No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionServer Pro X6000 Server iBMC (V300 to V369) User Guide 09

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Services

Services

Function Description

The Services page allows you to view and set system service information.

GUI

Choose Configuration from the main menu, and select Services from the navigation tree.

The Services page is displayed.



Parameter Description

Table 3-53 Parameters on the Port Settings page

Parameter

Description

Services

System services that can be enabled or disabled:
  • SSH: allows a secure channel to be established between a local computer and the server.

    The iBMC supports a maximum of five concurrent SSH connections.

    NOTE:

    SSH supports encryption algorithms AES128-CTR, AES192-CTR, and AES256-CTR. Use a supported encryption algorithm when logging in to iBMC over SSH.

  • HMM SSH NAT: allows users to switch to the Hyper Management Module (HMM) network from the Network Address Translation (NAT) network. After enabling this function, users can use a management network port on a server node to log in to the HMM over SSH. The HMM SSH NAT service is disabled by default.

    The iBMC supports a maximum of five concurrent HMM over SSH connections.

  • SNMP Agent: translates and transfers requests between management devices and managed devices.
  • KVM: allows users to remotely control a server by using the local keyboard, video, and mouse (KVM).

    The iBMC supports a maximum of two concurrent users.

  • VMM: allows a user to use a virtual DVD-ROM drive or floppy disk drive (FDD) to access and control a server.

    The iBMC supports only one user at a time.

    NOTE:

    VMM stands for Virtual Machine Manager.

  • Video: allows users to use the video playback function. For details about this function, see Playback.

    The iBMC supports only one user at a time.

  • VNC: allows users to remotely control a server by using the local keyboard, video, and mouse. (VNC stands for Virtual Network Console.)

    A maximum of five concurrent users are allowed.

    NOTE:

    Only V5 servers support the VNC service.

  • Web Server (HTTP): supports Internet browsing and translates Hypertext Transfer Protocol (HTTP) pages. The Web Server (HTTP) service is enabled by default to establish a connection between the browser and iBMC. After the connection is set up, the secure protocol HTTPS is used.
  • Web Server (HTTPS): supports Internet browsing and translates Hypertext Transfer Protocol over Secure Socket Layer (HTTPS) pages or Redfish Protocol.

    The iBMC supports a maximum of four concurrent HTTPS connections.

  • IPMI LAN (RMCP): stands for Intelligent Platform Management Interface (IPMI) over LAN, and supports the Remote Management Control Protocol (RMCP). Using the IPMI LAN (RMCP) service may pose security risks. For security purposes, use the IPMI LAN (RMCP+) service instead. The IPMI LAN (RMCP) service is disabled by default.
  • IPMI LAN (RMCP+): stands for Intelligent Platform Management Interface (IPMI) over LAN and supports RMCP+.
    NOTE:

    The RMCP+ protocol has security vulnerabilities (CVE-2013-4786), and using RMCP+ poses security risks. Refer to Risk Prevention Measures.

Click or , and click Save.

  • : enables the server.
  • : disables the server

Port

Port number used for a service.

Value range: 1 to 65535

Default value:
  • SSH: 22
  • HMM SSH NAT: 30022
  • SNMP Agent: 161
  • KVM: 2198
  • VMM: 8208
  • Video: 2199
  • VNC: 5900
  • Web Server (HTTP): 80
  • Web Server (HTTPS): 443
  • IPMI LAN (RMCP): 623 for port 1 (primary port) and 664 for port 2 (secondary port)
  • IPMI LAN (RMCP+): RMCP+ and RMCP use the same port.
NOTE:
  • If a Web Server (HTTP)/Web Server (HTTPS) port is configured as a non-default browser port, the Chrome or Firefox browser cannot use the port to establish a connection. To solve this problem, you need to configure the browser to allow connections to be set up over a non-default port.
  • Disabling the SSH, HTTPS, RMCP, and RMCP+ services at the same time may result in network disconnection. If all the services are disabled, you can connect to the server through the serial port and enable the web service.
  • Only V5 servers support the VNC service.

Procedure

Setting Port Numbers for System Services

  1. On the menu bar, choose Configuration.
  2. In the navigation tree on the left, choose Services.

    The Services page is displayed on the right.

  3. Enable the required system services and set port numbers for these services.

    For details about the parameters, see Table 3-53.

    NOTE:

    To use the default port number for a service, click Restore Defaults next to the port.

    Table 3-54 Setting service ports

    Services

    Operation

    SSH

    Enter a port number in the Port text box.

    HMM SSH NAT

    Enter a port number in the Port text box.

    SNMP Agent

    Enter a port number in the Port text box.

    KVM

    Enter a port number in the Port text box.

    VMM

    Enter a port number in the Port text box.

    Video

    Enter a port number in the Port text box.

    VNC

    Enter a port number in the Port text box.

    Web Server(HTTP)

    Enter a port number in the Port text box.

    Web Server(HTTPS)

    Enter a port number in the Port text box.

    IPMI LAN(RMCP)

    1. Enter a port number in the Port 1 text box.
    2. Enter a port number in the Port 2 text box.

    IPMI LAN(RMCP+)

    RMCP+ and RMCP use the same port.

  4. Click Save.

    If "Operation Successful" is displayed, the setting is successful.

Risk Prevention Measures

Do as follows to minimize the security risks caused by the vulnerability (CVE-2013-4786) of RMCP+:

  • If you do not use IPMI protocol to access the iBMC:
    • Disable the IPMI service on this page.
      NOTE:

      After IPMI is disabled, other devices cannot use IPMI to access the iBMC. This setting affects the IPMI-based tools, such as IPMItool, InfoCollect, and eSight.

    • Enable password complexity check and set passwords complying with the password complexity requirements.
  • If you need to use IPMI protocol to access the iBMC:
    • Set the network where the iBMC management network port is located as an independent LAN.
    • Enable password complexity check and set passwords complying with the password complexity requirements.
Download
Updated: 2019-08-01

Document ID: EDOC1100019359

Views: 92409

Downloads: 98

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next