on your server system. Based on an embedded operating system, the Intel® RMM2 add-on card provides both exceptional stability and permanent availability independent of the present state of the server’s operating system. As a system administrator, you can use the Intel® RMM2 to gain location-independent remote access to respond to critical incidents and to undertake necessary maintenance. 1.1.
1.2.2 Client System The following client operating system and Internet browser combinations have been tested: • Red Hat* Linux 4 / Red Hat* Linux 4 ES with Firefox • SuSE* 9 Pro 9.
2. Hardware Installations and Initial Configuration 2.1 Before You Begin Before working with your server product, pay close attention to the Safety Information at the beginning of this manual. 2.2 Tools and Supplies Needed • • • 2.
Installation on Intel® Server Board S5000XAL / S5000PAL 2.3.1 The Intel® Server Board S5000XAL / S5000PAL installs in rack mount 1U or 2U chassis. The same installation steps apply to both chassis types. • • • • • • • The Intel® RMM2 module ships with one plastic standoff pre-installed as shown in Figure 2. The standoff will align with a hole in the server baseboard when mounted to the baseboard. Attach the Intel® RMM2 to the connector on the server baseboard labeled “RMM”.
AF002057 Figure 3: Installing the Intel® RMM2 Dedicated NIC Module Installation on the Intel® Server Board S5000PSL 2.3.2 The Intel® Server Board S5000PSL installs in pedestal style chassis. The following steps detail the installation for this type of chassis. • • • • • • • The Intel® RMM2 module ships with one plastic standoff pre-installed as shown in Figure 4. The standoff will align with a hole in the server baseboard when mounted to the baseboard.
AF002055 Figure 4: Installing the Intel® RMM2 AF002056 Figure 5: Installing the Intel® RMM2 Dedicated NIC Module Installation on Intel® Server System S7000FC4UR 2.3.3 The following steps detail the installation of Intel® RMM2 on the Intel® Server System S700FC4UR. • • • • 12 Remove the top cover of the Intel® Server System S7000FC4UR. For instructions, see the Intel® Server System S7000FC4UR product guide. Remove the I/O riser card.
The I/O gasket is required to meet EMI requirements. • • Peel the backing from the EMI gasket that is included with your Intel® Remote Management Module 2 kit. See letter “A” in the following figure. Adhere the EMI gasket to the I/O riser board where the NIC will contact the I/O riser. See letter “B” in the figure. Figure 6: Attaching the EMI Gasket on the Intel® Server System S7000FC4UR I/O Riser Board • Screw the NIC module to the J2B1 header on the I/O riser board, using the provided screws.
• • Align the connector on the Intel® RMM2 to the J6C1 connector on the I/O riser board and align the plastic standoff to the Intel® RMM2 corresponding hole in the I/O riser board. Push down on the Intel® RMM2 to attach it to the I/O riser board. Figure 8: Installing the Intel® RMM2 2.4 Initial Network Configuration When first powered on, the Intel® RMM2 will use a DHCP server acquire an assigned network IP address.
3. Intel® RMM2 Configuration Utility - Psetup 3.1 Psetup Outline The psetup utility is a graphical user interface application, which is used to determine the IP address assigned to the Intel® RMM2 by the DHCP server, or to change the device’s initial network configuration. It allows access to the Intel® RMM2 even if it has no IP address configured. Psetup can access the Intel® RMM2 by two ways: • • 3.2 Locally: Psetup can be started directly on the host containing the Intel® RMM2.
Figure 10: Psetup Tool (Linux Version) When first launched, psetup automatically scans and auto-detects all Intel® RMM2 modules on the local host and on the subnet. The MAC addresses of all detected modules are available as a drop down list. This list allows you to connect and configure individual Intel® RMM2 modules. You can restart the auto-detection by clicking on "Refresh Devices". After selecting a device by MAC address, the "Device Type" will show "Intel(R) RMM2".
fields located above. If necessary, adjust the network settings. To save the changes, enter a user name and a password, then click the Setup Device button. 3.3.2 Using the Psetup Utility for Linux On the top of the window, the MAC address of the device is displayed. To detect the MAC address manually, click the button Refresh. The displayed MAC address is the same MAC address printed on the white sticker placed on the back of the Intel® RMM2.
--login A valid user name with administration rights is required in order to change the network configuration. --pw Password of the specified user. --pw-new The specified user gets a new password. The following examples show commands and their results: • Displaying the current network settings: test@teststation:~# /home/test/psetup --mac 00:0D:5D:00:65:78 IP auto configuration: dhcp IP address: 192.168.5.135 Subnet mask: 255.255.255.0 Gateway: 192.168.5.
4. Intel® RMM2 Configuration Utility - KiraTool 4.1 KiraTool Outline 4.1.1 About the KiraTool Software The KiraTool utility is a command line application which allows the user to manage the Intel® Remote Management Module 2 (Intel® RMM2). KiraTool can be easily invoked by scripts and batch files. This allows the user to design script files to configure the Intel® RMM2 quickly and automatically. KiraTool is available for Windows* and DOS*, EFI and RedHat* Linux.
4.1.3 KiraTool Options for the Connection Type Options for connection type are a set of switches which can control how KiraTool accesses the Intel® RMM2. KiraTool supports following connection options: • • • -l , use the specified IP address to talk to the Intel® RMM2 over LAN. -s, use IPMI over SCSI/USB; this can be augmented with the following -d device option. -d, device option: here you can specify the drive identification for SCSI access of the Intel® RMM2.
Note: When you type the password, your characters will not be echoed: they do not appear as you type. 4.1.5 KiraTool Options for Other Purposes KiraTool also supports the options below. • • • • • 4.1.6 -f, force. This will cause a command to the Intel® RMM2 to be executed without any user confirmation. -a, use ASMI mode – needed if you want to access an Intel® RMM2. -v, verbose. This causes KiraTool to be more informative about the actions taken.
Table 2 KiraTool Commands 4.2 4.2.1 ver Show program version and information. info Show information about the BMC. serial Serial number operations. reset Reset the device. defaults Reset device to factory settings. cfg Backup or restore device configuration. raw Execute raw commands. admin Show or set admin name and password. mac Read or set MAC address. ip Read or set IP address. netmask Read or set subnet mask. gw Read or set default gateway address.
info(rmation) The info command shows basic information (manufacturer identification and product ID) of the Intel® RMM2. The example given also shows the use of the -l, -u and -p options: C:\Program Files\KiraTool>kiratool -l 192.168.2.6 -a -u admin -p password info Manufacturer ID: 10437 (0x28c5) Product ID: 0 (0x0) serial [show] The serial command displays the serial number of the Intel® RMM2. Serial numbers can be strictly numbers and alpha-numeric strings. C:\Program Files\KiraTool>kiratool -l 192.168.2.
raw The raw command allows you to execute very basic commands on the Intel® RMM2. These command codes are specific to your Intel® RMM2 and depend heavily on the version. The example shown here is only an academic example. Normal users of the KiraTool will not need raw commands. Important: They are intended for advanced development and debugging use only. C:\Program Files\KiraTool>kiratool -l 192.168.2.6 –a -u admin -p password raw 06 01 Executed raw command.
Note: When you change these parameters you can very easily make the Intel® RMM2 unavailable on the network. Changing the MAC or IP address will cause problems with your ARP caching and the DHCP server accessing information. Normally you should not encounter a need to change these addresses. mac [show [-c]] This command shows the Intel® RMM2’s Ethernet or MAC address: C:\Program Files\KiraTool>kiratool -l 192.168.2.
netmask [show] Display the netmask currently used by the Intel® RMM2: C:\Program Files\KiraTool>kiratool -l 192.168.2.6 –a -u admin -p password netmask Subnet mask: 255.255.255.0 netmask set You can set the netmask using the normal IP dot notation. Note that changing the netmask can change the behavior of the Intel® RMM2 with regards to broadcasting. If you “widen” the netmask then broadcasts by the Intel® RMM2 can use more network bandwidth. C:\Program Files\KiraTool>kiratool -l 192.168.2.
Example: C:\Program Files\KiraTool>kiratool -l 192.168.2.6 –a -u admin -p password ipsrc set static Successfully set IP source to static 4.2.4 Firmware Commands The KiraTool also allows you to manage the Intel® RMM2’s firmware. fw [ver] Shows the version of the firmware. C:\Program Files\KiraTool>kiratool -l 192.168.2.5 –a -u admin -p password fw Firmware version: 4.2.
fw upgrade This is the upgrade command corresponding to the above validation. Note that it is quite possible to “upgrade” the firmware with one of the same version. This is often useful to re-install the firmware. C:\Program Files\KiraTool>kiratool -l 192.168.2.6 –a -u admin -p password fw upgrade F:\fw-kira- kimasmig4-asmidc-intel_040200-5359.
The example below shows you the output of the test all command on an Intel® RMM2 module with no remote connections: C:\Program Files\KiraTool>kiratool -l 192.168.2.5 –a -u admin -p password test all device: ok (firmware 4.2.
4.2.7 Test Return Codes All of the above tests return an error code if they fail and a zero (0) code when they succeed: • • • 0 (zero) is returned if ALL of the specified tests executed successfully. -1 (minus one) is returned when an error occurs (except for the test command itself). Be careful: in some operating systems this is converted to 127 or another value. Be sure to check carefully! Other values are returned when a specific test produces an error. See table below.
4.3 4.3.1 KiraTool Commands in Detail Windows* Version The Windows* version of KiraTool can run on Microsoft Windows 2000*, Microsoft Windows XP*, and Microsoft Windows 2003 Server*. Execute a self-extracting executable file: “KiraTool 1.5.xx Intel.EXE”, in the KiraTool package to install the Windows* version of KiraTool. (xx is revision number) The welcome page appears; click NEXT to continue.
The “Choose Components” page allows you to select the components to install. Generally you should accept the defaults. Figure 12: KiraTool Setup “Choose Components” Screen Once you have selected NEXT, the installer will ask you for the location to install the KiraTool.
When you accept the suggestion, the installer will proceed to extract and copy the files.
Once you have selected FINISH you will find a “KiraTool Environment” shortcut on your desktop. The picture below shows the shortcut (in the background). You can also invoke KiraTool from the Microsoft Windows XP* Start Menu. Figure 16: Start the KiraTool under Microsoft Windows XP* When you start the “KiraTool Environment”, the system will open a Windows* Command Line window. You can execute the KiraTool command at this window. For example, execute “kiratool” to view its online help page. .
4.3.2 EFI Version Follow below steps to execute the KiraTool on the EFI shell. 1. Boot the server to the EFI shell. 2. Copy “KiraTool.efi” from the KiraTool package to a USB key, and plug to the USB port of the server. 3. Execute “map –r” at the EFI shell to map the USB key; usually it will be mapped with device “fs0”. 4. Execute “ fs0:” to change current folder to “fs0:\>”. 5. Execute the KiraTool command. Or you also can copy “KiraTool.efi” to local hard disk to execute it with the same way.
4.3.4 Linux Version To execute the Linux version of the KiraTool, you need to copy “ KiraTool-1.5.xx-intel” from the KiraTool package to a Linux server folder, such as “ /usr/local/bin ”. ( xx is KiraTool revision number). Follow the process below: linux# cp kiratool-1.5.11-intel /usr/local/bin linux# chmod 755 /usr/local/bin/kiratool-1.5.11-intel KiraTool needs the sg kernel module to detect a locally installed Intel® RMM2.
4.4 4.4.1 Uninstalling KiraTool Windows Version Uninstallation The Windows* version of KiraTool contains an uninstall wizard. Refer to Figure 21 to start the uninstall wizard.
After you click the UNISTALL button, the wizard will start the uninstallation process. At the end of the process, you will see a confirmation screen. Figure 23: Finished KiraTool Uninstall Wizard 4.4.2 Linux Version Uninstallation To uninstall the Linux version of KiraTool, you need to remove the files you placed in the system with command below. linux# rm /usr/local/bin/kiratool-1.5.11-intel 4.4.3 DOS and EFI Version Uninstallation Directly remove KiraTool binary file from your disk.
Getting Started with Intel® RMM2 Operation 5. This section describes the operation of the Intel® RMM2. It will cover the initial login to the advanced features of the module. 5.1 Logging in for the First Time The Intel® RMM2 add-in card may be accessed using a standard Java enabled web browser. You may use the HTTP protocol or a secure encrypted connection via HTTPS. Just enter the configured IP address of the Intel® RMM2 add-in card into your web browser. http://192.168.1.
• Telnet A standard Telnet client can be used to access most of the Intel® RMM2’s functionality, including a text-mode console redirection. When connected using Telnet, the following commands are supported: help, quit, version, terminal, and clp. • SSH A Secure Shell (SSH) client can also be used to access the Intel® RMM2. 5.3 Browsers In order to access the remote host system using a securely encrypted connection, you will need a browser that supports the HTTPS protocol.
Figure 26: Home Page when Accessing the Intel® RMM2 Return to the main page of the Intel® RMM2. Open the Intel® RMM2 Remote Console (KVM). Exit from the Intel® RMM2 front-end. Figure 27: Web Interface – Top Screen Buttons 5.5 Online Help The Web front-end comes with online help. To get further information on a certain topic or group of options, just click the question mark (?) near the group title displayed in the right page and a new browser with the online help will be opened.
Figure 28: Launching the Online Help 5.6 Logging out of the Intel® RMM2 This link logs out the current user and presents a new login screen. Please note that an automatic logout will be performed if there is no activity on the web page for half an hour. There is no timeout associated with the Remote Console (KVM) connection; it will not timeout until closed by the user.
6. Remote Console (KVM) Operation 6.1 General Description The Remote Console is the redirected keyboard, video, and mouse of the remote host system where the Intel® RMM2 is installed. Figure 29: Remote Console The Remote Console window is a Java applet that establishes a TCP connection to the Intel® RMM2. The protocol that is run over this connection is a unique KVM protocol and not HTTP or HTTPS. This protocol uses port #443. Your local network environment must permit this connection to be made, i.e.
6.3 Remote Console Control Bar The upper part of the Remote Console window contains a control bar. Using its elements you can see the status of the Remote Console and influence the local Remote Console settings. A description for each control follows. Note: Some of the following control options are visible only when the operating system type, "Other Operating Systems” has been selected. For details on selecting “Other Operating Systems” see the section for Keyboard/Mouse under the KVM Settings menu.
Using this menu, you can either redirect a local drive (only available under Windows*): Figure 32: Redirecting a Local Drive or redirect an ISO CD/DVD image: Figure 33: Redirecting an ISO Image Intel® Remote Management Module 2 User Guide 45
• Sync Mouse Choose this option in order to synchronize the local mouse with the remote mouse cursor. This is necessary when using accelerated mouse settings on the host system. In general, there is no need to change mouse settings there. This option is available when “Other Operating Systems” is selected. • Ctrl+Alt+Delete Special button key to send the "Control Alt Delete" key combination to the remote system (see also the section called “KVM Settings” for defining a new button).
6.4.3 Screenshot to Clipboard This button allows you to capture a screenshot of the Remote Console. The Intel® RMM2 will automatically place it onto the "clipboard". This allows you to easily import the screenshot into your documents or other programs. 6.4.4 Readability Filter Toggles the Readability Filter on or off. If the filter is switched on in scaling mode, it will preserve most of the screen details even if the image is substantially scaled down. This option is only available with a JVM 1.
• Fast Sync The fast synchronization is used to correct a temporary but fixed skew. • Intelligent Sync Use this option if the fast sync does not work or the mouse settings have been changed on the host system. 6.4.7 Single/Double Mouse Mode Single Mouse Mode will show only the remote mouse pointer. The local mouse pointer will be hidden and the remote one can be controlled directly. To leave this mode it is necessary to define a mouse hotkey in the Remote Console Settings Panel.
6.4.10 Soft Keyboard The Soft Keyboard simulates an entire keyboard that is connected to the remote system. It is necessary when your remote system runs with a completely different language and country mapping to your administration machine. By selecting the appropriate key(s) you can send key codes and key sequences to the remote system; it acts as if you are working with a keyboard that is directly connected to the remote system.
Figure 40: Soft Keyboard Mapping 6.4.11 Local Keyboard This is used to change the language mapping of your browser machine running the Remote Console Applet. Normally the applet determines the correct value automatically. However, depending on your particular JVM and your browser settings, this is not always possible. A typical example is a German localized system that uses a US-English keyboard mapping. In this case you have to manually change the Local Keyboard setting to the right language.
Figure 42: Remote Console Confirmation Dialog 6.4.13 Encoding These options are used to adjust the encoding level in terms of compression and color depth. They are available unless "Transmission Encoding" is determined automatically. Compression Level: You may select a value between 1 and 9 for the desired compression level, with level 1 enabling the fastest compression and level 9 the best compression.
Figure 44: Remote Console Options: Predefined Encoding Compression Color Depth: Sets the desired color depth. You may select between 8 bit and 16 bit for compression level 0, or between 1 bit and 8 bit for compression level 1 through 9. The higher the color depth, the more video information has to be captured and transferred. Figure 45: Remote Console Options: Color Depth 6.
Figure 46: Status Line 6.5.1 Visual Display of Access Setting The icons in the lower right corner of the Remote Console screen display current access settings. One single user is connected to the Remote Console of the Intel® RMM2. One or more users are connected to the Remote Console of the Intel® RMM2. Exclusive access is set for you. Any other user may not access the remote host via Remote Console unless you disable this option. A remote user has exclusive access.
7. Menu Options of the Intel® RMM2 Embedded Web This section details the Intel® RMM2 menu options as seen on the left pane of the home page and the corresponding pages on the right pane. 7.1 Remote Control This menu has two sub-menu listings: KVM and Remote Power. 7.1.1 KVM Console Figure 47: Remote Console Menu Remote Console Preview To open the KVM console either click on the menu entry on the left or on the console picture on the right.
7.1.2 Remote Power Figure 48: Remote Power Display On this screen are buttons which allow you to power cycle or reset the remote server. This does not affect the operation of the Intel® RMM2.
7.2 Virtual Media This menu has two sub-menu listings: Floppy Disk Image and Drive Redirection. 7.2.1 Floppy Disk Image Figure 49: Floppy Disk Image Two virtual floppies are possible using the Intel® RMM2. Use this screen to configure the path to the floppy images. You can specify up to two images. To open the file selection dialog click on the button "Browse" and select the desired image file. The maximum image size is limited to 1.44MB.
as USB drives can be redirected. It is possible to enable a write support so the remote machine can write data to your local disk. Figure 50: Drive Redirection Note: The screen shown above displays status only. It cannot be used to establish virtual media or drive redirection. To use virtual media or drive redirection you must be in the Remote Console window. Drive Redirection works on a level below the operating system.
7.3.1 System Information Figure 51: System Information This page displays information coming from the FRU (Field Replaceable Unit) repository of the host system.
7.3.2 Chassis Control Figure 52: Chassis Control Page Using Chassis Control you can obtain information about the selected chassis, switch the remote power on and off (power cycle), and locate the remote host chassis by turning on the blue System ID LED.
7.3.3 Monitor Sensors Figure 53: Sensor Status This screen gives a visual and detailed report on individual sensor status. Threshold based sensors within a normal range of operation are displayed in green, and sensors in a critical state are shown in red.
7.3.4 System Hardware Event Log Figure 54: System Hardware Event Log You can browse the System Event Logs here. Note: These logs are for IPMI events. These are different from the system logs of the Intel® RMM2. You may use the text buttons back, forward, first, and last to browse within the data. The back button displays the previous page with newer log information, whereas the forward button switches to the following page with older log information.
The Intel® RMM2 has several pre-defined user groups: • Admin - User group for the administrative super user. • Unknown - A restricted group for users without a specific group. • None - Not really a group. This indicates that a user has no group and thus owns a private set of permissions. A super user cannot delete any of the pre-defined groups. The super user may create and delete other groups. 7.4.
7.4.2 User and Groups Figure 56: User Management Page • Existing users: Select an existing user for modification. Once a user has been selected, click the lookup button to see the user information. • New User name: The new user login name for the account currently selected or being created. • Password: The password for the login name. It must be at least four characters long. • Confirm password: Confirmation of the password above. • Email address: This is optional.
7.4.3 Permissions Figure 57: Permissions Page Only one permission set per user is allowed. Either the user inherits permissions from his/her group, or for the user that does not belong to a group, the permissions can be set individually. This page allows you to set these permissions for each group or group-less user. First, select the item (group or group-less user) from the drop-down lists. All changes you make will affect the permission set of the selected entity.
7.5 KVM Settings 7.5.1 User Console Figure 58: Remote Console Setting for Users 7.5.1.1 Remote Console Settings for Users This selection box displays the user ID for which the values are shown and for which the changes will take effect. Select the desired user from the selection box and press the button "Update". This will result in displaying the according user settings below. You are allowed to change the settings of other users only if you have the necessary access rights for this task.
• Manually: Allows adjusting both the compression rate and the color depth individually. Depending on the selected compression rate the data stream between the Intel® RMM2 and the Remote Console will be compressed in order to save bandwidth. Since high compression rates are very time consuming, they should not be used while several users are accessing the Intel® RMM2 simultaneously. The standard color depth is 16 Bit (65536 colors).
automatically. However, in order to make the installation possible, you still have to answer the according dialogs with "yes". The download volume is around 11 Mbytes. The advantage of downloading the Sun Microsystems* JVM is the usage of a stable and identical JVM across different platforms. The Remote Console software is optimized for the Sun Microsystems* JVM and offers a wider range of functionality. 7.5.1.
For a full list of key codes and aliases please refer to the Intel® RMM2 Technical Product Specification. If you need more button keys than shown, use the button "More entries". This will open a list of additional entry fields. 7.5.2 Keyboard/Mouse Figure 60: Keyboard / Mouse Configuration 7.5.2.1 Key Release Timeout This is an important option if you are accessing the Intel® RMM2 over a slow or congested network.
7.5.2.3 Mouse Speed Auto mouse speed Use this option if the mouse settings on the host use an additional acceleration setting. The Intel® RMM2 tries to detect the acceleration and speed of the mouse during the mouse sync process. Fixed mouse speed This option uses a direct translation of mouse movements between the local and the remote pointer. You may also set a fixed scaling which determines the amount the remote mouse pointer is moved when the local mouse pointer is moved by one pixel.
WARNING Changing the network settings of the Intel® RMM2 may result in losing connection to it. If you change the settings remotely, make sure that all the values are correct and you are still able to access the Intel® RMM2. 7.6.1.1 Network Basic Settings IP Auto Configuration With this option you can define whether the Intel® RMM2 should fetch its network settings from a DHCP or BOOTP server. For DHCP select "dhcp" and for BOOTP select "bootp".
SSH Port Port number at which the Intel® RMM2’s SSH (Secure Shell) server is listening. If left empty the default value (port 22) will be used. Bandwidth Limit The maximum network traffic generated through the Intel® RMM2 Ethernet device; value in Kbit/s. Enable Telnet This enables the Telnet client mode. Enable SSH This enables the SSH (Secure Shell) client mode. Disable Setup Protocol Enable this option to exclude the Intel® RMM2 from the setup protocol. 7.6.1.
7.6.2 Dynamic DNS Figure 62: Dynamic DNS Menu A freely available Dynamic DNS service (dyndns.
The Intel® RMM2 is reachable via the IP address of the DSL router which is dynamically assigned by the provider. Since the administrator does not know the IP address assigned by the provider, the Intel® RMM2 connects to a special dynamic DNS server in regular intervals and registers its IP address there. The administrator may contact this server as well and pick up the same IP address belonging to the card.
7.6.3 Security Figure 64: Security Menu 7.6.3.1 HTTP Encryption If this option is enabled, access to the web front-end is only possible using an HTTPS connection. The Intel® RMM2 will not listen on the HTTP port for incoming connections. If you wish to create your own SSL certificate that is used to identify the Intel® RMM2, refer to the section called Certificate. 7.6.3.2 KVM Encryption This option controls the encryption of the KVM protocol.
7.6.3.3 IP Access Control This section contains settings for the module built-in firewall. This firewall can be generally enabled or disabled. If enabled, the firewall allows for explicitly blocking or allowing connections from certain client IP addresses. If the default policy is set to DROP, a list of IP addresses or address ranges can be configured to be exceptionally ACCEPTed.
Appending a Rule Enter the IP/Mask and set the policy. Finally, press the Append button. Inserting a Rule Enter the rule number, the IP/Mask, and set the policy. Finally, press the Insert button. Replacing a Rule Enter the rule number, the IP/Mask, and set the policy. Finally, press the Replace button. Deleting a Rule Enter the rule number and press the Delete button.
7.6.3.4 Group Based System Access Control This is similar to the option above, except that you can specify a group of IP addresses and not a network with a network mask.
7.6.3.5 User Blocking When someone attempts to login to the Intel® RMM2 and fails, you can specify how many failed login attempts the Intel® RMM2 should tolerate before waiting the specified number of "Block Time" minutes before it allows further logins. This is useful for blocking automated hacking attempts. There are no default values for these settings.
7.6.4 Certificate Figure 67: Certificate Menu The Intel® RMM2 uses the Secure Socket Layer (SSL) protocol for any encrypted network traffic between itself and a connected client. During the connection establishment, the Intel® RMM2 has to expose its identity to a client using a cryptographic certificate.
To create and install an SSL certificate for the Intel® RMM2, the following steps are necessary: 1. Create an SSL Certificate Signing Request using the panel shown in Figure 6-31. You need to fill out a number of fields that are explained below. Once this is done, click on the button "Create" which will initiate the Certificate Signing Request generation. The CSR can be downloaded to your administration machine with the "Download CSR" button (see Figure 68). 2. Send the saved CSR to a CA for certification.
7.6.4.3 Organization The name of the organization to which the Intel® RMM2 belongs. 7.6.4.4 Locality/City The city where the organization is located. 7.6.4.5 State/Province The state or province where the organization is located. 7.6.4.6 Country (ISO Code) The country where the organization is located. This is the two-letter ISO code, e.g. DE for Germany, or US for the U.S. 7.6.4.
7.6.5 USB Figure 69: USB Settings In this setting, you can disable the USB high speed mode. This helps resolve some compatibility issues with BIOS or very old Linux versions. However, this reduces the speed of the virtual media emulation.
7.6.6 IPMI Figure 70: IPMI Settings This link refers to the page that can be used to set up the IPMI settings of the Intel® RMM2 module. This is used to configure how the Intel® RMM2 communicates with the motherboard’s BMC, and how you can access the BMC with the help of the Intel® RMM2. IPMI Channel 3 Settings The Intel® RMM2 can act as LAN channel 3 for the onboard BMC. You can specify here whether this functionality is enabled or not.
IPMI Caching Settings The Intel® RMM2 caches the sensor values and system event log entries from the BMC to ensure faster display of these values in the web interface. However, updating the cache takes some time, so other IPMI operations will take longer during these operations. You can specify the update interval here. 7.6.7 Date and Time Figure 71: Date and Time Menu This link refers to a page where the internal real-time clock of the Intel® RMM2 can be set.
7.6.8 Authentication Settings Figure 72: LDAP and Other Authentication Settings On this screen you can specify where the Intel® RMM2 will look to authenticate users. You can use "Local Authentication" which requires you to have created the user account on the Intel® RMM2; the user/group information residing on the Intel® RMM2 will be used for authentication. Alternatively, you can specify an LDAP or a RADIUS Server to use for the login authentication.
values for the LDAP scheme are set appropriately. You can choose between a Generic LDAP Server, a Novell* Directory Service, and a Microsoft* Active Directory. If you have neither a Novell* Directory Service nor a Microsoft* Active Directory then choose a Generic LDAP Server and edit the LDAP scheme used (see below). • Name of login-name attribute: This is the name of the attribute containing the unique login name of a user. To use the default leave this field empty.
• • • • • 7.6.9 characters. A shared secret may consist of up to 128 characters in length and may contain both lowercase and uppercase letters (A-Z, a-z), numerals (0-9) and other symbols (all characters not defined as letters or numerals) such as an exclamation mark (!) or an asterisk (*). Authentication Port: The port the RADIUS server listens for authentication requests. The default value is #1812. Accounting Port The port the RADIUS server listens for accounting requests. The default value is #1813.
Mail server and email source address for event logging is configured here. If you want to enable email notification for Intel® RMM2 internal events, you also have to enable SMTP on the page Event Log. 7.6.10 Event Log Figure 74: Event log Menu – Upper Screen Display The Intel® RMM2 internal events (like a login failure or a firmware update) are logged to a selection of logging destinations. Each of those events belongs to an event group which can be activated separately.
Figure 75: Event Log Menu – Lower Display Screen The common way to log events is to use the internal log list of the Intel® RMM2. To show the log list, click on the item "Event Log" from the section "Maintenance". In the Event Log Settings you can choose how many log entries are shown on each page. You can also clear the log file here. 7.6.10.1 Event Log Targets List Logging Enabled To log events you may use the internal log list of the Intel® RMM2.
SNMP Logging Enabled If this is activated, the Intel® RMM2 sends an SNMP trap to a specified destination IP address every time a log event occurs. If the receiver requires a community string, you can set it in the appropriate text field. Most of the event traps only contain one descriptive string with all information about the log event. Only authentication and host power events have their own trap class that consists of several fields with detailed information about the event that occurred.
The following actions can be initiated via SNMP: • Reset server • Power on/off server • Reset the Intel® RMM2 The following events are reported by the Intel® RMM2 via SNMP: • Login trial at the Intel® RMM2 failed • Login trial at the Intel® RMM2 succeeded • Denying access to a particular action • Server was reset • Server was powered on/off The SNMP settings panel, as shown in Figure 76, allows you to change SNMP related parameters. 7.6.11.
7.7 7.7.1 Maintenance Device Information Figure 77: Device Information Page This section contains a summary with various information about this Intel® RMM2 and its current firmware, and allows you to reset the card. Figure 78: Connected Users From left to right: the connected user(s), its IP address (from which host user is connecting), and its activity status is displayed. "RC" indicates that the Remote Console is open.
7.7.2 Event Log Figure 79: Event Log List The Event Log lists the issues that the Intel® RMM2 has recognized. This is a different event log than the hardware System Event Log listed under the System Health menu. This log includes the events that are kept by the Intel® RMM2 and include the event date, a short event description, and an IP address the request was sent from. You may use the text buttons "Prev" and "Next" to browse within the data.
7.7.3 Update Firmware Figure 80: Firmware Update Page The firmware of the Intel® RMM2 can be updated remotely in order to install new functionality or special features. If new releases of the Intel® RMM2 firmware are needed during the life of the module they will be posted and available from http://support.intel.com by searching on Intel® Remote Management Module 2 or Intel® RMM2.
WARNING This process is not reversible and might take several minutes. Do not remove system power while the Intel® RMM2 is in the update process. This may place the Intel® RMM2 in an unusable state. 7.7.4 Unit Reset Figure 81: Unit Reset Page This section allows you to reset specific parts of the device. This involves both the keyboard and mouse, the video engine, and the Intel® RMM2 itself. Resetting the card itself is mainly needed to activate a newly updated firmware.
Getting Help World Wide Web http://support.intel.com/support/ Telephone In U.S.
Appendix A - Configuring the RADIUS Server This appendix describes the necessary steps to configure a RADIUS server in order to be able to use remote authentication on the Intel® RMM2. This is shown for a Windows 2003 Server*, Standard Edition system with Active Directory enabled. Prerequisites 1. Verify that Active Directory is enabled. If not, go to Start -> Run and type "dcpromo" to enable the Active Directory function. Follow the on-screen instructions to enable Active Directory. 2.
Setup a Custom Remote Access Policy This step explicitly allows the group configured above to login remotely. Go to Start -> Administrator Tools -> Internet Authentication Service. Right click on Remote Access Policies and select New Remote Access Policy. Select Next to get on the Policy Configuration Method page. Switch to set up custom policy and enter a policy name, e.g. "Intel® RMM2 Access". Select Next to get on the Policy Conditions page. Press Add... to add a new policy.
Appendix B – System Management Architecture for Server Hardware – Command Line Protocol The Intel® RMM2 supports an interface to System Management Architecture for Server Hardware (SMASH) and the associated Command Line Protocol (CLP). The SMASH v1.0 suite of specifications was released by the Distributed Management Task Force, Inc in December 2006.
Global commands h There are a number of CLP verbs that can be applied to any target: • CD changes the default target and displays the new value. • SHOW -display targets gives a list of targets subordinated to the specified target (or, if none specified, the default target). • SHOW -display verbs displays a list of verbs applicable to the specified (or default) target. • SHOW -display properties displays the required properties of a given instance.
Sensors The system's various sensors are subordinated to the /system1 instance. The instance's CIM class membership depends on the sensor type: Discrete sensors belong to the CIM_Sensor class; numeric sensors are instances of the CIM_NumericSensor class (which is derived from CIM_Sensor). The CLP class tag depends on the particular sensor's function.
Properties: • • • Name is the key property used to select the instance that represents a given IPMI user slot. This is not the login name for that user. UserID displays the IPMI login name for that user, or NULL if none is set. UserPassword can be used to change the IPMI password for the given account. This property cannot be read back. Supported commands: SET can be used to change the UserID and UserPassword properties.
Appendix C.
Options Notes -v verbose: increase verbosity level by one step, may be mentioned more than once for extra output -c calm: does not print out anything (silent) -h / -? help: shows help and usage information Table 9: Commands Overview Commands Notes ver Shows version of KiraTool. info Shows vendor and device ID of the connected device. ipsrc set static | dhcp | bios | none Sets IP address source. ipsrc [show] Shows current IP address source. ip set Sets IP address (e.g. 192.169.
Commands Notes fw validate [-h] [o] Checks firmware compatibility (-h = crosshwid, -o = cross-oem). fw [ver] Shows firmware version information. serial [show] Shows device's serial number. defaults Resets all settings to factory defaults. reset Hard-resets the module. cfg backup Backup the device's configuration to a file. cfg restore Restore the device's configuration from a file. cfg get Read and show the given configuration key.
Commands Notes crc Calculate CRC sum over the captured screen. ddc Tests DDC interface. info Queries EDID information from the device and compares it to the EDID information known by the OS (only available under Windows*). ipmb Tests IPMB interface. bmc Test whether a BMC responds over IPMB. fml Tests FML interface. esb2 Test whether an ESB2 is responding on FML when TPT (TCP Pass-Through) is active. usb [-c ] Tests USB interface.
Commands Notes Single tests can be skipped using the -s parameter. You can both skip a whole component (e.g. -s ddc) and skip a single test (e.g. -s video crc). -s Included tests in sequence: 1. ddc info 2. video status 3. ipmb bmc 4. fml esb2 5. usb status 6. nic status Return Codes To let the caller know whether an error occurred and what went wrong, KiraTool delivers a return code back the caller: • If everything went well (all tests passed) a value of 0 (zero) is returned.
Test Failure Return Code nic ping 10 nic broadcast 11 fml evalboard 12 ipmb evalboard 13
Appendix D. Key Codes Table 1111: shows the key codes used to define the key strokes or hotkeys for several functions. Please note that these key codes do not necessarily represent the key characters that are used on international keyboards. A key on a standard 104 key PC keyboard with a US English language mapping is named. The layout for this keyboard is shown in Figure 8282.: .
Key / Alias Key(s) SLASH Backspace TAB [ ] ENTER CAPS LOCK \ BACK SLASH LSHIFT SHIFT RCTRL CTRL, STRG RSHIFT SHIFT LCTRL CTRL, STRG LALT ALT SPACE ALT Gr ESCAPE F1 F2 F3 F4 F5 F6 ESC
Key Alias Key(s) F7 F8 F9 F10 F11 F12 PRINTSCREEN SCROLL LOCK BREAK INSERT HOME POS 1 PAGE_UP PAGE_DOWN DELETE END UP LEFT DOWN RIGHT NUM_LOCK NUMPAD0 Intel® Remote Management Module 2 User Guide DEL
Key Alias Key(s) NUMPAD1 NUMPAD2 NUMPAD3 NUMPAD4 NUMPAD5 NUMPAD6 NUMPAD7 NUMPAD8 NUMPAD9 NUMPADPLUS NUMPAD_PLUS, + NUMPAD / / NUMPADMUL NUMPAD_MUL, * NUMPADMINUS NUMPAD_MINUS, - NUMPADENTER WINDOWS MENU