HP Virtual Connect Firmware Managing users

oUpdate firmware

oSave configuration to disk

oRestore the configuration from a backup

It is possible to create users with read-only access and no user role permissions. These users can only view status and settings.

Managing users

Use the following screens to manage users within the domain:

•Local Users screen (on page 67 )

o Create, edit, or delete a local user account o Enable or disable local user accounts

o Set a session timeout period

•LDAP Server Settings (LDAP Server) screen (on page 70 )

o Set up an LDAP server to authenticate users accessing the CLI or GUI

•LDAP Server Settings (LDAP Groups) screen (on page 72 ) o View, add, or remove LDAP groups

•LDAP Server Settings (LDAP Certificate) screen (on page 74 ) o View, upload, or delete LDAP certificates

•RADIUS Settings (RADIUS Server) screen (on page 75 )

o Configure a RADIUS server to authenticate users accessing the CLI or GUI

•RADIUS Settings (RADIUS Groups) screen (on page 78 ) o View, add, or remove RADIUS groups

•TACACS+ Settings screen (on page 79 )

o Configure a TACACS server to authenticate users accessing the CLI or GUI o Enable TACACS authentication

o Enable TACACS command logging

o Add or remove a secondary TACACS server

•Role Management (Role Authentication Order) screen (on page 84 )

o Specify or reorder authentication services to be used for a role during login

•Role Management (Role Operations) screen (on page 85 )

o Change the role operations allowed for Network, Server, Storage, and Domain roles

Virtual Connect users and roles 66

Contents

HP Virtual Connect for c-ClassBladeSystem Version 4.30/4.31 User Guide Page Contents Virtual Connect networks Virtual Connect fabrics Advanced Profile Settings Define Server Profile screen Server Profiles screen Edit Server Profile screen SAN fabric Status icon definitions Recovering remote enclosures Appendix A: Using Virtual Connect with nPartitions Appendix B: Auto-deploymentprocess TFTP server Appendix D: Virtual Connect Security Documentation feedback Introduction What's new Virtual Connect documentation Virtual Connect overview Page HP Virtual Connect Manager Configuring browser support Accessing HP Virtual Connect Manager Command Line Interface overview Logging on to the HP Virtual Connect Manager GUI VCM wizards HP Virtual Connect Home About HP Virtual Connect Manager Navigating the HP Virtual Connect Manager GUI Menu items Menu item Links to Virtual Connect domains Understanding Virtual Connect domains Managing domains Domain Settings (Configuration) screen Task Deleting a domain Auto-deployment Domain Settings (IP Address) screen Domain Settings (Enclosures) screen Column Adding and importing a remote enclosure Removing a remote enclosure Domain Settings (Backup/Restore) screen Domain Settings (Storage Management Credentials) screen Adding or editing a credential Managing SNMP SNMP overview SNMP Configuration (VC-Enet) The following table describes the fields within the SNMP Configuration screen Field name *SNMPv3 defines three levels of security: •Lowest—Withoutauthentication and without privacy (noAuthNoPriv) •Middle—Withauthentication but without privacy (authNoPriv) SNMP Configuration (VC-FC) SMI-Soverview SNMP Configuration (Users) Adding SNMP access Adding an SNMP trap destination SNMP traps Page Trap categories and required user role permissions Trap severities VC Module MIB traps VC Domain MIB traps vcDomainManagedStatusChanged The following is an example of a domain Cause string: 2 of 7 profiles contain unmapped connections in the domain The following is an example of a domain RootCause string: The domain managed status ReasonCodes are provided in the following table vcModuleManagedStatusChanged The following is an example of a module Cause string: Port enc0:iobay5:d3:v1 loop detected and automatically disabled The following is an example of a module RootCause string: The module managed status ReasonCodes are provided in the following table The following is an example of a FC fabric Cause string: 1 of 2 uplink ports are abnormal on BackupSAN fabric The following is an example of a FC fabric RootCause string: The FC fabric managed status ReasonCodes are provided in the following table FC fabric reason code Viewing the system log System Log entry format Page System Log (Configuration) screen Use this screen to view or set remote log destination settings To define a new remote log destination, click Define Target To send a test message to all enabled remote log destinations, click Test Managing SSL configuration Page Page SSL Certificate Administration (Certificate Signing Request) screen Field Possible values SSL Certificate Administration (Certificate Upload) screen SSH Key Administration screen Web SSL Configuration screen Page HP BladeSystem c-Classenclosures Enclosure serial numbers Using multiple enclosures For example, if bays 1 and 2 of the Primary Enclosure contain HP VC modules Multiple enclosure requirements Observe the following requirements when connecting multiple enclosures: Enclosures View screen Enclosures view (multiple enclosures) Virtual Connect users and roles Understanding VC administrative roles Managing users Local Users screen The following tasks can be performed on this screen: TIP: o Upper-casecharacter o Lower-casecharacter Page Adding a new user Minimum requirements LDAP Server Settings (LDAP Server) screen Test LDAP authentication LDAP Server Settings (LDAP Groups) screen Add LDAP Group LDAP Server Settings (LDAP Certificate) screen RADIUS Settings (RADIUS Server) screen Required RADIUS server settings Setting up a RADIUS server Test RADIUS authentication RADIUS Settings (RADIUS Groups) screen Add or Edit RADIUS Group TACACS+ Settings screen Page Required TACACS+ server settings Setting up an IPv4-onlyTACACS+ server Setting up an IPv4 and IPv6 capable TACACS+ server Test TACACS+ authentication Role Management (Role Authentication Order) screen Role Management (Role Operations) screen Virtual Connect networks Understanding networks and shared uplink sets Smart Link An uplink port is required to support Smart Link HP recommends using Smart Link in the following domain configurations: •When the domain is configured with active/active uplinks When Smart Link is triggered for Flex-NICs,observe the following information: Managing networks Page Network Access Groups screen Define Network Access Group screen Edit Network Access Group screen Ethernet Settings (Port Monitoring) screen Page Select Monitored Ports screen Page Server VLAN tagging support VLAN Capacity Multiple Networks Link Speed Settings MAC Cache Failover Network loop protection Pause flood protection Configuring Throughput Statistics LACP timer configuration Networks (Advanced Settings) Quality of Service IP-TV Quality of Service screen Custom (with FCoE Lossless) Traffic Classes Item The following table lists the available actions from this screen: Ingress Traffic Classifiers Custom (without FCoE Lossless) Page Page sFlow Settings (General) screen Page sFlow Settings (Ports) screen IGMP Settings (IGMP Configuration) screen IGMP Snooping Multicast Filtering Add, edit, or delete a multicast filter Assigning a filter or filter set to a profile connection Page Define Ethernet Network screen Page Edit Ethernet Network screen Page Advanced Network Settings Defining a network Ethernet Networks (External Connections) screen Page Ethernet Networks (Server Connections) screen Managing shared uplink sets Shared Uplink Sets (External Connections) screen Copy Shared Uplink Set screen Page Shared Uplink Sets (Associated Networks) screen Define Shared Uplink Set screen Observe the following information: Page Page Defining a shared uplink set 7.Create the Associated Networks that will use this shared uplink: a.Click Add above the table. -or b.To add a single associated network: i.Select the a single Associated Network radio button ii.Enter the name of the network Defining an FCoE network Edit Shared Uplink Set screen Page Page Page Page Virtual Connect fabrics Understanding FC fabrics Page Page DirectAttach VC SAN fabrics The DirectAttach fabric is only supported with the HP VC FlexFabric o HP Tape and Virtual Tape Libraries o Any third-partystorage solution To perform a server profile migration of a Page Mixed FabricAttach and DirectAttach VC SAN fabrics Managing fabrics Define SAN Fabric screen •Single enclosure domain •Multi-enclosuredomain Page Login re-distribution Page Edit SAN Fabric screen Use this screen to edit a SAN fabric configuration The following table describes the fields within the Edit SAN Fabric screen SAN Fabrics (External Connections) screen To access this screen, click SAN Fabrics in the left navigation tree Page SAN Fabrics (Server Connections) screen Fibre Channel Settings (Misc.) screen Virtual Connect server profiles Understanding server profiles •Before creating the first server profile, do the following: •When assigning a VC-assignedserial number, the server must be powered off If the VC domain is configured for Multi-bladeservers Flex-10overview SR-IOV Flex-10configuration Network administrator Server administrator 4.Disabled. VC determines the bandwidth speed For more information, see "Bandwidth assignment (on page 175) FlexFabric overview PXE settings Disable—VC Use PXE enabled PXE disabled Server blade configuration iSCSI offload and boot iSCSI and FCoE port assignments Page Bandwidth assignment are all 2Gb, then each FlexNIC can be assigned 2Gb of bandwidth Requested Allocated has been defined are treated as a connection set to "auto Managing MAC, WWN, and server virtual ID settings Ethernet Settings (MAC Addresses) screen MAC address settings Fibre Channel Settings (WWN Settings) screen Use this screen to select World Wide Name ranges for server profiles •Click WWN Settings under Fibre Channel Settings in the left navigation tree Serial Number Settings screen WWN settings Managing server profiles Page Page Page Page Page To define a server profile: 1.Enter the server profile name Click the d.Change the port speed setting: i.Click the pull-downarrow in the Port Speed Type Column To select a multicast filter or filter set, click the If the server will use more than two network connections 6.Set up iSCSI HBA connections. See "Creating iSCSI connections (on page 192) a.Click the down arrow under FC SAN Name to select an available SAN 9.Set up FCoE HBA connections: Creating FCoE HBA connections for a BL890c Limited Ethernet connections when using HP Virtual Connect Flex-10/10Dmodules Page Creating iSCSI connections iSCSI HBA connections screen Page Page iSCSI Boot Assistant DHCP option oTarget IP address: 192.168.0.2 o Target TCP port: o Target boot LUN: 0x0E o Target iqn name: iqn.2009-04.com:1234567890 oHeader Digest: Enabled oData digest: Not specified. Assume disabled Define Server Profile screen (multiple enclosures) Multiple network connections for a server port Defining server VLAN mappings No Forced VLAN Mappings Page Fibre Channel boot parameters Server Profiles screen Print Server Profile list Page The following table describes the fields within the Edit Server Profile screen Page Page Page Only Page Page Page Page Page Page 4.Power up the HP ProLiant BL680c G7 Server Blade: Page Page Page Page Page General requirements for adding FC or FCoE connections Page Page Virtual Connect and Insight Control Server Deployment Page Virtual Connect modules Firmware updates Page Stacking Links screen Page Throughput Statistics screen •Received Non-UnicastPackets (pkts/s) •Transmitted Packets (pkts/s) •Transmitted Non-UnicastPackets (pkts/s) Enclosure Information screen Ethernet Bay Summary (Server Port Information) screen Enclosure Status screen Interconnect Bays Status and Summary screen Causes for INCOMPATIBLE status •Module adjacency •Module replacement o The module is the primary or standby module o The fabric is being used by a profile connection Ethernet Bay Summary (General Information) screen Ethernet Bay Summary (Uplink Port Information) screen Page Page Interconnect Bay Summary (Details) Enet Ethernet Bay Summary (MAC Address Table) screen Ethernet Bay Summary (IGMP Multicast Groups) screen Ethernet Bay Summary (Name Server) screen The following table describes the columns within the Name Server table Interconnect Bay Summary (FIP Snooping) Enet The following table describes the columns within the Uplink Port(s) table To refresh FIP snooping data, click Refresh Ethernet Port Detailed Statistics screen DCBX Information Port Statistic Page Page Page Page Page Remote Device Information Pluggable Module Information FC Port Detailed Statistics screen To reset the statistics, click Reset Statistics Port Statistics FC Bay Summary screen Page Page Interconnect Bay Overall Status icon definitions Icon Operational state Meaning Corrective action Interconnect Bay OA Communication Status icon definitions Server Bays Summary screen Page Page Integrity blade devices Server Bay Overall Status icon definitions Server Bay OA Reported Status icon definitions Server Bay VC Status icon definitions Server Bay OA Communication Status icon definitions Server Bay Status screen Server Blade Information Server Ethernet Adapter Information SAN Ports Server Bay Status screen - multi-bladeservers Page Port status conditions Interconnect module removal and replacement Upgrading to an HP Virtual Connect 8Gb 20-PortFC Module For detailed migration information, see the VC-managed identifiers 2.Delete the domain 3.Remove all network uplinks from the modules to be removed Page Possible errors 1.Physically remove the module 2.Insert the original module 3.Ensure that all profiles have been unassigned Upgrading to an HP Virtual Connect FlexFabric module from a VC-FCmodule 1.If necessary, upgrade the VC domain firmware: 6.Physically remove the existing modules from both horizontally adjacent bays Install the HP VC FlexFabric Modules with the appropriate FC SFP+ transceivers 10.Recreate the previously deleted FC SAN fabrics Page Maintenance and troubleshooting Domain Status summary Domain Status screen Module status definitions and causes Export support information Error message resources Reset Virtual Connect Manager Server profile troubleshooting Server blade power on and power off guidelines Page Additional information Appendix A: Using Virtual Connect with nPartitions Understanding nPartitions Assigning a VC profile to an nPar Reconfiguring nPars Page Appendix B: Auto-deploymentprocess Overview of the auto deployment process CentOS DHCP setup CentOS TFTP setup VC configuration file Importing the enclosure into the domain Starting a deployment operation Viewing deployment information, status, and logs Normal deployment status values Typical failure deployment status values The deployment log The deployment configuration file Manual TFTP settings Stopping a deployment operation Subsequent deployments (redeployment scenarios) VC GUI auto-deploymentstatus and settings Deployment wait and retry states Configuring file restrictions TFTP logging and enablement Appendix C: Using IPv6 with Virtual Connect Minimum requirements to support IPv6 IPv6 addresses in VC Switching between EBIPAv6 and DHCPv6 Enabling IPv6 support Migrations Disabling IPv6 support Importing enclosures VC FW update considerations Multi-enclosureconsiderations Limitations Page Appendix D: Virtual Connect Security Insecure protocols and secure alternatives Access control Virtual Connect FIPS mode of operation Page Enabling FIPS mode FIPS mode indicators (domain) FIPS mode indicators (VC Ethernet modules) Acronyms and abbreviations BPDU CFG CHAP CMC IGMP IQN LACP LAG LAG ID PHY PLS POST QoS RADIUS SSH SSL TACACS+ TCN UDP Documentation feedback Index