HP Integrity iLO 3 Operations Guide Abstract This document contains specific information that is intended for users of this HP product.
Copyright © 2010, 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Microsoft®, Windows®, Windows NT®, and Windows Server® are U.S.
Contents 1 Introduction...............................................................................................9 Features..................................................................................................................................9 Integrity iLO 3 features.......................................................................................................10 Always-on capability.....................................................................................................
User account cleanup during IPF blade initialization......................................................29 Auto login troubleshooting.........................................................................................29 Connecting to a server blade iLO 3 using the console serial port..............................................29 Connecting to iLO 3 using the Onboard Administrator............................................................29 Additional setup..........................................
ID: System information settings........................................................................................56 IT: Modify MP inactivity timers........................................................................................56 LC: LAN configuration usage..........................................................................................56 LDAP: LDAP directory settings.........................................................................................
Supported operating systems and USB support for virtual Media.........................................90 Java Plug-in version.......................................................................................................90 Client operating system and browser support for virtual media............................................90 Power Management...........................................................................................................91 Power & Reset..................................
Directory services objects for eDirectory..............................................................................131 Adding role managed devices......................................................................................131 Adding members........................................................................................................131 Setting role restrictions......................................................................................................
hpqLOMRightRemoteConsole...................................................................................149 hpqLOMRightServerReset.........................................................................................149 hpqLOMRightLocalUserAdmin..................................................................................150 hpqLOMRightConfigureSettings................................................................................150 9 Support and other resources.................................
1 Introduction The Integrated Lights-Out Management Processor (iLO MP) for Integrity servers is an autonomous management subsystem embedded directly on the server. The iLO MP is the foundation of High Availability (HA) embedded server and fault management. The iLO MP also provides system administrators with secure remote management capabilities regardless of server status or location.
• Monitoring of server health and status • Display of detailed information about the various internal subsystems and field replaceable units (FRUs) • At-a-glance virtual front panel to monitor system status and see the state of front panel LEDs • Display and recording of system events with 4X larger console log to capture more administrative information • Scalable management: automatically grows with your multi-bladed Integrity servers, easily managed through a consolidated iLO interface • Direct
Remote power and reset Integrity iLO 3 enables you to view and control the power state of the server. It also provides options to reset the system or iLO 3. Virtual front panel The virtual front panel (VFP) presents a summary of the system front panel using direct console addressing.
• One console serial port • Two Telnet • One vMedia System management homepage The HP Insight Management Agents support a web interface for access to runtime management data through the HP System Management Homepage. The HP System Management Homepage is a secure web-based interface that consolidates and simplifies the management of individual servers and operating systems.
You can download HP SIM from the HP website. For more information about HP SIM, see the HP website at http://www.hp.com/go/hpsim. For the user guide, see the Information Library. SNMP SNMP is not currently supported in Integrity iLO 3. Event logging Integrity iLO 3 provides event logging, display, and keyword search of console history and system events.
NOTE: To use IRC, you must have a physical VGA chip installed on the server. VGA is an optional accessory on some Integrity server models. IRC requires ActiveX control and is supported only with clients running Windows Internet Explorer. Virtual Media Virtual Media (vMedia) enables connections of a CD/DVD-ROM physical device or image file from the local client system to the remote server. The virtual device or image file can be used to boot the server with an operating system that supports USB devices.
iLO 3 Advanced Pack licensing Advanced Pack licenses are built into every system that has Integrity iLO 3, no additional licensing is required. Multi-bladed Integrity servers, such as BL870c i2 and BL890c i2, contain multiple iLOs and each iLO contains a model-based iLO Advanced license key.
Related links: • • Java for HP-UX ◦ http://www.hp.com/products1/unix/java/versions/index.html ◦ http://www.hp.com/products1/unix/java/archives/index.html Java for OpenVMS ◦ • http://h18012.www1.hp.com/java/alpha Mozilla Firefox for HP-UX ◦ http://www.hp.com/products1/unix/java/firefox/index.html Note: 1.5.0.00 needs patch ◦ • Mozilla Firefox for Linux® ◦ • http://linuxcoe.corp.hp.com Mozilla Firefox for Windows and Linux ◦ • http://www.hp.com/go/firefox http://www.mozilla.
IMPORTANT: Ensure that physical access to the server is limited. You can clear passwords by pressing the iLO 3 Physical Presence button for longer than 8 seconds. IMPORTANT: For greater security, HP recommends that iLO 3 management traffic be on a separate dedicated management network that is configured to allow only limited access from selected secure systems by designated system administrators. This acts as the first line of defense against security attacks.
2 Ports, buttons, LEDs, and components The iLO 3 functions are available through the server MP LAN port and the local port. On HP Integrity server blades, the iLO management LAN port is routed internally to the HP BladeSystem Onboard Administrator (OA) management LAN. For locations and descriptions of iLO 3 LEDs, ports, and buttons on your server, see your user service guide or system specifications.
• Pressing the Physical Presence button for more than 12 seconds has no effect on the system. • The UID LED blinks once after holding the Physical Presence button for 4 seconds, and once again after holding the button for 8 seconds. This helps you gauge how long the button press has been held. NOTE: If the UID LED is blinking when the Physical Presence button is pressed, a firmware update is in progress. During a firmware update, no iLO actions take place if the Physical Presence button is pressed.
3. To exit, wait the remainder of the 15 minutes for the TPM physical presence mode to expire. NOTE: Alternatively, you can exit immediately by pushing the Physical Presence button for less than 4 seconds; however, this action will reset iLO. • The Login Timeout in Minutes feature, shown in the iLO GUI screen below and in the text user interface (see so command), disables logins after too many login failure attempts occur in a short timeframe.
When iLO is in Security Override mode, all authentication is suspended for 15 minutes, or until someone exits Security Override mode by performing any of the following actions: ◦ Pressing the Physical Presence button less than 4 seconds ◦ Manually exiting through the iLO TUI's SO command ◦ Manually exiting through the iLO GUI's Access Settings web page 1. The system administrator should examine both the IEL and SEL to determine the cause of the login failures.
• Thermal Logic power and cooling information and control • email or Insight Display communications of problems within the enclosure Each c7000 Enclosure is shipped with a first Onboard Administrator module/firmware. If needed, you can order a second redundant Onboard Administrator module for each enclosure. When two Onboard Administrator modules are present in a c7000 Enclosure, they work in an active - standby mode, assuring full redundancy of the c7000 Enclosure integrated management.
3 Getting connected to iLO 3 This chapter provides information on getting connected to iLO 3. The ways you connect to iLO 3 will depend on whether you have a rackmount server or a server blade. IMPORTANT: For greater security, HP recommends that iLO 3 management traffic be on a separate dedicated management network that is configured to allow only limited access from selected secure systems by designated system administrators. This acts as the first line of defense against security attacks.
Table 3 physical connection matrix Connection Method Console serial port (RS-232) Required Connection Components • Host console • Console serial port (RS-232) DB-9F to DB-9F cable (modem eliminator cable) • Emulation terminal device (for example, a PC, laptop, or ASCII terminal) These connection methods directly attach to the iLO 3 MP through the console serial port. This is an RS-232 connection from a workstation to the server's iLO 3 MP console serial port.
When you use DHCP and DNS, you can connect to iLO 3 by entering the DNS name in your browser rather than an IP address only if the following applies: • DHCP must be enabled (DHCP is enabled by default). • You are using a DHCP server that provides the domain name. • The primary DNS server accepts dynamic DNS (DDNS) updates. • The primary DNS server IP address was configured through the DHCP server.
1. Ensure the emulation software is correctly configured: a. Verify that the communication settings are configured as follows: b. • 8/none (parity) • 9600 baud • None (receive) • None (transmit) Verify that the terminal type is configured appropriately. The following are supported terminal types: • hpterm • vt100 • vt100+ • vt-utf8 IMPORTANT: Do not mix hpterm and vt100 terminal types at the same time.
Connecting the server blade to iLO 3 using the Onboard Administrator If the OA/iLO network port on the enclosure is connected to the local network that has a DHCP server, your iLO 3 MP IP address is automatically generated by the DHCP server. The server blade is factory set with DHCP enabled. To connect to iLO 3 using the OA, click the iLO link on the OA iLO GUI page: 1.
• Auto login is implemented using IPMI over Ethernet between the OA and iLO 3 to create and delete user commands. • Supports a maximum of four simultaneous OA user accounts. The OA keeps track of these users locally. The information maintained for each user is the user name, password, and privilege levels. • User accounts for the auto login feature are created in the MP database when an auto login session is established. These accounts are deleted when the auto login session is terminated.
3. 4. The OA sends a command to create an OA user. The OA launches an SSH or web GUI connection to iLO 3 and logs in with the created user’s credentials. Terminating an auto login session When the auto login CLI or web GUI session is terminated, the temporary Auto Login iLO 3 account is deleted.
Unless SSH is disabled and the local user database is disabled (enabled is default), you can connect from the OA using connect server n. On HP Integrity server blades, you also have access to the console port. It is not necessary to physically connect to iLO 3 through the console serial port to perform management tasks. Use the OA/iLO LAN port to communicate with any iLO 3 in the enclosure and the OA. You can use the LCD panel and the OA to configure and determine the iLO MP LAN address.
Setting security access Determine the security access required and what user accounts and privileges are needed. Integrity iLO 3 provides options to control user access. To prevent unauthorized access to iLO 3, select one of the following options: • Create local accounts. You can store up to 19 user names and passwords to manage iLO 3 access. This is ideal for small environments such as labs and small-to-medium sized businesses. • Use corporate directory services to manage iLO 3 user access.
4 Logging in to iLO 3 This chapter provides instructions on how to log in to iLO 3. Logging in to iLO 3 using the web GUI 1. Obtain the iLO Network Information Tag. The default iLO 3 user name and password is on this tag. NOTE: 2. 3. • On server blades, the iLO Network Information Tag is located on the right side of the monarch blade. • On HP Integrity rx2800 i2/i4 servers, the iLO 3 Network Information Tag is located on a pull-tab on the front panel.
To log in to the OA web GUI, click the iLO link from the OA. To log in to the OA TUI: 1. To see a list of what is in each bay, use show server info from the OA TUI. 2. To log in to that bay, use connect server n. You do not need a username/account; but you do need an empty SSH connect slot. SSH needs to be enabled and there cannot be too many other SSH connections already in use.
5 Accessing the host (operating system) console This chapter describes several ways to access the host console of an HP Integrity server blade. Accessing a text host console through iLO 3 virtual serial console Web browser access is an embedded feature of iLO 3. Before starting this procedure, you must have the following information: • DNS name for the iLO MP LAN • Host name To interact with iLO 3 through the web: 1. Open a web browser and enter the DNS name or the IP address for the iLO 3 MP. 2.
Figure 3 Status Summary page 4. Select the web interface functions by clicking the tabs at the top of the page. Each function lists options in the Navigation Control on the left side of the page. Accessing online help The iLO 3 web interface has a robust help system. To launch iLO 3 help and display help about that page, click the help ? at the top right corner of each page. Accessing a text host console using the TUI 1. 2. 3. Log in using your user account name and password at the login page.
==== hpiLO->:HE To display the Main Menu Command List, enter LI at the HE:hpiLO-> prompt. To return to the MP Main Menu, enter Q. To access help from the web GUI, click Help. You can also click the ? at the top right corner of each page to display help about that page.
6 Configuring DHCP, DNS, LDAP, and schema-free LDAP This chapter provides information on how to configure DHCP, DNS, LDAP extended schema, and schema-free LDAP. Configuring DHCP DHCP enables you to automatically assign reusable IP addresses to DHCP clients. This section provides information on how to configure DHCP options. This iLO 3 MP host name will appear at the iLO 3 MP command mode prompt. Its primary purpose is to identify the iLO MP LAN interface in a DNS database.
• Modify the MP gateway address. [hostname] CM:hpiLO-> LC -g 192.0.2.1 • Set the link state to auto negotiate. [hostname] CM:hpiLO-> LC -link auto • Set the link state to 10 BaseT. [hostname] CM:hpiLO-> LC -link x (Other option is -link c (100BaseT)) • Set the remote console serial port address. [hostname] CM:hpiLO-> LC -rsc n • Set the SSH console port address. [hostname] CM:hpiLO-> LC -ssh 22 Configuring DNS To use the DNS command to display and modify the DNS configuration: 1.
NOTE: The LDAP connection times out after 30 minutes of inactivity in Active Directory. For Novell directory, there is no inactivity timeout. To configure using the web interface, see “Group Accounts” (page 101). To configure LDAP extended schema: 1. From the MP Main Menu, enter command mode. 2. At the CM:hpiLO-> prompt, enter LDAP. 3. To select Directory Settings, enter D. The current LDAP directory settings appear. 4. To select all parameters enter A.
When LDAP is enabled with extended schema in iLO 3, after users enter their login and password, the browser sends the cookie to iLO 3. The iLO 3 processor accesses the directory service to determine which roles are available for that user login. The iLO 3 first uses the credentials to access the iLO 3 device object in the directory. The directory service returns only the roles for which the user has rights.
NOTE: Due to command syntax changes in schema-free LDAP, some customer-developed scripts may not run. You must change any scripts you developed to enable them to run with the new schema-free LDAP syntax. NOTE: You must select the default schema from the LDAP command for the schema-free LDAP settings to work. To set up directory security groups: 1. At the CM:hpiLO-> prompt, enter LDAP. The screen displays the current LDAP options.
7 Using iLO 3 There are several options for using iLO 3. This chapter provides information and instructions on each available option. Text user interface This section provides information on the text user interface (TUI) commands you can run in iLO 3. NOTE: HP Integrity server blades do not have fans or power supplies. Therefore, the response to certain commands are different than a rackmount server.
MP Main Menu commands The following sections describe the MP Main Menu commands. CO (Console): Leave the MP Main Menu and enter console mode CO switches the console terminal from the MP Main Menu to mirrored/redirected console mode. All console output is mirrored to all users in console mode. Only one of the mirrored users at a time has write access to the console. To get console write access, press Ctrl-Ecf. To return to the MP Main Menu, press either Ctrl-B or Esc and (.
Each user viewing VFP is in private session mode. See also: LOC (locator LED) and, SL (show logs). CM (Command Mode): Enter command mode CM switches the console terminal from the MP Main Menu to mirrored command interface mode. The Command menu provides you with a set of standard command-line interface commands that help monitor and manage the server. To display the list of MP command mode commands: 1. From the MP Main Menu, enter CM. 2. Enter HE LI at the CM: hpiLO-> prompt.
I - iLO Event C - Clear SEL and FPL L - Live Events 12 2 % 27 Mar 2010 02:33:26 Enter menu item or [Ctrl-B] to Quit: The following example shows the display in the SL menu E system event submenu: # Location |Alert | Encoded Field | Data Field | Keyword/Timestamp ------------------------------------------------------------------------------10 SFW 3,1,0,0 2 5488006341E10011 0000000000000000 BOOT_START 27 Mar 2010 20:07:51 9 SFW 4,0,0,0 2 548C006301E1000F 0000000000000000 BOOT_START 27 Mar 2010 20:07:51 S
Table 7 Events (continued) Log Name Acronym Log Description C - Clear SEL and FPL --- SEL Log FPL Log Clears all entries in the System Event and Forward Progress logs Live Event Viewer Presents each event as it is received L - Live Events LIVE NOTE: Integrity iLO 3 captures and stores the server System Event Log for access through a browser or text interface even when the server is not operational. This capability can be helpful when troubleshooting remote host server problems.
NOTE: The iLO 3 Event Logs cannot be cleared. A finite number of records are stored. The older records are replaced as the log fills up. Table 10 Alert levels Severity Definition 0 Minor forward progress 1 Major forward progress 2 Informational 3 Warning 5 Critical 7 Fatal See also: DC and VFP HE (Help): Display help for the menu or command in the MP Main Menu The HE command displays the MP hardware and firmware version identity, and the date and time of firmware generation.
Table 11 Command menu commands (continued) Command LDAP Description Configure LDAP parameters LM View current license status LOC Locator LED configuration LS Current LAN settings PC Remote power control PM Power regulator mode PR Set the power restore policy PS Power management module status RS Reset the system through the RST signal SA Configure remote, LAN, Telnet, and web access options SO Configure security options SYSREV, SR SS SYSSET Display all firmware revisions Display system
you to write a script for one iLO 3, and use it to apply the same commands to additional iLO 3s.
# # -Don # # (End of auto-expect generated content) ####################################################################### # USER set mp_user "Admin" # PASSWORD- get password from terminal instead of storing it in the script stty -echo send_user "For user $mp_user\n" send_user "Password: " expect_user -re "(.
Command menu commands and standard command line scripting syntax The following list of commands is provided to familiarize you with the Command menu commands. Command-line interface scripting syntax for each command is provided to help you accomplish a scripting task. The following rules apply to scripting syntax: • The -nc (no confirmation) is optional. This special keyword designates that no user confirmation is required to run the command.
Bay number The bay number is used to locate and identify a blade. Enclosure information Enclosure name Logically groups together the server blades installed in the same enclosure. The enclosure name is shared with the other server blades in the enclosure. Health Indicates one of three states of health of this enclosure. OK Normal operation, any issues have been acknowledged. Degraded Typically loss of redundancy or partial failure of a component.
CA CA [ -local ] [ -bit ] [ -flow >software|hardware> ] [ -mode ,aux|ilo> ] ] [ -nc ] -? See also: SA DATE: Display date Command access level: Login access The DATE command displays the date of the iLO 3 MP real-time clock. Command line usage and scripting: DA DA | | DATE [ -nc ] DATE -? DC (Default Configuration): Reset all parameters to default configurations CAUTION: All user information (logins, passwords, and so on) is erased when you use any of the following reset methods.
DF To dump all available FRU information without any paging, use the command line interface: DF -ALL -NC Display 1 2 A V FRU Information Menu: - Specific FRU Bay 1 - Specific FRU Bay 2 - All available FRUs - Display Mode: Text Enter menu item or [Q] to Quit: 1 1 FRU IDs (Bay 1): ---------------00-System Board 01-SAS Backplane 21-Processor 1 24-Processor 0 RAM 40-Virtual Mezz 1 41-Virtual Mezz 2 83-DIMM CPU0 - 4A CC-SBL 20-Processor 0 25-Processor 1 RAM 82-DIMM CPU0 - 3A Select FRU ID: Server blades tha
automatically using DHCP. You can also perform a DDNS update through the primary DNS server as long as it is authoritative for the zone. If no DNS server IP addresses are specified, or the DNS domain is undefined, DNS is not used. If an IP address was obtained through DHCP, an add name request is sent to the DDNS server if it is enabled and registered.
Additional help is available at the help prompt. Given a topic or command, more detailed help is available. • When issued in command mode, HE displays the list of the MP Command Mode commands available according to the level of the MP Command Mode of the requestor (Operator or Administrator) and the MP mode (Normal or Manufacturing). • HE also displays the MP Help: Command Menu List of detailed help information in response to a topic or command at the help prompt.
The LC command displays and modifies the LAN configuration parameters. The LC command sets next boot LAN settings. It does not display the current settings. Use the LS command for that purpose. The LC no longer does an automatic reset but advises that a reset is needed to make the changes you performed.
Configurable parameters include the following: • iLO 3 MP IP address • DHCP status (default is enabled) • ◦ When DHCP is enabled, the IP address, gateway IP address and subnet mask are obtained through DHCP. These parameters cannot be changed manually without first disabling DHCP. ◦ If you change the DHCP status to enabled or disabled, the IP address, subnet mask, and gateway address are set to the default values (0.0.0.0), and the DNS parameters are voided.
The LDAP command displays and modifies the following LDAP directory settings: • • Directory Authentication: Activates or deactivates directory support on iLO 3. ◦ Enable with Extended Schema: Selects directory authentication and authorization using directory objects created with the HP schema. Select this option if the directory server is extended with the HP schema and you plan to use it.
[ -list ]] | -nc ] LDAP -? See also: LOGIN, UC LDAP: LDAP group administration The LDAP command enters one or more directory groups by specifying the distinguished name of the group and privileges to be granted to users who are members of that group. You must configure group administration information when the directory is enabled with the default schema.
LS: LAN status Command access level: Login access The LS command . Command line usage and scripting: LS [ -nc ] LS -? PC: Power control Command access level: Power control access The PC command is used to obtain an instantaneous power reading and control system power. It provides the following options for remote control of system power: ON Turns the system power on. This command has no affect if the power is already on. OFF Turns the system power off.
High Sets the processor to the highest supported processor state and forces it to stay in that highest state unless the system is reset or an operating system-hosted application requests a state change. If the processor is reset, the power mode changes to operating system Control Mode. OS Sets the control of the power regulator to the operating system.
SA: Set access Command access level: MP configuration access The SA command configures the access mode for the LAN and the Command mode. You can set iLO 3 to enable web or SSH access. SSH and web SSL is enabled by default. If LAN users are connected when a disable from this command runs, they are disconnected. Any future incoming connection request to the corresponding port is rejected. A message appears prior to being rejected.
occurs. However, if a local port user enters a login name, sits at the hpilo-> Password: prompt, and a timeout occurs, then this login is cancelled and the hpilo-> Login: prompt reappears. • Number of password faults allowed: 1 to 10. This parameter defines the number of times a user can attempt to log in to a console before being rejected and having its connection closed. • SSL certificate: Enables the generation of SSL certificates.
Command line usage and scripting SYSSET [ SYSSET [ -prodname ] [ -prodnum ] [ -serial ] [ -uuid ] [ -login ] [ -password ] | [-copy] | [-magic] [ -nc ] -? TC: System reset through INIT signal Command access level: MP configuration access IMPORTANT: This command is intended to be used only when an operating system is hung. The action of the TC command depends on the current state of the system.
The default user is Administrator. The Administrator user has all rights (C, P, M, U, and V). You can change the configuration of the Administrator with the UC command. All users have the right to log in to iLO 3 and to run Status (read-only) commands (view event logs, check system status, power status, and so on), but not to run any commands that alter the state of iLO 3 or the system.
User may be disconnected in this process -> User Configuration has been updated. -> Command successful. [gstlhpg1] CM:hpiLO-> See also: CA, SO WHO: Display a list of connected iLO 3 users Command access level: Login access The WHO command displays the login name of the connected console client users, the ports on which they are connected, and the mode used for the connection.
Command line usage and scripting: XD [ -lan | -reset ] [ -nc ] XD -? Web GUI When using the iLO 3 web GUI, keep the following information in mind: • To successfully log in to the iLO 3 web GUI, you must enable cookies on the web browser. • The appearance of the web GUI pages might differ depending on your server. • Different browser applications must be used to perform multiple logins to the same iLO from a single client. Accessing the iLO 3 web GUI 1.
Status Summary The Status Summary menu provides access to server information and enables you to perform server management tasks. Status Summary>Overview tab The Status Summary Overview tab displays a brief status summary of the system. Figure 7 Overview tab Table 12 Overview description Item Description System Displays system information. When the UUID and serial number are virtualized, they also appear as UUID (logical) and serial number (logical) respectively.
Table 12 Overview description (continued) Item Firmware Revisions Description Displays the current firmware revisions for system firmware: • iLO: iLO Management Processor firmware version • System Firmware: System platform firmware version Logs Displays the following: • Most recent entry in the System Event Log (SEL) • Most recent entry in the iLO Event Log (IEL) Relevant iLO MP TUI commands: DATE, ID, LM, LOC, LS, PC, SL, SYSREV Status Summary>Active Users The Active Users tab displays information abo
Table 13 Active Users description (continued) Item Authorized Description Displays the type of authentication: • LDAP directory user authentication (LDAP) • Locally stored iLO 3 user accounts (local) • SecurityOverride Rights Displays the rights a user has.
System Health The System Health page displays system health information, as determined by iLO, obtained from iLO sensors, OS events, and system firmware events. Figure 10 System Health Table 14 System Health description Item Health Summary Component Health Description Blade Health LED Only displays for blade servers in the current system. For further details, consult the System Event Log and Component Health. System Event Log Health Displays the SEL health state for both blade and rackmount servers.
Table 14 System Health description (continued) Item Power Health Description Lists the power state, power usage in watts, power cap in watts, and power allocations in watts. The display is different for rackmount versus server blades. Blade Power State, Power Usage, Power Cap, Power Allocation Rack Temperature Health Power State, Power Usage, Power Cap, Power Supply 1, Power Supply 2 Displays the ambient temperature in Celsius and the temperature status.
Relevant iLO MP TUI command: SL NOTE: You can view only the most pertinent fields for each event on the web. For a more complete decoding of the events, use the TUI CLI by logging in to iLO 3 through Telnet or SSH. Events Events can be a result of a failure or an error (such as fan failure, Machine-Check Abort, and so on). They can indicate a major change in system state (such as, firmware boot start or, system power on or off), or they can be forward progress markers (such as CPU self-test complete).
Figure 12 Forward Progress Log Table 16 Forward Progress Log descriptions Item Description Forward Progress Log Summary Lists log status and event summary. Forward Progress Log Lists all events. Clear Logs Clears all entries in the System Event and Forward Progress logs. Relevant iLO MP TUI command: SL System Inventory The System Inventory page enables you to view data on all FRUs in the system. It also enables any user to view the asset tag for the system.
Figure 13 System Inventory You can expand information for individual FRUs by clicking +, or collapse by clicking - to the left of the FRU name. You can expand or collapse all the FRUs at once by clicking ++ or -- at the top of the list. If there are multiple bays in the partition, FRUs for each bay appear separately in tabs. You can access each bay by clicking its corresponding tab. Table 17 System Inventory descriptions Item Description Asset Tag Displays the asset tag for the system.
Figure 14 iLO Health Table 18 iLO Health descriptions Item Description Reset the iLO to Default Resets sets all iLO parameters to the default values. Configuration Reset iLO All iLO parameters retain their current values. Note: iLO reset is disabled during a firmware upgrade. Submit Submits your request to the system iLO Self Test Results NVRAM The status of non-volatile RAM. EEPROM The status of the EEPROM.
Figure 15 iLO Event Log Table 19 iLO 3 Event Log descriptions Item Description iLO 3 Event Log Summary Displays alert level information. iLO 3 Event Log Displays all the events corresponding to iLO 3 MP login/logout actions and running of iLO 3 MP commands. Relevant iLO MP TUI command: SL Remote Serial Console The Remote Serial Console enables you to securely view and manage a remote server.
Figure 16 Remote Serial Console Remote Serial Console requires prior installation of Java Plug-in to be installed on the client system. NOTE: Pop-up blocking applications prevent Remote Serial Console from running. Before starting the Remote Serial Console, disable any pop-up blocking applications. The iLO 3 mirrors the system console to the iLO 3 MP local, remote, and LAN ports. One console output stream is reflected to all the connected console users.
NOTE: If Launch is disabled, you do not have the Remote Console Access user right. To add the user right, see User Administration. Figure 17 Remote Serial Console window Using this feature, you can do the following: • View and interact with the boot sequence of your server. • Perform maintenance activities in text mode. • Manage nongraphical mode operating systems.
The remote serial console function is a bidirectional data flow of the data stream appearing on the server serial port. Using the remote console paradigm, a remote user can operate as if a physical serial connection is present on the server serial port. With the remote serial console, an administrator can access a console application such as Windows EMS remotely over the network.
1. First, login to the iLO web interface using Internet Explorer. a. If IE7 or IE8 Click the Certificate Error located after the URL in the pink box. If IE 6.0 Click the yellow padlock in the bottom right hand corner. b. c. d. e. f. g. h. i. j. k. 2. Click View certificates. Click Install Certificate…. Click Next. Select Place all certificates in the following store. Click Browse. Select Trusted Root Certification Authorities. Click OK. Click Next. Click Finish. Click Yes.
Use Control Panel/ Display/ Settings/ Advanced/ Monitor and select a lower screen refresh rate. Using the IRC 1. Click the Launch button on the Integrated Remote Console page. Figure 18 Integrated Remote Console The following message appears when the IRC fails to launch: 2. To view the Error Summary, click Details….
Virtual Media Virtual Media (vMedia) enables connections of a CD/DVD-ROM physical device or image file from the local client system to the remote server. The virtual device or image file can be used to boot the server with an operating system that supports USB devices. Virtual Media depends on a reliable network with good bandwidth. This is especially important when you perform tasks such as large file transfers or operating system installations.
2. 3. To load the vMedia applet, click Launch. The vMedia applet loads in support of the vMedia device. At this point, you can connect to a virtual CD/DVD-ROM or USB key device or create an iLO 3 disk image file. a. Check the USB Key for EFI Only box. b. Click Launch. c. Select Local Media Drive in the correct virtual media section. d. Select the drive letter of the desired USB key drive on your client PC from the menu.
IMPORTANT: Only CD and DVD-ROM image files are supported. If you use a USB key image file, you must select the Floppy/USB Key option. The USB key image file is not interchangeable with the CD or DVD-ROM and vice versa. Figure 20 Virtual Media dialog box (before connection) 3. 4. 5. Select Local Media Drive. Select the drive letter of the desired physical CD/DVD-ROM drive on your client system from the list. Click Connect.
Virtual Media CD/DVD-ROM operating system You can view the list of supported browser and operating systems in the Quickspec document on the HP website at http://www.hp.com/go/integrityilo. The vMedia CD/DVD-ROM supports the following operating systems: • UEFI console currently supports only El Torito bootable CD format media. • Windows Server 2003 or 2008: The virtual CD/DVD-ROM displays automatically after the Windows operating system has recognized the mounting of the USB device.
Figure 22 Local image file dialog box 3. To open the Create Media Image dialog box and locate the image file, enter the path or file name of the image in the text box or click Browse. Figure 23 Create media image dialog box 4. Click Create Disk Image. The vMedia applet begins the process of creating the image file. This process creates a file that emulates a CD/DVD-ROM on the local system. The process is complete when the progress bar reaches 100%. To cancel the creation of an image file, click Cancel.
Virtual USB key The iLO 3 vMedia devices connect to the host server using USB technology. Using USB also enables new capabilities for the iLO 3 vMedia devices when connected to USB-supported operating systems. Integrity iLO 3 v1.00 supports Virtual USB flash as a read-only device for use only with EFI, not with a client operating system. The USB key can be the physical USB key drive on which you are running the web browser, or an image file stored on your local hard drive or network drive.
5. When you are finished using the virtual USB key, disconnect the device from the host server or close the applet. Performance • A disk image file results in better performance than a physical drive. • Store the image files on the client or on a network drive accessed using a fast network segment. • The drive-connected icon and LED change state to reflect the connection status of the virtual drive.
Power Management The iLO 3 power management feature enables you to view and control the power state of the server, monitor power usage, and monitor the processor. You must have the Virtual Power & Reset user right to choose options on the power pages except where stated that the Configure iLO Settings user right is required. The Power Management menu has the following options: • Power & Reset • Power Meter Readings • Power Regulator & Capping The pages are automatically refreshed every 10 seconds.
Table 20 Power & Reset description (continued) Item Description Force Power Off Turns system power off. This action is equivalent to forcing the system power off with the front panel power switch. No signal is sent to the operating system to bring the software down before power is turned off. To power off the system properly, shut down the operating system before issuing this command. Force System Reset with Crash Dump Causes the system to be reset through the INIT or (TOC/INIT) TOC signal.
Figure 26 Power Meter Readings IMPORTANT: Power consumption data readings are dependent on the configuration, architecture, components, and levels of activity of the server at any given time. Table 21 Power Meter Readings description Item History Graphs Description The graphs display recent server power usage. The graph data is reset whenever the iLO MP is reset. Samples are taken in 5 minute and 10 second time increments. 24-Hour History Graph 24-hour display with samples taken every 5 minutes.
Table 21 Power Meter Readings description (continued) Item Description Average Displays the average power usage of all the samples collected. Minimum Displays the lowest power usage of the samples collected. Power Regulator & Capping The Power Regulator & Capping page enables you to view and control the power regulator and power capping settings for the server. To change this setting, you must have the Configure iLO Settings user right.
Table 22 Power Regulator & Capping description (continued) Item Description OS Control Mode Power Capping Settings Show values in Btu/hr or Show values in watts This mode configures the server to enable the operating system to control the processor p-states. Use this setting to put the Operating System (including OS-hosted applications) in charge of power management. Power Cap Value The power cap value in watts or Btu/hr and percentage. Maximum Power Rating Maximum power cap allowed.
Figure 28 Firmware Upgrade NOTE: Bundles containing firmware (iLO firmware, System firmware, and/or System programmable hardware) that may be installed using this Firmware Upgrade page are available for download. It is important to check the compatibility of the firmware revisions in the bundle with the current revisions on the system prior to updating. Use of the HP SUM firmware upgrade tool will automatically perform compatibility checking. To find appropriate bundles for this system: 1.
If a firmware request is pending when you enter the FW command, a SYSREV table appears. You will be prompted to either cancel the firmware upgrade request or exit. Follow the prompts on the screen. The FW command upgrades iLO MP or specific system programmable firmware. • If only upgrading the iLO MP firmware, the iLO MP automatically resets upon successful completion dropping all iLO MP LAN connections. This upgrade will not affect server operation if it is for iLO MP only.
The following Advanced Pack features are available in this firmware release: • Virtual Media • Directory Services Integration for iLO 3 user management using LDAP-based directory services • Schema-free LDAP based directory services (LDAP-lite) • Power Meter Readings • Integration with Insight Power Management These features can change without notice. Not all features are supported by all operating systems. Not all features are supported by all platforms.
Figure 30 Local Accounts The default user is Administrator. The Administrator user has all access rights.
Table 24 Local Accounts description Item Description Select User To edit or delete a user account, select an existing user from the list of user names and click Edit or Delete to either edit or delete that user account. New To create a new user account, click New. This opens a page that enables you to enter account information for the new user. By default, a new user is granted the Remote Console Access and Virtual Media rights. The operating mode is set to multiple logins, and the user is enabled.
Group Accounts The Group Accounts page enables you to enter one or more directory groups by specifying the distinguished name of the group and privileges that can be granted to users who are members of that group. To use this feature, you must have the Configure iLO Settings user right. Group administration information must be configured when the directory is enabled with the default schema.
Figure 31 Group Accounts Table 25 Group Accounts description Item Description Administrator Click this radio button and click Edit to open a page that enables you to change settings for the Administrator group. User Click this radio button and click Edit to open a page that enables you to change settings for the User group.
Table 25 Group Accounts description (continued) Item Description Custom (1,2,3,4) Click one of these radio buttons and click Edit to open a page that enables you to change settings for the chosen Custom group. Cancel Cancels the action. Relevant iLO MP TUI command: LDAP Access Settings The Access Settings page enables you to access the following tabs: • LAN • Serial • Login Options LAN The LAN tab enables you to modify LAN settings.
Table 26 LAN description (continued) Item Description The default SSH port number is 22. You can configure this port number to a value in the range 2000-2400. If the port number is modified, it takes effect the next time iLO 3 is rebooted. To secure an SSH connection, select Enable and ensure that an SSH key pair has been generated. SSH is an industry-standard client-server connectivity protocol that provides a secure remote connection.
Figure 33 Serial Table 27 Serial description Item Description Mode of Operation Enables you to set the local serial mode of operation to either the iLO MP or Auxiliary UART mode. Switching to AUX UART mode when MP LAN access is disabled requires a push-button reset of the iLO 3 Physical Presence button to return to iLO 3 mode. If baud rate settings are not consistent between the serial port and the attached serial device, communication issues occur.
Figure 34 Login Options Table 28 Login Options description Item Description Login Timeout in Minutes If a user remains at the MP login: prompt for longer than the timeout, iLO 3 disconnects the user from SSH or Telnet. The default value is 1 minute; it can be configured to a value in the range of 1 to 5 minutes. This timeout does not apply to users who have successfully logged in to iLO 3. The timeout value in minutes is effective on all ports, including local ports.
Figure 35 Current LDAP Parameters Table 29 Current LDAP Parameters description Item Directory Authentication Description Choosing enable or disable, activates or deactivates directory support on iLO 3: Enable with Extended Schema Selects directory authentication and authorization using directory objects created with HP schema. Select this option if the directory server has been extended with the HP schema.
Table 29 Current LDAP Parameters description (continued) Item Description User Search Contexts (1,2,3) User search contexts locate an object in the tree structure of the directory server and are applied to the login name entered to access the iLO MP. All objects listed in the directory can be identified using the unique distinguished name. However, distinguished names can be long, or users might not know the distinguished usernames, or they may have accounts in different directory contexts.
Figure 36 Standard network settings Table 30 Standard network settings description Item Description MAC Address Displays the 12-digit (hexadecimal) MAC address. DHCP Status To enable iLO 3 to obtain an IP address, Subnet Mask, and Gateway Address from a DHCP server, select Enable. Changes to those three network settings are not allowed while the DHCP Status is enabled. To manually assign those three network settings to iLO 3, select Disable.
Table 30 Standard network settings description (continued) Item Description IMPORTANT: On Integrity rx2800 i2/i4 systems, the link state 1000BaseT option (or Duplex Option) is not currently supported. Integrity rx2800 i2/i4 systems can run at 1000BaseT, but only if the switch it connects to supports auto negotiate to 1000BaseT and the rx2800 i2/i4 is similarly set to auto negotiate. If you want to set a specific LAN speed (10BaseT or 100BaseT) those are the only options that iLO 3 currently supports.
Table 31 DNS description Item Description Use DHCP supplied domain To use the DHCP server-supplied domain name, select Yes. Or enter a domain name in name the Domain Name field. Domain name Enter the name of the domain where the system resides. This can be entered if DHCP is not being used (No was selected in the previous option), but DNS is wanted. This represents the DNS suffix of the subsystem. For example, hp.com in ilo.hp.com.
Table 32 Onboard Administrator description Item OA IP Address Description Displays the IP address of the OA. IMPORTANT: Integrity iLO 3 must have a reachable IP address as the default gateway address. Since the OA is reachable, HP recommends using the OA IP address as the gateway address for Integrity iLO 3. If you use the Enclosure IP mode, this solution works during a failover.
8 Installing and configuring directory services You can install and configure iLO 3 directory services to leverage the benefits of a single point of administration for iLO 3 user accounts. This chapter provides information on how to install and configure iLO 3 directory services. Directory services The following are benefits of directory integration: Scalability Leverage the directory to support thousands of users on thousands of iLO 3s.
Installing directory services To successfully enable directory-enabled management on any iLO 3: 1. Plan. Review the following sections: • “Directory services” (page 113) • “Directory services schema (LDAP)” (page 144) • “Directory-enabled remote management” (page 139) 2. Install. a. Download the HP Lights-Out Directory Package containing the schema installer, the management snap-in installer, and the migrations utilities from the HP website (http:// www.hp.com/servers/lights-out). b.
Integrity iLO 3 supports Microsoft Active Directory running on one of the following operating systems: • Windows 2000 family • Windows Server 2003 family Integrity iLO 3 supports eDirectory 8.6.2 and 8.7 running on one of the following operating systems: • Windows 2000 family • Windows Server 2003 family • NetWare 5.x • NetWare 6.x • Red Hat Enterprise Linux AS 2.1 • Red Hat Linux 7.3 • Red Hat Linux 8.
Schema preview The Schema Preview screen enables you to view proposed extensions to the schema. This application reads the selected schema files, parses the XML, and displays the schema on the screen in a tree view listing all of the details of the attributes and classes that are installed. Figure 39 Schema Preview screen Schema setup To enter information before extending the schema, use the Setup screen.
IMPORTANT: To extend the schema on Active Directory you must be an authenticated schema administrator, the schema must not be write protected, and the directory must be the flexible single master operation (FSMO) role owner in the tree. The installer attempts to make the target directory server the FSMO schema master. To obtain write access to the schema in Windows 2000, you must change the registry safety interlock.
The following sections provide installation prerequisites, preparation, and a working example of directory services for Active Directory. Active Directory installation prerequisites The following are prerequisites for installing Active Directory: • The Active Directory must have a digital certificate installed to enable iLO 3 to connect securely over the network. • The Active Directory must have the schema extended to describe iLO 3 object classes and properties.
running and you have appropriate rights. You can also do this by setting HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services NTDS Parameters Schema Update Allowed in the registry to a nonzero value (see the “Order of Processing When Extending the Schema” section of the Installation of Schema Extensions in the Windows 2000 Server Resource Kit), or by doing the following: CAUTION: Incorrectly editing the registry can severely damage your system.
2. Configure the directory service with the appropriate objects and relationships for iLO 3 management: a. Use the management snap-ins from HP to create iLO 3 policy, admin, and user role objects. b. Use the management snap-ins from HP to build associations between the iLO 3 object, the policy object, and the role object. c. Point the iLO 3 object to the admin and user role objects (admin and user roles automatically point back to the iLO 3 object).
b. In the Create New HP Management Object dialog box, select Device for the type. Figure 43 Create new HP Management Object dialog box c. d. e. 3. 4. 5. In the Name field of the dialog box, enter an appropriate name In this example, the DNS host name of the iLO 3 device, lpmp, is used as the name of the iLO 3 object, and the surname is iLO 3. Enter and confirm a password in the Device LDAP Password and Confirm fields (this is optional). Click OK.
c. From the Select Users dialog box, select the iLO 3 object created in step 2: (lpmp in folder mpiso.com/MPs). Figure 44 Select Users dialog box d. e. f. 6. Click OK. To save the list, click Apply. To add users to the role, click the Members tab and use the Add button and the Select Users dialog box. Devices and users are now associated. To set the rights for the role, use the Lights-Out Management tab.
10. Click Apply and OK. Members of the remoteMonitors role are able to authenticate and view the server status. User rights to any iLO 3 are calculated as the sum of all the rights assigned by all the roles in which the user is a member and the iLO 3 is a managed device. Following the preceding examples, if a user is included in both the remoteAdmins and remoteMonitors roles, he or she has all the rights of those roles, because the remoteAdmins role also has those rights.
Figure 46 HP Devices tab Managing users in a role After user objects are created, use the Members tab to manage the users within the role. • To add a user, browse to the specific user you want to add, and click Add. • To remove a user from the list of valid members, highlight an existing user and click Remove.
Setting login restrictions The Role Restrictions tab enables you to set login restrictions for a role. These restrictions include: • Time Restrictions • IP Network Address Restrictions ◦ IP/Mask ◦ IP Range ◦ DNS Name Figure 48 Role Restrictions tab Setting time restrictions • To manage the hours available for login by members of the role, click the Effective Hours button. The Logon Hours screen appears (Figure 49).
Figure 49 Logon Hours screen Defining client IP address or DNS name access From the Role Restrictions tab, you can grant or deny access to an IP address, IP address range, or DNS names. In the By Default list, select whether to grant or deny access from all addresses except for specified IP addresses, IP address ranges, and DNS names. To restrict an IP address: 1. From the Role Restrictions tab, select IP/MASK and click Add. The New IP/Mask Restriction dialog box appears.
4. 5. on a single DNS name or a subdomain, entered in the form of host.company.com or *.domain.company.com. Enter the information and click OK. To save the changes, click OK. To remove any of the entries, highlight the entry in the display list and click Remove. Setting user or group role rights After you create a role, you can select rights for that role. You can enable users and group objects to be members of the role, giving each the rights granted by the role.
NOTE: Schema-Free LDAP is not supported with eDirectory. Installing and initializing snap-ins for eDirectory For instructions on using the snap-in installation application, see “Installing and initializing snap-ins for Active Directory” (page 119). NOTE: After you install snap-ins, restart ConsoleOne and MMC to show the new entries.
2. From in the region1 organizational unit, right-click the HP devices organizational unit. Select New, and select Object. a. Select hpqTarget from the list of classes, and click OK. b. Enter an appropriate name and surname in the New hpqTarget dialog box. In this example, the DNS host name of the iLO 3 device, rib-email-server, is used as the name of the iLO 3 object, and the surname is RILOEII (iLO 3). Click OK. The Select Object Subtype dialog box appears. Figure 53 Select Object Subtype dialog box c.
a. b. c. d. e. Right-click the remoteAdmins role in the roles organizational unit in the region1 organizational unit, and select Properties. Select the Role Managed Devices subtab of the HP Management tab, and click Add. Using the Select Objects dialog box, browse to the HP devices organizational unit in the region1 organizational unit. Select the three iLO 3 objects created in step 2. Click OK and click Apply. Add users to the role.
devices,ou=region1,o=samplecorp Directory User Context 1 = ou=users,o=samplecorp For example, user CSmith (located in the users organizational unit within the samplecorp organization, and is a member of one of the remoteAdmins or remoteMonitors roles) is allowed to log in to iLO 3. To gain access, he enters csmith (case insensitive) in the Login Name field of the iLO 3 login, and uses his eDirectory password in the Password field.
Figure 56 Members tab (eDirectory) To browse to the specific user you want to add, click Add. To remove a user from the list of valid members, highlight the user name and click Delete. Setting role restrictions The Role Restrictions subtab enables you to set login restrictions for a role.
These restrictions include the following: • Time Restrictions • IP Network Address Restrictions • ◦ IP/Mask ◦ IP Range DNS Name Setting time restrictions You can manage the hours available for login by members of a role, using the time grid that appears in the Role Restrictions subtab (Figure 57). You can select the times available for login for each day of the week in half-hour increments.
To remove any of the entries, highlight the entry in the display field and click Delete. Setting Lights-Out management device rights After you create a role, you can select rights for the role and make users and group objects members of the role, which gives users or groups of users the rights granted by that role. To manage rights, use the Lights-Out Management Device Rights subtab of the HP Management tab.
hpqRole class). These objects support the Login Authentication utility to the iLO 3 device and enable iLO 3 users to run commands based on the assigned roles. Installing the Java Runtime Environment As a prerequisite for extending schema, you must have Java Runtime Environment (JRE) 1.4.2 installed. To ensure you have the correct version of JRE installed on your system: 1. To determine the Java version, run the following command: # java -version The Java version installed on your system is displayed. 2.
The SSL port (636) is used during the schema extension. You can verify this by running the netstat –nt grep :636 command while the hpdsse.sh file is running. Verifying snap-in installation and schema extension To verify the installation of snap-ins and schema extension: 1. Run ConsoleOne and log on to the tree. 2. Verify the new classes by opening the Schema Manager from the Tools list. All the classes related to the HP directory services must be present in the classes list.
Enter new value, or Q to Quit: -> Current Distinguished Name has been retained User Search Context 1: Current -> o=mp Enter new value, or Q to Quit: -> Current User Search Context 1 has been retained User Search Context 2: Current -> o=demo Enter new value, or Q to Quit: -> Current User Search Context 2 has been retained User Search Context 3: Current -> o=test Enter new value, or Q to Quit: -> Current User Search Context 3 has been retained New Directory Configuration (* modified values
Directory users that are specified with the user name form can be located in one of three searchable contexts that are configured within Directory Settings. • Local users - Login ID For the iLO 3 login, the maximum length of the Login Name is 25 characters for local users. For directory services users, the maximum length of the Login Name is 256 characters.
Directory-enabled remote management This section is for administrators who are familiar with directory services and with the iLO 3 product. To familiarize yourself with the product and services, see “Directory services” (page 113). Be sure you understand the examples and are comfortable with setting up the product. In general, you can use the HP provided snap-ins to create objects.
For example, an organization might have two types of users: administrators of the iLO 3 device or host server, and users of the iLO 3 device. In this situation, it makes sense to create two roles, one for the administrators and one for the users. Both roles include some of the same devices, but grant different rights. Sometimes, it is useful to assign generic rights to the lesser role, and include the iLO 3 administrators in that role, and the administrative role.
Role time restrictions You can place time restrictions on iLO 3 roles. Users are only granted rights that are specified for the iLO 3 devices listed in the role if they are members of the role and meet the time restrictions for that role. The iLO 3 devices use local host time to enforce time restrictions. If the iLO 3 device clock is not set, the role time restriction fails (unless no time restrictions are specified on the role).
Enforcing directory login restrictions Figure 62 shows how two sets of restrictions potentially limit a directory user's access to iLO 3 devices. User access restrictions limit a user's access to authenticate to the directory. Role access restrictions limit an authenticated user's ability to receive iLO 3 privileges based on rights specified in one or more roles. Figure 62 User and role access restrictions Enforcing user time restrictions You can place a time restriction on directory user accounts.
Figure 63 User time restrictions User address restrictions You can place network address restrictions on a directory user account, and the directory server enforces these restrictions. For information about the enforcement of address restrictions on LDAP clients, such as a user logging in to an iLO 3 device, see the directory service documentation.
Figure 64 Restricting general use Alternatively, the directory administrator can create a role that grants the login right and restrict it to the corporate network, create another role that grants only the server reset right and restrict it to after-hours operation.
Changes made to the schema during the schema setup process include changes to the following: • Core classes • Core attributes NOTE: Roles such as hpqTargets, and so on, are for extended schema LDAP only. They are not used in schema-free LDAP. Core LDAP OID classes Table 35 Core classes Class Name Assigned OID hpqTarget 1.3.6.1.4.1.232.1001.1.1.1.1 hpqRole 1.3.6.1.4.1.232.1001.1.1.1.2 hpqPolicy 1.3.6.1.4.1.232.1001.1.1.1.
hpqRole Table 38 hpqRole OID 1.3.6.1.4.1.232.1001.1.1.1.2 Description This class defines role objects, providing the basis for HP products using directory-enabled management. Class Type Structural SuperClasses Group Attributes hpqRoleIPRestrictions—1.3.6.1.4.1.232.1001.1.1.2.5hpqRoleIPRestrictionDefault—1.3.6.1.4.1.232.1001.1.1.2.4 hpqRoleTimeRestriction—1.3.6.1.4.1.232.1001.1.1.2.6hpqTargetMembership—1.3.6.1.4.1.232.1001.1.1.2.3 Remarks None hpqPolicy Table 39 hpqPolicy OID 1.3.6.1.4.1.232.
hpqTargetMembership Table 42 hpqTargetMembership OID 1.3.6.1.4.1.232.1001.1.1.2.3 Description This attribute provides a list of hpqTarget objects that belong to this object. Syntax Distinguished Name—1.3.6.1.4.1.1466.115.121.1.12 Options Multi Valued Remarks None hpqRoleIPRestrictionDefault Table 43 hpqRoleIPRestrictionDefault OID 1.3.6.1.4.1.232.1001.1.1.2.
Table 45 hpqRoleTimeRestriction (continued) OID 1.3.6.1.4.1.232.1001.1.1.2.6 Options Single Valued Remarks This attribute is only used on role objects. Time restrictions are satisfied when the bit corresponding to the current local side real-time of the device is 1, and unsatisfied when the bit is 0. The least significant bit of the first byte corresponds to Sunday, from 12 midnight, to Sunday 12:30 AM.
iLO 3 attribute definitions Table 49 through Table 54 define the iLO 3 core class attributes. hpqLOMRightLogin Table 49 hpqLOMRightLogin OID 1.3.6.1.4.1.232.1001.1.8.2.1 Description Login right for HP iLO 3 products. Syntax Boolean-1.3.6.1.4.1.1466.115.121.1.7 Options Single Valued Remarks The attribute is meaningful only on role objects. If TRUE, members of the role are granted the right. hpqLOMRightRemoteConsole Table 50 hpqLOMRightRemoteConsole OID 1.3.6.1.4.1.232.1001.1.8.2.
hpqLOMRightLocalUserAdmin Table 53 hpqLOMRightLocalUserAdmin OID 1.3.6.1.4.1.232.1001.1.8.2.5 Description Local user database administration right for HP iLO 3 products. Syntax Boolean-1.3.6.1.4.1.1466.115.121.1.7 Options Single valued Remarks This attribute is only used on role objects. If this attribute is TRUE, members of the role are granted the right. hpqLOMRightConfigureSettings Table 54 hpqLOMRightConfigureSettings OID 150 1.3.6.1.4.1.232.1001.1.8.2.
9 Support and other resources Contacting HP Before you contact HP Be sure to have the following information available before you contact HP: • Technical support registration number (if applicable) • Product serial number • Product model name and number • Product identification number • Applicable error message • Add-on boards or hardware • Third-party hardware or software • Operating system type and revision level HP contact information For the name of the nearest HP authorized reseller: •
Related information You can find other information on HP server hardware management in the following publications. HP Technical Documentation Website http://www.hp.com/go/Integrity_Servers-docs for HP Integrity servers http://www.hp.com/go/Blades-docs for HP Integrity server blades Typographic conventions This document uses the following typographical conventions: %, $, or # A percent sign represents the C shell system prompt.
Standard terms, abbreviations, and acronyms A address In networking, a unique code that identifies a node in the network. Names such as host1.hp.com are translated to dott-quad addresses such as 168.124.3.4 by the Domain Name Service (DNS). address path An address path is one in which each term has the appropriate intervening addressing association. administrator A person managing a system through interaction with management clients, transport clients, and other policies and procedures.
D DDNS Dynamic Domain Name System. DDNS is how iLO 3 automatically registers its name with the Domain Name System so that when iLO 3 receives its new IP address from DHCP, users can connect to the new iLO 3 using the host name, rather than the new IP address. DHCP Dynamic Host Configuration Protocol. A protocol that enables a DHCP server to assign Internet Protocol (IP) addresses dynamically to systems on a Transmission Control Protocol/Internet Protocol (TCP/IP) network.
G gateway A computer or program that interconnects two networks and passes data packets between the networks. A gateway has more than one network interface. gateway address Where the packet needs to be sent. This can be the local network card or a gateway (router) on the local subnet. GUI Graphical User Interface. An interface that uses graphics, along with a keyboard and mouse, to provide easy-to-use access to an application.
L LDAP Lightweight Directory Access Protocol. A directory service protocol used for the storage, retrieval, and distribution of information, including user profiles, distribution lists, and configuration data. LDAP runs over Transmission Control Protocol/Internet Protocol (TCP/IP) across multiple platforms. M managed object The actual item in the system environment that is accessed by the provider. For example, a Network Interface Card (NIC).
and Telnet uses port 23. A port enables a client program to specify a particular server program in a computer on a network. When a server program is started initially, it binds to its designated port number. Any client that wants to use that server must send a request to bind to the designated port number. port number A number that specifies an individual Transmission Control Protocol/Internet Protocol (TCP/IP) application on a host machine, providing a destination for transmitted data.
unique for unambiguous access to associated instance information needed to support association traversal rooted at the MAP AdminDomain instance. target address scheme resolution service This entity is responsible for discovering and enumerating the managed elements within the local domain, for maintaining the addressing and naming structure of the local domain, and coordinating this information with the operation invocation engine.
Index A access options, 63 access rights administer user accounts, 11 configure iLO settings right, 11 remote console access, 11 virtual media, 11 virtual power & reset, 11 accounts creating, 30 modifying, 30 resetting to default values, 19 active directory, 118 administer user accounts right, 11 advanced pack license, 15 alert levels, status logs, 47 auto login CLI SSH connection, 27 features and usage, 27 initiating a session, 28 terminating a session, 29 web GUI connection, 27 auxiliary blades DHCP addre
schema, 144–150 supported directories and operating systems, 114 user login, 137 directory services for Active Directory, 118 creating and configuring directory objects, 120 defining client IP address or DNS name access, 126 directory services objects, 123 installation prerequisites, 118 preparation, 118 setting login restrictions, 125 setting time restrictions, 125 setting user or group role rights, 127 snap-in installation and initialization, 119 snap-ins, 123 directory services for eDirectory, 127–136 ad
port, 58 LAN port, physical access, 23 LC command, 58 LDAP command, 59, 136 configuring extended schema, 38 configuring iLO 3 to use a directory server, 38 configuring parameters, 106 configuring schema-free, 40 fully distinguished names (FDN), 137 group administration, 60 modifying directory settings, 59 schema-free, 13 license, displaying the current status, 60 license, enabling the Advanced Pack license features, 60 license, power meter reading feature, 92 license, right to use the vMedia applet, 66 lice
PS command, 62 Q quickspec, 87, 90 Quickspecs, 15 R remote console access right, 11 remote console, disconnecting, 54 resetting password to factory default, 19 roles address restrictions, 141 creating multiple, 143 creating multiple restrictions, 143 creating to follow organizational structure, 140 DNS-based restrictions, 141 enforcing, 142 IP address restrictions, 141 restricting, 140 subnet mask restrictions, 141 time restrictions, 141 user address restrictions, 143 using multiple, 139 RS command, 62 RS
system health, 72 system inventory, 75 upgrading firmware, 95 virtual media, 84 WHO command, 67 X X command, 47 XD command, 67 163