HP BladeSystem Onboard Administrator User Guide - HP Business ...

More documents

Recommendations

Info

Managing users Users/Authentication This section explains the levels of user rights recognized by the HP BladeSystem Onboard Administrator and provides detailed procedures to configure the management functionalities provided by the Onboard Administrator. The Users/Authentication menu item cannot be selected and does not display overview information for user accounts or settings. Instead, select any of the sublevel menu items for specific settings. User roles and privilege levels Within the Users/Authentication category of HP BladeSystem Onboard Administrator, you can access the Local Users subcategory. In this subcategory, you can create user accounts that individuals use to log in to the HP Onboard Administrator, and have a username, password, and typically contact information. Users can have one of three privilege levels: • ADMINISTRATOR allows access to all aspects of the HP BladeSystem Onboard Administrator including configuration, firmware updates, user management, and resetting default settings. • OPERATOR allows access to all information, but only certain configuration settings can be changed. This account is used for individuals who might be required to periodically change configuration settings. • USER allows access to all information, but no changes can be made within HP BladeSystem Onboard Administrator. This account is used for individuals who need to see the configuration of the HP BladeSystem Onboard Administrator but do not need the ability to change settings. The privilege level approach of HP BladeSystem Onboard Administrator to user permissions facilitates the maintenance of server blade bays. This approach operates according to the following principles: • Users are assigned privilege levels in User Management. • A user can have access to any combination of device bays, interconnect bays, and Onboard Administrator bays. Access to a server blade by a user depends on the privilege level assigned to the user account. If you select a user with Administrator ACL or OA permission, the page will grey out and disable access to the blade and interconnect permissions and select them all. In cases where HP SIM is used, Onboard Administrator can integrate with HP SIM and use HP SIM users to facilitate a single login from HP SIM into Onboard Administrator. For more information, see HP SIM integration (on page 211). Role-based user accounts Role-based user accounts on Onboard Administrator serve two purposes: to control the functions a user has access to on Onboard Administrator and to control permissions a temporary user account adopts on iLO when autologin is used. There are two major aspects of role-based user accounts on Onboard Administrator: bay permissions and a user privilege level. Bay permissions determine which bays the user is allowed to access. Bay permissions are selected during user account creation and allow access to specific device bays, interconnect bays, or Configuring the HP BladeSystem c7000 enclosure and enclosure devices 194
Onboard Administrator bays. The privilege level determines which administrative functions the user is allowed to perform. A user's privilege level can be administrator, operator, or user. A user with an administrator privilege level and with permission to the OA bays in the enclosure is automatically given full access to all bays and can perform any function on the enclosure or bays including managing user accounts and configuring the enclosure. An operator with permission to only the OA bays can configure the enclosure, but the operator cannot manage users or any security settings, nor access any other bays. A user with permission to the OA bays can view only configuration settings, but the user cannot change the settings. The user accounts can be created with multiple bay permissions, but the same privilege level, across those bays. User accounts configured to permit access to device bays can be created for server administrators. If the user logs into the Onboard Administrator, the user is given information on the permitted server bays. If the user selects the iLO from the Onboard Administrator web GUI, the user is automatically logged into that iLO using a temporary user account with their privilege level. iLO users with administrator privilege level have complete control including modifying user accounts. Operators have full control over the server power and consoles. Users have minimum read-only access to server information. Using this single-sign on feature greatly simplifies managing multiple servers from the Onboard Administrator web GUI. Permissions for interconnect modules are slightly different. Autologin is not supported for interconnect modules, and all user levels have access to the Management Console link for interconnect bays to which they have permission. Administrators and operators can use the virtual buttons from Onboard Administrator to control power and the UID light on the interconnect module. Users can view only status and information about the interconnect module. Examples The following are examples of management scenarios in a c-Class environment and the user accounts that can be created to provide the appropriate level of security. Scenario 1: A member of an organization needs to have full access to the servers in bays 1-8 to view logs, control power, and use the remote console. The user does not have clearance to manage any settings on Onboard Administrator. The user account to accomplish this security level has an administrator access level and permission to server bays 1-8. Thus, the user does not have permission to Onboard Administrator bays or any interconnect bay. Scenario 2: A member of an organization needs to manage ports on two interconnect modules in bays 3 and 4. This person needs to know which ports on the switch map to certain servers, but this person must not be able to manage any of the servers. The user account to accomplish this security level has a user access level, permission to all server bays, and permission to interconnect bays 3 and 4. However, this user is not able to control the power or UID LED for the interconnect modules or blades. To control the power or UID to the interconnect modules the user privilege would have to be an operator. To restrict this user from performing server operations such as power control or consoles, the account is restricted to just bay permissions for interconnect bays 3 and 4. Local Users New—Click New to add a new user to the selected enclosure. A maximum of 30 user accounts can be added including the reserved accounts. The Add Local User screen appears. Edit—Select a user (only one can be selected) by selecting the checkbox next to the name of the user. Click Edit to change the settings on the Edit Local User screen. Delete—Select a user or users to be deleted by selecting the checkbox next to the name of the user. Click Delete to remove the accounts. If an attempt is made to delete the last remaining Administrator account, you Configuring the HP BladeSystem c7000 enclosure and enclosure devices 195
Page 1 and 2:
HP BladeSystem Onboard Administrato
Page 3 and 4:
Contents Introduction .............
Page 5 and 6:
Boot Options tab ..................
Page 7 and 8:
Europe time zone settings .........
Page 9 and 10:
server iLO, interconnect management
Page 11 and 12:
If a protocol is disabled, then the
Page 13 and 14:
the KVM USB for keyboard and mouse
Page 15 and 16:
Option ROM settings. For the interc
Page 17 and 18:
If extended data is disabled on an
Page 19 and 20:
Using online help To access online
Page 21 and 22:
The Insight Display LCD panel allow
Page 23 and 24:
OA 3.60 Encryption Normal OA3.60 En
Page 25 and 26:
2. Slide the Onboard Administrator
Page 27 and 28:
Enclosure KVM Features The Enclosur
Page 29 and 30:
• Server Console—Select a serve
Page 31 and 32:
First Time Setup Wizard Before you
Page 33 and 34:
To update the rack topology informa
Page 35 and 36:
Rack and Enclosure Settings screen
Page 37 and 38:
Administrator Account Setup screen
Page 39 and 40:
For possible values and description
Page 41 and 42:
Knowing your network configuration
Page 43 and 44:
Use the LDAP Group Configuration sc
Page 45 and 46:
Field Possible value Description Se
Page 47 and 48:
Power Management screen IMPORTANT:
Page 49 and 50:
Mode Insight Display name Descripti
Page 51 and 52:
Navigating Onboard Administrator Na
Page 53 and 54:
Clicking the link for an individual
Page 55 and 56:
The following image shows the graph
Page 57 and 58:
Rack View Rack View screen The Rack
Page 59 and 60:
If the active mode is set for a sin
Page 61 and 62:
Row Description Enclosure Ambient T
Page 63 and 64:
Column Description Bay Model Manufa
Page 65 and 66:
Configuring the HP BladeSystem c700
Page 67 and 68:
To view the enclosure Status screen
Page 69 and 70:
Information Configuring the HP Blad
Page 71 and 72:
To change the state of the enclosur
Page 73 and 74:
o Fan removed o Power supply status
Page 75 and 76:
Disabled—Disables powerdelay for
Page 77 and 78:
Column Description Delay Click Appl
Page 79 and 80:
Enclosure TCP/IP settings IPv4 Sett
Page 81 and 82:
IPv6 Settings tab This screen displ
Page 83 and 84:
• Auto-Negotiate—Automatically
Page 85 and 86:
Below the Trusted Addresses field i
Page 87 and 88:
EBIPA assigns IP addresses for the
Page 89 and 90:
Column Description EBIPA Address Su
Page 91 and 92:
Enclosure Virtual Buttons tab To ch
Page 93 and 94:
Active to Standby DVD drive When a
Page 95 and 96:
in the list. If multiple media disk
Page 97 and 98:
The revert delay on the VLAN Settin
Page 99 and 100:
Adding, editing, and removing VLANs
Page 101 and 102:
To change the membership of a devic
Page 103 and 104:
HP Insight Remote Support Use the R
Page 105 and 106:
Insight Remote Support Service Even
Page 107 and 108:
Row Description Collection Click Se
Page 109 and 110:
Enclosure Firmware Management setti
Page 111 and 112:
updating the firmware management lo
Page 113 and 114:
• In the list of enclosures, the
Page 115 and 116:
Row Description Firmware Version Ha
Page 117 and 118:
Certificate Administration Informat
Page 119 and 120:
Certificate Request tab The Certifi
Page 121 and 122:
Certificate-signing request attribu
Page 123 and 124:
Force Downgrade—You must use this
Page 125 and 126:
• Enclosure Event 0x11: Fan Inser
Page 127 and 128:
• Enclosure Event 0x1203: Flash P
Page 129 and 130:
TCP/IP Settings for Standby Onboard
Page 131 and 132:
Row Description Version MD5 Fingerp
Page 133 and 134:
Field Possible values Description I
Page 135 and 136:
Button Description Momentary Press
Page 137 and 138:
Row Description Status Powered Powe
Page 139 and 140:
The Onboard Administrator provides
Page 141 and 142:
Row Description Bay Device Model Fi
Page 143 and 144: Row Description Serial Number (Logi
Page 145 and 146: Column Description iLO DVD Status D
Page 147 and 148: IML Log tab The IML Log tab display
Page 149 and 150: Diagnostic information is gathered
Page 151 and 152: Status tab Status information Row D
Page 153 and 154: Management Console Information prov
Page 155 and 156: Interconnect bays Interconnect Bay
Page 157 and 158: Click the Port Mapping Interconnect
Page 159 and 160: Interconnect Bay Virtual Buttons In
Page 161 and 162: Enclosure power management Power ma
Page 163 and 164: IMPORTANT: To change the power redu
Page 165 and 166: HP launched Power Capping technolog
Page 167 and 168: The Line Voltage value is used to p
Page 169 and 170: Row Description Present Power Enclo
Page 171 and 172: The Power Subsystem screen provides
Page 173 and 174: Fans and cooling management Fan zon
Page 175 and 176: Fan status Column Description Fan M
Page 177 and 178: Row Description Serial Number Diagn
Page 179 and 180: c3000 Enclosure fan location rules
Page 181 and 182: When a USB key is detected in the A
Page 183 and 184: If a Windows® installation CD is i
Page 185 and 186: You can eject media from the DVD dr
Page 187 and 188: Unattended OS deployment The Onboar
Page 189 and 190: You can initiate an unattended oper
Page 191 and 192: From the DVD Connection Status scre
Page 193: To view the progress of the unatten
Page 197 and 198: Field Possible value Description Pa
Page 199 and 200: Account classification Capabilities
Page 201 and 202: Field Possible value Description Se
Page 203 and 204: A failed test reports that the IP a
Page 205 and 206: Privilege level Field Possible valu
Page 207 and 208: Checkbox Description Onboard Admini
Page 209 and 210: Account classification Capabilities
Page 211 and 212: HP SIM integration HP BladeSystem O
Page 213 and 214: Using Enclosure Firmware Management
Page 215 and 216: 2. Select the Manual Update tab. 3.
Page 217 and 218: Logging Enclosure Firmware Manageme
Page 219 and 220: Server firmware Select Device Bays
Page 221 and 222: When Two-Factor Authentication is e
Page 223 and 224: administrator. If any sessions have
Page 225 and 226: Port mapping Device bay port mappin
Page 227 and 228: HP ProLiant BL680c G7 Servers Devic
Page 229 and 230: HP ProLiant BL2x220c G7 Server The
Page 231 and 232: In this diagram, N equals the numbe
Page 233 and 234: Device bay port mapping table for c
Page 235 and 236: Connection Port Number Connects to
Page 237 and 238: 12. Complete the remainder of the s
Page 239 and 240: Since none of the configured device
Page 241 and 242: Current enclosure inventory To view
Page 243 and 244: The iLO entry in the tree view is o
Page 245 and 246:
Troubleshooting Onboard Administrat
Page 247 and 248:
55 Getting the Onboard Administrato
Page 249 and 250:
137 The session could not be create
Page 251 and 252:
216 Firmware update in progress. Lo
Page 253 and 254:
285 Invalid remote server address 2
Page 255 and 256:
358 URB reporting using SMTP cannot
Page 257 and 258:
Resetting the Onboard Administrator
Page 259 and 260:
Enabling LDAP Directory Services Au
Page 261 and 262:
1. Click the Upload Certificate Tab
Page 263 and 264:
CZImiZPyLGQBGRYDY29tMRIwEAYKCZImiZP
Page 265 and 266:
o Test Operator o TestOperator@Doma
Page 267 and 268:
Time zone settings Africa time zone
Page 269 and 270:
Asia time zone settings IMPORTANT:
Page 271 and 272:
Europe/Belfast Europe/Lisbon Europe
Page 273 and 274:
Acronyms and abbreviations CA certi
Page 275 and 276:
SUV serial, USB, video TFTP Trivial
Page 277 and 278:
Index A AC redundant, lost 161 acce
Page 279 and 280:
power management planning 161 power
show all

HP BladeSystem Onboard Administrator User Guide - HP Business ...

Create successful ePaper yourself

Delete template?

Save as template?