0% found this document useful (0 votes)

1K views532 pages

Primergy Serverview Suite: Irmc S2 - Integrated Remote Management Controller (Firmware Version 3.77A)

PRIMERGY ServerView Suite iRMC S2 - integrated Remote Management Controller (Firmware version 3.77a) manual was created to meet the regulations of a quality management system which complies with the requirements of the standard DIN EN ISO 9001:2000.

Uploaded by

Piotrek Zywicki

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

1K views532 pages

Primergy Serverview Suite: Irmc S2 - Integrated Remote Management Controller (Firmware Version 3.77A)

Uploaded by

Piotrek Zywicki

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 532

PRIMERGY ServerView Suite

iRMC S2 - integrated Remote Management Controller (Firmware Version 3.77A)

Edition December 2009

Comments Suggestions Corrections

The User Documentation Department would like to know your opinion of this manual. Your feedback helps us optimize our documentation to suit your individual needs. Feel free to send us your comments by e-mail to [email protected].

Certified documentation according to DIN EN ISO 9001:2000

To ensure a consistently high quality standard and user-friendliness, this documentation was created to meet the regulations of a quality management system which complies with the requirements of the standard DIN EN ISO 9001:2000. cognitas. Gesellschaft fr Technik-Dokumentation mbH www.cognitas.de

Copyright and Trademarks

Copyright 2009 Fujitsu Technology Solutions GmbH. All rights reserved. Delivery subject to availability; right of technical modifications reserved. All hardware and software names used are trademarks of their respective manufacturers.

Contents
1 1.1 1.2 1.3 1.4 1.5 1.6 2 2.1 2.2 2.3 3 3.1 3.1.1 3.1.1.1 3.1.1.2 3.1.1.3 3.1.2 3.1.3 3.1.4 3.2 3.2.1 3.2.2 Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Purpose and target groups of the manual . . . . . . . . . . 14 Functions of the iRMC S2 (overview) . . . . . . . . . . . . . 15 Communication interfaces of the iRMC S2 . . . . . . . . . . 21 IPMI - technical background . . . . . . . . . . . . . . . . . . 22 Changes since the previous manual . . . . . . . . . . . . . 31 Notational conventions . . . . . . . . . . . . . . . . . . . . 32

Logging on to the iRMC S2 for the first time . . . . . . . . . 33 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . 33 iRMC S2 factory defaults . . . . . . . . . . . . . . . . . . . 34

Logging into the iRMC S2 web interface . . . . . . . . . . . 35 Configuring the iRMC S2 . . . . . . . . . . . . . . . . . . . 37 . . 38 . . 39 . . 39 . . 40 . . 40 . . 40 . . 41 . . 43

Configuring the LAN interface of the iRMC S2 . . . . . . Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . Connected to the correct LAN port? . . . . . . . . . . . Interaction between the IP addresses of the iRMC S2 and the system . . . . . . . . . . . . . . . . . . . . . . Access from a different subnet . . . . . . . . . . . . . . Configuring the LAN interface: Configuration tools . . . . . Configuring the LAN interface using the BIOS / TrustedCore Setup program . . . . . . . . . . . . . . . . . . . . . . . . Testing the LAN interface . . . . . . . . . . . . . . . . . .

Configuring text console redirection via LAN using the BIOS/TrustedCore Setup program . . . . . . . . . . . . . . 44 Configuring text console redirection . . . . . . . . . . . . . . . 45 Using console redirection while the operating system is running 49

iRMC S2

Contents 3.3 3.3.1 3.3.2 3.4 3.4.1 3.4.2 3.4.3 3.5 3.5.1 3.5.2 4 4.1 4.2 4.3 4.3.1 4.3.2 4.3.3 4.3.3.1 4.3.3.2 4.3.3.3 4.3.3.4 4.4 4.4.1 4.4.2 4.4.2.1 4.4.2.2 4.4.2.3 4.4.2.4 4.4.2.5 Configuring and using the serial interface of the iRMC S2 . . 51 Configuring the serial interface . . . . . . . . . . . . . . . . . . 52 Using the Remote Manager (Serial) interface . . . . . . . . . . 54 Configuring the iRMC S2 over the iRMC S2 web interface Configuring the LAN parameters . . . . . . . . . . . . . . . Configuring alerting . . . . . . . . . . . . . . . . . . . . . . Configuring text console redirection . . . . . . . . . . . . . . . . . . . . . 55 55 56 56

Configuring iRMC S2 using the Server Configuration Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Configuring the LAN parameters . . . . . . . . . . . . . . . . . 57 Configuring alerting . . . . . . . . . . . . . . . . . . . . . . . . 58 User management for the iRMC S2 . . . . . . . . . . . . . . . 59 User management concept for the iRMC S2 . . . . . . . . . . 60 User permissions . . . . . . . . . . . . . . . . . . . . . . . . 62 Local user management for the iRMC S2 . . . . . . . . . . Local user management using the iRMC S2 web interface . . . . . . . . . . . . . . . . . . . . . Local user management via the Server Configuration Manager SSHv2 public key authentication for iRMC S2 users . . . . . . Creating public and private SSHv2 keys . . . . . . . . . . Loading the public SSHv2 key onto the iRMC S2 from a file Configuring PuTTY and the OpenSSH client for using the public SSHv2 key . . . . . . . . . . . . . . . . . . . . Example: Public SSHv2 key . . . . . . . . . . . . . . . . . Global user management for the iRMC S2 . . . . . . . Overview . . . . . . . . . . . . . . . . . . . . . . . . . iRMC S2 user management via an LDAP directory service (concept) . . . . . . . . . . . . . Global iRMC S2 user management using permission groups and roles . . . . . . . . . . . . . . . . . . . Organizational units (OU) SVS and iRMCgroups . . . Cross-server, global user permissions . . . . . . . . iRMCgroups: Permission profiles are defined via permission groups . . . . . . . . . . . . . . . . . . . SVS: Permission profiles are defined via roles . . . . . 64 . . . . . 64 66 68 70 74

. 76 . 82

. . . . 83 . . . . 84 . . . . 85 . . . . 85 . . . . 87 . . . . 89 . . . . 91 . . . . 94

iRMC S2

Contents 4.4.3 4.4.3.1 4.4.3.2 4.4.3.3 4.4.3.4 4.4.3.5 4.4.3.6 4.4.4 4.4.4.1 4.4.4.2 4.4.4.3 4.4.4.4 4.4.5 4.4.5.1 4.4.5.2 4.4.6 4.4.6.1 4.4.6.2 4.4.6.3 4.4.6.4 4.4.6.5 4.4.6.6 4.4.7 4.4.7.1 4.4.7.2 4.4.7.3 4.4.7.4 4.4.7.5 4.4.8 4.4.8.1 4.4.8.2 4.4.8.3 4.4.9 SVS_LdapDeployer - Generating, maintaining and deleting the SVS and iRMCgroups structures . . . . . . . . . . . . . Configuration file (XML file) . . . . . . . . . . . . . . . . . Starting SVS_LdapDeployer . . . . . . . . . . . . . . . . . -deploy: Create or modify an LDAP structure . . . . . . . . -delete: Deleting an LDAP structure . . . . . . . . . . . . . -import: Importing an LDAP v1 structure into an LDAP v2 structure . . . . . . . . . . . . . . . . . . . . . . . . . . . -synchronize: Synchronizing changes made in an LDAP v2 structure with an LDAP v1 structure . . . . . . . . . . . . . Typical application scenarios . . . . . . . . . . . . . . . . . . Performing an initial configuration in which LDAP v1 and LDAP v2 structures coexist . . . . . . . . . . . . . . . Importing an LDAP v1 structure into an LDAP v2 structure . Re-generating or expanding an LDAP v2 structure . . . . . Re-generating an LDAP v2 structure and prompting for and saving authentication data . . . . . . . . . . . . . . . . iRMC S2 user management via Microsoft Active Directory . . . Configuring iRMC S2 LDAP/SSL access at the Active Directory server . . . . . . . . . . . . . . . . . . . . Assigning an iRMC S2 user to a role (permission group) . . iRMC S2 user management via Novell eDirectory . . . . . . . Software components and system requirements . . . . . . Installing Novell eDirectory . . . . . . . . . . . . . . . . . Configuring Novell eDirectory . . . . . . . . . . . . . . . . Integrating iRMC S2 user management in Novell eDirectory Assigning an iRMC S2 user to a permission group . . . . . Tips on administering Novell eDirectory. . . . . . . . . . . . iRMC S2 user management via OpenLDAP . . . . . . . . . . Installing OpenLDAP . . . . . . . . . . . . . . . . . . . . . Creating SSL certificates . . . . . . . . . . . . . . . . . . . Configuring OpenLDAP . . . . . . . . . . . . . . . . . . . Integrating iRMC S2 user management in OpenLDAP. . . . Tips on OpenLDAP administration . . . . . . . . . . . . . . Configuring email alerting to global iRMC S2 users . . . . . . . Global email alerting . . . . . . . . . . . . . . . . . . . . . Displaying alert roles . . . . . . . . . . . . . . . . . . . . . Assigning iRMC S2 users to an alert role . . . . . . . . . . SSL copyright . . . . . . . . . . . . . . . . . . . . . . . . . .

96 96 97 99 101 102 103 105 105 105 106 106 107 108 113 120 120 121 128 134 140 144 147 147 147 148 150 154 156 157 161 163 164

iRMC S2

Contents 5 5.1 5.2 5.2.1 5.2.2 5.2.3 5.2.4 5.2.4.1 5.2.4.2 5.2.4.3 5.3 5.3.1 5.3.2 5.3.3 5.3.4 6 6.1 6.1.1 6.1.2 6.1.3 6.1.4 6.1.5 6.2 6.2.1 6.2.1.1 6.2.1.2 6.2.1.3 6.2.2 7 7.1 7.2 Advanced Video Redirection (AVR) . . . . . . . . . . . . . 167

Requirements: Check the AVR settings . . . . . . . . . . . 168 Using AVR . . . . . . . . . . . . . . . . . . . . . . . Parallel AVR sessions . . . . . . . . . . . . . . . . . . Local Monitor Off function . . . . . . . . . . . . . . . Redirecting the keyboard . . . . . . . . . . . . . . . . Redirecting the mouse . . . . . . . . . . . . . . . . . Synchronizing the mouse pointer . . . . . . . . . . Managed Windows server: Adjusting the settings for synchronization of the mouse pointers . . . . . . . Managed Linux server: Adjusting the settings for synchronization of the mouse pointers . . . . . . . Menus of the AVR window Extras menu . . . . . . . . Remote Storage menu . . . Languages menu . . . . . . Preferences menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 171 172 173 175 175

. . . . 177 . . . . 180 . . . . . . . . . . . . . . . . . . . . 183 184 187 187 188

Remote Storage . . . . . . . . . . . . . . . . . . . . . . . . 191 Providing remote storage at the remote workstation Starting Remote Storage . . . . . . . . . . . . . . . . Provision of storage media for Remote Storage . . . . Connecting storage media as remote storage . . . . . Clearing Remote Storage connections . . . . . . . . . Removing the storage medium . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192 193 196 200 204 205 206 207 207 213 214 219

Providing remote storage via a Remote Storage server . . Remote Storage server under Windows . . . . . . . . . . . . Installing the Remote Storage server . . . . . . . . . . . . Remote Storage server execution modes . . . . . . . . . Configuring, starting and exiting the Remote Storage server Remote Storage server (iRMCSrv) under Linux . . . . . . . .

iRMC S2 web interface . . . . . . . . . . . . . . . . . . . . 221 Logging into the iRMC S2 web interface . . . . . . . . . . . 222 Required user permissions . . . . . . . . . . . . . . . . . 224

iRMC S2

Contents 7.3 7.4 7.4.1 7.4.2 7.5 7.5.1 7.5.2 7.5.3 7.5.4 7.5.5 7.6 7.6.1 7.6.2 7.6.3 7.7 7.7.1 7.7.2 7.7.3 7.8 7.8.1 7.8.2 7.8.3 7.8.4 7.8.5 7.9 7.9.1 7.9.2 Structure of the user interface . . . . . . . . . . . . . . . . 228

System Information Information on the server . . . . . . . . . . . . . . . . . . . 231 System Overview General information on the server . . . . . . . . . . . . . . . 232 System Component Information Information on the server components . . . . . . . . . . . . . 237 iRMC S2 - Information, firmware and certificates . . . iRMC S2 Information - Information on the iRMC S2 . . . . Save iRMC S2 Firmware Settings -Save firmware settings Certificate Upload - Load the DSA/RSA certificate and private DSA/RSA key . . . . . . . . . . . . . . . . . . . Generate a self-signed Certificate - Generate self-signed RSA certificate . . . . . . . . . . . . . . . . . . . . . . . iRMC S2 Firmware Update . . . . . . . . . . . . . . . . . . . 240 . . . 241 . . . 245 . . . 247 . . . 254 . . . 256 261 262 267 270 271 272 278 279 283 284 286 288 289 290

Power Management . . . . . . . . . . . . . . . . . . . . . . Power On/Off - power the server up/down . . . . . . . . . . . . Power Options - Configuring power management for the server Power Supply Info - Power supply and IDPROM data for the FRU components . . . . . . . . . . . . . . . . . . . . Power Consumption - Control the power consumption of the server . . . . . . . . . . . . . . . . . . . . . . . . . . Power Consumption Configuration - Configure power consumption of the server . . . . . . . . . . . . . . . . . . . . Current Power Consumption - Show the current power consumption . . . . . . . . . . . . . . . . . . . . . . . . . . Power Consumption History - Show server power consumption Sensors - Check status of the sensors . . . . . . . . . . Fans - Check fans . . . . . . . . . . . . . . . . . . . . . . Temperature - Check temperature sensors . . . . . . . . . Voltages - Check voltage sensors . . . . . . . . . . . . . . Power Supply - Check power supply . . . . . . . . . . . . Component Status - Check status of the server components . . . . . . . . . . . .

System Event Log (SEL) - Displaying and configuring the servers event log . . . . . . . . . . . . . . . . . . . . . . . 291 System Event Log Content Show information on the SEL and SEL entries . . . . . . . . . 292 System Event Log Configuration - Configure the SEL . . . . . . 295

iRMC S2

Contents 7.10 7.11 7.11.1 7.11.2 7.11.3 7.11.4 7.12 7.12.1 7.12.2 7.12.3 Server Management Information - Configuring the server settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297 Network Settings - Configure the LAN parameters . . . . Network Interface - Configure Ethernet settings on the iRMC S2 . . . . . . . . . . . . . . . . . . . . . . . . . . . Ports and Network Services - Configuring ports and network services . . . . . . . . . . . . . . . . . . . . . . . . . . . . DHCP Configuration - Configuring the host name for the iRMC S2 . . . . . . . . . . . . . . . . . . . . . . . . . . . DNS Settings - Enable DNS for the iRMC S2 . . . . . . . . . Alerting - Configure alerting . . . . . . . . . . . . . SNMP Trap Alerting - Configure SNMP trap alerting . . Serial / Modem Alerting - Configure alerting via modem Email Alerting - Configure email alerting . . . . . . . . . . . . . . . . . . . . . 301 . 302 . 305 . 309 . 311 . . . . 313 314 315 317 323 323 325 326 333 336 340

7.13 User Management - Manage users . . . . . . . . . . . . . . 7.13.1 iRMC S2 User - local user management on the iRMC S2 . . . 7.13.1.1 New User Configuration - Configuring a new user . . . . . 7.13.1.2 User <name> Configuration - User configuration (details) . 7.13.2 Directory Service Configuration (LDAP) Configuring the directory service at the iRMC S2 . . . . . . . 7.13.2.1 Configuring iRMC S2 for Microsoft Active Directory . . . . 7.13.2.2 Configuring iRMC S2 for Novell eDirectory / OpenLDAP . . 7.14 7.14.1 Console Redirection - Redirecting the console . . . . BIOS Text Console Configure and start text console redirection . . . . . . . 7.14.1.1 BIOS Console Redirection Options Configure text console redirection . . . . . . . . . . . 7.14.1.2 Text Console Redirection (via Serial over LAN) Start text console redirection . . . . . . . . . . . . . 7.14.1.3 Text console redirection while the operating system is running . . . . . . . . . . . . . . . . . . . . . . . . 7.14.2 Advanced Video Redirection Start Advanced Video Redirection (AVR) . . . . . . . . . 7.15 7.16

. . . 345 . . . 345 . . . 347 . . . 349 . . . 354 . . . 356

Remote Storage . . . . . . . . . . . . . . . . . . . . . . . . 366 Operating iRMC S2 via Telnet/SSH (Remote Manager) . . . 368

iRMC S2

Contents 8 8.1 8.2 8.2.1 8.2.2 8.2.3 8.2.4 8.2.5 8.2.6 8.2.7 8.2.8 8.2.9 8.2.10 8.2.11 8.2.12 8.2.13 8.2.14 9 iRMC S2 via Telnet/SSH (Remote Manager) . . . . . . . . . 373

Operating the iRMC S2 using the ServerView Remote Management Frontend . . . . . . . . . . . . . . . . . . . . . 374 Remote Manager . . . . . . . . . . . . . . . . . . . . . Operating Remote Manager . . . . . . . . . . . . . . . . Overview of menus . . . . . . . . . . . . . . . . . . . . Logging in . . . . . . . . . . . . . . . . . . . . . . . . . Main menu of the Remote Manager . . . . . . . . . . . . Required user permissions . . . . . . . . . . . . . . . . Change the password . . . . . . . . . . . . . . . . . . . System Information - Information on the managed server . Power Management . . . . . . . . . . . . . . . . . . . . Enclosure Information - System event log and status of the sensors . . . . . . . . . . . . . . . . . . . . . . . Service processor - IP parameters, identification LED and iRMC S2 reset . . . . . . . . . . . . . . . . . . . . . . . Console Redirection (EMS/SAC) - Start text console redirection . . . . . . . . . . . . . . . . . . . . . . . . . Start a Command Line shell... - Start a SMASH CLP shell Console Logging - Redirect message output to the text console (serial) . . . . . . . . . . . . . . . . . . . . Command Line Protocol (CLP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375 375 376 378 380 382 383 384 385

. . . 387 . . . 391 . . . 392 . . . 393 . . . 394 . . . 397

Configuring iRMC S2 using the Server Configuration Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401 Starting system configuration . . . . . . . . . . Calling the Server Configuration Manager from the ServerView Installation Manager . . . . . . . . . Calling the Server Configuration Manager from the Windows Start menu . . . . . . . . . . . . . . . . Calling the Server Configuration Manager from the Operations Manager . . . . . . . . . . . . . . . . . . . . . . . 402 . . . . . . . 402 . . . . . . . 403 . . . . . . . 405

9.1 9.1.1 9.1.2 9.1.3 9.2 9.3 9.4

iRMC Power Consumption Control - Control the power consumption of the server . . . . . . . . . . . . . . . . . . . 410 iRMC Advanced Features - Remote Storage Server, License Key and HP SIM Integration . . . . . . . . . . . . . 412 ASR&R Fan Settings . . . . . . . . . . . . . . . . . . . . . . 414

iRMC S2

Contents 9.5 9.6 9.7 9.8 9.9 9.10 9.11 9.12 9.13 9.14 9.14.1 9.14.2 10 10.1 10.2 10.3 10.3.1 10.3.2 10.3.3 10.3.4 10.3.5 10.4 10.5 ASR&R Temperature Settings . . . . . . . . . . . . . . . . 416 iRMC LAN Interface - Configure LAN parameters of the iRMC S2 . . . . . . . . . . . . . . . . . . . . . . . . . 418 iRMC Networking Ports - Configuring ports and network services . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421 iRMC DNS Registration - Configuring the host name for the iRMC S2 . . . . . . . . . . . . . . . . . . . . . . . . 423 iRMC DNS Server - Activating DNS for the iRMC S2 . . . . 425 iRMC EMail Alerting -Configure email alerting . . . . . . . 427 iRMC Mail Format Settings - Mail-format-dependent settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430 iRMC SNMP Alerting - Configure SNMP Trap alerting . . . 432

iRMC User Management - Local user management on the iRMC S2 . . . . . . . . . . . . . . . . . . . . . . . . 433 iRMC Directory Service - Configuring the directory service 439 Configure iRMC S2 for Microsoft Active Directory . . . . . . . 441 Configuring iRMC S2 for Novell eDirectory / OpenLDAP . . . . 443 Firmware update . . . . . . . . . . . . . . . . . . . . . . . . 447 iRMC S2 firmware (overview) . . . . . . . . . . . . . . . . . 448 Setting up the USB memory stick . . . . . . . . . . . . . . 451 Updating firmware images . . . . . . . . . . . . . . . . over the iRMC S2 web interface . . . . . . . . . . . . . . Update using the ServerView Update Manager . . . . . . Online update using ServerView Update Manager Express or ASP . . . . . . . . . . . . . . . . . . . . . . . . . . . Update using the operating system flash tools. . . . . . . . Update via the FlashDisk menu . . . . . . . . . . . . . . . . . 454 . . 454 . . 454 . . 455 . . 455 . . 457

Emergency flash . . . . . . . . . . . . . . . . . . . . . . . . 459 Flash tools . . . . . . . . . . . . . . . . . . . . . . . . . . . 460

iRMC S2

Contents 11 11.1 11.2 11.3 Remote installation of the operating system via iRMC S2 . 463

Installing the operating system via iRMC S2 general procedure . . . . . . . . . . . . . . . . . . . . . . . 464 Connecting a storage medium as remote storage . . . . . . 466 Booting the managed server from PRIMERGY ServerView Suite DVD 1 and configuring it with the Installation Manager . . . . . . . . . . . . . . . . . . . . . . 470 Installing the operating system on the managed server after configuration . . . . . . . . . . . . . . . . . . . 477 Installing Windows on the managed server after configuration . 477 Installing Linux on the managed server after configuration . . . 481 IPMI OEM Commands . . . . . . . . . . . . . . . . . . . . . 487 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487 Description of the IPMI OEM commands Description format . . . . . . . . . . . . . SCCI-compliant Power On/Off commands . SCCI-compliant communication commands SCCI-compliant signaling command . . . . Firmware-specific commands . . . . . . . BIOS-specific commands . . . . . . . . . iRMC S2-specific commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489 489 490 495 497 498 502 504

11.4 11.4.1 11.4.2 12 12.1 12.2 12.2.1 12.2.2 12.2.3 12.2.4 12.2.5 12.2.6 12.2.7

Related Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . 513

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519

iRMC S2

Preface

Modern server systems are becoming increasingly complex. The requirements with respect to the management of such systems are growing accordingly. In response to this development, a number of vendors founded the Intelligent Platform Management Interface (IPMI) initiative with the objective of defining a standardized, abstract, message-based interface between the central system controller (Baseboard Management Controller - BMC) and intelligent hardware for platform management. For further details on IPMI, please refer to section IPMI - technical background on page 22. The iRMC S2 (integrated Remote Management Controller) is a BMC with integrated LAN connection and extended functionality which was previously only available using additional plug-in boards, such as the RemoteView Service Board (RSB). In this way, the iRMC S2 offers comprehensive control over PRIMERGY servers, irrespective of the system status, in particular over PRIMERGY servers whose system status is out-of-band.

Figure 1: iRMC S2 on the system board of a PRIMERGY server

iRMC S2

Purpose and target groups of the manual

Preface

As an autonomous system on the system board of a modern PRIMERGY server, the iRMC S2 has its own operating system, its own web server, separate user management and independent alert management. The iRMC S2 remains powered up even when the server is in stand-by mode. This manual describes how to configure the iRMC S2 and the various user interfaces available.

1.1

Purpose and target groups of the manual

This manual is aimed at system administrators, network administrators, and service staff who have a sound knowledge of hardware and software. It provides basic information on the technology behind IPMI and deals with the following aspects in detail: Logging on to the iRMC S2 Configuring the iRMC S2 User management on the iRMC S2 Advanced Video Redirection via iRMC S2 Remote Storage via iRMC S2 iRMC S2 web interface Telnet/SSH-based interface (Remote Manager) of the iRMC S2. Configuring the iRMC S2 with the Server Configuration Manager Updating the firmware Remote installation of the operating system via iRMC S2 IPMI OEM Commands

Further documentation on ServerView remote management You will find additional manuals on the topic of ServerView remote management and on the PRIMERGY ServerView suite in the chapter Related Publications on page 513. Service If you have any further questions on remote management for PRIMERGY servers, contact the service and support partners responsible for you. Other information http://www.ts.fujitsu.com

iRMC S2

Preface

Functions of the iRMC S2

1.2

Functions of the iRMC S2 (overview)

The iRMC S2 supports a wide range of functions that are provided by default. With Advanced Video Redirection (AVR) and Remote Storage, the iRMC S2 also provides two additional advanced features for the remote management of PRIMERGY servers. To use AVR and Remote Storage, you require a valid license key, which can be purchased separately. Standard functions of the iRMC S2

Browser access The iRMC S2 features its own web server which can be accessed by the management station from a standard web browser.

Security (SSL, SSH) Secure access to the Web server and secure graphical console redirection including mouse and keyboard can be provided over HTTPS/SSL. An encrypted connection protected using SSH mechanisms can be set up to access the iRMC S2 using the Remote Manager. The Remote Manager is an alphanumeric user interface for the iRMC S2.

ServerView Integration The ServerView agents detect the iRMC S2 and automatically assign it to the relevant server. This means that it is possible to start the iRMC S2 web interface and text console redirection using the ServerView Remote Management Frontend directly from ServerView Operations Manager.

Power management Irrespective of the status of the system, you have the following options for powering the managed server up or down from the remote workstation using the iRMC S2 web interface using the Remote Manager and the command line interface (CLP) with a script.

iRMC S2

Functions of the iRMC S2

Preface

Power consumption control The iRMC S2 allows comprehensive power consumption control on the managed server. In addition, you can specify the mode (minimum power consumption or maximum performance) that the iRMC S2 uses to control power consumption on the managed server. You can switch between these modes as required.

Customer Self Service (CSS) Summary tables for the server components, sensors and the power supply on the iRMC S2 web interface provide information in a separate column as to whether the server component affected is a CSS component or not. In addition, error list of the system event log (SEL) shows for every event whether it has been triggered by a CSS component.

Text console redirection You can start a Telnet/SSH session to the iRMC S2 from the ServerView Remote Management Frontend. This calls the Remote Manager, via which you can start a text console redirection session.

Basic functions of a BMC The iRMC S2 supports the basic functions of a BMC such as voltage monitoring, event logging and recovery control.

Headless system operation The managed server does not require a mouse, monitor or keyboard to be connected. The benefits of this include lower costs, far simpler cabling in the rack and increased security.

Identification LED To facilitate identification of the system, for instance if it is installed in a fully populated rack, you can activate the identification LED from the iRMC S2 web interface.

Global error LED A global error LED informs you of the status of the managed system at all times and at the same time shows the CSS (Customer Self Service) status.

Power LED The power LED informs you whether the server is currently switched on or off.

iRMC S2

Preface

Functions of the iRMC S2

LAN On some systems, the LAN interface of the fitted system NIC (Network Interface Card) on the server is reserved for the management LAN. On other systems, you have the option of configuring this LAN interface to reserve it for the management LAN set it up for shared operation with the system or make it completely available to the system. The ports marked with a wrench symbol are assigned to the iRMC S2 (see figure 7 on page 39).

Command line interface (CLP) In addition to the Remote Manager, the iRMC S2 also supports SMASH CLP (System Management Architecture for Server Hardware Command Line Protocol) as standardized by the DMTF (Distributed Management Task Force).

Simple configuration - interactive or script-based The following tools are available for configuring the iRMC S2: iRMC web interface Server Configuration Manager The server management tool IPMIVIEW BIOS Setup

It is also possible to carry out configuration with the Server Configuration Manager or IPMIVIEW using scripts. This means that it is possible to configure the iRMC S2 when the server is first configured with ServerStart. It is also possible to configure a large number of servers on the basis of scripts.

Support for the LocalView service panel If PRIMERGY servers are equipped with a ServerView local service panel, this module allows you to determine what module is faulty and whether you can replace the faulty module yourself.

iRMC S2

Functions of the iRMC S2

Preface

Local user management The iRMC S2 has its own user management function which allows up to 16 users to be created with passwords and to be assigned various rights depending on the user groups they belong to.

Global user management using a directory service The global user IDs for the iRMC S2 are stored centrally in the directory service's directory. This makes it possible to manage the user identifications on a central server. They can therefore be used by all the iRMCs that are connected to this server in the network. The following directory services are currently supported for iRMC S2 user management: Microsoft Active Directory Novell eDirectory OpenLDAP

DNS / DHCP The iRMC S2 provides support for automatic network configuration. It has a default name and DHCP support is set by default so that the iRMC S2 gets its IP address from the DHCP server. The iRMC S2 name is registered by the Domain Name Service (DNS). Up to five DNS servers are supported. If DNS/DHCP is not available, the iRMC S2 also supports static IP addresses.

Power supply The iRMC S2 is powered by the standby supply of the system.

Alert management The alert management facility of the iRMC S2 provides the following options for forwarding alerts (alerting): Platform Event Traps (PET) are sent via SNMP. Direct alerting by email. A modem can be connected to the serial interface. This can then be used to send alerts (e.g. to a mobile phone via SMS). In addition, the iRMC S2 provides the ServerView agents with all the relevant information.

iRMC S2

Preface

Functions of the iRMC S2

Read, filter and save the system event log (SEL). You can view, save and delete the contents of the SEL. using the iRMC S2 web interface or using the Telnet/SSH-based interface (Remote Manager) of the iRMC S2.

Extended functionality of the iRMC S2 Alongside the standard functionality, the iRMC S2 also supports the Advanced Video Redirection and Remote Storage functions.

Advanced Video Redirection (AVR) The iRMC S2 supports Advanced Video Redirection which offers the following benefits: Operation over a standard web browser. No additional software needs to be installed in the management station other than the Java Runtime Environment. System-independent graphical and text console redirection (including mouse and keyboard). Remote access for boot monitoring, BIOS administration and operation of the operating system. AVR supports up to two simultaneous virtual connections for working on a server from a different location. It also reduces the load on the network by using hardware and video compression. Local monitor-off support: It is possible to power down the local screen of the managed PRIMERGY server during an AVR session in order to prevent unauthorized persons from observing user input and actions carried out on the local server screen during the AVR session.

iRMC S2

Functions of the iRMC S2

Preface

Remote Storage Remote Storage makes a virtual drive available which is physically located on a remote workstation or made available centrally on the network using a Remote Storage server. The virtual drives available with Remote Storage are simply managed in much the same way as local drives and offer the following options: Read and write data. Boot from Remote Storage. Install drivers and small applications. Update BIOS from remote workstation. (BIOS update via USB)

Remote Storage supports the following device types to provide a virtual drive on the remote workstation: CD ROM DVD ROM Memory stick Floppy image CD ISO image DVD ISO image

A Remote Storage server provides an ISO image centrally on the network in the form of a virtual drive. Remote Storage permits either the simultaneous connection of up to two virtual drives at the remote workstation or the provision of an ISO image via a Remote Storage server.

Preface Advantage

IPMI - technical background

The IPMI specifications ensure the independence of functions for inventory, logging, recovery and monitoring of a system by the system processor, BIOS or operating system. This means that a system can still be involved in platform management when it is shut down and turned off. IPMI and other management standards IPMI is best used in conjunction with system management software running under the relevant operating system. Integration of the IPMI functionality into the management functionality offered by a management application and the operating system results in a powerful platform management environment. An overview of the relationship between IPMI and the management software stack is shown by figure 2:

Figure 2: IPMI in the management software stack (source: IPMI specification, see section References on page 30)

iRMC S2

IPMI - technical background IPMI, IPMB and ICMB The IPMI initiative resulted in three central standards:

Preface

IPMI. Intelligent Platform Management Interface Specification describes the higher-level architecture, the current commands, event formats, data packets and properties that are used in IPMI-based systems. IPMB. Intelligent Platform Management Bus is an I2C based (write only) bus, which provides a standardized connection between various modules in a common housing. IPMB can also be used as a standardized interface for remote management modules. ICMB. Intelligent Chassis Management Bus (Not currently implemented in the ServerView remote management environment.) provides a standardized interface for exchange of platform management information and for control across systems. ICMB is designed in such a way that it can be implemented with a device that is connected to the IPMB. IPMI implementation The core element of an IPMI implementation is the Baseboard Management Controller (BMC). The BMC performs the following tasks: The BMC organizes the interface between the system management software and the platform management hardware. It provides autonomous functions for monitoring, event logging and recovery control. The BMC acts as a gateway between the system management software and IPMB. IPMI allows platform management to be extended: Additional management controllers can be connected via the IPMB. The IPMB is an I2C based serial bus, which runs between the main modules of the system. It is used for communication with and between the management controllers. With the support of multiple management controllers, IPMI provides a scalable architecture: A complex server system can use multiple controllers for monitoring different subsystems, e.g. power supplies, hot swap RAID drive modules etc.

iRMC S2

Preface

IPMI - technical background

In addition, IPMI provides low level I2C commands, which can be accessed via a management controller connected to the IPMB on 'unintelligent' I2C modules that cannot process IPMI commands. An overview of the fundamental elements of an IPMI implementation is available in figure 3 on page 26.

iRMC S2

IPMI - technical background

Preface

Figure 3: IPMI block diagram (source: IPMI specification, see section References on page 30)

iRMC S2

Preface

IPMI - technical background

IPMI and in band and out of band management In the field of system management, a distinction is made between in-band and out-of-band management: The term in-band management is used when the operating system is running on the managed server. The term out-of-band management is used when the operating system is not running on the managed server, for instance if the hardware is faulty.

As different interfaces are available in an environment with IPMI compatible systems, you can manage IPMI compatible systems either in band or out of band. IPMI-over-LAN IPMI-over-LAN is the current name for the specification of the LAN interface in the IPMI standard. This specification stipulates how IPMI messages can be sent to or from the BMC of a managed system - encapsulated in RMCP (Remote Management Control Protocol) data packets. These RMCP data packets are transferred via an Ethernet LAN connection using the UDP (User Datagram Protocol) under IPv4 (Internet Protocol Version 4). The RMCP protocol has been specified to support the management of system statuses in which the operating system is not running. The RMCP is a simple inquiry/response protocol. The interface for such a connection is provided on an onboard LAN controller assigned to the BMC.

I The interface can only be provided by an on-board LAN controller, not by

an inserted LAN card.

iRMC S2

IPMI - technical background

Preface

Of the two ports that RCMP uses under UDP, the BMC communicates with the LAN controller via port 623 (primary RMCP Port).

Figure 4: BMC and LAN controller

Serial Over LAN interface (SOL) Serial Over LAN is an interface compliant with the IPMI V2.0 standard, which controls transfer of serial data over a LAN connection. In particular, SOL specifies the packet formats and protocols for transferring serial data streams over a LAN between the serial controller on the managed computer and a remote workstation. SOL is based on the IPMI-over-LAN specification. In order to establish an SOL connection, a remote management application first initiates an IPMI-over-LAN session with the BMC. After this has been done, the SOL services can be activated from the remote workstation. The data traffic between the serial controller and the remote workstation is handled over the same IPMI session as the IPMI commands. As soon as an SOL connection has been established, data transfer between the serial controller and the remote workstation is carried out as follows: Transfer from the serial controller to the remote workstation: The data stream issued by the serial controller is partitioned by the BMC, packaged and then sent to the remote workstation over the LAN. Transfer from the remote workstation to the serial controller: BMC unpacks the characters contained in the packages sent by the remote workstation and forwards them to the serial controller as a character stream.

iRMC S2

Preface

IPMI - technical background

Figure 5: BMC and SOL

The SOL character data is then exchanged between the BMC of the managed system and the remote workstation as SOL messages. The SOL messages are encapsulated in RMCP+ data packets and transferred in UDP datagrams over an Ethernet LAN connection using IPv4 (Internet Protocol Version 4). The RMCP+ protocol is based on the RMCP protocol, but includes extensions for encryption, authentication, etc. Serial over LAN permits headless management by console redirection by both the BIOS and the operating system of the managed server. High-cost concentrator solutions are not required. Channel concept under IPMI Channels provide the mechanisms with which IPMI messages are routed to the BMC via various connection carriers. Up to nine channels can be supported. The system interface and the primary IPMB are fixed. The other seven channels are available for the implementation. Channels can be either session based or sessionless. The session concept has two meanings: It is either a concept for user authentication (see the section User identifications on page 30) or a concept for routing multiple IPMI message streams via a single channel. Examples of session based channels are LAN channels or serial / modem channels. Examples of sessionless channels are the system interface and the IPMB.

iRMC S2

IPMI - technical background User identifications

Preface

For session based channels (see the section Channel concept under IPMI on page 29), a user login is necessary. By contrast, the sessionless channels have no user authentication. Under IPMI, the user configuration is channel specific. Thus, users can have different privileges depending on whether they are accessing the BMC via the LAN channel or the serial channel. References Information about the IPMI standards can be found on the Internet: http://developer.intel.com/design/servers/ipmi/index.htm

iRMC S2

Preface

Changes compared with the previous version

1.5

Changes since the previous manual

This edition replaces the following online manual: iRMC S2 - integrated Remote Management Controller, October 2009 edition. The manual has been supplemented as follows:

Chapter 6, Remote Storage: Additional description: Remote Storage under Linux.

iRMC S2

Notational conventions

Preface

1.6

Notational conventions

The meanings of the symbols used in this manual are as follows:

V Warning I
Text in italics

This symbol is used to draw attention to risks which may represent a health hazard or which may lead to data loss or damage to the hardware. This symbol is used to highlight important information and tips. This symbol indicates an action which you must carry out. In running text, commands, menu items, and the names of buttons, options, files and paths are shown in italics. Indicates variables which must be replaced by current values. Output from the system is shown in monospaced font.

<text> Monospaced font

Monospaced font Commands to be entered at the keyboard are Bold monospaced font shown in bold, monospaced font. [square brackets] {braces} [Keyboard] [symbols] Indicate optional entries. Indicate a list of alternatives separated by |. Keys are shown as they appear on the keyboard. If uppercase characters are to be entered explicitly, this is indicated for instance by [SHIFT] - [A] for A. If two keys are to be pressed simultaneously, this is indicated by a hyphen between the two keyboard symbols.
Table 1: Notational conventions

If reference is made to passages elsewhere in this manual, the title of the chapter or section is named and the page number given refers to the start of the section.

iRMC S2

Logging on to the iRMC S2 for the first time

The factory default settings of the iRMC S2 allow you to log in to the iRMC S2 for the first time without the need for any configuration activities.

2.1

Requirements

On the remote workstation: Windows: Internet Explorer as of Version 6.x: Linux: Mozilla Firefox 1.5. For console redirection: Sun Java Virtual Machine Version 1.5.0_06 or higher. In your network: You must have a DHCP server in your network. If you want to log in with a symbolic name rather than an IP address at the iRMC S2 web interface, the DHCP server in your network must be configured for dynamic DNS. DNS must be configured. Otherwise you must ask for the IP address.

iRMC S2

iRMC S2 factory defaults

Logging on to the iRMC S2 for the first time

2.2

iRMC S2 factory defaults

The firmware of the iRMC S2 provides a default administrator ID and a default DHCP name for the iRMC S2. Default administrator ID: Administrator ID: Password: admin admin

I Both the administrator ID and the password are case-sensitive.

For reasons of security, it is recommended that you create a new administrator account once you have logged in, and then delete the default administrator account or at least change the password for the account (see section User Management - Manage users on page 323). Default DHCP name of the iRMC S2 The default DHCP name of the iRMC S2 uses the following pattern: IRMC<SerialNumber>

This section describes: Requirements for configuring the LAN interface Configuring the LAN interface in the BIOS Setup program Testing the LAN interface

I "Spanning Tree" tree for the connection of the iRMC S2 must be

deactivated (e.g. Port Fast=enabled; Fast Forwarding=enabled).

iRMC S2

Configuring the iRMC S2

LAN interface

3.1.1

Prerequisites

Note the following requirements with respect to configuring the IP address: The LAN cable must be connected to the correct port. (see section Connected to the correct LAN port? on page 39). Interaction between the IP addresses of the iRMC S2 and the system (see the section Interaction between the IP addresses of the iRMC S2 and the system on page 40). 3.1.1.1 Connected to the correct LAN port?

The interface for a LAN connection is provided on an onboard LAN controller assigned to the iRMC S2 (see also figure 4 on page 28). Depending on the server type, the system board of a PRIMERGY server provides two or three LAN interfaces. The ports marked with a wrench symbol are assigned to the iRMC S2 (in figure 7, for example, these are port 1 and the top left-hand port).

I Check that the LAN cable is connected to the correct port.

Depending on the type of PRIMERGY server, different ports may be marked with the wrench symbol.

Dedicated Service LAN (Port exclusively for the iRMC S2) Shared LAN (iRMC and system)

LAN port exclusively for the system

Figure 7: Ports for the iRMC S2 (indicated by wrench symbol)

iRMC S2

LAN interface 3.1.1.2

Configuring the iRMC S2

Interaction between the IP addresses of the iRMC S2 and the system

The LAN controller of the PRIMERGY server requires a separate IP address for the iRMC S2 in order to ensure that data packets are reliably transferred to the iRMC S2 (and not to the operating system). The IP address of the iRMC S2 must be different from that of the system (operating system). 3.1.1.3 Access from a different subnet

If the remote workstation accesses the iRMC S2 of the managed server from a different subnet and DHCP is not used, you must configure the gateway.

3.1.2

Configuring the LAN interface: Configuration tools

You can configure the iRMC S2s LAN interface in a number of ways: Depending on the type of the PRIMERGY server using the BIOS Setup Utility or the TrustedCore Setup Utility (see page 41), iRMC S2 web interface (see section Network Settings - Configure the LAN parameters on page 301), using the Server Configuration Manager (see iRMC LAN Interface Configure LAN parameters of the iRMC S2 on page 418), using the Server Management Tool.

iRMC S2

Configuring the iRMC S2

LAN interface

3.1.3

Configuring the LAN interface using the BIOS / TrustedCore Setup program

Call the BIOS / TrustedCore Setup Utility of the managed server. Do this by pressing [F2] while the server is booting. Call the LAN parameter configuration menu: BIOS: Advanced IPMI LAN Settings TrustedCore: Server IPMI LAN Settings

Figure 8: LAN Settings menu (shown here for the TrustedCore Setup Utility)

Configure the following settings: Service LAN Set the value to Enabled. Service LAN Port The Service setting is recommended.

I The Service setting is mandatory for the Type TX150 S6

PRIMERGY server.

iRMC S2

LAN interface DHCP

Configuring the iRMC S2

If you enable DHCP, the iRMC S2 gets its LAN settings autonomously from a DHCP server on the network. In this case, the values for Local IP Address, Subnet Mask, etc. are set automatically.

I Do not activate the DHCP option if no DHCP server is

available. If you activate the DHCP option and there is no DHCP server available, the iRMC S2 goes into a search loop (i.e. it constantly searches for a DHCP server).

You can specify that the DHCP and DNS services are to be used after initial installation, using the iRMC S2 web interface, for instance (see sections DHCP Configuration - Configuring the host name for the iRMC S2 on page 309 and DNS Settings - Enable DNS for the iRMC S2 on page 311). By default, the following name is passed to the DHCP server on initial installation of the iRMC S2: iRMC<last 3 bytes of the MAC address>. Local IP Address Enter the IP address you have determined for the iRMC S2 of the managed system. Subnet Mask Enter the subnet mask for the network. Gateway Address Specify the IP address of the gateway. Save the settings. If you want to use console redirection on the iRMC S2, continue with section Configuring text console redirection via LAN using the BIOS/TrustedCore Setup program on page 44. If you do not want to use text console redirection on the iRMC S2, exit the BIOS/TrustedCore Setup and continue with the next section Testing the LAN interface.

iRMC S2

Configuring the iRMC S2

LAN interface

3.1.4

Testing the LAN interface

You can test the LAN interface as follows: Use a web browser to attempt to log into the iRMC S2 web interface. If no login prompt appears, it is probable that the LAN interface is not working. Test the connection to the iRMC S2 with a ping command.

iRMC S2

Console redirection via LAN

Configuring the iRMC S2

3.2

Configuring text console redirection via LAN using the BIOS/TrustedCore Setup program

Text console redirection will be available depending on the configuration of text console redirection and on the operating system of the server either for the duration of the BIOS POST phase only or beyond the BIOS POST phase while the operating system is running. This section describes: Configuration of text console redirection via LAN using the BIOS / TrustedCore Setup Utility Special requirements of the operating system used that you need to take account of if you also want to use console redirection while the operating system is running.

I You can also configure text console redirection via LAN using the

iRMC S2 web interface (see section BIOS Text Console - Configure and start text console redirection on page 345).

iRMC S2

Configuring the iRMC S2

Console redirection via LAN

3.2.1

Configuring text console redirection

Call the BIOS / TrustedCore Setup Utility of the managed server. Do this by pressing [F2] while the server is booting. Settings in the Peripheral Configuration menu Call the Peripheral Configuration menu: Advanced Peripheral Configuration

Figure 9: Peripheral Configuration menu (as it appears in the TrustedCore Setup Utility)

Configure the following settings: Serial 1 Set the value to Enabled. Serial 1 Address Accept the first value pair proposed. Serial Multiplexer Set the value to iRMC.

iRMC S2

Console redirection via LAN Settings in the Console Redirection menu Call the Console Redirection menu: Server Console Redirection

Configuring the iRMC S2

I The appearance of the Console Direction menu varies depending on

the Setup Utility (BIOS or TrustedCore) you are using. Make the following settings in the BIOS Setup Utility:

3.2.2

Using console redirection while the operating system is running

Depending on the operating system used on the managed server, you can continue to use console redirection after the BIOS POST phase. DOS The BIOS setting for console redirection mode must be set as follows (see section Settings in the Console Redirection menu on page 46): BIOS Setup Utility: Mode: Enhanced TrustedCore Setup Utility: Continue C.R. after POST: On Windows Server 2003 Windows Server 2003 handles console redirection automatically after the POST phase. No further settings are necessary. While the operating system is booting, the Windows Server 2003 SAC console is transferred:

Figure 12: Windows Server 2003 SAC console

Linux You must configure a Linux operating system in such a way that it handles console redirection after the POST phase. Once it has been configured, you have unrestricted access from the remote workstation.

iRMC S2

Console redirection via LAN Settings required The settings may differ between program versions.

Configuring the iRMC S2

SuSe and RedHat Add the following line to the end of the file /etc/inittab:
xx:12345:respawn:/sbin/agetty <baud-rate> ttyS0

RedHat Insert the following kernel boot parameter in the file /etc/grub.conf:
console=ttyS0,<baud-rate> console=tty0

SuSE Insert the following kernel boot parameter in the file /boot/grub/menu.lst :
console=ttyS0,<baud-rate> console=tty0

iRMC S2

Configuring the iRMC S2

Serial interface

3.3

Configuring and using the serial interface of the iRMC S2

The serial interface of the iRMC S2 offers you the following possibilities: You can use the terminal application Remote Manager (Serial) over a null modem cable (see section Using the Remote Manager (Serial) interface on page 54). You can forward alerts via modem. You can configure alerting via modem using the web interface of the iRMC S2 (see section Serial / Modem Alerting - Configure alerting via modem on page 315).

iRMC S2

Serial interface

Configuring the iRMC S2

3.3.1

Configuring the serial interface

Settings in the BIOS Call the BIOS / TrustedCore Setup Utility of the managed server. Do this by pressing [F2] while the server is booting. Call the Peripheral Configuration menu to configure the serial port: Advanced Peripheral Configuration

Figure 13: Peripheral Configuration menu (as it appears in the TrustedCore Setup Utility)

Configure the following settings: Serial 1 Set the value to Enabled. Serial 1 Address Accept the first value pair proposed. Serial Multiplexer Set the value to iRMC.

iRMC S2

Configuring the iRMC S2

Serial interface

The following values are not shown in the menu and are preset (see page 54, Terminal program (VT100+)): Bits per second 9600 Data bits 8 Parity None. Stop bits 1 Flow Control None Exiting the BIOS / TrustedCore setup Save your settings and exit the BIOS/TrustedCore Setup utility. Continue with section Testing the LAN interface on page 43.

iRMC S2

Using the serial interface

Configuring the iRMC S2

If the user is authenticated successfully by iRMC S2 (user name and password are valid) then the user can log in. Otherwise, the iRMC S2 continues the verification with step 2.

2. The iRMC S2 authenticates itself at the directory service via LDAP with a user name and password, determines the user rights by means of an LDAP query and checks whether the user is authorized to work with these at the iRMC S2.

iRMC S2

User management on the iRMC S2

Concept

iRMC S2 web interface Login SSL

SSH Login SSH

Telnet Login

Serial interface Login

User name, password

SSL

SSH iRMC S2

local user identifications SSL

User name, password

SSL
LDAP login

Directory service Global user identifications

Figure 14: Login authentication via the iRMC S2

I Although optional, the use of SSL for the LDAP connection between the

iRMC S2 and directory service is recommended. An SSL-secured LDAP connection between iRMC S2 and the directory service guarantees secure data exchange, and in particular the secure transfer of the user name and password data. SSL login via the iRMC S2 web interface is only required if LDAP is active (LDAP enable option, see page 334).

iRMC S2

User permissions

User management on the iRMC S2

4.2

User permissions

The iRMC S2 distinguishes between two mutually complementary types of user permissions: Channel-specific privileges (via assignment to channel-specific permission groups) Permissions to use special iRMC S2 functions

I The privileges and permissions required for the use of the individual
iRMC S2 functions are described for the iRMC S2- web interface, on page 224, for the Remote Manager, on page 382. Channel-specific privileges (channel-specific permission groups) The iRMC S2 assigns each user identification to one of the following four channel-specific permission groups: users Operator Administrator OEM

Since iRMC S2 assigns these permissions on a channel-specific basis, users can have different permissions, depending on whether they access the iRMC S2 over the LAN interface or the serial interface. The scope of permissions granted increases from User (lowest permission level) through Operator and Administrator up to OEM (highest permission level).

I The permission groups correspond to the IPMI privilege level. Certain

permissions (e.g. for Power Management) are associated with these groups or privilege levels.

iRMC S2

User management on the iRMC S2 Permissions to use special iRMC S2 functions

User permissions

In addition to the channel-specific permissions, you can also individually assign users the following permissions: Configure User Accounts Permission to configure local user identifications Configure iRMC S2 Settings Permission to configure the iRMC S2 settings. Video Redirection Enabled Permission to use Advanced Video Redirection (AVR) in View Only and Full Control mode Remote Storage Enabled Permission to use the Remote Storage functionality Preconfigured user ID The firmware of the iRMC S2 provides a default administrator ID for the iRMC S2 which possesses all permissions: Administrator ID: Password: admin admin

I Both the administrator ID and the password are case-sensitive in the

case of local users. It is urgently recommended that you create a new administrator account as soon as possible once you have logged in, and then delete the default administrator account or at least change the password for the account (see section User Management - Manage users on page 323).

iRMC S2

... locally via the web interface

User management on the iRMC S2

4.3

Local user management for the iRMC S2

The iRMC S2 possesses its own local user management. Up to 16 users to be configured with passwords and be assigned various rights depending on the user groups they belong to. The user identifications are stored in the iRMC S2s local, non-volatile storage. User management can be performed manually or using scripts (with IPMIView). The following options are available for user management on the iRMC S2: User management via the web interface User management via the Server Configuration Manager User management using the Server Management Tool (IPMIVIEW)

4.3.1

Local user management using the iRMC S2 web interface

permission.

I User management on the iRMC S2 requires Configure User Accounts

You can view a list of configured users under the web interface. You can also configure new users, change the configuration of existing users and remove users from the list. Start the iRMC S2 web interface (see section Logging into the iRMC S2 web interface on page 222). Showing the list of configured users In the navigation area, click the User Management - iRMC S2 User function. The User Management page opens containing a list of configured users (see page 324). Here, you can delete users and call the page for configuring new users. This page is described in section User Management - Manage users on page 323.

iRMC S2

User management on the iRMC S2 Configuring new users

... locally via the web interface

On the User Management page, click the New User button. The New User Configuration page opens. This page allows you to configure the basic settings for the new user. This page is described in section New User Configuration - Configuring a new user on page 325. Modifying the configuration of a user On the User Management page, click the name of the user whose configuration parameters you want to change. The User <name> Configuration page opens showing the settings for the selected user. Here, you can change the configuration parameters for the new user. This page is described in section User <name> Configuration User configuration (details) on page 326. Deleting users On the User Management page, click on the Delete button in the same line as the user to be deleted.

iRMC S2

... locally via the Server Config. ManagerUser management on the iRMC S2

4.3.2

Local user management via the Server Configuration Manager

I Prerequisite:
The current ServerView agents must be installed on the managed server.

I User management on the iRMC S2 requires Configure User Accounts

permission. You can view a list of configured users under Server Configuration Manager. You can also configure new users, change the configuration of existing users and remove users from the list. Start the Server Configuration Manager (see chapter Configuring iRMC S2 using the Server Configuration Manager on page 401). Showing the list of configured users Choose iRMC User Management. The dialog box contains a list of all the configured users (see page 433). Here you can delete users and call the Edit existing user window showing the settings for the selected user. This window is described on page 434. Configuring new users In the iRMC User Management dialog box, select a line below the displayed user in which only the user ID is shown. Click the Modify... button or double-click the selected line. The Edit existing user window opens. Make the settings for the new user in the Edit existing user window. Confirm your settings by clicking OK.

iRMC S2

User management on the iRMC S2 ... locally via the Server Config. Manage Modifying the configuration of a user Select a user in the iRMC User Management dialog box. Click the Modify... button or double-click the selected user. The Edit existing user window opens showing the configured settings for this user. Modify the settings for the user in the Edit existing user window. Confirm your settings by clicking OK. Deleting users Select a user in the iRMC User Management dialog box. Click the Delete button to delete the user.

iRMC S2

SSHv2 public key support

User management on the iRMC S2

4.3.3

SSHv2 public key authentication for iRMC S2 users

In addition to authentication by means of a user name and password, the iRMC S2 also supports SSHv2-based public key authentication using pairs of public and private keys for local users. To implement SSHv2 public key authentication, the SSHv2 key of an iRMC S2 user is uploaded to the iRMC S2 and the iRMC S2 user uses their private key with the program PuTTY or the OpenSSH client program ssh, for example. The iRMC S2 supports the following types of public keys: SSH DSS (minimum requirement) SSH RSA (recommended) The public SSHv2 keys that you upload to the iRMC S2 can be available either in RFC4716 format or in OpenSSH format (see page 82). Public key authentication In outline, public key authentication of a user on the iRMC S2 happens as follows: The user who wishes to log into the iRMC S2 creates the key pair: The private key is read-protected and remains on the user's computer. The user (or administrator) uploads the public key to the iRMC S2. If the configuration allows this, the user can now log into the iRMC S2 extremely securely and without the need to enter a password. The user is only responsible for keeping their private key secret.

iRMC S2

User management on the iRMC S2

ssh-keygen logs the progress of the key generation operation. ssh-keygen queries the user for the file name under which the private key is to be stored and for the passphrase for the private key. ssh-keygen stores the resulting private and public SSHv2 keys in separate files and displays the fingerprint of the public key. Example: Generating an RSA key pair with ssh -keygen

1 2 3 4 5

iRMC S2

User management on the iRMC S2 Explanation:

SSHv2 public key support

1. ssh-keygen requests the file name under which the SSHv2 key is to be saved. If you press [Enter] to confirm without entering a file name, ssh-keygen uses the default file name id_rsa. 2. ssh-keygen requests you to enter a passphrase (and to confirm it) that is used to encrypt the private key. If you press [Enter] to confirm without entering a passphrase, ssh-keygen does not use a passphrase. 3. ssh-keygen informs the user that the newly generated private SSHv2 key has been saved in the file /.ssh/id_rsa. 4. ssh-keygen informs the user that the newly generated public SSHv2 key has been saved in the file /.ssh/id_rsa.pub. 5. ssh-keygen displays the fingerprint of the public SSHv2 key and the local login to which the public key belongs.

iRMC S2

SSHv2 public key support 4.3.3.2

User management on the iRMC S2

Loading the public SSHv2 key onto the iRMC S2 from a file

Proceed as follows: Under the iRMC S2 web interface, open the detailed view for the required browser (in this case user3) iRMC S2 User Management page:

(1)

(2)

Figure 18: iRMC S2 web interface: Loading the public SSHv2 key onto the iRMC S2

Click Browse in the group User SSHv2 public key upload from file (1) and navigate to the file containing the required public key (2). Click Upload to load the public key onto the iRMC S2.

iRMC S2

User management on the iRMC S2

SSHv2 public key support

After the key has been successfully uploaded, the iRMC S2 displays the key fingerprint in the group User SSHv2 public key upload from file:

Key type

Key length

MD5 fingerprint of the saved key

Figure 19: Display of the key fingerprint

I For reasons of security, make sure that the fingerprint shown here

matches that shown in PuTTYgen (see figure 17 on page 71) under Key fingerprint.

iRMC S2

SSHv2 public key support 4.3.3.3

User management on the iRMC S2

Configuring PuTTY and the OpenSSH client for using the public SSHv2 key

Configuring PuTTY for using the public SSHv2 key The PuTTY program allows you to set up a public-key-authenticated connection to the iRMC S2 and log in either under your user name or using the auto-login mechanism. PuTTY handles the authentication protocol automatically on the basis of the public/private SSHv2 key pair previously generated. Proceed as follows: Start PuTTY on your Windows computer. The following window appears when PuTTY is started:

User management on the iRMC S2

SSHv2 public key support

I Under Connection - Data, you can additionally specify a user name for
automatic login onto the iRMC S2.

Figure 23: PuTTY: Specifying the user name for automatically logging into the iRMC S2

iRMC S2

SSHv2 public key support

User management on the iRMC S2

Configuring the OpenSSH client program ssh for using the public SSHv2 key You establish an SSHv2-protected connection to the iRMC S2 using the OpenSSH client program ssh. You can log in either under your current local login or under a different login.

I The login must have been configured as a local login on the iRMC S2 and
the associated SSHv2 key must have been loaded on the iRMC S2. ssh reads its configuration options in order from the following sources: 1. Command line arguments that you specify when calling ssh: 2. User-specific configuration file ($HOME/.ssh/config)

I Although this file contains no security-critical information, read/write

permission should only be granted to the owner. Access should be denied to all other users. 3. System-wide configuration file (/etc/ssh/ssh_config) This file contains default values for configuration parameters if there is no user-specific configuration file or if the relevant parameters are not specified in the user-specific configuration file. The value found first applies for each option.

I You will find detailed information on the configuration of ssh and on its
operands on the manual pages for OpenSSH under http://www.openssh.org/manual.html

iRMC S2

User management on the iRMC S2 Proceed as follows:

SSHv2 public key support

Start ssh, to log in to the iRMC S2 inder SSHv2-authentication:

ssh -l [<user>] <iRMC_S2>

or
ssh [<user>@]<iRMC_S2>

<user> User name under which you want to log into the iRMC S2. If you do not specify <user>, ssh uses the user name under which you are logged into your local computer to log you in to iRMC S2. <iRMC_S2> iRMC S2 name or IP address of the iRMC S2 you want to log into. Example: SSHv2-authentifcated login on the iRMC S2 For the following ssh- call, it is assumed that ssh-keygen has been used to generate a public/private RSA key pair as described under Example: Generating an RSA key pair with ssh -keygen auf Seite 72 and that the public key User1/.ssh/id_rsa.pub has been loaded onto the iRMC S2 for an iRMC S2 uesr user4 (see page 74). You can then log in from your local computer under $HOME/User1 as follows on the iRMC S2 "RX100_S52-iRMC" using the login user4:
ssh user4@RX100_S52-iRMC

iRMC S2

SSHv2 public key support 4.3.3.4 Example: Public SSHv2 key

User management on the iRMC S2

The following shows the same public SSHv2 key in both RFC4716 format and in OpenSSH format. Public SSHv2 key in RFC4716 format
---- BEGIN SSH2 PUBLIC KEY ---Comment: "rsa-key-20090401" AAAAB3NzaC1yc2EAAAABJQAAAIBScBsgP9B74qNa9+w8Ccv3kDVVu2boKCGLv4hx v6+AUFrF6sYdGey1QQ7MkwSeax3NmoZBkvkR9hNfZSqxkPCkd//LyUil9US5/9Ar JxjlhXUzlPPVzuBtPaRB7+bISTJVMUorNwrcN48b6AAoYBhKC4AOtOP1OGsfc+F pGJ2iw== ---- END SSH2 PUBLIC KEY ----

Public SSHv2 key in OpenSSH format

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIBScBsgP9B74qNa9+w8Ccv3kDVVu2boKCGLv4hx v6+AUFrF6sYdGey1QQ7MkwSeax3NmoZBkvkR9hNfZSqxkPCkd//LyUil9US5/9Ar JxjlhXUzlPPVzuBtPaRB7+bISTJVMUorNwrcN48b6AAoYBhKC4AOtOP1OGwsfc+F pGJ2iw== rsa-key-20090401

iRMC S2

User management on the iRMC S2

... globally via a directory service

4.4

Global user management for the iRMC S2

The global user IDs for the iRMC S2 are managed centrally using an LDAP directory service. The following directory services are currently supported for iRMC S2 user management: Microsoft Active Directory Novell eDirectory OpenLDAP This section provides you with information about the following topics: Overview of global user management for the iRMC S2 Concept of global user management for the iRMC S2 using an LDAP directory service Configuring global iRMC S2 user management in the directory service (generating the permissions structures specific to iRMC / iRMC S2 in the directory service). Global iRMC S2 user management via Microsoft Active Directory Global iRMC S2 user management via Novell eDirectory Global iRMC S2 user management via OpenLDAP

I Alongside the measures described in this section which you perform in

the directory service, global user management also requires you to configure the local LDAP settings at the iRMC S2. You may configure the local LDAP settings either at the iRMC S2 web interface (see page page 333), using the Server Configuration Manager (see page page 439).

iRMC S2

... globally via a directory service

User management on the iRMC S2

4.4.1

Overview

The global user IDs for the iRMC S2 (and for the iRMC) are stored centrally for all platforms in the directory service's directory. This makes it possible to manage the user identifications on a central server. They can therefore be used by all the iRMCs and iRMC S2s that are connected to this server in the network. Furthermore, using a directory service for the iRMC / iRMC S2 makes it possible to use the same user identifications for logins at the iRMCs / iRMC S2s as are used for the operating system of the managed servers.

I Global user management is currently not supported for the following

iRMC S2 functions: Login via IPMI-over-LAN Console redirection via SOL

iRMC 1

Login Authentication iRMC 2

Directory service
Global user identifications

...

iRMC n

Figure 24: Shared use of the global user identifications by multiple iRMCs

Communications between the individual iRMCs / iRMC S2s and the central directory service is performed via the TCP/IP protocol LDAP (Lightweight Directory Access Protocol). LDAP makes it possible to access the directory services which are most frequently used and most suitable for user management. Optionally, communication via LDAP can be secured by SSL.

iRMC S2

User management on the iRMC S2

... globally via a directory service

4.4.2

iRMC S2 user management via an LDAP directory service (concept)

management described below applies equally to the directory services Microsoft Active Directory, Novell eDirectory and OpenLDAP. The figures are based on the example of the Active Directory Users and Computers console in the Microsoft Active Directory user interface. strings in LDAP: *, \, &, (, ), |, !, =, <, >, ~, :

I The concept of directory service-based, global iRMC S2 user

I The following characters are reserved as metacharacters for search

You must therefore not use these characters as components of Relative Distinguished Names (RDN). 4.4.2.1 Global iRMC S2 user management using permission groups and roles

Global iRMC / iRMC S2 user management via an LDAP directory server requires no extension to the standard directory server schema. Instead, all the information that is relevant for the iRMC / iRMC S2, including the user permissions (privileges), is provided via additional LDAP groups and organizational units (OUs) which are combined in separate OUs in a domain of the LDAP directory server (see figure 26 on page 88). iRMC users obtain their privileges by virtue of being members of a group in the organizational unit (OU) iRMCgroups. iRMC S2 users obtain their privileges by being assigned a role (user role) declared in the organizational unit (OU) SVS or by membership of a group of the OU iRMCgroups.

I If both the OU SVS and the structure iRMCgroups are defined in the

directory service, the login data of the user is first compared with the entries in SVS to authenticate a user. If no matching entry is found there, an attempt is made to find a match in the entries in iRMCgroups. In either case, the first matching entry is relevant.

Assigning permissions directly with user groups Global user management on the iRMC and the iRMC S2 (firmware version < 3.77) controls the assignment of permissions by means of user groups. Here, the permissions are directly assigned to the individual user groups.

iRMC S2

... globally via a directory service

User management on the iRMC S2

Assigning permissions with user roles (abbreviated to: roles) Global user management on the iRMC S2 (firmware version 3.77 or later) controls the assignment of permissions by means of user roles. In this case, each role defines a specific, task-oriented permission profile for activities on the iRMC S2. Several roles can be assigned to each user with the result that the permissions for this user are defined by the sum of the permissions of all the assigned roles. figure 25 illustrates the concept of role-based assignment of user permissions with the roles Administrator, Maintenance, Observer and UserKVM.

Mr. Miller

Ms. Smith

Mr. Baker

Administrator

Maintenance

Observer

UserKVM

User Mgmnt.

AVR

Rem. Storage iRMC Settings

iRMC Info

Figure 25: Role-based assignment of user permissions

The concept of user roles offers important advantages, including: The individual permissions do not need to be assigned to each user or user group individually. Instead, they are assigned to the user role. It is only necessary to adapt the permissions of the user role in the event that the permission structure changes.

iRMC S2

User management on the iRMC S2 4.4.2.2

... globally via a directory service

Organizational units (OU) SVS and iRMCgroups

User management on the iRMC S2 4.4.2.4

... globally via a directory service

iRMCgroups: Permission profiles are defined via permission groups

The associated permission groups (security groups) are listed directly below each department (figure 27 on page 90). There are no restrictions concerning the number of permission groups. The names of the permission groups can be chosen as required subject to certain syntactic requirements imposed by the employed directory service. Every permission group defines a specific permission profile which applies to all the users who belong to the relevant permission group.

V CAUTION!
Make sure that no user simultaneously belongs to more than one permission group in one and the same department. (If a user belongs to more than one permission group in the same department then the first result returned by an LDAP query always apples.)

I The permission groups in global iRMC S2 user management also

include the channel-specific permission groups (see page 62). For detailed information on the individual user permissions, see section User permissions on page 62.

If, for example, you click a department (e.g. DeptX) (1) in the hierarchy tree in Active Directory Users and Computers (see figure 28 on page 92) then the permission groups (security groups) defined for this department are listed in the display area (here: DeptX). You can click on one of the displayed security groups (2) to open the Properties dialog for this security group (here: Maintenance). The associated permission is listed under Notes using the following syntax:

iRMC S2

... globally via a directory service

User management on the iRMC S2

(2)

(1)

Figure 28: Properties dialog for the Maintenance security group

iRMC S2

User management on the iRMC S2 Settings for the preferred shell

... globally via a directory service

In the LDAP server, you can specify not only the user permissions but also the preferred shell for a user. Unlike when you assign permissions, the definition of the preferred shell is purely user-specific and not department-dependent.

Figure 29: Defining the preferred shell

The following groups can be selected: IPMIbasicMode IPMIterminalMode None RemoteManager (see page 373). SmashCLP (see page 393).

I A user should only belong to a single shell group. Any user who belongs
to multiple shell groups is automatically assigned to the group with the highest priority among these groups. The sequence of priorities follows the above list (with priority descending from top to bottom). Any user who does not belong to a shell group is assigned by default to the Remote Manager group.

iRMC S2

... globally via a directory service 4.4.2.5

User management on the iRMC S2

SVS: Permission profiles are defined via roles

The associated user roles (authorization roles) that are required are listed directly below each department (figure 27 on page 90). All the roles listed here must be defined in the OU Declarations. Otherwise, there are no restrictions concerning the number of roles. The names of the roles can be chosen as required subject to certain syntactic requirements imposed by the employed directory service. Each authorization role defines a specific, task-oriented permission profile for activities on the iRMC S2.

I The alert roles are listed as well as the authorization roles. Each alert
role defines a specific alerting profile for email alerting (see section Configuring email alerting to global iRMC S2 users on page 156). Displaying user roles If you select a department (e.g. DeptX) under SVS in the structure tree for Active Directory Users and Computers (see figure 30) (1) and expand the associated nodes DeptX Authorization Roles, the user roles defined for this department (here: DeptX) are displayed (2).

(1)

(2)

Figure 30: Display of the user roles in the Users and Computers snap-in

iRMC S2

User management on the iRMC S2

... globally via a directory service

Displaying permission groups to which a user is assigned If you select a user (e.g. kvms4) under Users in the structure tree for Active Directory Users and Computers (see figure 31) (1) and open the Properties dialog box for this user by choosing Properties Members from the context menu, the permission groups to which the user belongs (here: kvms4) are displayed in the Members tab (2).

(2)

(1)

Figure 31: Properties dialog box for the user kvms4

iRMC S2

... globally via a directory service

User management on the iRMC S2

4.4.3

SVS_LdapDeployer - Generating, maintaining and deleting the SVS and iRMCgroups structures

To allow global iRMC S2 user management to be able to handled using a directory service, the structure(s) (OU) SVS and iRMCgroups must be created in the LDAP directory service. You use the SVS_LdapDeployer to generate and modify the structures SVS and iRMCgroups. The SVS_LdapDeployer is a Java archive (SVS_LdapDeployer.jar) provided on your PRIMERGY ServerView Suite DVD 1. This section describes: The configuration file of the SVS_LdapDeployer SVS_LdapDeployer The commands and options of the SVS_LdapDeployer Typical application scenarios 4.4.3.1 Configuration file (XML file)

SVS_LdapDeployer generates LDAP structures on the basis of an XML configuration file. This input file contains the structure information for the structure(s) SVS and/or iRMCgroups in XML syntax.

I The syntax of the configuration file is illustrated in the sample

always be entered under <Settings> in the input file.

configuration files Generic_Settings.xml and Generic_InitialDeploy.xml that are supplied together with the jar archive SVS_LdapDeployer.jar on PRIMERGY ServerView Suite DVD 1.

I Valid connection data for the connection to the directory server must
You can also optionally enter the authentication data for accessing the server. Alternatively, you can specify the authentication data in the command line of the SVS_LdapDeloyer. If you do not specify the authentication data in the configuration file or in the command line when calling the SVS_LdapDeployer, the SVS_LdapDeployer prompts you to enter the authentication data at runtime.

iRMC S2

User management on the iRMC S2 4.4.3.2 Starting SVS_LdapDeployer

... globally via a directory service

Proceed as follows to start the SVS_LdapDeployer: Save the Java archive (jar archive) SVS_LdapDeployer.jar in a folder on the directory server. Open the command interface of the directory server. Switch to the folder in which the jar archive SVS_LdapDeployer.jar has been stored. Call the SVS_LdapDeployer using the following syntax:
java -jar SVS_LdapDeployer.jar <command> <file> [<option>...]

I You are informed about the various steps that are being performed
<command> Specifies the action to be performed. The following commands are available: -deploy Creates an LDAP structure for global iRMC / iRMC S2 user management on the directory server (see page 99).

while the SVS_LdapDeployer is running. You will find detailed information in the file log.txt, which is created in the execution folder every time that SVS_LdapDeployer is run.

-delete Deletes an LDAP structure used for global iRMC / iRMC S2 user management from the directory server (see page 101). -import Creates an equivalent LDAP v2 structure from an existing LDAP v1 structure (see page 99). -synchronize Makes corresponding changes in an existing LDAP v1 structure to reflect any changes that you make in an LDAP v2 structure (see page 99). <file> The configuration file (.xml) used as an input file by SVS_LdapDeploy. This configuration file contains the structure information for the structure(s) SVS and/or iRMCgroups in XML syntax.

iRMC S2

... globally via a directory service

User management on the iRMC S2

I The syntax of the configuration file is illustrated in the sample

<option> [<option> ...] Option(s) that control execution of the specified command. The following sections describe in detail the individual commands available in SVS_LdapDeployer together with the associated options.

configuration files Generic_Settings.xml and Generic_InitialDeploy.xml that are supplied together with the jar archive SVS_LdapDeployer.jar on PRIMERGY ServerView Suite DVD 1.

I The SVS_LdapDeployer generates all the required subtrees including all

the groups but not the relations between users and groups. You create and assign user entries to groups by means of the corresponding tools in the employed directory service after generating the OUs SVS and/or iRMCgroups in the directory service.

iRMC S2

User management on the iRMC S2 4.4.3.3

... globally via a directory service

-deploy: Create or modify an LDAP structure

The -deploy command allows you to create a new LDAP structure on the directory server or to add new entries to an existing LDAP structure.

I Before you delete entries from an existing LDAP structure, you must first
delete the LDAP structure itself using -delete (see page 101) and then generate it again using a suitably adapted configuration file. Syntax:
-deploy [ [ [ <file> [-structure {v1 | v2 | both}] -username <user>] -password <password>][ -store_pwd <path>][ -kloc <path>] -kpwd [<key-password>]]

<file> XML file containing the configuration data.

The -import command allows you to generate an equivalent LDAP v2 structure on the directory server from an existing LDAP V1 structure. Syntax:
-import <file>[ -username <user>] [ -password <password>][ -store_pwd <path>][ -kloc <path>] [ -kpwd [<key-password>]]

<file> XML file that specifies the structure to be imported. -username <user> User name for logging in to the directory server. -password <password> Password for the user <user>. -stor_pwd Encrypts the password <password> using a randomly generated key and saves the encrypted password in the configuration file after -import has been executed successfully. By default, the randomly generated key is stored in the folder in which the SVS_LdapDeployer is executed.

V CAUTION!
You should save the randomly generated key in a safe place. If the predefined target folder is not adequate for your security needs, or if the folder in which the key is saved can also be accessed by other users, use the options kloc and -kpwd to save the key securely. -kloc <path> Saves the randomly generated key under <path>. If you do not specify this option, the key is saved in the folder in which SVS_LdapDeployer is executed. -kpwd [<password>] Specifies a password to protect the randomly generated key. If you do not specify <password>, the password is automatically generated on the basis of a snapshot of the current runtime environment.

102

iRMC S2

User management on the iRMC S2 4.4.3.6

... globally via a directory service

-synchronize: Synchronizing changes made in an LDAP v2 structure with an LDAP v1 structure

In a mixed configuration using LDAP v1 and LDAP v2 structures, you can use the -synchronize command to synchronize changes you have made in an LDAP v2 structure with an existing LDAP v1 structure.

I Always make your changes in the LDAP v2 structure!

Syntax:
-import <file>[ -username <user>] [ -password <password>][ -store_pwd <path>][ -kloc <path>] [ -kpwd [<key-password>]]

<file> XML file that specifies the structure to be imported. -username <user> User name for logging in to the directory server. -password <password> Password for the user <user>. -stor_pwd Encrypts the password <password> using a randomly generated key and saves the encrypted password in the configuration file after -synchronize has been executed successfully. By default, the randomly generated key is stored in the folder in which the SVS_LdapDeployer is executed.

iRMC S2

103

... globally via a directory service

User management on the iRMC S2

-kpwd [<password>] Specifies a password to protect the randomly generated key. If you do not specify <password>, the password is automatically generated on the basis of a snapshot of the current runtime environment.

104

iRMC S2

User management on the iRMC S2

... globally via a directory service

4.4.4

Typical application scenarios

Four typical scenarios for using SVS_LdapDeployer are described below. 4.4.4.1 Performing an initial configuration in which LDAP v1 and LDAP v2 structures coexist

You wish to set up global user management for iRMC and iRMC S2 for the first time. In order to do this, you require both LDAP v1 and LDAP v2 structures. Recommended method: 1. Generate the Department definitions for LDAP v1 and LDAP v2 structures (iRMCgroups and SVS):
java -jar SVS_LdapDeployer.jar -deploy myInitialDeploy.xml -structure both

2. Any changes you make in the future should then only be made in the LDAP v2 structure and then transferred to the LDAP v1 structure using the synchronize command (see page 103):
java -jar SVS_LdapDeployer.jar -synchronize mySettings.xml

4.4.4.2

Importing an LDAP v1 structure into an LDAP v2 structure

You are already operating global user management for iRMC and iRMC S2 on the basis of LDAP v1 and in future also wish to use LDAP v2. Recommended method: 1. Import (convert) an existing LDAP v1 structure (iRMCgroups) into an LDAP v2 structure (SVS). Both structures are to coexist.
java -jar SVS_LdapDeployer.jar -import mySettings.xml

This statement copies department definitions and the assignment of users to permission groups from the existing LDAP v1 structure into a new LDAP v2 structure. 2. Any changes you make in the future should then only be made in the LDAP v2 structure and then transferred to the LDAP v1 structure using the synchronize command (see page 103):
java -jar SVS_LdapDeployer.jar -synchronize mySettings.xml

iRMC S2

105

... globally via a directory service 4.4.4.3

User management on the iRMC S2

Re-generating or expanding an LDAP v2 structure

You wish to re-generate an LDAP v2 structure or expand an existing LDAP v2 structure. Recommended method:
java -jar SVS_LdapDeployer.jar -deploy myInitialDeploy.xml -structure -structure v2

or
java -jar SVS_LdapDeployer.jar -deploy myInitialDeploy.xml

4.4.4.4

Re-generating an LDAP v2 structure and prompting for and saving authentication data

You wish to re-generate an LDAP v2 structure. The authentication data is to be provided and saved using the command line. Recommended method:
java -jar SVS_LdapDeployer.jar -deploy myInitialDeploy.xml -store_pwd -username admin -password admin

I After the login data has been saved, you can connect to the directory

server using SVS_LdapDeployer without specifying a user name and password. The SVS_LdapDeployer then uses the values stored in the XML configuration file, provided that these are available. SVS_LdapDeployer can only use a saved password if it can decrypt it. This requires you to execute SVS_LdapDeployer in the same runtime environment that applied for the previous call with -store_pwd (see page 100). In this context, the same runtime environment means the same the user on the same computer or a user with permission to access the folder under which they key is stored (-kloc option, see page 100). call SVS_LdapDeployer in the future. Furthermore, other authentication data can also be used temporarily by explicitly specifying the data in the command line or when requested to do so by SVS_LdapDeployer.

I You can also use user accounts that have already been saved when you

106

iRMC S2

User management on the iRMC S2

... globally via Active Directory

4.4.5

iRMC S2 user management via Microsoft Active Directory

This section describes how you integrate iRMC S2 user management in Microsoft Active Directory.

I Prerequisite:
An LDAP v1 and/or an LDAP v2 structure has already been generated in the Active Directory service (see section SVS_LdapDeployer Generating, maintaining and deleting the SVS and iRMCgroups structures on page 96). You must perform the following steps to integrate iRMC S2 user management in Microsoft Active Directory: 1. Assign iRMC S2 users to iRMC S2 user groups in Active Directory. 2. Configure iRMC S2 LDAP/SSL access at the Active Directory server.

iRMC S2

107

... globally via Active Directory 4.4.5.1

User management on the iRMC S2

Configuring iRMC S2 LDAP/SSL access at the Active Directory server

I The iRMC S2-LDAP integration uses the SSL implementation developed

by Eric Young on the basis of the OpenSSL Project. A reproduction of the SSL copyright can be found on page 164. An RSA certificate is required before iRMC S2 can use LDAP via SSL. The following steps are involved in configuring LDAP access: 1. Install an Enterprise CA 2. Generate an RSA certificate for the domain controller. 3. Install the RSA certificate on the server Installing the Enterprise CA

I A CA is a certification authority for certificates. An Enterprise CA

(certification authority for enterprises) can be installed on the domain controller itself or on another server. Installation directly on the CA is simpler since fewer steps are required than when installing on another server. Below is a description of how to install the Enterprise CA on a server other than the domain controller.

User management on the iRMC S2

... globally via Active Directory

Enter the following command in the Windows prompt window: certreq -accept request.cer Export the certificate with the private key. To do this, proceed as follows: Enter mmc in the Windows prompt window to start the Management Console. Add the snap-in for local computer certificates. Navigate to Certificates (Local Computer) - Personal Certificates - Certificates. Double-click on the new server certification authentication certificate. Click on the Details tab in the certificate window. Click on Copy to File. Select Yes, export the private key. Assign a password. Choose a file name for the certificate and click on Finish.

iRMC S2

111

... globally via Active Directory

User management on the iRMC S2

Installing the domain controller certificate on the server Proceed as follows to install the domain controller certificate on the server: Copy the domain controller certificate file that has just been created to the domain controller. Double-click on the domain controller certificate. Click on Install Certificate. Use the password which you assigned when exporting the certificate. Under Place all certificates in the following store click on Browse and choose Personal Certificates. Enter mmc in the Windows prompt window to start the Management Console. Add the snap-in for local computer certificates. Add the snap-in for the current users certificates. Copy the domain controller certificate from the current users Personal Certificates directory to the local computer's Personal Certificates directory.

112

iRMC S2

User management on the iRMC S2 4.4.5.2

... globally via Active Directory

Assigning an iRMC S2 user to a role (permission group)

You can assign iRMC S2 users to iRMC S2 permission groups either on the basis of the user entry, or on the basis of the role entry / group entry

I The example below uses the LDAP v2 structure to describe assignment

based on the role entry in the OU SVS. In the LDAP v1 structure, the group entries are stored in the OU iRMCgroups. The assignment procedure on the basis of the user entry is very similar.

I The users must be entered in the groups manually in Active Directory.

Proceed as follows: Open the snap-in Active Directory Users and Computers.

Figure 32: Active Directory Users and Computers snap-in

Double-click the permission group (here: Administrator). The Administrator Properties dialog opens (see figure 33 on page 114):

iRMC S2

113

... globally via Active Directory

User management on the iRMC S2

Figure 33: Administrator Properties dialog

Select the Members tab. Click on the Add... button. The Select Users, Contacts, or Computers dialog opens (see figure 34 on page 115).

114

iRMC S2

User management on the iRMC S2

... globally via Active Directory

Figure 34: Select Users, Contacts, or Computers dialog

Click on the Locations... button. The Locations dialog opens.

Figure 35: Locations dialog

Select the container (OU) containing your users. (By default, this is the OU Users.). Click OK to confirm. The Select Users, Contacts, or Computers dialog opens (see figure 36 on page 116).

I Users may also be entered at a different location in the directory.

118

iRMC S2

User management on the iRMC S2

... globally via Active Directory

Figure 39: Select Users, Contacts, or Computers dialog - confirming the search results

Confirm by clicking OK.

iRMC S2

119

... globally via Novell eDirectory

User management on the iRMC S2

4.4.6

iRMC S2 user management via Novell eDirectory

This section provides you with information about the following topics: The Novell eDirectory system components and system requirements Installing Novell eDirectory Configuring Novell eDirectory Integrating iRMC S2 user management in Novell eDirectory Tips on administering Novell eDirectory.

I The installation and configuration of Novell eDirectory are described in

detail below. No extensive eDirectory knowledge is required. If you are already familiar with Novell eDirectory, you can skip the next three sections and continue with section Integrating iRMC S2 user management in Novell eDirectory on page 134. Software components and system requirements

4.4.6.1

I Use the specified version or a more recent version of the components

listed below. Novell eDirectory (formerly NDS) consists of the following software components: eDirectory 8.8: 20060526_0800_Linux_88-SP1_FINAL.tar.gz eDirectory 8.8: eDir_88_iMan26_Plugins.npm iManager: iMan_26_linux_64.tgz for SuSE, iMan_26_linux_32.tgz otherwise ConsoleOne: c1_136f-linux.tar.gz The following system requirements must be fulfilled in order to install and operate Novell eDirectory: OpenSSL must be installed.

I If OpenSSL is not already installed:

Install OpenSSL, before starting the Novell eDirectory installation. 512 MB free RAM

120

iRMC S2

User management on the iRMC S2 4.4.6.2 Installing Novell eDirectory

... globally via Novell eDirectory

To install Novell eDirectory, it is necessary to install the following components: eDirectory Server and administrations utilities iManager (administrations utility) ConsoleOne (administrations utility)

I Prerequisites for the installation of Novell eDirectory:

A Linux server operating system must be fully installed and running. The firewall must be configured for connections to the following ports: 8080, 8443, 9009, 81, 389, 636. For OpenSuSE, you configure this in the file /etc/sysconfig/SuSEfirewall2: Add the entry FW_SERVICES_EXT_TCP to the file /etc/sysconfig/SuSEfirewall2 as follows:
FW_SERVICES_EXT_TCP="8080 8443 9009 81 389 636"

In accordance with the eDirectory Installation Guide, the system must be set up for multicast routing. For SuSE Linux, proceed as follows: Create or (if it already exists) open the file /etc/sysconfig/network/ifroute-eth0. Add the following line to /etc/sysconfig/network/ifroute-eth0:
224.0.0.0 0.0.0.0 240.0.0.0 eth0

This adapts eth0 to the system configuration.

iRMC S2

121

... globally via Novell eDirectory

User management on the iRMC S2

I Prerequisites for the installation of the eDirectory Server, the

eDirectory utilities, the iManager and ConsoleOne: The root permission is required in order to perform installation. All the files required for the installation must have been copied to a directory (e.g. /home/eDirectory) before you can use the procedure below to perform installation. These files are as follows: 20060526_0800_Linux_88-SP1_FINAL.tar.gz iMan_26_linux_64.tgz c1_136f-linux.tar.gz Installing the eDirectory Server and administration utilities Proceed as follows: Log in with root permission (superuser). Switch to the directory containing the files required for installation (in our example: /home/eDirectory): cd /home/eDirectory Extract the archive 20060526_0800_Linux_88-SP1_FINAL.tar.gz: tar -xzvf 20060526_0800_Linux_88-SP1_FINAL.tar.gz After extraction, /home/eDirectory has a new subdirectory named eDirectory. Installing eDirectory Server Go to the setup subdirectory of this eDirectory directory: cd eDirectory/setup Call the installation script ./nds-install :
./nds-install

Accept the EULA with y and confirm with the [Enter] key. If you are asked which program you want to install: Enter 1 to install the Novell eDirectory server and press the [Enter] key to confirm. The eDirectory packages are then installed.

122

iRMC S2

User management on the iRMC S2

... globally via Novell eDirectory

After installation of the Novell eDirectory Server, you must update the names for the paths to the eDirectory in a number of environment variables and export these variables. To do this, open your configuration file (in the example: /etc/bash.bashrc) and enter the following lines in the specified sequence ahead of # End of ...:
export PATH/opt/novell/eDirectory/bin:/opt/novell/eDirectory/ sbin:$PATH export LD_LIBRARY_PATH=/opt/novell/eDirectory/lib:/ opt/novell/eDirectory/lib/nds-modules:/opt/novell/ lib:$LD_LIBRARY_PATH export MANPATH=/opt/novell/man:/opt/novell/eDirectory/ man:$MANPATH export TEXTDOMAINDIR=/opt/novell/eDirectory/share/ locale:$TEXTDOMAINDIR

Close the terminal and open a new terminal in order to export the environment variables. Installing the eDirectory administration utilities Go to the setup subdirectory of the eDirectory directory:
cd eDirectory/setup

Call the installation script:

./nds-install

Accept the EULA with y and confirm with the [Enter] key. If you are asked which program you want to install: Enter 2 to install the Novell eDirectory administration utilities and press the [Enter] key to confirm. The eDirectory administration utilities are then installed.

iRMC S2

123

... globally via Novell eDirectory Installing and calling iManager

User management on the iRMC S2

I iManager is the recommended tool for installing Novell eDirectory.

Proceed as follows: Log in with root permission (superuser). Go to the directory /home/eDirectory:
cd /home/eDirectory

Whether installing in SLES10 or in OpenSuSE, you use the archive *_64.tgz.

Extract the archive iMan_26_linux_64.tgz:

tar -xzvf iMan_26_linux_64.tgz

After extraction, /home/eDirectory has a new subdirectory named iManager. Go to the installs subdirectory of iManager:
cd iManager/installs/linux

Call the installation script:

./iManagerInstallLinux.bin

Select the language for the output of installation messages. Click through and accept the EULA. Select 1- Novell iManager 2.6, Tomcat, JVM for iManager installation. Select 1- Yes for plug-in download. Press [Enter] to use the default path for the download. The installation program searches the internet for downloads. This can take a few minutes. You are then asked to select the plug-ins that you want to install. Select All to download all the plug-ins. Select 1- Yes to install the locally available plug-ins. Press [Enter] to use the default path for installation. Select 2- No for automatic Apache configuration (optional). Accept the default port (8080) for Tomcat. Accept the default SSL port (8443) for Tomcat.

124

iRMC S2

User management on the iRMC S2

... globally via Novell eDirectory

Accept the default JK connector port (9009) for Tomcat. Enter the administration user ID (e.g. root.fts) for the user with the appropriate administration permissions. Enter the tree name (e.g. fwlab) for the user with the appropriate administration permissions. Accept the summary of your entries which is displayed with 1-OK... in order to terminate installation. Logging in to Novell iManager After installation, you can use the following URL to log in at iManager via a web browser. https://<IP address of the eDirectory server>:8443/nps

I Novell recommends that you use Microsoft Internet Explorer or Mozilla

Firefox as your web browser. In Mozilla Firefox, it is possible that not all the context menu's pop-up windows will be displayed.

iRMC S2

125

... globally via Novell eDirectory Installing and starting ConsoleOne

User management on the iRMC S2

ConsoleOne is another administration tool for Novell eDirectory. Proceed as follows to install ConsoleOne: Log in with root permission (superuser) at eDirectory Server. Go to the directory /home/eDirectory:
cd /home/eDirectory

Extract the ConsoleOne archive c1_136f-linux.tar.gz:

tar -xzvf c1_136f-linux.tar.gz

After extraction, /home/eDirectory has a new subdirectory named Linux. Go to the directory Linux:
cd Linux

Call the installation script c1-install:

./c1-install

Select the language for the output of installation messages. Enter 8 to install all the snap-ins. ConsoleOne needs the path to an installed Java runtime environment. You can export the corresponding path name to the environment variable C1_JRE_HOME. However, the system-wide export of the path name requires modifications in the bash profile.

I Since root permission is required in order to work with ConsoleOne, it is,

in principle, sufficient to export the ID superuser Root. However, the system-wide export of the path name is presented below. This means that normal users can also work with ConsoleOne if they have root permission.

126

iRMC S2

User management on the iRMC S2 Proceed as follows:

... globally via Novell eDirectory

Open the configuration file for editing (in the example: /etc/bash.bashrc) Enter the following line in the configuration file in front of # End of ...:
export C1_JRE_HOME=/opt/novell/j2sdk1.4.2_05/jre

I The java runtime environment installed together with eDirectory is

ConsoleOne obtains the available tree hierarchies either via the local configuration file hosts.nds or via the SLP service and multicast. Proceed as follows to insert your tree hierarchy in the configuration file: Go to the configuration directory:
cd /etc

used here. However, you can also specify the path name of any other Java runtime environment installed on the eDirectory Server.

Generate the file hosts.nds if it does not yet exist. Open the file hosts.nds and insert the following lines:
#Syntax: TREENAME.FQDN:PORT MY_Tree.mycomputer.mydomain:81

Starting ConsoleOne You start ConsoleOne in the system prompt using the following command:
/usr/ConsoleOne/bin/ConsoleOne

iRMC S2

127

... globally via Novell eDirectory 4.4.6.3 Configuring Novell eDirectory

User management on the iRMC S2

Perform the following steps to configure Novell eDirectory: 1. Create an NDS tree 2. Configure eDirectory for LDAP. 3. Test eDirectory access via LDAP Browser. Creating an NDS tree Create an NDS (Network Directory Service) tree using the utility ndsmanage. ndsmanage requires the following information to do this: TREE NAME Unique name in the network for the new NDS tree, e.g. MY_TREE. Server Name Name of an instance of server class in eDirectory. For Server Name,you specify the name of the PRIMERGY server on which the LDAP server is running, for example. lin36-root-0. Server Context Fully distinguished name (fully distinguished name of the object path and attributes) of the container which contains the server object, e.g. dc=organization.dc=mycompany. Admin User Fully distinguished name (fully distinguished name of the object path and attributes) of the user with permission to perform administration, e.g. cn=admin.dc=organization.dc=mycompany NCP Port Specify port 81. Instance Location Specify the path: /home/root/instance0 Configuration File Specify the following file: /home/root /instance0/ndsconf Password for admin user Enter the administrator password here.

128

iRMC S2

User management on the iRMC S2

... globally via Novell eDirectory

Proceed as follows to configure the NDS tree: Open a command box. Go to the directory /home/eDirectory. Start the utility ndsmanage by entering the command ndsmanage:
ndsmanage

Enter c to generate a new instance of the class server. Enter y to continue configuration. Enter y to create a new tree. ndsmanage then queries the values for TREE NAME, Server Name, Server Context etc. in sequence (see page 128). Once input is complete, ndsmanage configures the NDS tree. After configuring the NDS tree, restart the PRIMERGY server in order to activate the configuration, i.e. to recreate the NDS tree. Configuring eDirectory for LDAP The following steps are involved in configuring eDirectory for LDAP: Install Role Based Services (RBS) Install plug-in modules Configure Role Based Services (RBS) Configure eDirectory with/without SSL/TLS support Proceed as follows to complete the individual points: Log in under the administrator ID (Admin) at iManager via a web browser.

iRMC S2

129

... globally via Novell eDirectory Installing Role Based Services (RBS).

User management on the iRMC S2

Install RBS using the iManager Configuration Wizard. Proceed as follows: In iManager, select the Configure tap (by clicking on the desk icon). In the Configure tab, select Role Based Services - RBS Configuration Start the RBS Configuration Wizard. Assign RBS2 to the container that is to be managed. (In the example above, this is mycompany.) Installing plug-in modules Proceed as follows: In iManager, select the Configure tap (by clicking on the desk icon). In the Configure tab, select Plug-in installation - Available Novell Plug-in Modules In the modules listed in the page Available Novell Plug-in Modules, select the eDirectory-specific package eDir_88_iMan26_Plugins.npm. Click Install. Configuring Role Based Services (RBS) In the page Available Novell Plug-in Modules, select all the modules that are required for LDAP integration. If you are not certain, select all the modules. Click Install. Configuring eDirectory for SSL/TLS-secured access

I During eDirectory installation, a temporary certificate is generated with

the result that access to the eDirectory is secured by SSL/TLS by default. However, since the iRMC S2 firmware is configured for the use of RSA/MD5 certificates, SSL/TLS-secured, global iRMC S2 user management via eDirectory requires an RSA/MD5 certificate of 1024 bytes in length.

130

iRMC S2

User management on the iRMC S2

... globally via Novell eDirectory

You create an RSA/MD5 certificate of length 1024 bytes as follows using ConsoleOne: Log into the LDAP server under your administrator ID (Admin) and start ConsoleOne. Navigate to your corporate structure's root directory (e.g. treename/mycompany/myorganisation). Select New Object - NDSPKI key material - custom to create a new object of class NDSPKI:Key Material. In the dialog which is then displayed, specify the following values: 1. 1024 bits 2. SSL or TLS 3. signature RSA/MD5 A new signature of the required type is created. To activate the newly created certificate for the SSL-secured LDAP connection, perform the following steps in iManager: Start iManager via the web browser. Log in at iManager with valid authentication data. Select LDAP - LDAP Options - LDAP Server - Connection. The Connection tab contains a drop-down list which displays all the certificates installed on the system. Select the required certificate in the drop-down list. Configuring eDirectory for non-SSL-secured access

I Anonymous login and the transfer of plain text passwords via non-

secured channels are deactivated by default in eDirectory. Consequently, web browser login at the eDirectory server is only possible via an SSL connection.

If you want to use LDAP without SSL then you must perform the following steps: 1. Enable a non-SSL-secured LDAP- connection. 2. Relax the bind restrictions. 3. Reload the LDAP configuration.

iRMC S2

131

LDAP authentication process for iRMC S2 users in eDirectory The authentication of a global iRMC S2 user on login at the iRMC S2 is performed in accordance with a predefined process (see page 60). figure 42 on page 135 illustrates this process for global iRMC S2 user management with Novell eDirectory. The establishment of a connection and login with the corresponding login information is referred to as a BIND operation.

SSL-based communication
iRMC: Bind as Principal User 1 iRMC is authenticated iRMC determines the fully-qualified DN of User1

2 iRMC 3

eDirectory
Bind with User1's DN User1 is authenticated iRMC determines the user permissions of User1

User permissions

1) The iRMC logs in at the eDirectory server with the predefined, known
permission data (iRMC setting) as Principal User and waits for the successful bind.

2) The iRMC asks the eDirectory server to provide the fully qualified Distinguished
Name (DN) of the user with cn=User1. eDirectory determines the DN from the preconfigured subtree (iRMC setting).

3) The iRMC logs in at the eDirectory server with the fully-qualified DN of the
user User1 and waits for the successful bind.

4) The iRMC asks the eDirectory server to provide the user permissions of the
user User1.
Figure 42: Authentication diagram for global iRMC S2 permissions

iRMC S2

135

... globally via Novell eDirectory

User management on the iRMC S2

I You configure the Principal User's permission data and the subtree I A user's CN must be unique within the searched subtree.
Creating the Principal User for the iRMC S2 Proceed as follows to create the Principal User for the iRMC S2: Log in at iManager with valid authentication data. Select Roles and Tasks. Select Users - Create User. Enter the necessary specifications in the displayed template.

which contains the DNs in the page Directory Service Configuration page of the iRMC S2 web interface (see page 333).

I The Principal User's Distinguished Name (DN) and password must

The user's Context: may be located at any position in the tree. Assign the Principal User search permissions for the following subtrees: Subtree (OU) iRMCgroups or SVS Subtree (OU) that contains the users (e.g. people). Assigning user permissions to the iRMC groups and users

match the corresponding specifications for the iRMC S2 configuration (see section Directory Service Configuration (LDAP) - Configuring the directory service at the iRMC S2 on page 333).

By default, an object in eDirectory possesses only very limited query and search permissions in an LDAP tree. If an object is to be able to query all the attributes in one or more subtrees, you must assign this object the corresponding permissions. You may assign permissions either to an individual object (i.e. a specific user) or to a group of objects which are collated in the same organizational unit (OU) such as iRMCgroups / SVS or people. In this case, the permissions assigned to an OU and identified as inherited are automatically passed on to the objects in this group.

Highlight the property [All Attributes Rights] and click OK to add it. For the property [All Attributes Rights], enable the options Compare, Read and Inherit and click OK to confirm. This authorizes the user/user group to query all the attributes in the selected object's subtree. Click Apply to activate your settings.

iRMC S2

139

... globally via Novell eDirectory 4.4.6.5

User management on the iRMC S2

Assigning an iRMC S2 user to a permission group

You can assign iRMC S2 users (for instance from the OU people) to the iRMC permission groups either starting from the user entry (preferable if there only a few user entries) or starting from the role entry / group entry (preferable if there are a lot of user entries).

I The following example shows the assignment of iRMC S2 users from an I The users must be entered in the groups manually in eDirectory.
Proceed as follows: Start iManager via the web browser. Log in at iManager with valid authentication data. Select Roles and Tasks. Select Groups - Modify Group. The Modify Group page is displayed. Perform the following steps for all the permission groups to which you want to assign iRMC S2 users: Use the object selector button to select the permission group to which you want to add iRMC S2 users.

OU people to a permission group. The assignment starting from the group entry / role entry is explained. The assignment procedure on the basis of the user entry is very similar.

In the example of the LDAP v1 structure (see figure 45 on page 141), this is: Administrator.DeptX.Departments.iRMCgroups.sbrd4. In the example of the LDAP v2 structure (see figure 46 on page 141) this is: Administrator.AuthorizationRoles.DeptX.Departments.SVS.sbrd4. Select the Members tab. The Members tab of the Modify Group page is displayed:

140

iRMC S2

User management on the iRMC S2

... globally via Novell eDirectory

Figure 45: iManager - Roles and Tasks - Modify Group - Members tab (LDAP v1)

Figure 46: iManager - Roles and Tasks - Modify Group - Members tab (LDAP v2)

User management on the iRMC S2

Tips on administering Novell eDirectory.

Restarting the NDS daemon Proceed as follows to restart the NDS daemon: Open the command box. Log in with root permission. Execute the following command:
rcndsd restart

If, for any unidentifiable reason, the nldap daemon fails to start: Start the lndap daemon manually:
/etc/init.d/nldap restart

If iManager does not respond: Restart iManager:

/etc/init.d/novell-tomcat4 restart

Reloading the configuration of the NLDAP server Proceed as follows: Start ConsoleOne and log in to eDirectory.

I If you are starting ConsoleOne for the first time, no tree is configured.
Proceed as follows to configure a tree: Under My World, select the node NDS. In the menu bar, select: File - Authenticate Enter the following authentication data for login: 1. Login-Name: root 2. Password: <password> 3. Tree: MY_TREE 4. Context: mycompany

144

iRMC S2

User management on the iRMC S2

... globally via Novell eDirectory

In the left-hand part of the window, click the Base DN object (Mycompany). The LDAP Server object is then displayed in the right-hand side of the window. Right-click on the LDAP Server object and select Properties... in the context menu. In the General tab, click the Refresh NLDAP Server Now button. Configuring the NDS message trace The nds daemon generates debug and log messages which you can trace using the ndstrace tool. The purpose of the configuration described below is to redirect the output from ndstrace to a file and display the content of this file at another terminal. For this latter task, you use the screen tool. The following procedure is recommended: Open the command box (e.g. bash). Configuring ndstrace Go to the eDirectory directory /home/eDirectory:
cd /home/eDirectory

Start screen by means of the command screen. Start ndstrace with the command ndstrace. Select the modules that you want to activate. For example, if you want to display the times at which events occurred, enter dstrace TIME.

I You are very strongly recommended to activate the modules LDAP

and TIME by making the following entry:
dstrace LDAP TIME

Terminate ndstrace by entering quit. This terminates the configuration of ndstrace.

iRMC S2

145

... globally via Novell eDirectory Outputting messages at a second terminal

User management on the iRMC S2

Start ndstrace and redirect message output:

ndstrace -l >ndstrace.log

Use the following key combination to open a second terminal: [Ctrl] + [a], [Ctrl] + [c] Activate log recording:
tail -f ./ndstrace.log

To switch between the virtual terminals, use the key combination [Ctrl] + [a], [Ctrl] + [0]. (The terminals are numbered from 0 to 9)

146

iRMC S2

User management on the iRMC S2

... globally via OpenLDAP

4.4.7

iRMC S2 user management via OpenLDAP

This section provides you with information about the following topics: Installing OpenLDAP (Linux). Creating an SSL certificate. Configuring OpenLDAP. Integrating iRMC S2 user management in OpenLDAP. Tips on OpenLDAP administration 4.4.7.1 Installing OpenLDAP

I Before installing OpenLDAP, you must configure the firewall for

connections to the ports 389 and 636. For OpenSuSE, proceed as follows: In the file, /etc/sysconfig/SuSEfirewall2 extend the option FW_SERVICES_EXT_TCP as follows:
FW_SERVICES_EXT_TCP=389 636

To install the packages OpenSSL and OpenLDAP2 from the distribution medium, use the setup tool YaST. 4.4.7.2 Creating SSL certificates

You should create a certificate with the following properties: Key length: 1024 bits md5RSAEnc You use OpenSSL to create key pairs and signed certificates (self-signed or signed by an external CA). For more detailed information, see the OpenSSL home page at http://www.openssl.org. The following links provide instructions on setting up a CA and creating test certificates: http://www.akadia.com/services/ssh_test_certificate.html http://www.freebsdmadeeasy.com/tutorials/web-server/apache-ssl-certs.php http://www.flatmtn.com/computer/Linux-SSLCertificates.html http://www.tc.umn.edu/~brams006/selfsign.html

iRMC S2

147

... globally via OpenLDAP

User management on the iRMC S2

Following certificate creation, you must have the following three PEM files: Root certificate: root.cer.pem Server certificate: server.cer.pem Private key: server.key.pem

I The private key must not be encrypted with a pass phrase since you
You use the following command to remove the pass phrase:
openssl rsa -in server.enc.key.pem -out server.key.pem

should only assign the LDAP daemon (ldap) read permission for the file server.key.pem.

I To generate the Principal User (ObjectClass: Person) use an LDAP

browser, for example the LDAP Browser\Editor published by Jarek Gawor (see page 150). The text below describes how you use the Jarek Gawor LDAP Browser\Editor to generate the Principal User. Proceed as follows: Start the LDAP Browser. Log in at the OpenLDAP directory service with valid authentication data. Select the subtree (subgroup) in which the Principal User is to be created. The Principal User can be created anywhere in the tree. Open the Edit menu. Select Add Entry. Select Person. Edit the Distinguished Name DN.

I The Principal User's Distinguished Name (DN) and password must

. Click Set and enter a password. Enter a Surname SN. Click Apply.

match the corresponding specifications for the iRMC S2 configuration (see section Directory Service Configuration (LDAP) - Configuring the directory service at the iRMC S2 on page 333).

iRMC S2

151

... globally via OpenLDAP

User management on the iRMC S2

Creating the new iRMC S2 user and assigning this user to the permission groups.

User management on the iRMC S2

... globally via OpenLDAP

Log level -1 0 1 2 4 8 16 32 64 128 256 512 1024 2048

Meaning Comprehensive debugging No debugging Log function calls Test packet handling Heavy trace debugging Connection management Show sent/received packets Search filter processing Configuration file processing Processing of access control lists Status logging for connections/operations/events Status logging for sent entries Output communication with shell backends. Output results of entry parsing.

Table 2: OpenLDAP - log levels

iRMC S2

155

Global email alerting

User management on the iRMC S2

4.4.8

You can assign iRMC S2 users to alert roles either on the basis of the user entry, or on the basis of the role entry. In the various different directory services (Microsoft Active Directory, Novell eDirectory and OpenLDAP), iRMC S2 users are assigned to iRMC S2 alert roles in the same way in which iRMC S2 users are assigned to iRMC S2 authorization roles and using the same tools. In Active Directory, for instance, you make an assignment by clicking Add... in the Properties dialog box of the Active Directory Users and -Computers snap-in (see figure 51 on page 162).

iRMC S2

163

SSL copyright

User management on the iRMC S2

4.4.9

SSL copyright

The iRMC S2-LDAP integration uses the SSL implementation developed by Eric Young on the basis of the OpenSSL Project.

164

iRMC S2

User management on the iRMC S2

SSL copyright

iRMC S2

165

Advanced Video Redirection (AVR)

function.

I A valid license key is required to use the Advanced Video Redirection

Advanced Video Redirection (AVR) allows you to control the mouse and keyboard of the managed server from your remote workstation and to show the current graphical and text output from the managed server.

I The AVR Java applet allows you to use the Remote Storage function
(see chapter Remote Storage on page 191). This chapter provides information on the following topics: Checking the AVR settings Using AVR Menus of the AVR window

iRMC S2

167

Prerequisites

Advanced Video Redirection

5.1

Requirements: Check the AVR settings

Check the following important settings before using AVR: Graphics mode settings on the managed server AVR supports the following graphics modes: Resolution Refresh rates [in Hz] 60; 75; 85 60; 70; 75; 85 60; 70; 75 Maximum color depth [bits] 32 32 32 16 24 16

640 x 480 (VGA) 800 x 600 (SVGA) 1024 x 768 (XGA) 1152 x 864

56; 60; 72; 75; 85 32

1280 x 1024 (UXGA) 60; 70; 75; 85 1280 x 1024 (UXGA) 60 1600 x 1200 (UXGA) 60; 65
Table 4: Supported display settings

I If a high-resolution graphics mode is set on the server (shown on a gray background in the table), this is shown on the iRMC web interface. I Only VESA-compliant graphics modes are supported.

168

iRMC S2

Advanced Video Redirection Supported text mode The iRMC S2 supports the following common text modes: 40 x 25 80 x 25 80 x 43 80 x 50

Prerequisites

Refer to the Help system for your operating system for information on the display settings. Keyboard settings

I The keyboard settings must be identical:

on the remote workstation, on the managed server, on the iRMC S2.

iRMC S2

169

Using AVR

Advanced Video Redirection

5.2

Using AVR

To start AVR, click the Start Video Redirection or Start Video Redirection (Java Web Start) button on the Advanced Video Redirection (AVR) page of the iRMC S2 web interface (see page 356). The Advanced Video Redirection window (AVR window) opens, showing you the display on the managed server. The AVR window also contains the following elements: Menu bar: The Preferences and Extras menus allow you to configure the AVR settings and to control the AVR (see page 183). Remote Storage is used to call the remote storage function (see page 187). Languages (see page 187) menu allows you to set the language (German/English) in which the menus and dialog boxes of the AVR window are to be shown. Integrated special keys (see page 173). The Local Monitor <status> indicator shows whether the local monitor of the managed server is switched on (see section Local Monitor Off function on page 172).
Menu bar Integrated special keys Local Monitor <status>

Figure 52: Advanced Video Redirection (AVR) window

170

Advanced Video Redirection

Using AVR

5.2.3

Redirecting the keyboard

Keyboard redirection only works when the focus is on the AVR window. If keyboard redirection appears not to be working, simply click on the AVR window. If the keyboard does not respond, check that the AVR window is not in viewonly mode. How to switch to full-control mode is described on page 185. Special key combinations AVR passes all normal key combinations to the server. Special keys such as Windows keys are not sent. Some special key combinations suchas [ALT] + [F4] cannot be sent, because they are interrupted by the clients operating system. In such cases, you should use the integrated special keys or the virtual keyboard. Integrated special keys Below the menu bar of the AVR window, you will find a bar containing the special keys. These keys are implemented as sticky keys, i.e. they remain pressed when you click them and only return to their normal position when you click them again. Using the integrated special keys, you can, for instance, use Windows keys or special key combinations which are not sent by AVR if you press them on your own keyboard.

Figure 53: AVR window - integrated special keys

[Mouse Sync] Press this key to synchronize the mouse pointers (see also section Synchronizing the mouse pointer on page 175). [Ctrl] Left CTRL key (corresponds to the [Ctrl] key on your keyboard). [Alt] Alt(ernate) key (corresponds to the [Alt] key on your keyboard).

iRMC S2

173

Using AVR [Win]

On a Windows server, you can either make the settings for mouse pointer synchronization using a batch program or using the Windows Start menu and the context menu. You must adjust the following settings: Speed of the mouse pointer Hardware acceleration

Managed Linux server: Adjusting the settings for synchronization of the mouse pointers

Prerequisite: The managed server is running under one of the following Linux operating systems: Red Hat 4.x Red Hat 5.x Suse 9.x Suse 10.x Suse 11.x

Different graphical user interfaces (GUIs) are available for Suse Linux and Redhat Linux. The most important GUIs are: Gnome KDE You can adjust the mouse pointer synchronization settings on the managed server either using commands or under menu guidance. You must adjust the following settings: Mouse motion acceleration = 1 Mouse motion threshold =1 You can make all the settings for the managed server either directly at the managed server or from the remote workstation over AVR. Adjusting temporary settings on the managed server using commands Use the xset command to make the settings for Pointer acceleration and Pointer threshold (recommended values: 1 in each case) for the duration of the current session. Command syntax:
xset m(ouse)][acceleration][threshold]

Proceed as follows: Call a command line tool. Run the command xset with the following arguments:
xset m 1 1

180

iRMC S2

Advanced Video Redirection Adjusting permanent settings on the managed server using a configuration file (KDE) You make permanent settings as follows for KDE :

Using AVR

Change the settings in the text file /root/.kde/share/config/kcminputrc as follows:

[Mouse] Acceleration=1 Threshold=1

I It is not necessary to set the values again after rebooting the server.
Adjusting the permanent settings on the managed server under menu guidance

I It is not necessary to set the values again after rebooting the server.
You make permanent settings as follows for KDE:

I The procedure for KDE described below only applies to Suse Linux.
Choose N - Control Center - Peripheral - Mouse - Advanced tab The Mouse - Control Center window opens:

Figure 58: Mouse Control Center window

iRMC S2

181

Using AVR

Advanced Video Redirection

Set the following values in the Mouse Control Center window: Pointer acceleration: 1.0x (minimum value) Pointer threshold: 20 pixels (maximum value) Save the settings. Reboot the managed server.

I It is not necessary to set the values again after rebooting the server.
You make permanent settings as follows for Gnome: Call the gconf-editor editor under the shell. Choose: desktop - gnome - peripherals - mouse Modify the following attribute values:
motion_acceleration 1 motion_threshold 1

182

iRMC S2

Advanced Video Redirection

Menus of the AVR window

5.3

Menus of the AVR window

The menu bar of the AVR window contains the following menus: The Extras menu allows you to control the AVR session. You can also make a virtual keyboard available. You can set up and clear remote storage connections with the Remote Storage menu. The Languages menu allows you to set the language (German/English) used to display the AVR menus and dialogs. The Preferences menu allows you to configure the mouse, keyboard and logging settings.

iRMC S2

183

Menus of the AVR window

Advanced Video Redirection

5.3.1

Extras menu

You can select the following functions in the Extras menu:

Figure 59: AVR window - Extras menu

Virtual Keyboard ... The Virtual Keyboard window opens (see figure 54 on page 174). Update local monitor state Refreches the display of the local monitor state. Turn local monitor on Switches on the local monitor of the managed server.

I This function is disabled in the following cases, even if the local

monitor is switched off: you are in view-only mode, A high-resolution graphics mode is set on the managed server (see table 4 on page 168). Local monitor <status> display: Local Monitor always off

184

iRMC S2

Advanced Video Redirection

Menus of the AVR window

Turn local monitor off Switches off the local monitor of the managed server.

I This function is disabled in the following cases, even if the local

monitor is switched on: you are in view-only mode, When AVR was started, the Local Monitor Off option was not enabled under Local Monitor (see page 360). Local monitor <status> display: Local Monitor always on Refresh Screen Refreshes the AVR window. Take Full Control... Switch to full-control mode. (This function is disabled if you are already in full-control mode.) The following dialog box opens:

Figure 60: Extras menu - Take Full Control...

Click OK to confirm that you want to switch to full-control mode.

I Note that any existing full-control session will be switched to

view-only mode. Click Cancel if you do not want to switch to full-control mode.

iRMC S2

185

Menus of the AVR window Disconnect Session... Terminate another AVR session.

Advanced Video Redirection

I It is only possible to terminate other AVR sessions with

A list of current AVR sessions appears:

Disconnect Session. To terminate your own session, choose Exit.

Figure 61: Extras menu - Disconnect Session

Select the AVR session that you wish to terminate. Click OK to confirm that you want to terminate the selected AVR session. Click Cancel if you do not want to terminate the selected AVR session. Relinquish Full Control... Switch to view-only mode. (This function is disabled if you are already in view-only mode.) Exit Terminate your own AVR session.

186

iRMC S2

Advanced Video Redirection

Menus of the AVR window

5.3.2

Remote Storage menu

You call the remote storage functionality under Remote Storage:

Figure 62: AVR window - Remote Storage menu

Remote Storage... Double-click Remote Storage... to open the Storage Devices window (see page 194). This window allows you to attach or detach media on the remote workstation as Remote Storage devices (see chapter Remote Storage on page 191).

5.3.3

Languages menu

From the Languages menu, choose the language in which the menus and dialog boxes of the AVR window are to be shown:

Figure 63: AVR window - Languages menu

iRMC S2

187

Menus of the AVR window

Advanced Video Redirection

5.3.4

Preferences menu

The Preferences menu contains tabs for configuring the mouse, keyboard and logging together with a Misc tab for further functions:

Figure 64: AVR window - Preferences menu

Mouse tab The Mouse tab allows you to specify the mouse mode:

Figure 65: Preferences menu - Mouse tab

Depending on the server operating system, you must make the following settings: Windows: Absolute Mode, Hide Mode (Relative) or Relative Mode Linux: Hide Mode (Relative) or Relative Mode

I Default setting: Relative Mode

Confirm your entries by clicking OK.

188

iRMC S2

Advanced Video Redirection Keyboard tab

Menus of the AVR window

The Keyboard tab allows you to specify the keyboard layout for the virtual console:

Figure 66: Preferences menu - Keyboard tab

Languages Select the keyboard layout for the virtual console.

I The keyboard layout at the managed server must also be set

accordingly. Confirm your entries by clicking OK. Logging tab The Logging tab is used to configure the logging settings.

Figure 67: Preferences menu - Logging tab

I None must be set!

Confirm your entries by clicking OK.
iRMC S2

189

Menus of the AVR window Misc tab

Advanced Video Redirection

On the Misc tab, you configure whether the iRMC S2 is to perform hardware compression for the AVR session.

Figure 68: Preferences menu - Misc tab

Hardware Compression If you enable this option, the iRMC S2 performs hardware compression for the AVR session. Confirm your entries by clicking OK.

190

iRMC S2

Remote Storage

I A valid license key is required to use the Remote Storage function.

Remote Storage makes a virtual drive available which is located elsewhere in the network. Up to two media can be redirected. You can provide the source for the virtual drive as follows: As a physical drive or image file at the remote workstation using the AVR Java applet (see page 192). As a CD/DVD ISO image file centrally in the network via a Remote Storage server (see page 206).

I Parallel remote storage connections:

The following are possible concurrently: either up to two Remote Storage connections to virtual drives at the remote workstation (if the connection is established over the AVR Java applet) or one Remote Storage connection to a Remote Storage server. It is not possible to establish concurrent Remote Storage connections via an applet and via the Remote Storage server.

I The Remote Storage page of the iRMC S2 web interface allows you to

obtain information on the status of the current remote storage connections and establish the connection to a Remote Storage server (see page 366).

iRMC S2

191

... providing on the remote workstation

Remote Storage

6.1

Providing remote storage at the remote workstation

If you provide the source for a virtual drive on the remote workstation then the remote storage functionality supports the following device types: Floppy CD ISO image DVD ISO image You can use the virtual drive to install an operating system on your PRIMERGY server from the remote workstation (see chapter Remote installation of the operating system via iRMC S2 on page 463). This section provides information on the following topics: Starting Remote Storage Provision of storage media for Remote Storage Connecting storage media as remote storage Clearing Remote Storage connections Removing media made available for Remote Storage

192

iRMC S2

Remote Storage

... providing on the remote workstation

6.1.1

Starting Remote Storage

You start the Remote Storage function using the AVR Java applet (see section Advanced Video Redirection - Start Advanced Video Redirection (AVR) on page 356). Start the iRMC S2 web interface (see section Logging into the iRMC S2 web interface on page 222). Open the Advanced Video Redirection page and click on the Start Video Redirection, button to start Advanced Video Redirection (see section Advanced Video Redirection - Start Advanced Video Redirection (AVR) on page 356). This opens the AVR window. In the menu bar in the AVR window, choose: Remote Storage - Remote Storage...

Figure 69: AVR window - Remote Storage - Remote Storage...

The Storage Devices dialog box opens, containing the storage media currently available for Remote Storage.

iRMC S2

193

... providing on the remote workstation Storage Devices dialog box on a Windows system

Remote Storage

Figure 70: Storage Devices dialog box

I When a storage medium is inserted in an optical drive (CD ROM, DVD

ROM) the contents are displayed automatically. If a storage medium is inserted, but its contents are not displayed, the storage medium is reserved by the local explorer.

194

iRMC S2

Remote Storage

... providing on the remote workstation

Storage Devices dialog box on a Linux system

Figure 71: Storage Devices dialog box

I Physical storage media must be mounted to allow them to be connected

as Remote Storage devices. Mounted storage media are automatically displayed in the Storage Devices dialog box.

iRMC S2

195

... providing on the remote workstation

Remote Storage

6.1.2

Provision of storage media for Remote Storage

In the Storage Devices dialog box, click Add... . The Add Storage Device dialog box opens. Add Storage Device dialog box on a Windows system

Figure 72: Add Storage Device dialog box (Windows)

Add Storage Device dialog box on a Linux system

Figure 73: Add Storage Device dialog box (Linux)

196

iRMC S2

Remote Storage

... providing on the remote workstation

Remote Storage

6.1.3

Connecting storage media as remote storage

In the Storage Devices dialog (see figure 76 and figure 77 on page 199), click the storage medium that you want to connect as Remote Storage. Click Connect to connect the selected storage medium as Remote Storage. The Storage Devices dialog opens with the message regarding safe removal. The storage medium is connected as Remote Storage.

Remote Storage

... providing on the remote workstation

Figure 81: Connection Type dialog: Assignment to USB 1.1 and USB 2.0

Click Swap if you want to swap the assignment of the storage devices to USB 1.1 and USB 2.0.

Figure 82: Connection Type dialog: Assignment to USB 1.1 and USB 2.0 swapped

Click OK to connect the storage devices as Remote Storage.

iRMC S2

203

... providing on the remote workstation

Remote Storage

6.1.4

Clearing Remote Storage connections

Open the Storage Devices dialog (see section Starting Remote Storage on page 193). The list of storage media connected as Remote Storage is displayed (using Windows in the example).

Figure 83: Storage Devices dialog: Clearing Remote Storage connections

Safely remove the storage device, i.e. ensure that no more applications/programs are accessing the storage media. Click Disconnect to clear all Remote Storage connections.

204

iRMC S2

Remote Storage

... providing on the remote workstation

6.1.5

Removing the storage medium

Remove a storage medium from the list of media available for Remote Storage as follows: Open the Storage Devices dialog (see section Starting Remote Storage on page 193). The list of storage media available for Remote Storage is displayed (using Windows in the example):

Figure 84: Storage Devices dialog: Removing a Remote Storage medium

Select the storage medium you want to remove. Click Remove... to remove the storage medium.

iRMC S2

205

... providing via a Remote Storage server

Remote Storage

6.2

Providing remote storage via a Remote Storage server

You can use a Remote Storage server to provide an image file (ISO/NRG image) as remote storage for any number of PRIMERGY servers that can be administered via iRMC S2. You can use this image file to boot one or more PRIMERGY servers from the remote workstation (see chapter Remote installation of the operating system via iRMC S2 on page 463). The Remote Storage server is available for Windows and Linux systems The Remote Storage server is available in a 32-bit and 64-bit variant for both Windows and Linux.

I You will find the individual variants of the Remote Storage server on your
PRIMERGY ServerView Suite DVD 1 under SVSoftware\Software\RemoteView\iRMC Making the ISO image available to the PRIMERGY Server via Remote Storage The following requirements must be satisfied if your PRIMERGY server is to use the image file made available by the Remote Storage server: The Remote Storage server must be installed (see page 207 and page 219). The Remote Storage server must be started (see page 217 and page 220). The managed servers iRMC S2 must be connected to the Remote Storage server (see page 366). Booting from WinPE 2.x-based ISO images A PRIMERGY server running iRMC S2 and a firmware version 3.60A is required to boot from a WinPE 2.x-based ISO image (e.g. Windows Server 2008 and ServerView Installation Manager).

206

iRMC S2

Remote Storage

... providing via a Remote Storage server

6.2.1

Remote Storage server under Windows

The Remote Storage server is available in 32-bit and 64-bit versions. The 32-bit and 64-bit versions of the Remote Storage server must not be installed at the same time on 64-bit systems. 6.2.1.1 Installing the Remote Storage server

The installation programs RemoteStorageServer_Installer32.exe and RemoteStorageServer_Installer64.exe for installing the Remote Storage server are located on the PRIMERGY ServerView Suite DVD 1 under SVSoftware\Software\RemoteView\iRMC\Widows_32 and SVSoftware\Software\RemoteView\iRMC\Widows_x64 respectively. The following description refers to installation of the 32-bit variant. Proceed in the same way to install the 64-bit variant. Start RemoteStorageServer_Installer32.exe to install the Remote Storage server. The welcome screen of the installation program appears:

Remote Storage

Figure 87: Installing the Remote Storage server: Specifying the installation folder

If you do not want to place the program shortcut in the default folder, specify the folder you wish to use by clicking Browse.... Click the Next button. The Ready to Install window opens. Here you can check the settings you have made and launch installation of the Remote Storage server (see figure 88 on page 211).

210

iRMC S2

Remote Storage

... providing via a Remote Storage server

Figure 88: Installing the Remote Storage server: Starting installation

Click Install to start installation of the Remote Storage server. The window shown in figure 89 on page 212 is displayed once installation is complete:

iRMC S2

211

... providing via a Remote Storage server

Remote Storage

Figure 89: Installing the Remote Storage server: Closing the installation program

I If you check the Launch Remote Storage Server option, the Remote
Click Finish to close the installation program.

I Configuration is only possible if the Remote Storage server is in the idle

state, i.e. it is not being executed. In the graphical user interface, you specify the image file made available as remote storage together with other parameters: ISO Image Path and Filename: Enter the path and name of the image file directly in the field. or: Click the Browse... button and then navigate to and select the required image file in the Choose a file dialog which now opens and then confirm.

I If the Remote Storage server is to run as a service (see the Run

as Service option on page 216) and the image file is located on a computer in the network, you must specify the path of the image file in UNC notation. You must also ensure that the account entered under Log On As User (see page 216) is valid and has access permissions on the share on which the image file is located.

Force Using Port If you have configured a port number other than the default port number (5901) for the iRMC S2s remote storage port (see page 308 or page 421), then you must activate this option and enter the configured port number in the associated field. Force Using IP Address If the host on which the Remote Storage server is executed possesses more than one LAN connection: You can specify the IP address of the LAN connection that is to be used for the Remote Storage server if this is executed as a service. By default, the Remote Storage server uses the first detected LAN connection.

iRMC S2

215

... providing via a Remote Storage server

Remote Storage

Run as Service Activate this option if the Remote Storage server is to be executed as a service in the background (see page 213). Select one of the two options below: Use Local System Account The Remote Storage server is executed as a service under the local system account. In this event, the image file (ISO/NRG image) must be located on a local drive. Log On As User he Remote Storage server is executed under the user account that you specify in the following input fields. Specify the user name in the form: For local users: .\Logon-Name For domain users: DOMAIN\LogOnName or LogOnName@DOMAIN<mailto:LogOnName@DOMAIN>

I The image file (ISO/NRG image) can be located on a network

drive if the Log On As User option is enabled. In this event, the specified account must have access permissions on the network drive on which the image file is located. You must also specify the image file in UNC notation (see input field ISO Image Path or Filename on page 215).

Click the Apply button to activate your settings.

216

iRMC S2

Remote Storage

... providing via a Remote Storage server

Starting the Remote Storage server Click the Start button to start the Remote Storage server as a service or as a stand-alone program:

Figure 91: The Remote Storage server is executed (Running status)

Status Messages: The logged execution states of the Remote Storage server are displayed here.

I If the Run as service execution mode is configured (see page 216), then
if the graphical user interface is exited.

the Remote Storage server is started automatically when the computer on which the Remote Storage server is installed is booted.

I Execution of the Remote Storage server is not interrupted automatically

iRMC S2

217

... providing via a Remote Storage server Exiting the Remote Storage server

Remote Storage

Click the Stop button to terminate execution of the Remote Storage server.

218

iRMC S2

Remote Storage

... providing via a Remote Storage server

6.2.2

Remote Storage server (iRMCSrv) under Linux

The iRMCSrv Remote Storage server allows you to make an ISO/NRG image available as remote storage to a PRIMERGY server running iRMC S2. This can be on the computer on which the Remote Storage server is running or on a mounted network drive. Properties The iRMCSrv Remote Storage server is available in 32-bit and 64-bit variants and supports the following Linux platforms: Red Hat Linux 4, Red Hat Linux 5 SUSE Linux SLES 9, SLES 10, SLES 11 You can execute the iRMCSrv Remote Storage server in the following modes as required: as a background daemon as a stand-along program Prerequisites The following prerequisites must be met if the iRMCSrv Remote Storage server is used: An iRMC S2 running a version 3.60 of the firmware requires an iRMCSrv Remote Storage server V2.0. An iRMC S2 running a version 3.60 of the firmware is required to boot from a WinPE 2.x-basied ISO image, e.g. Windows Server 2008, ServerStart (Version 7.1)/Installation Manager. Making an ISO image available via remote storage Proceed as follows: 1. Make sure that the Remote Storage server is running. 2. Log into the iRMC S2 of the managed server using the web interface and with Remote Storage permissions. 3. Use the Remote Storage page to establish a connection to the Remote Storage server.

iRMC S2

219

... providing via a Remote Storage server Starting the Remote Storage server (iRMCSrv) You start the Remote Storage server as follows:

Remote Storage

iRMCSrv [-version] [-daemon] [-port <portnumber>] [<iso-path>]

-version Shows the iRMCSrv version. -daemon Starts iRMCSrv as a background daemon. -port <portnumber> Specifies the port number to be used for the Remote Storage connection. Default: 5901 <iso-path> Pathname of the ISO image on the Remote Storage server.

I If the image file is not on the computer on which the Remote

Storage server is running, you must specify the path of the image file in UNC notation. You also need a user account with access permissions on the image file.

220

iRMC S2

iRMC S2 web interface

The iRMC S2 not only has its own operating system, but also acts as a web server, providing its own interface. You can choose whether to show the menus and dialog boxes of the iRMC S2 web interface in German or English. When you enter values in the iRMC S2 web interface, you often receive assistance in the form of tool tips.

I The software described below is based in part on the work of the

Independent JPEG Group.

iRMC S2

221

Logging into the iRMC S2 web interface

iRMC S2 web interface

7.1

Logging into the iRMC S2 web interface

Open a web browser on the remote workstation and enter the (configured) DNS name (see page 311) or IP address of the iRMC S2. Different login screens appear depending on whether LDAP access to a directory service has been configured for the iRMC S2 (LDAP enabled option, see page 334):

I If no login screen appears, check the LAN connection (see section

Testing the LAN interface on page 43). LDAP access to the directory service is not configured for the iRMC S2 (LDAP enabled option is not activated) and Always use SSL Login option (see page 334) is not activated:

Figure 92: Login screen for the iRMC S2 web interface (LDAP access not configured and the Always use SSL login option is not selected)

Type in the data for the default administrator account. User name: admin Password: admin

I Both the User name and the Password are case-sensitive.

For reasons of security, it is recommended that you create a new administrator account once you have logged in, and then delete the default administrator account or at least change the password for the account (see User <name> Configuration - User configuration (details) on page 326). Click OK to confirm your entries.

222

iRMC S2

iRMC S2 web interface

Logging into the iRMC S2 web interface

LDAP access to the directory service is configured for the iRMC S2 (LDAP enabled option is activated) or Always use SSL Login option is activated):

Figure 93: Login screen for the iRMC S2 web interface (LDAP access configured)

I The user name and password are always SSL-protected when

they are transmitted. If you activate the Secure (SSL) option, all communication between the web browser and the iRMC S2 is carried out over HTTPS. Type in the data for the default administrator account. User name: admin Password: admin

I For reasons of security, it is recommended that you create a

new administrator account once you have logged in, and then delete the default administrator account or at least change the password for the account (see User <name> Configuration - User configuration (details) on page 326).

Click Login to confirm your entries. The iRMC S2 web interface opens showing the System Information page (see page 231).

iRMC S2

223

Required user permissions

iRMC S2 web interface

7.2

Required user permissions

table 5 provides an overview of the permissions which are required in order to use the individual functions available at the iRMC S2 web interface.
Functions in the iRMC S2 web interface Permitted with IPMI privilege level Required permission Configure iRMC S2 Settings

Video Redirection Enabled

Configure User Accounts

Open the System Overview page. Switch identification LED on/off. Set Asset Tag Configuration. Open the System Component Information page. View SPD Data. Reset Error Counter. Open iRMC S2 Information page. Reboot iRMC S2. Load license key onto the iRMC S2. Edit Save iRMC S2 FW Settings page. Include User Settings is selected. All other Settings is selected. Open and edit Certificate Upload page. Open and edit Generate a self signed RSA Cert. page Open iRMC S2 Firmware Update page. Set firmware selector. Firmware Aktualisierung aus einer Datei iRMC S2 TFTP Einstellungen

X X

X X X

X X

X X X

X X

X X X X X X X X X X X X X X X

Table 5: Permissions to use special the iRMC S2 web interface

224

iRMC S2

Remote Storage Enabled

Administrator

Operator

OEM

User

iRMC S2 web interface

Required user permissions

Functions in the iRMC S2 web interface

Permitted with IPMI privilege level

Required permission Configure iRMC S2 Settings

Video Redirection Enabled

Configure User Accounts

Open and edit iRMC S2 TFTP Firmware Update. page Open Power On/Off page. Modify Boot Options. Use Power Control. Open and edit the Power Options page. Open Power Supply Info page. Open and edit Power Consumption Configuration page Open Current Power Consumption page Open Power Consumption History page. *) Open Fans page. Start fan test (Fan Test group). Set Fan Check Time (Fan Test group). Select individual Fans (System Fans group). Set Fan Fail Action / Delay Time. Open Temperature page Define action on critical temperature. Open Voltages page. Open Power Supply page. Open Component Status page. Open System Event Log Content page. Clear the system event log (SEL). Save event log X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X

X X X

Table 5: Permissions to use special the iRMC S2 web interface

iRMC S2

225

Remote Storage Enabled

Administrator

Operator

OEM

User

Required user permissions

iRMC S2 web interface

Functions in the iRMC S2 web interface

Permitted with IPMI privilege level

Required permission Configure iRMC S2 Settings

Video Redirection Enabled X

Configure User Accounts

Define the severity for the display of SEL entries Open System Event Log Configuration page. Edit System Event Log Configuration page. Open and edit Server Management Info. page. Open and edit the Network Interface page. Open and edit the Ports and Netw. Services page. Open and edit the DHCP Configuration page. Open and edit DNS Settings page. Open and edit SNMP TRAP Alerting page. Open and edit Serial / Modem Alerting page. Open and edit the Email Alerting page. Open and edit the iRMC S2 User page. Open and edit the Directory Service Config. page. Open the BIOS Text Console page. Modify the BIOS Console Redirection Options. Start Console Redirection. Logon in window for power mgmt & text console red. Start text console redirection (Enter Console). Open and edit the Adv. Video Redirection page. Open and edit the Remote Storage page. Start iRMC S2 SSH Access. SSH login

X X

X X X X X X X X X X X X X X

X X

X X X

X X

Table 5: Permissions to use special the iRMC S2 web interface

226

iRMC S2

Remote Storage Enabled X

Administrator

Operator

OEM

User

iRMC S2 web interface

Required user permissions

Functions in the iRMC S2 web interface

Permitted with IPMI privilege level

Required permission Configure iRMC S2 Settings

Video Redirection Enabled

Configure User Accounts

Start iRMC S2 Telnet Access. Telnet login *) This Feature is not supported for all PRIMERGY Servers.

X X

Table 5: Permissions to use special the iRMC S2 web interface

iRMC S2

227

Remote Storage Enabled

Administrator

Operator

OEM

User

Structure of the user interface

iRMC S2 web interface

7.3

Structure of the user interface

The iRMC S2 web interface is structured as follows:

Selected function

Interface language selector

Title bar

Navigation area

Working area

System Information Information on the server

The System Information entry contains the links to the following pages: System Overview - General information on the server on page 232 System Component Information - Information on the server components on page 237

iRMC S2

231

System Information

iRMC S2 web interface

7.4.1

System Overview General information on the server

The System Overview page provides information on the system status, system (general information) the operating system of the managed server, system FRUs (Field Replaceable Units) / IDPROM. current overall power consumption of the managed server

In addition, the System Overview page allows you to enter a customer-specific asset tag for the managed server.

Figure 96: System Overview page

232

iRMC S2

iRMC S2 web interface System Status

System Information

The status of the global error LED, the CSS LED and the identification LED are shown under System Status. You can also switch the PRIMERGY identification LED on and off.

Figure 97: System Overview page - System Status

Power LED Power status of the server. The following statuses are possible: On: Power ON (green) with text Suspend to RAM (Standby) On: Standby mode (green) with text Suspend to RAM (Standby). Off: Power OFF (orange) Error LED Informs about the servers Global Error LED:
Status Info (iRMC S2) off on blinking Global Error LED on the Server does not light up. lights red. flashes red. Status of the servers No critical event. Prefailure event for a non CSS component. Critical event.

CSS LED Informs about the servers CSS (Customer Self Service) LED:
Status Info (iRMC S2) off on blinking CSS LED on the Server does not light up. lights orange. flashes orange. Status of the server The server is operational. Prefailure event for a CSS component. Defective CSS component.

iRMC S2

233

System Information Identify LED Server identifier. The following statuses are possible: On (blue) Off (grey)

iRMC S2 web interface

Turn On/Turn Off Click the Turn On / Turn Off button to toggle the PRIMERGY identification LED on and off. Asset Tag Configuration Under Asset Tag Configuration, you can enter a customer-specific asset tag for the managed server.

I The customer-specific asset tag allows you to assign the server an

inventory number or other identifier of your choice. With Windows-based systems, this customer-specific asset tag is provided automatically by the WMI (Windows Management Instrumentation). It can then be evaluated by in-house tools or used for integration in enterprise management systems (such as CA Unicenter).

Figure 98: The System Overview - System Status page

System Asset Tag You can enter the asset tag here. Click Apply to accept the asset tag.

234

iRMC S2

iRMC S2 web interface System Information

System Information

System Information lists information on the managed server.

Figure 99: System Overview page - System Information

Operating System Information Operating System Information lists information on the operating system of the managed server.

Figure 100: System Overview page - Operating System Information

iRMC S2

235

System Information System FRU / IDPROM Information

iRMC S2 web interface

Information on the FRUs (Field Replaceable Units) is listed under System FRU/IDPROM Information. FRUs are system components that can be released and removed from the system. The CSS Component column indicates for each of the components whether the CSS (Customer Self Service) functionality is supported.

Figure 101: System Overview page - System FRU / IDPROM Information

Current Overall Power Consumption

I This option is not supported for all PRIMERGY servers.

Figure 102: System Overview page - Current Overall Power Consumption

Under Current Overall Power Consumption you can see all the measurements current, minimum, maximum and average power consumption for the server in the current interval. A graphical display also shows the current power consumption of the server compared with the maximum possible power consumption.

236

iRMC S2

iRMC S2 web interface

System Information

7.4.2

System Component Information Information on the server components

The System Component Information page provides information on the CPU and the main memory modules. The CSS Component column indicates for each of the components whether the CSS (Customer Self Service) functionality is supported. The following status icons indicate the possible statuses of the system components: OK: Component status is okay. Component slot is empty.

iRMC S2 - iRMC S2 Information

7.5.1

iRMC S2 Information Information on the iRMC S2

The iRMC S2 Information page provides you with the following options: View information on the firmware and the SDRR version of the iRMC S2, set the firmware selector and load a firmware image and restart the iRMC S2. View information on the active iRMC S2 sessions. Load license key onto the iRMC S2.

Figure 104: iRMC S2 Information page

iRMC S2

241

iRMC S2 - iRMC S2 Information Running Firmware

iRMC S2 web interface

Under Running Firmware, you can view information on the firmware and the SDRR version of the iRMC S2 and restart the iRMC S2.

Figure 105: iRMC S2 Information page - Firmware Information and iRMC S2 reboot

Reboot iRMC S2 Reboots the iRMC S2.

I The Reboot iRMC S2 button is disabled during the BIOS POST

phase of the managed server. Active Session Information The Active Session Information group shows all the currently active iRMC S2 sessions.

The Save iRMC S2 Firmware Settings page allows you to save the current firmware settings and a number of other settings for the iRMC S2 in a file. The firmware settings selected under Save iRMC S2 Firmware settings in ServerView WinSCU XML format are saved in a file with the name iRMC_S2_settings.pre. In WinSCU (see page 403), you can use the Import... button to load the firmware settings onto the iRMC again. The firmware settings selected under Save iRMC S2 Firmware settings in binary (BMCCLONE.exe) format are saved in a file with the name iRMC_S2_settings.bin.

V CAUTION!
Always save the setting using Save iRMC S2 Firmware settings in ServerView WinSCU XML format. Save iRMC S2 Firmware settings in binary (BMCCLONE.exe) format should only be used if the system module of the managed server is being replaced.

I If you want to save the user settings (Include User Settings), you require

Configure User Accounts permission. In all other cases, Configure iRMC S2 settings permission is sufficient.

iRMC S2

245

iRMC S2 - Save Firmware settings

iRMC S2 web interface

Figure 109: Save iRMC S2 Firmware Settings page

Save Click Save to save the selected settings. Save All Click Save All to save all the settings.

246

iRMC S2

iRMC S2 web interface

iRMC S2 - Certificate Upload

7.5.3

Certificate Upload - Load the DSA/RSA certificate and private DSA/RSA key

The Certificate Upload page allows you to load a signed X.509 DSA/RSA certificate (SSL) from a Certificate Authority (CA) and/or your private DSA/RSA key (SSH) onto the iRMC S2.

I The iRMC S2 is supplied with a predefined server certificate (default I Input format of the X.509 DSA/RSA certificate and the private
DSA/RSA key: The X.509 DSA/RSA certificate and the RSA/DSA must both be available in PEM-encoded format (ASCII/Base64).

iRMC S2 web interface

Restoring the default certificate default CA certificate In the group Certificate Information and Restore, click Default Certificate to restore the default certificate delivered with the firmware after you have confirmed that you wish to do so. In the group Certificate Information and Restore, click Default CA Certificate to restore the default CA certificate delivered with the firmware after you have confirmed that you wish to do so.

Figure 112: Certificate Upload page - Restoring the default CA certificate

250

iRMC S2

iRMC S2 web interface Loading a CA certificate from a local file

iRMC S2 - Certificate Upload

Use the CA Certificate upload from file group to load a CA certificate from a local file.

Figure 113: Loading a CA certificate from a local file

Proceed as follows: Save the CA certificate in a local file on the managed server. Specify this file under CA Certificate File by clicking the associated Browse... button and navigating to the file containing the CA certificate. Click the Upload button to load the certificate and/or the private key onto the iRMC S2.

I When you upload the certificate and/or private key, all the existing

HTTPS connections are closed and the HTTPS server is automatically restarted. This process can take up to 30 seconds. No explicit reset of the iRMC S2 is required.

Click the View CA Certificate button to make sure that the certificate has been loaded successfully.

iRMC S2

251

iRMC S2 - Certificate Upload

iRMC S2 web interface

Loading the DSA/RSA certificate and private DSA/RSA key from local files You do this using the group SSL Certificate and DSA/RSA private key upload from file.

I The private key and the certificate must be loaded on the iRMC S2 at the
same time.

Figure 114: Loading the DSA/RSA certificate / private DSA/RSA key from local files

Proceed as follows: Save the X.509 DSA/RSA (SSL) certificate and the private DSA/RSA key in corresponding local files on the managed server. Specify the files Private Key File and Certificate File by clicking on the associated Browse button and navigating to the file which contains the private key or the certificate. Click the Upload button to load the certificate and the private key onto the iRMC S2.

I When you upload the certificate and private key, all the existing

HTTPS connections are closed and the HTTPS server is automatically restarted. This process can take up to 30 seconds. No explicit reset of the iRMC S2 is required.

Click the View Certificate button to make sure that the certificate has been loaded successfully.

252

iRMC S2

iRMC S2 web interface

iRMC S2 - Certificate Upload

Entering the DSA/RSA certificate / private DSARSA key directly You do this using the group SSL DSA/RSA certificate or DSA/RSA private upload via copy & paste.

I Do not use this method to load a root certificate onto the iRMC S2.
Always load a root certificate using a file (see page 252).

Figure 115: Entering the DSA/RSA certificate / private DSARSA key directly

Proceed as follows: Copy the X.509 DSA certificate or the private DSA key to the input area.

I You cannot simultaneously enter the certificate and key for the same
upload. Click the Upload button to load the certificate or the private key onto the iRMC S2. Use the Remote Manager to reset the iRMC S2 (see section Service processor - IP parameters, identification LED and iRMC S2 reset on page 391).

I This is necessary in order to make a certificate or private key loaded

onto the iRMC S2 valid. Click the View Certificate button to make sure that the certificate has been loaded successfully.

iRMC S2

253

iRMC - Generate a self-signed Certificate

iRMC S2 web interface

7.5.4

Generate a self-signed Certificate Generate self-signed RSA certificate

You can create a self-signed certificate using the Generate a self-signed Certificate page.

Figure 116: Generate a self-signed RSA Certificate page

254

iRMC S2

iRMC S2 web interface

iRMC - Generate a self-signed Certificate

Certificate Information and Restore The Certificate Information and Restore group allows you to view the currently valid DSA/RSA certificate and/or restore the default RSA/DSA certificate. View Certificate You can view the currently valid DSA/RSA certificate using this button. Default Certificate You can use this button to restore the default certificate delivered with the firmware after you have confirmed that you wish to do so. Certificate Creation Proceed as follows to create a self-signed certificate: Enter the requisite details under Certificate Creation. Click Create to create the certificate.

I When generating the new certificate, all the existing HTTPS connections are closed and the HTTPS server is automatically restarted. This can take up to 5 minutes depending on the key length. No explicit reset of the iRMC S2 is required.

iRMC S2

255

iRMC S2 Firmware Update

iRMC S2 web interface

7.5.5

iRMC S2 Firmware Update

The iRMC S2 Firmware Update page allows you to update the iRMC S2 firmware online. To do this, you must provide the current firmware image either locally on a remote workstation or on a TFTP server. Here you can also see information on the iRMC S2 firmware and set the firmware selector.

Figure 117: iRMC S2 Firmware Update page

iRMC S2

259

iRMC S2 Firmware Update Update file File in which the firmware image is stored.

iRMC S2 web interface

I The files listed below each allow you to update one component of
the iRMC S2 firmware every time TFTP is started (runtime firmware and SDR record). The file rt_sdt_<D-number>_4_08g_00.bin is also available for some PRIMERGY servers / blade servers. This allows you to update all the components of the iRMC S2 firmware in a single operation using a TFTP server. dcod<FW-Version>.bin Updates the runtime firmware. <SDR-Version>.SDR Updates the SDR record. Flash Selector Specify what iRMC firmware is to be updated. You have the following options: Auto - inactive firmware The inactive firmware is automatically selected. Low Firmware Image The low firmware image (firmware image 1) is selected. High Firmware Image The high firmware image (firmware image 2) is selected. Click the Apply button to activate your settings. Click the TFTP Test button to test the connection to the TFTP server. Click the TFTP Start button to download the file containing the firmware image from the TFTP server and to start updating the iRMC S2 firmware.

260

iRMC S2

iRMC S2 web interface

Power Management

7.6

Power Management

The Power Management entry contains the links to the power management pages for your PRIMERGY server: Power On/Off - power the server up/down on page 262. Power Options - Configuring power management for the server on page 267. Power Supply Info - Power supply and IDPROM data for the FRU components on page 270.

iRMC S2

261

Power Management - Power On/Off

iRMC S2 web interface

7.6.1

Power On/Off - power the server up/down

The Power On/Off page allows you to power the managed server on and off. You are informed of the servers current power status and are also able to configure the behavior of the server during the next boot operation.

Figure 121: Power On/Off page

262

iRMC S2

iRMC S2 web interface Power Status Summary

Power Management - Power On/Off

The Power Status Summary group provides information on the current power status of the server and on the causes for the most recent Power On/Power Off. In addition, a Power On counter records the total months, days and minutes during which the server has been powered.

Figure 122: Power On/Off page - Power Status Summary

iRMC S2

263

Power Management - Power On/Off Boot Options

iRMC S2 web interface

The Boot Options group allows you to configure the behavior of the system the next time it is booted. You can set whether the BIOS is to interrupt the boot process for the system if errors occur during the POST phase.

I The options set here only apply to the next boot operation. After this, the
default mechanism applies again.

Figure 123: Power Management - Boot Options page

Select the desired BIOS behavior from the Error Halt Settings list: Continue Continue the boot process if errors occur during the POST phase. Halt on errors Interrupt the boot process if errors occur during the POST phase. From the Boot Device Selector list, select the storage medium you wish to boot from. The following options are available: No change: The system is booted from the same storage medium as previously. PXE/iSCSI: The system is booted from PXE / iSCSI over the network. Harddrive: The system is booted from hard disk. CDROM/DVD: The system is booted from CD /DVD. Floppy: The system is booted from floppy disk. Click the Apply button to activate your settings.

264

iRMC S2

iRMC S2 web interface

Power Management - Power On/Off

Power Control - powering the server up and down / rebooting the server The Power Control group allows you to power the server up/down or to reboot the server.

Figure 124: Power On/Off page, Restart (server is powered up)

Figure 125: Power On/Off page, Restart (server is powered down)

Power On Switches the server on. Immediate Power Off Powers the server down, regardless of the status of the operating system. Immediate Reset Completely restarts the server (cold start), regardless of the status of the operating system. Press Power Button Depending on the operating system installed and the action configured, you can trigger various actions by briefly pressing the power-off button. These actions could be shutting down the computer or switching it to standby mode or sleep mode. Power Cycle Powers the server down completely and then powers it up again after a configured period. You can configure this time in the Power Cycle Delay field of the ASR&R Options group (see page 298).

iRMC S2

265

Power Management - Power On/Off

iRMC S2 web interface

Graceful Power Off (Shutdown) Graceful shutdown and power off. This option is only available if ServerView agents are installed and signed onto the iRMC S2 as Connected. Graceful Reset (Reboot) Graceful shutdown and reboot. This option is only available if ServerView agents are installed and signed onto the iRMC S2 as Connected. Click the Apply button to start the required action.

266

iRMC S2

iRMC S2 web interface

Power Management - Power Options

7.6.2

Power Options Configuring power management for the server

The Power Options page allows you to define the servers behavior after a power outage and specify the servers power on/off times.

Figure 126: Power Options page

iRMC S2

267

Power Management - Power Options

iRMC S2 web interface

Power Restore Policy - Specify behavior of the server after a power outage The Power Restore Policy group allows you to specify the servers power management behavior after a power outage.

Figure 127: Power Options page, Power Restore Policy

Always power off The server always remains powered down after a power outage. Always power on The server is always powered up again after a power outage. Restore to powered state prior to power loss The power up/down status of the server is restored to the status prior to the power outage. Click the Apply button to activate your settings. The configured action will be performed after a power outage.

268

iRMC S2

iRMC S2 web interface

Power Management - Power Options

Power On/Off Time - Specify power on/off times for the server The input fields of the Power On/Off Time group allow you to specify the times at which the server is powered up/down for the individual days of the week or for specified times during the day.

I Specifications in the Everyday field take priority!

The Trap fields also allow you to configure whether the iRMC S2 sends an SNMP trap to the management console before a planned power-on / power-off of the managed server and, if so, how many minutes before the event this should be done. No traps are sent if you specify the value 0.

Figure 128: Power Options page, Power On/Off Time

Click the Apply button to activate your settings.

iRMC S2

269

Power Management - Power Supply Info

iRMC S2 web interface

7.6.3

Power Supply Info - Power supply and IDPROM data for the FRU components

The Power Supply Info page provides you with information on the power supply specifications and the IDPROM data of the FRUs of the server. The CSS Component column indicates for each of the components whether the CSS (Customer Self Service) functionality is supported.

Figure 129: Power Supply Info page

270

iRMC S2

iRMC S2 web interface

Power Consumption

7.7

Power Consumption - Control the power consumption of the server

The Power Consumption entry contains the links to the pages for monitoring and controlling the power consumption of the managed server: Power Consumption Configuration - Configure power consumption of the server on page 272. Power Options - Configuring power management for the server on page 267. (Not shown on all servers with iRMC S2.) Power Consumption History - Show server power consumption on page 279 (Not shown on all servers with iRMC S2.)

iRMC S2

271

Power Consumption

iRMC S2 web interface

7.7.1

Power Consumption Configuration - Configure power consumption of the server

The Power Consumption Configuration page allows you to specify the mode the iRMC S2 uses to control the power consumption of your PRIMERGY server.

Figure 130: Power Consumption Configuration page

I Prerequisite:
The following requirements must be met in order to configure power consumption control: The managed PRIMERGY server must support this feature. The Enhanced Speed Step option must be enabled in the BIOS setup.

I If you set the Power Limit power control mode in the Power Consumption
Options group or in the Scheduled Power Consumption Configuration, the Power Limit Options group is also displayed (see page 274).

272

iRMC S2

iRMC S2 web interface Power Consumption Options

Power Consumption

The Power Consumption Options group allows you to select the power control mode and specify whether the power consumption should be monitored over time. Power Control Mode Mode for controlling the power consumption of the managed server: Power Mgmt. Disabled: The iRMC S2 allows the operating system to control power consumption. Best Performance: The iRMC S2 controls the server to achieve best performance. In this event, power consumption can rise. Minimum Power: The iRMC S2 controls the server to achieve the lowest possible power consumption. In this event, performance is not always ideal. Power Limit: The Power Limit Options group is displayed (see Power Limit Options on page 276). Scheduled: The iRMC S2 controls power consumption in accordance with a schedule that you can define using the SCU (see Scheduled Power Consumption Configuration on page 274). Power Monitoring Units Unit of electrical power used to display power consumption: Watt BTU/h (British Thermal Unit/hour, 1 BTU/h corresponds to 0.293 Watt).

iRMC S2

273

Power Consumption

iRMC S2 web interface

Enable Power Monitoring If you enable this option, power consumption is monitored over time.

I Power monitoring is enabled by default as of Version 3.32 of the firmware. I This setting only takes effect on PRIMERGY servers that support
power monitoring. Click the Apply button to activate your settings. Scheduled Power Consumption Configuration The Scheduled Power Consumption Configuration group allows you to specify in detail the schedules and modes (operating-system-controlled, best performance, lowest power consumption) that the iRMC S2 uses to control power consumption on the managed server.

I The Scheduled Power Consumption Configuration group only appears if you I Configuration for scheduled power control mode assumes that the
If this message appears even though Enhanced Speed Step is enabled, this may be because: The CPU (e.g. low-power CPU) of the server does not support scheduled power control. The system is currently in the BIOS POST phase. Enhanced Speed Step option has been enabled in the BIOS setup. If this is not the case, a message to this effect is displayed.

have enabled the power control mode scheduled in the Power Consumption Options group.

274

iRMC S2

iRMC S2 web interface

Power Consumption

Figure 131: Power Consumption Configuration page (scheduled)

Time 1 Time [hh:ss] at which the iRMC S2 starts power control as defined in Mode 1 on the relevant day of the week. Time 2 Time [hh:ss] at which the iRMC S2 starts power control as defined in Mode 2 on the relevant day of the week. Mode 1 Power consumption mode used by the iRMC S2 for power control as of Time 1 on the relevant day of the week. Mode 2 Power consumption mode used by the iRMC S2 for power control as of Time 2 on the relevant day of the week.

I Set Time 1 < Time 2, otherwise the power control mode specified under I Specifications in the Everyday field take priority.
iRMC S2

Mode 2 will only be activated at Time 2 on the relevant day of the following week.

275

Power Consumption Click the Apply button to activate your settings.

iRMC S2 web interface

I You can also configure scheduled power control using the Server Configuration Manager (see section iRMC Power Consumption Control Control the power consumption of the server on page 410). Power Limit Options The Power Limit Options group is displayed under the following circumstances: The power control mode Power Limit is selected and enabled in the Power Consumption Options group. The power control mode Scheduled is enabled in the Power Consumption Options group and the power control mode Power Limit is enabled at least once in the Scheduled Power Consumption Configuration group. The power limit then applies to all periods for which this power control mode is enabled in the Scheduled Power Consumption Configuration group.

Figure 132: Power Consumption Configuration page (scheduled)

Power Limit Maximum power consumption (in Watts).

276

iRMC S2

iRMC S2 web interface

Power Consumption

Warning Threshold Threshold as a percentage of the maximum power consumption specified under Power Limit. When the threshold is reached, the action defined under Action Reaching Power Limit is performed. Power Limit Grace Period Period (in minutes) for which the system waits after the threshold has been reached until the action is performed. Action Reaching Power Limit Action to be performed after the threshold has been reached and the grace period has expired. Continue No action is performed. Graceful Power Off (Shutdown) Shut down the system "gracefully" and power it down.

I This option is only supported if ServerView agents are

installed and signed onto the iRMC S2 as Connected.

Immediate Power Off The server is immediately powered down irrespective of the status of the operating system. Enable Dynamic Power Control The power limit is controlled dynamically.

iRMC S2

277

Current Power Consumption

iRMC S2 web interface

7.7.2

Current Power Consumption Show the current power consumption

I This view is not supported by all PRIMERGY servers with iRMC S2.
The Current Power Consumption page shows the current power consumption of the system components and of the overall system.

Figure 133: Current Power Consumption page

278

iRMC S2

iRMC S2 web interface

Current Power Consumption

7.7.3

Power Consumption History Show server power consumption

The Power Consumption History page charts the power consumption of your PRIMERGY server.

I This page is not shown on all PRIMERGY servers with iRMC S2.

Figure 134: Power Consumption History page

iRMC S2

279

Current Power Consumption Current Power Consumption

iRMC S2 web interface

I This option is not supported for all PRIMERGY servers.

Under Current Power Consumption you can see all the measurements for the server power consumption in the current interval: current, minimum, maximum and average power consumption. A graphical display also shows the current power consumption of the server compared with the maximum possible power consumption.

Figure 135: Power Consumption History - Current Power Consumption

Power History Options You specify the parameters for displaying the power consumption under Power History Options.

Figure 136: Power Consumption History - Power History Options

Power History Units Electrical power units: Watt BTU/h (British Thermal Unit/hour, 1 BTU/h corresponds to 0.293 Watt).

280

iRMC S2

iRMC S2 web interface

Current Power Consumption

Power History Period Period for which the power consumption is charted. The following intervals can be selected: 1 hour Default. Measurements for the last hour (60 values). Since one measurement is generated every minute, this shows all the measurements of the last hour. 12 hours Measurements for the last 12 hours. One measurement is shown for each five-minute period (every 5th measurement, 144 values in all). 1 day Measurements for the last 24 hours. One measurement is shown for each 10-minute period (every 10th measurement, 144 values in all). 1 week The measurements for the last week. One measurement per hour is shown (every 60th measurement, 168 values in all). 2 weeks The measurements for the last month. One measurement is shown for each period of approx four hours (every 120th measurement, 168 values in all). 1 month The measurements for the last 6 months. One measurement is shown for each period of approx one day (every 240th measurement, 180 values in all). 1 year Measurements for the last 12 months. One measurement is shown for each two-day period (every 2880th measurement, 180 values in all).

iRMC S2

281

Current Power Consumption

iRMC S2 web interface

Enable Power Monitoring Specifies whether power monitoring is to be carried out.

I Power Monitoring) is enabled by default as of Version 3.32 of the firmware. I This setting only applies to PRIMERGY servers that support
consumption logging. Click the Apply button to activate your settings. Click the Delete History button to delete the displayed data. Power History Chart Power History Chart shows the power consumption of the managed server over time in the form of a graph (using the settings made under Power History Options).

Figure 137: Power Consumption History - Power History Chart

282

iRMC S2

iRMC S2 web interface

Sensors

7.8

Sensors - Check status of the sensors

The Sensors entry provides you with pages which allow you to test the sensors of the managed server: Fans - Check fans on page 284. Temperature - Check temperature sensors on page 286. Voltages - Check voltage sensors on page 288. Power Supply - Check power supply on page 289. Component Status - Check status of the server components on page 290. To facilitate checking the status, the sensor status is not only shown in the form of the current value, but also using a color code and a status icon: Black / The measured value is within the normal operational value range.

Orange /

The measured value has exceeded the warning threshold. System operation is not yet jeopardized.

Red /

The measured value has exceeded the critical threshold. System operation may be jeopardized and there is a risk of loss of data integrity.

Table 7: Status of the sensors

iRMC S2

283

Sensors - Fans

iRMC S2 web interface

7.8.1

Fans - Check fans

The Fans page provides information on fans and their status.

Figure 138: Fans page

284

iRMC S2

iRMC S2 web interface Fan Test - Test fans

Sensors - Fans

The Fan Test group allows you to specify a time at which the fan test is started automatically or to start the fan test explicitly. Fan Check Time Enter the time at which the fan test is to be started automatically. Disable Fan Test Select this option to disable fan testing. Click the Apply button to activate your settings. Click the Start Fan Test button to start the fan test explicitly. Analog Fans - Specify server behavior in the event that a fan fails The Analog Fans group provides you with information on the status of the fans. You can use the options or buttons to select individual fans or all the fans and specify whether the server should be shut down after a specified number of seconds if this fan fails. Select all Selects all fans. Deselect all All selections are cancelled. Select the fans for which you wish to define the behavior in the event of a fault. Define the behavior in the event of a fault using the list at the bottom of the work area: Choose continue if the server is not to be shut down if the selected fans fail. Choose shutdown-and-power-off if the server is to be shut down and powered down if the selected fans fail. If you choose this option, you must also specify the time in seconds between failure of the fan and shutdown of the server (Shutdown Delay) in the field to the right of the list.

I In the case of redundant fans, shutdown is only initiated if more

than one fan is faulty and shutdown-and-power-off is also set for these fans. Click the Apply to the selected Fans button to activate your settings for the selected fans.

iRMC S2

285

Sensors - Temperature

iRMC S2 web interface

7.8.2

Temperature - Check temperature sensors

The Temperature page provides information on the status of the temperature sensors which measure the temperature at the server components, such as the CPU and the FBD (FullyBuffered DIMM) and the ambient temperature.

Figure 139: Temperature page

You can use the options or buttons to select individual temperature sensors or all the temperature sensors and specify whether the server is to be shut down if the critical temperature is reached at the selected sensors. Select all Selects all temperature sensors.

286

iRMC S2

iRMC S2 web interface Deselect all All selections are cancelled.

Sensors - Temperature

Select the sensors for which you wish to define the behavior in the event that the critical temperature is reached. Define the behavior in the event that the critical temperature is reached using the list at the bottom of the work area: Choose continue if the server is not to be shut down if the critical temperature is reached at the selected sensors. Choose shutdown-and-power-off if the server is to be shut down and powered down if the critical temperature is reached at the selected sensors. Click the Apply to the selected Sensors button to activate your settings for the selected temperature sensors.

290

iRMC S2

iRMC S2 web interface

System Event Log

7.9

System Event Log (SEL) - Displaying and configuring the servers event log

The System Event Log entry contains the links to the pages for viewing and configuring the server event log (system event log, SEL): System Event Log Content - Show information on the SEL and SEL entries on page 292. System Event Log Configuration - Configure the SEL on page 295. Colored icons are assigned to the various event/error categories to improve clarity: Critical

Major Minor Informational

Customer Self Service (CSS) event

Table 8: System event log content - error categories

iRMC S2

291

System Event Log

iRMC S2 web interface

7.9.1

System Event Log Content Show information on the SEL and SEL entries

The System Event Log Content page provides information on the SEL and displays the SEL entries. The CSS Event column indicates for each of the events whether the event was triggered by a CSS (Customer Self Service) component.

Figure 143: System Event Log Content page

292

iRMC S2

iRMC S2 web interface System Event Log Information

System Event Log

The System Event Log Information group informs you of the number of entries in the SEL. It also indicates the time when the last entries were added or deleted.

Figure 144: System Event Log Content page, System Event Log Information

Clear Event Log Click the Clear Event Log button to clear all the entries in the SEL. Save Event Log After you have clicked the Save Event Log button, the iRMC S2 allows you to download the file iRMC S2_EventLog.sel, which contains the SEL entries.

iRMC S2

293

System Event Log System Event Log Content

iRMC S2 web interface

The System Event Log Content group displays the SEL entries filtered by error class.

You can modify the filter criteria for the duration of the current session in the System Event Log Content group. However, the settings you make here are only valid until the next logout. After that, the default settings apply again.

Figure 145: System Event Log Content page, System Event Log Content

Display Critical, Display Major, Display Minor, Display Info, CSS only If you wish, you can choose one or more severity levels other than the default values here. Click the Apply button to activate your settings for the duration of the current session.

294

iRMC S2

iRMC S2 web interface

System Event Log

7.9.2

System Event Log Configuration Configure the SEL

On the System Event Log Configuration page, you can configure the SEL entries which are displayed by default on the System Event Log Content page (see page 292). whether the SEL is organized as a ring buffer or a linear buffer.

Figure 146: System Event Log Configuration page

iRMC S2

295

System Event Log

iRMC S2 web interface

Display Critical, Display Major, Display Minor, Display Info, CSS only Here you select one or more severity levels for which SEL entries should be displayed by default on the System Event Log Content page.

I If a ServerView Local Service Display module is fitted in the

managed PRIMERGY server, you can also select the error severities for displaying the SEL entries in the display panel of the ServerView Local Service Display module. (This selection is independent of the selection you have made for the SEL entries displayed on the System Event Log Content page.)

Ring SEL The SEL is organized as a ring buffer. IPMI SEL The SEL is organized as a linear buffer.

I When the linear SEL has been completely filled, it is not possible
to add any further entries. Click the Apply button to activate your settings. Helpdesk Information

Figure 147: Helpdesk Information

Help desk String used to display the Help Desk Click the Apply button to activate your settings.

296

iRMC S2

iRMC S2 web interface

Server Management Information

7.10

Server Management Information Configuring the server settings

The Server Management Information page allows you to configure the following settings on the server: ASR&R (automatic server reconfiguration and restart) settings for the server (see page 298) Watchdog settings (see page 299) HP System Insight Manager (HP SIM) integration (see page 300)

Figure 148: Server Management Information page

iRMC S2

297

Server Management Information ASR&R Options - Configure ASR&R settings

iRMC S2 web interface

The ASR&R Options group allows you to configure the ASR&R (automatic server reconfiguration and restart) settings for the server.

I The settings made on the ASR&R Options group become active the next
time the managed server is started.

Figure 149: Server Management Information page, ASR&R Options

Retry counter Max (0 - 7) Maximum number of restart attempts that should be permitted for the server after a critical error (up to 7). Retry counter (0 - Max) Number of restart attempts that a server should attempt after a critical error (maximum value is the value set under Retry counter Max). BIOS recovery flash bit Enables/disables the BIOS recovery flash bit: Enabled The next time the system is booted, the BIOS is automatically flashed. Disabled The next time the system is booted, the BIOS is not automatically flashed.

I The Enabled setting is of value if the operating system no longer

After a BIOS recovery flash has been performed successfully, reset the BIOS Recovery Flash bit to disabled.

boots after the firmware has been updated. A BIOS recovery flash is then performed automatically the next time the system is booted from the DOS floppy (or a DOS floppy image).

298

iRMC S2

iRMC S2 web interface

Server Management Information

Power Cycle Delay (0 - 15) Time (in seconds) between powering down and powering up during a power cycle. Click the Apply button to save your settings. The configured settings are saved and the actions which have been configured are performed in the appropriate circumstances. Watchdog Settings - Configure software watchdog and boot watchdog The Watchdog Settings group allows you configure the software watchdog and the boot watchdog.

I The settings made on the ASR&R Options group become active the next
time the managed server is started.

Figure 150: Server Management Information page, Watchdog Options

The software watchdog monitors the activities of system using the ServerView agents. The software watchdog is activated when the ServerView agents and the operating system have been completely initialized. The ServerView agents contact the iRMC S2 at defined intervals. If no more messages are received from a ServerView agent, it is assumed that the system is no longer functioning correctly. You can specify an action to be performed if this happens. The boot watchdog monitors the phase between startup of the system and the time at which the ServerView agents become available. If the ServerView agents do not establish a connection to the iRMC S2 of the server within a specified time, it is assumed that the boot process has not been successful. You can specify an action to be performed if this happens. Proceed as follows: Check or uncheck the option(s) under Enabled for the Software Watchdog and/or Boot Watchdog.

iRMC S2

299

Server Management Information

iRMC S2 web interface

If you have activated either of these options, you can configure the following settings after Software Watchdog and/or Boot Watchdog: Continue No action is performed when the watchdog has expired, i.e. the server continues to run. An entry is made in the event log. Reset The server management software triggers a system reset. Power Cycle The server is powered down and immediately powered up again. As appropriate, enter the time (in minutes) after which this action is to be performed following after timeout delay.

I The boot watchdog must wait until the system has been started. You
Click the Apply button. The configured settings are saved and the actions which have been configured are performed in the appropriate circumstances. HP System Insight Manager (HP SIM) Integration Options Configure HP SIM integration

therefore have to specify a sufficient period for after timeout delay (1 100).

The HP System Insight Manager (HP SIM) Integration Options group allows you to configure whether the iRMC S2 device will return some identifying information in response to an unauthenticated XML query sent from the HP System Insight Manager.

Figure 151: Page Server Management Information - HP SIM Integration Options

Proceed as follows: Activate/deactivate the HP SIM Integration Disabled option in order to deactivate or to activate HP SIM integration. Click the Apply button to activate your settings.

300

iRMC S2

iRMC S2 web interface

Network Settings

7.11

Network Settings Configure the LAN parameters

The Network Settings entry brings together the links to the pages you use to configure the LAN parameters of the iRMC S2: Network Interface - Configure Ethernet settings on the iRMC S2 on page 302. Ports and Network Services - Configuring ports and network services on page 305. DHCP Configuration - Configuring the host name for the iRMC S2 on page 309. DNS Settings - Enable DNS for the iRMC S2 on page 311.

iRMC S2

301

Network Settings - Network Interface

iRMC S2 web interface

7.11.1 Network Interface Configure Ethernet settings on the iRMC S2

The Network Interface page allows you to view and change the Ethernet settings for the iRMC S2.

Figure 152: Network Interface page

302

iRMC S2

iRMC S2 web interface

Network Settings - Network Interface

V CAUTION!
Contact the network administrator responsible for the system before you change the Ethernet settings. If you make illegal Ethernet settings for the iRMC S2, you will only be able to access the iRMC S2 using special configuration software, the serial interface or via the BIOS.

I Only users with the Configure iRMC S2 Settings permission are allowed to
MAC Address The iRMC S2s MAC address is displayed here. LAN Speed LAN speed. The following options are available: Auto Negotiation 100 MBit/s Full Duplex 100 MBit/s Half Duplex 10 MBit/s Full Duplex 10 MBit/s Half Duplex

edit Ethernet settings (see chapter User management for the iRMC S2 on page 59).

If Auto Negotiation is selected, the onboard LAN controller assigned to the iRMC S2 autonomously determines the correct transfer speed and duplex method for the network port it is connected to. LAN Port

I This option is not supported for all PRIMERGY servers.

On some PRIMERGY server models, the LAN interface of the installed system NIC (network interface card) can be set up as shared LAN for shared operation with the system or as a service LAN for exclusive use as a management LAN.

iRMC S2

303

Network Settings - Network Interface

iRMC S2 web interface

IP Address The IP address of the iRMC S2 in the LAN. This address is different from the IP address of the managed server.

I If you are working with a static address (DHCP enable option not
Subnet Mask Subnet mask of the iRMC S2 in the LAN. gateway IP address of the default gateway in the LAN. DHCP enable If you activate this option, the iRMC S2 gets its LAN settings from a DHCP server on the network.

activated) then you can enter this here. Otherwise (if the DHCP enable option is activated), the iRMC S2 only uses the field to display the address.

I Do not activate the DHCP option if no DHCP server is available on

the network. If you activate the DHCP option and there is no DHCP server available on the network, the iRMC S2 goes into a search loop (i.e. it continues searching for a DHCP server until it finds one).

The (configured) iRMC S2 can be registered with a DNS server by an appropriately configured DHCP server (see sections DHCP Configuration - Configuring the host name for the iRMC S2 on page 309 and DNS Settings - Enable DNS for the iRMC S2 on page 311). VLAN enable This option allows you to activate VLAN support for the iRMC S2 VLAN Id VLAN ID of the virtual network (VLAN) the iRMC S2 belongs to. Permitted value range: 1 VLAN Id 4094. VLAN Priority VLAN priority (user priority) of the iRMC S2 in the VLAN specified by VLAN Id. Permitted value range: 0 VLAN Priority 7 (default: 0). Click the Apply button to activate the configured Ethernet settings.

304

iRMC S2

iRMC S2 web interface

Network Settings - Ports and Network Services

7.11.2 Ports and Network Services Configuring ports and network services
The Ports and Network Services page allows you to view and modify the configuration settings for ports and network services.

Figure 153: Ports and Network Services page

I Configuration is not supported for ports where the input fields are deactivated in the iRMC S2 web interface.

iRMC S2

305

Network Settings - Ports and Network Services Ports for web-based access

iRMC S2 web interface

Session Timeout Period of inactivity (in seconds) after which the session is automatically closed. The login page of the iRMC S2 web interface then appears, and you can log in again as required (see page 222).

I Your session will not automatically be closed if it is inactive when

HTTP Port HTTP port of the iRMC S2 Default port number: 80 Configurable: yes Enabled by default: yes Communication direction: inbound and outbound HTTPS Port HTTPS (HTTP Secure) port of the iRMC S2 Default port number: 443 Configurable: yes Enabled by default: yes Communication direction: inbound and outbound

the time specified in Session Timeout has elapsed if you enter a value for the refresh interval which is less than the Session Timeout in the Refresh every ... seconds field (see page 307).

Force HTTPS If you enable the Force HTTPS option, users can only establish a secure connection to the iRMC S2 on the HTTPS port specified in the entry field. If you disable the Force HTTPS option, users can establish a non-secure connection to the iRMC S2 on the HTTP port specified in the entry field.

I If the SSL certificate has expired, a message to this effect is

issued in the browser. Enable Auto Refresh If you activate this option, the contents of the iRMC S2 web interface are automatically refreshed periodically. Specify the refresh interval in the Refresh every ... seconds field.

306

iRMC S2

iRMC S2 web interface

Network Settings - Ports and Network Services

Refresh every ... seconds Length (in seconds) of the interval for automatically refreshing the iRMC S2 web interface.

I If you enter a value for the refresh interval which is less than the
Ports for text-based access Telnet Port Telnet port of the iRMC S2 Default port number: 3172 Configurable: yes Enabled by default: no Communication direction: inbound and outbound Session Drop Time Period of inactivity (in seconds) after which a Telnet connection is automatically cleared. SSH Port SSH (Secure Shell) port of the iRMC S2 Default port number: 22 Configurable: yes Enabled by default: yes Communication direction: inbound and outbound

Session Timeout (see page 306), your session will not automatically be closed when the time specified in Session Timeout has elapsed in the event of inactivity.

Telnet enabled If you enable the Telnet Enabled option, users can establish a connection to the iRMC S2 on the Telnet port specified in the entry field.

iRMC S2

307

Network Settings - Ports and Network Services VNC ports

iRMC S2 web interface

Standard Port VNC port of the iRMC S2 for secure and non-secure Advanced Video Redirection (AVR) Port number: 80 Hard-configured Enabled by default: yes Communication direction: inbound Secure Port (SSL) VNC port of the iRMC S2 for the SSL-secured transfer of mouse and keyboard input for AVR. Port number: 443 Hard-configured. Enabled by default: yes Communication direction: inbound Remote Storage Ports Standard Port Default remote storage port of the iRMC S2 Default port number: 5901 Configurable: yes Enabled by default: yes Communication direction: outbound to the remote workstation Click the Apply button to store the configured settings.

308

iRMC S2

iRMC S2 web interface

Network Settings - DHCP Configuration

7.11.3 DHCP Configuration Configuring the host name for the iRMC S2
The DHCP Configuration page allows you to configure a host name for the iRMC S2 and thus use dynamic DNS. Dynamic DNS allows DHCP servers to autonomously pass on the IP address and system name of a network component to DNS servers to facilitate identification.

Figure 154: DHCP Configuration page

Register DHCP Address in DNS Enables/disables transfer of the DHCP name to the DHCP server for the iRMC S2. Use iRMC S2 Name instead of Hostname The iRMC S2 name specified in the iRMC S2 Name entry field is used for the iRMC S2 instead of the server name. Add Serial Number The last 3 bytes of the MAC address of the iRMC S2 are appended to the DHCP name of the iRMC S2.

iRMC S2

309

Network Settings - DHCP Configuration

iRMC S2 web interface

Add Extension The extension specified in the Extension entry field is appended to the DHCP name of the iRMC S2. Extension Enter a name extension for the iRMC S2. iRMC S2 Name iRMC S2 name passed to DHCP for the iRMC S2 in place of the server name. DNS Name Shows the configured DNS name for the iRMC S2.

310

iRMC S2

iRMC S2 web interface

Network Settings - DNS Settings

7.11.4 DNS Settings - Enable DNS for the iRMC S2

The DNS Settings page allows you to activate the Domain Name Service (DNS) for the iRMC S2. This allows you to use symbolic DNS names instead of IP addresses for configuring the iRMC S2.

Figure 155: DNS Configuration page

DNS enabled Enables/disables DNS for the iRMC S2. Obtain DNS configuration from DHCP If you activate this option, the IP addresses of the DNS servers are obtained automatically from the DHCP server. In this event, up to five DNS servers are supported. If you do not enable this setting, you can enter up to five DNS server addresses manually under DNS-Server 1 - DNS-Server 5.

iRMC S2

311

Network Settings - DNS Settings

iRMC S2 web interface

DNS Domain If the option Obtain DNS configuration from DHCP is disabled, specify the name of the default domain for requests to the DNS server(s). DNS Server 1 .. 5 If the Obtain DNS configuration from DHCP option is disabled, you can enter the names of up to five DNS servers here. Click the Apply button to store the configured settings.

312

iRMC S2

iRMC S2 web interface

Alerting

7.12

Alerting - Configure alerting

The Alerting entry contains the links to the pages you use to configure alerting for the iRMC: SNMP Trap Alerting - Configure SNMP trap alerting on page 314. Serial / Modem Alerting - Configure alerting via modem on page 315. Email Alerting - Configure email alerting on page 317.

iRMC S2

313

Alerting - SNMP Trap Alerting

iRMC S2 web interface

7.12.1 SNMP Trap Alerting Configure SNMP trap alerting

The SNMP Trap Alerting page allows you to view and configure the settings for SNMP trap alerting.

I Forwarding of SNMP traps to up to seven SNMP servers is supported.

Figure 156: SNMP Trap Alerting page

SNMP Community Name of the SNMP community. Click the Apply button to accept the community name. SNMP Server1 .. SNMP Server7 (trap destinations) DNS names or IP addresses of the servers that belong to this community and are to be configured as Trap Destinations. Click the Apply button to activate the SNMP server as a trap destination. Click the Test button to test the connection to the SNMP server. Click Apply All to activate all the settings if appropriate.

314

iRMC S2

iRMC S2 web interface

Alerting - Serial/Modem Alerting

7.12.2 Serial / Modem Alerting Configure alerting via modem

The Serial / Modem Alerting page allows you to configure how alerts are forwarded via a modem.

Figure 157: Serial / Modem Alerting page

Modem Alerting Enable Enables or disables serial/modem alerting. Modem Init String Please refer to your modem documentation for details on this entry. Modem Reset/Hangup String Please refer to your modem documentation for details on this entry. Modem Dial Prefix This entry will depend on the type of connection you have. Provider Phone Number Enter the name of the SMS server.

iRMC S2

315

Alerting - Serial/Modem Alerting Handy/Pager Phone Number Enter the name of the mobile phone. Handy/Pager Type You can choose between: Signal Pager Numeric Pager Alpha pager SMS DoCoMo

iRMC S2 web interface

SMS Message Length Limit You can choose between 80 or 140 as the maximum length. SMS Protocol Type Enable the option corresponding to the mobile phone network used. Click the Apply button to activate your settings. Click the Test button to send a test alert.

316

iRMC S2

iRMC S2 web interface

Alerting - Email Alerting

7.12.3 Email Alerting - Configure email alerting

The Email Alerting page allows you to configure the settings for email alerting.

I Configuration of two mail servers is supported.

Email alerting can be specified individually for each user (see section User <name> Configuration - User configuration (details) on page 326).

I Email alerting is currently not supported for global iRMC S2 user IDs
(see chapter User management for the iRMC S2 on page 59).

Figure 158: Email Alerting page

iRMC S2

317

Alerting - Email Alerting

iRMC S2 web interface

Global Email Paging Configuration - Configure global email settings The Global Email Paging Configuration group allows you to configure the global email settings.

Figure 159: Email Alerting page, Global Email Configuration

Email Alerting Enable Activate this option. SMTP Retries (0 - 7) Number of SMTP retries. SMTP Retry Delay (0 - 255) Time (in seconds) between SMTP retries. SMTP Response Timeout Timeout (in seconds) for an SMTP response. Click the Apply button to activate your settings.

318

iRMC S2

iRMC S2 web interface

Alerting - Email Alerting

Primary SMTP Server Configuration - Configure primary mail server The Primary SMTP Server Configuration group allows you to configure the primary server (SMTP server).

Figure 160: Email Alerting page, Primary SMTP Server Configuration

SMTP Server IP address of the primary mail server

I You can activate the Domain Name Service (DNS) for the
SMTP Port SMTP port of the mail server

iRMC S2 (see DNS Settings - Enable DNS for the iRMC S2 on page 311). You can then use a symbolic name instead of the IP address.

Auth Type Authentication type for connecting the iRMC S2 to the mail server: None No authentication for the connection. SMTP AUTH (RFC 2554) Authentication according to RFC 2554: SMTP Service Extension for Authentication. In this case, the following information is required: Auth User Name User name for authentication on the mail server Auth Password Password for authentication on the mail server Confirm Password Confirm the password entered. Click the Apply button to activate your settings.

iRMC S2

319

Alerting - Email Alerting

iRMC S2 web interface

Secondary SMTP Server Configuration - Configure secondary mail server The Secondary SMTP Server Configuration group allows you to configure the secondary server (SMTP server).

Figure 161: Email Alerting page - Secondary SMTP Server Configuration

SMTP Server IP address of the secondary mail server

You can activate the Domain Name Service (DNS) for the iRMC S2 (see DNS Settings - Enable DNS for the iRMC S2 on page 311). You can then use a symbolic name instead of the IP address.

SMTP Port SMTP port of the mail server Auth Type Authentication type for connecting the iRMC S2 to the mail server: None No authentication for the connection. SMTP AUTH (RFC 2554) Authentication according to RFC 2554: SMTP Service Extension for Authentication. In this case, the following information is required: Auth User Name User name for authentication on the mail server Auth Password Password for authentication on the mail server Confirm Password Confirm the password entered. Click the Apply button to activate your settings.

320

iRMC S2

iRMC S2 web interface Mail Format dependent Configuration Configure mail-format-dependent settings

Alerting - Email Alerting

The Mail Format dependent Configuration group allows you to configure the mailformat-dependent settings. You specify the mail format for each user using the New User Configuration - User <Name> Configuration - Email Format Configuration page (see page 330). The following email formats are supported: Standard Fixed Subject ITS-Format Fujitsu REMCS Format

Figure 162: Email Alerting page, Mail Format dependent Configuration

Some entry fields are disabled depending on the mail format. From Sender identification iRMC S2. Active for all mail formats.

I If the string entered here contains an @, the string is interpreted

as a valid email address. Otherwise, admin@<ip-address> is used as the valid email address. Subject Fixed subject for the alert mails. Only active for the Fixed Subject mail format (see page 330). Message Type of message (email). Only active for the Fixed Subject mail format (see page 330).

iRMC S2

321

Alerting - Email Alerting

iRMC S2 web interface

Admin Name Name of the administrator responsible (optional). Only active for the ITS mail format (see page 330). Admin Phone Phone number of the administrator responsible (optional). Only active for the ITS mail format (see page 330). REMCS Id This ID is an additional server ID, similar to the serial number. Only active for the mail format Fujitsu REMCS-Format. Server URL A URL under which the server is accessible under certain conditions. You have to enter the URL manually. Only active for the Standard mail format. Click the Apply button to store your settings.

322

iRMC S2

iRMC S2 web interface

User Management

7.13

User Management - Manage users

The User Management entry contains the links to the pages for local user management as well as for the configuration of the directory service for global user management (LDAP configuration): iRMC S2 User - local user management on the iRMC S2 on page 323. Directory Service Configuration (LDAP) - Configuring the directory service at the iRMC S2 on page 333.

iRMC S2 web interface

7.13.1.2 User <name> Configuration - User configuration (details) The User <name> Configuration page allows you to view, modify and extend the settings for a user. In figure 165 you can see the configuration of the user created in figure 164.

I The user ID is shown in brackets after the user name.

Figure 165: User Management - User <name> Configuration page

326

iRMC S2

iRMC S2 web interface

User Management - iRMC S2 User

User Information - Configuring user access data The User Information group allows you to configure the access data for the user.

Figure 166: User Management - User <name> Configuration page, User Information

User Enabled Disable this option to lock the user. Name Enter the name of the user. Password Enter the user password. Confirm Password Confirm the password by entering it again here. User Description Enter a general description of the configured user here. User Shell Select the desired user shell here. The following options are available: SMASH CLP See section Start a Command Line shell... - Start a SMASH CLP shell on page 393. Remote Manager See chapter iRMC S2 via Telnet/SSH (Remote Manager) on page 373. IPMI Basic Mode

iRMC S2

327

User Management - iRMC S2 User IPMI Terminal Mode None Click the Apply button to activate your settings.

iRMC S2 web interface

Privileges / Permissions - Assigning user privileges The Privileges / Permissions group allows you to configure the channel-specific user privileges.

Figure 167: User Management - User <name> Configuration page, Privilege / Permissions

LAN Channel Privilege Assign a privilege group for a LAN channel to the user here: User Operator Administrator OEM

Refer to section User permissions on page 62 for information on the permissions associated with the privilege groups. Serial Channel Privilege Assign a privilege group for a serial channel to the user here: The same privilege groups are available as for LAN Channel Privilege. In addition to the channel-specific permissions, you can also individually assign users the following channel-independent permissions: Configure User Accounts Permission to configure local user access data. Configure iRMC S2 Settings Permission to configure the iRMC S2 settings.

328

iRMC S2

iRMC S2 web interface

User Management - iRMC S2 User

Video Redirection enabled Permission to use Advanced Video Redirection (AVR) in View Only and Full Control mode. Remote Storage enabled Permission to use the Remote Storage functionality. Click the Apply button to activate your settings.

7.13.2 Directory Service Configuration (LDAP) Configuring the directory service at the iRMC S2
In order to perform global user management via a directory service (see page 83), you must configure the iRMC S2 appropriately in the Directory Service Configuration page.

I Currently, support for iRMC S2 LDAP access is provided for the following
directory services: Microsoft Active Directory, Novell eDirectory and Open LDAP. strings in LDAP: *, \ , &, |, !, =, <, >, ~, :

I The following characters are reserved as metacharacters for search

You must therefore not use these characters as components of Relative Distinguished Names (RDN).

Figure 170: Directory Service Configuration page (LDAP configuration)

iRMC S2

333

User Management - Directory Service Config.

iRMC S2 web interface

LDAP Enable This option specifies whether the iRMC S2 can access a directory service via LDAP. Directory service access via LDAP is only possible if LDAP Enable has been activated.

I If LDAP Enable is checked then the login information (see

page 222) is always transferred with SSL encryption between the web browser and the iRMC S2.

LDAP SSL Enable If you check this option then data transfer between iRMC S2 and the directory server is SSL encrypted.

I LDAP SSL Enable has no influence on whether or not the iRMC S2 web interface pages are SSL-protected on opening. I You should only activate LDAP SSL Enable if a domain controller
certificate is installed. Disable Local Login If you activate this option then all the local iRMC S2 user identifications are locked and only the user identifications managed by the directory service are valid.

V CAUTION!
If the option Disable Local Login is activated and the connection to the directory service fails then it is no longer possible to log in at the iRMC S2. Always use SSL Login

I This option is only relevant if LDAP is deactivated.

334

iRMC S2

iRMC S2 web interface

User Management - Directory Service Config.

connection with global user identifications. If alerting is not enabled, the settings in the Directory Service Access Configuration group are not significant.

Figure 173: Microsoft Active Directory: Directory Service Access Configuration

LDAP Auth User Name User name the iRMC S2 uses to log onto the LDAP server. LDAP Auth Password Password the user specified under User Name uses to authenticate themselves on the LDAP server. Confirm Password Repeat the password you entered under LDAP Auth Password.

338

iRMC S2

iRMC S2 web interface

User Management - Directory Service Config.

Test LDAP Access Checks the access data to the LDAP directory server and shows the LDAP status as the result (see figure 174).

I This test only checks the basic access data (Is the LDAP

server present?, Is the user configured?), but does not fully authenticate the user.

Figure 174: Microsoft Active Directory: Status of the connection to the LDAP server

Click Reset LDAP Status to reset the status display. Click Apply to activate your settings. Configure the settings for global email alerting in the Directory Service Email Alert Configuration group.

Figure 175: Directory Service Email Alert Configuration

LDAP Email Alert Enable Enables global email alerting. LDAP Alert Table Refresh [Hours] Defines the interval at which the email table is regularly updated (see page 158). A value of 0 means that the table is not updated regularly. Click Apply to activate your settings.

iRMC S2

339

User Management - Directory Service Config.

iRMC S2 web interface

7.13.2.2 Configuring iRMC S2 for Novell eDirectory / OpenLDAP After you have confirmed you choice of Novell or OpenLDAP by clicking Apply, the following variant of the Directory Service Configuration page is shown.

I The Directory Service Configuration page has an identical structure for

both Novell eDirectory and OpenLDAP.

Figure 176: Global Directory Service Configuration: Specifications for Novell eDirectory / Open LDAP

I The entries shown as examples in figure 176 refer to the examples and
figures shown in section iRMC S2 user management via Novell eDirectory on page 120. 340
iRMC S2

iRMC S2 web interface Proceed as follows:

User Management - Directory Service Config.

Complete your specifications in the Global Directory Service Configuration group:

Figure 177: Global Directory Service Configuration: Specifications for Microsoft Active Directory

LDAP Server 1 IP address or DNS name of the LDAP directory server that is to be used. LDAP Server 2 IP address or DNS name of the LDAP directory server which is maintained as the backup server and used as the directory server if LDAP Server 1 fails. Department Name Department name. The directory service needs the department name in order to determine the user permissions. A user may have different permissions for the department X server than for the department Y server (see also figure 27 on page 90). Base DN The Base DN is the fully distinguished name of the eDirectory or Open LDAP server and represents the tree or subtree that contains the OU (Organizational Unit) iRMCgroups. This DN forms the starting point for LDAP searches.

iRMC S2

341

User Management - Directory Service Config.

iRMC S2 web interface

Groups directory as sub-tree from base DN Pathname of the organizational unit iRMCgroups as a subtree of Base DN (Group DN Context). User Search Context Pathname of the organizational unit Users as a subtree of Base DN (User Search Context). Click Apply to activate your settings. Configure the LDAP access data in the Directory Service Access Configuration group:

Figure 178: Microsoft Active Directory: Directory Service Access Configuration

LDAP Auth Password Password the Principal User uses to authenticate themselves on the LDAP server. Confirm Password Repeat the password you entered under LDAP Auth Password. Principal User DN Fully distinguished name, i.e. the full description of the object path and attributes of the generic iRMC S2 user ID (principal user), under which the iRMC S2 queries the permissions of the iRMC S2 users from the LDAP server. Append Base DN to Principal User DN If you activate this option, you do not need to specify the Base DN under Principal User DN. In this event, the Base DN is used that you specified under Base DN in the Global Directory Service Configuration group. Bind DN Bind DN shows the principal user DN used for LDAP authentication. 342
iRMC S2

iRMC S2 web interface

User Management - Directory Service Config.

Enhanced User Login Enhanced flexibility when users log in. If you select Enhanced User Login and activate it with Apply, an additional field User Login Search Filter appears containing the standard login search filter.

V Only activate this option if you are familiar with the LDAP

syntax. If you inadvertently specify and activate an invalid search filter, users can only log in to the iRMC S2 under a global login after the Enhanced User Login option has been deactivated.

Figure 179: LDAP search filter for Enhanced User Login

At login, the placeholder %s is replaced by the associated global login. You can modify the standard filter by specifying another attribute in place of cn=. All global logins are then permitted to log into the iRMC S2 which meet the criteria of this search filter.

V CAUTION!
Only activate this option if you are familiar with the LDAP syntax. If you inadvertently specify and activate an invalid search filter, users can only log in to the iRMC under a global login after the Enhanced User Login option has been deactivated.

iRMC S2

343

User Management - Directory Service Config.

iRMC S2 web interface

Test LDAP Access Checks the access data to the LDAP directory server and shows the LDAP status as the result (see figure 174).

I This test only checks the basic access data (Is the LDAP

server present?, Is the user configured?), but does not fully authenticate the user.

Figure 180: eDirectory / OpenLDAP: Status of the connection to the LDAP server

Click Reset LDAP Status to reset the status display. Click Apply to activate your settings. Configure the settings for global email alerting in the Directory Service Email Alert Configuration group.

Figure 181: Directory Service Email Alert Configuration

344

iRMC S2

iRMC S2 web interface

Console Redirection

7.14

Console Redirection - Redirecting the console

The following pages are available for console redirection: BIOS Text Console - Configure and start text console redirection on page 345. Advanced Video Redirection - Start Advanced Video Redirection (AVR) on page 356.

7.14.1 BIOS Text Console Configure and start text console redirection
The BIOS Text Console page allows you to configure and start text console redirection.

I Text console redirection can also be configured in the BIOS (see section
Configuring text console redirection via LAN using the BIOS/TrustedCore Setup program on page 44).

iRMC S2

345

Console Redirection - BIOS Text Console

iRMC S2 web interface

Figure 182: BIOS Text Console page

346

iRMC S2

iRMC S2 web interface

Console Redirection - BIOS Text Console

7.14.1.1 BIOS Console Redirection Options Configure text console redirection BIOS Console Redirection Options allows you to configure text console redirection.

Figure 183: BIOS Text Console page - BIOS Console Redirection Options

349

Console Redirection - BIOS Text Console

iRMC S2 web interface

Figure 185: Window for power management and text console redirection (before login)

Click the Logon button to log in to the iRMC S2. You are then prompted to enter your iRMC S2 user name and password:

Figure 186: Power management and text console redirection - Login window

350

iRMC S2

iRMC S2 web interface

Console Redirection - BIOS Text Console

Enter your user name and password and click Login to confirm. The window for power management and text console redirection is then displayed:

Console redirection bar Status bar Power management bar

Console area Login bar

Figure 187: Window for power management and text console redirection

iRMC S2

351

Console Redirection - BIOS Text Console

iRMC S2 web interface

The elements of the console redirection window are explained below: Login bar The login bar shows the IP address and current firmware version of the iRMC S2. The Login and Logout buttons allow you to log in to and log out of the iRMC S2. Power management bar The power management bar provides information on the power status of the managed server. You can update the display by clicking the Status button. The Command drop-down list allows you to select and launch an IPMI command for power management of the managed server (see page page 353). You do not need to be connected with the console to do this. Console redirection bar The Enter Console and Leave Console buttons in the console redirection bar allow you to show or hide the display in the console area. Console area The console area contains the display from the redirected text console. Status bar The status bar shows the IP address of the iRMC S2 and the port number used for console redirection. In addition, the status bar provides information on the status of the console redirection (online/offline).

352

iRMC S2

iRMC S2 web interface Click Enter Console.

Console Redirection - BIOS Text Console

You are then connected to the console and can execute the required command, either by entering it directly in the console area or by clicking it in the Command drop-down list (IPMI commands only):

Enter SAC command directly. (No confirmation prompt!) or Select IPMI command and click.

7.14.2 Advanced Video Redirection Start Advanced Video Redirection (AVR)

The Advanced Video Redirection page allows you to start graphical console redirection. The Advanced Video Redirection feature redirects graphical output from the managed server to the remote workstation and assigns keyboard and mouse input from the remote workstation to the managed server so that you can access the managed server from the remote workstation as if you were working locally. AVR can be used by two users simultaneously. One user has full control over the server (full-control mode) and the other can only passively observe keyboard and mouse operation of the server (view-only mode).

I In order to use the iRMC S2 function Advanced Video Redirection, you

require a license key (see Load license key onto the iRMC S2. on page 241). The AVR functionality is made available with a Java applet.

356

iRMC S2

iRMC S2 web interface

Console Redirection - AVR

Figure 190: Advanced Video Redirection page

iRMC S2

357

Console Redirection - AVR Creating an ASR screenshot The ASR Screenshot page allows you to

iRMC S2 web interface

take a screenshot of the current VGA screen on the managed server (video screenshot) and store it in the firmware of the iRMC S2, view the screenshot stored in the iRMC S2 firmware, delete the screenshot stored in the iRMC S2 firmware,

Figure 191: Creating an video screenshot

I A video screenshot is automatically created on ASR&R events - in

Windows, these are typically watchdog events or "bluescreens" on the managed server. A maximum of one video screenshot is stored in the firmware of the iRMC S2, namely the most recently created screenshot.

The following actions are available by clicking on one of the buttons displayed: View Screenshot (This only appears if a video screenshot has been stored.) The screenshot is shown in a separate browser window. Preview Screenshot (This only appears if a video screenshot has been stored.) A thumbnail of the screenshot is shown in the ASR Screenshot group. Make Screenshot Takes a new video screenshot. Delete Screenshot (This only appears if a video screenshot has been stored.) The video screenshot stored in the iRMC S2 firmware is deleted after you have confirmed that you wish to do so.

358

iRMC S2

iRMC S2 web interface

Console Redirection - AVR

AVR Active Session Table - Show current AVR sessions The AVR Active Session Table lists the currently active AVR sessions. If no AVR session is currently active then the AVR Active Session Table is not displayed. If two AVR Sessions are currently active, a Disconnect button is displayed for each Session.

Figure 192: AVR Active Session Table - (two active AVR sessions)

Disconnect If you click Disconnect, a confirmation dialog box appears in which you can close the AVR session to the left of the button.

I You can only close AVR sessions of other users with the

Disconnect button. To close your own session, choose Exit from the Extras menu in the AVR window (see page 184).

Video Redirection Options - Deactivating USB ports on the managed server for the duration of the AVR session

I This function is not supported for all PRIMERGY servers.

Video Redirection Options - Disable USB Port allows you to specify which USB ports are to be disabled on the managed server for the duration of the AVR session.

Figure 193: Video Redirection Options

None No USB port will be disabled.

iRMC S2

359

Console Redirection - AVR

iRMC S2 web interface

Front USB Only the USB port on the front of the server will be disabled. Rear USB Only the USB port on the back of the server will be disabled. Disable All All USB ports of the server will be disabled. Click the Apply button to activate your settings. Local Monitor - Power up/down options for local server monitor The status of the local monitor on the managed server is shown under Local Monitor (see section Local Monitor Off function on page 172). In addition, you can configure: that the local monitor can be switched on and off from the remote workstation, that the local monitor shuts down automatically for the duration of the AVR session when an AVR session is started,

Figure 194: Advanced Video Redirection page - Local Monitor

360

iRMC S2

iRMC S2 web interface

Console Redirection - AVR

Enable Local Monitor Off This option allows you to activate the following options: In full-control mode of an AVR session, you can switch the local monitor on and off (AVR Extras menu, see page 184). For users with administrator or OEM permissions, the toggle button Turn Off / Turn On is also enabled. This also allows the local monitor to be switched on and off (see figure 195).

Figure 195: Advanced Video Redirection page - Local Monitor On/Off

You can also configure that the local monitor is switched off automatically for the duration of an AVR session when an AVR session is started (see the Automatic Local Monitor Off when AVR is started option).

I If no concurrent session with Local Monitor Off is active, the local

Automatic Local Monitor Off when AVR is started

monitor is automatically switched on again when the AVR session is closed.

I This option only takes effect if Enable Local Monitor has been
activated. If you activate this option, the local monitor is automatically switched off for the duration of the session when an AVR session is started. After the AVR session is closed, the local monitor is automatically switched on again if no concurrent session with Local Monitor Off is active.

I Parallel AVR sessions:

Even if you switch on the local monitor during your AVR session (in the AVR menu Extras or with the Turn On button), the local monitor is automatically switched off again if a new, concurrent AVR session is started. The local monitor is switched on again automatically when all AVR sessions have been closed. Click the Apply button to activate your settings.

iRMC S2

361

Console Redirection - AVR Video Redirection - Starting AVR You start AVR under Video Redirection.

iRMC S2 web interface

Figure 196: Advanced Video Redirection page - Local Monitor

Click the Start Video Redirection or Start Video Redirection (Java Web-Start) button to start a second AVR session. The Java applet for Advanced Video Redirection is started. The Java applet shows the AVR window in view-only mode, and you are asked whether you want to take full control of the managed server using AVR or whether you wish to remain in the view-only mode.

Figure 197: AVR window (view-only mode)

362

iRMC S2

iRMC S2 web interface

Console Redirection - AVR

Click OK to take over full control of the managed server. In this case, the window for active use of AVR is opened (see figure 198).

I This places the currently active AVR session in view-only mode.

Click Cancel to remain in view-only mode.

Users should agree among themselves what modes they are to use in their sessions.

If you have decided to actively use AVR, the following window appears, with which you can log into the managed server.

Figure 198: AVR window (full-control mode)

The menus of the AVR window and the integrated special keys are described in chapter Advanced Video Redirection (AVR) on page 167.

iRMC S2

363

Console Redirection - AVR

iRMC S2 web interface

The two active AVR sessions are shown as follows on the Advanced Video Redirection page:

Figure 199: AVR window with two active AVR sessions

Disconnect If you click Disconnect, a confirmation dialog box appears in which you can close the AVR session to the left of the button.

I You can only close AVR sessions of other users with the

Disconnect button. To close your own session, choose Exit from the Extras menu in the AVR window (see page 184).

364

iRMC S2

iRMC S2 web interface

Console Redirection - AVR

The following window appears if the managed server is powered down:

Figure 200: AVR window when the server is powered down

iRMC S2

365

Remote Storage

iRMC S2 web interface

7.15

Remote Storage

The Remote Storage feature provides the managed server with a virtual drive which is physically located elsewhere in the network. The source for the virtual drive can be a physical drive (floppy disk drive CD-ROM/DVD-ROM) or an ISO image (image file).

I In order to use the iRMC S2 function Remote Storage, you require a

license key (see page 243). You can make the remote storage media available as follows: As a physical drive or image file at the remote workstation (see page 192). The image file may also be a network drive (with drive letter, e.g. D: for drive D). As an image file centrally in the network via a remote storage server (see page 206).

I Parallel remote storage connections:

The following are possible concurrently: either up to two Remote Storage connections to virtual drives at the remote workstation (if the connection is established over the AVR Java applet) or one Remote Storage connection to a Remote Storage server. Remote storage connections via applet and Remote Storage Server are not possible simultaneously. The Remote Storage page allows you to display information on the status of the current remote storage connections and establish the connection to a remote storage server.

366

iRMC S2

iRMC S2 web interface

Remote Storage

Figure 201: Remote Storage page

IP Address or DNS Name Here you enter the IP address or DNS name of the computer on which a remote storage server is installed. Apply Click the Apply button to save the remote storage servers IP address or DNS name. Connect Click the Apply button to save the remote storage servers IP address or DNS name and establish the connection to the remote storage server.

I Before it is possible to establish the connection to the remote

storage server the remote storage server must be installed and running.

Disconnect Click the Disconnect button to terminate the connection to the remote storage server.

iRMC S2

367

Telnet / SSH access (Remote Manager)

iRMC S2 web interface

7.16

Operating iRMC S2 via Telnet/SSH (Remote Manager)

A Telnet/SSH-based interface is available for the iRMC S2. This is known as the Remote Manager. The alphanumeric user interface of the Remote Manager provides you with access to system and sensor information, power management functions and the error event log. You can also start text console redirection and a SMASH CLP shell. You can call the Remote Manager from the iRMC S2 web interface as follows: Use the iRMC S2 SSH Access link to initiate an SSH (Secure Shell) encrypted Telnet connection to the iRMC S2. Use the iRMC S2 Telnet Access link to initiate an unencrypted Telnet connection to the iRMC S2.

I Maximum number of parallel sessions:

Telnet: up to 4 SSH: up to 2 Telnet and SSH in total: up to 4 Operation of the iRMC S2 using the Remote Manager is described in chapter iRMC S2 via Telnet/SSH (Remote Manager) on page 373. Requirements on the managed server Access via Telnet must be activated for the iRMC S2 (see the section Ports and Network Services - Configuring ports and network services on page 305).

I Access via the Telnet protocol is deactivated by default for security

reasons, as passwords are transmitted in plain text.

368

iRMC S2

iRMC S2 web interface

Telnet / SSH access (Remote Manager)

Establishing an SSH/Telnet connection and logging into the Remote Manager

I If the screen displays for SSH and Telnet connections differ only with

respect to the connection-specific information displayed, the display for an SSH connection is shown below.

In the navigation bar, click on the link iRMC S2 SSH Access (SSH) or iRMC S2 Telnet Access (Telnet). The Java applet for the SSH or Telnet connection is started and the following window is displayed (in this case using the example of an SSH connection):

Figure 202: Establishing an SSH connection to the iRMC S2

iRMC S2

369

Telnet / SSH access (Remote Manager) In the connection bar, click Connect.

iRMC S2 web interface

As soon as the connection to the iRMC S2 has been established, you are requested to enter the user name and password. Logging into the Remote Manager over an SSH connection

I If the host key of the managed server is not yet registered at the
remote workstation, the SSH client issues a security alert with suggestions on how to proceed. The following login window is displayed:

Figure 203: SSH connection: Logging in to the Remote Manager

Enter your user name and password and confirm your entries by clicking Login. The main menu of the Remote Manager is then displayed (see figure 205 on page 372).

370

iRMC S2

iRMC S2 web interface

Telnet / SSH access (Remote Manager)

Logging into the Remote Manager over a Telnet connection The Remote Manager login window is displayed:

Figure 204: Telnet connection: Logging in to the Remote Manager

I Depending on whether ServerView agents have already been

Enter your user name and password and confirm your entries by pressing [Enter]. The main menu of the Remote Manager is then displayed (see figure 205 on page 372).

started at some point on the system, the login window is shown with or without system information (see page 378).

iRMC S2

371

Telnet / SSH access (Remote Manager)

iRMC S2 web interface

Figure 205: Main menu of the Remote Manager

Closing a Telnet/SSH connection Close the connection to the Remote Manager by clicking the Disconnect button in the connection bar of the Remote Manager window or by pressing the [0] key in the main menu of the Remote Manager (see figure 205).

372

iRMC S2

iRMC S2 via Telnet/SSH (Remote Manager)

A Telnet-based interface is available for the iRMC S2. This is known as the Remote Manager. You can call the Remote Manager over the following interfaces: iRMC S2 web interface (see page 368) any Telnet/SSH client ServerView Remote Management Frontend The iRMC S2 supports secure connections over SSH (Secure Shell). The Remote Manager interface is identical for Telnet and SSH connections. In principle, any Telnet/SSH client that interprets VT100 sequences can be used to access the iRMC S2. It is nevertheless recommended that the iRMC S2 web interface or the ServerView Remote Management Frontend (referred to below simply as the Remote Management Frontend) be used.

I Maximum number of parallel sessions:

Telnet: up to 4 SSH: up to 2 Telnet and SSH in total: up to 4 Requirements on the managed server Access via Telnet must be activated for the iRMC S2 (see the section Ports and Network Services - Configuring ports and network services on page 305).

I Access via the Telnet protocol is deactivated by default for security reasons, as passwords are transmitted in plain text. I Since the ServerView Operations Manager does not know the value of

the management port, the Remote Management Frontend works with the default value. Since a connection is not automatically established when the Remote Management Frontend is started, you can correct any nonstandard value for the management port after the Remote Management Frontend has been started.

iRMC S2

373

Operating the iRMC S2 using the Remote Management Frontend

8.1

Operating the iRMC S2 using the ServerView Remote Management Frontend

You will find detailed information on establishing a connection to the iRMC S2 using the Remote Management Frontend and on the work environment of the Remote Management Frontend in the PRIMERGY ServerView Suite ServerView Remote Management Frontend manual.

374

iRMC S2

Telnet/SSH - Remote Managerr

... operating

8.2

Remote Manager

This section describes operation of the iRMC S2 from the Remote Manager and the various functions in detail. The end of the section also provides a brief overview of SMASH CLP.

8.2.1

Operating Remote Manager

Operation of Remote view is described on the basis of the example in figure 206, which shows an excerpt from the main menu of the Remote Manager.

Figure 206: Operating the Remote Manager

Select the required menu item by entering the number or letter which precedes the menu item, e.g. c for Change password. Functions that the user is not permitted to use are indicated by a dash (-) and functions that are not available are indicated by an asterisk (*). Press [0] or the key combination [Ctrl] [D] to close the Remote Manager. An appropriate event will be written to the event log.

iRMC S2

375

Overview of menus

Telnet/SSH - Remote Manager

8.2.2

Overview of menus

The Remote Manager menu for the iRMC S2 has the following structure:

System Information Chassis Information Mainboard Information OS and SNMP Information

Power Management Immediate Power Off Immediate Reset Power Cycle Power on Graceful Power Off (Shutdown) Graceful Reset (Reboot)

Enclosure Information System Event-Log View System Event-Log (text, newest first) View System Event-Log (text, oldest first) Dump System Event-Log (raw, newest first) Dump System Event-Log (raw, oldest first) View System Eventlog Information Clear System Event-Log Temperature Voltages/Current Fans Power Supplies Door Lock CPU Sensors

376

iRMC S2

Telnet/SSH - Remote Manager Component Status (Lightpath) List All Sensors

Overview of menus

Service Processor Configure IP Parameters List IP Parameters Toggle Identify LED Reset iRMC S2 (Warm reset) Reset iRMC S2 (Cold reset)

Change password Console Redirection (EMS/SAC) Start a Command Line shell Console Logging

iRMC S2

377

Logging in

Telnet/SSH - Remote Manager

8.2.3

Logging in

As soon as a connection to the iRMC S2 has been established, the login window of the Remote Manager (Telnet/SSH window) is displayed at the terminal client at the remote workstation. Depending on whether ServerView agents have already been started at some point on the system, the login window is shown with or without system information.

I When logging in over an SSH connection: If the host key of the managed
server is not yet registered at the remote workstation, the SSH client issues a security alert with suggestions on how to proceed.

Figure 207: Remote Manager: Login window (with system information)

378

iRMC S2

Telnet/SSH - Remote Manager

Logging in

Figure 208: Remote Manager: Login window (without system information)

The Remote Manager window contains information on the affected PRIMERGY system. This information identifies the server and indicates its operating status (Power Status). Some details (e.g. the System Name) are only shown for servers and only if the server is configured appropriately. In order to be able to use the Remote Manager, you must log in with a user name and a password. Then an appropriate event will be written to the Event log and the relevant main menu of the Remote Manager displayed (see section Main menu of the Remote Manager on page 380). You can terminate the login process at any time using [Ctrl][D].

iRMC S2

379

Main menu

Telnet/SSH - Remote Manager

8.2.4

Main menu of the Remote Manager

Figure 209: Remote Manager: Main menu window

The main menu of the Remote Manager provides the following functions: System Information... View information on the managed server (see section System Information Information on the managed server on page 384). Power the server up or down. (see section Power Management on page 385).

Power Management...

Table 9: Main menu of the Remote Manager

380

iRMC S2

Telnet/SSH - Remote Manager

Main menu

Enclosure Information...

Request information on the current system status, e.g. check error and event messages from the error log and event log (temperature, fan, etc.) (see section Enclosure Information System event log and status of the sensors on page 387). Configure the iRMC S2 (e.g. update firmware or change IP address) (see section Service processor - IP parameters, identification LED and iRMC S2 reset on page 391). Change the password (see section Change the password on page 383). Text console redirection (see section Console Redirection (EMS/SAC) - Start text console redirection on page 392). Start a command line shell (see section Start a Command Line shell... - Start a SMASH CLP shell on page 393). Redirect output of messages to the text console (see section Console Logging Redirect message output to the text console (serial) on page 394).

Service Processor...

Change password

Console Redirection (EMS/SAC)

Start a Command Line shell...

Console Logging

Table 9: Main menu of the Remote Manager

iRMC S2

381

Required permissions

Telnet/SSH - Remote Manager

8.2.5

Required user permissions

table 10 provides an overview of the user permissions which are required in order to use the individual Remote Manager functions.
Remote Manager menu items Permitted with IPMI privilege level Required permission Configure iRMC S2 Settings

Video Redirection Enabled

Configure User Accounts

System Information... Power Management... Enclosure Information System Eventlog - View/Dump System Eventlog System Eventlog - Clear System Eventlog Sensor overviews (Temperature, Fans ...) Service Processor... Service Processor... - List IP Parameters Service Processor... - Configure IP Parameters Service Processor... - Toggle Identify LED Service Processor... - Reset iRMC S2 (warm/cold reset) Change Password Console Redirection (EMS/SAC) Start a command Line shell... Console Logging

X X X X X X X

X X

X X X X

X X

X X X

X X X X

Table 10: Permissions to use the Remote Manager menus

382

iRMC S2

Remote Storage Enabled

Administrator

Operator

OEM

User

Telnet/SSH - Remote Manager

Change the password

8.2.6

Change the password

The Change password menu item allows a user with the privilege Configure User Accounts (see page 62) to change their own password or the passwords of other users.

iRMC S2

383

System Information

Telnet/SSH - Remote Manager

8.2.7

System Information Information on the managed server

The following menu appears if you choose System Information... from the main menu:

Figure 210: Remote Manager: System Information window

The submenu contains the following functions: Chassis Information Mainboard Information OS and SNMP Information Information on the chassis of the managed server and its product data. Information on the mainboard of the managed server and its product data. Information on the operating system and the ServerView version of the managed server and on the SNMP settings.

Table 11: System Information menu

384

iRMC S2

Telnet/SSH - Remote Manager

Power Management

8.2.8

Power Management

The following menu appears if you choose Power Management... from the main menu:

Figure 211: Remote Manager: Power Management window

iRMC S2

385

Power Management The submenu contains the following functions: Immediate Power Off Immediate Reset Power Cycle Power On Graceful Power Off (Shutdown)

Telnet/SSH - Remote Manager

Powers the server down, regardless of the status of the operating system. Completely restarts the server (cold start), regardless of the status of the operating system. Powers the server down completely and then powers it up again after a configured period. Switches the server on. Graceful shutdown and power off. This menu item is only available if ServerView agents are installed and signed onto the iRMC S2 as Connected. Graceful shutdown and reboot. This menu item is only available if ServerView agents are installed and signed onto the iRMC S2 as Connected.

Graceful Reset (Reboot)

Table 12: Power Management menu

386

iRMC S2

Telnet/SSH - Remote Manager

Enclosure Information

8.2.9

Telnet/SSH - Remote Manager

The contents of the Event log are output to screen in a readable form and in chronological order (the most recent entry first). The contents of the Event log are output to screen in a readable form and in reverse chronological order (the oldest entry first).

Dump System Eventlog The contents of the Event log are dumped in (raw, newest first) chronological order (the most recent entry first). Dump System Eventlog The contents of the Event log are dumped in reverse (raw, oldest first) chronological order (the oldest entry first). View System Eventlog Information Clear System Eventlog Display information on the event log. Clear the contents of the event log.

Table 14: System Eventlog menu

390

iRMC S2

Telnet/SSH - Remote Manager

Service Processor

8.2.10 Service processor - IP parameters, identification LED and iRMC S2 reset

The following menu appears if you choose Service Processor... from the main menu:

Figure 214: Remote Manager: Service Processor window

iRMC S2

391

Console Redirection (EMS/SAC) The submenu contains the following functions: Configure IP Parameters

Telnet/SSH - Remote Manager

Configure the IP address, subnet mask and default gateway. You can also specify whether DHCP is to be activated Display the IP settings. Switch the PRIMERGY identification LED on/off. Reset the iRMC S2. The connection is closed. Only the interfaces are re-initialized. Reset the iRMC S2. The connection is closed. The entire iRMC S2 is re-initialized.

List IP Parameters Toggle Identify LED Reset iRMC S2 (warm reset) Reset iRMC S2 (cold reset)

Table 15: Service Processor menu

I It is recommended that you reboot the server after a Reset iRMC S2 (Cold
Reset) or Reset iRMC S2 (Warm Reset) (see page 265).

8.2.11 Console Redirection (EMS/SAC) Start text console redirection

You can start console redirection with the Console Redirection (EMS/SAC) item from the main menu.

I Text-based console redirection only works over the LAN with Serial 1.
If console redirection is also to be used while the operating system is running, the Serial 1 Multiplexer must be set to System.

I Use the keyboard shortcut "<ESC>(" or "~." (tilde dot) to exit the text
console. It is possible that only one of these options will work, depending on the type of PRIMERGY server used.

392

iRMC S2

Telnet/SSH - Remote Manager

Start a Command Line shell...

8.2.12 Start a Command Line shell... Start a SMASH CLP shell

Start a Command Line shell... in the main menu allows you to start a SMASH CLP shell. SMASH CLP stands for Systems Management Architecture for Server Hardware Command Line Protocol. This protocol permits a Telnet- or SSHbased connection between the management station and the managed server. For further details on SMASH CLP, please refer to section Command Line Protocol (CLP) on page 397. When you select (s) Start a Command Line shell... from the main menu, the following window appears:

Figure 215: Remote Manager: Start a SMASH CLP shell... window

Choose (1) Start a SMASH CLP shell... to start the SMASH CLP shell.

iRMC S2

393

Console Logging

Telnet/SSH - Remote Manager

log 1

firmware

accounts

nic 1

oemsensors

oemsefru

record 1

record n

user 1

user 16

Figure 218: Structure of the user data in SMASH CLP

Hierarchy of the CLP commands An overview of the CLP command hierarchy is shown in table 18 on page 400.

iRMC S2

399

Command Line Protocol (CLP)

Telnet/SSH - Remote Manager

Table 18: Hierarchy of the CLP commands

400

iRMC S2

Configuring iRMC S2 using the Server Configuration Manager

This chapter describes how to use the Server Configuration Manager to configure the iRMC S2 (as of page 418), configure and manage user IDs at the iRMC S2 (as of page 433), configure a directory service on the iRMC S2 (see page 439). You can configure the iRMC S2 either locally on the managed server or from the remote workstation via the ServerView Operations Manager (referred to simply as the Operations Manager below).

I Requirements:
The current ServerView agents must be installed on the managed server. The Server Configuration Manager functions can be accessed in the following ways: Locally on managed servers using ServerStart. Locally on managed Windows-based servers using the Windows Start menu.

I This is only supported for servers on which the ServerView agents for
Windows are installed. On the remote workstation using the graphical interface of the Operations Manager.

I This is only supported for servers on which the ServerView agents for
Windows are installed.

iRMC S2

401

Starting system configuration

Server Configuration Manager

9.1

Starting system configuration

This section describes how to call the Server Configuration Manager from the ServerView Installation Manager, the Windows Start menu and the ServerView Operations Manager.

I The user interfaces of the individual Server Configuration Manager

variants differ slightly in terms of their layout, but are functionally identical. In the description of the Server Configuration Manager dialog boxes for configuring the iRMC S2 (see page 418ff), the dialog boxes of the Server Configuration Manager variant called from Operations Manager are depicted.

9.1.1

Calling the Server Configuration Manager from the ServerView Installation Manager

You can also call the Server Configuration Manager from the ServerView Installation Manager (abbreviated to Installation Manager below). Configuration via the Installation Manager is of significance when installing the server. The Installation Manager makes the Server Configuration Manager available both during preparation for installation and as a separate maintenance program. The Installation Manager is described in the manual PRIMERGY ServerView Suite ServerView Installation Manager.

402

iRMC S2

Server Configuration Manager

Starting system configuration

9.1.2

Calling the Server Configuration Manager from the Windows Start menu

On Windows-based servers, you can also call the Server Configuration Manager via the Windows Start menu. To do this, proceed as follows: On the managed server, select: Start All Programs Fujitsu ServerView Agents Configuration Tools System Configuration. The System Configuration window opens:

Figure 219: System Configuration window

Accept the preset values. Click OK. The tab view of the System Configuration window opens. You can scroll to the left and right through the tabs by clicking the arrows next to the tabs.

iRMC S2

403

Starting system configuration Applying settings

Server Configuration Manager

To apply the settings made in the individual tabs, proceed as follows for each tab: Click the Apply button. Click the Save Page button. The iRMC S2 automatically reboots to activate the changed settings.

404

iRMC S2

Server Configuration Manager

Starting system configuration

9.1.3

Figure 223: Operations Manager: Server Configuration window - Configuration tab

In the navigation area, click the required function. The associated dialog page then appears in the right-hand side of the window.

I This manual only describes those dialog pages which are relevant for I Activate the configured settings for each server either separately for
each dialog page with Save Page or after you have completed the entire configuration with Save all. Choose Reload Page or Reload all to reset the settings to the original values.

configuring the iRMC S2 and for user management on the iRMC S2.

Configure the settings you require and save them with Save Page or with Save all.

I After you have completed configuring a server, you can select further
servers for configuration in the Server list tab.

iRMC S2

409

iRMC Power Consumption Control

Server Configuration Manager

9.2

iRMC Power Consumption Control Control the power consumption of the server

The iRMC Power Consumption Control dialog page allows you to specify the mode the iRMC S2 uses to control the power consumption of your PRIMERGY server. Select iRMC Power Consumption Control.

Figure 224: iRMC Power Consumption Control dialog page

Configure the following settings: Enable Power Consumption Monitoring Specifies whether power monitoring is to be carried out.

I This setting only takes effect on PRIMERGY servers that support power monitoring. I Enable Power Consumption Monitoring is enabled by default as
of Version 3.32 of the firmware. 410
iRMC S2

Server Configuration Manager

iRMC Power Consumption Control

Power Control Mode Mode for controlling the power consumption of the managed server: Disabled The iRMC S2 allows the operating system to control power consumption. Best Performance The iRMC S2 controls the server to achieve best performance. In this event, power consumption can rise. Minimal Power Consumption The iRMC S2 controls the server to achieve the lowest possible power consumption. In this event, performance is not always ideal. Power Consumption Scheduler The iRMC S2 controls power consumption on the basis of the Power Consumption Scheduler (see below). Power Consumption Scheduler

I The Power Consumption Scheduler is only activated if you select

the Power Consumption Scheduler option under Power Control Mode. The Power Consumption Scheduler allows you to specify in detail the schedules and modes (operating-system-controlled, best performance, lowest power consumption) that the iRMC S2 uses to control power consumption on the managed server.

iRMC S2

411

iRMC Advanced Features

Server Configuration Manager

9.3

iRMC Advanced Features Remote Storage Server, License Key and HP SIM Integration

You can perform the following tasks on the iRMC Advanced Features dialog page: store the IP address or DNS name of a remote storage server on the iRMC S2. enter a license key for the use of the Advanced Video Redirection and Remote Storage functionality. deactivate or activate HP SIM integration. Choose iRMC Advanced Features.

Figure 225: iRMC Advanced Features dialog page

Configure the following settings: Hostname or IP address Here you enter the DNS name or IP address of the computer on which a remote storage server is installed.

412

iRMC S2

Server Configuration Manager

iRMC Advanced Features

License Key Enter a valid license key for the use of the Advanced Video Redirection and Remote Storage functionality here. Disable HP System Insight Manager integration ... Enable or disable this option to activate or deactivate HP SIM integration. If the Disable HP System Insight Manager Integration ... option is deactivated, the iRMC S2 responds with identification information to a non-authenticated XML query from the HP Insight Managers.

iRMC S2

413

ASR&R Fan Settings

Server Configuration Manager

9.4

ASR&R Fan Settings

The ASR&R Fan Settings dialog page shows information on the fans of the managed server. For each fan, you can also specify whether the server is to be shut down if that fan fails. Choose ASR&R Fan Settings.

Figure 226: ASR&R Fan Settings dialog page

Configure the following settings: Fail Action Specify whether the server is to be shut down if the corresponding fan fails. Continue The server is not shut down. Shutdown The server is shut down if the fan is still faulty after the time specified in Action Delay (sec) has elapsed. Action Delay (sec) If you select Shutdown under Fail Action, you can specify a time delay here.

414

iRMC S2

Server Configuration Manager

ASR&R Fan Settings

The server is shut down if the relevant fan fails and is still faulty after the specified time has elapsed.

I If you do not enter a value, the server is shut down immediately

after the fan fails. Set fail action for all fans Here you can specify for all fans whether the server is to be shut down if any fan fails. Continue The server is shut down. Shutdown The server is shut down if the failed fan is still faulty after the time specified in Action Delay (sec) has elapsed.

iRMC S2

415

ASR&R Temperature Settings

Server Configuration Manager

9.5

ASR&R Temperature Settings

The ASR&R Temperature Settings dialog page shows information on the temperature sensors of the managed server. For each sensor, you can also specify whether the server is to be shut down if critical temperature thresholds are reached. Choose ASR&R Temperature Settings.

Figure 227: ASR&R Temperature Settings dialog page

Configure the following settings: Fail Action Specify whether the server is to be shut down if a critical temperature threshold is reached on the selected sensor. Continue The server is not shut down. Shutdown The server is shut down.

416

Server Configuration Manager Configure the following settings:

iRMC LAN Interface

Obtain an IP address automatically (Use DHCP) If you enable Obtain an IP address automatically (Use DHCP), the iRMC S2 gets its LAN settings autonomously from a DHCP server on the network. In this case, the values for IP address, Subnet mask, and Default Gateway are set automatically.

I Do not activate the DHCP option if no DHCP server is

available. If you activate the DHCP option and there is no DHCP server available, the iRMC S2 goes into a search loop (i.e. it constantly searches for a DHCP server). You can specify that the DHCP and DNS services are to be used after initial installation in the following dialog pages: iRMC DHCP DNS Configuration (see page 423) and iRMC DNS Server Configuration (see page 425) or by configuring this in the iRMC S2 web interface (see section Network Settings - Configure the LAN parameters on page 301). By default, the following name is passed to the DHCP server on initial installation of the iRMC S2: iRMC<last 3 bytes of the MAC address>.

IP Address The address of the iRMC S2 in the LAN. This address is different from the IP address of the managed server.

I This entry is only evaluated if DHCP is not activated (see

Obtain an IP address automatically (Use DHCP)). Subnet Mask Subnet mask of the iRMC S2 in the LAN.

I This entry is only evaluated if DHCP is not activated (see

Obtain an IP address automatically (Use DHCP)). Default Gateway IP address of the default gateway in the LAN.

I This entry is only evaluated if DHCP is not activated (see

Obtain an IP address automatically (Use DHCP)).

iRMC S2

419

iRMC LAN Interface

Server Configuration Manager

LAN Speed LAN speed. The following options are available: Auto Negotiation 100 MBit/s Full Duplex 100 MBit/s Half Duplex 10 MBit/s Full Duplex 10 MBit/s Half Duplex

I This option is not supported for all PRIMERGY servers.

I The Service LAN setting is mandatory for the Type TX150 S6

PRIMERGY server. VLAN enabled This option allows you to activate VLAN support for the iRMC S2 VLAN ID VLAN ID of the virtual network (VLAN) the iRMC S2 belongs to. Permitted value range: 1 VLAN Id 4094. VLAN Priority VLAN priority (user priority) of the iRMC S2 in the VLAN specified by VLAN Id. Permitted value range: 0 VLAN Priority 7 (default: 0).

420

iRMC S2

Server Configuration Manager

iRMC Networking Ports

9.7

iRMC Networking Ports Configuring ports and network services

The iRMC Networking Ports dialog page allows you to view and modify the configuration settings for ports and network services.

V CAUTION!
Configuration is not supported for ports where the input fields are deactivated in the iRMC S2 web interface (see page 305). It is only possible to verify whether the ports can be configured using the iRMC S2 Web interface. The preset values must not be changed using the Server Configuration Manager during initial configuration. Select iRMC Networking Ports.

Figure 229: iRMC Networking Ports dialog page

Configure the following settings: HTTP Port HTTP port of the iRMC S2 (non-secure connection) HTTPS Port HTTPS port of the iRMC S2 (secure connection)

iRMC S2

421

iRMC Networking Ports

Server Configuration Manager

Force HTTPS If you disable the Force HTTPS option, users can only establish a nonsecure connection to the iRMC S2 on the HTTP port specified in the entry field. If you enable the Force HTTPS option, users can establish a secure connection to the iRMC S2 on the HTTPS port specified in the entry field.

I You can also configure web access in the iRMC S2 web

interface. If the SSL certificate has expired, a message to this effect is issued in the web browser.

Telnet enabled If you enable the Telnet Enabled option, users can establish a connection to the iRMC S2 on the Telnet port specified in the entry field. Telnet Port Telnet port of the iRMC S2. This input field is only displayed if Telnet enabled is activated. SSH Port SSH port of the iRMC S2 Drop Time (sec) Period of inactivity (in seconds) after which a Telnet connection is automatically cleared. VNC Ports - Standard Port VNC port of the iRMC S2, hard-configured (port number: 80). VNC Ports - Secure Port Secure VNC port of the iRMC S2, hard-configured (port number: 443). Remote Storage Ports - Standard Port Remote storage port of the iRMC S2

422

iRMC S2

Server Configuration Manager

iRMC DNS Registration

9.8

iRMC DNS Registration Configuring the host name for the iRMC S2

The iRMC DNS Registration dialog page allows you to configure a host name for the iRMC S2 and thus use dynamic DNS. Dynamic DNS allows DHCP servers to autonomously pass on the IP address and system name of a network component to DNS servers to facilitate identification. Choose iRMC DNS Registration.

Figure 230: iRMC DNS Registration dialog page

Configure the following settings: Register DHCP address in DNS Enables/disables transfer of the DHCP name to the DHCP server for the iRMC S2. Add serial number The last 3 bytes of the MAC address of the iRMC S2 are appended to the end of the DHCP name of the iRMC S2. Use user defined iRMC Name instead of host name The iRMC name specified in the iRMC Name entry field is used for the iRMC S2 in place of the server name.
iRMC S2

423

iRMC DNS Registration

Server Configuration Manager

iRMC Name iRMC name passed to DHCP for the iRMC S2 in place of the server name. Add user defined extension The extension specified in the Extension entry field is appended to the DHCP name of the iRMC S2. Extension Enter a name extension for the iRMC S2.

424

iRMC S2

Server Configuration Manager

iRMC DNS Server

9.9

iRMC DNS Server Activating DNS for the iRMC S2

The iRMC DNS Server dialog page allows you to activate the Domain Name Service (DNS) for the iRMC S2. This allows you to use symbolic DNS names instead of IP addresses for configuring the iRMC S2. Choose iRMC DNS Server.

Figure 231: iRMC DNS Server dialog page

Configure the following settings: DNS enabled Enables/disables DNS for the iRMC S2. Obtain DNS configuration from DHCP If you activate this option, the IP addresses of the DNS servers are obtained automatically from the DHCP server. In this event, up to five DNS servers are supported. If you do not enabled this setting, you can enter up to five DNS server addresses manually under DNS-Server 1 - DNS-Server 5.

iRMC S2

425

iRMC DNS Server

Server Configuration Manager

426

iRMC S2

Server Configuration Manager

iRMC EMail Alerting

9.10

iRMC EMail Alerting Configure email alerting

iRMC Mail Format Settings Mail-format-dependent settings

The iRMC Mail Format Settings dialog page allows you to configure the mailformat-dependent settings. You specify the mail format for each user using the iRMC User Management dialog page in the iRMC User Account Properties window (see page 434). The following email formats are supported: Standard Fixed Subject ITS-Format Fujitsu REMCS Format

Choose iRMC Mail Format Settings.

Figure 233: iRMC Mail Format Settings dialog page

430

iRMC S2

Server Configuration Manager

iRMC Mail Format Settings

Configure the following settings. (Some entry fields are disabled depending on the mail format): From Sender identification iRMC S2. Active for all mail formats.

I If the string entered here contains an @, the string is

Subject Fixed subject for the alert mails. Only active for the Fixed Subject mail format (see page 437). Message Type of message (email). Only active for the Fixed Subject mail format (see page 437). Administrator Name Name of the administrator responsible (optional). Only active for the ITS mail format (see page 437). Administrator Phone Phone number of the administrator responsible (optional). Only active for the ITS mail format (see page 437).

interpreted as a valid email address. Otherwise, admin@<ipaddress> is used as the valid email address.

REMCS Id This ID is an additional server ID, similar to the serial number. Only active for the mail format Fujitsu REMCS-Format (see page 437). Server URL A URL under which the server is accessible under certain conditions. You have to enter the URL manually. Only active for the Standard mail format (see page 437).

iRMC S2

431

iRMC SNMP Alerting

Server Configuration Manager

9.12

iRMC SNMP Alerting - Configure SNMP Trap alerting

The iRMC SNMP Alerting dialog page allows you to view and configure the settings for SNMP trap alerting.

I Forwarding of SNMP traps to up to seven SNMP servers is supported.

Choose iRMC SNMP Alerting.

Figure 234: iRMC SNMP Alerting dialog page

Configure the following settings: SNMP Community Name Name of the SNMP community. SNMP Trap Destinations (Host Name or IP Address) DNS names or IP addresses of the servers that belong to this community and are to be configured as Trap Destinations.

432

iRMC S2

Server Configuration Manager

iRMC User Management

9.13

iRMC User Management Local user management on the iRMC S2

The iRMC User Management dialog page allows you to configure the local user management settings for the iRMC S2. The dialog page contains a table showing all the configured users: Each line contains the data for one configured user.

I User management on the iRMC S2 requires Configure User Accounts permission. I User ID 1 (null user) is reserved for the IPMI standard and is therefore
unavailable for user management on the iRMC S2. Choose iRMC User Management.

Figure 235: iRMC User Management dialog page

To delete a user, first select the user (by selecting the corresponding line), then click the Delete... button and confirm that you want to delete the user.

iRMC S2

433

iRMC User Management

Server Configuration Manager

Double-click on a line for which the user ID is not yet assigned to any user (empty line) or select such a line and click the Modify ... button to open an empty Edit existing user window (containing default settings), in which you can configure a new user (see figure 236). Double-click on a line for a specific user or select a user and click the Modify ... button to open the Edit existing user window, in which you can view and/or modify the settings for this user (see figure 236).

Figure 236: Edit existing user window

434

iRMC S2

Server Configuration Manager Account enabled Disable this option to lock the user. Account Data

iRMC User Management

This is where you configure the access data for the user. User Name Enter the name of the user. User Description Additional information on the user. Password Enter the user password. Confirm Password Confirm the password by entering it again here. User Privileges This is where you configure the channel-specific user privileges as well as other permissions. LAN Assign a privilege group for a LAN channel to the user here. The following options are available: User Operator Administrator OEM

Refer to section User permissions on page 62 for information on the permissions associated with the privilege groups. Serial Assign a privilege group for a serial channel to the user here: The same privilege groups are available as for LAN Privilege. Can configure users Permission to configure local user access data. Can configure iRMC Permission to configure the iRMC S2 settings. Can use video redirection Permission to use Advanced Video Redirection (AVR) in View Only and Full Control mode.

iRMC S2

435

iRMC User Management

Server Configuration Manager

Can use remote storage Permission to use the Remote Storage functionality. User Shell Select the user shell here. Shell Select the desired user shell here. The following options are available: SMASH CLP See section Start a Command Line shell... - Start a SMASH CLP shell on page 393. Remote Manager See chapter iRMC S2 via Telnet/SSH (Remote Manager) on page 373. IPMI Basic Mode IPMI Terminal Mode None EMail Paging Settings This is where you configure the settings governing the email format and the global email settings. Enabled Specify whether the user is to be informed about system statuses by email.

436

iRMC S2

Server Configuration Manager Format

iRMC User Management

Depending on the selected email format, you can make a number of settings in the iRMC Email Format Settings dialog page (see page 430). The following email formats are available: Standard Fixed Subject ITS-Format Fujitsu REMCS Format a particular paging group.

I Every entry in the event log for the iRMC S2 is assigned to

Address Email address of recipient. Preferred Server Select the preferred mail server. You can choose one of the following options: Automatic If the email cannot be sent successfully immediately, for instance because the preferred mail server is not available, the email is sent to the second mail server. Primary Only the SMTP server which has been configured as the primary SMTP server (see page 428) is used as the preferred mail server. Secondary Only the SMTP server which has been configured as the secondary SMTP server (see page 429) is used as the preferred mail server.

I Errors sending email are recorded in the event log.

iRMC S2

437

iRMC User Management

Server Configuration Manager

In the bottom third of the Edit existing user window, you configure the system events of which an iRMC S2 user is to be notified by email (Paging Severity Configuration). NONE The notification function is deactivated for this paging group. WARNING The iRMC S2 notifies users by email if an entry in the system event log is reported as WARNING.

I If WARNING is set, the user is also notified of system event

log entries with the status CRITICAL. CRITICAL The iRMC S2 notifies users by email if an entry in the system event log is reported as CRITICAL. ALL The iRMC S2 notifies users of every event in this group which causes an entry to be made in the system event log. Confirm your settings by clicking OK.

438

iRMC S2

Server Configuration Manager

iRMC Directory Service

9.14

iRMC Directory Service Configuring the directory service

The iRMC Directory Service dialog page allows you to configure the iRMC S2 for global user management via a directory service (see page 83).

I Currently, support for iRMC S2 LDAP access is provided for the following
directory services: Microsoft Active Directory, Novell eDirectory and OpenLDAP. strings in LDAP: &, |, !, =, <, >, ~, :

I The following characters are reserved as metacharacters for search

You must therefore not use these characters as components of Relative Distinguished Names (RDN). Choose iRMC Directory Service.

Figure 237: iRMC Directory Service dialog page

iRMC S2

439

iRMC Directory Service

Server Configuration Manager

LDAP enable This option specifies whether the iRMC S2 can access a directory service via LDAP. Directory service access via LDAP is only possible if LDAP Enable has been activated.

I If LDAP Enable is checked then the login information (see

page 222) is always transferred with SSL encryption between the web browser and the iRMC S2.

Disable Local Login If you activate this option then all the local iRMC S2 user identifications are locked and only the user identifications managed by the directory service are valid.

V CAUTION!
If the option Disable Local Login is activated and the connection to the directory service fails then it is no longer possible to log in at the iRMC S2. Always use SSL login

I This option is only relevant if LDAP is deactivated.

If you activate this option then the HTTP SSL-secured login page is always used even if LDAP is deactivated. Only if you do not activate Always use SSL Login and LDAP is deactivated is a mask secured via Digest Authentication Login used. Activate the option LDAP Enable. Choose the required directory service from Directory Server Type. Different input fields are provided, depending on the directory service you select: For Active Directory, refer to Configure iRMC S2 for Microsoft Active Directory on page 441. For eDirectory and OpenLDAP, refer to Configuring iRMC S2 for Novell eDirectory / OpenLDAP on page 443.

440

iRMC S2

Server Configuration Manager

iRMC Directory Service

9.14.1 Configure iRMC S2 for Microsoft Active Directory

I The entries shown as examples in figure 238 refer to the examples and
figures shown in section iRMC S2 user management via Microsoft Active Directory on page 107.

Figure 238: iRMC Directory Service (Microsoft Active Directory) dialog page

iRMC S2

441

iRMC Directory Service Configure the remaining settings:

Server Configuration Manager

LDAP Server 1 IP address or DNS name of the LDAP directory server that is to be used. LDAP Server 2 IP address or DNS name of the LDAP directory server which is maintained as the backup server and used as the directory server if LDAP Server 1 fails. Domain Name Complete DNS path name of the directory server. Department Name Department name. The directory service needs the department name in order to determine the user permissions. A user may have different permissions for the department X server than for the department Y server (see also figure 27 on page 90). LDAP SSL Enable If you check this option then data transfer between iRMC S2 and the directory server is SSL encrypted.

I LDAP SSL Enable has no influence on whether or not the iRMC S2 web interface pages are SSL-protected on opening. I You should only activate LDAP SSL Enable if a domain
controller certificate is installed. Base DN Base DN is automatically derived from Domain Name. LDAP Auth. User Name, LDAP Auth Password These settings are not relevant at present. The settings that you make here are required for alerting in connection with global user identifications. However, alerting is currently only supported for local user identifications. Click the Save Page button to complete the directory service configuration and activate the settings.

442

iRMC S2

Server Configuration Manager

Firmware update

This chapter provides you with information about the following topics: iRMC S2 firmware (overview) Creating a memory stick for updating the firmware Updating firmware images Emergency flash flash tools

I The current firmware versions are present on the PRIMERGYServerView

Suite DVD 1 or can be downloaded manually from the Download section of the Fujitsu Technology Solutions web server. You can obtain the up-to-date version of the PRIMERGY ServerView Suite DVD 1 at two-monthly intervals.

I Before updating the firmware, read the supplementary documentation supplied with the new firmware carefully (in particular the Readme files). I The managed server must be rebooted to activate the updated firmware. V CAUTION!
When updating the firmware, note that problem-free operation of the firmware can only be guaranteed if the runtime firmware and the SDR (Sensor Data Record, see page 449) both belong to the same firmware release.

iRMC S2

SDRR (and configuration table) not used

Runtime firmware

8 MB for firmware image 1

SDRR (and configuration table) Bootloader

Figure 240: Structure of the iRMC S2 EEPROM

Bootloader The bootloader checks the firmware image that is currently active. If a firmware error is detected, the bootloader sets the firmware selector to the other firmware image. SDRR (Sensor Data Record Repository) The SDRR contains the Sensor Data Records (SDR) in which sensor information for the managed server is stored. The SDRR also acts as an interface via which you can access the SDRs. Runtime firmware The runtime firmware is the executable part of the iRMC S2's firmware. You can perform a firmware update for each of these areas.

iRMC S2

449

iRMC S2 firmware (overview) Firmware selector

Firmware update

The firmware selector specifies the iRMC S2 firmware to be executed. Every time the iRMC S2 is reset and restarted, the firmware selector is evaluated and processing branches to the corresponding firmware. The firmware selector can have the following values: 0 1 2 3 4 5 Firmware image containing the most recent firmware version firmware image 1 firmware image 2 Firmware image containing the oldest firmware version Firmware image most recently updated Firmware image that has been updated least recently differently after the update.

I Depending on the update variant used, the firmware selector is set

You can query and explicitly set the firmware selector on the iRMC S2 Information page of the iRMC S2 web interface (see Running Firmware on page 242) or using the flash tool (see page 460). .

450

iRMC S2

Firmware update

Setting up the USB memory stick

10.2

Setting up the USB memory stick

iRMC S2 in one of the following ways:

I You do not need the USB memory stick if you update the firmware of the
using the ServerView Update Manager using ServerView Update Manager Express or ASP using the iRMC S2 web interface and TFTP server Proceed as follows: Download the firmware iRMC Firmware Update for USB Stick from the Download section of the Fujitsu Technology Solutions web server to a directory on your computer. or Insert the current PRIMERGY ServerView Suite DVD 1 in the DVD drive of your computer. The following files or following ZIP archive can be found in your download directory or on DVD 1. FTS_<nnnnnnn>.exe FTS_<nnnnnnn>.zip The ZIP archive contains the following files: USBImage.exe iRMC_<Firmware-Version>.IMA Connect the USB memory stick to your computer. Start the file FTS_<nnnnnnn>.exe or the file USBImag.exe. One of the following windows is opened depending on the file you call (see figure 241 on page 452):

iRMC S2

451

Setting up the USB memory stick

Firmware update

Figure 241: Copying the image file to the USB memory stick (with FTS_<nnnnnnn>.exe)

Figure 242: Copying the image file to the USB memory stick (with USBImage.exe)

I If you have called USBImag.exe, then under Image File:, you must
explicitly specify the file iRMC_<Firmware-Version>.IMA. Click Clear USB Device to delete the data from the USB memory stick.

452

iRMC S2

Firmware update

Setting up the USB memory stick

Click Copy Image File to USB Device to copy the file BMC_<Firmware-Version>.IMA to the USB memory stick and extract it.

V CAUTION!
This action overwrites the content of the USB memory stick. When the copy operation is complete, the flash tools and image files are present on the USB memory stick.

Figure 243: Image files and flash tool on the USB memory stick.

iRMC S2

453

Updating firmware images

Firmware update

10.3

Updating firmware images

Since the iRMC S2 firmware executes in the SRAM memory of the iRMC S2, it is possible to update both active and inactive firmware images online, i.e. with the server operating system running. The following methods are available for updating the firmware images: over the iRMC S2 web interface using the ServerView Update Manager using ServerView Update Manager Express or ASP Update using the operating system flash tools.

10.3.1

over the iRMC S2 web interface

The iRMC S2 Firmware Update page allows you to update the firmware of the iRMC S2 by providing the firmware image either locally on the remote workstation or on a TFTP server (see section iRMC S2 Firmware Update on page 256).

10.3.2

Update using the ServerView Update Manager

Using the ServerView Update Manager, you can start the update of the iRMC S2 firmware via a graphical user interface (Windows) or via a command line interface (Windows and Linux). The ServerView Update Manager accesses the update data via its Update Repository on the PRIMERGY ServerView Suite DVD 1 or on the management server. You update the update repository on the management server by means of the Download Manager or by performing a manual download from the Download section of the Fujitsu Technology Solutions web server. For more detailed information on firmware updates with the ServerView Update Manager, see the PRIMERGY ServerView Suite - ServerView Update Manager manual.

454

iRMC S2

Firmware update

Updating firmware images

10.3.3 Online update using ServerView Update Manager Express or ASP

Under Windows and Linux operating systems, you can update the iRMC firmware either using the graphical user interface of ServerView Update Manager Express or by using the ASP (Autonomous Support Package) command interface. Under Windows, you can also start an ASP in the Windows Explorer by doubleclicking the corresponding ASP-*.exe file. For more detailed information on firmware updates with Update Manager Express and ASP, see the ServerView Update Manager Express manual.

10.3.4 Update using the operating system flash tools.

I An online update using the operating system flash tools is only

performed as a recovery flash, i.e. no version check is performed.

You use one of the flash tools flirmcs2, WinFLIRMCS2, rFLIRMCS2 or sFLIRMCS2 depending on the operating system that you are running: DOS Windows: Red Hat Linux: Suse Linux: flirmcs2 WinFLIRMCS2 rFLIRMCS2 sFLIRMCS2

You call the flash tools in the Windows command line (flirmcs2, WinFLIRMCS2) or at the Linux CLI (rFLIRMCS2, sFLIRMCS2). The syntax and operands for the flash tools are described in section Flash tools on page 460. Prerequisites The flash tools and the files for the firmware update must be present in the file system of the managed server. Under Windows and Linux, the ServerView agents must be started on the managed server.

iRMC S2

455

Updating firmware images Proceed as follows:

Firmware update

I An online update using a USB memory stick is described below (see

section Setting up the USB memory stick on page 451). Connect the USB memory stick to the managed server. In the Windows command line or the Linux Command Line Interface (CLI) switch to the drive corresponding to the USB memory stick. Set the firmware selector to the value 4 by calling the flash tool with the parameter /s 4. E.g., in the Windows command line you enter:
WinFLIRMCS2 /s 4

Start the update of the firmware and the SDR data by calling the flash tool with the corresponding update files. E.g., in the Windows command line you enter:
WinFLIRMCS2 dcod<firmware-version>.bin <nnnnnnn>.sdr /i

During the firmware update, the console informs you about the progress of the update operation. If an error occurs, the update operation is aborted and a corresponding return code is reported (see page 462). Restart the managed server. This automatically activates the firmware image with the updated firmware.

456

iRMC S2

Firmware update

Updating firmware images

10.3.5 Update via the FlashDisk menu

I For an update via the FlashDisk menu, you require a bootable USB
memory stick (see section Setting up the USB memory stick on page 451). Proceed as follows: Connect the USB memory stick to the managed server (directly or via remote storage). Boot from the USB memory stick. After completion of the boot operation, the data in the USB memory stick is automatically copied to a RAM disk. The autoexec.bat file is then started automatically. The FlashDisk menu opens:

Figure 244: FlashDisk menu

Normal A normal flash is performed. During a normal flash operation, those areas of the EEPROM that contain the active firmware are checked to see whether they are up to date. If one of these areas is not up to date then the corresponding area for the inactive firmware is updated if it is not already up to date.

iRMC S2

457

Updating firmware images

Firmware update

Recovery _L A recovery flash for firmware image 1 (low firmware image) is carried out. In the case of a recovery flash, the flash is performed for all three areas of firmware image 1 without any version check. A firmware downgrade is only possible via recovery flash. Recovery _U A recovery flash for firmware image 2 (high firmware image) is carried out. In the case of a recovery flash, the flash is performed for all three areas of firmware image 2 without any version check. A firmware downgrade is only possible via recovery flash. Readme The Readme file is opened. Reboot An iRMC S2 warm start is performed. English / German Specify keyboard layout. German is set by default. Start the required update variant by clicking on the corresponding button. During the firmware update, the console informs you about the progress of the update operation. If an error occurs, the update operation is aborted. A corresponding return code is reported (see page 462). Once the update operation has been completed, click on Exit, to close the FlashDisk menu. Remove the USB memory stick from the managed server. Restart the managed server (e.g. with [Ctrl]+[Alt]+[Del]).

458

iRMC S2

Firmware update

Emergency flash

10.4

Emergency flash

If the iRMC S2 firmware can no longer be executed, e.g. because the SDRs are not compatible with the system, then you can use the emergency mode to start the firmware running again. In emergency mode, the system automatically branches to the bootloader and is the ready for the firmware update.

I Emergency mode is indicated by the error LED (global error LED) (rot)
and the identification LED (blue) flashing alternately. To switch the managed server to emergency mode and then update the iRMC S2's firmware, proceed as follows: Disconnect the power supply connector. Insert the connector in the socket again with the Identify key held down. The managed server is now in emergency mode. Boot the server to DOS and use the recovery flash procedure to update the iRMC S2s firmware.

I If the firmware is not active then the boot operation may take up to 2
minutes to start. You can ignore the error message iRMC S2 Controller Error which the BIOS outputs during this period.

iRMC S2

459

Flash tools

Firmware update

10.5

Flash tools
flirmcs2 only in respect of the name and the environment in which they are called. This means that the description below also applies to WinFLIRMCS2, rFLIRMCS2 and sFLIRMCS2. Instead of flirmcs2, you simply enter WinFLRMCS2, rFLIRMCS2 or sFLIRMCS2 as appropriate.

I The tools WinFLIRMCS2, rFLIRMCS2 and sFLIRMCS2 differ from

Syntax flirmcs2 {/v|/o [/4]|/s[<value>]} flirmcs2 {<file1> [<file2>] [<file3>] [/n /l[<logfile>] /d /e /4 /i]} flirmcs2 {/h|/?} Options /v /o /s Displays the current version of the command. Displays the current versions of both firmware images. Displays the value of the firmware selector.

For the Installation Manager, the remote installation of the operating system via iRMC S2 represents a local configuration and installation of the operating system on the administered server which you perform from the remote workstation via the AVR window using remote storage media. The following steps are required in order to perform an installation via the Installation Manager: 1. Connect the storage medium (DVD 1 or Installation Manager boot image) from which you want to boot as remote storage. 2. Boot and configure the managed server via DVD 1 or the Installation Manager boot image. 3. Use the Installation Manager at the remote workstation to install the operating system on the administered server. 4. Optimize mouse pointer synchronization in the AVR window (only necessary under Linux). Installing Windows without the Installation Manager using the Windows installation CD/DVDs You can perform a remote installation of Windows via Remote Storage either using the Installation Manager or exclusively using the Windows installation CD/DVDs. The two procedures correspond in terms of the handling of the remote storage media. However, you are advised to install Windows via the Installation Manager for the following reasons: The Installation Manager itself identifies the required drivers and copies these to the system. All the Installation Manager functions are available to you during installation. This means that you can, for example, configure the entire system including the server management settings. Installations without the Installation Manager have to be controlled via the keyboard since the mouse cursor cannot be synchronized during the installation process. In contrast, if you install using the Installation Manager then all configuration and installation steps can be performed using the mouse. 464

iRMC S2

Remote installation of the operating system

General procedure

If you install without the Installation Manager then all the settings required for mouse cursor synchronization must subsequently be performed manually. Installation using the Installation Manager does not take significantly longer than installation using the operating system CD/DVDs. Installing Linux without the Installation Manager using the Linux installation CD/DVD If you know which drivers are required by the system then you can start the Linux installation by booting from the Linux installation CD/DVD. If the installation requires you to integrate drivers from the floppy disk then, before starting the installation, you must set up a remote storage connection to the storage medium (CD-ROM/DVD-ROM or ISO image) from which you want to boot and if necessary to storage medium for driver installation.

iRMC S2

465

Remote storage connection

Remote installation of the operating system

11.2

Connecting a storage medium as remote storage

Remote Storage makes a virtual drive available which is located elsewhere in the network. The source for the virtual drive can be: Physical drive or image file at the remote workstation. The image file may also be on a network drive (with drive letter, e.g. D: for drive D). Image file provided centrally in the network by means of a remote storage server.

I Parallel remote storage connections:

I The Remote Storage page of the iRMC S2 web interface allows you to
obtain information on the status of the current remote storage connections (see page 366). For detailed information on remote storage, see chapter Remote Storage on page 191.

466

iRMC S2

Remote installation of the operating system

Remote storage connection

Connecting a storage medium as remote storage at the remote storage workstation The following device types are supported when you boot from a virtual drive located at the remote workstation: Floppy disk (physical storage medium)) CD-ROM (physical storage medium) DVD-ROM (physical storage medium) ISO image (image file) USB memory stick (emulates a floppy)

Proceed as follows at the remote workstation to establish the remote storage connection: Log into the iRMC S2 web interface with Remote Storage Enabled permission (see page 222). Open the Advanced Video Redirection (AVR) page and start the AVR (see page 356). Start Remote Storage in the AVR window (see page 193).

iRMC S2

467

Remote storage connection

Remote installation of the operating system

Prepare the storage media for remote storage (see page 196): If installation is performed via the Installation Manager: PRIMERGY ServerView Suite DVD 1 or an Installation Manager boot image and optionally a formatted USB memory stick as a status backup medium. If installation is performed from the vendors installation CD/DVD: Windows or Linux installation CD/DVD and optional drivers.

I It is recommended that the PRIMERGY ServerView Suite DVD 1 and

the operating system installation CD/DVD are stored in a folder as an image file (ISO image) and that they are connected from there as Remote Storage or provided via a Remote Storage server. The prepared storage media are displayed in the Storage Devices dialog box.

Figure 245: Storage Devices dialog box: ServerView Suite DVD 1

Click Connect to connect the DVD ROM drive (DVD 1) or the Installation Manager boot image as remote storage.

468

iRMC S2

Remote installation of the operating system

Remote storage connection

Connect the ISO image (image file) provided by the remote storage server as remote storage You can use an image file provided via the remote storage server for booting from an Installation Manager boot image.

I Before it is possible to use a virtual drive provided via a remote storage

server, the remote storage server must be installed and started (see section Providing remote storage via a Remote Storage server on page 206). To establish the connection to the remote storage server, proceed as follows at the remote workstation: Log into the iRMC S2 web interface with Remote Storage Enabled permission (see page 222). Select the Remote Storage page. Establish the connection to the remote storage server (see page 367).

iRMC S2

469

Booting from DVD 1

Remote installation of the operating system

11.3

Booting the managed server from PRIMERGY ServerView Suite DVD 1 and configuring it with the Installation Manager

Proceed as follows at the remote workstation: Use the iRMC S2 web interface to start up the managed server or reboot the server (see page 265). You can follow the progress of the boot process in the AVR window. During the managed servers BIOS POST phase, remote storage media are displayed as USB 2.0 devices. Remote Storage storage media are represented by the following entries in the BOS boot sequence (see figure 246 on page 471): A (physical) floppy disk is represented by a separate entry FTS RemoteStorage FD-(USB 2.0). All other remote storage device types are represented by the shared entry CD-ROM DRIVE.

I If a local CD-ROM/DVD-ROM drive and a CD-ROM/DVD-ROM

(3)

(1)

(2)

Press the Mouse Sync key (1) (2) (3)

Status backup options or Drag the local mouse pointer to the top-left corner. The servers mouse pointer follows automatically. The mouse pointers are synchronized when they completely overlap and are displayed as a single mouse pointer .

Figure 248: Installation Manager: Selecting the status backup medium

Choose Standard mode as the Installation Manager mode. Specify whether the configuration data is to be stored on a local replaceable data medium or on a network medium:

I Please note that if you do not select any status backup option all the
configuration data is lost when you reboot.
iRMC S2

473

Booting from DVD 1 Status backup medium

Remote installation of the operating system

I The backup medium must not be write-protected.

A USB stick must already be connected to the USB port when the system is booted. If you fail to do this and wish to save the configuration file: Connect the USB stick now and reboot from PRIMERGY ServerView Suite DVD 1. Choose the option on local drive (floppy / USB stick). Select the corresponding drive in the box to the right of this option. For more detailed information on creating Installation Manager status disks, see the manual PRIMERGY ServerView Suite ServerView Installation Manager. Connecting the status medium and/or the installation media via the network Set up the required shares for this purpose.

I If you are making a medium with a prepared configuration

file and/or an installation medium available via the network, you have to choose this option. Depending on your infrastructure, you can either obtain a temporary IP address via DHCP or manually configure an IPv4 or IPv6 address for the current Installation Manager session.

Start the Installation Manager by clicking Continue.

474

iRMC S2

Remote installation of the operating system Starting local deployment

Booting from DVD 1

The Welcome screen appears when you start the Installation Manager:

Figure 249: Installation Manager - Welcome screen

iRMC S2

475

Booting from DVD 1

Remote installation of the operating system

Click Deployment to start preparation of the local installation (deployment). To prepare the installation, the Installation Manager wizards take you through a sequence of configuration steps that gather specifications for configuring the system and for subsequent unattended installation of the operating system.

I Configure the local CD ROM/DVD ROM drive of the managed server

as the installation source. You can then also make the Windows installation CD/DVD available from the CD ROM/DVD ROM drive of the remote workstation if you connect it to the managed server as remote storage (see section Installing Windows on the managed server after configuration on page 477).

Once you have completed configuration with the Installation Manager, the Installation Info dialog page for the Windows installation (see page 477) or for the Linux installation (see page 481) is displayed. This allows you to start the installation process.

476

iRMC S2

Remote installation of the operating system

Windows

11.4

Installing the operating system on the managed server after configuration

Once you have completed configuration, you should install the operating system on the managed server.

11.4.1 Installing Windows on the managed server after configuration

After configuration has been completed, the Installation Manager displays the following dialog page:

Figure 250: Installation Manager - Start installation

480

iRMC S2

Remote installation of the operating system

Linux

11.4.2 Installing Linux on the managed server after configuration

I The mouse can be used but not synchronized during Linux installation. I Whenever you change a remote storage medium, you must remove the
After configuration has been completed, the Installation Manager displays the following dialog page:

remote storage connection for the currently connected medium and then connect the new medium as remote storage.

Figure 253: Installation Manager - Start installation

If you have configured the local CD ROM/DVD ROM drive of the managed server as the installation source, proceed as follows at the remote workstation:

iRMC S2

481

Linux

Remote installation of the operating system

Clear your currently active remote storage connections. For more detailed information on clearing remote storage connections, see page 204. Remove PRIMERGY ServerView Suite DVD 1 from the DVD ROM drive at the remote workstation. Insert the Linux installation CD/DVD in this DVD ROM drive.

Close the application if autostart is active.

Connect the CD ROM/DVD ROM drive containing the Linux installation CD/DVD as remote storage (see page 200). Click Start installation. All the installation files are copied to the managed server. The Installation Manager opens a confirmation dialog page when the copy operation is complete and prompts you to remove all the storage media from the removable media drives before the managed server is rebooted.

482

iRMC S2

Remote installation of the operating system

Linux

Figure 254: Storage Devices dialog box: Clearing Remote Storage connections

Click on Disconnect... to remove all the remote storage connections. Safely remove the storage device, i.e. ensure that no more applications/programs are accessing the storage media. On the confirmation dialog page, click Ok to reboot the managed server. Once the managed server has rebooted, you can monitor the entire installation by means of the AVR (see figure 255 on page 484).

iRMC S2

483

Linux

Remote installation of the operating system

Figure 255: The managed server is booted from the Linux installation CD.

484

iRMC S2

Remote installation of the operating system The following dialog page is displayed once booting is complete:

Linux

Figure 256: Linux Installation - License Agreement

I To ensure perfect mouse cursor synchronization, you must adapt the

required settings at the managed server once the operating system has been installed. For information on how to do this, see section Managed Linux server: Adjusting the settings for synchronization of the mouse pointers on page 180.

iRMC S2

485

IPMI OEM Commands

This section describes a selection of OEM-specific IPMI commands supported by the iRMC S2.

12.1

Overview

The following OEM-specific IPMI commands are supported by the iRMC S2: SCCI-compliant Power On/Off commands (SCCI: ServerView Common Command Interface) 0115 Get Power On Source 0116 Get Power Off Source 011C Set Power Off Inhibit 011D Get Power Off Inhibit 0120 Set Next Power On Time

SCCI-compliant communication commands 0205 System OS Shutdown Request 0206 System OS Shutdown Request and Reset 0208 Agent Connect Status 0209 Shutdown Request Canceled

SCCI-compliant signaling commands 1002 Write to System Display

Firmware-specific commands 2004 Set Firmware Selector 2005 Get Firmware Selector C019 Get Remote Storage Connection C01A Set Video Display on/off

iRMC S2

487

Overview

IPMI OEM Commands

BIOS-specific command F109 Get BIOS POST State F115 Get CPU Info

iRMC S2-specific commands F510 Get System Status F512 Get EEPROM Version Info F543 Get SEL entry long text F545 Get SEL entry text F5B0 Set Identify LED F5B1 Get Identify LED F5B3 Get Error LED F5DF Set Nonvolatile Cfg Memory to Default Values F5E0 Set Configuration Space to Default Values F5F8 Delete User ID

488

iRMC S2

IPMI OEM commands

Description format

12.2

Description of the IPMI OEM commands

The following sections describe the individual OEM-specific IPMI commands.

12.2.1 Description format

The OEM-specific IPMI commands contained in this chapter are described in the format used by the IPMI standard for describing IPMI commands. The IPMI standard describes the IPMI commands using command tables which list the input and output parameters for each command. You can find information on the IPMI standards on the Internet under: http://developer.intel.com/design/servers/ipmi/index.htm

iRMC S2

489

SCCI-compliant Power On/Off commands

IPMI OEM Commands

12.2.2 SCCI-compliant Power On/Off commands

01 15 - Get Power On Source This command returns the reason for the most recent Power On. The possible reasons are listed below.
Request Data 1:3 4 Response Data 1 2:4 3 4 B8 01 NetFnlLUN: OEM/Group Cmd : Command Group Communication IANA-Enterprise-Number FTS, LS byte first

80 28 00 15 BC 01

Command Specifier

Completion Code 80 28 00 01 IANA-Enterprise-Number FTS, LS byte first Data Length

Power on Source: Cause of last power on

Power on Source 0x00 0x01 0x02 0x03 0x04 0x05 0x08 0x09 0x0C 0x15 0x16 0x1A 0x1D 0x1E

Description Software or command Power switch (on the front panel or keyboard) Automatic restart after power failure Clock or timer (hardware RTC or software timer) Automatic restart after fan failure shutdown Automatic restart after critical temperature shutdown Reboot after watchdog timeout Remote on (modem RI line, SCSI termination power, LAN, chip card reader...) Reboot after a CPU error Reboot by hardware reset Reboot after warm start Powered on by a PCI Bus Power Management Event Powered on by remote control via remote manager Reboot/reset by remote control via remote manager

490

iRMC S2

IPMI OEM Commands 01 16 - Get Power Off Source

SCCI-compliant Power On/Off commands

This command returns the reason for the most recent Power Off. The possible reasons are listed below.
Request Data 1:3 4 Response Data 1 2:4 3 4 B8 01 NetFnlLUN: OEM/Group Cmd : Command Group Communication IANA-Enterprise-Number FTS, LS byte first

80 28 00 16 BC 01

Command Specifier

Completion Code 80 28 00 01 IANA-Enterprise-Number FTS, LS byte first Data Length Cause of last power off

Power off Source:

Power off Source 0x00 0x01 0x02 0x03 0x04 0x05 0x08 0x0C 0x1D

Description Software (SWOFF, power off by command) Power switch (on the front panel or keyboard) AC power fail Clock or timer (hardware RTC or software timer) Fan failure Critical temperature Final power-off after repeated watchdog timeouts Final power-off after repeated CPU errors Powered off by remote control via remote manager

iRMC S2

491

SCCI-compliant Power On/Off commands 01 1C - Set Power Off Inhibit

IPMI OEM Commands

This command sets the Power Off Inhibit flag, which temporarily suppresses any unfounded attempt to power down the server. If the Power Off Inhibit flag is set, the firmware saves the cause of any attempt to perform a Power Off, Power Cycle or restart of the server, but does not perform the action. The cause of the most recent attempt to perform a Power Off, Power Cycle or restart of the server is always saved at any given time. The stored action is only performed when the Power Off Inhibit flag is reset. The Power Off Inhibit flag is automatically reset after a power failure or when the reset button is pressed. The effect of the Power Off Inhibit flag is the same as that of the Dump flag used when creating a main memory dump. In this case, the initiator must set the flag before making the dump and reset it when the dump is complete.
Request Data 1:3 4 5 6:7 8 9 Response Data 1 2:4 B8 01 NetFn|LUN: OEM/Group Cmd : Command Group Communication IANA-Enterprise-Number FTS, LS Byte first

80 28 00 1C 00

Command Specifier Object ID

00 00 Value ID 01 Data Length

Power Off Inhibit Flag: 0 no Inhibit, 1 Inhibit BC 01 Completion Code 80 28 00 IANA-Enterprise-Number FTS, LS Byte first

492

iRMC S2

IPMI OEM Commands 01 1D - Get Power Off Inhibit

SCCI-compliant Power On/Off commands

This command gets the value of the Power Off Inhibit flag. For further details on the Power Off Inhibit flag, see the description of 01 1C - Set Power Off Inhibit on page 492
Request Data 1:3 4 Response Data 1 2:4 5 6 B8 01 NetFn|LUN: OEM/Group Cmd : Command Group Communication IANA-Enterprise-Number FTS, LS Byte first

80 28 00 1D BC 01

Command Specifier

Completion Code 80 28 00 IANA-Enterprise-Number FTS, LS Byte first

01 Response Data Length Power Off Inhibit Flag: 0 no Inhibit, 1 Inhibit

iRMC S2

493

SCCI-compliant Power On/Off commands 01 20 - Set Next Power On Time

IPMI OEM Commands

This command switches on a system at the given time independent of the stored On/Off times in the Configuration Space.

I The command takes effect only once.

You cancel a Power On time previously set with a 01 20 command by specifying the Power On time 0 in a subsequent 01 20 command.
Request Data 1:3 4 5 6:7 8 9:12 Response Data 1 2:4 B8 01 NetFnlLUN: OEM/Group Cmd : Command Group Communication IANA-Enterprise-Number FTS, LS byte first

80 28 00 20 00

Command Specifier Object ID

00 00 Value ID 04 Data Length

Time (LSB first) (see below) BC 01 Completion Code 80 28 00 IANA-Enterprise-Number FTS, LS byte first

Time (LSB first) Time (UNIX-specific format) when the system switches on again. Time is NOT stored in non-volatile memory. Resolution is 1 minute. After the system has switched on, Time is set to 0 internally. If Time == 0, the system is not switched on.

494

iRMC S2

IPMI OEM commands

SCCI-compliant communication commands

12.2.3 SCCI-compliant communication commands

I Die SCCI-compliant communication commands require that the Agent

Service is running under the OS. To execute the commands, the iRMC S2 communicates with Agent which finally performs the action. 02 05 - System OS Shutdown Request This command initiates shutdown of the servers operating system.
Request Data 1:3 4 Response Data 1 2:4 B8 02 NetFnlLUN: OEM/Group Cmd : Command Group Communication IANA-Enterprise-Number FTS, LS byte first

80 28 00 05 BC 02

Command Specifier

Completion Code 80 28 00 IANA-Enterprise-Number FTS, LS byte first

02 06 - System OS Shutdown Request and Reset This command initiates the shutdown of the servers operating system and subsequently restarts the system.
Request Data 1:3 4 Response Data 1 2:4 B8 02 NetFnlLUN: OEM/Group Cmd : Command Group Communication IANA-Enterprise-Number FTS, LS byte first

80 28 00 06 BC 02

Command Specifier

Completion Code 80 28 00 IANA-Enterprise-Number FTS, LS byte first

iRMC S2

495

SCCI-compliant communication commands 02 08 - Agent Connect Status This command checks whether the agent is active.
Request Data 1:3 4 Response Data 1 2:4 5 6 B8 02 NetFnlLUN: OEM/Group

IPMI OEM commands

Cmd : Command Group Communication IANA-Enterprise-Number FTS, LS byte first

80 28 00 08 BC 02

Command Specifier

Completion Code 80 28 00 01 IANA-Enterprise-Number FTS, LS byte first

Data Length

Connect Status: 00 = Connection lost, agent not connected. 01 = Connection re-established, agent connected.

02 09 Shutdown Request Cancelled This command cancels a shutdown request that has been issued.
Request Data 1:3 4 Response Data 1 2:4 B8 02 NetFnlLUN: OEM/Group Cmd : Command Group Communication IANA-Enterprise-Number FTS, LS byte first

80 28 00 09 BC 02

Command Specifier

Completion Code 80 28 00 IANA-Enterprise-Number FTS, LS byte first

496

iRMC S2

IPMI OEM commands

SCCI-compliant signaling command

12.2.4 SCCI-compliant signaling command

Completion Code 80 28 00 IANA-Enterprise-Number FTS, LS Byte first

[7:1] - reserved [0] - BIOS POST State : 0 = BIOS is not in POST 1 = BIOS is in POST

502

iRMC S2

IPMI OEM commands F1 15 - Get CPU Info

BIOS-specific commands

This command returns CPU-internal information. The iRMC S2 gets this information from the BIOS during the POST phase.
Request Data 1:3 4 5 Response Data 1 2:4 5:6 7 8 9:10 11:12 13 14 15 16:17 18:19 20:21 B8 F1 NetFnlLUN: OEM/Group Cmd : Command Group BIOS IANA-Enterprise-Number FTS, LS Byte first

80 28 00 15

Command Specifier

Socket Number (0-based) of the CPU BC F1 Completion Code: 01 = Unpopulated CPU Socket 80 28 00 IANA-Enterprise-Number FTS, LS Byte first

CPU ID, LS Byte first Platform ID Brand ID Maximal Core Speed of the CPU [MHz], LS Byte first Intel Qickpath Interconnect in Mega Transactions per second, LS Byte first T-Control Offset T-Diode Offset CPU data Spare Record ID CPU Info SDR, LS Byte first Record ID Fan Control SDR, LS Byte first CPU ID High Word, LS Byte first (0 if none)

iRMC S2

503

iRMC-specific commands

IPMI OEM commands

12.2.7 iRMC S2-specific commands

F5 10 - Get System Status This command returns a variety of internal information on the system such as the power state, error status, etc.
Request Data 1:3 4 5:8 Response Data 1 2:4 5 6 7 8 B8 F5 NetFnlLUN: OEM/Group Cmd : Command Group Memory IANA-Enterprise-Number FTS, LS byte first

80 28 00 10

Command Specifier

Timestamp BC F5 Completion Code 80 28 00 IANA-Enterprise-Number FTS, LS byte first

System Status (For details see below.) Signaling (For details see below.) Notifications (For details see below.) POST Code

I The Timestamp is only relevant for evaluating the Notifications Byte.

System Status Bit 7 - System ON Bit 6 Bit 5 Bit 4 - SEL entries available Bit 3 Bit 2 - Watchdog active Bit 1 - Agent connected Bit 0 - Post State

504

iRMC S2

IPMI OEM commands

iRMC-specific commands

Signaling Bit 7 - Localize LED Bit 6 Bit 5 Bit 4 Bit 3 - CSS LED Bit 2 - CSS LED Bit 1 - Global Error LED Bit 0 - Global Error LED Notifications Bit 7 - SEL Modified (New SEL Entry) Bit 6 - SEL Modified (SEL Cleared) Bit 5 SDR Modified Bit 4 - Nonvolatile IPMI Variable Modified Bit 3 - ConfigSpace Modified Bit 2 Bit 1 Bit 0 - New Output on LocalView display

iRMC S2

505

iRMC-specific commands F5 12 - Get EEPROM Version Info

IPMI OEM commands

This command returns information on the current versions (bootloader, firmware and SDR) stored in the EEPROM(s).
Request Data 1:3 4 5 Response Data 1 2:4 5 6 7 8:10 11 12 13 14 15 16 17 18 19:20 B8 F5 NetFnlLUN: OEM/Group Cmd : Command Group Memory IANA-Enterprise-Number FTS, LS byte first

80 28 00 12

Command Specifier

EEPROM# 00=EEPROM 1; 01=EEPROM 2 BC F5 Completion Code 80 28 00 Status IANA-Enterprise-Number FTS, LS byte first 00=Checksum Error Runtime FW, 01=OK Binary coded BCD coded Binary coded (major/minor/res.) ASCII coded letter BCD coded BCD coded ASCII coded letter LSB binary coded MSB binary coded Binary coded BCD coded Binary coded (major/minor)

Major FW Revision Minor FW Revision Aux. FW Revision Major FW Revision Major SDRR Revision Minor SDRR Revision SDRR Revision Char. SDRR-ID SDRR-ID Major Booter Revision Major Booter Revision Aux. Booter Revision

506

iRMC S2

IPMI OEM commands F5 43 - Get SEL entry long text

iRMC-specific commands

This command translates a given SEL entry into long text.

Request Data 1:3 4 5:6 B8 F5 NetFn|LUN: OEM/Group Cmd : Command Group iRMC IANA-Enterprise-Number FTS, LS Byte first Command Specifier of SEL record, LS Byte first 0x0000: get first record 0xFFFF: get last record in response SEL text size of Converted SEL data (16:n) in response

80 28 00 43 Record ID

7 8 Response Data 1 2:4 5:6 7:8 9 10:13 14

Offset MaxResponseDataSize BC F5 Completion Code: 80 28 00

IANA-Enterprise-Number FTS, LS Byte first

Next Record ID Actual Record ID Record type Timestamp Severity: Bit 7: Bit 6-4: 0 = No CSS component 1 = CSS component 000 = INFORMATIONAL 001 = MINOR 010 = MAJOR 011 = CRITICAL 1xx = Unknown reserved, read as 0000

Bit 3-0: 15 16:n n+1 Data length

of the whole text requested part (n = 16 + MaxResponseDataSize - 1) trailing '\0' character

Converted SEL data String Terminator

iRMC S2

507

iRMC-specific commands F5 45 - Get SEL Entry Text

IPMI OEM commands

This command translates a given System Event Log SEL entry into ASCII text.
Request Data 1:3 4 5:6 Response Data 1 2:4 5:6 7:8 9 10:13 14 B8 F5 NetFnlLUN: OEM/Group Cmd : Command Group iRMC IANA-Enterprise-Number FTS, LS Byte first

80 28 00 45

Command Specifier

Record ID of SDR, LS Byte first BC F5 Completion Code 80 28 00 IANA-Enterprise-Number FTS, LS Byte first

Bit 3-0: 15 16:35 Data length Converted SEL data

508

iRMC S2

IPMI OEM commands F5 B0 - Set Identify LED

iRMC-specific commands

This command allows you to switch the Identify LED (blue) of the server on and off. In addition, you can set and read the GPIOs that are directly connected to the Identify LED.

I You can also switch the Identify LED on and off using the Identify switch
on the server.
Request Data 1:3 4 5 B8 F5 NetFnlLUN: OEM/Group Cmd : Command Group BMC IANA-Enterprise-Number FTS, LS byte first

80 28 00 B0

Command Specifier

Identify LED: 0: Identify LED off 1: Identify LED on BC F5 Completion Code 80 28 00 IANA-Enterprise-Number FTS, LS byte first

Response Data

1 2:4

F5 B1 - Get Identify LED This command returns information on the status of the Identify LED (blue) of the server.
Request Data 1:3 4 Response Data 1 2:4 5 B8 F5 NetFnlLUN: OEM/Group Cmd : Command Group BMC IANA-Enterprise-Number FTS, LS byte first

80 28 00 B1 BC F5

Command Specifier

Completion Code 80 28 00 IANA-Enterprise-Number FTS, LS byte first

State of Identify LED (only bit 0 is relevant)

iRMC S2

509

iRMC-specific commands F5 B3 - Get Error LED

[11]

[12]

[13]

[14]

[15]

[16]

[17]

514

iRMC S2

Related publications [18] PRIMERGY ServerView Suite ServerView Threshold Manager User Guide PRIMERGY ServerView Suite ServerView Performance Manager User Guide PRIMERGY ServerView Suite ServerView Download Manager ServerView User Guide PRIMERGY ServerView Suite ServerView Update Manager User Guide PRIMERGY ServerView Suite ServerView Update Manager Express User Guide PRIMERGY ServerView Suite PrimeUp User Guide PRIMERGY ServerView Suite Bootable Update CD User Guide PRIMERGY ServerView Suite ServerView Online Diagnostics User Guide PRIMERGY ServerView Suite Local Service Concept (LSC) User Guide PRIMERGY ServerView Suite PrimeCollect User Guide

[19]

[20]

[21]

[22]

[23]

[24]

[25]

[26]

[27]

iRMC S2

515

Related publications [28] PRIMERGY ServerView Suite ServerView Virtual-IO Manager User Guide PRIMERGY ServerView Suite ServerView Virtual-IO Manager CLI Command Line Interface PRIMERGY ServerView Suite ServerView Integration Overview PRIMERGY ServerView Suite ServerView Integration in MOM User Guide PRIMERGY ServerView Suite ServerView Integration Pack for MS SCOM User Guide PRIMERGY ServerView Suite ServerView Integration Pack for MS SMS User Guide PRIMERGY ServerView Suite DeskView and ServerView Integration Pack for Microsoft SCCM User Guide PRIMERGY ServerView Suite ServerView Integration in HP OpenView NNM User Guide PRIMERGY ServerView Suite ServerView Integration in HP Operations Manager User Guide PRIMERGY ServerView Suite ServerView Integration Pack in Tivoli NetView User Guide PRIMERGY ServerView Suite ServerView Integration Pack in Tivoli TEC User Guide

[29]

[30]

[31]

[32]

[33]

[34]

[35]

[36]

[37]

[38]

516

iRMC S2

Related publications [39] PRIMERGY ServerView Suite ServerView Integration in DeskView User Guide PRIMERGY ServerView Suite ServerView Remote Management Frontend User guide PRIMERGY ServerView Suite iRMC - integrated Remote Management Controller User Guide PRIMERGY ServerView Suite iRMC S2 - integrated Remote Management Controller User Guide PRIMERGY ServerView Suite Provision of ServerView Software on the Internet Description PRIMERGY BX300 Blade Server Systems Operating Manual PRIMERGY BX600 Blade Server Systems Operating Manual PRIMERGY BX600 Blade Server Systems ServerView Management Blade S3 User Interface Description User Guide PRIMERGY BX900 Blade Server Systems Operating Manual PRIMERGY BX900 Blade Server Systems ServerView Management Blade S1 User Interface Description User Guide PRIMERGY Blade Server System LAN Switch Blade User Interface Description User Guide

[40]

[41]

[42]

[43]

[44]

[45]

[46]

[47]

[48]

[49]

iRMC S2

517

Related publications [50] BIOS-Setup Description PRIMEPOWER ServerView Suite System Administration within a Domain User Guide FibreCAT CX Monitoring FibreCAT SX systems with ServerView Operations Manager Welcome Guide FibreCAT SX Monitoring FibreCAT SX systems with ServerView Operations Manager Welcome Guide StorMan Provisioning and managing virtualized storage resources Administrator and User Guide APC network management card Users Guide VMware VMware ESX Server Installation Guide VMware VMware ESX Server Administration Guide

[51]

[52]

[53]

[54]

[55]

[56]

[57]

518

iRMC S2

Index
A Active Directory 18, 59, 83, 441 configuration using the iRMC S2 web interface 336 configuration using the Server Configuration Manager 441 iRMC S2 groups and user permissions 113 advanced features 412 Advanced Video Redirection see also AVR Advanced Video Redirection (AVR) 356 alert role assigning users 163 alert roles displaying 161 alert types 157 alerting configuring 56, 58, 313, 432 analog fans 285 ASP 455 ASR&R Fan Settings 414 ASR&R options configuring 298 ASR&R settings configuring 414, 416 ASR&R Temperature Settings 416 assign iRMC S2 users to a group 113, 140 remote storage server to iRMC S2 367 remote storage server to the iRMC S2 412 assign iRMC S2 users to the OU iRMCgroups in eDirectory 140 Autonomous Support Package see ASP AVR 167 checking requirements 168 integrated special keys 173 Local Monitor Off function 172 menus 183 parallel sessions 171 redirecting the keyboard 171 redirecting the mouse 175 Secure Keyboard 174 special key combinations 173 starting 356 using 170 virtual keyboard 174, 184 AVR window Extras menu 183, 184 Languages menu 187 Preferences menu 188 Remote Storage menu 187 B BIOS text console 345 BIOS text console redirection configuring 44, 45, 345 boot iRMC S2 242 boot options configuring 264 boot watchdog 299 C CA (Certification Authority) 108 CA certificate loading from local file 251 CA DSA/RSA certificate showing 249 call Remote Storage server GUI 214 CD ISO image (image file) 197 certificate self-signed 254 Certification Authority (CA) 108

iRMC S2

519

Index certification authority, see CA channel-specific permission group 62 privileges 62 check fan 414 power supply 289 see also Enclosure Information 388 sensors 283 server component 290 temperature sensor 286 temperature sensors 416 voltage sensor 288 check temperature 388 CLP 397 syntax 397 user data 399 CLP, see also SMASH CLP color code (sensor) 283 Command Line Protocol (CLP) 397 command line shell (Remote Manager) 393 communication interfaces (iRMC S2) 21 component status 290 components (server) monitoring 290 configuration 410, 427 configuration file (SVS_LdapDeployer) 96 configuration tools, LAN interface 40 configuration using the Server Configuration Manager 401 Active Directory 441 ASR&R Fan Settings 414 ASR&R Temperature Settings 416 calling from the Operations Manager 405 calling from the Windows Start menu 402, 403 eDirectory 441, 443 iRMC advanced features 412 iRMC directory service 439 iRMC DNS registration 423 iRMC DNS server 425 iRMC LAN interface 418 iRMC mail alerting 427 iRMC mail format settings 430 iRMC networking ports 421 iRMC SNMP alerting 432 iRMC user management 433 OpenLDAP 443 power consumption 410 power consumption control 410 requirements 401 starting system configuration 402 user ID (iRMC user management) 433 user ID (iRMC user manangement) 433 configure 427 alerting 56, 58, 313, 432 ASR&R options 298 ASR&R settings 414, 416 boot options 264 console redirection 45, 345 directory dervice 439 directory service 333, 441 directory service (eDirectory) 340 directory service (OpenLDAP) 340 directory service on the iRMC S2 439 DNS for iRMC S2 311, 425 eDirectory 128, 441 eDirectory for LDAP 129 email alerting 317 Ethernet settings (iRMC S2) 302, 418 global email alerting 160 host name for iRMC S2 309, 423 HP SIM integration 413 HP SIM-Integration 300 IP parameters (iRMC S2) 418

520

iRMC S2

Index iRMC S2 37 iRMC S2 over the web interface 55 LAN interface 38, 41, 55, 57, 301 LAN parameters (iRMC S2) 418 LDAP access on the iRMC S2 108 mail alerting 427 mail-format-dependent settings 321, 430 new user 325, 434 OpenLDAP 148, 443 ports and network services (iRMC S2) 305, 421 power consumption 272, 278, 410 power on/off times (server) 269 Remote Storage server 215 serial interface 51 serial/modem alerting 315 server management information 297 SNMP trap alerting 314 system event log (server) 295 text console redirection 44, 45, 345 user 325 user (details) 326 users 323, 433 users, locally 323, 433 watchdog settings 299 configure power consumption 272 configure users locally 323, 433 connection to Remote Storage, terminating 204 connection to remote storage server clearing 367 establishing 367 console logging 394 console redirection configuring 345 starting (Remote Manager) 392 while the operating system is running 49, 354 ConsoleOne installing 126 starting 127 copyright (SSL) 164 create NDS tree (eDirectory) 128 creating an SSH key pair 70 CSS LED 233 current monitoring 288 current power consumption 278 D default DHCP name (iRMC S2) 34 device type (remote storage) 197 DHCP configuration 309 directory service 18, 59, 83, 333, 439 see also Active Directory, eDirectory, OpenLDAP directory service see also Directory Service display alert roles 161 current DSA certificate 249 display permission groups 95 display user roles 94 DNS for iRMC S2 configuring 311, 425 DNS registration 423 DNS server (Server Configuration Manager) 425 DNS settings 311 documentation 14 domain controller 110 domain controller certificate 110, 112 DSA certificate default certificate 247 displaying current 249 entering directly 253 restoring default certificate 250

iRMC S2

521

Index DSA key (private) entering directly 253 loading on the iRMC S2 247 providing in file 252 DSA/RSA certificate entering directly 253 input format 247 loading on the iRMC S2 247 showing 249 DSA/RSA key entering directly 253 input format 247 DVD ISO image (image file) 197 E eDirectory 18, 59, 83, 441, 443 administration tips 144 assigning iRMC S2 users to the OU iRMCgroups 140 configuration using the Server Configuration Manager 441 configuring 128 configuring for LDAP 129 creating Principal User for iRMC 136 iRMC S2 groups and user permissions 136 LDAP authentication process 135 software components and system requirements 120 testing access via LDAP browser 133 eDirectory Server installing 122 email alerting configuring 317, 427 email alerting, global 156 email configuration 330 email see also mail emergency mode 459 enclosure information (Remote Manager) 387 enter DSA certificate 253 DSA/RSA key 253 Enterprise CA 108 Enterprise Certification authority, see Enterprise CA 108 error icon 291 error list error icon 291 error log error icon 291 Ethernet 302 Ethernet settings (iRMC S2) configure 418 configuring 302, 418 execution mode Remote Storage server 213 exit Remote Storage server 218 F factory defaults, iRMC S2 34 fan checking 414 testing 285 fan test 285 fans monitoring 284 firmware updating 447 firmware image, iRMC S2 448 firmware selector, iRMC S2 450 firmware update online update 256, 454 operands 460 firmware, iRMC S2 448 flash tools flirmcs2 455 online update (firmware) 455 rFLIRMCS2 455 sFLIRMCS2 455 syntax and operands 460 WinFLIRMCS2 455 FlashDisk menu
actor y defaults, iRMC S2 121

522

iRMC S2

Index FlashDisk menu offline update (firmware) functions, iRMC S2 15 see also remote installation of the operating system Windows 477 installing eDirectory administration utilities 122 eDirectory Server 122 integrated special keys (AVR) 173 Intelligent Platform Management Interface, see IPMI interfaces (iRMC S2) 21 IPMB 24 IPMI background 22 channel concept 29 definition 22 implementation 24 IPMI-over-LAN interface 27 references 30 Serial Over LAN (SOL) 28 standards 24 user IDs 30 IPMI OEM commands 487 0115 - Get Power On Source 490 0116 - Get Power Off Source 491 011C - Set Power Off Inhibit 492 0120 - Set Next Power On Time 494 0205 - System OS Shutdown Request 495 0206 - System OS Shutdown Request and Reset 495 0208 - Agent Connect Status 496 0209 Shutdown Request Cancelled 496 1002 - Write to System Display 497 2004 - Set Firmware Selector 498 2005 - Get Firmware Selector 499 C019 - Get Remote Storage Connection or Status 500

457

G generate self-signed certificate 254 global email alerting 156 configuring 160 global email paging configuration 318 Global Error LED 233 global iRMC S2 user ID 59 global iRMC S2 user management 83 via Active Directory 107 via eDirectory 120 via OpenLDAP 147 H helpdesk information 296 host name (iRMC S2) 423 configure 423 configuring 309 see also iRMC S2 name HP SIM integration configuring 300, 413 I ICMB 24 identification LED 234, 391 image file (ISO image) 197 image file (ISO/NRG image) 206 image file, see also ISO image iManager installing 124 login 125 install ConsoleOne 126 iManager 124 Linux 481 OpenLDAP 147 operating system 463 Remote Storage server 207

iRMC S2

523

Index C01A - Set Video Display On/Off 501 description format 489 F109 - Get BIOS POST State 502 F115 - Get CPU Info 503 F510 - Get System Status 504 F512 - Get EEPROM Version Info 506 F543 - Get SEL entry long text 507 F545 - Get SEL Entry Text 508 F5B0 - Set Identify LED 509 F5B1 - Get Identify LED 509 F5B3 - Get Error LED 510 F5DF - Reset Nonvolatile Cfg Variables to Default 511 F5E0 - Reset ConfigSpace variables to default 511 F5F8 - Delete User ID 512 overview 487 IPMI OEMcommands 011D - Get Power Off Inhibit 493 iRMC factory defaults 121 iRMC advanced features 412 iRMC directory service 439 configuring Active Directory 441 configuring eDirectory 443 configuring OpenLDAP 443 configuring the eDirectory 441 iRMC directory service configuration 439 iRMC DNS registration 423 iRMC DNS server (Server Configuration Manager) 425 iRMC LAN interface 418 iRMC mail alerting 427 iRMC mail format settings (Server Configuration Manager) 430 iRMC S2 21 Advanced Video Redirection (AVR) 356 AVR 167 communication interfaces 21 configuring 37 configuring over the web interface 55 configuring the LAN interface 38, 41, 55, 57, 301 configuring the serial interface 51 configuring with the Server Configuration Manager 57 default DHCP name 34 factory defaults 34 firmware 256, 448 firmware image 448 firmware image information 257 firmware selector 450 functions 15 license key 167, 191 local monitor off 172, 360 logging in (requirements) 33 logging into the web interface 35, 222 online update (firmware) 454 permissions 63 power consumption configuration 272 power consumption control 410 power supply 270 remote installation of the operating system 463 remote storage 187, 191, 206, 366 Remote Storage server 206 restarting 242 show current power consumption 278 SSH key 74 testing the LAN interface 43 user interface 228 user management 59 user permissions 62

524

iRMC S2

Index iRMC S2 configuration using the Server Configuration Manager, see configuration using the Server Configuration Manager iRMC S2 firmware settings 245 iRMC S2 information 241 iRMC S2 SSH access 368 iRMC S2 Telnet access 368 iRMC S2 user creating in OpenLDAP 152 iRMC S2 user group assigning 113, 140 iRMC S2 user management global via Active Directory 107 global via eDirectory 120 global via OpenLDAP 147 integrating in OpenLDAP 150 iRMC S2 users assigning 113, 140 iRMC S2 web interface 221 Advanced Video Redirection (AVR) 356 alerting 313 alerting - email alerting 317 alerting - serial/modem alerting 315 alerting - SNMP trap alerting 314 BIOS text console 345 certificate upload 247 configuring iRMC S2 55 configuring power control 278 current power consumption 278 DHCP configuration 309 directory service configuration 333 DNS settings 311 firmware update via TFTP 256 iRMC S2 240 iRMC S2 information 241 iRMC S2 SSH access 368 iRMC S2 Telnet access 368 iRMC S2 Telnet/SSH access 368 local monitor 360 network interface 302 network settings 301 permissions 224 ports and network services 305 power configuration 272 power consumption history 279 power management 261 power on/off 262 power options 267 power supply 270 power supply info 270 remote storage 366 saving firmware settings 245 saving iRMC S2 firmware settings 245 sensors 283 sensors - component status 290 sensors - fans 284 sensors - power supply 289 sensors - temperature 286 sensors - voltages 288 server management information 297 structure of the user interface 228 system component information 232, 237 system event log 291 system event log configuration 295 system event log content 292 system information 231 user management 64, 323 user management (local) 323 user management - new user configuration 325 user management - user name configuration 325, 326 iRMC SNMP alerting 432 iRMC user management 433 iRMCgroups 96 assigning iRMC S2 users (eDirectory) 140

iRMC S2

525

Index ISO image (image file) 197, 206 CD 197 DVD 197 ISO image, see also image file K key combinations, special (AVR) 173 keyboard redirect (AVR) 171 virtual (AVR) 174, 184 konfigurieren Directory Service (Active Directory) 336 L LAN interface 418 LAN interface (iRMC S2) 39 configuring 38, 41, 55, 57, 301 testing 43 LAN parameters (iRMC S2) configuring 301, 418 LDAP access (iRMC S2) configuring 108 LDAP authentication process (eDirectory) 135 LDAP configuration 333 eDirectory 340 OpenLDAP 340 LDAP configuration (using the Server Configuration Manager) 439 LDAP email table 158 LDAP, see also directory service LDAP-Konfiguration Active Directory 336 license key 167, 191, 242, 243, 412 deleting 242, 243 loading onto the iRMC S2 242, 243 Linux, remote installation 481 local monitor powering on and off 360 switching on and off 172 local monitor display 360 local monitor off 172, 360 local user ID (iRMC S2) 59 local user management (iRMC S2) 64, 323, 433 log in to iRMC S2 (requirements) 33 to Remote Manager 378 to the iRMC S2 web interface 35, 222 M mail alerting 427 configuring 427 mail alerting (Server Configuration Manager) 427 mail format settings 430 mail see also email mail-format-dependent configuration 321 main menu (Remote Manager) 380 managed server, see server management information, see server management information Microsoft Active Directory see Active Directory Microsoft Active Directory see also Active Directory monitor current 288 fans 284 power supply 289 temperature 286 voltage 288 monitor, local 172, 360 monitor, see check mouse pointer synchronizing 175 mouse redirection (AVR) 175 N Network 302 network interface 302 network settings 301 networking ports 421

526

iRMC S2

Index new user configuration 325 notational conventions 32 Novell ConsoleOne see also ConsoleOne Novell eDirectory see also eDirectory Novell eDirectory see eDirectory Novell eDirectory Server see also eDirectory Server Novell eDirectory, see eDirectory Novell iManager see also iManager O online update (firmware) 454 Open LDAP Browser/Editor 150 OpenLDAP 18, 59, 83, 443 administration tips 154 configuration using the Server Configuration Manager 443 configuring 148 creating an iRMC S2 user 152 creating SSL certificates 147 generating the Principal User 151 installing 147 integrating iRMC S2 user management 150 iRMC S2 groups and user permissions 150 iRMC S2 user management 147 OpenSSH client 80 operate iRMC S2 using Telnet/SSH 373, 375 iRMC S2 via Telnet/SSH 368 Remote Manager 375 operating system, remote installation 463 see also remote installation of the operating system organizational unit iRMCgroups 87, 91 SVS 87, 94 overview of menus Remote Manager 375 P parallel AVR sessions 171 password changing 383 permission group 91 channel-specific 62 permission groups displaying 95 permission, see also privilege permissions for special iRMC S2 functions 63 iRMC S2 web interface 224 Remote Manager 382 ports and network services 305 configuring for iRMC S2 305, 421 power consumption configuring 278 of the server 271 showing for server (current) 278 power consumption configuration 272 power consumption control 410 power consumption history 279 power control 265 power management 261, 262, 267, 385 behavior after power outage 268 power on/off time 269 power restore policy 268 restart options 265 power off server 265 power on server 265 power on/off 262 power on/off time 269 power options 267 power restore policy 268 power status summary 263 power supply monitoring 289 power supply info 270 preconfigured user ID 63

iRMC S2

527

Index primary SMTP server configuration 319 Principal User creating in eDirectory 136 generating in OpenLDAP 151 private DSA/RSA key, see DSA/RSA key privilege privileges / permissions 328 privileges, channel-specific 62 PuTTY 76 PuTTYgen 70 Q query information on server 232 information on server components 237 iRMC S2 information 241 server management information 297 system information 231 query information information on server 232 iRMC S2 firmware 242 on iRMC S2 241 power supply 289 server components 237 system event log 295 voltage sensors 288 query iRMC S2 information 241 query system information 384 querying iRMC S2 firmware image information 257 querying information iRMC S2 firmware 257 R redirect keyboard (AVR) 171 redirect mouse (AVR) 175 remote installation of the operating system 463 general procedure 464 Linux 481 remote storage connection 466 requirements 463 Windows 477 remote management documentation 14 Remote Manager 368, 373, 375 changing the password 383 enclosure information 387 logging in 378 main menu 380 operating 375 overview of menus 375 permissions 382 power management 385 service processor 391 starting console redirection 392 starting the command line shell 393 system information 384 remote manager system event log 389 Remote Manager (Serial) 54 Remote Storage terminating a connection 204 remote storage 187, 191, 206, 366 connecting storage media 200 device type 197 providing storage media 196 removing the storage medium 205 starting 193 Remote Storage server 206 calling the GUI 214 configuring 215 executing as a service 213 executing as stand-alone 213 execution mode 213 exiting 218 installing 207 starting 217

528

iRMC S2

Index remote storage server assigning 412 requirements AVR 168 iRMC S2 configuration using the Server Configuration Manager 401 remote installation of the operating system 463 restart options 265 rFLIRMCS2 online update (firmware) 455 RSA certificate, see DSA/RSA certificate S secondary SMTP server configuration 320 Secure Keyboard (AVR) 174 security group 91 security group, see also permission group self-signed certificate 254 sensor checking 283 color code 283 status icon 283 sensors 283 serial/modem alerting 315 configuring 315 serial/modem interface (iRMC S2) 51 configuring 52 Remote Manager (Serial) 54 server ASR&R options 298 booting and configuring with ServerView DVD 1 470 checking components 290 checking sensors 283 configuring settings 297 configuring the event log 295 controlling power consumption 271 HP SIM integration options 300, 413 power consumption 272, 278 power management 267 power management after power outage 268 power options 267 power supply info 270 powering on and off 265 remote installation (Linux) 481 remote installation (Windows) 477 remote installation of the operating system 463 showing (current) power consumption 278 showing power consumption 279 specifying power on/off time 269 view event log 294 watchdog settings 299 Server Configuration Manager configuring iRMC S2 57 iRMC user management 433 see also configuration using the Server Configuration Manager user management 66 server management information 297 querying and configuring 297 ServerView Update Manager Express see Update Manager Express ServerView Update Manager see Update Manager service 14 service processor (Remote Manager) 391 sFLIRMCS2 online update (firmware) 455 show CA DSA/RSA certificate 249 DSA/RSA certificate 249 show power consumption of the server 279

iRMC S2

529

Index SMASH CLP 397 command hierarchy 399 commands 397 starting 393 syntax 397 user data 399 SMTP see also email SNMP alerting 432 SNMP alerting, see SNMP trap alerting SNMP trap alerting 314 configuring 314, 432 software watchdog 299 special key combinations (AVR) 173 special keys integrated (AVR) 173 SSH 247, 368, 373, 375 SSH key (example) 82 SSH key (public) loading onto the iRMC S2 74 SSHv2 public key 329 SSHv2 public key support 68 SSL 247 SSL and SSH certificate 247 SSL certificate creating 147 SSL copyright 164 start Advanced Video Redirection 356 remote storage 193 Remote Storage server 217 Remote Storage server GUI 214 SVS_LdapDeployer 97 status components 290 status icon system component status 237 status icon (sensor) 283 storage media connecting as remote storage 200 providing for remote storage 196 SVS 94, 96 SVS_LdapDeployer 96 -delete 101 -deploy 99 -import 102 -synchronize 103 application scenarios 105 configuration file 96 starting 97 synchronize mouse pointer 175 system component status status icon 237 system event log 291, 389 configuring 295 information 293 view 294 system event log configuration 295 system event log content 292, 294 system information 231, 232, 237 querying 231 system information (Remote Manager) 384 T target group 14 Telnet 368, 373, 375 temperature monitoring 286 temperature sensor checking 286 Temperature Settings (ASR&R) 414, 416 test fan 285 LAN interface 43 text console (logging) 394 text console redirection configuring 44, 45, 345 while the operating system is running 49, 354

530

iRMC S2

Index U update firmware 447 Update Manager online update (firmware) 454 Update Manager Express online update (firmware) 455 user configuring 325 configuring (details) 326 configuring (new) 325 user name configuration 326 user ID 30, 59 preconfigured 63 user information 327 user interface (iRMC S2) 228 user management 323, 433 local using the iRMC S2 web interface 323 user management (iRMC S2) 59, 433 assigning users to a group 113, 140 concept 60 configuring LDAP access 108 creating a domain controller certificate 110 generating iRMCgroups in the LDAP directory service 96 generating SVS in the LDAP directory service 96 global 83 global user permissions 85, 89 installing a domain controller certificate 112 installing an Enterprise CA 108 integrating in eDirectory 134 local 64 local via the iRMC S2 web interface 64 locally using the Server Configuration Manager 433 locally via the Server Configuration Manager 66 preferred shell 93 user ID 59 using Active Directory 83, 85 via directory service 85 user management (local) 433 user permissions 62 cross-server 89 global 85, 89 in Active Directory 113 in eDirectory 136 in OpenLDAP 150 user roles displaying 94 User SSHv2 public key upload from file 329 users configuring 323, 433 configuring (new) 434 configuring locally 433 configuring, locally 433 V ventilator, see also fan view system event log (server) 294 virtual keyboard (AVR) 174, 184 voltage sensor checking 288 W watchdog settings configuring 299 web interface, see iRMC S2 web interface Windows, remote installation 477 WinFLIRMCS2 online update (firmware) 455 X X.509 certificate, see DSA/RSA certificate

iRMC S2

531

BMC Remedy AR System 9.1.02
No ratings yet
BMC Remedy AR System 9.1.02
4,703 pages
Less Known Solaris Features Book Alpha
100% (3)
Less Known Solaris Features Book Alpha
220 pages
Logic Gates Programming in PLC
88% (8)
Logic Gates Programming in PLC
19 pages
SG 246615
No ratings yet
SG 246615
220 pages
LDAP Authentication For IBM Storage DS8000 Systems
No ratings yet
LDAP Authentication For IBM Storage DS8000 Systems
216 pages
Remote Control Admin Guide PDF
No ratings yet
Remote Control Admin Guide PDF
360 pages
Ironport Wsa 6.5.0 Userguide
No ratings yet
Ironport Wsa 6.5.0 Userguide
606 pages
MPA2 User Guide
No ratings yet
MPA2 User Guide
128 pages
Deployment and Installation Center v7.7
No ratings yet
Deployment and Installation Center v7.7
824 pages
IMM User's Guide
100% (4)
IMM User's Guide
130 pages
HP Service Manager Exchange With SAP Solution Manager: Installation and Administration Guide
No ratings yet
HP Service Manager Exchange With SAP Solution Manager: Installation and Administration Guide
150 pages
Palo Alto Networks Administrators Guide
No ratings yet
Palo Alto Networks Administrators Guide
274 pages
Redp 5736
No ratings yet
Redp 5736
80 pages
FUJITSU SoftwareServerView Suite Remote Management
No ratings yet
FUJITSU SoftwareServerView Suite Remote Management
426 pages
Irmc s4 Ug en PDF
No ratings yet
Irmc s4 Ug en PDF
476 pages
Irmc S1-En PDF
No ratings yet
Irmc S1-En PDF
458 pages
RC Admin
No ratings yet
RC Admin
350 pages
Redp 5736
No ratings yet
Redp 5736
78 pages
Do More With Less - Automating IBM Storage FlashSystem Tasks With REST APIs Scripting and Ansible
No ratings yet
Do More With Less - Automating IBM Storage FlashSystem Tasks With REST APIs Scripting and Ansible
76 pages
NexentaStor 5.2 CLI Config Guide RevB
No ratings yet
NexentaStor 5.2 CLI Config Guide RevB
150 pages
IBM Tivoli Monitoring For Network Performance V2.1 The Mainframe Network Management Solution Sg246360
No ratings yet
IBM Tivoli Monitoring For Network Performance V2.1 The Mainframe Network Management Solution Sg246360
302 pages
Administration Guide NMC2 R161 Ed03
No ratings yet
Administration Guide NMC2 R161 Ed03
197 pages
Using The Weblogic Server Scripting Tool
No ratings yet
Using The Weblogic Server Scripting Tool
64 pages
Irmc en
No ratings yet
Irmc en
412 pages
Novell ZENworks 11 SP2 System Admin
No ratings yet
Novell ZENworks 11 SP2 System Admin
500 pages
621 MX Sag
No ratings yet
621 MX Sag
469 pages
G8264 Ag 8-3
No ratings yet
G8264 Ag 8-3
670 pages
IBM RSA Configuration PDF
No ratings yet
IBM RSA Configuration PDF
132 pages
G8124-E Ag 8-3 PDF
No ratings yet
G8124-E Ag 8-3 PDF
526 pages
Sa76 0085
No ratings yet
Sa76 0085
264 pages
Imm Userguide
No ratings yet
Imm Userguide
120 pages
Manual LinKys
No ratings yet
Manual LinKys
110 pages
Fortiauthenticator Admin 12
No ratings yet
Fortiauthenticator Admin 12
46 pages
Assignments - NOC - Principles of Digital Communications - 2018
No ratings yet
Assignments - NOC - Principles of Digital Communications - 2018
37 pages
Dell SonicWALL E-Class SRA 10.6.2 Admin Guide
No ratings yet
Dell SonicWALL E-Class SRA 10.6.2 Admin Guide
585 pages
Manual - Netgear ReadyNAS Pro 6 RNDP6000
No ratings yet
Manual - Netgear ReadyNAS Pro 6 RNDP6000
132 pages
DataPower SOA Appliance Administration Deployment and Best Practices
No ratings yet
DataPower SOA Appliance Administration Deployment and Best Practices
300 pages
WWS Deployment Guide 77
No ratings yet
WWS Deployment Guide 77
816 pages
QNAD 71MR1 AdminGuide
No ratings yet
QNAD 71MR1 AdminGuide
296 pages
QRadar 71MR2 AdminGuide
No ratings yet
QRadar 71MR2 AdminGuide
316 pages
Mand
No ratings yet
Mand
376 pages
Installation Guide
0% (1)
Installation Guide
438 pages
ITSM Config Guide 700
100% (2)
ITSM Config Guide 700
442 pages
G7028 G7052 CR 8-4 PDF
No ratings yet
G7028 G7052 CR 8-4 PDF
418 pages
Ebook Whats New in Windows Server 12
No ratings yet
Ebook Whats New in Windows Server 12
84 pages
Teamcenter 10.0 Security Services Installation
No ratings yet
Teamcenter 10.0 Security Services Installation
150 pages
Chapter 5
No ratings yet
Chapter 5
9 pages
Print Vlsi
100% (1)
Print Vlsi
104 pages
User's Guide Incident
No ratings yet
User's Guide Incident
170 pages
Datapower Redbook
No ratings yet
Datapower Redbook
286 pages
Abbreviated Srs Template-Ieee
No ratings yet
Abbreviated Srs Template-Ieee
7 pages
EBS Drome 150W
No ratings yet
EBS Drome 150W
16 pages
Hopscotch
No ratings yet
Hopscotch
28 pages
Compute Network Notes
100% (1)
Compute Network Notes
22 pages
Cs Project
No ratings yet
Cs Project
27 pages
Computer-Fundamentals Solved MCQs (Set-28)
No ratings yet
Computer-Fundamentals Solved MCQs (Set-28)
8 pages
VHDL Statements
No ratings yet
VHDL Statements
34 pages
K.Ramakrishnan College of Engineering: Samayapurm, Trichy-621 112
No ratings yet
K.Ramakrishnan College of Engineering: Samayapurm, Trichy-621 112
2 pages
Ebkust Ict Notes
100% (1)
Ebkust Ict Notes
72 pages
Node MCUV3
No ratings yet
Node MCUV3
13 pages
Albertsons PSQuery Basic
No ratings yet
Albertsons PSQuery Basic
58 pages
Telnet & FTP: Jabatan Multimedia Pendidikan
No ratings yet
Telnet & FTP: Jabatan Multimedia Pendidikan
25 pages
Iec 61850 Thesis
100% (2)
Iec 61850 Thesis
7 pages
EC 303 Chapter 2
No ratings yet
EC 303 Chapter 2
48 pages
Citrex h5 Manual EN
No ratings yet
Citrex h5 Manual EN
61 pages
InstallGuide Pro50
No ratings yet
InstallGuide Pro50
52 pages
Microcontroladores Coldfire+ Kinetis
No ratings yet
Microcontroladores Coldfire+ Kinetis
80 pages
Boschen Control Loops GRCON 2024
No ratings yet
Boschen Control Loops GRCON 2024
10 pages
The Communications System Architecture of The North American Advanced Train Control System
No ratings yet
The Communications System Architecture of The North American Advanced Train Control System
12 pages
Visa Procesing System PowerPoint Templates
No ratings yet
Visa Procesing System PowerPoint Templates
8 pages
Modbus 通信協定03
No ratings yet
Modbus 通信協定03
10 pages
Phase Shift Circuit For CRT Displays: - Qutline
No ratings yet
Phase Shift Circuit For CRT Displays: - Qutline
3 pages
Edu Cloud
No ratings yet
Edu Cloud
10 pages
A10 ADC Lab 6 GSLB
No ratings yet
A10 ADC Lab 6 GSLB
4 pages
Comparing Mod - Proxy and Mod - JK
No ratings yet
Comparing Mod - Proxy and Mod - JK
3 pages
Mastering Python Advanced Concepts and Practical Applications
From Everand
Mastering Python Advanced Concepts and Practical Applications
Aissa Younes
No ratings yet
The Linux Shell Scripting Handbook - From Journeyman to Master
From Everand
The Linux Shell Scripting Handbook - From Journeyman to Master
Michael Basler
No ratings yet
Grow with Python Programming: From Basics to Advanced
From Everand
Grow with Python Programming: From Basics to Advanced
Mark Fliks
No ratings yet
TensorFlow Developer Certificate Exam Practice Tests 2024 Made Easy
From Everand
TensorFlow Developer Certificate Exam Practice Tests 2024 Made Easy
Mr Troy
No ratings yet
vSphere High Performance Cookbook
From Everand
vSphere High Performance Cookbook
Prasenjit Sarkar
No ratings yet
Plain JavaScript: Learning the Front-End
From Everand
Plain JavaScript: Learning the Front-End
Roger Beans-Rivet
No ratings yet
Advanced Multiplayer Game Development with Ureal Engine 5: A Comprehensive Guide to C++ Scripting
From Everand
Advanced Multiplayer Game Development with Ureal Engine 5: A Comprehensive Guide to C++ Scripting
Vladimir Kiselev
No ratings yet
The Linux Terminal for Advanced Users - The Command Line Made Easy: First Edition
From Everand
The Linux Terminal for Advanced Users - The Command Line Made Easy: First Edition
Michael Basler
No ratings yet
Cisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #3
From Everand
Cisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #3
Ramon Nastase
4.5/5 (2)
Cybersecurity for Executives: A Guide to Protecting Your Business
From Everand
Cybersecurity for Executives: A Guide to Protecting Your Business
Matthew C. Smith
No ratings yet
Gray Hat Hacking the Ethical Hacker's
From Everand
Gray Hat Hacking the Ethical Hacker's
Çağatay Şanlı
5/5 (1)
ChatGPT for Business: Strategies for Success
From Everand
ChatGPT for Business: Strategies for Success
Matthew C. Smith
No ratings yet
Securing ChatGPT: Best Practices for Protecting Sensitive Data in AI Language Models
From Everand
Securing ChatGPT: Best Practices for Protecting Sensitive Data in AI Language Models
Matthew C. Smith
No ratings yet
A To Z of Internet: Everything You Wanted to Know
From Everand
A To Z of Internet: Everything You Wanted to Know
Bittu Kumar
No ratings yet