Home » HP Manuals » Desktops » HP BladeSystem bc2000 » Manual Viewer

HP BladeSystem bc2000 Administrator's Guide HP Session Allocation Manager (HP - Page 66

Steps, Policies, User and Roles, Manage resource roles, Manage users, Security Group

View all HP BladeSystem bc2000 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 66 highlights

The HP SAM hierarchical policy has 5 levels: ● Global ● Role ● OU (organizational unit) ● Security Group ● User Steps: 1. Create or update the policy in the Policies tab. To update an existing policy, click the policy name hyperlink. 2. Assign the policy: ● to the role (User and Roles > Manage resource roles) ● to a user, OU, or Security Group (User and Roles > Manage users) HP SAM always creates the Global Policy. This policy applies to all user connections. The default sets the Auto Reconnect box to Off. This ensures multiple users do not attempt to log in to the same blade at the same time. When a network failure or something similar occurs, the user may unknowingly have been logged off that resource, depending on the network and AD group policy settings. HP SAM may allocate that computing resource to another user. If the auto-reconnect feature is turned on, the original user reconnects to this computing resource, which could potentially have been allocated to another person. If this is not a concern, then change Auto Reconnect to an appropriate value. Table 4-1 Effective Hierarchical Policy Example Parameter Global Role OU SG1 SG2 User Effective P1 ON Not Assigned Not Assigned Not Assigned Not Assigned Not Assigned ON 1P2 ON OFF Not Assigned Not Assigned Not Assigned Not Assigned OFF P3 ON OFF ON OFF Not Assigned Not Assigned OFF 2P4 ON/No OFF Not Assigned Not Assigned Not Assigned Not Assigned ON Overrides Allowed P5 ON/No OFF/No Not Assigned Not Assigned Not Assigned Not Assigned ON Overrides Overrides Allowed Allowed 3P6 ON OFF ON OFF ON Not Assigned OFF 1 The order of policy assignment is User (highest) > Security Group > OU > Role > Global Policy (lowest). Individual parameters assigned at the User level override parameters set at the Group level, and so forth. Note that Parameter P2 is set at ON at the Global level, but is overridden by the OFF setting at the higher Role level, leaving an effective setting of OFF. 2 No Overrides Allowed can be set at any level to prevent override by parameters set at higher levels. Note that the No Overrides Allowed setting ON for Parameter P4 at the lowest Global level overrides the OFF setting at the higher Role level. 3 At the Security Group level, HP SAM checks all Security Groups in alphanumeric order and uses the policy, if any, in the first Security Group encountered. Note that Security Group 1 is the first Security Group encountered, so the OFF setting for Security Group 1 leaves Parameter P6 with an effective setting of OFF, and the ON setting for Security Group 2 is ignored. 58 Chapter 4 Administration

Section	Page
Introduction	9
What's New in This Release	10
Multi-Level Administrator	10
Multi-Session – Role Assignment	11
Single Location Client Configuration	11
Blade Service Windows XP 64-bit	11
Blade Service PWS Workstation	11
USB Session Simplification	11
Reconnect All Button	11
Legal Banner	12
Window Position Enhancements (Easier Moves)	12
Global and Local Client Configuration Files	12
Ease of Multi-Display Deployment and Web Administrator Setup	13
User Resource Management Controls	14
Enhanced “Add New User” Searches	14
Key Features	14
Overview	15
How HP SAM Works	16
HP SAM Software Components	18
Remote Graphics Software (RGS)	18
Common Tasks	19
Setting up HP SAM	19
Setting up a User with a Dynamic Resource	20
Setting up a User with Static (Dedicated) Resources	21
Configuring a Monitor Layout for a User	22
Requirements	24
HP SAM Hardware and Software Requirements	24
HP SAM Web and SQL Server Requirements	24
HP SAM Web Server Hardware Requirements	24
HP SAM Web Server Software Requirements	24
HP SAM SQL Database Server Hardware Requirements	26
HP SAM SQL Database Server Software Requirements	30
HP SAM Registration Service Requirements	31
Access Device Requirements	31
Thin Client	31
Mobile Thin Client	32
Desktop or Notebook PC	32
Blade Workstation Clients	32
Personal Workstation Clients	32
Other requirements	33
Create a Service Account	33
Obtain Administrative Rights	33
Change the Firewall	33
Active Directory	33
Installation	34
Install the HP SAM Web Server and SQL Software	34
Grant Users HP SAM Administrator Access	36
Configure HP SAM System Settings	36
Install and Validate the HP SAM Registration Service Software	36
Install the HP SAM Registration Service	36
Create the HP SAM Registration Service Configuration File	37
[WebServerList]	38
[RolesList]	38
Start/Restart the HP SAM Registration Service	38
Test the HP SAM Registration Service	39
Install and Validate the HP SAM Client Software	39
Internet Explorer-Based Client	40
Windows XPe-Based Client	40
Customization Steps	41
Windows CE 5.0-Based Client	41
Customization Steps	41
HP Blade Workstation Client Series	42
Customization Steps	42
Configuration Settings	42
Options	42
Smart Card Settings	45
User Interface Customization Settings	45
Policy Entries	46
Deploy the HP SAM Registration Service to All HP SAM Computing Resources	49
Deploy HP SAM Client Software to All HP SAM Access Devices	49
Administration	51
Log In	51
General Navigation and User Interface Design	51
Display More (or Fewer) Items Per Page	51
Move Columns	51
Sort Result List	51
Select More Than One Item	51
Managing the HP SAM Administrator Access List	52
Add Individual Users to the HP SAM Administrator Group	52
Add Security Groups or Organizational Units to the HP SAM Administrator Group	52
Remove Users From the HP SAM Administrator Group	53
HP SAM Administrator Console Tabs	54
Home Tab	54
Users and Roles Tab	54
Manage Resource Roles	54
Manage Asset Groups	55
Manage Administrative Permissions	55
Manage Users	56
Operation	56
To Assign Attributes	56
To Assign Resources	57
To Assign Resources Manually	57
To Assign Resources Automatically from Template User	58
To Assign Resources Automatically from Role	59
To Assign and Configure a Monitor Layout for the User	59
To Change the Monitor Layout Configuration for the User	60
To Delete a Monitor Layout ID for the User	60
To Delete a User	60
Add New Users	60
To Grant Access to Individual Users	60
To Grant Access to Security Groups or Organization Units	61
Resources tab	61
Manage Resources	61
Auto Refresh Feature	62
View Details	62
Operations	62
Operations	62
Customize View	63
Manage Access Devices	63
To Add an Access Device Manually	63
To Change an Access Device	64
To Delete an Access Device	64
Manage Monitor Layout	64
To Create a Monitor Layout	64
To Modify a Monitor Layout	64
To Delete a Monitor Layout	64
Manage Data Centers	64
To Create a Data Center	65
To Change a Data Center	65
To Add Enclosures into a Data Center	65
To Delete Enclosures from a Data Center	65
To Delete a Data Center	65
Policies Tab	65
Create or Update a Policy	67
View Effective Policy	67
System Settings Tab	68
General	68
Web client	69
Active Directory	70
Synchronization Scheduler	71
Log Maintenance Scheduler	71
Licensing	72
Reports Tab	72
Resource Capacity Consumption Report	72
Filters	72
Display Options	72
Output Report	73
Resource Capacity Consumption Trend Report	73
Filters	73
Display Options	73
Output Report	74
Resource Utilization Report	74
Filters	74
Display Options	74
Output Report	75
Log Tab	75
Setting Up Smart Card Login on the Access Device	75
Firewall Rules	77
Web Server	77
Clients	77
Blade	77
SQL Server	78
Frequently Asked Questions	79
Registration Service Error Codes	82
Glossary	85

Match case Limit results 1 per page

The HP SAM hierarchical policy has 5 levels:

●

Global

●

Role

●

OU (organizational unit)

●

Security Group

●

User

Steps:

Create or update the policy in the

Policies

tab. To update an existing policy, click the policy name

hyperlink.

Assign the policy:

●

to the role (

User and Roles

Manage resource roles

)

●

HP SAM always creates the Global Policy. This policy applies to all user connections. The default sets

the Auto Reconnect box to Off. This ensures multiple users do not attempt to log in to the same blade

at the same time. When a network failure or something similar occurs, the user may unknowingly have

been logged off that resource, depending on the network and AD group policy settings. HP SAM may

allocate that computing resource to another user. If the auto-reconnect feature is turned on, the original

user reconnects to this computing resource, which could potentially have been allocated to another

person. If this is not a concern, then change Auto Reconnect to an appropriate value.

Table 4-1

Effective Hierarchical Policy Example

Parameter

Global

Role

SG1

SG2

User

Effective

Not Assigned

OFF

Not Assigned

OFF

Not Assigned

OFF

ON/No

Overrides

Allowed

OFF

Not Assigned

ON/No

Overrides

Allowed

OFF/No

Overrides

Allowed

Not Assigned

OFF

Not Assigned

OFF

The order of policy assignment is

User (highest) > Security Group > OU > Role > Global Policy (lowest)

. Individual

parameters assigned at the User level override parameters set at the Group level, and so forth. Note that Parameter P2 is set

at ON at the Global level, but is overridden by the OFF setting at the higher Role level, leaving an effective setting of OFF.

No Overrides Allowed

can be set at any level to prevent override by parameters set at higher levels. Note that the No

Overrides Allowed setting ON for Parameter P4 at the lowest Global level overrides the OFF setting at the higher Role level.

At the Security Group level, HP SAM checks all Security Groups in alphanumeric order and uses the policy, if any, in the first

Security Group encountered. Note that Security Group 1 is the first Security Group encountered, so the OFF setting for Security

Group 1 leaves Parameter P6 with an effective setting of OFF, and the ON setting for Security Group 2 is ignored.

Chapter 4

Administration

to a user, OU, or Security Group (

User and Roles

Manage users

)