HP Ilo 3 User Guide
Have a look at the manual HP Ilo 3 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Figure93NewIP/MaskRestrictionwindow LightsOutManagementtab Afteryoucreatearole,youcanselectrightsfortherole.Youcanmakeusersandgroupobjects membersoftherole,givingtheusersorgroupofuserstherightsgrantedbytherole.Rightsare managedontheLightsOutManagementtab(Figure94). UserrightstoanyiLOarecalculatedasthesumofallrightsassignedbyallrolesinwhichtheuser isamember,andinwhichtheiLOisamanageddevice.Usingtheexamplein“Creatingand configuringdirectoryobjectsforusewithiLOinActiveDirectory”(page176),ifauserisinboth theremoteAdminsandremoteMonitorsroles,theywillhaveallavailablerights,becausethe remoteAdminsrolehasallrights. Figure94LightsOutManagementtab Theavailablerightsareasfollows: •Login—Controlswhetheruserscanlogintotheassociateddevices. •RemoteConsole—EnablestheusertoaccesstheRemoteConsole. SettingupHPextendedschemadirectoryintegration181
•VirtualMedia—EnablestheusertoaccesstheiLOVirtualMediafunctionality. •ServerResetandPower—EnablestheusertoaccesstheiLOVirtualPowerbuttontoremotely resettheserverorpoweritdown. •AdministerLocalUserAccounts—Enablestheusertoadministeraccounts.Userscanmodify theiraccountsettings,modifyotheruseraccountsettings,addusers,anddeleteusers. •AdministerLocalDeviceSettings—EnablestheusertoconfiguretheiLOmanagementprocessor settings. DirectoryservicesforeDirectory Thefollowingsectionsprovideinstallationprerequisites,preparationinstructions,andaworking exampleofdirectoryservicesforeDirectory. eDirectoryinstallationprerequisites DirectoryservicesforiLOusesLDAPoverSSLtocommunicatewiththedirectoryservers.iLO softwareisdesignedtobeinstalledinaneDirectoryversion8.6.1(andlater)tree.HPdoesnot recommendinstallingthisproductifyouhaveeDirectoryserverswithaversionearlierthaneDirectory 8.6.1. Beforeyouinstallsnap-insandschemaextensionsforeDirectory,youmustreadandhaveavailable thefollowingtechnicaldocuments,availablefromtheNovellTechnicalSupportwebsiteathttp:// support.novell.com. InstallingdirectoryservicesforiLOrequiresextendingtheeDirectoryschema.Anadministrator mustcompletethetaskofextendingtheschema.Formoreinformation,seethefollowingNovell documents: •TID10057565Unknownobjectsinamixedenvironment •TID10059954HowtotestwhetherLDAPisworkingcorrectly •TID10023209HowtoconfigureLDAPforSSL(secure)connections •TID10075010HowtotestLDAPauthentication Snap-ininstallationandinitializationforeDirectory Thefollowingsectionprovidesinstructionsforusingthesnap-ininstallationapplication. NOTE:Afteryouinstallthesnap-ins,youmustrestartConsoleOneandMMCtoshowthenew entries. Example:CreatingandconfiguringdirectoryobjectsforusewithiLOdevicesineDirectory ThisexampleshowshowtosetuprolesandHPdevicesinacompanycalledsamplecorp,which consistoftworegions,region1andregion2. AssumesamplecorphasanenterprisedirectoryasshowninFigure95(page183). 182Directoryservices
Figure95Directoryobjectssample 1.Createorganizationalunitsineachregion. EachorganizationalunitmustcontaintheLOMdevicesandrolesspecifictothatregion. Inthisexample,twoorganizationalunitsarecreated,rolesandhpdevices,ineach organizationalunit,region1andregion2. 2.CreateLOMobjectsinthehpdevicesorganizationalunitsforseveraliLOdevicesbyusing theHP-providedConsoleOnesnap-intool: a.Right-clickhpdevicesinregion1,andthenselectNew→Object. b.SelecthpqTargetfromthelistofclasses,andthenclickOK. c.EnteranappropriatenameandsurnameintheNewhpqTargetdialogbox,andthen clickOK. Inthisexample,theDNShostnameoftheiLOdevice,rib-email-server,isusedas thenameoftheLOMobject,andthesurnameisRILOEII. TheSelectObjectSubtypedialogboxopens(Figure96). SettingupHPextendedschemadirectoryintegration183
Figure96SelectObjectSubtypewindow d.SelectLightsOutManagementDevice,andthenclickOK. e.RepeatStep2.athroughStep2.dtocreatethefollowingLOMobjects: •Createrib-nntp-serverandrib-file-server-users1inhpdevicesunderregion1 •Createrib-file-server-users2andrib-app-serverinhpdevicesunderregion2. 3.CreateHProleobjectsintherolesorganizationalunitsbyusingtheHP-providedConsoleOne snap-intool: a.Right-clicktherolesorganizationalunitinregion2,andthenselectNew→Object. b.SelecthpqRolefromthelistofclasses,andthenclickOK. c.EnteranappropriatenameintheNewhpqRoledialogbox,andthenclickOK. Inthisexample,therolecontainsuserstrustedforremoteserveradministrationandis namedremoteAdmins. TheSelectObjectSubtypedialogboxopens. d.SelectLightsOutManagementDevicesfromthelistbecausethisrolemanagestherights toLights-OutManagementdevices,andthenclickOK. e.RepeatStep3.athroughStep3.dtocreatethefollowingroleobjects: •CreateremoteMonitors,inrolesinregion1. •CreateremoteAdminsandremoteMonitorsinrolesinregion2. 4.Assignrightstotherolesandassociatetheroleswithusersanddevicesbyusingthe HP-providedConsoleOnesnap-intool: a.Right-clicktheremoteAdminsroleinrolesinregion1,andthenselectProperties. b.SelecttheHPManagement→RoleManagedDevicestab(Figure98),andthenclickAdd. TheSelectObjectSubtypedialogboxopens. c.IntheSelectObjectSubtypedialogbox,browsetohpdevicesinregion1.Selectthethree LOMobjectscreatedinStep2. d.ClickOK,andthenclickApply. 184Directoryservices
e.ClicktheMemberstab(Figure99)andadduserstotherolebyclickingtheAddbutton ontheSelectObjectsdialogbox. Devicesandusersarenowassociated. f.SelecttheHPManagement→LightsOutManagementDeviceRightstab(Figure97 (page185). Figure97Propertieswindow g.Settherightsfortherole,andthenclickApply.ClickClosetoclosethePropertieswindow. Inthisexample,theusersintheremoteAdminsrolereceivefullaccesstotheiLO functionality. AlluserswithintherolehavetherightsassignedtotheroleonalliLOdevicesthatthe rolemanages. 5.UsingtheprocedureinStep4,editthepropertiesoftheremoteMonitorsrole: a.AddthethreeLOMobjectsinhpdevicesinregion1totheManagedDeviceslistonthe HPManagement→RoleManagedDevicestab(Figure98). b.AdduserstotheremoteMonitorsrolebyusingtheMemberstab(Figure99). c.AssigntheLoginrighttotheremoteMonitorsrolebyusingtheHPManagement→Lights OutManagementDeviceRightstab. MembersoftheremoteMonitorsrolewillbeabletoauthenticateandviewtheserver status. 6.ToconfigureaLOMdeviceandassociateitwithaLOMobjectusedinthisexample,use settingssimilartothefollowingontheDirectorySettingspage. LOM Object Distinguished Name = cn=rib-email-server,ou=hp devices,ou=region1,o=samplecorp Directory User Context 1 = ou=users,o=samplecorp NOTE:Commas,notperiods,areusedinLDAPDNstoseparateeachcomponent. SettingupHPextendedschemadirectoryintegration185
DirectoryservicesobjectsforeDirectory Oneofthekeystodirectory-basedmanagementispropervirtualizationofthemanageddevices inthedirectoryservice.Thisvirtualizationallowstheadministratortobuildrelationshipsbetween themanageddeviceandusersorgroupswithinthedirectoryservice.UsermanagementofiLO requiresthefollowingbasicobjectsinthedirectoryservice: •Lights-OutManagementobject •Roleobject •Userobjects Eachobjectrepresentsadevice,user,orrelationshipthatisrequiredfordirectory-based management. ThefollowingsectionsdiscusstheadditionalmanagementoptionsavailableintheConsoleOne snap-intoolaftertheHPsnap-insareinstalled. RoleManagedDevices TheHPManagement→RoleManagedDevicestab(Figure98(page186))isusedtoaddHPdevices tobemanagedwithinarole.ClickingAddallowsyoutobrowsetoanHPdeviceandadditas amanageddevice. Figure98RoleManagedDevicestab Memberstab Afteruserobjectsarecreated,theMemberstaballowsyoutomanagetheuserswithintherole. •ClickAddtoopentheSelectObjectswindow(Figure99),whichenablesyoutobrowseto theuserthatyouwanttoadd. 186Directoryservices
Figure99SelectObjectsdialogbox •Toremoveauser,selecttheusername,andthenclickDelete. RoleRestrictionstab TheRoleRestrictionstab(Figure100)allowsyoutosetthefollowingloginrestrictionsfortherole: •Timerestrictions •IPnetworkaddressrestrictions: IP/mask◦ ◦IPrange •DNSname SettingupHPextendedschemadirectoryintegration187
Figure100RoleRestrictionstab Timerestrictions Youcanmanagethehoursavailableforlogonbymembersoftherolebyusingthetimegrid displayedontheRoleRestrictionstab.Youcanselectthetimesavailableforlogonforeachday oftheweek,inhalf-hourincrements.Youcanchangeasinglesquarebyclickingit,orasection ofsquaresbyclickingandholdingthemousebutton,draggingthecursoracrossthesquaresto bechanged,andreleasingthemousebutton.Thedefaultsettingistoallowaccessatalltimes. EnforcedclientIPaddressorDNSnameaccess AccesscanbegrantedordeniedtoanIPaddress,IPaddressrange,orDNSname. 1.FromtheByDefaultlist,specifywhethertoAlloworDenyaccessfromalladdresses,except thespecifiedIPaddresses,IPaddressranges,andDNSnames. 2.Selecttheaddressestobeadded,selectthetypeofrestriction,andthenclickAdd. 3.IntheAddNewRestrictiondialogbox,entertheinformation,andthenclickOK,asshownin Figure101(page189). TheDNSNameoptionallowsyoutorestrictaccessbasedonasingleDNSnameora subdomain,enteredintheformofhost.company.comor*.domain.company.com. 4.ClickApplytosavethechanges. Toremoveanyoftheentries,highlighttheentryinthedisplaylistandclickDelete. 188Directoryservices
Figure101AddNewRestrictiondialogbox eDirectoryLights-OutManagement Afteryoucreatearole,youcanselectrightsfortherole.Youcanmakeusersandgroupobjects membersoftherole,givingthemtherightsgrantedbytherole.RightsaremanagedontheLights OutManagementDeviceRightsoptionoftheHPManagementtab(Figure102). Figure102LightsOutManagementDeviceRightstab Theavailablerightsareasfollows: •Login—Controlswhetheruserscanlogintotheassociateddevices. Loginaccesscanbeusedtocreateauserwhoisaserviceproviderandwhoreceivesalerts fromiLObutdoesnothaveloginaccesstoiLO. •RemoteConsole—EnablestheusertoaccesstheRemoteConsole. SettingupHPextendedschemadirectoryintegration189
•VirtualMedia—EnablestheusertoaccesstheiLOVirtualMediafunctionality. •ServerResetandPower—EnablestheusertoaccesstheiLOVirtualPowerbuttontoremotely resettheserverorpoweritdown. •AdministerLocalUserAccounts—Enablestheusertoadministeraccounts.Userscanmodify theiraccountsettings,modifyotheruseraccountsettings,addusers,anddeleteusers. •AdministerLocalDeviceSettings—EnablestheusertoconfiguretheiLOmanagementprocessor settings. UserrightstoanyLOMdevicearecalculatedasthesumofallrightsassignedbyallrolesinwhich theuserisamember,andinwhichtheiLOdeviceisamanageddevice.Usingtheexamplein “Example:CreatingandconfiguringdirectoryobjectsforusewithiLOdevicesineDirectory” (page182),ifauserisinboththeremoteAdminsandremoteMonitorsroles,theuserwillhaveall rights,becausetheremoteAdminsrolehasallrights. Userloginusingdirectoryservices TheLoginNameboxontheiLOloginpageacceptsdirectoryusersandlocalusers. Themaximumlengthoftheloginnameis39charactersforlocalusersand256charactersfor directoryusers. •Directoryusers—Thefollowingformatsaresupported: LDAPfullydistinguishednames Example:CN=John Smith,CN=Users,DC=HP,DC=COM,[email protected] ◦ Theshortformoftheloginnamedoesnotnotifythedirectorywhichdomainyouare tryingtoaccess.YoumustprovidethedomainnameorusetheLDAPDNofyouraccount. ◦DOMAIN\user nameform(ActiveDirectoryonly) Example:HP\jsmith ◦username@domainform(ActiveDirectoryonly) Example:[email protected] Directoryusersspecifiedusingthe@searchableformmightbelocatedinoneofthree searchablecontexts,whichareconfiguredontheSecurity→Directorypage. ◦Usernameformat Example:JohnSmith Directoryusersspecifiedusingtheusernameformatmightbelocatedinoneofthree searchablecontexts,whichareconfiguredontheSecurity→Directorypage. •Localusers—EntertheLoginNameofyouriLOlocaluseraccount. Directory-enabledremotemanagement ThissectionisforadministratorswhoarefamiliarwithdirectoryservicesandtheiLOproductand wanttousetheHPschemadirectoryintegrationoptionforiLO.Youmustbefamiliarwithdirectory services. Directory-enabledremotemanagementenablesyoutodothefollowing: •CreateLights-OutManagementobjects YoumustcreateoneLOMdeviceobjecttorepresenteachdevicethatwillusethedirectory servicetoauthenticateandauthorizeusers.ForinformationoncreatingLOMdeviceobjects forActiveDirectoryandeDirectory,see“Directoryservices”(page160).Ingeneral,youcan usethesnap-insthatHPhasprovidedtocreateobjects.ItisusefultogivetheLOMdevice 190Directoryservices