HP Integrity iLO 2 MP 5991-6005 specification

Role access restrictions limit an authenticated user's ability to receive iLO 2 MP privileges based on rights specified in one or more roles.

Figure 7-24shows the user and role access restrictions.

Figure 7-24 User and Role Access Restrictions

How User Time Restrictions Are Enforced

You can place a time restriction on directory user accounts. Time restrictions limit the ability of the user to log in (authenticate) to the directory. Typically, time restrictions are enforced using the time on the directory server, but if the directory server is located in a different time zones or a replica in a different time zone is accessed, time zone information from the managed object can be used to adjust for relative time.

While directory server evaluates user time restrictions, the determination can be complicated by time zone changes or by the authentication mechanism.

Figure 7-25shows the user time restrictions.

Directory-Enabled Remote Management 177

Page 177

Image 177

HP Integrity iLO 2 MP 5991-6005 How User Time Restrictions Are Enforced, 24shows the user and role access restrictions

Contents

HP Integrity iLO 2 MP Operations Guide Copyright 2008, Hewlett-Packard Development Company, L.P Table of Contents Setting Up and Connecting the Console System Status Status Summary General 101 100102 103 130 Target map1 131 Map1 Example 132 Resetting the iLO 2 MPTarget SYSTEM1 130 Target map1/sshsvc1 137 SSH Examples 138 147 195 187Page Login Options Power & ResetLocal Image File Dialog Box Licensing User and Role Access Restrictions Admin User Gaining Admin Role Right, ExampleRestricting the Reset Role Logon Hours Screen Licensing Page Description Swinstallsvc1 PropertiesLAN Page Description Swid# Properties Ipendpt1 Properties Enetport1 PropertiesGateway1 Properties Cddr1 Properties New and Changed Information in This Edition Intended AudiencePublishing History Rx7640 Rx8640 Superdome sx2000 Publishing History Details Document Organization5991-6005 HP-UX 11i BL870c 5991-5992 HP-UX 11i BL860c Related Information Typographic Conventions Windows Operating System Information Warranty Information HP Encourages Your Comments Features Standard FeaturesFeatures User Access Control Multiple Access MethodsAlways-on Capability Virtual Front Panel Ipmi over LAN Firmware UpgradesInternal Subsystem Information Dhcp and DNS Support Advanced Features HP Insight Power Manager Power Meter ReadingsAdvanced Pack License Ldap Lite ILO 2 MP Supported Browsers and Client Operating Systems Supported Systems and Required Components and CablesObtaining and Activating iLO 2 MP Advanced Pack Licensing Supported Systems and Required Components Matrix Authorization Password- and key-based for secure shell SSHLogin Security Protecting Snmp Traffic Lights-Out Advanced/KVM Card Onboard Administrator HP Integrity Server Blade ComponentsHP Integrity Server Blade Components Onboard Administrator Bay 2 redundant if used Onboard Administrator Active LEDPorts and LEDs HP Integrity rx3600 and rx6600 Server Components HP Integrity rx2660 Server ComponentsUSB Ports Console Serial Port UID Button/LED RS-232 Standby Power Solid green ILO 2 MP Self Test ILO 2 MP Status LEDsILO 2 MP Status LEDs ILO 2 MP Reset Button Console Serial Port and Auxiliary Serial PortConsole Serial Port Pinouts ILO 2 MP LAN LEDs ILO 2 MP LAN Port4lists the iLO 2 MP LAN link status LEDs and states 5lists the iLO 2 MP LAN link speed LEDs and states Setting Up and Connecting the Console Setup Checklist Use the checklist in -1to help set up iLO 2 MPSetup Checklist Setup Flowchart Setup Flowchart Determining the Physical iLO 2 MP Access Method Preparing to Set Up iLO 2 MPDetermining the iLO 2 MP LAN Configuration Method LAN Configuration Methods Configuring the iLO 2 MP LAN Using Dhcp and DNS Configuring the iLO 2 MP LAN Using ARP PingConfiguring the iLO 2 MP LAN Using Dhcp and DNS Appropriate IP address ARP Ping Commands Configuring the iLO 2 MP LAN Using the Console Serial Port Configuring the iLO 2 MP LAN Using the Console Serial Port Physically Connecting the Server Blade to the iLO 2 MP Logging In to the iLO 2 MPFollowing is the MP Main Menu Physically Connecting the Server Blade to the iLO 2 MP Auto-LoginSSH/telnet connection with iLO 2 MP ILO Web GUI Connection It allows access to all but configuration changes and user User management, and resetting default settingsRequired to periodically change configuration settings Operators User Login There is already a user registered with the same login nameDisabled Local database with user administration right Connecting the SUV Cable to the Server Blade SUV Cable Modifying User Accounts and Default Passwords Additional Setup Setting Up Security Setting Security AccessAdditional Setup Page Interacting with the iLO 2 MP Using the Web GUI Interacting with the iLO 2 MP Using the Web GUI Accessing Online Help Accessing the Host Console Using the TUIAccessing the Host Console Help System Accessing the Host Console Using Smash SM CLP Accessing iLO 2 MP Using Onboard AdministratorAccessing the Graphic Console Using VGA Accessing the Host Console Display current LAN settings Configuring DhcpModify the MP Dhcp status Modify the MP IP address Configuring DNS Configuring Ldap Extended Schema Configuring Ldap Extended Schema Login Process Using Directory Services with Extended Ldap Configuring Ldap Lite Default Schema Set up directory security groups Setting up Directory Security GroupsEnter G. The current group configuration appears Configuring Ldap Lite Default Schema Configuring DHCP, DNS, LDAP, and Ldap Lite 1lists and describes the available MP command interfaces MP Command InterfacesMP Command Interfaces Text User Interface MP Main Menu Commands MP Main Menu CommandsMP Main Menu command descriptions are listed as follows MP Main Menu CM Command Mode Enter command mode CO Console Leave the Main Menu and enter console modeVFP Virtual Front Panel Simulate the display panel CL Console Log View the history of the console output Events 4defines alert severity levelsAlert Levels Command Menu Command Menu CommandsExit Exit the iLO 2 MP Command Line Interface Scripting # User Expect Script Example #Run SL command to dump logs Blade Display Blade parameters BP Reset BMC passwords Normal operation, any issues have been acknowledged CA Configure asynchronous local serial portDegraded 4800, 9600, 19200, 38400, 115200 bit/sec Date Display date Command access level Login accessDF Display FRU information Server blade usage FW Upgrade the MP firmware DNS DNS settingsCommand access level MP configuration access DI Disconnect LAN, WEB, SSH or Console ID System information settings IT Inactivity timeout settingsBlocking other ports when inactive Ldap Ldap directory settings LC LAN configuration usage For example cn=MP Server,ou=Management Devices,o=hp See also LOGIN, US LOC Locator UID LED configurationLM License management LS LAN status PM Power regulator mode PC Power control access PR Power restore policy configuration PS Power statusRB Reset BMC SA Set access LAN/WEB/SSH/IPMI over LAN ports RS Reset system through the RST signalSnmp Configure Snmp parameters See also TC SO Security option help SS System StatusSee also ID Sysrev Firmware revisions TC System reset through Init or TOC signalTE Send a message to other mirroring terminals See also PS Not bypass host authentication requirements, if any UC User Configuration users, passwords, and so onCommand CO Access right XD iLO 2 MP Diagnostics or reset WHO Display a list of iLO 2 MP connected usersSee also DI, TE Web GUI System Status tab enables you to access the following pagesSystem Status Status Summary General Status Summary Active Users 6lists the fields and descriptionsStatus Summary General Page Description Server Status General 7lists the fields and descriptionsActive Users Page Description Server Status Identification System Power8lists the fields and descriptions Server Status General Page Description System Event Log 9lists the fields and descriptionsServer Status Identification Page Description 10 System Event Log Page Description 10lists the fields, buttons, and descriptions IRC Requirements and Usage Integrated Remote Console vKVM Before running the IRC, note the following VKVM-Supported Resolutions and Browser ConfigurationsLimitations of the vKVM Mouse and Keyboard Browsers and Client Operating Systems that Support vKVM Accessing the IRC Select None for mouse pointer schemeIRC page refreshes every 10 seconds 11 IRC Page Description 11lists the fields, buttons, and actionsIRC displays the host server’s graphics console Figure Fullscreen Resizes the IRC Integrated Remote Console Fullscreen 12 IRC Window DescriptionThumb Tack Away Remote Serial Console Remote Serial Console 10 Remote Serial Console Window Using this feature you can do the following Virtual Serial Port Virtual Media 11 Virtual Media Using iLO 2 MP Virtual Media Devices Virtual CD/DVD Select Local Media Drive Open VMS 13 Virtual Media Dialog Box after connection 14 Local Image File Dialog Box Creating the iLO 2 MP Disk Image Files Virtual Floppy/USB Key 15 Create Media Image Dialog Box Supported Operating Systems and USB Support for vMedia Virtual Media Applet Timeout Power & Reset Power ManagementJava Plug-in Version Client Operating System and Browser Support for vMedia 15 Power & Reset Page Description Current power state of the system15lists the fields, buttons, and descriptions Settings System Power RestoreWhen ac was removed or lost Control is required to power on the system 16 Power Meter Readings Page Description Maximum Power Power RegulatorMinimum Power 17lists the fields, buttons, and descriptions 17 Power Regulator Page Description Administration Licensing Firmware Upgrade 18 Licensing Page Description Pack features. Fields are case sensitiveLicensing Key Status Is an Evaluation license 21 Local Accounts User Administration Local Accounts Group Accounts 19 Local Accounts Page Description20lists the fields, buttons, and descriptions Serial Login Options Access Settings20 Group Accounts Page Description 21lists the fields, buttons, and descriptions 21 LAN Page Description Serial 23 Login Options Page Description Login Options22lists the fields, buttons, and descriptions 22 Serial Page Description 24lists the fields and descriptions Current Ldap Parameters Network Settings Network Settings Standard24 Current Ldap Parameters Page Description 25lists the fields, buttons, and descriptions Domain Name Server25 Standard Page Description Is automatically supplied 26lists the fields, buttons, and descriptions Snmp Settings26 DNS Page Description Ilo.hp.com. You can enter a new DNS name 27lists the fields and descriptions 27 Snmp Settings Page Description 28 Onboard Administrator Page Description Click OK and reset the iLO 2 MPBL c-Class 28lists the fields and descriptions Enclosure Name Help Smash Server Management Command Line Protocol SM CLP Features and Functionality OverviewSmash Server Management Command Line Protocol Changing the iLO 2 Default Interface to SM CLP Accessing the SM CLP InterfaceSM CLP Session Exiting the SM CLP Interface Mpcmsa Using the SM CLP Interface Command Verbs Command Line TermsSupported Command Verbs SM CLP Syntax Command Target Properties Command TargetsUsing the target’s relative path form map1 target Using implicit current target’s with the verb show Command Options 30 Command Options 30shows the available command optionsCharacter Set, Delimiters, Special, and Reserved Characters 31 SM CLP Reserved Characters and Character Sequences Resetting the System System Reset Power Status and Power ControlSystem1 Target Target SYSTEM1 Powering Off the System Displaying Power StatusPowering On the System Map1 iLO 2 Target Resetting the iLO 2 MP Text Console ServicesMap1 Example Opening the MP Main Menu from SM CLP Opening the System Console Interface from SM CLP Switching Between the System Console and the SM CLP34 /map1/textredirectsap1 Properties Target system1/consoles1/textredirectsap1 SM CLP Firmware Targets Firmware Revision Display and Upgrade This example displays only the iLO 2 MP firmware revision Displaying Firmware Revisions Remote Access Configuration Telnet SM CLP TargetsThis example displays all the firmware revisions Target map1/sshsvc1 Disable Telnet Service Disable SSH Service Network ConfigurationSSH Examples SM CLP Network Targets, Properties, and Verbs 43 ipendpt1 Properties Target map1/enetport1/lanendpt1/ipendpt1Target map1/dhcpendpt1 44 dhcpendpt1 Properties Dnsendpt1 Properties Target map1/dnsendpt1Target map1/enetport1/lanendpt1/ipendpt1/gateway1 46 gateway1 Properties Set SM CLP Network Command ExamplesDetermine current IP Address Determine Subnet Mask VMedia User Accounts Configuration Target map1/group1Target map1/group1/account# Ldap Configuration Target map1/settings1/oemhpldapsettings1User Account Examples Ldap Configuration Examples 52 oemhpldapsettings1 PropertiesConfigure Ldap parameters This command 146 Directory Services Directory Services Installation Prerequisites Features Supported by Directory IntegrationInstalling Directory Services Installing and Configuring Directory Services Schema Documentation Directory Services SupportEDirectory Installation Prerequisites Schema Installer Required Schema SoftwareSchema Preview Screen Setup Screen Results Screen Schema Setup Screen Directory Services for Active Directory Management Snap-In InstallerActive Directory Installation Prerequisites Preparing Directory Services for Active Directory Directory Services for Active DirectoryClick OK Installing and Initializing Snap-Ins for Active Directory NewHPObject Create New HP Management Object Dialog Box Select Users Dialog Box Directory Services Objects Active Directory Snap-InsManaging HP Devices In a Role HP Devices Tab Managing Users In a Role 10 Role Restrictions Tab Setting Time Restrictions Setting Login Restrictions 12 New IP/Mask Dialog Box Setting User or Group Role Rights 1lists the available Lights Out Management rightsLights Out Management Rights Installing and Initializing Snap-In for eDirectory Directory Services for eDirectoryDirectory Services for eDirectory Creating Objects 15 Select Object Subtype Dialog Box Creating Roles Add users to the remoteMonitors role using the Members tab 16 Setting Role Rights Directory Services Objects for eDirectory Adding Role Managed DevicesAdding Members 18 Members Tab eDirectory Setting Role Restrictions Setting Time Restrictions Setting Lights-Out Management Device RightsDefining Client IP Address or DNS Name Access Installing the Java Runtime Environment 2lists the available management device rightsManagement Device Rights Installing Snap-Ins Extending SchemaRun this file by executing the following command Verifying Snap-In Installation and Schema Extension User Login Using Directory Services Directory-Enabled Remote Management Certificate ServicesInstalling Certificate Services Verifying Directory Services Using Multiple Roles Using Existing Groups Creating Roles that Follow Organizational Structure Directory-Enabled Remote ManagementRestricting Roles Role Time Restrictions IP Address Range Restrictions How Directory Login Restrictions Are EnforcedIP Address and Subnet Mask Restrictions DNS-Based Restrictions How User Time Restrictions Are Enforced 24shows the user and role access restrictions Creating Multiple Restrictions and Roles User Address Restrictions Directory Services Schema Ldap Directory Services Schema Ldap Core Classes Core AttributesCore Class Definitions 8through -13define the HP management core class attributes Core Attribute Definitions HpqRoleTimeRestriction 13 hpqRoleTimeRestriction HpqRoleIPRestrictionDefault 11 hpqRoleIPRestrictionDefaultHpqTargetMembership 10 hpqTargetMembership HpqRoleIPRestrictions 12 hpqRoleIPRestrictions ILO 2 MP Classes ILO 2 MP-Specific Ldap OID Classes and AttributesILO 2 MP Attributes ILO 2 MP Class Definitions 17through -22define the iLO 2 MP core class attributes ILO 2 MP Attribute Definitions HpqLOMRightConfigureSettings 22 hpqLOMRightConfigureSettings HpqLOMRightLocalUserAdmin 21 hpqLOMRightLocalUserAdmin 186 187 Glossary Glossary To the client 189 Domain Ipmi 191 MAP address Snmp 193 User 194 195 Directory objects, configuring for Active Directory Index 197 LAN SMASH, 123 Snmp 199

HP Integrity iLO 2 MP 5991-6005 manual How User Time Restrictions Are Enforced

Models: Integrity iLO 2 MP 5991-6005

Figure 7-24shows the user and role access restrictions.

Figure 7-24 User and Role Access Restrictions

How User Time Restrictions Are Enforced

Figure 7-25shows the user time restrictions.

Directory-Enabled Remote Management 177