No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

X6800 Server Node iBMC (Earlier Than V250) User Guide 30

This document describes the underlying management software Intelligent Baseboard Management Controller (iBMC) of the servers.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configure

Configure

Local Users

Function Description

The Local Users page allows you to view and manage the users of the iBMC.

The iBMC supports a maximum of 16 users, including the root user. The root user is a default user with administrator rights.

GUI

Choose Configure from the main menu, and select Local Users from the navigation tree.

The Local Users page is displayed. The page consists of three areas.

  • Local user list: lists iBMC users.
  • User rights: lists the rights assigned to Administrator, Operator, Common user, and four custom roles.
  • SSH public key management: lists the SSH users configured with public keys. The SSH public keys can be added or deleted.
Figure 2-11 Local User page

Parameter Description
Table 2-35 Parameters related to local users

Parameter

Description

Adds a local user.

Changes information about a local user.

Deletes a local user.

NOTE:
  • All local users, including the administrators, operators, common users, and custom users, can be deleted.
  • You can restore the administrator by restoring the iBMC default settings. For details, see Restoring Default iBMC Settings in the iBMC user guide.
  • If User Management is enabled under OS User Management on the Configuration > System page, you can also add iBMC users by sending standard IPMI commands from the OS.

Saves the configuration of a local user.

User Name

User name for logging in to the iBMC.

By default, the user name is root and the password is on the product nameplate. For security purposes, change the default password upon the first login, and periodically change the password.

Role

Role assigned to the user. The user role specifies the operations that can be performed by the user.

Password Validity (Days)

Validity period of the user password.

Rule

Login rules that apply for the user.

Table 2-36 User roles

Parameter

Description

Role

Role assigned to a user. The user role specifies the operations that can be performed by a user.

  • Administrator: Users assigned the Administrator role can perform all operations.
  • Operator: Users assigned the Operator role can perform basic management, KVM management, VMM management, power control, and query information.
  • Common User: Users assigned the Common user role can only query information.
  • Custom Role: Users assigned Custom Role 1 to Custom Role 4 can perform the specified operations.
  • No Access: Users assigned No Access role cannot perform any operation.
Table 2-37 SSH Public Key Management

Parameter

Description

User Name

User with an SSH public key.

Public Key Hash

String converted from an SSH public key through hash algorithms.

Deletes the public key of an SSH user.

Imports a public key for an SSH user.

Procedure

Viewing User Information

  1. On the menu bar, choose Configure.
  2. In the navigation tree, choose Local Users.

    The Local Users page is displayed.

  3. View information about the local users.

Adding Users

You can add a maximum of 15 users for the iBMC.

  1. Click Add.

    The page for adding a user is displayed, as shown in Figure 2-12. For details about the parameters, see Table 2-38.

    Figure 2-12 Adding a user

    Table 2-38 Parameters for adding a user

    Parameter

    Description

    Exists the page for setting a local user without saving the settings.

    Saves the information.

    User Password

    Current user's password.

    User ID

    ID of the user to be added.

    Value range: 3 to 17

    User Name

    Name of the user to be added.

    Value: a string of 1 to 16 characters

    The password must meet the following requirements:

    • Allow letters, digits, and special characters (excluding :<>&,'"/\%).
    • Cannot contain spaces or start with #, +, or -.

    Password

    Password for logging in to the iBMC.

    Value:

    • If password complexity check is disabled, the password cannot be empty and exceed 20 characters.
    • If password complexity check is enabled, the password must meet the following requirements:

      • Contain 8 to 20 characters
      • Contain at a space or one of the following special characters:

        `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

      • Contain at least two types of the following characters:

        • Uppercase letters A to Z
        • Lowercase letters a to z
        • Digits 0 to 9
      • Cannot be the same as the user name or the user name in reverse order.
      • Have at least two new characters when compared with the previous password.

    For security purposes, periodically change your password.

    If password complexity check is enabled, the password must meet password complexity requirements.

    Confirm Password

    Password for logging in to the iBMC. This value must be the same as Password.

    Login Rule

    Login rules that apply for the user.

    Click View login rules to view the login rules configured.

    Login Interface

    Interfaces through which the user can log in to the iBMC.

    Values:
    • Web: The user can use a web browser to log in to the iBMC WebUI.
    • SNMP: The user can use an SNMP tool (such as MIB Browser) to log in to iBMC.
    • IPMI: The user can use an IPMI tool (such as IPMItool) to log in to the iBMC CLI.
    • SSH: The user can use an SSH tool (such as PuTTY) to log in to the iBMC CLI.
    • SFTP: The user can use an SFTP tool (such as Xftp) to log in to the iBMC file system.
    • Local: The user can use the serial port on the server to log in to the iBMC CLI or use an LCD to log in to the iBMC management interface.
    • Redfish: The user can use a Redfish tool to log in to iBMC.
    NOTE:

    By default, all login interfaces are selected for a new user.

    Role

    Role assigned to a user. The user role specifies the operations that can be performed by a user.

    Value:

    • Administrator: Users assigned the Administrator role can perform all operations.
    • Operator: Users assigned the Operator role can perform basic management, KVM management, VMM management, power control, and query information.
    • Common User: Users assigned the Common user role can only query information.
    • Custom Role: Users assigned Custom Role 1 to Custom Role 4 can perform the specified operations.
    • No Access: Users assigned No Access role cannot perform any operation.
    NOTE:

    The default role is No Access for new users.

  2. Set user parameters. For details about the parameters, see Table 2-38.
    NOTE:
    • The user with ID 1 is a reserved user defined in the IPMI standard. This user is not allowed to log in to the iBMC.
    • The user with ID 2 is root.
  3. Click Save.

    The information about the new user is displayed in the user list.

Modifying User Information

  1. In the local user list, locate the user to be modified and click .

    The page for modifying user information is displayed, as shown in Figure 2-13. For details about the parameters, see Table 2-39.

    Figure 2-13 Modifying user information

    Table 2-39 Parameters for editing a user

    Parameter

    Description

    Exists the page for setting a local user without saving the settings.

    Saves the information.

    User Password

    Current user's password.

    User Name

    Name of the user to be modified.

    Change Password

    Specifies whether to change the user password.

    Select the check box and enter the new password in Password and Confirm Password.

    If password complexity check is enabled, the password must meet password complexity requirements.

    • If password complexity check is disabled, the password cannot be empty and exceed 20 characters.
    • If password complexity check is enabled, the password must meet the following requirements:

      • Contain 8 to 20 characters
      • Contain at a space or one of the following special characters:

        `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

      • Contain at least two types of the following characters:

        • Uppercase letters A to Z
        • Lowercase letters a to z
        • Digits 0 to 9
      • Cannot be the same as the user name or the user name in reverse order.
      • Have at least two new characters when compared with the previous password.

    Login Rule

    Login rules that apply for the user.

    Click View login rules to view the login rules configured.

    Login Interface

    Interfaces through which the user can log in to the iBMC.

    Values:

    • Web: The user can use a web browser to log in to the iBMC WebUI.
    • SNMP: The user can use an SNMP tool (such as MIB Browser) to log in to iBMC.
    • IPMI: The user can use an IPMI tool (such as IPMItool) to log in to the iBMC CLI.
    • SSH: The user can use an SSH tool (such as PuTTY) to log in to the iBMC CLI.
    • SFTP: The user can use an SFTP tool (such as Xftp) to log in to the iBMC file system.
    • Local: The user can use the serial port on the server to log in to the iBMC CLI or use an LCD to log in to the iBMC management interface.
    • Redfish: The user can use a Redfish tool to log in to iBMC.

    Role

    Role assigned to a user. The user role specifies the operations that can be performed by a user.

  2. Enter the current password of the user, and modify the user information.

    For details about the parameters, see Table 2-39.

  3. Click Save.

    The user information is modified successfully.

Deleting a User

  1. In the local user list, locate the user to be deleted and click .

    A confirmation dialog box is displayed, prompting you to enter the current user password.

  2. Enter the current user password and click OK.

    The user is deleted from the user list.

Configuring Custom Roles

The operation permissions of the default roles (Administrator, Operator, and Common user) cannot be modified, but the administrator can set the operation permissions for custom roles.

  1. In the role list, select permissions for the custom roles.

    Table 2-40 describes the permissions.

    Table 2-40 Permissions

    Permission

    Description

    User Settings

    Allows users to configure settings related to user accounts and passwords, including configuring local, online, and LDAP users and restoring factory settings.

    Basic Settings

    Allows users to configure settings related to out-of-band management, including the settings on the following pages:

    • Alarm&SEL > Alarm Settings
    • Configuration > Network
    • Configuration > System

    Users without this permission can only view information on these pages.

    KVM

    Allows users to use the Remote Virtual Console and serial port direction.

    VMM

    Allows users to use the virtual media.

    Security Settings

    Allows users to perform security management, including viewing operation and security logs, selecting algorithm selections and protocols, managing SSL certificates, configuring services, and performing one-click collection.

    Users without this permission can only view information on the Configuration > Services page.

    Power Control

    Allows users to shut down, restart, or reset the OS, and configure power and energy saving settings.

    Users without this permission can only view information on the Power Control and Energy Saving Settings pages.

    Diagnosis

    Allows users to perform fault locating and commissioning operations, such as accessing the maintenance interface and configuring settings related to the sensors, video playback, screenshots, serial port data recording, and black box.

    Get Info

    Allows users to log in and view information except security, user, and system setting information.

  2. Click Save.

    A dialog box is displayed, prompting you to enter the current user password.

  3. Enter the current user password and click OK.

Importing an SSH Public Key

NOTE:
  • After a private key is generated on a client, import the corresponding public key into the iBMC to ensure secure access of SSH users to the iBMC.

  • Each user has only one public key. The newly imported public key will replace the old one.

  • Public keys can be in the RFC 4716 or OpenSSH format. The public key type is RSA or DSA. An RSA key contains 2048 or 4096 bits, and a DSA key contains 1024 or 2048 bits.

  1. Under SSH Public Key Management, click Add.

    The related parameters are displayed, as shown in Figure 2-14. Table 2-41 describes the parameters.

    Figure 2-14 Importing an SSH public key

    Table 2-41 Parameters for importing SSH public keys

    Parameter

    Description

    User Password

    Password of the user currently using the iBMC.

    User Name

    User for which you want to import an SSH public key.

    Public Key Import Mode

    Mode of importing an SSH public key.

    Value:

    • File: Import an SSH public key file from the local client.
    • Text: Enter SSH public key information in the text box.
  2. Set the parameters. For details about the parameters, see Table 2-41.
  3. Click Save.

    If "Public key imported successfully" is displayed, the SSH public key is imported.

LDAP Settings

Function Description

The LDAP Settings page allows you to view and configure Lightweight Directory Access Protocol (LDAP) user information.

The iBMC provides an access interface for LDAP users. An LDAP user can log in to the iBMC WebUI or uses an SSH tool to log to in the iBMC CLI. Using a domain user account to access the iBMC improves system security.

NOTE:
  • If the iBMC version is 2.46 or earlier, the group names, user names, and CN configured on the LDAP server for the iBMC cannot contain the following special characters: \";<>#+=,

  • On the LDAP server, DisplayName and CN must be the same.

The iBMC supports a maximum of three domain servers. During the login to the iBMC WebUI, the domain server can be manually specified or automatically searched. During the login to the iBMC CLI, the domain server is automatically searched.

NOTE:

The iBMC supports Windows Active Directory (AD) and Linux OpenLDAP.

GUI

Choose Configure from the main menu, and select LDAP Settings from the navigation tree.

The LDAP Settings page is displayed.

Figure 2-15 LDAP Settings page

Parameter Description
Table 2-42 Parameters on the LDAP Settings page

Parameter

Description

LDAP

The LDAP function enables domain users to access the iBMC.

Click or , and click Save.

  • : enables the LDAP function.
  • : disables the LDAP function.

Domain Controller 1

iBMC supports up a maximum of three domain controllers (servers). When a user attempts to log in to iBMC WebUI through LDAP, the user can select the domain controller or Automatic matching.

Domain controllers 1 to 3 have the same parameters.

Basic Parameters

Certificate Verification

Certificate verification of the LDAP server, which can be enabled or disabled.

Enable certificate verification for security purposes.

After certificate verification is enabled, you need to import the LDAP root certificate, install the AD, DNS, and CA certificate issuer on the LDAP server, and import the CA certificate into the LDAP server and iBMC.

LDAP Server Address

LDAP server IP address.

Format: IPv4 or IPv6 address.

After certificate verification is enabled, set this parameter to the LDAP server FQDN (Host name.Domain name), and configure DNS address information on the Network Settings page.

LDAPS Port

Port number for the LDAP service.

Value: an integer ranging from 1 to 65535

Default value: 636

Encrypted transmission is enabled by default. You need to perform related configurations on the LDAP server.

Domain

User domain to which an LDAP user defined in the domain controller belongs.

Value: a string of up to 255 characters

The value can contain letters, digits, and special characters.

User Folder

Name of the user folder, which must be the same as the name of the application member data folder on the LDAP server. For example, CN=employee, OU=company or OU=department, OU=company.

Value range: a string of 255 bytes (64 to 255 characters). The specific length varies with the number of bytes of each character.

User Password

Password of the current user.

Upload Root Certificate

Upload Certificate

Uploads the LDAP root certificate, which can be a .cer, .pem, .cert, or .crt file.

NOTE:

The system takes longer to upload certificate files that exceed 100 MB in size. Refresh the page for the latest status.

Certificate Status

Status of the LDAP root certificate.

Certificate Info

Certificate information.

Set LDAP Groups

Adds an LDAP group.

Displays the region for configuring an existing LDAP group.

Modifies an LDAP group.

LDAP Group

Name of the LDAP group to which an LDAP user belongs.

Value range: a string of 255 bytes (64 to 255 characters). The specific length varies with the number of bytes of each character.

LDAP Group Folder

Name of the LDAP group folder. It must be same as the name of the organization unit to which the user group on the LDAP server belongs. For example, OU=department, OU=company.

Value range: a string of 64 to 255 characters. The specific length varies with the number of bytes of each character.

Role

Role assigned to an LDAP group.

Value: Administrator, Operator, Common user, or Custom Role.

Login Rule

Login rules that apply to the LDAP group.

Login Interface

Interfaces through which the LDAP group members can log in to iBMC.

Values:

  • Web: Users can user a web browser to log in to the iBMC WebUI.
  • SSH: Users can use an SSH tool (such as PuTTY) to log in to the iBMC CLI.
  • Redfish: Users can use a Redfish tool to log in to iBMC.
Procedure

The iBMC supports a maximum of three domain servers. To configure a domain server, set LDAP controller parameters, import a root certificate, and add LDAP groups.

Enable LDAP and set LDAP controller parameters.

  1. On the menu bar, choose Configure.
  2. In the navigation tree, choose LDAP Settings.

    The LDAP Settings page is displayed.

  3. Set LDAP Function to .
  4. Set LDAP controller parameters. For details about the parameters, see Table 2-42.
  5. Click Save.

    The message "Operation Successful" is displayed.

Import an LDAP root certificate.

  1. In the Import LDAP Root Certificate area, click Browse next to Upload Certificate and select an LDAP certificate.
  2. Click Upload.

    If the certificate is uploaded successfully, Certificate Status changes to The certificate has been uploaded, and the information about the imported certificate is displayed. For details about the parameters, see Table 2-43.

    Table 2-43 Parameters in the Import LDAP Root Certificate area

    Parameter

    Description

    Issued By

    Issuer of the LDAP certificate. Issued By and Issued To have the same parameters.

    Issued To

    User (current server) of an LDAP certificate, including:

    • CN: user name.
    • OU: department of the user.
    • O: company to which the user belongs.
    • L: city of the user.
    • S: state or province of the user.
    • C: country of the user.

    Valid From

    Date from which the LDAP certificate is valid.

    Valid To

    Date when the LDAP certificate will expire.

    Serial Number

    Serial number of the LDAP certificate, used for identifying and migrating the certificate.

Add an LDAP group.

You can add a maximum of five LDAP groups for the iBMC.

  1. In the LDAP Group area, click Add.

    The page for adding an LDAP group is displayed, as shown in Figure 2-16.

    Figure 2-16 Adding an LDAP group

    Table 2-44 Parameters for adding an LDAP group

    Parameter

    Description

    LDAP Group

    Name of the LDAP group to which an LDAP user belongs.

    Value range: a string of 64 to 255 characters. The specific length varies with the number of bytes of each character.

    LDAP Group Folder

    Name of the LDAP group folder. It must be same as the name of the organization unit to which the user group on the LDAP server belongs. For example, OU=department, OU=company.

    Value range: a string of 64 to 255 characters. The specific length varies with the number of bytes of each character.

    Login Rule

    Login rules that apply to the LDAP group.

    Login Interface

    Interfaces through which the LDAP group members can log in to iBMC.

    Values:

    • Web: Users can user a web browser to log in to the iBMC WebUI.
    • SSH: Users can use an SSH tool (such as PuTTY) to log in to the iBMC CLI.
    • Redfish: Users can use a Redfish tool to log in to iBMC.

    Role

    Role assigned to an LDAP group.

    Value: Administrator, Operator, Common user, or Custom Role.

  2. Set the LDAP group parameters.
  3. Click Save.

    Information about the new LDAP group is displayed in the LDAP group list.

Delete an LDAP group.

  1. In the LDAP group area, click for the LDAP group to be deleted.

    A dialog box is displayed, prompting you to enter the current user password.

  2. Enter the current user password.

Edit an LDAP group.

  1. In the LDAP group area, click for the LDAP group to be edited.
  2. Enter the current user password and modify the LDAP group parameters. For details about the parameters, see Table 2-44.
  3. Click Save.

Two-Factor Authentication

Function Description

The Two-Factor Authentication page allows you to import the root and client certificates issued by the CA to the iBMC to ensure secure connection between the client and the iBMC WebUI.

Two-factor authentication allows user access only after both the client certificate and password are correct.

GUI

Choose Configure from the main menu, and select Two-Factor Authentication from the navigation tree.

The Two-Factor Authentication page is displayed.



Description
Table 2-45 Two-Factor Authentication

Parameter

Description

Two-Factor Authentication

Two-factor authentication allows users to log in to the iBMC WebUI only after the certificate and password are correct.

  • : enables two-factor authentication.
  • : disables two factor authentication.
NOTE:
  • After two-factor authentication is enabled, import the root and client certificates. Otherwise, authentication failures may occur for subsequent logins.
  • After two-factor authentication is enabled, the SSH service will be automatically disabled and cannot be enabled manually.

Certificate Revocation Check

Certificate revocation check verifies the validity of the client certificate during authentication. If the client certificate is invalid, the user cannot log in to the iBMC WebUI.

  • : enables certificate validity check.
  • : disables certificate validity check.
NOTE:
The certificate revocation check uses Online Certificate Status Protocol (OCSP). Before enabling the certificate revocation check, ensure that communication between the iBMC and the OCSP server is normal. Otherwise, the web service may become unavailable.

Root Certificate

Root certificates that have been uploaded to the iBMC and their information.

The iBMC supports a maximum of 16 root certificates.

Client Certificate

Client certificates that have been uploaded to the iBMC and their information, such as the user name, role, client certificate fingerprint (hash value of the client certificate file), and status.

The iBMC supports client certificates for a maximum of 16 users.

Procedure

Enabling Two-Factor Authentication and Uploading Certificates to the iBMC

NOTE:
  • Before the operation, apply for the root and client certificates from a CA.
  • Valid root and client certificate formats include *.cer, *.crt, and *.pem.
  1. On the menu bar, choose Configure.
  2. Select Two-Factor Authentication from the navigation tree.

    The Two-Factor Authentication page is displayed.

  3. Set Two-Factor Authentication to .
  4. Select the Root Certificate tab, click next to Certificate File, and select the root certificate to be uploaded.
  5. Click Upload.

    If the certificate is uploaded successfully, Imported successfully will be displayed.

  6. Select the Client Certificate tab, click next to the user name, and select the client certificate to be uploaded.
  7. Click Upload.

    If the certificate is uploaded successfully, Imported successfully will be displayed.

Enabling Certificate Revocation Check

  1. Set Certificate Revocation Check to .

Enabling Certificate Authentication for Accessing the iBMC

NOTE:
After uploading certificates, perform the following operations to enable certificate authentication for users who attempt to log in to the iBMC WebUI.
  1. On the local PC, open a browser, for example, Google Chrome.
  2. Click at the upper right corner and select Settings.
  3. On the Settings window, click Manage certificates under HTTPS/SSL.
  4. Import the client certificate.
  5. Enter the iBMC login address in the address box of the browser.
  6. Select the client certificate as instructed.

    The iBMC WebUI login is successful.

Deleting a Root Certificate

  1. On the Root Certificate tab page, click next to the root certificate to be deleted.

    A confirmation dialog box is displayed.

  2. Click Yes.

Deleting a Client Certificate

  1. On the Client Certificate page, click next to the user whose client certificate is to be deleted.

    A confirmation dialog box is displayed.

  2. Click Yes.

Viewing Root Certificate Details

  1. On the Root Certificate tab page, click before the certificate.

    Detailed information about the certificate is displayed.

Security Settings

Function Description

The Security Settings page allows you to view and configure security hardening settings for the iBMC.

GUI

Choose Configure from the main menu, and select Security Settings from the navigation tree.

The Security Settings page is displayed.

Figure 2-17 Security Settings page

Parameter Description
Table 2-46 Password parameters

Parameter

Description

Password Complexity Check

Password complexity check verifies whether the passwords meet complexity requirements. It is enabled by default.

The setting applies to SNMPv1 and SNMPv2c trap community names, read-only community names, and read-write community names.

If password complexity check is enabled, the password must meet the following requirements:

  • Contain 8 to 20 characters
  • Contain at least a space or one of the following special characters:

    `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

  • Contain at least two types of the following characters:

    • Uppercase letters A to Z
    • Lowercase letters a to z
    • Digits 0 to 9
  • Cannot be the same as the user name or the user name in reverse order.
  • Have at least two new characters when compared with the previous password.
NOTICE:

For security purposes, enable password complexity check.

SSH Password Authentication

SSH password authentication allows users to log in to the iBMC over SSH by using the password or public key.

Value:

  • Disable: allows users to log in over SSH by using only public keys.
  • Enable: allows users to log in over SSH by using passwords or public keys.

Password Expiration (Days)

Validity period (in days) of a user password.

Value range: 0 to 365

The value 0 indicates that the password never expires.

Minimum Password Age (Days)

Minimum time (in days) for which the password must be used. The password cannot be changed during this period.

Value range: 0 to 365

The value 0 indicates that the passwords do not have a minimum password age.

NOTE:
The minimum password age must be at least ten days earlier than the password expiration day.
  • If Password Expiration (Days) is 10 or less, Minimum Password Age (Days) can only be 0.
  • If Minimum Password Age (Days) is 354 or more, Password Expiration (Days) can only be 0.

Emergency Login User

User name for logging in to the iBMC in emergencies.

This user is not restricted by any login rules or login interfaces, and the password of this user will never expire.

NOTE:
Only an administrator can be set as the emergency login user.

Password History

Number of previous passwords that cannot be reused as a new password.

Value range: 0 to 5

The value 0 indicates that all previous passwords are allowed.

Lock Accounts

Maximum number of consecutive invalid login attempts allowed and the account locking duration.

  • The maximum number of consecutive invalid login attempts allowed is an integer ranging from 1 to 5 or Unlimited (account locking disabled).

  • The account locking duration (in minutes) is an integer ranging from 1 to 5.

After a user account is locked, the user can attempt to log in only after the account locking duration expires.

NOTE:
  • For security purposes, enable the account lock function.
  • To unlock a user account in emergencies, run the unlock command on the CLI. For details, see the iBMC User Guide of the server.
Table 2-47 Parameters in the login rule area

Parameter

Description

Time

NOTICE:
  • The start and end years cannot be later than 2050.
  • The start and end time for a login rule must be in the same format.

Time period in which users are allowed to log in. The value can be in one of the following formats:

  • YYYY-MM-DD:

    Example value: 2013-08-30 to 2013-12-30

  • HH:MM:

    Example value: 08:30 to 20:30

  • YYYY-MM-DD HH:MM:

    Example value: 2013-08-30 08:30 to 2013-12-30 20:30

IP

IP address or IP address range allowed for login. The value can be in one of the following formats:

  • IPv4 (xxx.xxx.xxx.xxx) address: indicates an IP address.
  • IPv4/subnet mask (xxx.xxx.xxx.xxx/mask): indicates an IP address segment.

MAC

MAC address or MAC address range allowed for login. The value can be in one of the following formats:

  • xx:xx:xx:xx:xx:xx: indicates a MAC address.
  • xx:xx:xx: indicates a MAC address segment.
Table 2-48 Parameters in the login security banner settings area

Parameter

Description

Login Security Message

Login security banner, which can be enabled or disabled.

  • : enables the login security banner. The security banner will be displayed on the login page.
  • : disables the login security banner.
Security Message

Security banner text to be displayed on the login page.

Value: a string of up to 1600 characters.

Procedure

Configuring Password Rules

  1. On the menu bar, choose Configure.
  2. In the navigation tree, choose Security Settings.

    The Security Settings page is displayed.

  3. Set parameters as required. For details about the parameters, see Table 2-46.
  4. Click Save.

    A confirmation dialog box is displayed.

  5. Click Yes.

Configuring Login Rules

The iBMC supports up to three login rules. Users who comply with any one of the three rules can log in to the iBMC.

A login rule is effective for local users, LDAP groups, SNMPv3 services or interfaces of CLP (ssh/ftp), KVM_VMM, RMCP, and Redfish interfaces only when it meets the following two conditions:

  • The login rule is configured and enabled in the Login Rules area.
  • The login rule is selected in the configuration area.
NOTE:

Each login rule contains three conditions: login duration, source IP address segment, and source MAC address segment. When setting a login rule, you do not need to specify all of the three conditions.

  1. In the Login Rules area, set login rules.

    For details about the parameters, see Table 2-47.

  2. Set the login rules to .
  3. Click Save.

    A confirmation dialog box is displayed.

  4. Click Yes.

Setting the Login Security Banner

  1. In the Login Security Banner Settings area, set Security Banner to .
  2. Enter a message in the Security Banner Text box.
  3. Click Save.

    A confirmation dialog box is displayed.

  4. Click Yes.

Restoring the Default Login Security Message

  1. In the Login Security Banner Settings area, set Security Banner to .
  2. Click Restore Defaults.
  3. Click Save.

    A confirmation dialog box is displayed.

  4. Click Yes.

Network Settings

Function Description

The Network Settings page allows you to perform the following operations:

  • Set a host name for the server.
  • Set the mode and IP address of the management network port for the server.

    Changing the IP address of the management network port will cause network disconnection. Change the IP address only when necessary.

  • Set the mode for obtaining domain name system (DNS) information.
    NOTE:

    DNS supports both IPv4 and IPv6 addresses.

  • Set VLANs.
  • Set Network Time Protocol (NTP) information.
  • Set the time zone.
NOTE:

When the server is powered off and then powered on or is loading a driver, the network port is reconnected due to the power-saving feature of the X540 or BCM5719 NIC. In this scenario, the NC-SI function is temporarily unavailable.

GUI

Choose Configure from the main menu, and select Network Settings from the navigation tree.

The Network Settings page is displayed.



Parameter Description
Table 2-49 Parameters on the Network Settings page

Parameter

Description

Server Name

iBMC host name.

Value: a string of 1 to 64 characters

The value can contain letters, digits, and hyphens (-), but cannot start or end with a hyphen.

Default value: huawei

Set Network Port Mode

Type of the server management network port, that is, the iBMC network port.

Value:

  • Fixed: If you select this option, you must also specify a dedicated, aggregation, LOM, or PCIe network port as the iBMC network port.
    • Dedicated network port: the dedicated iBMC network port
    • Aggregation network port: the network port on the HMM or on the mounting ear
    • LOM network port: a service network port on an LOM
    • PCIe port: a service network port on a PCIe card
  • Automatic: If you select this option, the iBMC automatically selects the iBMC network port based on the port status. If multiple network ports are available, the iBMC selects a network port based on the following priority: dedicated network port > LOM network port > PCIe port. The aggregation network port cannot be automatically selected.
NOTE:
  • If a network port on a PCIe card is selected as the iBMC network port, only the Huawei PCIe card connected with NC-SI cables can be used.
  • If a port on an LOM is selected as the iBMC network port, the LOM must support NC-SI.
  • When an LOM port or PCIe port is selected manually or automatically, the same physical port serves as a management port and a service network port. For security purposes, configure virtual local area network (VLAN) data to isolate the management plane and the service plane if Fixed or Automatic is selected and an LOM port or PCIe port is configured.
  • If a network port is selected as the iBMC management network port, will display behind the network port.

Default value: Fixed

Specify Management Network Port

If Select Mode is set to Fixed, specify a management network port.

If Select Mode is set to Automatic, select the network ports for auto-negotiation.

IP Version

IP versions that can be enabled:

  • IPv4
  • IPv6
  • IPv4/IPv6

Default value: IPv4/IPv6

IPv4

Automatically obtain IP address

Click this option to allow an IPv4 address to be automatically allocated for the iBMC network port.

Manually set IP address

Click this option to manually set an IPv4 address for the iBMC network port. The IPv4 address information includes IP Address, Subnet Mask, Gateway, and MAC Address.

NOTE:

MAC Address specifies the physical address of a network interface card (NIC).

IPv6

Automatically obtain IP address

Click this option to allow an IPv6 address to be automatically allocated for the iBMC network port.

Manually set IP address

Click this option to manually set an IPv6 address for the iBMC network port. The IPv6 address information includes IP Address, IPv6 Prefix, Gateway, Local Link and IP Address List.

NOTE:
  • Local Link is used for local link communication.

  • IP Address List supports a maximum of fifteen IPv6 addresses when stateless address autoconfiguration (SLAAC) is used.

Set DNS

Automatically obtain DNS IPv4 address

Click this option to allow an IPv4 address to be allocated for the DNS server.

Automatically obtain DNS IPv6 address

Click this option to allow an IPv6 address to be allocated for the DNS server.

Manually set DNS IP address

Click this option to manually set the DNS information. The DNS address information includes Domain, Preferred Server, and Alternate Server.

NOTICE:

If the IP address of the iBMC network port is set manually, the DNS information must also be set manually.

Domain

Domain name for the server.

Value: a string of 0 to 67 characters

The value can contain letters, digits, and special characters including spaces.

Preferred Server

IP address of the preferred DNS server.

Alternate Server

IP address of the alternate DNS server.

Set VLAN

VLAN

Setting of VLAN.

Click or , and click Save.

Value:

  • : enables VLAN.
  • : disables VLAN.
NOTE:
  • VLAN setting is not supported when a dedicated network port is used under the Fixed mode.
  • You are advised to enable VLAN and set VLAN IDs to implement isolation between the service network and management network.
  • If Dedicated Port is selected as the iBMC management network port, the VLAN configuration is invalid. If any other value except Dedicated Port is selected as the iBMC management network port, the VLAN configuration is valid.

Default value:

VLAN ID

VLAN to which the iBMC network port belongs.

Set NTP

NTP

NTP allows the server to synchronize time with the NTP server.

Click or , and click Save.

Value:

  • : enables NTP.
  • : disables NTP.

Automatically obtain NTP information using DHCPv4

Click this option to allow IPv4 address to be automatically allocated for the NTP server.

NOTE:

If this option is selected, time zone information need not be manually configured.

Automatically obtain NTP information using DHCPv6

Click this option to allow IPv6 address to be automatically allocated for the NTP server.

Manually set NTP information

Click this option to manually set the preferred and alternate NTP servers.

Preferred NTP server

IP address of the preferred NTP server.

Value:
  • IPv4 address
  • IPv6 address
  • Domain name
NOTE:

The iBMC only supports Linux NTP servers.

Alternate NTP server

IP address of the alternate NTP server.

Value:
  • IPv4 address
  • IPv6 address
  • Domain name
NOTE:

The iBMC only supports Linux NTP servers.

Server Authentication

Authentication, which can be enabled or disabled, for communication between the server and the NTP server.

Default value: Disabled

Upload NTP Secure Group Key

Private key to be uploaded to the iBMC for identity authentication if Server Authentication is enabled.

NOTE:

You can download a key generator (for example, ntp-keygen) to generate private keys.

Set Time Zone

Time zone for the iBMC.

Value range: GMT-12:00 to GMT+14:00

Setting method: Select an option from the drop-down list.

NOTE:

The time zone information is automatically obtained if Automatically obtain NTP information through DHCPv4 is selected.

The default value: GMT

Procedure

Setting a Host Name

  1. On the Network Settings page, set a host name for the server.

    For details about this parameter, see Table 2-49.

  2. Click Save.

    If "Operation Successful" is displayed, the setting is successful.

Selecting the Management Network Port

  1. On the Network Settings page, select the type of the management network port and set the network port.

    For details about the parameters, see Table 2-49.

  2. Click Save.

    If "Operation Successful" is displayed, the setting is successful.

Setting an IPv4 Address for the Management Network Port

  1. In the IPv4 area of the Network Settings page, set IPv4 information for the management network port.

    For details about the parameters, see Table 2-49.

  2. Click Save.

    If "Operation Successful" is displayed, the setting is successful.

Setting an IPv6 Address for the Management Network Port

  1. In the IPv6 area of the Network Settings page, set IPv6 information for the management network port.

    For details about the parameters, see Table 2-49.

  2. Click Save.

    If "Operation Successful" is displayed, the setting is successful.

Automatically Obtaining DNS Information

  1. Click Automatically obtain DNS IPv4 address if the management network port uses an IPv4 address or click Automatically obtain DNS IPv6 address if the management network port uses an IPv6 address.
  2. Click Save.

    If "Operation Successful" is displayed, the setting is successful.

Manually Setting DNS Information

  1. Click the Manually set DNS IP address option button.
  2. Set Domain, Preferred Server, and Alternate Server.

    For details about the parameters, see Table 2-49.

  3. Click Save.

    If "Operation Successful" is displayed, the setting is successful.

Setting a VLAN ID for the Management Network Port

The specified VLAN ID will take effect only for the shared management network port.

  1. In the VLAN Settings area of the Network Settings page, set a VLAN ID for the management network port.

    For details about the parameters, see Table 2-49.

  2. Click Save.

    If "Operation Successful" is displayed, the setting is successful.

Setting NTP Information

  1. In Configure NTP, set parameters based on service requirements.

    For details about the parameters, see Table 2-49.

  2. Click Save.

    If "Operation Successful" is displayed, the setting is successful.

Setting the Time Zone

  1. In Set Time zone, select the time zone.
  2. Click Save.

    If "Operation Successful" is displayed, the setting is successful.

Service Settings

Function Description

The Service Settings page allows you to view and set system service information.

GUI

Choose Configure from the main menu, and select Service Settings from the navigation tree.

The Service Settings page is displayed.



Parameter Description
Table 2-50 Parameters on the Port Settings page

Parameter

Description

Services

System services that can be enabled or disabled:
  • FTP: allows files to be transferred from one computer to another over the network. Using the FTP service may pose security risks. For security purposes, use the Secure File Transfer Protocol (SFTP) service instead. The FTP service is disabled by default. When iBMC is connected over FTP, files can be uploaded to or downloaded only from /tmp to ensure system security.

    The iBMC supports a maximum of five concurrent FTP connections.

  • SSH: allows a secure channel to be established between a local computer and the server.

    The iBMC supports a maximum of five concurrent SSH connections.

    NOTE:
    SSH supports encryption algorithms AES128-CTR, AES192-CTR, and AES256-CTR. Use a supported encryption algorithm when logging in to iBMC over SSH.
  • HMM SSH NAT: allows users to switch to the Hyper Management Module (HMM) network from the Network Address Translation (NAT) network. After enabling this function, users can use a management network port on a server node to log in to the HMM over SSH. The HMM SSH NAT service is disabled by default.

    The iBMC supports a maximum of five concurrent HMM over SSH connections.

  • SNMP Agent: translates and transfers requests between management devices and managed devices.
  • KVM: allows users to remotely control a server by using the local keyboard, video, and mouse (KVM).

    The iBMC supports a maximum of two concurrent users.

  • VMM: allows a user to use a virtual DVD-ROM drive or floppy disk drive (FDD) to access and control a server.

    The iBMC supports only one user at a time.

    NOTE:
    VMM stands for Virtual Machine Manager.
  • Video: allows users to use the video playback function. For details about this function, see Playback.

    The iBMC supports only one user at a time.

  • Web Server (HTTP): supports Internet browsing and translates Hypertext Transfer Protocol (HTTP) pages. The Web Server (HTTP) service is enabled by default to establish a connection between the browser and iBMC. After the connection is set up, the secure protocol HTTPS is used.
  • Web Server (HTTPS): supports Internet browsing and translates Hypertext Transfer Protocol over Secure Socket Layer (HTTPS) pages or Redfish Protocol.

    The iBMC supports a maximum of four concurrent HTTPS connections.

  • IPMI LAN (RMCP): stands for Intelligent Platform Management Interface (IPMI) over LAN, and supports the Remote Management Control Protocol (RMCP). Using the IPMI LAN (RMCP) service may pose security risks. For security purposes, use the IPMI LAN (RMCP+) service instead. The IPMI LAN (RMCP) service is disabled by default.
  • IPMI LAN (RMCP+): stands for Intelligent Platform Management Interface (IPMI) over LAN and supports RMCP+.

Click or , and click Save.

  • : enables the server.
  • : disables the server

Port

Port number used for a service.

Value range: 1 to 65535

Default value:
  • FTP: 21
  • SSH: 22
  • HMM SSH NAT: 30022
  • SNMP Agent: 161
  • KVM: 2198
  • VMM: 8208
  • Video: 2199
  • Web Server (HTTP): 80
  • Web Server (HTTPS): 443
  • IPMI LAN (RMCP): 623 for port 1 (primary port) and 664 for port 2 (secondary port)
  • IPMI LAN (RMCP+): RMCP+ and RMCP use the same port.
NOTE:
  • If a Web Server (HTTP)/Web Server (HTTPS) port is configured as a non-default browser port, the Chrome or Firefox browser cannot use the port to establish a connection. To solve this problem, you need to configure the browser to allow connections to be set up over a non-default port.
  • Disabling the SSH, HTTPS, RMCP, and RMCP+ services at the same time may result in network disconnection. If all the services are disabled, you can connect to the server through the serial port and enable the web service.
Procedure

Setting Server Port Numbers

  1. On the menu bar, choose Configure.
  2. In the navigation tree on the left, choose Service Settings.

    The Service Settings page is displayed on the right.

  3. Enable the services and set port numbers for these services.

    For details about the parameters, see Table 2-50.

    NOTE:

    To use the default port number for a service, click Restore Default next to the port.

    System Service

    Operation

    FTP

    Enter a port number in the Port text box.

    SSH

    Enter a port number in the Port text box.

    HMM SSH NAT

    Enter a port number in the Port text box.

    SNMP Agent

    Enter a port number in the Port text box.

    KVM

    Enter a port number in the Port text box.

    VMM

    Enter a port number in the Port text box.

    Video

    Enter a port number in the Port text box.

    Web Server (HTTP)

    Enter a port number in the Port text box.

    Web Server (HTTPS)

    Enter a port number in the Port text box.

    IPMI LAN (RMCP)

    1. Enter a port number in the Port 1 text box.
    2. Enter a port number in the Port 2 text box.

    IPMI LAN (RMCP+)

    RMCP+ and RMCP use the same port.

  4. Click Save.

    If "Operation Successful" is displayed, the setting is successful.

System Settings

Function Description

The System Settings page allows you to view and set:

  • Simple Network Management Protocol (SNMP) information
  • Transport Layer Security (TLS) versions
  • User management function on the service side
  • Web session timeout period and web session mode
  • Device location
  • CPU and memory alarm thresholds
GUI

Choose Configure from the main menu, and select System Settings from the navigation tree.

The System Settings page is displayed.



Parameter Description
Table 2-51 Parameters on the System Settings page

Parameter

Description

Set SNMP Version

v1

The first official SNMP version, which is defined in Requests for Comments (RFC) 1157. Using SNMPv1 may pose security risks. For security purposes, use SNMPv3.

NOTE:
If SNMPv1 is enabled, change the SNMP community name upon the first login, and change it periodically.

v2c

An enhanced version of SNMPv2. SNMPv2c is an experimental protocol defined in RFC 1901 and adopts a community-based management architecture. Using SNMPv2c may pose security risks. For security purposes, use SNMPv3.

NOTE:
If the SNMPv2c service is enabled, change the SNMP community name upon the first login, and change it periodically.

Long Password

Long password function, which can be enabled or disabled.

Enable this function to enforce a minimum of 16 characters for community names.

Default value:

Click or , and click Save.

  • : enables the Long Password.
  • : disables the Long Password.

Read-Only Community

Read-only community name.

Default value: roAdmin12#$

If password complexity check is disabled, the value is a string of 1 to 32 characters, including letters, digits, and special characters (except spaces).

If password complexity check is enabled, the password must meet the following requirements:
  • Contain 8 to 32 characters.
  • Contain at least one of the following special characters:

    `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

  • Contains at least two types of the following characters:
    • Uppercase letters A to Z
    • Lowercase letters a to z
    • Digits 0 to 9
  • Cannot contain spaces.

Confirm Read-Only Community

Read-only community name re-entered for confirmation.

Read/Write Community

Read-write community name.

Default value: rwAdmin12#$

If password complexity check is disabled, the value is a string of 1 to 32 characters, including letters, digits, and special characters (except spaces).

If password complexity check is enabled, the password must meet the following requirements:
  • Contain 8 to 32 characters.
  • Contain at least one of the following special characters:

    `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

  • Contains at least two types of the following characters:
    • Uppercase letters A to Z
    • Lowercase letters a to z
    • Digits 0 to 9
  • Cannot contain spaces.

Confirm Read/Write Community

Read-write community name re-entered for confirmation.

Login Rule

Select the login rules applied to SNMPv1 and SNMPv2c users.

The login rules are set on the Configure > Security Settings page. You can click Click here to ensure that login rules have been configured and enabled to view the login rules.

v3

The third official SNMP version, which enhances security and remote configuration capabilities on the basis of earlier versions.

NOTE:

SNMPv3 is enabled by default and cannot be disabled.

SNMP v3 AuthProtocol

SNMPv3 authentication algorithm.

Value:
  • MD5
  • SHA1

Default value: SHA1

NOTE:
  • This setting applies only to SNMPv3 and SNMPv3 Trap.
  • Using MD5 may pose security risks. SHA1 is recommended.

SNMP v3 PrivProtocol

SNMPv3 encryption algorithm.

Value:
  • DES
  • AES

Default value: AES

NOTE:
  • This setting applies only to SNMPv3 and SNMPv3 Trap.
  • Using DES may pose security risks. AES is recommended.

Login Rule

Login rules applied to SNMPv3 users.

The login rules configured and enabled for local users will apply to SNMPv3 users.

Table 2-52 Other parameters on the System Settings page

Parameter

Description

Set TLS Version

TLS protocol version used to ensure data security and integrity during communication between two applications.

TLS can be enabled to ensure a secure connection between a web browser and a web server.

NOTE:
  • JRE 1.8 uses TLS 1.2 by default.
  • JRE 1.7 uses TLS 1.0 by default. If TLS 1.0 is disabled, the remote KVM cannot be used for JRE 1.7.

Set OS User Management

Function of user management on the service system.

If this function is enabled, the service system can send user management commands, such as adding or deleting users, user roles, and passwords, to manage iBMC users.

Default value:

For security purposes, set this parameter to .

Click or , and click Save.

  • indicates the service system can manage users.
  • indicates the service system cannot manage users.

Set Web Session

Timeout Period

Maximum idle period (in minutes) after which the user will be logged out of the iBMC WebUI.

Value range: 5 to 480

Session Mode

Mode in which a user account can be used to log in to the iBMC WebUI.

  • Share: Each user account can be used to log in to the iBMC WebUI from up to four clients at the same time.
  • Exclusive: Each user account can be used to log in to the iBMC WebUI from one client at any given time.

Set Device Location

Location information of the server.

Value: a string of 0 to 64 characters, which can contain digits, letters, and following special characters:

`~!@#$%^&*()-_=+\|[{}];:'",<.>/?

The value is left blank by default.

Set Alarm Threshold

CPU Usage (%)

Alarm threshold for CPU usage (in percentage). If the CPU usage exceeds the alarm threshold, the iBMC reports a minor alarm.

Value range: 0 to 100

Memory Usage Warning (%)

Alarm threshold for memory usage (in percentage). If the memory usage exceeds the alarm threshold, the iBMC reports a minor alarm.

Value range: 0 to 100

Procedure

Configuring the SNMP Settings

  1. On the System Settings page, set the SNMP parameters.

    For details about the parameters, see Table 2-51.

  2. Click Save.

    If "Operation Successful" is displayed, the setting is successful.

Setting the TLS Version
Changing the TLS version may disconnect all established web connections.
  1. In the TLS Version area on the System Settings page, select the TLS versions.
  2. Click Save.

Enabling the Service System to Manage iBMC Users

  1. In the Set User Management area, set User Management to .
  2. Click Save.

    If "Operation Successful" is displayed, the setting is successful.

Setting the Timeout Period and Session Mode for Web Sessions

  1. In the Set Web Session area, set Timeout Period and Session Mode.

    For details about this parameter, see Table 2-52.

  2. Click Save.

    If "Operation Successful" is displayed, the setting is successful.

Setting the Device Location

  1. In the Set Device Location area, enter the server location information in Device Location.

    For details about this parameter, see Table 2-52.

  2. Click Save.

    If "Operation Successful" is displayed, the setting is successful.

Setting Alarm Thresholds
  1. In the Set Alarm Thresholds area, set alarm thresholds for CPU and memory usage.

    For details about the parameters, see Table 2-52.

  2. Click Save.

    If "Operation Successful" is displayed, the setting is successful.

Boot Option

Function Description

The Boot Option page allows you to set the first boot device for the OS on the server.

GUI

Choose Configure from the main menu, and select Boot Option from the navigation tree.

The Boot Option page is displayed.



Parameter Description
Table 2-53 Parameters on the Boot Option page

Parameter

Description

Take effect

  • One-time: The boot device is only used for booting the next time the server is restarted.
  • Permanent: The boot option setting takes effect permanently.

Hard disk

Click this option to boot the OS from the hard disk.

DVD-ROM

Click this option to boot the OS from the CD-ROM or DVD-ROM drive.

FDD/Removable device

Click this option to boot the OS from a virtual floppy disk drive (FDD) or removable device.

PXE

Click this option to boot the OS from the Preboot Execution Environment (PXE).

BIOS Setup

Click this option to display the BIOS Setup menu upon server startup.

No Override

Click this option to boot the OS from the default first boot device specified on the BIOS.

Procedure
  1. On the menu bar, choose Configure.
  2. In the navigation tree, choose Boot Option.

    The Boot Option page is displayed.

  3. Select the first boot device.

    For details about the options, see Table 2-53.

  4. Click Save.

    If "Save Success" is displayed, the setting is successful.

SSL Certificate

Function Description

The SSL Certificate page allows you to perform the following operation:

  • View Secure Sockets Layer (SSL) certificate chain information, which includes information about the root certificates, intermediate certificates, and server certificates.
  • Customize SSL information.
  • Import new certificates or certificate chain.

The SSL certificate sets up an SSL security channel over HTTPS between the web browser on the client and the web server to transmit encrypted data between the client and server and prevent data disclosure. SSL ensures the security of transmitted information and is used for verifying the authenticity of the website to be accessed. Servers allow you to replace SSL certificates. For security purposes, replace the original certificate and keys with your customized certificate and public and private key pair, and promptly update the certificate.

GUI

Choose Configuration from the main menu, and select SSL Certificate from the navigation tree.

The SSL Certificate page is displayed.



Parameter Description
Table 2-54 Parameters in the SSL Certificate Information area

Parameter

Description

Issued To

Information about the user of an SSL certificate, including:

  • CN: user name.
    NOTE:
    Set CN to the server fully qualified domain name (FQDN), that is, Host name.Domain name.
  • OU: department of the user.
  • O: company or organization of the user.
  • L: city of the user.
  • S: province or state of the user.
  • C: country of the user.

Issued By

Information about the issuer of an SSL certificate. The fields contained in Issued By are the same as those in Issued To.

Valid From

Date when the SSL certificate starts to take effect.

Valid To

Date when the SSL certificate will expire.

Serial Number

Serial number of the SSL certificate, which is used for identifying and migrating the certificate.
Procedure

Viewing Information About the Current SSL Certificate

  1. In the navigation tree, choose Configure > SSL Certificate.

    The SSL Certificate page is displayed.

  2. In the SSL Certificate Information area, view information about the current SSL certificate used by the server.

Customizing SSL Certificate Information and Importing an SSL Certificate

NOTE:
Perform this operation when you want to apply for an SSL certificate.
  1. On the SSL Certificate page, click Customize.

    The page for customizing SSL certificate information is displayed.

  2. In the 1. Generation CSR area, set the parameters for customizing certificate information, and click Save.

    In the displayed dialog box, export the CSR file to the local PC as prompted.

    Table 2-55 describes the parameters for customizing certificate information.

    Table 2-55 Parameters for customizing certificate information

    Parameter

    Description

    Country

    Country of the user.

    This parameter is mandatory. The value can contain only two letters.

    State

    State or province of the user.

    The value can contain a maximum of 128 characters, including letters, digits, hyphens (-), underscores (_), periods (.), and spaces.

    City/Location

    City of the user.

    The value can contain a maximum of 128 characters, including letters, digits, hyphens (-), underscores (_), periods (.), and spaces.

    Organization Name

    Company of the user.

    The value can contain a maximum of 64 characters, including letters, digits, hyphens (-), underscores (_), periods (.), and spaces.

    Organizational Unit

    Department of the user.

    The value can contain a maximum of 64 characters, including letters, digits, hyphens (-), underscores (_), periods (.), and spaces.

    Common Name

    Name of the user.

    This parameter is mandatory. The value can contain a maximum of 64 characters, including letters, digits, hyphens (-), underscores (_), periods (.), and spaces.

  3. Send the exported CSR file to the SSL certificate issuer to apply for an SSL certificate.

    After obtaining the official SSL certificate, save it to the local PC.

  4. In the 2. Upload Server Certificate area, click Browse, select the SSL certificate or certificate chain file, and click Upload.

    After the certificate is imported, "File imported successfully. The configuration will take effect after iBMC is restarted" is displayed.

    NOTE:
    • The certificate file or certificate chain file to be imported must be in *.crt, *.cer, or *.pem format and its size cannot exceed 1 MB. In addition, the certificate chain level cannot exceed 10.
    • After the import is complete, restart the iBMC for the certificate to take effect.
    • A CSR file correlates with the server certificate that is issued by the CA organization. Do not generate a new CSR file until you import the server certificate. Otherwise, the original CSR file will be overwritten by the new CSR file and cannot be recovered. If a new CSR file is generated, you must use the new CSR file to apply for a new server certificate from the CA organization.
Importing an SSL Certificate
NOTE:
  • Perform this operation only when an SSL certificate is available on the client.
  • For security purposes, use a secure encryption algorithm, for example RSA2048, to encrypt the customized SSL certificate.
  1. On the SSL Certificate page, click Customize.

    The page for customizing SSL certificate information is displayed.

  2. In the Upload Custom Certificate (Optional) area, import an SSL certificate.
    1. Click Browse next to Upload Certificate, and select the SSL certificate file to be imported.

      The certificate must be in the format of .pfx and .p12 and cannot exceed 1 MB in size.

    2. In the Certificate Password text box, enter a password to ensure certificate security during transmission.

      If the certificate is protected by a password, you must enter the password. Otherwise, the certificate cannot be uploaded.

    3. Click Upload.
      NOTE:
      If the size of the file to be uploaded exceeds 100 MB, a message indicating a page request failure is displayed. You can refresh the page to resolve this issue.
      After the certificate is uploaded to the server, the message "Import certificate success, certificate will effect after iBMC reset" is displayed.
    After the certificate is imported, restart the iBMC for the certificate to take effect.
Adding the Root Certificate to the Browser
NOTE:
If the SSL certificate is self-generated (not obtained from a CA organization), check whether the browser has the root certificate.
The following uses Internet Explorer as an example to describe how to view and add a root certificate to the browser.
  1. Open Internet Explorer.
  2. On the toolbar, choose Tools > Internet Options.

    The Internet Options dialog box is displayed.

  3. On the Content tab page, click Certificates.

    The Certificates dialog box is displayed.

  4. On the Trusted Root Certification Authorities tab page, check whether the SSL certificate issuer is listed.
    • If yes, go to 5.
    • If no, go to 6.
  5. Check whether the SSL certificate has expired.
    • If yes, go to 6.
    • If no, go to 7.
  6. On the Trusted Root Certification Authorities tab page, click Import.

    Import the root certificate as prompted.

  7. Open Internet Explorer again, and check whether the icon is displayed on the address bar.
    • If yes, no further action is required.
    • If no, contact technical support.

Import/Export

Function Description

The Import/Export page allows you to import and export the iBMC and BIOS configuration files.

NOTE:
  • iBMC 2.32 and later versions support the import and export of configuration files.
  • Only the administrators can perform this operation.

GUI

Choose Configure from the main menu, and select Import/Export from the navigation tree.

The Import/Export page is displayed.



Procedure

Importing a Configuration File

  1. In the Import Configuration area, click next to Select File and select the configuration file to be imported.
  2. Click Upload.

    The configuration is successfully imported if "Imported successfully" is displayed. The configuration takes effect after the iBMC is restarted.

Exporting Configuration Files

  1. Click Export in the Export Configuration area, specify the directory for saving the file to be exported, and click OK.

    The configuration is successfully exported if "File exported successfully" is displayed.

Translation
Download
Updated: 2019-06-04

Document ID: EDOC1000066341

Views: 145021

Downloads: 1083

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next