Server Management with Lenovo ThinkServer System Manager



Similar documents
Gigabyte Management Console User s Guide (For ASPEED AST 2400 Chipset)

Gigabyte Content Management System Console User s Guide. Version: 0.1

Dell idrac7 with Lifecycle Controller

System Area Manager. Remote Management

Configuring and Using AMT on TS140 and TS440

Feature Comparison: idrac 7 & 8 and idrac8 License Chart

IPMI Coniguration Guide

Server Management on Intel Server Boards and Intel Server Platforms. Revision 1.1 September 2009

unisys Enterprise Server ES7000 Model 7600R G2 Integrated Management Module User s Guide imagine it. done. June

TCP/IP ports on the CMM, IMM, IMM2, RSA II, BMC, and AMM management processors 1

This chapter explains a preparation for the use of RemoteControlService.

QuickSpecs. Overview. Compaq Remote Insight Lights-Out Edition

Dell Remote Access Controller 5 Firmware Version 1.60 User s Guide

Server Management on Intel Server Boards and Intel Server Platforms. Revision 1.0 March 2009

Integrated Dell Remote Access Controller 7 (idrac7) Version User's Guide

Client Management Suite User Guide

AST2150 IPMI Configuration Guide

Integrated Dell Remote Access Controller 8 (idrac8) Version User's Guide

Intel Entry Storage System SS4000-E

CounterACT 7.0 Single CounterACT Appliance

Integrated Dell Remote Access Controller 6 (idrac6) Version 1.0. User Guide. support.dell.com

Installing Microsoft Windows Server 2008R2 with EasyStartup

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide

A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions

User Guide - English. FUJITSU SoftwareServerView Suite. Remote Management. irmc S2/S3 - integrated Remote Management Controller

HP ProLiant Lights-Out 100c Remote Management Cards Overview

MEGARAC XMS Sx EXTENDIBLE MANAGEMENT SUITE SERVER MANAGER EDITION

IPMI Configuration User Guide

DRAC 5 Dell Remote Access Card 5 Security

IPMI overview. Power. I/O expansion. Peripheral UPS logging RAID. power control. recovery. inventory. Hugo CERN-FIO-DS

McAfee Firewall Enterprise

and Remote Supervisor Adapter II

QuickSpecs. Models. HP ProLiant Lights-Out 100c Remote Management Cards Overview

User Guide - English. FUJITSU Software ServerView Suite. Remote Management. irmc S4 - integrated Remote Management Controller

Command Line Interface User Guide for Intel Server Management Software

DS SERIES SOLUTIONS ALL AT ONCE

Exploring the Remote Access Configuration Utility

Intel Server Boards and Server Platforms Server Management Guide

MONITORING EVENTS WITH INTEL AMT AND MICROSOFT SCOM 2012

PN5212/PN5320/PN7212/PN7320

Data Sheet FUJITSU Software ServerView Suite integrated Remote Management Controller - irmc S4

Using Integrated Lights-Out in a VMware ESX environment

Cisco S380 and Cisco S680 Web Security Appliance

Remote Supervisor Adapter II. User s Guide

Installing the Operating System or Hypervisor

Lenovo Partner Pack for System Center Operations Manager

Enhancements to idrac7 Alert Notification

Foglight Experience Monitor and Foglight Experience Viewer

Integrated Dell Remote Access Controller 6 (idrac6) Version User s Guide

Better Integration of Systems Management Hardware with Linux

LANDesk White Paper. LANDesk Management Suite for Lenovo Secure Managed Client

Starting a Management Session

vcloud Director User's Guide

User Manual. Page 2 of 38

TruManage Technology Remote Management and Control of Servers

Integrating idrac 7 with Microsoft Active Directory

A Guide to New Features in Propalms OneGate 4.0

Network Management Card. User Manual

F-Secure Messaging Security Gateway. Deployment Guide

Dominion PX. General Questions. What is Dominion PX (PX)?

Integrated Dell Remote Access Controller 6 (idrac6) Version 1.7. User s Guide

Dell OpenManage Mobile Version 1.4 User s Guide (Android)

Securely manage data center and network equipment from anywhere in the world.

Roamer KVM User Manual

EMC Data Domain Management Center

Out-of-Band Management: the Integrated Approach to Remote IT Infrastructure Management

Installing Management Applications on VNX for File

Integrating idrac7 With Microsoft Active Directory

Out-of-Band Management Reference

APC Enterprise KVM Switches

QUICK START GUIDE. Cisco S170 Web Security Appliance. Web Security Appliance

QUICK START GUIDE Cisco M380 and Cisco M680 Content Security Management Appliance

Understanding DRAC/MC Alerts

Reboot the ExtraHop System and Test Hardware with the Rescue USB Flash Drive

HOMEROOM SERVER INSTALLATION & NETWORK CONFIGURATION GUIDE

Setting Up a Unisphere Management Station for the VNX Series P/N Revision A01 January 5, 2010

QUICK START GUIDE. Cisco C170 Security Appliance

READYNAS INSTANT STORAGE. Quick Installation Guide

WhatsUpGold. v3.0. WhatsConnected User Guide

idrac7 Version With Lifecycle Controller 2 Version 1.1 Quick Start Guide

ThinkServer RD230 and RD240 Remote Management User Guide

ReadyNAS Setup Manual

User Guide. Cloud Gateway Software Device

LifeSize Control Installation Guide

NMS300 Network Management System

Barracuda Link Balancer Administrator s Guide

TimeIPS Server. IPS256T Virtual Machine. Installation Guide

Using the IPMI interface

Testing and Restoring the Nasuni Filer in a Disaster Recovery Scenario

IPMI View User s Guide

LifeSize Video Communications Systems Administrator Guide

Testing and Restoring the Nasuni Filer in a Disaster Recovery Scenario

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

8/16-Port IP KVM Switch IKVM-8010 / IKVM Quick Installation Guide

Copyright 2012 Trend Micro Incorporated. All rights reserved.

nappliance misa Server 2006 Standard Edition Users Guide For use with misa Appliances 2006 nappliance Networks, Inc.

Clustered Data ONTAP 8.3

Backup & Disaster Recovery Appliance User Guide

SolarWinds Log & Event Manager

Deploying Virtual Cyberoam Appliance in the Amazon Cloud Version 10

Transcription:

Server Management with Lenovo ThinkServer System Manager For next-generation Lenovo ThinkServer systems Lenovo Enterprise Product Group Version 1.0 September 2014 2014 Lenovo. All rights reserved.

LENOVO PROVIDES THIS PUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON- INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. This information could include technical inaccuracies or typographical errors. Changes may be made to the information herein; these changes will be incorporated in new editions of the publication. Lenovo may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. The following terms are trademarks of Lenovo in the United States, other countries, or both: Lenovo, and ThinkServer. Microsoft and the Windows Logo are trademarks of Microsoft Corporation in the United States and/or other countries. 2

Contents Introduction... 4 ThinkServer System Manager Features... 4 Configuring the Management Network... 6 Configuring ThinkServer System Manager Management Settings... 7 Management Interfaces... 8 The ThinkServer System Manager Web Interface... 9 Remote Virtual Console and Virtual Media... 11 PowerShell Command Line Interface... 12 IPMI... 13 DCMI... 13 SMASH... 14 Monitoring Server Health and Status... 15 Security Features... 15 Conclusions... 17 References... 17 List of Figures Figure 1 Management Interfaces Logical Diagram... 9 Figure 2 ThinkServer System Manager Web Interface Home Page... 10 Figure 3 ThinkServer System Manager Web Interface Controls... 11 Figure 4 Virtual Console Viewer Showing an OS Installation... 12 List of Tables Table 1 Configurable Items... 7 Table 2 Network Services... 8 Table 3 Privilege Levels... 16 3

Introduction ThinkServer System Manager is Lenovo s integrated systems management technology, which has been completely redesigned for next-generation ThinkServer systems. ThinkServer System Manager operates independently of the server providing hardware-based, out-of-band remote access and management to ThinkServer systems regardless of the server s power state or the condition of the operating system. ThinkServer System Manager is a fully featured management solution built on open industry standards that can help reduce related IT expenses by increasing a server administrator s productivity. ThinkServer System Manager provides important health and status information to systems administrators, and using ThinkServer System Manager, an administrator can remotely perform most functions that would otherwise require a visit to the server. ThinkServer System Manager can be used as part of any server systems management infrastructure, and is well suited for customers deploying servers in remote branches, limitedaccess data centers, and where one on one remote-control capability is required. Lenovo s design advancements address key system management concerns. In particular, ThinkServer System Manager is a low-cost solution that supports heterogeneous environments, it provides full remote management capability, and it supports remote deployment. This paper introduces the management features found in ThinkServer System Manager. ThinkServer System Manager Features ThinkServer System Manager is standard on all next-generation ThinkServer systems and provides the following features: Access o o o o Choice of a dedicated or shared management Ethernet connection Secure HTML5 web browser GUI suitable for today s mobile devices and tablets PowerShell CLI provides increased flexibility and scripting capabilities Industry-standard interfaces and protocols for monitoring, logging, configuring and controlling the ThinkServer system IPMI 2.0 DCMI 1.0 WS-MAN SMASH-CLP SNMP v3 (Gets only) 4

o Serial console redirection IPMI Serial over LAN Via SSH / Telnet over LAN Server console redirection over external serial port Networking protocol support o ARP, DHCP, DNS, HTTP, HTTPS, ICMP, LDAP, LDAPS, SMTP, SNMP (Traps), SNMP v3 (Gets only), SNTP, SSL, SSH, VLAN, NTP, SLP, Telnet o IP address, host name, subnet mask, gateway o Network port reassignments Continuous monitoring of system health and status o Access to critical server settings o Continuous health monitoring and control o System watchdog timers o Event logs record time stamped critical, warning and informational system events, and can be used to assist in debugging problems. Logs can be accessed both in band and out of band. IPMI System Event Log (SEL) Human readable via the web interface and BIOS Extended SEL log for additional related information from SEL Audit log for administrative events o Errors detected by sensors and watchdogs are reported through the alerting mechanisms provided by ThinkServer System Manager Automatic out-of-band notification and alerts o System events that are reported are selected using configurable Platform Event Filters (PEF) o SNMP Traps o SMTP (email) o CIM indications FRU monitoring available through web I/F, IPMI, PowerShell CLI, WS-MAN, SMASH-CLI Remote power control (on / off / power cycle / shutdown / reset) Security o Enterprise-class security access protocols such as SSL, SSH, RMCP+ o User authentication and role-based privileges supported through local accounts or secure connection to LDAP or Active Directory o Firewall to block specific IP addresses and network ports Remote platform firmware updating with recovery to last-known good image Boot sequence manipulation (via IPMI) Configurable via web, and PowerShell CLI, IPMI, WS-Man, and SMASH-CLI interfaces Save and restore configuration settings to a file 5

ThinkServer System Manager Premium, available as an optional hardware upgrade key, enables the following advanced features: A remote console provides complete remote control of the server. A video viewer enables graphical console, keyboard and mouse redirection of the server. Remote media capability enables the attachment of local CD-ROMs, DVD-ROMs, USB mass storage devices, ISO images and IMG images (create from local folders) to the remote server. Support for power monitoring and management with the separately available ThinkServer Energy Manager tool. Energy Manager is a stand-alone, web-based, power management console that enables you to observe, plan and manage server power usage to decrease power and cooling needs, helping to lower your total cost of ownership. Energy Manager uses ThinkServer System Manager to capture real-time power and temperature data from the ThinkServer, analyzes the data to optimize server power consumption and workload placement, and provides controls to limit maximum server power consumed. Additional information about ThinkServer Energy Manager can be found at http://www.lenovo.com. The following sections look at some of these features in more detail. Configuring the Management Network When deploying next-generation ThinkServer systems, you have the option of configuring a dedicated Ethernet network interface port or an interface that can be shared with the operating system. The dedicated interface uses a separate network port with its own dedicated MAC address providing complete physical separation between ThinkServer System Manager and other Ethernet ports on the system. The shared interface uses a common network port on a LAN integrated on the motherboard, but will have two different MAC addresses one for a system motherboard port, and one for ThinkServer System Manager. The shared port can simplify switch configuration and minimize the number of network ports required. Support for virtual LANs (VLANs) can provide some separation between the in-band network and ThinkServer System Manager by partitioning the physical network into multiple logical networks. VLANs also help improve network security by limiting network access to subscribers defined in the VLAN group, even if the devices are on the same physical LAN. Users choose which port to use for communication with ThinkServer System Manager, as only one Ethernet port can be active at a given time. 6

Before communication with ThinkServer System Manager is possible, the management network connection must be configured. Both IPv4 and IPv6 addressing are supported, and the addresses can be assigned either statically or by DHCP. If DHCP is not used, then the IP address, subnet mask and gateway address must be specified. Dynamic DNS (DDNS) registration is supported using several methods including Direct DDNS where the TSIG mechanism can be used to provide security. The host name is configurable manually, or the default hostname, which is equal to the MAC address for the selected Ethernet port, can be used. Network settings configured in ThinkServer System Manager will take precedence over settings configured in BIOS, and are synchronized at POST. Configuring ThinkServer System Manager Management Settings ThinkServer System Manager is configurable through multiple interfaces and meets a variety of needs and management infrastructure requirements. An overview of the configurable items is shown in Table 1. In addition to network settings, user logon accounts and alert notifications should be set up to provide basic management support. ThinkServer System Manager settings can be backed up or restored from a file that has been saved to a local device or a shared network folder. Table 1 Configurable Items Configuration Item Web PowerShell IPMI WS-Man SMASH-CLI Server power button Yes Yes Yes Yes Yes Local user accounts and privileges Active Directory / LDAP configuration and accounts Network settings for each interface Virtual console and virtual media enablement and configuration Notification settings SNMP traps, SMTP configurations NTP client configuration Security certificates management Services management Yes Yes Yes Yes Yes No Yes No No Yes Yes Yes Yes No Yes Virtual media only Yes Service enablement allowed, but not other configurations or media redirection Yes Yes Yes Yes No Yes No Yes Only date and time can be set Yes No Yes No No Yes Only enable / disabled Yes Only enable / disabled Only account settings allowed, but not privileges Only service enablement allowed Only date and time can be set Only enable / disabled 7

Configuration Item Web PowerShell IPMI WS-Man SMASH-CLI Session timeouts Yes No Yes No No Firewall Yes No Yes No No Platform event filters Yes Yes Yes Yes No IPMI serial over LAN (SOL) Yes No Yes No Yes Thermal and power capping profiles Via DCMI No Yes No No ThinkServer System Manager network services can be configured to use different ports, as well as session timeout values for certain interfaces for added security, as shown in Table 2. Service Default Non- Secure Port Table 2 Network Services Default Secure Port Max Sessions Port Configurable Session Timeout Configurable Web (HTTP / HTTPS) 80 443 20 Yes Yes (5 30 min) Telnet 23 N/A N/A Yes Yes (1 30 min) SSH N/A 22 N/A Yes Yes (1 30 min) SNMP agent 161 N/A N/A Yes No SNMP traps 162 N/A N/A No No Remote KVM 7578 7582 4 No Yes (5 30 min) Remote media (HDD) 5123 5127 3 No No Remote media (CD/DVD) 5120 5124 1 No No Network Time Protocol (NTP) 123 N/A N/A No No SLP 427 N/A N/A No No SMTP (email alerts) 25 N/A N/A Yes No DHCP client 68 N/A N/A No No DNS client 53 N/A N/A No No LDAP / LDAPS 389 636 N/A Yes No Active Directory 389 636 N/A Yes No WS-Man 5988 5989 N/A No No SMASH-CLI N/A N/A 3 No Yes (1 30 min) Management Interfaces ThinkServer System Manager supports several different management interfaces (see Figure 1) to enable management by leading management consoles, as well as direct user access. These include: Web GUI Virtual console and virtual media (enabled with ThinkServer System Manager Premium) PowerShell CLI IPMI 8

DCMI DMTF SMASH-CLI DMTF WS-Management The following sections describe these interfaces and how they can be used. Figure 1 Management Interfaces Logical Diagram The ThinkServer System Manager Web Interface ThinkServer System Manager provides access to an integrated web server user interface with standard web browsers that support HTML5. The web interface provides a simple, graphical view of the server status, and allows remote configuration and control of the server. The user interface supports new browser technologies and is usable from mobile devices and tablets. Secure connections can be made using HTTPS. The home page (see Figure 2) displays summary status information about the ThinkServer system. The system type and asset tag are displayed, as well as current environmental data such as temperature and power consumption. System power status, the active management NIC configuration and latest system event log entries are also shown. 9

Figure 2 ThinkServer System Manager Web Interface Home Page A second page (see Figure 3) displays icons that link to various systems management and configuration functions. Clicking an icon allows administrators to configure aspects of ThinkServer System Manager, or view the status of server hardware. For example, clicking the Sensor Monitoring icon displays information such as fan speeds, system temperatures, and power supply voltages. From the web interface, users can: View overall system status at a glance and see a preview of the system console Configure ThinkServer System Manager network interface and protocol settings Administer user access and privileges Configure alerts View detailed system health and status View the System Event and Audit Logs Remotely control power to the server Update system firmware Initiate remote console and media sessions (if enabled with ThinkServer System Manager Premium) 10

Figure 3 ThinkServer System Manager Web Interface Controls Remote Virtual Console and Virtual Media To help reduce administrative costs, the virtual remote console and virtual remote media features are available with ThinkServer System Manager Premium upgrade option. These features, accessible from the web interface, provide the ability to view the server console from a remote computer and use the remote computer s mouse and keyboard to interact with and control the server. The virtual console allows up to four users to connect simultaneously, allowing several remote administrators to view and resolve a problem as a team. Features of the remote console allow administrators to capture screen shots to a file or record a video of the screen. Other options allow control of server power and reset operations. 11

Figure 4 Virtual Console Viewer Showing an OS Installation ThinkServer System Manager Premium upgrade also enables you to logically mount a local or networked drive on the server. A mounted disk appears as a physical disk drive attached to the server and can be used to boot the server, install an operating system or application, share files or update firmware on the server. Devices that can be virtualized include CD-ROMs (USB, SATA), DVD-ROMs (USB, SATA), USB mass storage devices, ISO images, disk raw data files (e.g. ghost, dd) and IMG images (created from local folders). Files used by remote media can be redirected from a NFS or CIFS network file share. Up to three virtual hard-disk drives and one CD/DVD can be configured simultaneously. The virtual console and virtual media features are enabled with a Java plug-in in a supported browser. All video and data transferred between the remote and managed systems can be encrypted. PowerShell Command Line Interface ThinkServer System Manager provides a Microsoft Windows PowerShell interface to enable command-line scripting capability. PowerShell is a task-based, command-line shell and scripting language that helps IT administrators automate server management. The PowerShell interface provides direct access to management functions as an alternative to the web-based user interface. Many of the features and functions available thru IPMI and the web I/F are supported by the CLI. With PowerShell, administrators can leverage common tools for script development and solutions for advanced automation tasks across servers with greater flexibility and capability. 12

Tools can enable tasks to be programmatically scheduled for execution at a particular time, or when a certain condition is met. IPMI A widely supported industry-standard interface is the Intelligent Platform Management Interface (IPMI), which specifies a standardized message-based, hardware-level interface specification for out-of-band management. ThinkServer System Manager fully supports version 2.0 of the standard, and adds additional capability with published OEM commands. System administrators and management software can use IPMI messaging to query platform status, to review hardware logs, or to issue other requests or commands from a remote console to the server. Out-of-band IPMI enables management software to communicate directly with ThinkServer System Manager independently of the server, and without requiring host operating system support. As a result, system status can be obtained, and recovery actions can be performed when in-band methods are unavailable. ThinkServer System Manager can use the following outof-band IPMI interfaces to connect to the server: IPMI over LAN uses the Remote Management Control Protocol+ (RMCP+) to send IPMI commands over the shared or dedicated management network. IPMI Serial over LAN (SOL) provides a method to redirect text-based serial console data over the shared or dedicated management network. Serial traffic from the system serial port is captured by ThinkServer System Manager and redirected over the external LAN interface, and provides software, or a user at a remote console, a means of interacting remotely with serial, text-based interfaces such as operating system command-line interfaces (e.g. Linux consoles), serial redirected BIOS interfaces and serial text-based applications. SOL is implemented as a payload type under the IPMI v2.0 RMCP+ protocol. Once an IPMI session is established with ThinkServer System Manager, the remote console can request that SOL be activated. An in-band IPMI interface can be used by host software, such diagnostics, or system management applications or agents, to communicate locally with ThinkServer System Manager. For this to occur, the host server must be powered on and the operating system functioning. Because IPMI is a command-line protocol, it can be scripted. A number of open source tools are available to simplify the use of IPMI. Many commercial systems management consoles are based on the use of IPMI. DCMI DCMI is an industry specification that defines a simplified, interoperable management interface designed to address the unique requirements of server platform management within Internet Portal Data Centers (IPDC) and other high-density data centers where large numbers of servers 13

are deployed. Based on IPMI 2.0 standard commands and extensions, it delivers the majority of capabilities required by high-density data centers including platform identification, sensor status and logging and simplified power management. ThinkServer System Manager fully supports the DCMI standard version 1.0. DCMI is also the interface used by ThinkServer Energy Manager to communicate with ThinkServer System Manager for power management and capping functions implemented in the server. SMASH The Distributed Management Task Force (DMTF) created the Systems Management Architecture for Server Hardware (SMASH) initiative, which includes a suite of specifications that defines an architectural model, standard protocols and management profiles for management of servers in data center environments. These standards are used to perform system management tasks in heterogeneous environments. ThinkServer System Manager supports these standards for remote out-of-band management. SMASH specifies both a command line and a web services protocol. The Server Management Command Line Protocol (SM-CLP) defines a command-line syntax allowing an operator or a script to execute common system tasks over a Telnet or SSH connection to ThinkServer System Manager over the management LAN. Telnet is not a secure protocol, so when sensitive information is transmitted, the SSH interface should be used. Open source applications such as PuTTY and OpenSSH can be used to initiate Telnet and SSH sessions to ThinkServer System Manager. For programmatic access by management consoles and applications, SMASH specifies the Web Services for Management Protocol (WS-Man). Many management consoles use WS-MAN as the underlying protocol for managing servers. The protocol may be used directly with a WS-Man client such as Microsoft WinRM (included with current Windows desktop and server versions) or OpenWSMAN for Linux. A Common Information Model (CIM) defines the semantics and the types of information that can be obtained or modified in the server. This information is mapped to the management profiles defined by the standard. ThinkServer System Manager fully supports all of the required management profiles. Using these standards, administrators can query system status and sensor states, view event logs, control system power, etc. 14

Monitoring Server Health and Status ThinkServer System Manager has a comprehensive network of sensors that monitor system parameters, including system temperatures, fan speeds, voltages, etc. Whenever a sensor indicates a condition outside of a predefined acceptable range, an alert can be generated. Sensors status can be viewed through the web interface, and via the other management interfaces discussed in this document. Platform Event Filters (PEF) provide a mechanism to configure specific actions to be performed on particular event messages if the specified criteria is met. Actions can be triggered based on the severity of the event, and include sending a remote alert via email and SNMP traps. ThinkServer System Manager can also be programmed to perform power actions including rebooting the system without powering off, powering off the system then rebooting, and immediately powering off the system. The alert message will contain information about the nature of the event, the time and date the event occurred and the host name of the ThinkServer System Manager that generated the alert. Remote systems can also be alerted to specific events using Web Services Eventing (WS- Eventing) using CIM indications. WS-Eventing is a protocol for web services to subscribe to an event source in the server. The subscriber is notified when the event occurs. Events are also recorded into a System Event Log (SEL) that is accessible via the web interface, PowerShell, IPMI, WS-Man and SMASH-CLI. The SEL can contain roughly 3,000 unique entries, and can be filtered and sorted. An Audit Log records administrative events such as actions performed by users including logging on, password changes, etc. The Audit log can be disabled, so that no new events are registered to this log, and both logs can be configured to generate an alert when they fill. Security Features ThinkServer System Manager provides enterprise security features to protect itself, but also the server from unauthorized usage. The following features are standard on ThinkServer System Manager: Up to nine IPMI-based, local, hardware-stored user accounts and passwords are supported. A forgotten password service is available to users with a valid email address registered in ThinkServer System Manager. User authentication through LDAP and Active Directory supports centralized user management. Up to five Active Directory and LDAP groups are supported, and no extensions to the standard schemas are required. Multiple authentication methods can be used simultaneously and the order in which authentication occurs can be specified. By default, ThinkServer System Manager tries to 15

authenticate user credentials locally, via LDAP (if enabled), and finally via Active Directory (if enabled). User accounts can be assigned specific role-based privileges. Defined roles include Administrator, Operator and User (see Table 3 for specific capabilities). Management interfaces are protected with configurable automatic session inactivity timeouts (web, Telnet, SSH, KVM). A firewall can be configured to block network traffic based on IP address or network port. Many of the Network Service ports used by ThinkServer System Manager services are configurable and can be redefined. Data encryption is provided with 256-bit Secure Sockets Layer (SSL) for the Secure Webserver (HTTPS), Secure LDAP (LDAPS), and for virtual console and virtual media. ThinkServer System Manager supports terminal connections to clients using SSH version 2.0. SSH uses user ID and password pairs stored in local user accounts or AD/LDAP server, or SSH certificates for local users. VLAN support enables management traffic to be located in a private management VLAN in both the dedicated and shared network modes. VLAN groups can be used to limit network access to devices subscribed to the VLAN group. ThinkServer System Manager supports generating and importing certificates for SSL and SSH. An Audit log records user logins and password maintenance actions. Table 3 Privilege Levels Feature Administrator Operator User Can login to ThinkServer System Manager web interface X X X Can configure ThinkServer System Manager X Can view ThinkServer System Manager configuration X X Can configure users X Can configure security settings X Can view sensors X X X Can configure alerts X Can view alerts X X Can clear logs X Can view logs X X X Can configure remote console and remote media X Can access remote console X X 1 X 1 Can access virtual media X X X Can access FRU information X X X Can control server power X 1 Access can be granted to a user on a user by user basis. 16

Conclusions Lenovo ThinkServer System Manager and ThinkServer System Manager Premium provide a fully featured management solution built on open industry standards that can help reduce TCO by increasing a server administrator s productivity. By remotely performing most tasks that would otherwise require a visit to the server, the overall availability of the server can be increased. For further information, contact your Lenovo sales representative or channel partner. References For more information about ThinkServer System Manager, view the following documents at http://support.lenovo.com. ThinkServer System Manager User Guide ThinkServer System Manager PowerShell CLI User Guide ThinkServer Energy Manager User Guide User Guide and Hardware Maintenance Manuals for next-generation ThinkServer systems 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information