Hitachi Compute Blade 500 Series

Transcription

1 Hitachi Compute Blade 500 Series Management Module Setup Guide Document Organization Product Version Getting Help Contents MK-91CB

2 Hitachi, Ltd. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, or stored in a database or retrieval system for any purpose without the express written permission of Hitachi, Ltd. Hitachi, Ltd., reserves the right to make changes to this document at any time without notice and assumes no responsibility for its use. This document contains the most current information available at the time of publication. When new or revised information becomes available, this entire document will be updated and distributed to all registered users. Some of the features described in this document might not be currently available. Refer to the most recent product announcement for information about feature and product availability, or contact Hitachi Data Systems Corporation at Notice: Hitachi, Ltd., products and services can be ordered only under the terms and conditions of the applicable Hitachi Data Systems Corporation agreements. The use of Hitachi, Ltd., products is governed by the terms of your agreements with Hitachi Data Systems Corporation. Hitachi is a registered trademark of Hitachi, Ltd., in the United States and other countries. Hitachi Data Systems is a registered trademark and service mark of Hitachi, Ltd., in the United States and other countries. Archivas, Essential NAS Platform, HiCommand, Hi-Track, ShadowImage, Tagmaserve, Tagmasoft, Tagmasolve, Tagmastore, TrueCopy, Universal Star Network, and Universal Storage Platform are registered trademarks of Hitachi Data Systems Corporation. AIX, AS/400, DB2, Domino, DS6000, DS8000, Enterprise Storage Server, ESCON, FICON, FlashCopy, IBM, Lotus, MVS, OS/390, RS6000, S/390, System z9, System z10, Tivoli, VM/ESA, z/os, z9, z10, zseries, z/vm, and z/vse are registered trademarks or trademarks of International Business Machines Corporation. All other trademarks, service marks, and company names in this document or website are properties of their respective owners. Microsoft product screen shots are reprinted with permission from Microsoft Corporation. ii

3 Contents Preface... ix Intended Audience... x Product Version... x Release Notes... x Document Organization... x Referenced Documents... x Document Conventions... xi Convention for storage capacity values... xii Getting Help... xiii Comments... xiii 1 Management module overview Overview Connecting management module External interface of management module Connecting cables to management module Function list Functional detail User management Account and password Account Setting password expiration dates Role overview Role configuration LCD touch console Time settings Time settings for management module NTP server cooperation Time control for system unit Network Features available for management interface Management LAN Internal network Switch module connection to management interface iii

4 Setting connection procedure IP address Network re-configuration after management module failure Link Fault Tolerance (LFT) Security Features and protocol provided by management module and BMC Security strength Security strength and features Feature comparison by the Security strength TLS/SSL version settings IP address restriction Authentication encryption setting System unit settings Chassis ID Language Power supply control Turning on system unit Turning off system unit Operating power supply for server blade Operating power supply for switch module Server blade operation setting when power failure recovery Remote control for server blade Using remote console Using OS console Preparation for using OS console OS console operations Restriction for using OS console Identification LED (LID) operation Each module configuration Configurable modules from management module Server blade (BMC settings) Server blade (UEFI settings) Hitachi LAN switch module settings Hitachi Fibre Channel mezzanine card settings WWN and MAC addresses Various WWN and MAC addresses Selecting WWN and MAC addresses in basic mode Selecting WWN and MAC address in LP mode Relation between N+M cold standby and WWN and MAC address Initializing Optional Physical WWN and MAC address Confirmation for WWN and MAC address Change log for Optional Physical WWN and MAC address Viewing the host information of the server blade ServerConductor/Blade Server Manager BSM setting HCSM linkage HCSM discovery HCSM options N+M cold standby N+M cold standby overview N+M cold standby structure HA monitor linkage iv

5 HA monitor overview Setting up a system failover configuration LDAP Server Linkage Overview Supported LDAP server Active Directory Setting Settings for Server Blades and Management Modules RADIUS authentication Overview Supported RADIUS servers Settings for RADIUS servers Settings for management modules Checking RADIUS server connection Digital Certificates for Web Console Overview Digital Certificate Specifications Procedures to Use Digital Certificates Procedures to Use Digital Certificates LPAR manager cooperation function Initializing LPAR manager Selecting LPAR manager firmware Confirming virtual WWN Confirming virtual MAC address Turning on server blade Configuring LPAR Saving LPAR manager configuration information Assigning USB device to existing LPAR Setting LPAR boot order Activating LPAR Opening remote console Reactivating LPAR Deactivating LPAR Changing LPAR configuration Removing LPAR Rebooting LPAR manager Shutting down LPAR manager Backing up LPAR manager configuration information Restoring LPAR manager configuration information Initializing LPAR manager configuration Upgrading LPAR manager model Updating LPAR manager firmware Uninstalling LPAR manager firmware Collecting LP dump logs with LPAR manager in operation Power saving function Managing power control function Emergency power control Accurate power control Disabling power capping for server blade Power supply expansion Monitoring power consumption Setting forced power off order for server blades Power supply module optimization v

6 DCMI function DCMI overview Server blades that support DCMI Setting the DCMI mode DCMI commands Silent mode function Silent mode function overview SNMP function SNMP function overview Requirement Configuring SNMP Notification by Overview Requirement Notification by specification Setting notification by Testing configuration (by sending current status) Syslog transfer Overview Audit events to transfer Log format Using Syslog transfer Banner feature Login banner feature USB port disabling function Import function Import overview Import execution Import file format and modification Troubleshoot in import failure Log Confirmable log files from management module Dump log Operation log and audit log Operation log and audit log messages Firmware Updating firmware from the management module Updating Management module firmware/dictionary/equipment parameter Updating server blade firmware Backing up and restoring settings Possible to save and restore configuration Management module setting Hitachi Fibre Channel mezzanine card settings LPAR manager configuration CBTP Overview Starting CBTP from the management module Software license information Software license information vi

7 A HCSM alert log message... A-1 HCSM alert log message... A-2 vii

8 viii

9 Preface This document describes how to use the Compute Blade 500 series. Notice: The use of Compute Blade 500 series and all other Hitachi Data Systems products is governed by the terms of your agreement(s) with Hitachi Data Systems. This preface includes the following information: Intended Audience Product Version Release Notes Document Organization Referenced Documents Document Conventions Convention for storage capacity values Getting Help Comments Preface ix

10 Intended Audience This document is intended for the personnel who are involved in planning, managing, and performing the tasks to prepare your site for Compute Blade installation and to install the same. This document assumes the following: The reader has a background in hardware installation of computer systems. The reader is familiar with the location where the Compute Blade will be installed, including knowledge of physical characteristics, power systems and specifications, and environmental specifications. Product Version This document revision applies to CB 520X B2. Release Notes Read the release notes before installing and using this product. They may contain requirements or restrictions that are not fully described in this document or updates or corrections to this document. Document Organization The table below provides an overview of the contents and organization of this document. Click the chapter title in the left column to go to that chapter. The first page of each chapter provides links to the sections in that chapter. Chapter Chapter 1, Management module overview Chapter 2, Functional detail Chapter 3, Software license information Appendix A, HCSM alert log message Description Describes the management module overview. Describes function of the management module in detail. Describes software license information of management module. Describes HCSM alert log message. Referenced Documents Hitachi Compute Blade 500 Series CLI Console User's Guide, MK-91CB Hitachi Compute Blade 500 Series EFI User's Guide, MK-91CB Hitachi Compute Systems Manager Function Release Schedule (FRS) x Preface

11 Hitachi Compute Systems Manager Software (HCSM) User Guide, MK-91HC194 Hitachi Gigabit Fibre Channel Adapter User's Guide (BIOS/EFI Edition), MK-99COM009 Hitachi Compute Blade 500 Series LCD Touch Console User's Guide, MK-91CB Hitachi Compute Blade 500 Series Logical partitioning manager User's Guide, MK-91CB Hitachi Compute Blade 500 Series MIB User's Guide, MK-91CB OneCommandManager Guide, MK-91CB Hitachi Compute Blade 500 Series Remote console user guide, MK-91CB Hitachi Compute Blade 500 Series Server Blade Setup Guide, MK-91CB Hitachi Compute Blade 500 Series System Overview Guide, MK-91CB Hitachi Compute Blade 500 Series System Service Manual, FE-91CB Hitachi Compute Blade 500 Series Web Console User's Guide, MK-91CB The following documents are described as HVM Navigator User's Guide in this manual. Hitachi Compute Blade HVM Navigator User's Guide - Getting Started, MK-99COM022 Hitachi Compute Blade HVM Navigator Installation Manual, MK-99COM023 Hitachi Compute Blade HVM Navigator User's Guide Migration, MK-99COM024 Hitachi Compute Blade HVM Navigator User's Guide Monitoring, MK-99COM025 Hitachi Compute Blade HVM Navigator User's Guide - Operation Quick Reference, MK-99COM026 Hitachi Compute Blade HVM Navigator User's Guide Viewer, MK-99COM027 Hitachi Compute Blade HVM Navigator User's Guide - LPAR Configuration, MK-99COM042 Document Conventions This term "Compute Blade" refers to all the models of the Compute Blade, unless otherwise noted. The Hitachi Virtualization Manager (HVM) name has been changed to Hitachi logical partitioning manager (LPAR manager, or LP). If you are using HVM Preface xi

12 based logical partitioning feature, substitute references to Hitachi logical partitioning manager (LPAR manager, or LP) with HVM. This document uses the following typographic conventions: Convention Regular text bold Italic Screen text Description In text: keyboard key, parameter name, property name, hardware labels, hardware button, hardware switch. In a procedure: user interface item Variable, emphasis, reference to document title, called-out term Command name and option, drive name, file name, folder name, directory name, code, file content, system and application output, user input < > (angled brackets) Variable (used when italic is not enough to identify variable). [ ] (square bracket) Optional values { } braces Required or expected value vertical bar Choice between two or more options or arguments This document uses the following icons to draw attention to information: Icon Meaning Description WARNING CAUTION NOTICE Note Tip This indicates the presence of a potential risk that might cause death or severe injury. This indicates the presence of a potential risk that might cause relatively mild or moderate injury. This indicates the presence of a potential risk that might cause severe damage to the equipment and/or damage to surrounding properties. This indicates notes not directly related to injury or severe damage to equipment. This indicates advice on how to make the best use of the equipment. Convention for storage capacity values Physical storage capacity values (for example, disk drive capacity) are calculated based on the following values: Physical capacity unit Value 1 kilobyte (KB) 1,000 (10 3 ) bytes 1 megabyte (MB) 1,000 KB or 1,000 2 bytes 1 gigabyte (GB) 1,000 MB or 1,000 3 bytes xii Preface

13 Physical capacity unit Value 1 terabyte (TB) 1,000 GB or 1,000 4 bytes 1 petabyte (PB) 1,000 TB or 1,000 5 bytes 1 exabyte (EB) 1,000 PB or 1,000 6 bytes Logical storage capacity values (for example, logical device capacity) are calculated based on the following values: Logical capacity unit Value 1 block 512 bytes 1 KB 1,024 (2 10 ) bytes 1 MB 1,024 KB or 1,024 2 bytes 1 GB 1,024 MB or 1,024 3 bytes 1 TB 1,024 GB or 1,024 4 bytes 1 PB 1,024 TB or 1,024 5 bytes 1 EB 1,024 PB or 1,024 6 bytes Getting Help The Hitachi Data Systems customer support staff is available 24 hours a day, seven days a week. If you need technical support, log on to the Hitachi Data Systems Portal for contact information: Comments Please send us your comments on this document: doc.comments@hds.com. Include the document title and number including the revision level (for example, -07), and refer to specific sections and paragraphs whenever possible. All comments become the property of Hitachi Data Systems Corporation. Thank you! Preface xiii

14 xiv Preface

15 1 Management module overview This chapter describes the management module overview. Overview Connecting management module Function list Management module overview 1-1

16 Overview The management module is a hardware that manages a whole system unit such as controlling the system unit and monitoring environment. This guide describes various setup procedure of the system unit using the management module with other devices. The management module controls and monitors server blades, switch modules, power supply modules, and fan modules in the system unit. When a failure is detected in the system unit, the management module can notify failure to the system administrator using , SNMP, or something. When managing the system unit with the Management Server (ServerConductor/Blade Server Manager), you can realize functions, such as operating-status management, notifying alerts, and N+M cold standby, by cooperation between the management module and ServerConductor/Blade Server Manager. The management module provides the console that displays the status of the system unit and set up the system unit. The following three kinds of console are available. Web console For details, see the Hitachi Compute Blade 500 Series Web Console User's Guide. Command Line Interface (CLI) console For details, see the Hitachi Compute Blade 500 Series CLI Console User's Guide. Liquid Crystal Display (LCD) touch console For details, see the Hitachi Compute Blade 500 Series LCD Touch Console User's Guide. When using the LCD touch console, you can set up the system unit without the system console. For details about using each consoles, see the each consoles' user's guides. You can run integrated setup of the server blades and switch modules through the management module console. When you connect the management module console, you can set up each module in the system unit seamlessly without connecting other consoles. Connecting management module This section describes external interfaces and cable connection. External interface of management module The management module provides Management LAN port #0 (MGMT0), Management LAN port #1 (MGMT1), Maintenance LAN port (MAINT), and a Serial port (SER). 1-2 Management module overview

17 Figure 1-1 Port location of management module Table 1-1 Port type of management module Port name Management LAN port (MGMT0) Management LAN port (MGMT1) Maintenance LAN port (MAINT) Serial port (SER) Specification This port is connected to the management LAN. For the factory default setting, this port is connected to the management LAN. This port is connected to the management LAN. For the factory default setting, this port cannot be connected to the management LAN. For details, see Network on page This port is dedicated for customer engineers for maintenance purposes. The user can not use this port. This serial port is for the system console. Use this port for the initial setting. You can also use this port when the LAN port cannot be used or the system unit is performed initial setting. Tip: You need to prepare following items for LAN port connection. System console UTP cable (UTP-5 or higher) Client software for HTTP, Telnet, or SSH The following table describes specification of the factory default network settings for management module, which are required to connect to HTTP, Telnet, or SSH. Table 1-2 Network settings for management module (factory default settings) Item Specification IP address Management module overview 1-3

18 Item Specification Subnet mask HTTPS HTTP SSH telnet Available Available Available Available The network settings can be changed through the management module console. Tip: You need to prepare following items for serial port connection. System console Serial cable (RS-232C cross cable D-SUB 9-pin female-female connector) VT100 Terminal software (Hyper terminal or something) When connecting the serial port of the management module, the following table describes the communication parameter setting for the terminal software. Table 1-3 Communication parameters settings for terminal software Item Specification Communication speed Data Parity Stop bit Flow control 9600 bps 8 bit N/A 1 bit N/A The communication speed can be configured to change through the management module console. When setting the serial port communication speed, use the active management module, which causes the standby management module to have the same setting values. You need to log out of the serial port connection, from the active and standby respectively, to reflect the new serial port communication speed on the system unit. If changing a serial port communication speed when logging in via serial port, log out of the connection once. If changing a serial port communication speed when logging in via LAN port, not serial port, log in with the previous communication speed and then log out. The new communication speed will take effect at the next login. Tip: The web console is not available through the serial port. 1-4 Management module overview

19 Connecting cables to management module Connecting LAN cable This subsection describes cable connection between a management console and a system console. Connect the MGMT0 port of management module at the rear side of the system unit and the system console with a LAN cable. When two management modules are installed, connect the cable to the management module on which the MSR LED emits in green. Figure 1-2 Connecting management module to system console (with LAN cable) Note: Connecting serial cable Complete a network configuration of the system unit before connecting a cable to the management module. When a device with the same IP address as that for the management module or other modules exists on the network, a failure occurs on the system unit when you connect the management module to the network. Management module need to connect with an external LAN switch while using in LP mode. For details, see the Hitachi Compute Blade 500 Series Server Blade Setup Guide. Tip: The LAN port for system console supports the Auto-MDI/MDIX. So both straight or cross cables can be used. The communication speed is automatically selected from 10, 100, or 1000Mbps. Connect the serial port of management module at the rear side of the system unit and the system console with a RS-232C cross cable (D-SUB 9-pin female-female connector). When two management modules are installed, connect the cable to the management module on which the MSR LED emits in green. Management module overview 1-5

20 Figure 1-3 Connecting management module to system console (with serial cable) Tip: Use the RS-232C crosses cable (D-SUB 9-pin female-female connector) to connect system console. The communication speed of factory default settings is 9600 bps. Function list The following list describes the main functions supported by management module. For details, click the headings in the list. Table 1-4 Main functions Heading Sub-heading Web console CLI console LCD touch console User management Account Y Y Role configuration Y Y LCD touch console PIN Y Y Time settings Time settings for management module NTP server cooperation Y Y Y Y Network Internal network Y Switch module connection to management interface Y Y Setting connection procedure Connecting management interface from MGMT1 Connecting with Tag-VLAN to management interface Y Y 1-6 Management module overview

21 Heading Sub-heading Web console CLI console LCD touch console IP address Management Y Y Y module 1 Server blade 1 Y Y Switch module 1 Y Y Link Fault Tolerance (LFT) Y Security Security strength Y Y TLS/SSL version settings Y Y IP address restriction 1 Y Y Y Authentication encryption setting Y System unit settings Power supply control Chassis ID Y Y Language Y Y Turning off system unit Y Y Y Operating power supply for server blade Y Y Operating power supply for switch module Server blade operation setting when power failure recovery Y Y Remote control for server blade Identification LED (LID) operation Starting from Web console Y Using OS console Y Front panel Y Y Y Management module Y Y Y Server blade Y Y Y Identification LED (LID) operation Each modules configuration Switch module Y Y Y Server blade (BMC settings) Y Y Server blade (UEFI settings) Y Hitachi LAN switch module settings Y Link to Web console of Brocade 8 Gb/sec Fibre Channel switch module and Brocade 16 Gb/sec Fibre Channel switch module Y WWN and MAC addresses Link to CLI console of switch module Selecting WWN and MAC addresses in basic mode Y Y Y Management module overview 1-7

22 Heading Sub-heading Web console CLI console LCD touch console Initializing Optional Physical WWN and MAC address Y Confirmation for WWN and MAC address Y Change log for Optional Physical WWN and MAC address Y Y Viewing the host information of the server blade Y ServerConductor/ Blade Server Manager BSM setting Y HCSM Linkage HCS discovery Y Y HCSM options Y Y N+M cold standby Smart Configure of opportunity Y Enabling N+M cold standby Y Testing N+M cold standby failover Y UPS connection setting for N+M cold standby setting Y RADIUS authentication LPAR manager cooperation function Settings for management modules Y Checking RADIUS server connection Initializing LPAR manager Y Selecting LPAR manager firmware Y Y Confirming virtual WWN Y Confirming virtual MAC address Y Turning on server blade Y Configuring LPAR Y Saving LPAR manager configuration information Assigning USB device to existing LPAR Y Y Setting LPAR boot order Y Activating LPAR Y Opening remote console Y Reactivating LPAR Y Deactivating LPAR Y Changing LPAR configuration Y 1-8 Management module overview

23 Heading Sub-heading Web console CLI console LCD touch console Removing LPAR Y Rebooting LPAR manager Y Shutting down LPAR manager Y Backing up LPAR manager configuration information Restoring LPAR manager configuration information Initializing LPAR manager configuration Y Y Y Upgrading LPAR manager model Y Updating LPAR manager firmware Y Uninstalling LPAR manager firmware Collecting LP dump logs with LPAR manager in operation Y Y Power saving function Emergency power control Y Accurate power control Y Enabling power capping for server blade Y Monitoring power consumption Y Setting forced power off order for server blades Y Power supply module optimization Y Y Silent mode function Silent mode function overview Y SNMP function Setting SNMP function Y Y Notification by E- mail Setting notification by Y Y Testing configuration Y Y Import function Creating import file Y Y Log System event log Y Y MAR log Y Y Operation log Y Environment log Y Y Dump log Y Y Y Firmware Updating Management module firmware/dictionary/equipment parameter Y Y Y Management module overview 1-9

24 Heading Sub-heading Web console CLI console LCD touch console Updating server blade firmware Y Y Y Backing up and restoring settings Management module setting Hitachi Fibre Channel mezzanine card settings LPAR manager configuration Backing up Y Restoring Y Backing up Y Backing up Y Restoring Y CBTP Overview Starting CBTP from the management module Y Legend: Y: operable Blank: inoperable Note: 1. You can specify an IPv6 address Management module overview

25 2 Functional detail This chapter describes function of the management module in detail. User management Time settings Network Security System unit settings Power supply control Remote control for server blade Identification LED (LID) operation Each module configuration WWN and MAC addresses Viewing the host information of the server blade ServerConductor/Blade Server Manager HCSM linkage N+M cold standby HA monitor linkage Functional detail 2-1

26 LDAP Server Linkage RADIUS authentication Digital Certificates for Web Console LPAR manager cooperation function Power saving function DCMI function Silent mode function SNMP function Notification by Syslog transfer Banner feature USB port disabling function Import function Log Firmware Backing up and restoring settings CBTP 2-2 Functional detail

27 User management This section describes user management for management modules. Account and password Log in to console An account and password are required to use the following console functions on management module. When log in to Web console and CLI console, you must enter the account and password to avoid illegal login. Multiple accounts can be created to be used by users respectively. Sending and receiving files using FTP protocol Account The management module can send and receive files in user directory to the FTP server using the FTP protocol. When using the send and receive function, you need to enter the account and password. Tip: When logging in to the LCD touch console, the account is not required. You can set a PIN to avoid illegal login. For details about the PIN, see LCD touch console on page 2-7. The account can be created, changed, and deleted through the management module console. You can register up to 16 accounts. For details about setting items when creating a new account, see the Hitachi Compute Blade 500 Series Web Console User's Guide or the Hitachi Compute Blade 500 Series CLI Console User's Guide. The following table shows the setting items to create a new account. The following table shows the account that is set as factory default setting in the management module. Table 2-1 Default account Item Description Account name Status Role Language CLI console prompt Session timeout Password administrator Enable Administrators Depending on the system setting <Chassis ID><SVPSlotNumber>$ 10 minutes password Functional detail 2-3

28 Note: The following accounts are reserved and not available; root, bin, daemon, adm, lp, sync, shutdown, halt, mail, news, uucp, operator, games, gopher, ftp, sshd, nobody, account beginning with "Recovery", account beginning with "ResetPassword" You can use the following characters when specifying accounts: Length: From 1 to 31 characters For the first character: Uppercase letters A to Z, and lowercase letters a to z For the second and subsequent characters: Uppercase letters A to Z, lowercase letters a to z, numbers 0 to 9, hyphen (-), underscore (_), and period (.) Tip: We strongly recommend to create a new account, and then to delete the administrator account or to change the password for the administrator account for security reason. Table 2-2 Web console operation Item Displaying/setting account Operation Administration tab > Users and Roles > Action > Show and edit role settings Table 2-3 CLI console operation Item Displaying account Adding account Modifying account Deleting account Changing account password Operation show user account add user account modify user account delete user account change-password user account Setting password expiration dates You can specify the expiration date of a password used for logging in to the Web console and the CLI console of a management module. You can manage the expiration date of a password to a management module by specifying a period (number of days) during which a password is considered valid. When you create a new account or change a password, the expiration date for the account is reset. The expiration date is set as (the date on which the operation is performed) + (a valid period), and a password is valid until the day that the remaining number of days becomes Functional detail

29 Tip: When the remaining number of days to the password expiration date is 0, the password is considered valid until the end of that day (until the date of the system time changes to the following day). You need account privileges to display or specify the information about the management of password expiration dates. For the case when an account password expires, you can specify either of the following: Request that the user renew the password. Do not allow the user to log in. If you have specified the setting to request that the user renew the password, and a login to a console is requested by using an expired password, the management module displays a window for renewing the password and allows the user to log in so that the user of the account can change the password. If you specify the setting to not allow the user to log in, the user becomes unable to log in to the consoles of the management module, and the administrator needs to change the expired password. At this time, by specifying the setting to allow the user to change the expired password, when a login is newly requested, the management module displays a window for renewing the password and allows the user to log in only once, and the account user can change his or her password. If the password of an account with account privileges expires, the management module prompts the user to renew the password, regardless of the setting. This functionality is for accounts that are registered to a management module. For LDAP linkage, the password expiration dates are not managed for user accounts in the LDAP directory. In the initial setting (when shipped), the management of password expiration dates is disabled. Table 2-4 The settings at shipping time of the management of password expiration dates Item Setting value Management of password expiration dates Disable Password expiry period (day) Change expired password Disable Tip: To manage password expiration dates, specify a value in the range from 1 to 365 (days) for [Password expiry period (day)]. Functional detail 2-5

30 Table 2-5 Web console operation Item Operation Managing password expiration dates Administration tab > Users and Roles > Password Policy tab Displaying the expiration date for each account, displaying/setting how to change an expired password Administration tab > Users and Roles > User Account tab Table 2-6 CLI console commands Item Displaying the information about the management of password expiration dates Setting the management of password expiration dates Displaying the expiration date of each account and the method for changing an expired password Specifying the method for changing the expired password for each account Command show user password policy set user password policy show user account modify user account Role overview For the console function of management module, you can set permission/ non-permission for each privilege. Therefore, you can define the customized roles for the privileges. The following table shows the privileges that can be set on the roles. Table 2-7 Privileges Item Server blade Operating/setting the server blade. Description The privilege can be set for each server blade slot. You can select whether the remote console can be operated and configured. Switch module Operating/setting the switch module The privilege can be set for each switch module slot. Network Chassis Account Setting the network. Operating/setting the chassis. Adding/deleting the account and role. Apart from the above settings, you can grant the readonly attribute to the role. When you grant the readonly attributes, you can only see the contents, but not set up and operate. 2-6 Functional detail

31 Table 2-8 Integrated role Item Administrators Description This role has been granted all privileges. Note: When assigning the privilege of server blades in SMP configuration to a role, select all server blades in the SMP configuration on the console. Role configuration The role can be created, changed, and deleted through the management module Web console. You can register up to 16 roles but not including the integrated role. Table 2-9 Web console operation Item Operation Displaying/setting role Administration tab > Users and Roles > Action button > Show and edit role settings Table 2-10 CLI console operation Item Operation Displaying role Adding role Modifying role Deleting role show user role add user role modify user role delete user role Tip: When server blades are in an SMP configuration, assign the privileges for all server blades constituting the SMP configuration. LCD touch console Setting PIN The account authentication is not performed for the LCD touch console. You can set up a PIN to prevent illegal use of the LCD touch console. The LCD touch console can be operated when you enter the PIN. The PIN settings are configured on the system unit. You can enter same PIN code even when using different LCD touch consoles. A PIN is four-digit numeric codes. The PIN authentication is disabled for factory default setting. The PIN code is not displayed in the window, so keep your PIN in a secure place. When you forget the PIN, you can initialize PIN through the web console. The PIN authentication is disabled when initializing PIN. Functional detail 2-7

32 Table 2-11 Web console operation Item Operation Initializing PIN Administration tab > Users and Roles > Action button > Initialize LCD PIN Table 2-12 LCD touch console operation PIN settings Item System settings > PIN Description Disabling validity The LCD touch console function can be disabled on the system unit. When it is disabled, you cannot operate the LCD touch console even if connecting it to the system unit. The factory default is Enabled. You can change values from CLI console. Table 2-13 CLI touch console operation Item Showing LCD touch console setting for validity Setting LCD touch console validity Description show lcd setting set lcd validity Time settings This section describes time setting methods for management modules. Time settings for management module You can set up the date, time, the time zone, and the daylight saving time in the management module. Set correct settings in the management module before starting operation. Table 2-14 Web console operation Item Displaying/setting time information Operation Administration tab > Date and time Table 2-15 CLI console command Item Displaying time information show time local Command show time timezone 2-8 Functional detail

33 Setting time information Item set time local Command set time timezone Table 2-16 LCD touch console operation Item Displaying/setting time information Operation System settings > Time NTP server cooperation When external Network Time Protocol (NTP) server is installed, the clock time of management module can be synchronized with the clock time of NTP server. NTP servers can be installed up to four. When one of the NTP servers is failed, the management module and NTP servers are continued synchronizing clock time. The synchronizing clock time are performed after starting operation, and then every 30 minutes. You can synchronize the clock time forcibly using the management module console. NTP server cooperation function is disabled for the factory default setting. Figure 2-1 NTP server cooperation Table 2-17 Web console operation Item Displaying/setting NTP server information Operation Administration tab > Date and time Time control for system unit The management module can be operated as NTP server, so the management module can synchronize the clock time of modules in the system unit. The following modules are possible to synchronize the clock time. BMC LPAR manager Functional detail 2-9

34 Figure 2-2 Time synchronization You need to configure the following settings when synchronizing the clock time through the management module. BMC Select the BMC time adjustment method to Using NTP servers. The synchronizing clock time are performed after BMC boot, and then every 15 minutes. LPAR manager From the LPAR manager console, configure the settings so that the clock time is adjusted through the management module. The synchronizing clock time are performed after LPAR manager boot, and then every 15 minutes. Tip: In the initial settings (the settings at shipping time) of the system unit, the BMC time setting is set to Synchronizing from the management module. We recommend that you do not change the settings. When synchronizing the clock time with the management module, we recommend that you synchronize the clock time of management module with the clock time of NTP server. For details about the LPAR manager console, see the Hitachi Compute Blade 500 Series Logical partitioning manager User's Guide. The following table describes the time control. Table 2-18 Web console operation Item Operation Setting time in BMC Resources tab > Modules > All modules > Server blades > Server blade x 1 > BMC tab Note: 1. x: One of Server blade Functional detail

35 Network This section describes networks for the system unit. Features available for management interface Management LAN All management modules, server blades, and switch modules mounted on the system unit have a management interface. By connecting the management interface of each module to the network, you can establish communication with consoles and management software such as HCSM and SNMP. Note that, when two management modules are installed in the system unit, only the management interface of the active management module is active. The management module integrates an L2SW, and the management interface of each modules are connected each other in the system unit. The management LAN is connected from the system unit to the external devices through the external output ports (MGMT0, MGMT1) of management module. The management LAN is called as management network hereafter. Figure 2-3 System unit configurations of management LAN Tip: Functional detail 2-11

36 Internal network The MAINT port is for customer engineers for maintenance purposes. You cannot use this port. Do not connect the cable to the MAINT port, otherwise the maintenance may not be performed properly. The ports of standby management module are usually closed. These ports become active when the management module failure occurred or the Link Fault Tolerance switched. Apart from the management network, the system unit has an internal network. The internal network is used for the following purposes. Control communication between the management modules. Control communication between the management module and server blades. Control communication between the management module and switch modules. The system unit uses the 24bit mask network (subnet mask: ). The system unit is configured with / for the factory default setting. The IP address, which is used in the internal network, cannot be used out of the system unit. You must change the IP address and subnet mask of the internal network when you want to use the IP address, which specified / , for other than the system unit. Note: The management module is restarted after changing the internal network settings. Do not change the internal network settings while operating server blades. If changing the internal network settings during server blades are in operation, the management module is restarted. The failure event may not be detected while rebooting. Tip: When the IP address of network, which specified / , is not used out of the system unit, you do not need to change the internal network configuration. The following table describes the internal network. Table 2-19 Web console operation Item Displaying/setting internal network Operation Resources tab > Systems > Network > Internal LAN 2-12 Functional detail

37 Switch module connection to management interface You can select a method of connecting switch modules to the management interface from "Connect through management module console", "Connect through management LAN port", and "Use switch module external port". Features of each connecting method are shown below. Connect through management module console (a) Possible to connect to the text console of switch module using the change console command of CLI console. This feature is available for Brocade 10 Gb/sec DCB switch module and Brocade 16 Gb/sec Fibre Channel switch module when is not set to the management LAN port even if "Connect through management LAN port" is selected. (b) Possible to set and show the LAN switch module through the Web console. (applied only to Hitachi 1 Gb/sec LAN switch module (20-port, 40-port) and Hitachi 1/10 Gb/sec LAN switch module) Connect through management LAN port (c) Possible to connect to the text console or Web console of the switch module through the client on the external device. (d) Possible to use the SNMP function or something of the switch module through management LAN port. (e) Possible to link the Web console of switch module from the management module Web console. (applied to Brocade 8 Gb/sec Fibre Channel switch module and Brocade 16 Gb/sec Fibre Channel switch module.) Use switch module external port (f) Switch module functions including SNMP is available via external port only for Brocade 8 Gb/sec Fibre Channel switch module. The following five types of switch modules are supported by this system unit. Hitachi 1 Gb/sec LAN switch module (20-port, 40-port) Hitachi 1/10 Gb/sec LAN switch module Brocade 8 Gb/sec Fibre Channel switch module Brocade 16 Gb/sec Fibre Channel switch module Brocade 10 Gb/sec DCB switch module The following table shows functions available for each module by the connection method. Functional detail 2-13

38 Table 2-20 Functions for switch modules by the connection method Type of switch module Connection method (a) (b) (c) (d) (e) (f) Hitachi 1 Gb/sec LAN switch module (20-port, 40-port) Hitachi 1/10 Gb/sec LAN switch module Brocade 8 Gb/sec Fibre Channel switch module Brocade 10 Gb/sec DCB switch module Brocade 16 Gb/sec Fibre Channel switch module Connect through management module console Connect through management LAN port Use switch module external port Connect through management module console Connect through management LAN port Use switch module external port Connect through management module console Connect through management LAN port Use switch module external port Connect through management module console Connect through management LAN port Use switch module external port Connect through management module console 1 Connect through management LAN port Use switch module external port Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y - Y Y Y Y - Y Y Y Note: 1. Setting is available only on the management module CLI console, not on the Web console. Note: When using external ports of Hitachi 1 Gb/sec LAN switch module (20- port/40-port) or Hitachi 1/10 Gb/sec LAN switch module, select "Connect 2-14 Functional detail

39 through management module console" or "Connect through management LAN port" and set the IP address to the external port directly from the switch module console. When using the change console command for CLI console with the Brocade 10 Gb/sec DCB switch module or Brocade 16 Gb/sec Fibre Channel switch module, set an IP address other than for the switch module. After "Connect through management module console" is selected on the management module CLI console with Brocade 10 Gb/sec DCB switch module, "Connect through management LAN port" is shown on the management module Web console. Then, if you save the setting without changing on the Web console, "Connect through management LAN port" is set. Table 2-21 Web console operation Item Displaying/setting connecting switch modules to management interface Operation Resources tab > Systems > Network > Management LAN Setting connection procedure The management interface of each module can be connected from MGMT0 or MGMT1. Select one of the following connection procedures. You can change the procedure for each module. Connecting from MGMT0: The factory default setting. Connecting from MGMT1: For details, see Connecting management interface from MGMT1 on page Connection with Tag-VLAN (MGMT0/MGMT1): For details, see Connecting with Tag-VLAN to management interface on page Note: Do not assign the management interface of switch module to the internal network. When assign to the internal network, the management interface may not be connected from both MGMT0 and MGMT1. The following tables describe the factory default network settings. Table 2-22 Factory default setting for network Module Default setting Note Management module Connection from MGMT0 - Functional detail 2-15

40 Module Default setting Note Server blade Switch module Connection from MGMT0 Connection from MGMT0 - Except Brocade 10 Gb/sec DCB switch module, switch modules cannot connect from MGMT0 since the management interface is assigned to the internal network. Table 2-23 Web console operation Item Connection procedure, displaying VLAN Operation Resources tab > Systems > Network > Management LAN > VLAN tab Table 2-24 CLI console command Item Connection procedure, Displaying VLAN Connection procedure, Setting VLAN Deleting VLAN Command show network vlan set network vlan delete network vlan Connecting management interface from MGMT1 The system unit has connection ports, MGMT0 and MGMT1, for the management interface. You can select which connection port is assigned for each module. For examples, you can set the following configurations. The management module connects to MGMT0, and the server blades and switch modules connect to MGMT1. The network is separated clearly according to the managed entities. The server blades #0-3 connect to MGMT0, and the server blades #4-7 connect to MGMT1 for load balancing Functional detail

41 Figure 2-4 System unit configurations for the management interface Connecting with Tag-VLAN to management interface When connecting to the management interface, Tag-VLAN (IEEE802.1Q) can be used between MGMT0/MGMT1 port and external switch. For examples, you can build the following configuration. Each server blade belongs to different VLAN to improve the security level by prohibiting physical connection to other server blades. Each module belongs to different VLAN, and the network is separated clearly according to the managed items. (When only MGMT0 and MGMT1 are not enough) VLAN can be created up to 13, and the creatable VLAN ID is 2 to Note: The created VLAN must include MGMT0 or MGMT1. MGMT0 and MGMT1 can not belong to same VLAN. Functional detail 2-17

42 This function and the function for connecting MGMT1 to the management interface are available at the same time. You can build the following configuration. The management module and switch module connect to MGMT0 without VLAN. The server blades #0 3 connect to MGMT0 using VLAN ID The server blades #4 7 connect to MGMT1 using VLAN ID You can separate the network according to the purpose and load balance. Note: "VLAN ID: 1 and 4001 to 4094" are used in the system unit, so you cannot use these VLAN IDs. Tip: When using this function, the external switch must support the IEEE802.1Q VLAN. IP address Figure 2-5 System unit configurations for Tag-VLAN The management interface settings for each module is configured through the management module. You can set both IPv4 and IPv6 addresses for the features that support IPv6 networks. Items indicated as IP addresses are either an IPv4 address or an IPv6 address. IP address settings at shipping time The following table describes the IP address of factory default network setting. IPv6 addresses are disabled Functional detail

43 Table 2-25 Factory default setting for IP address (IPv4) Module IP address Subnet mask Default gateway Management module Server blade Switch module Switch module Switch module Switch module Note: When the default account (operator, no password) of the IP address for Hitachi 1 Gb/sec LAN switch module (20-port) and Hitachi 1/10 Gb/sec LAN switch module, version 10.7.H or earlier for both, or for Hitachi 1 Gb/sec LAN switch module (40-port) version 11.6 or earlier is deleted, set the switch module authentication information (account, password, and administrator password) through the console of management module. If you do not set the switch module authentication information, IP address setting will fail. Do not change the IP address of Brocade 10 Gb/sec DCB switch module, Brocade 8 Gb/sec Fibre Channel switch module, and Brocade 16 Gb/sec Fibre Channel switch module through the switch module console. When you change the IP address, the IP address is overwritten to the setting of management module while restarting the switch module or turning on/off the power. When a value other than is set as the default gateway of Hitachi 1 Gb LAN switch module (20-port, 40-port) and Hitachi 1/10 Gb LAN switch module, the setting value will be added after all default gateways without interface specified are deleted. If you need to have the default gateway specified to VLAN ID, set the default gateway with VLAN ID specified. If you need to set multi-path, set the default gateway to , directly log in to the LAN switch module console, and set the default gateway. When you change the default gateway of Hitachi 1 Gb LAN switch module (20-port, 40-port) and Hitachi 1/10 Gb LAN switch module to a value other than and then return it to or change the switch module connection type to other than Management LAN, the management module does not delete the default gateway setting. Thus, you need to directly log in to the LAN switch module console to delete the default gateway setting. When Network OS version runs on a Brocade 10 Gb DCB switch module, the default gateway setting from the management module does not take effect on the DCB switch module. Log in to the DCB switch module and configure it using the ip route command. For details, see the Network OS Administrator's Guide. If Network OS version runs on a Brocade 10 Gb DCB switch module, you cannot configure the gateway. Functional detail 2-19

44 For Hitachi 1 Gb LAN switch module (20-port, 40-port) and Hitachi 1/10 Gb LAN switch module, set the IP address as a network segment other than that used in another port of the switch module. Setting the IP address in the same network will fail. Tip: In SMP configuration, if not using IPMI over LAN, SMASH-CLP, and WS- MAN for non-primary server blades, you need not to set IP address to the non-primary server blades. Use by the factory default. How to set IP addresses The following tables describe the operations. Table 2-26 Web console operations Item Displaying/setting the IPv4 address Displaying/setting the IPv6 address Setting/deleting the LAN switch module authentication information Operation Resources tab > Systems > Network > Management LAN > IP Address (IPv4) tab Resources tab > Systems > Network > Management LAN > IP Address (IPv6) tab Resources tab > Modules > All Modules > Switch Modules > Switch Module x Table 2-27 CLI console command Item Displaying the IPv4 address of management module Setting the IPv4 address of management module Displaying the IPv6 address of a management module Setting the IPv6 address of a management module Displaying the IPv4 address of server blade Setting the IPv4 address of server blade Displaying the IPv6 address of a server blade Setting the IPv6 address of a server blade Displaying the IP address of switch module Setting the IP address of switch module Setting the LAN switch module authentication information Deleting the LAN switch module authentication information Command show mgmt-module mgmt-lan set mgmt-module mgmt-lan show mgmt-module mgmt-v6 setting set mgmt-module mgmt-v6 address show blade mgmt-lan set blade mgmt-lan show blade mgmt-v6 setting set blade mgmt-v6 address show sw-module mgmt-lan set sw-module mgmt-lan set sw-module lansw authentication delete sw-module lansw authentication 2-20 Functional detail

45 You cannot set IPv6 stateless addresses from the CLI console. Table 2-28 LCD touch console operations Item Displaying/setting the IPv4 address of management module Operation System settings > Network Only IPv4 addresses can be set on the LCD touch console. For the following LAN switch modules, you need not to configure their authentication information. Hitachi 1 Gb/sec LAN switch module (20-port) version 10.7.K or later Hitachi 1/10 Gb/sec LAN switch module version 10.7.K or later Hitachi 1 Gb/sec LAN switch module (40-port) version 11.6.B or later System units shipped on or after October 2012 come with authenticationsetting-free switch module versions. When you do not apply the default gateway to the LAN switch module, check "Not apply this Default Gateway setting to the LAN switch module." if it is not checked on the following Edit IP Address dialog box. When you apply it, uncheck "Not apply this Default Gateway setting to the LAN switch module." if it is checked. Note: If you set the default gateway, , to the internal LAN switch module without checking "Not apply this Default Gateway setting to the LAN switch module.", it is not applied. Then, directly log into the LAN switch module console to set the default gateway. Functional detail 2-21

46 IP address settings When the management module firmware version is A0125 or earlier at shipment, "Not apply this Default Gateway setting to the LAN switch module." is checked. Updating the firmware cannot change this setting. If you keep this setting checked, directly log into the LAN switch module console to set the default gateway. Tip: If you uncheck "Not apply this Default Gateway setting to the LAN switch module." the default gateway setting of the internal LAN switch is changed by the management module, which may affect your network. To connect to the management interface of each module, set the following items. If you are using an IPv6 network, set both IPv4 addresses and IPv6 addresses. Table 2-29 IP address setting screen IPv4 network Item IPv4 address Subnet mask Default gateway Screen To the management interface of a module through an IPv4 network, set the IPv4 address, subnet mask, and default gateway. IPv6 network Static address IPv6 address Subnet mask Default gateway To the management interface of a module through an IPv6 network, set the IPv6 address, prefix, and default gateway. Set IPv6 addresses in the format specified in RFC4291. Refer to the following URL when setting addresses: address-space/ipv6-address-space.xhtml Stateless address Enable or disable Stateless Address Autoconfiguration (SLAAC). If this setting is enabled, based on the prefix distributed by the router and the interface ID (MAC address), an IPv6 address is automatically generated and assigned to the management interface of the module. You can enable or disable SLAAC for management modules and server blades. Note: Even if you connect to a management module through an IPv6 network, you cannot delete the IPv4 address. If you use the Web console or CLI console to change an IPv4 address that is connected to the management module, the IPv4 connection is disconnected Functional detail

47 DNS server setting If you use the Web console or CLI console to change an IPv6 address that is connected to the management module, the IPv6 connection is disconnected. To use ServerConductor/Blade Server Manager, HA monitor, or LPAR manager, use an IPv4 network. To connect to a server blade through an IPv6 network, the server blade firmware must support IPv6 networks. Switch modules do not support connection via IPv6 networks. To use Stateless Address Autoconfiguration on a server blade, the server blade firmware must support the functionality. To connect a management module via an IPv6 network, specify a static address. You cannot enable only the stateless address. To connect HSCM and a management module via an IPv6 network, specify a static address and disable the stateless address. The DNS server can register a maximum of three DNS servers for IPv4 addresses and a maximum of three DNS servers for IPv6 addresses. You can specify whether to give priority to the DNS servers for IPv4 addresses or to the DNS servers for IPv6 addresses when resolving names. A maximum of three DNS servers are used in total from DNS servers for IPv4 addresses and for IPv6 addresses. Either DNS servers for IPv4 addresses or DNS servers for IPv6 addresses are preferentially used based on the priority setting. If three servers are used, an access attempt will not be made to DNS servers. If four or more DNS servers are registered, DNS servers that have the fourth or lower priority are not used. Example: The following example shows the usage sequence in the following configuration: Setting values Priority setting: IPv6 DNS server 0 for IPv4 addresses: DNS server 1 for IPv4 addresses: DNS server 2 for IPv4 addresses: (not configured) DNS server 0 for IPv6 addresses: 2001:2000::100:100 DNS server 1 for IPv6 addresses: 2001:2000::100:101 DNS server 2 for IPv6 addresses: (not configured) Usage sequence (1). 2001:2000::100:100 (2). 2001:2000::100:101 (3) Note: The IP address is the fourth priority, and the server is not used. Functional detail 2-23

48 Set DNS servers as follows. Table 2-30 Web console operations Item Displaying/setting DNS servers for IPv4 addresses Operation Resources tab > Systems > Network > Management LAN > DNS tab Displaying/setting DNS servers for IPv6 addresses Priority of IPv4/IPv6 addresses Table 2-31 CLI console command Item Displaying DNS servers for IPv4 addresses Specifying DNS servers for IPv4 addresses Displaying of DNS servers for IPv6 addresses Specifying DNS servers for IPv6 addresses Displaying the priority of IPv4/IPv6 addresses Specifying the priority of IPv4/IPv6 addresses Command show mgmt-module mgmt-lan set mgmt-module dns show mgmt-module mgmt-v6 setting set mgmt-module dns show mgmt-module mgmt-v6 setting set mgmt-module dns Network re-configuration after management module failure Only the management interface of main management module is active when installing two management modules in the system unit. The ports of standby management module are usually closed. When the main management module failure occurs, the standby management module becomes to main management module to continue operations. The ports of standby management module are opened, and the management interface of standby management module changes to active status. IP addresses are assigned to the management interface of the new main management module as follows: Address type IPv4 address IPv6 static address IPv6 stateless address Address assignment The same IP address as that of the previous main management module is used. To connect to the management interface of management modules, you do not need to know which module is the main management module. Based on the prefix distributed by the router and the interface ID (MAC address), an IPv6 address is automatically generated and assigned. This address is different from that of the previous main management module Functional detail

49 Tip: The LAN cable needs to be connected to both of the main and standby management module for continuing operation after switching the management module. Link Fault Tolerance (LFT) Figure 2-6 System unit configurations for network re-configuration The management network can be configured with redundancy when installing two management modules in the system unit. This function is referred to as "Link Fault Tolerance (LFT)". Functional detail 2-25

50 Figure 2-7 System unit configurations for LFT The LFT targeted port is MGMT0 and MGMT1. These ports can be set enabled/ disabled independently, and the each factory default setting is enabled. MGMT0 and MGMT1 are switched separately, so only one port that is connected to a failed switch is switched when different switches are connected to MGMT0 and MGMT1 separately. When link down on a port in the active management module is detected for continuous three second during the LFT is enabled, the port is disconnected. After the port switching, when link up on the failed port in the management module is detected for continuous 180 seconds, the port is switched. The link down detection time for failover and link up detection time for recovery are selectable between one and 3600 seconds. Table 2-32 Web console operation Item Operation Displaying/setting LFT function Resources tab > Systems > Network > Link Fault Tolerance Security This section describes security features provided by management interfaces of the management module and BMC Functional detail

51 Features and protocol provided by management module and BMC The following table describes features and protocol provided by management interfaces of the management module and BMC. Table 2-33 Features and protocol provided by management modules Feature Supported protocol Default port No. Ciphertext or cleartext Service disabled Restriction on IP address Changing port number Remarks Web console HTTP 80 clear Y 1 Y 12 Y Notes 10 HTTPS 443 cipher Y 1 Y 12 Y Notes 12 CLI console TELNET 23 clear Y 1 Y 12 - SSH 22 cipher Y 1 Y 12 - Notes 2 File transmit/ receive Notification by E- mail FTP 20, 21 clear Y 1 Y 12 - SFTP 22 cipher Y 1 Y 12 - Notes 11 SMTP 25 9 clear Y 3 - Y SMTP (StartTLS) cipher Y 3 - Y SNMP function: polling SNMP (v1/ v2c) 161 clear Y 4 Y Y SNMP (v3) 161 cipher / clear 5 Y 4 Y Y SNMP function: trapping SNMP (v1/ v2c) clear Y 3 Y Y SNMP (v3) cipher / clear 5 Y 3 Y Y LDAP Server Linkage Time synchronization HCSM linkage: command LDAPS cipher Y 3 - Y NTP clear Y HTTPS 443 cipher Y 6 Y Y HCSM linkage: alert ServerConductor/ Blade Server Manager: command ServerConductor/ Blade Server Manager: alert Hitachi protocol Hitachi protocol Hitachi protocol cipher Y 3 Y Y clear Y 7 Y Y clear Y 8 Y Y Hi-Track HTTPS 443 cipher Y 6 Y Y Functional detail 2-27

52 Feature Supported protocol Default port No. Ciphertext or cleartext Service disabled Restriction on IP address Changing port number Remarks HA monitor linkage Hitachi protocol Notes 14 clear Y 15 - Y RADIUS authentication RADIUS 1812 clear 16 Y 3 - Y Syslog transfer SYSLOG cipher/ clear 5 Y 3 - Y Legend: Y: Configurable Blank: Not configurable Notes: 1. Connections from all IP addresses are not allowed, while the port is open. 2. Connection using SSH version 1 is not supported. 3. This protocol can be disabled by disabling the feature. No communication is performed to the port. 4. This protocol can be disabled by disabling the feature. The port is open. 5. You can select ciphertext or cleartext by setting. 6. This protocol can be disabled by disabling the feature or HTTPS itself. The port is open. 7. Registering no management server can disable the protocol. The port itself is isolated. 8. Registering no management server can disable the protocol. No communication is performed to the port. 9. Destination port for communication with the management module. 10. The connection with the Web console might be disabled. 11. Specify together with the SSH service settings. 12. Must be set for both the IPv4 network and the IPv6 network. 13. If IPv6 addresses are used for HTTPS access, a certificate error (warning) is displayed. 14. The port number is not set by default. When using the HA monitor, the user sets the port number. 15. This protocol can be disabled by disabling the feature. The port itself is isolated. 16. The user password is encrypted, and notification is sent to RADIUS servers. Tip: [Management module firmware version A0205 or later] When LPAR manager supports encrypted communication, control communication between the management module and LPAR manager is encrypted. Table 2-34 Features and protocol provided by BMC Feature Supported protocol Default port No. Ciphertext or cleartext Service disabled Restriction on IP address Changing port number Server blade Web console HTTPS cipher Y Y - IPMI over LAN IPMI v clear Y Y - IPMI v cipher Y Y Functional detail

53 Feature Supported protocol Default port No. Ciphertext or cleartext Service disabled Restriction on IP address Changing port number Remote console Hitachi protocol 5001 cipher Y Y Y SMASH (CLP) SSHv cipher Y Y Y SMASH (WS- Management) WS-MAN 5986 cipher Y Y Y Syslog transfer SYSLOG 514 cipher/ clear 4 Y - Y LDAP authentication LDAP (StartTLS) cipher Y - Y Legend: Y: Configurable Blank: Not configurable Notes: 1. HTTP is used for some communications with firmware version or earlier of server blades: CB 520H A1/B1/B2, CB 520A A1, CB 540A A1/B1. 2. Connection with SSHv1 is not supported. 3. Port number for the LDAP server. Connection with LDAPS is not supported. 4. You can select ciphertext or cleartext by setting. Security strength Security strength can be increased in management interfaces for management modules and BMC. Security strength includes "default" and "high", and the factory setting is "default" at shipping. Security strength "high" has the following restrictions. When cipher-text communication is available, clear-text communication is not allowed. For cipher-text communication, encryption algorithm with high security can be used. See Security strength and features on page 2-31 for details. Table 2-35 Web console operation Item Displaying Security strength for management modules and BMC Setting Security strength for management modules and BMC Operation Resources tab > Systems > Security strength setting > Security strength tab Resources tab > Systems > Security strength setting > Security strength tab > Edit Functional detail 2-29

54 Table 2-36 CLI console operation Item Displaying Security strength for management modules and BMC Setting Security strength for management modules and BMC Operation show security setting set security strength Note: When Security strength is set to high for the management module, only TLS 1.2 is enabled. You need OS and Web browser that support TLS 1.2. See HCSM instruction manuals for the operation. If Security strength is set to high for the management module when HTTPS is disabled, note that the following features are not available. - Web console - HCSM - Hi-Track Security strength for the management module can be changed only when all server blades have been initialized and powered off, and all management modules have been also initialized. Changing Security strength for the management module will restart all management modules. Then, the new setting value will take effect. For BMC, the new setting value will instantly take effect without restart. Security strength setting for BMC is not supported by CB 520H A1/B1, CB 520A A1, and CB 540A A1/B1. If you specify [High] for the security strength setting of a management module, use Internet Explorer to connect to the Web console of the management module. To use Firefox to connect to the Web console of a management module, specify the default security strength setting for the management module. Security strength setting for BMC is supported by the following firmware versions. - Management module A0170 or later - Server blade CB 520H B2 with firmware version or later Security strength setting for BMC is not taken over at N+M cold standby failover. When configuring N+M cold standby, set the same BMC Security strength to both the active and standby server blades. Management tools connected to the management module via SNMP v1/v2c are not available when Security strength is set to high for the management module. For LPAR manager mode, a management module and LPAR manager internally communicate with each other over the management network using Hitachi protocol. The communication uses cleartext even if Security strength is set to high for the management module Functional detail

55 Security strength and features Features for management modules and BMC use the following protocols and encryption methods depending on the Security strength setting. Management Module Feature Protocol Security strength Default high Web console HTTP Available Not available 1 HTTPS Available (SSL3.0, TLS1.0/1.1/1.2) 2 Available (TLS 1.2) 2 CLI console TELNET Available Not available 1 SSH Available (SSHv2) Available (SSHv2) File transmit/receive FTP Available Not available 1 SFTP Available (SSHv2) Available (SSHv2) SNMP function SNMP (v1/v2c) Available Not available 3 SNMP (v3) Available Available Notification by SMTP Available Not available 4 SMTP (StartTLS) Available (SSL3.0, TLS1.0/1.1/1.2) Not available (TLS 1.2) LDAP Server Linkage LDAPS Available (SSL3.0, TLS1.0/1.1/1.2) Available Time synchronization NTP Available Available HCSM linkage HTTPS or Hitachi protocol Available (SSL3.0, TLS1.0/1.1/1.2) Available (TLS 1.2) ServerConductor/Blade Server Manager Hitachi protocol Available 5 Available 5 Hi-Track HTTPS Available Available Syslog transfer SYSLOG Available 5 Available 5 HA monitor linkage Hitachi protocol Available 5 Available 5 Notes: 1. The port is isolated. 2. A browser supporting SSL/TLS version to use is needed. 3. No response is returned to the manager request. No trap is issued. Functional detail 2-31

56 Feature Protocol 4. No is sent. 5. Communication can be disabled by the user. Security strength Default high Note: When Security strength is set to high or when Security strength is set to default and communication is enabled only with TLS 1.2, connection with HCSM not supporting TLS 1.2 is not available. See HCSM instruction manuals for the operation. BMC Feature Protocol Default Security strength high Server blade Web console HTTP Not available 1 Not available 1 HTTPS Available (SSL3.0, TLS1.0/1.1/1.2) Available (TLS 1.2) IPMI over LAN IPMI v1.5 Available Not available 2 IPMI v2.0 Available Available 3 Remote console Hitachi protocol Available (SSL3.0, TLS1.0/1.1/1.2) Available (TLS 1.2) SMASH (CLP) SSHv2 Available Available SMASH (WS- Management) WS-MAN Available (TLS 1.0) Available (TLS 1.0) Syslog transfer SYSLOG Available Available LDAP authentication LDAP (StartTLS) Available (TLS 1.0/1.1/1.2) Available (TLS 1.2) Notes: 1. The port is isolated for CB 520H B2 server blade with firmware version or later. For CB 520H A1/B1/B2,CB 520A A1, CB 540A A1/B1 server blade with firmware version or earlier, HTTP is used for a part of communication 2. Connection is rejected at IPMI v1.5 LAN Session Startup. 3. Connection is available only when CipherSuite ID is 3 and both Username and Password are not blank Functional detail

57 Feature comparison by the Security strength SSL/TLS cipher suite Management module Security strength Server blade Security strength Default high Default high TLS_RSA_WITH_AES_128_CBC_SHA Y - Y Y TLS_RSA_WITH_AES_256_CBC_SHA Y - Y Y TLS_DHE_RSA_WITH_AES_128_CBC_SHA Y TLS_DHE_DSS_WITH_AES_128_CBC_SHA Y TLS_EMPTY_RENEGOTIATION_INFO_SCSV Y Y - - TLS_RSA_WITH_AES_128_CBC_SHA256 Y Y Y Y TLS_RSA_WITH_AES_256_CBC_SHA256 Y Y Y Y TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Y Y - - TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 Y Y TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 Y Y - - TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 Y Y TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Y Y - - TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Y Y - - TLS_DHE_RSA_WITH_AES_256_SHA Y TLS_DHE_DSS_WITH_AES_256_SHA Y TLS_RSA_WITH_AES_256_GCM_SHA384 Y Y - - TLS_RSA_WITH_AES_128_GCM_SHA256 Y Y - - TLS_EDH_RSA_WITH_3DES_EDE_CBC_SHA Y TLS_EDH_DSS_WITH_3DES_EDE_CBC_SHA Y TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 Y Y - - TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 Y Y TLS_RSA_WITH_3DES_EDE_CBC_SHA Y 1 - Y - TLS_RSA_WITH_RC4_128_MD5 Y TLS_RSA_WITH_RC4_128_SHA Y - Y - TLS_DHE_DSS_WITH_RC4_128_SHA Y Notes: 1. Syslog transfer does not support the cipher suite. 2. Only syslog transfer supports the cipher suite. Functional detail 2-33

58 Server certificate (Public-key algorithm) Management module Server blade Security strength Security strength Default high Default high RSA RSA2048 Y Y Y Y RSA DSA Server certificate (Signature algorithm) Management module Server blade Security strength Security strength Default high Default high Check SHA1 Y Y - - Create SHA1 Y Check SHA256 Y Y - - Create SHA256 - Y - - Check SHA Y Y Create SHA Y Y SSH Host-key algorithm Management module Security strength Server blade Security strength Default high Default high RSA RSA2048 Y Y Y Y RSA DSA1024 Y - Y - Key exchange algorithm Management module Security strength Server blade Security strength Default high Default high diffie-hellman-group1-sha1 Y Y Y Y diffie-hellman-group14-sha1 Y Y Y Y diffie-hellman-group-exchange-sha1 Y Y Y Y diffie-hellman-group-exchange-sha256 Y Y Y Y 2-34 Functional detail

59 Encryption algorithm Management module Security strength Server blade Security strength Default high Default high 3des des-cbc Y Y Y Y aes128-cbc Y Y Y Y aes192-cbc Y Y Y Y aes256-cbc Y Y Y Y aes128-ctr Y Y Y Y aes192-ctr Y Y Y Y aes256-ctr Y Y Y Y blowfish-cbc Y - Y - cast128-cbc Y - Y - arcfour Y - Y - arcfour128 Y - Y - arcfour256 Y - Y - rijndael-cbc@lysator.liu.se Y - Y - Message verification algorithm Management module Security strength Server blade Security strength Default high Default high hmac-md5 - - Y - hmac-sha1 Y Y Y Y hmac-ripemd Y - hmac-ripemd160@openssh.com - - Y - umac-64@openssh.com Y - Y - hmac-sha1-96 Y Y Y Y hmac-md5-96 Y Y Y - hmac-sha2-256 Y Y Y Y hmac-sha2-512 Y Y Y Y Functional detail 2-35

60 SNMP v3 Encryption algorithm Management module Security strength Server blade Security strength Default high Default high None Y - Not supported DES Y - AES128 Y Y Authentication algorithm Management module Security strength Server blade Security strength Default high Default high None Y - SNMP: Not supported MD5 Y - SHA1 Y Y TLS/SSL version settings TLS/SSL versions, which are used for encryption communication at management interfaces for management modules and BMC, can be enabled or disabled. This setting is available for the following TLS/SSL versions, and all of them are enabled by factory default. SSL 3.0 TLS 1.0 TLS 1.1 TLS 1.2 Table 2-37 Web console operation Item Displaying TLS/SSL version settings for management modules Editing TLS/SSL version settings for management modules Displaying TLS/SSL version settings for BMC Editing TLS/SSL version settings for BMC Operation Resources tab > Systems > Security strength setting > TLS/SSL version tab Resources tab > Systems > Security strength setting > TLS/SSL version tab > Edit Resources tab > Modules > All Modules > Server Blades > Server Blade x > BMC tab Resources tab > Modules > All Modules > Server Blades > Server Blade x > BMC tab > Edit 2-36 Functional detail

61 Table 2-38 CLI console operation Item Displaying TLS/SSL version settings for management modules Editing TLS/SSL version settings for management modules Operation show security setting set security tls mgmt-module Note: You cannot disable all TLS/SSL versions. When Security strength is set to high for a management module, only TLS 1.2 is enabled among TLS versions: SSL 3.0 and TLS 1.0/1.1 are disabled. This setting cannot be changed. When Security strength is set to high or when Security strength is set to default and communication is enabled only with TLS 1.2, connection with HCSM not supporting TLS 1.2 is not available. See HCSM instruction manuals for the operation. TLS/SSL versions for BMC can be set only on Web console. When Security strength is set to high, only TLS 1.2 is enabled for server blade Web console and remote console, SSL 3.0 and TLS 1.0/1.1 are disabled. This setting cannot be changed. For SMASH (WS-Management), TLS 1.0 is used. CB 520H A1/B1, CB 520A A1, and CB 540A A1/B1 server blades do not support settings for BMC TLS/SSL versions. TLS/SSL version settings for BMC are supported by the following firmware versions. - Management module A0170 or later - Server blade CB 520H B2 with firmware version or later TLS/SSL version settings for BMC are not taken over at N+M cold standby failover. When configuring N+M cold standby, set the same BMC Security strength to both the active and standby server blades. IP address restriction Each service, such as FTP, TELNET, SSH, HTTP, and HTTPS, can be configured following settings. Enabled/disabled settings for services Connectable IP address settings (Set for both IPv4 and IPv6 addresses.) Changing port number only for HTTP and HTTPS You must specify IP addresses that can connect for both IPv4 and IPv6 addresses.when connectable IP address is configured, the connection that is other than configured IP address is refused. You can specify IP addresses that Functional detail 2-37

62 can connect by specifying a range of network addresses. In addition, you can specify one range for each service on both the IPv4 network and on the IPv6 network. When the service is disabled, the service cannot be used. Tip: When you connect to a management module with SSH connection settings disabled or connect to it from an IP address other than the SSH connectable IP address configured, some terminal software may show the login window. If so, you cannot log in because authentication always fails. Configure a subnet mask for the network address of the connectable IP address to other than The following tables describe the IP address restriction settings. Table 2-39 Web console operation Item Displaying/setting TELNET connecting configuration Displaying/setting FTP connecting configuration Displaying/setting SSH connecting configuration Displaying/setting HTTP connecting configuration Displaying/setting HTTPS connecting configuration Operation Administration tab > Service > Telnet tab Administration tab > Service > FTP tab Administration tab > Service > SSH/SFTP tab Administration tab > Service > HTTP tab Administration tab > Service > HTTPS tab Table 2-40 CLI console command Item Displaying TELNET connecting configuration Setting TELNET connecting configuration Displaying FTP connecting configuration Setting FTP connecting configuration Displaying SSH connecting configuration Setting SSH connecting configuration Displaying HTTP connecting configuration Setting HTTP connecting configuration Displaying HTTPS connecting configuration Setting HTTPS connecting configuration Command show remote-access protocol telnet set remote-access protocol telnet show remote-access protocol ftp set remote-access protocol ftp show remote-access protocol ssh set remote-access protocol ssh show remote-access protocol http set remote-access protocol http show remote-access protocol https set remote-access protocol https 2-38 Functional detail

63 Table 2-41 LCD touch console operation Item Displaying/setting LFT function Operations System settings > Service Authentication encryption setting Management modules can encrypt authentication information including user IDs, passwords, and private keys. The factory default value of this setting is Disabled. If the authentication encryption setting is enabled, authentication information on the management module is encrypted. Encryption of authentication information prevents the information from being leaked in the case that the management module is taken out of the system unit and the media device is read. Table 2-42 CLI console operation Item Displaying the authentication encryption setting Setting the authentication encryption setting Command show user authentication encryption set user authentication encryption Note: When changing the authentication encryption setting, ensure that configuration settings such as authentication information are not changed. If configuration settings are changed while you are changing the authentication encryption setting, the configuration setting changes will not be applied. Do not change the authentication encryption setting while updating configuration settings such as authentication information. If you try to change the authentication encryption setting while updating the configuration settings, the operation will fail. When you change the authentication encryption setting, the management module restarts and the authentication encryption setting is applied. After you change the authentication encryption setting and the management module restarts, check to make sure the setting has changed. If the setting has not changed, change the setting again. If you disable the authentication encryption setting, the authentication information is reset to its initial settings. Log in by using the account registered in the factory default settings, and then set the authentication information again. When downgrading the management module firmware to version A0240 or earlier, make sure the setting for the encryption of authentication information is disabled. Functional detail 2-39

64 Tip: If you want to change enable the authentication encryption setting, we recommend that you first back up the configuration settings. By backing up the configuration settings, in the case that a problem occurs, you can change the authentication information back to its previous settings before you changed the authentication encryption setting. System unit settings Chassis ID This section describes settings for chassis ID and language. The identifier called chassis ID can be registered in the system unit. The chassis ID can be configured up to 20 characters, and the factory default setting is used a part of the serial number. The chassis ID can be displayed followings, and the chassis ID is used to identify the system unit. Displaying the system unit connection by the web console, CLI console, and LCD touch console. Displaying ServerConductor/Blade Server Manager in the system unit. The following tables describe the chassis ID settings. Table 2-43 Web console operation Item Displaying/setting chassis ID Operation Resources tab > Modules > All Modules > Chassis > Settings tab > Chassis ID Table 2-44 CLI console operation Item Displaying chassis ID Setting chassis ID Operation show chassis setting set chassis id Tip: Do not use the same chassis IDs for plural server chassis. Language This system unit supports displaying Japanese/English. This function can be configured to switch Japanese/English. The language configuration of the account is displayed without having to follow on the system unit configuration when the account, which is configured language, log on the Web console or LCI console. The following tables describe language settings Functional detail

65 Table 2-45 Web console operation Item Displaying/setting language Operation Administration Tab > Language Settings Table 2-46 CLI console command Displaying language Setting language Item show language system set language system Operation Tip: Some items are displayed in English, even if you set language as Japanese. Power supply control This section describes power supply control for the system unit. Turning on system unit The system unit boot up automatically when turn on AC. The server blade can boot to synchronize the system unit by the setting of system unit. For details, see Server blade operation setting when power failure recovery on page Turning off system unit When turn off the system unit, operate the management module to turn off. Turn off the system unit after turning off all server blades. The following tables describe turning off the system unit. Table 2-47 Web console operation Item Shutting down the system unit Operation Resources tab > Modules > All modules > Chassis > Action tab > Shutdown Table 2-48 CLI console command Item Shutting down the system unit Command Shutdown chassis Functional detail 2-41

66 Table 2-49 LCD touch console operation Item Operation Shutting down the system unit Hardware maintenance > Server Chassis (SC) > Chassis shutdown Operating power supply for server blade You can operate relating to the power supply of server blade by the management module. The following tables describe the operating power supply. Power ON Power OFF Force power OFF Hard reset Issue NMI Restart BMC Note: Turning off may not perform depend on the OS type/status of the server blade. We recommend that turn off the server blade from the OS or ServerConductor. "Restart BMC" is used for recovery when an error occurs. Do not use it in usual operation. Tip: "Power OFF" is an emulation of pressing the server blade power button for a second. "Force power OFF" is also that of pressing the server blade power button for four seconds. Table 2-50 Web console operation Item Power on, Power off, Forced power off, Hard reset, Issuing NMI Rebooting BMC Operation Resources tab > Modules > All Modules > Server Blades > Server Blade x > Condition tab Resources tab > Modules > All Modules > Server Blades > Server Blade x > BMC tab Note: *x: One of Server blade 0 7 Table 2-51 CLI console command Item Command Turning on poweron blade 2-42 Functional detail

67 Item Turning off / Forced turning off Hard reset / Issuing NMI Rebooting BMC Command poweroff blade reset blade bmc-reset blade Operating power supply for switch module You can turn on or off the switch module by the management module. Tip: The switch module boot up automatically when turn on AC. You do not need turn the switch module on. Table 2-52 Web console operation Item Operating power supply for switch module Operation Resources tab > Modules > All modules > Switch Module > Switch Module x Note: *x: One of Switch module 0 3 Server blade operation setting when power failure recovery You can perform the server blade operations as following by setting the management module configuration when turning on the system unit. Power on Power off Recovering the status before failure occurred. The above operations can recover the power supply automatically for the server blade. You can set the waiting time from booting the system unit to turning on the server blade. The waiting time can be set between 0 minute and 60 minutes. This configuration can turn on the server blade until peripheral devices turned on completely when peripheral devices need to be turn on before turning on the server blade. Note: For the standby server blade of N+M cold standby function, you should set "turn off" on this configuration. If the standby server blade is set "turn on", the standby server blade cannot be performed N+M cold standby failover. When N+M cold standby function is enabled, you must set this function for server blade operation setting of recovering power failure. If you set Functional detail 2-43

68 this function using UEFI setup menu, the server blade may not be operated this function correctly. Tip: In SMP configuration, each server blade operates with the primary server blade settings. You need not to perform setting for non-primary server blades. Table 2-53 Web console operation Item Displaying the server blade operation setting when power failure recovery Operation Resources tab > Modules > All modules > Server Blade > Server Blade x > Settings Tab Note: *x: One of Server blade 0 7 Remote control for server blade This section describes controlling a server blade with remote console or OS console. Using remote console This system unit uses remote consoles as graphical console of each server blade. You can operate by remote control for displaying VGA, operating keyboard/mouse, remoting CD/DVD, and remoting FD. For details about operating the remote console, see the Hitachi Compute Blade 500 Series Remote console user guide. The remote console can be booted through the Web console or the Web browser of system console. Remote control session can be managed from the management module console. The BMC remote console session status can be displayed, and the session can be disconnected forcedly. Table 2-54 CLI console operation Item Displaying the session information of remote console Disconnecting the session of remote console Operation show blade bmc session disconnect blade bmc session Note: In SMP configuration, select the primary server blade when starting the remote console Functional detail

69 Using OS console To boot the remote console in an environment where multiple IP addresses can be assigned to BMC, boot the remote console by using a system console that can connect to any IP address of BMC. The OS console is the remote control function for the serial console. The OS console transfers the input/output operation of server blade serial port to the system console through LAN. Note: The OS console cannot be used for following operations. To execute following operations, use the remote console as graphical console. Operation before booting the OS. OS installation Preparation for using OS console Do the following prerequisites before using the OS console. Installing terminal software The system console must be installed the terminal software. Linux OS may be preinstalled in the initial status. The terminal software needs the following functions to install. When connecting Telnet, Telnet can be used. When connecting SSH, SSH version2 can be used. Tip: The garbage characters may be displayed depend on the terminal software specification when inputting or outputting. The terminal software configuration must be built the same as the OS configuration. Confirmation for OS serial port setting The OS console is connected COM2 port of the server blade. The connecting procedure is different depend on the type of server blade OS. The following table describes the COM2 port configuration of the OS. Windows Table 2-55 COM2 port configurations Item Description Port COM2 Baud rate Data Parity 8 bit N/A Functional detail 2-45

70 Item Description Stop Flow control Recommended terminal type 1 bit N/A VT100 Note: Windows Special Administration Console (SAC) cannot be used the OS console. Red Hat Enterprise Linux The following table describes the OS parameter configuration. Table 2-56 Parameter configurations Item Description Remarks /boot/grub/grub.conf configuration /etc/inittab configuration /etc/sysconfig/kudzu configuration Adding console=tty0 console=ttys1, at the end of each kernel line. Adding co:2345:respawn:/sbin/ agetty ttys0 vt100 at the last line. Perform init q(telinit q)after adding the above configuration. Changing to SAFE=yes. - This setting is not needed for Linux 6.2 or later. This setting is not needed for Linux 6.2 or later. /etc/securetty configuration Adding ttys0. - Tip: You need to install the Linux login mode using "Text mode". When installing by "Graphic mode", you must change to "Text mode". For the change procedure, see the attached document of your OS. OS console operations The OS console can be started through the CLI console. The following table describes the OS console operations. Note: In SMP configuration, select the primary server blade when starting the OS console Functional detail

71 Table 2-57 CLI console operation Item Operation Starting OS console change console b Tip: When OS console is used on another terminal, you cannot start the OS console on CB 520H A1/B1/B2, CB 520A A1, or CB 540A A1/B1. If network is disconnected while you use the OS console, the session may remain for a while. If so, performing "Disconnecting the session of remote console" cancels it. See Remote control for server blade on page When starting OS console on CB 520X B1/B2, which is being operated by another terminal, you can use the OS console on the terminal connected later. The other terminal connected earlier will not work and be disconnected from the OS console by entering any key. Restriction for using OS console OS console operation Character code/color Make sure to note the following restrictions when using the OS console. Input operation Keyboard input is suitable for the OS console. Faster data input, such as file transfer, is not supported. Input by the keyboard. Recovery procedure while disconnecting the session Depending on your environments, window may be displayed slowly, or the terminal software session may be disconnected. If window may be displayed slowly, or the terminal software session may be disconnected, reconnect the OS console. The software that output a lot of characters may be degraded the performance. Confirm the performance before using this software. Decrease output characters as necessary. No transfer of part of characters When you cut and paste characters in the OS console, a part of characters may not be transferred. The different character code or displayed color may be happened between the system console and the server blade. If the following "Situation" happens, operate "Recovering procedure". Table 2-58 Solution to garbled characters Item Situation Description The garbled characters are displayed in the system console. Functional detail 2-47

72 Item Description Cause The communication setting is incorrect. The unapt character set is selected in the software of system console. The unapt character code is sent from the software. Recovering procedure For confirmation of software configuration in the system console, see Confirmation for OS serial port setting on page The apt character set is reselected in the software of system console. For confirmation of procedure correctness, see the document of software. Red Had Enterprise Linux system required function Send the following sequences to use the system required function on the OS console. Table 2-59 Sequence transmission Item Description Telnet connection Send the Internet AsCommand (IAC) break sequence in the Telnet specification. Or send Ctrl + /. The sending procedure of break signal is different depend on the type of terminal software. For details, see the document of terminal software. SSH connection Send Ctrl + /. Identification LED (LID) operation The following modules are installed Identification LEDs (LID), you can turn on/off LID by the management module console. LIDs notify the system unit operator the information which module is operated by remote control. Front panel Management module Server blade Switch module Tip: You can separately operate LID of each server blade even in SMP configuration. Table 2-60 Web console operation Item Displaying/operating LID of the front panel Operation Resources tab > Modules > All modules > Chassis > Front panel tab 2-48 Functional detail

73 Item Displaying/operating LID of the management module Displaying/operating LID of server blade Displaying/operating LID of switch module Operation Resources tab > Modules > All Modules > Management Module > Management Module x Resources tab > Modules > All Modules > Server Blade > Server Blade x Resources tab > Modules > All modules > Switch Module > Switch Module x Note: *x: One of Server blade 0 7. Table 2-61 CLI console command Item Displaying LID of the front panel Operating LID of the front panel Displaying LID of the management module Operating LID of the management module Displaying LID of server blade Operating LID of server blade Displaying LID of switch module Operating LID of switch module Command show front-panel led set front-panel led show mgmt-module status set mgmt-module led show blade status set blade led show sw-module status set sw-module led Table 2-62 LCD touch console operation Item Displaying/operating LID of the front panel Displaying/operating LID of the management module Displaying/operating LID of server blade Displaying/operating LID of switch module Description Hardware maintenance > Server Chassis(SC) > LID ON/OFF Hardware maintenance > Management Module(MM) > LID ON/OFF Hardware maintenance > Server Blade(SB) > LID ON/OFF Hardware maintenance > Switch Module(SW) > LID ON/OFF Each module configuration This section describes configuration of each module in the system unit. Functional detail 2-49

74 Configurable modules from management module The management module, the server blade, the switch module, and others are installed in the system unit. You need to set these modules configuration for system construction and operation. You can set these modules configuration by the management module console in the system unit. You can also link to these module consoles by the management module console. Therefore, you can set each module configuration seamlessly without connecting each console when connecting the management module console. The following table describes the configurable module items from the management module console. Table 2-63 Configurable module items from Web console Item Configuring from the management module console Linking to the target module Remarks Server blade (BMC) configuration Server blade (UEFI) configuration Y - - Y(partly) - - LPAR manager configuration Y(partly) - For details, see LPAR manager cooperation function on page Hitachi 1 Gb/sec LAN switch module (20-port) configuration Hitachi 1 Gb/sec LAN switch module (40-port) configuration Hitachi 1/10 Gb/sec LAN switch module configuration Brocade 10 Gb/sec LAN switch module configuration Brocade 8 Gb/sec Fibre Channel switch module configuration Brocade 16 Gb/sec Fibre Channel switch module configuration Hitachi Fibre Channel mezzanine card configuration Y(partly) - - Y(partly) - - Y(partly) Y - - Y 1 - Y - - Legend: Y: Available -: N/A 2-50 Functional detail

75 Note: Item Configuring from the management module console Linking to the target module Remarks 1. Single sign-on is available. You can log into the switch module Web console without entering the switch module account: single-sign on. Table 2-64 Configurable module items CLI console operation Item Configuring from the management module console Linking to the target module Remarks Server blade (BMC) configuration Server blade (UEFI) configuration LPAR manager configuration Hitachi 1 Gb/sec LAN switch module (20- port) configuration Hitachi 1 Gb/sec LAN switch module (40- port) configuration Hitachi 1/10 Gb/sec LAN switch module configuration Brocade 10 Gb/sec DCB switch module configuration Brocade 8 Gb/sec Fibre Channel switch module configuration Brocade 16 Gb/sec Fibre Channel switch module configuration Hitachi Fibre Channel mezzanine card configuration Y Y Y - - Y Y Y - - Y Legend: Y: Available -: N/A Notes: 1. The switch module console can be logged in without inputting the switch module account. Functional detail 2-51

76 Item Configuring from the management module console Linking to the target module Remarks 2. Connect the OS console during LPAR manager is booting, you can connect the LPAR manager console. For details about LPAR manager console, see the Hitachi Compute Blade 500 Series Logical partitioning manager user's guide. Tip: You need to set the role configuration in the account correctly for the setting of each module. For details, see the Hitachi Compute Blade 500 Series Web console user's guide and the Hitachi Compute Blade 500 Series CLI console user's guide. Table 2-65 Web console operation Item Server blade (BMC) configuration Server blade (UEFI) configuration LPAR manager configuration Hitachi LAN switch module configuration Brocade 8 Gb/sec Fibre Channel switch module or Brocade 16 Gb/sec Fibre Channel switch module link to Web console Hitachi Fibre Channel mezzanine card configuration Operation Resources tab > Modules > All Modules > Server Blade > Server Blade x > BMC tab Resources tab > Modules > All Modules > Server Blade > Server Blade x > EFI tab Resources tab > Modules > All Modules > Server Blade > Server Blade x > LPAR tab Resources tab > Modules > All modules > Switch Module > Switch Module x > Configuration tab Resources tab > Modules > All Modules > Switch Module > Switch Module x > Configuration tab Resources tab > Modules > All Modules > Server Blade > Server Blade x > I/O card tab Table 2-66 CLI console command Item Command Linking to CLI console of switch module change console -s Server blade (BMC settings) The BMC settings can be configured by the management module. The setting item is reflected immediately. For details about setting items, see the Hitachi Compute Blade 500 Series Web Console User's Guide and Hitachi Compute Blade 500 Series CLI Console User's Guide. BMC setting items include Asset Tag. Setting Asset Tag displays information of the following items Functional detail

77 Product name: On the management module Web console, Resources tab > Modules > All Modules > Server Blades > Server Blade x > Hardware tab Server Name on HCSM When Server ABC is set to CB 520H A1 on Asset Tag, for example, the following is displayed. Server ABC (CB 520H A1) Note: CB 520A A1 and CB 540A A1/B1 server blades do not support Asset Tag. Server blade (UEFI settings) The UEFI settings can be configured by the management module. The setting item is reflected when turning on the server blade. For details about setting items, see the Hitachi Compute Blade 500 Series Web Console User's Guide. Note: Since some items cannot be configured from the management module, configure the setting by the UEFI setup menu. After the setting change, when the N+M cold standby switches between server blades before you turn on the server blade, the changed setting value is discarded. Therefore, the server blade starts up with data taken over at N+M cold standby. If you set EFI during OS startup after powering on the server blade, the setting may not be reflected depending on the timing. Change settings when the server blade is powered off or after the OS starts up. Hitachi LAN switch module settings The Hitachi LAN switch module settings can be configured by the management module. The setting item is reflected immediately. For details about setting items, see the Hitachi Compute Blade 500 Series Web Console User's Guide. Note: Since some items cannot be configured from the management module, configure the setting by the switch module console. Hitachi Fibre Channel mezzanine card settings The UEFI settings can be configured by the management module. The setting item is reflected when turning on the server blade. For details about setting items, see the Hitachi Compute Blade 500 Series Web Console User's Guide. Note: After changing the setting, when the N+M cold standby is switched before turning on the server blade, the changed setting value is broken. Therefore, the changed setting value is not reflected the server blade. Functional detail 2-53

78 WWN and MAC addresses This section describes WWNs and MAC addresses for the system unit. Various WWN and MAC addresses The usable WWN and MAC addresses are the following three types in the system unit. Default Physical WWN and MAC address: The Default Physical WWN and MAC address is specific addresses for the Fibre Channel mezzanine card and LAN expansion card, and these addresses cannot be changed. Optional Physical WWN and MAC address: The Optional Physical WWN and MAC address are additionally assigned the Fibre Channel mezzanine card and LAN expansion card. The Optional Physical WWN and MAC address is only used by the Compute Blade. When changing the Fibre Channel mezzanine card and LAN expansion card, the WWN and MAC address is not changed while installing the same slot. Therefore, you do not need change the setting of Fibre Channel mezzanine card, LAN expansion card, and other devices when changing the mezzanine card. The Optional Physical WWN address is used in the N +M cold standby. See Relation between N+M cold standby and WWN and MAC address on page LPAR manager managed WWN and MAC address: LPAR manager manage the LPAR manager managed WWN and MAC address. For WWN, LPAR manager creates the unique address of each LPAR manager system depend on the virtual FC WWN information. For MAC address, LPAR manager creates the unique address of each LPAR manager system depend on the VNIC System No. When using the Fibre Channel mezzanine card and the LAN expansion card in LP mode, WWN and MAC address is used although PCI device dedication/common is specified. When changing the Fibre Channel mezzanine card and LAN expansion card, the WWN and MAC address is not changed while installing the same slot. For details, see the Hitachi Compute Blade 500 Series Logical partitioning manager user's guide. Note: Optional Physical MAC address for Broadcom 1 Gb LAN mezzanine card - CB 520H A1/B1, CB 520A A1, CB 540A A1/B1 server blades do not support it. Make sure to select Default Physical MAC address for operation. Emulex 8 Gb 2-port Fibre Channel mezzanine card supports Optional Physical WWN function and Default Physical WWN display function as following version. - Management module A0115 or later - Server blade firmware For CB 520H A1/B1:Integrated FW or later 2-54 Functional detail

79 For the versions listed in the table below, the following features of the Emulex 10 Gb onboard CNA (4 ports) on the CB 520X B1 server blade are supported: - MAC features Additional MAC address assignment feature Management module MAC address display feature - WWN features Additional WWN assignment feature Management module WWN display feature - Management module A0220 or later - Server blade firmware Integrated FW or later For unsupported firmware, if you selected and were using an additional MAC address, when supported firmware is applied, the MAC address will switch to the additional MAC address. For this reason, if you are using unsupported firmware, you must select and use the original MAC address. For unsupported firmware, if you selected and user using an additional WWN, when supported firmware is applied, the WWN of the FCoE port will switch to the additional WWN. For this reason, if you are using unsupported firmware, you must select and use the original WWN. If you select Custom for the Personality setting for the Emulex 10 Gb onboard CNA (4 ports), the additional MAC address assignment and additional WWN assignment features cannot be used. If you select Custom, you must select and use the original MAC address and the original WWN. Note: Depending on the firmware version and the Personality and MultiChannel Support settings, the restrictions described in (a) to (d) apply to the following features of the Emulex 10 Gb CNA/LAN expansion cards and onboard CNA (2 ports) on the CB 520H A1/B1/B2, CB 520A A1 and CB 540A A1/B1 models. Make sure to follow those restrictions in operation. - MAC Assigns Optional Physical MAC address. Displays MAC address of the management module. - WWN Assigns Optional Physical WWN address. Displays WWN address of the management module. Personality setting value MultiChannel Support setting value Disabled Enabled MAC WWN MAC WWN NIC (NIC Only) No restriction - 1 (a) - 1 iscsi (NIC + iscsi) (b) - 1 (a) - 1 Functional detail 2-55

80 Personality setting value MultiChannel Support setting value Disabled Enabled MAC WWN MAC WWN FCoE (NIC + FCoE) (c) (d) (a)/(c) (d) Note: 1. WWN is available only when Personality is set to FCoE. (a) Functions of Optional Physical MAC address assignment and of management module MAC address view when MultiChannel Support is enabled are supported only by the firmware versions shown in the following table. - Management module A0125 or later - Server blade firmware For CB 520H A1/B1:Integrated FW or later For CB 520A A1:Integrated FW or later For details about MultiChannel Support configuration, see the OneCommandManager Guide. (b) The following restrictions are on Optional Physical MAC address assignment to the iscsi port when Personality is set to iscsi and MultiChannel Support is disabled. - CB 520H A1/B1, CB 520A A1, CB 540A A1/B1 server blades do not support it. - CB 520H B2 server blade supports it with firmware versions shown in the following table. When Optional Physical MAC address is selected with a not-supported firmware version in operation and then a supported firmware version is applied, the iscsi port is changed to Optional Physical MAC address. Thus, when using a not-supported firmware version, make sure to select Default Physical MAC address for operation. - Management module A0165 or later - Server blade firmware Integrated FW or later (c) The following restrictions are on Optional Physical MAC address assignment to the FCoE port and management module MAC address view. - CB 520H A1/B1, CB 520A A1, CB 540A A1/B1 server blades do not support it Functional detail

81 - CB 520H B2 server blade supports it with firmware versions shown in the following table. When Optional Physical MAC address is selected with a not-supported firmware version in operation and then a supported firmware version is applied, the FCoE port is changed to Optional Physical MAC address. Thus, when using a not-supported firmware version, make sure to select Default Physical MAC address for operation. - Management module A0165 or later - Server blade firmware Integrated FW or later (d) The following restrictions are on Optional Physical WWN address assignment to the FCoE port and management module WWN address view. - CB 520H A1/B1, CB 520A A1, CB 540A A1/B1 server blades do not support it. - CB 520H B2 server blade supports it with firmware versions shown in the following table. When Optional Physical WWN address is selected with a not-supported firmware version in operation and then a supported firmware version is applied, the FCoE port is changed to Optional Physical WWN address. Thus, when using a not-supported firmware version, make sure to select Default Physical WWN address for operation. - Management module A0165 or later - Server blade firmware Integrated FW or later Selecting WWN and MAC addresses in basic mode You can select the type of WWN and MAC address in basic mode: original or additional (hereinafter called WWN identification or MAC identification). Each WWN identification or MAC identification can be selected for each server blade from original or additional. When changing WWN and MAC identification, the values of all Fibre Channel mezzanine cards and LAN expansion cards are changed. We recommend selecting the additional for following reason. When changing the mezzanine card, the OS and external devices are affected to minimum due to not changing WWN/MAC address. Tip: In SMP configuration, each server blade operates with the primary server blade settings. You need not to perform setting for non-primary server blades. Functional detail 2-57

82 Table 2-67 Web console operation Item Displaying/setting WWN identification Displaying/setting MAC identification Operation Resources tab > Modules > All modules > Server Blade > Server Blade x > Setting tab > Edit Server Settings button Resources tab > Modules > All modules > Server Blade > Server Blade x > Setting tab > Edit Server Settings button Note: *x: One of Server blade 0 7 Table 2-68 CLI console command Item Displaying WWN identification Setting WWN identification Displaying MAC identification Setting MAC identification Command show blade status set blade preconf show blade status set blade preconf Selecting WWN and MAC address in LP mode WWN and MAC address, which is selected for LPAR manager, is used although PCI device dedication/common is specified in LP mode. Relation between N+M cold standby and WWN and MAC address When N+M cold standby is operated in basic mode, the Optional Physical WWN is always used. The Optional Physical WWN of Fibre Channel mezzanine card in the active partition is set the Fibre Channel mezzanine card in the standby partition, and then SAN connection is continued while switching the N +M cold standby. For the N+M cold standby, the software function (Persistent Binding or something) that depend on WWN is continued to use because of not changing WWN after switching the N+M cold standby. For MAC address, you can select to use the Default Physical MAC address or the Optional Physical MAC address. When selecting the Default Physical MAC address, the MAC address value cannot be continued while switching the N+M cold standby. When selecting the Optional Physical MAC address, the MAC address value can be continued while switching the N+M cold standby. Therefore, the OS setting that depend on MAC address is continued to operate because of not changing MAC address after switching the N+M cold standby. When N+M cold standby is operated in LP mode, WWN and MAC address, which is selected for LPAR manager, is continued while switching the N+M cold standby. The function that depend on WWN and MAC address is 2-58 Functional detail

83 continued to operate because of not changing WWN and MAC address after switching the N+M cold standby. Initializing Optional Physical WWN and MAC address The Optional Physical WWN and MAC address can be continued to use on other server blade. When the Optional Physical WWN and MAC address is changed to the previous setting for some reason, you can operate initializing the Optional Physical WWN and MAC address (reset to factory default setting) or changing. We recommend that initialize the Optional Physical WWN and MAC address using the switching back N+M cold standby function of ServerConductor/ Blade Server Manager. If ServerConductor/Blade Server cannot initialize the Optional Physical WWN/MAC address, operate this initializing the Optional Physical WWN/MAC address. Note: When operate this initializing the Optional Physical WWN and MAC address, initialize both the active and standby of N+M cold standby at the same time. Therefore, operate the initialization carefully to avoid duplicating WWN and MAC address. Tip: Initialization is performed simultaneously on all server blades in SMP configuration. Table 2-69 Web console operation Item Operation Initializing the Optional Physical WWN address Resources tab > Systems > WWN Management > Server blade x > Show details button > Optional Physical WWN > Initialize button Changing the Optional Physical WWN address Initializing the Optional Physical MAC address Changing the Optional Physical MAC address Resources tab > Systems > WWN Management > Server blade x > Show details button > Optional Physical WWN > Optional Physical WWN List > Edit button Resources tab > Systems > MAC Management > Server blade x > Show details button > Optional Physical MAC > Initialize button Resources tab > Systems > MAC Management > Server blade x > Show details button > Optional Physical MAC > Optional Physical MAC List > Edit button Confirmation for WWN and MAC address You can confirm the followings using the management module console. Default Physical WWN Optional Physical WWN Current using WWN WWN for LPAR manager Functional detail 2-59

84 Default Physical MAC address Optional Physical MAC address Current using MAC address MAC address for LPAR manager You can confirm the value of WWN and MAC address through the management module without turning on the server blade, confirming the OS window, and confirming the UEFI window. The management module can show in the values list of all Fibre Channel mezzanine cards and the LAN expansion cards in the server blade. Therefore, you can confirm the used WWN and MAC address immediately*. *The changed WWN and MAC address by the management module are set on the Fibre Channel mezzanine card and LAN expansion card when turning on the server blade. If the server blade is not turned on after changing the WWN and MAC address, the values of current WWN and current MAC address, which are displayed in the management module console, may be different from the actual values assigned to the Fibre Channel mezzanine card and the LAN expansion card. Table 2-70 Web console operation Item Displaying Default Physical WWN Displaying Optional Physical WWN Displaying WWN in current use Displaying Default Physical MAC address Displaying Optional Physical MAC address Displaying MAC address in current use Displaying WWN for LPAR manager Displaying MAC address for LPAR manager Operation Resources tab > Systems > WWN Management > Server blade x > Show details button > Default Physical WWN Resources tab > Systems > WWN Management > Server blade x > Show details button > Optional Physical WWN Resources tab > Systems > WWN Management > Show Current WWN button Resources tab > Systems > MAC Management > Server blade x > Show details button > Default Physical MAC Resources tab > Systems > MAC Management > Server blade x > Show details button > Optional Physical MAC Resources tab > Systems > WWN Management > Server blade x > Show Current MAC button Resources tab > Systems > WWN Management > Server blade x > Show details button > Virtual WWN Resources tab > Systems > MAC Management > Server blade x > Show details button > Virtual MAC Note: When Default Physical WWN display function of Emulex 8Gb 2-port Fibre Channel mezzanine card is not supported, the Default Physical WWN value is not displayed. Confirm the Default Physical WWN value in the BIOS setting window Functional detail

85 Table 2-71 CLI console command Item Displaying the Default Physical WWN Displaying the currently used WWN Displaying the Default Physical MAC address Displaying the currently used MAC address Command Show wwn original Show wwn current Show mac original Show mac current Tip: For Emulex 10 Gb CNA mezzanine card and the onboard CNA, the following WWN addresses are shown on the Web console or CLI console. View on the Web console or CLI console (Emulex 10 Gb CNA mezzanine card / onboard 2-port CNA) Port shown on the console World Wide Port Name World Wide Node Name 0 World Wide Port Name for port 0 of controller 0 1 World Wide Port Name for port 1 of controller 0 2 World Wide Port Name for port 0 of controller 1 3 World Wide Port Name for port 1 of controller 1 World Wide Node Name for port 0 of controller 0 World Wide Node Name for port 1 of controller 0 World Wide Node Name for port 0 of controller 1 World Wide Node Name for port 1 of controller 1 View on the Web console or CLI console (Emulex 10 Gb CNA onboard 4-port CNA) Port shown on the console World Wide Port Name World Wide Node Name 0 World Wide Port Name of port 0 of controller 0 1 World Wide Port Name of port 1 of controller 0 2 World Wide Port Name of port 2 of controller 0 3 World Wide Port Name of port 2 of controller 0 World Wide Node Name of port 0 of controller 0 World Wide Node Name of port 1 of controller 0 World Wide Node Name of port 2 of controller 0 World Wide Node Name of port 2 of controller 0 - Since the onboard CNA (2 ports) has one controller, Current WWN and Default Physical WWN for port 2 and port 3 are not shown on the console. Functional detail 2-61

86 - If Personality for Emulex 10 Gb CNA mezzanine card or onboard 2-port CNA is not set to FCoE, Current WWN and Default Physical WWN cannot be shown and the following message appears. [Web console] Not card installed Not exist WWN Information [CLI console] WWN information does not exist - If Personality for onboard 4-port CNA is not set to FCoE, Current WWN and Default Physical WWN cannot be shown and the following message appears. [Web console] Not card installed Not exist WWN Information [CLI console] WWN information does not exist Change log for Optional Physical WWN and MAC address Each WWN and MAC address registers 1023 times change log, such as continuing/ initializing/changing the Optional Physical WWN and MAC address at N+M cold standby. You can confirm the change log by the management module console. The change log registers the time, before and after the change, and the method (by N+M cold standby failover or by the management module console). Therefore, you can know that when N+M cold standby failover occurs, and which values of WWN and MAC address changed. You can confirm only the change log of Optional Physical WWN and MAC address. The WWN and MAC address for LPAR manager cannot be confirmed the change log. Table 2-72 Web console operation Item Displaying the WWN change log Displaying the MAC address change log Operation Alerts tab > All logs > Optional Physical WWN Change log Alerts tab > All logs > Optional Physical MAC Change log Table 2-73 CLI console command Item Displaying the WWN change log Command show log wwn-edit 2-62 Functional detail

87 Item Displaying the MAC address change log Command show log mac-edit Viewing the host information of the server blade The server installation and monitoring tool is a tool kit supplied with the server, which enables automatic installation of the OS and drivers on the server as well as automatic upgrading of the utilities, drivers, and firmware. By installing the server installation and monitoring tool in the OS of the server blade, you can view the OS information (host information) from the Web console of the management module. Table 2-74 Host information that can be viewed Information Description Windows Linux OS 1 Type of the OS installed on the server Windows version and service pack version Example: Microsoft Windows Server 2008 R2 Enterprise Service Pack 1 The output of /etc/redhatrelease is displayed. Example: Red Hat Enterprise Linux Server release 6.5 (Santiago) Host name 2 Host name specified for the OS installed on the server Computer name The output of the hostname command is displayed. Y: Available Notes: 1. The switch module console can be logged in without inputting the switch module account. 2. Connect the OS console during LPAR manager is booting, you can connect the LPAR manager console. For details of LPAR manager console, see the Hitachi Compute Blade 500 Series Logical partitioning manager user's guide. Note: To view the host information, ServerNavigator must be installed on the OS. Viewing the host information is only supported for Windows, Linux, and VMware. Viewing the host information of a guest OS in a virtual environment (Hyper-V, LPAR manager, VMware, etc.) is not supported. Viewing the host information is supported for the following versions: Management module A0150 or later Server blade Functional detail 2-63

88 - For CB 520H A1/B1: Integrated firmware or later - CB 520A A1: Integrated firmware or later - CB 540A A1/B1: Integrated firmware or later - For other server blades, all versions of intgrated firmware are supported. ServerNavigator X or later (for ESXi version or later) If the version of any firmware is older than the supported versions, "-----" is displayed for the host information. After the OS starts up and the server installation and monitoring tool is automatically activated, the host information is saved to the server blade. Even when you change the host name, it is not immediately applied to the host name displayed on the Web console. To apply the new host name, restart the OS. Even when you shut down the OS, the host information saved to the server blade is retained. If you perform the following operations, the host information displayed on the Web console might be different from the actual OS information: Uninstall the server installation and monitoring tool. Uninstall the OS from the server and then reinstall the OS supported by the server installation and monitoring tool on the server without installing the server installation and monitoring tool. Uninstall the OS from the server and then reinstall the OS not supported by the server installation and monitoring tool on the server. If this is the case, delete the host information saved to the server blade. You can delete the host information from the Web console of the management module. Tip: You can delete the host information only when the server blade is powered off. Table 2-75 Consoles used to view or delete the host information Operation Web console CLI console LCD touch console Display the host information. Y Y -- Delete the host information. Y Y -- When the server installation and monitoring tool is installed on the active server blade in the N+M cold standby configuration, the host information is saved to the standby server blade at the following timing: the N+M failover occurs and the server installation and monitoring tool starts up on the standby server blade. Even when the N+M recovery occurs and the active server blade takes over for the standby server blade, the host information saved to the standby server blade is retained. You can also delete the host information saved to the standby server blade by using the host information deletion functionality Functional detail

89 ServerConductor/Blade Server Manager BSM setting This section describes efficient management with management modules and ServerConductor/Blade Server Manager. ServerConductor/Blade Server Manager (hereinafter called BSM) is software, which unify and manage multiple server blades. By managing the system unit using BSM, the system management is realized more efficiency. When the system unit is managed using BSM, you need set the BSM setting of management module. See the Hitachi Compute Blade 500 Series Web Console User's Guide for setting. You can set the BSM up to four. Note: Set the chassis ID before setting BSM destination. When changing the chassis ID after setting the BSM destination, you need to delete and re-register the host, LPAR manager, and server chassis using BSM. See the manual for BSM. When the chassis ID is changed after the BSM destination is set, chassis management with BSM may not work properly because the chassis ID information before the change remains on BSM. BSM setting items Three setting items for BSM destination are shown below. BSM name IP address Alert Level BSM detail setting items Four detailed setting items for BSM destination are shown below. Command port number Alert port number Alert connection retry interval Alert connection retry duration Note: When changing the alert port number from the default port number (20079), you need to change the service file setting for BSM. For details, see the document of BSM. Table 2-76 Web console operation Item Displaying/setting notified BSM Operation Administration Tab > SC/BSM > Action button > Edit Port Number Functional detail 2-65

90 HCSM linkage Hitachi Compute Systems Manager (hereinafter called HCSM) is software, which provides operation function for server chassis in a large scale system. System administrator can use HCSM for the system management for managing hardware resources, monitoring operation, performing N+M cold standby, controlling power consumption, and operating hardware. Management modules communicate with HCSM through management interfaces. You can select either IPv4 or IPv6 communication. Note: If you select IPv6 communication, specify static address in the IPv6 settings for the management interfaces of the management modules. In addition, from HCSM, search for the static address of the management modules. If you select IPv6 communication, disable the stateless addresses of management modules and server blades. Communication between HCSM and management modules, using two-way paths, provides the system administrator with management function. Send Command HCSM uses this for sending processing commands to a management module. Using HTTPS protocol can prevent tapping and tampering of communication data. Send alert Management modules use this to notify events occurred in the system unit to HCSM. Using SSL/TLS protocol can prevent tapping and tampering of communication data. Up to four HCSMs can link to a management module Functional detail

91 Note: HCSM discovery HTTPS must be enabled in HCSM linkage. See Security on page 2-26 for HTTPS settings and how to change them. When Security strength is set to high or when Security strength is set to default and communication is enabled only with TLS 1.2, connection with HCSM not supporting TLS 1.2 is not available. See HCSM instruction manuals for the operation. When the port number used for HTTPS communication is changed from 443 in the HCSM setting, change the port number used for the management module to the same number as HCSM.To change the port number used for the management module, change the port number for HTTPS, which is a service provided by management modules. HCSM has a feature, hereinafter referred to as Discovery, to detect system units in the managed network. System administrator can add all system units in the network to managed resources by executing Discovery with HCSM user interface. When specifying system units as managed resources, HCSM registers itself into the management module of the system units. You can find HCSM information registered on the management module using Discovery on the Web console and CLI console. Tip: When four HCSMs have been registered in a management module, the system unit with the management module cannot be a target if you execute Discovery on HCSM other than that registered in the management module. Table 2-77 Web console operation Item HCSM information and settings Operation Administration tab > HCSM Table 2-78 CLI console operation Item Showing HCSM information Setting HCSM information Deleting HCSM information Operation show hcsm setting set hcsm manager delete hcsm manager HCSM options This subsection describes option settings for management modules to link to HCSM. By configuring the network for management modules, and then discovering and adding resources by using the HCSM user interface, you can link the Functional detail 2-67

92 Disabling HCSM management modules to HCSM. Other settings for the management modules are not required. You can disable HCSM function, which prevent HCSM from managing the system unit. If you execute Discovery with HCSM disabled, the system unit will not be a target for management. Access control by IP address When you enable Access control for an HCSM server registered in a management module, the management module can work together only with the registered HCSM server. If you execute Discovery from a non-registered HCSM with Access control enabled, the system unit will not become a target for management. Enabling Access control can prevent a system unit from specified as a target for management by HCSM invalidly installed after the system is configured. Note: When managing a system unit from a new HCSM with Access control enabled, you need to register the IP address in the management module before executing Discovery. Setting accounts and passwords for authentication Changing alert levels Management modules authenticate the account and password when connecting to HCSM. Management modules and HCSM share the common default account and password. System administrator can specify an account and password for authentication instead of the default account and password. You can change alert levels for notifying HCSM. Changing alert levels can reduce load on networks. Table 2-79 Web console operation Item HCSM option settings Operation Administration tab > HCSM Table 2-80 CLI console operation Item Showing HCSM option settings Setting HCSM settings and access control Changing HCSM alert levels Operation show hcsm setting set hcsm agent delete hcsm manager 2-68 Functional detail

93 N+M cold standby This section describes N+M cold standby. N+M cold standby overview N+M cold standby feature is to start the standby server blade automatically when an active server blade fails. Management server, such as ServerConductor/Blade Server Manager Plus, hereinafter referred to as BSM plus, or Hitachi Compute Systems Manager, hereinafter referred to as HCSM, receives the failure notification, analyzes the failure, and switches the active server blade to the standby one. You can assign a standby server blade to multiple server blades, and can start the standby server blade to restart operation if one of them fails. Although operation is temporarily stopped due to hardware failure, N+M cold standby requires less hardware resources and less time for restarting operation after the hardware failure occurs. N+M cold standby feature supports LPAR manager. When an active server blade that runs multiple logical partitions (hereinafter called LPARs) fails, restart LPARs in the standby server blade. The standby server blade can be shared between the active server blade of basic mode and the active server blade of LP mode. Note: Figure 2-8 N+M cold standbys It is necessary that hardware of active and standby servers is the same configuration or version (that is same as the Basic Mode). Functional detail 2-69

94 LPAR manager has several types of licenses such as the Essential license and the Advanced license. If the active server blade uses the Advanced license (Advanced model), the standby server blade also requires the Advanced license. Make sure that the active and standby server blades use the same type of LPAR manager license. When using Emulex network products (LAN/converged network) with the standby server blade, apply the latest firmware version before configuration. When configuring N+M cold standby with multiple server chassis, use the same hardware configuration of switch modules. Especially if with configuration where 10 Gb LAN switch module is installed in a server chassis with the active server blade and 1 Gb LAN switch module in another server chassis with the standby server blade, LAN bandwidth may change at N+M failover to affect behavior on the OS, such as lower network performance. When recovering N+M cold standby, make sure that an operating mode (LP mode or Basic mode) for the standby server blade is the same as that for the active server blade at N+M group registry. When changing the operating mode for the standby server blade after N+M failover is executed, make sure that the operating mode is returned to the original mode before recovering N+M cold standby. If you try to recover N+M cold standby with the changed operating mode for the standby server blade, the following may occur. - LPAR configuration may not be recovered correctly. - Recovering N+M cold standby may fail. If Personality is set to FCoE for the Emulex 10 Gb CNA mezzanine card or the onboard CNA (2 or 4 ports), N+M cold standby including the card is not supported. The supported functionality of N+M cold standby including enabled Emulex 10 Gb onboard CNA (4 ports) varies depending on the firmware version. For the supported functionality, see Precondition for N+M cold standby on page If the HCSM version is or later, you can use IPv6 networking to connect to HCSM. When configuring N+M cold standby with multiple server chassis, select either IPv4 or IPv6 networking for all chassis to connect to HCSM. Tip: N+M cold standby can be configured over multiple system units. The active server blade and the standby server blade are not necessarily installed in the same system unit. When building the N+M cold standby configuration, you need to purchase the ServerConductor/BSM plus or HCSM. For details, ask our sales person. For configuration supporting N+M cold standby with HCSM, see the Hitachi Compute Systems Manager Function Release Schedule (FRS) Functional detail

95 If you want to switch to the standby server blade when a watchdog timer times out, you must configure the necessary settings for the management modules. N+M cold standby structure This section describes N+M cold standby structure. Server blade in basic mode When switching N+M cold standby in basic mode, the standby server blade inherits the configuration from the active server blade. Based on the configuration information, the server blade OS is booted from the same disk (logical unit [LU]), and the standby server blade can restart the same OS environment as that of the active server blade. These inheriting contents called "configuration information of server blade" or "configuration information". Figure 2-9 Server blades in basic mode Note: See Precondition for N+M cold standby on page 2-76 about restrictions. Tip: The active server blade and the standby server blade must be same hardware configuration and firmware version. Functional detail 2-71

96 Server blade in LP mode When switching N+M cold standby in LP mode, the standby server blade inherits the LPAR manager configuration (LPAR configuration, LPAR status, and WWN information that LPAR manager managed) from the active server blade. The standby server blade restarts in LP mode. Therefore, the standby server blade can be built the same LPAR configuration as the active server blade. Based on the LPAR manager configuration information, the server blade OS is booted from the same disk (logical unit [LU]), and the standby server blade can restart the same OS environment as that of the active server blade. These inheriting contents called "configuration information of server blade" or "configuration information". Note: Figure 2-10 Server blades in LP mode The same LPAR manager firmware version must be installed on the active server blade and the standby server blade. If the LPAR manager firmware version is different, N+M cold standby failover may fail. See Precondition for N+M cold standby on page The active server blade and the standby server blade must have the same hardware configuration and firmware version as in basic mode. Tip: The active server blade is switched to the standby server blade when a hardware fault occurs in the active server blade Functional detail

97 Inheriting server blade configuration information for N+M cold standby This section provides setting information to be taken over at failover by N+M cold standby. Server blade in basic mode When switching N+M cold standby in basic mode, the standby server blade inherits the following information from the active server blade. Table 2-81 Inheriting items Division Item Remarks WWN World Wide Node Name 1 World Wide Port Name MAC Media Access Control address 2 MAC categorization 3 Server blade configuration (UEFI/ BMC) 9 BMC time setting procedure, Time zone setting Schedule data - - EFI setting 4 Boot order - HBA BIOS configuration of Fibre Channel mezzanine card HBA BIOS enable/disable setting 5 Boot priority enable/disable setting Boot target WWN Emulex 10 Gb CNA/LAN mezzanine card, onboard CNA (2 or 4 ports) configuration Boot target LUN PXE Boot setting 11 6 VLAN setting 11 Bandwidth setting at port partitioning SR-IOV (when the MultiChannel Support setting is disabled) (When MultiChannel Support setting is enabled) iscsi setting Server blade configuration (SVP) Power supply control linkage setting 7 N+M cold standby support function setting 8 OS type (with LPAR manager / without LPAR manager) - Notes: 1. Inheriting Optional Physical WWN. For details, see WWN and MAC addresses on page Functional detail 2-73

98 Division Item Remarks 2. Inheriting Optional Physical MAC address. For details, see WWN and MAC addresses on page The MAC address that is set MAC categorization is used. For details, see Selecting WWN and MAC addresses in basic mode on page Only items in the UEFI settings of the management module Web console are inherited. For details, see Server blade (UEFI settings) on page When setting the N+M cold standby using Emulex 8 Gb 2-port Fibre Channel mezzanine card or Emulex 16 Gb 2-port Fibre Channel mezzanine card, all setup menu items of HBA BIOS configuration transfer to the server blade configuration. 6. For these conditions to be inherited, a setting other than FCoE must be specified as the Personality setting of the active server blade and the standby server blade, and the MultiChannel Support settings must be the same. If Personality is set to FCoE for the Emulex 10 Gb CNA mezzanine card or the onboard CNA (2 or 4 ports), N+M cold standby including the card is not supported. If Personality is set to iscsi for the onboard CNA (4 ports), N+M cold standby including the card is not supported. For details about each item, see the following: Hitachi Compute Blade Emulex Adapter User's Guide for Driver Hitachi Compute Blade Emulex Adapter User's Guide for Hardware Hitachi Compute Blade Emulex Adapter User's Guide for Utility 7. The following conditions should be required. - Personality configuration of active server blade and standby server blade are NIC or iscsi. - MultiChannel Support settings are the same. N+M cold standby including the card with FCoE set as Personality is not supported. For details, see the OneCommand Manager Guide. 8. For details, see Server blade operation setting when power failure recovery on page For details, see N+M cold standby configuration procedure on page In SMP configuration, setting information of the primary server blade alone is taken over. 11. For the onboard CNA (4 ports), these items are not inherited. Tip: When recovering the N+M cold standby, the active server blade return to the status as before switching the N+M cold standby. The inherited information is returned to the active server blade from the standby server blade. The standby server blade still have the inherited information, therefore, the standby server blade do not return the status as before switching the N+M cold standby. (For WWN and MAC address, the standby partition returns the status as before switching the N+M cold standby.) When Emulex CNA is used with iscsi for Personality, an IP address and SubnetMask for iscsi Initiator are cleared to 0, zero, in the faulty active server blade at the failover time and restored standby server blade at the restore time Functional detail

99 Server blade in LP mode When switching N+M cold standby in LP mode, the standby server blade inherits the information of Server blade in basic mode on page 2-71 adding the following LPAR manager information from the active server blade. Table 2-82 Inheriting items Division Item Remarks LPAR information LPAR configuration information - Logical NVRAM information 1 LPAR manager system information Logical schedule data information System configuration information PCI device configuration information Virtual NIC configuration information Common FC information - Virtual FC WWN seed information - Note: 1. Logical UEFI boot path, order, boot timer, and driver path are in the logical NVRAM. For driver path, the item that added from UEFI shell cannot be inherited. Failover time for N+M cold standby The time required for the N+M cold standby failover shows as follows. Server blade in basic mode Failover time for N+M cold standby = [Waiting time until starting to switch] + [Time for switching] + [OS booting time] Server blade in LP mode Failover time for N+M cold standby = [Waiting time until starting to switch] + [Time for switching] + [LPAR manager booting time*] + [OS booting time in LPAR] *5 10 minutes Tip: In N+M cold standby using HCSM, HCSM monitors if the OS on the standby server blade starts up within the maximum allotted time for "Host OS Startup" specified by the user after switching server blades. Functional detail 2-75

100 If the standby OS startup is not completed within the maximum allotted time for "Host OS Startup" specified by the user, an error message saying that N +M failover failed (KASV00212-E) is shown on the HCSM task result window regardless of whether the standby OS has started up or not. Thus, even if N +M cold standby failover is successful and the standby OS has completely started up, the error message (KASV00212-E) may be displayed on the HCSM task result window. Standby OS startup completion takes longer depending on the server blade configuration, such as CB 540A A1/B1 blade and SMP. Then, set an appropriate time for the maximum allotted time for "Host OS Startup". Precondition for N+M cold standby The following system unit configurations are preconditions for the N+M cold standby. SAN booting The active server blade and the standby server blade must be built the same hardware configuration. CPU type, number of CPU Memory capacity Mezzanine card, I/O board module (type, installed slot) Tip: If the active server blade and the standby server blade have different CPU type, number of CPU, and Memory capacity, the N+M cold standby failover can be possible. Confirm that the standby server blade can be operated by pre-testing of failover. PCI expansion blades and storage expansion blades are connected to the active server blade and the standby server blade. None of internal HDD or USB Enablement Kit or SD Card Enablement Kit are installed Various server blade models do not coexist within the N+M group. (Example: coexistence of CB 520A A1 and CB 520H A1, or CB 520H A1 and CB 520H B1) When setting the N+M cold standby in LP mode, the server blade and peripherals support LPAR manager. When setting N+M cold standby in LP mode, all firmware used on the active server blade (the management module, server blade, and LPAR manager firmware) must correspond to the firmware on the standby server blade. When setting N+M cold standby in LP mode, set the following to the standby server blade in advance to start LPAR manager at N+M failover. Logical partitioning Set LP mode on Web console. LPAR manager firmware selection Assign LPAR manager firmware on Web console. Initial settings 2-76 Functional detail

101 Set the following items on Web console. - IP address for LPAR manager - Subnetmask - VNIC System No. - Time zone For details about logical partitioning, LPAR manager firmware selection, and LPAR manager initial settings, see the Hitachi Compute Blade 500 Series Server Blade Setup Guide. The operating conditions are satisfied for the OS and application. When setting the N+M cold standby using Emulex 8 Gb 2-port Fibre Channel mezzanine card or Emulex 16 Gb 2-port Fibre Channel mezzanine card, all setup menu items of HBA BIOS configuration transfer to the server blade configuration. Fibre Channel switch cascade number The port speed setting of Fibre Channel switch The port speed/topology setting of disk drive When setting the N+M cold standby using Emulex 10Gb CNA/LAN mezzanine card, the following settings must be required for configuration of Emulex 10Gb CNA/LAN mezzanine card and onboard 2-port or 4-port CNA in the active server blade and the standby server blade. Note: The active server blade and the standby server blade have the same MultiChannel Support configuration. The active server blade and the standby server blade have the same Personality configuration. For CNA/LAN mezzanine card and onboard CNA (2 ports), specify NIC or iscsi as the Personality setting. For onboard CNA (4 ports), specify NIC or NIC+RoCE as the Personality setting. DHCP in iscsi setting is disabled. iscsi Initiator has a unique IP address. iscsi Target is always connected. The number of iscsi Target sessions is up to four per port. For details of the MultiChannel Support configuration and Personality configuration, see the OneCommandManager Guide. Switching server blades with the N+M cold standby do not operate properly if Emulex 10 Gb CNA/LAN mezzanine card or onboard CNA, which is installed in the active server blade and standby server blade, does not have the above configuration. Use the firmware versions below to inherit the following settings in N+M cold standby: - The NIC setting of the Emulex 10 Gb CNA/LAN expansion cards for the CB 520H A1/B1 and CB 520A A1 models - The NIC setting of the onboard CNA (2 ports) Functional detail 2-77

102 Management module: A0125 or later Server blade firmware: - For CB 520H A1/B1:Integrated FW or later - For CB 520A A1: Integrated FW or later Note: Use the firmware versions below to inherit the following settings in N +M cold standby: - The iscsi setting of the Emulex 10 Gb CNA/LAN expansion cards for the CB 520H A1/B1, CB 520A A1 and CB 540A A1/B1 models. - The iscsi setting of the onboard CNA (2 ports) Management module A0135 or later Server blade firmware - For CB 520H A1/B1: Integrated FW or later - For CB 520A A1: Integrated FW or later - For CB 540A A1/B1: Integrated FW or later When Personality is iscsi, you set the iscsi settings for the stanby server blade as shown below. iscsi Initiator IP address iscsi Initiator SubnetMask Note: To take over NIC settings for Emulex 10 Gb CNA/LAN mezzanine card or for onboard 2-port CNA with N+M cold standby, use the following configurations of firmware and driver versions shown in the table. Configuration with LAN driver or and CNA firmware or is not supported. Note: The supported functionality of N+M cold standby including an enabled Emulex 10 Gb onboard CNA (4 ports) varies depending on the firmware version. For the firmware versions below, only the Optional Physical MAC addresses assigned to Emulex 10 Gb onboard CNAs (4 ports) on the active server blade can be inherited by the standby server blade. For this reason, to use N+M cold standby, you must specify the onboard CNA (4 ports) settings as described below. If you do not, do not use N+M cold standby because it is not supported. The Personality setting of the onboard CNA (4 ports) is either NIC or NIC +RoCE Functional detail

103 The onboard CNA (4 ports) settings on the active server blade and the standby server blade are the same. Management module A0230 or later Server blade firmware CB 520X B1: or later CB 520H B3: to Note: For the firmware versions below, if the Personality setting of the onboard CNAs (4 ports) on CB 520X B1 and CB 520H B3 is NIC or NIC+RoCE, the Optional Physical MAC addresses assigned to the onboard CNAs (4 ports) and the settings of the onboard CNAs (4 ports) on the active server blade can be inherited. However, N+M cold standby for which iscsi is specified for the Personality setting is not supported. Management module A0240 or later Server blade firmware CB 520X B1: or later CB 520H B3: or later Smart Configure for N+M cold standby The Smart Configure function is used for N+M cold standby failover to fetch configuration information into the management module. Before building N+M cold standby configuration, Smart Configure is executed to acquire configuration information from the active server blade and store it in the management module. At N+M cold standby failover, the configuration information stored in the management module is inherited by the standby server blade by the operation of Smart Configure, and the standby server blade starts on the basis of the configuration information. The failed active server blade may not execute Smart Configure. Figure 2-11 Smart Configure for N+M cold standby Functional detail 2-79

104 Smart Configure of opportunity The Smart Configure is executed to get and build the configuration information manually or automatically in the following cases. Executing the Smart Configure by the management module console Recovering from the N+M cold standby (by BSM Plus or HCSM) Turning on the system unit Changing the server blade configuration Executing Smart Configure by management module console The following operations are performed to execute the Smart Configure by the management module console. Executing Smart Configure This executing Smart Configure is for retaining the configuration of server blade in the management module after completing the server blade configuration while SAN boot is enabled. Table 2-83 Web console operation Item Executing Smart Configure Description Resources tab > Modules > All Modules > Server Blade > Server Blade x > Condition tab > Server Blade Action button > Run Smart Configure Enabling N+M cold standby When changing from disabled to enabled for the N+M cold standby, the Smart Configure is executed to set the Optional Physical WWN in the Fibre Channel mezzanine card. Tip: In SMP configuration, each server blade operates with the primary server blade settings. You need not to perform setting for non-primary server blades. Table 2-84 Web console operation Item Enabling N+M cold standby Description Resources tab > Modules > All modules > Server Blade > Server Blade x > Setting tab > Edit Server Blade settings button Recovering from N+M cold standby (BSM Plus or HCSM) When recovering the N+M cold standby failover, the active server blade is not executed the Smart Configure. The standby server blade is executed the 2-80 Functional detail

105 Smart Configure for becoming switchable status. The Smart Configure is executed automatically by BSM Plus or HCSM. Turning on system unit When turning on/off the system unit after building N+M cold standby configuration, the Smart Configure is executed automatically. And then the N +M cold standby is restarted. Changing server blade configuration When changing server blade configurations as follows, the Smart Configure is executed automatically by the management module. And then the configuration information of the management module is updated. Mounting server blade in the server chassis Turning on the server blade Server blade movement during running Smart Configure The LED of the front panel is blinked in the server blade during executing the Smart Configure. The server blade is momentarily turned on while blinking LED. For details of blinking LED, see the Hitachi Compute Blade 500 Series System Overview Guide. Smart Configure runtime The Smart Configure runtime is 3 15 minutes. The Smart Configure runtime is changed depend on the server blade type, number of CPU, Memory, and type/number of PCI card. N+M cold standby configuration procedure Each configuration of the Compute Blade, SAN, and BSM plus, need building individually. For configuration of SAN, and BSM plus or HCSM, see the documents of SAN, and BSM plus or HCSM. The following workflow describes the N+M cold standby configuration procedure. Functional detail 2-81

106 *1. For details, see the document of external storage. *2. For details, see the document and help of BSM Plus or HCSM. Setting Smart Configure for server blade When setting the N+M cold standby, the server blade needs to be built the following configuration. Disabling internal HDD The internal HDD cannot be used in the N+M cold standby configuration. When mounting the internal HDD, you need to set disabled. Note: Do not give the EFI Shell the highest priority for the boot priority order by UEFI setup menu. If the EFI Shell has the highest priority, the OS cannot boot normally although the N+M cold standby failover executed. Enabling N+M cold standby The N+M cold standby function is enabled in both the active server blade and the standby server blade. The Smart Configure is performed immediately for the server blade that the N+M cold standby function is enabled. The Fibre Channel mezzanine card is set the Optional Physical WWN by this Smart Configure. Table 2-85 Web console operation Item Enabling N+M cold standby Description Resources tab > Modules > All modules > Server Blade > Server Blade x > Setting tab > Edit Server Blade settings button 2-82 Functional detail

107 To perform an N+M failover when a watchdog timer times out, enable the WDT timeout N+M failover setting. The initial setting (the setting at shipping time) of the system unit is Disable. Table 2-86 Web console operation Item WDT timeout N+M failover setting Description Resources tab > Modules > All modules > Chassis > Setting tab Tip: For the Smart Configure runtime, see Smart Configure runtime on page When setting the N+M cold standby in LP mode, you need perform the procedure as above, see Setting Smart Configure for server blade on page 2-82 and Enabling N+M cold standby on page In SMP configuration, each server blade operates with the primary server blade settings. You need not to perform setting for non-primary server blades. Setting SAN Server blade in basic mode WWN is configured by SAN. The Optional Physical WWN is used for WWN. For confirmation of the Optional Physical WWN, see the following section. Server blade in LP mode WWN is configured by SAN. The virtual FC WWN is used for WWN. For confirmation of the virtual FC WWN, see the Hitachi Compute Blade 500 Series Logical partitioning manager User's Guide. Tip: Setting SAN is for the FC switch, LUN Manager, or something. For details, see the document of the FC switch, LUN Manager, or something. Setting server blade Server blade in basic mode To set the active server blade can be booted by SAN. Fibre Channel mezzanine card setting - The Fibre Channel mezzanine card BIOS is enabled and the boot priority is enabled. For details of setting procedure, see the document of the Fibre Channel mezzanine card. - The boot target LU is selected. For details of setting procedure, see the Hitachi Compute Blade 500 Series EFI User's Guide. CNA (iscsi) setting Functional detail 2-83

108 - Settings for iscsi, such as iscsi Target. For details, see the Hitachi Compute Blade 500 Series EFI User's Guide. UEFI setting Boot priority is set to enable boot from SAN. For details, see the Hitachi Compute Blade 500 Series EFI User's Guide. Server blade in LP mode To set the LPAR that is operated on LPAR manager of the active server blade can be booted by SAN. UEFI settings - To confirm the UEFI settings that necessary to start LPAR manager. For details, see the Hitachi Compute Blade 500 Series Server Blade Setup Guide. Pre-State Auto Activate settings - Pre-State Auto Activation is set Yes by LPAR manager screen for auto activating LPAR after the N+M cold standby failover. For details, see the Hitachi Compute Blade 500 Series Logical partitioning manager User's Guide. LPAR configuration - The necessary processor, memory, dedicated PCI device, and shared device (VNIC, shared FC) are assigned for LPAR. - The target LPAR is activated. For details, see the Hitachi Compute Blade 500 Series Logical partitioning manager User's Guide. Fibre Channel mezzanine card device settings (dedicated or shared) - To select EFI Shell from the UEFI menu of LPAR. The device settings shell (hfccfg) is called using drvcfg command from the shell prompt. - Boot function of HBA FC port that is connected to the boot target LU is set enabled. For details, see the document of Fibre Channel mezzanine card. Boot settings - To select Boot option maintenance menu from the UEFI menu of LPAR. The boot path and boot order are set, and then the boot is set possible by SAN. For details, see the Hitachi Compute Blade 500 Series Logical partitioning manager User's Guide. Note: When changing the LPAR configurations (processor, memory, and device assignment), you must perform [F9]: Save Configuration in the LPAR manager Menu screen. For details, see the Hitachi Compute Blade 500 Series Logical partitioning manager User's Guide Functional detail

109 Setting BSM Plus or HCSM The N+M cold standby function (selecting active/standby server blade) is set by BSM Plus or HCSM. This setting uses BSM Plus or HCSM. For details, see the document of BSM Plus or HCSM. For settings, confirm the followings in advance. The N+M cold standby function must be enabled. Both the active server blade and the standby server blade must be enabled for the N+M cold standby function. For the confirmation procedure, see Enabling N+M cold standby on page The active server blade must be booted by SAN in basic mode. The LPAR that is operated on LPAR manager of the active server blade must be booted by SAN in LP mode. (LPAR manager is supported by BSM Plus.) After prior confirmation, set the N+M cold standby using BSM Plus or HCSM. Note: When changing the LPAR configurations (processor, memory, and device assignment), you must perform [F9]: Save Configuration in the LPAR manager Menu screen. For details, see the Hitachi Compute Blade 500 Series Logical partitioning manager User's Guide. Testing N+M cold standby failover Before starting operation, the N+M cold standby failover test is run by operating the manual failover using BSM Plus, or by operating the test N+M cold standby using HCSM, or by issuing the failover test alert using management module console. Table 2-87 Web console operation Item Issuing the alert for N+M cold standby failover test (by BSM Plus) Issuing the alert for N+M cold standby failover test (by HCSM) Description Administration tab > SC/BSM (Action Menu) > Action button > Send Alert Administration tab > HCSM (Action Menu) > Action button > Send alert Note: When issuing the failover alert, the active server blade is turned off forcibly. In SMP configuration, issue the alert to the primary server blade. If the alert is issued to a non-primary server blade, N+M cold standby failover test will not be performed. Tip: For details of the N+M cold standby configuration and the N+M cold standby failover procedure, see the document of BSM Plus or HCSM. Functional detail 2-85

110 Changing configuration after N+M cold standby setting Server blade in basic mode When the UEFI configuration is changed by the management module Web console after the N+M cold standby configuration, the UEFI configuration is reflected during the next starting the UEFI. If the N+M cold standby failover is executed before reflecting the configuration, the previous starting UEFI configuration is inherited. Server blade in LP mode When changing the LPAR configurations (processor, memory, and device assignment), you must perform [F9]: Save Configuration in the LPAR manager Menu screen. If you do not perform the Save Configuration, the N +M cold standby failover may be failed due to difference between the actual LPAR manager configuration information and the LPAR manager configuration information in the management module. Changing CNA after configuring N+M cold standby When restoring iscsi setting is required after changing CNAs for configuration including CNA with iscsi for Personality, you need to change iscsi settings depending on the state of N+M cold standby as shown below. Table 2-88 iscsi settings after changing CNA Status Active server blade not yet switched by failover Standby server blade not yet switched by failover. Active server blade switched by failover Standby server blade switched by failover Setting value Restore the iscsi setting of the active server blade before changing CNA. Restore the iscsi setting of the standby server blade before changing CNA if iscsi is disconnected. Set the iscsi setting of the standby server blade before changing CNA if iscsi is disconnected. Set the iscsi setting of the active server blade before changing CNA. UPS connection setting for N+M cold standby setting When the N+M cold standby is recovered automatically after restarting power fail while connecting USP, the server blade need to be set the automatic power on configuration. Execute the following steps. 1. Set the automatic power on configuration in the active server blade after restarting power fail Functional detail

111 Table 2-89 Web console operation Item Setting "Power On" in the AC recovery of server blade Description Resources tab > Modules > All modules > Server Blade > Server Blade x > Settings tab > Edit Server Blade settings button The active server blade is set this configuration to turn on after restarting power fail. 2. Set to inhabit the automatic power on configuration in the server blade. Table 2-90 Web console operation Item Setting "Power Off" in the AC recovery of server blade Description Resources tab > Modules > All modules > Server Blade > Server Blade x > Settings tab > Edit Server Blade settings button Tip: The standby server blade is set to inhabit the automatic power on configuration. When the automatic power on configuration is not needed in the server blade while connecting USP, do not have to set this configuration. When the N+M cold standby function is enabled in Enabling N+M cold standby on page 2-82, the server blade may not be turned on automatically even if the automatic power on configuration is set enabled if the AC recovery configuration is not Power On in the server blade. In SMP configuration, each server blade operates with the primary server blade settings. You need not to perform setting for non-primary server blades. HA monitor linkage This section describes the linkage between management modules and the HA monitor. HA monitor overview The HA monitor enables a failover from one system (including the programs) to another to improve the reliability and capacity utilization of the system. The HA monitor ensures that, immediately after a failure occurs in the active server blade (active system) that is executing the business processing, the standby server blade (standby system) automatically takes over for the faulty server blade. This improves the reliability and capacity utilization of the system without the operators having to pay any particular attention to the system. Functional detail 2-87

112 A hot standby configuration that consists of the active system and the standby system as described above is called the system failover configuration. Tip: For details about the HA monitor, see the HA Monitor Cluster Software Guide. The management module supports the system failover processing that takes place if a failure occurs in the system by resetting the system when requested by the HA monitor. The management module also monitors the reset path to ensure that the system resets when a failure occurs. Setting up a system failover configuration In the HA monitor, each server blade is designated as the active or standby system. To prevent different system failover configurations from interfering with each other, assign a unique port number to each system failover configuration. For details about the setting items, see the Hitachi Compute Blade 500 Series Web Console User's Guide. Table 2-91 Web console operation Item Displaying/setting the HA monitor Operation Resources tab > Systems > HA Monitor > Server blade x > Edit The following figure shows an example of setting up a system failover configuration Functional detail

113 To set up a system failover configuration consisting of server chassis #1 and server chassis #2 from the Web console, set up as follows: Example of configuring the management module (server chassis #1) Example of configuring the management module (server chassis #2) Functional detail 2-89

114 Note: For LPARs running on a server blade in LP mode, to set the LPARs whose LPAR numbers are 31 or higher as objects of the system failover processing by the HA monitor, apply the management module firmware version A0235 or later. LDAP Server Linkage Overview This section describes authentication with LDAP servers. The system unit searches the LDAP directory on the LDAP server by using the Lightweight Directory Access Protocol (hereinafter called LDAP) to authenticate users. With this function, you can perform the following: Login to management modules and the server blades as a user registered with the LDAP directory. Group authentication that allows only the account belonging to a specific group in the LDAP directory to log in. The following module supports LDAP. Server blade (SMASH-CLP and WS-Management of BMC) Management module Management modules and server blades determine whether to allow a user to log in based on the user account information registered in each module and the user account information in the LDAP directory at user authentication. Adding user account information to the LDAP directory on the LDAP server allows all modules using the LDAP server to use the added user account information. Besides, it is not necessary to register user account information with each module. Also, the group information in the LDAP directory is looked up and only the user accounts belonging to the group are allowed to log in during user authentication. By using the group authentication function, you can construct an LDAP server linkage environment between management modules and server blades without drastically changing the already constructed LDAP directory. If the modules are not linked with an LDAP server, users can only use their account registered in each module to log into the module. If the modules are linked with an LDAP server, you can select either of the following two authentication methods: First, users are authenticated by using their accounts registered in each module. If the authentication fails, users are authenticated by using their accounts in the LDAP directory. Users are authenticated by using their accounts in the LDAP directory only Functional detail

115 Even if the modules are linked with an LDAP server, the former authentication method enables users to use their account registered in each module to log into the module. If the LDAP directory contains the account information that has the same name as each module, the former authentication method first uses the information registered in each module for authentication. If authentication that uses accounts registered in each module fails, accounts in the LDAP directory are used for authentication. A maximum of three LDAP servers can be registered. If you register multiple LDAP servers, the system tries to connect to the LDAP servers in the order they were registered. The system searches the LDAP directory on the server of which connection was established first, and tries to authenticate users. If the system fails to connect to all the registered LDAP servers, user authentication using the LDAP servers fails. Tip: For server blades, BMC tries to authenticate a user using the local account first. If the authentication fails, it tries to authenticate the user using the LDAP server. Supported LDAP server The system unit supports Active Directory, included with the following Windows Server, as the LDAP server with linkage. Microsoft Windows Server 2008 R2, Standard Microsoft Windows Server 2008 R2, Enterprise Microsoft Windows Server 2008, Standard Microsoft Windows Server 2008, Enterprise Microsoft Windows Server 2012, Standard Microsoft Windows Server 2012, Datacenter Active Directory Setting (Windows side setting) This section describes settings required when Active Directory is used as an LDAP server. The following table shows required setting items. Server certification Bind DN for the LDAP server Table 2-92 Active Directory setting items Item User account for logging in to management modules and to server blades Functional detail 2-91

116 Item Group that is allowed to login to the management module and server blade Server Certificate Because all communications between the system unit and LDAP servers are carried out over Secure Socket Layer (SSL) or Transport Layer Security (TLS), the server certificate must be registered for Active Directory to be used as an LDAP server. For details about how to register the server certificate, see the documentation of your Windows Server. Tip: There are two types of server certificates. One is self-signed certificate, and the other one is a certificate certified by an external certificate authority. You can use either of them for communication between Compute Blade 500 and Active Directory. Bind DN for the LDAP Server To search an LDAP directory at user authentication, you must connect to an LDAP server. There are two methods for connecting to an LDAP server as below. Perform either of the following methods: Connect to an LDAP server by using an LDAP bind DN and the password. Connect to an LDAP server as an anonymous user. Tip: We recommend to use an LDAP bind DN and the password. Registering a user account to use as a bind DN Register a user account to use as an LDAP bind DN with your Windows Server. For details about how to register user accounts, see the documentation of your Windows Server. You must grant the access permission for the LDAP directory to use when authenticating users to the user account to be used as the LDAP bind DN. Registering a user account as Anonymous Follow the procedure below to register an anonymous user. Tip: When registering a user for LDAP connection, skip this procedure. 1. Select Start > Run, enter mmc and click OK Functional detail

117 2. When the Microsoft Management Console (hereinafter called MMC) screen is displayed, select Menu > File > Add/Remove Snap-in. In the Add Standalone Snap-in screen, click the Add button. 3. Select ADSI Edit from Available standalone snap-ins:, click the Add button, and then click the Close button. Functional detail 2-93

118 4. When "ADSI Edit" is added to the Add Standalone Snap-in screen, click the OK button. Confirm that ADSI Edit is added to Console Root in the MMC screen. 5. Place and click the mouse on ADSI Edit in the MMC screen, and select Connect to. 6. Select Domain for the domain context of Active Directory to connect, and click the OK button Functional detail

119 7. Right-click ADSI Edit again, and select Connect to. 8. Select Configuration as Context, and click the OK button. 9. Place and right-click the mouse on \ADSI Edit\configuration \CN=Configuration\DC=domain base\cn-services\cn=windows NT\CN=Directory Service, and select properties. 10. Click dsheuristics, then the Edit button to set a value in the Properties screen. When the value is <Not Set>, type in the field. When a value is set, change the 7th figure from the left to 2. Do not change other figures. Functional detail 2-95

120 11. When setting is completed, click the OK button in the properties screen to apply the setting. The procedure above can allow you to register an anonymous user. Then select Management tools > Active Directory Users and Computers to give access to an anonymous user. Registering the User Account for Logging in to the Management Module and the Server Blade In Management Tools > Active Directory Users and Computers, register the user account for the LDAP directory. For details about how to register user accounts, see the documentation of your Windows server. This section describes the limitations for user names and passwords to be registered and the procedure for granting role information to be used after logging in to management modules or BMC Functional detail

121 User name The following characters and the number of characters are available for user names. Table 2-93 User name Number of characters Item Available characters for the head of a name Available characters for from the second to the end of a name Description From 1 to 32 characters [A-Z] [a-z] [A-Z] [a-z] [0-9], "-" (hyphen), "_" (underscore), "." (period) Password The following characters and the number of characters are available for passwords. Table 2-94 Password Item Number of characters Available characters From 1 to 32 characters Description Printable characters in ASCII (0x20-0x7e) Tip: The complexity of passwords depends on the security policy of your Windows server. Granting Role Information By granting role information to a user account registered with the LDAP directory, you can set the range of operations to be performed after the login. Tip: If you do not grant role information, operations you can perform after the login are minimized. Follow the procedure below to assign role information. 1. Select Start > Run, type mmc and click OK. Functional detail 2-97

122 2. When the Microsoft Management Console (MMC) screen is displayed, select Menu > File > Add/Remove Snap-in. In the Add Standalone Snap-in screen, click the Add button. 3. Select ADSI Edit from Available standalone snap-ins:, click the Add button, and then click Close Functional detail

123 4. When "ADSI Edit" is added to the Add Standalone Snap-in screen, click the OK button. Confirm that ADSI Edit is added to Console Root in the MMC screen. 5. Place and click the mouse on [ADSI Edit] in the MMC screen, and select Connect to. 6. Select Domain for the domain context of Active Directory to connect, and click the OK button. Functional detail 2-99

124 7. Open the ADSI Edit tree, and right-click a user account to give roles on the LDAP directory to open Properties. 8. A list of attributes assigned to the user account is displayed. 9. Select an attribute with "Unicode String" for Syntax and with "<Not Set>" for Value, and click Edit. 10. Set roles for server blades and management modules. Enter roles for server blades with the following character string. Note: This setting is effective for server blade (BMC) which support authentication with LDAP servers. For details about Resources > Server blade > BMC tab, see the Hitachi Compute Blade 500 Series Web Console User's Guide. Enter roles for management modules with the following character string Functional detail

125 When using the same attribute for roles for the server blades and management module, insert a space between the two character strings as the following example. Ex: ServerBladeRole= ManagementModuleRole=Administrators 11. After setting roles, click OK. 12. When the screen returns to Properties, click OK. The procedure above completes the role setting for users to log in to server blades and management modules. Registering Groups Register the group to use for group authentication. Tip: If you do not use group authentication, this setting is not required. Open Management Tools > Active Directory Users and Computers, create a group you allow login to server blades and a group you allow login to management modules in the LDAP directory. After you create the groups, register user accounts you allow login with each group. For details about how to create groups and how to register user accounts with groups, see the documentation of your Windows Server. Settings for Server Blades and Management Modules Server blade settings This subsection describes BMC settings for LDAP authentication. LDAP server settings Use: Enable or Disable LDAP authentication. The factory default setting is Disable. When enabled, the server blade BMC uses LDAP servers for user authentication. User authentication method: Specify how LDAP and BMC local user accounts are used at user authentication. LDAP server1/ LDAP server2/ldap server3: Up to three LDAP servers can be specified using IP address or FQDN. The server blade BMC uses LDAP (StartTLS) to connect to LDAP server and destination port number is 389. Connection settings TLS version: Specify TLS version used for connecting to LDAP server. Functional detail 2-101

126 Anonymous Bind/Bind DN/Bind password Specify a DN and password used for bind to LDAP server. You must set them according to the settings you specified in Active Directory Setting on page Directory search settings Base DN: Specify a DN used as root of directory search. Login ID attribute: Specify an attribute of user entry used as login ID. If empty string is specified, samaccountname is used. Role attribute: Specify an attribute of user entry used for granting the role in Granting Role Information on page If an empty string is specified, BMC considers that users have no role. Group authentication settings. Authentication method: Select "Static group" to perform group authentication. Group DN1/Group DN2/Group DN3/Group DN4/Group DN5 Specify a DN of group entry. When Authentication method is "Static group", the server blade BMC only allows the group members to log in to BMC. Table 2-95 Web console operation Item Displaying/setting LDAP server settings Description Server Blade x > BMC tab > Edit > LDAP For details about Resources > Server blade > BMC tab > LDAP items, see the Hitachi Compute Blade 500 Series Web Console User's Guide. Management module settings This section describes settings for connecting management modules to LDAP servers. LDAP server linkage setting LDAP server linkage can be selected enable/disable. The factory default setting is disabled. When LDAP server linkage setting is enabled, the management module searches the LDAP directory on the LDAP server at user authentication. Authentication method For detail about the authentication method with LDAP linkage, see Overview. LDAP servers registration The maximum of three LDAP servers can be registered. LDAP servers can be specified by using either their IP addresses or host names. LDAP server connection setting Functional detail

127 For details about setting items, see the Hitachi Compute Blade 500 Series Web Console User's Guide or Hitachi Compute Blade 500 Series CLI Console User's Guide. Port Number Bind DN/Bind Password You must set the method according to the settings you specified during user registration for LDAP connection. See Active Directory Setting on page 2-91 for details. Searching LDAP directory setting Set the necessary information for the LDAP directory searching. For details about setting items, see the Hitachi Compute Blade 500 Series Web Console User's Guide or Hitachi Compute Blade 500 Series CLI Console User's Guide. Base DN Attribute Indicating Login IDs Attribute Indicating Roles If you grant a role to the user account for logging in to a management module and BMC during the operation described in "Granting Role Information", specify the attribute used for granting the role. Number of inquiry times For the number of the inquiry times item, set the number of times in which LDAP servers are traced based on the referral information and inquired (such as searched) if an LDAP server refers to other LDAP servers in order to achieve the method that divides and manages the LDAP directory by using multiple LDAP servers. If you set this setting to 0, each module does not trace the referred LDAP server even if an LDAP server refers to another LDAP server. Group authentication setting Set the following information for group authentication. If you do not specify group settings during the operation described in "Registering Groups" you do not need to perform this operation. For details about setting items, see the Hitachi Compute Blade 500 Series Web Console User's Guide or Hitachi Compute Blade 500 Series CLI Console User's Guide. Group authentication method If group authentication is not used, an account registered in each module or in the LDAP directory is used for user authentication according to the authentication method setting used when LDAP linkage is enabled if the module is set to link with an LDAP server. If you use group authentication, you can select either of the following two group authentication methods: - Static group authentication method - Dynamic group authentication method The former authentication method performs authentication by checking whether the user account to be authenticated belongs to the DN of the group that is allowed to log in that is described later. The Functional detail 2-103

128 latter authentication method performs authentication by checking whether the user account to be authenticated is included among all user accounts that satisfy the conditions set for the search filter that are described later. Attribute Indicating Groups Tip: You do not need to specify attribute if the LDAP directory you are using is able to determine that an account belongs to the group DN or not by "tokengroups" attribute or "gidnumber" attribute. DN Whose Login is Allowed Specify the group DN created in "Registering Groups". Role of the group DN Search DN for the dynamic group Search filter for the dynamic group Role of the dynamic group Table 2-96 Web console operation Item Displaying/setting LDAP server linkage Description Administration tab > LDAP Table 2-97 CLI console operation Item Displaying LDAP server linkage setting Registering/changing LDAP server Initialize LDAP server linkage setting Setting LDAP directory searching Setting group authentication Operation show user ldap set user ldap server clear user ldap set user ldap search set user ldap group RADIUS authentication Overview This section describes RADIUS authentication in management modules. In this system unit, users can be authenticated by using Remote Authentication Dial In User Service (hereafter referred to as RADIUS). In RADIUS authentication, RADIUS servers determine whether a user can log in at user authentication. By adding user account information to the RADIUS servers, you can then use the added user account to log in to any module that uses RADIUS authentication, without having to register user account information to each module Functional detail

129 For RADIUS authentication, the following two authentication methods are available: Management modules perform user authentication by using the user accounts registered to each module. If authentication fails, user authentication is performed by using RADIUS servers. User authentication is performed only by using RADIUS servers. You can register a maximum of three RADIUS servers. If you register multiple RADIUS servers, during user authentication, the management module will connect to the RADIUS servers in the order in which they were registered. The management module then performs user authentication with the first RADIUS server to which a connection is successfully established. If the management module cannot connect to any of the registered RADIUS servers, user authentication fails. Supported RADIUS servers This system unit supports RADIUS authentication that uses FreeRADIUS or Network Policy Server for the following versions of Windows Server: Windows Server 2012 R2 Standard Windows Server 2012 R2 Datacenter Windows Server 2008 R2 Standard Windows Server 2008 R2 Enterprise Windows Server 2008 Standard Windows Server 2008 Enterprise Settings for RADIUS servers To use RADIUS authentication, you need to register management modules as RADIUS clients in advance. For details on how to register RADIUS clients, see the RADIUS servers documents. Settings for management modules To use RADIUS authentication, specify the settings below for the management modules. For details about these settings, see the Hitachi Compute Blade 500 Series Web Console User's Guide. RADIUS authentication setting You can specify whether to perform RADIUS authentication. When the system unit is shipped, RADIUS authentication is disabled. If you enable this setting, the management module will use RADIUS authentication for user authentication. Functional detail 2-105

130 Note: LDAP linkage and RADIUS authentication cannot be used at the same time. If you want to use RADIUS authentication, disable the LDAP linkage settings. User authentication method when RADIUS authentication is enabled For details on the authentication methods for RADIUS authentication, see Overview on page Roles of RADIUS authentication users You can set the role that is to be assigned to users who log in by using RADIUS authentication. Registration of RADIUS servers You can register a maximum of three RADIUS servers. Specify the following information for each RADIUS server to be registered: Server name You can specify either an IP address (IPv4/IPv6) or a host name. Shared secret This is the password that is to be shared by the RADIUS server and the management modules. You must specify the same value as the RADIUS server. We recommend that you use a complicated password consisting of 32 or more alphanumeric characters. Authentication method This is the authentication method to be used for RADIUS authentication. You can select PAP, CHAP, or MS-CHAPv2. Port number Specify the port number to be used to communicate with RADIUS servers. The management module will attempt to connect to the specified port number. Timeout time During communication with the RADIUS server, if the RADIUS server does not respond within the specified time, the communication attempt is determined to be a failure. If a value is specified for the number of resends, resend is performed. Number of resends This specifies the number of times that resend is to be performed when communication with the RADIUS server times out. If the RADIUS server still does not respond, the management module tries to communicate with the next RADIUS server in the registered order. If communication with all of the registered RADIUS servers fails, user authentication fails Functional detail

131 Checking RADIUS server connection You can check the connection to RADIUS servers. For details about operations, see the Hitachi Compute Blade 500 Series Web Console User's Guide. The management module authenticates users by using the RADIUS servers specified during RADIUS server registration, and then displays the authentication result. To check the connection, you need to specify a user account and password. Digital Certificates for Web Console Overview This section describes digital certificates for the Web console. You can use the following functions using a digital certificate. "Certificate signed by an external certificate authority (CA)" or "Self-signed Certificate" can be used. Authenticating the management module When you use the Web Console, the management module provides the digital certificate. You can verify the management module by checking the CA that has signed on the digital certificate. Encrypting communication between the Web browser and the management module You can encrypt communication when using the Web console, which prevents communication from tapping and tampering. Authenticating BMC When you use the Web Console or the Remote Console, BMC provides the digital certificate. You can verify BMC by checking the CA that has signed on the digital certificate. Encrypting communication between the Web browser and BMC, or the Remote Console to BMC You can encrypt communication when using the Web console or the Remote Console, which prevents communication from tapping and tampering. Digital Certificate Specifications The following table shows digital certificate specifications for the Web console. Table 2-98 Digital Certificate Specifications Item Operation Public key algorithm, bit- length RSA (2048 bits) Functional detail 2-107

132 Item Operation Importable certificate format Certificate format in downloading Executable CSR format PEM PEM PEM Subjects of the target to issue a certificate See the Hitachi Compute Blade 500 Series Web Console User's Guide. Procedures to Use Digital Certificates (Creating a Self-signed Digital Certificate) The following flow chart shows from creating a self-signed digital certificate to using the digital certificate. Download digital certificate to client PC Self-signed Digital Certificate is already created for the management module and the server blade at the factory. Download the digital certificate to a client PC. About the procedure to download the digital certificate to the Web browser, see the Web browser "Help". Import digital certificate to Web browser Import the digital certificate downloaded in step 1 to a Web browser of you client. About the procedure to import it to the Web browser, see the Web browser "Help". Connect to Web console using HTTPS Connect to the Web console using HTTPS. Encryption function of communication is available. Procedures to Use Digital Certificates (Importing a Digital Certificate Signed by a Certificate Authority) The following flow chart shows from importing a digital certificate with a certificate authority to using the digital certificate Functional detail

133 Create certificate signing request (CSR) Create a certificate signing request (CSR) by the Web console. For entered items for creating CSR, see Digital Certificate Specifications on page Submit CSR to certificate authority; obtain digital certificate with signature Submit the created CSR to a certificate authority to obtain the singed digital certificate. Import digital certificate to Web console Import the digital certificate downloaded in step 2 to a Web browser. Confirm that the certificate information displayed is the same as the certificate information you have obtained, and then perform import the digital certificate. If you fail to import the digital certificate, go back to step 1. Then import the certificate once more. Connect to Web console using HTTPS Connect to the Web console using HTTPS. Encryption function of communication is available. To enable the management module authentication, the root certificate of CA must have been imported to the Web browser of client PC. About the operation to check it, access the Web browser "Help" or ask the CA. Note: Use a character code other than utf-8 for a digital certificate to import to the management module. If with utf-8, some pieces of information may not be displayed after the digital certificate is imported. Table 2-99 Web console operation Management module Item Creating CSR Importing certificate Operation Administration tab > Certificate Administration tab > Certificate Functional detail 2-109

134 Item Operation BMC Creating CSR Resources tab > Modules > All modules > Server Blade > Server Blade x > BMC tab > Edit > Edit certificate Importing certificate Resources tab > Modules > All modules > Server Blade > Server Blade x > BMC tab > Edit > Edit certificate LPAR manager cooperation function This topic describes the procedures enabling LPAR manager usage. The following procedure sets the parameters for LPAR manager installation, configuration, and operation. Confirm the following settings before operating the functions explained in this section. Setting an IP address to a server blade Cable connecting to the System unit Setting the EFI For the settings above, see the Hitachi Compute Blade 500 Series Server Blade Setup Guide. For the functional list of Web console and HVM Navigator, see the following table. Perform the functions which are not supported on Web console on HVM Navigator. Table Functional List of Web console and HVM Navigator Function Web console HVM Navigator V02-04 or later Initializing LPAR manager Y - Synchronizing LPAR manager System Time with NTP server - Y Selecting LPAR manager firmware Y - Confirming virtual WWN Y 1 Y Confirming virtual MAC address Y Y Turning on server blade Y 1 - Configuring LPAR Y 2 Y Adding LPAR Y 2 Y Setting number of processors assigned to LPAR Y 2 Y Functional detail

135 Function Web console HVM Navigator V02-04 or later Setting memory size assigned to LPAR Y 2 Y Setting shared NIC ports assigned to LAPR Y 2 Y Setting FC HBA ports assigned to LPAR Y 2 Y Setting boot device Y 3 Y Assigning a USB device to LPAR Y 2 Y Saving LPAR manager configuration information Y Y Assigning USB device to existing LPAR Y Y Setting LPAR boot order Y Y Opening remote console Y Y Activating LPAR Y Y Reactivating LPAR Y Y Deactivating LPAR Y Y Removing LPAR Y Y Rebooting LPAR manager Y Y Shutting down LPAR manager Y Y Backing up LPAR manager configuration information Restoring LPAR manager configuration information Y - Y - Initializing LPAR manager configuration Y - Upgrading LPAR manager model 4 Y - Updating LPAR manager firmware Y - Downgrading LPAR manager version Y 5 - Downgrading LPAR manager revision Y 5 - Opening LPAR manager screen - Y Opening Web console - Y Opening HVM Navigator - - Monitoring LPAR manager performance data Displaying configuration lists and diagrams - Y - Y Performing migration - Y Collecting LP dump logs with LPAR manager in operation Y Y Functional detail 2-111

136 Function Web console HVM Navigator V02-04 or later Saving LPAR manager dump 6 Y Y 7 Outputting LPAR manager dump from the Y - management module 8, 9 Legend: Y: Available -: Not supported Notes: 1. Only Default Physical WWNs are displayed. 2. A part of settings in the function is supported. 3. Only the setting of Boot Function is supported. 4. It is necessary that LPAR manager License Key is prepared. 5. Available. However, Hitachi cannot guarantee that handing over the LPAR manager configuration information. Operate the procedure of Restoring LPAR manager configuration information on page and Updating LPAR manager firmware on page It can be also available on LPAR manager screen. 7. It can be available by following the direction of a maintenance agent. 8. It can be also available on CLI console. 9. For details, see Log on page For the detail about the functions supported by HVM Navigator, see the HVM Navigator User's Guide. Note: When revert the previous version by downgrading LPAR manager version or downgrading LPAR manager revision, restore the LPAR manager configuration information that was backed up while using the previous LPAR manager firmware. The contents displayed on Web console are not refreshed automatically. It is necessary that Refresh is clicked whenever shutting down LPAR managers by operating Web console or changing LPAR manager/lpar configurations on another console. If Refresh is not clicked, the values of parameters displayed on the screen will be different from the real values. Tip: [Management module firmware version A0205 or later] When LPAR manager supports encrypted communication, control communication between the management module and LPAR manager is encrypted. Tip: Some features of the Web console can be executed only if the firmware version requirements for management modules, server blades, and other hardware are satisfied Functional detail

137 Initializing LPAR manager Perform the following procedure for Initializing LPAR manager. If the management module firmware version is A023X or earlier: 1. Click Resources. 2. Click All Modules > Right pointing triangle to All Modules then Server Blades > target server blade. Functional detail 2-113

138 3. Click Settings in lower right Blade pane. 4. Click Show LP settings Functional detail

139 5. Click Edit settings. 6. Click the Enabled radio button in Logical Partitioning. Functional detail 2-115

140 7. Enter IP Address, Subnet Mask, Default Gateway, VNIC System No, and Time Zone. It is recommended that LP ID should be also entered although it is optional. Note: Do not set the IP address set for management module or BMC for LP IP address. If the IP address for management module is set for LP IP address, web console would not start. In addition, if the IP address for BMC is set for LP IP address, remote console would not start. VNIC System No. is used for creating MAC address to prevent the duplication of MAC address between shared NIC and virtual NIC. Set a unique number for all LPAR manager system, including Compute Blade Series. [Management module firmware version A0135 or earlier] Specify from 1 to 128. [Management module firmware version A0145 or later] Specify 1 or larger. The maximum value depends on the LP firmware version. [No LPAR manager firmware assigned to the server blade] Specify from 1 to 128. Set IP Address and Default Gateway for LPAR manager and the management module in the same network. If they are set in different networks, LPAR manager may fail to start up or a communication error may occur after the startup. When not using Default Gateway, set as If the field is blank, LPAR manager may fail to start up Functional detail

141 8. Click Confirm. Functional detail 2-117

142 9. Click OK. LP Settings dialog box is displayed. If the management module firmware version is A0240 or later: 1. Click Resources Functional detail

143 2. Click All Modules > Right pointing triangle to All Modules then Server Blades > target server blade. 3. In the panel of the selected server blade, select the [LPAR Manager] tab. Functional detail 2-119

144 Click the [Edit] button and then select [Edit system settings]. 5. For [Logical partitioning], select the [Enabled] radio button. Then, enter an [IP address], [Subnet mask], [Default gateway], [VNIC system No.], and [Time zone]. We recommend that you enter an [LP ID], although doing so is optional. Functional detail

145 Note that, for management module firmware version A0245 or later, you can set a NIC to be used as a management path and port. If the management NIC is not specified, 1a/1b is used as the management path. Note: A VNIC system number is used to create a MAC address, to prevent the MAC addresses of shared NICs and virtual NICs from overlapping. Set a unique number for every LPAR Manager system, including Compute Blade Series. For the VNIC system number, specify a value of 1 or higher. The maximum value varies depending on the LPAR Manager firmware version. You must enter an IP address that does not overlap with IP addresses of management modules and server blades. If you specify an IP address that already exists, LPAR Manager will be unable to connect to the Web console or remote console. Specify an IP address and default gateway so that LPAR Manager and the management module are in the same network. If you specify LPAR Manager and the management module so that they are in different networks, LPAR Manager might fail to start up, or a communication error might occur after startup. When not using the default gateway, enter If the field is blank, LPAR Manager might fail to start up. NICs that can be specified as a management path are the NICs for which shared mode is supported by LPAR Manager. Other NICs are not displayed as options. To change the configuration of LPAR Manager while it is running, for the NIC used for the management path, change the scheduling mode to shared mode. If you specify a NIC that is in dedicated mode, the Functional detail 2-121

146 next time LPAR Manager starts, the scheduling mode changes to shared mode. If the NIC is assigned to an LPAR, the NIC is unassigned from the LPAR. In such a case, LPAR Manager will run in safe mode, and you will not be able to save LPAR settings or to activate the LPAR. Make sure the NIC specified as the managent path is correct, check and, if necessary, revise the scheduling mode of the NIC and the NIC assignment, and then turn off safe mode. 6. Click the [Confirm] button. 7. Click the [OK] button. Initializing LPAR manager finishes. Go to next procedure Selecting LPAR manager firmware on page Selecting LPAR manager firmware Perform the following procedure for selecting LPAR manager firmware Functional detail

147 Note: For CB 520A A1 server blade, assign the LPAR manager firmware version or later. If assign the LPAR manager firmware version 01-0x, the server blade does not operate properly. Note: When assigning LPAR manager firmware to a server blade in SMP configuration, assign the firmware to the primary server blade. Tip: For A0240 and later versions of management module firmware, perform this operation by using the [LPAR Manager] tab. For details, see the Hitachi Compute Blade 500 Series Web Console User's Guide. 1. Click Resources. 2. Click All Modules > Right pointing triangle to All Modules then Server Blades > target server blade. Functional detail 2-123

148 3. Click Settings in lower right Blade pane. 4. Click Show LP settings in the bottom Functional detail

149 5. Click Assign firmware to Server Blade in LP Settings dialog box. Functional detail 2-125

150 6. Select LPAR manager firmware in LP firmware version, and then click Next. Tip: It is recommended that LPAR manager configuration information is backed up before changing LPAR manager firmware assigned to a server blade. When LPAR manager configuration information is backed up before this change, it can be recovered if there are failures or errors occurring on the LPAR manager firmware after the change. However, when LPAR manager configuration information is not backed up before this change, it cannot be recovered. When LPAR manager configuration information is backed up, move onto Step 4. However, when LPAR manager configuration information is not backed up, move onto Step Click Backup. 8. Click Backup Functional detail

151 Tip: For the procedure to save a file, follow the operating procedure for OS. 9. Click Confirm. 10. Click OK. Functional detail 2-127

152 11. Click Close in most upper right of LP Settings dialog box to close the dialog box. Confirming virtual WWN Confirm virtual WWN before LPAR configuration. When you perform LPAR migration, virtual WWN is also migrated. Perform the following procedure for confirming virtual WWN. 1. Click Resources > Systems > WWN Management Functional detail

153 2. Click target sever blade in WWN management pane, and then click Virtual WWN in Show details. 3. Confirm the virtual WWNs, and then click close. Functional detail 2-129

154 Tip: When you export the data to CSV file, click Export to CSV. Confirming virtual MAC address Confirm virtual MAC address before LPAR configuration. When you perform LPAR migration, virtual MAC address is also migrated. Perform the following procedure for confirming virtual MAC address. 1. Click Resources > Systems > MAC Management. 2. Click target sever blade in MAC management pane, and then click Virtual MAC in Show details Functional detail

155 3. Confirm the virtual MAC addresses, and then click close. Tip: When you export the data to CSV file, click Export to CSV. Functional detail 2-131

156 Turning on server blade Perform the following procedure for turning on server blade. It takes about 10 to 15 minutes for a server blade to boot. The booting time depends on the configuration of each server blade. 1. Click Resources. 2. Click Modules > Right pointing triangle to All Modules then Server Blades > target server blade Functional detail

157 3. Click Condition in lower right Blade pane. 4. Click Power ON. Functional detail 2-133

158 5. Click OK. 6. Click Refresh after booting the server blade Functional detail

159 Configuring LPAR Note: When Refresh is clicked after the command shutting down a server blade is executed, a message showing that an LPAR manager is booting is displayed until the completion of booting the server blade. (When Refresh is not clicked, the contents displayed on the screen are not changed.) However, when Refresh is clicked immediately after the command shutting down a server blade is executed, any of the following messages is shown. Message showing that retrieving the data for the state of LPAR manager failed Message showing that LPAR manager is being shut down In this case, click Refresh after a while. Perform the following procedure for configuring LPAR. When logical partitioning is Enabled and a server blade is turned on, an LPAR can be created. 1. Click Resources. Functional detail 2-135

160 2. Click Modules > Right pointing triangle to All Modules then Server Blades > target server blade. 3. Click LPAR in lower right Blade pane Functional detail

161 4. Click Add LPAR. 5. Enter LPAR name in Name box, number of processers in Processor box, dedicating memory size in Memory box, and click appropriate processor scheduling mode, Shared or Dedicated radio button. (The limit number of assignable processors is 64 and the limit size of assignable memory is Functional detail 2-137

162 (the memory size installed on a server blade - the memory size used by LPAR manager) GB.) Tip: "LPARX_xx."(X: LPAR number, xx: VNIC System Number) is set for LPAR name as a default value. 6. Click Set Port in HBA pane Functional detail

163 7. Click check boxes in Assign column to assign ports, and then click OK. (The limit number of assignable ports is the number of ports installed on a server blade.) 8. Click Set Port in NIC pane. Functional detail 2-139

164 9. Click check boxes in Assign column to assign port (segment)s, and then click OK. (The limit number of assignable port (segment)s of shared NIC is 16 and the limit number of assignable port (segment)s of virtual NIC is 4.) For Management module firmware version A0200 or earlier, jump to step 13. For Management module firmware version A0205 or later, go on to step Functional detail

165 10. On Add LPAR dialog box, click Set Port in USB pane. 11. Set USB port dialog box appears. Click check boxes in Assign column to assign port, and then click Confirm. The maximum number of ports is the same as the number of onboard ports. 12. To change Boot Mode, select a mode to use from Boot Mode pull-down list in Advanced Option area. 13. Click Confirm. Functional detail 2-141

166 14. Click OK Functional detail

167 Saving LPAR manager configuration information Perform the following procedure for saving LPAR manager configuration information. When a server blade is turned on, LPAR manager configuration information can be saved. 1. Click Resources. 2. Click Modules > Right pointing triangle to All Modules then Server Blades > target server blade. Functional detail 2-143

168 3. Click LPAR in lower right Blade pane. 4. Click Save settings in bottom right Action box Functional detail

169 5. Click OK. 6. Click Close. Assigning USB device to existing LPAR Management firmware version A0205 or later This section describes how to assign a USB device to an existing LPAR. USB devices can be assigned to and edited on a deactivated LPAR. Functional detail 2-145

170 1. Click Resources tab on the Web console. 2. Click a server blade number from the Modules tree. 3. Click LPAR tab from Server Blade n Information pane. 4. Click an LPAR to assign the USB device, and click Edit USB Assign from Action menu. 5. Set USB port dialog box appears. Click check boxes in Assign column to assign the port, and then click Confirm. When multiple ports exist, the port used for calling the remote console is displayed as USB/KVM. 6. The confirmation dialog box appears. Check the setting and click OK Functional detail

171 Setting LPAR boot order [Management module firmware version A0125 or later] Perform the following procedure for setting boot order to set up a guest OS on LPAR. When LPAR status is DEACT, you can set and change the boot order. The following table shows the combinations of server blades and LPAR manager firmware versions for which this operation can be performed. Server blade CB 520H A1/B1 CB 520H B2 CB 520H B3 CB 520A A1 CB 540A A1/B1 CB 520X B1 CB 520X B2 LPAR manager firmware version 01-0X or later 01-6X or later or later 01-1X or later 01-2X or later or later 02-1X or later Boot order settings Boot order cannot be set on Management module firmware version A0120 or earlier. For details, see the Hitachi Compute Blade 500 Series Logical partitioning manager User's Guide. 1. Click Resources. Functional detail 2-147

172 2. Click Modules > Right pointing triangle to All Modules then Server Blades > target server blade. 3. Click LPAR in lower right Blade pane Functional detail

173 4. Select the target LPAR in the LPAR tab, and then click the LPAR name. 5. Confirm the LPAR setting, and click Boot order settings. Functional detail 2-149

174 6. Click OK. 7. Boot order settings window is displayed Functional detail

175 8. Select the added device in USB tab, click Add to boot order. When the necessary device is not displayed, to be recognized the necessary device as follow the procedure of Connecting to virtual drive on page Tip: [Management module firmware version A0205 or later] When multiple USB ports are assigned to an LPAR, a single port is displayed. 9. Select the added device in HBA tab, click Add to boot order. When the necessary device is not displayed, to be recognized the necessary device as follow the procedure of HBA boot driver settings. Functional detail 2-151

176 Tip: If the boot mode is UEFI mode, you do not need to add an HBA device because the device is automatically added to the boot order when the OS is installed. 10. Change the boot order using Move selection up and Move selection down as follows, and click Confirm. When the boot mode is Legacy mode: LU CD/DVD-KVM EFI-SHELL When the boot mode is UEFI mode: CD/DVD-KVM EFI-SHELL Functional detail

177 11. Click OK. 12. Click Cancel. Functional detail 2-153

178 13. Click Close. Connecting to virtual drive When the necessary device is not displayed in USB tab, need to connect the necessary device using the virtual media function of remote console. Connect to the virtual drive as following procedure to recognize the necessary device. 1. Select USB tab in Boot order settings window Functional detail

179 2. Select the USB device, and click Start remote console. 3. Click OK. Functional detail 2-155

180 4. The remote console is displayed. 5. Click Tools > Launch Virtual Media in the remote console menu Functional detail

181 6. Virtual Media Session window is displayed. 7. Check the Mapped of CD/DVD drive or the Mapped of image file which are used as a boot device. Note: Do not exit the window using Exit button or x button of virtual media console while using the virtual drive. Do not exit the remote console. If exit the virtual media console window or remote console, the virtual media session is closed and all drives are disconnected from the server blade. Therefore, the drive is not recognized. Functional detail 2-157

182 Tip: For details of the remote console and the virtual media console, see the Hitachi Compute Blade 500 Series Remote Console User's Guide. 8. Confirm the following message is displayed in the boot order window, click OK. 9. The virtual drive as boot device is added in the USB device. HBA boot driver settings When the necessary device is not displayed in HBA tab, confirm the HBA boot driver settings as following procedure and perform the necessary settings. 1. Select HBA tab in Boot order settings window. 2. Select HBA port, and click HBA boot settings Functional detail

183 3. HBA boot settings window is displayed. 4. Select Enabled radio button of Boot Function. Functional detail 2-159

184 5. Select Enabled radio button of Select Boot Device Functional detail

185 6. Enter WWN of the target external disk array unit port in WWN combo box of Boot Device List. Enter LU number of the target external disk array unit port in LUN text box. Tip: For details about settings, see the Hitachi Gigabit Fibre Channel Adapter User's Guide (BIOS/EFI Edition). 7. Click Confirm. Functional detail 2-161

186 8. Click OK. 9. Click OK Functional detail

187 Activating LPAR 10. The device is added in the HBA port. Perform the following procedure for activating LPAR. 1. Click Resources. 2. Click Modules > Right pointing triangle to All Modules then Server Blades > target server blade. Functional detail 2-163

188 3. Click LPAR in lower right Blade pane. 4. Click the LPAR to activate in lower right Blade pane, and then click Activate Functional detail

189 5. Click OK. Opening remote console Perform the following procedure for opening remote console. 1. Click Resources. Functional detail 2-165

190 2. Click Modules > Right pointing triangle to All Modules then Server Blades > target server blade. 3. Click LPAR in lower right Blade pane Functional detail

191 4. Select the LPAR in lower right Blade pane, and then click Start remote console. Functional detail 2-167

192 Tip: When the management module firmware version is A0125 or earlier, Start R-KVM console is displayed. 5. Click OK. Reactivating LPAR Then the remote console window will be displayed. Perform the following procedure for reactivating LPAR. When an LPAR is reactivated, a guest OS operating on the LPAR is rebooted forcibly. So, be sure to confirm the state of the guest OS before reactivating an LPAR. On the other hand, when a guest OS is rebooted properly, execute the operation for reboot on the guest OS. 1. Click Resources Functional detail

193 2. Click Modules > Right pointing triangle to All Modules then Server Blades > target server blade. 3. Click LPAR in lower right Blade pane. Functional detail 2-169

194 4. Click the LPAR to reactivate in lower right Blade pane, and then click Reactivate in Action in the bottom. 5. Click OK Functional detail

195 Deactivating LPAR Perform the following procedure for deactivating LPAR. When an LPAR is deactivated, a guest OS operating on the LPAR is shut down forcibly. So, be sure to confirm the state of the guest OS before deactivating an LPAR. On the other hand, when a guest OS is shut down properly, execute the operation for shutdown on the guest OS. 1. Click Resources. 2. Click Modules > Right pointing triangle to All Modules then Server Blades > target server blade. Functional detail 2-171

196 3. Click LPAR in lower right Blade pane. 4. Click the LPAR to deactivate in lower right Blade pane, and then click Deactivate in Action in the bottom Functional detail

197 5. Click OK. Changing LPAR configuration Perform the following procedure for changing LPAR configuration. When an LPAR is deactivated, LPAR configuration can be changed. 1. Click Resources. Functional detail 2-173

198 2. Click Modules > Right pointing triangle to All Modules then Server Blades > target server blade. 3. Click LPAR in lower right Blade pane Functional detail

199 4. Click Name of target LPAR in lower right Blade pane. 5. Confirm the settings, and then click Modify LPAR. Functional detail 2-175

200 Modify LPAR dialog box is displayed. For the following procedure, see Configuring LPAR on page Tip: Save the LPAR manager configuration information after completing LPAR settings Functional detail

201 Removing LPAR For more detail about procedure for saving LPAR manager configuration information, see Saving LPAR manager configuration information on page Perform the following procedure for removing LPAR. When an LPAR is deactivated, the LPAR can be removed. 1. Click Resources. 2. Click Modules > Right pointing triangle to All Modules then Server Blades > target server blade. Functional detail 2-177

202 3. Click LPAR in lower right Blade pane. 4. Click the LPAR to remove in lower right Blade pane, and then click Remove LPAR in Action in the bottom Functional detail

203 5. Click OK. Rebooting LPAR manager Perform the following procedure for rebooting LPAR manager. When all LPARs on an LPAR manager are deactivated, the LPAR manager can be rebooted. 1. Click Resources. Functional detail 2-179

204 2. Click Modules > Right pointing triangle to All Modules then Server Blades > target server blade. 3. Click LPAR in lower right Blade pane Functional detail

205 4. Click Reboot LP in Action in the bottom. 5. Click OK. Functional detail 2-181

206 Shutting down LPAR manager Perform the following procedure for shutting down LPAR manager. When all LPARs on an LPAR manager are deactivated, the LPAR manager can be shut down. 1. Click Resources. 2. Click Modules > Right pointing triangle to All Modules then Server Blades > target server blade Functional detail

207 3. Click LPAR in lower right Blade pane. 4. Click Shutdown LP in Action in the bottom. Functional detail 2-183

208 5. Click OK. 6. Click Save. 7. Click OK Functional detail

209 8. Click Close. 9. Click Shut down LP. 10. Click Close. Backing up LPAR manager configuration information Perform the following procedure for backing up LPAR manager configuration information. 1. Click Resources. Functional detail 2-185

210 2. Click Modules > Right pointing triangle to All Modules then Server Blades > target server blade. 3. Click Backup LP settings in Action in the upper Application area Functional detail

211 4. Click Backup. Tip: For the procedure to back up a file, follow the operating procedure for OS. For management module firmware version A0145 or later, the following is the backup file name format. hvm-px-vvrr-yyyymmddhhmmss.backup "X" indicates a partition number: server blade number; VVRR indicates the LP version currently assigned. In SMP configuration, select the primary server blade to back up LPAR manager configuration information. Functional detail 2-187

212 Restoring LPAR manager configuration information Perform the following procedure for restoring LPAR manager configuration information. When LPAR manager configuration information is restored, use a backup file fulfilling the following requirements. Backup file of a restored LPAR manager File backed up when an LPAR manager firmware version which is assigned to a server blade now was assigned to the same server blade If a backup file does not fulfill the requirements above, an LPAR manager would not operate properly after restoring. Tip: In SMP configuration, select the primary server blade to restore LPAR manager configuration information. Restore LPAR manager configuration information following the steps below. You can restore the configuration when the server blade is powered off. 1. Click Resources. 2. Click Modules > Right pointing triangle to All Modules then Server Blades > target server blade Functional detail

213 3. Click Restore LP settings in Action in the upper Application area. 4. Click Browse. Functional detail 2-189

214 Tip: For the procedure to open a file, follow the operating procedure for OS. 5. Click Confirm. 6. Click OK. 7. Click Close Functional detail

215 Initializing LPAR manager configuration Perform the following procedure for initializing LPAR manager configuration. Here, "LPAR manager configuration" is called "LPAR manager setting". When a server blade is turned off, an LPAR manager setting can be initialized. When an LPAR manager setting is initialized, LPAR manager configuration information is lost. So, it is recommended that LPAR manager configuration information is backed up before initializing an LPAR manager setting. 1. Click Resources. 2. Click Modules > Right pointing triangle to All Modules then Server Blades > target server blade. Functional detail 2-191

216 3. Click Initialize LP settings in Action in the upper Application area. 4. Click OK Functional detail

217 5. Click Close. Upgrading LPAR manager model Perform the following procedure for upgrading LPAR manager model. Tip: It is necessary that LPAR manager License Key is obtained and the key is applied to LPAR manager on web console. The following is the workflow for upgrading LPAR manager model. When a server blade is turned off, an LPAR manager License Key can be applied to an LPAR manager installed on the server blade. In SMP configuration, upgrade LPAR manager model on all server blades in the configuration. Obtaining LPAR manager License Key For obtaining LPAR manager License Keys, contact <contact information>. Applying LPAR manager License Key to LPAR manager When a server blade is turned off, an LPAR manager License Key can be applied to an LPAR manager installed on the server blade. Functional detail 2-193

218 1. Click Resources. 2. Click Systems > LP License. 3. Click target server blade in right LP License pane, and then click Register LP License Key Functional detail

219 4. Enter LPAR manager License Key. The following ways exist to enter LPAR manager License Key. [Enter LPAR manager License Key manually]: follow 4-1 [Make Web console load LPAR manager License Key file]: follow ) Select direct input, enter LPAR manager License Key into the textbox in the right side of direct input radio button and click Confirm. 2) Click OK. Functional detail 2-195

220 4-2 1) Select key file and click Browse. Tip: For the procedure to open a file, follow the operating procedure for OS. 2) Click Confirm. 3) Click OK Functional detail

221 Updating LPAR manager firmware Perform the following procedure for updating LPAR manager firmware. LPAR manager firmware version is expressed in "VV-RR" form. A version upgrade means updating the VV portion of this notation. (Example: Upgrading from to 02-00). Updating "RR" is called "Updating LPAR manager revision". Ex: From to The maximum four versions of LPAR manager firmware are installed to four banks in the management module. You can independently select appropriate bank for each server blade from the management module. Removing and installing the LPAR manager firmware from-to the management module are available. When updating the LPAR manager firmware in the management module, perform the installation of the LPAR manager firmware. LPAR manager firmware can be installed and assigned when the LPAR manager is running. Firmware will be updated to the new version after rebooting the LPAR manager. The update takes about 10 to 15 minutes. Confirm that the updated version is an expected version after the update. The following is procedures for updating LPAR manager firmware. Item Description Case 1 Install LPAR manager firmware on a bank which is not assigned to the server blade. Case 2 Install LPAR manager firmware on a bank which is assigned to the server blade. Case 3 Use LPAR manager firmware already installed on a bank. Functional detail 2-197

222 Note: When updating LPAR manager firmware version to 01-4X or later, check if the following mezzanine cards are used or not. If one of cards is used in the server blade, you may need to update the card firmware. - Emulex 10 Gb CNA/LAN mezzanine card - Onboard CNA For about combination of LPAR manager firmware version and firmware version for mezzanine cards, see the Hitachi Compute Blade 500 Series Logical partitioning manager User's Guide. In the non-redundant management module configuration, when replacing the management module because of a failure, the LPAR manager firmware is lost and re-installation is required. We recommend deploy the redundant management module configuration. The LPAR manager cannot be operable even when an LPAR manager firmware version is installed in a bank. Select the LPAR manager firmware bank for the server blade. Selecting the LPAR manager firmware bank is available from the management module console. If a management module is switched when you execute update on the management module console, the update fails. Remove the error factor and then execute update again. When LPAR manager firmware is being installed on a bank assigned to a server blade, powering on the server blade is prevented. When LPAR manager firmware is being installed, the target bank for installation cannot be assigned to a server blade. Obtaining LPAR manager firmware For obtaining LPAR manager firmware, contact <contact information>. Note: Functional detail

223 Do not change the firmware file name. If the file name is changed, the management module cannot recognize it as a firmware file. Files for other system units, such as that for CB 2000, cannot be applied. Installing LPAR manager firmware to management module [Management module firmware version A0135 or earlier] LPAR manager firmware can be installed to only the bank which is not assigned to any server blade. [Management module firmware version A0145 or later] LPAR manager firmware can be installed on only the bank which is not assigned to any server blade or when server blades that are assigned to the bank are all powered off. 1. Click Resources. 2. Click Systems > Firmware. Functional detail 2-199

224 3. Click LP in the right Firmware pane. 4. Click LP firmware bank in the right Firmware pane and then click Install firmware Functional detail

225 5. Click Browse. Tip: For the procedure to open a file, follow the operating procedure for OS. 6. Click Confirm. 7. Steps to follow are different depending on the selected bank state. When you have selected a bank with "-----" for State in step 4, step 9 dialog box will appear. Jump to step 9. Functional detail 2-201

226 When selecting a bank with "Assigned (enable to overwrite firmware)" for State in step 4, select server blades to back up the configuration in Target of Backup LP Settings pane and click Backup. 8. Click Backup. Tip: The same number of files as that of selected server blades for target will be downloaded. For the procedure to back up a file, follow the operating procedure for OS. For management module firmware version A0145 or later, the following is the backup file name format. hvm-px-vvrr-yyyymmddhhmmss.backup "X" indicates a partition number: server blade number; VVRR indicates the LP version currently assigned. 9. Click OK Functional detail

227 Tip: Executed and Unexecuted are shown for Backup LP Settings only when you have selected a bank with "Assigned (firmware to be overwritten)" for installation. You can select a bank with "Assigned (enable to overwrite firmware)" for State in step 4 and go through step 7 through step 9 only with management module firmware version A0145 or later. 10. Click OK. 11. Click Close. Functional detail 2-203

228 Assigning LPAR manager firmware to server blade The following steps provide how to assign LPAR manager firmware to a server blade. Tip: When assigning LPAR manager firmware to server blades in SMP configuration, assign the firmware to the primary server blade. 1. Click Resources. 2. Click Systems > Firmware Functional detail

229 3. Click Server Blade tab in the right Firmware pane. 4. Click a target server blade in the right Firmware pane and then click Assign LP firmware to Server Blade. Functional detail 2-205

230 5. Select LP firmware version and then click Next. 6. Click Backup. When backing up the configuration information at LPAR manager firmware installation, jump to step Click Backup Functional detail

231 Tip: For the procedure to save a file, follow the operating procedure for OS. 8. Click Confirm. 9. Click OK. Functional detail 2-207

232 Uninstalling LPAR manager firmware Perform the following procedure for uninstalling LPAR manager firmware. A LPAR manager firmware can be uninstalled to only the bank which is not assigned to any server blade. 1. Click Resources. 2. Click Systems > Firmware Functional detail

233 3. Click LP in the right Firmware pane. 4. Click LP firmware bank in the right Firmware pane and then click Uninstall firmware. Functional detail 2-209

234 5. Click OK. 6. Click Close Functional detail

235 Collecting LP dump logs with LPAR manager in operation This subsection describes how to collect LP dump logs with LPAR manager in operation. LP dump logs collected by this procedure are used for failure analysis. LP dump log collection is not required in daily operation. You may be asked to collect LP dump logs when the system unit does not work properly. [Management module firmware version A0145 or later] 1. Click Resources tab. 2. Click Modules > All Modules > Server blades, and select a server blade. Functional detail 2-211

236 3. Click LPAR tab in Server Blade x Information. 4. Click Action arrow button > Collect LP dump log Functional detail

237 5. Click OK. A dump file will be downloaded when the process is complete. Tip: Follow the OS procedure to back up a file. LP dump log collected by this procedure can be downloaded as a file but not be saved in the management module. Power saving function This section describes power saving functions provided by the system unit. Managing power control function The system unit provides emergency power control (EPC), accurate power control (APC) functionality, and the Data Center Manageability Interface (DCMI). A management module automatically calculates the allowable setting Functional detail 2-213

238 range for EPC and APC functionality based on the power supply module configuration and accurate power control settings. The following table indicates settings related to the power control functionality. You can change these settings, except the setting that enables or disables the DCMI mode, while the server blades are powered on. However, the management module automatically limits the allowable range to prioritize the continuous operation of server blades. Table Parameters for power control Item Power supply module configuration Redundancy Supply power expansion Description Setting the power supply module configuration in the system unit: 100VAC : N+N/N+1(default)/N+0 200VAC - 240VAC : N+N/N+1(default) The management module calculates the available power capacity in the system unit automatically based on the setting. Enabling/disabling the supply power expansion: Disable/Enable(default) The management module calculates the available power capacity in the system unit automatically based on the setting. Emergency power control (EPC) Facility capping Enable/ Disable Enabling/disabling the Facility capping: Disable(default)/Enable When Disable is set, the management module calculates the available power capacity in the system unit automatically based on the rating of power supply module in the system unit. When Enable is set, the management module calculates the available power capacity in the system unit automatically based on the setting of Facility capping and the rating of power supply module in the system unit. Circuit Breaker Setting the rating current of circuit breaker in facility. rating current 100VAC : 10A 100A (default : 15A) VAC : 15A 100A (default : 15A when no PDU is used, default : 30A when PDU is used.) Number of Circuit Breaker Setting the number of circuit breaker in facility. 1/2/3/4 (default=2: for N+N power supply module configuration default=1: for N+1 or N+0 power supply module configuration) Functional detail

239 Item Description Accurate power control (APC) PDU rating current Number of PDU Enable/Disable EPC for server blade Maximum power consumption Enable/Disable APC for server blade Setting the rating of input current for PDU. 100VAC : not supported VAC : 15A 100A (default : 24A) Setting the number of PDU. 0/1/2 (default=2: for N+N power supply module configuration, or four power supply modules are installed. default=1: for N+1 or N+0 configuration) Selecting server blades for power capping (EPC): Disable Enable(default) Do not disable this setting. Setting maximum power consumption in operation. The specified value must be no more than the maximum power supply of the system unit and no less than the minimum power consumption of the system unit. The factory default at shipping is the maximum power supply of the system unit. The minimum power consumption of the system unit is the total power ratings of embedded modules, which includes the maximum power consumption when capping to the minimum value for APC-enabled server blades. Selecting server blades for power capping (APC). In SMP configuration, each server blade operates with the primary server blade settings. You need not to perform setting for non-primary server blades. The factory default at shipping is Enable. Changing this value will change the minimum power consumption of the system unit. The maximum power consumption is not allowed to be below the minimum power consumption of the system unit. DCMI mode settings Enabling and disabling the DCMI mode for the entire server chassis Enables or disables the DCMI mode for the entire server chassis. In the initial settings (the settings at shipping time), the setting is Disable. You can enable or disable the DCMI mode only when all server blades that support DCMI in Functional detail 2-215

240 Item Description the server chassis have been initialized and the main power is powered off. The DCMI mode and the APC functionality are mutually exclusive. Therefore, you cannot use both at the same time. Tip: We recommend that you use accurate power control (APC) as the power capping function. You cannot use DCMI to control the power of the entire chassis by using the management module. In addition, to use DCMI, server blades must support it. Select an appropriate power capping function. Note: You cannot enable DCMI (see DCMI function on page 2-229) and APC at the same time. When you enable the DCMI mode, APC is automatically disabled and you cannot change the settings related to APC. When you enable the DCMI mode, the APC settings are reset. Similarly, when you disable the DCMI mode, the DCMI settings are reset. You can use DCMI and EPC simultaneously. If the power supply becomes insufficient because of a power failure, power capping by EPC is prioritized for continuous operation of the equipment. Emergency power control Emergency Power Control (EPC) function protects power supply modules embedded in the system unit and your power equipment, such as circuit breakers and power distribution units (PDU), from the power overload beyond the maximum power capping value by the high speed power capping on the server blades. When the power overload is detected, EPC controls the power consumption by reducing the processor frequency of server blade to its allowable minimum value. The frequency reduction causes the performance suppression and the status lasts one minute. When the power overload is detected twice within six minutes, EPC reduces the processor frequency and then forces to change the maximum power consumption by 90 % to reduce the performance suppression. The forced setting is released one hour later when the power does not exceed the maximum power consumption setting. The forced setting is also released when the system unit AC power is turned off. EPC enables you to set any value for maximum power consumption using the facility capping function. The setting is not necessary when the maximum power consumption for the system unit does not exceed the allowable maximum power on the power facilities Functional detail

241 Tip: If power supply modules are redundant, the power consumption upper limit configured by EPC of system unit will be increased by enabling power capacity expansion function. EPC maximum value reflects the power-on status of power supply modules in real time. When the number of power-on power supply modules is reduced by the function of powering off unnecessary power supply modules, the EPC maximum power consumption value may be shown less than the APC maximum power consumption value temporarily. APC maximum power consumption is a setting value, which is not affected by the power-on status of power supply modules. Functional detail 2-217

242 Table Web console operation Item Displaying/setting Emergency Power Control Description Resources > Systems > Power Management > Action button > Edit power customer power facility Table CLI console operation Displaying EPC setting Setting EPC values Item show power setting set power capping Operation Accurate power control Accurate power control (APC) function restricts the power consumption of system unit depending on the designated unique maximum power consumption by using the server blade power capping function. The APC is implemented with software control so the actual power consumption may exceed the designated maximum value. When the excess power consumption is detected, the APC reduces the processor frequency of server blade to appropriate level and restores the power consumption within the designated maximum value. The frequency reduction causes the performance suppression and the status lasts one minute. The APC automatically calculates the applicable frequency for each server blade to meet its maximum power consumption goal Functional detail

243 Tip: If it is not acceptable to exceed the designated maximum value of power consumption, use the facility capping function. Disable the Enable/Disable for server blade setting for server blades to invalidating power capping. When you cannot accept the power capping to all of server blades, confirm whether the Maximum power consumption, Enable/Disable for server blade, Power supply module configuration, and Power supply module configuration settings are correct. In virtual environment, it is recommended that APC should be disabled on virtual servers because performance across all virtual servers is degraded. Table Web console operation Item Description Displaying/setting for APC Resources > Systems > Power Management > Action button > Edit accurate power control (APC) Functional detail 2-219

244 Table CLI console operation Displaying APC setting Setting APC values Item show power setting set power capping Operation The following example shows the power management flow when the Maximum power consumption is set to 2000W. The system specifications for the example are as follows: APC maximum for the system unit: 2000 W Power consumption for modules other than server blades: 800 W The maximum power consumption for server blades: 1200 W Power consumption specification for server blades: Rating power consumption (Maximum): 400 W Maximum power consumption when capping to the minimum value: 150 W Number of server blades installed: 4 with the same power consumption specifications APC: Enable When the total power consumption of the chassis exceeds the APC maximum, power consumption of four sever blades will be limited to 300 W respectively. 1. Operation status 1 (Operating within the maximum power consumption) 2. Operation status 2 (Exceeding the maximum power consumption) Functional detail

245 3. Operation status 3 (Suppressing the maximum power consumption) Disabling power capping for server blade You can disable the power capping for server blades whose performance cannot be reduced. EPC and APC have items for disabling the power capping respectively. But do not disable EPC settings. Functional detail 2-221

246 In SMP configuration, each server blade operates with the primary server blade settings. You need not to perform setting for non-primary server blades. Table Web console operation Item Displaying/setting power capping for server blade Operation Resources > Systems > Power management > Server blade tab > Server blade x > Edit power capping button Table CLI console operation Item Displaying power capping for server blades Setting EPC/APC values Operation show power setting set power capping The following example shows the power management flow of the APC when the maximum power consumption is set to 2000W with power capping disabled at two blades. The system specifications for the example are as follows: APC maximum for the system unit: 2000 W Power consumption for modules other than server blades: 800 W The maximum power consumption for server blades: 1200 W Power consumption specification for server blades: Rating power consumption (Maximum): 400 W Maximum power consumption when capping to the minimum value: 150 W Number of server blades installed: 4 Disabled APC for server blade 0 and 1 When the total power consumption of the chassis exceeds the APC maximum, power consumption of sever blade 2 and 3 will be limited to 200 W respectively. That is because 400 W x 2 for rating power consumption of server blade 0 and 1 with power capping disabled is subtracted from 1200 W, and the remaining 400 W is shared by server blade 2 and 3, 200 W per blade. Note: When rating power consumption of server blades with power capping disabled is subtracted from the server blade maximum power consumption and the remaining value is shared by other server blades, power capping cannot be disabled if the remaining value is less than the maximum power consumption when capping to the minimum value. See the following example. APC maximum for the system unit: 2000 W Power consumption for modules other than server blades: 700 W The maximum power consumption for server blades: 1300 W Functional detail

247 Power consumption specification for server blades: Rating power consumption (Maximum): 400 W Maximum power consumption when capping to the minimum value: 150 W Number of server blades installed: 4 Disabled APC for server blade 0, 1, and 2 When the total power consumption of the chassis exceeds the APC maximum, power consumption of sever blade 3 will be limited. Disabling the power capping is not available because of subtracting 400 W x 3 for rating power consumption of server blade 0, 1, and 2 with power capping disabled from 1300 W and getting 100 W, which is less than the maximum power consumption when capping to the minimum value: 150 W. 1. Operation status 1 (Operating within the maximum power consumption) 2. Operation status 2 (Exceeding the maximum power consumption) Functional detail 2-223

248 3. Operation status 3 (Suppressing the maximum power consumption) Power supply expansion The power supply expansion function expands the usable power by using surplus power of redundant power systems when active and redundant systems are in normal operation. The function eases the restriction for installing number of blades and performance suppression by power capping on the blade Functional detail

249 The power supply expansion function protects the power facilities, such as circuit breakers and power distribution units (PDU), and power supply modules in the system unit from the power overload beyond the allowable value by the high speed power capping on the server blades. Power supply module that is power receiving performance improved is adopted to realize the power supply expansion function. Disabled power supply expansion Normal operation of redundant power supply (Maximum supply power: 4200W) Failure of redundant power supply (Maximum supply power: 4200W) Functional detail 2-225

250 Enabled power supply expansion (Default) Normal operation of redundant power supply (Maximum supply power: 4800W Power supply expansion: 600W) Failure of redundant power supply (Maximum supply power: 4800W High speed power capping for expanded power) Failure of redundant power supply (Maximum supply power: 4200W Power supply expansion is as same as disabled) Functional detail

251 Table Web console operation Item Displaying/setting power supply expansion Operation Resources tab > Systems > Power management Monitoring power consumption The power consumption in the system unit, server blades, or something can be monitored from the management module Web console. The two types of power consumption information are available, current power consumption and history of power consumption. The history displays within 24 hours power consumption of the previous day. The power consumption value of the primary server blade indicates the total power consumption of all server blades in SMP configuration. CPU frequency is displayed by the server blade. Multiple CPUs in a server blade have the same frequency. Table Web console operation Item Displaying current power consumption Displaying history of power consumption Operation Resources tab > Systems > Power management Resources tab > Systems > Power management > Action > Download chassis power history Functional detail 2-227

252 Table CLI console operation Item Displaying the chassis power history Operation show log power Setting forced power off order for server blades The management module forces power off the server blades to maintain the power for remaining server blades when the power consumption exceeds the available supply power because of the failure of power supply modules. You can set the forced power off order from the management module Web console. The default order is sever blade #7, #6, #5, #4, #3, #2, #1 and #0. Table Web console operation Item Displaying/setting forced power off order Operation Resources tab > Systems > Power management Power supply module optimization Power supply module optimization statically optimizes the number of power supply modules to activate according to that of server blades to be operated so that the power supply modules can work efficiently. This function is enabled in default. The LEDs of inactive power supply modules blink in green while the function is enabled. Table Web console operation Item Displaying power supply module optimization Setting power supply module optimization Operation Resources tab > Systems > Power management Resources tab > Systems > Power management > Action button > Edit power supply module optimization Table CLI console command Item Displaying the function status Enabling/disabling the function Command show power ps-module Set power ps-module Functional detail

253 DCMI function DCMI overview This section describes the DCMI function. CB 500 supports DCMI (Data Center Manageability Interface) version 1.5. By issuing DCMI commands (IPMI command-based) from the OS on a server blade or an external management PC connected by LAN to BMC on a server blade supporting DCMI, you can manage power and monitor various environmental values. To use DCMI, you need to enable the DCMI mode of the server chassis in advance. Server blades that support DCMI can accept DCMI commands only when the DCMI mode is enabled. Even if the DCMI mode is enabled, server blades that do not support DCMI cannot accept DCMI commands. Note: You cannot enable both DCMI and APC (Accurate Power Control) at the same time. When you enable the DCMI mode, APC automatically becomes disabled and you cannot change settings related to APC. You can enable or disable the DCMI mode in the following cases: All blades in a server chassis have been initialized. The main power of blades supporting DCMI within the server chassis is off. If you enable the DCMI mode, the APC settings are reset. Similarly, when you disable the DCMI mode, the DCMI settings are reset. You can use DCMI and EPC simultaneously. If the power supply becomes insufficient because of a power failure, power capping by EPC is prioritized for continuous operation of the equipment. Server blades that support DCMI To use DCMI, server blades must support it. For details of servers supporting DCMI, see the Hitachi Compute Blade 500 Series System Overview Guide. Setting the DCMI mode 1. Switch to the DCMI mode. To set the DCMI mode, use either the Web console or CLI console. When you change the settings that switch the DCMI mode, server blades that support DCMI are automatically re-initialized. Table Web console operation Item Operation Switching the DCMI mode Resources tab > Systems > Power Management > Action > DCMI mode Functional detail 2-229

254 Table CLI console command Item Switching to the DCMI mode Command set power dcmi-mode 2. Confirm that blade initialization is complete. If server blades that support DCMI are re-initialized when you change to the DCMI mode, check the system event log to confirm that the initialization of the target server blades is complete. To confirm that initialization is complete from the Web console, in the [Resources] tab, from the [Modules] tree, select [Server Blades] and then a target server blade. Then, in the [Condition] tab of the server blade, confirm that [Initialization status] is [OK]. Note: DCMI commands Do not switch to the DCMI mode while updating the integrated firmware of server blades that support DCMI. Before switching to the DCMI mode, confirm that the integrated firmware is not being updated on any server blade that supports DCMI. If you updated the integrated firmware, check the system event log to confirm that initialization of the target server blades is complete. To confirm that initialization is complete from the Web console, in the [Resources] tab, from the [Modules] tree, select [Server Blades] and then a target server blade. Then, in the [Condition] tab of the server blade, confirm that [Initialization status] is [OK]. To downgrade the management module firmware that supports DCMI to firmware that does not support DCMI, disable the DCMI mode in advance. If you downgrade the firmware while the DCMI mode is enabled, the APC functionality might not operate correctly. See the following table for details about the commands that are defined in DCMI version 1.5 and supported in CB 500. Table DCMI commands DCMI command NetFn CMD Min Privilege level Support of CB 500 Get DCMI Capabilities Info DCGRP (2Ch, 2Dh) 01h Session-less Y Set DCMI Configuration Parameters Get DCMI Configuration Parameters Get Management Controller Identifier String DCGRP (2Ch, 2Dh) 12h Admin Y DCGRP (2Ch, 2Dh) 13h User Y DCGRP (2Ch, 2Dh) 09h User Y Functional detail

255 DCMI command NetFn CMD Min Privilege level Support of CB 500 Set Management Controller Identifier String DCGRP (2Ch, 2Dh) 0Ah Admin Y Get Asset Tag DCGRP (2Ch, 2Dh) 06h User Y Set Asset Tag DCGRP (2Ch, 2Dh) 08h Operator Y Get Device ID App (06h) 01h User Y Get System GUID App (06h) 37h User Y Get Chassis Capabilities Chassis (00h) 00h User Y Get Chassis Status Chassis (00h) 01h User Y Chassis Control Chassis (00h) 02h Operator Y Chassis Identify Chassis (00h) 04h Operator Y Get ACPI Power State App (06h) 07h User Y Set System Boot Options Chassis (00h) 08h Operator N 1 Get System Boot Options Chassis (00h) 09h Operator Y Get SEL Info Storage (0Ah) 40h User Y Reserve SEL Storage (0Ah) 42h User Y Get SEL Entry Storage (0Ah) 43h User Y Clear SEL Storage (0Ah) 47h Operator Y Get DCMI Sensor Info DCGRP (2Ch, 2Dh) 07h Operator Y Get SDR Repository Info Storage (0Ah) 20h Operator Y Reserve SDR Repository Storage (0Ah) 22h Operator Y Get SDR Storage (0Ah) 23h User Y Get Sensor Threshold S/E (04h) 27h Operator Y Get Sensor Reading S/E (04h) 2Dh User Y Set Sensor Event Enable S/E (04h) 28h Operator N Get Sensor Event Enable S/E (04h) 29h User N Get Power Reading DCGRP (2Ch, 2Dh) 02h User Y Get Power Limit DCGRP (2Ch, 2Dh) 03h User Y Set Power Limit DCGRP (2Ch, 2Dh) 04h Operator Y Activate/Deactivate Power Limit DCGRP (2Ch, 2Dh) 05h Operator Y Set Thermal Limit DCGRP (2Ch, 2Dh) 0Bh Operator Y Get Thermal Limit DCGRP (2Ch, 2Dh) 0Ch User Y Get Temperature Readings DCGRP (2Ch, 2Dh) 10h User Y Reset Watchdog Timer App (06h) 22h Operator Y Functional detail 2-231

256 DCMI command NetFn CMD Min Privilege level Support of CB 500 Set Watchdog Timer App (06h) 24h Operator Y Get Channel Authentication Capabilities App (06h) 38h None Y Set Session Privilege Level App (06h) 3Bh User Y Close Session App (06h) 3Ch User Y Get Session Info App (06h) 3Dh User Y Get Payload Activation Status App (06h) 4Ah User Y Get Payload Instance Info App (06h) 4Bh User Y Get Channel Payload Support App (06h) 4Eh User Y Activate Payload App (06h) 48h Configurable Y Deactivate Payload App (06h) 49h Configurable Y Get Channel Cipher Suites App (06h) 54h None Y SOL Activating Transport (20h) 20h None Y Set LAN Configuration Parameters Get LAN Configuration Parameters Transport (0Ch) 01h Admin Y Transport (0Ch) 02h Operator Y Set Channel Access App (06h) 40h Admin Y Get Channel Access App (06h) 41h User Y Get Channel Info App (06h) 42h User Y Set User Access App (06h) 43h Admin Y Get User Access App (06h) 44h Operator Y Set User Name App (06h) 45h Admin Y Get User Name App (06h) 46h Operator Y Set User Password App (06h) 47h Admin Y Set User Payload Access App (06h) 4Ch Admin Y Get User Payload Access App (06h) 4Dh Operator Y Set SOL Configuration Parameters Get SOL Configuration Parameters Transport (0Ch) 21h Admin Y Transport (0Ch) 22h User Y Set BMC Global Enables App (06h) 2Eh system interface Y Get BMC Global Enables App (06h) 2Fh system interface, User Y Functional detail

257 DCMI command NetFn CMD Min Privilege level Support of CB 500 Clear Message Flags App (06h) 30h system interface Y Get Message Flags App (06h) 31h system interface Y Get Message App (06h) 33h System Interface Y Send Message App (06h) 34h User Y Legend: Y: Supported by CB 500 N: Not supported by CB 2500 Note: 1. The command is finished normally, but the setting is not reflected. Silent mode function This section describes the silent mode function provided by the system unit. Silent mode function overview Silent mode function is an operating mode that reduces noise/electricity consumption by decreasing fan revolution. Silent mode function works best when the intake air temperature is below 30 degrees Celsius. Table Web console operation Item Displaying/setting silent mode function Operation Resources tab > Modules > Chassis > Action > Silent mode function Tip: When using the silent mode function, the following restrictions exist. - Supported server blade: The server blade that is installed E5-2430L CPU (CB 520A A1 model) - Supported switch module: All switch modules except Brocade 10 Gb/sec DCB switch module, 10 Gb/sec LAN pass-through module, and Brocade 16 Gb/sec Fibre Channel switch module - Number of modules available to install: If output per a power supply module is over about 560W (AC 100V input) or about 760W (AC 200V input), the silent mode function may be degraded. The following operations are required to enable the silent mode function. Functional detail 2-233

258 - Disable the optimizing control function of power supply module. - Power off the main power supply of unsupported server blade. Note that the main power supply of unsupported server blade is inhibited, when the silent mode function is enabled. When the unsupported switch module is installed, the main power supply of server blade is not inhibited, and the silent mode function may be degraded. The silent mode function give priority to noise reduction, the operation frequency of CPU is controlled. Therefore, when the silent mode function is enabled, CPU performance may be degraded in high temperature environment. The silent mode function may be degraded if failures of power supply module or fan module occur. Disabling the silent mode function is applied immediately, however, enabling the silent mode function take about one minute. SNMP function This section describes the SNMP function provided by a management module. SNMP function overview The following table shows the SNMP function. Table SNMP function Item Description Polling Enabling the system unit to be monitored from the SNMP manager. When the information transfer request is issued, a response corresponding to the information defined in MIB (Management Information Base), which is uniquely defined to system unit, is returned. Management module responds to the request only transferred from the SNMP manager registered in the management module. Trap Based on MIB (Management Information Base), which is uniquely defined to system unit, the management module notifies the information to the SNMP manager. Easing the failure monitor for SNMP manager. The SNMP standard trap is not supported Functional detail

259 The following table shows the specification of SNMP polling. Table Specification of SNMP polling Item Supporting instruction Maximum number of simultaneous notify SNMP manager Supporting module Specification SNMPv1/v2c/v3 (Get, GetNext, GetBulk) 8 Sever blade, Management module, Switch module, Power supply module, Fan module The following table shows the specification of SNMP trap. Table Specification of SNMP trap Item Specification Notification method Maximum number of simultaneous notify SNMP manager Notification trigger SNMP (SNMPv2Trap/ SNMPv3Trap ) 8 Recording failure SEL in the management module Notification content First variable binding Time of failure Second variable binding Third variable binding Fourth variable binding Fifth variable binding Sixth variable binding Chassis of failure Failure level SVP alert ID for the trap Failure message Failure portion Functional detail 2-235

260 The following table shows the specification of SNMPv3. Table Specification of SNMPv3 Item Authentication (Hash method) Encryption MD5/SHA-1 DES/AES128 Specification Requirement Configuring SNMP SNMP manager that receives SNMP trap must support SNMPv1/v2c/v3. The network communication must be available between the management module and the SNMP manager on management server. The following procedure indicates the configuration steps to use SNMP on the management module. Exporting MIB file You can export the MIB file to manage the system unit from the management module console. When the firmware for management module is updated and new OID is added, export the MIB after the update. The MIB version to be exported is also confirmed from the management module console. Table Web console operation Item Exporting MIB Operation Administration tab > SNMP > MIB tab > Download MIB file button Displaying MIB version Administration tab > SNMP > MIB tab Functional detail

261 Table CLI console command Item Command Exporting MIB Displaying MIB version export snmp mib show snmp mib Setting SNMP manager Perform the following procedure to the SNMP manager. For details about setting SNMP manager, see the SNMP manager documents. Registering MIB file Registering trap event Selecting MIB information items and setting the required parameter to get the information by polling. For details about the content of trap event and collectable MIB information items, see the Hitachi Compute Blade 500 Series MIB User's Guide. Setting management module Perform the following settings to the management module. The agent settings are relating to the management module information and the manager settings are relating to the SNMP manager. For details about setting items, see the Hitachi Compute Blade 500 Series Web Console User's Guide. Agent settings Seven items of Agent settings are shown below. Enabling/disabling SNMP System Contact Name Port number Trap level SNMP version Character string for creating engine ID Manager settings Ten items of Manager settings are shown below. IP address/host name Port number SNMP version Community name User name Access type Authentication type Authentication password Functional detail 2-237

262 Encryption type Encryption password Table Web console operation Item Displaying/setting SNMP agent settings Displaying/setting SNMP manager settings Operation Administration tab > SNMP > SNMP agent Administration tab > SNMP > SNMP manager Table CLI console command Item Displaying SNMP agent settings Setting SNMP agent settings Displaying SNMP manager settings Setting SNMP manager settings Command show snmp agent set snmp agent show snmp manager set snmp manager Note: When registering an SNMP manager that has an IPv6 address and uses SNMP v1 or v2c, specify an IPv6 address as the host name of the SNMP manager. If you specify a host name, the management module cannot be detected as a node on the SNMP manager. When registering an SNMP manager that has an IPv4 address and uses SNMP v1 or v2c, you can specify an IPv4 address or a host name as the host name. When registering an SNMP manager that uses SNMP v3, you can specify either an IP address or host name as the host name, regardless of whether the address of the SNMP manager is an IPv4 or IPv6 address. Tip: When Security strength is set to high for the management module, configure the following SNMP settings. Agent setting SNMP version: v1/v2/v3 Manager setting SNMP version: v3 Type of access: AuthPriv Type of authentication: SHA Type of encryption: AES If not configured, no response is returned to the manager request and SNMP trap is not issued. Testing SNMP trap notification Perform the SNMP trap notification test from the management module, and then confirm whether the trap is notified to the SNMP manager. When the Functional detail

263 trap is not notified, verify the network environment, SNMP manager settings, and SNMP agent settings. Table Web console operation Item Testing SNMP trap notification Operation Administration tab > SNMP > Action button > Send SNMP trap Table CLI console command Item Testing SNMP trap notification Command test snmp trap Releasing for production Release the SNMP for production purpose. When a failure is detected in the system unit, collect the dump log as necessary. For details about dump log, see Dump log on page Notification by Overview This section describes notification provided by management modules. This subsection describes notification triggers. Notification of failure (triggered by failure occurrence) When a failure occurs in the system unit, the log information required for the failure analysis is collected, and then the failure is notified by with attached failure log file. The history of the notified failure is maintained in the management module by maximum 32 notifications. When the number exceed 32 notification, the oldest notification is deleted as FIFO basis. Notification of log dump (triggered by log dump occurrence) When a log is dumped from the server blade, the log file is attached to the E- mail. This notification by is supplemental for the failure notification. Notification of current status (triggered by manual operation) After collecting current status of the system unit, you can send the information by as an attached file. Functional detail 2-239

264 Notification of history log (triggered by manual operation) You can resend one of the history log stored at the failure occurrence. For example, when the notification of failure occurrence is failed due to the mail server is in stop status, it is possible to send the after the mail server recovery. Tip: When you perform the log dump from the server blade, the notification of log dump above occurs. However, an regarding to the notification of failure is not created. Requirement A mail server (SMTP server) is required. The notification by is a function that the management module as a mail client sends an to a mail sever (SMTP server). The management must be in an environment that can communicate with a mail server. Notification by specification The following table shows the specification of the function. Table Specification of function Item Specification Notification method (SMTP compliance) Maximum number of destination address 4 Maximum number of SMTP server 1 Notification trigger Failure occurrence Log output from server blade Operation by manual (Notification of current status, Notification of history log) Notification retry Communication failure during: Notification of failure Notification of log output Mail content Notification of failure Subject [AUTO] Failure report Body Mail description: The trouble occurred by the following device. Server chassis information Failure information (Abstract) Attached file 1 svpsts-yyyymmdd-hhmmss.gz trc-yyyymmdd-hhmmss.tar.gz 2 marlog.gz Functional detail

265 Item Notification of log output Subject Specification [AUTO] Log dump report Body Mail description: The log of the server blade was output with the following device. Attached file 1 One of the following file is attached. hvmdumpn-yyyymmdd-hhmmss.gz raslogn-yyyymmdd-hhmmss.tar.gz Notification of current status Subject [Manual] Current status report Body Mail description: The log attached to this shows a current machine state. Server chassis information Attached file 1 svpsts-yyyymmdd-hhmmss.gzz trc-yyyymmdd-hhmmss.tar.gz 2 Notification of history log Subject [Manual] History report Body Mail description: The trouble occurred by the following device. Server chassis information Failure information (Abstract) Attached file 1 svpsts-yyyymmdd-hhmmss.gz trc-yyyymmdd-hhmmss.tar.gz 2 marlog.gz SMTP authentication method Encryption method Selectable from the following method No authentication/ PLAIN/ LOGIN/ CRAM-MD5 Selectable from the following method No encryption/ SSL/ TLS Notes: 1. The YYYYMMDD-hhmmss in the attached file legend indicates the start date and time of notification. YYYY: year, MM: month, DD: date, hh: hour, mm: minute, ss: second 2. The attached file is not attached to the destination address which address setting of Attach Log is set to Disable. The following table shows the attached file specification. Functional detail 2-241

266 Table Attached file specification File name svpsts-yyyymmddhhmmss.gz trc-yyyymmddhhmmss.tar.gz hvmdumpn-yyyymmddhhmmss.gz raslogn-yyyymmddhhmmss.tar.gz marlog.gz Content System unit information Management module log information Sever blade log information (related to LPAR manager) Sever blade log information (related to hardware) Failure information (same information included the notification of failure) Maximum size Upper row: Automatic notification Bottom row: Manual notification 500 KB 500 KB 1000 KB 1500 KB 2000 KB not attached 2000 KB not attached 1 KB not attached Setting notification by When you use the notification by function on the management module, you need to set notification information and destination address. The notification information is set to management module and SMTP server. The destination address is the address to which the notification is sent. For details about setting items, see the Hitachi Compute Blade 500 Series Web Console User's Guide. Setting notification information Set the following items for notification information. Notification parameter Six setting items for sending are shown below. Enabling/disabling function for notification by Sender address Host name Comment SMTP server Port number Note: Functional detail

267 The management module does not support the notification function that uses IPv6 stateless addresses. To communicate with the SNMP server by using IPv6 addresses, disable the stateless address setting of the management module. SMTP authentication parameter Three items of SMTP server authentication are shown below. Enabling/disabling SMTP authentication Account Authentication method Encryption parameter The following item is for setting encryption parameter. Encryption for SMTP path Note: When Security strength is set to high for the management module, configure TLS for the encryption version for notification route, and CRAM-MD5 for SMTP authentication method. If not configured, is not sent. Setting destination address information Set the following items for notification destination. Destination address parameter Three items of destination information are shown below. Nickname address Attach log file Table Web console operation Item Displaying/setting notification Displaying/setting destinations Operation Administration tab > Notification > Notification Settings tab Administration tab > Notification > Destinations Settings tab Table CLI console command Item Displaying setting for Setting notification information by Setting/adding destination address Deleting destination address Command show mgmt-lan set mgmt-lan notification set mgmt-lan address delete mgmt-lan address Functional detail 2-243

268 Testing configuration (by sending current status) After setting parameter setting for , perform notification test using notification of current status. You can select the destination address from the address list which you set. It is possible to specify one designation address or all of the address. Table Web console operation Item Notification of current status (by manual operation) Operation Administration tab > Notification > Action button > Present condition notification Table CLI console command Item Notification of current status (by manual operation) Command send latest mgmt-lan Tip: It takes several minutes to collect log information. The notification by function is assumed as normal end when the notification is sent to the SMTP server correctly. When you send the notification to multiple destinations, a failure to one destination may cause the failure to all of the destinations. When a mailing fails, confirm the environment and settings based on the result message and following description. - Confirm whether the communication between the management module and SMTP server is available. When the communication is unable: Confirm whether the LAN cable is connected correctly. Confirm the network setting for management module. When designate the SMTP server with the host name, designate the DNS in the network setting for management module. - Confirm whether the SMTP service is active on the SMTP server. When the service is not active, start the SMTP service. - Confirm whether the basic information for notification by and the setting of destination address information are correct. The following table shows the messages for the notification of current status. Table Messages for notification of current status Code Message Description Action E0410 <Address %> Sending e- mail notification was canceled. Address is not set. Destination address is incorrect or user does not exist corresponding to the destination address. Confirm the settings especially the destination address Functional detail

269 Code Message Description Action E0411 <Address %> Sending e- mail notification was canceled. A communication error occurred. E0412 <Address %> Sending e- mail notification was canceled. Connecting to SMTP server failed. E0413 <Address %> Sending e- mail notification was canceled. Failed to resolve host. E0414 <Address %> Sending e- mail notification was canceled. Configuration is invalid. Error occurred during the communication with the SMTP server. Connection failed to the SMTP server. IP address is not identified from the SMTP server host name. The format error exists in IP-address for SMTP server. Confirm the LAN connection. Confirm all of the settings for , SMTP server status, and the LAN connection. Confirm the sender setting for , DNS, and the LAN connection. Confirm the sender setting for . E0415 <Address %> Sending e- mail notification was canceled. SMTP server does not support requested authentication type. The SMTP server does not support the designated authentication method. Confirm the notification setting (authentication method). E0416 <Address %> Sending e- mail notification was canceled. SMTP authentication failed. E0417 <Address %> Sending e- mail notification was canceled. SMTP server does not support SSL/TLS. E0418 <Address %> Sending e- mail notification was canceled. Program failed. E0419 <Address %> Sending e- mail notification was canceled. address is invalid. An error detected in the authentication account or password. The SMTP server does not support the designated encryption method. Unexpected error occurred. The failure exists in destination address setting, or no user exists corresponding to the address. Confirm the authentication account and password. Confirm the notification setting (encryption method). Contact with your customer engineer or sales personnel. Confirm the destination address setting. Syslog transfer This section describes Syslog transfer function for management modules and BMC. Overview Management modules and BMC can transfer events of user operation, hereinafter referred to as Audit event, to a syslog server. You can integrate Functional detail 2-245

270 and manage Audit events in management modules and BMC using the syslog server. Note: Audit events at user operation with stopping a management module, such as shutdown, restart, replacement, may not be sent depending on the timing. When you shut down, restart, or switch a management module immediately after performing some operation, or when the management module fails immediately after your operation, Audit events may not be sent depending on the timing. Only Audit events can be sent to the syslog server. Events as alert trigger for SC/BSM or HCSM are not sent to the syslog server. Audit events in a management module are sent to the syslog server from the management module. Audit events in BMC are sent to the syslog server from BMC. You need to configure settings for transfer to the syslog server in management modules and in BMC respectively. Syslog transfer for BMC is not supported by CB 520A A1 and CB 540A A1/B1 server blades. The following firmware versions support Syslog transfer for BMC. - Server blade CB 520H A1/B1: integrated firmware or later CB 520H B2: integrated firmware or later Audit events to transfer Log format Audit events are transferred when the events occur as operation logs or audit logs. See Operation log and audit log on page for details. The following format is used for operation logs transferred to the syslog server. [date] [IP address for SVP or BMC] [mm or bmc]: auditevent,[log message] The following format is used for autit logs transferred to the syslog server. [priority]1 [date] [IP address for SVP or BMC] [mm or bmc] - [message ID] - [log message] An operation log or audit log is in [log message]. See Operation log and audit log on page for the format and messages. "user" is displayed as facility for logs transferred to the syslog server. For severity, "notice" is displayed as the result in the operation log or audit log when an operation fails, and "info" is displayed when the operation result is other than failure Functional detail

271 Using Syslog transfer The following flowchart shows the procedure for using Syslog transfer. (1) Installing the Syslog server Install a syslog server to transfer Audit events. (2) Setting Syslog transfer to management modules and BMC Configure the following settings for the management module and BMC. Enabling/disabling Syslog transfer Enable or disable Syslog transfer. To send Audit events with Syslog transfer, enable it. Sending or not sending Audit events (only for management modules) Enable or disable Syslog transfer to send Audit events. To send them using Syslog transfer, enable it. Syslog server for destination Set an IP address or host name for the syslog server for destination. Use FQDN to set the host name. Port number Set the port number of the transfer-destination syslog server. Transfer protocol Set the protocol to be used for Syslog transfer. For UDP and TCP, Syslog transfer is performed by using cleartext. For TLS, Syslog transfer is encrypted. For details on TLS, see the description of TLS/SSL version settings on page TLS Version (only for BMC) Set the TLS version to be used for Syslog transfer. This setting can be specified when the transfer protocol is TLS. Format Set the format for logs to be transferred to the syslog server. You can select either the operation log format or the audit log format. Functional detail 2-247

272 Table Web console operation Item Displaying/Setting Syslog transfer for management modules Displaying/Setting Syslog transfer for BMC Operation Administration tab > Syslog transfer Resources tab > Modules > All Modules > Server Blades > Server Blade x > BMC tab Note: Only one syslog server can be specified as destination. Syslog transfer does not support SSL3.0. (3) Sending Syslog transfer test message When you log into the management module CLI console or Web console, "Logged in to the System Console" or "Logged in to the System Web Console" is sent. For BMC, "Logged in to the remote console" is sent when you log into BMC. Check if the message is sent or not. When the message is sent, Syslog transfer setting is correct. Banner feature Login banner feature This section describes the login banner feature of the CB 500 management module. Overview of the login banner feature The login banner feature displays a login banner (warning) when the management module is connected. Whether the login banner is displayed depends on the access method, as follows. Table Whether the login banner is displayed # Access method Banner display 1 CLI console Displayed 2 Web console Displayed 3 LCD touch panel Not displayed Display example for the CLI console: Preset banner text is displayed before the login prompt (login:) as shown Functional detail

273 Display example for the Web console: Preset banner text is displayed on the login screen (the screen for entering your user ID and password). How to configure the login banner The login banner message can be specified as follows: Maximum number of characters in the message: 1599 (20 lines of 80 characters each) Type of characters: Alphanumeric characters, symbols, space character (ASCII character code 0x20-0x7e), and line feed character (LF) However, you cannot use a percent sign "%"(ASCII 0x25), a backslash "\"(ASCII 0x5c), Japanese characters (including half-width kana characters), or multi-byte characters. Functional detail 2-249

274 Table Operation method for the Web console Item Configuring the login banner Screen Administration tab > Login banner > Edit Set the following items: Whether to enable or disable the login banner display feature Login banner text Tip: If a login banner is already specified, the specified text is displayed. If you change the text and then click the OK button on the confirmation screen, the login banner is overwritten. If you disable the login banner display, the login banner will not be displayed, but the preset text is still retained. If you then enable the login banner display, the preset text will be displayed. The login banner is backed up when the management module settings are saved. Therefore, when the management module settings are restored, the login banner settings return to their previously saved values. The login banner feature is also available for the remote console of the server blade. Configuration must be performed separately to enable the remote console login banner. For details, see the the Hitachi Compute Blade 500 Series Remote Console User's Guide. USB port disabling function To prevent unauthorized use of USB devices, you can disable USB ports of management modules. You can specify the setting for each USB port. Table Web console operation Item Disabling/enabling USB port Operation Resources tab > Modules > Chassis > Action > Edit Front Panel USB Configuration Table CLI console command Item Disabling/enabling USB port Command set chassis usb validity Import function This section describes the import function provided by management modules Functional detail

275 Import overview This function configures all settings described in Setting items for import on page to the server chassis at the initial setting. A setting file created by this function is referred to as import file. The following two devices can be used for the import function. LCD touch console Web console Import execution For LCD touch console Figure 2-12 Example of import with LCD touch console Setting items for import The following three settings can be configured by executing the import. Time settings including time zones and daylight saving time See Time settings on page 2-8 for details. Protocol settings including Telnet, SSH, FTP, HTTP, and HTTPS See Security on page 2-26 for details. Network settings for IP address of management modules, server blades, and switch modules. See IP address on page 2-18 for details. This subsection describes import execution. The following steps provide how to import files using the LCD touch console. Functional detail 2-251

276 Requirements LCD touch console USB flash drive (version: USB 2.0) Tip: Files cannot be imported if the LCD touch console function is disabled or if USB ports are disabled. Importing procedure 1. Create an import file referring to Import file format and modification on page 2-257, and store it into a USB flash drive. Note: Create a folder name and file name for an import file in alphanumerics. The file path consisting of both names must be up to 255 alphanumerics. 2. Connect the LCD touch console and a USB flash drive with the import file to USB ports on the front panel of the server chassis. When the USB flash drive is recognized, USB device unmount button appears on LCD touch console home. Tip: If USB device unmount button does not appear, touch Refresh. 3. Touch System settings on LCD touch console home to start import. 4. Touch Import on System settings menu. 5. Touch a setting file for import on Import (Select file) window. Then touch Open/OK with the setting file selected. Tip: Touching a file turns the background to blue. The current directory is shown flush right between Import (Select file) and file names. 6. When the following dialog box appears, touch OK. 7. Importing (Execution) message appears. Wait until the view is changed. 8. Check the result on Import (Result) Functional detail

277 Successful Failed Tip: When Import failed. is shown, see Troubleshoot in import failure on page When import succeeded is shown, touch OK. 10. System settings menu appears. 11. Touch USB device unmount button on System setting menu to unmount the USB flash drive. 12. When the following dialog box appears, touch OK. 13. Check that no USB device unmount button is on System setting menu. Functional detail 2-253

278 For Web console 14. Remove the USB flash drive from the server chassis. 15. Touch Logout on System setting menu to disconnect the LCD touch console. 16. The following Logout confirmation appears, touch OK. 17. Check that "Please remove LCD touch console." is shown on the logout window. 18. Remove the LCD touch console from the server chassis. The following steps provide how to import files using the Web console. Requirements System console Importing procedure 1. Create an import file referring to Import file format and modification on page 2-257, and store it into the system console. Note: Create a file name for import using up to 200 alphanumerics. 2. Log into Web console of the management module on the system console. Note: Use an account with administrators role to log in. Import is available only for accounts with the administrators role. Administrator by default has the administrators role. 3. Select Resources tab. 4. Select Chassis from the Modules tree. 5. Select Import System Settings from Action menu Functional detail

279 6. Import System Settings dialog box appears. Click Browse, select the created import file, and select Confirm. 7. Confirm the following message, click OK. Functional detail 2-255

280 8. When the following window appears, the import is being executed. Wait for a while. Note: If import to change the IP address of the management module connected to the Web console is performed, the management module connection is disconnected. Log in to Web console of the management console, and execute step 2 through step 5 again. 9. Confirm that Import has succeeded, click Confirm Functional detail

281 Tip: To download the import result file, select Download last import log and click Confirm. 10. Log out of Web console. Import file format and modification Import file format You can configure the following setting with the import file format shown in the next page. Time setting Time zone: +0:00 Daylight saving time: disabled Protocol setting This allows connections with Telnet, SSH, FTP, HTTP, and HTTPS. Connection permission settings for IPv4 addresses and IPv6 addresses Allows connections via all protocols. Port number for HTTP: 80 Port number for HTTPS: 443 Network setting IP address for management modules Functional detail 2-257

282 IP address: Subnetmask: Default gateway: DNS server address: Management module IPv6 address settings IP address: 0000:0000:0000:0000:0000:0000 Prefix: 128 Default gateway: 0000:0000:0000:0000:0000:0000 DNS server address: 0000:0000:0000:0000:0000:0000 IP address for all server blades IP address: Subnetmask: Default gateway: IPv6 address settings for all server blades IP address: 0000:0000:0000:0000:0000:0000 Prefix: 128 Default gateway: 0000:0000:0000:0000:0000:0000 IP address for all switch modules Type of connection: Internal LAN network The following is an example of the import file format Functional detail

283 Import file modification This section shows examples of modifying protocol and network settings, and restrictions. The settings in the import file are written in the same format as the CLI commands. For details about configuration method, see the Hitachi Compute Blade 500 Series CLI Console User's Guide. Modifying protocol settings: examples The following examples show modification of protocol settings written in an import file. Allowing HTTP IPv4 network connections (without restrictions) Functional detail 2-259

284 set remote-access protocol http -a deny Setting port 80 to HTTP set remote-access protocol http -p 80 Setting limited connection to HTTP Network address: Subnetmask: set remote-access protocol http -n s Tip: When setting a protocol except HTTP, change http to telnet, ssh, ftp, or https. No port number is set to Telnet, SSH, and FTP. Modifying network settings: examples The following examples show modification of network settings written in an import file. Management modules IP address: Subnetmask: Default gateway: DNS server address 1: DNS server address 2: DNS server address 3: set mgmt-module mgmt-lan -i s g d d d Server blade 0 IP address: Subnetmask: Default gateway: set blade mgmt-lan 0 -i s g Tip: When changing a server blade to set other than server blade 0, change the number 0 to 1-7. Switch module 0 Type of connection: via management module console set sw-module mgmt-lan 0 -e int Type of connection: to direct connection from via management LAN port IP address: Subnetmask: Default gateway: Functional detail

285 set sw-module mgmt-lan 0 -e mgmt -i s g Type of connection: external connection port of the switch module set sw-module mgmt-lan 0 -e sw Tip: When changing a switch module to set except switch module 0, change the number 0 to 1-3. Restrictions on import file modification When switch module setting is executed without a switch module installed for management module firmware version: A0120, the import fails. If so, delete the following four lines from the setting file and then execute the import. set sw-module mgmt-lan 0 -e int set sw-module mgmt-lan 1 -e int set sw-module mgmt-lan 2 -e int set sw-module mgmt-lan 3 -e int Restrictions on import file modification are as follows. Strictly follow the format. If you add CLI command not included in the format or any command is written in another place in the file, import may not be properly executed. Delete a command that you do not need to execute from the file. Setting description for import files is created with CLI command. For details, see the Hitachi Compute Blade 500 Series CLI Console User's Guide. When importing IPv6 address settings, use a management module whose firmware version is A0230 or later. If you use a management module whose firmware version is earlier than A0230, delete the IPv6 address settings before importing the settings. You cannot set an IPv6 stateless address. Troubleshoot in import failure When import fails, check a message on Import (Result) to find a cause shown there. Functional detail 2-261

286 A syntax error occurred. The import file has incorrect command syntax. 1. Check the content of the import result file, importresultyyyymmddhhmmss.txt, stored in the USB flash drive that contains the import file. An example is shown below: Importation was failed. (1) shows that an error is the 20th letter in the fourth line of the import file. Since (2) shows the fourth line, correct the 20th letter in the line. 2. Correct the file referring to the import result file, recreate it, and execute the import again. The failure is caused by the inexecutable command included in the import file. 1. Check the content of the import result file, importresultyyyymmddhhmmss.txt, stored in the USB flash drive with the import file. An example is shown below: Functional detail

287 Check the command (1) including (2) and (3) in the contents. (2) shows the cause of the failure after Command was canceled. 2. Correct the file referring to the import result file, recreate it, and execute the import again. Failed writing to result file. An import result file, importresult-yyyymmddhhmmss.txt, failed to be written onto the USB flash drive that contains the import file. 1. Check that the USB flash drive is inserted into the server chassis. Also check the residual capacity of the USB flash drive. The maximum import file is up to 5 KB. Specified file is not defined. 1. Check that the USB flash drive, which has been specified at import execution, is inserted into the server chassis. Then, execute import again. Unexpected error occurred. An error occurred in the controller that executes import. Consult your reseller. When any other message is shown, consult your reseller. Log This section describes logs from management modules and server blades. Confirmable log files from management module The following table shows the confirmable log files from management module. Table Confirmable log file Log file name System event log (SEL) Optional Physical WWN change log Optional Physical MAC change log MAR log Description Recording the events occurred in the system unit. The event types are failure, caution, and information. Recording the change history of the Optional Physical WWN. For more details about Optional Physical WWN, see Change log for Optional Physical WWN and MAC address on page Recording the change history of the Optional Physical MAC address. For more details about Optional Physical MAC address, see Change log for Optional Physical WWN and MAC address on page Recording the events caused the notification of failure. Functional detail 2-263

288 Log file name Operation log and audit log Environment log Dump log Description MAR abbreviates Maintenance Action Report. Recording the operations to the management module and BMC. For more detail about the contents of operation log, see Operation log and audit log on page Recording the history of the input and output temperature of system unit. Saving dump logs in the system unit. Recording information including settings, logs, and internal data for failure analysis of system unit. For more detail about the contents of dump log, see Dump log on page Table Web console operation Item System event log Optional Physical WWN change history log Optional Physical MAC address change history log Operation log and audit log MAR log Environment log Dump log Operation Alerts tab > All Logs > System Event Log Alerts tab > All Logs > Optional Physical WWN Change Log Alerts tab > All Logs > Optional Physical MAC Change Log Alerts tab > All Logs > Operation Log Alerts tab > All Logs > MAR Log Alerts tab > All Logs > Environment Log General Tasks > Dump Log Table CLI console command Item Command System event log Optional Physical WWN change history log Optional Physical MAC address change history log MAR log Environment log Dump log show log sel show log wwn-edit show log mac-edit show log mar-log show log environment export log failure Table LCD touch console operation Item Operations Dump log Collecting Dump LOG Functional detail

289 Dump log The Dump log includes settings, logs, and internal data for failure analysis of system unit. When a failure occurs, collect the dump log, and then contact with your customer engineer or sales personnel. The dump log is a file format and archived with tar. When decompress the file, the following file are generated. rasloga-yyyymmdd-hhmmss.tar.gz svpsts_ja-yyyymmdd-hhmmss.gz svpsts_en-yyyymmdd-hhmmss.gz hvmdumpa-yyyymmdd-hhmmss.tar trc-yyyymmdd-hhmmss.tar.gz marlog-yyyymmdd-hhmmss.tar oplog_svp-yyyymmdd-hhmmss.dmp A failure analysis file may be generated in addition to the above files. The following details are included in the svpsts_ja-yyyymmddhhmmss.gz and svpsts_en-yyyymmdd-hhmmss.gz. System event log at the time of collecting dump log. System configuration at the time of collecting dump log. Important user settings at the time of collecting dump log. See the svpsts_en-yyyymmdd-hhmmss.gz for English. The svpsts_ja-yyyymmdd-hhmmss.gz is for Japanese. See the files with text editor after decompressing the files since they are compressed with gzip. Tip: Use the off-the shelf decompression software to decompress the tar archive and gzip files. The files other than svpsts_ja and svpsts_en are internal purpose only. We do not disclose the format. A hvmdumpa-yyyymmdd-hhmmss.tar is saved in the management module by LPAR manager. A LPAR manager dump log is saved automatically if an error occurs on LPAR manager. In addition, a LPAR manager dump log can be saved manually for problem analysis. To save a LPAR manager dump log manually, use LPAR manager screen or HvmSh command. For management module firmware version A0145 or later: You can obtain specific server blade dump logs with LPAR manager in operation. See Collecting LP dump logs with LPAR manager in operation on page for details. Those dump logs can be downloaded as a file but not be saved in the management module. Functional detail 2-265

290 Downloading dump logs The following provides how to download dump logs on the management module Web console. Click Dashboard tab > Dump Log button in System Event Log pane in the lower right. Click a tab other than Dashboard > Dump Log button under General Tasks on the lower left on the window. Logs are saved on the PC connected to the Web console. Follow instructions shown on the window to specify a location to save logs. Note: Disable the pop-up blocker in Internet Option settings for the Web browser. A pop-up message appears when dump logs are downloaded. If with pop-up blocker enabled, no pop-up message appears and dump log download fails. Operation log and audit log The operation log or audit log records the operation history of system unit. It records the management module operation and server operation described in Operation log and audit log messages on page Note: When using redundant. Management modules configuration, the operation log or audit log is lost after replacing an active management module. When replacing server blade, the operation log or audit log is lost after replacing the server blade. The operation log or audit log format may differ depending on the firmware version. The following table shows the specification of the operation log and audit log. Table Specification of the operation log and audit log Item Server blade operation log and audit log Management module operation log and audit log Recording category Recording operation Recording success, fail, occurrence for each operation event category Recording start, stop, authentication, setting change, and maintenance. For more detail about recording operation, see Operation log and audit log messages on page Recording number of event 2048/server blade Operation with server blade privilege: 2048/server blade Others: 2048/chassis When the each number exceeds the maximum number of events, the oldest event is overwritten. Down loading Download from the management module Web console Functional detail

291 Item Number of download event Server blade operation log and audit log Management module operation log and audit log Format: Variable length CSV (Delimiter: comma ) 2048 Sever blade: 2048 Server chassis: (2048/balde =18432) The following table shows the operation log format. The format is common for the management module and server blade. Table Operation log format Item Size Description Note Sequence number (seq_no) Date & time (date) Sever blade number (par_no) Equipment name (compid) Operated place (place) 1-10 ID number to identify the log order. Assigned 1 to Date, time, and time zone when recorded the operation. YYYY-MM-DDThh;mm:ss.SSS+h2:s2 YYYY: year, MM: Month, DD: Date, T: fixed(delimiter), hh: hour, mm: minute, ss: second SSS: mili-second (fixed to 000), h2: Time zone offset hour, s2: Time zone offset minute 1 Server blade operation log: The server blade number in which an operation event occurred. Management module operation log: The server blade number, zero to seven, for operation available in server blade privilege. Eight for operation available other than in server blade privilege The operated equipment name : Server blade operation log: Server blade Management module operation log: Management module The operated host name : Server blade operation log: IP address for server blade Management module operation log: IP address for management module Return to one when exceed The time zone offset is recorded as the offset from UTC. When you log into the system with privilege for a server blade, logs for the server blade available for you will be provided. Functional detail 2-267

292 Item Size Description Note Operation category (categ) 7-19 The category name categorized by operation type For details about category, see the following Operation category table. Operation result (result) Operator type (subjtype) Operator (subject) 7-10 The result of operation For details about result, see the following Operation result table The operator type of the event User operation: [User Operation] System process operation: [System Process] 1-32 The operator of the event User operation: Log in account System process operation: Process ID Session ID (sessionid) Message ID (msgid) Message (message) 3-32 The ID number to identify the logged in operators at same log in account. (hexadecimal) 4 The message ID (hexadecimal) The message to an operation N/A is indicated for not applicable like a system process. Tip: The each item has variable length. The items are divided by a comma, and each line is terminated by a CR and a LF code. The message is enclosed in double quotation marks. Character code of the message is Shift-JIS. The following table shows the operation category. Table Operation category Category name StartStop Authentication ConfigurationAccess Maintenance Descriptions indicates the Start or Stop operation indicates the Identification or Authentication operation indicates Defining Configuration operation indicates Maintenance operation The following table shows the Operation result Functional detail

293 Table Operation result Operation result Success Failure Occurrence Descriptions indicates Success of operation indicates Failure of operation indicates Occurrence operation (The result is not categorized to Success or Failure.) The following table shows the audit log format. The format is the same for management modules and for server blades. Table Format of the audit log Item Descriptions Remarks Common identifier (CommonSpecID) Common specifications revision number (Rev) Sequence number (seq_no) Message ID (msgid) Date & time (date) Detection entity (EntityInfo) Detection location (Location) Operation category (Category) Fixed to CELFSS 2 ID number to identify the log order. Assigned 1 to Return to one when exceed The message ID (hexadecimal). Date, time, and time zone when recorded the operation. YYYY-MM-DDThh;mm:ss.SSS+h2:s2 YYYY: year, MM: Month, DD: Date, T: fixed(delimiter), hh: hour, mm: minute, ss: second SSS: mili-second (fixed to 000), h2: Time zone offset hour, s2: Time zone offset minute The operated equipment name. Management module operation log: Management module The operated host name. Management module operation log: IP address for management module The category name categorized by operation type. This corresponds to the seq_no item of the operation log. This corresponds to the msgid item of the operation log. This corresponds to the date item of the operation log. This corresponds to the place item of the operation log. Corresponds to categ in the operation log. Functional detail 2-269

294 Item Descriptions Remarks see Table Operation category on page Operation result (result) Operator (SubjectID) Hardware identification information (HardwareID) The result of operation (Success/ Failed/Occurrence). The operator of the event. User operation: Log in account System process operation: Process ID The operated equipment serial number. Success Failed Occurrence This corresponds to the subject item of the operation log. Location information (LocInfo) Location identification information (LocID) FQDN (FQDN) Management module audit log: For operations that can be performed with server blade privileges: This records the server blade number in the range from 0 to 7. For other operations: This records 8. This information is not recorded in this equipment. This information is not recorded in this equipment. If a user logs in with server blade privileges, only operation log entries for server blades that the user can operate are provided. This corresponds to the par_no item of the operation log. Redundancy identification information (HaID) This information is not recorded in this equipment. Agent information (AgentInfo) Request source host (ReqSourceHost) Request source port number (ReqSourcePort) Request destination host (ReqDestHost) Request destination port number (ReqDestPort) This information is not recorded in this equipment. This information is not recorded in this equipment. This information is not recorded in this equipment. This information is not recorded in this equipment. This information is not recorded in this equipment Functional detail

295 Item Descriptions Remarks Batch operation identifier (BatchID) Log type information (LogCateg) Application identification information (AppID) Reserved area (Reserv) Message (message) This information is not recorded in this equipment. This information is not recorded in this equipment. This information is not recorded in this equipment. This information is not recorded in this equipment. Operation messages are recorded. This corresponds to the message item of the operation log. Tip: The each item has variable length. The items are divided by a comma, and each line is terminated by a CR and a LF code. The message is enclosed in double quotation marks. Operation log and audit log messages The lowing table shows the operation logs and audit logs for a management module and server blade. Table Operation log and audit log ID Operation category Recording trigger Message Operation log message for management module 0802 Start/Stop Request of management module operation Failure on requesting management module operation Request of unit shutdown Failure on requesting unit shutdown Request of switch module operation. On Management module N, requested operation. Channel:xxx Method:xxx On Management module N, failed to requested operation. Channel:xxx Method:xxx On Server chassis, requested shutdown. Channel:xxx On Server chassis, failed to requested shutdown. Channel:xxx On Switch module N, requested operation. Functional detail 2-271

296 ID Operation category Recording trigger Message Channel:xxx Method:xxx 0807 Failure on requesting switch module operation Request of server blade operation Failure on requesting server blade operation Authentication Login to system console Failure on logging in to system console Logout from system console 1803 Login to system Web console Failure on logging in to system Web console Logout from system Web console 1806 Failure on logging in to system console or system Web console Disconnect server blade from BMC session Failure on disconnecting server blade from BMC session Login after the password expiration On Switch module N, failed to requested operation. Channel:xxx Method:xxx On Server blade N, requested operation. Channel:xxx Method:xxx On Server blade N, failed to requested operation. Channel:xxx Method:xxx Logged in to the System Console. Username:xxx Session ID:xxx Source IP address:xxx Failed to login to the System Console. Username:xxx Source IP address:xxx Cause:xxx Logged out from the System Console. Username:xxx Session ID:xxx Source IP address:xxx Cause:xxx Logged in to the System Web Console. Username:xxx Session ID:xxx Source IP address:xxx Failed to login to the System Web Console. Username:xxx Source IP address:xxx Cause:xxx Logged out from the System Web Console. Username:xxx Session ID:xxx Source IP address:xxx Cause:xxx Failed to login to the Console. Cause:xxx On Server blade N, disconnect from the BMC Session. Channel:xxx Category:xxx Value:xxx On Server blade N, failed to disconnect the BMC Session. Channel:xxx Category:xxx Value:xxx Permitted to log in to the Console (for changing password). Username:xxx Cause:xxx Functional detail

297 ID Operation category Recording trigger Message 3803 Configuration Access Changing power supply module settings. On Power supply module, setting is changed. Channel:xxx Category:xxx Detail:xxx Value:xxx 3804 Changing power supply module settings 3806 Changing management LAN settings for management module Changing management LAN settings for switch module Changing management LAN settings for switch module. On Power supply module N, setting is changed. Channel:xxx Category:xxx Detail:xxx Value:xxx Management LAN setting is changed. Channel:xxx Category:xxx Value:xxx On Switch module N, LAN setting is changed. Channel:xxx Category:xxx Value:xxx On Switch module N, LAN setting is changed. (Apply Management module setting) Channel:xxx 380E Changing VLAN settings. VLAN setting is changed.(move port) Channel:xxx Target:xxx Partition:xxx Switch module:xxx VLAN ID:xxx 380F Creating VLAN settings. VLAN is created on management LAN port. Channel:xxx VLAN ID:xxx Ext port:xxx 3810 Removing VLAN settings Request of restoring to factory default settings for management module Changing JP1/SC/BSM cooperation settings. VLAN is removed on management LAN port. Channel:xxx VLAN ID:xxx Reset management module to factory default setting. Channel:xxx Category:xxx JP1/SC/BSM connection setting is changed.(command port#) Channel:xxx Value:xxx 382B 382E 382F Changing settings. Changing SNMP settings. Removing SNMP setting. setting is changed. Channel:xxx Category:xxx Detail:xxx Value:xxx SNMP setting is changed. Channel:xxx Category:xxx Detail:xxx Value:xxx SNMP setting is removed Channel:xxx Category:xxx Number:xxx 3830 Changing service settings Creating a pair of SSH host key. xxx service setting is changed. Channel:xxx Category:xxx Value:xxx SSH host key pair is created. Channel:xxx Functional detail 2-273

298 ID Operation category Recording trigger Message 3834 Backing up a pair of SSH host key Restoring a pair of SSH host key Creating SSL private key and signature certificate. SSH host key pair is backed up. Channel:xxx File:xxx SSH host key pair is restored. Channel:xxx File:xxx SSL private key and self signed certificate are created. Channel:xxx 383A Creating CSR. SSL private key and certificated signing request (CSR) are created. Channel:xxx 383C Importing certificate. Certificate is imported. Channel:xxx File:xxx Certificate file type:xxx 383E Copying certificate. Certificate is copied. Channel:xxx File:xxx Certificate file type:xxx 3840 Backing up certificate. Certificate is backed up. Channel:xxx File:xxx 3842 Restoring certificate. Certificate is restored. Channel:xxx File:xxx 3844 Backing up management module settings Restoring management module settings. Management module setting is backed up. Channel:xxx File:xxx Management module setting is restored. Channel:xxx File:xxx 384B 384C Changing LDAP settings. Changing LDAP settings. LDAP setting is changed. Channel:xxx Category:xxx Detail:xxx Value:xxx LDAP setting is changed. Channel:xxx Category:xxx Detail:xxx 3850 Changing power saving settings Changing power saving settings. Power saving setting is changed. Channel:xxx Category:xxx Detail:xxx Value:xxx On Server blade N, Power saving setting is changed. Channel:xxx Category:xxx Detail:xxx Value:xxx 385A Changing date and time settings On Management module, date and time is changed. Channel:xxx Category:xxx Detail:xxx Value:xxx 3861 Changing N+M cold standby settings for server blade Changing server blade settings. On Server blade N, N+M cold standby partition information setting is changed. Channel:xxx On Server blade N, setting is changed. Channel:xxx Category:xxx Detail:xxx Value:xxx Functional detail

299 ID Operation category Recording trigger Message 3863 Changing server blade settings Changing management LAN settings for server blade Changing Optional Physical WWN settings Changing Optional Physical WWN settings Initializing Optional Physical WWN settings. On Server blade N, setting is changed. Channel:xxx Category:xxx On Server blade N, LAN setting is changed. Channel:xxx Category:xxx Value:xxx Additional WWN is changed. Channel:xxx Server blade:xxx Additional WWN is changed. Channel:xxx Server blade:xxx Card:xxx Slotxxx Additional WWN is initialized. Channel:xxx Server blade:xxx 386A 386B 386C 386D 386E Initializing Optional Physical WWN settings. Changing Optional Physical MAC settings. Changing Optional Physical MAC settings. Initializing Optional Physical MAC settings. Initializing Optional Physical MAC settings. Additional WWN is initialized. Channel:xxx Server blade:xxx Card:xxx Slotxxx Additional MAC is changed. Channel:xxx Server blade:xxx Additional MAC is changed. Channel:xxx Server blade:xxx Card:xxx Slotxxx Additional MAC is initialized. Channel:xxx Server blade:xxx Additional MAC is initialized. Channel:xxx Server blade:xxx Card:xxx Slotxxx 3870 Request of restoring to default settings for server blade Sending test alert for N +M cold standby Backing up sever blade settings Restoring sever blade settings. Reset Server blade N to factory default setting. Channel:xxx Category:xxx On Server blade N, JP1/SC/BSM send test alert(n+m cold standby) Channel:xxx Category:xxx On Server blade N, setting (xxx) is backed up. Channel:xxx Bkup time:xxx File:xxx On Server blade N, setting (xxx) is restored. Channel:xxx Bkup time:xxx 3875 Removing backup file for sever blade settings. On Server blade N, setting (xxx) is removed. Channel:xxx 3876 Backing up sever blade settings. On Server blade N, setting (xxx) is backed up. Channel:xxx Category:xxx Slot:xxx Bkup time:xxx File:xxx Functional detail 2-275

300 ID Operation category Recording trigger Message 3877 Restoring sever blade settings. On Server blade N, setting (xxx) is restored. Channel:xxx Category:xxx Slot:xxx Bkup time:xxx 3878 Removing backup file for sever blade settings. On Server blade N, setting (xxx) is removed. Channel:xxx Category:xxx Slot:xxx 3879 Backing up sever blade settings. On Server blade N, setting (xxx) is backed up. Channel:xxx File:xxx 387A 387D 387E 387F Restoring sever blade settings. Backing up sever blade settings. Restoring sever blade settings. Removing sever blade settings. On Server blade N, setting (xxx) is restored. Channel:xxx File#:xxx On Server blade N, setting (xxx) is backed up. Channel:xxx Category:xxx Slot:xxx On Server blade N, setting (xxx) is restored. Channel:xxx Category:xxx Slot:xxx On Server blade N, setting (xxx) is removed. Channel:xxx Category:xxx Slot:xxx 3880 Creating account. An account is created. Channel:xxx Account:xxx Status:xxx Role:xxx 3881 Changing account. An account is changed. Channel:xxx Account:xxx Status:xxx Role:xxx 3882 Removing account. An account is removed. Channel:xxx Account:xxx 3883 Changing role. A role is changed. Channel:xxx Role:xxx P :xxx SW0123:xxx Net:xxx Chassis:xxx Account:xxx 3884 Creating role. A role is created. Channel:xxx Role:xxx P :xxx SW0123:xxx Net:xxx Chassis:xxx Account:xxx 3885 Removing role. A role is removed. Channel:xxx Role:xxx 3888 Creating JP1/SC/BSM connection settings Changing JP1/SC/BSM connection settings. JP1/SC/BSM connection setting is created. Channel:xxx Server:xxx IP address:xxx Alert port:xxx Alert level%5%s Retry interval:xxx Retry duration:xxx JP1/SC/BSM connection setting is changed. Channel:xxx Server:xxx Category:xxx Value:xxx 388A Removing JP1/SC/BSM connection settings. JP1/SC/BSM connection setting is removed. Channel:xxx Server:xxx Functional detail

301 ID Operation category Recording trigger Message 388E Changing JP1/SC/BSM connection settings. JP1/SC/BSM connection setting is changed. Channel:xxx Server:xxx 3890 Creating setting. setting is created. Channel:xxx 3891 Changing setting Removing setting Changing switch module settings Changing switch module settings. setting is changed. Channel:xxx setting is removed. Channel:xxx On Switch module N, setting is changed. Channel:xxx Category:xxx Detail:xxx Value:xxx On Switch module N, setting is changed. Channel:xxx Port#:xxx Category:xxx Detail:xxx Value:xxx 389A 389B 389D Changing password settings for LCD touch panel. Initializing password settings for LCD touch panel. Clearing server blade host information LCD touch console password is changed. Channel:xxx LCD touch console password is initialized. Channel:xxx Host information on the server blade n has been cleared. Channel:xxx 3900 Changing HCSM settings with HCSM command 3901 Adding HCSM server settings with HCSM command 3902 Changing HCSM server settings with HCSM command 3903 Changing HCSM server settings with HCSM command HCSM setting is changed. Means: %2$s; Type: %3$s; Changes: %4$s; After changed: %5$s HCSM management server setting is added. Means: %2$s; IP address: %3$s; Alert port number: %4$s; Alert level: %5$s; Retry interval: %6$s; Retry duration: %7$s HCSM management server setting is changed. Means: %2$s; IP address: %3$s; Type: %4$s; Before changed: %5$s; After changed: %6$s HCSM management server setting is changed. Means: %2$s; IP address: %3$s; Changes: %4$s; After changed: %5$s Functional detail 2-277

302 ID Operation category Recording trigger Message 3904 Deleting HCSM server settings with HCSM command 3905 Disconnecting HCSM server session with HCSM command 3910 Changing security strength configuration for management modules 3911 Changing security strength configuration for server blades 3912 Changing TLS/SSL versions for management modules 3913 Changing Syslog transfer settings HCSM management server setting is deleted. Means: %2$s; IP address: %3$s HCSM management server is disconnected. Means: %2$s; IP address: %3$s On Management module, security configuration is changed. Channel:xxx Detail:xxx Value:xxx On Server Blade N, security configuration is changed. Channel:xxx Detail:xxx Value:xxx On Management module, TLS/SSL version is changed. Channel:xxx Detail:xxx Value:xxx Syslog transfer setting is changed. Channel:xxx Detail:xxx Value:xxx 391A 391B 391C 391D 391E 391F 392B 392C 392D Changing the login banner settings Registering a login banner message Changing the login banner message Deleting the login banner message Changing the Web console (management LAN) settings Changing the Web console (maintenance LAN) settings Change to the password policy settings Change to the BMC user account settings Change to the IPMI user account settings Changing the login banner settings The login banner settings were changed. Channel: xxx Value: xxx The login banner message was registered. Channel: xxx The login banner message was changed. Channel: xxx The login banner message was deleted. Channel: xxx The Web console (management LAN) settings were changed. Channel: xxx Value: xxx The Web console (maintenance LAN) settings were changed. Channel: xxx Value: xxx Password policy setting is changed. Channel:xxx Category:xxx Detail:xxx Value:xxx BMC user account setting is changed. Channel:xxx ServerBlade:xxx Account:xxx Use:xxx Name:xxx IPMI user account setting is changed. Channel:xxx ServerBlade:xxx Account:xxx Use:xxx Name:xxx Role:xxx Functional detail

303 ID Operation category Recording trigger Message 392E Change to the USB(Front panel) settings USB setting is changed. Channel:xxx Category:xxx Detail:xxx Value:xxx 392F Change to the authentication encryption setting Authenticated encryption setting is changed. Channel:xxx Value:xxx 3930 Change to the Server blade settings 3931 Change to the RADIUS settings 3932 Change to the RADIUS server settings 8800 Maintenance Shifting normal mode to maintenance mode for server chassis Shifting maintenance mode to normal mode for server chassis Shifting normal mode to maintenance mode for server blade Shifting maintenance mode to normal mode for server blade Shifting normal mode to maintenance mode for switch module Shifting maintenance mode to normal mode for switch module Shifting normal mode to maintenance mode for management module Shifting maintenance mode to normal mode for management module Shifting normal mode to maintenance mode for front panel Shifting maintenance mode to normal mode for front panel. On Server blade N, setting is changed. Channel:xxx Category:xxx Assign:xxx Redundancy:xxx Setting of RADIUS was changed. Channel:xxx Category:xxx Detail:xxx Value:xxx Setting of RADIUS servern was changed. Channel:xxx Category:xxx Detail:xxx Value:xxx On Server chassis, changed into maintenance mode from normal mode. Channel:xxx On Server chassis, changed into normal mode from maintenance mode. Channel:xxx On Server blade N, changed into maintenance mode from normal mode. Channel:xxx On Server blade N, changed into normal mode from maintenance mode. Channel:xxx On Switch module N, changed into maintenance mode from normal mode. Channel:xxx On Switch module N, changed into normal mode from maintenance mode. Channel:xxx On Management module N, changed into maintenance mode from normal mode. Channel:xxx On Management module N, changed into normal mode from maintenance mode. Channel:xxx On Front panel, changed into maintenance mode from normal mode. Channel:xxx On Front panel, changed into normal mode from maintenance mode. Channel:xxx Functional detail 2-279

304 ID Operation category Recording trigger Message 8810 Request of updating firmware for server blade Request of updating firmware for LPAR manager Request of removing firmware for LPAR manager Request of updating firmware for switch module Request of updating firmware for management module Request of updating firmware for management module. On Server blade N, requested server blade firmware update. Channel:xxx Requested Hitachi Virtualization Manager firmware update. Channel:xxx Bank#:xxx Requested Hitachi Virtualization Manager firmware removed. Channel:xxx Bank#:xxx On Switch module N, requested firmware update. Channel:xxx On Management module, requested firmware update. Channel:xxx On Management module, requested firmware update (Copy and Update). Channel:xxx 881C Change to the sync EFI time settings On Server bladexxx, Sync EFI time setting is changed. Channel:xxx Value:xxx Operation log message for server blade 1001 Identification or Authentication Login to remote console Logged in to the remote console. Username:xxx Source IP address:xxx User authentication method:xxx 1002 Logging out from remote console 1003 Failing login to remote console 1008 Login to server blade Web console 1009 Logout from server blade Web console Logged out from the remote console. Username:xxx Source IP address:xxx Cause:xxx Failed to login to the remote console. Username:xxx Source IP address:xxx Cause:xxx Logged in to the server blade web console. Username:xxx Source IP address:xxx User authentication method:xxx Logged out from the server blade web console. Username:xxx Source IP address:xxx Cause:xxx 100A Failing login to server blade Web console Failed to login to the server blade web console. Username:xxx Source IP address:xxx Cause:xxx Functional detail

305 Firmware This section describes updating firmware for management modules and server blades. Updating firmware from the management module Firmware is software embedded in a device to provide basic control over hardware. Multiple pieces of firmware are embedded in the system unit. You can update the following firmware using the management module. Table Firmware type Name Description Management module firmware Runs on a management module. Dictionary Device parameter Server blade firmware LPAR manager firmware Is a data file installed on a management module; converts log messages. 1 Is a data file installed on a management module; includes parameters for modules installed in the system unit. 1 Runs on a server blade; includes BMC and UEFI. Runs LPAR manager on a server blade. For details about how to update the LPAR manager firmware, see Updating LPAR manager firmware on page Note: 1. This is not firmware in a strict sense, but is updated from a management module like firmware. That is why it is included in this table. Updating Management module firmware/dictionary/equipment parameter Management module firmware, dictionary, and equipment parameter can be updated at once from the management module console or HCSM version 7.5 or later. Table Update information Update target Time required (minutes) Management module reboot Update during the system operation Management module firmware 25 to 30 1 Reboots1 Available 2 Dictionary 5 to 10 Not reboots Available Equipment parameter 5 to 10 Not reboots Available Notes: Functional detail 2-281

306 Update target Time required (minutes) Management module reboot Update during the system operation 1. When management firmware is updated, the management module will automatically reboot. In redundant configuration, the active management module reboots first, and the standby management module becomes active. When the management module startup is complete, another management module reboots. Then, the originally active management module returns to be active. 2. Make sure to read through Restrictions on management module firmware update on page before updating during the system operation. Restrictions on management module firmware update When updating the management module firmware, the following restrictions exist. Non-redundant management module configuration Update the management module firmware after turning off all of the power of server blades. Redundant management module configuration Updating the management module firmware is available during the server blades are in operation. Be careful to the following restrictions and notes. When one of management module firmware, dictionary, and system parameter, or some of them are being updated, do not try to update one of or some of them simultaneously from another console or HCSM. When you do, the update may fail. If so, execute update again. If the management module firmware is A0145 or earlier in redundant configuration, not only may the update fail but also the standby management module may fail. If so, contact your reseller or maintenance personnel. Do not perform the operations in the following table during updating the firmware since the management module operation stops temporarily. When you perform the operations in the following table during updating the firmware, the operations may fail. Retry the operations after updating the firmware. Table Firmware code Prohibited operation Manual switching and restoring operation of the N+M cold standby. (When the operation fails, the re-configuration may be required.) Logging in to the management module console. Operating SeverConductor/Blade Server Manager Functional detail

307 Prohibited operation Operating SeverConductor/Deployment Manager. Operating Cm2/Network Node Manager. Operating HCSM Using remote console. Operating LPAR manager. Updating server blade firmware Updating LPAR manager firmware The management module firmware update may fail when you update the firmware during turning on or off the power of server blade or system unit. Do not perform the following operation. Table Prohibited operation Prohibited operation Turning on or off the power of server blade or system unit including the operation directed by the scheduled operation. The following alert messages may be reported to SeverConductor/Blade Server Manager during the update. (The alert messages are reported during the update, but do not affect the system operation.) Table Alert message Message type Alert Message 0x17A0 LAN port <Management LAN port 0> lacks redundancy. 0x17A0 LAN port <Management LAN port 1> lacks redundancy. 0x17A0 LAN port <Management LAN port> lacks redundancy. Information 0x17A1 LAN port <Management LAN port 0> redundancy was restored. 0x17A1 LAN port <Management LAN port 1> redundancy was restored. 0x17A1 LAN port <Management LAN port > redundancy was restored. The other Information may be reported, but do not affect the system operation. The following alerts may be reported to HCSM during update. Those alerts are just for checking in procedure and not affect the system operation. Functional detail 2-283

308 Table Alert message Alert Message type Message Redundancy for FD78h module is lost. (Error part: Management LAN Port0) Redundancy for FD78h module is lost. (Error part: Management LAN Port1) Redundancy for FD78h module is lost. (Error part: Management LAN Port) Information Redundancy for the module is recovered. (Error part: Management LAN Port0) Redundancy for the module is recovered. (Error part: Management LAN Port1) Redundancy for the module is recovered. (Error part: Management LAN Port) The other Information may be reported, but do not affect the system operation. The following alert messages may be reported because of the temporal disconnect of the network during the update, when you are operating LPAR manager. The alert messages do not affect the system operation. Table Alert message Message "SVP Access Failure" on LPAR manager window. Alert to SeverConductor/Blade Server Manager: [Alert] 0x162F On physical partition <x>, a communication error occurred between LPAR manager and the management module. Alert to HCSM [Alert] FD43h On the physical partition, an alert event occurred. (Error part: Partition N - LPAR manager; Event: communication error between LPAR manager and Management Module) Perform the update during the period in which the impact to production operation is small. The delay of the response in the management module may occur during the update. If the management module is switched during version up, the version up fails. Remove the error factor and then execute the update again. When executing update using HCSM, click Refresh after the update and then check the new version. When you need to downgrade firmware, consult your reseller or maintenance personnel Functional detail

309 Update operation flow chart The following shows the operation flow chart for Management module firmware, Dictionary, and Equipment parameter. Make sure to check that the expected new version is shown. Table Web console operation Item Displaying management module firmware Updating management module firmware Operation Resources > Modules > All Modules > Management Modules > Management Module x > Condition tab Resources > Modules > All Modules > Management Modules > Action button > Update Firmware Table CLI console command Item Displaying management module firmware Updating management module firmware Command show mgmt-module firmware update mgmt-module firmware Table LCD touch console operation Item Displaying management module firmware Updating management module firmware Operation Hardware maintenance > Management Module (MM) > Detail display Hardware maintenance > Management Module (MM) > Firmware update Tip: Functional detail 2-285

310 When you execute update using HCSM, the management module firmware version needs to be A0150 or later. When executing update using HCSM, see the Hitachi Compute Systems Manager Software User Guide. (1) Obtaining the latest versions of Management module firmware/ Dictionary/Equipment parameter Contact your reseller for where to download the latest management module firmware, dictionary, and system parameter. Note: Do not change the file name. If the file name is changed, the management module cannot recognize it as a firmware file. Files for other system units, such as that for CB 2000, cannot be applied. (2) Checking the current version and management module state: active or standby Check that versions of the management module firmware, dictionary, and equipment parameter, which are obtained in (1), are later than the current versions. When a management module firmware is updated, the management module automatically reboots to disconnect. Check Hot standby status for management module 0 and 1. Make sure that the active and standby assignments are the same as those before updating. 1. Click Resources tab. 2. Click All Modules > Management Modules. Tip: When updating the management module firmware, execute step Check Hot standby status both management modules 0 and Functional detail

311 Tip: Use the result of step 3 to check status after updating. 4. Click Management Modules > management module x with Active for Hot standby status from the tree on the left. 5. Condition tab shows the current Management module firmware version, Dictionary version, and Equipment parameter version. Check that the latest versions, which are obtained in (1) Obtaining the latest versions of Management module firmware/dictionary/equipment parameter, are later than the current versions. Functional detail 2-287

312 (3) Update This subsection describes how to update the management module firmware, dictionary, and equipment parameter. 1. Store the obtained update file into a hard disk in the system console and the like. When updating multiple files, store all update files. 2. Click Resources tab. 3. Click All Modules > Management Modules. 4. Click Action combo box arrow > Update Firmware Functional detail

313 5. Check Update to an item that you will update in Update Firmware dialog box, click Browse, and select the update file. Tip: When opening a file, follow the OS procedure. 6. Click Confirm. 7. Check that each update file is shown in Update detail, and click OK. Functional detail 2-289

314 8. When the management firmware upload is executed and the upload progress bar reaches to the right end. Then, the update starts being executed to show the update progress bar. An update progress bar indicates the progress of a currently executed update. Wait for about ten minutes or more until updating finishes. Upload progress bar Update progress bar 9. When the update progress bar reaches to the right end, the updating finishes. Click Close. Dialog messages are different depending on whether the management module is updated or not. When the management module is updated: Tip: The active management module may be rebooted due to update completion before the message above appears. In the case above, a message "Request timed out" is displayed. If so, check the version following steps in (4) Checking new versions about Functional detail

315 minutes later. When you find the updated version, there is no problem. If you cannot connect to the Web console to check the version, contact your reseller or maintenance personnel. When the management module is not updated: 10. When the management module firmware is updated, the active one will reboot to disconnect. Close the browser. Note: If the management module is not updated, you need not to close the browser. Then, proceed to (4) Checking new versions on page (4) Checking new versions This subsection describes how to check the latest versions, which were obtained in (1) Obtaining the latest versions of Management module firmware/dictionary/equipment parameter on page 2-286, have been properly applied. Note: When the management module firmware has been updated, you need to execute step 1 through step 4. The active management module reboots, and then the other one reboots. Wait for about ten minutes after the other management module completely reboots up. Then, open the browser and log in to the management module. Login is not available while the management module is rebooting. If so, wait for a few minutes and then try again. 1. Open the browser, type User ID and Password, and click Log In to log in to the management module. 2. Click Resources tab. 3. Click All Modules > Management Modules. 4. Check that Hot standby status of both management modules is the same as that before updating, which means that the management module firmware has been completely updated. Functional detail 2-291

316 5. Click Management Modules > management module x with Active for Hot standby status from the tree on the left. 6. Condition tab shows the current Management module firmware version, Dictionary version, and Equipment parameter version. Check the updated versions are shown Functional detail

317 Updating server blade firmware The update of server blade firmware is available from the management module console or HCSM version 7.5 or later. The server blade firmware consists of BMC and EFI. When updating the server blade firmware, BMC and EFI are updated at the same time. The update for the same type of multiple server blades in the same server chassis is also available. Table Updating multiple server blades Web console CLI console LCD touch console Available Available Not available For server blade firmware, updating is processed in background after you execute updating from the management module console. The update operation takes about 5 to 10 minutes. Update will continue for about 20 to 25 minutes in background. Update in background will start at different timing by power status of the server blade. Restrictions on server blade firmware update Restrictions on server blade firmware update are as follows. Power off a server blade before updating a server blade. Functional detail 2-293

318 Updating multiple types of server blades is not available. A single type of multiple server blades can be updated at the same time. Tip: You can update firmware for multiple CB 520H A1/B1/B2 units, for example. Updating firmware for CB 520H A1/B1/B2 and CB 520A A1 simultaneously is not supported. The type of a server blade is shown as Product name by clicking Resources tab > Modules > All Modules > Server blades > Server blade x > Hardware tab on Web console. For details, see the Hitachi Compute Blade 500 Series Web Console User's Guide. When you need to update the firmware on multiple types of server blades, update one type of server blades completely and then do another type. Since BMC reboots during updating the server blade firmware, communicating with the management module may be disconnected. The following warning SEL is collected at the time, which has no problem. Server blade: SVP-BMC communication error (IPMI over LAN) Never remove or operate the server blade during updating the server blade firmware. If firmware is updated when the server blade is in operation, UEFI update contained in the server blade firmware will be applied when the server blade is powered on next time. Powering on the server blade takes longer than usual at that time. When you power on a server blade during updating, the server blade is powered on after the update. Do not power off the first POST after background processing. If you do, the server blade may not properly start up depending on the timing. If a management module is switched when you execute update on the management module console, the update fails. Remove the error factor and then execute update again. In SMP configuration, update all server blades in the configuration. Update operation flow chart The following shows the operation flow chart for Server blade firmware Functional detail

319 Make sure to check that the expected new version is shown. Table Web console operation Item Displaying server blade firmware version Updating server blade firmware version Operation Resources > Systems > Firmware > Server Blade tab Resources > Systems > Firmware > Server Blade tab > Server Blade x > Update Server Blade firmware Table CLI console command Item Displaying server blade firmware version Updating server blade firmware version Command show blade firmware update blade firmware Table LCD touch console operation Item Displaying server blade firmware version Updating server blade firmware version Operation Hardware maintenance > Server Blade (SB) > Detail display Hardware maintenance > Server Blade (SB) > Updating firmware The following procedure describes how to update server blade firmware. (1) Obtaining the latest version of Server blade firmware Contact your reseller for where to download the latest server blade firmware. Tip: Functional detail 2-295

320 If you execute update using firmware for another system unit, the update fails. If so, execute update again using an appropriate file. Do not change the file name. If the file name is changed, the management module cannot recognize it as a firmware file. Files for other system units, such as that for CB 2000, cannot be applied. (2) Checking the current version Check that the version of the server blade firmware, which is obtained in (1) Obtaining the latest version of Server blade firmware on page 2-295, is later than the current versions. 1. Click Resources tab. 2. Click Systems > Firmware. 3. The current version is shown as Total version. Check that the latest version for updating is later than the current version of all target server blades. (3) Update For server blade firmware, updating is processed in background after you execute updating from the management module console. 1. Store the obtained update file into a place like a hard disk in the system console. 2. Click Resources tab Functional detail

321 3. Click Systems > Firmware. 4. Select a target server blade to update. With the server blade selected, click Update Server Blade firmware. Tip: To select multiple server blades, press and hold Ctrl key and click a server blade. Selecting a server blade highlights the row in blue. In SMP configuration, select the primary server blade to update all server blades simultaneously in the configuration. 5. Click Browse and select an update file. Tip: When opening a file, follow the OS procedure. 6. Click Confirm. 7. Check that the selected update file is shown for Server Blade Firmware and all target server blades are shown for Server Blade, and click OK. Functional detail 2-297

322 8. When the firmware upload is executed and the upload progress bar reaches to the right end. Then, the update starts being executed to show the update progress bar. An update progress bar window indicates the update progress currently executed on all target server blades. Wait for a few minutes until updating finishes. Upload progress bar Update progress bar 9. Check that all target server blades are successfully updated on the following dialog box, and click Close Functional detail

323 10. When background update processing starts, check the progress.. Click Resources > Modules > All Modules. 11. Click Server Blades. 12. Wait for about 10 to 30 minutes until Status of all target server blades in Server Blades information changes to Normal from Normal (updating). Tip: Since Status in Server Blades information is not automatically updated, click Refresh periodically to update the window. Warning SEL, Server blade: SVP-BMC communication error (IPMI over LAN), may be collected as mentioned in Restrictions on server blade firmware update on page If so, Status in Server Blades Functional detail 2-299

324 information may show Warning (updating). Even in that case, updating terminates when Status shows Normal. 13. Udating terminates when Status shows Normal Functional detail

325 (4) Checking the new version This subsection describes how to check that the latest version, which was obtained in (1) Obtaining the latest version of Server blade firmware on page 2-295, has been properly applied. 1. Click Resources tab > Systems > Firmware. 2. Total version on Server Blade tab shows the current firmware version. Check that all updated server blades show the latest updated firmware version. Backing up and restoring settings This section describes backing up and restoring settings executed by management modules. Possible to save and restore configuration The following backing up and restoring settings are available from the management module. Table Backing up and restoring setting Item Management module settings Fibre Channel mezzanine card settings Available operation Backing up and restoring Backing up Functional detail 2-301

326 Item Available operation LPAR manager settings Backing up and restoring Management module setting Backing up This subsection describes backing up and restoring settings for management modules. The backing up the management module settings is available from the management module console. It takes about several minutes. Note: In the non-redundant management module configuration, back up the management module and reposit it. When replacing the management module, restoring the setting is not available if the backup file does not exist. If settings are changed from the console or if power status of the server blade changes while settings are being backed up, the backup may fail. Perform backup operation in the state that those potential failures are prevented. Table Web console operation Item Backing up management module setting Operation Resources > Modules > All modules > Management modules > Action > Backup Settings Restoring The restoring the management module settings are available from the management module console. It takes about several minutes and the management module reboots after completing the restoration. Note: When restoring the management module settings, the management module reboots after completing the restoration and stops the operation. Do not restore the settings during the management module is in operation. When restoring the management module settings, the LPAR manager settings are also restored to the backed up settings. When backed up settings are restored to a management module with the firmware version later than that of the backed up settings, functions not supported at the backup are set as default Functional detail

327 Table Web console operation Item Backing up management module setting Operation Resources > Modules > All modules > Management modules > Action > Restore settings Hitachi Fibre Channel mezzanine card settings Backing up This subsection describes backing up and restoring settings for Hitachi Fibre Channel mezzanine cards. The backing up Hitachi Fibre Channel mezzanine card settings is available from the management module console. The maximum five generations of Hitachi Fibre Channel mezzanine card settings for each card are backed up into the management module. When exporting a backed up Hitachi Fibre Channel mezzanine card settings in the management module to a peripheral device, select desired card and the generation, and then export to a peripheral device. It takes about several minutes. Note: The backing up is applied for Hitachi Fibre Channel mezzanine card GG-CC3M8G2X1-Y, GG-CC3M8G2X2-Y, GG-CC3M162X1-Y, and GG- CC3M162X2-Y. The backing up for the Fibre Channel mezzanine card GG- CC3M8G1X1-Y and GG-CC3M161X1-Y is not available. Table CLI console operation Item Backing up Hitachi Fibre Channel mezzanine card settings Operation backup blade fc-hba LPAR manager configuration Backing up This subsection describes backing up and restoring configuration for LPAR manager. LPAR manager configuration information can be backed up by operating any of the consoles for the management module. It takes several minutes. Tip: LP configuration information saved in the management module is output from the system, such as the management server, etc. For saving LPAR manager configuration information, see Saving LPAR manager configuration information on page Functional detail 2-303

328 Table Web console operation Item Backing up LPAR manager configuration information Operation Resources > Modules > All modules > Server Blades > target Server Blades > Action > Backup LPAR manager settings Restoring LPAR manager configuration information can be restored by operating any of the consoles for the management module. It takes several minutes. When LPAR manager configuration information is restored, use a backup file fulfilling the following requirements. Backup file of a restored LPAR manager File backed up when an LPAR manager firmware version which is assigned to a server blade now was assigned to the same server blade If a backup file does not fulfill the requirements above, an LPAR manager would not operate properly after restoring. Note: When a server blade is turned off, LPAR manager configuration information can be restored. Table Web console operation Item Restoring LPAR manager configuration information Operation Resources > Modules > All modules > Server Blades > target Server Blades > Action > Restore LPAR manager settings CBTP Overview CBTP. Compute Blade Test Program, is a test program to run after hardware is changed for maintenance. Maintenance personnel execute CBTP after changing hardware. You need to execute it as well if changing hardware for maintenance by yourself. The following CBTP feature can be executed from a management module: Starting CBTP using the ISO image contained in the flash memory embedded in the server chassis For details about CBTP, see the Hitachi Compute Blade 500 Series System Service Manual. When you want to change the hardware for maintenance, see the Hitachi Compute Blade 500 Series System Service Manual Functional detail

329 Starting CBTP from the management module CBTP is a CD-boot program. CBTP can be started from a CD drive directly connected to a server blade, or from the ISO image using the remote console virtual media feature. CBTP can be also started from the ISO image in the flash memory embedded in a server chassis. You need to copy the ISO image on the flash memory embedded in the server chassis beforehand. Connect to the management module via FTP and transfer the ISO file to copy it. Then, mount the ISO image on the server blade using the management module Web console, power on the server blade to execute CD-boot for starting CBTP. Tip: The mounted ISO image is automatically unmounted when the server blade is powered off. Table Web console operation Item Showing CBTP ISO image stored in the flash memory embedded in the server chassis Mount and Unmount the ISO image on the server blade Operation Resources > Systems > CBTP > ISO image tab Resources > Systems > CBTP > CBTP tab The following flow chart shows the procedure for how to start CBTP from the ISO image stored in the flash memory embedded in the server chassis. Functional detail 2-305

330 1. Copy CBTP ISO image in the flash memory embedded in the server chassis. Connect to the management module via FTP, and make sure to transfer CBTP ISO image to the directory, iusb/iso/diag. Tip: Make sure to add ".iso" as an extension to the file for transfer. The extension is not case-sensitive. Up to 10 ISO images can be transferred. Even if ISO images more than 10 are transferred, only 10 images from the top in ASCII code order can be recognized by the management module. Up to 118 characters are available for an ISO image file name. If an ISO image with 119 characters or more is transferred, it cannot be recognized by the management module. The following is an example of Windows command prompt, which uses IP address ( ) and account (User: Administrator, Password: password) that are set by default. The ISO image file name to transfer is CBTP_v3.1.13_multi_forCS_ iso in the example below Functional detail

331 You can find the transferred ISO image with Web console by clicking Resources tab > Systems > CBTP > ISO image tab as follows. 2. Mount the ISO image on a server blade. Click Resources tab > Systems > CBTP > CBTP tab > ISO image combo button, and select Mount. The following window is an example of mounting the ISO image, CBTP_v3.1.13_multi_forCS_ iso, to the server blade 5. Functional detail 2-307

332 2-308 Functional detail

333 Tip: The mounted ISO image is automatically unmounted when you power on the server blade and then power off it. It is also automatically unmounted by powering off the server blade without starting CBTP. If you have mounted a wrong ISO image, unmount it on the same window of Web console. 3. Start the remote console. Click Resources tab > Systems > CBTP > CBTP tab > Start Remote Console button. Functional detail 2-309

334 Tip: You can use other methods to start the remote console, such as clicking Resources tab > Modules > All Modules > Server blades> Start Remote Console button. 4. Power on the server blade. Click Resources tab > Systems > CBTP > CBTP tab, select a server blade, click Power arrow button, and select ON Functional detail