AlterPath BladeManager User Manual Product Version 1.3.0 Revision No. 7 This document contains proprietary information of Cyclades and is not to be disclosed or used except in accordance with applicable contracts or agreements.
We believe the information in this manual is accurate and reliable. However, we assume no responsibility, financial or otherwise, for any consequences of the use of this product or manual. This manual is published by Cyclades Corporation, which reserves the right to make improvements or changes in the products described in this manual as well as to revise this publication at any time and without notice to any person of such revision or change.
Table of Contents Before You Begin Audience Document Organization Typographical Conventions Naming Conventions Chapter 1: Introduction Connectivity and Capacity Key Features Single Point Security Gateway Centralized Authentication Consolidated Views and Blade Access Simple and Easy Web User Interface One-Click Access to Blades and Switches Centralized Data Logging System Log File Compression and Rotation Prioritized Triggers & Alarms Other Alarm Features Blade Wizard Chassis, Blades, and User Group Manageme
Table of Contents Installation Safety Guidelines System Reliability Guidelines Static-Sensitive Devices Installation Procedures Installing DIMMs Installing a Hard Disk Drive Installing a Simple-Swap Serial ATA Hard Disk Drive Installing a SCSI Hard Drive Installing an Adapter 2-12 2-12 2-12 2-13 2-13 2-15 Completing the Installation Connecting the Cables Updating the Server Configuration BladeManager Controls, LEDs, and Power BladeManager Power Features 2-21 2-22 2-23 2-23 2-26 Switching On the Server
Table of Contents Blades Viewing the Blade List Connecting to a Blade Console Multiple Users and Read/Write Access Viewing a Blade or Switch 3-11 3-11 3-13 3-13 3-14 Consoles Detail Form Consoles Access Form Consoles Notify Form Consoles Groups Form 3-14 3-16 3-16 3-17 Logs Viewing the Logs Access Logs Event Logs Data Buffer 3-18 3-19 3-20 3-21 3-22 User’s Profile Changing Your Password Viewing the Use Access Form Viewing the User Groups Form Viewing the Security Form 3-23 3-25 3-25 3-25 3-27 Chapt
Table of Contents IV Connecting to the Web Interface BladeManager Web Interface: Admin Mode Forms Summary Logging Into the BladeManager Web Interface Parts of the Web Interface Sorting, Filtering, and Saving a List Form Using the Form Input Fields Verifying Error Messages 4-9 4-10 4-10 4-14 4-14 4-16 4-17 4-17 Chassis Management Chassis > Devices List Form Using a DHCP Server and Selecting the Correct IP Mode Function of the Status Field Selecting the Group(s) to Access a Chassis 4-17 4-19 4-24 4-24 4-
Table of Contents Viewing the Alarm Trigger List Creating an Alarm Trigger Deleting an Alarm Trigger Using the Logical AND in the Alarm Trigger Expression 4-40 4-41 4-43 Blades / Switches Consoles List Form Viewing the Console List Adding a Serial Console Adding a Switch Console Selecting Users to Access the Console Selecting Users to be Notified 4-43 4-44 4-45 4-46 4-49 4-49 4-50 Assigning the Console to a Group Deleting a Console from a Group Deleting a Console Group Connecting to a Console Log Rotat
Table of Contents Assigning a Security Profile to a User Group 4-64 Security Profiles Security Profile List Adding or Editing a Security Profile Security Profiles: Source IP Security Profiles: LAN ITF Security Profile: Date/Time Configuring Authorization Deleting a Security Profile 4-65 4-66 4-67 4-68 4-70 4-72 4-73 4-75 Backing Up User Data Backup and Restore Scenarios System Recovery Guidelines BladeManager Database Transaction Support Responding to the Warning Message Changing the Default Configuratio
Table of Contents Firmware Upgrading the APBM Firmware Backing Up User Data Managing Log Files Changing the Database Configuration Installing SSL Certificates Appendix A: Hardware Specifications Glossary AlterPath BladeManager Manual 5-16 5-16 5-17 5-18 5-19 5-20 A-1 VII
Table of Contents VIII AlterPath BladeManager Manual
Before You Begin Welcome to the AlterPath BladeManager Manual! This manual is designed to help you install, configure, and operate the BladeManager, as well as to guide you in your daily operations of the product. Note: For convenience, this document refers to the AlterPath BladeManager as simply BladeManager or, as in the case of the command line interface, IPBM. Audience This document is designed for system administrators and regular users of the BladeManager.
Before You Begin Chapter Title Description 4: BladeManager Web Administration Explains to the system administrator how to configure the BladeManager through the web interface and enable users to perform the various fault management procedures such as connecting to a blade, responding to an alert and more. Configuration settings include user access, alarm triggers, chassis and blade management, security profiles, as well as running the blade wizard.
Naming Conventions Blades List > Blade Detail Naming Conventions Administrator Also referred to as the Admin User. The system administrator of the BladeManager who has the authority to configure and manage the BladeManager. BladeManager The short name for AlterPath BladeManager. Form The form is the largest area of the user interface; it contains the user selection or input fields for each selected item in the menu.
Before You Begin Command Line Syntax While this manual is primarily designd for using the BladeManager web interface, some special features show you how to configure the BladeManager using the Command Line Interface (CLI). CLI configuration is discussed in Chapter 5 (Advanced Configuration) of the manual. The typographical conventions used for showing the syntax for these commands are as follows.
Command Line Syntax dashes (-) to indicate range; there should not be any spaces between the values. sXX.pmusers: The user access list. For example: jane:1,2;john:3,4. The format of this field is: [:][;:...] Where 's format is: [|-][,|-]...
Before You Begin vi AlterPath BladeManager Manual
Chapter 1 Introduction The AtlerPath BladeManager is a comprehensive in-band and out-of-band blade management tool designed to complement the IBM Director. It provides BladeCenter users the necessary security, authentication, access control and administration capabilities to remotely manage blade servers and switch modules.
1: Introduction Connectivity and Capacity The BladeManager hardware platform is based on the IBM eServer xSeries 306. It comes with a Blade Wizard which enables the admin user to create up to 14 blades and 4 switches for each chassis. The BladeManager supports up to 6 chassis; altogether, the module support a maximum of 84 blades and 24 switches. All blades have Serial over LAN (SOL), KVM/IP, virtual media, and power options created.
Key Features Single Point Security Gateway The BladeManager has been designed such that communication between users and the management network must pass through a single point of access (the BladeManager) to optimize security and enforce adherence to your corporate security policy. A single, secure access point reduces management overhead for managing blade servers. Moreover, the multiple authentication options available ensures compatibility with existing infrastructure.
1: Introduction One-Click Access to Blades and Switches Placing the mouse cursor over a chassis name from the Chassis List form allows the system administrator to access the BladeManager through the web or CLI. The default session type is configurable. To access a blade, the regular user can choose and click on any blade or switch listed on the Blades List form.
Key Features triggers. A trigger is a text string pre-defined by the administrator which the system uses to detect a trigger text from messages. When the BladeManager detects a trigger text, based on how the trigger was configured by the administrator, it does the following: • • • Send an email to a user list Create a prioritized alarm entry in the Alarm database Write a log message to the BladeManager logging system to acknowledge the trigger.
1: Introduction Exhaustive Reporting Because the BladeManager consolidates all its logs and maintains its own databases, it provides in-depth reporting capabilities to suit the reporting needs of users and managers. Multiport Ethernet Cards The BladeManager supports up to two multiport PCI ethernet cards for secure networks that use multiple network segments. This enables the BladeManager to physically separate devices and connect to multiple network segments.
Deploying the BladeManager Deploying the BladeManager The diagram below shows how the BladeManager may be set up to connect to a management network and a public network. Equipped with its own Ethernet switches, the two networks are physically separated. Any BladeManager user who needs to access a blade server or switch must authenticate and pass through the BladeManager.
1: Introduction 1-8 AlterPath BladeManager Manual
Chapter 2 BladeManager Installation This section discusses the procedures and requirements for installing the AlterPath BladeManager, and is organized as follows: • • • • • • • • • • • • Product Installation Checklist Rack Mounting Guidelines Major Components of the BladeManager Installing a DIMM Installing a Hard Disk Drive Installing a Simple-Swap Serial ATA Hard Disk Drive Installing a SCSI Hard Disk Drive Installing an Adapter Completing an Installation Connecting the Cables Updating the Server Config
2: BladeManager Installation Rack Mounting Guidelines When rack-mounting the BladeManager, consider the following: • • • • • • • • • • • • • • 2-2 Ensure the room temperature is below 35o C (95o F). If you install the BladeManager in a closed or multi-rack assembly, the operating ambient temperature of the rack environment may be greater than the room ambient temperature. Ensure that you install the equipment in an environment compatible with the manufacturer’s maximum rated ambient temperature.
Rack Mounting Guidelines To install the BladeManager in a rack cabinet, you need the following items: • • • 2 slide rails 6 cable straps 6 M6 screws (for shipping and for securing vibration-prone areas) a. Press on the rail-adjustment bracket (1) on the rear of the slide rail to prevent the bracket from moving. b. Press on tab (2) and tab (3) and slide the rail-locking carrier toward the front of the slide rail until it snaps into place. c.
2: BladeManager Installation a. Lift the release tab (1) and fully extend the rail-adjustment bracket from the rear of the slide rail until it snaps into place, if you need to adjust the slide rail length. b. Align the pins on the rear rail-locking carrier with the holes on the rear mounting flange. c. Press the tab (2) to secure the rear of the slide rail to the rear mounting flange. Important: Ensure that the pins are fully extended through the mounting flange and slide rail.
Rack Mounting Guidelines a. Align the pins (1) on the front rail-locking carrier to the front mounting flange. b. If you adjusted the rail length, push the rail-locking carrier back toward the rear of the slide rail to align the slide rail with the mounting flange. c. Press the tab (2) to secure the front of the slide rail to the front mounting flange. d. Repeat steps 1 and 2 for the other slide rail.
2: BladeManager Installation a. If you plan to transport the rack cabinet to another location with the server installed, remove one screw and loosen the other screws as indicated. b. Fully extend the rail and re-insert the screw and tighten all screws to secure the rail. c. If you do not plan to transport the rack cabinet with to another location with the server installed, continue with step 5.
Rack Mounting Guidelines a. Align the server on the slide rails and push the server fully into the rack cabinet. Secure the server to the front mounting flanges with the captive thumbscrews (1). Note: You must leave the shipping brackets (2) attached to the slide rails unless the shipping brackets impede the server from sliding fully in the rack cabinet. If you need to remove the shipping brackets, continue with the next step.
2: BladeManager Installation a. Press on the release tab (1) as indicated on the shipping bracket, and remove the shipping from the slide rail. b. Repeat previous step for the other shipping bracket. c. Store the shipping bracket for future use. Note: You just re-install the shipping brackets on the slide rails before you transport the rack cabinet with the server installed. To re-install the shipping brackets, reverse this step.
Rack Mounting Guidelines a. Attach cables to the rear of the BladeManager (such as keyboard, mouse, monitor cables, as needed). b. Route the cables to the left corner of the BladeManager (as viewed from the rear) and use the cable straps to secure the cables to the slide rails.
2: BladeManager Installation a. Before you transport the rack cabinet to another location with the BladeManager installed, you must secure the server to the rack. If necessary, disconnect the cables from the rear of the server; then, slide the server out of the rack 150 mm (6 in.) and insert the M6 screws in each slide rail. b. Secure the server or the rack cabinet with the M6 screws. c. Ensure the rails are fully extended to the rear of the rack cabinet and that the shipping brackets are installed. d.
Major Components of the BladeManager Major Components of the BladeManager The BladeManager hardware platform is based on the IBM eServer 306. It’s basic components are as follows: • • • Blue on a component indicates touch points where you can hold the component such as when you remove it from or install it in the server. Orange on or near a component indicates that you can hot-swap the component (that is, you can remove or install the component while the BladeManager is running).
2: BladeManager Installation Installation Safety Guidelines System Reliability Guidelines To help ensure proper cooling and system reliability, make sure that: • • • • • • • Each of the drive bays has a drive tray installed in it. If the server has redundant power, each of the power-supply bays has a power supply installed in it. Allow the server cooling system to work properly by leaving approximately 50mm (2.0 in.) of open space around the front and rear of the server.
Installation Procedures • it back into its package; do not place the device on your server or on a metal surface. Take extra care when handling devices during cold weather as heating reduces indoor humidity and increases static electricity.
2: BladeManager Installation • with error correcting code (ECC) DIMMs. These DIMMs must be compatible with the latest PC2700 and PC3200 SDRAM unbuffered DIMM specification. When you restart your server, the system displays a message indicating that the memory configuration has changed. To install a DIMM, complete the following procedure: 1. Review the preceding installation guidelines. 2. Switch off the server and peripheral devices, and disconnect the power cord and all external cables. 3.
Installation Procedures 6. Turn the DIMM so that the keys align with the slot. 7. Insert the DIMM into the connector by aligning the DIMM edges with the slots at each end of the DIMM connector. Firmly press the DIMM straight down into the connector by applying pressure on both ends of the DIMM simultaneously. The retaining clips snap into the locked position when the DIMM is firmly seated in the connector.
2: BladeManager Installation Installing a SCSI Hard Drive To install a SCSI hard drive, complete the following procedure: NOTE: If you have only one hard disk drive, install it in the left drive bay. 1. Review the safety installation guidelines at the beginning of this chapter. 2. Switch off the server and peripheral devices; disconnect the power cord and all external cables. 3. Remove the cover. 4. Press the release tabs on the bezel and pull the bezel away from the server. 5.
Installation Procedures 9. If you have other options to install, do so now. 10. Re-install the bezel and replace the cover. Go to Completing the Installation, this chapter. Installing an Adapter This section describes the types of adapters that your server supports and other information to consider when installing as adapter. • • • • • In addition to the instructions in this section, follow the instructions that come with the adapter.
2: BladeManager Installation • • The BladeManager uses a rotational interrupt technique to configure PCIX adapters so that you can install PCI-X adapters that do not support sharing of PCI-X interrupts. The BladeManager scans PCI-X slots to assign system resources. If you have not changed the default startup sequence, the BladeManager starts devices in the following order: a. CR-ROM and diskette drives b. PCI-X slot 2 c. PCI-X clot 1 d.
Installation Procedures To install an adapter, complete the following procedure: 1. Review the safety installation guidelines at the beginning of this chapter. 2. Switch off the server and peripheral devices; disconnect the power cord and all external cables. 3. Remove the cover. 4. Follow the cabling instructions that come with the adapter. Route the adapter cables before you install the adapter. 5. Follow the instructions that come with the adapter to set jumpers or switches, if any. 6.
2: BladeManager Installation 7. Remove the expansion-slot cover. Important: PCI expansion-slot covers must be installed on all vacant slots. This maintains the electronic emissions characteristics of the server and ensures proper cooling of server components. 8. Touch the static-protective package containing the adapter to any unpainted metal surface on the BladeManager. Then, remove the adapter from the static-protective package. Avoid touching the components and gold-edge connectors on the adapter. 9.
Installation Procedures 11. Tighten the captive screw on the rear of the server. 12. If you have other options to install, do so now. 13. Replace the cover. Go to Completing the Installation, this chapter. Completing the Installation To complete the installation, follow the steps below: 1. Re-install the cover. 2. Install the server in the rack cabinet. Attention: Install your server only in a rack cabinet with perforated doors.
2: BladeManager Installation Connecting the Cables The diagrams below show the locations of the input and output connectors on the front and rear of the BladeManager. 1. Switch off the server before connecting (or disconnecting) cables from your server. 2. See the documentation that comes with your external devices for additional cabling instructions. It might be easier for you to route cables before you connect devices to the BladeManager. 3.
Updating the Server Configuration Updating the Server Configuration When you start the BladeManager for the first time after you add or remove an internal option or external SCSI device, you might receive a message that the configuration has changed. The Configuration/Setup Utility program starts automatically so that you can save the new configuration settings. Some options have device drivers that you need to install.
2: BladeManager Installation 2-24 Front LEDs/Buttons Function CD-eject button Press this button to release a CD from the CD-ROM. CD-ROM drive activity LED When lit, it indicates that the CD-ROM drive is in use. Diskette drive activity LED When lit, it indicates that the diskette drive is in use. Diskette-eject button Press this button to release a diskette from the diskette drive. System-error LED When lit, it indicates that a system error has occurred.
BladeManager Controls, LEDs, and Power Front LEDs/Buttons Function Power-control button Press this button to switch the server ON and OFF manually. Reset button Press this button to reset the server and run the power on self-test (POST). You might have to use a pen or the end of a straightened paper clip to press the button. Rear View The diagram below shows the LEDs on the rear of the BladeManager. Rear LEDs Function Ethernet 1 transmit/receive activity LED This LED is on the Ethernet connector.
2: BladeManager Installation Rear LEDs Function Ethernet 2 speed 1 Gbps LED This LED is on the Ethernet connector. When lit, it indicates that the Ethernet network speed is 1 Gbps. When off, it indicates that the Ethernet network speed is 10 Mbps or 100 Mbps. Ethernet 2 transmit/receive activity LED This LED is on the Ethernet connector. When lit, it indicates that there is activity between the BladeManager and the network.
BladeManager Power Features • If your operating system supports the Wake on LAN feature, the Wake on LAN feature can switch on the BladeManager. Note: When 4 GB or more memory (physical or logical) is installed, some memory is reserved for various system resources and is unavailable to the operating system. The amount of memory that is reserved for system resources depends on the operating system, the BladeManager configuration, and the configured PCI options.
2: BladeManager Installation • • If the Wake on LAN feature switched on the BladeManager, the Wake on LAN can switch off the BladeManager. You can switch off the BladeManager through a request from the service processor.
Configuring the COM Port Connection and Logging In Note: For a list of internet browsers and Cyclades device firmware versions supported by the BladeManager, refer to Appendix A: Hardware Specifications. Configuring the COM Port Connection and Logging In The console port is used for the initial configuration (also known as First Time Configuration in this document) which is performed using the Command Line Interface (CLI) via serial console connection.
2: BladeManager Installation 2-30 AlterPath BladeManager Manual
Chapter 3 BladeManager Web Access The web interface provides two modes for using the BladeManager based on the type of user: Access (for operation by regular users) and Admin (for configuration by system administrators). This chapter explains the procedures for operating the BladeManager web interface in Access Mode.
3: BladeManager Web Access Menu Option Function Blades Use the Blades form to view a list of blades assigned to you. From the list, select the blade you wish to access, or select the blade from the drop down menu on the top left, and then click on Connect. The blades list form provides access to the chassis blades and switches. Logs Use the Logs form to view the Access Logs, Events Logs, and Data Buffer for a particular blade or chassis. You can also access logs from the Blade List form.
User Interface Overview 2. When the Login screen appears, enter your user name and password as provided by your system administrator. 3. Select the Login button. Upon successful login, the Alarms form appears. Note: The first time BladeManager launches your application screens, the process will be slow. Once the screens are cached, subsequent retrieval of screens should be fast.
3: BladeManager Web Access General Screen Features The diagram below shows the general features of the BladeManager web interface. The sample form is for illustration only; it is not the first screen that you see when you log in as a regular user. “Access” tab indicates that user interface is for regular users. Logout Button Menu panel showing Blades as the selected menu choice. Username and primary IP address Online help and firmware version info.
Alarms An underlined column name indicates that the list can be sorted by the column name. The Blade List form, for example, allows you to sort by Blade, Type, Device, Location, or Status. To sort by Location, simply click the column name, Location. The arrow adjacent to the heading indicates that the list is sorted based on that heading. The position of the arrowhead indicates the sort order.
3: BladeManager Web Access Alarm Logs The BladeManager not only stores each alarm in a database, but also maintains a log for each alarm. There are two ways in which you can view alarm logs: • • From the Alarms List form From the Logs form (Logs > Data Buffer) Responding to an alarm Since no two issues are exactly the same, you have several ways to respond to an alarm depending on its nature and severity.
Alarms To re-assign the current ticket, change the ticket status, and add notes or comments, use the Alarm Detail (or Ticket Info) form. Table 3-1: Form Fields and Elements Fieldname Definition Ticket Ticket number assigned to an alarm. The symbol above the ticket number indicates the severity level of the alarm. Select the number to display the Alarm Detail form. Blade Blade from which the alarm originated.
3: BladeManager Web Access Table 3-1: Form Fields and Elements Fieldname Definition Blade Config Blade configuration. Select this to view the Blade Detail form (which includes the secondary form: Console Notify, Console Access, and Console Group) for the particular console record. Alarm Trigger The Alarm Trigger name. Click on the name to view the Alarm Trigger Detail form. User Assigned User assigned to the alarm. Status Status of the alarm.
Alarms The form brings up the Alarm Detail form. Table 3-2: Form Fields and Elements Fieldname / Button Definition Assigned Users Dropdown box that lists all the assigned users for the current alarm. Select a user to assign or re-assign ticket to another individual user. Status Dropdown box to select the status of the ticket. Messages The system-generated message(s) pertaining to the alarm. Notes Text entry box for entering notes or comments about the current ticket or alarm.
3: BladeManager Web Access >> Viewing Alarm or Console Logs You can view the console log for a particular alarm or ticket from the Alarm List form. To view the console log, follow the step below: 1. From the Alarm List form, under the Console Log column heading, select the corresponding view link for the console log you wish to view. The system displays the Logs form: >> Assigning a Ticket to a User To assign or re-assign a ticket to a user, follow these steps: 1.
Blades Blades Selecting Blades from the menu brings up the Consoles List form which allows you to: • • • • View detailed information about the blade consoles and switches assigned to you. Open a command line console session for a selected blade or switch. Launch the KVM Viewer and connect you to a KVM port (for KVM/net) Power ON or OFF the selected blade or switch. Access to blades and switches and the types of connection are configured by the System Administrator from the Security Profile.
3: BladeManager Web Access The Blade List form appears. Table 3-3: Form Fields and Elements 3-12 Column or Button Name Definition Blade Blade or switch name. Place your mouse cursor over the Blade name to select connection type (CLI, KVM, VM, ON, OFF). Type The type of blade as defined in the Blade Detail form. Config For each line, select view to open the Blade Detail form of the selected console. Chassis Chassis used by the blade. Port Port number used by the blade.
Blades Table 3-3: Form Fields and Elements Column or Button Name Definition Save View Button to save the desired blade list and sort order. Filter By Button to filter your search by Blade Group Name which you select from the dropdown box. Search Button to search by individual console name which you select from the dropdown box. >> Connecting to a Blade Console To connect to a blade console: 1. From the Blade List form, select the blade you wish to connect to by selecting the blade name.
3: BladeManager Web Access The BladeManager allows you to view individual blades and switches from the Blade List form. To view a blade or switch, place the mouse cursor over the blade/switch name to display the list of connect options: CLI (command line interface), KVM, VM, On (i.e., to power on the blade server), and Off (i.e., to power off the blade server). Like all other consoles, as a regular user, you can only view those blade servers to which you have access.
Blades Table 3-4: Form Fields and Elements Field Name Definition Details Button to display the Console Detail form. Access Button to view users who are authorized to access the current console. Notify Button to view users who can be notified of an alarm pertaining to the current console. Groups Button to view the group(s) to which the current console belongs. Console Name Name of the (target) console. Device Name Name of the device used by the console. Port Name of port used by the console.
3: BladeManager Web Access Consoles Access Form The Consoles Access tabbed form shows the users who are authorized to access the current blade. To view the Blade Access form: 1. From the Blade Detail form, click on Access. The system displays the Blade Access form: Consoles Notify Form The Console Notify form shows the users who are notified when an alarm pertaining to the current console is generated. To view the Console Notify form: 1. From the Console Detail form, click on Notify.
Blades The system displays the Console Notify form: In the selection box, a plus (+) sign indicates a group, as opposed to a user. USER is the default list which contains all users. Consoles Groups Form The Console Groups form shows the group(s) to which the current blade belongs. To view the Blade Group form: 1. From the Blade Detail form, click on Groups.
3: BladeManager Web Access The system displays the Blade Group form: Logs The Logs option of the menu allows you to select and view three types of logs pertaining to the blade(s) assigned to you: Log Type Definition Access Log Logs that provide logging information (i.e., who accessed the blade, when and for how long, etc.) about a particular blade. Events Log Logs that provide information about notifications and alarms (who handled the alarm, what action was taken, etc.
Logs When you select Logs from the menu panel, the primary form, shown below, will prompt you for a range of dates from which to retrieve your logs. Table 3-5: Form Fields and Elements Field Name Definition Console Drop down list to select a blade server that will be the basis of the log(s) to be retrieved. Date From Drop down list to select the starting date of the log(s) to be viewed. Date To Drop down list to select the end date of the log(s) to be viewed.
3: BladeManager Web Access The system brings up the main Blade Logs form. 2. From the Blade drop down list, select the blade from which you want to view the logs. Note: You can only view or access the logs of blades to which you have authorized access. 3. Select a range of dates from which to base your logs by selecting from the Date From and Date to drop down lists. The system brings up the Logs Detail form. Access Logs Use Access Logs form to view the Access Logs, Event Logs, and Data Buffer Logs.
Logs Table 3-6: Access Logs - Field Definition Field Name Definition Date Date in which the event occurred. Time Time of the event. User User who connected to the blade. Action What the user did in response to the alarm. Status Status of the blade (Enable / Disable). Connection Type of connection (e.g., SSH, Web); IP address used. Event Logs Use the Event Logs browser to view all events that occurred (within a specified range of time) on your target blade server.
3: BladeManager Web Access Table 3-7: Event Logs - Field Definition Field Name Definition Date Date of the event. Time Time of the event. Ticket Ticket number associated with the event. Pattern Trigger Expression Action Action taken to resolve event. Data Buffer Use the Data Buffer browser to view the contents of the data buffer generated by a target blade server. Note: You can also access the Data Buffer log from the Alarms form.
User’s Profile User’s Profile The User’s Profile form allows you to view your profile or contact information and modify a limited number of fields. The system allows you to view only your own profile. The User’s Profile has four tabbed forms. See the Form Fields and Elements table for the function of each form. Table 3-8: Users Profile, Details Form - Fields and Elements Field Name Definition Details Tab or button to display the User Detail form. This is also the primary form of User’s Profile.
3: BladeManager Web Access Table 3-8: Users Profile, Details Form - Fields and Elements 3-24 Field Name Definition Groups Tab/button to display the User Group form which shows all groups to which the current user belongs. Security Tab/button to display the Security form which shows the security profiles assigned to you. A security profile defines a user’s access control to a device, and to which user group that profile is assigned. User Name The user name used to log into the BladeManager.
User’s Profile >> Changing Your Password To change your password, perform the following steps: 1. From the User’s Profile detail form, click on Set Password. 2. From the password dialog box, enter the new password twice. 3. Click on Submit. >> Viewing the User Access Form The User Access form shows the blades that the current user can access. To view the User Access form: 1. From the User Detail form, click on Access.
3: BladeManager Web Access The system displays the User Group form: Table 3-9: User’s Profile, Groups Form - Fields and Elements 3-26 Field Name Definition Groups Tab or button to select the current form. Select groups for the user List box from which to select a possible list of user groups assignable to the current user. Add Button to add a selected user group (left list box) to the Selected groups list box.
User’s Profile >> Viewing the Security Form The Security form shows the current security profile assigned to you (for example, the blades you are allowed to access), including any other applicable profiles. To view the Security form: 1. From the menu, select User’s Profile; from the Details form, select the Security tab. The system displays the Security tabbed form: Table 3-10: User’s Profile, Security Form - Fields and Elements Field Name Definition Security Tab or button to select the current form.
3: BladeManager Web Access Table 3-10: User’s Profile, Security Form - Fields and Elements 3-28 Field Name Definition Delete Button to delete a selected security profile (right list box) and return it to the Select security profile list box. Selected security profiles The list box that shows the Security Profile assigned to the current user.
Chapter 4 BladeManager Web Administration This chapter presents the procedures for configuring the AlterPath BladeManager through the web interface.
4: BladeManager Web Administration Operational Modes The BladeManager provides two operating modes for configuration: • First Time Configuration (CLI or text-based) • Admin Mode (GUI-based) Before you can use the BladeManager web interface you must first run the First Time Configuration wizard. The admin user, by default, is the system administrator of the BladeManager web interface and runs the application in Admin mode. This designation cannot be revoked.
Configuration Process Flow Configuration Process Flow The entire configuration process through the web interface is as follows: Connect to serial console Perform First Time Configuration Reboot successful? N Reset system to default factory settings Y Logon to Blade Manager as Admin SEVEN MENU OPTIONS Chassis Blades / Switches Users Chassis Detail Blade / Switch Detail User Detail Group Notify Password Access Group AlterPath BladeManager Manual Access Alarm Trigger Alarm Detail Groups
4: BladeManager Web Administration You must perform the First Time Configuration process (see Configuration Flow Diagram) using the command line interface. Once completed, you may perform the rest of the configuration process and all daily administration procedures through the BladeManager web interface. First Time Configuration Wizard The first time configuration process is designed to: • • • Establish user as root, the superuser for the CLI.
First Time Configuration Wizard • • • • • • • • • • • • Enter Date (format MM/DD/YYYY) Enter Primary Ethernet IP Address (Static/None).
4: BladeManager Web Administration Are you sure you wish to continue? (Y/N) y Restoring default configuration ... done. The new configuration will take effect after the next boot. [root@BladeManager root]# reboot Refer to the sample First Time Configuration, next section, to view how the parameters are entered into the system. 4. Save and reboot. Once saved, the BladeManager applies the new configuration to the system and saves the information on a Compact Flash card.
First Time Configuration Wizard You must now set a password for 'root', the system administrative account. WARNING: this is a very powerful account, and as such it's advisable that its password is chosen with care and kept within the reach of system administrators only. New password: Re-enter new password: Password changed You must now set a password for 'admin', the administrative account for the Web Management Interface (WMI).
4: BladeManager Web Administration Setting the Authentication Method The sample First Time Configuration shows local as the Authentication Method to use to authenticate a user. Depending on the type of authentication service that you select, the wizard will prompt for questions relating to the authentication service of your choice. For example, if you select RADIUS, the system will prompt you for the RADIUS server name and the secret.
First Time Configuration Wizard Any deviation from this standard may cause the web browser to disable APBM cookies and prevent the user from logging into the E2000 web application. >> Connecting to the Web Interface Now that the installation is complete, you can begin the configuration using the web interface. 1. Type in the following URL from your web browser: http://nnn.nnn.nnn.nnn (Non-encrypted version) - OR https://nnn.nnn.nnn.nnn (Encrypted version) Where: nnn.nnn.nnn.
4: BladeManager Web Administration BladeManager Web Interface: Admin Mode Once you have completed the First Time Configuration procedure, you may login to the BladeManager web interface and use the system in Admin Mode. The Admin menu panel contains the following selections: Configuring the BladeManager requires using the menu in a certain order.
BladeManager Web Interface: Admin Mode and switches, you can define users and assign them to access the target blades (menu option: Users), and define the triggers that will create alarms and send email notifications (menu option: Alarm Triggers) to users. Table 4-1: Summary of Web Forms in Admin Mode Menu Option Forms and their Functions Chassis Chassis List - View list of Chassis; add, edit or delete chassis; view logs.
4: BladeManager Web Administration Table 4-1: Summary of Web Forms in Admin Mode Menu Option Forms and their Functions Users User List - View list of users; add, edit or delete users. Details - View or configure a selected user. Access - Select blades and switches to which the current user can access. Groups - Select one or more groups to which a user can belong. Security - Select one or more security profiles to apply to the current user.
BladeManager Web Interface: Admin Mode Table 4-1: Summary of Web Forms in Admin Mode Menu Option Forms and their Functions Security Profile Security Profile List - View list of security profiles; add, edit or delete a security profile. General - Enable or disable the current security profile. Source IP - Define the source IP addresses allowed or not allowed. VLAN/Subnet - Define the VLANs/subnets allowed or not allowed.
4: BladeManager Web Administration >> Logging Into the BladeManager Web Interface 1. Type in your username and password in the corresponding fields of the Login screen: 2. Select the Login button. Upon successful login, the User List form appears. Note: When the BladeManager launches your application screens for the first time, the process tends to be slow. The system needs to build all the web pages in the BladeManager. Once the screens are stored, retrieving them should be fast.
BladeManager Web Interface: Admin Mode BladeManager web interface in Admin Mode. The form example shows the Users List form, the first form to appear in the web interface.
4: BladeManager Web Administration Sorting, Filtering, and Saving a List Form An underscored column heading on any of the list forms indicates that the list may be sorted based on that column heading. For example, you can sort the previously shown User List form by Username, Department, Location or Status by clicking on the heading. Where there are several underscored headings on a list, an arrow appears adjacent to the heading on which the sort is based.
Chassis Management Using the Form Input Fields When typing in data into any of the input fields, note the following conventions: • • In the web form (as it appears on the screen), all required fields are shown in RED. With some exceptions, fields cannot contain special or reserved characters. If you enter an invalid character, the system generates the message: “Fields cannot contain special characters.” • Only the following special characters are allowed: _!@%&()[]{}<>?=+-*/,.
4: BladeManager Web Administration Table 4-2: Summary of Chassis (or Devices) Forms Action Form(s) Used Delete chassis. Chassis List form (Delete button). Search, sort, and save list of devices. Chassis List form. Select group(s) to access the chassis. Groups tabbed form. Select type of web proxy to access web pages. Proxies tabbed form. Configure switch (up to four switches) in order to access the switch console. Switch 1 through Switch 4. Run Blade Wizard.
Chassis Management Chassis > Devices List Form The Devices List form, the primary form of Chassis, allows you to view a list of devices that are configured in the BladeManager. From this form, you can add a new device, or select the device to modify or delete. . Table 4-3: Chassis (Devices) List - Fieldnames and Elements Fieldname / Element Definition [unlabeled checkbox] Checkbox to select the device to be deleted. Device Device name.
4: BladeManager Web Administration Table 4-3: Chassis (Devices) List - Fieldnames and Elements Fieldname / Element Definition Log Device log buffer. Click on Log to view the log for this device. Status Status of the device: Enabled, Disabled or OnDemand. OnDemand means that the device is enabled only upon user connection. Filter by From the dropdown box, select the field by which to filter the list and then click on the Filter by button.
Chassis Management The system displays the Select Device Type form: 3. From the Select Device Type form, (since the field box already says IBM BladeCenter) click the Select button. Proceed to Step 5. 4. If you are editing an existing chassis, from the Device list form, select the chassis you want to edit, and then click on the edit link (Config column, same row).
4: BladeManager Web Administration The system displays the Devices Detail form: 5. Complete or modify the Detail form as defined by the following table: Devices Details Form - Fields and Elements 4-22 Fieldname Definition Details (tab) Currently selected tabbed form. Device Name The symbolic name linked to the chassis. Type IBM Blade Center is the only supported type of device or chassis. Location Physical location of the device or chassis.
Chassis Management Devices Details Form - Fields and Elements Fieldname Definition Admin Name The admin username (superuser) of the device. Admin Password Button to invoke a dialog box used to define the Admin’s password. This password is used to access the IBM Blade Center port, but NOT to change the password. You must enter the SAME password registered in the blade server. IP Mode Dropdown list box.
4: BladeManager Web Administration Using a DHCP Server and Selecting the Correct IP Mode A DHCP server is build into the BladeManager. You can use your company’s DHCP server or the BladeManager as your DHCP server. If you are not using a DHCP server, then you may use a static IP address. The Device Definition window provides three IP modes in which to configure your DHCP server or static IP address. The IP address that you use depends on what type of mode you use.
Chassis Management OnDemand means that the connection is established only upon the user’s request, and disabled again when the last user on the console/device logs out. When disconnected, no data buffer or alarm is available. >> Selecting the Group(s) to Access a Chassis To select one or more groups to access a chassis: 1. From the menu, go to Devices > Details > Groups. The system displays the Devices - Groups tabbed form: 2.
4: BladeManager Web Administration Proxies The BladeManager includes a web proxy server so that connections to the native web interface of any supported device go through the BladeManager. This feature enables the BladeManager to: • • • Connect users through the BladeManager to remote servers that it controls (e.g., IBM Blade, KVM/net switches, ACS/TS units, and other servers) in connection with any web interface. Provide a secure mechanism for BladeManager clients to access remote servers.
Chassis Management Proxy Type Function Forward Proxy A forward proxy acts as a gateway for a client’s browser, sending HTTP requests on the client’s behalf to the Internet. The proxy protects your inside network by hiding the client’s actual IP address and using its own instead. When the outside HTTP server receives the request, it sees the request or address as originating from the proxy server, not from the actual client.
4: BladeManager Web Administration • Use the KVM viewer to access KVM/net console. >> Configuring the Proxy To create or configure a proxy for a target device, follow the steps below: 1. Go to: Devices List form. 2. If the Device is new, click on the Add button (If the Device already exists, highlight the device and click on the Edit button.) 3. From the Device Edit form, select the Proxies tab. The system displays the Proxies tabbed form. 4.
Chassis Management >> Verifying your Proxy Setting 1. To verify your configuration, return to the Devices List form, and under the Web Proxy column, select YES. A pop up window will display to show the web pages of the selected device. Disabling the Proxy Setting the Type of Proxy to none will display none under the Web column of the Device List form. Any admin user currently viewing the proxy will receive a message indicating that they are not authorized to access the proxy.
4: BladeManager Web Administration The system displays the Devices - Switch 1 tabbed form: 2. Complete the Switch 1 form, as necessary. Table 4-5: Devices, Switch 1 Form - Fields and Elements 4-30 Fieldname Definition Switch 1 (tab) Currently selected tabbed form. IP Address The IP address of the chassis module using IP mode: int_dhcp or static. Type The symbolic name linked to the chassis switch. IBM Blade Center is the only supported type of chassis.
Two Methods of Blade Configuration Table 4-5: Devices, Switch 1 Form - Fields and Elements Fieldname Definition Status Dropdown list box to select: Enable - connection between the BladeManager and the device is ALWAYS established. Disable - no connection is established, and all child consoles follow this configuration. IMPORTANT: The system will not allow you to add or configure a switch console unless this field is set to Enable. Netmask As indicated, in dotted notation. IP Mode Dropdown list box.
4: BladeManager Web Administration >> Running the Blade Wizard The Blade Wizard is designed to help you configure and automatically generate blades/switches for the current chassis. The wizard comprises a series of interactive screens or forms in which the system prompts you for input until it receives all the necessary information for configuring the blades and switches. Based on your input, the The wizard automatically generates and saves the consoles and switches. 1.
Two Methods of Blade Configuration 1. Warning Message: The Console Wizard begins with a warning message to notify you of any data to be overwritten and the choices you have before going ahead with the wizard. Note: Use the Back, Next, and Cancel buttons to navigate through the forms. Pressing the Next button saves your current form settings. 2. Connection Method: Select the Connection Protocol and Status, and then click on Next. Note: The default Connection Protocol is Telnet.
4: BladeManager Web Administration 3. (User) Access: +USER is the default list to which all users belong. The system also adds a plus (+) sign to any added user group that appears in the selection box. Follow the instructions for the User Access form and then click on the Notify tab to proceed to the user notification form. 4. (User) Notify: From the User Notification form, select the user(s) you wish to be notified and then select the Groups tab to display the Groups form.
Two Methods of Blade Configuration 5. Groups: Complete the Groups form, as necessary, and then select the Next button to display the Unconfigured Consoles form. 6. Unconfigured Consoles: Select the check box for each unconfigured console that you wish to configure, and then select the Next button to display the Edit Configuration form.
4: BladeManager Web Administration 7. Edit Configuration: From the Edit Settings form, verify your settiings and modify as necessary. Click on the second tab (Page 2/2) to continue the same form. Note: If you need to change the prefix of the console names, type in the new prefix in the Console Prefix field and then click on the Console Prefix button. The system applies the new prefix to all console names. 8.
Two Methods of Blade Configuration and repeat Edit Configuration and Confirmation, otherwise select the Finish button. Configuring Blades Manually through the Menu The other method for configuring blades and switches is to manually complete the forms that compose the Chassis option of the menu. Consoles List Form The Consoles list form (shown below) displays all the blades and switches configured and supported by the BladeManager.
4: BladeManager Web Administration See the Consoles section to view the Consoles Detail form, including Access, Notify, and Groups. >> Connecting to a Device To connect to a device, follow the steps below: 1. From the Device List form, click on the device name to which you wish to connect. If the Proxy for this device is enabled, then you should have the option to connect to CLI or Web when you click on the device name.
Alarm Trigger >> Deleting a Device from a Group The proper way to delete a chassis, blade or switch from a group is to edit the group from which they belong. To delete a device from one or more groups, follows the steps below: 1. From the menu panel, select Devices. The system displays the Device List form. 2. Under the Config column of the Console List form, click on the Edit link of the device you wish to remove from a group. The system displays the Device Detail form for the selected device. 3.
4: BladeManager Web Administration Alarm Trigger Management Use the Alarm Trigger forms to perform the following Alarm Trigger configuration procedures: Table 4-7: Summary of Alarm Trigger Forms Form Function Form(s) Used Add a new trigger string. Alarm Trigger list form (Add button) > Alarm Trigger detail form. Edit an alarm trigger. Alarm Trigger list form (Alarm Trigger name) > Alarm Trigger detail form. Delete an alarm trigger. Alarm Trigger list form (Delete button).
Alarm Trigger The system displays the Alarm Trigger list form: For an explanation of each fieldname, refer to the Form Fieldnames and Elements of the Alarm Trigger Detail form, next form section. To view or edit the configuration of an alarm trigger, click on the alarm trigger name. >> Creating an Alarm Trigger Use the Alarm Trigger Detail form to define triggers to generate user notifications and alarms. To create an alarm trigger, follows the steps below: 1. From the menu, select Alarm Trigger.
4: BladeManager Web Administration The system displays the Alarm Trigger Detail form: Table 4-8: Alarm Trigger Form - Fieldnames and Elements 4-42 Field Name Definition Alarm Trigger Name Name of the trigger. Selecting a trigger name invokes the Alarm Trigger Detail form for that trigger. Trigger Expression String used to generate a trigger. Notify Yes or No. Indicates if system needs to notify (i.e., send an email to) the user. Create Alarm Yes or No.
Blades / Switches Table 4-8: Alarm Trigger Form - Fieldnames and Elements Field Name Definition Save Button to save your trigger entry. Reset Button to reset the form to create a new trigger entry. 3. Complete the fields, as necessary. 4. Click on Save to complete the procedure. >> Deleting an Alarm Trigger 1. From the main Alarm Trigger form, select the triggers to be deleted by clicking the check boxes to the left of each Alarm Trigger name. 2. Click on the Delete button.
4: BladeManager Web Administration Table 4-9: Summary of Blade/Switch Forms and their Functions Form Function Form(s) Used Assign the current blade or switch to any number of users. Console Detail form (Access button) > Console Access form. Select the users to be notified of any alarms from the current console. Console detail form (Notify button) > Console Notify form. Edit a console. Console List form (edit link under the Config column) > Console detail form. Delete console.
Blades / Switches Connection Type Applies to: Use this connection to: VM Blade servers only Launch the remote console applet and remote disk of the currently selected blade server. ON Blade servers only Power on the blade server. OFF Blade servers only Power off the blade server. Web Switches only Launch the web application. A user’s access to the blades switches and connection types are based on the user’s Security Profile.
4: BladeManager Web Administration The system displays the Console List form: From the Console List form, you can add, edit, or delete a console by selecting the appropriate button or link. >> Adding a Serial Console This procedure uses the serial console as an example of the console type to be created. Depending on the type of console, there will be variations in the Console Detail form, but the procedure for adding a console for all types of console is the same.
Blades / Switches The system displays the Select Console Type form: 3. From the Select Console Type form, select the type of console (Blade or Switch) you wish to add.
4: BladeManager Web Administration Table 4-10: Consoles Detail Form - Fieldnames and Elements 4-48 Fieldname Definition Details Tab to display the Console Detail form which is the currently displayed form. Notify Tab to display the Console Notify form used to assign users to be notified when an alarm pertaining to the current console or device occurs. Access Tab to display the Console Access form used to assign or authorize users to access the current console.
Blades / Switches Table 4-10: Consoles Detail Form - Fieldnames and Elements Fieldname Definition Status Drop down list. Enable, Disable, OnDemand. Log Rotation Frequency of the automatic log rotation process (Never, Daily, Weekly, Monthly). Back Button to revert to the last page or form. Save Button to save the configuration. Logrotate Now This field appears only if you selected Edit instead of the New button from the Console List form.
4: BladeManager Web Administration The system displays the Console Access form: 2. From the resulting form, select a user from the Select User to Console Access view panel. In the selection box, +USER is the default list which contains all users. The plus (+) sign is also used to indicate all defined groups. 3. Select the Add button. The system transfers the selected user to the Selected Users view panel on the right. 4. To select another user, repeat steps 1 and 2.
Blades / Switches The system displays the Console Notify form: 2. From the resulting form, select a user from the Select User to Notify view panel. In the selection box, +USER is the default list which contains all users. The plus (+) sign is also used to indicate all defined groups. 3. Select the Add button. The system transfers the selected user to the Selected Users view panel on the right. 4. To select another user, repeat steps 1 and 2. You can also use the key to select multiple users. 5.
4: BladeManager Web Administration The system displays the Console Groups form: 2. From the resulting form, select a group from the Select Console Groups view panel. Note: As with USER, CONSOLE is the default list which contains all consoles. 3. Select the Add button. The system transfers the selected group to the Selected Groups view panel on the right. 4. To select another group, repeat steps 1 and 2. You can also use the key to select multiple groups. 5. Click on Save to complete the procedure.
Blades / Switches The system displays the Console Detail form. 3. From the Console Detail form, click on Groups. The system displays the Console Group form. 4. From the Selected Groups view panel of the Console Group form, select the group or groups from which you wish to remove the current console. 5. Click on the Delete button. 6. Click on the Save button to end the procedure. Deleting a Console Group You cannot delete a console group from the Console Group form.
4: BladeManager Web Administration >> Setting Log Rotation in Auto Mode You can also set the log rotation to be automatically performed on a daily, weekly, or monthly basis. To set the system to automatically initiate log rotation on a regular basis, perform the following steps: 1. From the Consoles form, select the console (for the particular console log you wish to rotate) to view the Console Detail form. 2.
Users Important: Regardless of the authentication type (remote, local or none), any user who will use the BladeManager application MUST be entered in the BladeManager database in order to access the application. User List form Use the User List form to view all BladeManager system administrators and regular users. The list includes information about each user (e.g., Name, Location, Phone) which you define in the User Detail form.
4: BladeManager Web Administration 1. From the menu, select Users. The system displays the User List form. 2. From the User List form, click on the Add button. The system displays the User Detail form: 3. Complete the User Detail form, as necessary. Table 4-12: Users, Details Form - Fieldnames and Elements 4-56 Fieldnames Definition Details Button to display the User Detail form (which is the currently displayed form). Access Click this button to select the console(s) for the current user.
Users Table 4-12: Users, Details Form - Fieldnames and Elements Fieldnames Definition Local Password Checkbox to enable local authentication for the user. NOTE: Even if you are using another server authentication (e.g., LDAP, RADIUS), it is advisable that you activate the password for local authentication in the event that your authentication server fails. Set Password Button to display the password dialog box for setting the user password. Full Name The full name of the user. Email As indicated.
4: BladeManager Web Administration >> Selecting Consoles for a User The User Access form allows you to assign one or more consoles for the current user. To assign consoles to a user, follow the steps below: 1. From the menu, select Users. The system displays the User List form. 2. From the User List form, select the user to whom you wish to assign console access. The system displays the User Detail form. 3. From the User Detail form, click on the Access button. The system displays the User Access form: 4.
Users 6. To select another console, repeat steps 4 and 5. You can also use the key to select multiple groups. 7. Click on Save to complete the procedure. >> Selecting User Group(s) for a User The User Group form allows you to assign a user to one or more user groups. The user group, however, must already exist to be able to assign a user to the user group. Otherwise, select Groups from the menu to create a user group. To assign a user to one or more groups, follow the steps below: 1.
4: BladeManager Web Administration 5. Select the Add button. The system transfers the selected group to the Selected Groups view panel on the right. 6. To select another user group, repeat steps 4 and 5. You can also use the key to select multiple user groups. 7. Click on Save to complete the procedure. >> Deleting a User To delete one or more users from the User List, follow the steps below: 1. From the User List form, click the check box to the left of the username that you wish to delete. 2.
Users Setting the Local Password You can set up users to have local authentication by setting the Local Password, and defining the user name and password. A local password is used if the authentication setting for the BladeManager is Local. The local password is also used as a backup when server-based authentication is being used. In this case, if the authentication server is unavailable due to network problems then the system can use the local password.
4: BladeManager Web Administration Groups The Groups option allows you to create new groups of users, consoles, or devices, as well as to edit or delete these groups. The BladeManager has three default groups: • • • Device Console User The system does not allow you to edit or delete these groups. You can edit and delete only those groups that you have created. >> Creating a Group To create a new group, follows the steps below: 1. From the menu, select Groups.
Groups The system displays the Group List form: 2. From the Group List form, click on the Add button. The system displays the Adding Group form: 3. From the resulting form, select the group type you wish to create (Device, Console, or User).
4: BladeManager Web Administration Based on your selection, the system displays the Group Detail form. The example below uses the Group Detail form for the Group Type, User: 4. Enter the Group Name and Description of the new group. 5. Click on Save to complete the procedure. >> Deleting a Group Note: You cannot delete the following system-generated, default groups: Device, Console, and User. To delete a group, follow the steps below: 1. From the menu, select Groups.
Security Profiles 1. Select the security profile from the Select Security Profile box and then click on the Add button. Security Profiles A security profile defines a set of rules or conditions regarding a user’s access permissions and limits for accessing the BladeManager and its features. The Security Profiles feature allows the administrator to centrally create these rules for as many profiles as necessary. Each time a user requests a page, the system checks the security profile.
4: BladeManager Web Administration Security profile management is composed of the following forms: Table 4-13: Summary of Security Profiles Forms Form Title Use this form to: Security Profiles list form View a list of available profiles along with the description, status, and default rule of each profile. General tabbed form Enter the security profile name, description, status (Enabled, Disabled or Deleted) and rule (Allow or Deny).
Security Profiles Column Name Definition Status States if the profile is enabled or disabled; if appicable, lists all authorized actions for the current profile. Rule States whether the rule is to allow or deny. >> Adding or Editing a Security Profile To add or edit a security profile, perform the following steps: 1. From the menu select Security Profile. The system displays the Security Profile list form (see previous page). 2. Select the Add button to add, or select an existing profile to edit.
4: BladeManager Web Administration The system displays the Security Profiles - General tabbed form: 3. From the General tabbed form, enter the profile name (required), a brief description of the profile, its status (Enabled, Disabled, Deleted), and the rule to be applied to the entire profile (Allow or Deny). 4. Click on Save. >> Security Profiles: Source IP 1. Click on the Source IP tab to configure the conditions for accepting source pages for the current profile.
Security Profiles The system displays the Source IP tabbed form: 2. Complete or modify the form, as needed. Table 4-14: Security Profiles, Source IP - Fieldnames and Elements Field Name Function Source IP (tab) Title of the current tabbed form. Rule The configured policy (Allow or Deny) that applies to the entire security profile. The default rule is configured from the General tabbed form.
4: BladeManager Web Administration Table 4-14: Security Profiles, Source IP - Fieldnames and Elements Field Name Function Add Button to add to the conditions list the address you just entered in the IP or Netmask field. Delete Button to delete a selected IP address from the adjacent Source IP Conditions list box. Added Source IP Conditions List of source IP addresses to be applied to the rule. Back Button to return to the previous page. Save Button to save your configuration. 3. Click on Save.
Security Profiles Table 4-15: Security Profiles, VLAN/Subnet - Fieldnames and Elements Field Name Function LAN ITF (tab) Tab title to select the current form. Rule The configured policy (Allow or Deny) that applies to the current form and the entire security profile. The default rule is configured from the General tabbed form. Select LAN ITF Conditions List box that lists all LAN interfaces. Select the LAN interface(s) that will be applied to the rule.
4: BladeManager Web Administration Table 4-15: Security Profiles, VLAN/Subnet - Fieldnames and Elements Field Name Function Delete Button to remove any selected LAN ITF conditions from the right list box. Selected LAN ITF Conditions List of selected LAN ITF conditions that will be applied by the rule to the policy. Back Button to return to the previous page. Save Button to save your configuration.
Security Profiles Table 4-16: Security Profiles, Date/Time - Fieldnames and Elements Field Name Function Date/Time (tab) Tab title to select the current form. Rule The configured policy (Allow or Deny) that applies to the entire security profile. The default rule is configured from the General tabbed form. [Day/Time Table] The table represents the days of a week (rows) and the hours of a day (columns). Clicking inside a segment selects a specific one-hour period of a day.
4: BladeManager Web Administration must select at least one action from the Authorization form. To configure or authorize actions for a profile, follow the procedure below: 1. Go to: Security Profiles > Authorization. The system displays the Authorization tabbed form: 2. From the left hand box, which lists all the actions, select the action you wish to assign to the security profile and then click on Add.
Security Profiles Authorized Action Function PowerControl Allow user to perform power control operations. System Allow system access. UseVirtualMedia Allow user access to blades. 3. Repeat the previous step for all actions you wish to assign. 4. Click on Save to complete the procedure. >> Deleting a Security Profile To delete a security profile, perform the following steps: 1. From the main menu, select Security Profiles. 2.
4: BladeManager Web Administration Backup and Restore Scenarios For illustration purposes, there are two scenarios in which you can perform the backup. • • Replicating data to a hot spare machine - You back up the configuration data and data buffers and restore them to a second BladeManager unit. This method enables you to keep the network identity of each BladeManager unit, but maintain the same configuration for both units. The second unit serves as a spare system.
System Recovery Guidelines BladeManager Database Transaction Support The BladeManager commits all successful database transactions to the BladeManager database. To ensure data integrity, the BladeManager roll will roll back any failed database transaction in the event that: • • There are concurrent users updating the same record at the same time or A system fault caused the database transaction to fail.
4: BladeManager Web Administration Changing the Default Configuration This configuration procedure is for advanced users only. To change the default database configuration of the BladeManager, please refer to Chapter 5: Advanced Configuration.
Info / Reporting Table 4-17: Info / Reporting - Fieldnames and Elements Field Name Definition Reason Reason for any failure of state change. Connection Type Connection type used by the session. Source IP As indicated. User Name Name of session user. Session ID As indicated. To view a more detailed information about a particular user from a detail line, select from under the User column the particular user you wish to view.
4: BladeManager Web Administration 4-80 AlterPath BladeManager Manual
Chapter 5 Advanced Configuration This chapter presents some procedures for configuring the BladeManager through the Command Line Interface (CLI). First Time Configuration aside, Cyclades recommends the use of the CLI only for advanced admin users who are proficient with CLI, and would like more control over the configuration features of the BladeManager.
5: Advanced Configuration Working from a CLI The BladeManager allows you to use a command line interface (CLI) as an alternative to the web interface. You may use Linux or Windows-based secure shell (SSH) client. The same restrictions to the web management interface apply to the CLI. >> Logging In 1. To connect to the BladeManager, enter the following shell commands: > ssh -1 > Note: The “l” in ssh-1 is the alphabet “l” as in lemon). 2.
Working from a CLI Command Use this command to: page display the content of the data buffer file for the specified console. searchlog search the data log files for alarms. Copying and Pasting Text within the Console Applet Window The APM allows you to copy and paste text within your console (Java applet) window to facilitate any command line configuration of a device and other similar operations. To use the copy & paste feature, right click your mouse.
5: Advanced Configuration This command opens a SSH connection to the manager, checks the username and password, checks the access control list to verify user access, and then establishes the connection to the appropriate console. Sample Command Line Interface An example of a command line interface as accessed by an admin is shown below: ***************************************************** login as: [This field is absent if the user is logged in as an admin.
Working from a CLI [Enter `^Ec.' to disconnect] ******************************************************* CLI Commands For your convenience, the CLI key commands (accessible by pressing ^Ec?) are summarized in the table below. Each command must be preceded by ^Ec. For example, to send a broadcast message, you must press: Ecb Key(s) Command Key(s) Command .
5: Advanced Configuration Set Commands The following set commands are available to enable you to manually and individually configure specific E2000 settings through CLI: • • • • • • • • • setauth setboot setcons setdatetime date setnames setnetwork setntp setsmtp SETAUTH - sets the authentication method. For example: [root@APM_Paulo root]# setauth Your configuration will be overwritten by the default files!! Are you sure you want to continue? (y/n)[n] y Continuing setauth...
Working from a CLI SETCONS - sets console connection.
5: Advanced Configuration 16) EST5EDT 33) Iran 50) Poland 67) 17) Egypt 34) Israel 51) Portugal 68) Enter the number corresponding to your choice: Current system date and time is: Tue Jan 25 15:40:35 PST 2005 Press ENTER to accept it or specify new ones. Enter date in MM/DD/YYYY format: Tue Jan 25 15:40:00 PST 2005 *** Configuration changed! *** Execute saveconf to save the new values in right zone.tab 48 flash. DATE - sets the date and date format.
Working from a CLI Enter Primary Ethernet Subnet Mask: 255.255.255.0 Secondary Ethernet IP address: (S)tatic, (N)one or (K)eep current ? [K]: Subinterface eth0:1 IP address: (S)tatic, (N)one or (K)eep current ? [K]: Subinterface eth0:9999 IP address: (S)tatic, (N)one or (K)eep current ? [K]: Configure more Ethernet Subinterfaces: (Y)es, (N)o or (L)ist ? [N]: l eth0:9999, 199.199.199.199, 255.255.255.
5: Advanced Configuration Use ^C to stop changing interfaces and keep all changes made. If you do not exit with ^C at the end, the script will ask if you want to make the changes effective now, in which case the script automatically runs /etc/init.d/ networking restart. SETNTP - sets the NTP server’s IP address. For example: root@APM_Paulo root]# setntp Enter the NTP server: *** Configuration changed! *** Execute saveconf to save the new values in flash. SETSMTP - sets the email server’s IP address.
Working from a CLI [Enter `^Az.' to disconnect] Re-defining the Interrupt Key The key sequence Ctrl+C in the file /var/apm/bin/apmrun.sh has been changed to Ctrl+_ (that is: ^_) to prevent the system from directing this command to any application running on the foreground rather than to the console server. Unlike ^C, the latter is not a valid key combination for most servers including Sun, and should enable you to interrupt the console server as necessary.
5: Advanced Configuration 60 3. To make the change effective, reboot or restart tomcat as follows: /etc/init.d/tomcat stop /etc/init.d/tomcat start Enabling Telnet Telnet is available in the E2000, but disabled by default to avoid security problems. To enable Telnet, follow the steps below: 1. From /etc/services, add the following line: telnet 23/udp 2. Edit /etc/xinetd.
NIS Configuration NIS Configuration To use NIS authentication, NIS is selected from the First Time Configuration script. To further control NIS authentication, edit the following configuration file as follows: File to edit: /etc/nsswitch.conf Format: :[] Where: Parameter Definition: Available: aliases, ethers, group, hosts, netgroup, network, passwd, protocols, publickey, rpc, services, and shadow.
5: Advanced Configuration User Authentication To use NIS only to authenticate users, change the lines about passwd, shadow and group in the configuration file (/etc/nsswitch.conf) as described below. The BladeManager does not support user authentication against a NIS map and the local file (/etc/passwd) at the same time. Either the user is present in the NIS map or in the passwd file, but not both.
Active Directory Configuration group_compat: nis Active Directory Configuration To configure the BladeManager to use Active Directory for authentication, follow the steps below: 1. During First Time Configuration (see Chapter 4: Web Configuration), select ldap when prompted for the desired authentication method. 2. Connect to the BladeManager using SSH and login as root. 3. Configure /etc/ldap.conf as follows: host 172.20.98.
5: Advanced Configuration Disabling HTTP to Use Only HTTPS The BladeManager is configured to allow both HTTP and HTTPS access. You can, however disable HTTP access by commenting out its configuration in the BladeManager unit by using the command line. To do so, perform the following steps: 1. Edit the file: /opt/tomcat/conf/server.xml 2. Using the exclamation mark (!) and the double dash (--), comment out the following XML paragraph:
