Alternatively, the directory administrator could create a role that grants the login right and restrict it to the corporate network, then create another role that grants only the server reset right and restrict it to after- hours operation. This configuration is easier to manage but more dangerous because on-going administration might create another role that grants users from addresses outside the corporate network the login right, which could unintentionally grant the LOM administrators in the server Reset role the ability to reset the server from anywhere, provided they satisfy the time constraints of that role.

The previous configuration meets corporate security policy. However, adding another role that grants the login right can inadvertently grant server reset privileges from outside the corporate subnet after hours. A more manageable solution would be to restrict the Reset role, as well as the General Use role.

Using bulk import tools

Adding and configuring large numbers of LOM objects is time consuming. HP provides several utilities to assist in these tasks. Below is a brief description of the utilities available.

HP Lights-Out Migration Utility

The HP Lights-Out Migration utility, HPQLOMIG.EXE, imports and configures multiple LOM devices. HPQLOMIG.EXE includes a GUI that provides a step-by-step approach to implementing or upgrading large numbers of management processors. HP recommends using this GUI method when upgrading numerous management processors. For more information, refer to the "Lights-Out directories migration utilities (on page 113)" section.

HP Lights-Out Migration Command Utility

The HP Lights-Out Migration Command utility, HPQLOMGC.EXE, offers a command-line approach to migration, rather than a GUI-based approach. This utility works in conjunction with the Application Launch and query features of Systems Insight Manager to configure many devices at a time. Customers that must configure only a few LOM devices to use directory services might also prefer the command-line approach. For more information, refer to the "Lights-Out directories migration utilities (on page 113)" section.

Systems Insight Manager can:

Manage multiple LOM devices.

Discover the LOM devices as management processors using CPQLOCFG to send a RIBCL XML script file to a group of LOM devices to manage those LOM devices. The LOM devices perform the actions designated by the RIBCL file and send a response to the CPQLOCFG log file. For more information, refer to the "Group administration and RILOE II scripting ("Group administration using the Lights-Out Configuration Utility" on page 125)" and the "Remote Insight command language (on page 138)" sections in the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide.

Traditional Import Utilities

Administrators familiar with tools such as LDIFDE or the NDS Import/Export Wizard can use these utilities to import or create many LOM device objects in the directory. However, administrators must still configure the devices manually, as described previously, but can do so at any time.

Directory-enabled remote management 108