IBM BladeCenter Management Module User Manual Download Page 54 | Manualshive

Page: 54 / 78

background image

Note:

Changes

to

the

SSL

client

configuration

take

effect

immediately

and

do

not

require

a

restart

of

the

management

module.

SSL

certificate

overview

You

can

use

SSL

with

either

a

self-signed

certificate

or

with

a

certificate

signed

by

a

third-party

certificate

authority.

Using

a

self-signed

certificate

is

the

simplest

method

for

using

SSL,

but

it

does

create

a

small

security

risk.

The

risk

arises

because

the

SSL

client

has

no

way

of

validating

the

identity

of

the

SSL

server

for

the

first

connection

attempted

between

the

client

and

server.

It

is

possible

that

a

third

party

could

impersonate

the

server

and

intercept

data

flowing

between

the

management

module

and

the

Web

browser.

If

at

the

time

of

the

initial

connection

between

the

browser

and

the

management

module,

the

self-signed

certificate

is

imported

into

the

certificate

store

of

the

browser,

all

future

communications

will

be

secure

for

that

browser

(assuming

the

initial

connection

was

not

compromised

by

an

attack).

For

more

complete

security,

you

can

use

a

certificate

signed

by

a

certificate

authority.

To

obtain

a

signed

certificate,

use

the

SSL

Certificate

Management

page

to

generate

a

certificate

signing

request.

You

must

then

send

the

certificate

signing

request

to

a

certificate

authority

and

make

arrangements

to

procure

a

certificate.

When

the

certificate

is

received,

it

is

then

imported

into

the

management

module

using

the

Import

a

Signed

Certificate

link,

and

you

can

enable

SSL.

The

function

of

the

certificate

authority

is

to

verify

the

identity

of

the

management

module.

A

certificate

contains

digital

signatures

for

the

certificate

authority

and

the

management

module.

If

a

well-known

certificate

authority

issues

the

certificate

or

if

the

certificate

of

the

certificate

authority

has

already

been

imported

into

the

Web

browser,

the

browser

will

be

able

to

validate

the

certificate

and

positively

identify

the

management-module

Web

server.

The

management

module

requires

a

certificate

for

the

secure

Web

server

and

one

for

the

secure

LDAP

client.

Also,

the

secure

LDAP

client

requires

one

or

more

trusted

certificates.

The

trusted

certificate

is

used

by

the

secure

LDAP

client

to

positively

identify

the

LDAP

server.

The

trusted

certificate

is

the

certificate

of

the

certificate

authority

that

signed

the

certificate

of

the

LDAP

server.

If

the

LDAP

server

uses

self-signed

certificates,

the

trusted

certificate

can

be

the

certificate

of

the

LDAP

server

itself.

Additional

trusted

certificates

can

be

imported

if

more

than

one

LDAP

server

is

used

in

your

configuration.

SSL

server

certificate

management

The

SSL

server

requires

that

a

valid

certificate

and

corresponding

private

encryption

key

is

installed

before

SSL

is

enabled.

There

are

two

methods

available

for

generating

the

private

key

and

required

certificate:

using

a

self-signed

certificate

and

using

a

certificate

signed

by

a

certificate

authority.

If

you

want

to

use

a

self-signed

certificate

for

the

SSL

server,

see

If

you

want

to

use

a

certificate

authority

signed

certificate

for

the

SSL

server,

see

44

BladeCenter

Management

Module:

User’s

Guide

«
...
52
53
54
55
56
...
»

Summary of Contents for BladeCenter Management Module

Page 1: ...BladeCenter Management Module User s Guide ERserver...

Page 2: ......

Page 3: ...BladeCenter Management Module User s Guide ERserver...

Page 4: ...al information in Appendix B Notices on page 59 Fourth Edition February 2004 Copyright International Business Machines Corporation 2004 All rights reserved US Government Users Restricted Rights Use du...

Page 5: ...ule Web interface 11 User authority 11 Starting the management module Web interface 12 Management module Web interface options 14 Monitors 14 System Status 14 Event Log 16 LEDs 17 Hardware VPD 18 Firm...

Page 6: ...odifying your ASM configuration 55 Appendix A Getting help and technical assistance 57 Before you call 57 Using the documentation 57 Getting help and information from the World Wide Web 58 Software se...

Page 7: ...alleert eerst de veiligheidsvoorschriften Ennen kuin asennat t m n tuotteen lue turvaohjeet kohdasta Safety Information Avant d installer ce produit lisez les consignes de s curit Vor der Installation...

Page 8: ...disconnect signal cables v Never turn on any equipment when there is evidence of fire water or structural damage v Disconnect the attached power cords telecommunications systems networks and modems b...

Page 9: ...r cords associated with accessories sold with this product will expose you to lead a chemical known to the State of California to cause cancer and birth defects or other reproductive harm Wash hands a...

Page 10: ...viii BladeCenter Management Module User s Guide...

Page 11: ...e redundant management module The latest level of management module firmware is available at the IBM Support Web site at http www ibm com pc support The management module functions as a service proces...

Page 12: ...this indicator is lit the system error LED on each of the BladeCenter system LED panels is also lit v Ethernet link When this green LED is lit there is an active connection through the port to the ne...

Page 13: ...net Video Mouse Keyboard Note There is no internal connections between the input output connectors on the management modules when two are installed in the BladeCenter unit See the IBM BladeCenter Mana...

Page 14: ...e connection to the network management station on the network Use this port to establish connections with the remote management and remote console features of the BladeCenter unit The network manageme...

Page 15: ...anagement station to connect to the management module to configure the port completely and to configure the rest of the BladeCenter unit v The IP address for the internal Ethernet port on the manageme...

Page 16: ...rs v Accessing the I O modules to configure them v Changing the drive startup sequence for a blade server v Setting the date and time v Using a remote console for the blade servers v Changing ownershi...

Page 17: ...thernet connector on the management module Connect the other end of the Ethernet cable to the network 2 Check the Ethernet LEDs to ensure that the network connection is working v When the green Ethern...

Page 18: ...ment module then use your Web browser to connect to the management module see Starting the management module Web interface on page 12 for more information In the browser Address field specify the IP a...

Page 19: ...y provide connectivity from the IBM Director server to the BladeCenter management module Ethernet port To establish connectivity the management module attempts to use DHCP to acquire its initial IP ad...

Page 20: ...10 BladeCenter Management Module User s Guide...

Page 21: ...face windows and the authority levels that are required to change information in these windows The windows and authorities listed in this table only apply to changing the information in a window or ex...

Page 22: ...Update v v Configuration v v v Serial over LAN v v v I O Module Tasks Power Restart v v Management v v v Firmware Update v v MM Control General Settings v v v Login Profiles v v v Alerts v v v Port As...

Page 23: ...all capital letters v Password PASSW0RD note the zero not O in PASSW0RD 3 Follow the instructions that appear on the screen Be sure to set the timeout value you want for your Web session The BladeCen...

Page 24: ...in the sections that follow Online help is provided for the management module Web interface Click the help icon next to a section or choice to display additional information about this item Monitors...

Page 25: ...ttings in the blade server BIOS code v Local Control An indication of whether the following options are enabled Local power control Local keyboard video and mouse switching Local CD ROM drive diskette...

Page 26: ...rent speed of the blower module as a percentage of the maximum revolutions per minute RPMs The blower speed varies with the thermal load An entry of Offline indicates that the blower is not functionin...

Page 27: ...LED and turn on turn off or blink the location LED on the BladeCenter unit and the blade servers v Front Panel LEDs The state of the following LEDs on the BladeCenter system LED panel You can change...

Page 28: ...the log of modules inserted or removed from the BladeCenter unit Firmware VPD Select the Firmware VPD choice to view the vital product data VPD for the firmware in all blade servers I O modules and ma...

Page 29: ...v Turn on or turn off the selected blade server set the power state on or off v Enable or disable local power control When local power control is enabled a local user can turn on or turn off the blad...

Page 30: ...Select the check boxes in the Select column for one or more On Demand blade servers that have a Standby status then click the Activate Standby Blade Servers link to activate the selected blade server...

Page 31: ...media tray Mount a disk drive or disk image from the computer that is acting as the remote console on to a blade server The mounted disk drive or disk image will appear as a USB device attached to the...

Page 32: ...following commands init 3 Switch to text mode if necessary rmmod mousedev Unload the mouse device driver b Add the following statement to xinitrc in the user s home directory xset m 1 1 Turn off mous...

Page 33: ...selection of hard disk drives depends on the hard disk drives that are installed in your blade server CD ROM Diskette Network PXE Attempt a PXE DHCP network startup the next time the selected blade s...

Page 34: ...y for the BladeCenter unit Enabling or disabling SOL globally does not effect the SOL session status for each blade server SOL must be enabled both globally for the BladeCenter unit and individually f...

Page 35: ...f I O modules such as pass thru modules Power Restart Select the Power Restart choice to display the power status of the I O modules and perform the following actions v Turn on or turn off an I O modu...

Page 36: ...trol section to view and change the settings or configuration on the management module that you are logged in to the primary management module through this management module Web interface session If y...

Page 37: ...ettings are used during SNMP and SMTP configuration See Configuring SNMP on page 35 and Configuring SMTP on page 37 for additional information Login Profiles Select the Login Profiles choice to config...

Page 38: ...write and execute access to all management module functions Users with Read Only authority can access all management module functions for viewing only Attention If you change the default login profil...

Page 39: ...ients for IBM Director over LAN the remote alert recipient must be an IBM Director enabled server Port Assignments Select the Port Assignments choice to configure some of the ports used by the managem...

Page 40: ...mber fixed Description 25 Port used for TCP e mail alerts 53 Port used for the UDP Domain Name Server DNS resolver 68 Port used for DHCP client connection using UDP 427 Port used for the UDP Service L...

Page 41: ...external Ethernet port the I O module internal network interface and the management module internal and external interfaces must be on the same subnet v External Network Interface eth0 This is the int...

Page 42: ...warning messages generated by the TCP IP code running on the management module and might be used by your service representative for advanced troubleshooting The log displays the most recent entries fi...

Page 43: ...between self signed certificates and certificates provided by a certificate authority CA You can also enable or disable the default SSH and generate and manage the SSH server key Some of the Security...

Page 44: ...ate will automatically be applied to both management modules Click Browse to locate the firmware file you want then click Update Management module firmware is in several separate files that are instal...

Page 45: ...nfigured SNMP alerts to the configured host names or IP addresses Note If you plan to configure Simple Network Management Protocol SNMP traps on the management module you must install and compile the...

Page 46: ...traps fields to forward alerts to SNMP communities on your network To enable the SNMP agent the following criteria must be met v System contacts must be specified on the General Settings page v The s...

Page 47: ...ranslate host names into IP addresses 12 If you enabled DNS in the DNS server IP address fields you can specify the IP addresses of up to three DNS servers on your network Each IP address should conta...

Page 48: ...ement module can be associated with one or more groups and a user would only pass group authentication if he belongs to at least one group associated with the management module Setting up a client to...

Page 49: ...e belongs only to this group If a prefix filter is used for example RSA this management module belongs to any group whose first three letters are RSA If a wildcard filter is used then this management...

Page 50: ...eps to configure the LDAP client authentication 1 In the navigation pane click MM Control Network Protocols 2 Scroll down to the Lightweight Directory Access Protocol LDAP Client section and click Set...

Page 51: ...ermission Attribute When a user is successfully authenticated using an LDAP server the login permissions for this user must be retrieved To retrieve these permissions the search filter sent to the ser...

Page 52: ...o restrictions when configuring the management module blade servers I O Modules and VPD This user can also perform firmware upgrades on the management module or blade servers restore the management mo...

Page 53: ...l tasks list to configure the security for the management module 1 Configure the Secure Web server a Disable the SSL server Use the SSL Server Configuration for Web Server section on the MM Control Se...

Page 54: ...rity is to verify the identity of the management module A certificate contains digital signatures for the certificate authority and the management module If a well known certificate authority issues t...

Page 55: ...e sure that the SSL server is disabled If it is not disabled select Disabled in the SSL Server field and then click Save 3 In the SSL Server Certificate Management section select Generate a New Key an...

Page 56: ...re that the SSL server is disabled If it is not disabled select Disabled in the SSL Server field and then click Save 3 In the SSL Server Certificate Management section select Generate a New Key and a...

Page 57: ...as it is known by the Web browser The browser compares the host name in the resolved Web address to the name that appears in the certificate To prevent certificate warnings from the browser the value...

Page 58: ...o assign a password to the certificate signing request This field can contain a maximum of 30 characters Unstructured Name Use this field for additional information such as an unstructured name assign...

Page 59: ...o to step 8 after the signed certificate is returned from the certificate authority 8 In the navigation pane click MM Control Security Scroll to the SSL Server Certificate Management section which loo...

Page 60: ...on key and certificate for the SSL client is the same as the procedure for the SSL server except that you use the SSL Client Certificate Management section of the Security Web page instead of the SSL...

Page 61: ...click Import Certificate A progress indicator is displayed as the file is transferred to storage on the management module Remain on this page until the transfer is completed 8 The SSL Client Trusted C...

Page 62: ...ature provides secure access to the command line interface and the serial over LAN text console redirect features of the management module Secure shell users are authenticated by exchanging user ID an...

Page 63: ...Hmac sha1 Complete the following steps to create a new secure shell server key 1 In the navigation pane click MM Control Security 2 Scroll to the Secure Shell SSH Server section and make sure that th...

Page 64: ...he management module configuration v Restore the management module configuration Note If you cannot communicate with a replacement management module through the Web interface or the IBM Director progr...

Page 65: ...ving to enter common shared information Complete the following steps to restore or modify your current configuration 1 Log in to the management module where you want to restore the configuration For m...

Page 66: ...te was successful Note The security settings on the Security page are not restored with the restore operation To modify security settings see Secure Web server and secure LDAP on page 42 7 After recei...

Page 67: ...ssistance by following the troubleshooting procedures that IBM provides in the online help or in the publications that are provided with your system and software The information that comes with your s...

Page 68: ...about which products are supported by Support Line in your country or region go to http www ibm com services sl products For more information about Support Line and other IBM services go to http www i...

Page 69: ...TY OF ANY KIND EITHER EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF NON INFRINGEMENT MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE Some states do not allow disclaimer...

Page 70: ...ountries or both Microsoft Windows and Windows NT are trademarks of Microsoft Corporation in the United States other countries or both UNIX is a registered trademark of The Open Group in the United St...

Page 71: ...applicable regulations IBM offers product return programs in several countries Information on product recycling offerings can be found on IBM s Internet site at http www ibm com ibm environment produ...

Page 72: ...nformity with the protection requirements of EU Council Directive 89 336 EEC on the approximation of the laws of the Member States relating to electromagnetic compatibility IBM cannot accept responsib...

Page 73: ...Chinese Class A warning statement Japanese Voluntary Control Council for Interference VCCI statement Appendix B Notices 63...

Page 74: ...64 BladeCenter Management Module User s Guide...

Page 75: ...3 error log See event log Ethernet configuring remote connection 8 port cabling 7 Ethernet activity LED 2 Ethernet connector remote management and console 4 Ethernet link status LED 2 event log 16 eve...

Page 76: ...ing security 43 enabling SSL for LDAP client 52 enabling SSL for secure Web server 50 overview 42 SSL certificate overview 44 SSL client certificate management 50 SSL client trusted certificate manage...

Page 77: ......

Page 78: ...Part Number 13N0318 Printed in USA 1P P N 13N0318...

Reviews:

No comments

Related manuals for BladeCenter Management Module

Brand: Ebyte Pages: 8

Brand: Keithley Pages: 59

Brand: National Instruments Pages: 28

Brand: National Instruments Pages: 19

Brand: National Instruments Pages: 103

NI PXI-1042 Series

Brand: National Instruments Pages: 12

Brand: National Instruments Pages: 4

FRDM-STBC-SA9500

Brand: Freescale Semiconductor Pages: 2

Storage Networking (Unified Fabric Pilot)

Brand: Qlogic Pages: 76

PXI Terminal Block NI TB-2709

Brand: National Instruments Pages: 12

Brand: Sony Ericsson Pages: 2

Brand: Digital Voice Systems Pages: 32

Brand: Cypress Semiconductor Pages: 38

CG9103-2RS232-1USB

Brand: BiPOM Electronics Pages: 8

Core 2 Duo E4300

Brand: Intel Pages: 55

Brand: IBM Pages: 78

Brand: INGENIA Pages: 58

Brand: Jatontec Pages: 13

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands