LENOVO products, data, computer software, and services have been developed exclusively at private expense and
are sold to governmental entities as commercial items as defined by 48 C.F.R. 2.101 with limited and restricted
rights to use, reproduction and disclosure.
LIMITED AND RESTRICTED RIGHTS NOTICE: If products, data, computer software, or services are delivered
pursuant a General Services Administration ″GSA″ contract, use, reproduction, or disclosure is subject to restrictions
set forth in Contract No. GS-35F-05925.
Contents
Chapter 1. Introduction ........1
IMM features ..............2
Upgrading from IMM Standard to IMM Premium 3
Comparing the IMM to other systems-
management hardware in ThinkServer servers .. 3
Web browser and operating-system requirements . . 7
Notices used in this book ..........7
Chapter 2. Opening and using the IMM
Web interface ............9
Accessing the IMM Web interface .......9
Setting up the IMM network connection through
the Server Firmware Setup Utility ......9
Logging in to the IMM.........10
IMM action descriptions ..........11
Chapter 3. Configuring the IMM ....15
Setting system information .........15
Setting server timeouts.........16
Setting the IMM date and time .......17
Synchronizing clocks in a network......18
Disabling the USB in-band interface .....19
Creating a login profile..........20
Deleting a login profile..........23
Configuring the global login settings ......23
Configuring remote alert settings .......24
Configuring remote alert recipients.....24
Configuring global remote alert settings ....25
Configuring SNMP alert settings ......26
Configuring serial port settings ........26
Serial-to-Telnet or SSH redirection .......27
Configuring port assignments ........28
Configuring network interfaces ........28
Configuring network protocols ........31
Configuring SNMP ...........31
Configuring DNS ...........32
Configuring Telnet ...........33
Configuring SMTP ...........33
Configuring LDAP ............33
Setting up a client to use the LDAP server ... 33
Configuring LDAP client authentication ....36
Configuring LDAP search attributes .....36
Service Location Protocol (SLP) .......38
Configuring security ...........38
Secure Web server and secure LDAP .....39
SSL certificate overview .........39
SSL server certificate management ......40
Enabling SSL for the secure Web server ....43
SSL client certificate management ......43
SSL client trusted certificate management . .. 43
Enabling SSL for the LDAP client ......44
Configuring the Secure Shell server ......44
Generating a Secure Shell server key .....45
Enabling the Secure Shell server......45
Using the Secure Shell server.......45
Using the configuration file .........45
Backing up your current configuration ....46
Restoring and modifying your IMM
configuration .............46
Restoring defaults ............47
Restarting IMM .............47
Logging off ..............48
Chapter 4. Monitoring server status . . 49
Viewing system status ...........49
Viewing the Easy LED Diagnostics......52
Viewing the event logs..........52
Viewing the system-event log from the Web
interface..............53
Viewing event logs from the Setup Utility ... 54
Viewing event logs without restarting the server54
Viewing vital product data .........55
Chapter 5. Performing IMM tasks. . . 57
Viewing server power and restart activity ....57
Controlling the power status of a server .....57
Remote presence.............58
Updating your IMM firmware and Java applet59
Enabling the remote presence function ....59
Remote control ............59
Remote control screen capture .......60
Remote control Video Viewer view modes . .. 60
Remote control video color mode ......61
Remote control keyboard support ......61
Remote control mouse support .......62
Remote power control ..........64
Viewing performance statistics .......64
Starting Remote Desktop Protocol ......64
Remote disk .............64
Setting up PXE network boot........66
Updating firmware ............67
Resetting the IMM with the Setup Utility ....67
Managing tools and utilities with IMM and the
server firmware .............68
Using IPMItool ............68
Using Advanced Settings Utility (ASU) ....68
Other methods for managing the IMM ....68
Chapter 6. LAN over USB.......71
Potential conflicts with the LAN over USB interface 71
Configuring the LAN over USB interface manually71
Installing device drivers ..........71
Installing the Windows IPMI device driver ... 71
Installing the LAN over USB Windows device
driver ...............72
Installing the LAN over USB Linux device driver 73
Australia and New Zealand Class A statement105
United Kingdom telecommunications safety
requirement .............105
European Union EMC Directive conformance
statement..............106
Germany Class A compliance statement. .. 106
Japan Voluntary Control Council for Interference
(VCCI) statement ...........107
Taiwan Class A warning statement .....107
People’s Republic of China Class A warning
statement..............108
Korea Class A warning statement......108
Index ...............109
iv
Integrated Management Module: User Guide
Chapter 1. Introduction
The Integrated Management Module (IMM) consolidates the service processor
functionality, Super I/O, video controller, and remote presence capabilities in a
single chip on the server system board. The IMM replaces the baseboard
management controller (BMC) and Remote Supervisor Adapter II in Lenovo
ThinkServer™servers.
Before the IMM was used in Lenovo servers, the baseboard management controller
(BMC) and basic input/output system (BIOS) were the standard
systems-management hardware and firmware. ThinkServer servers used BMC
service processors to manage the interface between systems-management software
and platform hardware. The Remote Supervisor Adapter II and Remote Supervisor
Adapter II Slimline were optional controllers for out-of-band server management.
The IMM offers several improvements over the combined functionality of the BMC
and the Remote Supervisor Adapter II:
v Choice of dedicated or shared Ethernet connection.
v One IP address for both the Intelligent Platform Management Interface (IPMI)
and the service processor interface.
v Embedded Dynamic System Analysis (DSA).
v Ability to locally or remotely update other entities without requiring a server
restart to initiate the update process.
v Remote configuration with Advanced Settings Utility (ASU).
v Capability for applications and tools to access the IMM either in-band or
out-of-band.
v Enhanced remote-presence capabilities.
®
Unified Extensible Firmware Interface (UEFI) replaces BIOS in ThinkServer servers.
The basic input/output system (BIOS) was the standard firmware code that
controlled basic hardware operations, such as interactions with diskette drives,
hard disk drives, and the keyboard. The server firmware offers several features
that BIOS does not, including UEFI 2.1 compliance, iSCSI compatibility, and
enhanced reliability and service capabilities. The Setup Utility provides server
information, server setup, customization compatibility, and establishes the boot
device order.
Notes:
1. The server firmware is occasionally called UEFI in this document.
2. The server firmware is fully compatible with non-UEFI operating systems.
This document explains how to use the functions of the IMM in a Lenovo
Thinkserver server. The IMM works with the server firmware to provide
systems-management capability for ThinkServer servers.
This document does not contain explanations of errors or messages. IMM errors
and messages are described in the Hardware Maintenance Manual that came with
your server.
If firmware and documentation updates are available, you can download them
from the Lenovo Support Web site. The IMM might have features that are not
described in the documentation, and the documentation might be updated
occasionally to include information about those features, or technical updates
might be available to provide additional information that is not included in the
IMM documentation.
Note: Changes are made periodically to the Lenovo Support Web site. Procedures
for locating firmware and documentation might vary slightly from what is
described in this document.
To check for firmware updates, complete the following steps.
1. Go to http://www.lenovo.com/support.
2. Enter your product number (machine type and model number) or select
Servers and Storage from the Select your product list.
3. Select Servers and Storage from the Brand list.
4. From the Family list, select the name of your server, and click Continue.
5. Click Downloads and drivers to download firmware and driver updates.
To check for documentation updates, complete the following steps:
1. Go to http://www.lenovo.com/support.
2. Enter your product number (machine type and model number) or select
Servers and Storage from the Select your product list.
3. Select Servers and Storage from the Brand list.
4. From the Family list, select the name of your server, and click Continue.
5. Click User's guides and manuals for documentation.
IMM features
The IMM provides the following functions:
v Around-the-clock remote access and management of your server
v Remote management independent of the status of the managed server
v Remote control of hardware and operating systems
v Web-based management with standard Web browsers
There are two types of IMM functionality: IMM Standard and IMM Premium. For
information about the type of IMM hardware in your server, see the
documentation that came with the server.
IMM Standard has the following features:
v Access to critical server settings
v Access to server vital product data (VPD)
v Advanced Hardware Failure Prediction
v Automatic notification and alerts
v Continuous health monitoring and control
v Choice of a dedicated or shared Ethernet connection
v Domain Name System (DNS) server support
v Dynamic Host Configuration Protocol (DHCP) support
v E-mail alerts
v Embedded Dynamic System Analysis (DSA)
v Enhanced user authority levels
2Integrated Management Module: User Guide
v LAN over USB for in-band communications to the IMM
v Event logs that are time stamped, saved on the IMM, and can be attached to
e-mail alerts
v Industry-standard interfaces and protocols
v OS watchdogs
v Remote configuration through Advanced Settings Utility (ASU)
v Remote firmware updating
v Remote power control
v Seamless remote accelerated graphics
v Secure Web server user interface
v Serial over LAN
v Server console redirection
v Simple Network Management Protocol (SNMP) support
v User authentication using a secure connection to a Lightweight Directory Access
Protocol (LDAP) server
IMM Premium has the following features:
v Remote presence, including the remote control of a server
v Operating-system failure screen capture and display through the Web interface
v Remote disk, which enables the attachment of a diskette drive, CD/DVD drive,
USB flash drive, or disk image to a server
Note: The following features of the Remote Supervisor Adapter II are not in the
IMM:
v Display of server MAC addresses
v Multiple NTP server entries
v Dynamic DNS support
Upgrading from IMM Standard to IMM Premium
If your server has IMM Standard functionality, you can upgrade to IMM Premium
by purchasing and installing a virtual media key on your server system board. No
new firmware is required.
Comparing the IMM to other systems-management hardware
in ThinkServer servers
The following table compares IMM features with baseboard management controller
(BMC) and Remote Supervisor Adapter II features in ThinkServer servers.
Note: Like the BMC, the IMM uses the standard Intelligent Platform Management
Interface (IPMI) specification.
Chapter 1. Introduction3
Table 1. Comparison of the IMM features and combined BMC and Remote Supervisor Adapter II features in
ThinkServer servers
BMC with Remote Supervisor Adapter II
Description
Network connectionsBMC uses a network connection that is
(TS100, TS100, TS100x, RS110, and RD120)IMM(RD210, RD220, and later)
The IMM provides both BMC and Remote
shared with a server and an IP address that is
different from the Remote Supervisor Adapter
II IP address.
Supervisor Adapter II functionality through
the same network connection. One IP
address is used for both. The user can
choose either a dedicated or a shared
Remote Supervisor Adapter II uses a
connection and an IP address that is different
from the BMC IP address.
Update capabilitiesEach server requires a unique update for
BMC and Remote Supervisor Adapter II.
One IMM firmware image can be used for
all of the applicable servers.
Configuration
capabilities
Operating-system
screen capture
BIOS and diagnostic tools can be updated
in-band.
Configuration changes with the Advanced
Settings Utility (ASU) are available only
in-band. The system requires separate
configurations for BMC, Remote Supervisor
Adapter II, and BIOS.
Screen captures are performed by the Remote
Supervisor Adapter II when operating-system
failures occur. The display of screen captures
requires a Java
™
applet.
The IMM firmware, server firmware, and
Dynamic System Analysis (DSA) firmware
can be updated both in-band and
out-of-band.
The IMM can update itself, the server
firmware, and the DSA firmware either
locally or remotely without requiring the
server to be restarted to initiate the update
process.
The ASU can run either in-band or
out-of-band and can configure both the IMM
and the server firmware. With the ASU, you
can also modify the boot order, iSCSI, and
VPD (machine type, serial number, UUID,
and asset ID).
The server firmware configuration settings
are kept by the IMM. Therefore, you can
make server firmware configuration changes
while the server is turned off or while the
operating system is running, and those
changes are effective the next time the server
is started.
The IMM configuration settings can be
configured in-band or out-of-band through
the following IMM user interfaces:
v Web interface
v Command-line interface
v SNMP
This feature is available only with IMM
Premium.
Screen captures are displayed directly by the
Web browser without the need for a Java
applet.
4Integrated Management Module: User Guide
Table 1. Comparison of the IMM features and combined BMC and Remote Supervisor Adapter II features in
ThinkServer servers (continued)
BMC with Remote Supervisor Adapter II
Description
Error loggingThe BMC provides a BMC system-event log
(TS100, TS100, TS100x, RS110, and RD120)IMM(RD210, RD220, and later)
The IMM has two event logs:
(IPMI event log).
The Remote Supervisor Adapter II provides a
text-based log that includes descriptions of
events that are reported by the BMC. This log
also contains any information or events
detected by the Remote Supervisor Adapter II
itself.
1. The system-event log is available
through the IPMI interface.
2. The chassis-event log is available
through the other IMM interfaces. The
chassis-event log displays text messages
that are generated using the Distributed
Management Task Force specifications
DSP0244 and DSP8007.
Note: For an explanation of a specific event
or message, see the Hardware MaintenanceManual that is available on the Lenovo
Support Web site at http://
www.lenovo.com/support.
MonitoringThe BMC with Remote Supervisor Adapter II
has the following monitoring capabilities:
v Monitoring of server and battery voltage,
server temperature, fans, power supplies,
and processor and DIMM status
v Fan speed control
The IMM provides the same monitoring
capabilities as the BMC and Remote
Supervisor Adapter II. When used in a
RAID configuration, expanded hard disk
drive status, including disk drive Hardware
Failure Prediction, is supported by the IMM.
v Hardware Failure Prediction
v System diagnostic LED control (power,
hard disk drive, activity, alerts, heartbeat)
v Automatic Server Restart (ASR)
v Automatic BIOS Recovery (ABR)
Chapter 1. Introduction5
Table 1. Comparison of the IMM features and combined BMC and Remote Supervisor Adapter II features in
ThinkServer servers (continued)
BMC with Remote Supervisor Adapter II
Description
Remote presenceThe BMC with Remote Supervisor Adapter II
(TS100, TS100, TS100x, RS110, and RD120)IMM(RD210, RD220, and later)
This feature is available only with IMM
has the following remote presence
capabilities:
v Graphical console redirection over LAN
v Remote virtual diskette and CD-ROM
v High-speed remote redirection of PCI
video, keyboard, and mouse
v Video resolution up to 1024 x 768, at 70 Hz,
is supported
v Data encryption
Premium.
In addition to the Remote Supervisor
Adapter II remote presence features, the
IMM also has the following capabilities.
Note: The IMM requires Java Runtime
Environment 1.5 or later.
v Video resolution up to 1280 x 1024, at 75
Hz, is supported
v USB 2.0 support for virtual keyboard,
mouse, and mass storage devices
v 15-bit color depth
v Choice of either absolute or relative
mouse mode
v USB flash drive support
v Server power and reset control on the
Remote Control window
v Video on the Remote Control window can
be saved in a file
SecurityRemote Supervisor Adapter II has advanced
security features, including Secure Sockets
Layer (SSL) and encryption.
Serial redirectionThe IPMI Serial over LAN (SOL) function is a
standard capability of the BMC.
The Remote Supervisor Adapter II provides
the ability to redirect server serial data to a
Telnet or SSH session.
Note: This feature is not available on some
servers.
The IMM provides two separate client
windows. One is for video and keyboard
and mouse interaction, and the other one is
for virtual media.
The IMM Web interface has a menu item
that allows color depth adjustment to reduce
the data transmitted in low-bandwidth
situations. The Remote Supervisor Adapter
II interface has a bandwidth slider.
The IMM has the same security features as
Remote Supervisor Adapter II.
The COM1 port is used for SOL on
ThinkServer servers. COM1 is configurable
only through the IPMI interface.
The COM2 port is used for serial redirection
through Telnet or SSH. COM2 is
configurable through all of the IMM
interfaces except for the IPMI interface.
Both COM port configurations are limited to
8 data bits, null parity, 1 stop bit, and a
baud rate choice of 9600, 19200, 38400,
57600, 115200, or 230400.
On rack-mounted and tower servers, the
IMM COM2 port is an internal COM port
with no external access.
SNMPSNMP support is limited to SNMPv1.The IMM supports SNMPv1 and SNMPv3.
6Integrated Management Module: User Guide
Web browser and operating-system requirements
The IMM Web interface requires the Java Plug-in 1.5 or later (for the remote
presence feature) and one of the following Web browsers:
®
v Microsoft
Internet Explorer®version 6.0 or later with the latest Service Pack
v Mozilla Firefox version 1.5 or later
The following server operating systems have USB support, which is required for
the remote presence feature:
®
v Microsoft Windows
Server®2008
v Microsoft Windows Server 2003
®
v Red Hat Enterprise Linux
versions 4.0 and 5.0
v SUSE Linux version 10.0
Note: The IMM Web interface does not support the double-byte character set
(DBCS) languages.
Notices used in this book
The following notices are used in the documentation:
v Note: These notices provide important tips, guidance, or advice.
v Important: These notices provide information or advice that might help you
avoid inconvenient or problem situations.
v Attention: These notices indicate potential damage to programs, devices, or data.
An attention notice is placed just before the instruction or situation in which
damage might occur.
Chapter 1. Introduction7
8Integrated Management Module: User Guide
Chapter 2. Opening and using the IMM Web interface
The IMM combines service processor functions, a video controller, and remote
presence function (when an optional virtual media key is installed) in a single
chip. To access the IMM remotely by using the IMM Web interface, you must first
log in. This chapter describes the login procedures and the actions that you can
perform from the IMM Web interface.
Accessing the IMM Web interface
The IMM supports both static and Dynamic Host Configuration Protocol (DHCP)
IP addressing. The default static IP address assigned to the IMM is 192.168.70.125.
The IMM is initially configured to attempt to obtain an address from a DHCP
server, and if it cannot, it uses the static IP address.
The IMM provides the choice of using a dedicated systems-management network
connection or one that is shared with the server. The default connection for
rack-mounted and tower servers is to use the dedicated systems-management
network connector.
Setting up the IMM network connection through the Server
Firmware Setup Utility
After you start the server, you can use the Setup Utility to select an IMM network
connection. The server with the IMM hardware must be connected to a Dynamic
Host Configuration Protocol (DHCP) server, or the server network must be
configured to use the IMM static IP address.
To set up the IMM network connection through the Setup Utility, complete the
following steps:
1. Turn on the server.
Note: Approximately 2 minutes after the server is connected to ac power, the
power-control button becomes active.
The welcome screen is displayed.
2. When the prompt <F1> Setup is displayed, press F1. If you have set both a
power-on password and an administrator password, you must type the
administrator password to access the full Setup Utility menu.
3. From the Setup Utility main menu, select System Settings.
4. On the next screen, select Integrated Management Module.
5. On the next screen, select Network Configuration.
6. Highlight DHCP Control. There are three IMM network connection choices in
the DHCP Control field:
v Static IP
v DHCP Enabled
v DHCP with Failover (default)
a. If you choose to use a static IP address, you must specify the IP address, the
subnet mask, and the default gateway.
b. You can also use the Setup Utility to select a dedicated or shared IMM
network connection. On the Network Configuration screen, select
Dedicated or Shared in the Network Interface Port field.
c. To find the locations of the Ethernet connectors on your server that are used
by the IMM, see the documentation that came with your server.
8. Select Save Network Settings.
9. Exit from the Setup Utility.
Notes:
1. You must wait approximately 1 minute for changes to take effect before the
server firmware is functional again.
2. You can also configure the IMM network connection through the IMM Web
interface. For more information, see “Configuring network interfaces” on page
28.
Logging in to the IMM
Important: The IMM is set initially with a user name of USERID and password of
PASSW0RD (with a zero, not the letter O). This default user setting has
Supervisor access. Change this default password during your initial
configuration for enhanced security.
To access the IMM through the IMM Web interface, complete the following steps:
1. Open a Web browser. In the address or URL field, type the IP address or host
name of the IMM server to which you want to connect.
2. Type your user name and password in the IMM Login window. If you are
using the IMM for the first time, you can obtain your user name and password
from your system administrator. All login attempts are documented in the
event log. Depending on how your system administrator configured the user
ID, you might need to enter a new password.
3. On the Welcome Web page, select a timeout value from the drop-down list in
the field that is provided. If your browser is inactive for that number of
minutes, the IMM logs you off the Web interface.
Note: Depending on how your system administrator configured the global
login settings, the timeout value might be a fixed value.
4. Click Continue to start the session.
The browser opens the System Status page, which gives you a quick view of
the server status and the server health summary.
For descriptions of the actions that you can perform from the links in the left
navigation pane of the IMM Web interface, see “IMM action descriptions” on
page 11. Then, go to Chapter 3, “Configuring the IMM,” on page 15.
10Integrated Management Module: User Guide
IMM action descriptions
Table 2 lists the actions that are available when you are logged in to the IMM.
Table 2. IMM actions
LinkActionDescription
System StatusView system health for a server,
view the operating-system-failure
screen capture, and view the
users who are logged in to the
IMM
Easy LED
Diagnostics
Event LogView event logs for remote
Vital Product DataView the server vital product data
Power/RestartRemotely turn on or restart a
Remote ControlRedirect the server video console
PXE Network BootChange the host server startup
Firmware UpdateUpdate firmware on the IMMUse the options on the Firmware Update page to update
View the name, color, and status
of every LED on the server light
path
servers
(VPD)
server
and use your computer disk drive
or disk image as a drive on the
server
(boot) sequence for the next
restart to attempt a Preboot
Execution Environment (PXE) /
Dynamic Host Configuration
Protocol (DHCP) network startup
You can monitor the server power and health state, and
the temperature, voltage, and fan status of your server on
the System Health page. You can also view the image of
the last operating-system-failure screen capture and the
users who are logged in to the IMM.
The Easy LED Diagnostics page displays the current
status of the LEDs on the server.
The Event Log page contains entries that are currently
stored in the chassis-event log. The log includes a text
description of events that are reported by the BMC, plus
information about all remote access attempts and
configuration changes. All events in the log are time
stamped, using the IMM date and time settings. Some
events also generate alerts, if they are configured to do so
on the Alerts page. You can sort and filter events in the
event log.
The IMM collects server information, server firmware
information, and server component VPD. This data is
available from the Vital Product Data page.
The IMM provides full remote power control over your
server with power-on, power-off, and restart actions. In
addition, power-on and restart statistics are captured and
displayed to show server hardware availability.
From the Remote Control page, you can start the Remote
Control feature. With Remote Control, you can view the
server console from your computer, and you can mount
one of your computer disk drives, such as the CD-ROM
drive or the diskette drive, on the server. You can use
your mouse and keyboard to interact with and control the
server. When you have mounted a disk, you can use it to
restart the server and to update firmware on the server.
The mounted disk appears as a USB disk drive that is
attached to the server.
If your server firmware and PXE boot agent utility are
correctly defined, from the PXE Network Boot page you
can change the host server startup (boot) sequence for the
next restart to attempt a PXE / DHCP network startup.
The host startup sequence will be altered only if the host
is not under Privileged Access Protection (PAP). After the
next restart occurs, the check box on the PXE Network
Boot page will be cleared.
the IMM firmware, server firmware, and DSA firmware.
Chapter 2. Opening and using the IMM Web interface11
Table 2. IMM actions (continued)
LinkActionDescription
System SettingsView and change the IMM server
settings
Set the IMM clockYou can set the IMM clock that is used for time stamping
Configure alert settingsYou can establish global settings that apply to all remote
Serial PortConfigure the IMM serial port
settings
Port assignmentsChange the port numbers of the
IMM protocols
Network InterfacesConfigure the network interfaces
of the IMM
Network ProtocolsConfigure the network protocols
of the IMM
SecurityConfigure the Secure Sockets
Layer (SSL)
Enable Secure Shell (SSH) accessYou can enable SSH access to the IMM.
Configuration FileBack up and restore the IMM
configuration
You can configure the server location and general
information, such as the name of the IMM, server timeout
settings, and contact information for the IMM, from the
System Settings page.
the entries in the event log.
You can enable or disable the USB in-band (or LAN over
USB) interface.
You can define up to 12 login profiles that enable access
to the IMM. You can also define global login settings that
apply to all login profiles, including enabling Lightweight
Directory Access Protocol (LDAP) server authentication
and customizing the account security level.
You can configure the IMM to generate and forward alerts
for different events. On the Alerts page, you can configure
the alerts that are monitored and the recipients that are
notified.
You can set the event categories for which SNMP traps
are sent.
alert recipients, such as the number of alert retries and the
delay between the retries.
From the Serial Port page, you can configure the serial
port baud rate that is used by the serial redirection
function. You can also configure the key sequence that is
used to switch between the serial redirection and
command-line interface (CLI) modes.
From the Port Assignments page, you can view and
change the port numbers assigned to the IMM protocols
(for example, HTTP, HTTPS, Telnet, and SNMP).
From the Network Interfaces page, you can configure
network-access settings for the Ethernet connection on the
IMM.
You can configure Simple Network Management Protocol
(SNMP), Domain Name System (DNS), and Simple Mail
Transfer Protocol (SMTP) settings that are used by the
IMM from the Network Protocols page. You can also
configure LDAP parameters.
You can enable or disable SSL and manage the SSL
certificates that are used. You can also enable or disable
whether an SSL connection is used to connect to an LDAP
server.
You can back up, modify, and restore the configuration of
the IMM, and view a configuration summary, from the
Configuration File page.
12Integrated Management Module: User Guide
Table 2. IMM actions (continued)
LinkActionDescription
Restore Default
Settings
Restart IMMRestart the IMMYou can restart the IMM.
Log offLog off the IMMYou can log off your connection to the IMM.
Restore the IMM default settingsAttention: When you click Restore Defaults, all of the
modifications that you made to the IMM are lost.
You can reset the configuration of the IMM to the factory
defaults.
You can click the View Configuration Summary link, which is in the top-right
corner on most pages, to quickly view the configuration of the IMM.
Chapter 2. Opening and using the IMM Web interface13
14Integrated Management Module: User Guide
Chapter 3. Configuring the IMM
Use the links under IMM Control in the navigation pane to configure the IMM.
v From the System Settings page, you can:
– Set server information
– Set server timeouts
– Set IMM date and time
– Enable or disable commands on the USB interface
v From the Login Profiles page, you can:
– Set login profiles to control access to the IMM
– Configure global login settings, such as the lockout period after unsuccessful
login attempts
– Configure the account security level
v From the Alerts page, you can:
– Configure remote alert recipients
– Set the number of remote alert attempts
– Select the delay between alerts
– Select which alerts are sent and how they are forwarded
v From the Serial Port page, you can:
– Configure the baud rate of serial port 2 (COM2) for serial redirection
– Specify the keystroke sequence that is used to switch between the serial
redirection and the command-line interface (CLI)
v From the Port Assignments page, you can change the port numbers of IMM
services.
v From the Network Interfaces page, you can set up the Ethernet connection for
the IMM.
v From the Network Protocols page, you can configure:
– SNMP setup
– DNS setup
– Telnet protocol
– SMTP setup
– LDAP setup
– Service location protocol
v From the Security page, you can install and configure the Secure Sockets Layer
(SSL) settings.
v From the Configuration File page, you can back up, modify, and restore the
configuration of the IMM.
v From the Restore Defaults page, you can reset the IMM configuration to the
factory defaults.
v From the Restart IMM page, you can restart the IMM.
Setting system information
To set the IMM system information, complete the following steps:
1. Log in to the IMM where you want to set the system information. For more
information, see Chapter 2, “Opening and using the IMM Web interface,” on
page 9.
2. In the navigation pane, click System Settings.
Note: The available fields in the System Settings page are determined by the
accessed remote server.
3. In the Name field in the IMM Information area, type the name of the IMM.
Use the Name field to specify a name for the IMM in this server. The name is
included with e-mail and SNMP alert notifications to identify the source of the
alert.
Note: Your IMM name (in the Name field) and the IP host name of the IMM
(in the Hostname field on the Network Interfaces page) do not
automatically share the same name because the Name field is limited to
16 characters. The Hostname field can contain up to 63 characters. To
minimize confusion, set the Name field to the nonqualified portion of
the IP host name. The nonqualified IP host name consists of up to the
first period of a fully qualified IP host name. For example, for the fully
qualified IP host name imm1.us.company.com, the nonqualified IP host
name is imm1. For information about your host name, see “Configuring
network interfaces” on page 28.
4. In the Contact field, type the contact information. For example, you can specify
the name and phone number of the person to contact if there is a problem with
this server. You can type a maximum of 47 characters in this field.
5. In the Location field, type the location of the server. Include in this field
sufficient detail to quickly locate the server for maintenance or other purposes.
You can type a maximum of 47 characters in this field.
6. Scroll to the bottom of the page and click Save.
Setting server timeouts
Note: Server timeouts require that the in-band USB interface (or LAN over USB)
be enabled to allow commands. For more information about the enabling
and disabling commands for the USB interface, see “Disabling the USB
in-band interface” on page 19. For information regarding the installation of
the required device drivers, see “Installing device drivers” on page 71.
To set the server timeout values, complete the following steps:
1. Log in to the IMM where you want to set the server timeouts. For more
information, see Chapter 2, “Opening and using the IMM Web interface,” on
page 9.
2. In the navigation pane, click System Settings and scroll down to the Server
Timeouts area.
You can set the IMM to respond automatically to the following events:
v Halted operating system
v Failure to load operating system
3. Enable the server timeouts that correspond to the events that you want the
IMM to respond to automatically.
OS watchdog
Use the OS watchdog field to specify the number of minutes between
checks of the operating system by the IMM. If the operating system
16Integrated Management Module: User Guide
fails to respond to one of these checks, the IMM generates an OS
timeout alert and restarts the server. After the server is restarted, the
OS watchdog is disabled until the operating system is shut down and
the server is power cycled.
To set the OS watchdog value, select a time interval from the menu. To
turn off this watchdog, select 0.0 from the menu. To capture
operating-system-failure screens, you must enable the watchdog in the
OS watchdog field.
Loader watchdog
Use the Loader watchdog field to specify the number of minutes that
the IMM waits between the completion of POST and the starting of the
operating system. If this interval is exceeded, the IMM generates a
loader timeout alert and automatically restarts the server. After the
server is restarted, the loader timeout is automatically disabled until
the operating system is shut down and the server is power cycled (or
until the operating system starts and the software is successfully
loaded).
To set the loader timeout value, select the time limit that the IMM waits
for the operating-system startup to be completed. To turn off this
watchdog, select 0.0 from the menu.
4. Scroll to the bottom of the page and click Save.
Setting the IMM date and time
The IMM uses its own real-time clock to time stamp all events that are logged in
the event log.
Note: The IMM date and time setting affects only the IMM clock, not the server
clock. The IMM real-time clock and the server clock are separate,
independent clocks and can be set to different times. To synchronize the
IMM clock with the server clock, go to the Network Time Protocol area of
the page and set the NTP server host name or IP address to the same server
host name or IP address that is used to set the server clock. See
“Synchronizing clocks in a network” on page 18 for more information.
Alerts that are sent by e-mail and SNMP use the real-time clock setting to time
stamp the alerts. The clock settings support Greenwich mean time (GMT) offsets
and daylight saving time (DST) for added ease-of-use for administrators who are
managing systems remotely over different time zones. You can remotely access the
event log even if the server is turned off or disabled.
To verify the date and time settings of the IMM, complete the following steps:
1. Log in to the IMM where you want to set the IMM date and time values. For
more information, see Chapter 2, “Opening and using the IMM Web interface,”
on page 9.
2. In the navigation pane, click System Settings and scroll down to the IMM
Date and Time area, which shows the date and time when the Web page was
generated.
3. To override the date and time settings and to enable daylight saving time (DST)
and Greenwich mean time (GMT) offsets, click Set IMM Date and Time.
4. In the Date field, type the numbers of the current month, day, and year.
5. In the Time field, type the numbers that correspond to the current hour,
minutes, and seconds in the applicable entry fields. The hour (hh) must be a
Chapter 3. Configuring the IMM17
number from 00 - 23 as represented on a 24-hour clock. The minutes (mm) and
seconds (ss) must be numbers from 00 - 59.
6. In the GMT offset field, select the number that specifies the offset, in hours,
from Greenwich mean time (GMT), corresponding to the time zone where the
server is located.
7. Select or clear the Automatically adjust for daylight saving changes check box
to specify whether the IMM clock automatically adjusts when the local time
changes between standard time and daylight saving time.
8. Click Save.
Synchronizing clocks in a network
The Network Time Protocol (NTP) provides a way to synchronize clocks
throughout a computer network, enabling any NTP client to obtain the correct time
from an NTP server.
The IMM NTP feature provides a way to synchronize the IMM real-time clock with
the time that is provided by an NTP server. You can specify the NTP server that is
to be used, specify the frequency with which the IMM is synchronized, enable or
disable the NTP feature, and request immediate time synchronization.
The NTP feature does not provide the extended security and authentication that
are provided through encryption algorithms in NTP Version 3 and NTP Version 4.
The IMM NTP feature supports only the Simple Network Time Protocol (SNTP)
without authentication.
To set up the IMM NTP feature settings, complete the following steps:
1. Log in to the IMM on which you want to synchronize the clocks in the
network. For more information, see Chapter 2, “Opening and using the IMM
Web interface,” on page 9.
2. In the navigation pane, click System Settings and scroll down to the IMM
Date and Time area.
3. Click Set IMM Date and Time.
4. Under Network Time Protocol (NTP), you can select from the following
settings:
NTP auto-synchronization service
Use this selection to enable or disable automatic synchronization of the
IMM clock with an NTP server.
NTP server host name or IP address
Use this field to specify the name of the NTP server to be used for
clock synchronization.
NTP update frequency
Use this field to specify the approximate interval (in minutes) between
synchronization requests. Enter a value between 3 - 1440 minutes.
Synchronize Clock Now
Click this button to request an immediate synchronization instead of
waiting for the interval time to lapse.
5. Click Save.
18Integrated Management Module: User Guide
Disabling the USB in-band interface
Important: If you disable the USB in-band interface, you cannot perform an
in-band update of the IMM firmware, server firmware, and DSA
firmware by using the Linux or Windows flash utilities. If the USB
in-band interface is disabled, use the Firmware Update option on the
IMM Web interface to update the firmware. For more information, see
“Updating firmware” on page 67.
If you disable the USB in-band interface, also disable the watchdog
timeouts to prevent the server from restarting unexpectedly. For more
information, see “Setting server timeouts” on page 16.
The USB in-band interface, or LAN over USB, is used for in-band communications
to the IMM. To prevent any application that is running on the server from
requesting the IMM to perform tasks, you must disable the USB in-band interface.
For more information about LAN over USB, see Chapter 6, “LAN over USB,” on
page 71.
To disable the USB in-band interface, complete the following steps:
1. Log in to the IMM on which you want to disable the USB device driver
interface. For more information, see Chapter 2, “Opening and using the IMM
Web interface,” on page 9.
2. In the navigation pane, click System Settings and scroll down to the
Miscellaneous area.
3. Select the Do not allow commands on USB interface check box to disable the
USB in-band interface. Selecting this option does not affect the USB remote
presence functions (for example, keyboard, mouse, and mass storage). When
you disable the USB in-band interface, the in-band systems-management
applications such as the Advanced Settings Utility (ASU) and firmware update
package utilities might not work.
Note: The ASU works with a disabled USB in-band interface if an IPMI device
driver is installed.
If you try to use systems-management applications while the in-band interface
is disabled, they might not work.
4. Click Save.
To enable the USB device driver interface after it has been disabled, clear the Do
not allow commands on USB interface check box and click Save.
Notes:
1. The USB in-band interface is also called "LAN over USB" and is described in
more detail in Chapter 6, “LAN over USB,” on page 71.
2. When you attempt a network installation of some Linux distributions, the
installation might fail if the IMM USB in-band interface is enabled. For more
information, see http://rhn.redhat.com/errata/RHBA-2009-0127.html.
3. If you are performing a network installation that does not contain the update
on the Red Hat Web site described in the preceding note 2, you must disable
the USB in-band interface before you perform the installation and enable it
after the installation is complete.
4. For information about the configuration of the LAN over USB interface, see
“Configuring the LAN over USB interface manually” on page 71.
Chapter 3. Configuring the IMM19
Creating a login profile
Use the Login Profiles table to view, configure, or change individual login profiles.
Use the links in the Login ID column to configure individual login profiles. You
can define up to 12 unique profiles. Each link in the Login ID column is labeled
with the configured login ID of the associated profile.
Certain login profiles are shared with the IPMI user IDs, providing a single set of
local user accounts (username/password) that work with all of the IMM user
interfaces, including IPMI. Rules that pertain to these shared login profiles are
described in the following list:
v IPMI user ID 1 is always the null user.
v IPMI user ID 2 maps to login ID 1, IPMI user ID 3 maps to login ID 2, and so
on.
v The IMM default user is set to USERID and PASSW0RD (with a zero, not the letter
O) for IPMI user ID 2 and login ID 1.
For example, if a user is added through IPMI commands, that user information is
also available for authentication through the Web, Telnet, SSH, and other interfaces.
Conversely, if a user is added on the Web or other interfaces, that user information
is available for starting an IPMI session.
Because the user accounts are shared with IPMI, certain restrictions are imposed to
provide a common ground between the interfaces that use these accounts. The
following list describes IMM and IPMI login profile restrictions:
v IPMI allows a maximum of 64 user IDs. The IMM IPMI implementation allows
only 12 user accounts.
v IPMI allows anonymous logins (null user name and null password), but the
IMM does not.
v IPMI allows multiple user IDs with the same user names, but the IMM does not.
v IPMI requests to change the user name from the current name to the same
current name return an invalid parameter completion code because the
requested user name is already in use.
v The maximum IPMI password length for the IMM is 16 bytes.
v The following words are restricted and are not available for use as local IMM
To configure a login profile, complete the following steps:
1. Log in to the IMM where you want to create a login profile. For more
information, see Chapter 2, “Opening and using the IMM Web interface,” on
page 9.
2. In the navigation pane, click Login Profiles.
20Integrated Management Module: User Guide
Note: If you have not configured a profile, it does not appear in the Login
Profiles table.
The Login Profiles page displays each login ID, the login access level, and the
password expiration information.
Important: By default, the IMM is configured with one login profile that
enables remote access using a login user ID of USERID and a
password of PASSW0RD (the 0 is a zero, not the letter O). To avoid a
potential security exposure, change this default login profile during
the initial setup of the IMM.
3. Click Add User. An individual profile is displayed.
4. In the Login ID field, type the name of the profile.
You can type a maximum of 16 characters in the Login ID field. Valid
characters are uppercase and lowercase letters, numbers, periods, and
underscores.
Note: This login ID is used to grant remote access to the IMM.
5. In the Password field, assign a password to the login ID.
A password must contain a minimum of five characters, one of which must be
a nonalphabetic character. Null or empty passwords are accepted.
Note: This password is used with the login ID to grant remote access to the
IMM.
6. In the Confirm password field, type the password again.
7. In the Authority Level area, select one of the following options to set the access
rights for this login ID:
Supervisor
The user has no restrictions.
Read Only
The user has read-only access only and cannot perform actions such as
file transfers, power and restart actions, or remote presence functions.
Custom
If you select the Custom option, you must select one or more of the
following custom authority levels:
v User Account Management: A user can add, modify, or delete users
v Remote Console Access: A user can access the remote console.
v Remote Console and Virtual Media Access: A user can access both
v Remote Server Power/Restart Access: A user can access the
v Ability to Clear Event Logs: A user can clear the event logs.
v Adapter Configuration - Basic: A user can modify configuration
v Adapter Configuration - Networking & Security: A user can modify
and change the global login settings in the Login Profiles page.
the remote console and the virtual media feature.
power-on and restart functions for the remote server. These functions
are available in the Power/Restart page.
Everyone can look at the event logs, but this particular permission is
required to clear the logs.
parameters in the System Settings and Alerts pages.
configuration parameters in the Security, Network Protocols,
Network Interface, Port Assignments, and Serial Port pages.
Chapter 3. Configuring the IMM21
v Adapter Configuration - Advanced: A user has no restrictions when
configuring the IMM. In addition, the user is said to have
administrative access to the IMM, meaning that the user can also
perform the following advanced functions: firmware updates, PXE
network boot, restore IMM factory defaults, modify and restore IMM
configuration from a configuration file, and restart and reset the
IMM.
When a user sets the authority level of an IMM login ID, the resulting
IPMI privilege level of the corresponding IPMI User ID is set according
to these priorities:
v If the user sets the IMM login ID authority level to Supervisor, the
IPMI privilege level is set to Administrator.
v If the user sets the IMM login ID authority level to Read Only, the
IPMI privilege level is set to User.
v If the user sets the IMM login ID authority level to have any of the
following types of access, the IPMI privilege level is set to
Administrator:
– User Account Management Access
– Remote Console Access
– Remote Console and Remote Disk Access
– Adapter Configuration - Networking & Security
– Adapter Configuration - Advanced
v If the user sets the IMM login ID authority level to have Remote
Server Power/Restart Access or Ability to Clear Event Logs, the IPMI
privilege level is set to Operator.
v If the user sets the IMM login ID authority level to have Adapter
Configuration (Basic), the IPMI privilege level is set to User.
Note: To return the login profiles to the factory defaults, click Clear
Login Profiles.
8. In the Configure SNMPv3 User area, select the check box if the user should
have access to the IMM by using the SNMPv3 protocol. After you click the
check box, the configuration settings for SNMPv3 appear. Use following fields
to configure the SNMPv3 settings for the user profile:
Authentication Protocol
Use this field to specify either HMAC-MD5 or HMAC-SHA as the
authentication protocol. These are hash algorithms used by the
SNMPv3 security model for the authentication. The password for the
Linux account will be used for authentication. If you choose None,
authentication protocol is not used.
Privacy Protocol
Data transfer between the SNMP client and the agent can be protected
using encryption. The supported methods are DES and AES. Privacy
protocol is valid only if the authentication protocol is set to either
HMAC-MD5 or HMAC-SHA.
Privacy Password
Use this field to specify the encryption password.
Confirm Privacy Password
Use this field to confirm the encryption password.
22Integrated Management Module: User Guide
Access Type
Hostname/IP address for traps
9. Click Save to save your login ID settings.
Deleting a login profile
To delete a login profile, complete the following steps:
1. Log in to the IMM for which you want to create a login profile. For more
information, see Chapter 2, “Opening and using the IMM Web interface,” on
page 9.
2. In the navigation pane, click Login Profiles. The Login Profiles page displays
each login ID, the login access level, and the password expiration information.
3. Click the login profile that you want to delete. The Login Profile page for that
user is displayed
4. Click Clear Login Profile.
Use this field to specify either Get or Set as the access type. SNMPv3
users with the access type Get can perform only query operations. With
the access type Set, SNMPv3 users can both perform query operations
and modify settings (for example, setting the password for an user).
Use this field to specify the trap destination for the user. This can be an
IP address or hostname. Using traps, the SNMP agent notifies the
management station about events (for example, when a processor
temperature exceeds the limit).
Configuring the global login settings
Complete the following steps to set conditions that apply to all login profiles for
the IMM:
1. Log in to the IMM for which you want to set the global login settings. For
more information, see Chapter 2, “Opening and using the IMM Web interface,”
on page 9.
2. In the navigation pane, click Login Profiles.
3. Scroll down to the Global Login Settings area.
4. In the User authentication method field, specify how users who are attempting
to log in are authenticated. Select one of the following authentication methods:
v Local only: Users are authenticated by a search of a table that is local to the
IMM. If there is no match on the user ID and password, access is denied.
Users who are successfully authenticated are assigned the authority level that
is configured in “Creating a login profile” on page 20.
v LDAP only: The IMM attempts to authenticate the user by using the LDAP
server. Local user tables on the IMM are never searched with this
authentication method.
v Local first, then LDAP: Local authentication is attempted first. If local
authentication fails, LDAP authentication is attempted.
v LDAP first, then Local: LDAP authentication is attempted first. If LDAP
authentication fails, local authentication is attempted.
Notes:
a. Only locally administered accounts are shared with the IPMI interface
because IPMI does not support LDAP authentication.
b. Even if the User authentication method field is set to LDAP only, users can
log in to the IPMI interface by using the locally administered accounts.
Chapter 3. Configuring the IMM23
5. In the Lockout period after 5 login failures field, specify how long, in minutes,
the IMM prohibits remote login attempts if more than five sequential failures to
log in remotely are detected. The lockout of one user does not prevent other
users from logging in.
6. In the Web inactivity session timeout field, specify how long, in minutes, the
IMM waits before it disconnects an inactive Web session. Select No timeout to
disable this feature. Select User picks timeout if the user will select the timeout
period during the login process.
7. (Optional) In the Account security level area, select a password security level.
The Legacy security settings and High security settings set the default values
as indicated in the requirement list.
8. To customize the security setting, select Custom security settings to view and
change the account security management configuration.
User login password required
Use this field to indicate whether a login ID with no password is
allowed.
Number of previous passwords that cannot be used
Use this field to indicate the number of previous passwords that cannot
be reused. Up to five previous passwords can be compared. Select 0 to
allow the reuse of all previous passwords.
Maximum Password Age
Use this field to indicate the maximum password age that is allowed
before the password must be changed. Values of 0 - 365 days are
supported. Select 0 to disable the password expiration checking.
9. Click Save.
Configuring remote alert settings
You can configure remote alert recipients, the number of alert attempts, incidents
that trigger remote alerts, and local alerts from the Alerts link on the navigation
pane.
After you configure a remote alert recipient, the IMM sends an alert to that
recipient through a network connection when any event selected from the
Monitored Alerts group occurs. The alert contains information about the nature of
the event, the time and date of the event, and the name of the system that
generated the alert.
Note: If the SNMP Agent or SNMP Traps fields are not set to Enabled, no SNMP
traps are sent. For information about these fields, see “Configuring SNMP”
on page 31.
Configuring remote alert recipients
You can define up to 12 unique remote alert recipients. Each link for an alert
recipient is labeled with the recipient name and alert status.
Note: If you have not configured an alert recipient profile, the profile does not
appear in the remote alert recipients list.
To configure a remote alert recipient, complete the following steps:
1. Log in to the IMM for which you want to configure remote alert settings. For
more information, see Chapter 2, “Opening and using the IMM Web interface,”
on page 9.
24Integrated Management Module: User Guide
Loading...
+ 90 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.