Transcription
HP ProLiant DL140 Generation 2 andHP ProLiant DL145 Generation 2 Lights-Out100i Remote Management ProcessorUser GuideDecember 2005 (Third Edition)Part Number 390153-003
Copyright 2005 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the expresswarranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HPshall not be liable for technical or editorial errors or omissions contained herein.Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212,Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S.Government under vendor’s standard commercial license.Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. Linux is a U.S. registered trademark of Linus Torvalds.December 2005 (Third Edition)Part Number 390153-003Audience assumptionsThis document is for the person who installs, administers, and troubleshoots servers and storage systems. HP assumes you are qualified in theservicing of computer equipment and trained in recognizing hazards in products with hazardous energy levels.
ContentsOperational overview . 5Server management. 5Server management features. 5Configuration . 6Configuring network access. 6Establishing user accounts . 7Using the serial port . 7Enabling serial access to the remote management processor . 7Remote management processor serial port configuration. 8Using TCP/IP over Ethernet management port . 8Selecting an Ethernet management port . 8Obtaining a DHCP IP address from the BIOS Setup Utility. 8Setting up a static IP address from the BIOS Setup Utility . 9Using Integrated Lights-Out 100i . 10New features . 10SSL overview . 10Importing an SSL certificate. 10Supported SSL options . 11Using SSL . 11SSH overview . 12Supported SSH features. 12Importing an SSH key . 12Using Secure Shell. 13CLP overview . 13Using CLP. 14Base commands . 14Specific commands. 16IPMI 2.0 support . 16Logging in to the remote management processor . 17Logging in through a Web browser . 17Accessing the system event log from the ROM-based setup . 17Logging in through the CLP . 18Browser main menu options . 18Using the remote console . 19BIOS console text redirection through telnet . 19Microsoft Windows EMS management . 20Controlling server power remotely . 20Controlling server power from a Web browser. 20Controlling server power through the CLP . 21Monitoring sensors . 21Viewing sensors data from a Web browser . 22Viewing sensors data from the BIOS setup . 22Using the system event log. 22Accessing the system event log from a Web browser . 22Accessing the system event log from the CLP . 22Accessing the system event log from the BIOS setup . 23Using the virtual floppy feature. 23Configuring the TFTP server. 24Configuring the virtual floppy from the BIOS setup . 24Contents3
Configuring virtual floppy from a Web browser. 24Configuring virtual floppy from the CLP . 25Rebooting the server . 25Hardware Inventory page . 26User administration. 26Changing the password through a Web browser . 26Changing the password through the CLP . 27Additional network settings. 27Configuring network settings using a Web browser . 28Configuring network settings using the CLP . 28IPMI Platform Event Filtering configuration pages . 28IPMI Platform Event Trap Configuration page . 30Acronyms and abbreviations. 31Index. 33Contents4
Operational overviewIn this sectionServer management. 5Server management features. 5Server managementThe HP ProLiant DL140 Generation 2 or HP ProLiant DL145 Generation 2 Lights-Out 100i RemoteManagement Processor delivers basic remote control of vital server resources and supports IPMI 2.0.Throughout this document, you will also see the term "BMC," which is synonymous with remotemanagement processor.The ProLiant DL140 G2 or ProLiant DL145 G2 Lights-Out 100i Remote Management Processor providessystem administrators with access to the server at any time, even before an operating system is installedon the server. This remote management processor provides a text mode console redirection, IPMI CLP,and browser access to many of the same IPMI functions. You can access the remote managementprocessor and the management features of the HP ProLiant DL140 G2 or ProLiant DL145 G2 Serverthrough a dedicated Ethernet port over a TCP/IP management port or the integrated serial port.Server management featuresWith the ProLiant DL140 G2 or ProLiant DL145 G2 Lights-Out 100i Remote Management Processor, youcan: Switch between console redirection and the command line using either the dedicated managementor serial port Communicate securely using SSL and SSH Remotely power on and off the server Perform warm or cold server reboots Reboot the server to a virtual floppy Remotely monitor server state voltage, fan speed, and system state (S0 or S5) Access the System Event Log Configure TCP/IP settings for the NIC Change user password Access the BMC and server controls using a standard browser or new industry standard SMASH CLPcommand line interface Access command line help Manage the server with IPMI 2.0 compliant applicationsOperational overview 5
ConfigurationIn this sectionConfiguring network access. 6Establishing user accounts . 7Using the serial port . 7Using TCP/IP over Ethernet management port. 8Configuring network accessThe server is connected to the network using a standard Ethernet cable. Through this connection, you canaccess the remote management CLP, verify POST remotely, and access the BIOS setup utility remotely.To configure network access:1.Connect a standard Ethernet cable between the onboard NIC on the server rear panel and anetwork jack. By default, the remote management card has DHCP enabled and will automaticallynegotiate an IP address. (The ProLiant DL140 G2 or ProLiant DL145 G2 system also provides theability to set up a static IP address through the BIOS setup menu. Refer to the following "To set up astatic IP address" procedure.)2.Obtain the DHCP IP address by using one of the following methods: Look at the DHCP clients table Read the IP address from BIOS setup menu (Press the F10 key during POST) underAdvanced/IPMI/LAN Setting.3.On the target server, press the F10 key during POST to enter BIOS setup.4.In the BIOS Setup utility, press the right arrow ( ) key to navigate to the Advanced menu.5.Press the down arrow ( ) key to scroll to IPMI. Press the Enter key.6.Press the down arrow ( ) key to scroll to the LAN Settings submenu. Press the Enter key.7.Press the down arrow ( ) key to scroll to the following settings, and set the parameters as needed(the following example shows configuring for remote management processor access using telnet anda Web page):8. BMC Telnet Service: [Enabled] BMC Ping Response: [Enabled] BMC HTTP Server: [Enabled]Using the DHCP IP address, use telnet to log into the remote management CLP, or use a Webbrowser to access the HTML interface.To set up a static IP address:1.On the target server, press the F10 key during POST to enter BIOS setup.2.In the BIOS Setup utility, press the right arrow ( ) key to navigate to the Advanced menu.3.Press the down arrow ( ) key to scroll to IPMI. Press the Enter key.4.Press the down arrow ( ) key to scroll to the LAN Settings submenu. Press the Enter key.Configuration6
5.Set the IP Address Assignment to STATIC. This setting enables you to modify a static IP addressthrough the BIOS setup menu.6.Press the down arrow ( ) key to scroll down and enter a valid IP address, subnet mask, andgateway address (press the Tab key to move between address fields).7.Press the down arrow ( ) key to scroll to the following settings, and set the parameters as needed(the following example shows configuring for remote management processor access using telnet anda Web page):8. BMC Telnet Service: [Enabled] BMC Ping Response: [Enabled] BMC HTTP Server: [Enabled]Press the F10 key to save and exit.Establishing user accountsThe remote management card supports an administrator and an operator account.The default account is Administrator, which enables the user to execute the full set of CLP commands andchange management processor configuration. The default user name is admin, and the default passwordis admin.The operator account enables the user to execute common commands and functions but restricts access tospecific functions, such as adding and changing user account information and changing the configurationof the management processor. HP recommends logging in with the operator account to perform commonfunctions. The default user name is Operator, and the default password is Operator.For more information on how to log in to the remote management card, refer to the "Logging in to theremote management processor (on page 17)" section.Using the serial portThe server serial port provides basic serial port functionality and also serves as an interface to the remotemanagement processor. You can configure the system serial port for exclusive use with BMC.CAUTION: After the port has been enabled for use with BMC, legacy serial devices might not functioncorrectly if attached to the serial port.You must also configure the remote management processor serial port hardware parameters to work withyour respective serial port communications software. Remote management processor serial portconfiguration is controlled with the BIOS Setup Utility.Enabling serial access to the remote management processor1.Power on the server by pressing the power on/off button on the front panel.2.When POST shows the message ROM-Based Setup, press the F10 key. If the server has anadministrator password configured, the system prompts you to enter the password. If the server doesnot have a password configured, the main screen of the BIOS Setup Utility appears.3.Press the right arrow ( ) key to navigate to the Advanced menu.4.Press the down arrow key ( ) to scroll to the IO Device Configuration menu. Press the Enter key.5.Press the down arrow key ( ) to scroll to the Serial Port menu. Press the Enter key to toggle betweenSIO COM Port and BMC COM Port.6.Select BMC COM Port.Configuration7
Remote management processor serial port configuration1.Power on the server by pressing the power on/off button on the front panel.2.When POST shows the message ROM-Based Setup, press the F10 key. If the server has anadministrator password configured, the system prompts you to enter the password. If the server doesnot have a password configured, the main screen of the BIOS Setup Utility appears.3.Press the right arrow ( ) key to navigate to the Advanced menu.4.Press the down arrow ( ) key to scroll to the Console Redirection menu.5.Press the Enter key to toggle between Enabled and Disabled. Select Enabled.6.Review the serial port settings, and be sure the settings match the serial port communicationssoftware settings used to connect to the remote management processor.7.Press the Esc key to return to the previous screen, or press the F10 key to save the changes and exitSetup.Using TCP/IP over Ethernet management portThe remote management processor LAN port can be accessed from two different Ethernet ports: thededicated 10\100 LOi00i management port, or through a side-band connection with the second LOM(NIC2).Selecting an Ethernet management portTo select either the LO100i or side-band connection:1.Power on the server by pressing the power on/off button on the front panel.2.When POST displays the message ROM-Based Setup, press the F10 key. If the server has anadministrator password configured, the system prompts you to enter the password. If the server doesnot have a password configured, the main screen of the BIOS Setup Utility appears.3.Press the right arrow ( ) key to navigate to the Advanced menu.4.Press the down arrow ( ) key to scroll to NIC Option. Press the Enter key to select between thededicated or side-band connection.5.Press the Esc key to return to the previous screen, or press the F10 key to save the changes and exitSetup.The dedicated TCP\IP over Ethernet management port, whether dedicated or shared, is a standardEthernet 10\100Mb interface and is connected to the network using a standard Ethernet cable. Beforeusing the dedicated management port, you must determine the DHCP IP address, set a static IP address,or use the default static IP address.Obtaining a DHCP IP address from the BIOS Setup Utility1.By default, the remote management processor has DHCP enabled and automatically negotiates an IPaddress. To view the DHCP IP address, run the BIOS setup program or retrieve the DHCP IP addressusing CLI through the serial port connection.2.Power on the server by pressing the power on/off button on the front panel.3.When POST displays the message ROM-Based Setup, press the F10 key. If the server has anadministrator password configured, the system prompts you to enter the password. If the server doesnot have a password configured, the main screen of the BIOS Setup Utility appears.4.Press the right arrow ( ) key to navigate to the Advanced menu.5.Press the down arrow ( ) key to scroll to the IPMI menu. Press the Enter key.Configuration8
6.Note the DHCP assigned IP address for future reference.7.Press the Esc key to return to the previous screen, or press the F10 key to save the changes and exitSetup.Setting up a static IP address from the BIOS Setup UtilityBy default, the remote management processor has DHCP enabled and automatically negotiates an IPaddress. To disable DHCP and enable a static address:1.Power on the server by pressing the power on/off button on the front panel.2.When POST displays the message ROM-Based Setup, press the F10 key. If the server has anadministrator password configured, the system prompts you to enter the password. If the server doesnot have a password configured, the main screen of the BIOS Setup Utility appears.3.Press the right arrow ( ) key to navigate to the Advanced menu.4.Press the down arrow ( ) key to scroll to the IPMI menu. Press the Enter key.5.Press the Enter key to toggle between DHCP and Static. Select Static.6.Press the down arrow ( ) key to scroll to the IP address field.7.Press the right arrow ( ) key to move to first octet.8.Enter the four octets of the static IP address, pressing the Enter or Tab key to move between eachoctet.9.Enter the subnet mask and gateway addresses as necessary.10. Note the static IP, subnet mask, and gateway addresses for future reference.11. Press the Esc key to return to the previous screen, or press the F10 key to save the changes and exitSetup.Configuration9
Using Integrated Lights-Out 100iIn this sectionNew features . 10SSL overview . 10SSH overview . 12CLP overview . 13IPMI 2.0 support . 16Logging in to the remote management processor. 17Browser main menu options. 18Using the remote console . 19Controlling server power remotely . 20Monitoring sensors . 21Using the system event log. 22Using the virtual floppy feature . 23Hardware Inventory page . 26User administration. 26Additional network settings. 27IPMI Platform Event Filtering configuration pages . 28IPMI Platform Event Trap Configuration page. 30New features Encrypted browser communication using SSL Encrypted command line interface communication using SSH DMTF SMASH CLP support IPMI 2.0 supportSSL overviewThe ProLiant DL140 G2 or ProLiant DL145 G2 Lights-Out 100i remote management processor providesstrong security for remote management in distributed IT environments by using 128-bit SSL encryption ofHTTP data transmitted across the network. SSL encryption ensures that the HTTP information is secure as ittravels across the network.Before using SSL for the first time, perform the one-time setup procedure detailed in the "Importing an SSLcertificate (on page 10)" section.Importing an SSL certificateBefore using the new SSL or SSH features of the Lights-Out 100 remote management processor, you mustcreate and install a public key (certificate). The key must be generated using external third-party software,placed on a TFTP server, and uploaded to the Lights-Out 100 remote management processor.Using Integrated Lights-Out 100i 10
The Lights-Out 100 remote management processor requires a 2048-bit DSA key stored in PEM (Base64encoded) format to be located on a TFTP server. For example, the following process uses Win32OpenSSL, downloaded from the Shining Light Productions SSL.html), and the commands issued in a DOSwindow to generate the certificate. To generate a certificate using Win32 OpenSSL:1.Download Win32 OpenSSL.2.Install and set up OpenSSL.3.Using OpenSSL, generate a DSA parameters file:openssl dsaparam -out server dsaparam.pem 20484.Generate the DSA private key file, called server privkey.pem:openssl gendsa -out server privkey.pem server dsaparam.pem5.Generate the DSA certificate (public key) file, called server cacert.pem:openssl req -new -x509 -key sshkey -out server cacert.pem -days 10956.When prompted for a distinguished name, enter an appropriate domain name for the servers thatwill receive the certificate.7.After a certificate has been created and copied to a TFTP server accessible on the same network asthe Lights-Out 100 remote management processor, use the CLP interface to log in to the Lights-Out100 remote management processor as administrator, and issue the command to upload and installthe certificate (the following commands can also be found in the /map1 directory):load -source URI -oemhpfiletype cerWhere: URI is the //tftpserver IP/path/filename to be downloaded. tftpserver is the URL or IP address of the TFTP server containing the certificate. filename is the file name of the certificate file.Supported SSL optionsThe remote management processor supports version SSLv3/TLSv1 of the protocol. The supportedalgorithms are:AlgorithmSupported versionSymmetric cyphersDES, 3DES, AESAsymmetrical encryption Diffie-Hellman, DSASymmetric modesCBCHash algorithmsSHA, SHA1MAC algorithmHMAC-SHACertificatesX.509v3Using SSLIf you cannot access the login page, you must verify the SSL encryption level of your browser is set to 128bits. The SSL encryption level within the management processor is set to 128 bits and cannot be changed.The browser and management processor encryption levels must be the same.Using Integrated Lights-Out 100i 11
SSH overviewSSH is a telnet-like program for logging into and for executing commands on a remote machine, whichincludes security with authentication, encryption, and data integrity features. The ProLiant DL140 G2 orProLiant DL145 G2 Lights-Out 100i remote management processor can support simultaneous access fromtwo SSH clients. After SSH is connected and authenticated, the command line interface is available.Before using SSH for the first time, perform the one-time setup procedure detailed in the "Importing anSSH key (on page 12)" section.The remote management processor supports: SSH protocol version 2. PuTTY 0.54, which is a free version of telnet and SSH protocol available for download on theInternet. When using PuTTY, versions before 0.54 might display two line feeds instead on a singleline feed, when the Enter key is pressed. To avoid this issue and for best results, HP recommendsusing version 0.54 or later. OpenSSH, which is a free version of the SSH protocol available for download on the Internet.NOTE: Logging in to an SSH session could take up to 90 seconds. Depending on the client used, you mightnot see on-screen activity during this time.Supported SSH featuresThe management processor only supports version 2, SSH-2, of the protocol. The different algorithmssupported are:FeatureEncryptionDES, 3DES, AESHashing algorithmsSHA1, SHA1-96Key basedauthenticationDSA public keyPasswordauthenticationSupported for two user accountsImporting an SSH keyBefore using the SSH features of the Lights-Out 100 remote management processor, you must create andinstall a public key. The public key must be generated using external third-party software, placed on aTFTP server, and uploaded to the Lights-Out 100 remote management processor.The Lights-Out 100 remote management processor requires a 1028-bit DSA key stored in PEM (Base64encoded) format to be located on a TFTP server. For example, you can use the SSHWindows packagedownloaded from the OpenSSH website (http://www.openssh.com/windows.html) to generate the keyon a Windows client by downloading the program SetupSSH.exe to the server, executing the file, andfollowing the on-screen instruction to complete the inst
system administrators with access to the server at any time, even before an operating system is installed on the server. This remote management processor provides a text mode console redirection, IPMI CLP, and browser access to many of the
