HP Part Number: 394326-403
Published: June 2012
Edition: 1
© Copyright 2012 Hewlett-Packard Development Company, L.P
Notices
The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.
Microsoft, Windows, Windows Server, Windows Vista, Windows NT, and Windows XP are U.S. registered trademarks of Microsoft Corporation. AMD is a trademark of Advanced Micro Devices, Inc. Intel is a trademark of Intel Corporation in the U.S. and other countries. Java is a registered trademark of Oracle and/or its affiliates.
Intended audience
This document is for the person who installs, administers, and troubleshoots servers and storage systems. HP assumes you are qualified in the servicing of computer equipment and trained in recognizing hazards in products with hazardous energy levels.
Contents |
|
1 Overview................................................................................................ |
11 |
New in this release of iLO 2..................................................................................................... |
11 |
iLO 2 Overview...................................................................................................................... |
11 |
Differences between iLO 2 and iLO...................................................................................... |
12 |
HP Insight Control server deployment ................................................................................... |
12 |
Server management through IPMI version 2.0 compliant applications........................................ |
13 |
WS-Management compatibility overview.............................................................................. |
13 |
iLO 2 browser interface overview.............................................................................................. |
14 |
Supported browsers and client operating systems................................................................... |
15 |
Supported server operating system software.......................................................................... |
15 |
2 Setting up iLO 2....................................................................................... |
17 |
Quick setup........................................................................................................................... |
17 |
Preparing to set up iLO 2......................................................................................................... |
17 |
Connecting to the network....................................................................................................... |
18 |
Configuring the IP address....................................................................................................... |
19 |
Logging in to iLO 2 for the first time.......................................................................................... |
20 |
Setting up user accounts.......................................................................................................... |
20 |
Setting up iLO 2 using iLO 2 RBSU....................................................................................... |
20 |
Setting up iLO 2 with the browser-based option...................................................................... |
21 |
Activating iLO 2 licensed features with a browser........................................................................ |
21 |
Installing iLO 2 device drivers................................................................................................... |
21 |
Microsoft device driver support............................................................................................ |
22 |
Linux device driver support.................................................................................................. |
22 |
Novell NetWare device driver support.................................................................................. |
22 |
3 Configuring iLO 2.................................................................................... |
24 |
iLO 2 configuration overview.................................................................................................... |
24 |
Upgrading iLO 2 firmware....................................................................................................... |
24 |
Upgrading iLO 2 with a browser.......................................................................................... |
25 |
Updating the firmware using the maintenance CD.................................................................. |
25 |
Recovering from a failed iLO 2 firmware update..................................................................... |
26 |
Downgrading the iLO 2 firmware......................................................................................... |
26 |
Licensing............................................................................................................................... |
26 |
User administration................................................................................................................. |
28 |
Adding a new user............................................................................................................ |
29 |
Viewing or modifying existing user settings............................................................................ |
31 |
Deleting a user.................................................................................................................. |
31 |
Group administration......................................................................................................... |
32 |
Configuring iLO 2 access........................................................................................................ |
33 |
Services options................................................................................................................. |
33 |
Terminal Services Passthrough option............................................................................... |
35 |
Terminal Services client requirements........................................................................... |
35 |
Enabling the Terminal Services Passthrough option............................................................. |
36 |
Terminal Services warning message............................................................................ |
37 |
Terminal Services Passthrough option display............................................................... |
37 |
Remote Console and Terminal Services clients................................................................... |
37 |
Terminal Services troubleshooting.................................................................................... |
38 |
Access options.................................................................................................................. |
38 |
iLO 2 Remote Console and Remote Serial Console access....................................................... |
41 |
Security................................................................................................................................. |
41 |
General security guidelines................................................................................................. |
41 |
Contents 3
Password guidelines...................................................................................................... |
42 |
Securing RBSU.............................................................................................................. |
42 |
iLO 2 Security Override Switch administration................................................................... |
42 |
Trusted Platform Module support.......................................................................................... |
43 |
User accounts and access................................................................................................... |
43 |
Privileges..................................................................................................................... |
44 |
Login security................................................................................................................ |
44 |
SSH key administration....................................................................................................... |
44 |
SSL certificate administration............................................................................................... |
45 |
Two-factor authentication.................................................................................................... |
46 |
Setting up two-factor authentication for the first time........................................................... |
47 |
Setting up a user for two-factor authentication................................................................... |
48 |
Two-factor authentication login........................................................................................ |
49 |
Using two-factor authentication with directory authentication............................................... |
50 |
Directory settings............................................................................................................... |
51 |
Configuring directory settings......................................................................................... |
51 |
Directory tests............................................................................................................... |
53 |
Encryption........................................................................................................................ |
53 |
Encryption settings........................................................................................................ |
54 |
Connecting to the iLO 2 using AES/3DES encryption......................................................... |
54 |
HP SIM single sign-on (SSO)............................................................................................... |
55 |
Setting up iLO 2 for HP SIM SSO.................................................................................... |
55 |
Adding HP SIM trusted servers........................................................................................ |
56 |
Setting up HP SIM SSO.................................................................................................. |
57 |
Remote Console Computer Lock........................................................................................... |
58 |
Network................................................................................................................................ |
60 |
Network Settings............................................................................................................... |
60 |
iLO 2 subsystem name limitations.................................................................................... |
61 |
iLO 2 Shared Network Port............................................................................................. |
61 |
iLO 2 Shared Management Port features and restrictions................................................ |
62 |
Enabling the iLO 2 Shared Network Port feature........................................................... |
62 |
Re-enabling the dedicated iLO 2 management port....................................................... |
63 |
DHCP/DNS Settings.......................................................................................................... |
64 |
SNMP/Insight Manager settings............................................................................................... |
65 |
Enabling SNMP alerts........................................................................................................ |
65 |
SNMP generated trap definitions......................................................................................... |
66 |
Configuring Insight Manager integration............................................................................... |
67 |
Static IP bay configuration....................................................................................................... |
68 |
Configuring a ProLiant BL p-Class blade enclosure.................................................................. |
68 |
Configuring static IP bay settings.......................................................................................... |
69 |
ProLiant BL p-Class standard configuration parameters............................................................ |
69 |
ProLiant BL p-Class advanced configuration parameters........................................................... |
69 |
Enabling iLO 2 IP address assignment.................................................................................. |
70 |
HP BladeSystem setup......................................................................................................... |
70 |
The iLO 2 firmware configuration screen........................................................................... |
71 |
Verify Server RAID Configuration screen........................................................................... |
71 |
Connect Virtual Media screen......................................................................................... |
72 |
Install Software screen................................................................................................... |
72 |
iLO 2 diagnostic port configuration parameters...................................................................... |
72 |
4 Using iLO 2............................................................................................. |
74 |
System status and status summary information............................................................................ |
74 |
System Information Summary............................................................................................... |
75 |
Fans............................................................................................................................ |
76 |
Temperatures................................................................................................................ |
76 |
4Contents
Power.......................................................................................................................... |
77 |
Processors.................................................................................................................... |
77 |
Memory....................................................................................................................... |
77 |
NIC............................................................................................................................. |
77 |
iLO 2 Log......................................................................................................................... |
77 |
IML.................................................................................................................................. |
78 |
Diagnostics....................................................................................................................... |
79 |
Insight Agents.................................................................................................................... |
80 |
iLO 2 Remote Console............................................................................................................. |
80 |
Remote Console overview and licensing options..................................................................... |
81 |
Remote Console settings..................................................................................................... |
81 |
Remote console hot keys................................................................................................. |
83 |
Supported hot keys........................................................................................................ |
84 |
Hot keys and international keyboards.............................................................................. |
85 |
Hot keys and Virtual Serial Port....................................................................................... |
85 |
IRC Fullscreen.................................................................................................................... |
85 |
Integrated Remote Console option........................................................................................ |
85 |
Optimizing mouse performance for Remote Console or Integrated Remote Console................ |
88 |
High Performance Mouse settings.................................................................................... |
88 |
Multi-user access to the Integrated Remote Console................................................................ |
89 |
Using Console Capture....................................................................................................... |
90 |
Using HP iLO Video Player.................................................................................................. |
90 |
iLO Video Player user interface....................................................................................... |
91 |
iLO Video Player controls............................................................................................... |
92 |
Acquiring the Remote Console............................................................................................. |
92 |
Remote Console................................................................................................................. |
93 |
Remote Console features and controls.............................................................................. |
94 |
Recommended client settings.......................................................................................... |
94 |
Recommended server settings......................................................................................... |
95 |
Microsoft Windows Server 2003 settings..................................................................... |
95 |
Red Hat Linux and SUSE Linux server settings............................................................... |
95 |
Text-based remote console overview..................................................................................... |
95 |
Text-based console during POST...................................................................................... |
95 |
Text-based console after POST........................................................................................ |
96 |
Using the iLO 2 Text Console..................................................................................... |
97 |
Customizing iLO 2 Text Console................................................................................. |
97 |
Using a Linux session................................................................................................ |
99 |
Virtual serial port and remote serial console...................................................................... |
99 |
Remote Serial Console............................................................................................ |
100 |
Virtual Serial Port enhancements............................................................................... |
101 |
Windows EMS Console........................................................................................... |
102 |
Virtual media....................................................................................................................... |
104 |
Using iLO 2 Virtual Media devices..................................................................................... |
104 |
Virtual Media and Windows 7..................................................................................... |
105 |
iLO 2 Virtual Floppy/USBKey........................................................................................ |
105 |
Virtual Floppy/USB Key operating systems notes......................................................... |
106 |
Operating system USB support................................................................................. |
107 |
Mounting USB Virtual Floppy/USBKey in NetWare 6.5............................................... |
107 |
Mounting USB Virtual Media/USBKey in Linux........................................................... |
108 |
Changing diskettes................................................................................................. |
109 |
iLO 2 Virtual CD/DVD-ROM......................................................................................... |
109 |
Virtual Media CD/DVD-ROM operating system notes.................................................. |
110 |
Mounting USB Virtual Media CD/DVD-ROM in Linux.................................................. |
110 |
Creating iLO 2 disk image files..................................................................................... |
111 |
Virtual folder................................................................................................................... |
111 |
Contents 5
Virtual folder operating system notes.................................................................................. |
112 |
Power management.............................................................................................................. |
112 |
Server power settings....................................................................................................... |
113 |
Server power data........................................................................................................... |
115 |
Processor states............................................................................................................... |
116 |
Power efficiency............................................................................................................... |
117 |
Graceful shutdown........................................................................................................... |
118 |
Brown-Out recovery......................................................................................................... |
119 |
ProLiant BL p-Class Advanced management.............................................................................. |
119 |
Rack View....................................................................................................................... |
120 |
Blade configuration and information.............................................................................. |
121 |
Enclosure information................................................................................................... |
122 |
Power enclosure information......................................................................................... |
122 |
Network component information................................................................................... |
123 |
iLO 2 control of ProLiant BL p-Class server LEDs.................................................................... |
123 |
Server POST tracking................................................................................................... |
123 |
Insufficient power notification........................................................................................ |
124 |
ProLiant BL p-Class alert forwarding.................................................................................... |
124 |
ProLiant BladeSystem HP Onboard Administrator...................................................................... |
124 |
iLO 2 BL c-Class tab......................................................................................................... |
124 |
Enclosure bay IP addressing.............................................................................................. |
125 |
Dynamic power capping for server blades.......................................................................... |
127 |
iLO 2 Virtual Fan............................................................................................................. |
128 |
iLO option....................................................................................................................... |
128 |
Web Administration......................................................................................................... |
128 |
BL p-Class and BL c-Class features...................................................................................... |
129 |
5 Directory services................................................................................... |
130 |
Overview of directory integration............................................................................................ |
130 |
Benefits of directory integration.............................................................................................. |
130 |
Advantages and disadvantages of schema-free directories and HP schema directory..................... |
131 |
Schema-free directory integration....................................................................................... |
131 |
Setting up Schema-free directory integration............................................................................. |
132 |
Active Directory preparation.............................................................................................. |
132 |
Introduction to certificate services.................................................................................. |
132 |
Installing certificate services.......................................................................................... |
132 |
Verifying certificate services.......................................................................................... |
133 |
Configuring Automatic Certificate Request...................................................................... |
133 |
Schema-free browser-based setup....................................................................................... |
133 |
Schema-free scripted setup................................................................................................ |
133 |
Schema-free HPLOMIG-based setup.................................................................................... |
134 |
Schema-free setup options................................................................................................. |
134 |
Schema-free nested groups................................................................................................ |
135 |
Setting up HP schema directory integration.............................................................................. |
136 |
Features supported by HP schema directory integration......................................................... |
136 |
Setting up directory services.............................................................................................. |
136 |
Schema documentation..................................................................................................... |
137 |
Directory services support................................................................................................. |
137 |
Schema required software................................................................................................. |
137 |
Schema installer.............................................................................................................. |
138 |
Schema Preview.......................................................................................................... |
138 |
Setup......................................................................................................................... |
138 |
Results....................................................................................................................... |
139 |
Management snap-in installer............................................................................................ |
140 |
Directory services for Active Directory................................................................................. |
140 |
6Contents
Active Directory installation prerequisites........................................................................ |
140 |
Installing Active Directory on Windows Server 2008....................................................... |
141 |
Directory services preparation for Active Directory........................................................... |
141 |
Snap-in installation and initialization for Active Directory.................................................. |
142 |
Example: Creating and configuring directory objects for use with iLO 2 in Active Directory.... |
143 |
Directory services objects............................................................................................. |
145 |
Active Directory snap-ins......................................................................................... |
146 |
Active Directory role restrictions................................................................................ |
147 |
Active Directory Lights-Out management......................................................................... |
148 |
Directory services for eDirectory......................................................................................... |
149 |
eDirectory installation prerequisites................................................................................ |
149 |
Snap-in installation and initialization for eDirectory.......................................................... |
150 |
Creating and configuring directory objects for use with LOM devices in eDirectory.............. |
150 |
Directory Services objects for eDirectory......................................................................... |
152 |
Role managed devices............................................................................................ |
152 |
Members............................................................................................................... |
153 |
eDirectory Role Restrictions........................................................................................... |
154 |
Time restrictions...................................................................................................... |
154 |
Enforced client IP address or DNS name access......................................................... |
154 |
eDirectory Lights-Out Management................................................................................ |
155 |
User login using directory services..................................................................................... |
156 |
Directory-enabled remote management.................................................................................... |
156 |
Introduction..................................................................................................................... |
156 |
Creating roles to follow organizational structure................................................................... |
157 |
Using existing groups.................................................................................................. |
157 |
Using multiple roles..................................................................................................... |
157 |
How directory login restrictions are enforced....................................................................... |
158 |
Restricting roles........................................................................................................... |
158 |
Role time restrictions............................................................................................... |
159 |
Role address restrictions.......................................................................................... |
159 |
User restrictions........................................................................................................... |
159 |
User address restrictions.......................................................................................... |
159 |
How user time restrictions are enforced...................................................................... |
160 |
Creating multiple restrictions and roles........................................................................... |
160 |
Using bulk import tools..................................................................................................... |
161 |
HPLOMIG directory migration utility........................................................................................ |
162 |
Introduction to HPLOMIG utility.......................................................................................... |
162 |
Compatibility.................................................................................................................. |
162 |
HP Lights-Out directory package........................................................................................ |
163 |
Using HPLOMIG.............................................................................................................. |
163 |
Finding management processors................................................................................... |
163 |
Upgrading firmware on management processors............................................................. |
165 |
Selecting a directory access method.............................................................................. |
166 |
Naming management processors.................................................................................. |
167 |
Configuring directories when HP Extended schema is selected.......................................... |
168 |
Configuring directories when schema-free integration is selected........................................ |
169 |
Setting up management processors for directories............................................................ |
170 |
Directory services schema...................................................................................................... |
171 |
HP Management Core LDAP OID classes and attributes........................................................ |
171 |
Core classes............................................................................................................... |
172 |
Core attributes............................................................................................................ |
172 |
Core class definitions................................................................................................... |
172 |
hpqTarget.............................................................................................................. |
172 |
hpqRole................................................................................................................ |
172 |
hpqPolicy.............................................................................................................. |
173 |
Contents 7
|
Core attribute definitions.............................................................................................. |
173 |
|
hpqPolicyDN......................................................................................................... |
173 |
|
hpqRoleMembership............................................................................................... |
173 |
|
hpqTargetMembership............................................................................................ |
173 |
|
hpqRoleIPRestrictionDefault...................................................................................... |
173 |
|
hpqRoleIPRestrictions............................................................................................... |
174 |
|
hpqRoleTimeRestriction............................................................................................ |
174 |
Lights-Out Management specific LDAP OID classes and attributes........................................... |
175 |
|
|
Lights-Out Management classes..................................................................................... |
175 |
|
Lights-Out Management attributes.................................................................................. |
175 |
|
Lights-Out Management class definitions........................................................................ |
175 |
|
hpqLOMv100........................................................................................................ |
175 |
|
Lights-Out Management attribute definitions.................................................................... |
175 |
|
hpqLOMRightLogin................................................................................................. |
175 |
|
hpqLOMRightRemoteConsole................................................................................... |
176 |
|
hpqLOMRightVirtualMedia...................................................................................... |
176 |
|
hpqLOMRightServerReset......................................................................................... |
176 |
|
hpqLOMRightLocalUserAdmin.................................................................................. |
176 |
|
hpqLOMRightConfigureSettings................................................................................ |
177 |
6 HP Systems Insight Manager integration.................................................... |
178 |
|
Integrating iLO 2 with HP SIM................................................................................................ |
178 |
|
HP SIM functional overview.................................................................................................... |
178 |
|
Establishing SSO with HP SIM................................................................................................ |
178 |
|
HP SIM identification and association...................................................................................... |
179 |
|
HP SIM status.................................................................................................................. |
179 |
|
HP SIM links.................................................................................................................... |
179 |
|
HP SIM systems lists.......................................................................................................... |
180 |
|
Receiving SNMP alerts in HP SIM........................................................................................... |
180 |
|
HP SIM port matching........................................................................................................... |
181 |
|
Reviewing Advanced Pack license information in HP SIM........................................................... |
181 |
|
7 Troubleshooting iLO 2............................................................................. |
182 |
|
iLO 2 POST LED indicators..................................................................................................... |
182 |
|
Event log entries................................................................................................................... |
183 |
|
Hardware and software link-related issues................................................................................ |
186 |
|
JVM |
support........................................................................................................................ |
186 |
Login |
issues......................................................................................................................... |
187 |
Login name and password not accepted............................................................................. |
187 |
|
Directory user premature logout......................................................................................... |
187 |
|
iLO 2 Management Port not accessible by name.................................................................. |
187 |
|
iLO 2 RBSU unavailable after iLO 2 and server reset............................................................. |
188 |
|
Inability to access the login page....................................................................................... |
188 |
|
Inability to access iLO 2 using Telnet.................................................................................. |
188 |
|
Inability to access virtual media or graphical remote console................................................. |
188 |
|
Inability to connect to iLO 2 after changing network settings.................................................. |
188 |
|
Inability to connect to the iLO 2 Diagnostic Port................................................................... |
188 |
|
Inability to connect to the iLO 2 processor through the NIC................................................... |
189 |
|
Inability to log in to iLO 2 after installing the iLO 2 certificate................................................ |
189 |
|
Firewall issues................................................................................................................. |
189 |
|
Proxy server issues........................................................................................................... |
190 |
|
Two-factor authentication error........................................................................................... |
190 |
|
Troubleshooting alert and trap issues....................................................................................... |
190 |
|
Inability to receive HP SIM alarms (SNMP traps) fromiLO 2.................................................... |
191 |
|
iLO 2 Security Override switch........................................................................................... |
191 |
|
Authentication code error message..................................................................................... |
191 |
8Contents
Troubleshooting directory issues.............................................................................................. |
191 |
Domain/name format login issues...................................................................................... |
191 |
ActiveX controls are enabled and I see a prompt but the domain/name login format does not |
|
work.............................................................................................................................. |
192 |
User contexts do not appear to work.................................................................................. |
192 |
Directory user does not logout after the directory timeout has expires...................................... |
192 |
Troubleshooting Remote Console issues................................................................................... |
192 |
Remote Console applet has a red X when running Linux client browser.................................... |
192 |
Inability to navigate the single cursor of the Remote Console to corners of the Remote Console |
|
window.......................................................................................................................... |
192 |
Remote Console no longer opens on the existing browser session........................................... |
193 |
Remote console text window not updating properly.............................................................. |
193 |
Remote Console turns gray or black................................................................................... |
193 |
Remote Serial Console troubleshooting............................................................................... |
193 |
Troubleshooting Integrated Remote Console issues.................................................................... |
194 |
Internet Explorer 7 and a flickering remote console screen..................................................... |
194 |
Configuring Apache to accept exported capture buffers........................................................ |
194 |
No console replay while server is powered down................................................................. |
195 |
Skipping information during boot and fault buffer playback................................................... |
195 |
Out of Memory error starting Integrated Remote Console...................................................... |
195 |
Session leader does not receive connection request when IRC is in replay mode....................... |
195 |
Keyboard LED does not display correctly............................................................................. |
195 |
Inactive IRC..................................................................................................................... |
196 |
IRC Failed to connect to server error message...................................................................... |
196 |
IRC toolbar icons do not update........................................................................................ |
196 |
GNOME interface does not lock........................................................................................ |
197 |
Repeating keys on the Remote Console............................................................................... |
197 |
Remote Console playback does not work when the host server is powered off.......................... |
197 |
Troubleshooting SSH and Telnet issues..................................................................................... |
197 |
Initial PuTTY input slow..................................................................................................... |
197 |
PuTTY client unresponsive with Shared Network Port............................................................. |
197 |
SSH text support from a Remote Console session.................................................................. |
197 |
Troubleshooting terminal services issues................................................................................... |
197 |
Terminal Services button is not working............................................................................... |
197 |
Terminal Services proxy stops responding............................................................................ |
198 |
Troubleshooting video and monitor issues................................................................................ |
198 |
General guidelines........................................................................................................... |
198 |
Telnet displays incorrectly in DOS...................................................................................... |
198 |
Video applications not displaying in the Remote Console...................................................... |
198 |
User interface is not displaying correctly............................................................................. |
198 |
Troubleshooting Virtual Media issues....................................................................................... |
198 |
Virtual Media applet has a red X and does not display......................................................... |
199 |
Virtual Floppy media applet is unresponsive........................................................................ |
199 |
Troubleshooting iLO Video Player issues................................................................................... |
199 |
Video capture file does not play........................................................................................ |
199 |
Video capture file plays erratically...................................................................................... |
199 |
Troubleshooting Remote Text Console issues............................................................................. |
199 |
Viewing the Linux installer in the text console....................................................................... |
199 |
Passing data through an SSH terminal................................................................................ |
199 |
Troubleshooting miscellaneous issues....................................................................................... |
199 |
Cookie sharing between browser instances and iLO 2.......................................................... |
199 |
Shared instances......................................................................................................... |
200 |
Cookie order behavior................................................................................................. |
200 |
Displaying the current session cookie............................................................................. |
201 |
Preventing cookie-related user issues.............................................................................. |
201 |
Contents 9
Inability to access ActiveX downloads................................................................................. |
201 |
Inability to get SNMP information from HP SIM.................................................................... |
201 |
Incorrect time or date of the entries in the event log.............................................................. |
201 |
Inability to upgrade iLO 2 firmware.................................................................................... |
201 |
Diagnostic steps.......................................................................................................... |
202 |
iLO 2 network flash recovery............................................................................................. |
202 |
Recovering from a bad iLO 2 flash image using network flash recovery................................... |
202 |
Recovering from a bad iLO 2 flash image using the HP Smart Update Firmware DVD............... |
203 |
The iLO 2 firmware does not respond to SSL requests............................................................ |
204 |
Testing SSL...................................................................................................................... |
204 |
Resetting iLO 2................................................................................................................ |
204 |
Server name still present after ERASE utility is executed......................................................... |
204 |
Troubleshooting a remote host........................................................................................... |
205 |
8 Technical support................................................................................... |
206 |
Support information.............................................................................................................. |
206 |
HP contact information.......................................................................................................... |
207 |
Before you contact HP........................................................................................................... |
207 |
Acronyms and abbreviations....................................................................... |
208 |
Index....................................................................................................... |
211 |
10 Contents
The iLO 2 firmware provides multiple ways to configure, update, and operate servers remotely. The HP Integrated Lights-Out 2 User Guide describes these features and how to use them with the browser-based interface and RBSU. Some features are licensed features and may only be accessed after purchasing an optional license. For more information, see “Licensing” (page 26).
The HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide describes the syntax and tools available to use iLO 2 through a command-line or scripted interface. Click the link for the guide http://h20000.www2.hp.com/bizsupport/TechSupport/ DocumentIndex.jsp?contentType=SupportManual&lang=en&cc=us&docIndexId=64179& taskId=135&prodTypeId=18964&prodSeriesId=1146658.
This manual discusses HP Integrated Lights-Out 2 firmware version 2.09 for ProLiant ML/DL servers, as well as ProLiant BladeSystem server blades.
The iLO 2 firmware version 2.09 adds:
•iLO 2 Enhanced CLI prompt and Virtual Serial Port Log
•Support for SUSE Linux 10 and 11 (32– and 64–bit)
The iLO 2 firmware can remotely perform most functions that otherwise require a visit to servers at the data center, computer room, or remote location. The following are just a few of the iLO 2 features.
•Remote Console and virtual power – Enables you to view a stalled remote server with blue screen conditions and restart the server without onsite assistance.
•Remote Console – Enables you to change BIOS settings when necessary.
•Virtual KVM technology – Provides a high-performance remote console that enables you to remotely administer operating systems and applications in everyday situations.
•Virtual CD/DVD or floppy – Enables you to install an operating system or flash system firmware over the network from images on your workstations or on centralized web servers.
•Virtual Folder – Enables you to update operating system drivers or copy system files without physical media or creating a disk image.
•Scripting – Enables you to use virtual power and virtual media in other scripting tools to automate deployment and provisioning.
•Active participation in monitoring and maintaining server health, referred to as embedded health. iLO 2 monitors temperatures in the server and sends corrective signals to the fans to maintain proper server cooling. In addition to temperature monitoring, iLO 2 provides fan status monitoring and monitoring of the status of the power supplies, voltage regulators, and the internal hard drives.
These examples are just a few ways iLO 2 is used to manage HP ProLiant servers from your office, home, or travel location. As you begin using iLO 2 and defining your specific infrastructure requirements, refer to this guide for additional ways to simplify your remote server management needs.
For information about the features available in each version of iLO 2, see “Licensing” (page 26).
New in this release of iLO 2 11
The iLO 2 firmware is based on the iLO and shares many common features. However, to use iLO 2 to access a pre-operating system, text-based remote console, you must use the remote serial console. For more information, see “Text-based remote console overview” (page 95).
The following table highlights the differences between iLO 2 and iLO.
Feature |
iLO 2 |
iLO |
Standard features |
|
|
Text console |
Pre-OS |
Pre-OS and OS |
Remote Serial Console (virtual serial |
Pre-OS and OS |
Pre-OS and OS |
port) |
|
|
Server health monitoring and |
Yes |
No |
maintenance |
|
|
Advanced features |
|
|
Text console |
Pre-OS and OS |
Pre-OS and OS |
Remote console |
Yes (Virtual KVM ) |
Yes |
Integrated Remote Console |
Yes |
No |
Support for Microsoft JVM |
Yes |
No |
Remote Console Acquire button |
Yes |
Yes |
Terminal Services integration |
Yes |
Yes |
HP schema directory integration |
Yes |
Yes |
Schema-free directory integration |
Yes |
Yes |
Two-factor authentication |
Yes |
Yes |
Power Regulator reporting |
Yes |
Yes |
Virtual Floppy and CD/DVD-ROM |
Yes |
Yes |
USB key virtual media |
Yes |
Yes |
Virtual folder |
Yes |
No |
HP Insight Control server deployment integrates with iLO 2 to enable the management of remote servers and the performance of remote console operations, regardless of the state of the operating system or hardware.
The deployment server provides the capability to use the power management features of iLO 2 to power on, power off, or cycle power on the target server. Each time a server connects to the deployment server, the deployment server polls the target server to determine whether a LOM management device is installed. If installed, the server gathers information including the DNS name, IP address, and user login name. Security is maintained by requiring the user to enter a correct password.
For more information about the HP Insight Control server deployment, see the documentation that ships on the HP Insight Software DVD, or the HP Insight Control webpage at http://www.hp.com/ go/insightcontrol.
12 Overview
Server management through the IPMI is a standardized method for controlling and monitoring the server. iLO 2 provides server management based on the IPMI version 2.0 specification.
The IPMI specification defines a standardized interface for platform management. The IPMI specification defines the following types of platform management:
•Monitoring of system information, such as fans, temperatures, and power supplies
•Recovery capabilities, such as system resets and power on/off operations
•Logging capabilities, for abnormal events such as over temperature readings or fan failures
•Inventory capabilities, such as identifying failed hardware components
IPMI communications are dependent on the BMC and the SMS. The BMC manages the interface between the SMS and the platform management hardware. iLO 2 emulates the BMC functionality and the SMS functionality can be provided by various industry-standard tools. For additional information, see the IPMI specification on the Intel website at http://www.intel.com/design/servers/ ipmi/tools.htm.
The iLO 2 firmware provides the KCS interface, or open interface, for SMS communications. The KCS interface provides a set of I/O mapped communications registers. The default system base address for the I/O mapped SMS Interface is 0xCA2 and is byte aligned at this system address.
The KCS interface is accessible to SMS software that is running on the local system. Examples of compatible SMS software applications include:
•IPMI version 2.0 Command Test Tool is a low-level MS-DOS command line tool that enables hex-formatted IPMI commands to be sent to an IPMI BMC that implements the KCS interface. You can locate this tool on the Intel website at http://www.intel.com/design/servers/ipmi/ tools.htm.
•IPMItool is a utility for managing and configuring devices that support the IPMI version 1.5 and version 2.0 specifications and can be used in a Linux environment. You can locate this tool on the IPMItool website at http://ipmitool.sourceforge.net/index.html.
IPMI functionality provided by iLO 2
When emulating a BMC for the IPMI interface, iLO 2 supports all mandatory commands listed in the IPMI version 2.0 specification. See the IPMI version 2.0 specification for a listing of these commands. Also, the SMS uses the methods described in the specification for determining which IPMI features are enabled or disabled in the BMC (for example, using the Get Device ID command).
If the server operating system is running and the health driver is enabled, any IPMI traffic through the KCS interface can affect the performance of the health driver and overall health performance of the system. Do not issue any IPMI commands through the KCS interface that might detrimentally affect the monitoring performed by the health driver. These commands include any commands that sets or changes IPMI parameters, such as Set Watchdog Timer and Set BMC Global Enabled. Any IPMI command that simply returns data is safe to use, such as Get Device ID and Get Sensor Reading.
The iLO 2 firmware implementation of WS-Management is in accordance with the DTMF Web Services for Management 1.0.0a specification.
iLO 2 Overview 13
Authentication:
•The iLO 2 firmware uses basic authentication over SSL, compliant with profile: wsman:secprofile/https/basic.
•Authenticated users are authorized to execute WS-Management commands in accordance with designated privileges in their local or directory accounts.
•To enable basic authentication on Windows Vista, enter gpedit.msc at the command prompt to launch the Group Policy Object Editor. Select Computer Configuration> Administrative Templates> Windows Components> Windows Remote Management (WinRM)> WinRM Client. Set Allow Basic authentication to Enabled.
Compatibility:
•WS-Management in iLO 2 is compatible with the Windows Vista WinRM utility, Microsoft Operations Manager 3, and the Management Pack provided by HP.
•The full set of WS-Management commands is available on iLO 2 servers that support embedded system health. A greatly reduced subset of these commands is available on servers without embedded systems health support.
Commands:
The following commands are available for remote invocation of the following devices:
•Server power
•UID
Status:
The WS-Management in iLO 2 returns status information for fans, temperatures, power supplies, and VRMs.
The iLO 2 browser interface groups similar tasks for easy navigation and workflow. These tasks are organized under high-level tabs across the top of the iLO 2 interface. These tabs appear on the browser interface and include System Status, Remote Console, Virtual Media, Power Management, and Administration.
Each high-level iLO 2 tab has a menu on the left side of the interface with various options. When you select a different high-level tab, the menu changes, and displays the options available from that tab. Each menu option displays a page title, which is a description of the information or settings available on that page. This page title might not reflect the name that appears on the menu option.
Assistance for all iLO 2 pages is available from iLO 2 Help. Links on each iLO 2 page provide summary information about the features of iLO 2 and helpful information to optimize its operation. To access page-specific help, click the question mark (?) on the right side of the browser window.
Typical user tasks are found under the System Status, Remote Console, Virtual Media, and Power Management tabs of the iLO 2 interface. These tasks are described in “Using iLO 2” (page 74).
The Administration tab is typically used by an advanced or administrative user who must manage users, configure global and network settings, as well as configure or enable the more advanced functions of iLO 2. These tasks are discussed in “Setting up iLO 2” (page 17) and “Configuring iLO 2” (page 24).
Subject-specific areas of iLO 2 functionality and integration are detailed in:
•“Directory services” (page 130)
•“Directory-enabled remote management” (page 156)
•“HPLOMIG directory migration utility” (page 162)
•“HP Systems Insight Manager integration” (page 178)
14 Overview
•“Troubleshooting iLO 2” (page 182)
•“Directory services schema” (page 171)
•Microsoft Internet Explorer 7, Internet Explorer 8, Internet Explorer 9
◦These browsers are supported on Microsoft Windows products.
◦HP supports Microsoft JVM and SUN Java 1.4.2_13. To download the recommended JVM for your system configuration, see the website at http://h18006.www1.hp.com/ products/servers/management/ilo_table.html?jumpid=reg_r1002_usen.
•Mozilla Firefox versions 8, 9, and 10
◦This browser is supported on Red Hat Enterprise Linux Desktop 4 and Novell Linux Desktop 9.
◦HP supports Microsoft JVM and SUN Java 1.4.2_13. To download the recommended JVM for your system configuration, see the HP website at http://h18006.www1.hp.com/ products/servers/management/ilo_table.html?jumpid=reg_r1002_usen.
Certain browsers and operating system combinations might not work correctly, depending on the implementation of the required browser technologies.
iLO 2 is an independent microprocessor running an embedded operating system. The architecture ensures that the majority of iLO 2 functionality is available, regardless of the host operating system.
For graceful host operating system shutdown, HP SIM integration requires health drivers and Management Agents or remote console access.
iLO 2 provides two interface drivers:
•The iLO 2 Advanced Server Management Controller Driver (health driver) – Provides system management support, including monitoring of server components, event logging, and support for the Management Agents.
•The iLO 2 Management Interface Driver – Enables system software and SNMP Insight Agents to communicate with iLO 2.
These drivers and agents are available for the following network operating systems:
•Microsoft
◦Windows 2008 Server
◦Windows 2008 Advanced Server
◦Windows Server 2003
◦Windows Server 2003, Web Edition
◦Windows Small Business Server 2003 (ML300 series)
◦Windows Vista
•Red Hat
◦RedHat Enterprise Linux 3 (x86)
◦RedHat Enterprise Linux 3 (AMD64/EM64T)
◦RedHat Enterprise Linux 4 (x86)
iLO 2 browser interface overview 15
◦RedHat Enterprise Linux 4 (AMD64/EM64T)
◦RedHat Enterprise Linux 5 (x86)
◦RedHat Enterprise Linux 5 (AMD64/EM64T)
•SUSE LINUX
◦SUSE LINUX Enterprise Server 9 (x86)
◦SUSE LINUX Enterprise Server (AMD64/EM64T)
◦SUSE LINUX Enterprise Server 10
◦SUSE LINUX 10 (32– and 64–bit)
◦SUSE LINUX 11 (32– and 64–bit)
16 Overview
To quickly set up iLO 2 by using the default settings for iLO 2 Standard and iLO Advanced features, follow these steps:
1.To decide how you want to structure networking and security, see“Preparing to set up iLO 2” (page 17)
2.To connect iLO 2 to the network, see “Connecting to the network” (page 18).
3.If you are not using dynamic IP addressing to configure a static IP address, use the iLO 2 RBSU. See “Configuring the IP address” (page 19).
4.To log into iLO 2 from a supported browser or command line using the default user name, password, and DNS name provided on the iLO 2 Network Settings tag attached to the server, see “Logging in to iLO 2 for the first time” (page 20).
5.Change the default user name and password on the administrator account to your predefined selections.
6.To use the local accounts feature, set up your user accounts, see “Setting up user accounts” (page 20).
7.To activate iLO 2 advanced features, see “Activating iLO 2 licensed features with a browser” (page 21).
8.To install the iLO 2 device drivers, see “Installing iLO 2 device drivers” (page 21).
Before setting up your iLO 2 management processors, you must decide how to handle networking and security. The following questions can help you configure iLO 2 for your needs:
1.How should iLO 2 connect to the network?
For a graphical representation and explanation of the available connections, see “Connecting to the network” (page 18). Typically iLO 2 is connected to the network using either:
•A corporate network where both the NIC and the iLO 2 port are connected to the corporate network. This connection enables access to iLO 2 from anywhere on the network and reduces the amount of networking hardware and infrastructure required to support iLO 2. However, on corporate networks, network traffic can impede iLO 2 performance.
•A dedicated management network with the iLO 2 port on a separate network. A separate network improves performance and security because you can physically control which workstations are connected to the network. A separate network also provides redundant access to the server when a hardware failure occurs on the corporate network. In this configuration, iLO 2 cannot be accessed directly from the corporate network.
2.How will iLO 2 acquire an IP address?
To access iLO 2 after connecting it to the network, the management processor must acquire an IP address and subnet mask using either a dynamic or static process:
•Dynamic IP address is set by default. iLO 2 obtains the IP address and subnet mask from DNS/DHCP servers. This method is the simplest.
•Static IP address is used to configure a static IP address if DNS/DHCP servers are not available on the network. A static IP address can be configured in iLO 2 using the RBSU.
If using a static IP, you must have an IP address before starting iLO 2 setup.
Quick setup 17
3.What access security is required and what user accounts and privileges are needed?
The iLO 2 firmware provides several options to control user access. You must select one of the following methods to prevent unauthorized access to corporate IT assets:
•Local accounts with up to 12 user names and passwords can be stored on iLO 2. This is ideal for small environments such as labs and smalland medium-sized businesses.
•Directory services use the corporate directory (Microsoft Active Directory or Novell eDirectory) to manage iLO 2 user access. This is ideal for environments with a large number of frequently changing users. If you plan to use Directory services leave at least one local account enabled for alternate access. For more information, see “Security” (page 41).
4.How do you want to configure iLO 2?
The iLO 2 firmware supports various interfaces for configuration and operation. This guide discusses the following interfaces:
•Using iLO 2 RBSU when the system environment does not use DHCP, DNS, or WINS. For more information, see “Setting up iLO 2 using iLO 2 RBSU” (page 20).
•Using a browser-based setup when you can connect to iLO 2 on the network using a browser. This method can also reconfigure a previously configured iLO 2. For more information, see “Setting up iLO 2 with the browser-based option” (page 21).
•Using SMASH CLP when a command line is accessible through Telnet, SSH, or physical serial port. For more information, see the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide at http://h20000.www2.hp.com/ bizsupport/TechSupport/DocumentIndex.jsp?contentType=SupportManual&lang=en& cc=us&docIndexId=64179&taskId=135&prodTypeId=18964&prodSeriesId=1146658.
The iLO 2 default settings enable you to use most features with no additional configuration. However, the extensive configuration flexibility of iLO 2 enables customization for multiple enterprise environments. For all available options, see “Configuring iLO 2” (page 24).
For advanced setup of multiple iLO 2 management processors using scripting commands, the following methods are available. Scripts are text files written in an XML-based scripting language called RIBCL. You can use RIBCL scripts to configure iLO 2 on the network, during initial deployment, or from an already deployed host. Each method is described in the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide at http:// h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=SupportManual& lang=en&cc=us&docIndexId=64179&taskId=135&prodTypeId=18964&prodSeriesId=1146658
•CPQLOCFG is a Microsoft Windows utility that sends RIBCL scripts to iLO 2 over the network.
•HPONCFG is a local, online, and scripted setup utility that runs on the host and passes RIBCL scripts to the local iLO 2 firmware. This utility has Windows and Linux versions, which require the iLO 2 Management Interface Driver.
•Perl is a scripting language that you use from Linux clients to send RIBCL scripts to the iLO 2 firmware over the network.
Typically, iLO 2 is connected to the network in one of two ways:
•Corporate network, where both ports are connected to the corporate network. In this configuration, the server has two network ports (one server NIC, and one iLO 2 NIC) connected to a corporate network.
18 Setting up iLO 2
•Dedicated management network, where the iLO 2 port is on a separate network.
This step is necessary only if you are using a static IP address. When using dynamic IP addressing, your DHCP server automatically assigns an IP address for iLO 2. To simplify installation, HP recommends using DNS or DHCP with iLO 2.
To configure a static IP address, use the iLO 2 RBSU with the following procedure to disable DNS and DHCP and configure the IP address and the subnet mask:
1.Restart or power the server on.
2.Press the F8 key when prompted during POST. The iLO 2 RBSU runs.
3.Select Network>DNS/DHCP, press the Enter key, and then select DHCP Enable.
4.Press the spacebar to turn off DHCP. Be sure that DHCP Enable is set to Off, and then save the changes.
5.Select Network>NIC>TCP/IP, press the Enter key, and then enter the appropriate information in the IP Address, Subnet Mask, and Gateway IP Address fields.
6.Save the changes.
7.Exit iLO 2 RBSU. The changes take effect when you exit iLO 2 RBSU.
Configuring the IP address |
19 |
The iLO 2 firmware is configured with a default user name, password, and DNS name. Default user information is located on the iLO 2 Network Settings tag attached to the server containing the iLO 2 management processor. Use these values to access iLO 2 remotely from a network client using a standard Web browser.
For security reasons, HP recommends changing the default settings after logging in to iLO 2 for the first time.
The default values are:
•User name – Administrator
•Password – A random, eight-character, alphanumeric string
•DNS Name – ILOXXXXXXXXXXXX
where XXXXXXXXXXXX represents the serial number of the server
NOTE: User names and passwords are case sensitive.
If you enter an incorrect user name and password, or a log in attempt fails, then iLO 2 imposes a security delay. For more information on login security, see “Login security” (page 44).
The iLO 2 firmware comes preconfigured with default factory settings, including a default user account and password. For security reasons, HP recommends changing the default settings after logging in to iLO 2 for the first time. These changes can be made using any of the iLO 2 user interfaces. RBSU and browser procedures are explained in this user guide. Other options including the SMASH CLP and scripting methods are described in the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide at http://h20000.www2.hp.com/ bizsupport/TechSupport/DocumentIndex.jsp?contentType=SupportManual&lang=en&cc=us& docIndexId=64179&taskId=135&prodTypeId=18964&prodSeriesId=1146658.
If iLO 2 is connected to a network running DNS or DHCP, you can use it immediately without changing any settings.
HP recommends that you use the iLO 2 RBSU to initially set up iLO 2 and configure iLO 2 network parameters for environments that do not use DHCP and DNS, or WINS. RBSU provides the basic tools to configure iLO 2 network settings and user accounts to get iLO 2 on the network.
You can use RBSU to configure network parameters, global settings, and user accounts. The iLO 2 RBSU is not intended for continued administration. RBSU is available every time the server is booted and can be run remotely using the iLO 2 Remote Console.
The iLO 2 RBSU can be disabled in the Global Settings preferences. Disabling iLO 2 RBSU prevents reconfiguration from the host unless the iLO 2 Security Override Switch is set.
To run iLO 2 RBSU to set up local accounts:
1.Restart or power the server on.
2.Press the F8 key when prompted during POST. The iLO 2 RBSU runs.
3.If prompted, enter a valid iLO 2 user ID and password with the appropriate iLO 2 privileges (Administer User Accounts>Configure iLO 2 Settings). Default account information is located on the iLO 2 Default Network Settings tag attached to the server containing the iLO 2 management processor. If iLO 2 has not been configured to present a login challenge to the RBSU, then no prompt appears.
4.Make and save any necessary changes to the iLO 2 configuration.
5.Exit iLO 2 RBSU.
20 Setting up iLO 2
If you can connect to iLO 2 on the network with a browser, then use the browser-based setup method. You can also use this method to reconfigure a previously configured iLO 2.
Access iLO 2 from a remote network client using a supported browser, and provide the default DNS name, user name, and password. Default DNS name and account information is located on the iLO 2 Network Settings tag attached to the server containing the iLO 2 management processor.
When you successfully log onto iLO 2, you can change the default values of the local user accounts by selecting User Administration under the iLO 2 Administration tab.
The Licensing page enables you to view the current license status and enter a key to activate iLO 2 license features. The iLO 2 version and current license information appears in this section. If a license is installed (including an evaluation license), the license number appears. For more information about iLO 2 license options, see “Licensing” (page 26).
1.Log into iLO 2 through a supported browser.
2.To display the iLO 2 license activation screen, click Administration>Licensing.
3.Enter the license key. To move between fields, press the Tab key or click inside a field. The Activation Key field advances automatically as you enter data. To clear the fields and reload the page, click Licensing.
4.Click Install. The EULA confirmation appears. The EULA details are available on the HP website at http://www.hp.com/servers/lights-out and with the license kit.
5.Click OK.
The advanced features of iLO 2 are now enabled.
The iLO 2 Management Interface Driver enables system software such as SNMP Insight Agents and the Terminal Services passthrough service to communicate with iLO 2.
The device drivers required to support iLO 2 are part of the PSP located on the SmartStart CD, Management CD, or on the HP website at http://www.hp.com/servers/lights-out.
All the support drivers for your server and iLO 2 can be downloaded from the HP website at http:// www.hp.com/servers/lights-out.
To download the drivers:
Activating iLO 2 licensed features with a browser |
21 |
1.Click the iLO 2 graphic.
2.Select Software and Drivers.
The device drivers that support the iLO 2 are part of the PSP that is located on the HP website at http://www.hp.com/support or on the SmartStart CD. Before you install the Windows drivers, obtain the Windows documentation and the latest Windows Service Pack.
iLO 2 prerequisite files:
•CPQCIDRV.SYS – Provides the iLO 2 Management Interface Driver support.
•CPQASM2.SYS, SYSMGMT.SYS, and SYSDOWN.SYS – Provide the iLO 2 Advanced Server Management Controller Driver support.
PSP for Microsoft Windows products includes an installer that analyzes system requirements and installs all drivers. The PSP is available on the HP website at http://www.hp.com/support or on the SmartStart CD.
To install the drivers in the PSP:
1.Download the PSP from the HP website at http://www.hp.com/support.
2.Run the SETUP.EXE file included in the download, and then follow the installation instructions.
For additional information about the PSP installation, read the text file included in the PSP download.
You can download the LSP files containing the iLO 2 driver, the foundation agents, and health agents from the HP website at http://www.hp.com/support. The instructions on how to install or update the iLO 2 driver are available on the website. The HP Management Agents for Linux are:
•RPM package (hp-snmp-agents) combines the health driver, IML viewer, foundation agents, health agent, and standard equipment agent into one package.
•RPM package (hp-iLO) combines the RIB driver, rack daemon, RIB agent, and rack agent into one package.
To load the health and iLO 2 driver packages, enter the following commands:
rpm -ivh hp-snmp-agents-d.vv.v-pp.Linux_version.i386.rpm
rpm -ivh hp-iLO-d.vv.v-pp.Linux_version.i386.rpm
where:
d is the Linux distribution and version
vv.v-pp are version numbers
To remove the health and iLO 2 drivers, enter the following commands:
rpm -e hp-snmp-agents
rpm -e hp-iLO
For additional information, see the HP Software and Drivers website at http://www.hp.com/ support.
The device drivers required to support iLO 2 are part of the PSP that is located on the SmartStart CD and the HP website at http://www.hp.com/support. The PSP for Novell NetWare includes an installer that analyzes system requirements and installs all drivers.
iLO 2 requires the following files:
•The CPQHLTH.NLM file provides the Health Driver for Novell NetWare.
•The CPQCI.NLM file provides iLO 2 Management Interface Driver support.
22 Setting up iLO 2
When updating iLO 2 drivers, be sure iLO 2 is running the latest version of iLO 2 firmware. You can obtain the latest version as a Smart Component from the HP website at http://www.hp.com/ servers/lights-out.
Install the drivers download the PSP from the HP website at http://www.hp.com/support to a NetWare server. After downloading the PSP, follow the Novell NetWare component installation instructions to complete the installation. For additional information about the PSP installation, read the text file included in the PSP download.
When using Novell NetWare 6.X, use the ATI ES1000 video driver that is provided by the operating system for best results.
Installing iLO 2 device drivers 23
Typically, an advanced or administrative user who must manage users and configure global and network settings configures iLO 2. You can configure iLO 2 using the iLO 2 browser-based GUI or scripting tools such as CPQLOCFG and HPONCFG (described in the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide at http:// h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=SupportManual& lang=en&cc=us&docIndexId=64179&taskId=135&prodTypeId=18964&prodSeriesId=1146658.
The iLO 2 Administration tab enables you to configure and manage user settings, SNMP alerting (through integration with HP SIM), security settings, licensing, certificate administration, directory settings, and network environment settings. The Administration tab includes the following menu options:
•iLO 2 Firmware. See“Upgrading iLO 2 firmware” (page 24).
•Licensing. See “Licensing” (page 26).
•User Admininstration. See “User administration” (page 28)
•Settings
◦ Access. See “Configuring iLO 2 access” (page 33)
◦
◦
◦
Security. See “Security” (page 41)
Network. See “Network” (page 60)
Management. See “SNMP/Insight Manager settings” (page 65)
Firmware upgrades enhance the functionality of iLO 2. You can find the latest firmware on the HP website at http://www.hp.com/servers/lights-out. Select your iLO 2 product, and then select Software & Drivers. After the software and drivers page appears, select your iLO 2 product and operating system, and then click Locate Software. You can also locate your iLO 2 software by selecting the Operating System and Category options.
You must have the Configure iLO 2 privilege (configure local device settings) to update the firmware unless, you set the security override switch. For more information, see “iLO 2 Security Override Switch administration” (page 42). If the security override switch is set, any iLO 2 user can update the firmware. You must run firmware updates from an Administrator or root context on the host operating system.
To update the iLO 2 choose one of the following methods:
•Online firmware update – Download the appropriate operating system component and run it from the Administrator or root context of the operating system. The online firmware update software runs on the host operating system and updates the iLO 2 firmware without requiring you to log in to iLO 2.
•Offline firmware update for SmartStart maintenance – Download the iLO 2 firmware image file you plan to install, and see “Upgrading iLO 2 with a browser” (page 25).
•Firmware Maintenance CD-ROM – Download the component to create a bootable CD that contains many firmware updates for ProLiant servers and options.
•Scripting with CPQLOCFG – Download the CPQLOCFG component to get the network-based scripting utility CPQLOCFG. CPQLOCFG enables you to use RIBCL scripts that perform firmware
24 Configuring iLO 2
updates, iLO 2 configuration, and iLO 2 operations in bulk, securely over the network. HP recommends that Linux users review the HP Lights-Out XML PERL Scripting Samples for Linux.
•Scripting with HPONCFG – Download the HPONCFG component to get the host-based scripting utility HPONCFG. This utility enables you to use RIBCL scripts that perform firmware updates, Lights-Out processor configuration and operations in bulk, from Administrator or root account access on supported host operating systems.
•HP Directories Support for Management Processors – Download the HP Directories Support for Management Processors executable file to get the directory support components. One of the components, HPLOMIG, can be used to discover iLO 2 processors, and update the firmware. You do not have to use directory integration to take advantage of this functionality.
You can complete the firmware upgrade from any network client using a supported browser. You must have the Update iLO 2 Firmware privilege to upgrade the iLO 2 firmware. The most recent firmware for iLO 2 is available on the HP website at http://www.hp.com/servers/lights-out. To upgrade the iLO 2 firmware using a supported browser:
1.Log in to iLO 2 with an account that has the Configure iLO 2 Settings privilege.
2.Click Administration>Upgrade iLO 2 Firmware. The Upgrade iLO 2 Firmware page appears.
3.Enter the file name in the New firmware image field or browse for the file.
4.Click Send firmware image. The firmware upgrade takes a few minutes. A progress bar displays the progress of the firmware upgrade.
Do not interrupt an Upgrade iLO 2 Firmware session. The iLO 2 system automatically resets after a successful firmware upgrade. The iLO 2 system reset does not affect the host operating system and server.
If the firmware upgrade is interrupted or fails, attempt the upgrade again immediately. Do not reset the iLO 2 system before reattempting a firmware upgrade.
To use HP Smart Update Manager on the Firmware Maintenance CD:
1.Place the Firmware Maintenance CD on a USB key using the USB Key Creator Utility.
2.Copy CP009768.exe to the /compaq/swpackages directory on the USB Key.
3.Follow HP Smart Update Manager steps to complete firmware update.
Upgrading iLO 2 firmware 25
To recover from a failed firmware update using the HP Drive Key Boot Utility:
1.Copy the iLO 2 offline flash component to your USB drive key.
2.Verify that the iLO 2 security override switch is set to disabled.
3.Boot the USB drive key containing the iLO 2 flash component.
To download the HP Drive Key Boot Utility and for information on how to create a boot USB key, see the HP website at http://www.hp.com/go/support.
4.After the first screen displays, switch to text console by pressing the Ctrl+Alt+F1 keys.
5.Switch to the directory where the flash component is stored by entering cd /mnt/usb/components/ at the # prompt.
6.Remove the loaded HP Lights-Out driver by entering the following commands:
/etc/init.d/hp-snmp-agents stop /etc/init.d/hp-ilo stop
or
/etc/init.d/hpasm stop
7.Run the component using the - -direct option. For example:
./CP00xxxx.scexe – –direct
8.Enter y at the Continue (y/n)? prompt.
9.After programming is successfully completed, set the security override switch to enabled and reboot the server.
If you downgrade the iLO 2 firmware, you must remove the iLO 2 1.30 Remote Console ActiveX applet 1.3.0.19 from your Internet Explorer client browser. To remove the applet:
1.Open Internet Explorer.
2.Select Tools>Internet Options>Settings>View objects.
3.To remove 1.30.19, right-click iLO2 Remote console 1.3.0.18.
HP iLO Advanced Pack and HP iLO Advanced Pack for Blade System licenses activate optional iLO 2 features that are not bundled with an unlicensed system.
If you purchase the iLO Advanced Pack or the iLO Advanced Pack for BladeSystem with any Insight Control software suite or iLO Power Management Pack, HP provides Technical Support and Update Services. For more information, see “Support information” (page 206).
If you purchase the iLO Advanced Pack or the iLO Advanced Pack for Blade System as a one-time activation of licensed features, you must purchase future functional upgrades. For more information, see “Support information” (page 206).
One iLO Advanced or iLO Advanced Pack for Blade System license is required for each server on which the product is installed and used. Licenses are nontransferable. You cannot license an HP ProLiant ML/DL server with an iLO Advanced for BladeSystem. For additional information, see the EULA.
HP will continue to provide maintenance releases with fixes as well as iLO Standard and iLO Standard Blade Edition feature enhancements at no extra charge.
A 60-day evaluation license key is available for download from the HP website. The evaluation license activates and enables access to iLO 2 Advanced features. You can only install one evaluation license per iLO 2. When the evaluation period expires, the iLO 2 features deactivate.
The following versions of iLO 2 are available:
26 Configuring iLO 2
NOTE: The features annotated with an asterisk (*) are not supported on all systems.
Feature |
iLO 2 Advanced |
iLO 2 Advanced for |
iLO 2 Standard |
iLO 2 Standard Blade |
|
|
BladeSystem |
|
Edition |
Virtual power and |
X |
X |
X |
X |
reset control |
|
|
|
|
Server console access |
X |
X |
X |
X |
through POST |
|
|
|
|
Text console after |
X |
X |
– – |
– – |
POST |
|
|
|
|
Event logs |
X |
X |
X |
X |
System health* and |
X |
X |
X |
X |
configuration |
|
|
|
|
UID |
X |
X |
X |
X |
DMTF SMASH |
X |
X |
X |
X |
standard CLP |
|
|
|
|
RIBCL/XML scripting |
X |
X |
X |
X |
WS Management |
X |
X |
X |
X |
Scripting |
|
|
|
|
Browser access |
X |
X |
X |
X |
SSH access |
X |
X |
X |
X |
Shared network port |
X |
– – |
X |
– – |
Serial access |
X |
X |
X |
X |
Remote serial console |
X |
X |
X |
X |
Integrated remote |
X |
X |
– – |
X |
console |
|
|
|
|
Remote console |
X |
X |
– – |
X |
Virtual media applet |
X |
X |
– – |
X |
Secure digital card |
X |
X |
– – |
X |
support* |
|
|
|
|
Terminal services |
X |
X |
– – |
X |
passthrough |
|
|
|
|
Virtual media scripting |
X |
X |
– – |
– – |
Directory integration |
X |
X |
– – |
– – |
24 hour power |
X |
X |
X |
X |
reporting* |
|
|
|
|
Real-time power |
X |
X |
– – |
– – |
reporting* |
|
|
|
|
Dynamic power |
X |
X |
– – |
– – |
capping |
|
|
|
|
Group power capping |
X |
X |
– – |
– – |
Two-factor smart card |
X |
X |
– – |
– – |
authentication |
|
|
|
|
HP SIM single sign-on |
X |
X |
– – |
– – |
Licensing 27
Feature |
iLO 2 Advanced |
iLO 2 Advanced for |
iLO 2 Standard |
iLO 2 Standard Blade |
|
|
BladeSystem |
|
Edition |
Kernel debugger for |
X |
X |
– – |
– – |
Windows |
|
|
|
|
Console replay |
X |
X |
– – |
– – |
Shared remote |
X |
X |
– – |
– – |
console |
|
|
|
|
Boot/fault console |
X |
X |
– – |
– – |
capture |
|
|
|
|
iLO video player |
X |
X |
X |
X |
(license required for |
|
|
|
|
capture) |
|
|
|
|
Enhanced CLI prompt |
X |
X |
X |
X |
Virtual Serial port log |
X |
X |
– – |
– – |
In addition to the standard iLO 2 single-server licenses, two other licensing options are available:
•The Flexible Quantity License Kit enables you to purchase a single software package, one copy of the documentation, and a single license key to activate the exact number of licenses requested.
•The Activation Key Agreement enables a volume purchase of ProLiant Essentials and Insight Control software over time, typically in conjunction with new ProLiant servers that are acquired on a regular basis.
The iLO 2 firmware enables you to manage user accounts stored locally in the secure iLO 2 memory and directory group accounts. Use MMC or ConsoleOne to manage directory user accounts.
The iLO 2 firmware supports up to 12 users with customizable access rights, login names, and advanced password encryption. Privileges control individual user settings. Users can have privileges customized to their individual access requirements. To support more than 12 users, you must have the Advanced Pack, which enables integration with an unlimited number of directory-based user accounts.
You must have the Administer User Accounts privilege to view iLO 2 users, add new users, and modify or delete existing users. If you do not have this privilege, you can view and modify only your account.
To access local accounts, click Administration>User Administration>Local Accounts.
28 Configuring iLO 2
iLO 2 Directory Accounts enables you to view iLO 2 groups and modify the settings for those groups. You must have the Administer Directory Groups privilege. To access Directory Accounts, click Administration>User Administration>Group Accounts.
NOTE: Only users with the Administer User Accounts privilege can manage other users on iLO 2.
You can assign a different access privilege to each user. Each user can have a unique set of privileges designed for the tasks that the user must perform. You can grant or deny access to critical functions such as remote access, user management, virtual power, and other features.
To add a new user to iLO 2:
1.Log in to iLO 2 using an account that has the Administer User Accounts privilege.
2.Click Administration.
3.Select User Administration>Local Accounts.
4.Click New.
User administration 29
5.Complete the fields. The following options are available:
•User Name appears in the user list and on the home page. It is not necessarily the same as the Login name. The maximum length for a User Name is 39 characters. The User Name must use printable characters.
•Login Name is the name that you must use when logging in to iLO 2. The maximum length for a login name is 39 characters. The login name can only use printable characters.
•Password and Confirm Password fields set and confirm the password that is used when logging in to iLO 2. The minimum length for a password is set in the Access Options page. The maximum length for a password is 39 characters. Enter the password twice for verification.
•Administer User Accounts is a user privilege that allows you to add, modify, and delete local iLO 2 user accounts. Administer User Accounts also allows you to alter privileges for all users, including granting all permissions to yourself. Without this privilege, you can only view your own settings and change your own password.
•Remote Console Access is a user privilege that allows you to remotely access the host system Remote Console and Remote Serial Console, including video, keyboard and mouse control. You are still required to have access to the remote system to use this capability.
•Virtual Power and Reset is a user privilege that allows you to power-cycle or reset the host platform. Any of these activities interrupts the availability of the system. You can also diagnose the system using the virtual NMI button.
•Virtual Media is a user privilege that allows you to use virtual media on the host platform.
•Configure iLO 2 Settings is a privilege that allows you to configure most iLO 2 settings, including security settings. Configure iLO 2 Settings enables you to remotely update iLO 2 firmware. It does not include user account administration. These settings rarely change.
After correctly configuring iLO 2, revoking this privilege from all users prevents reconfiguration. A user with the Administer User Accounts privilege can enable or disable this privilege. If iLO 2 RBSU is enabled, you can also reconfigure iLO 2.
•User Certificate Information maps a certificate to a user. User certificates are only required for two-factor authentication. If a certificate is not mapped to the user account, then the following message displays A certificate has NOT been mapped to this user, along with the Add a Certificate button. Click this button to map a certificate to the user. After a certificate is mapped to the user account, a 40-digit thumbprint of the certificate appears, along with the Remove this Certificate button, which can be used to remove the certificate. If Two-Factor Authentication is enabled, map a different certificate
30 Configuring iLO 2