Home » HP Manuals » Servers » HP Integrity rx2800 » Manual Viewer

HP Integrity rx2800 Installation Guide, Windows Server 2008 R2 v7.0 - Page 88

Securing the WBEM Connection, Managing nPartitions Using WBEM, WBEM SSL Certificate cert.pem file

View all HP Integrity rx2800 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 88 highlights

data in a consistent fashion. Client applications can then use this information to manage an enterprise computing environment. Because WBEM supports a distributed management architecture, client applications (nPartition management tools, for example) can run on a remote system and use the WBEM infrastructure to send requests to managed servers. Partition Manager is a WBEM client application. Partition Manager uses WBEM when retrieving information about a server complex. Partition Manager uses nPartition commands for all other operations. The nPartition commands are also WBEM client applications. Several software components support nPartition commands for Windows. The Windows OS provides the Windows Management Instrumentation (WMI) software, which is an implementation of WBEM standards. HP provides a WMI-based nPartition Provider and WMI mapper to convert CIM/XML WBEM requests from clients (like nPartition commands and Partition Manager) into WMI requests. The nPartition commands and Partition Manager send management messages to the nPartition Provider. The nPartition Provider handles communication with the MP using the IPMI protocol, locally through an IPMI/BT device driver, or remotely using the MP IPMI/LAN interface. Securing the WBEM Connection WBEM secures the management connection using an SSL authentication process, which involves the following files: • WBEM SSL Certificate (cert.pem file) The WBEM SSL certificate file resides on the system that is being managed and contains the local WBEM server's certificate. On a Windows system, the WBEM SSL certificate file is in the location specified by the sslCertificateFilePath entry in the %PEGASUS_HOME%\cimserver_current.conf file, and is usually %SystemDrive%\hp\sslshare\cert.pem. • WBEM Trusted Certificate Store (known_hosts.pem file) The WBEM Trusted Certificate Store file resides on the system from which you issue WBEM remote management commands. On a Windows system, the WBEM Trusted Certificate Store file resides in the %SystemDrive%\hp\sslshare directory. • Partition Manager Trusted Certificate Store (parmgr.keystore file) The Partition Manager Certificate Store file resides on the system from which you run Partition Manager. Partition Manager uses it to validate server certificates. On a Windows system, the Partition Manager Trusted Certificate Store file resides in the %SystemDrive%\hp\sslshare directory. For remote WBEM SSL connections to succeed, the WBEM SSL server certificate from the remote system you are connecting to (the WBEM server) must be imported into the trusted certificate stores on the system where the remote WBEM commands are issued from (the client system). Managing nPartitions Using WBEM Using WBEM, you can manage remote nPartitions indirectly, through an nPartition on the server. NOTE: You cannot use WBEM to manage nPartitions remotely if none of the nPartitions on the target server have been booted or configured yet, or if the nPartition provider or MP device driver components have not been installed yet. To use WBEM, install the WMI Mapper and the nPartition commands software on your management station. After you install the tools, enable secure WBEM communications. Then you can use Partition Manager or nPartition commands to manage the remote nPartitions. 88 nPartitioning

Section	Page
Installation Guide	1
Table of Contents	3
About This Document	9
Intended Audience	9
New and Changed Information in This Edition	9
Document Organization	9
Typographic Conventions	10
Related Information	10
Publishing History	11
HP Encourages Your Comments	11
1 Preparing for Installation	13
Task 1: Determine Current System Status	13
Task 2: Verify Hardware Compatibility	13
Ensure Brand Similarity Among Fibre Channel Host Bus Adapters (HBAs) in Multipath I/O (MPIO) Environments	13
Task 3: Back Up Existing Data	14
Task 4: Choose an Installation Environment	14
Using Windows Server 2008 R2 OS Media (Provided by Microsoft) + HP Smart Setup + Smart Update Media	15
Using HP Reinstallation Media	15
Task 5: Locate Your Microsoft Certificate of Authenticity (with Product Key)	15
Task 6: Set Up an Installation Method	19
Set Up a Headless Console	19
Set Up a Headless Console Using a Null Modem Cable	20
Set up a Headless Console Using a LAN	20
Set Up a Headless Console Using a Remote Serial Console	20
Set Up a GUI Console	20
Set Up an Integrated Remote Console	22
Set Up a vMedia Drive	23
Set Up PXE/WDS	23
Set Up a WDS Server	24
Install WDS	25
Configure WDS	25
Authorize a WDS Server in Active Directory	26
Use the Client Installation Wizard	26
Task 7: Prepare the Server Hardware for OS Installation	26
Set Up the Boot Drive	27
Boot to EFI	27
Locate the DVD/CD Drive	27
Set ACPI Flag to Windows (Cell-Based Servers Only)	28
Set Cell Local Memory to 100% (Cell-Based Servers Only)	29
Specify the Network Interface Card for a Network Boot	29
2 Installing the OS	31
Install from a Headless Console	31
Install from a GUI Console	39
Install from PXE	47
Reinstall from a Headless Console	47
Load the System Image to the Boot Disk	47
Configure after the Initial Boot	49
Reinstall from a GUI Console	49
Load the System Image to the Boot Disk	50
Configure after the Initial Boot	51
Activate the OS	51
Apply OS Updates Using the Smart Update Media	54
Enable Windows Components	55
Set IP Addresses from a Headless Console	55
Enable and Run Remote Desktop Connection	55
Verify System Device Drivers and Register for Updates	56
Verify System Device Drivers	56
Register for HP Support Notifications	57
Register for Microsoft Security Notifications	57
Register for Microsoft Windows Update	57
Miscellaneous Installation Issues	57
Downgrading from Windows Server 2008 R2 (to Windows Server 2008 or Windows Server 2003)	57
Installing Windows Server 2008 R2 on rx8640 and rx7640 Servers	58
Booting Windows Preinstallation Environment (WinPE) from the Hard Drive Diagnostic Partition	58
Installing from the IRC	58
Enabling Hyperthreading on HP Integrity Servers	58
Device Manager Indicates “Unknown Device” with ID IFX0102	59
3 Installing and Configuring the Management Tools	61
Install the Integrity Support Pack (ISP)	61
Configure and Verify the WBEM Providers	64
Enable Access Rights and Group Memberships	65
Enable Auto Page Refresh and Set the Interval	66
Verify Installation of the WBEM Providers	66
Configure System Management Homepage	66
Set Up Browser Access	66
Set Up and Change Your SMH Security Settings After Support Pack Installation	66
Initialize SMH	67
Verify Installation of the nPartition Management Tools	67
Verify nPartition Commands	68
Verify Partition Manager Installation	68
A Preparing the Server for Microsoft SQL Server	71
SQL Server 2005 Installation	71
Install SQL Server from the Command Prompt	72
Install SQL Server from the GUI	72
B EFI Utilities	75
Introduction to EFI	75
EFI Boot Manager	75
EFI Shell	75
Common EFI Shell Commands	76
EFI-Based Setup Utility	78
Creating a Backup Boot File Using the EFI Shell	80
Verify Successful Backup Boot File Creation	80
C nPartitioning	81
Quick Start	81
Getting to Know nPartitions	82
Partitioning Continuum	82
Cell Structure of nPartitions	82
Properties of nPartitions	83
Cell and nPartition Boot Phases	84
Cell Boot Phase	84
nPartition Boot Phase	85
Choosing a Management Tool	85
Management Interface Options	86
IPMI	86
IPMI Block Transfer (IPMI BT)	86
IPMI over LAN	86
Managing nPartitions Using IPMI over LAN	87
Running Partition Manager Using IPMI over LAN	87
Running nPartition Commands Using IPMI over LAN	87
WBEM	87
Securing the WBEM Connection	88
Managing nPartitions Using WBEM	88
Running Partition Manager Using WBEM	89
Running nPartition Commands Using WBEM	89
Choosing a Management Mode	89
Local Management	89
Remote Management Using IPMI	90
Remote Management Using WBEM	90
Authentication and Authorization Issues	90
Local Management	90
Remote Management Using IPMI	91
Remote Management Using WBEM	91
Setting up the Management Station	92
Controlling the Management Station Remotely	92
Remote Control	92
Terminal Services	92
Remote Desktop	92
Telnet	92
Performing nPartition Management Tasks	93
Listing the Status of an nPartition or Complex	93
Using Partition Manager	93
Using nPartition Commands	93
Using the Management Processor Command Menu	93
Using the EFI Shell	94
Creating nPartitions	94
Creating the First nPartition in a Server Complex	94
Creating a Genesis Partition for a Server Complex	94
Creating Additional nPartitions in a Server Complex	94
Modifying nPartitions	95
Booting and Resetting nPartitions	96
Using the MP Command Menu	97
Using the EFI Shell	97
Using Microsoft Windows Commands	97
D SMH and the WBEM Providers	99
WBEM Providers	99
Using SMH	99
Accessing WebAgents	100
Navigating SMH	100
The SMH Home Page	103
Overall Status Summary	103
System Status	103
System Category	103
Operating System Category	104
Network Category	104
System Software Category	104
Storage Category	104
System Configuration Category	104
System Report	105
E Headless Windows Installations	107
Why Headless?	107
What is a Headless System?	107
Benefits of Headless Systems	107
How to Access a Headless System	108
Console Definitions	108
In-Band vs. Out-of-Band	108
Remote Desktop	108
Physical Aspects of Integrity Consoles	108
Management Processor	108
Emergency Management Services (EMS)	108
Firmware Redirection	109
Special Administration Console	109
Configuring Consoles	109
Management Processor Settings	109
Cellular Systems	110
Noncellular Systems	110

Match case Limit results 1 per page

data in a consistent fashion. Client applications can then use this information to manage an

enterprise computing environment.

Because WBEM supports a distributed management architecture, client applications (nPartition

management tools, for example) can run on a remote system and use the WBEM infrastructure

to send requests to managed servers.

Partition Manager is a WBEM client application. Partition Manager uses WBEM when retrieving

information about a server complex. Partition Manager uses nPartition commands for all other

operations. The nPartition commands are also WBEM client applications.

Several software components support nPartition commands for Windows. The Windows OS

provides the Windows Management Instrumentation (WMI) software, which is an implementation

of WBEM standards. HP provides a WMI-based nPartition Provider and WMI mapper to convert

CIM/XML WBEM requests from clients (like nPartition commands and Partition Manager) into

WMI requests.

The nPartition commands and Partition Manager send management messages to the nPartition

Provider. The nPartition Provider handles communication with the MP using the IPMI protocol,

locally through an IPMI/BT device driver, or remotely using the MP IPMI/LAN interface.

Securing the WBEM Connection

WBEM secures the management connection using an SSL authentication process, which involves

the following files:

•

WBEM SSL Certificate (cert.pem file)

The WBEM SSL certificate file resides on the system

that is being managed and contains the local WBEM server’s certificate.

On a Windows system, the WBEM SSL certificate file is in the location specified by the

sslCertificateFilePath entry in the

%PEGASUS_HOME%\cimserver_current.conf

file,

and is usually

%SystemDrive%\hp\sslshare\cert.pem

•

WBEM Trusted Certificate Store (known_hosts.pem file)

The WBEM Trusted Certificate Store

file resides on the system from which you issue WBEM remote management commands.

On a Windows system, the WBEM Trusted Certificate Store file resides in the

%SystemDrive%\hp\sslshare

directory.

•

Partition Manager Trusted Certificate Store (parmgr.keystore file)

The Partition Manager

Certificate Store file resides on the system from which you run Partition Manager. Partition

Manager uses it to validate server certificates. On a Windows system, the Partition Manager

Trusted Certificate Store file resides in the

%SystemDrive%\hp\sslshare

directory.

For remote WBEM SSL connections to succeed, the WBEM SSL server certificate from the remote

system you are connecting to (the WBEM server) must be imported into the trusted certificate

stores on the system where the remote WBEM commands are issued from (the client system).

Managing nPartitions Using WBEM

Using WBEM, you can manage remote nPartitions indirectly, through an nPartition on the server.

NOTE:

You

cannot

use WBEM to manage nPartitions remotely if none of the nPartitions on the

target server have been booted or configured yet, or if the nPartition provider or MP device

driver components have not been installed yet.

To use WBEM, install the WMI Mapper and the nPartition commands software on your

management station. After you install the tools, enable secure WBEM communications. Then

you can use Partition Manager or nPartition commands to manage the remote nPartitions.

nPartitioning