User Guide - English. FUJITSU Software ServerView Suite. Remote Management. irmc - integrated Remote Management Controller

User Guide - English FUJITSU Software ServerView Suite Remote Management irmc - integrated Remote Management Controller Edition June 2009

Comments Suggestions Corrections The User Documentation Department would like to know your opinion of this manual. Your feedback helps us optimize our documentation to suit your individual needs. Feel free to send us your comments by e-mail to manuals@ts.fujitsu.com. Certified documentation according to DIN EN ISO 9001:2000 To ensure a consistently high quality standard and user-friendliness, this documentation was created to meet the regulations of a quality management system which complies with the requirements of the standard DIN EN ISO 9001:2000. cognitas. Gesellschaft für Technik-Dokumentation mbh www.cognitas.de Copyright and Trademarks Copyright 2009 Fujitsu Technology Solutions GmbH. All rights reserved. Delivery subject to availability; right of technical modifications reserved. All hardware and software names used are trademarks of their respective manufacturers.

Contents 1 Preface............................. 11 1.1 Purpose and target groups of the manual.......... 12 1.2 Functions of the irmc (overview)............... 13 1.3 Communication interfaces of the irmc............ 18 1.4 IPMI - technical background.................. 19 1.5 Changes since the previous manual............. 28 1.6 Notational conventions.................... 29 2 Logging on to the irmc for the first time........... 31 2.1 Requirements.......................... 31 2.2 irmc factory defaults..................... 32 2.3 Logging into the irmc web interface............. 33 3 Configuring the irmc..................... 35 3.1 Configuring the irmc LAN interface............. 36 3.1.1 Prerequisites........................... 37 3.1.1.1 Connected to the correct LAN port?............. 37 3.1.1.2 Interaction between the IP addresses of the irmc and the system........................ 38 3.1.1.3 Access from a different subnet................ 38 3.1.2 Configuring the LAN interface: Configuration tools....... 38 3.1.3 Configuring the LAN interface using the BIOS Setup program. 39 3.1.4 Testing the LAN interface.................... 41 3.2 Configuring text console redirection via LAN using the BIOS Setup program.................... 42 3.2.1 Configure text console redirection................ 43 3.2.2 Using console redirection while the operating system is running 46 3.3 Configuring and using the serial interface of the irmc... 48 3.3.1 Configuring the serial interface................. 49 3.3.2 Using the Remote Manager (Serial) interface.......... 51 irmc

Contents 3.4 Configuring the irmc over the irmc web interface..... 52 3.4.1 Configuring the LAN parameters................. 52 3.4.2 Configuring alerting........................ 53 3.4.3 Configuring text console redirection............... 53 3.5 Configuring irmc using the Server Configuration Manager. 54 3.5.1 Configuring the LAN parameters................. 54 3.5.2 Configuring alerting........................ 55 4 User management for the irmc................ 57 4.1 User management concept for the irmc........... 58 4.2 User permissions........................ 60 4.3 Local user management for the irmc............. 62 4.3.1 Local user management using the irmc web interface..... 62 4.3.2 Local user management via the Server Configuration Manager. 64 4.4 Global user management for the irmc............ 66 4.4.1 Overview............................. 67 4.4.2 irmc user management via an LDAP directory service (concept)............................. 68 4.4.2.1 Global user management via the OU "irmcgroups"..... 68 4.4.2.2 Cross-server, global user permissions............ 69 4.4.2.3 Settings for the preferred shell................ 72 4.4.3 Generating the "irmcgroups" structure in the LDAP directory service...................... 73 4.4.3.1 Creating the LDIF file..................... 73 4.4.3.2 Importing the LDIF file into the directory service....... 76 4.4.4 irmc user management via Microsoft Active Directory..... 77 4.4.4.1 Importing the LDIF file into Microsoft Active Directory..... 77 4.4.4.2 Configuring irmc LDAP/SSL access at the Active Directory server.................... 83 4.4.4.3 Assigning irmc users to the OU "irmcgroups"....... 88 4.4.5 irmc user management via Novell edirectory......... 95 4.4.5.1 Software components and system requirements....... 95 4.4.5.2 Installing Novell edirectory.................. 96 4.4.5.3 Configuring Novell edirectory................ 103 4.4.5.4 Integrating irmc user management in Novell edirectory. 109 4.4.5.5 Assigning irmc users to the OU "irmcgroups"...... 117 4.4.5.6 Tips on administering Novell edirectory........... 121 irmc

Contents 4.4.6 irmc user management via OpenLDAP............ 124 4.4.6.1 Installing OpenLDAP..................... 124 4.4.6.2 Creating SSL certificates................... 124 4.4.6.3 Configuring OpenLDAP................... 125 4.4.6.4 Integrating irmc user management in OpenLDAP...... 126 4.4.6.5 Tips on OpenLDAP administration.............. 129 4.4.7 SSL copyright.......................... 131 5 Advanced Video Redirection................. 133 5.1 Requirements: Check the AVR settings........... 134 5.2 Using Advanced Video Redirection.............. 135 5.2.1 Parallel AVR sessions...................... 136 5.2.2 Local Monitor Off function.................... 137 5.2.3 Redirecting the keyboard.................... 138 5.2.4 Redirecting the mouse...................... 140 5.2.4.1 Synchronizing the mouse pointer.............. 140 5.2.4.2 Managed Windows server: Adjusting the settings for synchronization of the mouse pointers........... 142 5.2.4.3 Managed Linux server: Adjusting the settings for synchronization of the mouse pointers........... 145 5.3 Menus of the AVR window................... 147 5.3.1 Extras menu........................... 148 5.3.2 Remote Storage menu...................... 151 5.3.3 Languages menu........................ 151 5.3.4 Preferences menu........................ 152 6 Remote Storage........................ 155 6.1 Providing remote storage at the remote workstation.... 156 6.1.1 Starting Remote Storage.................... 157 6.1.2 Provision of storage media for Remote Storage......... 159 6.1.3 Connecting storage media as remote storage.......... 161 6.1.4 Clearing Remote Storage connections............. 163 6.1.5 Removing the storage medium................. 164 6.2 Providing remote storage via a remote storage server... 165 6.2.1 Installing the remote storage server............... 166 6.2.2 Remote storage server execution modes........... 171 6.2.3 Configuring, starting and exiting the remote storage server... 172 irmc

Contents 7 irmc web interface...................... 177 7.1 Logging into the irmc web interface............ 178 7.2 Required user permissions................. 180 7.3 Structure of the user interface................ 183 7.4 System Information - Information on the server....... 186 7.4.1 System Overview - General information on the server..... 187 7.4.2 System Component Information -Information on the server components....................... 190 7.5 irmc - Information, firmware and certificates........ 191 7.5.1 irmc Information - information about the irmc........ 192 7.5.2 Save irmc Firmware Settings - Save firmware settings.... 196 7.5.3 Certificate Upload - Load the DSA/RSA certificate and private DSA/RSA key...................... 198 7.5.4 Generate a self-signed RSA Certificate - Creating a self-signed RSA certificate................... 204 7.6 Power Management...................... 206 7.6.1 Power On/Off - power the server up/down........... 207 7.6.2 Power Options - Configuring power management for the server.......................... 211 7.6.3 Power Supply Info - Power supply and IDPROM data for the FRU components.................... 214 7.7 Sensors - Check status of the sensors........... 215 7.7.1 Fans - Check fans........................ 216 7.7.2 Temperature - Check temperature sensors........... 218 7.7.3 Voltages - Check voltage sensors............... 220 7.7.4 Power Supply - Check power supply.............. 221 7.7.5 Component Status - Check status of the server components. 222 7.8 System Event Log (SEL) - Displaying and configuring the server s event log..................... 223 7.8.1 System Event Log Content - Show information on the SEL and SEL entries......................... 224 7.8.2 System Event Log Configuration - Configure the SEL..... 227 7.9 Server Management Information - Configuring the server settings......................... 229 irmc

Contents 7.10 Network Settings - Configure the LAN parameters..... 235 7.10.1 Network Interface - Configure Ethernet settings on the irmc.. 236 7.10.2 Ports and Network Services - Configuring ports and network services...................... 239 7.10.3 DHCP Configuration - Configuring the host name for the irmc. 243 7.10.4 DNS Configuration - Enable DNS for the irmc......... 245 7.11 Alerting - Configure alerting.................. 247 7.11.1 SNMP Trap Alerting - Configure SNMP trap alerting...... 248 7.11.2 Serial / Modem Alerting - Configure alerting via modem.... 250 7.11.3 Email Alerting - Configure email alerting............ 252 7.12 User Management - Manage users.............. 259 7.12.1 irmc User - local user management on the irmc....... 259 7.12.1.1 New User Configuration - Configuring a new user...... 261 7.12.1.2 User <name> Configuration - User configuration (details). 262 7.12.2 Directory Service Configuration (LDAP) - Configuring the directory service at the irmc.......... 269 7.13 Console Redirection - Redirecting the console....... 277 7.13.1 BIOS Text Console - Configure and start text console redirection............................ 277 7.13.1.1 BIOS Console Redirection Options - Configure text console redirection.................... 279 7.13.1.2 Text Console Redirection (via Serial over LAN) - Start text console redirection................. 281 7.13.1.3 Text console redirection while the operating system is running........................... 286 7.13.2 Advanced Video Redirection - Start Advanced Video Redirection (AVR)........................ 288 7.14 Remote Storage........................ 296 7.15 Operating irmc via Telnet/SSH (Remote Manager)..... 298 8 irmc via Telnet/SSH (Remote Manager)........... 303 8.1 Operating the irmc using the ServerView Remote Management Frontend..................... 304 8.2 Remote Manager........................ 305 8.2.1 Operating Remote Manager................... 305 8.2.2 Overview of menus....................... 306 8.2.3 Logging in............................ 308 irmc

Contents 8.2.4 Main menu of the Remote Manager.............. 310 8.2.5 Required user permissions................... 312 8.2.6 Change the password...................... 313 8.2.7 System Information - Information on the managed server... 314 8.2.8 Power Management....................... 315 8.2.9 Enclosure Information - System event log and status of the sensors...................... 317 8.2.10 Service processor - IP parameters, identification LED and irmc reset......................... 321 8.2.11 Console Redirection (EMS/SAC) - Start text console redirection............................ 322 8.2.12 Start a Command Line shell... - Start a SMASH CLP shell... 323 8.2.13 Command Line Protocol (CLP)................. 324 9 Configuring irmc using the Server Configuration Manager 329 9.1 Starting system configuration................ 330 9.1.1 Calling the Server Configuration Manager from the Installation Manager...................... 330 9.1.2 Calling the Server Configuration Manager from the Windows Start menu...................... 331 9.1.3 Calling the Server Configuration Manager from the Operations Manager...................... 333 9.2 ASR&R Fan Settings..................... 338 9.3 ASR&R Temperature Settings................ 340 9.4 irmc LAN Interface - Configuring the LAN parameters of the irmc........................... 342 9.5 irmc Networking Ports - Configuring ports and network services....................... 345 9.6 irmc DNS Registration - Configuring the host name for the irmc.......................... 347 9.7 irmc DNS Server - Activating DNS for the irmc...... 349 9.8 irmc EMail Alerting -Configuring email forwarding.... 351 9.9 irmc Mail Format Settings - Mail-format-dependent settings............................ 354 9.10 irmc SNMP Alerting - Configuring SNMP alerting..... 356 irmc

Contents 9.11 irmc User Management - Local user management on the irmc........................... 357 9.12 irmc Directory Service - Configuring the directory service 362 9.12.1 Configuring irmc for Microsoft Active Directory......... 365 9.12.2 Configuring irmc for Novell edirectory / OpenLDAP...... 367 9.13 irmc Advanced Features - Remote Storage Server, License Key and HP SIM Integration............. 370 10 Firmware update........................ 373 10.1 irmc firmware (overview)................... 374 10.2 Setting up the USB memory stick............... 377 10.3 Online update.......................... 380 10.3.1 Online update using the ServerView Update Manager..... 380 10.3.2 Online update using ServerView Update Manager Express or ASPs............................. 381 10.3.3 Online update using the operating system flash tools...... 381 10.4 Offline update......................... 383 10.4.1 Offline update using the ServerView Update Manager..... 383 10.4.2 Offline update via the FlashDisk menu............. 384 10.4.3 Offline update using the flash tool flbmc............. 385 10.5 Emergency flash........................ 386 10.6 Flash tools........................... 387 11 Remote installation of the operating system via irmc... 391 11.1 Installing the operating system via irmc - general procedure....................... 392 11.2 Connecting a storage medium as remote storage...... 394 11.3 Booting the managed server from PRIMERGY ServerView Suite DVD 1 and configuring it with the Installation Manager...................... 398 11.4 Installing the operating system on the managed server after configuration....................... 405 11.4.1 Installing Windows on the managed server after configuration. 405 11.4.2 Installing Linux on the managed server after configuration... 409 irmc

Contents 12 IPMI OEM Commands.................... 415 12.1 Overview............................ 415 12.2 Description of the IPMI OEM commands.......... 417 12.2.1 Description format....................... 417 12.2.2 SCCI-compliant Power On/Off commands........... 418 12.2.3 SCCI-compliant communication commands.......... 423 12.2.4 SCCI-compliant signaling command.............. 425 12.2.5 Firmware-specific commands.................. 426 12.2.6 BIOS-specific commands.................... 430 12.2.7 irmc-specific commands.................... 432 Related publications........................... 441 Index................................... 447 irmc

1 Preface Modern server systems are becoming increasingly complex. The requirements with respect to the management of such systems are growing accordingly. In response to this development, a number of vendors founded the Intelligent Platform Management Interface (IPMI) initiative with the objective of defining a standardized, abstract, message-based interface between the central system controller (Baseboard Management Controller - BMC) and intelligent hardware for platform management. For further details on IPMI, please refer to section IPMI - technical background on page 19. The irmc (integrated Remote Management Controller) is a BMC with integrated LAN connection and extended functionality which was previously only available using additional plug-in boards, such as the RemoteView Service Board (RSB). In this way, the irmc offers comprehensive control over PRIMERGY servers, irrespective of the system status, in particular over PRIMERGY servers whose system status is out-of-band. Figure 1: irmc on the system board of a PRIMERGY server As an autonomous system on the system board of a modern PRIMERGY server, the irmc has its own operating system, its own web server, separate user management and independent alert management. The irmc remains powered up even when the server is in stand-by mode. irmc 11

Purpose and target groups of the manual Preface This manual describes how to configure the irmc and the various user interfaces available. 1.1 Purpose and target groups of the manual This manual is aimed at system administrators, network administrators, and service staff who have a sound knowledge of hardware and software. It provides basic information on the technology behind IPMI and deals with the following aspects in detail: Logging on to the irmc Configuring the irmc User management on the irmc Advanced Video Redirection via irmc Remote Storage via irmc irmc web interface Telnet/SSH-based interface (Remote Manager) of the irmc. Configuring the irmc with the Server Configuration Manager Firmware update Remote installation of the operating system via irmc IPMI OEM Commands Further documentation on ServerView remote management You will find additional manuals on the topic of ServerView remote management and on the PRIMERGY ServerView suite in the chapter Related publications on page 441. Service If you have any further questions on remote management for PRIMERGY servers, contact the service and support partners responsible for you. Other information http://www.ts.fujitsu.com 12 irmc

Preface Functions of the irmc 1.2 Functions of the irmc (overview) In addition to the wide range of standard functions provided, the irmc also supports Advanced Video Redirection (AVR) and Remote Storage, two additional advanced features for the remote management of PRIMERGY servers. To use AVR and Remote Storage, you require a valid license key, which can be purchased separately. Standard functions of the irmc Browser access The irmc features its own web server which can be accessed by the management station from a standard web browser. Security (SSL, SSH) Secure access to the Web server and secure graphical console redirection including mouse and keyboard can be provided over HTTPS/SSL. An encrypted connection protected using SSH mechanisms can be set up to access the irmc using the Remote Manager. The Remote Manager is an alphanumeric user interface for the irmc. ServerView Integration The ServerView agents detect the irmc and automatically assign it to the relevant server. This means that it is possible to start the irmc web interface and text console redirection using the ServerView Remote Management Frontend directly from ServerView Operations Manager. Power Management Irrespective of the status of the system, you have the following options for powering the managed server up or down from the remote workstation over the irmc web interface using the Remote Manager and the command line interface (CLP) with a script. irmc 13

Functions of the irmc Preface Text console redirection You can initiate a Telnet/SSH session to the irmc from the ServerView Remote Management Frontend. This calls the Remote Manager, via which you can start a text console redirection session. Basic functions of a BMC The irmc supports the basic functions of a BMC such as voltage monitoring, event logging and recovery control. Headless system operation The managed server does not require a mouse, monitor or keyboard to be connected. The benefits of this include lower costs, far simpler cabling in the rack and increased security. Identification LED To facilitate identification of the system, for instance if it is installed in a fully populated rack, you can activate the identification LED from the irmc web interface. Global error LED A global error LED informs you of the status of the managed system at all times. LAN On some systems, the LAN interface of the fitted system NIC (Network Interface Card) on the server is reserved for the management LAN. On other systems, you have the option of configuring this LAN interface to reserve it for the management LAN set it up for shared operation with the system or make it completely available to the system. The ports marked with a wrench symbol are assigned to the irmc (see figure 7 on page 37). Command line interface (CLP) In addition to the Remote Manager, the irmc also supports SMASH CLP (System Management Architecture for Server Hardware Command Line Protocol) as standardized by the DMTF (Distributed Management Task Force). 14 irmc

Preface Functions of the irmc Simple configuration - interactive or script-based The following tools are available for configuring the irmc: irmc web interface Server Configuration Manager The server management tool IPMIVIEW BIOS Setup It is also possible to carry out configuration with the Server Configuration Manager or IPMIVIEW using scripts. This means that it is possible to configure the irmc when the server is first configured with ServerStart. It is also possible to configure a large number of servers on the basis of scripts. Local user management The irmc has its own user management function which allows up to 16 users to be created with passwords and to be assigned various rights depending on the user groups they belong to. Global user management using a directory service The global user IDs for the irmc are stored centrally in the directory service's directory. This makes it possible to manage the user identifications on a central server. They can therefore be used by all the irmcs that are connected to this server in the network. The following directory services are currently supported for irmc user management: Microsoft Active Directory Novell edirectory OpenLDAP DNS / DHCP The irmc provides support for automatic network configuration. It has a default name and DHCP support is set by default so that the irmc gets its IP address from the DHCP server. The irmc name is registered by the Domain Name Service (DNS). Up to five DNS servers are supported. If DNS/DHCP is not available, the irmc also supports static IP addresses. irmc 15

Functions of the irmc Preface Power supply The irmc is powered by the standby supply of the system. Alert management The alert management facility of the irmc provides the following options for forwarding alerts (alerting): Platform Event Traps (PET) are sent via SNMP. Direct notification by email. A modem can be connected to the serial interface. This can then be used to send alerts (e.g. to a mobile phone via SMS). In addition, the irmc provides the ServerView agents with all the relevant information. Read, filter and save the system event log (SEL). You can view, save and delete the contents of the SEL over the irmc web interface or using the Telnet-based interface (Remote Manager) of the irmc. Extended functionality of the irmc Alongside the standard functionality, the irmc also supports the Advanced Video Redirection and Remote Storage functions. Advanced Video Redirection (AVR) The irmc supports Advanced Video Redirection which offers the following benefits: Operation over a standard web browser. No additional software needs to be installed in the management station other than the Java Runtime Environment. System-independent graphical and text console redirection (including mouse and keyboard). Remote access for boot monitoring, BIOS administration and operation of the operating system. AVR provides up to two simultaneous virtual connections for working on a server from a different location. It also reduces the load on the network by using hardware and video compression. 16 irmc

Preface Functions of the irmc Local monitor-off support: It is possible to power down the local screen of the managed PRIMERGY server during an AVR session in order to prevent unauthorized persons from observing user input and actions carried out on the local server screen during the AVR session. Remote Storage Remote Storage makes a virtual drive available which is physically located on a remote workstation or made available centrally on the network using a Remote Storage server. The virtual drives available with Remote Storage are simply managed in much the same way as local drives and offer the following options: Read and write data. Boot from Remote Storage. Install drivers and small applications. Update BIOS from remote workstation. (BIOS update via USB) Remote Storage supports the following device types to provide a virtual drive on the remote workstation: CD ROM DVD ROM Memory stick Floppy image CD ISO image DVD ISO image A Remote Storage server provides an ISO image centrally on the network in the form of a virtual drive. Remote Storage permits either the simultaneous connection of up to two virtual drives at the remote workstation or the provision of an ISO image via a Remote Storage server. irmc 17

Communication interfaces of the irmc Preface 1.3 Communication interfaces of the irmc The irmc provides the following communication interfaces: irmc web interface (web interface) The connection to the irmc web server is established over a standard web browser (e.g. Microsoft Internet Explorer, Mozilla Firefox). Among other things, the web interface of the irmc provides you with access to all system information and data from the sensors such as fan speeds, voltages, etc. You can also configure text-based console redirection and start graphical console redirection (Advanced Video Redirection, AVR). In addition, administrators can fully configure the irmc over the web interface. Secure access to the irmc web server can be provided with HTTPS/SSL. Operation of the irmc over the web interface is described in chapter irmc web interface on page 177. Remote Manager: Text-based Telnet/SSH interface via LAN You can call the Remote Manager from the ServerView Remote Management Frontend, directly from a Telnet/SSH client. The alphanumeric user interface of the Remote Manager provides you with access to system and sensor information, power management functions and the error event log. In addition, you can launch text console redirection or a SMASH CLP shell. If you call the Remote Manager over SSH (Secure Shell), the connection between the Remote Manager and the managed server is encrypted. Operation of the irmc using the Remote Manager is described in chapter irmc via Telnet/SSH (Remote Manager) on page 303. Remote Manager (Serial): Text-based serial interface over Serial 1 The Remote Manager (serial) interface is identical to the Remote Manager interface. 18 irmc

Preface IPMI - technical background 1.4 IPMI - technical background The irmc makes the BMC functions available over the IPMI interface. Intelligent Platform Management The Intelligent Platform Management initiative is a response to the increasing complexity of modern server systems. A number of manufacturers have joined this initiative in order to come up with a new solution for monitoring these server systems. The term Intelligent Platform Management expresses the core aspect of this approach to the solution: Functions for monitoring and recovery of systems are implemented directly in the hardware and firmware for platform management. Objective The objective was to define a standardized, abstract and message-based interface between the central system controller (Baseboard Management Controller - BMC) and intelligent platform management hardware. The standardization committees combined the central characteristics of various platform management modules into standardized descriptions. Definition The IPMI specification defines: IPMI is a hardware level interface specification that is management software neutral providing monitoring and control functions that can be exposed through standard management software interfaces such as DMI, WMI, CIM, SNMP, etc. As a hardware level interface, it sits at the bottom of a typical management software stack [see section IPMI and other management standards on page 20]. irmc 19

IPMI - technical background Preface Advantage The IPMI specifications ensure the independence of functions for inventory, logging, recovery and monitoring of a system by the system processor, BIOS or operating system. This means that a system can still be involved in platform management when it is shut down and turned off. IPMI and other management standards IPMI is best used in conjunction with system management software running under the relevant operating system. Integration of the IPMI functionality into the management functionality offered by a management application and the operating system results in a powerful platform management environment. An overview of the relationship between IPMI and the management software stack is shown by figure 2: SOFTWARE Management S/W Standards Management Applications Service Provider SP Interface Instrumentation Code IPMI I/F Code 'In-band' Remote Access STANDARD Remote I/F (e.g. RPC, SNMP) STANDARD S/W I/F (e.g. DMI-MI, CIM) STANDARD S/W I/F (e.g. DMI-CI, WM) IPMI I/F HARDWARE IPMI IPMI H/W I/F Baseboard Management Controller Figure 2: IPMI in the management software stack (source: IPMI specification, see section References on page 27) 20 irmc

Preface IPMI - technical background IPMI, IPMB and ICMB The IPMI initiative resulted in three central standards: IPMI. Intelligent Platform Management Interface Specification describes the higher-level architecture, the current commands, event formats, data packets and properties that are used in IPMI-based systems. IPMB. Intelligent Platform Management Bus is an I 2 C based (write only) bus, which provides a standardized connection between various modules in a common housing. IPMB can also be used as a standardized interface for remote management modules. ICMB. Intelligent Chassis Management Bus (Not currently implemented in the ServerView remote management environment.) provides a standardized interface for exchange of platform management information and for control across systems. ICMB is designed in such a way that it can be implemented with a device that is connected to the IPMB. IPMI implementation The core element of an IPMI implementation is the Baseboard Management Controller (BMC). The BMC performs the following tasks: The BMC organizes the interface between the system management software and the platform management hardware. It provides autonomous functions for monitoring, event logging and recovery control. The BMC acts as a gateway between the system management software and IPMB. IPMI allows platform management to be extended: Additional management controllers can be connected via the IPMB. The IPMB is an I 2 C based serial bus, which runs between the main modules of the system. It is used for communication with and between the management controllers. With the support of multiple management controllers, IPMI provides a scalable architecture: A complex server system can use multiple controllers for monitoring different subsystems, e.g. power supplies, hot swap RAID drive modules etc. irmc 21

IPMI - technical background Preface In addition, IPMI provides low level I 2 C commands, which can be accessed via a management controller connected to the IPMB on 'unintelligent' I 2 C modules that cannot process IPMI commands. An overview of the fundamental elements of an IPMI implementation is available in figure 3 on page 23. 22 irmc

Preface IPMI - technical background Remote Management Card ICMB (Intelligent Chassis Management Bus) RS-485 Transceivers LAN LAN Connector Modem Serial Connector Aux. IPMB Connector Aux. IPMB Connector Serial Controller ICMB BRIDGE (optional) Network (LAN) Controller side-band interface to NIC, e.g. SMBus MOTHERBOARD Serial Port Sharing Motherboard Serial Controller PCI Management Bus System Bus BASEBOARD MANAGEMENT CONTROLLER (BMC) Serial Controller System Interface IPMI MESSAGES IPMB Non-volatile Storage - SYSTEM EVENT LOG (SEL) - SENSOR DATA RECORD (SDR) REPOSITORY - BASEBOARD FIELD- REPLACEABLE UNIT (FRU) INFO Sensors & Control Circuitry e.g. Voltages, Temperatures, Fans, Power & Reset control, etc. Private Management Busses FRU SEEPROM Temperature Sensor MEMORY BOARD FRU SEEPROM PROCESSOR BOARD CHASSIS MANAGEMENT (SATELLITE CONTROLLER) FRU SEEPROM Chassis Sensors e.g. Fans, Temperatures, Power Supplies CHASSIS BOARD FRU SEEPROM REDUNDANT POWER BOARD Figure 3: IPMI block diagram (source: IPMI specification, see section References on page 27) irmc 23

IPMI - technical background Preface IPMI and in band and out of band management In the field of system management, a distinction is made between in-band and out-of-band management: The term in-band management is used when the operating system is running on the managed server. The term out-of-band management is used when the operating system is not running on the managed server, for instance if the hardware is faulty. As different interfaces are available in an environment with IPMI compatible systems, you can manage IPMI compatible systems either in band or out of band. IPMI-over-LAN "IPMI-over-LAN is the current name for the specification of the LAN interface in the IPMI standard. This specification stipulates how IPMI messages can be sent to or from the BMC of a managed system - encapsulated in RMCP (Remote Management Control Protocol) data packets. These RMCP data packets are transferred via an Ethernet LAN connection using the UDP (User Datagram Protocol) under IPv4 (Internet Protocol Version 4). The RMCP protocol has been specified to support the management of system statuses in which the operating system is not running. The RMCP is a simple inquiry/response protocol. The interface for such a connection is provided on an onboard LAN controller assigned to the BMC. I The interface can only be provided by an on-board LAN controller, not by an inserted LAN card. 24 irmc

Preface IPMI - technical background Of the two ports that RCMP uses under UDP, the BMC communicates with the LAN controller via port 623 (primary RMCP Port). Remote mgmt. system UDP datagrams to "Mgmt. Port" Outgoing packets from system software LAN LAN Controller PCI All incoming packets Datagrams generated by BMC E.g. mii or I 2 C SEL, SDR, FRU BMC System Bus Figure 4: BMC and LAN controller Serial Over LAN interface (SOL) Serial Over LAN is an interface compliant with the IPMI V2.0 standard, which controls transfer of serial data over a LAN connection. In particular, SOL specifies the packet formats and protocols for transferring serial data streams over a LAN between the serial controller on the managed computer and a remote workstation. SOL is based on the IPMI-over-LAN specification. In order to establish an SOL connection, a remote management application first initiates an IPMI-over-LAN session with the BMC. After this has been done, the SOL services can be activated from the remote workstation. The data traffic between the serial controller and the remote workstation is handled over the same IPMI session as the IPMI commands. As soon as an SOL connection has been established, data transfer between the serial controller and the remote workstation is carried out as follows: Transfer from the serial controller to the remote workstation: The data stream issued by the serial controller is partitioned by the BMC, packaged and then sent to the remote workstation over the LAN. Transfer from the remote workstation to the serial controller: BMC unpacks the characters contained in the packages sent by the remote workstation and forwards them to the serial controller as a character stream. irmc 25

IPMI - technical background Preface Remote mgmt. system UDP datagrams to "Mgmt. Port" Outgoing packets from system software Figure 5: BMC and SOL LAN LAN Controller PCI All incoming packets Datagrams generated by BMC E.g. mii or I 2 C SEL, SDR, FRU BMC System Bus Motherb. Serial Controller The SOL character data is then exchanged between the BMC of the managed system and the remote workstation as SOL messages. The SOL messages are encapsulated in RMCP+ data packets and transferred in UDP datagrams over an Ethernet LAN connection using IPv4 (Internet Protocol Version 4). The RMCP+ protocol is based on the RMCP protocol, but includes extensions for encryption, authentication, etc. Serial over LAN permits headless management by console redirection by both the BIOS and the operating system of the managed server. High-cost concentrator solutions are not required. Channel concept under IPMI Channels provide the mechanisms with which IPMI messages are routed to the BMC via various connection carriers. Up to nine channels can be supported. The system interface and the primary IPMB are fixed. The other seven channels are available for the implementation. Channels can be either session based or sessionless. The session concept has two meanings: It is either a concept for user authentication (see the section User identifications on page 27) or a concept for routing multiple IPMI message streams via a single channel. Examples of session based channels are LAN channels or serial / modem channels. Examples of sessionless channels are the system interface and the IPMB. 26 irmc

Preface IPMI - technical background User identifications For session based channels (see the section Channel concept under IPMI on page 26), a user login is necessary. By contrast, the sessionless channels have no user authentication. Under IPMI, the user configuration is channel specific. Thus, users can have different privileges depending on whether they are accessing the BMC via the LAN channel or the serial channel. References Information about the IPMI standards can be found on the Internet: http://developer.intel.com/design/servers/ipmi/index.htm irmc 27

Changes compared with the previous version Preface 1.5 Changes since the previous manual This edition replaces the following online manual: irmc - integrated Remote Management Controller, November 2008 edition. The manual has been revised as follows: irmc web interface: The irmc Information page allows important settings for displaying the irmc web interface to be made. You can choose between two different color schemes for displaying the irmc web interface in your web browser. Chapter 9 Configuring irmc using the Server Configuration Manager : SCU (Server Configuration Utility) has been renamed Server Configuration Manager. The layout of the user interface has changed slightly. Chapter 10 IPMIVIEW has been removed. In the future, IPMIVIEW will be described in a separate manual. Chapter 11 Firmware update : Additional tools for updating the irmc firmware: ServerView Update Manager Express and ASPs (Autonomous Support Packages) Chapter 12 Remote installation of the operating system via irmc : The description has been updated to cover operating system installation using the ServerView Installation Manager. 28 irmc

Preface Notational conventions 1.6 Notational conventions The meanings of the symbols used in this manual are as follows: V Warning This symbol is used to draw attention to risks which may represent a health hazard or which may lead to data loss or damage to the hardware. I This symbol is used to highlight important information and tips. This symbol indicates an action which you must carry out. Text in italics In running text, commands, menu items, and the names of buttons, options, files and paths are shown in italics. <text> Indicates variables which must be replaced by current values. Monospaced font Output from the system is shown in monospaced font. Monospaced font Bold monospaced font Commands to be entered at the keyboard are shown in bold, monospaced font. [square brackets] Indicate optional entries. {braces} Indicate a list of alternatives separated by. [Keyboard] [symbols] Keys are shown as they appear on the keyboard. If uppercase characters are to be entered explicitly, this is indicated for instance by [SHIFT] - [A] for A. Table 1: Notational conventions If two keys are to be pressed simultaneously, this is indicated by a hyphen between the two keyboard symbols. If reference is made to passages elsewhere in this manual, the title of the chapter or section is named and the page number given refers to the start of the section. irmc 29

2 Logging on to the irmc for the first time The factory default settings of the irmc allow you to log in to the irmc for the first time without the need for any configuration activities. 2.1 Requirements On the remote workstation: Windows: Internet Explorer as of Version 6.x: Linux: Mozilla Firefox 1.5. For console redirection: Sun Java Virtual Machine Version 1.5.0_06 or higher. In your network: You must have a DHCP server in your network. If you want to log in with a symbolic name rather than an IP address at the irmc web interface, the DHCP server in your network must be configured for dynamic DNS. DNS must be configured. Otherwise you must ask for the IP address. irmc 31

irmc factory defaults Logging on to the irmc for the first time 2.2 irmc factory defaults The firmware of the irmc provides a default administrator ID and a default DHCP name for the irmc. Default administrator ID: Administrator ID: admin Password: admin I Both the administrator ID and the password are case-sensitive. For reasons of security, it is recommended that you create a new administrator account once you have logged in, and then delete the default administrator account or at least change the password for the account (see section User Management - Manage users on page 259). Default DHCP name of the irmc The default DHCP name of the irmc uses the following pattern: IRMC<SerialNumber> I The serial number corresponds to the last 3 bytes of the MAC address of the irmc. You can take the MAC address of the irmc from the label on your PRIMERGY server. After you have logged in, the MAC address of the irmc can be found as a read-only entry above the fields on the page Network Interface (see page 236). 32 irmc

Logging on to the irmc for the first time... in the web interface 2.3 Logging into the irmc web interface Open a web browser on the remote workstation and enter the DNS name or IP address of the irmc. I You can take the DNS name of the irmc from the label on your PRIMERGY server. The following login prompt appears: Figure 6: Login prompt for the irmc web interface I If the login prompt does not appear, check the LAN connection (see section Testing the LAN interface on page 41). Type in the data for the default administrator account. User name: admin Password: admin Click OK to confirm your entries. The irmc web interface opens showing the System Information page (see page 186). irmc 33

3 Configuring the irmc The following tools are available for configuring the irmc: BIOS Setup Utility (see page 39) irmc web interface (see page 177) Server Configuration Manager (see page 329) Server Management Tool (IPMIVIEW) This chapter provides you with information about the following topics: Configuring the LAN interface of the irmc using the BIOS Setup program (see page 39). Configuring text console redirection via LAN using the BIOS Setup program (see page 42). Configuring the serial interface of the irmc using the BIOS Setup program (see page 48). Configuring the irmc over the web interface (for an overview, see page 52). Configuring the irmc using the Server Configuration Manager (for an overview, see page 54). irmc 35

LAN interface Configuring the irmc 3.1 Configuring the irmc LAN interface This section describes: Requirements for configuring the LAN interface Configuring the LAN interface in the BIOS Setup program Testing the LAN interface I Spanning Tree tree for the connection of the irmc must be deactivated (e.g. Port Fast=enabled; Fast Forwarding=enabled). 36 irmc

Configuring the irmc LAN interface 3.1.1 Prerequisites Note the following requirements with respect to configuring the IP address: The LAN cable must be connected to the correct port. (see section Connected to the correct LAN port? on page 37). Interaction between the IP addresses of the irmc and the system (see the section Interaction between the IP addresses of the irmc and the system on page 38). 3.1.1.1 Connected to the correct LAN port? The interface for a LAN connection is provided on an onboard LAN controller assigned to the irmc (see also figure 4 on page 25). Depending on the server type, the system board of a PRIMERGY server provides two or three LAN interfaces. The ports marked with a wrench symbol are assigned to the irmc (in figure 7, this is Port 1, for instance). I Check that the LAN cable is connected to the correct port. Depending on the type of PRIMERGY server, different ports may be marked with the wrench symbol. Indicates the port for the irmc. In this case: Port 1 Figure 7: Port for the irmc (indicated by wrench symbol) irmc 37

LAN interface Configuring the irmc 3.1.1.2 Interaction between the IP addresses of the irmc and the system The LAN controller of the PRIMERGY server requires a separate IP address for the irmc in order to ensure that data packets are reliably transferred to the irmc (and not to the operating system). The IP address of the irmc must be different from that of the system (operating system). 3.1.1.3 Access from a different subnet If the remote workstation accesses the irmc of the managed server from a different subnet and DHCP is not used, you must configure the gateway. 3.1.2 Configuring the LAN interface: Configuration tools Depending on the type of the PRIMERGY server, you can configure the irmc s LAN interface in a number of ways: using the BIOS Setup program (see page 39), using the irmc web interface (see section Network Settings - Configure the LAN parameters on page 235), using the Server Configuration Manager (see irmc LAN Interface - Configuring the LAN parameters of the irmc on page 342), using the Server Management Tool (IPMIVIEW). 38 irmc

Configuring the irmc LAN interface 3.1.3 Configuring the LAN interface using the BIOS Setup program Call the BIOS Setup program of the managed server. Press [F2] while the server is booting. Call the Peripheral Configuration menu: Advanced Peripheral Configuration. Figure 8: Peripheral Configuration menu in the BIOS Setup program Configure the following settings: Management LAN Set the value to Enabled. irmc 39

LAN interface Configuring the irmc Call the LAN Settings menu: Advanced IPMI LAN Settings Figure 9: LAN Settings menu in the BIOS Setup program Configure the following settings: DHCP If you enable DHCP, the irmc gets its LAN settings autonomously from a DHCP server on the network. In this case, the values for Local IP Address, Subnet Mask, etc. are set automatically. I Do not activate the DHCP option if no DHCP server is available. If you activate the DHCP option and there is no DHCP server available, the irmc goes into a search loop (i.e. it constantly searches for a DHCP server). You can specify that the DHCP and DNS services are to be used after initial installation, using the irmc web interface, for instance (see sections DHCP Configuration - Configuring the host name for the irmc on page 243 and DNS Configuration - Enable DNS for the irmc on page 245). By default, the following name is passed to the DHCP server on initial installation of the irmc: irmc<last 3 bytes of the MAC address>. 40 irmc

Configuring the irmc LAN interface Local IP Address Enter the IP address you have determined for the irmc of the managed system. Subnet Mask Enter the subnet mask for the network. Gateway Address Specify the IP address of the gateway. Save the settings. If you want to use console redirection on the irmc, continue with section Configuring text console redirection via LAN using the BIOS Setup program on page 42. If you do not want to use text console redirection on the irmc, exit the BIOS and continue with the next section Testing the LAN interface. 3.1.4 Testing the LAN interface You can test the LAN interface as follows: Use a web browser to attempt to log into the irmc web interface. If no login prompt appears, it is probable that the LAN interface is not working. Test the connection to the irmc with a ping command. irmc 41

Console redirection via LAN Configuring the irmc 3.2 Configuring text console redirection via LAN using the BIOS Setup program Text console redirection will be available depending on the configuration of text console redirection and on the operating system of the server either for the duration of the BIOS POST phase only or beyond the BIOS POST phase while the operating system is running. This section describes: Configuration of text console redirection via LAN using the BIOS / TrustedCore Setup Utility Special requirements of the operating system used that you need to take account of if you also want to use console redirection while the operating system is running. I You can also configure text console redirection via LAN using the irmc web interface (see section BIOS Text Console - Configure and start text console redirection on page 277). 42 irmc

Configuring the irmc Console redirection via LAN 3.2.1 Configure text console redirection Call the BIOS Setup program of the managed server. Do this by pressing [F2] while the server is booting. Settings in the Peripheral Configuration menu Call the Peripheral Configuration menu: Advanced Peripheral Configuration Figure 10: Peripheral Configuration menu in the BIOS Setup program Configure the following settings: Serial 1 Set the value to Enabled. Serial 1 Address Accept the first value pair proposed. Serial Multiplexer Set the value to System. irmc 43

Console redirection via LAN Configuring the irmc Settings in the Console Redirection menu Call the Console Redirection menu: Server Console Redirection Configure the following settings: Figure 11: Console Redirection menu in the BIOS Setup program Console Redirection Set the value to Enabled. Port Set the value to Serial 1. Baud Rate Specify the baud rate. Protocol Leave this setting unchanged. (The setting depends on the terminal type used.) Flow Control Leave this setting unchanged. (The setting depends on the terminal type used.) 44 irmc

Configuring the irmc Console redirection via LAN Mode This setting affects the behavior of console redirection while the operating system is running (after the POST phase has completed) - see section Using console redirection while the operating system is running on page 46: Standard Console redirection is terminated after the BIOS POST phase. Enhanced Console redirection continues to be available after the BIOS POST phase. Exiting the BIOS Setup program Save your settings and exit the BIOS Setup program. Continue with section Testing the LAN interface on page 41. irmc 45

Console redirection via LAN Configuring the irmc 3.2.2 Using console redirection while the operating system is running Depending on the operating system used on the managed server, you can continue to use console redirection after the BIOS POST phase. DOS The BIOS setting for console redirection mode must be set as follows (see section Settings in the Console Redirection menu on page 44): BIOS Setup Utility: Mode: Enhanced TrustedCore Setup Utility: Continue C.R. after POST: On Windows Server 2003 Windows Server 2003 handles console redirection automatically after the POST phase. No further settings are necessary. While the operating system is booting, the Windows Server 2003 SAC console is transferred: Figure 12: Windows Server 2003 SAC console Linux You must configure a Linux operating system in such a way that it handles console redirection after the POST phase. Once it has been configured, you have unrestricted access from the remote workstation. 46 irmc

Configuring the irmc Console redirection via LAN Settings required The settings may differ between program versions. SuSe and RedHat Add the following line to the end of the file /etc/inittab: xx:12345:respawn:/sbin/agetty <baud-rate> ttys0 RedHat Insert the following kernel boot parameter in the file /etc/grub.conf: SuSE console=ttys0,<baud-rate> console=tty0 Insert the following kernel boot parameter in the file /boot/grub/menu.lst : console=ttys0,<baud-rate> console=tty0 irmc 47

Serial interface Configuring the irmc 3.3 Configuring and using the serial interface of the irmc The serial interface of the irmc offers you the following possibilities: You can use the terminal application Remote Manager (Serial) over a null modem cable (see section Using the Remote Manager (Serial) interface on page 51). You can forward alerts via modem. You can configure alerting via modem using the web interface of the irmc (see section Serial / Modem Alerting - Configure alerting via modem on page 250). 48 irmc

Configuring the irmc Serial interface 3.3.1 Configuring the serial interface Settings in the BIOS Call the BIOS Setup program of the managed server. Do this by pressing [F2] while the server is booting. Call the Peripheral Configuration menu to configure the serial port: Advanced Peripheral Configuration Figure 13: Peripheral Configuration menu Configure the following settings: Serial 1 Set the value to Enabled. Serial 1 Address Accept the first value pair proposed. Serial Multiplexer Set the value to irmc. irmc 49

Serial interface Configuring the irmc The following values are not shown in the menu and are preset (see page 51, Terminal program (VT100+) ): Bits per second 9600 Data bits 8 Parity None. Stop bits 1 Flow Control None Exiting the BIOS / TrustedCore setup Save your settings and exit the BIOS/TrustedCore Setup utility. Continue with section Testing the LAN interface on page 41. 50 irmc

Configuring the irmc Using the serial interface 3.3.2 Using the Remote Manager (Serial) interface If you connect a computer over a null modem cable and start a terminal program (VT100+) on this computer, you can access the Remote Manager (Serial) terminal program. The Remote Manager (Serial) interface is identical to the Remote Manager interface (see chapter irmc via Telnet/SSH (Remote Manager) on page 303). Prerequisites On the managed server: The Serial Multiplexer BIOS setting must be configured on the irmc (see section Configuring the serial interface on page 49). Terminal program (VT100+): Configure the following port settings for the terminal program: Bits per second Set the value to 9600. Data bits Set the value to 8. Parity Set the value to None. Stop bits Set the value to 1. Flow Control Set the value to None. irmc 51

... over the irmc web interface Configuring the irmc 3.4 Configuring the irmc over the irmc web interface Start the irmc web interface (see section Logging into the irmc web interface on page 178). 3.4.1 Configuring the LAN parameters In the navigation area, click Network Settings (see section Network Settings - Configure the LAN parameters on page 235). Configuring the LAN settings Configure the LAN settings in the page Network Interface. See the section Network Interface - Configure Ethernet settings on the irmc on page 236 for the settings required. Configuring ports and network services Configure the ports and network services in the Ports and Network Services page. See the section Ports and Network Services - Configuring ports and network services on page 239 for the settings required. Configuring DHCP Configure the DHCP settings in the DHCP Configuration page. See the section DHCP Configuration - Configuring the host name for the irmc on page 243 for the settings required. Configuring DNS Configure the DNS settings in the DNS Settings page. See the section DNS Configuration - Enable DNS for the irmc on page 245 for the settings required. 52 irmc

Configuring the irmc... over the irmc web interface 3.4.2 Configuring alerting The pages for configuring alerting are grouped in the navigation area under Alerting (see section Alerting - Configure alerting on page 247). Configuring alert forwarding over SNMP In the navigation area, click SNMP Traps. The SNMP Traps page appears. Configure SNMP trap forwarding. See the section SNMP Trap Alerting - Configure SNMP trap alerting on page 248 for the settings required. Configuring alert forwarding to a mobile phone via modem In the navigation area, click Serial / Modem. The Serial Modem Alerting page appears. Configure alert forwarding via modem. See the section Serial / Modem Alerting - Configure alerting via modem on page 250 for the settings required. Configuring email notification (email alerting) In the navigation area, click Email. The Email Alerting page appears. Configure email alerting. See the section Email Alerting - Configure email alerting on page 252 for the settings required. 3.4.3 Configuring text console redirection Configure text console redirection in the window BIOS Text Console. See the section BIOS Text Console - Configure and start text console redirection on page 277 for the settings required. irmc 53

... using the Server Configuration Manager Configuring the irmc 3.5 Configuring irmc using the Server Configuration Manager Start the Server Configuration Manager (see chapter Configuring irmc using the Server Configuration Manager on page 329). 3.5.1 Configuring the LAN parameters Configuring the LAN settings Configure the LAN settings in the irmc LAN Interface dialog box. See the section irmc LAN Interface - Configuring the LAN parameters of the irmc on page 342 for the settings required. Configuring ports and network services Configure the ports and network services in the irmc Networking Ports dialog box. See the section irmc Networking Ports - Configuring ports and network services on page 345 for the settings required. Configuring DHCP/DNS (dynamic DNS) Configure the DHCP settings in the irmc DNS Registration dialog box. See the section irmc DNS Registration - Configuring the host name for the irmc on page 347 for the settings required. Configuring DNS Configure the DNS settings in the irmc DNS Server dialog box. See the section irmc DNS Server - Activating DNS for the irmc on page 349 for the settings required. 54 irmc

Configuring the irmc... using the Server Configuration Manager 3.5.2 Configuring alerting Configuring alert forwarding over SNMP Configure SNMP trap forwarding in the irmc SNMP Alerting dialog box. See the section irmc SNMP Alerting - Configuring SNMP alerting on page 356 for the settings required. Configuring email notification (email alerting) Configure the global email settings in the irmc EMail Alerting dialog box. See the section irmc EMail Alerting - Configuring email forwarding on page 351 for the settings required. Configure the user-specific email settings in the irmc EMail Format Settings dialog box. See the section irmc Mail Format Settings - Mail-formatdependent settings on page 354 for the settings required. irmc 55

4 User management for the irmc User management for the irmc uses two different types of user identifications: Local user identifications are stored locally in the irmc s non-volatile storage and are managed via the irmc user interfaces. Global user identifications are stored in the central data store of a directory service and are managed via this directory service s interfaces. The following directory services are currently supported for global irmc user management: Microsoft Active Directory Novell edirectory OpenLDAP This chapter provides information on the following topics: User management concept for the irmc User permissions Local user management on the irmc global user management using the individual directory services irmc 57

Concept User management on the irmc 4.1 User management concept for the irmc User management for the irmc permits the parallel administration of local and global user identifications. When validating the authentication data (user name, password) which users enter when logging in to one of the irmc interfaces, irmc proceeds as follows (see also figure 14 on page 59): 1. The irmc compares the user name and password with the locally stored user identifications: If the user is authenticated successfully (user name and password are valid) then the user can log in. Otherwise, the irmc continues the verification with step 2. 2. The irmc authenticates itself at the directory service via LDAP with a user name and password, determines the user rights by means of an LDAP query and checks whether the user is authorized to work with these at the irmc. 58 irmc

User management on the irmc Concept irmc web interface Login SSH Login Telnet Login Serial interface Login SSL SSH User name, password SSL SSH irmc local user identifications SSL User name, password SSL LDAP login directory service global user identifications Figure 14: Login authentication via the irmc I Although optional, the use of SSL for the LDAP connection between the irmc and directory service is recommended. An SSL-secured LDAP connection between irmc and the directory service guarantees secure data exchange, and in particular the secure transfer of the user name and password data. SSL login via the irmc web interface is only required if LDAP is active (LDAP enable option, see page 270). irmc 59

User permissions User management on the irmc 4.2 User permissions The irmc distinguishes between two mutually complementary types of user permissions: Channel-specific privileges (via assignment to channel-specific permission groups) Permissions to use special irmc functions I The privileges and permissions required for the use of the individual irmc functions are described for the irmc- web interface, on page 180, for the Remote Manager, on page 312, Channel-specific privileges (channel-specific permission groups) The irmc assigns each user identification to one of the following four channelspecific permission groups: User Operator Administrator OEM Since irmc assigns these permissions on a channel-specific basis, users can have different permissions, depending on whether they access the irmc over the LAN interface or the serial interface. The scope of permissions granted increases from User (lowest permission level) through Operator and Administrator up to OEM (highest permission level). I The permission groups correspond to the IPMI privilege level. Certain permissions (e.g. for Power Management) are associated with these groups or privilege levels. 60 irmc

User management on the irmc User permissions Permissions to use special irmc functions In addition to the channel-specific permissions, you can also individually assign users the following permissions: Configure User Accounts Permission to configure local user identifications Configure irmc Settings Permission to configure the irmc settings. Video Redirection Enabled Permission to use Advanced Video Redirection (AVR) in View Only and Full Control mode Remote Storage Enabled Permission to use the Remote Storage functionality Preconfigured user ID The firmware of the irmc provides a default administrator ID for the irmc which possesses all permissions: Administrator ID: admin Password: admin I Both the administrator ID and the password are case-sensitive in the case of local users. It is urgently recommended that you create a new administrator account as soon as possible once you have logged in, and then delete the default administrator account or at least change the password for the account (see section User Management - Manage users on page 259). irmc 61

... locally via the web interface User management on the irmc 4.3 Local user management for the irmc The irmc possesses its own local user management. Up to 16 users to be configured with passwords and be assigned various rights depending on the user groups they belong to. The user identifications are stored in the irmc s local, non-volatile storage. User management can be performed manually or using scripts (with IPMIView). The following options are available for user management on the irmc: User management via the web interface User management via the Server Configuration Manager User management using the Server Management Tool (IPMIVIEW) 4.3.1 Local user management using the irmc web interface I User management on the irmc requires Configure User Accounts permission. You can view a list of configured users under the web interface. You can also configure new users, change the configuration of existing users and remove users from the list. Start the irmc web interface (see section Logging into the irmc web interface on page 178). Showing the list of configured users In the navigation area, click the irmc User function. The User Management page opens containing a list of configured users (see page 260). Here, you can delete users and call the page for configuring new users. This page is described in section User Management - Manage users on page 259. 62 irmc

User management on the irmc... locally via the web interface Configuring new users On the User Management page, click the New User button. The New User Configuration page opens. This page allows you to specify the basic settings for the new user. This page is described in section New User Configuration - Configuring a new user on page 261. Modifying the configuration of a user On the User Management page, click the name of the user whose configuration parameters you want to change. The User <name> Configuration page opens showing the settings for the selected user. Here, you can modify the configuration parameters for the new user. This page is described in section User <name> Configuration - User configuration (details) on page 262. Deleting users On the User Management page, click on the Delete button in the same line as the user to be deleted. irmc 63

... locally via the Server Configuration ManagerUser management on the ir 4.3.2 Local user management via the Server Configuration Manager I Prerequisite: The current ServerView agents must be installed on the managed server. I User management on the irmc requires Configure User Accounts permission. You can view a list of configured users under Server Configuration Manager. You can also configure new users, change the configuration of existing users and remove users from the list. Start the Server Configuration Manager (see chapter Configuring irmc using the Server Configuration Manager on page 329). Showing the list of configured users Choose the irmc User Management dialog box. The dialog box contains a list of all the configured users (see page 357). Here you can delete users and call the Edit existing user window showing the settings for the selected user. This window is described on page 358. Configuring new users In the irmc User Management dialog box, select a line below the displayed user in which only the user ID is shown. Click the Modify... button or double-click the selected line. The Edit existing user window opens. Make the settings for the new user in the Edit existing user window. Confirm your settings by clicking OK. 64 irmc

User management on the irmc... locally via the Server Configuration Mana Modifying the configuration of a user Select a user in the irmc User Management dialog box. Click the Modify... button or double-click the selected user. The Edit existing user window opens showing the configured settings for this user. Modify the settings for the user in the Edit existing user window. Confirm your settings by clicking OK. Deleting users Select a user in the irmc User Management dialog box. Click the Delete button to delete the user. irmc 65

... globally via a directory service User management on the irmc 4.4 Global user management for the irmc The global user IDs for the irmc are managed centrally using an LDAP directory service. The following directory services are currently supported for irmc user management: Microsoft Active Directory Novell edirectory OpenLDAP This section provides you with information about the following topics: Overview of global user management for the irmc Concept of global user management for the irmc using an LDAP directory service Configuring global irmc user management in the directory service (generating the irmcgroups structure in the directory service). Global irmc user management via Microsoft Active Directory Global irmc user management via Novell edirectory Global irmc user management via OpenLDAP I Alongside the measures described in this section which you perform in the directory service, global user management also requires you to configure the local LDAP settings at the irmc. You may configure the local LDAP settings either at the irmc web interface (see page page 269), using the Server Configuration Manager (see page page 362) or using the Server Management Tool (IPMIVIew). 66 irmc

User management on the irmc... globally via a directory service 4.4.1 Overview The global user IDs for the irmc are stored centrally in the directory service's directory. This makes it possible to manage the user identifications on a central server. They can therefore be used by all the irmcs that are connected to this server in the network. Furthermore, using a directory service for the irmc makes it possible to use the same user identifications for logins at the irmcs as are used for the operating system of the managed servers. I Global user management is currently not supported for the following irmc functions: Login via IPMI-over-LAN Alerting Text console redirection using SOL irmc 1 Login Authentication irmc 2... Login Authentication directory service Global user identifications irmc n Login Authentication Figure 15: Shared use of the global user identifications by multiple irmcs Communications between the individual irmcs and the central directory service is performed via the TCP/IP protocol LDAP (Lightweight Directory Access Protocol). LDAP makes it possible to access the directory services which are most frequently used and most suitable for user management. Optionally, communication via LDAP can be secured by SSL. irmc 67

... globally via a directory service User management on the irmc 4.4.2 irmc user management via an LDAP directory service (concept) I The concept of directory service-based, global irmc user management described below applies equally to the directory services Microsoft Active Directory, Novell edirectory and OpenLDAP. The figures are based on the example of the Active Directory Users and Computers console in the Microsoft Active Directory user interface. I The following characters are reserved as metacharacters for search strings in LDAP: &,,!, =, <, >, ~, : You must therefore not use these characters as components of Relative Distinguished Names (RDN). 4.4.2.1 Global user management via the OU "irmcgroups" Global irmc user management via an LDAP directory service requires no extension to the standard directory service schema. Instead, all the information that is relevant for the irmc, including the privileges, is provided via additional LDAP groups and organizational units (OU) which are combined in a separate OU irmcgroups which is located in the LDAP directory server's base domain (see figure 16). Figure 16: The OU irmcgroups in the base domain fwlab.firm.net 68 irmc

User management on the irmc... globally via a directory service irmc users obtain their privileges by virtue of being members of a group in the OU irmcgroups. I The user entries for the irmc may be located at any point below the base domain which contains the OU irmcgroups. irmcgroups itself contains the OUs Departments and Shell: Departments contains the groups for the user privileges. Shell contains the groups for the user shells. In the case of Microsoft Active Directory, for example, the entries for the irmc users are located in the standard OU Users. Unlike the standard users, however, irmc users are also members of one or more groups of the OU irmcgroups. 4.4.2.2 Cross-server, global user permissions In large enterprises, the servers which are managed via irmc are usually assigned to different departments. Furthermore, the administrator permissions for the managed servers are also often assigned on a department-specific basis. Departments are combined in the OU Departments The OU Departments combines the servers which are managed by irmc to form a number of groups. These correspond to the departments in which the same user IDs and permissions apply. In figure 17 on page 70, for example, these are the departments DeptX, DeptY and Others. The entry Others is optional, but recommended. Others is a predefined department name subsuming all the servers which do not belong to another department. There are no restrictions concerning the number of departments (OUs) listed under Departments. I When configuring the directory service at the irmc via the irmc web interface (see page 269), via the Server Configuration Manager (see page 362) or via the Server Management Tool (IPMIVIEW) (see ), you specify the name of the department to which the managed server with the relevant irmc belongs. If there is no department of this name in the LDAP directory then the permissions present in the Others department are used. figure 17 presents an example of this type of organizational structure on the basis of Active Directory Users and Computers. irmc 69

... globally via a directory service User management on the irmc Figure 17: Organizational structure of the domain fwlab.firm.net Permission profiles are defined via permission groups The associated permission groups (security groups) are located directly below each department. There are no restrictions concerning the number of permission groups. The names of the permission groups can be chosen as required subject to certain syntactic requirements imposed by the employed directory service. Every permission group defines a specific permission profile which applies to all the users who belong to the relevant permission group. V CAUTION! Make sure that no user simultaneously belongs to more than one permission group in one and the same department. (If a user belongs to more than one permission group in the same department then the first result returned by an LDAP query always apples.) I The permission groups in global irmc user management also include the channel-specific permission groups (see page 60). For detailed information on the individual user permissions, see section User permissions on page 60. 70 irmc

User management on the irmc... globally via a directory service If, for example, you click a department (e.g. DeptX) (1) in the hierarchy tree in Active Directory Users and Computers (see figure 18) then the permission groups (security groups) defined for this department are listed in the display area (here: DeptX). You can click on one of the displayed security groups (2) to open the Properties dialog box for this security group (here: Maintenance). The associated permission is listed under Notes: using the following syntax: LAN: OEM Administrator Operator User None Serial: OEM Administrator Operator User None UserAccounts: On Off irmcsettings: On Off Video Redirection: On Off Remote Storage: On Off (2) (1) Figure 18: Properties dialog box for the Maintenance security group irmc 71

... globally via a directory service User management on the irmc 4.4.2.3 Settings for the preferred shell In the LDAP server, you can specify not only the user permissions but also the preferred shell for a user. Unlike when you assign permissions, the definition of the preferred shell is purely user-specific and not department-dependent. Figure 19: Defining the preferred shell The following groups can be selected: IPMIbasicMode IPMIterminalMode None RemoteManager (see page 303). SmaschCLP (see page 323). I A user should only belong to a single shell group. Any user who belongs to multiple shell groups is automatically assigned to the group with the highest priority among these groups. The sequence of priorities follows the above list (with priority descending from top to bottom). Any user who does not belong to a shell group is assigned by default to the Remote Manager group 72 irmc

User management on the irmc... globally via a directory service 4.4.3 Generating the "irmcgroups" structure in the LDAP directory service Before you can handle global irmc user management via a directory service, it is necessary to generate the structure (OU) irmcgroups in the directory service. To do this, proceed as follows: 1. Create the LDIF (Lightweight Directory Interchange Format) file which contains the irmc-specific structures for integration in the directory service. 2. Import the LDIF file into the directory service. 4.4.3.1 Creating the LDIF file You create the LDIF file (.ldif) from a configuration file (.txt) using the tool irmcldifcreate. I The tool irmcldifcreate is located in the firmware package on the ServerStart Update DVD. I irmcldifcreate generates all the required subtrees including all the groups but not the relations between users and groups. You create and assign user entries to groups by means of the corresponding tools in the employed directory service after generating the OU irmcgroups in the directory service and configuring irmc LDAP access to the directory service. Proceed as follows to create the LDIF file: Create the configuration file (.txt) as the input file for the tool irmcldifcreate. This text file contains the structure information for the structure irmcgroups in readable form. I The syntax of the configuration file is described in the example configuration file which is supplied together with the program irmcldifcreate. For an example of a configuration file, see page 74. irmc 73

... globally via a directory service User management on the irmc Example: Configuration file Below is an example of a configuration file: 74 irmc

User management on the irmc... globally via a directory service In the Windows prompt window, use the following syntax to call the tool irmcldifcreate: irmcldifcreate [-v] [-h] [-d <display_level>] [-c <cfg_file>] [-o <out_file>] [-l <log_file>] -v Display the current program version. -h Display the current utilization of the program. -d <display_level> Display level; controls the scope of program display at the text console and in the log file. A distinction is made between the following display levels: 0: Only errors and status messages are displayed. 1: In addition to the level 0 display, OUs and group names are also displayed. 2: In addition to the level 1 display, attribute values are also displayed. Default: 1 -c <cfg_file> Name of the configuration file Default: irmcldifconfig.txt -o <out_file> Name of the LDIF file Default: irmcdirserviceinit.ldif -l <log_file> none Name of the irmcldifcreate log file. none: No log file is written. Default: irmcldifcreatelog.txt I Alternatively, you can also call the tool irmcldifcreate from the Windows Explorer by double-clicking on the file irmcldifcreate.exe. In this case, default values are used. Example The following call generates the LDIF file ctrl.ldif from the configuration file config_ldif.txt: irmcldifcreate -c config_ldif.txt -o ctrl.ldif irmc 75

... globally via a directory service User management on the irmc 4.4.3.2 Importing the LDIF file into the directory service Various tools are available for importing an LDIF file depending on the directory service you are using. Recommended tools include: Active Directory: LDAP Browser\Editor For a more detailed description, see Importing the LDIF file into Microsoft Active Directory. on page 77. edirectory: imanager - edir maintenance with ICE (Import Convert Export wizard) For a more detailed description, see Importing the LDIF file into Novell edirectory on page 111. OpenLDAP: ldapadd (management tools) For a more detailed description, see Importing the LDIF file into OpenLDAP. on page 126. 76 irmc

User management on the irmc... globally via Active Directory 4.4.4 irmc user management via Microsoft Active Directory This section describes how you integrate irmc user management in Microsoft Active Directory. I Prerequisite: The LDIF file must have been created (see section Generating the "irmcgroups" structure in the LDAP directory service on page 73). You must perform the following steps to integrate irmc user management in Microsoft Active Directory: 1. Import the LDIF file into Active Directory. 2. Assign irmc users to irmc user groups in Active Directory. 3. Configuring irmc LDAP/SSL access at the Active Directory server 4.4.4.1 Importing the LDIF file into Microsoft Active Directory. Among other things, you can use the following tools to import the LDIF file into Active Directory: Command line tool ldifde published by Microsoft. LDAP Administrator program published by Softerra (professional tool, license required). LDAP Browser\Editor with LDIF import functionality (by Jarek Gawor). Below, only Microsoft s command line tool ldifde and the Open LDAP Browser\Editor from Jarek Gawor are described since they do not result in any additional costs. irmc 77

... globally via Active Directory User management on the irmc The Microsoft command line tool ldifde ldifde is a Microsoft tool which is called in the Windows prompt window and which runs under Windows Server 2003 and Windows XP Professional. The syntax for ldifde is as follows: ldifde [-i] [-f <file-name>] [-s <server-name>] [-c <string1> <string2>] [-v] [-j <path>] [-t <port-number>] [-d <basedn>] [-r <LDAPfilter>] [-p <range>] [-l <LDAPattribute-list>] [-o <LDAPattribute-list>] [-g] [-m] [-n] [-k] [-a <userdn> <password>] [-b <user-name> <domain> <password>] [-?] A description of the operands can be found in Microsoft s online documentation. To update a user entry from the remote workstation, call ldifde as follows: ldifde -i -f <ldif filename> -s <servername> -b <username> <domain> <password> -j <directory for log file> -k Example ldifde -i -f irmcdirserviceinit.ldif -s domino.fwlab.firm.net -b Administrator fwlab.firm.net my_password -j. -k 78 irmc

User management on the irmc... globally via Active Directory LDAP Browser\Editor published by Jarek Gawor The LDAP Browser\Editor published by Jarek Gawor is easy to use via a graphical user interface. The tool can be downloaded from: http://www-unix.mcs.anl.gov/~gawor/ldap/ Proceed as follows to install the LDAP Browser\Editor: Unpack the Zip archive Browser281.zip to an installation directory of your choice. Set the environment variable JAVA_HOME to the installation directory for the JAVA runtime environment, e.g.: JAVA_HOME=C:\Program Files\Jave\jdk1.5.0_06 Proceed as follows to import the LDIF file into Active Directory: Open the Open LDAP Browser\Editor. Figure 20: Open LDAP Browser\Editor Choose File - Connect - Session List - New The Edit Session dialog box opens (see figure 21 on page 80). irmc 79

... globally via Active Directory User management on the irmc Figure 21: Open LDAP Browser\Editor - Edit Session Host: Port: The DNS name or IP address of the domain controller Port number 389 for data exchange via LDAP Version: Version number (choose 2 or 3.) Base DN: Fully qualified domain name presented as an LDAP DN name. Alternatively, click the Fetch DNs. button. Fetch DNs You can click on the Fetch DNs button to display a list of DN names. This contains the fully qualified domain name (presented as an LDAP DN name) together with other information. User DN: User s login name extended by @ and the full domain path name. Click Save. The Open LDAP Browser/Editor displays the following window (see figure 22 on page 81): 80 irmc

User management on the irmc... globally via Active Directory Figure 22: Selecting the top-level DN Highlight the top-level DN. irmc 81

... globally via Active Directory User management on the irmc In the menu bar, choose LDIF - Import. The LDIF Import dialog box opens: Figure 23: Starting the import of the LDIF file LDIF File: LDIF file previously created using the tool irmcldifcreate. Import method Choose the Update/Add method to extend and/or modify the irmcgroups tree. Click the Import button to start importing the LDIF file into the Active Directory. 82 irmc

User management on the irmc... globally via Active Directory 4.4.4.2 Configuring irmc LDAP/SSL access at the Active Directory server I The irmc-ldap integration uses the SSL implementation developed by Eric Young on the basis of the OpenSSL Project. A reproduction of the SSL copyright can be found on page 131. An RSA certificate is required before irmc can use LDAP via SSL. The following steps are involved in configuring LDAP access: 1. Install an Enterprise CA 2. Generate an RSA certificate for the domain controller. 3. Install the RSA certificate on the server Installing the Enterprise CA I A CA is a certification authority for certificates. An Enterprise CA (certification authority for enterprises) can be installed on the domain controller itself or on another server. Installation directly on the CA is simpler since fewer steps are required than when installing on another server. Below is a description of how to install the Enteprise CA on a server other than the domain controller. I To install and configure Enterprise CA successfully, you require an Active Directory environment and an installed IIS (Internet Information Services). Proceed as follows to install an Enterprise CA: In the Windows start menu, choose: Start - Control Panel - Software - Add/Remove Windows Components In the wizard for Windows components, choose Certificate Services under Components. Double-click on Certificate Services and make sure that the Certificate Services Web Enrollment Support and Certificate Services CA options are selected. Choose Enterprise root CA. Select the option Use custom settings to generate the key pair and CA certificate. irmc 83

... globally via Active Directory User management on the irmc Select Microsoft Base DSS Cryptographic Provider to create DSA certificates of length 1024 bytes. Export the public certification authority certificate (CA Certificate). To do this, proceed as follows: Enter mmc in the Windows prompt window to start the Management Console. Add the snap-in for local computer certificates. Navigate to Certificates (Local Computer) - Trusted Root Certification Authorities - Certificates and double-click. Double-click on the certificate from the newly created certification authority. Click on the Details tab in the certificate window. Click on Copy to File. Choose a file name for the certification authority certificate and click on Finish. Load the public certification authority certificate to the certificate directory Trusted Root Certification Authorities on the domain controller. To do this, proceed as follows: Transfer the file containing the certification authority certificate to the domain controller. In Windows Explorer, open the certificate from the newly created certification authority. Click on Install Certificate. Under Place all certificates in the following store click on Browse and choose Trusted Root Certification Authorities. Enter mmc in the Windows prompt window to start the Management Console. Add the snap-in for local computer certificates. Add the snap-in for the current user s certificates. Copy the certification authority certificate (CA Certificate) from the current user s Trusted Root Certification Authorities directory to the local computer's Trusted Root Certification Authorities. 84 irmc

User management on the irmc... globally via Active Directory Generating a domain controller certificate Proceed as follows to create an RSA certificate for the domain controller: Create a file named request.inf with the following content: [Version] Signature="$Windows NT$" [NewRequest] Subject = "CN=<full path of domain controller host>" KeySpec = 1 KeyLength = 1024 Exportable = TRUE MachineKeySet = TRUE SMIME = FALSE PrivateKeyArchive = FALSE UserProtected = FALSE UseExistingKeySet = FALSE ProviderName = "Microsoft RSA SChannel Cryptographic Provider" ProviderType = 12 RequestType = PKCS10 KeyUsage = 0xa0 [EnhancedKeyUsageExtension] OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication In the file request.inf, adapt the specification under Subject= to the name of the employed domain controller, e.g. Subject = CN=domino.fwlab.firm.net. Enter the following command in the Windows prompt window: certreq -new request.inf request.req Enter the following URL in the certification authority browser: http://localhost/certsrv Click on Request a Certificate. Click on advanced certificate request. Click on Submit a certificate request. Copy the content of the file request.req to the Saved Request window. Select the Web Server certificate template. Download the certificate and save it (e.g. in the file request.cer). irmc 85

... globally via Active Directory User management on the irmc Enter the following command in the Windows prompt window: certreq -accept request.cer Export the certificate with the private key. To do this, proceed as follows: Enter mmc in the Windows prompt window to start the Management Console. Add the snap-in for local computer certificates. Navigate to Certificates (Local Computer) - Personal Certificates - Certificates. Double-click on the new server certification authentication certificate. Click on the Details tab in the certificate window. Click on Copy to File. Select Yes, export the private key. Assign a password. Choose a file name for the certificate and click on Finish. 86 irmc

User management on the irmc... globally via Active Directory Installing the domain controller certificate on the server Proceed as follows to install the domain controller certificate on the server: Copy the domain controller certificate file that has just been created to the domain controller. Double-click on the domain controller certificate. Click on Install Certificate. Use the password which you assigned when exporting the certificate. Under Place all certificates in the following store click on Browse and choose Personal Certificates. Enter mmc in the Windows prompt window to start the Management Console. Add the snap-in for local computer certificates. Add the snap-in for the current user s certificates. Copy the domain controller certificate from the current user s Personal Certificates directory to the local computer's Personal Certificates directory. irmc 87

... globally via Active Directory User management on the irmc 4.4.4.3 Assigning irmc users to the OU "irmcgroups" You can assign irmc users to irmc groups in the OU irmcgroups either on the basis of the user entry, or on the basis of the group entry I The description below indicates the assignment on the basis of the group entry. The assignment procedure on the basis of the user entry is very similar. I The users must be entered in the groups manually in Active Directory. Proceed as follows: Open the snap-in Active Directory Users and Computers. Figure 24: Active Directory Users and Computers snap-in Double-click in the group (here: Administrator). The Administrator Properties dialog box opens (see figure 25 on page 89): 88 irmc

User management on the irmc... globally via Active Directory Figure 25: Administrator Properties dialog box Select the Members tab. Click on the Add... button. The Select Users, Contacts, or Computers dialog box opens (see figure 26 on page 90). irmc 89

... globally via Active Directory User management on the irmc Figure 26: Select Users, Contacts, or Computers dialog box Click on the Locations... button. The Locations dialog box opens. Figure 27: Locations dialog box Select the container (OU) containing your users. (By default, this is the OU Users.). Click OK to confirm. The Select Users, Contacts, or Computers dialog box opens (see figure 28 on page 91). I Users may also be entered at a different location in the directory. 90 irmc

User management on the irmc... globally via Active Directory Figure 28: Select Users, Contacts, or Computers dialog box Click on the Advanced... button. The Select Users, Contacts, or Computers extended dialog box opens (see figure 29 on page 92). irmc 91

... globally via Active Directory User management on the irmc Figure 29: Select Users, Contacts, or Computers dialog box - searching Click the Find Now button to display all the users in your domain. Under Search results: in the display area you can now view the search result (see figure 30 on page 93). 92 irmc

User management on the irmc... globally via Active Directory Figure 30: Select Users, Contacts, or Computers dialog box - displaying the search results Select the users who are to be added to the group and click OK to confirm. The selected users are now displayed (see figure 31 on page 94). irmc 93

... globally via Active Directory User management on the irmc Figure 31: Select Users, Contacts, or Computers dialog box - confirming the search results Confirm by clicking OK. 94 irmc

User management on the irmc... globally via Novell edirectory 4.4.5 irmc user management via Novell edirectory This section provides you with information about the following topics: The Novell edirectory system components and system requirements Installing Novell edirectory Configuring Novell edirectory Integrating irmc user management in Novell edirectory Tips on administering Novell edirectory. I The installation and configuration of Novell edirectory are described in detail below. No extensive edirectory knowledge is required. If you are already familiar with Novell edirectory, you can skip the next three sections and continue with section Integrating irmc user management in Novell edirectory on page 109. 4.4.5.1 Software components and system requirements I Use the specified version or a more recent version of the components listed below. Novell edirectory (formerly NDS) consists of the following software components: edirectory 8.8: 20060526_0800_Linux_88-SP1_FINAL.tar.gz edirectory 8.8: edir_88_iman26_plugins.npm imanager: iman_26_linux_64.tgz for SuSE, iman_26_linux_32.tgz otherwise ConsoleOne: c1_136f-linux.tar.gz The following system requirements must be fulfilled in order to install and operate Novell edirectory: OpenSSL must be installed. I If OpenSSL is not already installed: 512 MB free RAM Install OpenSSL, before starting the Novell edirectory installation. irmc 95

... globally via Novell edirectory User management on the irmc 4.4.5.2 Installing Novell edirectory To install Novell edirectory, it is necessary to install the following components: edirectory Server and administrations utilities imanager (administrations utility) ConsoleOne (administrations utility) I Prerequisites for the installation of Novell edirectory: A Linux server operating system must be fully installed and running. The firewall must be configured for connections to the following ports: 8080, 8443, 9009, 81, 389, 636. For OpenSuSE, you configure this in the file /etc/sysconfig/susefirewall2: Add the entry FW_SERVICES_EXT_TCP to the file /etc/sysconfig/susefirewall2 as follows: FW_SERVICES_EXT_TCP="8080 8443 9009 81 389 636" In accordance with the edirectory Installation Guide, the system must be set up for multicast routing. For SuSE Linux, proceed as follows: Create or (if it already exists) open the file /etc/sysconfig/network/ifroute-eth0. Add the following line to /etc/sysconfig/network/ifroute-eth0: 224.0.0.0 0.0.0.0 240.0.0.0 eth0 This adapts eth0 to the system configuration. 96 irmc

User management on the irmc... globally via Novell edirectory I Prerequisites for the installation of the edirectory Server, the edirectory utilities, the imanager and ConsoleOne: The root permission is required in order to perform installation. All the files required for the installation must have been copied to a directory (e.g. /home/edirectory) before you can use the procedure below to perform installation. These files are as follows: 20060526_0800_Linux_88-SP1_FINAL.tar.gz iman_26_linux_64.tgz c1_136f-linux.tar.gz Installing the edirectory Server and administration utilities Proceed as follows: Log in with root permission (superuser). Switch to the directory containing the files required for installation (in our example: /home/edirectory): cd /home/edirectory Extract the archive 20060526_0800_Linux_88-SP1_FINAL.tar.gz: tar -xzvf 20060526_0800_Linux_88-SP1_FINAL.tar.gz After extraction, /home/edirectory has a new subdirectory named edirectory. Installing edirectory Server Go to the setup subdirectory of this edirectory directory: cd edirectory/setup Call the installation script./nds-install :./nds-install Accept the EULA with "y" and confirm with the [Enter] key. If you are asked which program you want to install: Enter "1" to install the Novell edirectory server and press the [Enter] key to confirm. The edirectory packages are then installed. irmc 97

... globally via Novell edirectory User management on the irmc After installation of the Novell edirectory Server, you must update the names for the paths to the edirectory in a number of environment variables and export these variables. To do this, open your configuration file (in the example: /etc/bash.bashrc) and enter the following lines in the specified sequence ahead of "# End of...": export PATH/opt/novell/eDirectory/bin:/opt/novell/eDirectory/ sbin:$path export LD_LIBRARY_PATH=/opt/novell/eDirectory/lib:/ opt/novell/edirectory/lib/nds-modules:/opt/novell/ lib:$ld_library_path export MANPATH=/opt/novell/man:/opt/novell/eDirectory/ man:$manpath export TEXTDOMAINDIR=/opt/novell/eDirectory/share/ locale:$textdomaindir Close the terminal and open a new terminal in order to export the environment variables. Installing the edirectory administration utilities Go to the setup subdirectory of the edirectory directory: cd edirectory/setup Call the installation script:./nds-install Accept the EULA with "y" and confirm with the [Enter] key. If you are asked which program you want to install: Enter "2" to install the Novell edirectory administration utilities and press the [Enter] key to confirm. The edirectory administration utilities are then installed. 98 irmc

User management on the irmc... globally via Novell edirectory Installing and calling imanager I imanager is the recommended tool for installing Novell edirectory. Whether installing in SLES10 or in OpenSuSE, you use the archive *_64.tgz. Proceed as follows: Log in with root permission (superuser). Go to the directory /home/edirectory: cd /home/edirectory Extract the archive iman_26_linux_64.tgz: tar -xzvf iman_26_linux_64.tgz After extraction, /home/edirectory has a new subdirectory named imanager. Go to the installs subdirectory of imanager: cd imanager/installs/linux Call the installation script:./imanagerinstalllinux.bin Select the language for the output of installation messages. Click through and accept the EULA. Select 1- Novell imanager 2.6, Tomcat, JVM for imanager installation. Select 1- Yes for plug-in download. Press [Enter] to use the default path for the download. The installation program searches the internet for downloads. This can take a few minutes. You are then asked to select the plug-ins that you want to install. Select All to download all the plug-ins. Select 1- Yes to install the locally available plug-ins. Press [Enter] to use the default path for installation. Select 2- No for automatic Apache configuration (optional). Accept the default port (8080) for Tomcat. Accept the default SSL port (8443) for Tomcat. irmc 99

... globally via Novell edirectory User management on the irmc Accept the default JK connector port (9009) for Tomcat. Enter the administration user ID (e.g. root.firm ) for the user with the appropriate administration permissions. Enter the tree name (e.g. fwlab ) for the user with the appropriate administration permissions. Accept the summary of your entries which is displayed with 1-OK... in order to terminate installation. Logging in to Novell imanager After installation, you can use the following URL to log in at imanager via a web browser. https://<ip address of the edirectory server>:8443/nps I Novell recommends that you use Microsoft Internet Explorer or Mozilla Firefox as your web browser. In Mozilla Firefox, it is possible that not all the context menu's pop-up windows will be displayed. 100 irmc

User management on the irmc... globally via Novell edirectory Installing and starting ConsoleOne ConsoleOne is another administration tool for Novell edirectory. Proceed as follows to install ConsoleOne: Log in with root permission (superuser) at edirectory Server. Go to the directory /home/edirectory: cd /home/edirectory Extract the ConsoleOne archive c1_136f-linux.tar.gz: tar -xzvf c1_136f-linux.tar.gz After extraction, /home/edirectory has a new subdirectory named Linux. Go to the directory Linux: cd Linux Call the installation script c1-install:./c1-install Select the language for the output of installation messages. Enter 8 to install all the snap-ins. ConsoleOne needs the path to an installed Java runtime environment. You can export the corresponding path name to the environment variable C1_JRE_HOME. However, the system-wide export of the path name requires modifications in the bash profile. I Since root permission is required in order to work with ConsoleOne, it is, in principle, sufficient to export the ID superuser Root. However, the system-wide export of the path name is presented below. This means that normal users can also work with ConsoleOne if they have root permission. irmc 101

... globally via Novell edirectory User management on the irmc Proceed as follows: Open the configuration file for editing (in the example: /etc/bash.bashrc) Enter the following line in the configuration file in front of # End of... : export C1_JRE_HOME=/opt/novell/j2sdk1.4.2_05/jre I The java runtime environment installed together with edirectory is used here. However, you can also specify the path name of any other Java runtime environment installed on the edirectory Server. ConsoleOne obtains the available tree hierarchies either via the local configuration file hosts.nds or via the SLP service and multicast. Proceed as follows to insert your tree hierarchy in the configuration file: Go to the configuration directory: cd /etc Generate the file hosts.nds if it does not yet exist. Open the file hosts.nds and insert the following lines: #Syntax: TREENAME.FQDN:PORT MY_Tree.mycomputer.mydomain:81 Starting ConsoleOne You start ConsoleOne in the system prompt using the following command: /usr/consoleone/bin/consoleone 102 irmc

User management on the irmc... globally via Novell edirectory 4.4.5.3 Configuring Novell edirectory Perform the following steps to configure Novell edirectory: 1. Create an NDS tree 2. Configure edirectory for LDAP. 3. Test edirectory access via LDAP Browser. Creating an NDS tree Create an NDS (Network Directory Service) tree using the utility ndsmanage. ndsmanage requires the following information to do this: TREE NAME Unique name in the network for the new NDS tree, e.g. MY_TREE. Server Name Name of an instance of server class in edirectory. For Server Name, you specify the name of the PRIMERGY server on which the LDAP server is running, for example. lin36-root-0. Server Context Fully distinguished name of the container which contains the server object, e.g. dc=organization.dc=mycompany. Admin User Fully distinguished name of the user with permission to perform administration, e.g. cn=admin.dc=organization.dc=mycompany NCP Port Specify port 81. Instance Location Specify the path: /home/root/instance0 Configuration File Specify the following file: /home/root /instance0/ndsconf Password for admin user Enter the administrator password here. irmc 103

... globally via Novell edirectory User management on the irmc Proceed as follows to configure the NDS tree: Open a command box. Go to the directory /home/edirectory. Start the utility ndsmanage by entering the command ndsmanage: ndsmanage Enter "c" to generate a new instance of the class server. Enter y to continue configuration. Enter y to create a new tree. ndsmanage then queries the values for TREE NAME, Server Name, Server Context etc. in sequence (see page 103). Once input is complete, ndsmanage configures the NDS tree. After configuring the NDS tree, restart the PRIMERGY server in order to activate the configuration, i.e. to recreate the NDS tree. Configuring edirectory for LDAP The following steps are involved in configuring edirectory for LDAP: Install Role Based Services (RBS) Install plug-in modules Configure Role Based Services (RBS) Configure edirectory with/without SSL/TLS support Proceed as follows to complete the individual points: Log in under the administrator ID (Admin) at imanager via a web browser. Installing Role Based Services (RBS). Install RBS using the imanager Configuration Wizard. Proceed as follows: In imanager, select the Configure tap (by clicking on the desk icon). In the Configure tab, select Role Based Services - RBS Configuration Start the RBS Configuration Wizard. 104 irmc

User management on the irmc... globally via Novell edirectory Assign RBS2 to the container that is to be managed. (In the example above, this is "mycompany".) Installing plug-in modules Proceed as follows: In imanager, select the Configure tap (by clicking on the desk icon). In the Configure tab, select Plug-in installation - Available Novell Plug-in Modules In the modules listed in the page Available Novell Plug-in Modules, select the edirectory-specific package edir_88_iman26_plugins.npm. Click Install. Configuring Role Based Services (RBS) In the page Available Novell Plug-in Modules, select all the modules that are required for LDAP integration. If you are not certain, select all the modules. Click Install. Configuring edirectory for SSL/TLS-secured access I During edirectory installation, a temporary certificate is generated with the result that access to the edirectory is secured by SSL/TLS by default. However, since the irmc firmware is configured for the use of RSA/MD5 certificates, SSL/TLS-secured, global irmc user management via edirectory requires an RSA/MD5 certificate of 1024 bytes in length. irmc 105

... globally via Novell edirectory User management on the irmc You create an RSA/MD5 certificate of length 1024 bytes as follows using ConsoleOne: Log into the LDAP server under your administrator ID (Admin) and start ConsoleOne. Navigate to your corporate structure's root directory (e.g. treename/mycompany/myorganisation). Select New Object - NDSPKI key material - custom to create a new object of class NDSPKI:Key Material. In the dialog which is then displayed, specify the following values: 1. 1024 bits 2. SSL or TLS 3. signature RSA/MD5 A new signature of the required type is created. To activate the newly created certificate for the SSL-secured LDAP connection, perform the following steps in imanager: Start imanager via the web browser. Log in at imanager with valid authentication data. Select LDAP - LDAP Options - LDAP Server - Connection. The Connection tab contains a drop-down list which displays all the certificates installed on the system. Select the required certificate in the drop-down list. Configuring edirectory for non-ssl-secured access I Anonymous login and the transfer of plain text passwords via nonsecured channels are deactivated by default in edirectory. Consequently, web browser login at the edirectory server is only possible via an SSL connection. If you want to use LDAP without SSL then you must perform the following steps: 1. Enable a non-ssl-secured LDAP- connection. 2. Relax the bind restrictions. 3. Reload the LDAP configuration. 106 irmc

User management on the irmc... globally via Novell edirectory Proceed as follows: 1. Enable a non-ssl-secured LDAP- connection. Start imanager via the web browser. Log in at imanager with valid authentication data. Select the Roles and Tasks view. Select LDAP - LDAP Options - LDAP Server - Connection. In the Connection tab, deactivate the option Require TLS for all Operations. Select LDAP - LDAP Options - LDAP Group - General. In the General tab, deactivate the option Require TLS for Simple Binds with password. 2. Relax the bind restrictions. Log in at imanager with valid authentication data. In the object tree, navigate to the LDAP Server object. Click with the mouse to highlight the LDAP Server object and select Modify Object in the associated context menu. In the right-hand content frame, open the Other sheet. Under Valued Attributes, select ldapbindrestrictions. Click the Edit button. Set the value to 0. Click OK. In the Other sheet, click the Apply button. 3. Reload the LDAP configuration. Start ConsoleOne and log in to edirectory. Click on the Base DN object at the left of the window (e.g. Mycompany). The LDAP server object is then displayed on the right-hand side of the window. Right-click to highlight the LDAP Server object and select Properties... in the associated context menu. In the General tab, click Refresh NLDAP Server Now. irmc 107

... globally via Novell edirectory User management on the irmc Testing edirectory access via LDAP Browser. After successfully completing steps 1-3 above, you should be able to establish a connection to edirectory via the LDAP Browser utility. You can use Jarek Gavor's LDAP Browser to test this connection as follows: Try to log in at edirectory under the administrator ID (in the example: admin) via an SSL connection. If this attempt fails, proceed as follows: Check that SSL is active (see page 106). Figure 32: Testing LDAP access to edirectory: SSL activated Try to log in at edirectory under the administrator ID (in the example: admin) via a non-ssl-secured connection. 108 irmc

User management on the irmc... globally via Novell edirectory Figure 33: Testing LDAP access to edirectory: SSL not activated If the login fails again: Relax the bind restrictions (see page 106). 4.4.5.4 Integrating irmc user management in Novell edirectory You must perform the following steps in order to integrate irmc user management in Novell edirectory: Import the irmc LDIF file into edirectory. Generating the principal irmc user. Declare the irmc groups and user permissions in edirectory. Assign users to the organizational unit (OU) irmcgroups. LDAP authentication process for irmc users in edirectory The authentication of a global irmc user on login at the irmc is performed in accordance with a predefined process (see page 58). figure 34 on page 110 illustrates this process for global irmc user management with Novell edirectory. The establishment of a connection and login with the corresponding login information is referred to as a BIND operation. irmc 109

... globally via Novell edirectory User management on the irmc SSL-based communication 1 irmc: Bind as Principal User irmc is authenticated irmc 2 3 irmc determines the fully-qualified DN of User1 Bind with User1's DN User1 is authenticated edirectory User permissions 4 irmc determines the user permissions of User1 1) The irmc logs in at the edirectory server with the predefined, known permission data (irmc setting) as Principal User and waits for the successful bind. 2) The irmc asks the edirectory server to provide the fully qualified Distinguished Name (DN) of the user with cn=user1. edirectory determines the DN from the preconfigured subtree (irmc setting). 3) The irmc logs in at the edirectory server with the fully-qualified DN of the user User1 and waits for the successful bind. 4) The irmc asks the edirectory server to provide the user permissions of the user User1. Figure 34: Authentication diagram for global irmc permissions I You configure the "Principal User's" permission data and the subtree which contains the DNs in the page Directory Service Configuration page of the irmc web interface (see page 269). I A user's CN must be unique within the searched subtree. 110 irmc

User management on the irmc... globally via Novell edirectory Importing the LDIF file into Novell edirectory I Prerequisite: The LDIF file must have been created (see section Generating the "irmcgroups" structure in the LDAP directory service on page 73). You use imanager to import the irmc LDIF file into Novell edirectory. Proceed as follows: Start imanager via the web browser. Log in at imanager with valid authentication data. Select edirectory Maintenance and use the ICE (Import Convert Wizard). Select Import data from file on disk and click Next. In the file browser, navigate to your LDIF file. Deactivate the option exit on error and click Next. Enter the DNS name / IP address of your LDAP server as well as the permission data for the administrator ID (see figure 35 on page 112). I Use an SSL connection to import the LDIF file (port 636). I Use version 2 of the LDAP protocol for the import of the LDIF file. irmc 111

... globally via Novell edirectory User management on the irmc Figure 35: imanager - Roles and Tasks: ICE Wizard Click Next. Click Finish to start the import of the LDIF file. 112 irmc

User management on the irmc... globally via Novell edirectory Creating the Principal User for the irmc Proceed as follows to create the Principal User for the irmc: Log in at imanager with valid authentication data. Select Roles and Tasks. Select Users - Create User. Enter the necessary specifications in the displayed template. I The Principal User's Distinguished Name (DN) and password must match the corresponding specifications for the irmc configuration (see section Directory Service Configuration (LDAP) - Configuring the directory service at the irmc on page 269). The user's Context: may be located at any position in the tree. Assign the Principal User search permissions for the following subtrees: Subtree (OU) irmcgroups Subtree (OU) that contains the users (e.g. people). Assigning user permissions to the irmc groups and users By default, an object in edirectory possesses only very limited query and search permissions in an LDAP tree. If an object is to be able to query all the attributes in one or more subtrees, you must assign this object the corresponding permissions. You may assign permissions either to an individual object (i.e. a specific user) or to a group of objects which are collated in the same organizational unit (OU) such as irmcgroups or people. In this case, the permissions assigned to an OU and identified as inherited are automatically passed on to the objects in this group. irmc 113

... globally via Novell edirectory User management on the irmc I To integrate irmc user management in Novell edirectory, it is necessary to assign search permissions to the following objects (trustees): Principal User Subtree which contains the irmc users Detailed information on how to do this can be found below. Proceed as follows to assign an object search permissions for all attributes: Start imanager via the web browser. Log in at imanager with valid authentication data. In imanager, click the Roles and Tasks button. In the menu tree structure, select Rights - Rights to Other Objects. The page Rights to Other Objects is displayed. Under Trustee Name, specify the name of the object (in the example: irmcgroups.sbrd4) to which the permission is to be assigned. Under Context to Search From, specify the edirectory subtree (irmcgroups) which imanager is to search through for all the objects for which the trustee Users currently has read permission. Click OK. A progress display indicates the status of the search. Once the search operation has been completed, the page Rights to Other Objects is displayed with the results of the search (see figure 36 on page 115). 114 irmc

User management on the irmc... globally via Novell edirectory Figure 36: imanager - Roles and Tasks - Rights To Other Objects I If no object is displayed under Object Name, then the trustee currently has no permissions within the specified context. Assign the trustee additional permissions if necessary: Click Add Object. Use the object selector button to select the object for which you want to assign the trustee a permission. Click Assigned Rights. If the property [All Attributes Rights] is not displayed: Click Add Property. The Add Property window is displayed (see figure 37 on page 116). irmc 115

... globally via Novell edirectory User management on the irmc Figure 37: imanager - Roles and Tasks - Rights To Other Objects - Add Property Highlight the property [All Attributes Rights] and click OK to add it. For the property [All Attributes Rights], enable the options Compare, Read and Inherit and click OK to confirm. This authorizes the user/user group to query all the attributes in the selected object's subtree. Click Apply to activate your settings. 116 irmc

User management on the irmc... globally via Novell edirectory 4.4.5.5 Assigning irmc users to the OU "irmcgroups" You can assign irmc users for instance from the OU people to the OU irmcgroups either starting from the individual user entries (preferable if there are only a few user entries), or starting from the group entry (preferable if there are a lot of user entries). I The following example shows the assignment of irmc users from an OU people to the OU irmcgroups. The assignment starting from the group entry is explained. The assignment procedure on the basis of user entries is very similar. Proceed as follows: Start imanager via the web browser. Log in at imanager with valid authentication data. Select Roles and Tasks. Select Groups - Modify Group. The Modify Group page is displayed. Perform the following steps for all the irmc groups to which you want to assign irmc users: Use the object selector button to select the irmc group to which you want to add irmc users. (In the example, this is Administrator.Others.Departments.iRMCgroups.sbrd4.) Select the Members tab. The Members tab of the Modify Group page is displayed: irmc 117

... globally via Novell edirectory User management on the irmc Figure 38: imanager - Roles and Tasks - Modify Group - Members tab Perform the following steps for all the users of the OU people which you want to assign to the irmc group: Click the object selector button. The Object Selector (Browser) window is opened: 118 irmc

User management on the irmc... globally via Novell edirectory Figure 39: Assigning users to the irmc group - selecting users In the Object Selector (Browser) window, select the required user(s) in the OU people and click OK to confirm. The selected users are now listed in the display area in the Members tab of the Modify Group page (see figure 40 on page 120). irmc 119

... globally via Novell edirectory User management on the irmc Figure 40: Display of the selected irmc users in the "Members" tab Confirm with Apply or OK in order to add the selected users to the irmc group (here:....irmcgroups.sbdr4). 120 irmc

User management on the irmc... globally via Novell edirectory 4.4.5.6 Tips on administering Novell edirectory. Restarting the NDS daemon Proceed as follows to restart the NDS daemon: Open the command box. Log in with root permission. Execute the following command: rcndsd restart If, for any unidentifiable reason, the lndap daemon fails to start: Start the lndap daemon "manually": /etc/init.d/nldap restart If imanager does not respond: Restart imanager: /etc/init.d/novell-tomcat4 restart Reloading the configuration of the NLDAP server Proceed as follows: Start ConsoleOne and log in to edirectory. I If you are starting ConsoleOne for the first time, no tree is configured. Proceed as follows to configure a tree: Under My World, select the node NDS. In the menu bar, select: File - Authenticate Enter the following authentication data for login: 1. Login-Name: root 2. Password: <password> 3. Tree: MY_TREE 4. Context: mycompany irmc 121

... globally via Novell edirectory User management on the irmc In the left-hand part of the window, click the Base DN object (Mycompany). The LDAP Server object is then displayed in the right-hand side of the window. Right-click on the LDAP Server object and select Properties... in the context menu. In the General tab, click the Refresh NLDAP Server Now button. Configuring the NDS message trace The nds daemon generates debug and log messages which you can trace using the ndstrace tool. The purpose of the configuration described below is to redirect the output from ndstrace to a file and display the content of this file at another terminal. For this latter task, you use the screen tool. The following procedure is recommended: Open the command box (e.g. bash). Configuring ndstrace Go to the edirectory directory /home/edirectory: cd /home/edirectory Start screen by means of the command screen. Start ndstrace with the command ndstrace. Select the modules that you want to activate. For example, if you want to display the times at which events occurred, enter dstrace TIME. I You are very strongly recommended to activate the modules LDAP and TIME by making the following entry: dstrace LDAP TIME Terminate ndstrace by entering quit. This terminates the configuration of ndstrace. 122 irmc

User management on the irmc... globally via Novell edirectory Outputting messages at a second terminal Start ndstrace and redirect message output: ndstrace -l >ndstrace.log Use the following key combination to open a second terminal: [Ctrl] + [a], [Ctrl] + [c] Activate log recording: tail -f./ndstrace.log To switch between the virtual terminals, use the key combination [Ctrl] + [a], [Ctrl] + [0]. (The terminals are numbered from 0 to 9) irmc 123

... globally via OpenLDAP User management on the irmc 4.4.6 irmc user management via OpenLDAP This section provides you with information about the following topics: Installing OpenLDAP (Linux). Creating an SSL certificate. Configuring OpenLDAP. Integrating irmc user management in OpenLDAP. Tips on OpenLDAP administration 4.4.6.1 Installing OpenLDAP I Before installing OpenLDAP, you must configure the firewall for connections to the ports 389 and 636. For OpenSuSE, proceed as follows: In the file, /etc/sysconfig/susefirewall2 extend the option FW_SERVICES_EXT_TCP as follows: FW_SERVICES_EXT_TCP= 389 636 To install the packages OpenSSL and OpenLDAP2 from the distribution medium, use the setup tool YaST. 4.4.6.2 Creating SSL certificates You should create a certificate with the following properties: Key length: 1024 bits md5rsaenc You use OpenSSL to create key pairs and signed certificates (self-signed or signed by an external CA). For more detailed information, see the OpenSSL home page at http://www.openssl.org. The following links provide instructions on setting up a CA and creating test certificates: http://www.akadia.com/services/ssh_test_certificate.html http://www.freebsdmadeeasy.com/tutorials/web-server/apache-ssl-certs.php http://www.flatmtn.com/computer/linux-sslcertificates.html http://www.tc.umn.edu/~brams006/selfsign.html 124 irmc

User management on the irmc... globally via OpenLDAP Following certificate creation, you must have the following three PEM files: Root certificate: root.cer.pem Server certificate: server.cer.pem Private key: server.key.pem I The private key must not be encrypted with a pass phrase since you should only assign the LDAP daemon (ldap) read permission for the file server.key.pem. You use the following command to remove the pass phrase: openssl rsa -in server.enc.key.pem -out server.key.pem 4.4.6.3 Configuring OpenLDAP Proceed as follows to configure OpenLDAP: Start the Yast setup tool and select LDAP-Server-Configuration. Under Global Settings/Allow Settings, activate the setting LDAPv2-Bind. Select Global Settings/TLS Settings: Activate the setting TLS. Declare the paths of the files created during installation (see section Installing OpenLDAP on page 124). Make sure that certificates and private keys in the file system can be read by the LDAP service. Since openldap is executed under the uid/guid=ldap, you can do this by setting the owner of the files with the certificates and private keys to ldap, or by assigning the LDAP daemon ldap read permission for the files containing the certificates and private keys. Select Databases to create a new database. irmc 125

... globally via OpenLDAP User management on the irmc I If the configuration created by YaST does not function overall, check that the following obligatory entries are present in the file /etc/openldap/slapd.conf: allow bind_v2 TLSCACertificateFile /path/to/ca-certificate.pem TLSCertificateFile /path/to/certificate.pem TLSCertificateKeyFile /path/to/privat.key.pem I If the configuration created by YaST for SSL does not function, check that the following entry is present in the configuration file /etc/sysconfig/openldap: OPENLDAP_START_LDAPS= yes 4.4.6.4 Integrating irmc user management in OpenLDAP. The integration of irmc user management in OpenLDAP comprises the following steps: Importing the irmc LDIF file into OpenLDAP. Generating the principal irmc user. Creating the new irmc user and assigning this user to the OU irmcgroups. Importing the LDIF file into OpenLDAP. I Prerequisite: The LDIF file must have been created (see section Generating the "irmcgroups" structure in the LDAP directory service on page 73). The management tool ldapadd can be used to import the irmc file into OpenLDAP. I To obtain help on the ldapadd tool, enter ldapadd --help Proceed as follows to import the LDIF file: Copy the LDIF file to the OpenLDAP server. Open a terminal on the OpenLDAP server. 126 irmc

User management on the irmc... globally via OpenLDAP Go to the directory to which you copied the LDIF file. Enter the following command to import the LDIF file: ldapadd -x -v -D cn=admin,dc=myorganization,dc=mycompany -W -f irmcdirserviceinit.ldif Generating the Principal User I To generate the Principal User (ObjectClass: Person) use an LDAP browser, for example the LDAP Browser\Editor published by Jarek Gawor (see page 79). The text below describes how you use the Jarek Gawor LDAP Browser\Editor to generate the Principal User. Proceed as follows:. Start the LDAP Browser. Log in at the OpenLDAP directory service with valid authentication data. Select the subtree (subgroup) in which the Principal User is to be created. The Principal User can be created anywhere in the tree. Open the Edit menu. Select Add Entry. Select Person. Edit the Distinguished Name DN. I The Principal User's Distinguished Name (DN) and password must match the corresponding specifications for the irmc configuration (see section Directory Service Configuration (LDAP) - Configuring the directory service at the irmc on page 269). Click Set and enter a password. Enter a Surname SN. Click Apply. irmc 127

... globally via OpenLDAP User management on the irmc Creating a new irmc user and assigning this user to the OU "irmcgroups" I To create a new user (ObjectClass Person) and assign a user to the OU irmcgroups, you use an LDAP browser, for example the Jarek Gawor LDAP Browser\Editor (see page 79). The following text describes how you use the Jarek Gawor LDAP Browser\Editor to create a new irmc user and add this user to the OU irmcgroups. Proceed as follows: Start the LDAP Browser. Log in at the OpenLDAP directory service with valid authentication data. Create a new user. To do this, proceed as follows: Select the subtree (subgroup) in which the new user is to be created. The new user can be created anywhere in the tree. Open the Edit menu. Select Add Entry. Select Person. Edit the Distinguished Name DN. Click Set and enter the password. Enter a Surname SN. Click Apply. 128 irmc

User management on the irmc... globally via OpenLDAP Assign the user you have just created to the OU irmcgroups. To do this, proceed as follows: Select the irmcgroups subtree (subgroup) to which the user is to belong, i.e. cn=userkvm,ou=yourdepartment, ou=departments,ou=irmcgroups,dc=myorganisation,dc=mycompany Open the Edit menu. Select Add Attribute. Specify "Member" as the attribute name. As the value, specify the fullyqualified DN of the user you have just created, i.e. cn=userkvm,ou=yourdepartment,ou=departments,ou=irmcgroups, dc=myorganization,dc=mycompany 4.4.6.5 Tips on OpenLDAP administration Restarting the LDAP service Proceed as follows to restart the LDAP service: Open the command box. Log in with root permission. Enter the following command: rcldap restart Message logging The LDAP daemon uses the Syslog protocol for message logging. I The logged messages are only displayed if a log level other than 0 is set in the file /etc/openldap/slapd.conf. For an explanation of the various levels, see: http://www.zytrax.com/books/ldap/ch6/#loglevel table 2 on page 130 provides an overview of the log levels and their meanings. irmc 129

... globally via OpenLDAP User management on the irmc Log level Meaning -1 Comprehensive debugging 0 No debugging 1 Log function calls 2 Test packet handling 4 Heavy trace debugging 8 Connection management 16 Show sent/received packets 32 Search filter processing 64 Configuration file processing 128 Processing of access control lists 256 Status logging for connections/operations/events 512 Status logging for sent entries 1024 Output communication with shell backends. 2048 Output results of entry parsing. Table 2: OpenLDAP - log levels 130 irmc

User management on the irmc SSL copyright 4.4.7 SSL copyright The irmc-ldap integration uses the SSL implementation developed by Eric Young on the basis of the OpenSSL Project. /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * openssl-core@openssl.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This product includes cryptographic software written by Eric Young * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * */ irmc 131

SSL copyright User management on the irmc /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ 132 irmc

5 Advanced Video Redirection I A valid license key is required to use the Advanced Video Redirection feature. Advanced Video Redirection (AVR) allows you to control the mouse and keyboard of the managed server from your remote workstation and to show the current graphical and text output from the managed server. I The AVR Java applet allows you to use the Remote Storage feature (see chapter Remote Storage on page 155). This chapter provides information on the following topics: Checking the AVR settings Using AVR Menus of the AVR window irmc 133

Prerequisites Advanced Video Redirection 5.1 Requirements: Check the AVR settings Check the following important settings before using AVR: Graphics mode settings on the managed server Advanced Video Redirection (AVR) supports the following graphics modes: Resolution Refresh rates [in Hz] 640 x 480 (VGA) 60; 75 32 800 x 600 (SVGA) 56; 60; 72; 75 16 1024 x 768 (XGA) 60; 70; 75 16 1152 x 864 60; 70; 75 8 1280 x 1024 (UXGA) 60; 70; 75 8 Table 3: Supported display settings Maximum color depth [bits] I Only VESA-compliant graphics modes are supported. Supported text mode The irmc supports the following common text modes: 40 x 25 80 x 25 80 x 43 80 x 50 Refer to the Help system for your operating system for information on the display settings. Keyboard settings I The keyboard settings must be identical: on the remote workstation, on the managed server, on the irmc. 134 irmc

Advanced Video Redirection Using AVR 5.2 Using Advanced Video Redirection To start AVR, click the Start Video Redirection button on the Advanced Video Redirection page of the irmc web interface (see page 288). The Advanced Video Redirection window (AVR window) opens, showing you the display on the managed server. The AVR window also contains the following elements: Menu bar: The Preferences and Extras menus allow you to configure the AVR settings and to control the AVR (see page 147). Remote Storage is used to call the remote storage function (see page 151). Integrated special keys (see page 138). The Local Monitor indicator shows whether the local monitor of the managed server is switched on (see section Local Monitor Off function on page 137. Menu bar Integrated special keys Local monitor indicator Figure 41: Advanced Video Redirection window irmc 135

Using AVR Advanced Video Redirection 5.2.1 Parallel AVR sessions AVR can be used by two user sessions simultaneously. One user has full control over the server (full-control mode) and the other can only passively observe keyboard and mouse operation of the server (view only mode). When AVR is first started, you are initially in view only mode. You will always be asked if you want to switch to full-control mode. If you decide to switch to fullcontrol mode and another full-control mode session is already active, the existing session is switched to view-only mode. 136 irmc

Advanced Video Redirection Using AVR 5.2.2 Local Monitor Off function The Local Monitor Off function of the irmc allows you to power down the local monitor of the managed server for the duration of your AVR session. In this way, you ensure that the inputs you make and the actions you perform on the local monitor on the server using AVR cannot be seen. The identification LED flashes to indicate Local Monitor Off mode on the server. I The Local Monitor Off function is not supported by all PRIMERGY servers with irmc. You configure the Local Monitor Off function on the Advanced Video Redirection page of the irmc web interface (see page 288). After you have configured the system appropriately, you can switch the local monitor of the server on and off from the remote workstation as follows: In Full Control mode in an AVR session using the Extras menu directly on the Advanced Video Redirection page with administrator or OEM permissions You can also configure that the local monitor is always switched off automatically whenever a new AVR session is started. The current status of the local monitor is shown in the AVR window in blue letters to the right of the integrated special keys: Local Monitor always on The local monitor is always switched on and cannot be switched off, as the Enable Local Monitor Off option (see page 290) is deactivated. Local Monitor is: on The local monitor is on, but can be switched off. Local Monitor is: off The local monitor is off, but can be switched on. irmc 137

Using AVR Advanced Video Redirection 5.2.3 Redirecting the keyboard Keyboard redirection only works when the focus is on the AVR window. If keyboard redirection appears not to be working, simply click on the AVR window. If the keyboard does not respond, check that the AVR window is not in viewonly mode. How to switch to full-control mode is described on page 149. Special key combinations AVR passes all normal key combinations to the server. Special keys such as Windows keys are not sent. Some special key combinations suchas [ALT] + [F4] cannot be sent, because they are interrupted by the client s operating system. In such cases, you should use the integrated special keys or the virtual keyboard. Integrated special keys Below the menu bar of the AVR window, you will find a bar containing the special keys. These keys are implemented as sticky keys, i.e. they remain pressed when you click them and only return to their normal position when you click them again. Using the integrated special keys, you can, for instance, use Windows keys or special key combinations which are not sent by AVR if you press them on your own keyboard. Figure 42: Advanced Video Redirection window - integrated special keys [Mouse Sync] Press this key to synchronize the mouse pointers (see also section Synchronizing the mouse pointer on page 140). [Ctrl] [Alt] Left CTRL key (corresponds to the [Ctrl] key on your keyboard). Alt(ernate) key (corresponds to the [Alt] key on your keyboard). 138 irmc

Advanced Video Redirection Using AVR [Win] Left and right Windows keys (correspond to the keys on your keyboard between the left and right [Ctrl] and [Alt ] keys). [Alt Gr] Alt(ernate) Gr(aphic) key (corresponds to the [Alt Gr] key on your keyboard). [Context] Context menu for the selected object (corresponds to the key combination [Shift] + [F10] on your keyboard). [Lock] Caps lock (corresponds to the [Caps Lock] key on your keyboard). [Ctrl-Alt-Del] Corresponds to the key combination [Ctrl]+ [Alt] + [Del] on your keyboard. Virtual keyboard The virtual keyboard (see figure 43) provides you with a functional representation of the keyboard. All key combinations are available when you use the virtual keyboard. This means that you can use the virtual keyboard as a fully functional replacement for a real keyboard. You activate the virtual keyboard in the AVR window from the Extras menu (see page 148). Figure 43: Virtual Keyboard (keyboard layout: German (DE) Secure keyboard If you are connected to the irmc web interface over an HTTPS connection, entries at the keyboard are transferred over a secure SSL connection. irmc 139

Using AVR Advanced Video Redirection 5.2.4 Redirecting the mouse The mouse pointer on the managed server is moved synchronously with the mouse on the remote workstation. You configure the mouse redirection settings in the AVR window in the Preferences menu, - Mouse tab (see page 152). 5.2.4.1 Synchronizing the mouse pointer When the AVR window is first opened, it is possible that the mouse pointer on the remote workstation (local mouse pointer) is not yet synchronized with the mouse pointer on the managed server. To synchronize the two mouse pointers, use one of the following alternatives (see figure 44 on page 141): Click [Mouse Sync] in the menu bar of the AVR window. Move the local mouse pointer to the top left corner of the AVR window. The mouse pointer on the managed server automatically follows this movement. The pointers are synchronized when the two mouse pointers completely overlap. 140 irmc

Advanced Video Redirection Using AVR (3) (1) (2) Press the Mouse Sync key or (1) Drag the local mouse cursor to the top left corner. (2) The server s mouse pointer follows automatically. (3) The mouse pointers are synchronized when they completely overlap and are displayed as a single mouse pointer. Figure 44: Synchronizing the local mouse pointer and the mouse pointer of the managed server. I Correct synchronization of the mouse pointers requires that certain settings are made on the managed server. These are preconfigured automatically by the Matrox VGA installation on the managed server. If synchronization of the mouse pointers does not function correctly, for instance because the preconfigured settings have been changed, you can restore correct synchronization of the mouse pointers by making the settings described below. The settings must be made on the managed server. irmc 141

Using AVR Advanced Video Redirection 5.2.4.2 Managed Windows server: Adjusting the settings for synchronization of the mouse pointers On a Windows server, you can either make the settings for mouse pointer synchronization using a batch program or using the Windows Start menu and the context menu. You must adjust the following settings: Speed of the mouse pointer Hardware acceleration I When you adjust the settings using a batch program, the Matrox graphics driver is installed as well as the mouse pointer speed and hardware acceleration being adjusted. You can make all the settings for the managed server either directly at the managed server or from the remote workstation over AVR. Adjusting the settings on the managed server using a batch program Proceed as follows: Open a DOS prompt window. Switch to the folder in which the batch program ServerEnginesG200e_Kronos1_SETUP.exe for the relevant Matrox VGA driver installation (32-bit or 64-bit) is located. Type setup.bat to start the batch program. Reboot the managed server when the batch program has executed. 142 irmc

Advanced Video Redirection Using AVR Adjusting the settings on the managed server using the Windows Start menu and the context menu Proceed as follows to adjust the mouse pointer: Choose Start - Settings - Control Panel - Printers and Other Hardware - Mouse - and the Pointer Options tab. This opens the following window: Figure 45: Mouse Properties - Pointer Options Set the Pointer Speed to a medium value. Disable the Enhance Pointer Precision option. Click the [OK] button to save the settings. irmc 143

Using AVR Advanced Video Redirection Proceed as follows to adjust the hardware acceleration: Right-click on the desktop background. In the context menu that appears, choose: Properties - Settings tab, Advanced button, and the Troubleshooting tab. This opens the following window: Figure 46: Properties -... - Troubleshooting: Hardware acceleration Set the Hardware Acceleration to a value as shown in figure 46. Click the [OK] button to save the settings. 144 irmc

Advanced Video Redirection Using AVR 5.2.4.3 Managed Linux server: Adjusting the settings for synchronization of the mouse pointers Prerequisite: The managed server is running under one of the following Linux operating systems: Red Hat 4.x Red Hat 5.x Suse 9.x Suse 10.x You can adjust the mouse pointer synchronization settings on the managed server either using commands or under menu guidance. You must adjust the following settings: Pointer acceleration Pointer threshold You can make all the settings for the managed server either directly at the managed server or from the remote workstation over AVR. Adjusting the settings on the managed server using commands Use the xset command to make the settings for Pointer acceleration and Pointer threshold (recommended values: 1 in each case). Command syntax: xset m(ouse)][acceleration][threshold] Proceed as follows: Call a command line tool. Run the command xset with the following arguments: xset m 1 1 irmc 145

Using AVR Advanced Video Redirection Adjusting the settings on the managed server under menu guidance I The procedure described below only applies to Suse Linux. Proceed as follows: Choose N - Control Center - Peripheral - Mouse - Advanced tab The Mouse - Control Center window opens: Figure 47: Mouse Control Center window Set the following values in the Mouse Control Center window: Pointer acceleration: 1.0x (minimum value) Pointer threshold: 20 pixels (maximum value) Save the settings. Reboot the managed server. I It is not necessary to set the values again after rebooting the server. 146 irmc

Advanced Video Redirection Menus of the AVR window 5.3 Menus of the AVR window The menu bar of the Advanced Video Redirection window contains the following menus: The Extras menu allows you to control the AVR session. You can also make a virtual keyboard available. You can set up and clear remote storage connections with the Remote Storage menu. The Languages menu allows you to set the language (German/English) used to display the AVR menus and dialogs. The Preferences menu allows you to configure the mouse, keyboard and logging settings. irmc 147

Menus of the AVR window Advanced Video Redirection 5.3.1 Extras menu You can select the following functions in the Extras menu: Figure 48: Advanced Video Redirection window - Extras menu Virtual Keyboard... The Virtual Keyboard window opens (see figure 43 on page 139). Update local monitor state Refreshes the display of the local monitor status. Turn local monitor on I This function is not supported by all PRIMERGY servers. Switches on the local monitor of the managed server. I If you are in view-only mode, the function is also deactivated when the local monitor is switched off. 148 irmc

Advanced Video Redirection Menus of the AVR window Turn local monitor off I This function is not supported by all PRIMERGY servers. Switches off the local monitor of the managed server. I This function is disabled in the following cases, even if the local monitor is switched on: you are in view-only mode, When AVR was started, the Enable Local Monitor Off option was not enabled under Local Monitor (see page 290). Local Monitor display: Local Monitor always on Refresh Screen Refreshes the AVR window. Take Full Control... Switch to full-control mode. (This function is disabled if you are already in full-control mode.) The following dialog box opens: Figure 49: Extras menu - Take Full Control... Click OK to confirm that you want to switch to full-control mode. I Note that any existing full-control session will be switched to view-only mode. Click Cancel if you do not want to switch to full-control mode. irmc 149

Menus of the AVR window Advanced Video Redirection Disconnect Session... Terminate another AVR session. I It is only possible to terminate other AVR sessions with Disconnect Session. To terminate your own session, choose Exit. A list of current AVR sessions appears: Figure 50: Extras menu - Disconnect Session Select the AVR session that you wish to terminate. Click OK to confirm that you want to terminate the selected AVR session. Click Cancel if you do not want to terminate the selected AVR session. Relinquish Full Control... Switch to view-only mode. (This function is disabled if you are already in view-only mode.) Exit Terminate your own AVR session. 150 irmc

Advanced Video Redirection Menus of the AVR window 5.3.2 Remote Storage menu You call the remote storage functionality under Remote Storage: Figure 51: Advanced Video Redirection window - Extras menu Remote Storage... Double-click Remote Storage... to open the Storage Devices dialog box (see page 158). This window allows you to attach or detach media on the remote workstation as Remote Storage devices (see chapter Remote Storage on page 155). 5.3.3 Languages menu From the Languages menu, choose the language in which the menus and dialog boxes of the AVR window are to be shown: Figure 52: Advanced Video Redirection window - Languages menu irmc 151

Menus of the AVR window Advanced Video Redirection 5.3.4 Preferences menu The Preferences contains tabs for configuring the mouse, keyboard and logging together with a Misc tab for further functions: Figure 53: Advanced Video Redirection window - Preferences menu Mouse tab The Mouse allows you to specify the mouse mode: Figure 54: Preferences menu - Mouse tab Depending on the server operating system, you must make the following settings: Windows: Absolute Mode, Hide Mode (Relative) or Relative Mode Linux: Hide Mode (Relative), Relative Mode I Default setting: Relative Mode Confirm your entries by clicking OK. 152 irmc

Advanced Video Redirection Menus of the AVR window Keyboard tab The Keyboard tab allows you to specify the keyboard layout for the virtual console: Figure 55: Preferences menu - Keyboard tab Language Select the keyboard layout for the virtual console. I The keyboard layout at the managed server must also be set accordingly. Confirm your entries by clicking OK. Logging tab The Logging tab is used to configure the logging settings. Figure 56: Preferences menu - Logging tab I None must be set! Confirm your entries by clicking OK. irmc 153

Menus of the AVR window Advanced Video Redirection Misc tab On the Misc tab, you configure whether the irmc is to perform hardware compression for the AVR session. Figure 57: Preferences menu - Logging tab Overwrite Native Storage Library This option is of no significance for you. Video Encryption If you enable this option, the irmc performs encryption for the AVR session. Confirm your entries by clicking OK. 154 irmc

6 Remote Storage I A valid license key is required to use the Remote Storage feature. Remote Storage makes a virtual drive available which is located elsewhere in the network. Up to two media can be redirected. You can provide the source for the virtual drive as follows: As a physical drive or image file at the remote workstation using the AVR Java applet (see page 156). As an image file centrally in the network via a remote storage server (see page 165). I Parallel remote storage connections: The following are possible concurrently: either up to two Remote Storage connections to virtual drives at the remote workstation (if the connection is established over the AVR Java applet) or one Remote Storage connection to a Remote Storage server. It is not possible to establish concurrent Remote Storage connections via an applet and via the Remote Storage server. I The Remote Storage page of the irmc web interface allows you to obtain information on the status of the current remote storage connections and establish the connection to a remote storage server (see page 296). irmc 155

... providing on the remote workstation Remote Storage 6.1 Providing remote storage at the remote workstation If you provide the source for a virtual drive on the remote workstation then the remote storage functionality supports the following device types: ISO image (image file) floppy disk drive USB memory device (e.g. memory stick) CD ROM DVD ROM You can use the virtual drive to install an operating system on your PRIMERGY server from the remote workstation (see chapter IPMI OEM Commands on page 415). This section provides information on the following topics: Starting Remote Storage Provision of storage media for Remote Storage Connecting storage media as remote storage Clearing Remote Storage connections Removing media made available for Remote Storage 156 irmc

Remote Storage... providing on the remote workstation 6.1.1 Starting Remote Storage You start the Remote Storage function using the AVR Java applet (see section Advanced Video Redirection - Start Advanced Video Redirection (AVR) on page 288). Start the irmc web interface (see section Logging into the irmc web interface on page 178). Open the Advanced Video Redirection page and click on the Start Video Redirection, button to start Advanced Video Redirection (see section Advanced Video Redirection - Start Advanced Video Redirection (AVR) on page 288). This opens the AVR window. In the menu bar in the AVR window, choose: Remote Storage - Remote Storage... Figure 58: Advanced Video Redirection window - Remote Storage - Remote Storage... The Storage Devices dialog box opens, containing the storage media currently available for Remote Storage (see figure 59 on page 158). irmc 157

... providing on the remote workstation Remote Storage Figure 59: Storage Devices dialog box I When a storage medium is inserted in a drive (CD ROM, DVD ROM) the contents are displayed automatically. If a storage medium is inserted, but its contents are not displayed, the storage medium is reserved by the local explorer. 158 irmc

Remote Storage... providing on the remote workstation 6.1.2 Provision of storage media for Remote Storage In the Storage Devices dialog box, click the Add... button. The Add Storage Device dialog box opens: Figure 60: Add Storage Device dialog box: In the Add Storage Device dialog box, navigate to the directory of the remote storage medium that you want to make available for remote storage from your remote workstation. Select the required device type under Storage Type:. The following device types are supported: ISO image (image file) Floppy disk drive USB memory device (e.g. USB memory stick) CD ROM DVD ROM Specify the storage medium you wish to connect as Remote Storage under File Name: In the case of an image file (ISO/NRG image), enter the file name. Alternatively, click on the file name in the Explorer. In the case of a drive, enter the name of the drive, e.g. D for drive D (Windows) /dev/... (Linux) irmc 159

... providing on the remote workstation Remote Storage Figure 61: Add Storage Device dialog box: Selecting the storage medium Click Select to confirm your selection. The selected storage medium is made available for Remote Storage and displayed in the Storage Devices dialog box. Figure 62: Storage Devices dialog box: The provided storage medium is displayed. 160 irmc

Remote Storage... providing on the remote workstation 6.1.3 Connecting storage media as remote storage In the Storage Devices dialog box, click the storage medium that you want to connect as Remote Storage. Figure 63: Storage Devices dialog box: Connecting a storage medium as remote storage Click Connect to connect the selected storage medium as Remote Storage. irmc 161

... providing on the remote workstation Remote Storage The Storage Devices dialog box appears with the message regarding safe removal. The storage medium is connected as Remote Storage. Figure 64: Storage Devices dialog box: The storage medium is connected as Remote Storage. 162 irmc

Remote Storage... providing on the remote workstation 6.1.4 Clearing Remote Storage connections Open the Storage Devices dialog box (see section Starting Remote Storage on page 157). The list of storage media connected as Remote Storage is displayed: Figure 65: Storage Devices dialog box: Clearing Remote Storage connections Safely remove the storage device, i.e. ensure that no more applications/programs are accessing the storage media. Click Disconnect... to clear all Remote Storage connections. irmc 163

... providing on the remote workstation Remote Storage 6.1.5 Removing the storage medium Remove a storage medium from the list of media available for Remote Storage as follows: Open the Storage Devices dialog box (see section Starting Remote Storage on page 157). The list of storage media available for Remote Storage is displayed: Figure 66: Storage Devices dialog box: Removing a Remote Storage medium Select the storage medium you want to remove. Click Remove... to remove the storage medium. 164 irmc

Remote Storage... providing via a remote storage server 6.2 Providing remote storage via a remote storage server You can use a remote storage server to provide an image file (ISO/NRG image) as remote storage for any number of PRIMERGY servers that can be administered via irmc. You can use this image file to boot one or more PRIMERGY servers from the remote workstation (see chapter IPMI OEM Commands on page 415). I The following requirements must be satisfied if your PRIMERGY server is to use the image file made available by the remote storage server: The remote storage server must be installed (see page 166). The remote storage server must be started (see page 175). The managed server s irmc must be connected to the remote storage server (see page 297). irmc 165

... providing via a remote storage server Remote Storage 6.2.1 Installing the remote storage server The ServerStart Software DVD contains the installation program RemoteStorageServer_Installer32.exe for the installation of the remote storage server. I The Remote Storage server is available in 32-bit and 64-bit versions. The 32-bit and 64-bit versions of the Remote Storage server must not be installed at the same time on 64-bit systems. Start RemoteStorageServer_Installer32.exe to install the remote storage server. The welcome screen of the installation program appears: Figure 67: Installing the remote storage server: Welcome screen Click the Next button. The window in which you specify the installation directory appears (see figure 68 on page 167). 166 irmc

Remote Storage... providing via a remote storage server Figure 68: Installing the remote storage server: Specifying the installation folder If you do not want to install the remote storage server in the default folder, click Browse... to navigate to the directory you wish to use. Click the Next button. The window allowing you to select where the program shortcut appears in the Start menu appears (see figure 69 on page 168). irmc 167

... providing via a remote storage server Remote Storage Figure 69: Installing the remote storage server: Specifying the installation folder If you do not want to place the program shortcut in the default folder, specify the folder you wish to use by clicking Browse... Click the Next button. The Ready to Install window opens. Here you can check the settings you have made and launch installation of the remote storage server (see figure 70 on page 169). 168 irmc

Remote Storage... providing via a remote storage server Figure 70: Installing the remote storage server: Starting installation Click Install to start installation of the remote storage server. The window shown in figure 71 on page 170 is displayed once installation is complete: irmc 169

... providing via a remote storage server Remote Storage Figure 71: Installing the remote storage server: Closing the installation program I If you check the Launch Remote Storage Server option, the remote storage servers GUI (see page 172) is started when the installation program has been closed. Click Finish to close the installation program. Once installation has been completed successfully, your installation directory contains a number of files including RemoteStorageServer.exe. 170 irmc

Remote Storage... providing via a remote storage server 6.2.2 Remote storage server execution modes You can execute the remote storage server in the following modes as required: as a background service as a stand-along program You configure the Remote Storage server execution mode via a graphical user interface (see page 172). Executing the remote storage server as a service The following points should be noted The image file can be located either on a computer in the network or on the same host on which the remote storage server is running. I If the image file is not on the computer on which the remote storage server is running, you must specify the path of the image file in UNC notation. You also need a user account with access permissions on the image file. When the host on which the remote storage server is located is booted, the remote storage server starts automatically. The remote storage server is then executed until it is explicitly terminated or the host is shut down. When the host on which the remote storage server is located is booted, the image file becomes available automatically. Executing the remote storage server as a stand-alone program The following points should be noted The image file (ISO/NRG image) may be present locally on the remote storage server or on an assigned network drive. When the host on which the remote storage server is located is booted, you must start the image file manually. irmc 171

... providing via a remote storage server Remote Storage 6.2.3 Configuring, starting and exiting the remote storage server You configure, start and exit the remote storage server via a graphical user interface (GUI). Calling the remote storage server s graphical user interface You call the remote storage server s graphical user interface as follows: Choose Start - Programs - Fujitsu RemoteStorageServer - Remote Storage Server. The remote storage server s graphical user interface appears: Figure 72: The remote storage server s graphical user interface (here in the Idle state) 172 irmc

Remote Storage... providing via a remote storage server Configuring the remote storage server I Configuration is only possible if the remote storage server is in the idle state, i.e. it is not being executed. In the graphical user interface, you specify the image file made available as remote storage together with other parameters: ISO Image Path and Filename: Enter the path and name of the image file directly in the field. or: Click the Browse... button and then navigate to and select the required image file in the Choose a file dialog box which now opens and then confirm. I If the remote storage server is to run as a service (see the Run as Service option on page 174) and the image file is located on a computer in the network, you must specify the path of the image file in UNC notation. You must also ensure that the account entered under Log On As User (see page 174) is valid and has access permissions on the share on which the image file is located. Force Using Port If you have configured a port number other than the default port number (5901) for the irmc s remote storage port (see page 242 or page 345), then you must activate this option and enter the configured port number in the associated field. Force Using IP Address If the host on which the remote storage server is executed possesses more than one LAN connection: You can specify the IP address of the LAN connection that is to be used for the remote storage server if this is executed as a service. By default, the remote storage server uses the first detected LAN connection. irmc 173

... providing via a remote storage server Remote Storage Run as Service Activate this option if the remote storage server is to be executed as a service in the background (see page 171). Select one of the two options below: Use Local System Account The Remote Storage server is executed as a service under the local system account. In this event, the image file (ISO/NRG image) must be located on a local drive. Log On As User he Remote Storage server is executed under the user account that you specify in the following input fields. Specify the user name in the form: For local users:.\logon-name For domain users: DOMAIN\LogOnName or LogOnName@DOMAIN<mailto:LogOnName@DOMAIN> I The image file (ISO/NRG image) can be located on a network drive if the Log On As User option is enabled. In this event, the specified account must have access permissions on the network drive on which the image file is located. You must also specify the image file in UNC notation (see input field ISO Image Path or Filename on page 173). Click the Apply button to activate your settings. 174 irmc

Remote Storage... providing via a remote storage server Starting the remote storage server Click the Start button to start the remote storage server as a service or as a stand-alone program: Figure 73: The remote storage server is executed ( Running status) Status Messages: The logged execution states of the remote storage server are displayed here. I If the Run as service execution mode is configured (see page 174), then the remote storage server is started automatically when the computer on which the remote storage server is installed is booted. I Execution of the remote storage server is not interrupted automatically if the graphical user interface is exited. irmc 175

... providing via a remote storage server Remote Storage Exiting the remote storage server Click the Stop button to terminate execution of the remote storage server. 176 irmc

7 irmc web interface The irmc not only has its own operating system, but also acts as a web server, providing its own interface. You can choose whether to show the menus and dialog boxes of the irmc web interface in German or English. You can also switch between the available interface languages within the same session. When you enter values in the irmc web interface, you often receive assistance in the form of tool tips. I The software described below is partly based on work by the Independent JPEG Group. irmc 177

Logging into the irmc web interface irmc web interface 7.1 Logging into the irmc web interface Open a web browser on the remote workstation and enter the (configured) DNS name (see page 245) or IP address of the irmc. Different login screens appear depending on whether LDAP access to a directory service has been configured for the irmc (LDAP enabled option, see page 270): I If no login screen appears, check the LAN connection (see section Testing the LAN interface on page 41). LDAP access to the directory service is not configured for the irmc (LDAP enabled option is not activated): Figure 74: Login screen for the irmc web interface (LDAP access not configured) Type in the data for the default administrator account. User name: admin Password: admin I Both the User name and the Password are case-sensitive. For reasons of security, it is recommended that you create a new administrator account once you have logged in, and then delete the default administrator account or at least change the password for the account (see User <name> Configuration - User configuration (details) on page 262). Click OK to confirm your entries. 178 irmc

irmc web interface Logging into the irmc web interface LDAP access to the directory service is configured for the irmc (LDAP enabled option or Always use SSL Login option is activated): Figure 75: Login screen for the irmc web interface (LDAP access configured) I The user name and password are always SSL-protected when they are transmitted. If you activate the Secure (SSL) option, all communication between the web browser and the irmc is carried out over HTTPS. Type in the data for the default administrator account. User name: admin Password: admin I For reasons of security, it is recommended that you create a new administrator account once you have logged in, and then delete the default administrator account or at least change the password for the account (see User <name> Configuration - User configuration (details) on page 262). Click Login to confirm your entries. The irmc web interface opens showing the System Information page (see page 186). irmc 179

Required user permissions irmc web interface 7.2 Required user permissions table 4 provides an overview of the permissions which are required in order to use the individual functions available at the irmc web interface. Functions in the irmc web interface Permitted with IPMI privilege level Permitted with permission OEM Administrator Operator User Configure User Accounts Configure irmc Settings Video Redirection Enabled Remote Storage Enabled Open the System Overview / Sytem Component Info. pages. X X X X Switch identification LED on/off. X X X X Open irmc Information page. X X X X Set firmware selector. X X Load license key onto the irmc. Open Save irmc FW Settings page. X X Save irmc FW Settings page (without Incl. User Settings) Save irmc FW Settings (Include User Settings) page Open and edit Certificate Upload page. Open and edit Generate a self signed RSA Cert. page X X X X Open Power On/Off page. X X X X Modify Boot Options. Use Power Control. X X X Open and edit the Power Options page. Open Power Supply Info page. X X X X Open Fans page. X X X X Start fan test (Fan Test group). X X X X Table 4: Permissions to use special the irmc web interface X X X X X 180 irmc

irmc web interface Required user permissions Functions in the irmc web interface Permitted with IPMI privilege level Permitted with permission OEM Administrator Operator User Configure User Accounts Configure irmc Settings Video Redirection Enabled Remote Storage Enabled Set Fan Check Time (Fan Test group). Edit System Fans. Open Temperature page X X X X Define action on critical temperature. Open Voltages page. X X X X Open Current page. X X X X Open Power Supply page X X X X Open Component Status page X X X X Open System Event Log Content page. X X X X Delete the system event log (SEL) X X X Save the system event log (SEL) X X X X Modifying the configuration of the SEL Define the severity for the display of SEL entries X X X X Open System Event Log Configuration page X X X X Change Default Web Interface display filtering. Change SEL mode (ring/buffer). Open and edit Server Management Info. page. Open and edit the Network Interface page. Open and edit the Ports and Netw. Services page. Open and edit the DHCP Configuration page. Open and edit DNS Settings page. Open and edit SNMP TRAP Alerting page. Open and edit Serial / Modem Alerting page. Table 4: Permissions to use special the irmc web interface X X X X X X X X X X X X X irmc 181

Required user permissions irmc web interface Functions in the irmc web interface Permitted with IPMI privilege level Permitted with permission OEM Administrator Operator User Configure User Accounts Configure irmc Settings Video Redirection Enabled Remote Storage Enabled Open and edit the Email Alerting page. X Open and edit the irmc User page. X Open and edit the Directory Service Config. page. X Open the BIOS Text Console page. X X X X Modify the BIOS Console Redirection Options. X Start Console Redirection. X X X X Logon in window for power mgmt & text console red. X X Start text console redirection (Enter Console). X X Open and edit the Adv. Video Redirection page. X Switch local monitor on/off with Turn Off /On button X X X Open and edit the Remote Storage page. Start irmc SSH Access / Start irmc Telnet Access. X X X X SSH login / Telnet login X X X X Table 4: Permissions to use special the irmc web interface X 182 irmc

irmc web interface Structure of the user interface 7.3 Structure of the user interface The irmc web interface is structured as follows: Selected function Selection of the interface language Title bar Navigation area Working area Figure 76: Structure of the irmc web interface Choosing the language for the irmc web interface On the right of the black bar above the work area, you will find a flag icon. Click this icon to choose the language (German or English) used to display the navigation area, menus and dialog boxes of the irmc web interface. irmc 183

Structure of the user interface irmc web interface Navigation area The navigation area contains the menu tree structure whose nodes combine the links to the individual irmc functions arranged on a task basis. When you click one of these links (in figure 76:System Overview), the link is enabled and the work area for that function is displayed showing any output, dialog boxes, options, links and buttons. Below the links to the individual irmc functions, you will find the links Logout and Refresh: Logout allows you to terminate the irmc session after you have confirmed this in a dialog box. Different login screens appear after the session has been closed depending on whether LDAP access to a directory service has been configured for the irmc (LDAP enabled option, see page 270): If LDAP access to the directory service is not configured for the irmc (LDAP enabled is not activated), the following login screen appears: Figure 77: Login page (after logging out) Click the Login button to open the login screen of the irmc web interface (see figure 74 on page 178). This allows you to log in again if you wish. If LDAP access to the directory service is configured for the irmc (LDAP enabled is activated), the appropriate login screen appears (see figure 75 on page 179). 184 irmc

irmc web interface Structure of the user interface Click Refresh to refresh the contents of the irmc web interface. I Alternatively, you can configure the interface to automatically update the contents periodically (see Enable Auto Refresh on page 240). irmc 185

System Information irmc web interface 7.4 System Information - Information on the server The System Information entry contains the links to the following pages: System Overview - General information on the server on page 187 System Component Information - Information on the server components on page 190 186 irmc

irmc web interface System Information 7.4.1 System Overview - General information on the server The System Overview page provides information on the system status, the system board, the operating system of the managed server, system FRUs (Field Replaceable Units) / IDPROM. Figure 78: System Overview page irmc 187

System Information irmc web interface System Status System Status provides you with information on the Global Error display of the PRIMERGY Server. You can also switch the PRIMERGY identification LED on and off. Figure 79: The System Overview - System Status page Power LED Power status of the server. The following statuses are possible: On: Power ON (green) Off: Power OFF (orange) Error LED Provides information on the Global Error LED on the server: Display (irmc) Global Error LED on the server Status of the server off Not lit. No critical event has arisen. On Lit red. Prefailure event for a component. Flashing Flashing red. Critical event. Identify LED Status of the identification LED. The following statuses are possible: On: ON (blue) Off: OFF (gray) Turn On/ Turn Off Click the Turn On / Turn Off toggle button to turn the identification LED on or off. 188 irmc

irmc web interface System Information System FRU / IDPROM Information Information on the FRUs (Field Replaceable Units) is listed under System FRU / IDPROM Information. FRUs are system components that can be released and removed from the system. irmc 189

System Information irmc web interface 7.4.2 System Component Information - Information on the server components The System Component Information page provides information on the CPUs. The following status icons indicate the possible statuses of the system components: OK: Component status is okay. Component slot is empty. Warning: The status of the component has deteriorated. Fault: The component has a fault. Table 5: Status of the system component Figure 80: System Component Information page 190 irmc

irmc web interface irmc 7.5 irmc - Information, firmware and certificates The irmc page contains the links to the following pages: irmc Information - information about the irmc on page 192 Save irmc Firmware Settings - Save firmware settings on page 196 Certificate Upload - Load the DSA/RSA certificate and private DSA/RSA key on page 198 Generate a self-signed RSA Certificate - creating a self-signed RSA certificate on page 204 irmc 191

irmc - irmc Information irmc web interface 7.5.1 irmc Information - information about the irmc The irmc Information page provides you with the following options: View information on the firmware and the SDRR version of the irmc, set the firmware selector and restart the irmc. View information on the active irmc sessions. Load license key onto the irmc. Figure 81: irmc Information page 192 irmc

irmc web interface irmc - irmc Information Firmware Information Under Firmware Information, you can view information on the firmware version and the SDRR version of the irmc and set the firmware selector. Figure 82: irmc Information - Firmware Information page Firmware Selector You use the firmware selector to specify which firmware image is to be activated the next time the irmc is rebooted. You have the following options: Auto - EEPROM with highest FW version The EEPROM with the most recent version is selected automatically. EEPROM1 EEPROM 1 is selected. EEPROM2 EEPROM 2 is selected. Select EEPROM with oldest FW version The firmware image with the oldest version is selected. irmc 193

irmc - irmc Information irmc web interface Select most recently programmed FW Apply The most recently updated firmware image is selected. Select least recently programmed FW The least recently updated firmware image is selected. Click Apply to set the firmware selector to the option you have set under Firmware Selector. License Key The License Key group allows you to load a license key onto the irmc. I You require a valid license key to be able to use the irmc functions Advanced Video Redirection (see page 288) and Remote Storage (see page 296). You can purchase the license key. Upload When you click this button, the license key specified in the input field is loaded onto the irmc. 194 irmc

irmc web interface irmc - irmc Information Miscellaneous irmc Options The Miscellaneous irmc Options group allows you to make settings for the layout of the irmc web interface. Figure 83: irmc Information page - Miscellaneous Options Default Language Specifies the language (German / English) that is set as default the next time the irmc web interface is called. Temperature Units Specifies the unit used for displaying temperature values at the irmc web interface (degrees Celsius / degrees Fahrenheit). This setting applies for the current session and is preset the next time the irmc web interface is called. Colour Schema Specifies the color scheme for displaying the irmc web interface. This setting applies for the current session and is preset the next time the irmc web interface is called. irmc 195

irmc - Save Firmware settings irmc web interface 7.5.2 Save irmc Firmware Settings - Save firmware settings The Save irmc Firmware Settings page allows you to save the current firmware settings and a number of other settings for the irmc in a file. The firmware settings selected under Save irmc Firmware settings in ServerView WinSCU XML format are saved in a file with the name irmc_settings.pre. In WinSCU (see page 331), you can use the Import... button to load the firmware settings onto the irmc again. The firmware settings selected under Save irmc Firmware settings in binary (BMCCLONE.exe) format are saved in a file with the name irmc_settings.bin. V CAUTION! Always save the setting using Save irmc Firmware settings in ServerView WinSCU XML format. Save irmc Firmware settings in binary (BMCCLONE.exe) format should only be used if the system module of the managed server is being replaced. I If you want to save the user settings (Include User Settings), you require Configure User Accounts permission. In all other cases, Configure irmc settings permission is sufficient. 196 irmc

irmc web interface irmc - Save Firmware settings Figure 84: Save irmc Firmware Settings page Save Click Save to save the selected settings. Save All Click Save All to save all the settings. irmc 197

irmc - Certificate Upload irmc web interface 7.5.3 Certificate Upload - Load the DSA/RSA certificate and private DSA/RSA key The Certificate Upload page allows you to load a signed X.509 DSA/RSA certificate (SSL) from a Certificate Authority (CA) and/or your private DSA/RSA key (SSH) onto the irmc. I The irmc is supplied with a predefined server certificate (default certificate). If you want to access the irmc over secure SSL/SSH connections, it is recommended that you replace the certificate with one signed by a Certificate Authority (CA) as soon as possible. I Input format of the X.509 DSA/RSA certificate and the private DSA/RSA key: The X.509 DSA/RSA certificate and the RSA/DSA must both be available in PEM-encoded format (ASCII/Base64). 198 irmc

irmc web interface irmc - Certificate Upload Figure 85: Certificate Upload page irmc 199

irmc - Certificate Upload irmc web interface Displaying the currently valid (CA) DSA/RSA certificate In the group Certificate Information and Restore, click View Certificate to show the currently valid certificate. Figure 86: Certificate Upload page - display of the currently valid SSL/SSH certificate 200 irmc

irmc web interface irmc - Certificate Upload Restoring the default certificate In the group Certificate Information and Restore, click Default Certificate to restore the default certificate delivered with the firmware after you have confirmed that you wish to do so. Figure 87: Certificate Upload page - Restoring the default certificate irmc 201

irmc - Certificate Upload irmc web interface Loading the DSA/RSA certificate and private DSA/RSA key from local files You do this using the group SSL Certificate and DSA/RSA private key upload from file. Figure 88: Loading the DSA/RSA certificate and private DSA/RSA key from local files Proceed as follows: Save the X.509 DSA/RSA (SSL) certificate and private DSA/RSA key in corresponding local files on the managed server. Specify the files Private Key File and Certificate File by clicking on the associated Browse button and navigating to the file which contains the private key or the certificate. Click the Upload button to load the certificate and the private key onto the irmc. I When you upload the certificate and private key, all the existing HTTPS connections are closed and the HTTPS server is automatically restarted. This process can take up to 30 seconds. No explicit reset of the irmc is required. Click the View Certificate button to make sure that the certificate has been loaded successfully. 202 irmc

irmc web interface irmc - Certificate Upload Entering the DSA/RSA certificate / private DSARSA key directly You do this using the group SSL DSA/RSA certificate or DSA/RSA private upload via copy & paste. Figure 89: Entering the DSA/RSA certificate / private DSARSA key directly Proceed as follows: Copy the X.509 DSA certificate or the private DSA key to the input area. I You cannot simultaneously enter the certificate and key for the same upload. Click the Upload button to load the certificate or the private key onto the irmc. Use the Remote Manager to reset the irmc (see section Service processor - IP parameters, identification LED and irmc reset on page 321). I This is necessary in order to make a certificate or private key loaded onto the irmc valid. Click the View Certificate button to make sure that the certificate has been loaded successfully. irmc 203

irmc - Generate a self-signed Certificate irmc web interface 7.5.4 Generate a self-signed RSA Certificate - creating a self-signed RSA certificate You can create a self-signed certificate using the Generate a self-signed RSA Certificate page. Figure 90: Generate a self-signed Certificate page 204 irmc

irmc web interface irmc - Generate a self-signed Certificate View Certificate You can view the currently valid DSA/RSA certificate using this button. Default Certificate You can use this button to restore the default certificate delivered with the firmware after you have confirmed that you wish to do so. Enter the requisite details under Certificate Creation. Click Create to create the certificate. I When generate the new certificate, all the existing HTTPS connections are closed and the HTTPS server is automatically restarted. This can take up to 5 minutes depending on the key length. No explicit reset of the irmc is required. irmc 205

Power Management irmc web interface 7.6 Power Management The Power Management entry contains the links to the power management pages for your PRIMERGY server: Power On/Off - power the server up/down on page 207. Power Options - Configuring power management for the server on page 211. Power Supply Info - Power supply and IDPROM data for the FRU components on page 214. 206 irmc

irmc web interface Power Management - Power On/Off 7.6.1 Power On/Off - power the server up/down The Power On/Off page allows you to power the managed server on and off. You are informed of the server s current power status and are also able to configure the behavior of the server during the next boot operation. Figure 91: Power On/Off page irmc 207

Power Management - Power On/Off irmc web interface Power Status Summary The Power Status Summary group provides information on the current power status of the server and the reasons for the most recent power on/off operations. In addition, a counter totals the years, months, days and minutes that the server has been switched on to date. Figure 92: Power On/Off - Power Status Summary page 208 irmc

irmc web interface Power Management - Power On/Off Boot Options The Boot Options group allows you to configure the behavior of the system the next time it is booted. You can set whether the BIOS is to interrupt the boot process for the system if errors occur during the POST phase. I The options set here only apply to the next boot operation. After this, the default mechanism applies again. Figure 93: Power On/Off - Boot Options page Select the desired BIOS behavior from the Error Halt Settings list: Continue Continue the boot process if errors occur during the POST phase. Halt on errors Interrupt the boot process if errors occur during the POST phase. From the Boot Device Selector list, select the storage medium you wish to boot from. The following options are available: No change: The system is booted from the same storage medium as previously. PXE/iSCSI: The system is booted from PXE / iscsi over the network. Harddrive: The system is booted from hard disk. CDROM/DVD: The system is booted from CD /DVD. Floppy: The system is booted from floppy disk. Click the Apply button to activate your settings. irmc 209

Power Management - Power On/Off irmc web interface Power Control - powering the server up and down The Power Control group allows you to power the server up/down. Figure 94: Power On/Off - Power Control page Power On Switches the server on. Immediate Power Off Powers the server down, regardless of the status of the operating system. Immediate Reset Completely restarts the server (cold start), regardless of the status of the operating system. Power Cycle Powers the server down completely and then powers it up again after a configured period. You can configure this time in the Power Cycle Delay field of the ASR&R Options group (see page 231). Graceful Power Off (Shutdown) Graceful shutdown and power off. This option is only available if ServerView agents are installed and signed onto the irmc as Connected. Graceful Reset (Reboot) Graceful shutdown and reboot. This option is only available if ServerView agents are installed and signed onto the irmc as Connected. Click the Apply button to start the required action. 210 irmc

irmc web interface Power Management - Power Options 7.6.2 Power Options - Configuring power management for the server The Power Options page allows you to define the server s behavior after a power outage and specify the server s power on/off times. Figure 95: Power Options page irmc 211

Power Management - Power Options irmc web interface Power Restore Policy - Specify behavior of the server after a power outage The Power Restore Policy group allows you to specify the server s power management behavior after a power outage. Figure 96: Power Options page, Power Restore Policy Always power off The server always remains powered down after a power outage. Always power on The server is always powered up again after a power outage. Restore to powered state prior to power loss The power up/down status of the server is restored to the status prior to the power outage. Click the Apply button to activate your settings. The configured action will be performed after a power outage. 212 irmc

irmc web interface Power Management - Power Options Power On/Off Time - Specify power on/off times for the server The input fields of the Power On/Off Time group allow you to specify the times at which the server is powered up/down for the individual days of the week or for specified times during the day. I Specifications in the Everyday field take priority! The Trap fields also allow you to configure whether the irmc sends an SNMP trap to the management console before a planned power-on / power-off of the managed server and, if so, how many minutes before the event this should be done. No traps are sent if you specify the value 0. Figure 97: Power Options page, Power On/Off Time Click the Apply button to activate your settings. irmc 213

Power Management - Power Supply Info irmc web interface 7.6.3 Power Supply Info - Power supply and IDPROM data for the FRU components The Power Supply Info page provides you with information on the power supply specifications and the IDPROM data of the FRUs of the server. Figure 98: Power Supply Info page 214 irmc

irmc web interface Sensors 7.7 Sensors - Check status of the sensors The Sensors entry provides you with pages which allow you to test the sensors of the managed server: Fans - Check fans on page 216. Temperature - Check temperature sensors on page 218. Voltages - Check voltage sensors on page 220. Power Supply - Check power supply on page 221. Component Status - Check status of the server components on page 222. To facilitate checking the status, the sensor status is not only shown in the form of the current value, but also using a color code and a status icon: Black / The measured value is within the normal operational value range. Orange / The measured value has exceeded the warning threshold. System operation is not yet jeopardized. Red / The measured value has exceeded the critical threshold. System operation may be jeopardized and there is a risk of loss of data integrity. Table 6: Status of the sensors irmc 215

Sensors - Fans irmc web interface 7.7.1 Fans - Check fans The Fans page provides information on fans and their status. Figure 99: Fans page Fan Test - Test fans The Fan Test group allows you to specify a time at which the fan test is started automatically or to start the fan test explicitly. Fan Check Time Enter the time at which the fan test is to be started automatically. Click the Apply button to activate your settings. Click the Start Fan Test button to start the fan test explicitly. 216 irmc

irmc web interface Sensors - Fans System Fans - Specify server behavior in the event that a fan fails The System Fans group provides you with information on the status of the fans. You can use the options or buttons to select individual fans or all the fans and specify whether the server should be shut down after a specified number of seconds if this fan fails. Select all Selects all fans. Deselect all All selections are cancelled. Select the fans for which you wish to define the behavior in the event of a fault. Define the behavior in the event of a fault using the list at the bottom of the work area: Choose continue if the server is not to be shut down if the selected fans fail. Choose shutdown-and-power-off if the server is to be shut down and powered down if the selected fans fail. If you choose this option, you must also specify the time in seconds between failure of the fan and shutdown of the server (Shutdown Delay) in the field to the right of the list. I In the case of redundant fans, shutdown is only initiated if more than one fan is faulty and shutdown-and-power-off is also set for these fans. Click the Apply to the selected Fans button to activate your settings for the selected fans. irmc 217

Sensors - Temperature irmc web interface 7.7.2 Temperature - Check temperature sensors The Temperature page provides information on the status of the temperature sensors which measure the temperature at the server components, such as the CPU and the FBD (FullyBuffered DIMM) and the ambient temperature. Figure 100: Temperature page You can use the options or buttons to select individual temperature sensors or all the temperature sensors and specify whether the server is to be shut down if the critical temperature is reached at the selected sensors. Select all Selects all temperature sensors. Deselect all All selections are cancelled. Select the sensors for which you wish to define the behavior in the event that the critical temperature is reached. 218 irmc

irmc web interface Sensors - Temperature Define the behavior in the event that the critical temperature is reached using the list at the bottom of the work area: Choose continue if the server is not to be shut down if the critical temperature is reached at the selected sensors. Choose shutdown-and-power-off if the server is to be shut down and powered down if the critical temperature is reached at the selected sensors. Click the Apply to the selected Sensors button to activate your settings for the selected temperature sensors. irmc 219

Sensors - Voltages irmc web interface 7.7.3 Voltages - Check voltage sensors The Voltages page provides information on the status of the voltage sensors assigned to the server components. Figure 101: Voltages page 220 irmc

irmc web interface Sensors - Power Supply 7.7.4 Power Supply - Check power supply The Power Supply page provides information on the power supplied from the power supply units and the power consumed by the system components. Figure 102: Power Supply page Power Supply Sensor Information This provides information on the power supplied from the power supply units. irmc 221

Sensors - Component Status irmc web interface 7.7.5 Component Status - Check status of the server components The Component Status page provides information on the status of the server components. Figure 103: Component Status page 222 irmc

irmc web interface System Event Log 7.8 System Event Log (SEL) - Displaying and configuring the server s event log The System Event Log entry contains the links to the pages for viewing and configuring the server event log (system event log, SEL): System Event Log Content - Show information on the SEL and SEL entries on page 224. System Event Log Configuration - Configure the SEL on page 227. Colored icons are assigned to the various event/error categories to improve clarity: Critical Major Minor Informational Table 7: System event log content - error categories irmc 223

System Event Log Content irmc web interface 7.8.1 System Event Log Content - Show information on the SEL and SEL entries The System Event Log Content page provides information on the SEL and displays the SEL entries. Figure 104: System Event Log Content page 224 irmc

irmc web interface System Event Log Content System Event Log Information The System Event Log Information group informs you of the number of entries in the SEL. It also indicates the time when the last entries were added or deleted. Figure 105: System Event Log Content page, System Event Log Information Clear Event Log Click the Clear Event Log button to clear all the entries in the SEL. Save Event Log After you have clicked the Save Event Log button, the irmc allows you to download the file irmc_eventlog.sel, which contains the SEL entries. irmc 225

System Event Log Content irmc web interface System Event Log Content The System Event Log Content group displays the SEL entries filtered by error class. I You can modify the filter criteria for the duration of the current session in the System Event Log Content group. However, the settings you make here are only valid until the next logout. After that, the default settings apply again. Figure 106: System Event Log Content page, System Event Log Content Display Critical, Display Major, Display Minor, Display Info If you wish, you can choose one or more error categories other than the default values here. Click the Apply button to activate your settings for the duration of the current session. 226 irmc

irmc web interface System Event Log Configuration 7.8.2 System Event Log Configuration - Configure the SEL On the System Event Log Configuration page, you can configure the SEL entries which are displayed by default on the System Event Log Content page (see page 224). whether the SEL is organized as a ring buffer or a linear buffer. Figure 107: System Event Log Configuration page irmc 227

System Event Log Configuration irmc web interface Default Web interface display filtering Display Critical, Display Major, Display Minor, Display Info, Here you select one or more error categories for which SEL entries should be displayed by default on the System Event Log Content page. I If a LocalView module is fitted in the managed PRIMERGY server, you can also select the error categories for displaying the SEL entries in the display panel of the LocalView module. (This selection is independent of the selection you have made for the SEL entries displayed on the System Event Log Content page.) Ring SEL The SEL is organized as a ring buffer. IPMI SEL The SEL is organized as a linear buffer. I When the linear SEL has been completely filled, it is not possible to add any further entries. Click the Apply button to activate your settings. 228 irmc

irmc web interface Server Management Information 7.9 Server Management Information - Configuring the server settings The Server Management Information page allows you to configure the following settings on the server: ASR&R (automatic server reconfiguration and restart) settings for the server (see page 231) Watchdog settings (see page 233) Integration of HP System Insight Manager (HP SIM) (see page 234) I The settings made on this page become active the next time the managed server is started. irmc 229

Server Management Information irmc web interface Figure 108: Server Management Information page 230 irmc

irmc web interface Server Management Information ASR&R Options - Configure ASR&R settings The ASR&R Options group allows you to configure the ASR&R (automatic server reconfiguration and restart) settings for the server. Figure 109: Server Management Information page, ASR&R Options ASR&R Boot Delay Number of minutes (max. 30) the server waits after a shutdown and power-off as a result of a critical error before attempting to boot again. Action with retry counter zero Action to be performed after the number of restart attempts specified under Retry counter has failed. Power Off The server is powered down. Boot Diagnostic IDE Disk The system is booted from the Diagnostic IDE Disk. Boot PXE The system is booted from PXE over the network. Boot irmc Remote Image The system is booted from the ServerStart boot image via Remote Storage. Disabled No action is carried out. Retry counter Max (0-7) Maximum number of restart attempts that should be permitted for the server after a critical error (up to 7). irmc 231

Server Management Information irmc web interface Retry counter (0 - Max) Number of restart attempts that a server should attempt after a critical error (maximum value is the value set under Retry counter Max). BIOS boot source for next boot Storage medium to be used the next time the system is booted: Boot Option The system is booted from the storage medium specified on the Power On/Off page under Boot Options - Boot Device Selector (see page 209). Diagnostic System The diagnostic system is booted. BIOS recovery flash bit Enables/disables the BIOS recovery flash bit: Enabled The next time the system is booted, the BIOS is automatically flashed. Disabled The next time the system is booted, the BIOS is not automatically flashed. I The Enabled setting is of value if the operating system no longer boots after the firmware has been updated. A BIOS recovery flash is then performed automatically the next time the system is booted from the DOS floppy (or a DOS floppy image). After a BIOS recovery flash has been performed successfully, reset the BIOS Recovery Flash bit to disabled. Power Cycle Delay Time (in seconds) between powering down and powering up during a power cycle. Click the Apply button to save your settings. The configured settings are saved and the actions which have been configured are performed in the appropriate circumstances. 232 irmc

irmc web interface Server Management Information Watchdog Settings - Configure software watchdog and boot watchdog The Watchdog Settings group allows you configure the software watchdog and the boot watchdog. Figure 110: Server Management Information page, Watchdog Options The software watchdog monitors the activities of system using the ServerView agents. The software watchdog is activated when the ServerView agents and the operating system have been completely initialized. The ServerView agents contact the irmc at defined intervals. If no more messages are received from a ServerView agent, it is assumed that the system is no longer functioning correctly. You can specify an action to be performed if this happens. The boot watchdog monitors the phase between startup of the system and the time at which the ServerView agents become available. If the ServerView agents do not establish a connection to the irmc of the server within a specified time, it is assumed that the boot process has not been successful. You can specify an action to be performed if this happens. Proceed as follows: Check or uncheck the option(s) under Enabled for the Software Watchdog and/or Boot Watchdog. If you have activated either of these options, you can configure the following settings after Software Watchdog and/or Boot Watchdog: Continue No action is performed when the watchdog has expired, i.e. the server continues to run. An entry is made in the event log. Reset The server management software triggers a system reset. irmc 233

Server Management Information irmc web interface Power Cycle The server is powered down and immediately powered up again. As appropriate, enter the time (in minutes) after which this action is to be performed following after timeout delay. I The boot watchdog must wait until the system has been started. You therefore have to specify a sufficient period for after timeout delay (1-100). Click the Apply button. The configured settings are saved and the actions which have been configured are performed in the appropriate circumstances. HP System Insight Manager (HP SIM) Integration Options - Configure HP SIM integration The HP System Insight Manager (HP SIM) Integration Options group allows you to specify whether the irmc responds with identification information to a nonauthenticated XML query from the HP Insight Manager. Figure 111: Server Management Information page - HP SIM Integration Options Proceed as follows: Enable or disable the HP SIM Integration Disabled option to disable or enable HP SIM integration. Click the Apply button to apply the selected setting. 234 irmc

irmc web interface Network Settings 7.10 Network Settings - Configure the LAN parameters The Network Settings entry brings together the links to the pages you use to configure the LAN parameters of the irmc: Network Interface - Configure Ethernet settings on the irmc on page 236. Ports and Network Services - Configuring ports and network services on page 239. DHCP Configuration - Configuring the host name for the irmc on page 243. DNS Configuration - Enable DNS for the irmc on page 245. irmc 235

Network Settings - Network Interface irmc web interface 7.10.1 Network Interface - Configure Ethernet settings on the irmc The Network Interface page allows you to view and change the Ethernet settings for the irmc. Figure 112: Network Interface page V CAUTION! Contact the network administrator responsible for the system before you change the Ethernet settings. If you make illegal Ethernet settings for the irmc, you will only be able to access the irmc using special configuration software, the serial interface or via the BIOS. I Only users with the Configure irmc Settings permission are allowed to edit Ethernet settings (see chapter User management for the irmc on page 57). 236 irmc

irmc web interface Network Settings - Network Interface MAC Address The irmc s MAC address is displayed here. LAN Speed LAN speed. The following options are available: Auto Negotiation 100 MBit/s Full Duplex 100 MBit/s Half Duplex 10 MBit/s Full Duplex 10 MBit/s Half Duplex If Auto Negotiation is selected, the onboard LAN controller assigned to the irmc autonomously determines the correct transfer speed and duplex method for the network port it is connected to. LAN Port I This option is not supported for all PRIMERGY servers. On some PRIMERGY server models, the LAN interface of the installed system NIC (network interface card) can be set up as shared LAN for shared operation with the system or as a service LAN for exclusive use as a management LAN. I The Service LAN setting is mandatory for the Type TX150 S6 PRIMERGY server. irmc 237

Network Settings - Network Interface irmc web interface IP Address The IP address of the irmc in the LAN. This address is different from the IP address of the managed server. I If you are working with a static address (DHCP enable option not activated) then you can enter this here. Otherwise (if the DHCP enable option is activated), the irmc only uses the field to display the address. Subnet Mask Subnet mask of the irmc in the LAN. gateway IP address of the default gateway in the LAN. DHCP Enabled If you activate this option, the irmc gets its LAN settings from a DHCP server on the network. I Do not activate the DHCP option if no DHCP server is available on the network. If you activate the DHCP option and there is no DHCP server available on the network, the irmc goes into a search loop (i.e. it continues searching for a DHCP server until it finds one). The (configured) irmc can be registered with a DNS server by an appropriately configured DHCP server (see sections DHCP Configuration - Configuring the host name for the irmc on page 243 and DNS Configuration - Enable DNS for the irmc on page 245). VLAN Enabled This option allows you to activate VLAN support for the irmc VLAN Id VLAN ID of the virtual network (VLAN) the irmc belongs to. Permitted value range: 1 Î VLAN Id Î 4094. VLAN Priority VLAN priority (user priority) of the irmc in the VLAN specified by VLAN Id. Permitted value range: 0 Î VLAN Priority Î 7 (default: 0). Click the Apply button to activate the configured Ethernet settings. 238 irmc

irmc web interface Network Settings - Ports and Network Serv. 7.10.2 Ports and Network Services - Configuring ports and network services The Ports and Network Services page allows you to view and modify the configuration settings for ports and network services. Figure 113: Ports and Network Services page I Configuration is not supported for ports where the input fields are deactivated in the irmc web interface. irmc 239

Network Settings - Ports and Network Serv. irmc web interface Ports for web-based access Session Timeout Period of inactivity (in seconds) after which the session is automatically closed. The login page of the irmc web interface then appears, and you can log in again as required (see page 178). I Your session will not automatically be closed if it is inactive when the time specified in Session Timeout has elapsed if you enter a value for the refresh interval which is less than the Session Timeout in the Refresh every... seconds field (see page 241). HTTP Port HTTP port of the irmc Default port number: 80 Configurable: yes Enabled by default: yes Communication direction: inbound and outbound HTTPS Port HTTPS (HTTP Secure) port of the irmc Default port number: 443 Configurable: yes Enabled by default: yes Communication direction: inbound and outbound Force HTTPS If you enable the Force HTTPS option, users can only establish a secure connection to the irmc on the HTTPS port specified in the entry field. If you disable the Force HTTPS option, users can establish a non-secure connection to the irmc on the HTTP port specified in the entry field. I If the SSL certificate has expired, a message to this effect is issued in the browser. Enable Auto Refresh If you activate this option, the contents of the irmc web interface are automatically refreshed periodically. Specify the refresh interval in the Refresh every... seconds field. 240 irmc

irmc web interface Network Settings - Ports and Network Serv. Refresh every... Seconds Length (in seconds) of the interval for automatically refreshing the irmc web interface. I If you enter a value for the refresh interval which is less than the Session Timeout (see page 240), your session will not automatically be closed when the time specified in Session Timeout has elapsed in the event of inactivity. Ports for text-based access Telnet Port Telnet port of the irmc Default port number: 3172 Configurable: yes Enabled by default: no Communication direction: inbound and outbound SSH Port SSH (Secure Shell) port of the irmc Default port number: 22 Configurable: yes Enabled by default: yes Communication direction: inbound and outbound Telnet enabled If you enable the Telnet Enabled option, users can establish a connection to the irmc on the Telnet port specified in the entry field. Session Drop Time Period of inactivity (in seconds) after which a Telnet connection is automatically cleared. irmc 241

Network Settings - Ports and Network Serv. irmc web interface VNC ports Standard Port VNC port of the irmc for secure and non-secure Advanced Video Redirection (AVR) Port number: 80 Configurable: yes Enabled by default: yes Communication direction: inbound Secure Port (SSL) VNC port of the irmc for the SSL-secured transfer of mouse and keyboard input for AVR. Port number: 443 Configurable: yes Enabled by default: yes Communication direction: inbound Remote Storage Ports Standard Port Standard remote storage port of the irmc Default port number: 5901 Configurable: yes Enabled by default: yes Communication direction: outbound to the remote workstation Click the Apply button to store the configured settings. 242 irmc

irmc web interface Network Settings - DHCP Configuration 7.10.3 DHCP Configuration - Configuring the host name for the irmc The DHCP Configuration page allows you to configure a host name for the irmc and thus use dynamic DNS. Dynamic DNS allows DHCP servers to autonomously pass on the IP address and system name of a network component to DNS servers to facilitate identification. Figure 114: DHCP Configuration page Register DHCP Address in DNS Enables/disables transfer of the DHCP name to the DHCP server for the irmc. Use irmc Name instead of Hostname The irmc name specified in the irmc Name entry field is used for the irmc instead of the server name. irmc 243

Network Settings - DHCP Configuration irmc web interface Add Serial Number The last 3 bytes of the MAC address of the irmc are appended to the DHCP name of the irmc. Add Extension The extension specified in the Extension entry field is appended to the DHCP name of the irmc. Extension Enter a name extension for the irmc. irmcname irmc name passed to DHCP for the irmc in place of the server name. DNS Name Shows the configured DNS name for the irmc. 244 irmc

irmc web interface Network Settings - DNS Configuration 7.10.4 DNS Configuration - Enable DNS for the irmc The DNS Configuration page allows you to activate the Domain Name Service (DNS) for the irmc. This allows you to use symbolic DNS names instead of IP addresses for configuring the irmc. Figure 115: DNS Configuration page DNS Enabled Enables/disables DNS for the irmc. Obtain DNS configuration from DHCP If you activate this option, the IP addresses of the DNS servers are obtained automatically from the DHCP server. In this event, up to five DNS servers are supported. If you do not enabled this setting, you can enter up to five DNS server addresses manually under DNS-Server 1 - DNS-Server 5. irmc 245

Network Settings - DNS Configuration irmc web interface DNS Domain If the option Obtain DNS configuration from DHCP is disabled, specify the name of the default domain for requests to the DNS server(s). DNS Server 1.. 5 If the Obtain DNS configuration from DHCP option is disabled, you can enter the names of up to five DNS servers here. Click the Apply button to store the configured settings. 246 irmc

irmc web interface Alerting 7.11 Alerting - Configure alerting The Alerting entry contains the links to the pages you use to configure alerting for the irmc: SNMP Trap Alerting - Configure SNMP trap alerting on page 248. Serial / Modem Alerting - Configure alerting via modem on page 250. Email Alerting - Configure email alerting on page 252. irmc 247

Alerting - SNMP Trap Alerting irmc web interface 7.11.1 SNMP Trap Alerting - Configure SNMP trap alerting The SNMP Trap Alerting page allows you to view and configure the settings for SNMP trap alerting. I Forwarding of SNMP traps to up to seven SNMP servers is supported. Figure 116: SNMP Trap Alerting page SNMP Community Name of the SNMP community. Click the Apply button to accept the community name. 248 irmc

irmc web interface Alerting - SNMP Trap Alerting SNMP Server1.. SNMP Server7 (trap destinations) DNS names or IP addresses of the servers that belong to this community and are to be configured as Trap Destinations. Click the Apply button to activate the SNMP server as a trap destination. Click the Test button to test the connection to the SNMP server. Click Apply All to activate all the settings if appropriate. irmc 249

Alerting - Serial/Modem Alerting irmc web interface 7.11.2 Serial / Modem Alerting - Configure alerting via modem The Serial / Modem Alerting page allows you to configure how alerts are forwarded via a modem. Figure 117: Serial / Modem Alerting page Modem Alerting Enabled Enables or disables serial/modem alerting. Modem Init String Please refer to your modem documentation for details on this entry. Modem Reset/Hangup String Please refer to your modem documentation for details on this entry. Modem Dial Prefix This entry will depend on the type of connection you have. 250 irmc

irmc web interface Alerting - Serial/Modem Alerting Provider Phone Number Enter the name of the SMS server. Handy/Pager Phone Number Enter the name of the mobile phone. Handy/Pager Type You can choose between: Signal Pager Numeric Pager Alpha pager SMS DoCoMo SMS Message Length Limit You can choose between 80 or 140 as the maximum length. SMS Protocol Type Enable the option corresponding to the mobile phone network used. Click the Apply button to activate your settings. Click the Test button to send a test alert. irmc 251

Alerting - Email Alerting irmc web interface 7.11.3 Email Alerting - Configure email alerting The Email Alerting page allows you to configure the settings for email alerting. I Configuration of two mail servers is supported. Email alerting can be specified individually for each user (see section User <name> Configuration - User configuration (details) on page 262). I Email alerting is currently not supported for global irmc user IDs (see chapter User management for the irmc on page 57). 252 irmc

irmc web interface Alerting - Email Alerting Figure 118: Email Alerting page irmc 253

Alerting - Email Alerting irmc web interface Global Email Paging Configuration - Configure global email settings The Global Email Paging Configuration group allows you to configure the global email settings. Figure 119: Email Alerting - Global Email Paging Configuration page Email Alerting Enabled Activate this option. SMTP Retries (0-7) Number of SMTP retries. SMTP Retry Delay (0-255) Time (in seconds) between SMTP retries. SMTP Response Timeout Timeout (in seconds) for an SMTP response. Click the Apply button to activate your settings. 254 irmc

irmc web interface Alerting - Email Alerting Primary SMTP Server Configuration - Configure primary mail server The Primary SMTP Server Configuration group allows you to configure the primary server (SMTP server). Figure 120: Email Alerting page, Primary SMTP Server Configuration SMTP Server IP address of the primary mail server I You can activate the Domain Name Service (DNS) for the irmc (see DNS Configuration - Enable DNS for the irmc on page 245). You can then use a symbolic name instead of the IP address. SMTP Port SMTP port of the mail server Auth Type Authentication type for connecting the irmc to the mail server: None No authentication for the connection. SMTP AUTH (RFC 2554) Authentication according to RFC 2554: SMTP Service Extension for Authentication Auth User Name User name for authentication on the mail server Auth Password Password for authentication on the mail server Confirm Password Confirm the password entered. Click the Apply button to activate your settings. irmc 255

Alerting - Email Alerting irmc web interface Secondary SMTP Server Configuration - Configure secondary mail server The Secondary SMTP Server Configuration group allows you to configure the secondary server (SMTP server). Figure 121: Email Alerting page, Secondary SMTP Server Configuration SMTP Server IP address of the secondary mail server I You can activate the Domain Name Service (DNS) for the irmc (see DNS Configuration - Enable DNS for the irmc on page 245). You can then use a symbolic name instead of the IP address. SMTP Port SMTP port of the mail server Click the Apply button to activate your settings. 256 irmc

irmc web interface Alerting - Email Alerting Mail Format dependent Configuration - Configure mail-format-dependent settings The Mail Format dependent Configuration group allows you to configure the mailformat-dependent settings. You specify the mail format for each user using the New User Configuration - User <Name> Configuration - Email Format Configuration page (see page 266). The following email formats are supported: Standard Fixed Subject ITS-Format Fujitsu REMCS Format Figure 122: Email Alerting page, Mail Format dependent Configuration Some entry fields are disabled depending on the mail format. From Sender identification irmc. Active for all mail formats. I If the string entered here contains an @, the string is interpreted as a valid email address. Otherwise, admin@<ip-address> is used as the valid email address. Subject Fixed subject for the alert mails. Only active for the Fixed Subject mail format (see page 266). Message Type of message (email). Only active for the Fixed Subject mail format (see page 266). irmc 257

Alerting - Email Alerting irmc web interface Admin Name Name of the administrator responsible (optional). Only active for the ITS mail format (see page 266). Admin Phone Phone number of the administrator responsible (optional). Only active for the ITS mail format (see page 266). REMCS Id This ID is an additional server ID, similar to the serial number. Only active for the mail format Fujitsu REMCS-Format. Server URL A URL under which the server is accessible under certain conditions. You have to enter the URL manually. Only active for the Standard mail format. Click the Apply button to store your settings. 258 irmc

irmc web interface User Management 7.12 User Management - Manage users The User Management entry contains the links to the pages for local user management as well as for the configuration of the directory service for global user management (LDAP configuration): irmc User - local user management on the irmc on page 259 Directory Service Configuration (LDAP) - Configuring the directory service at the irmc on page 269 7.12.1 irmc User - local user management on the irmc The irmc User page contains a table showing all the configured users: Each line contains the data for one configured user. The user names are implemented in the form of links. Clicking on a user name opens the User <name> Configuration window (see page 262), in which you can view or modify the settings for this user. I User ID 1 ( null user ) is reserved for the IPMI standard and is therefore unavailable for user management on the irmc. irmc 259

User Management - irmc User irmc web interface Figure 123: User Management page Delete The table of configured users includes a Delete button after each user entry. Click this button to delete the associated user after confirming this choice. New User When you click this button, the New User Configuration page opens (see page 261). You can configure a new user here. 260 irmc

irmc web interface User Management - irmc User 7.12.1.1 New User Configuration - Configuring a new user The New User Configuration page allows you to configure the basic settings for a new user. You will find explanations of the fields and selection lists on the New User Configuration page as of page 263 under the description of the User <name> Configuration page. In figure 124 you can see the configuration of a user with the name user3. Figure 124: User Management page, New User Configuration irmc 261

User Management - irmc User irmc web interface 7.12.1.2 User <name> Configuration - User configuration (details) The User <name> Configuration page allows you to view, modify and extend the settings for a user. In figure 125 you can see the configuration of the user created in figure 124. I The user ID is shown in brackets after the user name. Figure 125: User Management - User <name> Configuration page 262 irmc

irmc web interface User Management - irmc User User Information - Configuring user access data The User Information group allows you to configure the access data for the user. Figure 126: User Management - User <name> Configuration page, User Information User Enabled Disable this option to lock the user. Name Enter the name of the user. Password Enter the user password. Confirm Password Confirm the password by entering it again here. Description Enter a general description of the configured user here. irmc 263

User Management - irmc User irmc web interface User Shell Select the desired user shell here. The following options are available: SMASH CLP See section Start a Command Line shell... - Start a SMASH CLP shell on page 323. CLI Shell See section Command Line Protocol (CLP) on page 324. Remote Manager See chapter irmc via Telnet/SSH (Remote Manager) on page 303. IPMI Basic Mode IPMI Terminal Mode None Click the Apply button to activate your settings. 264 irmc

irmc web interface User Management - irmc User Privileges and Permissions - Assigning user privileges The Privileges and Permissions group allows you to configure the channelspecific user privileges. Figure 127: User Management - User <name> Configuration page, Privilege / Permissions LAN Channel Privilege Assign a privilege group for a LAN channel to the user here: User Operator Administrator OEM Refer to section User permissions on page 60 for information on the permissions associated with the privilege groups. Serial Channel Privilege Assign a privilege group for a serial channel to the user here: The same privilege groups are available as for LAN Channel. In addition to the channel-specific permissions, you can also individually assign users the following channel-independent permissions: Configure User Accounts Permission to configure local user access data. Configure irmc Settings Permission to configure the irmc settings. Video Redirection Enabled Permission to use Advanced Video Redirection (AVR) in View Only and Full Control mode. irmc 265

User Management - irmc User irmc web interface Remote Storage Enabled Permission to use the Remote Storage functionality. Click the Apply button to activate your settings. Email Configuration - Configure user-specific email settings The Email Configuration group allows you to configure the user-specific settings governing the email format. Figure 128: User Management - User <name> Configuration page, Email Configuration Email Enabled Specify whether the user is to be informed about system statuses by email. 266 irmc

irmc web interface User Management - irmc User Mail Format Depending on the selected email format, you can make a number of settings in the Email Alerting - Mail Format dependent Configuration group (see page 257). The following email formats are available: Standard Fixed Subject ITS-Format Fujitsu REMCS Format Preferred Mail Server Select the preferred mail server. You can choose one of the following options: Automatic If the email cannot be sent successfully immediately, for instance because the preferred mail server is not available, the email is sent to the second mail server. Primary Only the mail server which has been configured as the primary SMTP server (see page 255) is used as the preferred mail server. Secondary Only the mail server which has been configured as the secondary SMTP server (see page 256) is used as the preferred mail server. I Errors sending email are recorded in the event log. User Description General description of the configured user. Email Address Email address of recipient. irmc 267

User Management - irmc User irmc web interface Paging Severity Configuration Here you can configure system events about which an irmc user is to be informed by email. I Every entry in the event log for the irmc is assigned to a particular paging group. The following settings are available for each event group: None The notification function is deactivated for this paging group. Critical The irmc notifies users by email if an entry in the system event log is reported as Critical. Warning The irmc notifies users by email if an entry in the system event log is reported as Minor, Major or Critical. I If WARNING is set, the user is also notified of system event log entries with the status CRITICAL. All The irmc notifies users of every event in this group which causes an entry to be made in the system event log. Click the Apply button to activate your settings. 268 irmc

irmc web interface User Management - Directory Service Config. 7.12.2 Directory Service Configuration (LDAP) - Configuring the directory service at the irmc In order to perform global user management via a directory service (see page 66), you must configure the irmc appropriately in the Directory Service Configuration page. I Currently, support for irmc LDAP access is provided for the following directory services: Microsoft Active Directory, Novell edirectory and Open LDAP. I The following characters are reserved as metacharacters for search strings in LDAP: &,,!, =, <, >, ~, : You must therefore not use these characters as components of Relative Distinguished Names (RDN). Figure 129: Directory Service Configuration page (LDAP configuration) irmc 269

User Management - Directory Service Config. irmc web interface Global Directory Service Configuration: General details In the Global Directory Service Configuration group, you configure irmc LDAP access to the directory service. LDAP Enabled This option specifies whether the irmc can access a directory service via LDAP. Directory service access via LDAP is only possible if LDAP Enable has been activated. I If LDAP Enable is checked then the login information (see page 178) is always transferred with SSL encryption between the web browser and the irmc. LDAP SSL Enabled If you check this option then data transfer between irmc and the directory server is SSL encrypted. I LDAP SSL Enable has no influence on whether or not the irmc web interface pages are SSL-protected on opening. I You should only activate LDAP SSL Enable if a domain controller certificate is installed. Disable Local Login If you activate this option then all the local irmc user identifications are locked and only the user identifications managed by the directory service are valid. V CAUTION! If the option Disable Local Login is activated and the connection to the directory service fails then it is no longer possible to log in at the irmc. Always use SSL Login I This option is only relevant if LDAP is deactivated. If you activate this option then the HTTP SSL-secured login page is always used even if LDAP is deactivated. Only if you do not activate Always use SSL Login and LDAP is deactivated is a mask secured via Digest Authentication Login used. Directory Server Type Type of directory server used: The following directory services are supported: 270 irmc

irmc web interface User Management - Directory Service Config. Active Directory: Microsoft Active Directory Novell: Novell edirectory OpenLDAP: OpenLDAP Click the Apply button to activate your settings. Different input fields are provided, depending on the directory service you select: For Active Directory, refer to Configuring irmc for Microsoft Active Directory on page 272. For edirectory and Open LDAP, refer to Configuring irmc for Novell edirectory / OpenLDAP on page 274. irmc 271

User Management - Directory Service Config. irmc web interface Configuring irmc for Microsoft Active Directory After you have confirmed the Active Directory you have chosen by clicking Apply, the following variant of the Directory Service Configuration page is shown: Figure 130: Global Directory Service Configuration: Specifications for Microsoft Active Directory I The entries shown as examples in figure 130 refer to the examples and figures shown in section irmc user management via Microsoft Active Directory on page 77. 272 irmc

irmc web interface User Management - Directory Service Config. Proceed as follows: Complete your specifications in the Global Directory Service Configuration group. LDAP Server 1 IP address or DNS name of the LDAP directory server that is to be used. LDAP Server 2 IP address or DNS name of the LDAP directory server which is maintained as the backup server and used as the directory server if LDAP Server 1 fails. Domain name Complete DNS path name of the directory server. Base DN Base DN is automatically derived from Domain Name. Department name Department name. The directory service needs the department name in order to determine the user permissions. A user may have different permissions for the department X server than for the department Y server (see also figure 17 on page 70). In the Global Directory Service Configuration group, click the Apply button to activate the settings you have made under Global Directory Service Configuation. This completes configuration of the directory service and activates it. I The specifications in the Directory Service Access Configuration group are currently not relevant for Microsoft Active Directory. The settings that you make here are required for alerting in connection with global user identifications. However, alerting is currently only supported for local user identifications. irmc 273

User Management - Directory Service Config. irmc web interface Configuring irmc for Novell edirectory / OpenLDAP After you have confirmed you choice of Novell or OpenLDAP by clicking Apply, the following variant of the Directory Service Configuration page is shown. I The Directory Service Configuration page has an identical structure for both Novell edirectory and OpenLDAP. Figure 131: Global Directory Service Configuration: Specifications for Novell edirectory / Open LDAP I The entries shown as examples in figure 131 refer to the examples and figures shown in section irmc user management via Novell edirectory on page 95. 274 irmc

irmc web interface User Management - Directory Service Config. Proceed as follows: Complete your specifications in the Global Directory Service Configuration group. LDAP Server 1 IP address or DNS name of the LDAP directory server that is to be used. LDAP Server 2 IP address or DNS name of the LDAP directory server which is maintained as the backup server and used as the directory server if LDAP Server 1 fails. Dept. name Department name. The directory service needs the department name in order to determine the user permissions. A user may have different permissions for the department X server than for the department Y server (see also figure 17 on page 70). Base DN The Base DN is the fully distinguished name of the edirectory or Open LDAP server and represents the tree or subtree that contains the OU (Organizational Unit) irmcgroups. This DN forms the starting point for LDAP searches. Group DN Context Pathname of the OU irmcgroups as a subtree of Base DN. User Search DN Pathname of the OU Users as a subtree of Base DN. On the Directory Service Configuration page, click the Apply button to activate the settings you have made under Global Directory Service Configuration. Make the following entries in the Global Service Access Configuration group: LDAP Auth Password Password the principal user uses to authenticate themselves on the LDAP server. Confirm Password Repeat the password you entered under LDAP Auth Password. Principal User DN Fully distinguished name of the generic irmc user ID (principal user) under which the irmc queries the permissions of the irmc users from the LDAP server. irmc 275

User Management - Directory Service Config. irmc web interface Append Base DN to Principal User DN If you activate this option, you do not need to specify the Base DN under Principal User DN. In this event, the Base DN is used that you specified under Base DN in the Global Directory Service Configuration group. Bind DN Bind DN shows the principal user DN used for LDAP authentication. Enhanced User Login Enhanced flexibility on user login. If you select Enhanced User Login and activate it with Apply, an additional field User Login Search Filter appears containing the standard login search filter. Figure 132: LDAP search filter for Enhanced User Login. At login, the placeholder %s is replaced by the associated global login. You can modify the standard filter by specifying another attribute in place of cn=. All global logins are then permitted to log into the irmc which meet the criteria of this search filter. V CAUTION! Only activate this option if you are familiar with the LDAP syntax. If you inadvertently specify and activate an invalid search filter, users can only log in to the irmc under a global login after the Enhanced User Login option has been deactivated. Click the Apply button to complete the directory service configuration and activate the settings. 276 irmc

irmc web interface Console Redirection 7.13 Console Redirection - Redirecting the console The following pages are available for console redirection: BIOS Text Console - Configure and start text console redirection on page 277. Advanced Video Redirection - Start Advanced Video Redirection (AVR) on page 288. 7.13.1 BIOS Text Console - Configure and start text console redirection The BIOS Text Console page allows you to configure and start text console redirection. I Text console redirection can also be configured in the BIOS (see section Configuring text console redirection via LAN using the BIOS Setup program on page 42). irmc 277

Console Redirection - BIOS Text Console irmc web interface Figure 133: BIOS Text Console page 278 irmc

irmc web interface Console Redirection - BIOS Text Console 7.13.1.1 BIOS Console Redirection Options - Configure text console redirection BIOS Console Redirection Options allows you to configure text console redirection. Figure 134: BIOS Text Console - BIOS Console Redirection Options page Console Redirection Enabled This option allows you to enable/disable console redirection. I The operating system can also permit text console redirection irrespective of the settings in the BIOS. Console Redirection Mode This setting affects the behavior of console redirection while the operating system is running (after the BIOS POST phase has completed) - see section Text console redirection while the operating system is running on page 286: Standard Console redirection is terminated after the BIOS POST phase. Enhanced Console redirection continues to be available after the BIOS POST phase. irmc 279

Console Redirection - BIOS Text Console irmc web interface Console Redirection Port Two serial ports are available: Serial 1, Serial 2. I If console redirection is to be performed via LAN, Serial 1 must be set. If Serial 2 is selected, only the connection over the null modem cable works. Serial Port Baud Rate The following baud rates can be set: 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200. Serial Port Flow Control The following settings are possible: None Flow control is disabled. XON/XOFF (Software) Flow control is handled by the software. CTS/RTS (Hardware) Flow control is handled by the hardware. Terminal Emulation The following terminal emulations are available: VT100 7Bit, VT100 8Bit, PC-ANSI 7Bit, PC-ANSI 8 Bit, VT100+, VT-UTF8 Serial 1 Multiplexer Check the consistency of the multiplexer settings: Serial: System LAN: irmc Click the Apply button to activate your settings. 280 irmc

irmc web interface Console Redirection - BIOS Text Console 7.13.1.2 Text Console Redirection (via Serial over LAN) - Start text console redirection Text Console Redirection (via Serial Over LAN) allows you to start text console redirection. I Text console redirection via Serial over LAN (SOL) assumes that the operating system and/or the BIOS use serial port 1 (COM1) for text console redirection. Figure 135: Start text console redirection via Serial over LAN (SOL). Click the Start Console Redirection button to start text console redirection function. The Java applet for text console redirection is started (see figure 136 on page 282): irmc 281

Console Redirection - BIOS Text Console irmc web interface Figure 136: Window for power management and text console redirection (before login) Click the Logon button to log in to the irmc. You are then prompted to enter your irmc user name and password: Figure 137: Power management and text console redirection - Login window 282 irmc

irmc web interface Console Redirection - BIOS Text Console Enter your user name and password and click Login to confirm. The window for power management and text console redirection is then displayed: Console redirection bar Status bar Console area Power management bar Login bar Figure 138: Window for power management and text console redirection irmc 283

Console Redirection - BIOS Text Console irmc web interface The elements of the console redirection window are explained below: Login bar The login bar shows the IP address and current firmware version of the irmc. The Login and Logout buttons allow you to log in to and log out of the irmc. Power management bar The power management bar provides information on the power status of the managed server. You can update the display by clicking the Status button. The Command drop-down list allows you to select and launch an IPMI command for power management of the managed server (see page page 285). You do not need to be connected with the console to do this. Console redirection bar The Enter Console and Leave Console buttons in the console redirection bar allow you to show or hide the display in the console area. Console area The console area contains the display from the redirected text console. Status bar The status bar shows the IP address of the irmc and the port number used for console redirection. In addition, the status bar provides information on the status of the console redirection (online/offline). 284 irmc

irmc web interface Console Redirection - BIOS Text Console Click Enter Console. You are then connected to the console and can execute the required command, either by entering it directly in the console area or by clicking it in the Command drop-down list (IPMI commands only): Enter SAC command directly. (No confirmation prompt!) or Select IPMI command and click. A AAA Figure 139: Entering SAC or IPMI commands at the console. IPMI command Power On Power Off Reset Power Cycle Shutdown Explanation Switches the server on. Switches the server off. Completely restarts the server (cold start), regardless of the status of the operating system. Powers the server down completely and then powers it up again after approximately 5 seconds. Graceful shutdown and power off. To close the connection to the console, click Leave Console. irmc 285

Console Redirection - BIOS Text Console irmc web interface 7.13.1.3 Text console redirection while the operating system is running Depending on the operating system used on the managed server, you can continue to use console redirection after the BIOS POST phase. DOS I Condition: The BIOS setting for console redirection mode must be set to Enhanced (see the section BIOS Text Console - Configure and start text console redirection on page 277). If the managed server starts the PRIMERGY ServerView Suite/diagnosis software, you can operate PRIMERGY ServerView Suite/Diagnose/Diagnose remote using console redirection. For further information on PRIMERGY ServerView Suite/Diagnose, refer to the RemoteView 5.0 manual. Windows Server 2003 Windows Server 2003 handles console redirection automatically after the POST phase. No further settings are necessary. While the operating system is booting, the Windows Server 2003 SAC console is transferred: Figure 140: Windows Server 2003 SAC console 286 irmc

irmc web interface Console Redirection - BIOS Text Console Linux You must configure a Linux operating system in such a way that it handles console redirection after the POST phase. Once it has been configured, you have complete remote access. Settings required The settings may differ between program versions. SuSe and RedHat Add the following line to the end of the file /etc/inittab: xx:12345:respawn:/sbin/agetty <baud-rate> ttys0 RedHat Insert the following kernel boot parameter in the file /etc/grub.conf: SuSE console=ttys0,<baud-rate> console=tty0 Insert the following kernel boot parameter in the file /boot/grub/menu.lst : console=ttys0,<baud-rate> console=tty0 irmc 287

Console Redirection - AVR irmc web interface 7.13.2 Advanced Video Redirection - Start Advanced Video Redirection (AVR) The Advanced Video Redirection page allows you to start graphical console redirection. The Advanced Video Redirection feature redirects graphical output from the managed server to the remote workstation and assigns keyboard and mouse input from the remote workstation to the managed server so that you can access the managed server from the remote workstation as if you were working locally. AVR can be used by two users simultaneously. One user has full control over the server (full-control mode) and the other can only passively observe keyboard and mouse operation of the server (view-only mode). I In order to use the irmc function Advanced Video Redirection, you require a license key (see Load license key onto the irmc. on page 192). The AVR functionality is made available with a Java applet. Figure 141: Advanced Video Redirection page 288 irmc

irmc web interface Console Redirection - AVR AVR Active Session Table - Show current AVR sessions The AVR Active Session Table lists the currently active AVR sessions. If no AVR session is currently active then the AVR Active Session Table is not displayed. Local Monitor - Power up/down options for local server monitor I This function is not supported by all PRIMERGY servers with irmc. The status of the local monitor on the managed server is shown under Local Monitor (see section Local Monitor Off function on page 137). In addition, you can configure: that the local monitor can be switched on and off from the remote workstation, that the local monitor shuts down automatically for the duration of the AVR session when an AVR session is started, Figure 142: Advanced Video Redirection page - Local Monitor irmc 289

Console Redirection - AVR irmc web interface Enable Local Monitor Off This option allows you to activate the following options: In full-control mode of an AVR session, you can switch the local monitor on and off (AVR Extras menu, see page 148). For users with administrator or OEM permissions, the toggle button Turn Off / Turn On is also enabled. This also allows the local monitor to be switched on and off (see figure 143). Figure 143: Advanced Video Redirection page - Local Monitor On/Off You can also configure that the local monitor is switched off automatically for the duration of an AVR session when an AVR session is started (see the Automatic Local Monitor Off when AVR is started option on page 291). I If no concurrent session with Local Monitor Off is active, the local monitor is automatically switched on again when the AVR session is closed. 290 irmc

irmc web interface Console Redirection - AVR Automatic Local Monitor Off when AVR is started I This option only takes effect if Enable Local Monitor has been activated. If you activate this option, the local monitor is automatically switched off for the duration of the session when an AVR session is started. After the AVR session is closed, the local monitor is automatically switched on again if no concurrent session with Local Monitor Off is active. I Parallel AVR sessions: Even if you switch on the local monitor during your AVR session (in the AVR menu Extras or with the Turn On button), the local monitor is automatically switched off again if a new, concurrent AVR session is started. The local monitor is switched on again automatically when all AVR sessions have been closed. Click the Apply button to activate your settings. irmc 291

Console Redirection - AVR irmc web interface Video Redirection - Starting AVR You start AVR under Video Redirection. Figure 144: Advanced Video Redirection - Start AVR page Click Start Video Redirection or Start Video Redirection (Java Web Start) to start a (second) AVR session. The Java applet for Advanced Video Redirection is started. The Java applet shows the AVR window in view-only mode, and you are asked whether you want to take full control of the managed server using AVR or whether you wish to remain in the view-only mode. Figure 145: AVR window (view-only mode) 292 irmc

irmc web interface Console Redirection - AVR Click OK to take over full control of the managed server. In this case, the window for active use of AVR is opened (see figure 146). I This places the currently active AVR session in view-only mode. Users should agree among themselves what modes they are to use in their sessions. Click Cancel to remain in view-only mode. If you have decided to actively use AVR, the following window appears, with which you can log into the managed server. Figure 146: AVR window (full-control mode) The menus of the AVR window and the integrated special keys are described in chapter Advanced Video Redirection on page 133. irmc 293

Console Redirection - AVR irmc web interface The two active AVR sessions are shown as follows on the Advanced Video Redirection page: Figure 147: Advanced Video Redirection page when two AVR sessions are active Disconnect If you click Disconnect, a confirmation dialog box appears in which you can close the AVR session to the left of the button. I You can only close AVR sessions of other users with the Disconnect button. To close your own session, choose Exit from the Extras menu in the AVR window (see page 148). 294 irmc

irmc web interface Console Redirection - AVR The following window appears if the managed server is powered down: Figure 148: AVR window when the server is powered down irmc 295

Remote Storage irmc web interface 7.14 Remote Storage The Remote Storage feature provides the managed server with a virtual drive which is physically located elsewhere in the network. The source for the virtual drive can be a physical drive (floppy disk drive CD-ROM/DVD-ROM) or an ISO image (image file). I In order to use the irmc function Remote Storage, you require a license key (see page 194). You can make the remote storage media available as follows: As a physical drive or image file at the remote workstation (see page 156). The image file may also be a network drive (with drive letter, e.g. D: for drive D). As an image file centrally in the network via a remote storage server (see page 165). I Parallel remote storage connections: The following are possible concurrently: either up to two Remote Storage connections to virtual drives at the remote workstation (if the connection is established over the AVR Java applet) or one Remote Storage connection to a Remote Storage server. It is not possible to establish concurrent Remote Storage connections via an applet and via the Remote Storage server. The Remote Storage page allows you to display information on the status of the current remote storage connections and establish the connection to a remote storage server. 296 irmc

irmc web interface Remote Storage Figure 149: Remote Storage page IP Address or DNS Name Here you enter the IP address or DNS name of the computer on which a remote storage server is installed. Apply Click the Apply button to save the remote storage server s IP address or DNS name. Connect Click the Apply button to save the remote storage server s IP address or DNS name and establish the connection to the remote storage server. I Before it is possible to establish the connection to the remote storage server the remote storage server must be installed and running. Disconnect Click the Disconnect button to terminate the connection to the remote storage server. irmc 297

Telnet / SSH access (Remote Manager) irmc web interface 7.15 Operating irmc via Telnet/SSH (Remote Manager) A Telnet/SSH-based interface is available for the irmc. This is known as the Remote Manager. The alphanumeric user interface of the Remote Manager provides you with access to system and sensor information, power management functions and the error event log. You can also start text console redirection and a SMASH CLP shell. You can call the Remote Manager from the irmc web interface as follows: Use the irmc SSH Access link to initiate an SSH (Secure Shell) encrypted Telnet connection to the irmc. Use the irmc Telnet Access link to initiate an unencrypted Telnet connection to the irmc. I Maximum number of parallel sessions: Telnet: up to 4 SSH: up to 2 Telnet and SSH in total: up to 4 Operation of the irmc using the Remote Manager is described in chapter irmc via Telnet/SSH (Remote Manager) on page 303. Requirements on the managed server Access via Telnet must be activated for the irmc (see the section Ports and Network Services - Configuring ports and network services on page 239). I Access via the Telnet protocol is deactivated by default for security reasons, as passwords are transmitted in plain text. 298 irmc

irmc web interface Telnet / SSH access (Remote Manager) Establishing an SSH/Telnet connection and logging into the Remote Manager I If the screen displays for SSH and Telnet connections differ only with respect to the connection-specific information displayed, the display for an SSH connection is shown below. In the navigation bar, click on the link irmc SSH Access (SSH) or irmc Telnet Access (Telnet). The Java applet for the SSH or Telnet connection is started and the following window is displayed (in this case using the example of an SSH connection): Figure 150: Establishing an SSH connection to the irmc irmc 299

Telnet / SSH access (Remote Manager) irmc web interface In the connection bar, click Connect. As soon as the connection to the irmc has been established, you are requested to enter the user name and password. Logging into the Remote Manager over an SSH connection I If the host key of the managed server is not yet registered at the remote workstation, the SSH client issues a security alert with suggestions on how to proceed. The following login window is displayed: Figure 151: SSH connection: Logging in to the Remote Manager Enter your user name and password and confirm your entries by clicking Login. The main menu of the Remote Manager is then displayed (see figure 153 on page 302). 300 irmc

irmc web interface Telnet / SSH access (Remote Manager) Logging into the Remote Manager over a Telnet connection The Remote Manager login window is displayed: Figure 152: Telnet connection: Logging in to the Remote Manager I Depending on whether ServerView agents have already been started at some point on the system, the login window is shown with or without system information (see page 308). Enter your user name and password and confirm your entries by pressing [Enter]. The main menu of the Remote Manager is then displayed (see figure 153). irmc 301

Telnet / SSH access (Remote Manager) irmc web interface Figure 153: Main menu of the Remote Manager Closing a Telnet/SSH connection Close the connection to the Remote Manager by clicking the Disconnect button in the connection bar of the Remote Manager window or by pressing the [0] key in the main menu of the Remote Manager (see figure 153). 302 irmc

8 irmc via Telnet/SSH (Remote Manager) A Telnet-based interface is available for the irmc. This is known as the Remote Manager. You can call the Remote Manager over the following interfaces: irmc web interface (see page 298) any Telnet/SSH client ServerView Remote Management Frontend The irmc supports secure connections over SSH (Secure Shell). The Remote Manager interface is identical for Telnet and SSH connections. In principle, any Telnet/SSH client that interprets VT100 sequences can be used to access the irmc. It is nevertheless recommended that the irmc web interface or the ServerView Remote Management Frontend (referred to below simply as the Remote Management Frontend) be used. I Maximum number of parallel sessions: Telnet: up to 4 SSH: up to 2 Telnet and SSH in total: up to 4 Requirements on the managed server Access via Telnet must be activated for the irmc (see the section Ports and Network Services - Configuring ports and network services on page 239). I Access via the Telnet protocol is deactivated by default for security reasons, as passwords are transmitted in plain text. I Since ServerView does not know the value of the management port, the Remote Management Frontend uses the default value. Since a connection is not automatically established when the Remote Management Frontend is started, you can correct any nonstandard value for the management port after the Remote Management Frontend has been started. irmc 303

Operating the irmc using the Remote Management Frontend 8.1 Operating the irmc using the ServerView Remote Management Frontend You will find detailed information on establishing a connection to the irmc using the Remote Management Frontend and on the work environment of the Remote Management Frontend in the ServerView Remote Management Frontend manual. 304 irmc

Telnet/SSH - Remote Managerr... operating 8.2 Remote Manager This section describes operation of the irmc from the Remote Manager and the various functions in detail. The end of the section also provides a brief overview of SMASH CLP. 8.2.1 Operating Remote Manager Operation of Remote view is described on the basis of the example in figure 154, which shows an excerpt from the main menu of the Remote Manager. Figure 154: Operating the Remote Manager Select the required menu item by entering the number or letter which precedes the menu item, e.g. c for Change password. Functions that the user is not permitted to use are indicated by a dash (-) and functions that are not available are indicated by an asterisk (*). Press [0] or the key combination [Ctrl] [D] to close the Remote Manager. An appropriate event will be written to the event log. irmc 305

Overview of menus Telnet/SSH - Remote Manager 8.2.2 Overview of menus The Remote Manager menu for the irmc has the following structure: System Information Chassis Information Mainboard Information OS and SNMP Information Power Management Immediate Power Off Immediate Reset Power Cycle Power on Graceful Power Off (Shutdown) Graceful Reset (Reboot) Enclosure Information System Event-Log View System Event-Log (text, newest first) View System Event-Log (text, oldest first) Dump System Event-Log (raw, newest first) Dump System Event-Log (raw, oldest first) View System Eventlog Information Clear System Event-Log Temperature Voltages/Current Fans Power Supplies Door Lock CPU Sensors 306 irmc

Telnet/SSH - Remote Manager Overview of menus Component Status (Lightpath) List All Sensors Service Processor Configure IP Parameters List IP Parameters Toggle Identify LED Reset irmc (Warm reset) Reset irmc (Cold reset) Change password Console Redirection (EMS/SAC) Start a Command Line shell irmc 307

Logging in Telnet/SSH - Remote Manager 8.2.3 Logging in As soon as a connection to the irmc has been established, the login window of the Remote Manager (Telnet/SSH window) is displayed at the terminal client at the remote workstation. Depending on whether ServerView agents have already been started at some point on the system, the login window is shown with or without system information. I When logging in over an SSH connection: If the host key of the managed server is not yet registered at the remote workstation, the SSH client issues a security alert with suggestions on how to proceed. Figure 155: Remote Manager: Login window (with system information) 308 irmc

Telnet/SSH - Remote Manager Logging in Figure 156: Remote Manager: Login window (without system information) The Remote Manager window contains information on the affected PRIMERGY system. This information identifies the server and indicates its operating status (Power Status). Some details (e.g. the System Name) are only shown for servers and only if the server is configured appropriately. In order to be able to use the Remote Manager, you must log in with a user name and a password. Then an appropriate event will be written to the Event log and the relevant main menu of the Remote Manager displayed (see section Main menu of the Remote Manager on page 310). You can terminate the login process at any time using [Ctrl][D]. irmc 309

Main menu Telnet/SSH - Remote Manager 8.2.4 Main menu of the Remote Manager Figure 157: Remote Manager: Main menu window 310 irmc

Telnet/SSH - Remote Manager Main menu The main menu of the Remote Manager provides the following functions: System Information... Power Management... Enclosure Information... Service Processor... Change password Console Redirection (EMS/SAC) Start a Command Line shell... Table 8: Main menu of the Remote Manager View information on the managed server (see section System Information - Information on the managed server on page 314). Power the server up or down. (see section Power Management on page 315). Request information on the current system status, e.g. check error and event messages from the error log and event log (temperature, fan, etc.) (see section Enclosure Information - System event log and status of the sensors on page 317). Configure the irmc (e.g. update firmware or change IP address) (see section Service processor - IP parameters, identification LED and irmc reset on page 321). Change the password (see section Change the password on page 313). Text console redirection (see section Console Redirection (EMS/SAC) - Start text console redirection on page 322). Start a Command Line Shell (see section Start a Command Line shell... - Start a SMASH CLP shell on page 323) irmc 311

Required permissions Telnet/SSH - Remote Manager 8.2.5 Required user permissions table 9 provides an overview of the user permissions which are required in order to use the individual Remote Manager functions. Remote Manager menu items Permitted with IPMI privilege level Required permission OEM Administrator Operator User Configure User Accounts Configure irmc Settings Video Redirection Enabled Remote Storage Enabled System Information... X X X X Power Management... X X X Enclosure Information X X X X System Eventlog - View/Dump System Eventlog X X X X System Eventlog - Clear System Eventlog X X X Sensor overviews (Temperature, Fans...) X X X X Service Processor... Service Processor... - Toggle Identify LED X X X X Service Processor... - List/Configure IP Parameters Service Processor... - Reset irmc (warm/cold reset) Change Password Console Redirection (EMS/SAC) X X X X Start a command Line shell... X X X X Table 9: Permissions to use the Remote Manager menus X X X X 312 irmc

Telnet/SSH - Remote Manager Change the password 8.2.6 Change the password The Change password menu item allows a user with the privilege Configure User Accounts (see page 60) to change their own password or the passwords of other users. irmc 313

System Information Telnet/SSH - Remote Manager 8.2.7 System Information - Information on the managed server The following menu appears if you choose System Information... from the main menu: Figure 158: Remote Manager: System Information window The submenu contains the following functions: Chassis Information Mainboard Information OS and SNMP Information Table 10: System Information menu Information on the chassis of the managed server and its product data. Information on the mainboard of the managed server and its product data. Information on the operating system and the ServerView version of the managed server and on the SNMP settings. 314 irmc

Telnet/SSH - Remote Manager Power Management 8.2.8 Power Management The following menu appears if you choose Power Management... from the main menu: Figure 159: Remote Manager: Power Management window irmc 315

Power Management Telnet/SSH - Remote Manager The submenu contains the following functions: Immediate Power Off Immediate Reset Power Cycle Power On Graceful Power Off (Shutdown) Graceful Reset (Reboot) Table 11: Power Management menu Powers the server down, regardless of the status of the operating system. Completely restarts the server (cold start), regardless of the status of the operating system. Powers the server down completely and then powers it up again after a configured period. Switches the server on. Graceful shutdown and power off. This menu item is only available if ServerView agents are installed and signed onto the irmc as Connected. Graceful shutdown and reboot. This menu item is only available if ServerView agents are installed and signed onto the irmc as Connected. 316 irmc

Telnet/SSH - Remote Manager Enclosure Information 8.2.9 Enclosure Information - System event log and status of the sensors The following menu appears if you choose Enclosure Information... from the main menu: Figure 160: Remote Manager: Enclosure Information window irmc 317

Enclosure Information Telnet/SSH - Remote Manager The submenu contains the following functions: System Eventlog Temperature Voltages/Current Fans Power Supplies Door Lock CPU Sensors Component Status List All Sensors Table 12: Enclosure Information menu Call the System Eventlog menu (see the section System Eventlog on page 319). Display information on the temperature sensors and their status. Display information on the voltage and current sensors and their status. Display information on the fans and their status. Display information on the power supplies and their redundancy status. Display information on whether the front panel or housing are open. Localize the processors of the server. Display detailed information on all sensors that have a PRIMERGY diagnostic LED. Display detailed information on all sensors. 318 irmc

Telnet/SSH - Remote Manager Enclosure Information System Eventlog The following menu appears if you select System Eventlog from the Enclosure Information... submenu: Figure 161: Remote Manager: System Eventlog window irmc 319

Enclosure Information Telnet/SSH - Remote Manager The submenu contains the following functions: View System Eventlog (text, newest first) View System Eventlog (text, oldest first) Dump System Eventlog (raw, newest first) Dump System Eventlog (raw, oldest first) View System Eventlog Information Clear System Eventlog Table 13: System Eventlog menu The contents of the Event log are output to screen in a readable form and in chronological order (the most recent entry first). The contents of the Event log are output to screen in a readable form and in reverse chronological order (the oldest entry first). The contents of the Event log are dumped in chronological order (the most recent entry first). The contents of the Event log are dumped in reverse chronological order (the oldest entry first). Display information on the event log. Clear the contents of the event log. 320 irmc

Telnet/SSH - Remote Manager Service Processor 8.2.10 Service processor - IP parameters, identification LED and irmc reset The following menu appears if you choose Service Processor... from the main menu: Figure 162: Remote Manager: Service Processor window irmc 321

Console Redirection (EMS/SAC) Telnet/SSH - Remote Manager The submenu contains the following functions: Configure IP Parameters List IP Parameters Toggle Identify LED Reset irmc (warm reset) Reset irmc (cold reset) Table 14: Service Processor menu Configure the IP address, subnet mask and default gateway. You can also specify whether DHCP is to be activated Display the IP settings. Switch the PRIMERGY identification LED on/off. Reset the irmc. The connection is closed. Only the interfaces are re-initialized. Reset the irmc. The connection is closed. The entire irmc is re-initialized. I It is recommended that you restart the server after Reset irmc (Cold Reset) or Reset irmc(warm Reset) (see page 210). 8.2.11 Console Redirection (EMS/SAC) - Start text console redirection You can start console redirection with the Console Redirection (EMS/SAC) item from the main menu. I Text-based console redirection only works over the LAN with Serial 1. If console redirection is also to be used while the operating system is running, the Serial 1 Multiplexer must be set to System. 322 irmc

Telnet/SSH - Remote Manager Start a Command Line shell... 8.2.12 Start a Command Line shell... - Start a SMASH CLP shell Start a Command Line shell... in the main menu allows you to start a SMASH CLP shell. SMASH CLP stands for Systems Management Architecture for Server Hardware Command Line Protocol. This protocol permits a Telnet- or SSHbased connection between the management station and the managed server. For further details on SMASH CLP, please refer to section Command Line Protocol (CLP) on page 324. When you select (s) Start a Command Line shell... from the main menu, the following window appears: Figure 163: Remote Manager: Start a SMASH CLP shell... window Choose (1) Start a SMASH CLP shell... to start the SMASH CLP shell. irmc 323

Command Line Protocol (CLP) Telnet/SSH - Remote Manager 8.2.13 Command Line Protocol (CLP) The irmc supports various text-based user interfaces, known as user shells, which can be configured differently for individual users. The System Management Architecture for Server Hardware (SMASH) initiative defines a number of specifications with the following objectives: Provision of standardized interfaces for managing heterogeneous computer environments, Provision of an architecture framework with uniform interfaces, hardware and software discovery, resource addressing and data models. You can find further information on SMASH under the following link: http://www.dmtf.org/standards/smash SMASH CLP syntax SMASH CLP specifies a common command line syntax and message protocol semantics for managing computers on the Internet and in enterprise and service provider environments. You can find detailed information on SMASH CLP in the DMTF document Server Management Command Line Protocol Specification (SM CLP) DSP0214. The general syntax of the CLP is as follows: <verb> [<options>] [<target>] [<properties>] <verb> Verbs specify the command or action to be executed. The list of verbs describes the following activities, for instance: Establish (set) and retrieve (show) data, Change the status of a target (reset, start, stop), Manage the current session (cd, version, exit), Return information on commands (help). In irmc systems, the verb oemfujitsu also allows the use of special OEM commands. 324 irmc

Telnet/SSH - Remote Manager Command Line Protocol (CLP) <options> Command options modify the action or the behavior of a verb. Options can immediately follow the verb in a command line and must always be introduced by a dash ("-"). Options allow you to, for instance, define the output format, permit recursive execution of a command, display the version of a command or request help. <target> <target> specifies the address or the path of the object to be manipulated by the command, i.e. the target of the command. This can be a single managed element such as a hard disk, a network adapter (Network Interface Card, NIC), or the management program (Management Assistance Program, MAP) itself. Targets can, however, also be services such as a transport service. Several managed elements which can be managed by the management program can be subsumed under a single <target>, for instance the entire system. Only one <target> may be specified for each command. <properties> <properties> describe the properties of the target of the command which are required to execute the command. Thus, <properties> identify the properties of the target s class that are to be retrieved or modified by the command. irmc 325

Command Line Protocol (CLP) Telnet/SSH - Remote Manager User data in the CLP (overview) Data within the CLP is structured hierarchically. The command cd allows you to navigate within this structure. An overview of the user data in the CLP is shown in figure 164. The names in rectangles indicate command targets. On every level of the hierarchy, the command/verb show displays the available targets, properties and verbs. /./root system 1 map 1 log 1 firmware accounts nic 1 oemsensors oemsefru record 1 record n user 1 user 16 Figure 164: Structure of the user data in SMASH CLP Hierarchy of the CLP commands An overview of the CLP command hierarchy is shown in table 15 on page 327. 326 irmc

Telnet/SSH - Remote Manager Command Line Protocol (CLP) Table 15: Hierarchy of the CLP commands irmc 327

9 Configuring irmc using the Server Configuration Manager This chapter describes how to use the ServerView Configuration Manager to configure the irmc (as of page 342), configure and manage user IDs at the irmc (as of page 357). configure the Directory Service at the irmc (as of page 362). You can configure the irmc either locally on the managed server or from the remote workstation via the ServerView Operations Manager (referred to simply as the Operations Manager below). I Requirements: The current ServerView agents must be installed on the managed server. The Server Configuration Manager functions can be accessed in the following ways: Locally at the managed server by means of the ServerView Installation Manager (referred to below simply as the Installation Manager). Locally on managed Windows-based servers using the Windows Start menu. I This function is only supported for servers on which the ServerView agents for Windows are installed. On the remote workstation using the graphical interface of the Operations Manager. I This function is only supported for servers on which the ServerView agents for Windows are installed. irmc 329

Starting system configuration Server Configuration Manager 9.1 Starting system configuration This section describes how to call the Server Configuration Manager from the ServerView Installation Manager, the Windows Start menu and the ServerView Operations Manager. I The user interfaces of the individual Server Configuration Manager variants differ slightly in terms of their layout, but are functionally identical. In the description of the Server Configuration Manager dialog boxes for configuring the irmc (see page 342ff), the dialog boxes of the Server Configuration Manager variant called from Operations Manager are depicted. 9.1.1 Calling the Server Configuration Manager from the Installation Manager You can also call the Server Configuration Manager from the Installation Manager. Configuration via the Installation Manager is of significance when installing the server. The Installation Manager makes the Server Configuration Manager available both during preparation for installation and as a separate maintenance program. The Installation Manager is described in the manual ServerView Installation Manager. 330 irmc

Server Configuration Manager Starting system configuration 9.1.2 Calling the Server Configuration Manager from the Windows Start menu On Windows-based servers, you can also call the Server Configuration Manager via the Windows Start menu. To do this, proceed as follows: On the managed server, select: Start All Programs Fujitsu ServerView Agents Configuration Tools System Configuration. The System Configuration window opens: Figure 165: System Configuration window Accept the preset values. Click OK. The tab view of the System Configuration window opens. You can scroll to the left and right through the tabs by clicking the arrows next to the tabs. irmc 331

Starting system configuration Server Configuration Manager Applying settings To apply the settings made in the individual tabs, proceed as follows for each tab: Click the Apply button. Click the Save Page button. The irmc automatically reboots to activate the changed settings. 332 irmc

Server Configuration Manager Starting system configuration 9.1.3 Calling the Server Configuration Manager from the Operations Manager The Server Configuration Manager dialog boxes for configuring the irmc are also available from the graphical user interface of the Operations Manager. This allows you to configure the irmc of the managed server from the remote workstation via a Web interface. Proceed as follows: Start the Operations Manager (refer to the manual PRIMERGY ServerView Suite Operations Manager ). The start window of the Operations Manager opens: irmc 333

Starting system configuration Server Configuration Manager Figure 166: Operations Manager: Start window Choose Server Configuration from the Administration menu of the Operations Manager start window. This opens the following window (see figure 167 on page 335): 334 irmc

Server Configuration Manager Starting system configuration Figure 167: Operations Manager: Server Configuration window - Server list (1) tab In the hierarchy tree of the Server list tab, select the server to be configured. This opens the following window (see figure 168 on page 336): irmc 335

Starting system configuration Server Configuration Manager Figure 168: Operations Manager: Server Configuration window - Server list (2) tab In the right-hand side of the window, specify the details on the selected server and confirm your entries by clicking GO... The following window appears, showing the Restart Options page (see figure 169 on page 337): 336 irmc

Server Configuration Manager Starting system configuration Figure 169: Operations Manager: Server Configuration window - Configuration tab In the navigation area, click the required functions. The associated dialog page then appears in the right-hand side of the window. I This manual only describes those dialog pages which are relevant for configuring the irmc and for user management on the irmc. Configure the settings you require and save them with Save Page or with Save all. I Activate the configured settings for each server either separately for each dialog page with Save Page or after you have completed the entire configuration with Save all. Choose Reload Page or Reload all to reset the settings to the original values. I After you have completed configuring a server, you can select further servers for configuration in the Server list tab. irmc 337

ASR&R Fan Settings Server Configuration Manager 9.2 ASR&R Fan Settings The ASR&R Fan Settings dialog page shows comprehensive information on the fans of the managed server. For each fan, you can also specify whether the server is to be shut down if that fan fails. Choose ASR&R Fan Settings. Figure 170: ASR&R Fan Settings dialog page Configure the following settings: Fail Action Specify whether the server is to be shut down if the corresponding fan fails. Continue The server is not shut down. Shutdown The server is shut down if the fan is still faulty after the time specified in Action Delay (sec) has elapsed. Action Delay (sec) If you select Shutdown under Fail Action, you can specify a time delay here. 338 irmc

Server Configuration Manager ASR&R Fan Settings The server is shut down if the relevant fan is still faulty after the specified time has elapsed. I If you do not enter a value, the server is shut down immediately after the fan fails. Set fail action for all fans Here you can specify for all fans whether the server is to be shut down if any fan fails. Continue The server is shut down. Shutdown The server is shut down if the failed fan is still faulty after the time specified in Action Delay (sec) has elapsed. irmc 339

ASR&R Temperature Settings Server Configuration Manager 9.3 ASR&R Temperature Settings The ASR&R Temperature Settings dialog page shows comprehensive information on the temperature sensors of the managed server. For each sensor, you can also specify whether the server is to be shut down if critical temperature thresholds are reached. Choose ASR&R Temperature Settings. Figure 171: ASR&R Temperature Settings dialog page Configure the following settings: Fail Action Specify whether the server is to be shut down if a critical temperature threshold is reached on the selected sensor. Continue The server is not shut down. Shutdown The server is shut down. 340 irmc

Server Configuration Manager ASR&R Temperature Settings Set fail action for all fans Here you can specify for all temperature sensors whether the server is to be shut down if the critical temperature is reached on any temperature sensor. Continue The server is not shut down. Shutdown The server is shut down. irmc 341

irmc LAN Interface Server Configuration Manager 9.4 irmc LAN Interface - Configuring the LAN parameters of the irmc The irmc LAN Interface dialog page is used to configure the LAN settings (Ethernet settings) for the irmc. V CAUTION! Contact the network administrator responsible for the system before you change the LAN settings. If you make illegal LAN settings for the irmc you will only be able to access the irmc again using special configuration software, the serial interface or via the BIOS. Choose irmc LAN Interface. Figure 172: irmc LAN Interface dialog page 342 irmc

Server Configuration Manager irmc LAN Interface Configure the following settings: Obtain an IP address automatically (Use DHCP) If you enable Obtain an IP address automatically (Use DHCP), the irmc gets its LAN settings autonomously from a DHCP server on the network. In this case, the values for IP address, Subnet mask, and Default Gateway are set automatically. I Do not activate the DHCP option if no DHCP server is available. If you activate the DHCP option and there is no DHCP server available, the irmc goes into a search loop (i.e. it constantly searches for a DHCP server). You can specify that the DHCP and DNS services are to be used after initial installation in the following dialog pages: irmc DHCP DNS Configuration (see page 347) and irmc DNS Server Configuration (see page 349) or by configuring this in the irmc web interface (see section Network Settings - Configure the LAN parameters on page 235). By default, the following name is passed to the DHCP server on initial installation of the irmc: irmc<last 3 bytes of the MAC address>. IP Address The address of the irmc in the LAN. This address is different from the IP address of the managed server. I This entry is only evaluated if DHCP is not activated (see Obtain an IP address automatically (Use DHCP)). Subnet Mask Subnet mask of the irmc in the LAN. I This entry is only evaluated if DHCP is not activated (see Obtain an IP address automatically (Use DHCP)). Default Gateway IP address of the default gateway in the LAN. I This entry is only evaluated if DHCP is not activated (see Obtain an IP address automatically (Use DHCP)). irmc 343

irmc LAN Interface Server Configuration Manager LAN Speed LAN speed. The following options are available: Auto Negotiation 100 MBit/s Full Duplex 100 MBit/s Half Duplex 10 MBit/s Full Duplex 10 MBit/s Half Duplex If Auto Negotiation is selected, the onboard LAN controller assigned to the irmc autonomously determines the correct transfer speed and duplex method for the network port it is connected to. VLAN enabled This option allows you to activate VLAN support for the irmc VLAN ID VLAN ID of the virtual network (VLAN) the irmc belongs to. Permitted value range: 1 Î VLAN Id Î 4094. VLAN Priority VLAN priority (user priority) of the irmc in the VLAN specified by VLAN Id. Permitted value range: 0 Î VLAN Priority Î 7 (default: 0). 344 irmc

Server Configuration Manager irmc Networking Ports 9.5 irmc Networking Ports - Configuring ports and network services The irmc Networking Ports dialog page allows you to view and modify the configuration settings for ports and network services. V CAUTION! Configuration is not supported for ports where the input fields are deactivated in the irmc web interface (see page 239). It is only possible to verify whether the ports can be configured using the irmc Web interface. The preset values must not be changed using the Server Configuration Manager during initial configuration. Select the irmc Networking Ports dialog page. Figure 173: irmc Networking Ports dialog page Configure the following settings: HTTP Port HTTP port of the irmc (non-secure connection) irmc 345

irmc Networking Ports Server Configuration Manager HTTPS Port HTTPS port of the irmc (secure connection) Force HTTPS If you disable the Force HTTPS option, users can only establish a nonsecure connection to the irmc on the HTTP port specified in the entry field. If you enable the Force HTTPS option, users can establish a secure connection to the irmc on the HTTPS port specified in the entry field. I You can also configure web access in the irmc web interface. If the SSL certificate has expired, a message to this effect is issued in the web browser. SSH Port SSH port of the irmc Video Ports - Standard Port Video port of the irmc, hard-configured (port number: 5903). Video Ports - Secure Port Secure video port of the irmc, hard-configured (port number: 5913). VNC Ports - Standard Port VNC port of the irmc VNC Ports - Secure Port Secure VNC port of the irmc Remote Storage Ports - Standard Port Remote storage port of the irmc Telnet enabled If you enable the Telnet Enabled option, users can establish a connection to the irmc on the Telnet port specified in the entry field. Drop Time (sec) Period of inactivity (in seconds) after which a Telnet connection is automatically cleared. Telnet Port Telnet port of the irmc. This input field is only displayed if Telnet enabled is activated. 346 irmc

Server Configuration Manager irmc DNS Registration 9.6 irmc DNS Registration - Configuring the host name for the irmc The irmc DNS Registration dialog page allows you to configure a host name for the irmc and thus use dynamic DNS. Dynamic DNS allows DHCP servers to autonomously pass on the IP address and system name of a network component to DNS servers to facilitate identification. Choose irmc DNS Registration. Figure 174: irmc DNS Registration dialog page Configure the following settings: Register DHCP address in DNS Enables/disables transfer of the DHCP name to the DHCP server for the irmc. Add serial number The last 3 bytes of the MAC address of the irmc are appended to the end of the DHCP name of the irmc. irmc 347

irmc DNS Registration Server Configuration Manager Use user defined irmc name instead of host name The irmc name specified in the irmc Name entry field is used for the irmc instead of the server name. irmc Name irmc name passed to DHCP for the irmc in place of the server name. Add user defined extension The extension specified in the Extension entry field is appended to the DHCP name of the irmc. Extension Enter a name extension for the irmc. 348 irmc

Server Configuration Manager irmc DNS Server 9.7 irmc DNS Server - Activating DNS for the irmc The irmc DNS Server dialog page allows you to activate the Domain Name Service (DNS) for the irmc. This allows you to use symbolic DNS names instead of IP addresses for configuring the irmc. Choose irmc DNS Server. Figure 175: irmc DNS Server Configure the following settings: DNS enabled Enables/disables DNS for the irmc. Obtain DNS configuration from DHCP If you activate this option, the IP addresses of the DNS servers are obtained automatically from the DHCP server. In this event, up to five DNS servers are supported. If you do not enabled this setting, you can enter up to five DNS server addresses manually under DNS-Server 1 - DNS-Server 5. irmc 349

irmc DNS Server Server Configuration Manager DNS Domain If the option Obtain DNS configuration from DHCP is disabled, specify the name of the default domain for requests to the DNS server(s). DNS Server 1.. 5 If the Obtain DNS configuration from DHCP option is disabled, you can enter the names of up to five DNS servers here. 350 irmc

Server Configuration Manager irmc EMail Alerting 9.8 irmc EMail Alerting - Configuring email forwarding The irmc EMail Alerting dialog page allows you to configure how the irmc forwards emails. Choose irmc EMail Alerting. Figure 176: irmc EMail Alerting dialog page Configure the following settings: Enable email alerting Activate this option. SMTP Settings This is where you configure the global email settings. SMTP Retries Number of SNMP retries. SMTP Retry Delay (sec) Time between SNMP retries. irmc 351

irmc EMail Alerting Server Configuration Manager Response Timeout (sec) Timeout (in seconds) for an SMTP response. Primary SMTP Server This is where you configure the settings for the primary mail server (SMTP server). SMTP Server IP address of the primary mail server I You can activate the Domain Name Service (DNS) for the irmc (see irmc DNS Server - Activating DNS for the irmc on page 349). You can then use a symbolic name instead of the IP address. SMTP Port SMTP port of the primary mail server Authentication Type Authentication type for connecting the irmc to the primary mail server: None No authentication for the connection. SMTP AUTH (RFC 2554) Authentication according to RFC 2554: SMTP Service Extension for Authentication Authentication User Name User name for authentication on the primary mail server Password Enter the password for authentication on the primary mail server. Confirm Password Enter the password again here. 352 irmc

Server Configuration Manager irmc EMail Alerting Secondary SMTP Server This is where you configure the settings for the secondary mail server (SMTP server). SMTP Server IP address of the secondary mail server I You can activate the Domain Name Service (DNS) for the irmc (see irmc DNS Server - Activating DNS for the irmc on page 349). You can then use a symbolic name instead of the IP address. SMTP Port SMTP port of the secondary mail server Authentication Type Authentication type for connecting the irmc to the secondary mail server: None No authentication for the connection. SMTP AUTH (RFC 2554) Authentication according to RFC 2554: SMTP Service Extension for Authentication Authentication User Name User name for authentication on the secondary mail server Password Enter the password for authentication on the secondary mail server. Confirm Password Enter the password again here. irmc 353

irmc Mail Format Settings Server Configuration Manager 9.9 irmc Mail Format Settings - Mail-format-dependent settings The irmc Mail Format Settings dialog page allows you to configure the mailformat-dependent settings. You specify the mail format for each user using the irmc User Management dialog page in the Edit existing user window (see page 358). The following email formats are supported: Standard Fixed Subject ITS-Format Fujitsu REMCS Format Choose irmc Mail Format Settings. Figure 177: irmc Mail Format Settings dialog page 354 irmc

Server Configuration Manager irmc Mail Format Settings Configure the following settings. (Some entry fields are disabled depending on the mail format): From Sender identification irmc. Active for all mail formats. I If the string entered here contains an @, the string is interpreted as a valid email address. Otherwise, admin@<ipaddress> is used as the valid email address. Subject Fixed subject for the alert mails. Only active for the Fixed Subject mail format (see page 360). Message Type of message (email). Only active for the Fixed Subject mail format (see page 360). Administrator Name Name of the administrator responsible (optional). Only active for the ITS mail format (see page 360). Administrator Phone Phone number of the administrator responsible (optional). Only active for the ITS mail format (see page 360). REMCS Id This ID is an additional server ID, similar to the serial number. Only active for the mail format Fujitsu REMCS-Format (see page 360). Server URL A URL under which the server is accessible under certain conditions. You have to enter the URL manually. Only active for the Standard mail format (see page 360). irmc 355

irmc SNMP Alerting Server Configuration Manager 9.10 irmc SNMP Alerting - Configuring SNMP alerting The irmc SNMP Alerting dialog page allows you to view and configure the settings for SNMP trap alerting. I Forwarding of SNMP traps to up to seven SNMP servers is supported. Choose irmc SNMP Alerting. Figure 178: irmc SNMP Alerting dialog page Configure the following settings: SNMP Community Name Name of the SNMP community. SNMP Trap Destinations (Host name or IP address) DNS names or IP addresses of the servers that belong to this community and are to be configured as Trap Destinations. 356 irmc

Server Configuration Manager irmc User Management 9.11 irmc User Management - Local user management on the irmc The irmc User Management dialog page allows you to configure the local user management settings for the irmc. The dialog page contains a table showing all the configured users: Each line contains the data for one configured user. I User management on the irmc requires Configure User Accounts permission. I User ID 1 ( null user ) is reserved for the IPMI standard and is therefore unavailable for user management on the irmc. Choose irmc User Management. Figure 179: irmc User Management dialog page To delete a user, first select the user (by selecting the corresponding line), then click the Delete... button and confirm that you want to delete the user. irmc 357

irmc User Management Server Configuration Manager Double-click on a line for which the user ID is not yet assigned to any user (empty line) or select such a line and click the Modify... button to open an empty Edit existing user window (containing default settings), in which you can configure a new user (see figure 180). Double-click on a line for a specific user or select a user and click the Modify... button to open the Edit existing user window, in which you can view and/or modify the settings for this user (see figure 180). Figure 180: Dialog page in the Edit existing user window Account enabled Disable this option to lock the user. 358 irmc

Server Configuration Manager irmc User Management Account Data This is where you configure the access data for the user. User Name Enter the name of the user. User Description Additional information on the user. Password Enter the user password. Confirm Password Confirm the password by entering it again here. User Privileges This is where you configure the channel-specific user privileges as well as other permissions. LAN Serial Assign a privilege group for a LAN channel to the user here. The following options are available: User Operator Administrator OEM Refer to section User permissions on page 60 for information on the permissions associated with the privilege groups. Assign a privilege group for a serial channel to the user here: The same privilege groups are available as for LAN Privilege. Can configure users Permission to configure local user access data. Can configure irmc Permission to configure the irmc settings. Can use video redirection Permission to use Advanced Video Redirection (AVR) in View Only and Full Control mode. Can use remote storage Permission to use the Remote Storage functionality. irmc 359

irmc User Management Server Configuration Manager User Shell Select the user shell here. Shell Select the desired user shell here. The following options are available: SMASH CLP See section Start a Command Line shell... - Start a SMASH CLP shell on page 323. Remote Manager See chapter irmc via Telnet/SSH (Remote Manager) on page 303. IPMI Basic Mode IPMI Terminal Mode None EMail Paging Settings This is where you configure the settings governing the email format and the global email settings. Format Depending on the selected email format, you can make a number of settings in the irmc Email Format Settings dialog page (see page 354). The following email formats are available: Standard Fixed Subject ITS-Format Fujitsu REMCS Format I Every entry in the event log for the irmc is assigned to a particular paging group. Enabled Specify whether the user is to be informed about system statuses by email. Address Email address of recipient. 360 irmc

Server Configuration Manager irmc User Management Preferred Server Select the preferred mail server. You can choose one of the following options: Automatic If the email cannot be sent successfully immediately, for instance because the preferred mail server is not available, the email is sent to the second mail server. Primary Only the SMTP server which has been configured as the primary SMTP server (see page 352) is used as the preferred mail server. Secondary Only the SMTP server which has been configured as the secondary SMTP server (see page 353) is used as the preferred mail server. I Errors sending email are recorded in the event log. In the bottom third of the Edit existing user window, you configure the system events of which an irmc user is to be notified by email (Paging Severity Configuration). NONE The notification function is deactivated for this paging group. WARNING The irmc notifies users by email if an entry in the system event log is reported as WARNING. I If WARNING is set, the user is also notified of system event log entries with the status CRITICAL. CRITICAL The irmc notifies users by email if an entry in the system event log is reported as CRITICAL. ALL The irmc notifies users of every event in this group which causes an entry to be made in the system event log. Confirm your settings by clicking OK. irmc 361

irmc Directory Service Server Configuration Manager 9.12 irmc Directory Service - Configuring the directory service The irmc Directory Service dialog page allows you to configure the irmc for global user management via a directory service (see page 66). I Currently, support for irmc LDAP access is provided for the following directory services: Microsoft Active Directory, Novell edirectory and OpenLDAP. I The following characters are reserved as metacharacters for search strings in LDAP: &,,!, =, <, >, ~, : You must therefore not use these characters as components of Relative Distinguished Names (RDN). Choose irmc Directory Service. 362 irmc

Server Configuration Manager irmc Directory Service Figure 181: irmc Directory Service dialog page irmc 363

irmc Directory Service Server Configuration Manager Configure the following settings: Always use SSL login I This option is only relevant if LDAP is deactivated. If you activate this option then the HTTP SSL-secured login page is always used even if LDAP is deactivated. Only if you do not activate Always use SSL Login and LDAP is deactivated is a mask secured via Digest Authentication Login used. LDAP Enable This option specifies whether the irmc can access a directory service via LDAP. Directory service access via LDAP is only possible if LDAP Enable has been activated. I If LDAP Enable is checked then the login information (see page 178) is always transferred with SSL encryption between the web browser and the irmc. Disable Local Login If you activate this option then all the local irmc user identifications are locked and only the user identifications managed by the directory service are valid. V CAUTION! If the option Disable Local Login is activated and the connection to the directory service fails then it is no longer possible to log in at the irmc. Choose the required directory service from Directory Server Type. Different input fields are provided, depending on the directory service you select: For Active Directory, refer to Configuring irmc for Microsoft Active Directory on page 365. For Novell and OpenLDAP, refer to Configuring irmc for Novell edirectory / OpenLDAP on page 367. 364 irmc

Server Configuration Manager irmc Directory Service 9.12.1 Configuring irmc for Microsoft Active Directory I The entries shown as examples in figure 182 refer to the examples and figures shown in section irmc user management via Microsoft Active Directory on page 77. Figure 182: irmc Directory Service (Microsoft Active Directory) dialog page irmc 365

irmc Directory Service Server Configuration Manager Configure the following settings: LDAP Server 1 IP address or DNS name of the LDAP directory server that is to be used. LDAP Server 2 IP address or DNS name of the LDAP directory server which is maintained as the backup server and used as the directory server if LDAP Server 1 fails. Domain Name Complete DNS path name of the directory server. Department Name Department name. The directory service needs the department name in order to determine the user permissions. A user may have different permissions for the department X server than for the department Y server (see also figure 17 on page 70). LDAP SSL Enable If you check this option then data transfer between irmc and the directory server is SSL encrypted. I LDAP SSL Enable has no influence on whether or not the irmc web interface pages are SSL-protected on opening. I You should only activate LDAP SSL Enable if a domain controller certificate is installed. Base DN Base DN is automatically derived from Domain Name. LDAP Auth. User Name, LDAP Auth Password These settings are not relevant at present. The settings that you make here are required for alerting in connection with global user identifications. However, alerting is currently only supported for local user identifications. 366 irmc

Server Configuration Manager irmc Directory Service 9.12.2 Configuring irmc for Novell edirectory / OpenLDAP I The Directory Service Configuration dialog page has an identical structure for both Novell edirectory and OpenLDAP. I The entries shown as examples in figure 183 refer to the examples and figures shown in section irmc user management via Novell edirectory on page 95. Figure 183: irmc Directory Service dialog page irmc 367

irmc Directory Service Server Configuration Manager Configure the following settings: LDAP Server 1 IP address or DNS name of the LDAP directory server that is to be used. LDAP Server 2 IP address or DNS name of the LDAP directory server which is maintained as the backup server and used as the directory server if LDAP Server 1 fails. Department Name Department name. The directory service needs the department name in order to determine the user permissions. A user may have different permissions for the department X server than for the department Y server (see also figure 17 on page 70). LDAP SSL Enable If you check this option then data transfer between irmc and the directory server is SSL encrypted. I LDAP SSL Enable has no influence on whether or not the irmc web interface pages are SSL-protected on opening. I You should only activate LDAP SSL Enable if a domain controller certificate is installed. Base DN The Base DN is the full distinguished name of the edirectory or OpenLDAP server and represents the tree or subtree that contains the OU (Organizational Unit) irmcgroups. This DN forms the starting point for LDAP searches. Group DN Context Pathname of the OU irmcgroups as a subtree of Base DN. User Search Context Pathname of the OU Users as a subtree of Base DN. LDAP Auth. User Name Generic irmc user ID (principal user) under which the irmc queries the permissions of the irmc users from the LDAP server. LDAP Auth. Password Password the principal user uses to authenticate themselves on the LDAP server and confirmation of the password. 368 irmc

Server Configuration Manager irmc Directory Service Principal User DN Fully distinguished name of the generic irmc user ID (principal user) under which the irmc queries the permissions of the irmc users from the LDAP server. Append Base DN To Principal User DN If you activate this option, you do not need to specify the Base DN under Principal User DN. The base DN specified under Base DN is used. Enhanced User Login Enhanced flexibility on user login. If you select Enhanced User Login, the User Login Search Filter input field is also activated. By default, this contains the standard login search filter. At login, the placeholder %s is replaced by the associated global login. You can modify the filter by specifying another attribute in place of cn=. All global logins are then permitted to log into the irmc which meet the criteria of this search filter. V CAUTION! Only activate this option if you are familiar with the LDAP syntax. If you inadvertently specify and activate an invalid search filter, users can only log in to the irmc under a global login after the Enhanced User Login option has been deactivated. irmc 369

irmc Advanced Features Server Configuration Manager 9.13 irmc Advanced Features - Remote Storage Server, License Key and HP SIM Integration You can perform the following tasks on the irmc Advanced Features dialog page: store the IP address or DNS name of a remote storage server on the irmc, enter a license key for the use of the Advanced Video Redirection and Remote Storage functionality, deactivate or activate HP SIM integration. Choose irmc Advanced Features. Figure 184: irmc Advanced Features dialog page 370 irmc

Server Configuration Manager irmc Advanced Features Configure the following settings: Hostname or IP address Here you enter the DNS name or IP address of the computer on which a remote storage server is installed. License Key Enter a valid license key for the use of the Advanced Video Redirection and Remote Storage functionality here. Disable HP System Insight Manager integration... Enable or disable this option to activate or deactivate HP SIM integration. If the Disable HP System Insight Manager Integration... option is deactivated, the irmc responds with identification information to a non-authenticated XML query from the HP Insight Managers. irmc 371

10 Firmware update This chapter provides you with information about the following topics: irmc firmware (overview) Online firmware update Offline firmware update Emergency flash flash tools I The current firmware versions are present on the PRIMERGY ServerView Suite DVD 1 or can be downloaded manually from the Download section of the Fujitsu Technology Solutions web server. You can obtain the up-to-date version of the PRIMERGY ServerView Suite DVD 1 at two-monthly intervals. I Before updating the firmware, read the supplementary documentation supplied with the new firmware carefully (in particular the Readme files). I The managed server must be rebooted to activate the updated firmware. V CAUTION! When updating the firmware, note that problem-free operation of the firmware can only be guaranteed if the runtime firmware and the SDR (Sensor Data Record, see page 374) both belong to the same firmware release. irmc 373

irmc firmware (overview) Firmware update 10.1 irmc firmware (overview) The irmc possesses two separate EEPROMs (Electrically Erasable Programmable Read-Only Memory), with a complete firmware version being stored on each of them: EEPROM 1 (Low EEPROM) EEPROM 2 (High EEPROM) I Information on the irmc firmware and EEPROMs can be found in the irmc web interface, page irmc Information (see page 192) or using the flash tool (see page 387). Active and passive EEPROM One of the two EEPROMs is active (running) at any given time, while the other is inactive. The EEPROM that is active depends on the so-called firmware selector (see page 375). Structure of the irmc EEPROMs Each EEPROM in the irmc is subdivided into different areas: Runtime firmware SDRR (and configuration table) Bootloader Figure 185: Structure of the irmc EEPROM 374 irmc

Firmware update irmc firmware (overview) Runtime firmware The runtime firmware is the executable part of the irmc's firmware SDRR (Sensor Data Record Repository) The SDRR contains the Sensor Data Records (SDR) in which sensor information for the managed server is stored. The SDRR also acts as an interface via which you can access the SDRs. Bootloader The bootloader checks the firmware of the currently active EEPROM. If a firmware error is detected, the bootloader sets the firmware selector to the other EEPROM. You can perform an update for each of these areas. Firmware selector The firmware selector specifies the EEPROM whose firmware is to be executed. Every time the irmc is reset and restarted, the firmware selector is evaluated and processing branches to the corresponding firmware. The firmware selector can have the following values: 0 EEPROM with the most recent firmware 1 EEPROM 1 2 EEPROM 2 3 EEPROM with the oldest firmware 4 EEPROM with the most recently updated firmware 5 EEPROM whose firmware has not been updated for the longest I Depending on the update variant used, the firmware selector is set differently after the update. You can also use the flash tool to query and set the firmware selector explicitly (see page 387). irmc 375

irmc firmware (overview) Firmware update Updating the firmware of the individual EEPROMs and EPROM areas Depending on whether you perform the firmware update online (see page 380) or offline (see page 383), you can update either only the firmware of the inactive EEPROM or also that of the active EEPROM: If you perform an online firmware update, you can only update the firmware of the inactive EEPROM. If you perform an offline firmware update, you can also update the firmware of the active EEPROM. 376 irmc

Firmware update Setting up the USB memory stick 10.2 Setting up the USB memory stick I You do not require the USB Memory Stick if you update the irmc firmware via ServerView Update Manager, ServerView Update Manager Express or ASP. Proceed as follows: Download the firmware Firmware Update for USB Stick from the Download section of the Fujitsu Technology Solutions web server to a directory on your computer. or Insert the current PRIMERGY ServerView Suite DVD 1 in the DVD drive of your computer. The following files or following ZIP archive can be found in your download directory or on DVD 1. FTS_<nnnnnnn>.exe FTS_<nnnnnnn>.zip The ZIP archive contains the following files: USBImage.exe irmc_<firmware-version>.ima Connect the USB memory stick to your computer. Start the file FTS_<nnnnnnn>.exe or the file USBImage.exe. One of the following windows is opened depending on the file you call: Figure 186: Copying the image file to the USB memory stick (FTS_<nnnnnnn>.exe) irmc 377

Setting up the USB memory stick Firmware update Figure 187: Copying the image file to the USB memory stick (USBImage.exe) I If you have called USBImag.exe, then under Image File:, you must explicitly specify the file irmc_<firmware-version>.ima. Click on Copy Image File to USB Device to copy the file irmc_<firmware-version>.ima to the USB memory stick and extract it. V CAUTION! This action overwrites the content of the USB memory stick. When the copy operation is complete, the flash tools and image files are present on the USB memory stick (see figure 188 on page 379). 378 irmc

Firmware update Setting up the USB memory stick Figure 188: Image files and flash tool on the USB memory stick. irmc 379

Online update Firmware update 10.3 Online update When you perform an online update, you update the irmc's firmware while the operating system (Windows or Linux) of the managed server is still running. I Because the firmware of the active EEPROM continues to execute during an online update, you can only update the firmware of the EEPROM that is inactive during such an update. I In order to ensure failproof operation, it is not possible to perform an online firmware update for the bootloader in the irmc's EEPROM 1 (Low EEPROM). There are the following ways of performing an online firmware update: Online update using the ServerView Update Manager Online update using ServerView Update Manager Express or ASP Online update using the operating system flash tools. 10.3.1 Online update using the ServerView Update Manager Using the ServerView Update Manager (referred to simply as the Update Manager below), you can start the update of the irmc firmware via a graphical user interface (Windows) or via a command line interface (Windows and Linux). The Update Manager accesses the update data via an Update Manager directory (Update Repository) on the PRIMERGY ServerView Suite DVD 1 or on the management server. You update the update repository on the management server by means of the Download Manager or by performing a manual download from the Download section of the Fujitsu Technology Solutions web server. For more detailed information on firmware updates with the Update Manager, see the ServerView Update Manager manual. 380 irmc

Firmware update Online update 10.3.2 Online update using ServerView Update Manager Express or SP Under Windows and Linux operating systems, you can also update the irmc firmware either using the graphical user interface of ServerView Update Manager Express or by using the ASP (Autonomous Support Package) command interface. Under Windows, you can also start an ASP in the Windows Explorer by doubleclicking the corresponding ASP-*.exe file. For more detailed information on firmware updates with ServerView Update Manager Express and ASP, see the ServerView Update Manager Express manual. 10.3.3 Online update using the operating system flash tools. I An online update using the operating system flash tools is only performed as a recovery flash, i.e. no version check is performed. You use one of the flash tools WinFLBMC, RedhatFLBMC or SuseFLBMC depending on the operating system that you are running: Windows: Red Hat Linux: Suse Linux: You call the flash tools in the Windows command line (WinFLBMC) or at the Linux CLI (RedhatFLBMC, SuseFLBMC). The syntax and operands for the flash tools are described in section Flash tools on page 387. Prerequisites WinFLBMC RedhatFLBMC SuseFLBMC The flash tools and the files for the firmware update must be present in the file system of the managed server. Under Windows and Linux: The ServerView agents must be started on the managed server. irmc 381

Online update Firmware update Proceed as follows: I An online update using a USB memory stick is described below (see section Setting up the USB memory stick on page 377). Connect the USB memory stick to the managed server. In the Windows command line or the Linux Command Line Interface (CLI) switch to the drive corresponding to the USB memory stick. Set the firmware selector to the value 4 by calling the flash tool with the parameter /s 4. E.g., in the Windows command line you enter: WinFLBMC /s 4 Start the update of the firmware and the SDR data by calling the flash tool with the corresponding update files. E.g., in the Windows command line you enter: WinFLBMC dcod<firmware-version>.bin <nnnnnnn>.sdr /p During the firmware update, the console informs you about the progress of the update operation. If an error occurs, the update operation is aborted and a corresponding return code is reported (see page 389). Restart the managed server. This automatically activates the EEPROM with the updated firmware. 382 irmc

Firmware update Offline update 10.4 Offline update In the case of an offline update, you update the irmc firmware from within a DOS environment. In this case, you can not only update the firmware of the inactive EEPROM but also that of the currently active EEPROM. I During the offline update, the active firmware is closed and then automatically restarted. There are the following ways of performing an offline firmware update: Offline update using the ServerView Update Manager Offline update via the FlashDisk menu Offline update using the flash tool flbmc I During an offline update, you can also update the firmware for the bootloader of the irmc's Low EEPROM. 10.4.1 Offline update using the ServerView Update Manager Using the ServerView Update Manager, you can start the update of the irmc firmware via a graphical user interface (Windows) or via a command line interface (Windows and Linux). The Update Manager accesses the update data via an Update Manager directory (Update Repository) on the PRIMERGY ServerView Suite DVD 1 or on the management server. You update the update repository on the management server by means of the Download Manager or by performing a manual download from the Download section of the Fujitsu Technology Solutions web server. For more detailed information on firmware updates using the Update Manager, see the ServerView Update Manager manual. irmc 383

Offline update Firmware update 10.4.2 Offline update via the FlashDisk menu I For an offline update via the FlashDisk menu, you require a bootable USB memory stick (see section Setting up the USB memory stick on page 377). Proceed as follows: Connect the USB memory stick to the managed server. Boot from the USB memory stick. After completion of the boot operation, the data in the USB memory stick is automatically copied to a RAM disk. The autoexec.bat file is then started automatically. The FlashDisk menu opens: Figure 189: FlashDisk menu Normal A normal flash is performed. In a normal flash, a check is performed to determine whether the areas of the active EEPROM are up to date. If an area is not up to date then the corresponding area on the inactive EEPROM is updated if it is not already up to date. 384 irmc

Firmware update Offline update Recovery A recovery flash is performed. In the case of a recovery flash, the flash is performed for all three EEPROM areas without any version check. The firmware update is performed for EEPROM 1. A firmware downgrade is only possible via recovery flash. Readme The Readme file is opened. Reboot An irmc warm start is performed. English / German Specify keyboard layout. German is set by default. Start the required update variant by clicking on the corresponding button. During the firmware update, the console informs you about the progress of the update operation. If an error occurs, the update operation is aborted. A corresponding return code is reported (see page 389). Once the update operation has been completed, click on Exit, to close the FlashDisk menu. Remove the USB memory stick from the managed server. Restart the managed server (e.g. with [Ctrl]+[Alt]+[Del]). 10.4.3 Offline update using the flash tool flbmc You can also start an offline update by calling the flash tool flbmc with the corresponding parameters in the DOS input window. The syntax and operands for this flash tool are described in section Flash tools on page 387. I An offline update using the operating system flash tool flbmc is only performed as a recovery flash, i.e. no version check is performed. I When you run an offline update with the flash tool flbmc, you can also optionally perform a recovery flash for EEPROM2. irmc 385

Emergency flash Firmware update 10.5 Emergency flash If the irmc firmware can no longer be executed, e.g. because the SDRs are not compatible with the system, then you can use the emergency mode to start the firmware running again. In emergency mode, the system automatically branches to the bootloader and is the ready for the firmware update. To switch the managed server to emergency mode and then update the irmc's firmware, proceed as follows: Disconnect the power supply connector. Insert the connector in the socket again with the Identify key held down. The managed server is now in emergency mode. Boot the server to DOS and use the recovery flash procedure to update the irmc's firmware (see section Offline update on page 383). I If the firmware is not active then the boot operation may take up to 2 minutes to start. You can ignore the error message irmc Controller Error which the BIOS outputs during this period. 386 irmc

Firmware update Flash tools 10.6 Flash tools I The tools WinFLBMC, RedhatFLBMC and SuseFLBMC differ from flbmc only in the name of the tool and the environment in which they are called. The following description therefore also applies to the tools WinFLBMC, RedhatFLBMC and SuseFLBMC. Instead of flbmc, you simply enter WinFLBMC, RedhatFLBMC or SuseFLBMC as appropriate. Syntax flbmc {/v /o [/4] /s[<value>]} flbmc {<file1> [<file2>] [<file3>] [/n /l[<logfile>] /d /e /4 /p]} flbmc {/h /?} Options /v Displays the current version of the command. /o Displays the current version of the EEPROM 1 firmware. /o /4 Displays the current version of the EEPROM 2 firmware. /s Displays the value of the firmware selector. /s <value> Sets the value of the firmware selector. You use this option to define the EEPROM from which the firmware is started after a firmware reset. 0 Sets the selector to the EEPROM with the most recent firmware. 1 Sets the selector to EEPROM 1. 2 Sets the selector to EEPROM 2. 3 Sets the selector to the EEPROM with the oldest firmware. 4 Sets the selector to the EEPROM with the most recently updated firmware. 5 Sets the selector to the EEPROM with the firmware which has not been updated for longest. irmc 387

Flash tools Firmware update <file1> through <file3> Specify one or more files to determine which updates are to be made: The following files are to be selected: boot<fw-version>.bin Updates the bootloader firmware. dcod<fw-version>.bin Updates the runtime firmware for EEPROM 1. dcod<fw-version>.2nd Updates the runtime firmware for EEPROM 2. <SDR-Version>.SDR Updates the SDR. I dcod<fw-version>.bin and dcod<fw-version>.2nd must not both be specified at the same time in any call of the flash tool. If you specify the file dcod<fw-version>.2nd, the switch /4 (see below) is not required because EEPROM 2 is already selected by the suffix.2nd. Otherwise, you must also specify the switch /4 to update EEPROM 2. /4 Updates EEPROM 2. The command works as follows with respect to the switch /4: If you specify /4 in conjunction with the dcod file for EEPROM 1, a check is performed to see whether an identical firmware version exists for EEPROM 2. If this is the case, the firmware for EEPROM 2 is updated, otherwise the command is terminated with an error message and the return value 5. If you don t specify /4 in conjunction with the dcod file for EEPROM 2, a check is performed to see whether an identical firmware version exists for EEPROM 1. If this is the case, the firmware for EEPROM 1 is updated, otherwise the command is terminated with an error message and the return value 5. /l [<logfile>] Outputs error messages to the specified log file. If no logfile is specified, the output is directed to the flbmc.log file. /n No output on the console. This option has priority over the /p and /d options. /p Progress display of the update process in percent. 388 irmc

Firmware update Flash tools /d Outputs additional debug information. /e Emulation mode (for debugging purposes only). /h and /? Outputs help information. Return values 0 Firmware update was executed successfully. 1 Illegal or missing arguments. 3 PROM type not available 4 Communication with irmc not possible. 5 Incorrect binary file. 8 Error accessing Keyboard Control Style interface (KCS). 9 Timeout during communication with the target EEPROM. 10 No buffer allocated. 12 Network node busy. 13 Timeout erasing EEPROM. 14 Timeout flashing EEPROM. 15 Error erasing EEPROM. 16 Error flashing EEPROM. irmc 389

11 Remote installation of the operating system via irmc This chapter describes how you use the ServerView Installation Manager (abbreviated to Installation Manager below) and the irmc features "Remote Storage" and "Advanced Video Redirection (AVR)" to install the operating system on the administered server from the remote workstation. The chapter discusses the following specific topics: General procedure for the remote installation of an operating system using remote storage media. Booting the administered server from the remote workstation using PRIMERGY ServerView DVD 1 (Windows and Linux). Installing Windows from the remote workstation after configuration on the administered server. Installing Linux from the remote workstation after configuration on the administered server. The description focuses primarily on the handling of the remote storage media. It is assumed that readers are familiar with the Installation Manager functionality (see the manual PRIMERGY ServerView Suite - ServerView Installation Manager ). I Prerequisites for the remote installation of the operating system via irmc: The irmc s LAN interface must be configured (see page 36). The license key for the use of the irmc features Advanced Video Redirection (AVR) and Remote Storage must be installed (see page 194). Text console redirection must be deactivated (see page 277). irmc 391

General procedure Remote installation of the operating system 11.1 Installing the operating system via irmc - general procedure For the Installation Manager, the remote installation of the operating system via irmc represents a local configuration and installation of the operating system on the administered server which you perform from the remote workstation via the AVR window using remote storage media. The following steps are required in order to perform an installation via the Installation Manager: 1. Connect the storage medium (DVD 1 or Installation Manager boot image) from which you want to boot as remote storage. 2. Boot and configure the managed server via DVD 1 or the Installation Manager boot image. 3. Use the Installation Manager at the remote workstation to install the operating system on the administered server. 4. Optimize mouse pointer synchronization in the AVR window (only necessary under Linux). Installing Windows without the Installation Manager using the Windows installation CD/DVDs You can perform a remote installation of Windows via Remote Storage either using the Installation Manager or exclusively using the Windows installation CD/DVDs. The two procedures correspond in terms of the handling of the remote storage media. However, you are advised to install Windows via the Installation Manager for the following reasons: The Installation Manager itself identifies the required drivers and copies these to the system. All the Installation Manager functions are available to you during installation. This means that you can, for example, configure the entire system including the server management settings. Installations without the Installation Manager have to be controlled via the keyboard since the mouse cursor cannot be synchronized during the installation process. In contrast, if you install using the Installation Manager then all configuration and installation steps can be performed using the mouse. 392 irmc

Remote installation of the operating system General procedure If you install without the Installation Manager then all the settings required for mouse cursor synchronization must subsequently be performed manually. Installation using the Installation Manager does not take significantly longer than installation using the operating system CD/DVDs. Installing Linux without the Installation Manager using the Linux installation CDs If you know which drivers are required by the system then you can start the Linux installation by booting from the Linux installation CD/DVD. If the installation requires you to integrate drivers from the floppy disk then, before starting the installation, you must set up a remote storage connection to the following storage media: to the storage medium (CD-ROM/DVD-ROM or ISO image) from which you want to boot and if necessary to storage medium for driver installation. irmc 393

Remote storage connection Remote installation of the operating system 11.2 Connecting a storage medium as remote storage Remote Storage makes a virtual drive available which is located elsewhere in the network. The source for the virtual drive can be: Physical drive or image file at the remote workstation. The image file may also be on a network drive (with drive letter, e.g. D: for drive D). Image file provided centrally in the network by means of a remote storage server. I Parallel remote storage connections: The following are possible concurrently: either up to two Remote Storage connections to virtual drives at the remote workstation (if the connection is established over the AVR Java applet) or one Remote Storage connection to a Remote Storage server. It is not possible to establish concurrent Remote Storage connections via an applet and via the Remote Storage server. I The Remote Storage page of the irmc web interface allows you to obtain information on the status of the current remote storage connections (see page 296). For detailed information on remote storage, see chapter Remote Storage on page 155. 394 irmc

Remote installation of the operating system Remote storage connection Connecting a storage medium as remote storage at the remote storage workstation The following device types are supported when you boot from a virtual drive located at the remote workstation: I Booting from USB memory stick is supported only if the USB memory stick is emulated as floppy disk. Floppy disk (physical storage medium)) CD-ROM (physical storage medium) DVD-ROM (physical storage medium) ISO image (image file) Proceed as follows at the remote workstation to establish the remote storage connection: Log into the irmc web interface with Remote Storage Enabled permission (see page 178). Open the Advanced Video Redirection page and start the AVR (see page 288). Start Remote Storage in the AVR window (see page 157). irmc 395

Remote storage connection Remote installation of the operating system Prepare the storage media for remote storage (see page 159): If installation is performed via the Installation Manager: PRIMERGY ServerView Suite DVD 1 or an Installation Manager boot image and optionally a formatted USB memory stick as a status backup medium. If installation is performed from the vendor s installation CD/DVD: Windows or Linux installation CD/DVD and optional drivers. I It is recommended that the PRIMERGY ServerView Suite DVD 1 and the operating system installation CD/DVD are stored in a folder as an image file (ISO image) and that they are connected from there as Remote Storage or provided via a Remote Storage server. The prepared storage media are displayed in the Storage Devices dialog box. Figure 190: Storage Devices dialog box: PRIMERGY ServerView Suite DVD 1 Click Connect to connect the DVD ROM drive (DVD 1) or the Installation Manager boot image as remote storage. 396 irmc

Remote installation of the operating system Remote storage connection Connect the ISO image (image file) provided by the remote storage server as remote storage You can use an image file provided via the remote storage server for booting from an Installation Manager boot image. I Before it is possible to use a virtual drive provided via a remote storage server, the remote storage server must be installed and started (see section Providing remote storage via a remote storage server on page 165). To establish the connection to the remote storage server, proceed as follows at the remote workstation: Log into the irmc web interface with Remote Storage Enabled permission (see page 178). Select the Remote Storage page. Establish the connection to the remote storage server (see page 297). irmc 397

Booting from ServerStart Remote installation of the operating system 11.3 Booting the managed server from PRIMERGY ServerView Suite DVD 1 and configuring it with the Installation Manager Boot the managed server from PRIMERGY ServerView Suite DVD 1 Proceed as follows at the remote workstation: Use the irmc web interface to start up the managed server or reboot the server (see page 210). You can follow the progress of the boot process in the AVR window. During the managed server s BIOS POST phase, remote storage media are displayed as USB devices. Press [F2] while the server is booting. In the BIOS set-up, open the menu in which you can define the boot sequence: Main Boot Sequence. Specify the boot sequence as indicated in figure 191 on page 398. Figure 191: Boot Sequence menu in the BIOS setup 398 irmc

Remote installation of the operating system Booting from ServerStart Save your settings and exit the BIOS setup. The managed server then boots from PRIMERGY ServerView Suite DVD 1 which is connected as remote storage. I If the system does not boot from the remote storage medium (PRIMERGY ServerView Suite DVD 1 or Installation Manager boot image): Check whether the storage medium is displayed during the BIOS POST phase and connect the storage medium as remote storage if necessary. Make sure that the correct boot sequence is specified. It takes about 5 minutes to boot from PRIMERGY ServerView Suite DVD 1 via a remote storage medium. The following window is displayed during the boot process: Figure 192: The managed server is booted from PRIMERGY ServerView Suite DVD 1. irmc 399

Booting from ServerStart Remote installation of the operating system Choose Installation Manager mode and specify the medium to be used for status backup. Once the boot process has completed, the startup window of the Installation Manager is displayed in which you can select a medium for the status backup area (status backup medium) (see figure 193 on page 401). I Before you start to install the operating system, you should synchronize the local mouse cursor and the cursor of the managed server in the AVR window at the remote workstation (see figure 193 on page 401). For more detailed information on synchronizing the mouse cursor in the AVR window, see section Synchronizing the mouse pointer on page 140. 400 irmc

Remote installation of the operating system Booting from ServerStart (3) (1) (2) Press the Mouse Sync key Status backup options or (1) Drag the local mouse pointer to the top-left corner. (2) The server s mouse pointer follows automatically. (3) The mouse pointers are synchronized when they completely overlap and are displayed as a single mouse pointer. Figure 193: Installation Manager: Selecting the status backup medium Choose Standard mode as the Installation Manager mode. Specify whether the configuration data is to be stored on a local replaceable data medium or on a network medium: I Please note that if you do not select any status backup option all the configuration data is lost when you reboot. irmc 401

Booting from ServerStart Remote installation of the operating system Status backup medium I The backup medium must not be write-protected. A USB stick must already be connected to the USB port when the system is booted. If you fail to do this and wish to save the configuration file: Connect the USB stick now and reboot from PRIMERGY ServerView Suite DVD 1. Choose the option on local drive (floppy / USB stick). Select the corresponding drive in the box to the right of this option. For more detailed information on creating Installation Manager status disks, see the manual PRIMERGY ServerView Suite - ServerView Installation Manager. Connecting the status medium and/or the installation media via the network Set up the required shares for this purpose. I If you are making a medium with a prepared configuration file and/or an installation medium available via the network, you have to choose this option. Depending on your infrastructure, you can either obtain a temporary IP address via DHCP or manually configure an IPv4 or IPv6 address for the current Installation Manager session. Start the Installation Manager by clicking Continue. 402 irmc

Remote installation of the operating system Booting from ServerStart Starting local deployment The Welcome screen appears when you start the Installation Manager: Figure 194: Installation Manager - Welcome screen irmc 403

Booting from ServerStart Remote installation of the operating system Click Deployment to start preparation of the local installation (deployment). To prepare the installation, the Installation Manager wizards take you through a sequence of configuration steps that gather specifications for configuring the system and for subsequent unattended installation of the operating system. I Configure the local CD ROM/DVD ROM drive of the managed server as the installation source. You can then also make the Windows installation CD/DVD available from the CD ROM/DVD ROM drive of the remote workstation if you connect it to the managed server as remote storage (see section Installing Windows on the managed server after configuration on page 405). Once you have completed configuration with the Installation Manager, the Installation Info dialog page for the Windows installation (see page 405) or for the Linux installation (see page 409) is displayed. This allows you to start the installation process. 404 irmc

Remote installation of the operating system Windows 11.4 Installing the operating system on the managed server after configuration Once you have completed configuration, you should install the operating system on the managed server. 11.4.1 Installing Windows on the managed server after configuration After configuration has been completed, the Installation Manager displays the following dialog page: Figure 195: Installation Manager - Start installation irmc 405

Windows Remote installation of the operating system If you have configured the local CD ROM/DVD ROM drive of the managed server as the installation source, proceed as follows at the remote workstation: Clear your currently active remote storage connections. For more detailed information on clearing remote storage connections, see page 163. Remove PRIMERGY ServerView Suite DVD 1 from the DVD ROM drive at the remote workstation. Insert the Windows installation CD/DVD in this DVD ROM drive. I Close the application if autostart is active. Connect the CD ROM/DVD ROM drive containing the Windows installation CD/DVD as remote storage (see page 161). Click Start installation. All the installation files are copied to the managed server. The Installation Manager opens a confirmation dialog page when the copy operation is complete and prompts you to remove all the storage media from the removable media drives before the managed server is rebooted. I Before rebooting the system, you must in particular shut down all current remote storage connections. Before rebooting the system, shut down the current remote storage connections. To do this, proceed as follows: Start Remote Storage (see page 157). The Storage Devices dialog box is displayed with the currently connected storage devices and a Safe Remove indication (see figure 196 on page 407). 406 irmc

Remote installation of the operating system Windows Figure 196: Storage Devices dialog box: Clearing Remote Storage connections Safely remove the storage device, i.e. ensure that no more applications/programs are accessing the storage media. Click on Disconnect... to remove all the remote storage connections. On the confirmation dialog page, click Ok to reboot the managed server. Once the managed server has rebooted, you can monitor the entire installation by means of the AVR (see figure 197 on page 408). irmc 407

Windows Remote installation of the operating system Figure 197: Monitoring the Windows installation in the AVR window I For a Windows installation from the Windows installation CD/DVD: To ensure perfect mouse cursor synchronization, you must adapt the following settings at the managed server once the operating system has been installed: Speed of the mouse pointer Hardware acceleration For information on how to do this, see section Managed Windows server: Adjusting the settings for synchronization of the mouse pointers on page 142. If Windows is installed using the Installation Manager, problem-free synchronization of the mouse pointers is automatically ensured. 408 irmc

Remote installation of the operating system Linux 11.4.2 Installing Linux on the managed server after configuration I The mouse can be used but not synchronized during Linux installation. I Whenever you change a remote storage medium, you must remove the remote storage connection for the currently connected medium and then connect the new medium as remote storage. After configuration has been completed, the Installation Manager displays the following dialog page: Figure 198: Installation Manager - Start installation If you have configured the local CD ROM/DVD ROM drive of the managed server as the installation source, proceed as follows at the remote workstation: irmc 409

Linux Remote installation of the operating system Clear your currently active remote storage connections. For more detailed information on clearing remote storage connections, see page 163. Remove PRIMERGY ServerView Suite DVD 1 from the DVD ROM drive at the remote workstation. Insert the Linux installation CD/DVD in this DVD ROM drive. I Close the application if autostart is active. Connect the CD ROM/DVD ROM drive containing the Linux installation CD/DVD as remote storage (see page 161). Click Start installation. All the installation files are copied to the managed server. The Installation Manager opens a confirmation dialog page when the copy operation is complete and prompts you to remove all the storage media from the removable media drives before the managed server is rebooted. I Before rebooting the system, you must in particular shut down all current remote storage connections. Before rebooting the system, shut down the current remote storage connections. To do this, proceed as follows: Start Remote Storage (see page 157). The Storage Devices dialog box is displayed with the currently connected storage devices and a Safe Remove indication (see figure 196 on page 407). 410 irmc

Remote installation of the operating system Linux Figure 199: Storage Devices dialog box: Clearing Remote Storage connections Click on Disconnect... to remove all the remote storage connections. Safely remove the storage device, i.e. ensure that no more applications/programs are accessing the storage media. On the confirmation dialog page, click Ok to reboot the managed server. Once the managed server has rebooted, you can monitor the entire installation by means of the AVR (see figure 200 on page 412). irmc 411

Linux Remote installation of the operating system Figure 200: The managed server is booted from the Linux installation CD. 412 irmc

Remote installation of the operating system Linux The following dialog page is displayed once booting is complete: Figure 201: Linux Installation - License Agreement I To ensure perfect mouse cursor synchronization, you must adapt the required settings at the managed server once the operating system has been installed. For information on how to do this, see section Managed Linux server: Adjusting the settings for synchronization of the mouse pointers on page 145. irmc 413

12 IPMI OEM Commands This section describes a selection of OEM-specific IPMI commands supported by the irmc. 12.1 Overview The following OEM-specific IPMI commands are supported by the irmc: SCCI-compliant Power On/Off commands (SCCI: ServerView Common Command Interface) 0115 Get Power On Source 0116 Get Power Off Source 011C Set Power Off Inhibit 011D Get Power Off Inhibit 0120 Set Next Power On Time SCCI-compliant communication commands 0205 System OS Shutdown Request 0206 System OS Shutdown Request and Reset 0208 Agent Connect Status 0209 Shutdown Request Canceled SCCI-compliant signaling commands 1002 Write to System Display Firmware-specific commands 2004 Set Firmware Selector 2005 Get Firmware Selector C019 Get Remote Storage Connection C01A Set Video Display on/off irmc 415

Overview IPMI OEM Commands BIOS-specific command F109 Get BIOS POST State F115 Get CPU Info irmc-specific commands F510 Get System Status F512 Get EEPROM Version Info F543 Get SEL entry long text F545 Get SEL entry text F5B0 Set Identify LED F5B1 Get Identify LED F5B3 Get Error LED F5DF Set Nonvolatile Cfg Memory to Default Values F5E0 Set Configuration Space to Default Values F5F8 Delete User ID 416 irmc

IPMI OEM commands Description format 12.2 Description of the IPMI OEM commands The following sections describe the individual OEM-specific IPMI commands. 12.2.1 Description format The OEM-specific IPMI commands contained in this chapter are described in the format used by the IPMI standard for describing IPMI commands. The IPMI standard describes the IPMI commands using command tables which list the input and output parameters for each command. You can find information on the IPMI standards on the Internet under: http://developer.intel.com/design/servers/ipmi/index.htm irmc 417

SCCI-compliant Power On/Off commands IPMI OEM Commands 12.2.2 SCCI-compliant Power On/Off commands 01 15 - Get Power On Source This command returns the reason for the most recent Power On. The possible reasons are listed below. Request Data - B8 NetFnlLUN: OEM/Group - 01 Cmd : Command Group Communication 1:3 80 28 00 IANA-Enterprise-Number FTS, LS byte first 4 15 Command Specifier Response Data - BC - 01 1 Completion Code 2:4 80 28 00 IANA-Enterprise-Number FTS, LS byte first 3 01 Data Length 4 Power on Source: Cause of last power on Power on Source 0x00 0x01 0x02 0x03 0x04 0x05 0x08 0x09 0x0C 0x15 0x16 0x1A 0x1D 0x1E Description Software or command Power switch (on the front panel or keyboard) Automatic restart after power failure Clock or timer (hardware RTC or software timer) Automatic restart after fan failure shutdown Automatic restart after critical temperature shutdown Reboot after watchdog timeout Remote on (modem RI line, SCSI termination power, LAN, chip card reader...) Reboot after a CPU error Reboot by hardware reset Reboot after warm start Powered on by a PCI Bus Power Management Event Powered on by remote control via remote manager Reboot/reset by remote control via remote manager 418 irmc

IPMI OEM Commands SCCI-compliant Power On/Off commands 01 16 - Get Power Off Source This command returns the reason for the most recent Power Off. The possible reasons are listed below. Request Data - B8 NetFnlLUN: OEM/Group - 01 Cmd : Command Group Communication 1:3 80 28 00 IANA-Enterprise-Number FTS, LS byte first 4 16 Command Specifier Response Data - BC - 01 1 Completion Code 2:4 80 28 00 IANA-Enterprise-Number FTS, LS byte first 3 01 Data Length 4 Power off Source: Cause of last power off Power off Source 0x00 0x01 0x02 0x03 0x04 0x05 0x08 0x0C 0x1D Description Software (SWOFF, power off by command) Power switch (on the front panel or keyboard) AC power fail Clock or timer (hardware RTC or software timer) Fan failure Critical temperature Final power-off after repeated watchdog timeouts Final power-off after repeated CPU errors Powered off by remote control via remote manager irmc 419

SCCI-compliant Power On/Off commands IPMI OEM Commands 01 1C - Set Power Off Inhibit This command sets the Power Off Inhibit flag, which temporarily suppresses any unfounded attempt to power down the server. If the Power Off Inhibit flag is set, the firmware saves the cause of any attempt to perform a Power Off, Power Cycle or restart of the server, but does not perform the action. The cause of the most recent attempt to perform a Power Off, Power Cycle or restart of the server is always saved at any given time. The stored action is only performed when the Power Off Inhibit flag is reset. The Power Off Inhibit flag is automatically reset after a power failure or when the reset button is pressed. The effect of the Power Off Inhibit flag is the same as that of the Dump flag used when creating a main memory dump. In this case, the initiator must set the flag before making the dump and reset it when the dump is complete. Request Data - B8 NetFn LUN: OEM/Group - 01 Cmd : Command Group Communication 1:3 80 28 00 IANA-Enterprise-Number FTS, LS Byte first 4 1C Command Specifier 5 00 Object ID 6:7 00 00 Value ID 8 01 Data Length 9 Power Off Inhibit Flag: 0 no Inhibit, 1 Inhibit Response Data - BC - 01 1 Completion Code 2:4 80 28 00 IANA-Enterprise-Number FTS, LS Byte first 420 irmc

IPMI OEM Commands SCCI-compliant Power On/Off commands 01 1D - Get Power Off Inhibit This command gets the value of the Power Off Inhibit flag. For further details on the Power Off Inhibit flag, see the description of 01 1C - Set Power Off Inhibit on page 420 Request Data - B8 NetFn LUN: OEM/Group - 01 Cmd : Command Group Communication 1:3 80 28 00 IANA-Enterprise-Number FTS, LS Byte first 4 1D Command Specifier Response Data - BC - 01 1 Completion Code 2:4 80 28 00 IANA-Enterprise-Number FTS, LS Byte first 5 01 Response Data Length 6 Power Off Inhibit Flag: 0 no Inhibit, 1 Inhibit irmc 421

SCCI-compliant Power On/Off commands IPMI OEM Commands 01 20 - Set Next Power On Time This command switches on a system at the given time independent of the stored On/Off times in the Configuration Space. I The command takes effect only once. You cancel a Power On time previously set with a 01 20 command by specifying the Power On time 0 in a subsequent 01 20 command. Request Data - B8 NetFnlLUN: OEM/Group - 01 Cmd : Command Group Communication 1:3 80 28 00 IANA-Enterprise-Number FTS, LS byte first 4 20 Command Specifier 5 00 Object ID 6:7 00 00 Value ID 8 04 Data Length 9:12 Time (LSB first) (see below) Response Data - BC - 01 1 Completion Code 2:4 80 28 00 IANA-Enterprise-Number FTS, LS byte first Time (LSB first) Time (UNIX-specific format) when the system switches on again. Time is NOT stored in non-volatile memory. Resolution is 1 minute. After the system has switched on, Time is set to 0 internally. If Time == 0, the system is not switched on. 422 irmc

IPMI OEM commands SCCI-compliant communication commands 12.2.3 SCCI-compliant communication commands I Die SCCI-compliant communication commands require that the Agent Service is running under the OS. To execute the commands, the irmc communicates with Agent which finally performs the action. 02 05 - System OS Shutdown Request This command initiates shutdown of the server s operating system. Request Data - B8 NetFnlLUN: OEM/Group - 02 Cmd : Command Group Communication 1:3 80 28 00 IANA-Enterprise-Number FTS, LS byte first 4 05 Command Specifier Response Data - BC - 02 1 Completion Code 2:4 80 28 00 IANA-Enterprise-Number FTS, LS byte first 02 06 - System OS Shutdown Request and Reset This command initiates the shutdown of the server s operating system and subsequently restarts the system. Request Data - B8 NetFnlLUN: OEM/Group - 02 Cmd : Command Group Communication 1:3 80 28 00 IANA-Enterprise-Number FTS, LS byte first 4 06 Command Specifier Response Data - BC - 02 1 Completion Code 2:4 80 28 00 IANA-Enterprise-Number FTS, LS byte first irmc 423

SCCI-compliant communication commands IPMI OEM commands 02 08 - Agent Connect Status This command checks whether the agent is active. Request Data - B8 NetFnlLUN: OEM/Group - 02 Cmd : Command Group Communication 1:3 80 28 00 IANA-Enterprise-Number FTS, LS byte first 4 08 Command Specifier Response Data - BC - 02 1 Completion Code 2:4 80 28 00 IANA-Enterprise-Number FTS, LS byte first 5 01 Data Length 6 Connect Status: 00 = Connection lost, agent not connected. 01 = Connection re-established, agent connected. 02 09 Shutdown Request Cancelled This command cancels a shutdown request that has been issued. Request Data - B8 NetFnlLUN: OEM/Group - 02 Cmd : Command Group Communication 1:3 80 28 00 IANA-Enterprise-Number FTS, LS byte first 4 09 Command Specifier Response Data - BC - 02 1 Completion Code 2:4 80 28 00 IANA-Enterprise-Number FTS, LS byte first 424 irmc

IPMI OEM commands SCCI-compliant signaling command 12.2.4 SCCI-compliant signaling command 10 02 - Write to System Display This command is used to write characters to the LocalView display (if connected). Request Data - B8 NetFnlLUN: OEM/Group - 10 Cmd : Command Group Fan Test 1:3 80 28 00 IANA-Enterprise-Number FTS, LS byte first 4 02 Command Specifier 5 Object Index: : Line on Display to write on. 6:7 Value ID (not used) 8 Length Number of characters to write, incremented by one. (The string need not be null-terminated; characters exceeding the length of a display line are truncated.) 9 Attribute: 0 = Write String left aligned. 1 = Write String centered. 10:10+n Characters to write to the display; string need not be nullterminated. Response Data - BC - 10 1 Completion Code 2:4 80 28 00 IANA-Enterprise-Number FTS, LS byte first irmc 425

Firmware-specific commands IPMI OEM Commands 12.2.5 Firmware-specific commands 20 04 - Set Firmware Selector This command configures the firmware image of the irmc which is to be active after a firmware reset. Request Data - 20 NetFnlLUN: Firmware - 04 CMD : Command Group Firmware 1 Selector: 0 = Auto (Select firmware image with highest firmware version.) 1 = low firmware image 2 = high firmware image 3 = Auto oldest version (Select firmware image with oldest firmware version.) 4 = MRP (Select most recently programmed firmware.) 5 = LRP (Select least recently programmed firmware.) Response Data - 24-04 1 Completion Code 426 irmc

IPMI OEM Commands Firmware-specific commands 20 05 - Get Firmware Selector This command returns the current firmware selector setting. Request Data - 20 NetFnlLUN: Firmware - 05 CMD : Command Group Firmware Response Data - 24-05 1 Completion Code 2 Next Boot Selector: 0 = Auto (Select EEPROM with highest firmware version.) 1 = low EEPROM 2 = high EEPROM 3 = Auto oldest version (Select EEPROM oldest firmware version.) 4 = MRP (Select most recently programmed firmware.) 5 = LRP (Select least recently programmed firmware.) 3 Running Selector; tells which firmware is currently running: 1 = low EEPROM 2 = high EEPROM irmc 427

Firmware-specific commands IPMI OEM Commands C0 19 - Get Remote Storage Connection or Status Depending on the parameters passed, this command returns information on whether any Remote Storage connections are available, the status and type of any Remote Storage connection(s). If Request Data 1 is set to 1, the command returns information as to whether storage media are connected as Remote Storage. Request Data - C0 NetFnlLUN: OEM - 19 CMD : Command Group Firmware 1 01 2 00 3 00 Response Data - C4-19 1 Completion Code 2 01 3 00: No 01: Yes, connected 4 00 5 00 428 irmc

IPMI OEM Commands Firmware-specific commands If Request Data 1 is set to 2, the command returns information on the status and type of any Remote Storage connection(s). Request Data - C0 NetFnlLUN: OEM - 19 CMD : Command Group Firmware 1 02 2 00 3 00 = Connection 0 01 = Connection 2 Response Data - C4-19 1 Completion Code 2 02 3 00 4 00 5 00 = Invalid / unknown 01 = idle 02 = Connection Attempt pending 03 = Connected 04 = Connection Attempts retries exhausted / failed 05 = Connection lost 06 = Disconnect pending 6 00 = Invalid / unknown 01 = Storage Server / IPMI 02 = Applet 03 = None / Not connected C0 1A - Set Video Display On/Off This command allows you to switch the local console on or off. Request Data - C0 NetFnlLUN: OEM - 1A Cmd : Command Group Fan Test 1 00 = Set Video Display On 01 = Set Video display Off Response Data - C4-1A 1 Completion Code irmc 429

BIOS-specific commands IPMI OEM commands 12.2.6 BIOS-specific commands F1 09 - Get BIOS POST State This command provides information whether BIOS is in POST. Request Data - B8 NetFnlLUN: OEM/Group - F1 Cmd : Command Group BIOS 1:3 80 28 00 IANA-Enterprise-Number FTS, LS Byte first 4 09 Command Specifier Response Data - BC - F1 1 Completion Code 2:4 80 28 00 IANA-Enterprise-Number FTS, LS Byte first 5 [7:1] - reserved [0] - BIOS POST State : 0 = BIOS is not in POST 1 = BIOS is in POST 430 irmc

IPMI OEM commands BIOS-specific commands F1 15 - Get CPU Info This command returns CPU-internal information. The irmc gets this information from the BIOS during the POST phase. Request Data - B8 NetFnlLUN: OEM/Group - F1 Cmd : Command Group BIOS 1:3 80 28 00 IANA-Enterprise-Number FTS, LS Byte first 4 15 Command Specifier 5 Socket Number (0-based) of the CPU Response Data - BC - F1 1 Completion Code: 01 = Unpopulated CPU Socket 2:4 80 28 00 IANA-Enterprise-Number FTS, LS Byte first 5:6 CPU ID, LS Byte first 7 Platform ID 8 Brand ID 9:10 Maximal Core Speed of the CPU [MHz], LS Byte first 11:12 Intel Qickpath Interconnect in Mega Transactions per second, LS Byte first 13 T-Control Offset 14 T-Diode Offset 15 CPU data Spare 16:17 Record ID CPU Info SDR, LS Byte first 18:19 Record ID Fan Control SDR, LS Byte first 20:21 CPU ID High Word, LS Byte first (0 if none) irmc 431

irmc-specific commands IPMI OEM commands 12.2.7 irmc-specific commands F5 10 - Get System Status This command returns a variety of internal information on the system such as the power state, error status, etc. Request Data - B8 NetFnlLUN: OEM/Group - F5 Cmd : Command Group Memory 1:3 80 28 00 IANA-Enterprise-Number FTS, LS byte first 4 10 Command Specifier 5:8 Timestamp Response Data - BC - F5 1 Completion Code 2:4 80 28 00 IANA-Enterprise-Number FTS, LS byte first 5 System Status (For details see below.) 6 Signaling (For details see below.) 7 Notifications (For details see below.) 8 POST Code I The Timestamp is only relevant for evaluating the Notifications Byte. System Status Bit 7 - System ON Bit 6 - Bit 5 - Bit 4 - SEL entries available Bit 3 - Bit 2 - Watchdog active Bit 1 - Agent connected Bit 0 - Post State 432 irmc

IPMI OEM commands irmc-specific commands Signaling Bit 7 - Localize LED Bit 6 - Bit 5 - Bit 4 - Bit 3 - Bit 2 - Bit 1 - Global Error LED Bit 0 - Global Error LED Notifications Bit 7 - SEL Modified (New SEL Entry) Bit 6 - SEL Modified (SEL Cleared) Bit 5 - SDR Modified Bit 4 - Nonvolatile IPMI Variable Modified Bit 3 - ConfigSpace Modified Bit 2 - Bit 1 - Bit 0 - New Output on LocalView display irmc 433

irmc-specific commands IPMI OEM commands F5 12 - Get EEPROM Version Info This command returns information on the current versions (bootloader, firmware and SDR) stored in the EEPROM(s). Request Data - B8 NetFnlLUN: OEM/Group - F5 Cmd : Command Group Memory 1:3 80 28 00 IANA-Enterprise-Number FTS, LS byte first 4 12 Command Specifier 5 EEPROM# 00=EEPROM 1; 01=EEPROM 2 Response Data - BC - F5 1 Completion Code 2:4 80 28 00 IANA-Enterprise-Number FTS, LS byte first 5 Status 00=Checksum Error Runtime FW, 01=OK 6 Major FW Revision Binary coded 7 Minor FW Revision BCD coded 8:10 Aux. FW Revision Binary coded (major/minor/res.) 11 Major FW Revision ASCII coded letter 12 Major SDRR Revision BCD coded 13 Minor SDRR Revision BCD coded 14 SDRR Revision Char. ASCII coded letter 15 SDRR-ID LSB binary coded 16 SDRR-ID MSB binary coded 17 Major Booter Revision Binary coded 18 Major Booter Revision BCD coded 19:20 Aux. Booter Revision Binary coded (major/minor) 434 irmc

IPMI OEM commands irmc-specific commands F5 43 - Get SEL entry long text This command translates a given SEL entry into long text. Request Data - B8 NetFn LUN: OEM/Group - F5 Cmd : Command Group irmc 1:3 80 28 00 IANA-Enterprise-Number FTS, LS Byte first 4 43 Command Specifier 5:6 Record ID of SEL record, LS Byte first 0x0000: get first record 0xFFFF: get last record 7 Offset in response SEL text 8 MaxResponseDataSize size of Converted SEL data (16:n) in response Response Data - BC - F5 1 Completion Code: 2:4 80 28 00 IANA-Enterprise-Number FTS, LS Byte first 5:6 Next Record ID 7:8 Actual Record ID 9 Record type 10:13 Timestamp 14 Severity: Bit 7: 0 = No CSS component 1 = CSS component Bit 6-4: 000 = INFORMATIONAL 001 = MINOR 010 = MAJOR 011 = CRITICAL 1xx = Unknown Bit 3-0: reserved, read as 0000 15 Data length of the whole text 16:n Converted SEL data requested part (n = 16 + MaxResponseDataSize - 1) n + 1 String Terminator trailing '\0' character irmc 435

irmc-specific commands IPMI OEM commands F5 45 - Get SEL Entry Text This command translates a given SEL entry into ASCII text. Request Data - B8 NetFnlLUN: OEM/Group - F5 Cmd : Command Group irmc 1:3 80 28 00 IANA-Enterprise-Number FTS, LS Byte first 4 45 Command Specifier 5:6 Record ID of SDR, LS Byte first Response Data - BC - F5 1 Completion Code 2:4 80 28 00 IANA-Enterprise-Number FTS, LS Byte first 5:6 Next Record ID 7:8 Actual Record ID 9 Record type 10:13 Timestamp 14 Severity: Bit 7: 0 = No CSS component 1 = CSS component Bit 6-4: 000 = INFORMATIONAL 001 = MINOR 010 = MAJOR 011 = CRITICAL 1xx = Unknown Bit 3-0: reserved, read as 0000 15 Data length 16:35 Converted SEL data 436 irmc

IPMI OEM commands irmc-specific commands F5 B0 - Set Identify LED This command allows you to switch the Identify LED (blue) of the server on and off. In addition, you can set and read the GPIOs that are directly connected to the Identify LED. I You can also switch the Identify LED on and off using the Identify switch on the server. Request Data - B8 NetFnlLUN: OEM/Group - F5 Cmd : Command Group BMC 1:3 80 28 00 IANA-Enterprise-Number FTS, LS byte first 4 B0 Command Specifier 5 Identify LED: 0: Identify LED off 1: Identify LED on Response Data - BC - F5 1 Completion Code 2:4 80 28 00 IANA-Enterprise-Number FTS, LS byte first F5 B1 - Get Identify LED This command returns information on the status of the Identify LED (blue) of the server. Request Data - B8 NetFnlLUN: OEM/Group - F5 Cmd : Command Group BMC 1:3 80 28 00 IANA-Enterprise-Number FTS, LS byte first 4 B1 Command Specifier Response Data - BC - F5 1 Completion Code 2:4 80 28 00 IANA-Enterprise-Number FTS, LS byte first 5 State of Identify LED (only bit 0 is relevant) irmc 437

irmc-specific commands IPMI OEM commands F5 B3 - Get Error LED This command returns information on the status of the Global Error LED (red) of the server. The Global Error LED indicates the most serious error status of the components. Request Data - B8 NetFnlLUN: OEM/Group - F5 Cmd : Command Group BMC 1:3 80 28 00 IANA-Enterprise-Number FTS, LS byte first 4 B3 Command Specifier Response Data - BC - F5 1 Completion Code 2:4 80 28 00 IANA-Enterprise-Number FTS, LS byte first 5 State of Error LED: 0: Error LED off 1: Error LED on 2: Error LED blink 438 irmc

IPMI OEM commands irmc-specific commands F5 DF - Reset Nonvolatile Cfg Variables to Default This command forces all non-volatile IPMI settings to be set to default values. Request Data - B8 NetFnlLUN: OEM/Group - F5 Cmd : Command Group BMC 1:3 80 28 00 IANA-Enterprise-Number FTS, LS byte first 4 DF Command Specifier 5:8 43 4C 52 AA = CLR 0xaa: Security Code Response Data - BC - F5 1 Completion Code 2:4 80 28 00 IANA-Enterprise-Number FTS, LS byte first F5 E0 - Reset ConfigSpace variables to default This command forces all Configuration Space variables to be set to default values. Request Data - B8 NetFnlLUN: OEM/Group - F5 Cmd : Command Group BMC 1:3 80 28 00 IANA-Enterprise-Number FTS, LS byte first 4 E0 Command Specifier 5:8 43 4C 52 AA = CLR 0xaa: Security Code Response Data - BC - F5 1 Completion Code 2:4 80 28 00 IANA-Enterprise-Number FTS, LS byte first irmc 439

irmc-specific commands IPMI OEM commands F5 F8 - Delete User ID The system supports up to 16 users. This command allows individual irmc users to be deleted. V IMPORTANT! The system can no longer be managed if all irmc users are deleted. Request Data - B8 NetFnlLUN: OEM/Group - F5 Cmd : Command Group BMC 1:3 80 28 00 IANA-Enterprise-Number FTS, LS byte first 4 F8 Command Specifier 5:8 User ID (1-16) Response Data - BC - F5 1 Completion Code 2:4 80 28 00 IANA-Enterprise-Number FTS, LS byte first 440 irmc

Related publications The documentation for the PRIMERGY manuals can be found on the PRIMERGY ServerView Suite DVD 2 supplied with each server system. The documentation can also be downloaded free of charge from the Internet. You will find the online documentation on the Internet at http://manuals.ts.fujitsu.com under the link Industry standard servers. [1] ServerView Suite Basic Concepts [2] PRIMERGY Glossary [3] PRIMERGY Abbriviations [4] Secure PRIMERGY Server Management Enterprise Security PRIMERGY server management for secure, highly available platforms White Paper [5] PRIMERGY ServerView Suite Installation Manager User Guide [6] PRIMERGY ServerView Suite Deployment Manager User Guide [7] PRIMERGY ServerView Suite ServerView Operations Manager Installation under Windows Installation Guide [8] PRIMERGY ServerView Suite ServerView Operations Manager Installation under Windows Quick Installation Guide irmc 441

Related publications [9] PRIMERGY ServerView Suite ServerView Operations Manager Installation under Linux Installation Guide [10] PRIMERGY ServerView Suite ServerView Operations Manager Installation under Linux Quick Installation Guide [11] PRIMERGY ServerView Suite ServerView S2 ServerView Agents (Linux, VMware) Quick Installation Guide [12] PRIMERGY ServerView Suite ServerView Operations Manager Server Management User Guide [13] PRIMERGY ServerView Suite ServerView Inventory Manager User Guide [14] PRIMERGY ServerView Suite ServerView Archive Manager User Guide [15] PRIMERGY ServerView Suite Asset Management Command Line Interface User Guide [16] PRIMERGY ServerView Suite ServerView RAID Manager User Guide [17] PRIMERGY ServerView Suite ServerView Event Manager User Guide 442 irmc

Related publications [18] PRIMERGY ServerView Suite ServerView Threshold Manager User Guide [19] PRIMERGY ServerView Suite ServerView Performance Manager User Guide [20] PRIMERGY ServerView Suite ServerView Download Manager ServerView User Guide [21] PRIMERGY ServerView Suite ServerView Update Manager User Guide [22] PRIMERGY ServerView Suite ServerView Update Manager Express User Guide [23] PRIMERGY ServerView Suite PrimeUp User Guide [24] PRIMERGY ServerView Suite Bootable Update CD User Guide [25] PRIMERGY ServerView Suite ServerView Online Diagnostics User Guide [26] PRIMERGY ServerView Suite Local Service Concept (LSC) User Guide [27] PRIMERGY ServerView Suite PrimeCollect User Guide irmc 443

Related publications [28] PRIMERGY ServerView Suite ServerView Virtual-IO Manager User Guide [29] PRIMERGY ServerView Suite ServerView Virtual-IO Manager CLI Command Line Interface [30] PRIMERGY ServerView Suite ServerView Integration Overview [31] PRIMERGY ServerView Suite ServerView Integration in MOM User Guide [32] PRIMERGY ServerView Suite ServerView Integration Pack for MS SCOM User Guide [33] PRIMERGY ServerView Suite ServerView Integration Pack for MS SMS User Guide [34] PRIMERGY ServerView Suite DeskView and ServerView Integration Pack for Microsoft SCCM User Guide [35] PRIMERGY ServerView Suite ServerView Integration in HP OpenView NNM User Guide [36] PRIMERGY ServerView Suite ServerView Integration in HP Operations Manager User Guide [37] PRIMERGY ServerView Suite ServerView Integration Pack in Tivoli NetView User Guide [38] PRIMERGY ServerView Suite ServerView Integration Pack in Tivoli TEC User Guide 444 irmc

Related publications [39] PRIMERGY ServerView Suite ServerView Integration in DeskView User Guide [40] PRIMERGY ServerView Suite ServerView Remote Management Frontend User guide [41] PRIMERGY ServerView Suite irmc - integrated Remote Management Controller User Guide [42] PRIMERGY ServerView Suite irmc S2 - integrated Remote Management Controller User Guide [43] PRIMERGY BX300 Blade Server Systems Operating Manual [44] PRIMERGY BX600 Blade Server Systems Operating Manual [45] PRIMERGY BX600 Blade Server Systems ServerView Management Blade S3 User Interface Description User Guide [46] PRIMERGY BX900 Blade Server Systems Operating Manual [47] PRIMERGY BX900 Blade Server Systems ServerView Management Blade S1 User Interface Description User Guide [48] PRIMERGY Blade Server System LAN Switch Blade User Interface Description User Guide [49] BIOS-Setup Description irmc 445

Related publications [50] PRIMEPOWER ServerView Suite System Administration within a Domain User Guide [51] FibreCAT CX Monitoring FibreCAT SX systems with ServerView Operations Manager Welcome Guide [52] FibreCAT SX Monitoring FibreCAT SX systems with ServerView Operations Manager Welcome Guide [53] StorMan Provisioning and managing virtualized storage resources Administrator and User Guide [54] APC network management card User s Guide [55] VMware VMware ESX Server Installation Guide [56] VMware VMware ESX Server Administration Guide 446 irmc

Index A Active Directory 15, 57, 66, 365 configuration using the irmc web interface 272 configuration using the Server Configuration Manager 365 irmc groups and user permissions 88 advanced features 370 Advanced Video Redirection see also AVR Advanced Video Redirection (AVR) 288 alarm, see also alerting 351 alerting configuring 53, 55, 247, 356 ASR&R Fan Settings 338 ASR&R options configuring 231 ASR&R Temperature Settings 340 assign irmc users to a group 88, 117 remote storage server to irmc 297, 370 assign irmc users to OU irmcgroups in Active Directory 88 assign irmc users to the OU irmcgroups in edirectory 117 in OpenLDAP 128 AVR 133 checking requirements 134 integrated special keys 138 local monitor off 137 menus 147 parallel sessions 136 redirecting the keyboard 136 redirecting the mouse 140 secure keyboard 139 special key combinations 138 starting 288 using 135 virtual keyboard 139, 148 AVR window Extras menu 147, 148 Languages menu 151 Preferences menu 152 Remote Storage menu 151 B BIOS text console 277 BIOS text console redirection configuring 42, 43, 277 boot irmc 193 boot options configuring 209 boot watchdog 233 C CA (Certification Authority) 83 call remote storage server GUI 172 CD ROM 159 certificate self-signed 204 Certification Authority (CA) 83 certification authority, see CA 83 channel-specific permission group 60 privileges 60 check power supply 221 see also Enclosure Information 318 sensors 215 server component 222 temperature sensor 218 voltage sensor 220 check temperature 318 irmc 447

Index CLP 324 user data 326 CLP, see also SMASH CLP color code (sensor) 215 Command Line Protocol (CLP) 324 command line shell (Remote Manager) 323 communication interfaces (irmc) 18 component status 222 components (server) monitoring 222 configuration tools, LAN interface 38 configuration using the Server Configuration Manager 329 Active Directory 365 ASR&R Fan Settings 338 ASR&R Temperature Settings 340 calling from the Installation Manager 330 calling from the Operations Manager 333 calling from the Windows Start menu 331 edirectory 367 irmc advanced features 370 irmc directory service 362 irmc DNS registration 347 irmc DNS server 349 irmc email alerting 351 irmc LAN interface 342 irmc mail format settings 354 irmc networking ports 345 irmc SNMP alerting 356 OpenLDAP 367 starting system configuration 330 user ID (irmc user manangement) 357 configure 351 alerting 53, 55, 247, 356 ASR&R options 231 boot options 209 console redirection 43, 277 directory dervice 362 directory service 269, 365 directory service (Active Directory) 272 directory service (edirectory) 274 directory service (OpenLDAP) 274 directory service on the irmc 362 DNS for irmc 245, 349 edirectory 103, 367 edirectory for LDAP 104 email alerting 252, 351 Ethernet settings (irmc) 236, 342 host name for irmc 243, 347 HP SIM integration 234, 371 IP parameters (irmc) 342 irmc 35 irmc over the web interface 52 LAN interface 36, 39, 52, 54, 235 LAN parameters (irmc) 342 LDAP access on the irmc 83 mail-format-dependent settings 257, 354 new user 261, 358 OpenLDAP 125, 367 ports and network services (irmc) 239, 345 power on/off times (server) 213 remote storage server 173 serial interface 48 serial/modem alerting 250 server management information 229 SNMP trap alerting 248 system event log (server) 227 text console redirection 42, 43, 277 user 261 user (details) 262 users 259, 357 users, locally 259, 357 448 irmc

Index watchdog settings 233 configure users locally 259, 357 connection to Remote Storage, terminating 163 connection to remote storage server clearing 297 establishing 297 console redirection configuring 277 starting (Remote Manager) 322 while the operating system is running 46, 286 ConsoleOne installing 101 starting 102 copyright (SSL) 131 create NDS tree (edirectory) 103 D default DHCP name (irmc) 32 device type (remote storage) 159 DHCP configuration 243 Directory Service 66 directory service 15, 57, 66, 269, 362 directory service see also Active Directory, edirectory, OpenLDAP 15, 57, 66 directory service see also Directory Service display current DSA certificate 200 DSA/RSA certificate 200 DNS configuration 245 DNS for irmc configuring 245, 349 DNS registration 347 DNS server 349 documentation 12 domain controller certificate 85, 87 DSA certificate default certificate 198 displaying current 200 entering directly 203 restoring default certificate 201 DSA key (private) entering directly 203 loading on the irmc 198 providing in file 202 DSA/RSA certificate displaying 200 entering directly 203 input format 198 loading on the irmc 198 DSA/RSA key entering directly 203 input format 198 DVD ROM 159 E edirectory 15, 57, 66, 367 administration tips 121 assigning irmc users to the OU irmcgroups 117 configuration using the Server Configuration Manager 367 configuring 103 configuring for LDAP 104 creating Principal User for irmc 113 importing the LDIF file 111 irmc groups and user permissions 113 LDAP authentication process 109 software components and system requirements 95 testing access via LDAP browser 108 edirectory Server installing 97 EEPROM, irmc 374 email alerting 351 configuring 252, 351 email configuration 266 emergency mode 386 irmc 449

Index enclosure information (Remote Manager) 317 enter DSA certificate 203 DSA/RSA key 203 Enterprise CA 83 error icon 223 Ethernet 236 Ethernet settings (irmc) configure 342 configuring 236 execution mode remote storage server 171 exit remote storage server 176 F factory defaults, irmc 32, 96 fan testing 216 fan test 216 fans monitoring 216 firmware selector, irmc 375 firmware update 373 offline update 383 online update 380 operands 387 firmware, irmc 374 flash tool offline update (firmware) 385 online update (firmware) 381 flash tools flbmc 385 RedhatFLBMC 381 SuseFLBMC 381 syntax and operands 387 WinFLBMC 381 flash, see also firmware update FlashDisk menu offline update (firmware) 384 flbmc offline update (firmware) 385 floppy disk drive 159 functions, irmc 13 G generate self-signed certificate 204 global email paging configuration 254 global error LED 188 global irmc user management 66 global irmc user management via Active Directory 77 via edirectory 95 via OpenLDAP 124 global user ID 57 H host name (irmc) 347 configure 347 configuring 243 see also irmc name HP SIM integration configuring 234, 371 I ICMB 21 identification LED 188, 321 image file (ISO image) 159, 165 imanager installing 99 login 100 install ConsoleOne 101 imanager 99 Linux 409 OpenLDAP 124 operating system 391 remote storage server 166 see also remote installation of the operating system Windows 405 450 irmc

Index installing edirectory administration utilities 97 edirectory Server 97 integrated special keys (AVR) 138 Intelligent Platform Management Interface, see IPMI interfaces (irmc) 18 IPMB 21 IPMI background 19 channel concept 26 definition 19 implementation 21 IPMI-over-LAN interface 24 references 27 Serial Over LAN (SOL) 25 standards 21 user IDs 27 IPMI OEM commands 415 0115 - Get Power On Source 418 0116 - Get Power Off Source 419 011C - Set Power Off Inhibit 420 0120 - Set Next Power On Time 422 0205 - System OS Shutdown Request 423 0206 - System OS Shutdown Request and Reset 423 0208 - Agent Connect Status 424 0209 Shutdown Request Cancelled 424 1002 - Write to System Display 425 2004 - Set Firmware Selector 426 2005 - Get Firmware Selector 427 C019 - Get Remote Storage Connection or Status 428 C01A - Set Video Display On/Off 429 description format 417 F109 - Get BIOS POST State 430 F115 - Get CPU Info 431 F510 - Get System Status 432 F512 - Get EEPROM Version Info 434 F543 - Get SEL entry long text 435 F545 - Get SEL Entry Text 436 F5B0 - Set Identify LED 437 F5B1 - Get Identify LED 437 F5B3 - Get Error LED 438 F5DF - Reset Nonvolatile Cfg Variables to Default 439 F5E0 - Reset ConfigSpace variables to default 439 F5F8 - Delete User ID 440 overview 415 IPMI OEMcommands 011D - Get Power Off Inhibit 421 irmc 18 Advanced Video Redirection (AVR) 288 AVR 133 communication interfaces 18 configuring 35 configuring over the web interface 52 configuring the LAN interface 36, 39, 52, 54, 235 configuring the serial interface 48 configuring with the Server Configuration Manager 54 default DHCP name 32 EEPROM 374 factory defaults 32, 96 firmware 374 firmware selector 375 firmware update 373 functions 13 license key 133, 155 local monitor off 137, 289 logging in (requirements) 31 irmc 451

Index logging into the web interface 33, 178 offline update (firmware) 383 online update (firmware) 380 permissions 61 power supply 214 remote installation of the operating system 391 remote storage 155, 165, 296 remote storage server 165 restarting 193 testing the LAN interface 41 user interface 183 user management 57 user permissions 60 îrmc remote storage 151 irmc advanced features 370 irmc directory service 362 configuring Active Directory 365 configuring edirectory 367 configuring OpenLDAP 367 irmc DNS registration 347 irmc DNS server 349 irmc email alerting 351 irmc firmware settings 196 irmc information 192 querying 192 irmc LAN interface 342 irmc mail format settings 354 irmc options, miscellaneous 195 irmc SNMP alerting 356 irmc SSH access 298 irmc Telnet access 298 irmc user creating in OpenLDAP 128 irmc user group assigning 88, 117 irmc user management 357 global via Active Directory 77 global via edirectory 95 global via OpenLDAP 124 integrating in OpenLDAP 126 irmc users assigning 88, 117 irmc web interface 177 Advanced Video Redirection (AVR) 288 alerting 247 alerting - email alerting 252 alerting - serial/modem alerting 250 alerting - SNMP trap alerting 248 BIOS text console 277 certificate upload 198 color scheme 195 configuring irmc 52 DHCP configuration 243 directory service configuration 269 DNS configuration 245 general settings 195 irmc 191 irmc information 192 irmc SSH access 298 irmc Telnet access 298 irmc Telnet/SSH access 298 local monitor 289 network interface 236 network settings 235 permissions 180 ports and network services 239 power management 206 power on/off 207 power options 211 power supply 214 power supply info 214 remote storage 296 saving firmware settings 196 saving irmc firmware settings 196 sensors 215 sensors - component status 222 sensors - fans 216, 220 sensors - power supply 221 sensors - temperature 218 452 irmc

Index server management information 229 structure of the user interface 183 system component information 187, 190 system event log 223 system event log configuration 227 system event log content 224 system information 186 temperature display 195 user management 62, 259 user management (local) 259 user management - new user configuration 261 user management - user name configuration 261, 262 irmcgroups 73 assigning irmc users (edirectory) 117 ISO image (image file) 159, 165 K key combinations, special (AVR) 138 keyboard redirect (AVR) 136 virtual (AVR) 139, 148 L LAN interface 342 LAN interface (irmc) 37 configuring 36, 39, 52, 54, 235 testing 41 LAN parameters (irmc) configuring 235, 342 LDAP access (irmc) configuring 83 LDAP authentication process (edirectory) 109 LDAP configuration 269, 362 Active Directory 272 edirectory 274 OpenLDAP 274 LDAP directory service see also directory service LDAP, see also directory service LDIF file 73 importing into Active Directory 77 importing into directory service 76 importing into edirectory 111 importing into OpenLDAP 126 ldifde 78 license key 133, 155, 193, 194, 195, 370 deleting 194 loading onto the irmc 194 Linux, remote installation 409 local monitor powering on and off 137, 289 local monitor display 289 local monitor off 137, 289 local user ID 57 local user management (irmc) 62, 259, 357 log in to irmc (requirements) 31 to Remote Manager 308 to the irmc web interface 33, 178 M mail format settings 354 mail see also email mail-format-dependent configuration 257 main menu (Remote Manager) 310 managed server, see server management information 229 management information, see server management information Microsoft Active Directory see also Active Directory 15, 57, 66 Microsoft Active Directory, see Active Directory Miscellaneous irmc Options 195 irmc 453

Index monitor fans 216 power supply 221 temperature 218 voltage 220 monitor, local 137, 289 monitor, see check mouse pointer synchronizing 140 mouse redirection (AVR) 140 N network interface 236 network settings 235 networking ports 345 new user configuration 261 notational conventions 29 Novell ConsoleOne see also ConsoleOne Novell edirectory directory see also edirectory Novell edirectory see also edirectory Novell edirectory Server see also edirectory Server Novell edirectory, see edirectory Novell imanager see also imanager O offline update (firmware) 383 online update (firmware) 380 Open LDAP Browser/Editor 79 OpenLDAP 15, 57, 66, 367 administration tips 129 assigning irmc users to the OU irmcgroups 128 configuration using the Server Configuration Manager 367 configuring 125 create Principal User 127 creating an irmc user 128 creating SSL certificates 124 importing the LDIF file 126 installing 124 integrating irmc user management 126 irmc groups and user permissions 126 irmc user management 124 operate irmc using Telnet/SSH 303, 305 irmc via Telnet/SSH 298 Remote Manager 305 operating system, remote installation 391 see also remote installation of the operating system overview of menus Remote Manager 305 P parallel AVR sessions 136 password changing 313 permission group 70 channel-specific 60 permission, see also privilege permissions for special irmc functions 61 irmc web interface 180 Remote Manager 312 ports and network services 239 configuring for irmc 239, 345 power control 210 power management 206, 207, 211, 315 behavior after power outage 212 power on/off time 213 power restore policy 212 restart options 210 power off server 210 power on server 210 power on/off 207 power on/off time 213 power options 211 power restore policy 212 454 irmc

Index power status summary 208 power supply monitoring 221 power supply info 214 preconfigured user ID 61 primary SMTP server configuration 255 Principal User creating in edirectory 113 creating in OpenLDAP 127 private DSA/RSA key, see DSA/RSA key privilege privileges / permissions 265 privileges, channel-specific 60 Q query information on server 187 information on server components 190 irmc information 192 server management information 229 system information 186 query information information on server 187 irmc firmware 193 on irmc 192 power supply 221 server components 190 system event log 227 voltage sensors 220 query system information 314 R RedhatFLBMC online update (firmware) 381 redirect keyboard (AVR) 136 redirect mouse (AVR) 140 remote installation of the operating system 391 general procedure 392 Linux 409 remote storage connection 394 requirements 391 Windows 405 Remote Manager 298, 303, 305 changing the password 313 enclosure information 317 logging in 308 main menu 310 operating 305 overview of menus 305 permissions 312 power management 315 service processor 321 starting console redirection 322 starting the command line shell 323 system event log 319 system information 314 Remote Manager (Serial) 51 Remote Storage terminating a connection 163 remote storage 151, 155, 165, 296 connecting storage media 161 device type 159 providing storage media 159 removing the storage medium 164 starting 157 remote storage server 165 assigning 370 calling the GUI 172 configuring 173 executing as a service 171 executing as stand-alone 171 execution mode 171 exiting 176 installing 166 starting 175 RemoteView documentation 12 requirements AVR 134 remote installation of the operating system 391 irmc 455

Index restart options 210 RSA certificate, see DSA/RSA certificate S secondary SMTP server configuration 256 secure keyboard (AVR) 139 security group 70 security group see also permission group self-signed certificate 204 sensor checking 215 color code 215 status icon 215 sensors 215 serial/modem alerting 250 configuring 250 serial/modem interface (irmc) 48 configuring 49 Remote Manager (Serial) 51 server ASR&R options 231 booting and configuring with ServerStart 398 checking components 222 checking sensors 215 configuring settings 229 configuring the event log 227 HP SIM integration options 234, 371 power management 211 power management after power outage 212 power options 211 power supply info 214 powering on and off 210 remote installation (Linux) 409 remote installation (Windows) 405 remote installation of the operating system 391 specifying power on/off time 213 view event log 226 watchdog settings 233 Server Configuration Manager configuring irmc 54 user management 64 user management (local) 357 Server Configuration Manager, see also configuration using the Server Configuration Manager server management information 229 querying and configuring 229 ServerView Update Manager Express see Update Manager Express ServerView Update Manager see Update Manager service 12 service processor (Remote Manager) 321 SMASH CLP 324 command hierarchy 326 commands 324 starting 323 syntax 324 user data 326 SMTP, see also email SNMP alerting 356 SNMP alerting, see SNMP trap alerting SNMP trap alerting 248 configuring 248, 356 software watchdog 233 special key combinations (AVR) 138 special keys integrated (AVR) 138 SSH 198, 298, 303, 305 SSL 198 SSL and SSH certificate 198 SSL certificate creating 124 SSL copyright 131 start Advanced Video Redirection 288 remote storage 157 456 irmc

Index remote storage server 175 remote storage server GUI 172 status components 222 status icon system component status 190 status icon (sensor) 215 storage media connecting as remote storage 161 providing for remote storage 159 SuseFLBMC online update (firmware) 381 synchronize mouse pointer 140 syntax 324 system component status status icon 190 system event log 223, 319 configuring 227 error icon 223 view 226 system event log configuration 227 system event log content 224, 226 error icon 223 system fans 217 system information 186, 187, 190 querying 186 system information (Remote Manager) 314 T target group 12 Telnet 298, 303, 305 temperature monitoring 218 temperature sensor checking 218 Temperature Settings (ASR&R) 338, 340 test fan 216 LAN interface 41 text console redirection configuring 42, 43, 277 while the operating system is running 46, 286 U update firmware 373 Update Manager online update (firmware) 380 Update Manager Express online update (firmware) 381 USB memory disk 159 user configuring 261 configuring (details) 262 configuring (new) 261 user name configuration 262 user data 326 user ID 27, 57 preconfigured 61 user information 263 user interface (irmc) 183 user management 259, 357 user management (irmc) 57 assigning users to a group 88, 117 concept 58 configuring LDAP access 83 creating a domain controller certificate 85 generating irmcgroups in the LDAP directory service 73 global 66 global user permissions 68, 69 installing a domain controller certificate 87 installing an Enterprise CA 83 integrating in edirectory 109 local 62 local using the irmc web interface 259 local via the irmc web interface 62 irmc 457

Index locally using the Server Configuration Manager 357 locally via the Server Configuration Manager 64 preferred shell 72 user ID 57 using Active Directory 66, 68 via directory service 68 user permissions 60 cross-server 69 global 68, 69 in Active Directory 88 in edirectory 113 in OpenLDAP 126 users configuring 259, 357 configuring (new) 358 W watchdog settings configuring 233 web interface, see irmc web interface Windows, remote installation 405 WinFLBMB online update (firmware) 381 X X.509 certificate, see DSA/RSA certificate V ventilator, see also fan view system event log (server) 226 virtual keyboard (AVR) 139, 148 voltage 220 voltage sensor checking 220 458 irmc