manualshive.com logo in svg

Hewlett Packard Enterprise Superdome Flex, User Manual

The Hewlett Packard Enterprise Superdome Flex is a powerful enterprise server solution designed for critical workloads. Ensure optimal performance by downloading the user manual for free from our website. Find all the information you need to maximize the capabilities of this innovative product at manualshive.com.

Share
Download
background image

Secure Boot

HPE Superdome Flex Server systems support features that secure the boot process. When enabled, Secure Boot prevents
execution of OS loaders, drivers, and UEFI applications that are not signed with an acceptable digital signature.

NOTE: Secure Boot is only supported on systems with firmware versions 2.5.246 or later and HFS versions1.3 or later on
Linux systems.

Secure Boot requires signed I/O firmware drivers. Currently all 10/25Gb I/O adapters supported on Superdome Flex
Server also support Secure Boot operation. See the Superdome Flex Server 

www.hpe.com/support/superdome-flex-

quickspecs for a list of supported i/O adapters.

Secure boot features

When secure boot is enabled on Superdome Flex Server, system firmware verifies OS loader, driver, and UEFI application
signatures before executing them.

By default, secure boot is disabled. This default applies to systems shipped from the factory, and to newly created
Superdome Flex Server partitions.

Many secure boot configuration changes require resetting the partition before booting an OS or accessing the UEFI Shell.

Secure boot protection applies both at the Boot Manager menu and at the UEFI Shell. In secure boot mode, the UEFI Shell
disables the 

mm

 and 

hexedit

 commands.

System logs record changes to the secure boot mode. Secure boot checks performed during firmware verification also are
logged.

Default secure boot keys

The default keys include signatures for supported operating systems.

The Superdome Flex Server default secure keys permit execution of images signed by the following certificates:

• HPE KEK 2016

• Microsoft Corporation KEK CA 2011

• SUSE Linux Enterprise Secure Boot CA

• HPE DB 2016

• HP DB 2013

• Microsoft Corporation UEFI CA 2011

• Microsoft Windows Production PCA 2011

• SUSE Linux Enterprise Secure Boot Signkey

• VMware ESX40 certificate

• VMware certificate 2017

Enabling Secure Boot with CLI

Secure Boot can be enabled and disabled with RMC CLI commands.

Secure Boot

49

Summary of Contents for Superdome Flex

Page 1: ...HPE Superdome Flex Server User Guide Part Number 10 200003 Q122 Published October 2021 Edition 11 Abstract Product overview initial setup network configuration and system management...

Page 2: ...is not responsible for information outside the Hewlett Packard Enterprise website Acknowledgments Intel Xeon and Optane are trademarks of Intel Corporation in the U S and other countries Redfish is a...

Page 3: ...r accounts and passwords Added section on updating SD Flex software Added section on updating SD Flex firmware Added section on configuring and using LDAP for user authentication Updated several illus...

Page 4: ...ing the factory default passwords on the BMC 23 Verifying the HPE Superdome Flex Server is running correctly and can boot 24 Configuring the RMC to forward SNMP alerts 26 SNMP alerts 26 Managing HPE S...

Page 5: ...Enabling Secure Boot with Boot Manager 50 Disabling Secure Boot with CLI 51 Disabling Secure Boot with Boot Manager 51 Installing or reinstalling default Secure Boot keys 52 Secure Boot Configuration...

Page 6: ...m the base chassis and can be used as the monarch boot chassis for nPartitions Any one system has one base chassis Mixing partitionable and expansion chassis is not supported 1 2 3 4 5 6 7 8 9 10 11 1...

Page 7: ...nted RMC required for partitioned systems For more information about features and supported configurations see the www hpe com support superdome flex quickspecs Post installation checklist A Hewlett P...

Page 8: ...ch internal components Removing the covers can expose you to dangerous voltage points or other risks Unplug this product from the wall outlet and refer servicing to qualified service personnel under t...

Page 9: ...the system alone Moving a rack requires at least two people To slide out the chassis in either direction complete the following steps Confirm that the rack does not move The rack feet should be down...

Page 10: ...eaching as you install components Use the ladder handhold while climbing the stepladder Be aware that tools and equipment that you carry up the ladder could fall from the top of the rack 2 m 6 ft Fall...

Page 11: ...x Server to a private server management network within your corporate LAN Hewlett Packard Enterprise strongly recommends using a management network that is separate from the normal corporate LAN Make...

Page 12: ...Accessing HPE Superdome Flex Server RMC or eRMC from Windows 7 Optional Use this step only if you have a 1U RMC and want to set it up using the RMC AUX port and LAN cable The RMC AUX port is preconfi...

Page 13: ...ange the default IPMI password Hewlett Packard Enterprise recommends that you configure the same password for both the RMC administrator user and ipmi user The BMC Superdome Flex chassis running FW 3...

Page 14: ...d component 13 14 15 16 17 18 19 13 14 15 16 17 18 19 In a partitionable system an RMC is required regardless of the number of chassis If there are three or more chassis in a system an RMC is required...

Page 15: ...has a bar code and the factory default password written on it If the system uses an RMC this sticker is on the rear of the 1U rackmounted component Password If the system uses an eRMC the sticker is o...

Page 16: ...twork If the system uses an RMC plug one end of the Ethernet cable into the WAN port on the RMC Plug the other end into the manageability network WAN If the system uses an eRMC plug one end of the Eth...

Page 17: ...x Server OS Installation Guide When JViewer is required the monarch chassis must be connected to the management LAN Procedure 1 Locate the chassis that contains the BMC The BMC is located in the lowes...

Page 18: ...m connect the MGMT port on the lowermost monarch chassis for each nPar to the management LAN Configuring the RMC on the network Prerequisites The manageability network must be a private server managem...

Page 19: ...rmation about loading these drivers see Accessing HPE Superdome Flex Server RMC or eRMC from Windows 3 In the serial terminal window use your terminal emulation program instructions to set the followi...

Page 20: ...might need the RMC password in the future 11 Reboot the RMC for the changes to take effect reboot rmc 12 To test new IP address and password for the RMC open another terminal window and enter the fol...

Page 21: ...e RMC administrator user password set password The system prompts for the administrator user password when the administrator user logs into the RMC over the network NOTE The factory assigned administr...

Page 22: ...rocedure Changing the factory default IPMI password on the rack management controller RMC For systems using an RMC not using an eRMC complete the following procedure to change the IPMI password on the...

Page 23: ...sword that was previously set for administrator on the RMC 2 Run BASEIOLIST and make note of the base BMC GEOID For example RMC cli baseiolist P000 r001i01b 192 168 5 21 08 00 69 17 A1 B1 The GEOID is...

Page 24: ...sequences in the configuration procedures Procedure 1 Open two terminal sessions to the RMC and log in as the administrator user in each session On the monitor orient the terminal sessions one on top...

Page 25: ...n take up to two minutes for the BMC to be configured 5 In the top window enter the following command power on npar pnum 0 The RMC cli prompt will appear after power has been applied which can take 3...

Page 26: ...e uses the MIB to convert low level SNMP variables to readable names such as CPU2_TEMP The RMC and the BMCs manage SNMP alerts with the RMC receiving the SNMP alerts that the BMCs generate Hewlett Pac...

Page 27: ...yed From the home page you can access management functions such as Using HTML5 KVM and attaching an ISO Installing an OS or HFS See HPE Superdome Flex Server OS Installation Guide Configuring a virtua...

Page 28: ...10 one approach is to access the Windows command line as the administrator user and then run JViewer from that command line For more information about using JViewer with vFolders see the HPE Superdome...

Page 29: ...er may be synchronized back to the original folder The contents of the original folder will be overwritten The Disc Image File is then deleted Prerequisites You are logged in as an administrator See L...

Page 30: ...drive you selected When connected the image file is shared with the server 7 Power on the server with the RMC power on npar pnum 1 bootopt Shell bootopt Shell forces the console to stop at the UEFI S...

Page 31: ...file back to the vFolder on the PC When synchronization is complete the changes made on the server are now visible under the vFolder 13 Optional You can disconnect and reconnect as needed Whenever the...

Page 32: ...ions drive Q and drive R Both partitions are configured as FAT32 so that they are accessible as Virtual Media 3 Click Connect beside the drive you selected The Hard Disk USB Redirection Status panel a...

Page 33: ...3 GPT 88D9175B 0EBC 46AE 9654 0007781192B0 0x808000 0x800000 7 Identify each logical partition To determine which logical partition is mounted to each FS file system it will be necessary to uniquely i...

Page 34: ...in LDAP names The dot character is a valid character in user and group names However the Superdome Flex Rack Management Controller RMC Embedded Rack Management Controller eRMC Command Line Interface...

Page 35: ...erdome Flex Server Administration Guide LDAP configuration LDAP configuration is managed using the CLI on the RMC Successfully configuring the HPE Superdome Flex Server for LDAP authentication require...

Page 36: ...sword _ More information Set LDAP command information Set LDAP command information The set LDAP command is used from the RMC command line to configure the LDAP server details Usage set ldap server SER...

Page 37: ...dap bindpw Please enter the bind password _ Default values if not set port 636 login uid userfilter objectClass posixAccount groupfilter objectClass posixGroup The login parameter is the name of the L...

Page 38: ...ch 1 ou org dc company dc com User Filter objectClass posixAccount User DN Search 1 Group Filter objectClass posixGroup Group DN Search 1 AD Domain SID Adding new LDAP groups Procedure Grant users of...

Page 39: ...Flex_users Displaying the current LDAP groups Procedure Display the current list of authorized LDAP groups by using the show ldap_group command RMC cli show ldap_group Group Name Role Users operator E...

Page 40: ...ny com ping6 c2 dir_server company com Ping Test was successful Group Search Test Attempting LDAP search for group1 in ou org dc company dc com DN scope LDAPTLS_REQCERT allow ldapsearch LLL v x l 90 d...

Page 41: ...mc administrator flex rmc s password administrator password HPE Superdome Flex BMC 2 At the CLI prompt enter the appropriate command to manage user accounts commands Enter help for a list of available...

Page 42: ...e administrator Adding RMC users Procedure 1 Create an RMC user account using the add user command USER ROLE role For example RMC cli add user name Mary_Albright role monitor Changing password for Mar...

Page 43: ...Albright Old password New password Retype password Password for Mary_Albright changed by Mary_Albright To change another user s password RMC cli set password username Mary_Albright Changing password f...

Page 44: ...ly change it to a secure password again More information Changing the factory default IPMI password HPE Superdome Flex Server updates Updating HPE Superdome Flex Server firmware This topic describes h...

Page 45: ...s access redhat com documentation en us red_hat_enterprise_linux 7 html system_administrators_guide index The update instructions can be found in section 9 7 Automatically Refreshing Package Database...

Page 46: ...tlement required This site includes access to the latest HFS ISO files Release Notes and installation update instructions for all supported Linux operating systems Updating the I O firmware and driver...

Page 47: ...ent Memory on Superdome Flex Server with Intel Xeon 62xx and 82xx Cascade Lake processors For details on supported PMM configurations and related administration and maintenance tasks see HPE Persisten...

Page 48: ...ation for this attempt a Select the IP version you want to use under the Internet Protocol menu item b Optional Set the number of times to attempt reconnecting under the Connection Retry Count menu it...

Page 49: ...ystems shipped from the factory and to newly created Superdome Flex Server partitions Many secure boot configuration changes require resetting the partition before booting an OS or accessing the UEFI...

Page 50: ...ot with Boot Manager Procedure 1 Interrupt the boot process and access UEFI Press F2 to access the UEFI Boot Manager 2 Access the Secure Boot Configuration menu At Boot Manager select the Device Manag...

Page 51: ...bled state using the show command show npar verbose 4 Power ON the nPartition Disabling Secure Boot with Boot Manager Procedure 1 Interrupt the boot process and access UEFI Press F2 to access the UEFI...

Page 52: ...n menu At Boot Manager select the Device Manager menu then select the Secure Boot Configuration menu 3 Select the Install Default Keys option This option also changes the system to User Mode and enabl...

Page 53: ...the Customize Secure Boot menu Install Default Keys Option for installing the default secure boot keys All Secure Boot data is overwritten with a default set for supported operating systems Installin...

Page 54: ...able on a UEFI file system KEK Options Key Exchange Keys options You can enroll additional signature keys to establish a trusted relationship between an operating system and the system firmware DB Opt...

Page 55: ...on menu Custom Secure Boot Options menu OS boot fails from boot manager Symptom The OS fails to boot from the boot manager and immediately returns to the boot menu The progress log contains the SECURE...

Page 56: ...e keys permit execution of images signed by the following certificates HPE KEK 2016 Microsoft Corporation KEK CA 2011 SUSE Linux Enterprise Secure Boot CA HPE DB 2016 HP DB 2013 Microsoft Corporation...

Page 57: ...led at the RMC CLI enter the following command RMC CLI show npar verbose To enable or disable Secure Boot power off the nPartition and then at the RMC CLI enter the following command RMC CLI modify np...

Page 58: ...t documentation HPE Superdome Flex Server documentation for support specialists is available at www hpe com support superdome flex docs restricted by signing in to the Hewlett Packard Enterprise Suppo...

Page 59: ...General websites Hewlett Packard Enterprise Information Library www hpe com info EIL For additional websites see Support and other resources Websites 59...

Page 60: ...updates Some software products provide a mechanism for accessing software updates through the product interface Review your product documentation to identify the recommended software update method To...

Page 61: ...w hpe com support ProLiantServers Warranties HPE Enterprise and Cloudline Servers https www hpe com support EnterpriseServers Warranties HPE Storage Products https www hpe com support Storage Warranti...

Page 62: ...ur needs To help us improve the documentation use the Feedback button and icons located at the bottom of an opened document on the Hewlett Packard Enterprise Support Center portal https www hpe com su...

Reviews:

No comments

Related manuals for Superdome Flex

IBM B50 Service Manual preview
B50
Brand: IBM Pages: 198
Surveon EonServ 5000 Series User Manual preview
EonServ 5000 Series
Brand: Surveon Pages: 33
IBM pSeries 670 Installation Manual preview
pSeries 670
Brand: IBM Pages: 128
TYAN FT77B-B7059 Service Engineer'S Manual preview
FT77B-B7059
Brand: TYAN Pages: 170
Moxa Technologies NPort P5250A Series Quick Installation Manual preview
NPort P5250A Series
Brand: Moxa Technologies Pages: 2
IBM 847620U - Netfinity 3000 - 20U Hardware Maintenance Manual preview
847620U - Netfinity 3000 - 20U
Brand: IBM Pages: 270
Supero SuperServer 1026T-M3 User Manual preview
SuperServer 1026T-M3
Brand: Supero Pages: 104
TYAN Transport GT26-B4987 Service Manual preview
Transport GT26-B4987
Brand: TYAN Pages: 125
Flexport HF2211 User Manual preview
HF2211
Brand: Flexport Pages: 39
IBM System x3650 M5 Installation And Service Manual preview
System x3650 M5
Brand: IBM Pages: 1010
Rackable Systems OmniStor 4900F Series User Manual preview
OmniStor 4900F Series
Brand: Rackable Systems Pages: 196
Vidyo VidyoGateway Administrator'S Manual preview
VidyoGateway
Brand: Vidyo Pages: 186
NEC Storage ST1220 User Manual preview
Storage ST1220
Brand: NEC Pages: 69
QNAP TBS-464 User Manual preview
TBS-464
Brand: QNAP Pages: 49
IBM 9405-520 Quick Start Manual preview
9405-520
Brand: IBM Pages: 16
Axis AXIS 5900 User Manual preview
AXIS 5900
Brand: Axis Pages: 160
EEG UNEEG User Manual preview
UNEEG
Brand: EEG Pages: 32
Planet Networking & Communication IAS-240 User Manual preview
IAS-240
Brand: Planet Networking & Communication Pages: 97

Brands by name

Popular brands

Load more brands