Configuring and Managing the Server System Using the Web-Based Interface

C H A P T E R 5

This chapter provides information about configuring and managing local server systems using a web browser and the embedded lights out manager (ELOM). For initial ELOM configuration information, see Chapter 3.

The chapter includes the following sections:

Configuring the Server

Managing Users

Service Processor Maintenance

This chapter addresses your local system. To redirect your commands to a remote system, see Chapter 6.

Configuring the Server

The embedded lights out manager Configuration screens provide access to the system administrative functions associated with configuring and customizing the system. The Configuration tab consists of six screens:

Network

E-mail Notification

Platform Event Filter

Time

Syslog

System Management Access

Note - This section contains advanced information about configuring and customizing ELOM services for your server. For information about the initial server configuration using the web-based interface, see Chapter 3. For information about configuring your server using the command-line interface (CLI), see Chapter 8.

This section contains the following:

Configuring the Network Settings

Setting Up E-Mail Notification

Defining Traps with the Platform Event Filter

Setting the System Time

Enabling or Disabling Syslog

Configuring System Management Access

Configuring the Network Settings

This section describes how to access the Network Settings Configuration screen, and how to use it to configure and change the network parameters. You can configure the network settings manually, or by using Dynamic Host Configuration Protocol (DHCP).

To Access the Network Settings Screen

To configure the Network Settings manually

To configure the Network Settings using DHCP

To Access the Network Settings Screen

1. Start your web browser, and enter the IP address of the server.

The login screen appears.

2. Enter a user name and password that has Administrator privileges.

The default login account has Administrator privileges. To use the default login, enter the following information:

Username: root

Password: changeme

3. Click Login.

The Sun embedded Lights Out Manager web-based interface appears.

4. Click the Configuration tab to access the Configuration submenu screens.

5. Click the Network Settings tab.

The Network Settings screen appears (see FIGURE 5-1).

FIGURE 5-1 The Network Settings screen

[ D ]

To configure the Network Settings manually

The Network Settings screen has input fields for the server IP address, the net mask, the gateway address, and the address for the DNS server. The fields are open for input allowing you to manually configure the server.

1. Enter the IP address, the net mask, the gateway address, and the address for the DNS server in the appropriate fields.

2. Click Submit to save your changes.

To configure the Network Settings using DHCP

The Network Settings screen also has an Enable DHCP (Dynamic Host Configuration Protocol) check box. If you enable DHCP, the IP address, the gateway, the subnet mask, and the DNS Server address will be supplied by the server.

1. Select the Enable DHCP check box.

Notice that the IP Address, Gateway, Subnet Mask, and DNS Server fields are now closed for manual input. The server will supply this information.

2. Click Submit to enable DHCP.

Setting Up E-Mail Notification

The E-Mail Notification screen is a useful configuration and server management tool that allows you to designate email recipients for notification of trapped system event messages and alerts. You can designate up to ten email address recipients. When trapped events and alerts occur, the system will send an email containing the details of the traps to the designated addresses. The email will contain the server name, the IP address of the server, the date and time of the occurrence, the severity of the event, and a description of the event. By configuring email notification, you can set up a level of accountability and redundancy for the management and maintenance of a server.

Note - System event traps are defined in the Platform Event Filter screen, see Defining Traps with the Platform Event Filter)

To set up E-Mail Notification:

1. Click Configuration, from the main menu.

2. Select the E-mail Notification submenu tab.

The E-mail Notification screen appears (see FIGURE 5-2)

FIGURE 5-2 The E-mail Notification Screen

[ D ]

The E-Mail Notification Screen has twelve input fields, one field for the SMTP Server name, one field for the Sender name, and ten fields for the Receiver E-mail Addresses.

3. Fill in the name of the SMTP server in the SMTP Server field.

This is the name of the server used to send the email.

4. Fill in the name of the user or script that is sending the email in the Sender field.

5. Fill in the receiver e-mail addresses in the Receiver E-mail Address fields.

The system provides for up to ten receiver e-mail addresses.

Tip - Press the Tab key to advance to the next field to enter each address.

6. Click Submit to save your changes, and initiate email notification.

Defining Traps with the Platform Event Filter

To capture the event messages for the system logs and email notification, you must define the system generated events that you want to trap and the actions you want to allow. The Platform Event Filter (PEF) screen allows you to activate this feature, configure PEF parameters, and define traps by creating event filters.

To Define Traps With the Platform Event Filter Screen

1. Click the Configuration tab.

2. Click the Platform Event Filter tab.

The Platform Event Filter screen appears (see FIGURE 5-3).

FIGURE 5-3 The Platform Event Filter screen

[ D ]

The PEF screen is divided into Four sections:

The Platform Event Filter section

The Trap Receiver Destination Address section

The PEF Action Global Control section

The Event Filter and Event Action Configuration section

3. Click the Enable PEF radio button in the Platform Event Filter section (see FIGURE 5-4).

FIGURE 5-4 The Platform Event Filter Section

[ D ]

4. Enter the IP of the servers receiving the trapped system event messages in the Trap Receiver Destination Address section (see FIGURE 5-5).

You can designate up to four servers.

FIGURE 5-5 The Platform Event Filter and Trap Receiver Destination Address sections of the Platform Event Filter screen.

[ D ]

5. Select the PEF Global Actions by clicking the check box for each of the actions you want to enable (see FIGURE 5-5).

There are six possible PEF Actions. TABLE 5-1 lists and describes the actions.

TABLE 5-1 PEF Actions and Descriptions
Action	Description
Enable Power Off Action	The system is powered off by this action.
Enable Power Cycle Action	The system power is cycled (turned off and turned on) by this action.
Enable Power Reset Action	Power reset enabled.
Enable Diagnostic Interrupt Action	Enables diagnostic information dump.
Enable Send Alert Action	Alerts are sent to the trap receiving server by this action.
Enable Send Mail Action	Email notification is enabled by this action.

When you select an action you are enabling that function globally. For example, if you select all three power-related actions, you are enabling the functionality of those actions, and you will be able to select them in the Configure Event Filter section.

6. Select the sensor you want to filter from the Configure Event Filter drop-down list (see FIGURE 5-6).

FIGURE 5-6 The Event Filter and Event Action Configuration Sections

[ D ]

The drop-down list has the following six sensor options:

	drop-down list Options
	ffh - All sensors
	01h - Temperature
	02h - Voltage
	04h - Fan
	07h - Processor
	0Ch - Memory

Each option corresponds to the sensors associated with that component/subsystem. The Event Filter Configuration and Event Action Configuration sections allow you to configure each of these six options separately.

7. Select all the actions that apply for the sensor by clicking the corresponding check boxes in the Event Action Configuration section (see FIGURE 5-6). The four check box options are:

	Check box Options
	Power Control
	Diagnostic Interrupt(NMI)
	Send Alert
	Send Mail

The Power Control option has a drop-down list with three power-related actions: Power Cycle, Power Off, and Power Reset. If you select the Power Control action, you must also select one of the three actions.

8. Repeat step 6 and step 7 for each sensor you want to configure.

9. Click the Submit button to save your settings.

Setting the System Time

The System Time screen allows you to see the date and time for the system. The system date and time is referenced in the Event Logs and in the E-Mail Notification function, and it is an important part of diagnostics and troubleshooting procedures. For proper server management always make sure the correct date and time are set for the system.

Note - Set the system time using the system BIOS setup.

To Set the Time Screen

1. Click the Configuration tab.

2. Select the Time tab.

The Time screen appears (see FIGURE 5-7).

FIGURE 5-7 The Time screen

[ D ]

Note - The time is displayed using the 24-hour format.

Enabling or Disabling Syslog

The Syslog screen allows you to enable the Syslog protocol for the server.

To Access the Syslog Screen

1. Click the Configuration tab.

2. Select the Syslog tab.

The Syslogd screen appears (see FIGURE 5-8).

FIGURE 5-8 The Syslogd screen

[ D ]

The current status is shown as either Yes (enabled) or No (disabled).

3. Click either the Enable Syslogd or Disable Syslogd radio button.

If you are enabling syslog, enter the server IP address and the port.

4. Click Submit to save your changes.

Configuring System Management Access

System Management Access is composed of two screens:

SSL Certificate (see The SSL Certificate screen)

SNMP (see The SNMP Screen).

To Access the System Management Access Screens

1. Click the Configuration tab.

2. Select the System Management Access tab.

The SSL Certificate screen appears, and the SNMP tab is available (see FIGURE 5-9).

FIGURE 5-9 The SSL Certificate screen

[ D ]

The SSL Certificate screen

The SSL Certificate screen allows you to create the certificate required for the Certificate Signing Request (CSR). This is necessary when using a browser to access a secure (HTTPS) site. HTTPS requires that a digitally signed certificate is installed at the applicant’s site.

To Create a CSR

1. Browse for the SSL Certificate on your local system.

2. Click Upload.

3. Enter the information for the following fields:

	Common Name(CN)
	Organization Unit(OU)
	Organization(O)
	Locality(L)
	State(S)
	E-mail Address(E)
	Country Code(C)

4. Click Generate to create an SSL Certificate.

The SNMP Screen

To Access the SNMP Screen

1. Select the System Management Access tab.

2. Select the SNMP tab.

The SNMP screen appears (see FIGURE 5-10).

FIGURE 5-10 The SNMP screen

[ D ]

The SNMP screen is composed of three screens:

SNMP Settings

SNMP Communities

SNMP User Settings

Use the drop-down list to access the three screens (see FIGURE 5-11).

FIGURE 5-11 The SNMP drop-down List

[ D ]

The SNMP Settings Screen

The SNMP Settings screen allows you to configure the SNMP Port and the SNMP Permit (see FIGURE 5-12).

FIGURE 5-12 The SNMP Settings Screen

[ D ]

To Configure SNMP Port and Permit

1. Select SNMP Settings from the SNMP drop-down list, and click Select.

2. Enter the Port number.

3. Select the Permit check boxes that apply.

The Permit check box options are:

	Set Requests
	v1 Protocol
	v2cProtocol
	v3 Protocol

4. Click Submit to save your changes.

The SNMP Communities Screen

The SNMP Communities screen allows you to Add, Modify, or Delete communities (see FIGURE 5-13).

FIGURE 5-13 The SNMP Communities Screen

[ D ]

To Add a Community

1. Select Communities Settings from the SNMP drop-down list, and click Select.

2. Click the radio button next to a vacant field in the Community Name column.

3. Click the Add button in the Operation column.

The Community Setting Screen appears (see FIGURE 5-14).

FIGURE 5-14 Community Setting Screen

[ D ]

4. Enter a the new name in the Community field.

5. Select the permission level from the Permissions drop-down list.

The two options are:

	Permission	Definition
	ro	Read-only
	rw	Readand write

6. Click Submit to save your changes and add a new Community.

To Modify a Community

1. Click the radio button next to the name of the Community you want to modify (see FIGURE 5-13 ).

2. Click the Modify button in the same row in the Operation column.

The Community Setting screen appears (see FIGURE 5-14). You can change the Community Name and the Permission.

3. Click Submit to save your changes, or click Reset and Submit to exit the User Setting screen without modifying the settings.

To Delete a Community

1. Click the radio button next to the name of the Community you want to delete (see FIGURE 5-13).

2. Click the Delete button in the same row in the Operation column.

The Community is deleted.

The SNMP User Settings Screen

The SNMP User Settings screen summarizes the current SNMP users, and allows you to Add, Modify or Delete Users (see FIGURE 5-15).

FIGURE 5-15 The SNPMP User Setting Screen

[ D ]

To Add an SNMP User

1. Select SNMP User Settings from the SNMP drop-down list, and click Select.

2. Click the radio button next to a vacant field in the User Name column.

3. Click the Add button in the same row in the Operation column.

The User Setting screen appears (see FIGURE 5-16).

FIGURE 5-16 The SNMP User Setting Screen

[ D ]

4. Enter the required information to create a new User. The User Setting fields and applicable options are defined in TABLE 5-2.

TABLE 5-2 User Setting Fields.

	User Setting Fields	Options
	Username	1-32 characters
	Auth Protocol	MD5, SHA
	Auth Password	1-2 characters
	Confirm Password
	Permission	rw (read/write) ro (read-only)
	Privacy Protocol	none, DES
	Privacy Password	1-32 characters
	Confirm Password

5. Click Submit to create a new user, or click Reset and Submit to exit the User Setting screen without creating a new User.

To Edit an SNMP User

1. Click the radio button next to a User name in the User Name column (see FIGURE 5-15).

2. Click the Edit button in the same row in the Operations column.

3. The User Setting screen appears (see FIGURE 5-16).

Edit the User Setting fields (see TABLE 5-2).

4. Click Submit to save your edit, or click Reset and Submit to exit the User Setting screen without changing the settings.

To Delete an SNMP User

1. Click the radio button next to a User name in the User Name column (see FIGURE 5-15).

2. Click the Delete button in the same row in the Operation column.

The User is deleted.

Managing Users

The ELOM User Management screens provide access to the system administrative functions associated with the management of users. The User Management tab consists of two screens:

User Account

ADS Configuration

User Account

The User Account screen allows users with Administrator privileges to manage user access to the ELOM. Administrators can add users, change user passwords and privileges, and enable, disable and delete users.

This section contains the following:

To Access the User Account Screen

To Add Users

To Change a User Password

To Change User Privilege

To Disable and Enable a User

To Delete a User

To Access the User Account Screen

1. Log in to the ELOM using root or another account with Administrator privileges.

The ELOM main screen appears.

2. Click the User Management tab on the main menu.

The User Management submenu screen appears.

3. Click the User Account submenu tab.

The User Account screen appears (see FIGURE 5-17).

FIGURE 5-17 The User Account Screen

[ D ]

The User Account screen summarizes the current user accounts for the ELOM. The ELOM allows up to nine users, eight user accounts and the root account. The root account is the default account. Root has permanent Administrator privileges. The root account cannot be deleted, nor can it be disabled. However, additional user accounts with Administrator privileges can be added.

The User Account screen allows an Administrator to perform the following functions:

Add users (up to eight)

Change a user password

Disable user access

Change user privileges

Delete users

To Add Users

The ELOM allows for a total of nine user accounts, including the root account. When adding users, Administrators must enter values for the following settings: the Username, the Password, and the Privilege. TABLE 5-3 lists the three User variables and the value limitations or options for each.

TABLE 5-3 User Variables and Limitations

Setting	Limitations or Options
Username	1-16 characters A-Z or 0-9
Password	8-20 characters Any character
Privilege	Administrator Operator User Callback

Setting

Limitations or Options

Username

1-16 characters

A-Z or 0-9

Password

8-20 characters

Any character

Privilege

Administrator

Operator

User

Callback

The Privilege Setting

The privilege setting determines user access to the ELOM.

The Administrator privilege has full access to all menus, and can configure the software and add users.

The User and Callback privileges have the least amount of system access. Both privileges are limited to the System Management and System Monitoring screens (see FIGURE 5-18).

FIGURE 5-18 The User and Callback Screen Limitation

[ D ]

The Operator privilege has limited access. Operators are limited to the System Management and System Monitoring screens. However, unlike the User and Callback privileges, Operators have access to the Locator Indicator and the Fault LED submenu screens (see FIGURE 5-19).

FIGURE 5-19 The Operator System Screen Limitation

[ D ]

1. Click on the Add button (see FIGURE 5-17).

The Add User screen appears (see FIGURE 5-20).

FIGURE 5-20 The Add User Screen

The Add User Screen

2. Enter the values for each field, based on the limitations listed in TABLE 5-3.

Use the Privilege drop-down list to set privilege level.

3. Click Submit to save your changes and add the user.

To Change a User Password

1. Click the Change Password button for the User (see FIGURE 5-17).

The Change User Password screen appears (see FIGURE 5-21).

FIGURE 5-21 The Change User Password Screen

[ D ]

2. Enter the original password in the Old Password field.

3. Enter the new password in both the Password and the Confirm field.

Note - Passwords can be any character, but must be between 8 - 16 characters in length (see TABLE 5-3).

4. Click the Submit button to change the password.

To Change User Privilege

1. Click the Change User Privilege button in the User Account screen (see FIGURE 5-17).

The Change User Privilege screen appears (see FIGURE 5-22).

FIGURE 5-22 The Change User Privilege Screen

[ D ]

2. Select the new privilege from the Privilege drop-down list. For information about the Privilege setting, see The Privilege Setting.

3. Click Submit to save your changes.

To Disable and Enable a User

Disabling a user allows you to remove a User’s access to the ELOM, without deleting the user entirely.

Disabling a User

Click the Disable button for the User in the User Account screen.

The system disables the user without requesting confirmation.

Enabling a User

Click the Enable button for the User in the User Account screen.

The system enables the user.

To Delete a User

1. Click the Delete button for the User in the User Account screen.

The system prompts you for confirmation in a pop-up window.

2. Click OK in the Confirmation pop-up window to delete the user.

ADS Configuration

The ADS Configuration screen allows you to set up Active Directory Service (ADS).

To Configure ADS

1. Click the ADS Configuration tab from the User Management submenu.

The ADS Configuration screen appears (see FIGURE 5-23).

FIGURE 5-23 The ADS Configuration Screen

[ D ]

2. Browse for the Certificate on your local machine, and click Upload.

3. Provide the Primary and Secondary DNS addresses.

4. Enter the root_domain name.

5. Click Submit to save your settings.

Configuring Active Directory Service

The ADS Configuration screen enables you to browse and upload a certificate from Active Directory Service (ADS) for a Microsoft Windows environment. Administrators can simplify their tasks by monitoring multiple machines in one node using ADS.

To Configure Active Directory Service

1. Install Windows 2003 and make it the Domain Controller in an Active Directory environment.

2. Create and configure the DNS server.

3. Add a new user and set privilege level (administrator or user) in AD server.

4. Use Control Panel to access Add or Remove Programs, and click Add/Remove Windows Components.

The Windows Components Wizard appears.

5. In the list of components, in the Windows Components screen, click the check box to enable Certificate Services (see FIGURE 5-24).

FIGURE 5-24 Windows Components Screen

Screenshot of teh Windows Components screen.

6. Click Next to begin the Create CA Root Domain Certificate process.

This will requre IIS to be installed also.

7. In the CA Type screen of the Windows Components Wizard, select the type of CA you want to set up (see FIGURE 5-25).

FIGURE 5-25 CA Type Windows Components Wizard Screen

Screenshot of the CA Type Windows Components Wizard screen.

8. In the Public and Private Key Pair screen, select a cryptographic service provider (CSP), a hash algorithm, and settings for the key pair (see FIGURE 5-26).

FIGURE 5-26 Public and Private Key Pair Windows Components Wizard Screen

Screenshot of Public and Private Key Pair screen of the Windows Component Wizard.

9. Click Next.

10. In the CA Identifying Information screen, enter the necessary information to indentify this CA (FIGURE 5-27), and click Next.

FIGURE 5-27 CA Identifying Information Windows Components Wizard Screen

Screenshot of CA Idntifying Information screen of the Windows Components Wizard.

11. In the Certificate Database Settings screen, enter the locations for the certificate database, database log, and configuration information (see FIGURE 5-28).

FIGURE 5-28 Certificate Database Settings Windows Components Wizard Screen

Screenshot of Certificate Database Settings screen of the Windows Components Wizard.

12. To finish the Create CA Root Domain Certificate process, click Next.

13. To export the AD certificate, locate the net certificate for your Domain.

You will see a certificate called, C:/xxx.crt.

14. Double-click the Certificate.

The certificate screen appears.

FIGURE 5-29 The Certificate Information Screen

A screenshot of the Certificate Information screen.

15. Click the Details tab.

The Certificate Details screen appears (see FIGURE 5-30).

FIGURE 5-30 The Certificate Details Screen

A screenshot of the Certificate screen.

16. Click the Copy to File... button.

The Certificate Export Wizard screen appears (see FIGURE 5-31).

FIGURE 5-31 The Certificate Export Wizard Screen

A screenshot of the Certifcate Export Wizard screen.

17. Click Next.

The Export File Format screen appears.

FIGURE 5-32 The Export File Format

A screenshot showing the Certificate Export Wizard.

18. Under the heading Select the format that you want to use:, click the radio button for the second option, Base-64 Encoded X.509 (.CER).

19. Click Next.

The File to Export screen appears (see FIGURE 5-33)

FIGURE 5-33 The File to Export Screen

A screenshot showing the Certificate Export Wizard screen.

20. Name the file, ad.cer.

Note - DNS resolution issues might occur if the filename is incorrect.

Store this exported certificate in a shared folder of your choice.

21. Click Next.

The ad.cer file is exported to the shared folder.

22. To set the Certificate server to respond to the CA request automatically, open Default Domain Controller Security Settings.

23. Expand Public Key Policies, and in the Automatic Certificate Request Settings, create a new Computer entry from the supplied entry list.

24. Use a web browser to connect to an SP ELOM web GUI.

Enter the URL of the SP in the address bar.

25. Log in as root, or as a user with administrator privileges.

26. Click the User Management tab, and click the ADS Configuration submenu tab.

The ADS Configuration screen appears.

27. Upload the ad.cer file from the share network folder.

28. Enter the Primary, Secondary DNS and the Root Domain addresses.

29. Click Submit to save the configuration.

30. Log out of the web GUI.

Click the Logout button.

31. To test your configuration, log in as the new user created in the Active Directory structure.

Service Processor Maintenance

This section contains information about the ELOM Maintenance menu. The ELOM Maintenance menu allows you to perform basic service processor-related tasks. The Maintenance submenu consists of two screens:

Firmware Upgrade

Reset SP

This section contains the following sub-sections:

To Access the Maintenance Screens

To Upgrade Firmware

To Reset the Service Processor

To Access the Maintenance Screens

1. Login in to the ELOM using root, or another account that has Administrator privileges.

2. Click the Maintenance tab.

The Maintenance submenu appears (see FIGURE 5-34).

FIGURE 5-34 The Firmware Upgrade Screen

[ D ]

To Upgrade Firmware

1. Click the Firmware Upgrade tab.

The Firmware Upgrade screen appears (see FIGURE 5-35).

FIGURE 5-35 The Firmware Upgrade Screen

[ D ]

The screen contains an Enter Upgrade Mode Button, and displays the following informational message regarding the upgrade process:

A Firmware upgrade will cause the server and eLOM to be reset. An upgrade takes about 7 minutes to complete. eLOM will enter a special mode to load new firmware. No other tasks can be performed in eLOM until the firmware upgrade is complete and eLOM reset.

2. Click the Enter Upgrade Mode button.

An Upgrade Mode confirmation screen appears.

Caution - You will not be able to perform any tasks until the upgrade is complete and the Service Processor is rebooted.

3. Click OK at the Confirmation screen.

The Firmware Upgrade screen appears (see FIGURE 5-36).

FIGURE 5-36 The Firmware Upgrade Mode Screen: Method A Selected

[ D ]

The Firmware Upgrade Mode Screen presents you with two upgrade options:

Option A updates the firmware, clearing the system BIOS CMOS data and loading optimized defaults. Use this option if you want to clear previous BIOS settings. This option is accompanied by the following onscreen warning:

  **Warning**
  Performing this firmware update method will load the System BIOS   optimized defaults.
  Therefore, any customized changes to the system BIOS will need to   be re-configured
  ie. Some examples of customized settings:
  - OS set to Windows
  - NVRAID configured
  - Customized settings for performance
  etc...

Option B updates the firmware preserving the system BIOS data. Use this option if you want to preserve your system’s customized BIOS data. For example, you might use this option if you have your OS set to Windows, and do not want to reconfigure it. This option is accompanied by the following onscreen warning:

  ** Warning **
  Some firmware updates using this method might require user   intervention following the
  update after post. If this is not a viable option, please use the   other option above.

4. Click the radio button for the update option that you prefer.

5. Click Browse, and point to the file located on the Tools and Drivers CD/DVD in: /remoteflash/fwrev/filename

fwrev The directory of the firmware revision.

filename The name of the firmware update file.

6. Click Update.

The update process begins. After the upgrade process is complete, you will have to log out and log back in to the ELOM web-based interface.