HP Ilo 2 User Guide
Here you can view all the pages of manual HP Ilo 2 User Guide. The HP manuals for Server are available online for free. You can easily download all the documents as PDF.
Page 131
Advantagesanddisadvantagesofschema-freedirectoriesandHPschema directory Directoriesenhancesecurity,enablingyoutomanageaccessandrightsfromacentralizedlocation. Directoriesalsoenableflexibleconfiguration.Somedirectoryconfigurationpracticesworkbetter withiLO2thanothers.BeforeconfiguringiLO2fordirectories,youmustdecidewhethertouse theschema-freedirectoryortheHPschemadirectoryintegrationmethods.Answerthefollowing questionstohelpevaluateyourdirectoryintegrationrequirements:...
Page 132
adminnamedUser1;youcancopythedistinguishednameofthedomainadminsecurity groupovertoiLO2andgiveitfullprivileges.User1wouldthenhaveaccesstoiLO2. Disadvantagesofusingschema-freedirectoryintegration •SupportsonlyMicrosoftActiveDirectory •GroupprivilegesareadministeredoneachiLO2.However,thisdisadvantageisminimized bygroupprivilegesrarelychanging,andthetaskofchanginggroupmembershipis administeredinthedirectoryandnotoneachseparateiLO2.HPprovidestoolsthatenable changestoalargenumberofiLO2tobemadeatthesametime....
Page 133
7.Acceptthedefaultlocationsofthecertificatedatabaseandthedatabaselog.ClickNext. 8.Browsetothec:\I386folderwhenpromptedfortheWindows2000AdvancedServerCD. 9.ClickFinishtoclosethewizard. Verifyingcertificateservices BecausemanagementprocessorscommunicatewithActiveDirectoryusingSSL,youmustcreate acertificateorinstallCertificateServices.YoumustinstallanenterpriseCAbecauseyouareissuing certificatestoobjectswithinyourorganizationaldomain....
Page 134
1.Downloadandreviewthescriptingandcommandlineresourceguide athttp://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp? contentType=SupportManual&lang=en&cc=us&docIndexId=64179&taskId=135& prodTypeId=18964&prodSeriesId=1146658. 2.WriteascriptthatconfiguresiLO2forschema-freedirectoriessupportandrunit.Thefollowing scriptcanbeusedasatemplate. Schema-freeHPLOMIG-basedsetup HPLOMIGistheeasiestwaytosetupalargenumberofLOMprocessorsfordirectories.Touse...
Page 135
BetterLoginFlexibility •Inadditiontotheminimumsettings,enteratleastonedirectoryusercontext. Atlogintime,theloginnameandusercontextarecombinedtomaketheuser'sdistinguished name.Forinstance,iftheuserlogsinasJOHN.SMITHandausercontextissetupas CN=USERS,DC=HP,DC=COM,thenthedistinguishednamethatiLO2triesis CN=JOHN.SMITH,CN=USERS,DC=HP,DC=COM. MaximumLoginFlexibility •ConfigureiLO2asdescribed. •ConfigureiLO2withaDNSname,notanIPaddressforthedirectoryserver'snetworkaddress....
Page 136
SettingupHPschemadirectoryintegration WhenusingtheHPschemadirectoryintegration,iLO2supportsbothActiveDirectoryand eDirectory.However,thesedirectoryservicesrequiretheschemabeingextended. FeaturessupportedbyHPschemadirectoryintegration iLO2DirectoryServicesfunctionalityenablesyouto: •Authenticateusersfromashared,consolidated,scalableuserdatabase. •Controluserprivileges(authorization)usingthedirectoryservice. •Userolesinthedirectoryserviceforgroup-leveladministrationofiLO2managementprocessors andiLO2users....
Page 137
Formoreinformationonmanagingthedirectoryservice,see“Directory-enabledremote management”(page156).Examplesareavailablein“DirectoryservicesforActiveDirectory” (page140)and“DirectoryservicesforeDirectory”(page149). 5.Handleexceptions •Lights-OutmigrationutilitiesareeasiertousewithasingleLights-Outrole.Ifyouplanto createmultiplerolesinthedirectory,youmightneedtousedirectoryscriptingutilities, likeLDIFDEorVBscript,tocreatecomplexroleassociations.Formoreinformation,see “Usingbulkimporttools”(page162)....
Page 138
Schemarequiredsoftware iLO2requiresspecificsoftware,whichwillextendtheschemaandprovidesnap-instomanage theiLO2network.AnHPSmartComponentisavailablefordownloadthatcontainstheschema installerandthemanagementsnap-ininstaller.TheHPSmartComponentcanbedownloaded fromtheHPwebsiteathttp://www.hp.com/servers/lights-out. YoucannotruntheschemainstalleronadomaincontrollerthathostsWindowsServer2008Core. WindowsServer2008CoredoesnotuseaGUI(forsecurityandperformancereasons).Touse...
Page 139
NOTE:ExtendingtheschemaonActiveDirectoryrequiresthattheuserbeanauthenticated SchemaAdministrator,theschemaisnotwriteprotected,andthedirectoryistheFSMOroleowner inthetree.TheinstallerwillattempttomakethetargetdirectoryservertheFSMOSchemaMaster oftheforest. TogetwriteaccesstotheschemaonWindows2000requiresachangetotheregistrysafety interlock.IftheuserselectstheActiveDirectoryoption,theschemaextenderwillattempttomake theregistrychange.Itwillonlysucceediftheuserhasrightstodothis.Writeaccesstotheschema...
Page 140
Managementsnap-ininstaller Themanagementsnap-ininstallerinstallsthesnap-insrequiredtomanageiLO2objectsina MicrosoftActiveDirectoryUsersandComputersdirectoryorNovellConsoleOnedirectory. iLO2snap-insareusedtoperformthefollowingtasksincreatinganiLO2directory: •CreatingandmanagingtheiLO2androleobjects(policyobjectswillbesupportedatalater date). •MakingtheassociationsbetweeniLO2objectsandtherole(orpolicy)objects. DirectoryservicesforActiveDirectory...