17.4. Managing Lights-out Devices

Lights-Out devices typically are connected to the corporate network, which facilitates virtual private networking (VPN) remote access. However, certain considerations may dictate other networking configurations.

Lights-Out devices are accessed through a client browser using the IP address or DNS name of the device, as shown in Figure 17-5. When you access the device for the first time, a security certificate dialog box displays. You must agree to proceed or install the certificate to log on to the device.

Figure 17-5. Lights-Out Status Summary home page.

When you log on to a Lights-Out device, a navigation frame and the Status Summary home page displays.

The navigation frame on the left side of the screen displays at all times during a session, except when the remote console is displayed in full-screen view. This frame contains functional categories and hyperlinks to functions within each category.

17.4.1 Configuring the Management Client

Performance improves on the management client if the Lights-Out device is accessed using a supported browser.

For the most recent list of supported browsers, go to http://www.hp.com/servers/manage.

The settings on the remote server determine the performance of the graphical remote console for iLO and RILOE II. The remote server operating system resolution should be the same resolution or smaller than the management client. The higher the resolution on the remote server, the slower the overall performance becomes. For best results, use the following settings on the management client:

• Set the colors option to at least 256 colors.

• Select a screen area higher than the resolution of the host server operating system.

• Set the mouse motion speed to the middle setting.

• Set the mouse motion acceleration setting to Low or None.

17.4.2 User Settings and Administration

Each user can be assigned a different access level. A user can have supervisor status with the ability to create, modify, or delete other users. Users without supervisor status can be denied access to the remote console and remote reset features of the board.

17.4.2.1 ILO AND RILOE II USER SETTINGS DIFFERENCES

iLO supports up to 12 users, whereas RILOE II can support up to 25 users. The following table lists the user settings associated with each Lights-Out device.

17.4.3 RILOE II Group Administration

You can manage multiple RILOE II devices through Insight Manager. Four components are required for group administration:

• Remote Insight Board Command Language (RIBCL)

• HP Lights-Out Configuration Utility (cpqlocfg.exe)

• Query definition in Insight Manager

• Application launch

Insight Manager uses the Lights-Out Configuration Utility to send a RIBCL file to a group of RILOE II devices. The devices perform the action designated by the RIBCL file and send a response to a log file.

The Lights-Out Configuration Utility must reside on the same server as Insight Manager; however, it can be used through either Insight Manager or the batching process.

Download the Lights-Out Configuration Utility from http://www.hp.com/servers/manage.

The following statement illustrates the cpqlocfg.exe command line and switches:

 cpqlocfg.exe  s server_name  f c:/ribclfile.txt  l c:/logfile.txt  v 

Where

• -s denotes the RILOE II board to be updated.

• -f provides the location and name of the RIBCL file.

• -l defines the path and filename of the log file to be generated. When this switch is omitted, the file is stored in the directory where cpqlocfg.exe is launched and the log filename is the DNS name or IP address.

• -v enables the verbose messaging system.

• -c checks the XML syntax, but does not open a connection to the board.

The Lights-Out Configuration Utility generates two types of error messages: runtime and syntax. Runtime errors occur when an invalid action is requested. Syntax errors occur when an invalid XML tag is encountered. This interrupts the utility, and the runtime script error is logged in the output log file.

An example of a syntax error is as follows:

 expected USER_LOGIN=userlogin but found USER_NAME=username 

Supported Lights-Out Configuration Utility functions include the following:

• Add, modify, or delete a user

• View user configuration information

• Modify network settings

• Modify global settings

• Clear the RILOE II event log

• View firmware version

• Update firmware

• Obtain and set virtual floppy status

• Insert, copy, and eject a virtual floppy image

• Configure remote console hot-key settings

• Obtain and set virtual power status

• Obtain the server power status

• Reset the server

17.4.4 Global Settings

Global settings on Lights-Out devices enable you to do the following:

• Set the amount of time a session can remain idle before being terminated.

• Control access to the RBUS. If access is enabled, any user with physical access to the host server can run the utility and modify settings.

• Modify the port setting that provides access to the Web-based interface of the Lights-Out device.

• Modify the port setting that provides secure access to the Web-based interface of the Lights-Out device.

• Modify the port setting for remote console communications with the host server through the Lights-Out device.

17.4.4.1 ILO GLOBAL SETTINGS

The iLO global settings page also includes the following security settings:

• Enable Lights-Out Functionality The option to enable and disable iLO functionality.

  Note

  If you disable iLO functionality, you must set the iLO Security Override switch on the host server to re-enable functionality.

  
  

• Virtual Media Port The ability to modify the port setting for iLO virtual media. This modification may be necessary if another application uses the same port or to minimize the number of open ports on a firewall.

• Minimum Password Length Allows you to change the minimum number of characters allowed for a user password. The character length can range from 0 to 39.

Note

If zero is the set minimum length, a blank password will be acceptable. Note that this will subject the host server to many security vulnerabilities.

17.4.4.2 RILOE II GLOBAL SETTINGS

The RILOE II global settings page also includes the following security settings:

• Emergency Management Services Disables EMS console functionality.

• Bypass Reporting of External Power Cable Prevents a degraded status from being reported in Insight Manager when the external power cable is not attached.

• Remote Console Port Configuration Modifies the default port setting, 23, generally used for Telnet. However, popular port numbers are vulnerable to port scans, which can be used for nefarious purposes.

• Remote Access with Pocket PC Enables wireless or dial-up access from a handheld device.

• Remote Console Data Encryption Disables data encryption for Telnet access. Telnet does not support encryption.

• SSL Encryption Strength Designates the encryption level required to access the Lights-Out device through a browser interface. Some client browsers do not support 128-bit encryption.

• Current Cipher Displays the encryption algorithm currently being used to protect data during transmission between your browser and RILOE II.

• Host Keyboard Enables or disables the keyboard on the host server.

• Level of Data Returned Associates management processors with servers and controls the amount of information returned to Insight Manager:

  • High All data related to the host server displays on the summary page for the Lights-Out device in Insight Manager.

  • Medium Summary page includes less detail.

  • Low Server and management processor are listed as separate entities in the device list if SNMP pass-through is not supported.

  • None No data is sent to Insight Manager.

The following table lists the information associated with each data level.