No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

X6800 Server Node iBMC (Earlier Than V250) User Guide 30

This document describes the underlying management software Intelligent Baseboard Management Controller (iBMC) of the servers.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Config

Config

User Settings

Function Description

The User Settings page allows you to perform the following operations:

  • View and manage users of iBMC.

  • View and configure user security hardening rules for iBMC.

  • View and configure Lightweight Directory Access Protocol (LDAP) user information.

    The iBMC provides only the access function for LDAP users. To improve system security, use a user domain or group domain on the domain controller or use an LDAP user who belongs to a user domain to log in to iBMC. LDAP users can log in to iBMC only using the iBMC WebUI.

Page Description

On the menu bar, choose Config. In the navigation tree, choose User Settings. The User Settings page is displayed.

The User Settings page consists of the Local User and LDAP Group areas.
  • The Local User area consists of four sections: user configuration, login rules, privilege settings, and user management.
  • The LDAP Group area consists of three sections: LDAP configuration, root certification import, and LDAP group management.


Parameter Description
Table 6-21 Parameters in the user configuration section

Parameter

Description

Password Complexity Check

Specifies whether to enable the password complexity check function.

This function is enabled by default. The setting applies to SNMPv1 and SNMPv2c trap community names, read-only community names, and read-write community names.

The password complexity requirements are as follows:

  • Must contain 8 to 20 characters.
  • Must contain at least one space or one of the following special characters:

    `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

  • Must contain at least two types of the following characters:
    • Uppercase letters: A to Z
    • Lowercase letters: a to z
    • Digits: 0 to 9
  • Cannot be the same as a user name or the user name in reverse order.

Setting method: Click an option button.

NOTICE:

Disabling the password complexity check function reduces system security. You are advised to enable this function.

Password expired time

Specifies the validity period of a user password.

The value ranges from 0 to 365 in days. 0 indicates that the password never expires.

Login User in Emergencies

Specifies the user name for logging in to the iBMC WebUI in emergencies. This user is not restricted by any login rule and its password will never expire.

Setting method: Select an option from the drop-down list.

NOTE:
Only an administrator can be set as the emergency login user.

Disable history password

Specifies the number of previous passwords that cannot be reused as a new password.

The value ranges from 0 to 5. 0 indicates that all previous passwords are allowed.

Setting method: Select an option from the drop-down list.

Account Locking

Specifies the maximum number of consecutive login failures allowed and the account locking duration.

  • The maximum number of consecutive login failures allowed is an integer ranging from 1 to 5 or Unlimited (account locking disabled).

  • The account locking duration (in minutes) is an integer ranging from 1 to 5.

After a user account is locked, the user cannot log in within the locking time.

Setting method: Select an option from the drop-down list.

NOTE:
  • Disabling the account locking function will reduce system security. You are advised to enable this function.
  • To unlock a user account in emergencies, run the unlock command on the CLI. For details, see the iBMC user guide of the server.
Table 6-22 Parameters in the login rule section

Parameter

Description

On/OFF

NOTICE:
  • A login rule is effective for local users, LDAP groups, and SNMPv3 services or interfaces of CLP(ssh/telnet/ftp), KVM_VMM and RMCP only when it meets the following two conditions:
    1. The login rule is enabled on the User Settings page.
    2. The login rule is selected for the specific configuration item.
  • If a login rule is empty and enabled (), login is not restricted.
  • Login is allowed when any of the enabled login rules is met.
  • If a field in a login rule is left blank, login is not restricted by this field.

Specifies whether a login rule is enabled. The enabled rule applies to the local users, LDAP groups, and SNMPv3 services or interfaces that are configured to be limited by the rule.

Setting method: Click Restart.

  • indicates the login rule is enabled.
  • indicates the login rule is disabled.

Rule ID

Specifies the ID of a login rule. Three login rules can be set. Their login IDs are Rule1, Rule2, and Rule3, respectively.

Time

NOTICE:
  • The start and end years cannot be later than 2050.
  • In a login rule, the start and end time must be in the same format.

Specifies the time period in which users are allowed to log in. The value can be in one of the following formats:

  • YYYY-MM-DD: indicates the start and end dates allowed for login. For example, the start date is 2013-08-30 and the end date is 2013-12-30.
  • HH:MM: indicates the daily time period allowed for login. For example, the start time is 08:30 and the end time is 20:30.
  • YYYY-MM-DD HH:MM: indicates the specific time segment allowed for login. For example, the start time is 2013-08-30 08:30 and the end time is 2013-12-30 20:30.

Setting method: Enter a value in the text box.

IP

Specifies an IP address or IP address range allowed for login. The value can be in one of the following formats:

  • xxx.xxx.xxx.xxx: indicates a single IP address.
  • xxx.xxx.xxx.xxx/mask: indicates an IP address range. mask indicates the subnet mask length, which ranges from 1 to 32.

Setting method: Enter a value in the text box.

MAC

Specifies a MAC address or MAC address range allowed for login. The value can be in one of the following formats:

  • xx:xx:xx:xx:xx:xx: indicates a single MAC address.
  • xx:xx:xx: indicates the MAC address header.

Setting method: Enter a value in the text box.

Table 6-23 Parameters in the login rules section

Parameter

Description

Privilege settings

Local users supports the following privileges:

  • User Settings: Allows users to perform settings related to users and passwords, including setting local, online, and LDAP users and restoring factory settings.
  • Basic Settings: Allows users to perform settings related to out-of-band management, including configuration about networks, alarm reporting, server identifying, firmware upgrade, SEL download or deletion, and device startup. Users without this permission can view but cannot configure the settings on the Alarm Setting, NetWork Setting, and System Settings pages.
  • KVM: Allows users to use the remote virtual console and serial port direction function.
  • VMM: Allows users to use the virtual media function.
  • Security Settings: Allows users to query and configure security settings, including operation and security log viewing, algorithm selection, protocol switching, SSL certificate management, service configuration, and one-click collection. Users without this permission can view but cannot configure the settings on the Port Settings page.
  • Power Control: Allows users to power on or off and restart the server, and configure power and energy saving settings. Users without this permission can view but cannot configure the settings on the Power Control and Energy Saving Settings pages.
  • Diagnosis: Allows users to perform fault locating and commissioning operations, such as accessing the maintenance interface and configuring settings related to the sensors, auto video recording, manual or auto screen capturing, serial port data recording, and black box.
  • Get Info: Allows users to log in and view information excluding security, user, and system setting information.

User Type

Local users include the following: Administrator, Operator, and Common user.

NOTE:
You can also set custom users: custom roles 1 to 4. They have the Get Info permission by default. If one-click collection, serial port data redirection, and black box functions are enabled for custom roles, these functions can be used only through the web interface.

You set local user permissions based on needs.

Setting method: select a check box.

Table 6-24 Parameters in the local user management section

Parameter

Description

Displays the region for creating a local user.

Setting method: Click .

Displays the region for setting an existing local user.

Setting method: Click .

Deletes an existing local user.

Setting method: Click .

Hides the region for setting a new or existing local.

Setting method: Click .

User ID

Specifies the ID of an user. An ID must be selected when you create a user.

Setting method: Select an option from the drop-down list. The value is an integer ranging from 2 to 17.

User Name

Identifies a user of iBMC.

Value: a string of 1 to 16 characters

Setting rules:

  • Must consist of letters, digits, and special characters, excluding spaces. The first character cannot be #.
  • Special characters exclude:

    :<>&,'"/\%

Setting method: Enter a value in the text box.

The system default user is root. For the default password, see the product nameplate. You are advised to change the default password at the first login.

Current User Password

Specifies the current user's password, which is required before modifying a user's information.

Change Password

Changes a user password. Change all user passwords periodically to ensure security.

Setting method: Select or deselect the check box.

Password

Specifies the user password for logging in to iBMC. You are advised to periodically change your password for security purposes.

Value: a string of up to 20 characters

Setting rules:
  • If the password complexity check function is enabled, the password must meet password complexity requirements.
  • If the password complexity check function is disabled, the password can be empty or any character string.

Setting method: Enter a value in the text box.

Confirm

Specifies the user password for logging in to iBMC. This value must be the same as Password.

Setting method: Enter a value in the text box.

Login Rule

Specifies whether to enable the login rules for a user.

Method for enabling login rules: Selecting the checkboxes.

Method for setting login rules: Click the rule names.

Privilege

Specifies the group to which a user belongs.

Value: Administrator, Operator, Common user, or Custom Role.
  • Users in the Administrator group have all permissions.
  • Users in the Operator group have the permissions of Basic Settings, KVM, VMM, Power Control, and Get Info.
  • Users in the Common user group have only the Get Info permissions.
  • Users in groups Custom Role1 to Custom Role4 have the permissions selected in the privilege settings section.

Setting method: Click an option button.

Table 6-25 Parameters in the LDAP configuration section

Parameter

Description

LDAP Function

Specifies whether to enable the LDAP function.

Setting method: Click or .

  • indicates the LDCAP function is enabled.
  • indicates the LDCAP function is disabled.

Enable Certificate Verification

Specifies whether to enable certificate verification for the remote LDAP server.

Setting method: Click an option button.

You are advised to enable certificate verification for security purposes. After certificate verification is enabled, you need to import the LDAP root certificate, install the AD, DNS, and CA certificate issuer on the LDAP server, and import the CA certificate into the LDAP server and iBMC.

LDAPS Port

Specifies the port number for the LDAP service.

Value: an integer ranging from 1 to 65535

The default value is 636.

Setting method: Enter a value in the text box.

Encrypted transmission is enabled by default. You need to perform related configuration on the LDAP server.

LDAP Server Address

Specifies the LDAP server IP address or domain name.

Value: a string of up to 255 characters

Setting rule: The value can contain letters, digits, and special characters.

Setting method: Enter a value in the text box.

After certificate verification is enabled, set this parameter to the LDAP server FQDN (host name.domain name), and configure DNS address information on the NetWork Settings page.

Domain

Identifies the user domain to which an LDAP user defined in the domain controller belongs.

Value: a string of up to 255 characters

Setting rule: The value can contain letters, digits, and special characters.

Setting method: Enter a value in the text box.

User Folder

The value must be the same as the name of the application member data folder on the LDAP server. For example, CN = employee, OU = company or OU = department, OU = company.

Setting method: Enter a value in the text box.

Current User Password

Specifies the current user's password, which is required before modifying a user's information.

Table 6-26 Parameters in the LDAP root certificate import section

Parameter

Description

Upload Certificate

Uploads the LDAP root certificate, which can be an .cer, .pem, .cert, or .crt file.

NOTE:
If the size of the file to be uploaded exceeds 100 MB, a message indicating a page request failure is displayed. You can refresh the page to restore it.

Certificate Status

Specifies whether the LDAP root certificate has been imported to the server.

Certificate information

Displays certificate information.

Table 6-27 Parameters in the LDAP group management section

Parameter

Description

Displays the region for creating a LDAP group.

Setting method: Click .

Displays the region for configuring an existing LDAP group.

Setting method: Click .

Deletes an existing LDAP group.

Setting method: Click .

Current User Password

Specifies the current user's password, which is required before modifying a user's information.

LDAP Group

Specifies the name of the LDAP group to which an LDAP user belongs.

Value: a string of up to 32 characters

Setting rule: The value can contain letters, digits, and special characters.

Setting method: Enter a value in the text box.

Domain

Specifies the domain of the role group to which an LDAP user defined in the domain controller belongs.

Value: a string of up to 255 characters

Setting rule: The value can contain letters, digits, and special characters.

Setting method: Enter a value in the text box.

LDAP Group Folder

The value must be the same as the name of the organization unit to which the user group on the LDAP server belongs. An example for a multi-level LDAP group directory is Role/SubRole1/SubRole2.

Value: a string of up to 255 characters

Setting rule: The value can contain letters, digits, and special characters. Setting rule: The value can contain letters, digits, and special characters. Setting rule: The value can contain letters, digits, and special characters.

Setting method: Enter a value in the text box.

Login Rule

Specifies whether to enable the login rules, which apply only to the xx users.

Setting method: Click the option button.

Method for setting rules: Click the option buttons.

Privilege

Specifies the iBMC access permission assigned to a group domain.

Value: Administrator, Operator, Common user, or Custom Role.

Setting method: Click an option button.

Procedure

Viewing User Information

  1. On the menu bar, choose Config.
  2. In the navigation tree, choose User Settings.

    The User Settings page is displayed.

  3. In the Local User area, view information about all local users.

Enabling the Security Hardening Function

  1. In the Local User area on the User Settings page, specify the password validity period, emergency login user, maximum number of consecutive login failures allowed, account locking duration, whether to enable the password complexity check function, and whether to allow historical passwords. For details, see Table 6-21.
  2. Click Save.

    If the message "Operation Succeeded" is displayed, the setting is successful.

Configuring Login Rules
  1. In the Login Rule section on the User Settings page, configure login rules. For details about the parameters, see Table 6-22.
  2. Click Save.

    If the message "Operation Succeeded" is displayed, the setting is successful.

  3. Select login rules for local users, LDAP groups, or SNMP versions.
  4. Click Save. If the message "Operation Succeeded" is displayed, the setting is successful.

Adding Users

You can add a maximum of 16 users for iBMC.

  1. In the Local User area, click Add.

    The page for adding a user is displayed.

  2. Set user parameters. For details about the parameters, see Table 6-21.
    NOTE:
    The user with ID 1 is a reserved user defined in the IPMI standard. This user has no permission and is not allowed to log in to iBMC.
  3. Click OK.

    The information about the new user is displayed in the user list.

Modifying User Information

  1. In the Local User area, click for the target user.

    The page for modifying user information is displayed.

  2. Enter the password of the current user, and modify information about the target user. For details about the parameters, see Table 6-21.
  3. Click OK.

    The modified user information is displayed in the user list.

Deleting a User

  1. In the Local User area, click for the target user.

    The Confirm dialog box is displayed, prompting you to enter the current user password.

  2. Enter the password of the current user and click OK.

    If the message "Operation Succeeded" is displayed, the user is successfully deleted.

Enabling an LDAP Group

  1. In the LDAP Group area, click .

    If this icon changes to , the LDAP function is enabled.

  2. Set the LDAP group parameters. For details about the parameters, see Table 6-25.
  3. Click Save.

    If the message "Operation Succeeded" is displayed, the LDAP function is successfully disabled.

Disabling the LDAP Function

  1. In the LDAP Group area, click .

    If this icon changes to , the LDAP function is enabled.

  2. Click Save.

    The Confirm dialog box is displayed.

  3. Click OK.

    If the message "Operation Succeeded" is displayed, the LDAP function is successfully disabled.

Adding an LDAP Group

You can add a maximum of 5 LDAP groups for iBMC.

  1. In the LDAP Group area, click Add.

    The page for adding an LDAP group is displayed.

  2. Set the LDAP group parameters. For details about the parameters, see Table 6-21.
  3. Click OK.

    The information about the new LDAP group is displayed in the LDAP group list.

Importing an LDAP Root Certificate

  1. In the LDAP Group area, click Browse. In the displayed dialog box, select the LDAP root certificate to be imported.
  2. Click Upload.

    The message "The certificate has been uploaded." is displayed, the value of Certificate Status changes to The certificate has been uploaded, and the information about the imported certificate is displayed. For details about the parameters, see Table 6-23.

    Table 6-28 Parameters in the certification information section

    Parameter

    Description

    Issued By

    Provides information about the issuer of an LDAP certificate. Issued By and Issued To have the same parameters.

    Issued To

    Provides information about the user (current server) of an LDAP certificate, including:

    • CN: indicates a user name.
    • OU: indicates the department of a user.
    • O: indicates the company of a user.
    • L: indicates the city of a user.
    • S: indicates the province of a user.
    • C: indicates the country of a user.

    Valid From

    Indicates the date when an LDAP certificate starts to take effect.

    Valid To

    Indicates the date when an LDAP certificate will expire.
    Serial Number Indicates the serial number of an LDAP certificate, used for identifying and migrating the certificate.

Network Settings

Function Description

The NetWork Settings page allows you to perform the following operations:

  • Set a host name for the server.
  • Set the mode and IP address of the management network port on the server.

    Changing the IP address of the management network port will cause the network disconnection. Change the IP address only when necessary.

  • Set the mode for obtaining domain name system (DNS) information.
    NOTE:

    DNS supports both IPv4 and IPv6 addresses.

  • Set VLANs.
NOTE:
When the server is powered off and then on or is loading a driver, the network port is reconnected due to the power-saving feature of the X540 NIC. In this situation, the NCSI function is interrupted temporarily.
Page Description

On the menu bar, choose Config. In the navigation tree, choose NetWork Settings. The NetWork Settings page is displayed.



Parameter Description
Table 6-29 Parameters on the NetWork Settings page

Parameter

Description

Server Name

Specifies a host name for iBMC.

Value: a string of 1 to 64 characters

Setting rule: The value can contain letters, digits, and hyphens (-), but cannot start or end with a hyphen.

Setting method: Enter a value in the text box.

Select Mode

Specifies the network port mode.

The options are as follows:

  • Fixed: If you select this option, you need to specify a dedicated, aggregation, LOM, or PCIe network port as the iBMC management network port.
    • Dedicated network port: a dedicated iBMC management network port
    • Aggregation network port: the network port on the HMM board or on the mounting ear can be used as the iBMC management network port.
    • LOM network port: a service network port on an LOM
    • PCIe extern port: a service network port on a PCIe card
  • Automatic: If you select this option, the iBMC automatically selects a network port as the iBMC management network port based on the connection status of optional network ports. You need to specify optional network ports by selecting check boxes. If multiple network ports are connected, the iBMC selects a network port as the iBMC management network port based on the following priority: dedicated network port > LOM network port > PCIe extern port. The aggregation network port cannot be automatically selected.

Setting method: Click an option button.

NOTE:
  • If the PCIe expansion network port is used as the iBMC management network port, only Huawei NIC connected with NC-SI cables can be used as the PCIe expansion cards.
  • When an onboard or PCIe extern port is selected manually or automatically, the management and service network ports share a physical network port. You are advised to configure a virtual local area network (VLAN) for the management network port for security purposes if Fixed or Automatic is selected and an LOM or PCIe extern port is configured.
  • If a network port is selected as the iBMC management network port, will display behind the network port.

Specify Management Network Port

If Select Mode is set to Fixed, click an option button to specify a management network port. If Select Mode is set to Automatic, select check boxes to specify optional network ports.

Setting method: Click an option button or select check boxes.

IP version enable

IP protocols that can be enabled are as follows:

  • IPv4: Only IPv4 can be enabled and configured.
  • IPv6: Only IPv6 can be enabled and configured.
  • IPv4/IPv6: Both IPv4 and IPv6 can be enabled and configured.

Setting method: Click an option button.

IPv4 Settings

Automatically obtain IP address

Indicates that the server automatically obtains an IPv4 address for the management network port.

Setting method: Click the option button.

Manually set IP address

Indicates that you need to manually set an IPv4 address for the management network port. The IPv4 address information includes IP Address, Subnet Mask, Gateway, and MAC.

NOTE:

MAC specifies the physical address of a network interface card (NIC).

Setting method: Click the option button.

IPv6 Settings

Automatically obtain IP address

Indicates that the server automatically obtains an IPv6 address for the management network port.

Setting method: Click the option button.

Manually set IP address

Indicates that you need to manually set an IPv6 address for the management network port. The IPv6 address information includes IP Address, IPv6 Prefix, Gateway, Local Link Add and IP Address List.

NOTE:
  • Local Link Add is used for local link communication.

  • IP Address List supports a maximum of fifteen IPv6 addresses when stateless address autoconfiguration (SLAAC) is used.

Setting method: Click the option button.

DNS Settings

Automatically obtain DNS IPv4 address

Indicates that the server automatically obtains DNS IPv4 address information.

Setting method: Click the option button.

Automatically obtain DNS IPv6 address

Indicates that the server automatically obtains DNS IPv6 address information.

Setting method: Click the option button.

Manually set DNS IP address

Indicates that you need to manually set DNS address information. The DNS address information includes Domain, Preferred Server, and Alternate Server.

Setting method: Click the option button.

NOTICE:

If the mode for obtaining the IP address of the management network port is manual, the DNS information obtaining mode must also be manual.

Domain

Specifies a domain name for the server.

Value: a string of 0 to 67 characters

Setting rule: The value can contain letters, digits, and special characters including spaces.

Setting method: Enter a value in the text box.

Preferred Server

Specifies the IP address of the preferred DNS server.

Setting method: Enter a value in the text box.

Alternate Server

Specifies the IP address of the alternate DNS server.

Setting method: Enter a value in the text box.

VLAN Settings

VLAN

Specifies whether to enable a VLAN for the management network port.

Setting method: Click to enable the VLAN or to disable the VLAN.

NOTE:
  • VLAN setting is not supported when a dedicated network port is used under the Fixed mode.
  • You are advised to enable VLAN and set VLAN IDs to implement isolation between the service network and management network.
  • If Dedicated Port is selected as the iBMC management network port, the VLAN configuration is invalid. If any other value except Dedicated Port is selected as the iBMC management network port, the VLAN configuration is valid.

VLAN ID

Identifies the VLAN to which the management network port belongs.

Value range: Refer to the parameter description on the WebUI.

Setting method: Enter a value in the text box.

Procedure

Setting a Host Name

  1. On the NetWork Settings page, set a host name for the server. For details about this parameter, see Table 6-29.
  2. Click Save.

    If the message "Operation Succeeded" is displayed, the setting is successful.

Selecting a Network Port Mode

  1. On the Network page, select a network port mode and specify a network port as the management network port. For details about the parameters, see Table 6-29.
  2. Click Save.

    If the message "Operation Succeeded" is displayed, the setting is successful.

Setting an IPv4 Address for the Management Network Port

  1. In the IPV4 area of the NetWork Settings page, set an IPv4 address for the management network port. For details about the parameters, see Table 6-29.
  2. Click Save.

    If the message "Operation Succeeded" is displayed, the setting is successful.

Setting an IPv6 Address for the Management Network Port

  1. In the IPV6 area of the NetWork Settings page, set an IPv6 address for the management network port. For details about the parameters, see Table 6-29.
  2. Click Save.

    If the message "Operation Succeeded" is displayed, the setting is successful.

Automatically Obtaining DNS Information

  1. Click the Automatically obtain DNS IPv4 address or Automatically obtain DNS IPv6 address option button, depending on the IP address type (IPv4 or IPv6) of the management network port.
  2. Click Save.

    If the message "Operation Succeeded" is displayed, the setting is successful.

Manually Setting DNS Information

  1. Click the Manually set DNS IP address option button.
  2. Set Domain, Preferred Server, and Alternate Server. For details about the parameters, see Table 6-29.
  3. Click Save.

    If the message "Operation Succeeded" is displayed, the setting is successful.

Setting a VLAN ID for the Management Network Port

The specified VLAN ID takes effect only to the shared management network port.
  1. In the VLAN Settings area of the NetWork Settings page, set a VLAN ID for the management network port. For details about the parameters, see Table 6-29.
  2. Click Save.

    If the message "Operation Succeeded" is displayed, the setting is successful.

Port Settings

Function Description

The Port Settings page allows you to view and set system service information.

Page Description

On the menu bar, choose Config. In the navigation tree, choose Port Settings. The Port Settings page is displayed.



Parameter Description
Table 6-30 Parameters on the Port Settings page

Parameter

Description

Services

Specifies the name of a system service. System services include the following:
  • FTP: allows files to be transferred from one computer to another over the network. This service may cause security risks due to its own mechanism. You are advised to use the Secure File Transfer Protocol (SFTP) service instead of the FTP service. The FTP service is disabled by default. When iBMC is connected over FTP, files can be uploaded to or downloaded only from /tmp to ensure system security.
  • SSH: allows a secure channel to be established between a local computer and a remote one.
  • Telnet: allows users to log in to a remote system to use resources as if they log in to a local system. This service may cause security risks due to its own mechanism. You are advised to use the SSH service instead of the Telnet service. The Telnet service is disabled by default.
  • HMM SSH NAT: allows to switch to the Hyper Management Module (HMM) network from the Network Address Translation (NAT) network. After enabling this function, you can use a management network port on a server node to log in to the HMM over SSH. The HMM SSH NAT service is disabled by default.
  • SNMP Agent: translates and transfers requests between management devices and managed devices.
  • KVM: allows users to remotely control a server by using the local keyboard, video, and mouse (KVM).
  • VMM: allows users to use a virtual DVD-ROM drive or floppy disk drive (FDD) when they remotely control a server. (VMM stands for Virtual Machine Manager.)
  • Video: allows users to use the video playback function when they remotely control a server. For details about this function, see Play Back.
  • Web Server(HTTP): supports Internet information browsing and translates Hypertext Transfer Protocol (HTTP) pages. The Web Server(HTTP) service is enabled by default to establish a connection between the browser and iBMC. After the connection is set up, the secure protocol HTTPS is used.
  • Web Server(HTTPS): supports Internet information browsing and translates Hypertext Transfer Protocol over Secure Socket Layer (HTTPS) pages.
  • IPMI LAN(RMCP): stands for Intelligent Platform Management Interface (IPMI) over LAN, and supports the Remote Management Control Protocol (RMCP). This service may cause security risks due to its own mechanism. You are advised to use the IPMI LAN(RMCP+) service instead of the IPMI LAN(RMCP) service. The IPMI LAN(RMCP) service is disabled by default.
  • IPMI LAN(RMCP+): stands for Intelligent Platform Management Interface (IPMI) over LAN and supports RMCP+.

Enable a Service

Specifies whether to enable a system service.

Setting method: Click to enable a service or to disable a service.

Port

Specifies the number of the port used by a system service.

Value: an integer ranging from 1 to 65535

Default value:
  • FTP: 21
  • SSH: 22
  • Telnet: 23
  • HMM SSH NAT: 30022
  • SNMP Agent: 161
  • KVM: 2198
  • VMM: 8208
  • Video: 2199
  • Web Server(HTTP): 80
  • Web Server(HTTPS): 443
  • IPMI LAN(RMCP): 623 for port 1 (primary port) and 664 for port 2 (secondary port)
  • IPMI LAN(RMCP+): RMCP+ and RMCP share ports. After you set port numbers for RMCP, RMCP+ also uses the port numbers.
NOTE:
  • If the port number is changed to 65535 for the Web Server(HTTP) or Web Server(HTTPS) service, Google Chrome cannot establish a session over this port.
  • Disabling the SSH, Telnet, HTTPS, RMCP, and RMCP+ services at the same time may result in network disconnection. If all the services are disabled, users need to enable the Web service by connecting the PC to the serial port of the server.
Procedure

Setting Port Numbers for System Services

  1. On the menu bar, choose Config.
  2. In the navigation tree on the left, choose Port Settings.

    The Port Settings page is displayed on the right.

  3. Enable the required system services and set port numbers for these services. For details about the parameters, see Table 6-30.
    NOTE:

    To restore the default port number for a system service, click Restore Default next to the port.

    System Service

    Operation

    FTP

    Enter a port number in the Port text box.

    SSH

    Enter a port number in the Port text box.

    Telnet

    Enter a port number in the Port text box.

    HMM SSH NAT

    Enter a port number in the Port text box.

    SNMP Agent

    Enter a port number in the Port text box.

    KVM

    Enter a port number in the Port text box.

    VMM

    Enter a port number in the Port text box.

    Video

    Enter a port number in the Port text box.

    Web Server(HTTP)

    Enter a port number in the Port text box.

    Web Server(HTTPS)

    Enter a port number in the Port text box.

    IPMI LAN(RMCP)

    1. Enter a port number in the Port 1 text box.
    2. Enter a port number in the Port 2 text box.

    IPMI LAN(RMCP+)

    RMCP+ and RMCP share ports. After you set port numbers for RMCP, RMCP+ also uses the port numbers.

  4. Click Save.

    If the message "Operation Succeeded" is displayed, the setting is successful.

System Settings

Function Description

The System Settings page allows you to perform the following operations:

  • View and set Simple Network Management Protocol (SNMP) information.
  • Enable or disable the user management function on the service side.
  • View and set the web server timeout period.
  • View and set the system time zone.
  • View and set device locations.
  • View and set alarm thresholds.
Page Description

On the menu bar, choose Config. In the navigation tree, choose System Settings. The System Settings page is displayed.



Parameter Description
Table 6-31 Parameters on the System Settings page

Parameter

Description

SNMP V1

Indicates the first official SNMP version, which is defined in Requests for Comments (RFC) 1157. This service may cause security risks due to its own mechanism. You are advised to use SNMPv3 instead of SNMPv1.

Setting method: Select or deselect the check box.

NOTE:
If the SNMPv1 service is enabled, change the SNMP community name promptly.

SNMP V2C

Indicates an enhanced version of SNMPv2. SNMPv2c is an experimental protocol defined in RFC 1901 and adopts a community-based management architecture. This service may cause security risks due to its own mechanism. You are advised to use SNMPv3 instead of SNMPv2c.

Setting method: Select or deselect the check box.

NOTE:
If the SNMPv2c service is enabled, change the SNMP community name promptly.

Read-Only Community

Specifies the read-only community name. The default value is roAdmin12#$.

If the password complexity check function is disabled, the value is a string of 1 to 32 characters, including letters, digits, and special characters except spaces.

If the password complexity check function is enabled, the value must meet the following requirements:

  • Contains 8 to 32 characters.
  • Contains at least one of the following special characters:

    `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

  • Contains at least two types of the following characters:
    • Uppercase letters: A to Z
    • Lowercase letters: a to z
    • Digits: 0 to 9
  • Does not contain spaces.

Setting method: Enter a value in the text box.

Confirm Community

Specifies the read-only community name re-entered for confirmation.

Setting method: Enter a value in the text box.

Read/Write Community

Specifies the read-write community name. The default value is rwAdmin12#$.

If the password complexity check function is disabled, the value is a string of 1 to 32 characters, including letters, digits, and special characters except spaces.

If the password complexity check function is enabled, the value must meet the following requirements:

  • Contains 8 to 32 characters.
  • Contains at least one of the following special characters:

    `~!@#$%^&*()-_=+\|[{}];:'",<.>/?

  • Contains at least two types of the following characters:
    • Uppercase letters: A to Z
    • Lowercase letters: a to z
    • Digits: 0 to 9
  • Does not contain spaces.

Setting method: Enter a value in the text box.

Confirm Community

Specifies the read-write community name re-entered for confirmation.

Setting method: Enter a value in the text box.

Login Rule

Specifies the login rules enabled for SNMPv1 and SNMPv2c. The login rules apply only to the users limited by login rules.

Method for enabling login rules: Select the check boxes.

Method for setting login rules: Click the rule names.

SNMP V3

Indicates the third official SNMP version, which enhances security and remote configuration capabilities on the basis of earlier versions.

NOTE:

iBMCSNMPv3 is enabled by default and cannot be disabled.

SNMP V3 AuthProtocol

Specifies the SNMPv3 authentication algorithm.

Value: MD5 or SHA1

Default value: SHA1

Setting method: Select an option from the drop-down list.

NOTE:
  • This setting is effective to SNMP V3 and SNMP Trap V3.
  • MD5 may cause security risks. You are advised to select SHA1.

SNMP V3 PrivProtocol

Specifies the SNMPv3 encryption algorithm.

Value: DES or AES

Default value: AES

Setting method: Select an option from the drop-down list.

NOTE:
  • This setting is effective to SNMP V3 and SNMP Trap V3.
  • DES may cause security risks. You are advised to select AES.

Login Rule

Specifies SNMPv3 login rules, which are consistent with local user login rules.

Table 6-32 Other parameters on the System Settings page

Parameter

Description

Set enable/disable status of user management on OS

Specifies whether the service system can manage users. Disabling this function will invalidate the IPMI commands for user management sent from the service system, for example, IPMI commands for adding or deleting users, setting permissions, and setting passwords.

Default value:

Setting method: Click to change it to and click Save. Then the service system cannot manage users. It is recommended that you set this parameter to ; otherwise security risks exist because the service system can manage iBMC users.

Set Web Server Timeout Period

Specifies the maximum interval between two consecutive operations on the iBMC UI. If the maximum interval is exceeded, the user is forcibly logged out and returned to the login page.

Value: an integer ranging from 5 to 480

Setting rule: The value must be a number and cannot be empty. Unit: minute

Setting method: Enter a value in the text box.

Set TimeZone

Specifies the time zone for the iBMC.

Value range: GMT-12:00 to GMT+13:00

Setting method: Select an option from the drop-down list.

Device Location

Sets the position information of the local server.

The value is a string ranges from 0 to 64 characters. The value is left blank by default.

The string can contain digits, letters, and following characters:

`~!@#$%^&*()-_=+\|[{}];:'",<.>/?

Setting method: Enter a value in the text box.

CPU Warning Threshold (RH5885 V3 and RH8100 V3 does not provide this function)

Specifies the alarm threshold for the CPU usage. If the CPU usage exceeds the alarm threshold, iBMC reports a minor alarm.

Value range: 0 to 100, which indicates 0% to 100%

Setting method: Enter a value in the text box.

Memory Bandwidth Usage Warning Threshold (RH5885 V3 and RH8100 V3 does not provide this function)

Specifies the alarm threshold for the memory bandwidth usage. If the memory bandwidth usage exceeds the alarm threshold, iBMC reports a minor alarm.

Value range: 0 to 100, which indicates 0% to 100%

Setting method: Enter a value in the text box.

Procedure

Setting the SNMP Parameters

  1. On the System Settings page, set the SNMP parameters. For details about the parameters, see Table 6-31.
  2. Click Save.

    If the message "Operation Succeeded" is displayed, the setting is successful.

Enabling the Service System to Manage Users or Disabling This Function

  1. On the System Settings page, enable the service system to manage users or disable this function. For details about the parameters, see Table 6-32.
  2. Click Save.

    If the message "Operation Succeeded" is displayed, the setting is successful.

Setting the Timeout Period for the Web Server

  1. On the System Settings page, set Timeout Period to the maximum interval between two consecutive sessions. For details about this parameter, see Table 6-32.
  2. Click Save.

    If the message "Operation Succeeded" is displayed, the setting is successful.

Setting the Time Zone
  1. On the System Settings page, select an option from the TimeZone drop-down list. For details about this parameter, see Table 6-32.
  2. Click Save.

    If the message "Operation Succeeded" is displayed, the setting is successful.

Setting the Device Location

  1. On the System Settings page, enter the local server position information in Device Location. For details about this parameter, see Table 6-32.
  2. Click Save.

    If the message "Operation Succeeded" is displayed, the setting is successful.

Setting Alarm Thresholds
  1. On the System Settings page, set alarm thresholds. For details about the parameters, see Table 6-32.
  2. Click Save.

    If the message "Operation Succeeded" is displayed, the setting is successful.

Boot Option

Function Description

The Boot Option page allows you to set the first boot option for the operating system (OS) on the server.

NOTE:

The setting takes effect only once. After the server restarts, the first boot option is restored to the default value specified in the basic input/output system (BIOS).

Page Description

On the menu bar, choose Config. In the navigation tree, choose Boot Option. The Boot Option page is displayed.



Parameter Description
Table 6-33 Parameters on the Boot Option page

Parameter

Description

Hard disk

Forcibly boots the OS from a hard disk.

Setting method: Click the option button.

DVD-ROM drive

Forcibly boots the OS from the CD-ROM or DVD-ROM drive.

Setting method: Click the option button.

FDD/Removable device

Forcibly boots the OS from a floppy disk drive (FDD) or removable device.

Setting method: Click the option button.

PXE

Forcibly boots the OS from the Preboot Execution Environment (PXE).

Setting method: Click the option button.

BIOS Setup

Displays the BIOS Setup menu upon server startup.

Setting method: Click the option button.

No override

Boots the OS from the default first boot option specified in the BIOS (the first boot option is not set in iBMC).

Setting method: Click the option button.

Procedure
  1. On the menu bar, choose Config.
  2. In the navigation tree, choose Boot Option.

    The Boot Option page is displayed.

  3. Set the first boot option. For details about the options, see Table 6-33.
  4. Click Save.

    If the message "Save Success" is displayed, the setting is successful.

SSL Certificate

Function Description

The SSL Certificate page allows you to view Secure Sockets Layer (SSL) certificate information, customize SSL information, and import a new certificate.

The SSL certificate sets up an SSL security channel over HTTPS between the web browser on the client and the web server to transmit encrypted data between the client and server and prevent data disclosure. SSL ensures the security of transmitted information and is used for verifying the authenticity of the website to be accessed. Servers allow you to replace SSL certificates. You are advised to replace the original certificate and keys with your customized certificate and public and private key pair, and promptly update the certificate for security purposes.

Page Description

On the menu bar, choose Config. In the navigation tree, choose SSL Certificate. The SSL Certificate page is displayed.



Parameter Description
Table 6-34 Parameters in the SSL Certificate Information area

Parameter

Description

Issued To

Provides information about the user (current server) of an SSL certificate, including:

  • CN: indicates a user name.
    NOTE:
    Set CN to the server fully qualified domain name (FQDN), that is, host name.domain name.
  • OU: indicates the department of a user.
  • O: indicates the company of a user.
  • L: indicates the city of a user.
  • S: indicates the province of a user.
  • C: indicates the country of a user.

Issued By

Provides information about the issuer of an SSL certificate. The fields contained in Issued By are the same as those in Issued To.

Valid From

Indicates the date when an SSL certificate starts to take effect.

Valid To

Indicates the date when an SSL certificate will expire.

Serial Number

Indicates the serial number of an SSL certificate, used for identifying and migrating the certificate.
Procedure

Viewing Information About the Current SSL Certificate

  1. In the navigation tree, choose Config > SSL Certificate.

    The SSL Certificate page is displayed.

  2. In the SSL Certificate Information area, view information about the current SSL certificate used by the server.

Customizing SSL Certificate Information and Importing an SSL Certificate

NOTE:
Perform this operation when you apply for and import an SSL certificate.
  1. On the SSL Certificate page, click Customize.

    The page for customizing SSL certificate information is displayed.

  2. In the Step 1: Generation CSR area, set the parameters for customizing certificate information, and click Save.

    In the displayed dialog box, export the CSR file to the client as prompted.

    Table 6-35 describes the parameters for customizing certificate information.

    Table 6-35 Parameters for customizing certificate information

    Parameter

    Description

    Country

    Specifies the country of a user.

    This parameter is mandatory. The value can contain only two letters.

    State

    Specifies the province of a user.

    The value can contain a maximum of 128 characters, including letters, digits, and spaces.

    City/Location

    Specifies the city of a user.

    The value can contain a maximum of 128 characters, including letters, digits, and spaces.

    Organization Name

    Specifies the company of a user.

    The value can contain a maximum of 64 characters, including letters, digits, hyphens (-), underscores (_), periods (.), and spaces.

    Organizational Unit

    Specifies the department of a user.

    The value can contain a maximum of 64 characters, including letters, digits, hyphens (-), underscores (_), periods (.), and spaces.

    Common Name

    Specifies a user name.

    This parameter is mandatory. The value can contain a maximum of 64 characters, including letters, digits, hyphens (-), underscores (_), periods (.), and spaces.

  3. Send the exported CSR file to the SSL certificate issuer to apply for an SSL certificate.

    After obtaining the official SSL certificate, save it to the client.

  4. In the Step 2: Import Server Certificate area, click Browse, select the SSL certificate, which is in the format of .crt, .cer, and .pem, with a maximum of 1 MB, and click Save.

    After the certificate is imported, the message "Import certificate success, certificate will effect after iBMC reset" is displayed.

    • After the importing is complete, restart iBMC at appropriate time for the certificate to take effect.
    • A CSR file correlates with the server certificate applied from the CA organization. Do not generate a new CSR file before importing the server certificate. Otherwise, the original CSR file is overwritten by the new CSR file and cannot be recovered. You have to use the new CSR file to apply for a new server certificate from the CA organization.
    • The system will not encrypt the private key before the CSR generation and the import of the public key certificate to avoid security risks. You are advised to import the public key certificate after a CSR file is generated as soon as possible.
Importing an SSL Certificate
NOTE:
  • You can perform this operation only when an SSL certificate is available on the client.
  • Before importing a customized SSL certificate, you are advised to use a highly secure encryption algorithm (for example, RSA2048) to encrypt the certificate when the certificate is generated.
  1. On the SSL Certificate page, click Customize.

    The page for customizing SSL certificate information is displayed.

  2. In the Custom Certificate area, import an SSL certificate.
    1. Click Browse next to Certificate File, and select the SSL certificate file to be imported. The certificate is in the format of .pfx and .p12, with a maximum of 1 MB.
    2. In the Certificate Password text box, enter a password to ensure certificate security during transmission.

      If the certificate is protected by a password, you must enter the password. Otherwise, the certificate cannot be uploaded.

    3. Click Save.
      NOTE:
      If the size of the file to be uploaded exceeds 100 MB, a message indicating a page request failure is displayed. You can refresh the page to resolve this issue.
      After the certificate is uploaded to the server, the message "Import certificate success, certificate will effect after iBMC reset" is displayed.
    After the certificate is imported, restart iBMC at an appropriate time for the certificate to take effect.
Adding the Root Certificate to the Browser
NOTE:
After importing an SSL certificate, check whether the root certificate of the issuer exists in the client browser.
The following uses Internet Explorer as an example to describe how to view and add a root certificate in the browser.
  1. Open Internet Explorer.
  2. On the toolbar, choose Tools > Internet Options.

    The Internet Options dialog box is displayed.

  3. On the Content tab page, click Certificates.

    The Certificates dialog box is displayed.

  4. On the Trusted Root Certification Authorities tab page, check whether the SSL certificate issuer is listed.
    • If yes, go to 5.
    • If no, go to 6.
  5. Check whether the SSL certificate has expired.
    • If yes, go to 6.
    • If no, go to 7.
  6. On the Trusted Root Certification Authorities tab page, click Import.

    Import the root certificate as prompted.

  7. Open Internet Explorer again, and check whether the icon is displayed in the address bar.
    • If yes, no further action is required.
    • If no, contact technical support.
Translation
Download
Updated: 2019-06-04

Document ID: EDOC1000066341

Views: 147654

Downloads: 1083

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next