Home » HP Manuals » Desktops » HP Xw460c » Manual Viewer

HP Xw460c HP Integrated Lights-Out 2 User Guide for Firmware 1.75 and 1.77 - Page 56

HP SIM single sign-on (SSO), Setting up iLO 2 for HP SIM SSO

Add to My Manuals
Save this manual to your list of manuals

Page 56 highlights

IMPORTANT: Incorrectly editing the registry can severely damage your system. HP recommends creating a back up of any valued data on the computer before making changes to the registry. For information on how to restore your registry, see the Microsoft Knowledge base article (http://support.microsoft.com/kb/307545). To connect to iLO 2 through an SSH connection, see your SSH utility documentation to set the cipher strength. When connecting through the XML channel, the CPQLOCFG utility uses a secure 3DES cipher by default. CPQLOCFG 2.26 or later displays the following current-connection cipher strength on the XML output. For example: Connecting to Server.. Negotiated cipher: 168-bit Triple DES with RSA and a SHA1 MAC AES encryption is not supported by Internet Explorer on a Windows® 2000 Professional client. To use AES encryption with this operating system, use another browser (such as Mozilla). HP SIM single sign-on (SSO) HP SIM SSO enables you to browse directly from HP SIM to your LOM processor, bypassing an intermediate login step. To use SSO, a current version of HP SIM is required, and you must configure your LOM processor to accept the links from HP SIM. HP SIM requires the latest updates and patches to function correctly. For more information about HP Systems Insight Manager and available updates, see the HP website (http://www.hp.com/go/hpsim). HP SIM SSO is a licensed feature available with the purchase of optional licenses. For more information, see "Licensing (on page 26)". The HP SIM SSO page enables you to view and configure SSO settings through the iLO 2 interface. For more information, see the section, "Setting up HP SIM SSO (on page 58)." You can also access HP SIM SSO configuration settings using scripts, text files, and through a commandline using text-based clients such as SSH over the network or from the operating system on the host computer. Scripting SSO enables you to use the same SSO settings on all your LOM processors. For more information, example scripts, and CLP extensions to read, modify, and write HP SIM SSO configuration settings, see the HP Integrated Lights-Out Management Processor Scripting and Command Line Resource Guide. Setting up iLO 2 for HP SIM SSO Before you start SSO setup, you must have the network address of HP SIM and ensure that a license key is installed. To setup SSO: 1. Enable Single Sign-On Trust Mode by selecting either Trust by Certificate (recommended), Trust by Name, or Trust All. 2. Add the HP SIM certificate of the server to iLO 2. a. Click Add an HP SIM Server. b. Enter the HP SIM server network address. c. Click Import Certificate. The certificate repository is sized to allow five typical iLO 2 certificates. However, certificate sizes can vary if typical certificates are not issued. There is 6KB of combined storage allocated for Configuring iLO 2 56

Section	Page
HP Integrated Lights-Out 2 User Guide	1
Notice	2
Contents	3
Operational overview	9
Guide overview	9
New in this release of iLO 2	9
iLO 2 overview	10
Differences between iLO 2 and iLO	10
HP Insight Essentials Rapid Deployment Pack integration	11
Server management through IPMI version 2.0 compliant applications	11
WS-Management compatibility overview	12
iLO 2 browser interface overview	13
Supported browsers and client operating systems	13
Supported server operating system software	14
iLO 2 setup	16
Quick setup	16
Preparing to setup iLO 2	16
Connecting to the network	18
Configuring the IP address	18
Logging in to iLO 2 for the first time	19
Setting up user accounts	19
Setting up iLO 2 using iLO 2 RBSU	20
Setting up iLO 2 using the browser-based option	20
Activating iLO 2 licensed features using a browser	20
Installing iLO 2 device drivers	21
Microsoft device driver support	21
Linux device driver support	22
Novell NetWare device driver support	22
Configuring iLO 2	24
iLO 2 configuration overview	24
Upgrading iLO 2 firmware	24
Upgrading iLO 2 using a browser	25
Updating the firmware using the maintenance CD	26
Recovering from a failed iLO 2 firmware update	26
Downgrading the iLO 2 firmware	26
Licensing	26
User administration	28
Adding a new user	29
Viewing or modifying an existing user's settings	31
Deleting a user	31
Group administration	32
Configuring iLO 2 access	33
Services options	33
Terminal Services Passthrough option	35
Enabling the Terminal Services Passthrough option	37
Remote Console and Terminal Services clients	37
Terminal Services troubleshooting	38
Access options	39
iLO 2 Remote Console and Remote Serial Console access	41
Security	41
General security guidelines	42
Password guidelines	42
Securing RBSU	42
iLO 2 Security Override Switch administration	43
Trusted Platform Module support	43
User accounts and access	44
Privileges	44
Login security	44
SSH key administration	45
SSL certificate administration	45
Two-factor authentication	46
Setting up two-factor authentication for the first time	47
Setting up a user for two-factor authentication	49
Two-factor authentication login	49
Using two-factor authentication with directory authenticatio	50
Directory settings	51
Configuring directory settings	52
Directory tests	54
Encryption	54
Encryption settings	55
Connecting to the iLO 2 using AES/3DES encryption	55
HP SIM single sign-on (SSO)	56
Setting up iLO 2 for HP SIM SSO	56
Adding HP SIM trusted servers	57
Setting up HP SIM SSO	58
Remote Console Computer Lock	59
Network	60
Network Settings	61
iLO 2 subsystem name limitations	62
iLO 2 Shared Network Port	62
DHCP/DNS Settings	65
SNMP/Insight Manager settings	66
Enabling SNMP alerts	66
SNMP generated trap definitions	67
Configuring Insight Manager integration	68
ProLiant BL pClass configuration	69
ProLiant BL pClass user requirements	69
Static IP bay configuration	69
Configuring a ProLiant BL pClass blade enclosure	70
Configuring static IP bay settings	70
ProLiant BL pClass standard configuration parameters	71
ProLiant BL pClass advanced configuration parameters	71
Enabling iLO 2 IP address assignment	72
HP BladeSystem setup	72
iLO 2 configuration screen	73
Verify Server RAID Configuration screen	73
Connect Virtual Media screen	74
Install Software screen	74
iLO 2 diagnostic port configuration parameters	74
Using iLO 2	76
System status and status summary information	76
System Information Summary	78
Fans	78
Temperatures	79
Power	79
Processors	80
Memory	80
NIC	80
iLO 2 Log	80
IML	80
Diagnostics	81
Insight Agents	82
iLO 2 Remote Console	83
Remote Console overview and licensing options	84
Remote Console settings	84
Remote console hot keys	86
Supported hot keys	86
Hot keys and international keyboards	88
Hot keys and Virtual Serial Port	88
Integrated Remote Console Fullscreen	88
Integrated Remote Console option	88
Optimizing mouse performance for Remote Console or Integrated Remote Console	91
High Performance Mouse settings	91
Shared Remote Console	93
Using Console Capture	93
Using HP iLO Video Player	94
iLO Video Player user interface	94
iLO Video Player controls	95
Acquiring the Remote Console	96
Remote Console	96
Remote Console features and controls	97
Recommended client settings	98
Recommended server settings	98
Text-based remote console overview	98
Text-based console during POST	99
Text-based console after POST	99
Virtual serial port and remote serial console	102
Virtual media	107
Using iLO 2 Virtual Media devices	108
Virtual Media and Windows 7	108
iLO 2 Virtual Floppy/USBKey	108
iLO 2 Virtual CD/DVD-ROM	112
Creating iLO 2 disk image files	114
Virtual folder	115
Virtual folder operating system notes	115
Power management	116
Server power settings	117
Server power data	119
Processor states	120
Power efficiency	121
Graceful shutdown	122
ProLiant BL pClass Advanced management	122
Rack View	123
Blade configuration and information	124
Enclosure information	125
Power enclosure information	126
Network component information	126
iLO 2 control of ProLiant BL pClass server LEDs	127
Server POST tracking	127
Insufficient power notification	127
ProLiant BL pClass alert forwarding	127
ProLiant BladeSystem HP Onboard Administrator	127
iLO 2 BL c-Class tab	128
Enclosure bay IP addressing	128
Dynamic power capping for server blades	130
iLO 2 Virtual Fan	131
iLO option	131
Web Administration	132
BL pClass and BL c-Class features	132
Directory services	134
Overview of directory integration	134
Benefits of directory integration	134
Advantages and disadvantages of schema-free directories and HP schema directory	135
Schema-free directory integration	136
HP schema directory integration	136
Setup for Schema-free directory integration	138
Active Directory preparation	138
Introduction to certificate services	138
Installing certificate services	138
Verifying certificate services	139
Configuring Automatic Certificate Request	139
Schema-free browser-based setup	139
Schema-free scripted setup	140
Schema-free HPLOMIG-based setup	140
Schema-free setup options	140
Schema-free nested groups	141
Setting up HP schema directory integration	142
Features supported by HP schema directory integration	142
Setting up directory services	142
Schema documentation	143
Directory services support	143
Schema required software	144
Schema installer	144
Schema Preview	145
Setup	145
Results	146
Management snap-in installer	147
Directory services for Active Directory	147
Active Directory installation prerequisites	147
Installing Active Directory on Windows Server 2008	148
Directory services preparation for Active Directory	148
Snap-in installation and initialization for Active Directory	149
Example: Creating and configuring directory objects for use with iLO 2 in Active Directory	150
Directory services objects	152
Active Directory Lights-Out management	156
Directory services for eDirectory	157
eDirectory installation prerequisites	157
Snap-in installation and initialization for eDirectory	157
Example: Creating and configuring directory objects for use with LOM devices in eDirectory	157
Directory Services objects for eDirectory	161
eDirectory Role Restrictions	162
eDirectory Lights-Out Management	164
User login using directory services	165
Directory-enabled remote management	166
Introduction to directory-enabled remote management	166
Creating roles to follow organizational structure	166
Using existing groups	166
Using multiple roles	167
How directory login restrictions are enforced	168
Restricting roles	168
Role time restrictions	168
Role address restrictions	169
User restrictions	169
User address restrictions	169
How user time restrictions are enforced	170
Creating multiple restrictions and roles	170
Using bulk import tools	171
HPQLOMIG directory migration utility	173
Introduction to HPQLOMIG utility	173
Compatibility	173
HP Lights-Out directory package	173
Using HPQLOMIG	174
Finding management processors	174
Upgrading firmware on management processors	176
Selecting a directory access method	177
Naming management processors	178
Configuring directories when HP Extended schema is selected	179
Configuring directories when schema-free integration is selected	180
Setting up management processors for directories	181
HP Systems Insight Manager integration	183
Integrating iLO 2 with HP SIM	183
HP SIM functional overview	183
Establishing SSO with HP SIM	184
HP SIM identification and association	184
HP SIM status	184
HP SIM links	185
HP SIM systems lists	185
Receiving SNMP alerts in HP SIM	186
HP SIM port matching	186
Reviewing Advanced Pack license information in HP SIM	187
Troubleshooting iLO 2	188
iLO 2 POST LED indicators	188
Event log entries	189
Hardware and software link-related issues	192
JVM support	193
Login issues	193
Login name and password not accepted	193
Directory user premature logout	194
iLO 2 Management Port not accessible by name	194
iLO 2 RBSU unavailable after iLO 2 and server reset	194
Inability to access the login page	195
Inability to access iLO 2 using telnet	195
Inability to access virtual media or graphical remote console	195
Inability to connect to iLO 2 after changing network settings	195
Inability to connect to the iLO 2 Diagnostic Port	195
Inability to connect to the iLO 2 processor through the NIC	196
Inability to log in to iLO 2 after installing the iLO 2 certificate	196
Firewall issues	196
Proxy server issues	196
Two-factor authentication error	197
Troubleshooting alert and trap problems	197
Inability to receive HP SIM alarms (SNMP traps) from iLO 2	198
iLO 2 Security Override switch	198
Authentication code error message	198
Troubleshooting directory problems	198
Domain/name format login issues	199
ActiveX controls are enabled and I see a prompt but the domain/name login format does not work	199
User contexts do not appear to work	199
Directory user does not logout after the directory timeout has expires	199
Troubleshooting Remote Console problems	199
Remote Console applet has a red X when running Linux client browser	200
Inability to navigate the single cursor of the Remote Consol to corners of the Remote Console window	200
Remote Console no longer opens on the existing browser session	200
Remote console text window not updating properly	200
Remote Console turns gray or black	201
Remote Serial Console troubleshooting	201
Troubleshooting Integrated Remote Console problems	201
Internet Explorer 7 and a flickering remote console screen	201
Configuring Apache to accept exported capture buffers	202
No console replay while server is powered down	203
Skipping information during boot and fault buffer playback	203
Out of Memory error starting Integrated Remote Console	203
Session leader does not receive connection request when IRC is in replay mode	203
Keyboard LED does not display correctly	203
Inactive IRC	204
IRC Failed to connect to server error message	204
IRC toolbar icons do not update	204
GNOME interface does not lock	205
Repeating keys on the Remote Console	205
Remote Console playback does not work when the host server is powered down	205
Troubleshooting SSH and Telnet problems	205
Initial PuTTY input slow	205
PuTTY client unresponsive with Shared Network Port	205
SSH text support from a Remote Console session	206
Troubleshooting terminal services problems	206
Terminal Services button is not working	206
Terminal Services proxy stops responding	206
Troubleshooting video and monitor problems	206
General guidelines	206
Telnet displays incorrectly in DOS®	206
Video applications not displaying in the Remote Console	207
User interface is not displaying correctly	207
Troubleshooting Virtual Media problems	207
Virtual Media applet has a red X and will not display	207
Virtual Floppy media applet is unresponsive	207
Troubleshooting iLO Video Player problems	207
Video capture file does not play	207
Video capture file plays erratically	208
Troubleshooting Remote Text Console problems	208
Viewing the Linux installer in the text console	208
Passing data through an SSH terminal	208
Troubleshooting miscellaneous problems	208
Cookie sharing between browser instances and iLO 2	208
Shared instances	208
Cookie order behavior	209
Displaying the current session cookie	209
Preventing cookie-related user issues	210
Inability to access ActiveX downloads	210
Inability to get SNMP information from HP SIM	210
Incorrect time or date of the entries in the event log	210
Inability to upgrade iLO 2 firmware	210
Diagnostic steps	211
iLO 2 does not respond to SSL requests	211
Testing SSL	211
Resetting iLO 2	212
Server name still present after ERASE utility is executed	212
Troubleshooting a remote host	212
Directory services schema	213
HP Management Core LDAP OID classes and attributes	213
Core classes	213
Core attributes	213
Core class definitions	213
hpqTarget	213
hpqRole	214
hpqPolicy	214
Core attribute definitions	214
hpqPolicyDN	214
hpqRoleMembership	215
hpqTargetMembership	215
hpqRoleIPRestrictionDefault	215
hpqRoleIPRestrictions	215
hpqRoleTimeRestriction	216
Lights-Out Management specific LDAP OID classes and attributes	217
Lights-Out Management classes	217
Lights-Out Management attributes	217
Lights-Out Management class definitions	217
hpqLOMv100	217
Lights-Out Management attribute definitions	218
hpqLOMRightLogin	218
hpqLOMRightRemoteConsole	218
hpqLOMRightVirtualMedia	218
hpqLOMRightServerReset	219
hpqLOMRightLocalUserAdmin	219
hpqLOMRightConfigureSettings	219
Technical support	220
Support information	220
HP contact information	221
Before you contact HP	221
Acronyms and abbreviations	222

Match case Limit results 1 per page

Configuring iLO 2 56

IMPORTANT:

Incorrectly editing the registry can severely damage your system. HP

recommends creating a back up of any valued data on the computer before making changes

to the registry. For information on how to restore your registry, see the Microsoft

Knowledge

base article (

http://support.microsoft.com/kb/307545

To connect to iLO 2 through an SSH connection, see your SSH utility documentation to set the cipher

strength.

When connecting through the XML channel, the CPQLOCFG utility uses a secure 3DES cipher by default.

CPQLOCFG 2.26 or later displays the following current-connection cipher strength on the XML output. For

example:

Connecting to Server..

Negotiated cipher: 168-bit Triple DES with RSA and a SHA1 MAC

AES encryption is not supported by Internet Explorer on a Windows® 2000 Professional client. To use

AES encryption with this operating system, use another browser (such as Mozilla).

HP SIM single sign-on (SSO)

HP SIM SSO enables you to browse directly from HP SIM to your LOM processor, bypassing an

intermediate login step. To use SSO, a current version of HP SIM is required, and you must configure your

LOM processor to accept the links from HP SIM. HP SIM requires the latest updates and patches to

function correctly. For more information about HP Systems Insight Manager and available updates, see

the HP website (

http://www.hp.com/go/hpsim

HP SIM SSO is a licensed feature available with the purchase of optional licenses. For more information,

see "Licensing (on page

)".

The HP SIM SSO page enables you to view and configure SSO settings through the iLO 2 interface. For

more information, see the section, "Setting up HP SIM SSO (on page

)."

You can also access HP SIM SSO configuration settings using scripts, text files, and through a command-

line using text-based clients such as SSH over the network or from the operating system on the host

computer. Scripting SSO enables you to use the same SSO settings on all your LOM processors. For more

information, example scripts, and CLP extensions to read, modify, and write HP SIM SSO configuration

settings, see the

HP Integrated Lights-Out Management Processor Scripting and Command Line Resource

Guide.

Setting up iLO 2 for HP SIM SSO

Before you start SSO setup, you must have the network address of HP SIM and ensure that a license key is

installed. To setup SSO:

Enable Single Sign-On Trust Mode by selecting either

Trust by Certificate

(recommended),

Trust by

Name

, or

Trust All

Add the HP SIM certificate of the server to iLO 2.

Click

Add an HP SIM Server.

Enter the HP SIM server network address.

Click

Import Certificate.

The certificate repository is sized to allow five typical iLO 2 certificates. However, certificate sizes

can vary if typical certificates are not issued. There is 6KB of combined storage allocated for