C H A P T E R  12

Managing Remote Hosts Storage Redirection and Securing the ILOM Remote Console

Topics

Description

Links

Set up storage redirection to redirect storage devices

Configure the ILOM Remote Console Lock option



Related Topics

For ILOM

Chapter or Section

Guide

  • Concepts
  • Remote Host Management Options

Oracle Integrated Lights Out Manager (ILOM) 3.0 Concepts Guide (820-6410)

  • Web interface
  • Managing Remote Hosts Redirection and Securing the ILOM Remote Console

Oracle Integrated Lights Out Manager (ILOM) 3.0 Web Interface Procedures Guide (820-6411)

The ILOM 3.0 Documentation Collection is available at: http://docs.sun.com/app/docs/prod/int.lights.mgr30#hic.



Performing the Initial Setup Tasks for Storage Redirection


Step

Task

Description

Platform Feature Support

1

Ensure that all requirements are met prior to performing the initial setup procedures in this section.

  • x86 system server SP
  • SPARC system server SP

2

Start the Storage Redirection Service on your system.

- or-

3

Download and install the Storage Redirection Client.




Note - The Storage Redirection CLI in ILOM 3.0 is supported on all of Oracle’s Sun x86 processor-based servers, as well as some SPARC processor-based servers. This feature is not supported on chassis monitoring modules (CMMs) or x86 processor-based servers running ILOM 2.0.


Before You Begin

Prior to setting up your system for storage redirection, the following prerequisites must be met.



Note - If you do not have JAVA_HOME environment configured on your desktop, you might need to enter the full path



procedure icon  Start Storage Redirection Service Using Mozilla Firefox Web Browser

Follow these steps to specify the 32-bit JDK when starting the service for the Storage Redirection CLI using the Mozilla Firefox web browser.

1. Log in to the ILOM SP web interface.

2. Click Remote Control --> Redirection--> Launch Service.


A dialog appears indicating the file type chosen to start the service.

Storage Redirection Service

3. In the Opening jnlpgenerator-cli file dialog, do the following:

a. Specify one of the following options for accessing the 32-bit JDK file.

If you select this option, you will not need to subsequently sign in to the ILOM web interface to start the service. You will be able to start the service directly from a command window or terminal.

If you select this option, the jnlp file is not saved on your local system and you will need to subsequently sign in to the ILOM web interface to start the service prior to launching the Storage Redirection CLI.

b. (Optional) Select the check box for Do this automatically for files like this from now on then click OK.



Note - To prevent the Opening Jnlpgenerator-cli dialog from reappearing each time you start the service from the ILOM web interface, you can select (enable) the check box for Do this automatically for files like this from now on. However, if you choose to enable this option, you will no longer be able to display this dialog when starting the service or installing the service from the ILOM web interface.




Note - If, in the future, you need to modify the default communication port number (2121) shipped with the Storage Redirection feature, you will need to display the Opening Jnlpgenerator-cli dialog to save and edit the jnlpgenerator-cli file on your system. In this instance, it is not recommended that you select (enable) the option for Always perform this action when handling files of this type. For more information about changing the default port number, see View and Configure Serial Port Settings.


4. Perform one of the following actions:


If you chose in Step 3-a to:

Perform these steps:

Save the jnlpgenerator-cli file

  1. In the Save As dialog, save the jnlpgenerator-cli file to a location on your local system.
  2. To start the service from the command line, open a command window or terminal.
  3. Navigate to the location where the jnlpgenerator-cli file is installed, then issue the javaws rconsole.jnlp command to start the service.

For example:

-> cd <jnlp file location>javaws rconsole.jnlp 

- OR -

Run the service directly from the web interface

  • In the Warning Security dialog, click Run to start the Storage Redirection service.


procedure icon  Start Storage Redirection Service Using Internet Explorer (IE) Web Browser

Perform the following steps prior to starting the service for the Storage Redirection CLI feature in ILOM. These steps describe how to start the Storage Redirection Service after registering the 32-bit JDK file.

1. Prior to starting the Storage Redirection Service on your Windows system for the first time, you must register the 32-bit JDK file by following these steps:

a. On the Windows client, open Windows Explorer (not Internet Explorer).

b. In the Windows Explorer dialog, select Tools --> Folder Options then select the Files Types tab.

c. In the Files Types tab, do the following:

2. To start the Storage Redirection Service (after registering the 32-bit JDK file), do the following:

a. Log in to the ILOM SP web interface.

b. Click Remote Control --> Redirection--> Launch Service.

The Opening Jnlpgenerator-cli dialog appears.


Storage Redirection Service

c. In the Opening Jnlpgenerator-cli dialog, perform one of the following actions:

If you select this option, you will not need to subsequently sign in to the ILOM web interface to start the service. You will be able to start the service directly from a command window or terminal.

If you select this option, the jnlp file is not saved on your local system and you will need to subsequently sign in to the ILOM web interface to start the service prior to launching the Storage Redirection CLI.



Note - To prevent the Opening Jnlpgenerator-cli dialog from reappearing each time you start the service from the ILOM web interface, you can select (enable) the check box for Always perform this action when handling files of this type. However, if you choose to enable this option, you will no longer be able to display this dialog when starting the service or installing the service from the ILOM web interface.




Note - If, in the future, you need to modify the default communication port number (2121) shipped with the Storage Redirection feature, you will need to display the Opening Jnlpgenerator-cli dialog to save and edit the jnlpgenerator-cli file on your system. In this instance, it is not recommended that you select (enable) the option for Always perform this action when handling files of this type. For more information about changing the default port number, see View and Configure Serial Port Settings.


d. Perform one of the following actions:


If you chose in Step C to:

Perform these steps:

Save the jnlpgenerator-cli file

  1. In the Save As dialog, save the jnlpgenerator-cli file to a location on your local system.
  2. To start the service from the command line, open a command window or terminal.
  3. Navigate to the location where the jnlpgenerator-cli file is installed, then issue the javaws rconsole.jnlp command to start the service.

For example:

-> cd <jnlp file location>javaws rconsole.jnlp 

- OR -

Run the service directly from the web interface

  • In the Warning Security dialog, click Run to start the Storage Redirection service.

If the Storage Redirection service fails to start, an error message appears informing you of an error condition. Otherwise, if an error message did not appear, the service is started and is waiting for user input.


procedure icon  Download and Install the Storage Redirection Client

Follow these steps to download and install the Storage Redirection client on your local system.



Note - The Storage Redirection client is a one-time client installation.


1. In the ILOM SP web interface, select Remote Control --> Redirection.

The Launch Redirection page appears.

2. Click Download Client.

The Opening StorageRedir.jar dialog appears.


Storage Redirection Download

3. In the Opening StorageRedir.jar dialog, click Save it to Disk, then click OK.

The Save As dialog appears.



Note - If you do not want the Opening StorageRedir dialog to reappear when installing the .jar file on other remote clients, you can select (enable) the check box for Always perform this action when handling files of this type. However, if you choose to enable this option, you will no longer be able to display this dialog (Opening StorageRedir) in the future when downloading the .jar file.


4. In the Save As dialog, save the StorageRedir.jar file to a location on your local system.


Launching the Storage Redirection CLI to Redirect Storage Devices


Step

Task

Links

Platform Feature Support

1

Ensure that all requirements are met before using the Storage Redirection CLI

  • x86 system server SP
  • SPARC system server SP

2

Launch the Storage Redirection CLI

3

If applicable, verify that Storage Redirection Service is running

4

If applicable, display command-line Help; or learn more about the Storage Redirection command-line modes, syntax, and usage

5

Redirect a storage device from the CLI

6

View a list of active storage devices

7

Stop the redirection of a storage device


Before You Begin

The following requirements must be met prior to performing the procedures in this section.



Note - Any user with a valid user account in ILOM can launch the Storage Redirection CLI (from a command window or terminal) and verify the status of the the service, or view the occurrence of an active storage redirection.



procedure icon  Launch Storage Redirection CLI Using a Command Window or Terminal



Note - Prior to launching the Storage Redirection CLI, you must have started the Storage Redirection Service. For instructions for launching the service, see Start Storage Redirection Service Using Mozilla Firefox Web Browser.


1. Open a command-line interface.

For example:

2. Perform one of the following actions:

a. In the command-line interface, navigate to the directory where the Storage Redirection client (StorageRedir.jar) was installed using the cd command.

For example:

cd <my_settings>/<storage_redirect_directory>

b. At the directory prompt, enter the following command to launch the Storage Redirection CLI.

java -jar StorageRedir.jar

For example:

C:\Documents and Settings\<redirectstorage>java -jar StorageRedir.jar

The <storageredir> prompt appears.



Note - If you are using Windows, you must specify an uppercase letter for target drive directory. For example, if you are using an Cdrive location, you need to specify C:\ instead of c:\.


a. In the command-line interface, enter the command to launch the Storage Redirection CLI (java -jar StorageRedir.jar) at the shell prompt ($).

$ java -jar StorageRedir.jar


Note - If you do not have a JAVA_HOME environment configured, you might need to use the full path to your Java binary. For example, if your JDK package was installed under /home/user_name/jdk then you would type: /home/user_name/jdk/bin/java -jar ...




Note - If the Storage Redirection CLI fails to launch, a detailed error message appears explaining the error condition. Otherwise, the Storage Redirection CLI is ready for user input.



procedure icon  Verify the Storage Redirection Service Is Running



Note - The following procedure assumes that you have already launched the Storage Redirection CLI from a command window or terminal. For instructions for launching the Storage Redirection CLI, see Launch Storage Redirection CLI Using a Command Window or Terminal.


single-step bullet  At the <storageredir> prompt, type the following command to verify that the Storage Redirection service is active:

test-service

For example:

<storageredir> test-service

Alternatively, you could enter this same command (test-service) using the non-interactive shell mode syntax. For more information, see Storage Redirection Command-Line Modes, Syntax, and Usage.

A message appears stating whether the service connection passed or failed.



Note - If the service connection fails, you will need to start the Storage Redirection Service from the ILOM web interface or from a command window (if the service was installed) by issuing the javaws rconsole.jnlp command. For details, see Start Storage Redirection Service Using Mozilla Firefox Web Browser.



procedure icon  Display Storage Redirection CLI Help Information



Note - The following procedure assumes that you have already launched the Storage Redirection CLI from a command window or terminal. For instructions for launching the Storage Redirection CLI, see Launch Storage Redirection CLI Using a Command Window or Terminal.


single-step bullet  At the <storageredir> prompt, type the following command to display the command-line help:

help

For example:

<storageredir> help

The following information about the command syntax and usage appears:


Usage:

list [-p storageredir_port] [remote_SP]

start -r redir_type -t redir_type_path

-u remote_username [-s remote_user_password]

[-p storageredir_port] remote_SP

stop -r redir_type -u remote_username

[-s remote_user_password] [-p storageredir_port] remote_SP

stop-service [-p storageredir_port]

test-service [-p storageredir_port]

help

version

quit


Alternatively, you could enter this same command (help) using the non-interactive shell mode syntax. For more information, see Storage Redirection Command-Line Modes, Syntax, and Usage.


procedure icon  Start Redirection of Storage Device



Note - The following procedure assumes that you have already launched the Storage Redirection CLI from a command window or terminal. For instructions for launching the Storage Redirection CLI, see Launch Storage Redirection CLI Using a Command Window or Terminal.




Note - Commands shown in the following procedure should be entered as one continuous string.




Note - On Windows systems, both uppercase letter 'C:\' and lowercase letter 'c:\' are accepted for cdrom and floppy image redirection. However, only uppercase letter ('D:\', 'A:\') are accepted for both cdrom drive and floppy drive redirection.


single-step bullet  At the <storageredir> prompt, type the start command followed by the commands and properties for the redirection device type, path to device, remote SP user_name and password, and the IP address of the remote SP.

For example:

<storageredir> start -r redir_type -t redir_type_path -u remote_username [-s remote_user_password] [-p non_default_storageredir_port] remote_SP_IP


Note - If you are using Windows, you must specify an uppercase letter for the drive path. For example, if you are using an A drive location, you need to specify A:\ instead of a:\ in the drive path.


Alternatively, you could enter this same command (start) using the non-interactive shell mode syntax. For more information, see Storage Redirection Command-Line Modes, Syntax, and Usage.



Note - You must specify a valid Admin or Console role account (-u remote_username [-s remote_user_password]) to start the redirection of a storage device on a remote server. If you do not specify the password command (-s remote_user_password), the system will automatically prompt you for it.



procedure icon  View Active Storage Redirections



Note - The following procedure assumes that you have already launched the Storage Redirection CLI from a command window or terminal. For instructions for launching the Storage Redirection CLI, see Launch Storage Redirection CLI Using a Command Window or Terminal.


single-step bullet  At the <storageredir> prompt, type the list command followed by the sub-commands and properties for any non-default storage redirection port(s) and the IP address(es) of the remote host server SP.

For example:

<storageredir> list [-p non_default _storageredir_port] remote_SP

Alternatively, you could enter this same command (list) using the non-interactive shell mode syntax. For more information, see Storage Redirection Command-Line Modes, Syntax, and Usage.

A list appears identifying the active storage redirections for each server SP specified.


procedure icon  Stop Redirection of Storage Device



Note - The following procedure assumes that you have already launched the Storage Redirection CLI from a command window or terminal. For instructions for launching the Storage Redirection CLI, see Launch Storage Redirection CLI Using a Command Window or Terminal.




Note - Commands shown in the following procedure should be entered as one continuous string.


single-step bullet  At the <storageredir> prompt, type the stop command followed by the commands and properties for the: storage device type, remote SP user name and password, storage redirection port and the IP address of the remote host server SP.

For example:

<storageredir> stop -r redir_type -u remote_username [-s remote_user_password] [-p non_defult_storageredir_port] remote_SP

Alternatively, you could enter this same command (stop) using the non-interactive shell mode syntax. For more information, see Storage Redirection Command-Line Modes, Syntax, and Usage.



Note - You must specify a valid Admin or Console role account (-u remote_username [-s remote_user_password]) to stop the redirection of a storage device on a remote server. If you do not specify the password command (-s remote_user_password) the system will automatically prompt you for it.



procedure icon  Change the Default Storage Redirection Network Port: 2121

1. In the ILOM SP web interface, select Remote Control --> Redirection.

The Launch Redirection page appears.

2. Click Launch Service.

The Opening Jnlpgenerator-cli dialog appears.


Download Jnlpgenerator-cli

3. In the Opening Jnlpgenerator-cli dialog, select Save it to disk, then click OK.

The Save As dialog appears.

4. In the Save As dialog, specify the location where you want to save the jnlpgenerator-cli file.

5. Open the jnlpgenerator-cli file using a text editor and modify the port number referenced in this file.

For example:

<application-desc>
<argument>cli</argument>
<argument>2121</argument>
</application-desc>

In the <application-desc> you can change the second argument to any port number that you want to use.

6. Save the changes you made and close the jnlpgenerator-cli file.

7. Use the javaws to start the Storage Redirection service from your local client.

For example:

javaws jnlpgenerator-cli



Note - If you do not use the default port number provided, you must always identify the non-default port number in the Storage Redirection command-line interface when starting, stopping or viewing storage redirections.



Securing the ILOM Remote Console


Topics

Description

Links

Platform Feature Support

Before you begin

  • x86 system server SP
  • SPARC system server SP
  • CMM

Configure the ILOM Remote Console Lock option


Before You Begin

Prior to configuring the ILOM Remote Console Lock option, the following prerequisites must be met:


procedure icon  Edit the ILOM Remote Console Lock Option

1. Log in to the ILOM SP CLI or the CMM CLI.



Note - When logging in to the CMM CLI, navigate to the SP target where you want to enable or disable the KVMS lock option for the ILOM Remote Console.


2. To view all the possible properties associated with the management of the SP KVMS services, type:

-> help /SP/services/kvms

The following sample output appears:


/SP/services/kvms : Management of the KVMS service
    Targets:
 
    Properties:
        custom_lock_key : KVMS custom lock key
        custom_lock_key : Possible values = esc, end, tab, ins, del, home, enter, space, break, backspace, pg_up, pg_down, scrl_lck, sys_rq, num_plus, num_minus, f1, f2, f3, f4, f5, f6, f7, f8, f9, f10, f11, f12, a-z, 0-9, !, @, #, $, %, ^, &, *, (, ), -, _, =, +,‚ |, ~, ‘, [, {, ], }, ;, :, ’, ", <, ., >, /, ?
        custom_lock_key : User role required for set = c
 
        custom_lock_modifiers : KVMS custom lock modifiers
        custom_lock_modifiers : Possible values = l_alt, r_alt, l_shift, r_shift, l_ctrl, r_ctrl, l_gui, r_gui
        custom_lock_modifiers : User role required for set = c
 
        lockmode : KVMS lock mode
        lockmode : Possible values = disabled, windows, custom
        lockmode : User role required for set = c
 
        mousemode : KVMS mouse mode
        mousemode : Possible values = absolute, relative
        mousemode : User role required for set = c
 
        servicestate : KVMS service state
        servicestate : Possible values = enabled, disabled
        servicestate : User role required for set = a

3. Perform any of the following tasks using either the cd, set, or show commands to manage the SP KVMS target properties.


Task

Instructions

Navigate to the KVMS target.

  • To navigate to the KVMS target, type the following command:

-> cd /SP/services/kvms

Note - You must navigate to the KVMS target prior to enabling or disabling the KVMS lock mode options.

Display the KVMS lock mode properties.

  • To display the KVMS lock mode properties, type the following command:

-> show

The target, properties, and commands that are associated with the management of the SP KVMS service appear.

Disable the ILOM Remote Console lock mode feature.

  • To disable the ILOM Remote Console lock mode feature, type the following command:

-> set lockmode=disabled

Enable the standard Windows host lock mode feature.

  • To enable the standard lock mode feature on a Windows system, type the following command:

-> set lockmode=windows

Enable the custom host lock mode feature.

  • To enable the custom lock mode feature on a Linux, Solaris, or Windows system, type following commands:

-> set lockmode=custom

-> set custom_lock_key=<specify a custom lock key>

-> set lock_modifiers=<specify up to four custom lock modifiers>

Note - Each custom lock modifier specified must be separated by a comma.


Enabled Custom Lock Mode Example

In this example, you have defined, in your host OS, the following custom keyboard shortcut sequence to log you off the operating system:

<shift><control><backspace>

To implement the above custom keyboard shortcut sequence while exiting an ILOM Remote Console session, the following KVMS properties would be set in the ILOM CLI:


/SP/services/kvms
    Targets:
 
    Properties:
        custom_lock_key = backspace
        custom_lock_modifiers = l_shift, l_ctrl
        lockmode = custom
        mousemode = absolute
        servicestate = enabled