Home » HP Manuals » Tower Cases » HP BladeSystem c7000 » Manual Viewer

HP BladeSystem c7000 HP BladeSystem Onboard Administrator User Guide - Page 231

Managing users, Users/Authentication, User roles and privilege levels, Role-based user accounts - firmware update procedure

View all HP BladeSystem c7000 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 231 highlights

Managing users Users/Authentication This section explains the levels of user rights recognized by the HP BladeSystem Onboard Administrator and provides detailed procedures to configure the management functionalities provided by the Onboard Administrator. The Users/Authentication menu item cannot be selected and does not display overview information for user accounts or settings. Instead, select any of the sublevel menu items for specific settings. User roles and privilege levels Within the Users/Authentication category of HP BladeSystem Onboard Administrator, you can access the Local Users subcategory. In this subcategory, you can create user accounts that individuals use to log in to the HP Onboard Administrator, and have a username, password, and typically contact information. Users can have one of three privilege levels: • ADMINISTRATOR allows access to all aspects of the HP BladeSystem Onboard Administrator including configuration, firmware updates, user management, and resetting default settings. • OPERATOR allows access to all information, but only certain configuration settings can be changed. This account is used for individuals who might be required to periodically change configuration settings. • USER allows access to all information, but no changes can be made within HP BladeSystem Onboard Administrator. This account is used for individuals who need to see the configuration of the HP BladeSystem Onboard Administrator but do not need the ability to change settings. The privilege level approach of HP BladeSystem Onboard Administrator to user permissions facilitates the maintenance of server blade bays. This approach operates according to the following principles: • Users are assigned privilege levels in User Management. • A user can have access to any combination of device bays, interconnect bays, and Onboard Administrator bays. Access to a server blade by a user depends on the privilege level assigned to the user account. If you select a user with Administrator ACL or OA permission, the page will grey out and disable access to the blade and interconnect permissions and select them all. In cases where HP SIM is used, Onboard Administrator can integrate with HP SIM and use HP SIM users to facilitate a single login from HP SIM into Onboard Administrator. For more information, see HP SIM integration. Role-based user accounts Role-based user accounts on Onboard Administrator serve two purposes: to control the functions a user has access to on Onboard Administrator and to control permissions a temporary user account adopts on iLO when autologin is used. There are two major aspects of role-based user accounts on Onboard Administrator: bay permissions and a user privilege level. Bay permissions determine which bays the user is allowed to access. Bay permissions are selected during user account creation and allow access to specific device bays, interconnect bays, or Configuring the HP BladeSystem c7000 enclosure and enclosure devices 231

Section	Page
HP BladeSystem Onboard Administrator User Guide	1
Abstract	1
Notice	2
Contents	3
Introduction	8
Overview	8
Access requirements	10
Onboard Administrator overview	11
Detecting component insertion and removal	11
Identifying components	11
Managing power and cooling	12
Controlling components	12
Interfaces	12
Onboard Administrator user interfaces	13
Onboard Administrator authentication	13
Running Onboard Administrator for the first time	14
Signing in to the Onboard Administrator GUI	15
Flash disaster recovery	17
Running the setup wizard	18
Using online help	19
Changing enclosure and device configurations	19
Recovering the administrator password	19
Security considerations	20
BladeSystem network architecture overview	20
Recommended security best practices	21
Network ports	22
Default FIPS MODE settings compared to STRONG ENCRYPTION	22
HP BladeSystem c7000 Enclosure hardware installation	24
Installing Onboard Administrator modules	24
HP BladeSystem Onboard Administrator cabling	25
HP BladeSystem Insight Display	27
HP BladeSystem c7000 2-inch Insight Display components	27
HP BladeSystem c3000 and c7000 3-inch Insight Display components	28
Insight Display overview	28
Accessing the HP BladeSystem c3000 Insight Display	29
Running the Insight Display installation	30
Navigating the Insight Display	35
Health Summary screen	36
Enclosure Settings screen	37
Enclosure Info screen	38
Blade and Port Info screen	39
Turn Enclosure UID On/Off screen	40
View User Note screen	42
Chat Mode screen	42
USB Menu screen	43
KVM Menu screen	44
Insight Display errors	44
Power errors	45
Cooling errors	45
Location errors	45
Configuration errors	45
Device failure errors	46
Enclosure KVM	47
Features	47
First Time Setup Wizard	52
Before you begin	52
Signing in to Onboard Administrator	52
User Preferences	53
FIPS	54
Enclosure Selection screen	55
Configuration Management screen	56
Rack and Enclosure Settings screen	57
Administrator Account Setup screen	59
Local User Accounts screen	60
Enclosure Bay IP addressing	61
Directory Groups Configuration screen	67
Directory Settings screen	68
Onboard Administrator Network Settings screen	69
Enclosure SNMP Settings screen	71
Power Management screen	72
Finish	75
Navigating Onboard Administrator	76
Navigation overview	76
Tree view	76
Graphical view navigation	79
Rack View	82
Rack View screen	82
Topology modes	83
Rack Topology tab	84
Rack Power and Thermal tab	85
Rack Firmware Summary tab	87
Configuring the HP BladeSystem c7000 enclosure and enclosure devices	90
Viewing the status screens	90
Enclosure settings	91
Selecting enclosures	91
Enclosure Settings screen	91
AlertMail	95
Device Power Sequence Device Bays tabs	98
Device Power Sequence Interconnect Bays tab	100
Date and Time	101
Enclosure TCP/IP settings	103
IPv4 Settings tab	103
IPv6 Settings tab	105
NIC Options tab	106
Advanced Settings tab	107
Network access	107
Protocol restrictions	107
Login Banner	108
Trusted Hosts	108
Anonymous Data	109
FIPS tab	109
Clear VC Mode	110
Link Loss Failover	110
SNMP Settings	111
Enclosure Bay IP Addressing	115
EBIPA for IPv4	117
EBIPA for IPv6	120
Enclosure Virtual Buttons tab	122
Device Summary	122
Active to Standby	124
DVD drive	124
VLAN Configuration	126
VLAN settings	127
Adding, editing, and removing VLANs	130
Configuring devices	131
Active Health System	133
HP Insight Remote Support	134
Data Collected by Insight Remote Support	134
Prerequisites	135
Registering for Insight Remote Support	135
Unregistering from Insight Remote Support	136
Insight Remote Support Service Events	136
Insight Remote Support Data Collections	137
Data collection information	137
Enclosure Firmware Management	138
Enclosure Firmware Management settings	139
Enabling Enclosure Firmware Management	139
Configuring the location of the firmware image	139
Enabling force downgrades	139
Power policy	140
Required user permissions	140
Update policy	140
Scheduled firmware update	141
Manual update and discovery	141
Bays to include	141
Managing enclosures	142
Powering off the enclosure	142
Linking enclosures	142
Managing multiple enclosures	142
Active Onboard Administrator Module	144
Active Onboard Administrator screen	144
Status and Information tab	144
Active Onboard Administrator Virtual Buttons tab	145
TCP/IP Settings screen	146
Certificate Administration Information tab	147
Certificate Request tab	149
Certificate Upload tab	151
Firmware update	152
Language Pack tab	154
System log	155
Log Options tab	158
Standby Onboard Administrator Module	160
Standby Onboard Administrator screen	160
TCP/IP Settings for Standby Onboard Administrator	160
Standby Onboard Administrator Virtual Buttons tab	161
Standby Onboard Administrator Certificate Administration Information tab	162
Standby Certificate Request tab	163
Standby Certificate Upload tab	165
Device bays	166
Device Bay Overview screen	166
Device Bay Status tab	168
Port Mapping Information	172
Firmware	173
Server blade information tab	175
Server blade virtual devices tab	177
Boot Options tab	178
IML Log tab	180
Storage blades	180
I/O expansion blade information	183
I/O expansion blade information tab	185
I/O expansion blade virtual devices tab	185
Management Console	186
iLO Event Log tab	188
Interconnect bays	189
Interconnect Bay Summary screen	189
Interconnect Bay screen	190
Interconnect Bay Information tab	192
Interconnect Bay Virtual Buttons	193
Interconnect Bay Port Mapping screen	194
Enclosure power management	195
Power management planning	195
Power and thermal screen	196
Power management	197
Enclosure Power Meter screen	202
Graphical View tab	203
Table View tab	204
Enclosure power allocation	206
Enclosure power summary	206
Power Subsystem screen	207
Power Supply Information	209
Fans and cooling management	210
Fan zones	210
Thermal subsystem	211
c7000 Enclosure fan location rules	214
c3000 Enclosure fan location rules	216
Enclosure DVD/CD-ROM Drive	217
DVD/CD-ROM drives	217
Interactive installation and configuration of DVD/CD-ROM drive	218
Unattended OS deployment	224
Ad-hoc access to DVD-based media for application installation or data import	230
Updating blade firmware with HP Smart Update Manager	230
Managing users	231
Users/Authentication	231
User roles and privilege levels	231
Role-based user accounts	231
Local Users	232
Add Local User	233
Edit Local User	233
Edit Local User Certificate Information tab	236
Password settings	236
Directory Settings screen	237
Directory Certificate Information tab	239
Uploading a certificate	239
Directory Certificate Upload tab	240
Directory Test Settings tab	240
Directory Groups	242
Add an LDAP Group	242
Edit an LDAP Group	245
SSH Administration	248
Supported SSH and SSL versions	248
HP SSO Integration	249
Using Enclosure Firmware Management	250
Initiating a manual update or discovery	250
Individual servers	250
Multiple servers	250
Status updates	253
Logging	254
Firmware Log	254
Session Log	254
Firmware Management Log	255
Event failures	255
Viewing firmware versions	255
Server firmware	256
Rack firmware	256
Firmware version variations	257
Two-Factor Authentication	257
Two-Factor Authentication Certificate Information tab	258
Two-Factor Authentication Certificate Upload tab	259
Signed In Users	259
Session Options tab	259
Insight Display	260
Virtual Connect Manager	260
iLO Integration	260
Management network IP dependencies	260
Port mapping	262
Device bay port mapping graphical view for c3000 Enclosure	262
Device bay port mapping table for c3000 Enclosure	264
Device bay port mapping graphical view for c7000 Enclosure	267
Device bay port mapping table for c7000 Enclosure	270
Using the command line interface	273
Command line overview	273
Setting up Onboard Administrator using the CLI	273
Pinout signals for Onboard Administrator Serial RS232 connector	275
Using the service port connection	275
Using configuration scripts	277
Configuration scripts	277
Reset factory defaults	278
HP Integrity i2 server blade support	280
Updated support for HP Integrity BL860c i2, BL870c i2, and BL890c i2 Server Blades	280
Tree view and graphical view changes for HP Integrity i2 Server Blades	280
Port mapping changes for HP Integrity i2 Server Blades	282
Partner blade changes for HP Integrity i2 Server Blades	282
Troubleshooting	283
Onboard Administrator error messages	283
Onboard Administrator errors	283
Insight Display screen shot errors	294
Onboard Administrator factory default settings	294
Onboard Administrator SNMP traps	295
Known browser issues	296
Enabling LDAP Directory Services Authentication to Microsoft Active Directory	297
Certificate Services	297
Preparing the directory	297
Uploading the DC Certificate (optional)	298
Creating directory groups	300
Testing the directory login solution	302
Troubleshooting LDAP on Onboard Administrator	303
Time zone settings	305
Africa time zone settings	305
Americas time zone settings	305
Asia time zone settings	307
Universal time zone settings	307
Oceanic time zone settings	308
Europe time zone settings	308
Polar time zone settings	309
Support and other resources	310
Before you contact HP	310
HP contact information	310
Acronyms and abbreviations	311
Documentation feedback	314

Match case Limit results 1 per page

Configuring the HP BladeSystem c7000 enclosure and enclosure devices

231

Managing users

Users/Authentication

This section explains the levels of user rights recognized by the HP BladeSystem Onboard Administrator and

provides detailed procedures to configure the management functionalities provided by the Onboard

Administrator.

The Users/Authentication menu item cannot be selected and does not display overview information for user

accounts or settings. Instead, select any of the sublevel menu items for specific settings.

User roles and privilege levels

Within the Users/Authentication category of HP BladeSystem Onboard Administrator, you can access the

Local Users subcategory. In this subcategory, you can create user accounts that individuals use to log in to the

HP Onboard Administrator, and have a username, password, and typically contact information. Users can

have one of three privilege levels:

•

ADMINISTRATOR

allows access to all aspects of the HP BladeSystem Onboard Administrator including

configuration, firmware updates, user management, and resetting default settings.

•

OPERATOR

allows access to all information, but only certain configuration settings can be changed.

This account is used for individuals who might be required to periodically change configuration

settings.

•

USER

allows access to all information, but no changes can be made within HP BladeSystem Onboard

Administrator. This account is used for individuals who need to see the configuration of the HP

BladeSystem Onboard Administrator but do not need the ability to change settings.

The privilege level approach of HP BladeSystem Onboard Administrator to user permissions facilitates the

maintenance of server blade bays. This approach operates according to the following principles:

•

Users are assigned privilege levels in User Management.

•

A user can have access to any combination of device bays, interconnect bays, and Onboard

Administrator bays.

Access to a server blade by a user depends on the privilege level assigned to the user account. If you select

a user with Administrator ACL or OA permission, the page will grey out and disable access to the blade and

interconnect permissions and select them all.

In cases where HP SIM is used, Onboard Administrator can integrate with HP SIM and use HP SIM users to

facilitate a single login from HP SIM into Onboard Administrator. For more information, see HP SIM

integration.

Role-based user accounts

Role-based user accounts on Onboard Administrator serve two purposes: to control the functions a user has

access to on Onboard Administrator and to control permissions a temporary user account adopts on iLO

when autologin is used.

There are two major aspects of role-based user accounts on Onboard Administrator: bay permissions and a

user privilege level. Bay permissions determine which bays the user is allowed to access. Bay permissions are

selected during user account creation and allow access to specific device bays, interconnect bays, or