HP BladeSystem Onboard Administrator User Guide - HP Business ...
HP BladeSystem Onboard Administrator User Guide - HP Business ...
HP BladeSystem Onboard Administrator User Guide - HP Business ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Onboard</strong> <strong>Administrator</strong> bays. The privilege level determines which administrative functions the user is<br />
allowed to perform. A user's privilege level can be administrator, operator, or user.<br />
A user with an administrator privilege level and with permission to the OA bays in the enclosure is<br />
automatically given full access to all bays and can perform any function on the enclosure or bays including<br />
managing user accounts and configuring the enclosure. An operator with permission to only the OA bays<br />
can configure the enclosure, but the operator cannot manage users or any security settings, nor access any<br />
other bays. A user with permission to the OA bays can view only configuration settings, but the user cannot<br />
change the settings. The user accounts can be created with multiple bay permissions, but the same privilege<br />
level, across those bays.<br />
<strong>User</strong> accounts configured to permit access to device bays can be created for server administrators. If the user<br />
logs into the <strong>Onboard</strong> <strong>Administrator</strong>, the user is given information on the permitted server bays. If the user<br />
selects the iLO from the <strong>Onboard</strong> <strong>Administrator</strong> web GUI, the user is automatically logged into that iLO using<br />
a temporary user account with their privilege level. iLO users with administrator privilege level have complete<br />
control including modifying user accounts. Operators have full control over the server power and consoles.<br />
<strong>User</strong>s have minimum read-only access to server information. Using this single-sign on feature greatly<br />
simplifies managing multiple servers from the <strong>Onboard</strong> <strong>Administrator</strong> web GUI.<br />
Permissions for interconnect modules are slightly different. Autologin is not supported for interconnect<br />
modules, and all user levels have access to the Management Console link for interconnect bays to which they<br />
have permission. <strong>Administrator</strong>s and operators can use the virtual buttons from <strong>Onboard</strong> <strong>Administrator</strong> to<br />
control power and the UID light on the interconnect module. <strong>User</strong>s can view only status and information about<br />
the interconnect module.<br />
Examples<br />
The following are examples of management scenarios in a c-Class environment and the user accounts that<br />
can be created to provide the appropriate level of security.<br />
Scenario 1: A member of an organization needs to have full access to the servers in bays 1-8 to view logs,<br />
control power, and use the remote console. The user does not have clearance to manage any settings on<br />
<strong>Onboard</strong> <strong>Administrator</strong>. The user account to accomplish this security level has an administrator access level<br />
and permission to server bays 1-8. Thus, the user does not have permission to <strong>Onboard</strong> <strong>Administrator</strong> bays<br />
or any interconnect bay.<br />
Scenario 2: A member of an organization needs to manage ports on two interconnect modules in bays 3 and<br />
4. This person needs to know which ports on the switch map to certain servers, but this person must not be<br />
able to manage any of the servers. The user account to accomplish this security level has a user access level,<br />
permission to all server bays, and permission to interconnect bays 3 and 4. However, this user is not able to<br />
control the power or UID LED for the interconnect modules or blades. To control the power or UID to the<br />
interconnect modules the user privilege would have to be an operator. To restrict this user from performing<br />
server operations such as power control or consoles, the account is restricted to just bay permissions for<br />
interconnect bays 3 and 4.<br />
Local <strong>User</strong>s<br />
New—Click New to add a new user to the selected enclosure. A maximum of 30 user accounts can be added<br />
including the reserved accounts. The Add Local <strong>User</strong> screen appears.<br />
Edit—Select a user (only one can be selected) by selecting the checkbox next to the name of the user. Click<br />
Edit to change the settings on the Edit Local <strong>User</strong> screen.<br />
Delete—Select a user or users to be deleted by selecting the checkbox next to the name of the user. Click<br />
Delete to remove the accounts. If an attempt is made to delete the last remaining <strong>Administrator</strong> account, you<br />
Configuring the <strong>HP</strong> <strong>BladeSystem</strong> c7000 enclosure and enclosure devices 195