Warning: Changes or modifications to this unit not expressly approved by the party responsible for compliance
could void the user’s authority to operate the equipment.
Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference when the equipment is operated in a commercial environment. This equipment generates, uses and
can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may
cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to
cause harmful interference in which case the user will be required to correct the interference at his own expense.
Canadian Notification
This class A digital apparatus complies with Canadian ICES-003.
Cet appareil numérique de la classe A est conforme à la norme NMB-003 du Canada.
Safety and EMC Approvals and Markings
FCC Class A; EN55022 Class A/CISPR 22 Class A; EN55024/CISPR 24 (EN61000-4-2, EN61000-4-3,
EN61000-4-4, EN61000-4-5, EN 61000-4-6, EN 61000-4-11); EN60950/IEC60950-Compliant; CSA Listed
(USA and Canada); CE Marking (Europe)
MergePoint™ 5224/5240
Service Processor Manager
User Guide
Avocent, the Avocent logo, The Power of Being There, Cyclades,
DSView and MergePoint are trademarks or registered trademarks of
Avocent Corporation or its affiliates. All other marks are the property of
their respective owners.
This symbol is intended to alert the user to the presence of important operating and maintenance
(servicing) instructions in the literature accompanying the appliance.
Dangerous Voltage
This symbol is intended to alert the user to the presence of uninsulated dangerous voltage within the
product’s enclosure that may be of sufficient magnitude to constitute a risk of electric shock to persons.
Power On
This symbol indicates the principal on/off switch is in the on position.
Power Off
This symbol indicates the principal on/off switch is in the off position.
Protective Grounding Terminal
This symbol indicates a terminal which must be connected to earth ground prior to making any other
connections to the equipment.
TABLE OF CONTENTS
Table of Contents
List of Figures ................................................................................................................ vii
List of Tables................................................................................................................... ix
Table 1.11: Services and Other Functions Controlled by Security Profiles ...................................14
Table 1.12: User Shell Default Menu Options ................................................................................16
ix
Table 3.1: Supported Browser and JRE Versions ...........................................................................36
Table 3.2: Differences Between Accessing Native IP and DirectCommand from the
Web Manager .................................................................................................................45
Table 3.3: Information on the View IPDU Info Screen ...................................................................56
Table 3.4: IPDU Information Under Unit Information...................................................................56
Table A.1: Console Session Terminal Menu Options......................................................................61
Table A.2: Hotkeys Available During Console Sessions.................................................................65
x MergePoint 5224/5240 Service Processor Manager User Guide
CHAPTER
1
All users and administrators need the introductory information in the sections listed below for
understanding how to use the MergePoint service processor (SP) manager:
•Supported Target Devices on page 2
•MergePoint 5224/5240 SP Manager’s Advantages for Target Device Management on page 2
•Web Manager on page 4
•Web Manager on page 4
•Types of Users on page 4
•Authentication on page 13
•Security Profiles’ Effects on Users’ Actions on page 14
•Options for Accessing the MergePoint 5224/5240 SP Manager , Managing User Passwords and
Managing IPDU Power Outlets and Target Devices on page 15
•Command Line Access Through Console Logins on page 15
•Accessing the MergePoint 5224/5240 SP Manager Console on page 16
•User Shell (rmenush) on page 16
•SP Shell (spshell) on page 17
•Using SSH Management Commands on page 17
•Dial-in Access on page 19
•Power Management Options on page 19
•Information Users Need on page 20
1
Introduction
2 MergePoint 5224/5240 Service Processor Manager User Guide
Supported Target Devices
A target device managed by the MergePoint 5224/5240 SP manager can be one of the following:
•An SP on a server. SPs are out
their servers.
•A server or other type of device that does not have an SP but that provides access to its
command line through a dedicated Ethernet port. This type of device includes servers that
redirect their serial console output to dedicated Ethernet ports (which provide a type of access
generally referred to as serial over LAN or SoL).
•A device with a dedicated Ethernet port that supports management access via Telnet, SSH,
SNMP or by means of the MergePoint 5224/5240 SP manager’s native IP access capability.
NOTE: The terms target device and connected device are used in this guide when referring to an SP, server or
other connected device, unless otherwise stated.
-of-band management controllers that many vendors include in
MergePoint 5224/5240 SP Manager’s Advantages for Target
Device
Management
The MergePoint 5224/5240 SP manager, also called the appliance, controls access to
server
-management services that are provided by direct connected SPs and to other types of
services that may be provided by other connected devices without SPs. Connected and configured
devices are referred to as target devices.
A MergePoint 5224/5240 SP manager may be managed and target devices may be accessed
through DSView 3 management software, as described in the document Managing MergePoint
5224/5240 Service Processor Managers Using DSView 3 Management Software. Alternately, a
standalone MergePoint 5224/5240 SP manager may be managed and its target devices may be
accessed using the Web Manager or console connections.
When managed as a standalone, the MergePoint 5224/5240 SP manager provides a single source
for authentication, authorization
managed using DSView 3 management software, the DSView 3 software acts as the single source.
Whichever way users access the MergePoint 5224/5240 SP manager, users can manage multiple
servers with SPs from a single point without having to learn how to use multiple SP
interfaces. For example, power management is provided by most SPs but each SP has its own
interface and its own commands for power management. The MergePoint 5224/5240 SP manager
allows an authorized user to manage power on multiple servers with SPs from multiple vendors
using a single interface and a single set of power commands.
The security features provided by the MergePoint 5224/5240 SP manager work together to create a
secure path between a user and a managed server or target device.
-checking and management for multiple types of SPs. When
-management
Chapter 1: Introduction 3
Figure 1.1 is a conceptual illustration of a secure path between a remote user and an SP through the
MergePoint 5224/5240 SP manager. A remote user is shown, but users may also be locally located,
on the same LAN. In Figure 1.1, the remote user accesses the MergePoint 5224/5240 SP manager
through a network connection to the public Ethernet port. Users may also dial into the MergePoint
5224/5240 SP manager through an optional external modem or PC modem card.
Key
Secure path
MergePoint 5224/5240
SP Manager
SP’s Dedicated
Ethernet Port
Figure 1.1: Secure Path to a Connected SP
Remote User Workstation
Route/Optional Firewall/DSView
3 Management Software Server
Public Network Ethernet Port
Private Network Ethernet Port
Server
In Figure 1.1, the dedicated Ethernet port of an SP is separate from the server’s Ethernet ports. The
SP’s dedicated Ethernet port is connected to one of the SP manager’s private Ethernet ports.
The IP address of the public Ethernet port is the only publicly defined IP address used for
out
-of-band management of all connected SPs, which reduces the deployment costs for the SPs.
Each target device is configured with a private designated IP address and, at the administrator’s
discretion, each target device may also have a virtual IP address. If virtual addresses are defined,
users may be allowed to see a target device’s virtual IP address but not to see the target device’s
privately defined IP address.
After the user selects the desired management action, the MergePoint 5224/5240 SP manager then
creates a secure connection between the user and the SP, acting as a proxy on behalf of the user.
While the user is performing any SP management action, the connection between the MergePoint
5224/5240 SP manager and the SP is kept separate and protected from the connection between the
user and the MergePoint 5224/5240 SP manager. Nothing that happens on the private network is
exposed to the public network. Depending on the mode of access (either by browser or by SSH),
either HTTPS or SSH is always being used to protect communications that are transported on the
public network between the user and the MergePoint 5224/5240 SP manager.
4 MergePoint 5224/5240 Service Processor Manager User Guide
Web Manager
The Web Manager may be used when the MergePoint 5224/5240 SP manager is managed as a
standalone. If the MergePoint 5224/5240 SP manager is managed through DSView 3 management
software, access to the Web Manager is usually disabled.
When the Web Manager is enabled, both authorized and administrative users can launch the Web
Manager from a supported browser using HTTP or HTTPS. Authorized users can use the Web
Manager to perform management actions on target devices, manage power on devices plugged into
optional Intelligent Power Distribution Units (IPDUs) and change their own passwords. Only
administrative users have access to the MergePoint 5224/5240 SP manager screens used for
configuring users or target devices.
See Chapter 3 for information about using the Web Manager that is required for authorized and
administrative users.
Browser access to the Web Manager is achieved in one of the following ways:
•Through the Ethernet port
•Through dialing into one of the modem or PC phone card types described in Dial-in Access on
page 19
Types of Users
Two predefined administrators are root and admin, and they cannot be deleted. Either root or admin
can add regular user accounts and can authorize users to access management features on target
devices. Any regular users added to the admin group become administrative users able to perform
MergePoint 5224/5240 SP manager administration as described in the MergePoint 5224/5240
Service Processor Manager Installer and Administrator Guide. The default password for root and
admin is cyclades and should be changed immediately to prevent unauthorized access.
The admin user (and any optionally added administrative users) can do the following:
•Access the Web Manager and use any of its functions
•Access the MergePoint 5224/5240 SP manager’s console and use the unrestricted shell
•Invoke the MergePoint 5224/5240 SP manager configuration utility, cli
•Invoke any Linux commands available to the non
•Invoke any Linux commands available to the root user by using the sudo command
The root user can do the following:
•Access the MergePoint 5224/5240 SP manager’s console and use the unrestricted shell
•Invoke the MergePoint 5224/5240 SP manager configuration utility, cli
•Invoke any Linux commands available to the root user
The root user cannot access the Web Manager.
-root user
Chapter 1: Introduction 5
Only one administrative user can be connected to the MergePoint 5224/5240 SP manager at a time.
Regular users may be authorized for access to management features available on the connected SPs
or other types of target devices.
NOTE: The administrator may create and enable a custom security profile that has the override authorization
feature set, which causes all authenticated users to have all access to all target devices. For details, see
Profiles’ Effects on Users’ Actions on page 14.
Security
Table 1.1 shows which management options are available on the supported SP types and on
supported devices without SPs.
Table 1.1: Supported Target Device Types and Management Options
Target
Supported Service
Processors/
Devices
ALOMYYYYYN
Device NYNNNY
DRACYYYYNY
iLOYYYYNY
SP
Console
Device
Console/
SoLPower
Event
LogsSensors
NativeIP and
DirectCommand
IPMI 1.5YNYYYN
IPMI 2.0YYYYYN
RSA IIYYYYYY
NOTE: When a target device does not have an SP, Target Device Console, native IP and DirectC ommand are
the only management options available by default. The target device types may be customized to make other
management features available.
SP console management option
Table 1.2 shows the SP console management option names and command names used either when
you are logged into the Web Manager, when you have selected a target devices from the spshell
menu on the MergePoint 5224/5240 SP manager console or when you are entering the ssh
command on a remote workstation. All options give access to the SP console and are only available
for managed servers with SPs.
Table 1.2: SP Console Power Management Options
MethodOption or Command Name
Web ManagerSP Console
6 MergePoint 5224/5240 Service Processor Manager User Guide
Table 1.2: SP Console Power Management Options (Continued)
MethodOption or Command Name
spshell menu in the MergePoint 5224/5240 SP
manager console
ssh commandspconsole
Access the service processor’s console
Device console (SoL) management option
Table 1.3 shows the device console management (SoL) option names and command names used
when you are logged into the Web Manager, when you have selected a target device from the
spshell menu on the MergePoint 5224/5240 SP manager console and when you are entering the ssh
command on a remote workstation.
Web ManagerSoL Console
spshell menu in the MergePoint 5224/5240 SP
manager console
ssh commanddevconsole
Access the device’s console via SoL
Event log (SEL) management option
Events are messages logged when system management events are detected. The events can be
logged either by the SP or by the server. Table 1.3 shows the event log management option names
and command names used when you are logged into the Web Manager, when you have selected a
target device from the spshell menu on the MergePoint 5224/5240 SP manager console and when
you are entering the ssh command on a remote workstation. These options display the system event
log (SEL) menu from the server where the SP resides. The user can view or clear event logs
directly on the SP using the ssh command. All options are only available for managed servers with
SPs.
Table 1.4: Event Log (SEL) Management Options
MethodOption or Command Name Action
Web ManagerEvent LogBrings up a screen with the event log
spshell menu in the MergePoint 5224/
5240 SP manager console
ssh commandsel
Manage the event log Brings up a menu with the event log
clearsel
Access to native features on a target device
Both Native IP and DirectCommand management options provide native access to target devices
and enable an authorized user to connect directly either to the web management interface of a target
device or to the command line of a device that redirects console output to a dedicated Ethernet port.
When users are configured for target device management actions, the same permission authorizes
the user for both Native IP and DirectCommand.
The authorized user obtains authenticated access to a target device’s native features such as native
applications, integrated web servers and other proprietary interfaces that are available over IP.
Native applications are proprietary SP management applications provided by some server vendors,
such as HP InSight Manager, IBM Director and Dell Open Manage. Access to a native application
usually requires the application to be installed on the user’s workstation. Some management
applications reside on the SP itself.
Access to native functions on some SPs is through a proprietary web interface on the SP. HP iLO,
Dell DRAC and IBM RSA II SPs have a local web server running and provide a web interface that
allows administrators remote access for provisioning, monitoring and managing the server. The
web interface is accessed through a specific port number. The monitoring and management features
supported by some SPs through native web interfaces include access to the server’s serial or
graphical user interface, power control, access to sensor data and server event logs, SNMP agents
and virtual media.
management options
• View event log
• Clear event log
• Displays the event log
• Clears the event log
DirectCommand requirements
The DirectCommand option is available only through the Web Manager. DirectCommand creates a
Java applet that runs in the background to start a secure SSH tunnel and to connect to the native
web interface on the target device. Therefore, the Java Runtime Environment must be installed on
the user’s workstation. The JRE is also a requirement for Web Manager access.
The Web Manager allows the administrator to configure up to 20 ports and associate them with
other services that may also be invoked by DirectCommand. As described in the troubleshooting
appendix in the installer and administrator guide, the administrator must take care to ensure that
local applications are not using the same TCP ports that are used by DirectConnect.
8 MergePoint 5224/5240 Service Processor Manager User Guide
Native IP requirements
Native IP access requires a pre-existing secure tunnel between the user’s workstation and the
MergePoint 5224/5240 SP manager. Table 1.5 shows the native IP parameters and command
names available when you are logged into the Web Manager, when you have selected a target
device from the spshell menu on the MergePoint 5224/5240 SP manager console and when you are
entering the ssh command on a remote workstation.
Table 1.5: Native IP Management Options
MethodParameter or Command Name
Web ManagerNative IP
spshell menu in the MergePoint 5224/5240 SP manager
console
ssh command• nativeipon
• Enable native IP
• Disable native IP
• nativeipoff
After an authenticated and authorized user establishes a secure tunnel and selects the Native IP
option, the user can bring up a native web interface or launch a native web management application
from where it resides on the user's workstation or from the SP’s console.
Native IP access depends on the following being true:
•The SP must provide the desired native management functionality. For example, SPs using
IPMI protocols do not provide native web access.
•The user is authorized to access the Native IP option on an SP.
•The user has created a secure tunnel to the MergePoint 5224/5240 SP manager. An SSH tunnel
gives access to native web applications only while a VPN tunnel gives access to both native
web and native management applications.
Tasks for creating secure tunnels and obtaining native IP access
See Chapter 2 for creating information on creating secure tunnels and obtaining Native IP access.
Power management options
Table 1.6 shows the power management option names and command names used when you are
logged into the Web Manager, when you have selected a target device from the spshell menu on the
MergePoint 5224/5240 SP manager console and when you are entering the ssh command on a
remote workstation. The power management options are only available for managed servers with
SPs.
Table 1.6: Power Management Options
MethodOption or Command Name Action
Chapter 1: Introduction 9
Web Manager• Power On
•Power Off
• Power Cycle
• Power Status
spshell menu in the
MergePoint 5224/5240 SP
manager console
ssh commandpowerPower management options are performed using
Manage powerBrings up a menu of power management options
• Turn power on
• Turn power off
• Power cycle
• Check power status
• Turn power on
• Turn power off
• Turn power off then on
• Get power status
the following power management commands
• poweron
• poweroff
• powercycle
• powerstatus
The effects of the SP power management commands differ from one vendor’s SP to another. Table
1.8 describes the options. If an SP provides more than one of the options shown, the hard power
option is performed.
Table 1.7: Possible Power Management Command Effects
Power CommandOption
Power off• Hard power off: remove the power
• Soft power off: shut down the operating system before removing the power
Power cycle (turn power off,
then on again, to reboot
the server)
• Hard power cycle: remove the power, wait several seconds and then turn the
power on again (to reboot the server)
• Soft power cycle: shut down the operating system, wait several seconds and
then turn power on again
See Power Management Options on page 19 for an overview of all the types of power management
that users can perform.
10 MergePoint 5224/5240 Service Processor Manager User Guide
Reset commands
Table 1.8 shows the reset options available when you are logged into the Web Manager, when you
have selected a target device from the spshell menu on the MergePoint 5224/5240 SP manager
console and when you are entering the ssh command on a remote workstation. The reset
management options are only available for managed servers with SPs.
Table 1.8: Reset Options
MethodCommand or Option
Web ManagerReset
spshell menu in the MergePoint 5224/5240 SP
manager console
ssh commandreset
The effects of the reset command differ from one vendor’s SP to another and sometimes between
firmware versions from the same vendor. In addition, some SPs have more than one type of reset,
as described in the following list:
•Warm reset (or warm boot): only the server’s operating system is restarted
•Cold boot: the server is fully restarted (the same effect as issuing a Power cycle command)
If an SP has more than one type of reset option, the MergePoint 5224/5240 SP manager Reset
command performs the highest level of reset: the cold boot option if available.
If the administrator is configuring an SP that provides multiple reset options, the administrator can
customize an associated SP management script to cause the reset command to perform one of the
lower levels of reset available on the SP. Customizing SP management scripts is described in the
MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide.
Sensor management options
An authorized user or administrative user can view graphical displays of sensor data collected from
servers by their SPs. These users can also modify graph display settings through the Web Manager
or the user shell menu or by using the ssh command with the sensor commands.
Figure 1.2 shows an example graph. The sensor va l ue in a graph’s heading varies with the type of
data being measured and the type of SP. The example fan sensor reading in Figure 1.2 has a
heading Time Vs. % because the sensor is measuring the percentage of total possible fan speed.
Examples of other possible values for sensor_value are Volts, Degrees Centigrade and
Degrees Fahrenheit.
reset
For procedures for monitoring sensors, see To view a server’s sensor data from an SP (Web
Manager): on page 43.
Sensors List
Display Graph Button
Chapter 1: Introduction 11
Graph Area
Graph Heading
Figure 1.2: Example Graph for Readings From a Fan Sensor
Table 1.9 shows graph features that can be modified. An error message appears if you enter a value
that is greater than or lower than the supported range of values.
Table 1.9: Sensor Graph Parameters
Field/MenuUseDefaultAllowed Values
y-Axis BoxesSpecify a different number of rows.101-55
x-Axis BoxesSpecify a different number of columns.
Each graph cell represents the interval
between readings.
Min Y ValueSpecify a different minimum sensor value to be plotted
on the x axis. The only valid keys are numeric keys,
period (.) and hyphen (-).
Max Y ValueSpecify a different maximum sensor value to be
plotted on the y axis. The only valid keys are numeric
keys, period (.) and hyphen (-).
3001-999
Varies with the
type of sensor
Varies with the
type of sensor
Varies with the
type of sensor
Varies with the
type of sensor
12 MergePoint 5224/5240 Service Processor Manager User Guide
Table 1.9: Sensor Graph Parameters (Continued)
Field/MenuUseDefaultAllowed Values
Mean Y Value Specify a different mean value to use as a basis for
comparison with the actual detected value. The only
valid keys are numeric keys, period (.) and hyphen (-).
In line graphs, the Mean Temp is indicated by a black
horizontal line. In bar graphs, the colors of the bars
indicate the following:
• Blue – Less than the mean Y value.
• Red – Greater than mean Y value.
• Black – Equal to the mean Y value.
Time IntervalSpecify a different frequency in seconds for fetching
sensor data. The only valid keys are numeric keys.
Graph TypeChoose another graph type.Line GraphLine Graph or Bar
Grid Line Color Choose another color for the lines.• white• yellow
Graph BG Color Select the background color.• light gray• yellow
Varies with the
type of sensor
55-300
Varies with the
type of sensor
Graph
• green
•cyan
•gray
• darkgray
• lightgray
• magenta
• orange
•pink
•white
• green
•cyan
•gray
• darkgray
• lightgray
• magenta
• orange
•pink
•white
Table 1.10 shows the sensor management options available when you are logged into the Web
Manager, when you have selected a target device from the spshell menu on the MergePoint 5224/
5240 SP manager console and when you are entering the ssh command on a remote workstation.
The sensor options display unformatted sensor data collected from the server by its SP. The page
that appears provides a button that when clicked displays graphs of data from individual sensors.
Chapter 1: Introduction 13
The sensor management options are only available for managed servers with SPs.
Table 1.10: Sensor Management Options
MethodCommand or Option
Web ManagerSensors
spshell menu in the MergePoint 5224/5240 SP
manager console
ssh commandsensors
Authentication
Anyone accessing the MergePoint 5224/5240 SP manager must log in by entering a username and
password. Controlling access by requiring users to enter names and passwords is called
authentication. The usernames and passwords entered during login attempts are checked against a
database. Access is denied if the username or password is not valid.
The password database being checked can reside either locally (on the MergePoint 5224/5240 SP
manager) or on an authentication server on the network.
The user is required to enter a username and password in the following cases:
•When logging into the MergePoint 5224/5240 SP manager.
The authentication method chosen for the MergePoint 5224/5240 SP manager is used for all
access through Telnet, SSH or the Web Manager. By default, logins to the MergePoint 5224/
5240 SP manager use local authentication.
•When accessing an SP or other target device.
Users may be required to enter different usernames and passwords when accessing the MergePoint
5224/5240 SP manager than when accessing a target device.
sensors
14 MergePoint 5224/5240 Service Processor Manager User Guide
Security Profiles’ Effects on Users’ Actions
When the MergePoint 5224/5240 SP manager is being managed without DSView 3 management
software, the administrator needs to select a security profile based on the security requirements of
the organization.
NOTE: All of the features and procedures described in this guide work when the Moderate security profile is
in effect.
Table 1.11: Services and Other Functions Controlled by Security Profiles
ServiceOther Functions That May Be Allowed/Disallowed
TelnetAllow Telnet to MergePoint 5224/5240 SP manager
Assign an alternate port to SSH
Services may also be turned on and off independently from the security profile. For more details,
see the MergePoint 5224/5240 Service Processor Manager Installer and Administrator Guide.
In addition to turning services on and off, an administrator may select the security profile option to
override authorizations, which enables access based on authentication only.
NOTE: If you are prevented from using a service you need to use, such as FTP or SNMP, talk with the
administrator to find out if the service can be enabled or if another way of performing a necessary task is
available that is consistent with your site’s security policies.
Ch
Loading...
+ 61 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.