No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

MM910 Management Module V100R001 User Guide 24

This document provides the product description, installation and configuration methods, and common operations of the E9000 server chassis management module MM910.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
System Settings

System Settings

Security

GUI

Function

Table 7-98 describes the system management functions on the MM910 web user interface (WebUI).

Table 7-98 Function description

Item

Function Description

Timeout period (min)

Maximum idle period (in minutes) after which the user will be logged out of the HMM WebUI.

Value range: 5 to 120

Default value: 5

Port 80 (HTTP)

Port for automatically switching HTTP to HTTPS.

  • On: enables automatic switching of HTTP to HTTPS. This setting may pose security risks.
  • Off: disables automatic switch of HTTP to HTTPs. This setting helps improve system security.

Default value: Off

SNMP V1

  • On: enables SNMPv1.
  • Off: disables SNMPv1.
    NOTE:

    SNMPv3 is enabled by default. SNMPv1 poses security risks.

SNMP V2C

  • On: enables SNMPv2c.
  • Off: disables SNMPv2c.
    NOTE:

    SNMPv3 is enabled by default. SNMPv2c poses security risks.

Login Security Banner Settings

Setting of the login security banner.

  • On: enables the login security banner. The security banner will be displayed don the login page.
  • Off: disables the login security banner.

Default value: On

Security banner text

Security banner text to be displayed on the login page.

Value: a string of up to 1600 characters, which can contain letters, digits, spaces, carriage returns, and the following special characters: !@#$%:;~,.-+=_/|()[]{}

TLS Versions

Versions of the Transport Layer Security (TLS).

TLS ensures data confidentiality and integrity between two communicating applications. Different TLS versions can be enabled based on requirements. By default, TLS 1.1 and TLS 1.2 are selected.

NOTE:

TLS 1.0 poses security risks. Select TLS 1.1 and TLS 1.2 for security purposes.

Enhanced SSL security

Setting of the enhanced SSL security.

  • On: disables the Rivest-Shamir-Adleman (RSA) algorithm, which poses security risks.
  • Off: enables the RSA algorithm.

Default value: Off

Authentication protocol

Authentication protocol to be used.

Value:

  • MD5
  • SHA

Default value: SHA

NOTE:

Using MD5 may pose security risks. You are advised to use SHA.

Privacy protocol

Privacy protocol to be used.

Value:

  • DES
  • AES

Default value: AES

NOTE:

Using DES may pose security risks. You are advised to use AES.

SSH password authentication

  • On: allows the user to log in to the MM910 over SSH, using the user name and password.
  • Off: allows the user to log in to the MM910 over SSH, using the public key.

Default value: On

Public key authentication

  • On: allows the user to log in to the MM910 over SSH, using the public key.
  • Off: disables the use of the public key for login to the MM910 over SSH.

Default value: On

Password validity (days)

Validity period (in days) of the password.

Value range: 0 to 365. The value 0 indicates that the password never expires.

Default value: 180

NOTE:

When a user password is about to expire in 9 days or less, the system automatically reminds the user to change the password.

Login policy upon password expiry

Login policy for users with expired passwords. The values are as follows:

  • Login not allowed: If a user with an expired password attempts to log in, the message "Login failed because the password has expired" is displayed.
  • Password change required: If a user with an expired password attempts to log in, the password change page is displayed. The user can log in after changing the password.

Default value: Login not allowed

Previous passwords disallowed

Number of previous passwords that cannot be used.

Value range: 0 to 5. If this parameter is set to 0, there is no restriction on the use of previously used passwords.

Default value: 5

User lockout policy

Maximum number of unsuccessful login attempts (1 to 5. Default: 5) after which the user account is locked and the account lockout period (1 to 10 minutes. Default: 10).

If a user account is locked, the user cannot log in to the system within the lockout period.

NOTE:
  • If the SNMP account is locked, users can still log in to the system over SSH, WebUI, or a serial port. If the SSH, WebUI, or serial port account is locked, users can still log in to the system over SNMP.
  • You can run the smmset -d unlockuser -v username command to unlock the account in an emergency.

Emergency login user

A user who can log in to the HMM WebUI irrespective of the password validity period or login rules.

The user can log in to the MM910 WebUI in case of emergency.

Default value: root

NOTE:

An emergency login user must be an administrator.

VMM port

Port from which the remote VMM data is transferred.

Default value: 8501

NOTE:

After the port number is changed, the established VMM connections will be disconnected.

KVM service ports

  • KVM control port: port used to transfer the KVM control messages, such as the messages for obtaining compute node status, exiting the KVM, and switching to split-screen mode. The default port number is 2198.
  • KVM data port: port used to transfer the data input and output by the KVM keyboard and mouse, and to transfer image data. The default port number is 2200.
NOTE:

After a KVM port number is changed, the established KVM connections will be disconnected.

Import

This button allows you to import user login rules. New login rules will replace existing rules in the OS.

Export

This button allows you to export the MM910 login rules (.cfg) to a local directory.

  • If Compatible with the export mode of an earlier version is not selected, the exported login rule files can be imported for MM910 later than (U54) 6.00 only.
  • If Compatible with the export mode of an earlier version is selected, the exported login rule files are compatible with MM910 earlier than (U54) 6.00.

Login rules

Rules for user login.

NOTE:
  • A maximum of 30 login rules are supported.
  • Users who meet one of the selected rules can log in to the MM910 WebUI or CLI.

Time Range

Time period during which users can log in to the MM910.

Set the time range based on actual requirements:

  • To specify the login period, set the time range in the YYYY-MM-DD HH format. For example, set the start time to 2014-08-30 08:30 and end time to 2014-12-30 20:30.
  • To specify the start and end dates for login, set the time range in the YYYY-MM-DD format. For example, set the start date to 2014-08-30 and end date to 2014-12-30.
  • To specify the login period in a day, set the time range in the HH:MM format. For example, set the start time to 08:30 and end time to 20:30.
NOTE:

The start and end time formats for a rule must be the same.

IP Range

IP address or IP address segment that is allowed to access the MM910.

The following formats are supported:

  • xxx.xxx.xxx.xxx: IP address allowed to access the MM910.
  • xxx.xxx.xxx.xxx/mask: IP address segment allowed to access the MM910.
NOTE:

The value range for mask is 1 to 32.

MAC Range

MAC address or MAC address header that is allowed to access the MM910.

The following formats are supported:

  • xx:xx:xx: MAC address header allowed to access the MM910.
  • xx:xx:xx:xx:xx:xx: MAC address allowed to access the MM910.

Password Complexity Check

SMM: setting of the password complexity check for the MM910.

Value:

  • On: enables the password complexity check.

    The MM910 user password is case-sensitive and must meet the following requirements:

    • Contain 8 to 32 characters.
    • Contain a space or one of the following special characters:

      `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

    • Contain at least two types of the following characters:
    • Uppercase letters A to Z
    • Lowercase letters a to z
    • Digits 0 to 9
    • Cannot be the same as the user name or the user name in reverse order.
  • Off: disables the password complexity check.

    The password must contain 8 to 32 characters.

For security purposes, set this parameter to On.

Slotx: setting of the password complexity check for a compute node in slotx.

Value:

  • On: enables the password complexity check.

    The BMC user password must meet the following requirements:

    • Contain 8 to 20 characters.
    • Contain a space or one of the following special characters:

      `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

    • Contain at least two types of the following characters:
    • Uppercase letters A to Z
    • Lowercase letters a to z
    • Digits 0 to 9
    • Cannot be the same as the user name or the user name in reverse order.
  • Off: disables the password complexity check.

    The password must contain 8 to 20 characters.

KVM Encryption

Function for encrypting sensitive KVM data before transmission between the client and the server. Sensitive data includes image data, keyboard data, power-on and power-off data, and private-mode data.

  • On: The KVM data is encrypted by using the AES128 algorithm before being transmitted between the server and the client.
  • Off: The KVM data is not encrypted before transmission. For security purposes, set this parameter to On.

Default value: Off

NOTE:
  • If VMM encryption is enabled, you must enable KVM encryption. If KVM encryption is enabled, you can determine whether to enable VMM encryption as required.
  • If KVM encryption and VMM encryption are unavailable for a compute node, the compute node does not support encryption. If you need to use the functions, contact technical support.
  • Ensure that no terminal is connected to any KVM before setting KVM encryption and VMM encryption; otherwise, the setting fails.
  • Keyboard data is always encrypted even if the KVM encryption is not enabled.

VMM Encryption

Function for encrypting data before the data is transmitted through a virtual medium, such as a virtual DVD-ROM drive, FDD, and folder.

  • On: The data is encrypted by using the AES128 algorithm before being transmitted between the server and the client.
  • Off: The data is not encrypted before transmission. For security purposes, set this parameter to On.

Default value: Off

NOTE:
  • If VMM encryption is enabled, you must enable KVM encryption. If KVM encryption is enabled, you can determine whether to enable VMM encryption as required.
  • If KVM encryption and VMM encryption are unavailable for a compute node, the compute node does not support encryption. If you need to use the functions, contact technical support.
  • Ensure that no terminal is connected to any KVM before setting KVM encryption and VMM encryption; otherwise, the setting fails.
  • Keyboard data is always encrypted even if the KVM encryption is not enabled.

Timezone & NTP

GUI

Function

The Timezone & NTP page allows you to set the time zone, time, and NTP server information. Table 7-99 describes the parameters.

NOTE:

You can click MM time at the lower right corner of any page to go to the Timezone & NTP page.

Table 7-99 Parameter description

Parameter

Description

Time zone

Time zone for the system.

NOTE:

If the system supports daylights saving time (DTS), the system time will be automatically adjusted based on the DTS.

Time

System time.

You can manually set the time or select Sync to synchronize the system time with the PC used for accessing the MM910 WebUI.

NOTE:

After setting the time, click Save. You may need to re-login.

NTP

Function of enabling NTP.

  • On: enables NTP.
  • Off: disables NTP.

NTP synchronization

Status of time synchronization between the system and the NTP server.

Preferred NTP Server

IP address of the preferred NTP server. The system synchronizes the time with the preferred NTP server.

NOTE:

The MM910 only supports Linux NTP servers.

Alternate NTP Server

IP address of an alternative NTP.

NOTE:

The MM910 only supports Linux NTP servers.

Min poll interval (hh:mm:ss)

Minimum interval (in seconds) for synchronizing NTP packets.

Value: 2n (4 ≤ n ≤ 17)

Max poll interval (hh:mm:ss)

Maximum interval (in seconds) for synchronizing NTP packets.

Value: 2n (4 ≤ n ≤ 17)

Alarm Email Settings

GUI

Function

On the Alarm Email Settings, you can enable an email to be sent to the specified mailboxes when an alarm is generated.

Setting Email Notification
  1. Choose System Management > System Settings > Alarm Email Settings.
  2. Under Alarm Email Settings, click Edit.
  3. Set the parameters.

    Table1 Parameter descriptions describes the parameters.

    Table 7-100 Parameter description

    Parameter

    Description

    SMTP function

    Function for sending email notifications through the SMTP server.

    To enable it, set this parameter to On. To disable it, set this parameter to Off.

    SMTP server address

    IP address or domain name of the server that provides the Simple Mail Transfer Protocol (SMTP) service.

    Verify user

    • If you deselect the check box, the SMTP server supports anonymous login.
    • If you select the check box, you need to specify the user name and password for logging in to the SMTP server.
    NOTE:
    • User name: 1 to 50 characters, excluding spaces and the following special characters: = # & ' " < > ( ) % + \ ; $ | /
    • Password: 1 to 20 characters

    Include alarm severities

    Severities of alarms to be sent through the SMTP server.

    • Critical: Send critical alarms only.
    • Major: Send major and critical alarms.
    • Minor: Send minor, major, and critical alarms.
    • All: Send all alarms.

    Data encryption

    You can enable the data encryption function to enhance information security if the SMTP server provides the certificate authentication service.

    • On: Enables data encryption.
    • Off: Disable data encryption.

    Certificate verification

    • On: Enable certificate verification.
    • Off: Disable certificate verification.
    NOTE:

    You are advised to enable certificate verification for security purposes. When certificate verification is enabled, you need to set the SMTP server address to a domain name and import the SMTP root certificate.

    Certificate

    Select the certificate to be uploaded.

    NOTE:

    This parameter is available only when Certificate verification is set to On.

    Email subject

    Subject of the email to be sent.

    NOTE:

    Email subject: 1 to 50 characters, excluding the following special characters: = # & ' " < > ( ) % + \ ; $ | /

    Email subject contains

    Additional information to the email subject, including the chassis name, SN, and location.

    Sender address

    Email address from which alarm emails are sent. The email address is only used for sending system alarm information, including alarm causes, impact, and handling suggestions. For example, alert@test.com.

    NOTE:

    Sender address: 1 to 50 characters, excluding spaces and the following special characters: = # & ' " < > ( ) % + \ ; $ | /

    Email Address

    Address for receiving alarm emails. The email address is only used for receiving system alarms. For example, alert@test.com.

    NOTE:

    Email Address: 1 to 50 characters, excluding spaces and the following special characters: = # & ' " < > ( ) % + \ ; $ | /

    Description

    Description of the email.

    NOTE:

    Description: 0 to 50 characters, excluding the following special characters: = # & ' " < > ( ) % + \ ; $ | /

  4. Click Save.
  5. Click Test.

    The option is successful if the specified mailbox receives alarm information.

SSL Certificate

GUI

Function

Table 7-101 describes the system management functions on the MM910 web user interface (WebUI).

Table 7-101 Function description

Item

Function Description

SSL Certificate

NOTE:

When both the master and slave chassis are installed, the slave chassis does not support certificate management configuration.

The SSL Certificate page allows you to view Secure Sockets Layer (SSL) certificate information, customize SSL information, and import a new certificate.

The SSL certificate sets up an SSL security channel over HTTPS between the client browser and the web server to implement data encryption transmission between the client and server, preventing information leakage. SSL ensures the security of data transmission and is used for verifying the website to be accessed.

The parameters are described as follows:

  • Issued to: Information about the user (current server) of the SSL certificate.
    • CN: name of a user
    • OU: department of a user
    • O: company of a user
    • L: city of a user
    • S: province of a user
    • C: country of a user
  • Issued by:

    The parameters are the same as those of Issued to.

  • Validity Period: Start date and end date when the SSL certificate takes effect.
  • Serial No.: Serial number of the SSL certificate, used for identification and migration of the certificate.
NOTE:
  • Import server certificate files only in .pem format. Import customized certificate files only in .pfx or .p12 format.
  • A CSR file correlates with the server certificate applied from the CA organization. Do not generate a new CSR file before importing the server certificate. Otherwise, the original CSR file will be overwritten by the new CSR file and cannot be recovered. You have to use the new CSR file to apply for a new server certificate from the CA organization.
  • Before importing a self-produced certificate, ensure that you use an encryption algorithm with a higher security level when the certificate is being generated, for example, RSA2048.
  • After the importing is complete, restart MM910 at appropriate time for the certificate to take effect.
NOTE:

After importing an SSL certificate, check whether the root certificate of the authentication authority exists in the client browser.

The following uses Internet Explorer as an example to describe how to view and add a root certificate.

  1. Open Internet Explorer.
  2. On the toolbar, choose Tools > Internet Options.

    The Internet Options window is displayed.

  3. On the Content tab page, click Certificates.

    The Certificates window is displayed.

  4. On the Trusted Root Certification tab page, check whether the authority of the SSL certificate is listed.
    • If yes, go to 5.
    • If no, go to 6.
  5. Check whether the certificate is out of date.
    • If yes, go to 6.
    • If no, go to 7.
  6. Click Import under Trusted Root Certification.

    Import the root certificate as prompted.

  7. Open the browser, and check whether is displayed in the address bar.
    • If yes, no further action is required.
    • If no, contact technical support.

Import/Export

GUI

Function

To facilitate configuration data backup and fast deployment for an entire chassis, MM910 provides the configuration import and export functions.

Table 7-102 Parameter Description

Parameter

Description

Import

Imports a backup file to quickly configure the data for the entire chassis.

NOTE:
  • The imported configuration will overwrite the system configuration. Please export and back up the system configuration file first.
  • When importing configuration, check whether the stateless computing and easyLink features of the file to be imported are consistent with the actual service configuration.

Export

Exports the configuration data of the entire chassis to a local directory for backup.

Export
  1. Click Export.

    The Export dialog box is displayed.

  2. In the Encrypted password area, enter the encrypted password. The password must meet the following complexity requirements:

    • Contain 8 to 32 characters.
    • Contain a space or one of the following special characters:

      `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

    • Contain at least two types of the following characters:
      • Uppercase letters A to Z
      • Lowercase letters a to z
      • Digits 0 to 9
    • Cannot be the same as the user name or the user name in reverse order.

  3. In the Current user password area, enter the login password of the current user.
  4. Click OK.
  5. Save the file to a local directory.
Import
  1. Click Import.

    The Warning dialog box is displayed.

    After the imported configuration takes effect, the active and standby management modules will restart.

  2. Click OK.

    The Import dialog box is displayed.

  3. In the System configuration file area, select the file to be uploaded.

    NOTE:

    The name of the file to be imported must be systemconf.cfg; otherwise, the import may fail due to invalid file name.

  4. In the Decrypted password area, enter the decrypted password. The decrypted password is consistent with the encrypted password entered when you export the file.
  5. In the Current user password area, enter the login password of the current user.
  6. Click OK.

Flat Management

Screenshot

Function Description

To allow upper-layer management system eSight to manage the chassis, enable flat management. Table 7-103 describes the parameters.

Table 7-103 Parameter description

Parameter

Description

Flat management

  • On: enables flat management so that eSight and HMM can both manage the E9000 chassis.
NOTE:

After Flat Management is enabled, the stateless computing function of eSight or HMM can be used to manage the E9000 chassis. If stateless computing of the HMM is enabled, ensure that the stateless computing function of eSight does not manage this chassis; otherwise, conflicts will occur.

  • Off: disables flat management.

NMS name

Indicates the name of the NMS that manages the chassis.

NMA address

Indicates the address of the NMS that manages the chassis.

Translation
Download
Updated: 2019-04-10

Document ID: EDOC1000015900

Views: 78379

Downloads: 5193

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next