C H A P T E R 1 |
Sun SPARC Enterprise M3000 Server Product Notes for XCP 1092 |
This document covers the XCP 1090, XCP 1091, and XCP 1092 firmware releases. This chapter contains the following sections:
The XCP 1091 release introduced support for the Active Directory and LDAP/SSL features. Some changes to these features were introduced in the XCP 1092 release. This section contains the latest information about these features.
Note - For security reasons, XSCF uses only LDAP over SSL to communicate with an Active Directory server or an LDAP/SSL server. |
Active Directory and LDAP/SSL each provide both authentication of user credentials and authorization of the user access level to networked resources. They use authentication to verify the identity of users before they can access system resources, and to grant specific access privileges to users in order to control their rights to access networked resources.
User privileges are either configured on XSCF or learned from a server based on each user’s group membership in a network domain. A user can belong to more than one group. Active Directory or LDAP/SSL authenticates users in the order in which the users’ domains are configured. (A user domain is the authentication domain used to authenticate a user.)
Once authenticated, user privileges can be determined in the following ways:
Three types of groups can be configured: administrator, operator, and custom. To configure an administrator or operator group, only group name is required.
An administrator group has platadm, useradm, and auditadm privileges associated with it. An operator group has platop and auditop privileges associated with it. To configure a custom group, both group name and privileges are required. For each type of group, up to five groups can be configured. A user assigned to more than one group receives the sum of all privileges associated with those groups.
To support these new features, two new configuration screens (Active Directory and LDAP/SSL) have been added to the Settings menu of the XSCF Web. Remote users can log in and use the XSCF Web once they have been authenticated by Active Directory or LDAP/SSL.
The commands setad(8) and showad(8) let you set and view the Active Directory configuration from the command line.
By default, Active Directory support is disabled. To enable Active Directory support, use the following command:
To disable Active Directory support, use the following command:
To show if Active Directory support is enabled or disabled, enter: :
Use the setad(8) command with its various parameters to configure AD. For example, you can use it to set up one primary and five alternate Active Directory servers, assign group names and privileges, configure a particular user domain, control logging of diagnostic messages, and more. User domain can be configured explicitly through the setad userdomain command on XSCF, or entered at login prompt using the form, user@domain.
See the setad(8) and showad(8) man pages, and the notes about these commands in TABLE 3-7.
The commands setldapssl(8) and showldapssl(8) let you set and view LDAP/SSL configuration from the command line. These commands do for LDAP/SSL what the setad(8) and showad(8) commands do for AD, and support many of the same parameters.
For more information, see the setldapssl(8) and showldapssl(8) man pages.
To support Active Directory and LDAP/SSL, the XCP 1091 release added a new system account named proxyuser. Before using the Active Directory or LDAP/SSL features, check to ensure that no user account of that name already exists. If one does, use the deleteuser(8) command to remove it, then reset XSCF before using these features.
Introduced in the XCP 1091 release, the Airflow indicator value indicates the volume of air exhausted from the M3000 server while it is running. The value does not include air emitted from peripheral devices.
Note - Airflow monitoring measurement values are for reference only. |
To display the amount of exhaust air, use the showenvironment air command.
For details of the showenvironment(8) command, refer to the man page. For installation details of the SPARC Enterprise M3000 server, see the SPARC Enterprise M3000 Server Site Planning Guide and the SPARC Enterprise M3000 Server Installation Guide.
You can also obtain the exhaust air data using the SNMP agent function. To obtain the data of exhaust air using the SNMP agent function, install the latest XSCF extension MIB definition file to the SNMP manager. For details on the XSCF extension MIB definition file, see the
SPARC Enterprise M3000/M4000/M5000/M8000/M9000 Servers XSCF User’s Guide.
Introduced in the XCP 1091 release, the power consumption monitoring function indicates the amount of power consumed while the SPARC Enterprise M3000 server is running. The value does not include that of peripheral devices.
To display the power consumption, use the showenvironment power command.
Note - Power measurements might be incorrect if taken during or shortly after server power-on or power-off, or during or shortly after replacement of the power supply. |
For details of the showenvironment(8) command, see the man page. For installation details of the SPARC Enterprise M3000 server, see the SPARC Enterprise M3000 Server Site Planning Guide.
You can also obtain the power consumption data using the SNMP agent function. To obtain the power consumption data using the SNMP agent function, install the latest XSCF extension MIB definition file to the SNMP manager. For details on the XSCF extension MIB definition file, see the SPARC Enterprise M3000/M4000/M5000/M8000/M9000 Servers XSCF User’s Guide.
For information about upgrading your firmware, see the Sun SPARC Enterprise M3000/M4000/M5000/M8000/M9000 Servers XSCF User’s Guide.
Note - After upgrading XCP firmware, use the rebootxscf(8) command to reset the XSCF. |
Downgrading your XCP firmware to an earlier release is not advised. However, if you must downgrade your XCP 1092 firmware to the XCP 1091 or XCP 1090 release, or your XCP 1091 release to the XCP 1090 version, execute the following command afterward to clear old-style audit logs:
The Solaris Operating System is preinstalled on new M3000 servers.
TABLE 1-1 lists the earliest firmware and operating system (OS) versions that are required in this release. ..
Solaris 10 10/08 - with the Solaris 10 10/09 Patch Bundle required. |
Note - As for all releases, installation of the SunAlert Patch Cluster is recommended. Also, note that the Solaris 10 10/09 Patch Bundle is also known as MU8. |
Many web browsers support the XSCF Web. The browsers in TABLE 1-2 have demonstrated compatibility with the XSCF Web through testing.
This section lists mandatory patches, patch bundles, and SunAlert patch clusters for the M3000 server. Always refer to the patch README for information about patch requirements and special installation instructions.
The patch identifiers listed in this section represent the minimum level of the patches that must be installed. The two-digit suffix represents the minimum revision level of the patch. Check http://sunsolve.sun.com for the latest patch revision. Apply patches in the order listed.
The Solaris 10 10/09 Patch Bundle is required, and the SunAlert Patch Cluster is recommended. See:
http://sunsolve.sun.com/show.do?target=patches/patch-access
The Solaris 10 10/09 Patch Bundle is required, and the SunAlert Patch Cluster is recommended. See:
http://sunsolve.sun.com/show.do?target=patches/patch-access
The Suns Connection Update Manager can be used to reinstall the patches if necessary or to update the system with the latest set of mandatory patches. For more information about the Sun Connection Update Manager, refer to the Sun Update Connection System Administration Guide at:
http://docs.sun.com/app/docs/prod/updconn.sys
http://wikis.sun.com/display/SunConnection/Update+Manager
Installation information and README files are included in the patch downloads.
Two options are available to register your system and to use the Sun Connection Update Manager to obtain the latest Solaris OS patches:
The following Emulex cards require drivers supplied in patch 120222-26 or later:
This section describes issues and limitations known at the time of this release.
Caution - You must complete the upgrades to the XCP firmware and to the Solaris OS before inserting SPARC 64 VII processors into the chassis. |
Note - Do not use the Service Processor (SP) as the Network Time Protocol (NTP) server. Using an independent NTP server provides optimal reliability in maintaining consistent time on the SP and the domains. For more information about NTP, see the Sun Blueprint document, Using NTP to Control and Synchronize System Clocks: http://www.sun.com/blueprints/0701/NTP.pdf |
http://wikis.sun.com/display/PlatformIoSupport/Home/
This section describes additional issues and limitations known at the time of this release.
The Sun Java Enterprise System software is a comprehensive set of software and life cycle services that make the most of your software investment. The software and installation instructions can be found at the following web address:
http://www.sun.com/software/javaenterprisesystem/index.jsp
The software might not include patches that are mandatory for your server. After installing the software, refer to Solaris Patch Requirements for information about checking for and installing required patches.
For an overview and documentation, go to:
http://www.sun.com/service/javaes/index.xml
Note - Due to an issue that arises from the installation of the Java Enterprise System 5 Update 1 on your system, it might be necessary to enable the WebConsole SMF service. |
In addition to the standard default login, M3000/M4000/M5000/M8000/M9000 servers are delivered with a temporary login called admin to enable remote initial login, through a serial port. The admin user privileges are fixed to useradm and cannot be changed. You cannot log in as temporary admin using the standard UNIX user name and password authentication or SSH public key authentication. The temporary admin account has no password, and one cannot be added for it.
The temporary admin account is disabled after someone logs in as the default user, or after someone logged in as temporary admin has successfully added the first user with valid password and privileges.
If, before the default login is used, you cannot log in as temporary admin, you can determine if someone else has done so by executing the showuser -l command.
The WAN boot installation method enables you to boot and install software over a wide area network (WAN) by using HTTP. To support booting the M3000 server from a WAN boot server, you must have the appropriate wanboot executable installed and OpenBoot version 4.24.10 or above to provide the needed hardware support.
For information about WAN boot servers, refer to the Solaris 10 Installation Guide: Network-Based Installations for the version of Solaris 10 OS that you are using. You can find Solaris 10 OS documentation here:
http://docs.sun.com/app/docs/prod/solaris.10
If you do not upgrade the wanboot executable, the server will panic, with messages similar to the following:
krtld: load_exec: fail to expand cpu/$CPU krtld: error during initial load/link phase panic - boot: exitto64 returned from client program |
Log in to a terminal as root, then type:
If you have to reload the software, go to the following web site for download and installation instructions:
http://www.sun.com/software/preinstall
If you download a fresh copy of software, that software might not include patches that are mandatory for your server. Before installing the software, refer to Solaris Patch Requirements for information about checking for and installing required patches.
2. Type the following command:
3. The following example reveals that DIMM number 0A on the Motherboard unit has degraded memory:
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.