HP Integrity iLO 2 Operations Guide
Table Of Contents
- HP Integrity iLO 2 Operations Guide
- Contents
- About This Document
- 1 Introduction to iLO 2
- Features
- Standard Features
- Always-On Capability
- Virtual Front Panel
- Multiple Access Methods
- Security
- User Access Control
- Multiple Users
- IPMI over LAN
- System Management Homepage
- Firmware Upgrades
- Internal Subsystem Information
- DHCP and DNS Support
- Group Actions
- Group Actions Using HP SIM
- SNMP
- SMASH
- SM CLP
- Mirrored Console
- Remote Power Control
- Power Regulation
- Event Logging
- Advanced Features
- Standard Features
- Obtaining and Activating iLO 2 Advanced Pack Licensing
- Supported Systems and Required Components and Cables
- Integrity iLO 2 Supported Browsers and Client Operating Systems
- Security
- Features
- 2 Ports and LEDs
- 3 Getting Connected to iLO 2
- 4 Logging In to iLO 2
- 5 Adding Advanced Features
- Lights-Out Advanced KVM Card for sx2000 Servers
- Lights-Out Advanced KVM card Requirements
- Configuring the Lights-Out Advanced KVM Card
- Lights-Out Advanced KVM Card IRC Feature
- Lights-Out Advanced KVM Card vMedia Feature
- Installing the Lights-Out Advanced KVM Card in a Server
- Lights-Out Advanced KVM Card Quick Setup Steps
- Using Lights-Out Advanced KVM Features
- Mid Range PCI Backplane Power Behavior
- Troubleshooting the Lights-Out Advanced KVM Card
- Core I/O Card Configurations
- Supported PCI-X Slots
- Upgrading the Lights-Out Advanced KVM Card Firmware
- Lights-Out Advanced KVM Card for sx2000 Servers
- 6 Accessing the Host (Operating System) Console
- 7 Configuring DHCP, DNS, LDAP, and Schema-Free LDAP
- 8 Using iLO 2
- Text User Interface
- MP Command Interfaces
- MP Main Menu
- MP Main Menu Commands
- CO (Console): Leave the MP Main Menu and enter console mode
- VFP (Virtual Front Panel): Simulate the display panel
- CM (Command Mode): Enter command mode
- SMCLP (Server Management Command Line Protocol): Switch to the SMASH SMCLP
- CL (Console Log): View the history of the console output
- SL (Show Logs): View events in the log history
- HE (Help): Display help for the menu or command in the MP Main Menu
- X (Exit): Exit iLO 2
- MP Main Menu Commands
- Command Menu
- Command Line Interface Scripting
- Command Menu Commands and Standard Command Line Scripting Syntax
- BP: Reset BMC passwords
- BLADE: Display BLADE parameters
- CA: Configure asynchronous local serial port
- DATE: Display date
- DC (Default Configuration): Reset all parameters to default configurations
- DF: Display FRU information
- DI: Disconnect LAN, WEB, SSH, or Console
- DNS: DNS settings
- FW: Upgrade the MP firmware
- HE: Display help for menu or command in command menu interface
- ID: System information settings
- IT: Inactivity timeout settings
- LC: LAN configuration usage
- LDAP: LDAP directory settings
- LM: License management
- LOC: Locator UID LED configuration
- LS: LAN status
- PC: Power control access
- PM: Power regulator mode
- PR: Power restore policy configuration
- PS: Power status
- RB: Reset BMC
- RS: Reset system through the RST signal
- SA: Set access LAN/WEB/SSH/IPMI over LAN ports
- SNMP: Configure SNMP parameters
- SO: Security option help
- SS: System Status
- SYSREV: Firmware revisions
- TC: System reset through INIT or TOC signal
- TE: Send a message to other mirroring terminals
- UC: User Configuration (users, passwords, and so on)
- WHO: Display a list of iLO 2 connected users
- XD: iLO 2 Diagnostics or reset
- Web GUI
- System Status
- Remote Serial Console
- Integrated Remote Console
- Virtual Media
- Power Management
- Administration
- BL c-Class
- Help
- SMASH Server Management Command Line Protocol
- SM CLP Features and Functionality Overview
- Accessing the SM CLP Interface
- Using the SM CLP Interface
- SM CLP Syntax
- System1 Target
- System Reset Power Status and Power Control
- Map1 (iLO 2) Target
- Text Console Services
- Firmware Revision Display and Upgrade
- Remote Access Configuration
- Network Configuration
- User Accounts Configuration
- LDAP Configuration
- Text User Interface
- 9 Installing and Configuring Directory Services
- Directory Services
- Directory Services for Active Directory
- Directory Services for eDirectory
- Installing and Initializing Snap-In for eDirectory
- Example: Creating and Configuring Directory Objects for Use with iLO 2 Devices in eDirectory
- Directory Services Objects for eDirectory
- Setting Role Restrictions
- Setting Time Restrictions
- Setting Lights-Out Management Device Rights
- Installing Snap-Ins and Extending Schema for eDirectory on a Linux Platform
- Using the LDAP Command to Configure Directory Settings in iLO 2
- User Login Using Directory Services
- Certificate Services
- Directory-Enabled Remote Management
- Directory Services Schema (LDAP)
- Glossary
- Index
directory server and set up user accounts and privileges. You can find the tool on the HP website
at:
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=US&
swItem=MTX-UNITY-I23896
Using directory services after users enter their login and password, the browser sends the cookie
to iLO 2. The iLO 2 processor accesses the directory service to determine which roles are available
for that user login. iLO 2 first uses the credentials to access the iLO 2 device object in the directory.
The directory service returns only the roles for which the user has rights. If the user credentials allow
read access to the iLO 2 device object and the role object, iLO 2 determines the role object’s
distinguished name and the associated user privileges. iLO 2 then calculates the current user
privileges based on those roles and grants them to that user.
Configuring Schema-Free LDAP
IMPORTANT: Due to command syntax changes in schema-free LDAP, some customer-developed
scripts may not run. You must change any scripts you developed to enable them to run with the
new schema-free LDAP syntax.
Integrity iLO 2 schema-free directory integration enables you to use the standard directory schema
instead of adding HP’s schema to the directory database. You accomplish this by authenticating
users from the directory database and authorizing iLO 2 privileges based on matching groups
stored on each iLO 2.
NOTE: Schema-Free LDAP is available only if you have the iLO 2 Advanced Pack license.
In addition to general directory integration benefits, iLO 2 schema-free integration provides the
following advantages:
• Easy implementation without schema extensions.
iLO 2 schema-free integration is configured from any iLO 2 user interface (browser, command
line, or script).
• Minimal administration and maintenance.
After initial setup, only groups and permissions require maintenance support on iLO 2;
typically group and permission changes occur infrequently.
◦
◦ The schema-free approach does not require updating directory databases with new iLO
2 devices objects.
• Reliable security.
Integrity iLO 2 schema-free integration does not affect standard directory attributes, avoiding
conflicting use of attributes that can result over time.
• Complements two-factor authentication.
Integrity iLO 2 schema-free integration can be used in conjunction with iLO 2 two-factor
authentication to provide asset protection using strong authentication.
NOTE: If you have already extended your directory with HP schema, there is no need to switch
to the schema-free approach. Schema extension provides the lowest maintenance approach for
directory integration. Once this process has taken place, there is no advantage for the schema-free
approach until a schema change is required.
To configure schema-free LDAP:
1. Follow the procedure for “Configuring LDAP Extended Schema” (page 65), but omit Step 8.
It is not necessary to enter a new port number.
2. Set up directory security groups.
Configuring Schema-Free LDAP 67