HP Integrity iLO 2 MP 5991-6005 manuals
Computer Equipment > All in One Printer
When we buy new device such as HP Integrity iLO 2 MP 5991-6005 we often through away most of the documentation but the warranty.
Very often issues with HP Integrity iLO 2 MP 5991-6005 begin only after the warranty period ends and you may want to find how to repair it or just do some service work.
Even oftener it is hard to remember what does each function in All in One Printer HP Integrity iLO 2 MP 5991-6005 is responsible for and what options to choose for expected result.
Fortunately you can find all manuals for All in One Printer on our side using links below.
HP Integrity iLO 2 MP 5991-6005 Manual
199 pages 6.81 Mb
3 Table of Contents11 List of Figures13 List of Tables15 About This Document19 1 Introduction to iLO 2 MP27 2 Ports and LEDs33 3 Setting Up and Connecting the Console34 Setup Checklist35 Setup Flowchart36 Preparing to Set Up iLO 2 MP37 Configuring the iLO 2 MP LAN Using DHCP and DNSConfiguring the iLO 2 MP LAN Using ARP Ping38 ARP Ping has the following operational issues:•The PC and the server must be on the same physical subnet When a new server is first booted, DHCP is automatically available Select one of the following methods to use the ARP Ping utility: 2.Locate an existing server on the network and log in to it 3.Run the ARP Ping commands from the server Table 3-4 lists the ARP Ping commands Table 3-4ARP Ping Commands 3.Access a PC on the same physical subnet as the server 4.Open a DOS window on the PC At the DOS command prompt C: >) arp The syntax is as follows: arp IP address you want to assign to the iLO MAC address iLO 2 MAC address arp -s192.0.2.1 00-00-0c-07-ac-00 At the DOS command prompt, enter ping ping <IP address just assigned to the iLO MAC address> Example from Windows 39 Configuring the iLO 2 MP LAN Using the Console Serial Port40 Logging In to the iLO 2 MPPhysically Connecting the Server Blade to the iLO 2 MP 41 Connecting the Server Blade to the iLO 2 MP Using the Onboard AdministratorMain Menu Blade or Port Info Auto-Login connect server <bay number> to establish an 42 If iLO 2 MP is rebooted orWHO, UC View and disconnect user connections established through the WHO, DI Administrators Can perform any function including iLO 2 MP configuration. This level equates to an iLO 2 MP user with all privilege levels such as Administer User Accounts, Remote Console Access, Virtual Power to all aspects of the OA including configuration, firmware updates user management, and resetting default settings Operators Provided access to the host system IRC, serial console, and vMedia This level equates to an iLO 2 MP user with Remote Console Access Virtual Power and Reset, Virtual Media, and Configure iLO settings It allows access to all but configuration changes and user management. This account is used for individuals who might be required to periodically change configuration settings Users for individuals who need to see the configuration of the OA but do not need the ability to change settings. This level equates to an iLO 2 MP user with no privileges set Initiating an Auto-LoginSession The Auto-Loginsession is initiated in the following way: OA finds the first available 2.If there are no available users, the oldest user is deleted NOTE: This could terminate a currently active session a. OA sends a request to iLO 2 MP to delete that user 3.OA sends a command to create an OA user Terminating an Auto-LoginSession For User Account Cleanup during IPF Blade Initialization OA and iLO 2 MP perform the following during an IPF blade initialization •When iLO 2 MP initializes, OA marks all four user slots as unused Auto-LoginTroubleshooting User Creation fail for a few of reasons: • The local user database is disabled in iLO and LDAP authentication is being used • MP user database has reached the maximum number of users (19 users) • There is already a user registered with the same login name User Login still fail for a number of reasons: • iLO 2 MP upgrade is currently in progress, and no new connections are allowed • Maximum number of connections for the requested connection type (SSH, Telnet, web GUI) to iLO 2 MP has been reached • Requested connection type (SSH, Telnet or web) to iLO is currently disabled User Deletion could fail for a couple of reasons • A user with the specified login doesn't exist (could have been deleted through other iLO UI) • The specified user cannot be deleted because it is the only user in the local database with user administration right 43 Connecting the Server Blade to the iLO 2 MP Using the Console Serial Port46 Additional Setup47 Setting Up SecuritySetting Security Access Change the default user name and password. See “Modifying User Accounts and Default Passwords” (page 46) Chapter 7: “Installing and Configuring Directory Services ” (page 147) 49 4 Accessing the Host Console53 5 Configuring DHCP, DNS, LDAP, and LDAP Lite59 6 Using iLO 2 MPText User Interface Figure 6-1MP Command Interfaces 60 MP Main MenuThe iLO 2 MP can support multiple sessions to perform independent tasks: Table 6-2 lists the MP Main Menu commands Table 6-2MP Main Menu Commands MP Main Menu Commands MP Main Menu command descriptions are listed as follows: 61 CO (Console): Leave the Main Menu and enter console modeCtrl-Ecf Ctrl-B Esc ftp VFP (Virtual Front Panel): Simulate the display panel Each user viewing VFP is in private session mode See also: LOC (locator LED) and, SL (show logs) CM (Command Mode): Enter command mode 1.From the MP Main Menu , enter HE 2.Enter LI after the MP HELP:> prompt If a command is in progress, a system status message appears To return to the MP Main Menu , press CTRL-B SMCLP (Server Management Command Line Protocol): Switch to the SMASH SMCLP SMCLP CL (Console Log): View the history of the console output SL (Show Logs): View events in the log history 62 •SEL: High attention events and errors•Forward progress: All events •Boot log: All events between start of boot and boot complete •Previous boot log: The events from the previous boot Table 6-3 shows the events and actions used to navigate within the logs Table 6-3Events Table 6-4 defines alert (severity) levels Table 6-4Alert Levels See also: DC (default configuration) and VFP (virtual front panel) HE (Help): Display help for the menu or command in the MP Main Menu X (Exit): Exit the iLO 2 MP 63 Command MenuTable 6-5 lists the Command Menu commands Table 6-5Command Menu Commands Table 6-5Command Menu Commands (continued) To access the Command menu, enter CM at the MP Main Menu To see all the available commands, enter HE LI at the MP:CM> prompt To return to the MP Main Menu from any of these commands, press Ctrl-B 64 Command Line Interface Scripting2 MPs. Scripting tools have capabilities that enable you to do the following: •Write scripts that make decisions based on the output of commands •Use variables in the script to customize it for each target automatically •Compensate for delays in output 65 Expect Script Example#Run SL command to dump logs #Run PC command to power on the system send --"pc -on -nc\r 66 Command Menu Commands and Standard Command Line Scripting Syntax-nc 67 BLADE:68 Normal operation, any issues have been acknowledgedDegraded Typically loss of redundancy or partial failure of a component Critical Failure with loss or imminent loss of system function Command line usage and scripting: Example of the BLADE Command With Output BLADE CA: Configure asynchronous local serial port stty Set up the local serial port parameters as follows: BAUD RATES Input and output data rates are the same. Possible values are as follows: 4800, 9600, 19200, 38400, 115200 bit/sec FLOW Hardware uses RTS/CTS; software uses Xon/Xoff CONTROL 69 DATE70 DNS71 If executed from theIf executed in command mode ID: System information settings ID displays and modifies the following: SNMP contact person Name, telephone, e-mail,and pager number Server information Location, rack ID, position, asset tag System host name The system host name of the operating system NOTE: The system host name information is not retained across iLO 2 MP reboots IT: Inactivity timeout settings NOTE: The iLO 2 MP command interface inactivity timeout cannot be deactivated The following are IT command parameters: iLO 2 MP inactivity timeout One to 30 minutes (default is three minutes) Flow control timeout Zero to 60 minutes. If the flow control timeout is set to zero, no timeout is applied. A mirroring flow control condition ceases when no flow control condition exists on blocking other ports when inactive 72 LDAP74 LOC75 See also: DNS, LC, SAPC: Power control access Command access level: Power control access is already on OFF running this command CYCLE is 30 seconds Graceful Shutdown the system power Example: See also: PR, PS PM: Power regulator mode Dynamic these cases, power management mode changes to OS Control Mode Low changes to OS Control Mode High Sets the control of the power regulator to the OS Command line usage and scripting 76 ExamplePR: Power restore policy configuration PS: Power status RB: Reset BMC 77 SNMP78 To configure a destination IP address for SNMP alerts, enterblank public Command line usage and scripting for server blades: See also: ID SO: Security option help The following are SO command parameters: •SSL certificate: Enables the generation of SSL certificates •SSH keys generation: Enables SSH keys authorization SS: System Status 79 SYSREV80 UC: User Configuration (users, passwords, and so on)Command access level: User administration access UC adds, modifies, re-enables,or deletes any of the following user parameters: •Login ID •Password •User Name •User Workgroup •User Access Rights •User Operating Mode •User Enabled (C, P, M, U, and V) VFP An iLO 2 MP user can also have any or all of the following rights: not bypass host authentication requirements, if any Command: CO Right to power on, power off, or reset the server, and to configure the power restore policy Commands: PC,PR, RS, TC Commands: UC Right to configure all iLO 2 MP settings (and some system settings, such as the power restore policy) Commands: BP, CA, CL, DC, DI, FW, ID, IT, LC, LDAP, LOC PG, RB, SA, SO, XD vMedia applet NOTE: The vMedia feature is available only if you have the iLO 2 MP Advanced Pack license and the user vMedia access right 81 WHO82 Web GUI83 Figure 6-2Status Summary General PageNOTE: The BL c-Class tab is available only on HP Integrity server blades Table 6-6 lists the fields and descriptions Table 6-6Status Summary General Page Description Status Summary > Active Users 84 Figure 6-3Status Summary Active Users PageTable 6-7 lists the fields and descriptions Table 6-7Active Users Page Description Server Status > General 85 Figure 6-4Server Status General PageTable 6-8 lists the fields and descriptions Table 6-8Server Status General Page Description Server Status > Identification 86 Figure 6-5Server Status Identification PageTable 6-9 lists the fields and descriptions Table 6-9Server Status Identification Page Description System Event Log 87 Figure 6-6System Event Log PageTable 6-10 lists the fields, buttons, and descriptions Table 6-10System Event Log Page Description Events 88 Integrated Remote Console (vKVM)IRC Requirements and Usage Administration 89 Before running the IRC, note the following:Remote Console Integrated Remote Console Launch Verify that the system is licensed for IRC use. View this information on the Administration Licensing Disable any Accept the IRC certificate. Refusing to accept the IRC certificate causes a red Limitations of the vKVM Mouse and Keyboard •No support for system-levelcommands such as Ctrl + Esc, or Print Screen Pressing the Ctrl •No support for simultaneous mouse click and keystroke combinations •The IRC closes after 15 minutes if there is no mouse or keyboard activity Browsers and Client Operating Systems that Support vKVM Client operating systems that support vKVM are as follows: •Microsoft Windows 2000 Professional •Microsoft Windows XP Professional •Microsoft Windows NOTE: Currently, vKVM is not supported on HP-UX,Linux, or OpenVMS vKVM-SupportedResolutions and Browser Configurations The following settings are suggested for display and mouse properties: 90 None•Select Disable Pointer Trails •Deselect Enable Pointer Shadow Motion Pointer Options •Deselect Enhanced pointer precision Best Practices Maximize Performance Accessing the IRC 91 Figure 6-7Integrated Remote Console PageTable 6-11 lists the fields, buttons, and actions Table 6-11IRC Page Description The IRC displays the host server’s graphics console (Figure 6-8) 92 Figure 6-8Integrated Remote Console WindowTable 6-12IRC Window Description Integrated Remote Console Fullscreen 1.To check our desktop properties, right-clickthe desktop and select Properties>Settings>Advanced>Monitor 2.Select a lower screen refresh rate To resize the IRC to the same display resolution as the remote host, select Fullscreen Launch 4.Use the red X to exit the IRC and return to your client desktop 93 Remote Serial ConsoleView Console Figure 6-9Remote Serial Console Page 94 Ctrl-Ecf•Your emulator can run the supported terminal type •The iLO 2 MP terminal setting in the applet is a supported setting —VT100 —VT100+ —VT-UTF8 To connect to the system console (Figure 6-10),click Launch Figure 6-10Remote Serial Console Window Using this feature you can do the following: Virtual Serial Port 95 Virtual Media96 Using iLO 2 MP Virtual Media DevicesVirtual Devices 97 Virtual CD/DVD“Supported Operating Systems and USB Support for vMedia” (page 102) New Hardware Found NOTE: This features requires that the Java Plug-in1.4.2 or 1.5 is installed Administration To use a physical CD/DVD drive in your client system, follow these steps: 98 3.Select Local Media Drive99 Connect100 Disk>>ImageImage>>Disk Create Media Image Local Image File Local Media Drive Browse 101 Figure 6-15Create Media Image Dialog BoxCreate Disk Image Cancel 2.To continue the installation, click OK on the host server IMPORTANT: Do not click Disconnect to select the next CD/DVD image file Virtual Floppy/USB Key (page 103) 102 1.Select Local Media Drive in the virtual floppy/USB key sectionForce read-onlyaccess option option Figure 6-16Virtual Floppy/USB Key To use an image file, follow these steps: Enter the path or file name of the image in the Force read-only access Virtual Media Applet Timeout Supported Operating Systems and USB Support for vMedia Table 6-13Operating System Support for vMedia Java Plug-inVersion Client Operating System and Browser Support for vMedia Table 6-14Client Operating System and Browser Support for vMedia 103 Power Management108 AdministrationThe Administration tab enables you to access the following pages: •Firmware Upgrade •Licensing 109 Firmware UpgradeLicensing 110 Figure 6-20Licensing Page•Directory-basedauthentication and authorization using LDAP •LDAP Lite schema-freeintegration •Integrated Remote Console (vKVM) •Virtual Media Table 6-18 lists the fields, buttons, and descriptions Table 6-18Licensing Page Description 111 User Administration > Local Accounts112 Table 6-19Local Accounts Page DescriptionGroup Accounts Figure 6-22Group Accounts Page Table 6-20 lists the fields, buttons, and descriptions 113 Table 6-20Group Accounts Page DescriptionAccess Settings The Access Settings tab enables you to access the following pages: •LAN •Serial •Login Options LAN Figure 6-23LAN Page Table 6-21 lists the fields, buttons, and descriptions 114 Table 6-21LAN Page DescriptionSerial Page Figure 6-24Serial Page 115 Table 6-22 lists the fields, buttons, and descriptionsTable 6-22Serial Page Description Login Options Page Figure 6-25Login Options Page Table 6-23 lists the fields, buttons, and descriptions Table 6-23Login Options Page Description 116 Current LDAP Parameters117 Table 6-24Current LDAP Parameters Page DescriptionNetwork Settings The Network Settings tab enables you to access the following pages: •Standard •Domain Name Server Network Settings > Standard 118 Figure 6-27Standard PageTable 6-25 lists the fields, buttons, and descriptions Table 6-25Standard Page Description Domain Name Server 119 NOTE: You can only configure the DNS server if DHCP is enabledFigure 6-28Domain Name Server Page Table 6-26 lists the fields, buttons, and descriptions Table 6-26DNS Page Description SNMP Settings The SNMP Settings page (Figure 6-29)enables you edit SNMP feature settings You must have iLO configuration access right to use this feature 120 Figure 6-29SNMP Settings PageTable 6-27 lists the fields and descriptions Table 6-27SNMP Settings Page Description Reset MP (XD command option ‘R’) for configuration to take effect Click OK and reset the iLO 2 MP 121 BL c-ClassFigure 6-30Onboard Administrator Table 6-28 lists the fields and descriptions Table 6-28Onboard Administrator Page Description Table 6-28Onboard Administrator Page Description (continued) •Access Requirements •Running OA for the first time •Signing in to the OA GUI •Running the setup wizard •Using online help •Changing enclosure and device configurations •Recovering the administrator password •Flash disaster recovery 122 HelpTo access iLO 2 MP help, click the Help tab 123 SMASH Server Management Command Line Protocol•CLP sessions are independent from each other and nonmirrored •Provides a subset of MP CLI commands •Provides access to the MP Main Menu interface and system console interface SM CLP Session 124 Accessing the SM CLP Interface1.Access the MP Main Menu hpiLO Exiting the SM CLP Interface To terminate an SM CLP session and disconnect from the iLO 2 MP, use the command. To switch from SM CLP to the interface, use the Changing the iLO 2 Default Interface to SM CLP or SM CLP 1.At the MP Main Menu, enter CM 2.From the CM prompt, enter SA to modify iLO 2 MP access configuration 125 Using the SM CLP Interface<current default target>hpiLO Where <current default target> is your current target Each time a CLI command runs, the output follows this general format: status status_tag The command verb Selections that affect the action, behavior, or output of the verb The implicitly or explicitly-identified managed element the command is directed to Attributes of the target relative to the command execution If an invalid target is specified, the response differs as follows: </> hpiLO->show /badtarget1 status=3 126 SM CLP SyntaxCommand Line Terms <verb> <options> <target> <properties> Where: <verb <options <target <properties Command Verbs Command verbs select a management action for target Retrieve Information cd, help, show, version Configure a target create, delete, load, set Change target state exit, reset, start, stop Table 6-29 lists the supported command verbs Supported Command Verbs 127 Supported Command Verbs (continued)The following verbs are available for execution from any target: •show •help •cd •version •exit Command Targets /map1/telnetsvc1 Using the target’s absolute path: </> hpiLO->show /map1/telnetsvc1 Using the target’s relative path form map1 target: </map1> hpiLO->show telnetsvc1 Using implicit (current) target’s with the verb show </map1/telnetsvc1> hpiLO->show: Command Target Properties name=value 128 Command OptionsCommand options control verb behavior show –levelall or show –lall Level Option Forms: -level<n -l<n Where n is the number of levels to include in command scope The value of n is interpreted as follows: n=1 Verb is interpreted for the command target only (default) Show information about default target and one level of contained MEs: </>hpiLO->show -l2 Show all contained MEs: </>hpiLO->show -lall Show information about and all contained MEs: Display Option The display option filters the information returned in command results The following examples show command display option syntax: Display targets under /map1 target: </map1> hpiLO->show -dtargets Display properties of /map1 target: </map1> hpiLO->show -dproperties Display verbs of /map1 target: </map1> hpiLO->show -dverbs Display the name property of /map1 target: </>hpiLO->show -dproperties=name /map1 Find a target that has a property name with value of MP Menu: </>hpiLO->show -lall -dproperties=(name==”MP Menu”) </>hpiLO->show -lall -dproperties=(name==”MP Menu”), verbs , verbs 129 Find and display all targets that have the EnabledState property:</map1> hpiLO->show -lall -dproperties=”enabled state” </map1 Find and display all Account targets in the system and their information: </> hpiLO->show -lall account Table 6-30 shows the available command options Table 6-30Command Options Character Set, Delimiters, Special, and Reserved Characters Table 6-31 lists the SM CLP reserved characters Table 6-31SM CLP Reserved Characters and Character Sequences Table 6-31SM CLP Reserved Characters and Character Sequences (continued) 130 System1 TargetTarget: SYSTEM1 /system1 system1 Table 6-32 shows system1 target properties system1 Properties Verbs verbs) Displays context-sensitivehelp reset Resets the system start Turns system power on stop -force power off System Reset Power Status and Power ControlResetting the System Displaying Power Status enabledstate Powering Off the System stop stop-force Powering On the System start 131 Map1 (iLO 2) TargetTarget: map1 map1 Table 6-33 shows map1 target properties Table 6-33map1 Properties Displays information Resets the iLO 2 MP Map1 Example The following example displays information about map1: Resetting the iLO 2 MP MAP1 132 Text Console ServicesYou can invoke the system console and the MP Main Menu from SM CLP textredirectsap map1/textredirectsvc1 Opening the MP Main Menu from SM CLP Target: map1/textredirectsap1 The textredirectsap1 target represents the MP Main Menu interface Table 6-34 shows textredirectsap1 target properties 133 6-34 /map1/textredirectsap1PropertiesSwitch to MP Main Menu Switch to Opening the System Console Interface from SM CLP Target: system1/consoles1/textredirectsap1 Table 6-35 shows textredirectsap1 target properties Table 6-35 /system1/consoles1/textredirectsap1Properties Switch to system text console Switching Between the System Console and the SM CLP SM CLP </>hpiLO->start /system1/consoles1/textredirectsap1 </> hpiLO->show -dproperties=SessionTerminateSequence Esc + </>hpiLO->start /map1/textredirectsap1 134 Firmware Revision Display and UpgradeSM CLP Firmware Targets 135 Changes the current default targetTarget: map1/swinventory1 Table 6-37 shows swinventory1 target properties Table 6-37swinventory1 Properties Target: map1/swinventory1/swid# swid# Table 6-38swid# Properties load Moves an image to the iLO 2 MP The following is a possible list of swid’s in the system: •/map1/swinventory1/swid1: represents iLO 2 MP firmware •/map1/swinventory1/swid2: represents BMC firmware •/map1/swinventory1/swid3: represents EFI firmware •/map1/swinventory1/swid4: represents System Firmware •/map1/swinventory1/swid5: represents PDH firmware •/map1/swinventory1/swid6: represents UCIO firmware •/map1/swinventory1/swid7: represents PRS firmware Displaying Firmware Revisions This example displays only the iLO 2 MP firmware revision: This example displays all the firmware revisions Firmware upgrades enhance the functionality of iLO 2 MP 136 Remote Access ConfigurationTelnet SM CLP Targets 137 SSHTarget: map1/sshsvc1 SSH Examples The following examples show specific SSH commands Enable SSH Service </>->start /map1/sshsvc1 Disable SSH Service </>->stop /map1/sshsvc1 138 Network ConfigurationNetwork commands enable you to display or modify network settings SM CLP Network Targets, Properties, and Verbs Target: map1/enetport1 enetport1 Table 6-41 shows enetport1 target information Table 6-41enetport1 Properties set Target: map1/enetport1/lanendpt1 The lanendpt1 target represents the iLO 2 LAN endpoint settings Table 6-42 shows lanendpt1 target properties Table 6-42lanedpt1 Properties 139 Target: map1/enetport1/lanendpt1/ipendpt1The ipendpt1 target represents the iLO IP endpoint settings Table 6-43 shows ipendpt1 target properties Table 6-43ipendpt1 Properties Target: map1/dhcpendpt1 The dhcpendpt1 target represents the iLO 2 MP DHCP client Table 6-44 shows dhcpendpt1 target properties Table 6-44dhcpendpt1 Properties Enables iLO 2 MP DHCP Disables iLO 2 MP DHCP 141 Sets a property to a specific valueTarget: map1/settings1/dnssettings1 The dnssettings1 target contains iLO 2 MP DNS settings Table 6-48 shows dnssettings1 target properties Table 6-48dnssettings1 Properties SM CLP Network Command Examples The following examples list specific network commands Determine iLO 2 MP’s MAC Address </>hpiLO->show -dproperties=macaddress /map1/enetport1/lanendpt1 </>hpiLO->show -dproperties=permanentaddress /map1/enetport1 Determine current IP Address </>hpiLO->show -dproperties=ipv4address /map1/enetport1/lanendpt1/ipendpt1 Determine Subnet Mask </>hpiLO->show -dproperties=subnetmask /map1/enetport1/lanendpt1/ipendpt1 Set IP Address and Subnet Mask 142 Determine Gateway AddressSet Gateway Address </>hpiLO->set /map1/enetport1/lanendpt1/ipendpt1/gateway1 AccessInfo=192.0.2.1 Determine Link State (Autosense) </>hpiLO->show -dproperties=autosense /map1/enetport1 Set Link (Autosense) </>hpiLO->set /map1/enetport1 autosense=true AccessInfo=192.0.2.1 Enable/Disable DHCP </>hpiLO->stop /map1/dhcpendpt1 </>hpiLO->start /map1/dhcpendpt1 Determine all DNS settings </>hpiLO->show /map1/settings1/dnssettings1 Determine IP Address of the DNS Servers (primary, secondary, and tertiary) </>hpiLO->show -dproperties=AccessInfo /map1/dnsserver Set Primary and Secondary DNS Server IPs </map1/settings1/dnssettings1> set DNSServerAddressess=192.0.2.1 Set Tertiary DNS Server IP </map1/settings1/dnssettings1> set DNSServerAddressess=,,192.0.2.6 vMedia NOTE: vMedia command verbs are only available on server blade systems Target: map1/oemhp_vm1/cddr1 The cddr1 target represents the virtual CD-ROMdevice Table 6-49cddr1 Properties SM CLP vMedia Use Cases The following examples show actions you can perform using SM CLP for vMedia Show the current status to verify that the media is not in use. –>show Insert the desired image into the drive This command disconnects the media and clears the oemhp_image value –>set / map1 / oemhp_vm1 / cddr1 oemhp_connect=no 143 User Accounts ConfigurationTarget: map1/group1 The group1 target represents a collection of user accounts on the iLO 2 MP Table 6-50 shows group1 target information Table 6-50group1 Properties Target: map1/group1/account# account# Table 6-51 shows account# target properties Table 6-51account# Properties Table 6-51account# Properties (continued) create Create a new user account delete Delete a user account User Account Examples The following examples show specific user account commands Display all user accounts on this iLO 2 MP </> hpiLO->show /map1/group1/account Create a new account Delete an account </map1/group1> hpiLO->delete account1 Modify account properties 144 LDAP ConfigurationTarget: map1/settings1/oemhp_ldapsettings1 oemhp_ldapsettings1 Table 6-52 shows oemhp_ldapsettings1 target information 145 Table 6-52oemhp_ldapsettings1 PropertiesLDAP Configuration Examples Configure LDAP parameters This command: Applies the following LDAP settings: •Enable LDAP authentication with extended schema •Set LDAP IP address Set user search context #1. In this example it is set to cn=user,ou= engineering,o=hp 147 7 Installing and Configuring Directory ServicesDirectory Services 148 Features Supported by Directory IntegrationThe iLO 2 MP directory services functionality enables you to do the following: •Authenticate users from a shared, consolidated, scalable user database •Control user privileges (authorization) using the directory service Use roles in the directory service for Directory Services Installation PrerequisitesBefore installing directory services, you must do the following: •Obtain an iLO 2 MP Advanced Pack license •Configure LDAP Installing Directory Services1.Plan Review the following sections: 2.Install Download the HP Run the schema installer once to extend the schema. See “Schema Installer” (page 150) Run the management “Management Snap-In Installer” (page 152) 3.Update a.With the directory-enabledfirmware, flash the ROM on the iLO 2 MP 4.Manage Create a management device object and a role object using the “Directory Services Objects” (page 158) c.Add users to the role object Remote Management” (page 173) 149 Schema DocumentationDirectory Services Support eDirectory Installation Prerequisiteshttp://support.novell.com 150 Required Schema Softwarehttp://www.hp.com/servers/lights-out Schema Installer.xml The schema installer includes three important screens: •Schema Preview •Setup •Results Schema Preview Screen Schema Preview Figure 7-1Schema Preview Screen Setup Screen Setup 151 Figure 7-2Schema Setup ScreenDirectory Server Active Directory Directory Login Setup Use SSL During Authentication Active Directory eDirectory Results Screen Results 152 Directory Services for Active Directoryhttp://www.microsoft.com •Microsoft Knowledge Base articles: —216999 “How to Install the Remote Server Administration Tools in Windows” —321051 “How to Enable LDAP over SSL with a Third-PartyCertification Authority” Microsoft Knowledge Base Article 321051 “How to Enable LDAP over SSL with a 153 Preparing Directory Services for Active DirectoryTo set up directory services for use with the iLO 2 MP, follow these steps: Install the Microsoft Admin Pack (the ADMINPAK.MSI 2000 Server Resource Kit), or by doing the following: NOTE: This step is not necessary if you are using Windows Server a.Start the MMC b.In MMC, install the Active Directory schema snap-in c.Right-click Active Directory Schema and select Operations Master Right-click and select d.Select The Schema may be modified on this Domain Controller e.Click OK 154 Installing and Initializing Snap-Insfor Active Directory155 MPsNewHPObject 156 DeviceRoles New Object Role HP Devices Add 157 ApplyMembers Lights Out Management Login remoteMonitors RIB Object DN = cn=lpmp,ou=MPs,dc=mpiso,dc=com Directory User Context 1 = cn=Users,dc=mpiso,dc=com mpiso moorem moorem@mpiso.com Mel Moore 158 Directory Services Objects•iLO •Role •User •Create iLO 2 objects and role objects •Add users to the role objects •Set the rights and restrictions of the role objects Active Directory Snap-Ins Managing HP Devices In a Role To add HP devices to be managed in a role, use the HP Devices tab (Figure 7-8) Remove 159 Remove160 Setting Login RestrictionsRole Restrictions Effective Hours Logon Hours 161 Figure 7-11Logon Hours ScreenDefining Client IP Address or DNS Name Access To restrict an IP address, follow these steps: IP/MASK Figure 7-12New IP/Mask Dialog Box New IP/Mask Restriction DNS Name Add New DNS Name Restriction 4.Enter the information and click OK 5.To save the changes, click OK 162 Setting User or Group Role RightsUse the Lights Out Management tab (Figure 7-13)to manage rights Figure 7-13Lights Out Management Tab Table 7-1 lists the available Lights Out Management rights Table 7-1Lights Out Management Rights 163 Directory Services for eDirectory164 From in the region1 organizational unitHP devices a.Select hpqTarget from the list of classes, and click OK Figure 7-15Select Object Subtype Dialog Box c.Select Lights Out Management Device from the list, and click OK Creating Roles To create roles, follow these steps: From the region2 organizational unit roles b.Select hpqRole from the list of classes, and click OK d.Click OK. The Select Object Subtype dialog box appears e.Select Lights Out Management Devices from the list, and click OK 165 remoteAdminsProperties Role Managed Devices HP Management Add users to the role. Click the Lights Out Management Device Rights Figure 7-16Setting Role Rights Apply f.To close the property sheet, click Close Role Managed Devices HP Management b.Add users to the remoteMonitors role using the Members tab Using the subtab of the tab, click the checkbox, and click and RIB Object DN = cn=rib-email-server,ou=hp devices,ou=region1,o=samplecorp Directory User Context 1 = ou=users,o=samplecorp csmith 166 Directory Services Objects for eDirectoryAdding Role Managed Devices Figure 7-17Role Managed Devices Subtab To browse to the specific HP device and add it as a managed device, click Add Adding Members Delete 167 Setting Role Restrictions168 Setting Time RestrictionsDefining Client IP Address or DNS Name Access Add New Restriction Setting Lights-OutManagement Device RightsFigure 7-21 Lights-OutManagement Device Rights Tab Table 7-2 lists the available management device rights Table 7-2Management Device Rights 169 Installing Snap-Insand Extending Schema for eDirectory on a Linux PlatformInstalling the Java Runtime Environment 170 1.To determine the Java version, execute the following command:#java -version The Java version installed on your system is displayed 2.If Java is not installed on your system, execute the following command: # rpm –iv j2re-1_4_2_04-linux-i586.rpm NOTE: You can download this rpm file from the Java website 3.Execute the following command if: •Java is installed and the version is older than •You want to upgrade the Java version and uninstall an older version # rpm –Uv j2re-1_4_2_04-linux-i586.rpm 4.Add the entry /usr/java/j2re1.4.2_04/bin to the .bash_profile file Add the entry to the file Installing Snap-Ins /usr/ConsoleOne/snapins .jar hpqLOMv100.jar hpqMgmtCore.jar hpdsse.sh Schema.tar http://h18013.www1.hp.com/products/servers/management/directorysupp/index.html Extending Schema To obtain the hpdsse.sh file, follow these steps: 1.Download the tar file to the Linux system where eDirectory is installed Extract the tar file to obtain the #tar –xvfSchema. tar 3.Run this file by executing the following command: #./hpdsse.sh To see the results, view the schema.log Already Exists .sh Verifying Snap-InInstallation and Schema Extension To verify the installation of snap-insand schema extension, follow these steps: 1.Run ConsoleOne and log on to the tree 2.Verify the new classes by opening the Schema Manager from the Tools list 171 Using the LDAP Command to Configure Directory Settings in the iLO 2 MPLDAP Command Menu The following is an example of the LDAP command output: 172 User Login Using Directory Services173 Certificate ServicesDirectory-EnabledRemote ManagementDirectory-enabledremote management enables you to: •Create iLO 2 MP objects: •Configure iLO 2 MP devices: 174 Using Existing GroupsUsing Multiple RolesFigure 7-22Admin User Gaining Admin Role Right, Example Figure 7-23Admin User Gaining Admin Role Right, Example 175 Creating Roles that Follow Organizational StructureRestricting Roles“Setting Role Restrictions” (page 167) “Setting Time Restrictions” (page 168) Role Time Restrictions IP Address Range Restrictions IP Address and Subnet Mask Restrictions DNS-BasedRestrictions Role Address Restrictions 176 How Directory Login Restrictions Are Enforced177 How User Time Restrictions Are Enforced178 User Address RestrictionsCreating Multiple Restrictions and Roles 179 Directory Services Schema (LDAP)180 •Core classes•Core attributes Core Classes Table 7-3 lists the core LDAP OID classes Table 7-3Core Classes Core Attributes Table 7-4 lists the core LDAP OID attributes Table 7-4Core Attributes Core Class Definitions Table 7-5, Table 7-6,and Table 7-7 define the HP management core classes hpqTarget Table 7-5hpqTarget 181 hpqRoleTable 7-6hpqRole hpqPolicy Table 7-7hpqPolicy Core Attribute Definitions Table 7-8 through Table 7-13 define the HP management core class attributes hpqPolicyDN Table 7-8hpqPolicyDN hpqRoleMembership Table 7-9hpqRoleMembership 182 hpqTargetMembershipTable 7-10hpqTargetMembership hpqRoleIPRestrictionDefault Table 7-11hpqRoleIPRestrictionDefault hpqRoleIPRestrictions Table 7-12hpqRoleIPRestrictions hpqRoleTimeRestriction Table 7-13hpqRoleTimeRestriction Table 7-13hpqRoleTimeRestriction (continued) 183 iLO 2 MP-SpecificLDAP OID Classes and AttributesiLO 2 MP Classes Table 7-14iLO 2 MP Classes iLO 2 MP Attributes Table 7-15iLO 2 MP Attributes iLO 2 MP Class Definitions hpqLOMv100 Table 7-16hpqLOMv100 184 iLO 2 MP Attribute DefinitionsTable 7-17 through Table 7-22 define the iLO 2 MP core class attributes hpqLOMRightLogin Table 7-17hpqLOMRightLogin hpqLOMRightRemoteConsole Table 7-18hpqLOMRightRemoteConsole Table 7-19hpqLOMRightRemoteConsole hpqLOMRightServerReset Table 7-20hpqLOMRightServerReset 185 hpqLOMRightLocalUserAdminTable 7-21hpqLOMRightLocalUserAdmin hpqLOMRightConfigureSettings Table 7-22hpqLOMRightConfigureSettings 187 Glossary188 to the clientwithout encroaching upon the standard CLP syntax and semantics Common Information Model (CIM) definitions enable vendors to exchange management information between systems associations, and methods throughout the network Console as host console DDNS DHCP a new IP address must be entered Directory Server location Distinguished Name (DN) (FQDN) that includes the complete path from the root of the tree DMTF to further the ability to remotely manage computer systems DNS name is found Machines typically acquire this information from a DNS server 189 DomainProtocol (IP) network address Domain Name from right to left Ethernet again Event did not solicit or control Extended Schema Firmware management. Firmware is embedded in read-onlymemory (ROM) or programmable ROM (PROM) FPGA components and programmable interconnects FTP transfer Gateway networks. A gateway has more than one network interface Gateway Address the local subnet GUI to provide easy-to-useaccess to an application Host name. The host is accessed by other remote systems on the network Host Console as console Host ID is also known as DNS Name or Host Name Host Name Protocol (IP) address HTTP 190 In-bandSystemManagement and the server is functioning properly Integrated Lights Out (iLO) MP functionality Internet addresses) to avoid duplicates IP Address An identifier for a computer or device on a TCP/IP network IPMI and alerting Kernel KVM Switch multiple computers from a single keyboard, video monitor and mouse LDAP across multiple platforms Managed Object Network Interface Card (NIC) Information Base (MIB) the actual database itself and is implementation dependant Processor (MP) MAP or a service process 191 MAP addressspace encountered Media Access Control (MAC) connection must support a unique MAC value Network Interface Card (NIC) Network mask Node terminal, or various peripheral devices to the network Onboard enclosure through e-mail,SNMP, or the Insight Display Options Used in the SMASH SM CLP. Options control verb behavior Out-of-band System the server are not functioning properly Port designated port number Port Number application on a host machine, providing a destination for transmitted data POST POST, the host ROM passes control to the installed operating system Properties command. Property keywords map to properties of CIM class Protocol Proxy requests Remote System A system other than the one on which the user is working 192 Schemaforms, such as a text file, information in a repository, or diagrams Serial Console configure the system to perform other administrative tasks SM CLP specification SMASH small-to large-scaleheterogeneous computer environments SNMP SSH log in and execution of commands on a remote system over an insecure network SSL Transfer Protocol Secure (HTTPS) uses SSL Subnet a block of host IDs Subnet Mask local portion. Also called an address mask System Event Log (SEL) service processor, or directly with event messages sent from the host Target addressing specification Target Address to support association traversal rooted at the MAP AdminDomain instance Scheme Resolution coordinating this information with the operation invocation engine Service Telnet appears to be part of the user's local system Universal Serial Bus (USB) 193 Userscript interacting with a terminal service such as telnet or SSHv2 User Account system has a user account User Friendly class Tag (UFcT) as the CIM class it represents instance Path (UFiP) instance Tag (UFiT) User Friendly Tag (UFT) and UFiT User Name UTF-8 Verb Used with SMASH SM CLP. The verb selects a management action for a target vKVM (monitor), and mouse (vKVM) capabilities with KVM-over-IPperformance VPN 195 Index196 preparationsnap-ininstallation and initialization, 154 snap-ins directory services for eDirectory, 163–171 adding members, 166 adding role-manageddevices creating and configuring directory objects, 163 creating objects creating roles installation prerequisites, 152 preparation setting lights-outmanagement device rights, 168 setting role restrictions setting time restrictions Directory, 158 directory settings configuring using the command menu, 171 configuring using the web GUI, 116 enforcing login restrictions, 177 enforcing user time restrictions role address restrictions, 176 role restrictions user address restrictions, 178 using existing groups, 174 using multiple roles disk image files CD/DVD, 97 DMTF, 123 DNS, 54 command configuring using the command menu, 54, 70 configuring using the web GUI see events Expect scripting tool firmware, 70 display current revisions, 79 flow control timeout, modifying forward progress log, viewing, 62 FRUID information, displaying, 70 FW command graphic console accessing using VGA HE command using the command menu, 71 using the MP main menu help command MP main menu command, 63 web GUI HP management object identifiers, 179–182 core attribute definitions, 181–182 core attributes core class definitions, 180 core classes ID command, 71 iLO (see iLO 2 MP) iLO 2 MP advanced features, 22 Advanced Pack license obtaining and activating, 24 commands, 53 configuration access configuring to use a directory server (LDAP), 55 controls, ports, and LEDs enabling password reset through IPMI, 78 exiting the main menu modifying inactivity timers, 71 required components, 24 reset button resetting through IPMI rx2660 controls, ports, and LEDs attribute definitions, 184–185 attributes image files CD/DVD disk inactivity timers, modifying, 71 installing certificates
Also you can find more HP manuals or manuals for other Computer Equipment.