White Paper V1 - Hammer Huawei - Home iMana 200 provides IPMI, command-line interface (CLI),...

HUAWEI Server iMana Intelligent ManagementSystem

White Paper V1.3

Issue 02

Date 2015-02-12

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2015. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respective holders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,and recommendations in this document are provided "AS IS" without warranties, guarantees or representationsof any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.Address: Huawei Industrial Base

Bantian, LonggangShenzhen 518129People's Republic of China

Website: http://www.huawei.com

Email: [email protected]

Issue 02 (2015-02-12) Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

i

http://www.huawei.com

mailto:[email protected]

Contents

1 Overview.........................................................................................................................................11.1 Introduction to iMana 200..............................................................................................................................................21.2 System Design................................................................................................................................................................3

2 Functions.........................................................................................................................................42.1 Various Management Interfaces.....................................................................................................................................62.1.1 Standard IPMI 1.5 or IPMI 2.0 Interface.....................................................................................................................62.1.2 CLI...............................................................................................................................................................................82.1.3 HTTPS Interface..........................................................................................................................................................92.1.4 SNMP Interface.........................................................................................................................................................102.1.5 WS-MAN Interface...................................................................................................................................................112.1.6 SMASH-CLP Interface..............................................................................................................................................122.2 Fault Detection and Alarm Management......................................................................................................................132.2.1 Fault Detection..........................................................................................................................................................142.2.2 Fault Diagnosis..........................................................................................................................................................142.2.3 System Running Recorder.........................................................................................................................................152.2.4 Startup Self-Check Code...........................................................................................................................................172.2.5 Event Management....................................................................................................................................................172.2.6 Fault Reporting..........................................................................................................................................................182.3 Virtual KVM and Virtual Media..................................................................................................................................202.3.1 Virtual KVM..............................................................................................................................................................202.3.2 Virtual Media.............................................................................................................................................................212.4 HTTPS-based Visualization Management Interface....................................................................................................232.4.1 Viewing System Information.....................................................................................................................................242.4.2 Querying System Information...................................................................................................................................252.4.3 Real-Time Monitoring...............................................................................................................................................262.4.4 Device Location.........................................................................................................................................................292.4.5 Configuration.............................................................................................................................................................292.5 Breakdown Screenshot and Breakdown Video............................................................................................................302.5.1 Breakdown Screenshot..............................................................................................................................................302.5.2 Breakdown Video......................................................................................................................................................312.6 Screen Snapshot and Screen Video..............................................................................................................................322.6.1 Screen Snapshot.........................................................................................................................................................32

HUAWEI Server iMana Intelligent Management SystemWhite Paper V1.3 Contents


ii

2.6.2 Screen Video..............................................................................................................................................................332.7 Domain Management and Directory Service...............................................................................................................352.7.1 Domain Management................................................................................................................................................352.7.2 Directory Service.......................................................................................................................................................362.8 Firmware Management.................................................................................................................................................382.8.1 Firmware Dual-image Backup...................................................................................................................................382.8.2 Firmware Upgrade.....................................................................................................................................................392.9 Intelligent Power Management.....................................................................................................................................392.9.1 Power Control............................................................................................................................................................392.9.2 Power Capping..........................................................................................................................................................402.9.3 Power Statistics and Power History Line..................................................................................................................412.9.4 Active and Standby PSUs..........................................................................................................................................422.10 SOL and System Serial Port Running Information Record........................................................................................432.10.1 SOL..........................................................................................................................................................................432.10.2 Recording System Serial Port Information..............................................................................................................432.11 Security Management.................................................................................................................................................442.11.1 Scenario-based Login Restriction............................................................................................................................442.11.2 Account Security.....................................................................................................................................................452.11.3 SSL Certificate Management...................................................................................................................................452.11.4 Service Management...............................................................................................................................................472.11.5 Operation Log Management....................................................................................................................................482.11.6 Enhanced Encryption Algorithm.............................................................................................................................492.12 Unified Communication Interface..............................................................................................................................502.12.1 System Resource Monitoring..................................................................................................................................502.12.2 Hard Disk Information.............................................................................................................................................512.13 Access Management...................................................................................................................................................512.13.1 Management Network Port Auto-Adaptation..........................................................................................................512.13.2 NC-SI.......................................................................................................................................................................522.13.3 IPv6..........................................................................................................................................................................532.14 Uniform User Management........................................................................................................................................542.15 NTP.............................................................................................................................................................................55

3 Technical Specifications.............................................................................................................56

HUAWEI Server iMana Intelligent Management SystemWhite Paper V1.3 Contents


iii

Figures

Figure 1-1 iMana 200 system architecture..............................................................................................................3Figure 2-1 iMana 200 management interfaces........................................................................................................6Figure 2-2 WS-MAN information traffic..............................................................................................................12Figure 2-3 The following figure shows the CLP framework:...............................................................................13Figure 2-4 Functions of the MCE troubleshooting system....................................................................................15Figure 2-5 System running recorder......................................................................................................................16Figure 2-6 Downloading black box data...............................................................................................................16Figure 2-7 Startup self-check code page................................................................................................................17Figure 2-8 System Events page.............................................................................................................................18Figure 2-9 SNMP trap configuration page............................................................................................................19Figure 2-10 SMTP configuration page..................................................................................................................19Figure 2-11 Remote console..................................................................................................................................20Figure 2-12 Virtual KVM in the iMana 200..........................................................................................................21Figure 2-13 Virtual media in the iMana 200.........................................................................................................22Figure 2-14 Entering the iMana IP address...........................................................................................................23Figure 2-15 iMana 200 login page.........................................................................................................................23Figure 2-16 Summary tab page..............................................................................................................................24Figure 2-17 Overview page...................................................................................................................................24Figure 2-18 Firmware Version page......................................................................................................................25Figure 2-19 Asset Information page......................................................................................................................25Figure 2-20 System Hardware page......................................................................................................................26Figure 2-21 Component page................................................................................................................................27Figure 2-22 Sensor page........................................................................................................................................27Figure 2-23 LED....................................................................................................................................................28Figure 2-24 Device Location page.........................................................................................................................29Figure 2-25 Configuration page.............................................................................................................................30Figure 2-26 Rule of the breakdown screenshot.....................................................................................................30Figure 2-27 Breakdown screenshot.......................................................................................................................31Figure 2-28 Video playback console.....................................................................................................................32Figure 2-29 Obtaining screen snapshots................................................................................................................33Figure 2-30 Enabling/Disabling the screen video function...................................................................................34Figure 2-31 Video playback console.....................................................................................................................34

HUAWEI Server iMana Intelligent Management SystemWhite Paper V1.3 Figures


iv

Figure 2-32 Configuring DNS parameters............................................................................................................36Figure 2-33 Host Name page.................................................................................................................................36Figure 2-34 Directory service work process..........................................................................................................37Figure 2-35 LDAP User page................................................................................................................................37Figure 2-36 Firmware Upgrade page.....................................................................................................................39Figure 2-37 Firmware Upgrade page.....................................................................................................................39Figure 2-38 Power Control page............................................................................................................................40Figure 2-39 Power Capping page..........................................................................................................................41Figure 2-40 Power Statistics page.........................................................................................................................41Figure 2-41 Power History page............................................................................................................................42Figure 2-42 Active and standby PSUs page..........................................................................................................43Figure 2-43 SOL....................................................................................................................................................43Figure 2-44 Recording system serial port information..........................................................................................44Figure 2-45 Setting login rules..............................................................................................................................45Figure 2-46 Account security configuration..........................................................................................................45Figure 2-47 SSL certificate management page......................................................................................................46Figure 2-48 SNMP configurations page................................................................................................................47Figure 2-49 Service configuration page.................................................................................................................48Figure 2-50 Viewing operation logs......................................................................................................................48Figure 2-51 Data exchange between the iMana 200 and BMA module................................................................50Figure 2-52 System Resource Usage page............................................................................................................51Figure 2-53 Management network connection......................................................................................................52Figure 2-54 Configuring network port auto-adaptation.........................................................................................52Figure 2-55 NSCI framework................................................................................................................................53Figure 2-56 NSCI data flow diagram....................................................................................................................53Figure 2-57 IPv6 address configuration screen.....................................................................................................54Figure 2-58 User management page......................................................................................................................54Figure 2-59 Configuring NTP parameters.............................................................................................................55

HUAWEI Server iMana Intelligent Management SystemWhite Paper V1.3 Figures


v

Tables

Table 2-1 Operating environment of clients..........................................................................................................10Table 2-2 System event parameters.......................................................................................................................18Table 2-3 OSs not supporting mouse synchronization (The OSs include, but not limited to the OSs in the table)................................................................................................................................................................................21Table 2-4 Sensor parameters..................................................................................................................................27Table 2-5 Indicator parameters..............................................................................................................................29Table 2-6 Encryption algorithms...........................................................................................................................49Table 2-7 Time synchronization sources supported by the iMana 200.................................................................55

HUAWEI Server iMana Intelligent Management SystemWhite Paper V1.3 Tables


vi

1 Overview

About This Chapter

1.1 Introduction to iMana 200

1.2 System Design

HUAWEI Server iMana Intelligent Management SystemWhite Paper V1.3 1 Overview


1

1.1 Introduction to iMana 200The iMana 200 provides IPMI, command-line interface (CLI), Hypertext Transfer ProtocolSecure (HTTPS), SNMP, Web Services-Management (WS-MAN), and Systems ManagementArchitecture for Server Hardware – Command Line Protocol (SMASH-CLP) interfaces, meetingvarious system integration requirements. The iMana 200 complies with Intelligent PlatformManagement Interface 2.0 (IPMI 2.0) standards, Simple Network Management Protocol(SNMP), and Distributed Management Task Force (DMTF) specifications. It performs variousfunctions, including keyboard, video, and mouse (KVM) redirection, text console redirection,remote virtual media, fault diagnosis, and reliable hardware monitoring and management. TheiMana 200 supports various features, which are described as follows:

l Various management interfaces

The iMana 200 provides IPMI, command-line interface (CLI), Hypertext Transfer ProtocolSecure (HTTPS), SNMP, Web Services-Management (WS-MAN), and SystemsManagement Architecture for Server Hardware – Command Line Protocol (SMASH-CLP)interfaces, meeting various system integration requirements.

l Compliance with IPMI 1.5 and IPMI 2.0

The iMana 200 provides standard IPMI management interfaces, which allow integrationwith standard management systems.

l Fault detection and alarm management

The iMana 200 implements fault detection and alarm management, ensuring stableuninterrupted 24/7 system operation.

l Virtual KVM and virtual media

The iMana 200 provides virtual KVM and virtual media, facilitating remote maintenance.

l Web-based user interface (WebUI)

The iMana 200 provides the web-based UI, helping you rapidly set and query deviceinformation.

l Breakdown screenshots and videos

The iMana 200 allows screenshots and videos to be created when the system collapses. Thescreenshots and videos help to identify the cause of system breakdown.

l Screen snapshots and videos

The iMana 200 offers screen snapshots and videos, which simplify routine preventivemaintenance, recording, and auditing.

l Support for DNS and LDAP

The iMana 200 supports domain name system (DNS) and Lightweight DirectoryApplication Protocol (LDAP) to implement domain management and directory service.This feature simplifies the server management network.

l Dual-image backup

The iMana 200 provides software dual-image backups, which allows software to restartfrom the backup image when a failure occurs. This feature enhances system security.

l Asset management

The iMana 200 facilitates asset management.



2

l Intelligent power managementThe iMana 200 uses the power capping technology to improve deployment density anduses dynamic power saving to reduce the operational expenditure (OPEX).

l Security managementThe iMana 200 implements security management in terms of access, account, transmission,and storage. This feature ensures the server security.

1.2 System Design

Figure 1-1 shows the iMana 200 system architecture.

l The KVM module implements remote keyboard and mouse control. When the KVMmodule receives video data from x86 systems over the video graphics array (VGA) port,it compresses the video data and sends the compressed data to a remote KVM client overthe network. When the KVM module receives keyboard and mouse data from the remoteKVM client, it transmits the data to x86 systems by using a simulated USB keyboard andmouse device.

l The iMana 200 uses a system running recorder (black box) to receive data from x86 systemsover the Peripheral Component Interconnect Express (PCIe) interface and to export therecorded information.

l The iMana 200 communicates with x86 systems through a local PC interface to implementIPMI management.

l The iMana 200 provides Fast Ethernet (FE) interfaces, through which remote managementis performed over the network using IPMI and HTTPS.

l The iMana 200 uses sensors to monitor the temperature and voltage of servers. It alsointelligently manages the fan modules and power supply units (PSUs) of servers.

l The iMana 200 supports the network controller sideband interface (NC-SI) technology andVLAN function, which allow more flexible management networking.

Figure 1-1 iMana 200 system architecture



3

2 Functions

About This Chapter

The iMana 200 provides diversified functions to improve management efficiency and reducethe OPEX.

l As Huawei home-grown advanced software, the iMana 200 serves remotely managesservers. It supports KVM redirection, text console redirection, remote virtual media(mapping the DVD-ROM drive, floppy disk drive (FDD), and hard disks from the terminalto the server), and IPMI 2.0-based hardware monitoring and management. The iMana 200is designed based on the carrier-class reliability requirements and supports dual-imagebackups for software.

l The iMana 200 provides various user interfaces, such as the CLI, Web-based UI, andIPMItool management interface. All user interfaces adopt an authentication mechanismand a highly secure encryption algorithm, ensuring access and transmission security.

l The iMana 200 not only monitors servers, but also provides diversified alarms and detailedlogs. For example, the logs contain the CPU core temperatures, voltages, fan speed, PSUfaults, and bus faults. In addition, the iMana 200 allows you to query the information aboutCPUs, memory, and hard disks.

l When a server breaks down, the iMana 200 saves the last information displayed on thescreen, which is used for fault identification. The iMana 200 allows you to set regular orperiodical tasks for capturing screenshots, which requires no manual intervention and savesmaintenance time.

2.1 Various Management Interfaces

2.2 Fault Detection and Alarm Management

2.3 Virtual KVM and Virtual Media

2.4 HTTPS-based Visualization Management Interface

2.5 Breakdown Screenshot and Breakdown Video

2.6 Screen Snapshot and Screen Video

2.7 Domain Management and Directory Service

2.8 Firmware Management

HUAWEI Server iMana Intelligent Management SystemWhite Paper V1.3 2 Functions


4

2.9 Intelligent Power Management

2.10 SOL and System Serial Port Running Information Record

2.11 Security Management

2.12 Unified Communication Interface

2.13 Access Management

2.14 Uniform User Management

2.15 NTP



5

2.1 Various Management InterfacesThe iMana 200 is an out-of-band standalone management system, which complies with theindustry management standards. It is a subnode on the data center management network andmanages, controls, and diagnoses servers. It provides various man-machine interfaces andmachine-machine interfaces, meeting application and integration requirements for servermanagement.

Figure 2-1 iMana 200 management interfaces

2.1.1 Standard IPMI 1.5 or IPMI 2.0 InterfaceThe iMana 200 complies with IPMI 1.5 and IPMI 2.0 standards. It effectively manages serversby using third-party tools, such as ipmitool, through a Block Transfer (BT) or local area network(LAN) channel. If BT channels are used, the third-party tools must run on the operating system(OS) of the local server. If LAN channels are used, the third-party tools can remotely manageservers. The third-party tools must support Windows or Linux.

The following describes the ipmitool command.

l ipmitool command syntax: ipmitool [interface] [parameter] <command>l ipmitool interfaces:

Interfaces:open Linux OpenIPMI Interface [default]imb Intel IMB Interfacelan IPMI v1.5 LAN Interfacelanplus IPMI v2.0 RMCP+ LAN Interface

l ipmitool parameters:Parameters:



6

-h This help-V Show version information-v Verbose (can use multiple times)-c Display output in comma separated format-d N Specify a /dev/ipmiN device to use (default=0)-I intf Interface to use-H hostname Remote host name for LAN interface-p port Remote RMCP port [default=623]-U username Remote session username-f file Read remote session password from file-S sdr Use local file for remote SDR cache-a Prompt for remote password-e char Set SOL escape character-C ciphersuite Cipher suite to be used by lanplus interface-k key Use Kg key for IPMIv2 authentication-y hex_key Use hexadecimal-encoded Kg key for IPMIv2 authentication-L level Remote session privilege level [default=ADMINISTRATOR] Append a '+' to use name/privilege lookup in RAKP1-A authtype Force use of auth type NONE, PASSWORD, MD2, MD5 or OEM-P password Remote session password-E Read password from IPMI_PASSWORD environment variable-K Read kgkey from IPMI_KGKEY environment variable-m address Set local IPMB address-b channel Set destination channel for bridged requestt address Bridge request to remote target address-B channel Set transit channel for bridged request (dual bridge)-T address Set transit address for bridge request (dual bridge)-l lun Set destination lun for raw commands-o oemtype Setup for OEM (use 'list' to see available OEM types)-O seloem Use file for OEM SEL event descriptions

l ipmitool commands:Commands:raw Send a RAW IPMI request and print responsei2c Send an I2C Master Write-Read command and print responsespd Print SPD info from remote I2C devicelan Configure LAN Channelschassis Get chassis status and set power statepower Shortcut to chassis power commandsevent Send pre-defined events to MCmc Management Controller status and global enablessdr Print Sensor Data Repository entries and readingssensor Print detailed sensor informationfru Print built-in FRU and scan SDR for FRU locatorsgendev Read/Write Device associated with Generic Device locators sdrsel Print System Event Log (SEL)pef Configure Platform Event Filtering (PEF)sol Configure and connect IPMIv2.0 Serial-over-LANtsol Configure and connect with Tyan IPMIv1.5 Serial-over-LANisol Configure IPMIv1.5 Serial-over-LANuser Configure Management Controller userschannel Configure Management Controller channelssession Print session informationsunoem OEM Commands for Sun serverskontronoem OEM Commands for Kontron devices



7

picmg Run a PICMG/ATCA extended cmdfwum Update IPMC using Kontron OEM Firmware Update Managerfirewall Configure Firmware Firewalldelloem OEM Commands for Dell systemsshell Launch interactive IPMI shellexec Run list of commands from fileset Set runtime variable for shell and exechpm Update HPM components using PICMG HPM.1 fileekanalyzer Run FRU-Ekeying analyzer using FRU files

l For example, to query all the local users on the iMana 200, run the following command:

BT-based ipmitool command: ipmitool user list

LAN-based ipmitool command: ipmitool -H *.*.*.* -I lanplus -U <user name> -P<password> user list 1

– H: Enter the IP address of the iMana network port after H.

– I: Enter a transmission protocol after I. lan indicates non-encryption. lanplus indicatesencryption.

– U: Enter the local user name after U.

– P: Enter a password for the local user after P.

2.1.2 CLIThe iMana 200 offers the easy-to-use CLI and supports two basic commands: ipmcget andipmcset. The iMana 200 uses these two commands to remotely manage servers. You can log into the iMana 200 over SSH and Telnet to run the two commands.

l ipmcget command syntax:ipmcget [-t target] -d dataitem

-t <target>fru0 Get the information of the fru0led Get led statesensor Print detailed sensor informationsmbios Get the information of smbioseth0 Get the eth0 informationtrap Get SNMP trap statusservice Get service information

-d <dataitem> fanmode Get fan mode fanlevel Get the percentage of the fan speed port80 Get the diagnose code of port 80 bootdevice Get boot device shutdowntimeout Get graceful shutdown timeout value health Get health status healthevents Get health events sel Print System Event Log (SEL) version Get ipmc version serialnumber Get system serial number userlist List all user info fruinfo Get fru information ipmctime Get ipmc system time macaddr Get mac address serialdir Get front panel serial direction rollbackstatus Get rollbackstatus



8

passwordcomplexity Get password complexity check enable state remotemanageid Get Remote Manage IDl ipmcset command syntax:

ipmcset [-t target] -d dataitem [-v value]

-t <target>fru0 Operate with fru0led Operate with ledeth0 Set eth0 ip addresssensor Operate with sensortrap Operate SNMP trapservice Operate with serviceuser Operate with user

-d <dataitem> fanmode Set fan mode,you can choose manual or outo fanlevel Set fan speed percent download Download SOL or Black box command identify Operate identify led pgrade Upgrade component clearcmos Clear CMOS bootdevice Set boot device reset Reboot IPMC system shutdowntimeout Set graceful shutdown timeout value frucontrol Fru control powerstate Set power state sel Clear SEL adduser Add user password Modify user password deluser Delete user privilege Set user privilege serialdir Set front panel serial direction printscreen Print current screen to bmc rollback Perform a manual rollback timezone Set time zone passwordcomplexity Set password complexity check enable state remotemanageid Set Remote Manage ID

2.1.3 HTTPS InterfaceThe iMana 200 offers visual WebUI for management by using HTTPS.

l You can quickly set parameters and query tasks on the UI.l The iMana 200 monitors the OS startup, OS operations, and DVD-ROM drive or FDD

mapping over a remote console.

Open Internet Explorer, enter the IPv4 or IPv6 address or domain name of the iMana networkport in the address box, and press Enter. The login page is displayed. Enter a local user accountor LDAP domain account to log in to the iMana WebUI.

Table 2-1 lists the OSs, browsers, and Java runtime environment (JRE) supported by the iManaWeb.



9

Table 2-1 Operating environment of clients

RunningEnvironment

Configuration Requirement

OS Windows XP 32-bit

Windows 7 32-bit or 64-bit

Windows 8 32-bit or 64-bit

Windows Server 2008 R2 64-bit

Windows Server 2012 64-bit

Red Hat Enterprise Linux 4.3 64-bit

Red Hat Enterprise Linux 6.0 64-bit

Mac OS X v10.7

Web browser Internet Explorer 8.0, 10.0, or 11.0 (applicable only toWindows)Internet Explorer 10.0 and 11.0Do not support Windows XP

Mozilla Firefox 9.0 or 23.0

Chrome 13.0 or 31.0 (applicable only to Windows)

Safari 5.1 (applicable only to Mac)

JRE JRE 1.6.0 U25 or 1.7.0 U40

2.1.4 SNMP InterfaceSNMP is a communication protocol between Network Management Services (NMSs) andAgents. It defines the standard management framework, common languages in communication,and security and access control mechanisms used for monitoring and managing devices on anetwork.

SNMP has the following advantages:

l TCP/IP-based standard protocol, with UDP as the transport layer protocol

l Automatically manages the network. Administrators can search and modify information,identify and diagnose network problems, plan for capacity, and generate reports on networknodes using the SNMP platform.

l Shields physical differences between various devices, implementing automaticmanagement of products from different vendors. Offering only the basic set of functions,SNMP makes the management tasks independent of both the physical features of themanaged devices and the underlying networking technology. Therefore, SNMP achieveseffective management of devices from different vendors.



10

l Combines simple request-reply mode and active notification mode and provides a timeoutand retransmission mechanism.

l Few packet types and simple packet format, which facilitates resolution andimplementation.

l Authentication and encryption mechanisms provided in SNMPv3, which enhances securityby the user-based and view-based access control function.

The iMana 200 provides SNMP interfaces. SNMP provides operations including Get, Set, andTrap, enabling third-party software to manage servers in a centralized manner by using theSNMP interfaces. The SNMP agent supports SNMPv1, v2c, and v3. Only SNMPv3 is enabledby default. The get and set operations for SNMPv1 and SNMPv2c have different communitynames. Their default community names are roHuawei12#$ and rwHuawei12#$ respectively.SNMPv3 supports message digest algorithm 5 (MD5) or secure hash algorithm (SHA) forauthorization and Data Encryption Standard (DES) or Advanced Encryption Standard (AES)for encryption. The default authorization algorithm is SHA and encryption algorithm is AES.The security user name and login user name are the same. The SNMPv3 security user shares thesame set of local user names with the web-based UI, CLI, SMASH-CLP, and IPMI LANinterfaces. The password of the SNMPv3 security user must contain at least eight characters.

The SNMP agent interface supports query of the following information: system health status,system health events, hardware status, memory and CPU models, alarm reporting configuration,local user and domain account (LDAP) configuration, power statistics, asset information, heatdissipation management, firmware version, network management, power capping, and DNS.

SNMP interface application scenario:

l Scenario 1—open-source based management

You can use the third-party open-source MIB tool, such as MG-SOFT MIB Browser, and CLItool to perform operations on each MIB node over SNMP, usually for testing or temporaryremote management and maintenance for servers.

l Scenario 2—simple integration management

Network management software compiles and imports SNMP MIB definition files. Using thenetwork management software, you can manage servers over SNMP interfaces, set trigger scriptsfor important information, and re-map trap events. Huawei network management software isconnected to command management software, such as CA, IBM System Director, and HP SIM.

l Scenario 3—in-depth integration management

Network management software supports various integrated management plug-ins for differentserver vendors. The plug-in can receive operation commands from the network managementsoftware, query and set iMana information over the SNMP interface, and send back theinformation to the network management software for display in the format defined by theinterface. Huawei has developed plug-ins for VMware vCenter, and Microsoft System Center.

2.1.5 WS-MAN InterfaceThe WS-MAN compile interface is object-oriented and across platforms and OSs. The iMana200 implements web-based management by using the WS-MAN based on Simple Object AccessProtocol (SOAP), allowing the system to use management information regardless of the systemtype or platform. WS-MAN provides a unified method to access and exchange management



11

information across the IT infrastructure, which helps reduce IT management costs and simplifyIT management.

WS-MAN manages the system based on the common information model (CIM). Figure 2-2shows the WS-MAN information traffic. The CIM provides a scalable universal definition forthe managed information, such as the system, network, applications, and services.

Figure 2-2 WS-MAN information traffic

2.1.6 SMASH-CLP InterfaceSMASH-CLP is a command line protocol. It belongs to the DMTF SMASH standards, definesthe standard operation Verbs (such as cd, show, set, create, delete, start, stop, load, reset, andhelp), and provides object-oriented CIM interfaces. The SMASH-CLP is easy to integrate,simplifying the management complexity of the network management platform on heterogeneousservers.

Use the Secure Shell (SSH) or Telnet client to log in to the iMana 200. Type hwsmash and pressEnter to display the CLP operation environment. Check that the following prompt is displayed:

iMana:/->

The command syntax is as follows: <verb> [<options>] [<target>] [<properties>].



12

Figure 2-3 The following figure shows the CLP framework:

l The CLP performs the following functions:

– Queries the properties and status of the CPUs, memory, hard disks, power supply units(PSUs), and fan modules.

– Queries and upgrades iMana and basic input/output system (BIOS) firmware versions.

– Views and modifies the names, passwords, and rights of local users.

– Powers on, powers off, restarts, and gracefully reboots servers.

– Queries and clears system event logs (SELs).

– Queries and sets the boot device.

– Queries and sets DNS information and IP addresses.

– Queries and sets SNMP trap community names, protocol versions, alarm reportinglevels, receiving addresses, and port configurations.

2.2 Fault Detection and Alarm Management



13

2.2.1 Fault DetectionThe iMana 200 not only monitors servers, but also provides reliable fault detection and faultpredict mechanisms. The iMana 200 detects the following faults:

l CPU hardware faults (CAT ERROR, self-checking failures, and configuration errors)l High temperature faults (for air intake vents, CPUs, DIMMs, and PSUs)l Mainboard and board voltage faultl Fan faultsl PSU faults (AC/DC input lost, high temperatures, and fan module faults for PSUs)l Bus faults (I2C and IPMB)l Memory faults (number of correctable ECC errors exceeds the threshold, high

temperatures, and configuration errors)l Hard disk faults (PFAs and invalid RAID)l System breakdown

2.2.2 Fault DiagnosisThe iMana 200 integrates a machine check exception (MCE) troubleshooting system FDM,which is an out-of-band x86 hardware fault processing system to record, report, locate, and warnhardware faults.

Application scenarios:

1. A black screen is displayed or the system stops responding when the CATERR fault occursduring server operating. No MCE data is recorded because of incompatible OSs. The iManaearlier than iMana 200 only records the CATERR fault but cannot locate the fault.

2. The server does not break down after long-time operation, but has lots of recoverable/correctable faults (ECC). You need to handle those faults promptly although they do notaffect services temporarily.

3. As hardware faults hardly occur and are identified mainly based on maintenance personnel'sexperience, multiple insertion-removal or replacement operations cause low efficiency infault diagnosis, which causes trouble for customers.

4. Faults cannot be recorded completely, let alone location, pre-warning, and in-depthhandling for the faults.



14

Figure 2-4 Functions of the MCE troubleshooting system

The iMana 200 uses the following technologies:

l Complete and automatic fault data collecting

The iMana 200 integrates in-band and out-band fault data collection technologies and the twotechnologies can be switched automatically.

l Comprehensive and sustainable iMana-centric out-of-band fault handling system

The iMana 200 collects all faults, analyzes and locates the faults on the out-of-band system, andgenerates prewarnings, solving the problem that system performance is affected because the OSis insufficient to handle the faults and cannot be controlled.

l Fault diagnosis expert system (to be implemented)

The iMana 200 can automatically locate fault sources and provide solutions based on thecollected fault data using the fault diagnosis expert system. The system is established byanalyzing the MCE fault mechanism and summarizing the fault pattern data.

2.2.3 System Running RecorderThe iMana 200 provides the system running recorder function. The system running recorderconsists of a black box (KBox) module, FPGA, iMana, and analysis tool (hwkbox). The functionis disabled by default. Figure 2-5 shows how the Linux system running recorder works. Thesystem running recorder records the kernel stack information when kernel panic occurs, andexports and provides the information to the third party. The third party defines the informationitself. The fault data (black box data) cannot lost upon system startup and power-on or poweroff, but can be lost only at AC power failure.



15

Figure 2-5 System running recorder

Application scenario 1

When kernel panic occurs, the registered black box automatically records the kernel stackinformation and saves the location information to a DDR using a DDR controller over a PCIeinterface. Only 16 MB data can be saved. After the system restarts, a system-side location toolreads and analyzes the location information in the DDR over the PCIe interface. Even if thesystem cannot be started, the iMana 200 can export the information from the DDR (as shown inFigure 2-6)and analyzes the information using a dedicated analysis tool. Currently, the locationinformation can be exported only to the OS and analyzed using the hwkbox analysis tool.

Application scenario 2

The third-party application records a maximum of 2 MB run logs to the FPGA DDR using awrite interface of the black box. When the application is faulty, the system reads and analyzesthe run logs using a read interface on the black box or the iMana 200. This facilitates faultlocation.

Figure 2-6 Downloading black box data



16

2.2.4 Startup Self-Check CodeThe startup self-check code records information about the self-check performed upon systemstartup. The information indicates whether a specific fault occurs. Different codes indicatedifferent faults. You can locate the startup faults by querying the fault code table. See Figure2-7.

Figure 2-7 Startup self-check code page

2.2.5 Event ManagementThe iMana 200 provides the following alarm management functions:

l Monitoring and alarm management for all hardwarel Detailed log descriptionl Local storage and archivingl Log management based on visualization, filtering, sorting, and downloadingl Remote alarm reporting over SNMP trap, and emailsl Alarm reporting to multiple destinations

System events are recorded in files in real time. When 1000 events are recorded, automaticbackup occurs. A maximum of three backup files can be saved. If there are more than three files,the oldest backup file is automatically deleted.

The System Events page allows you to query, sort, filter, and clear all system events, as shownin Figure 2-8.



17

Figure 2-8 System Events page

Table 2-2 describes the system event parameters.

Table 2-2 System event parameters

Parameter Description

Severity Indicates the severity level of the event.Values: OK, Minor, Major, and Critical

Generation time Specifies the time when the event is generated.

Sensor Specifies the sensor where the event is generated.

Eventdescription

Provides information about the event.

Event code Indicates the code of the event.

State Indicates the current status of the event.Values: Generated and Cleared

2.2.6 Fault ReportingThe iMana 200 monitors hardware and system status in real time and reports alarms to remotedestination servers over SNMP trap and emails.

SNMP trap supports the following features: A maximum of four destinations. You can set status,IP addresses, ports, and alarm formats for the destinations. Event reporting based on severity.Versions of v1, v2c, and v3. SNMPv1 is enabled by default. If you use SNMPv3, select a trapv3 security user from local users and configure v3 authentication and encryption algorithms.Host identifiers and location contained in trap messages. A host identifier can be a board SN,



18

product asset label, or host name. Test messages can be sent to the destinations. See Figure2-9.

SMTP supports a maximum of four destinations. The following operations are supported:

l Set the addresses and states of the mail boxes that receive logs and alarms.l Send test mails to the destinations.l Log in to the SMTP server with or without authentication.l Enable TLS to encrypt mails.l Configure the title and mail sender of the email template. See Figure 2-10.

Figure 2-9 SNMP trap configuration page

Figure 2-10 SMTP configuration page



19

2.3 Virtual KVM and Virtual MediaOn the Remote Control page, you can use the virtual KVM, virtual media, and manual recordingfunctions to power on, power off, or restart servers. Figure 2-11 shows the Remote Controlpage.

In full screen or split-screen mode of the remote console, press Ctrl+Alt+Shift to show thetoolbar.

Figure 2-11 Remote console

2.3.1 Virtual KVMThe virtual KVM function allows you to monitor and control remote devices in real time byusing the local KVM. You can operate remote devices using the virtual KVM. The virtual KVMsupports:

l 400 x 400 to 1280 x 1024 resolution

l Mouse synchronization: Ensure that the remote OSs support mouse synchronization. Table2-3 lists the OSs that do not support mouse synchronization.

l Absolute, relative, and single mouse modes

l Exclusive and collaborative modes: Both parties in collaborative mode can operate a remoteserver at the same time. To ensure security, use the exclusive mode.

l Operating environment: To enable the virtual KVM function, the browser, OS, and JREversions on the client must meet the software requirements listed in Table 2-1.

l Color depth: 8-bit color, providing a maximum of 255 colors

l Combination key: allows users to customize any six-key combination for sendingcommands.



20

l Encryption: The AES128 CBC encryption algorithm is adopted for video, keyboard, andcontrol command data.

For OSs that cannot provide the position of the mouse in absolute mode, the virtual KVM doesnot support the mouse synchronization function.

Table 2-3 OSs not supporting mouse synchronization (The OSs include, but not limited to theOSs in the table)

OS Not Supporting Mouse Synchronization

SUSE Linux Enterprise Server 11 Service Pack 1 for x86 (32-Bit)

SUSE Linux Enterprise Server 11 Service Pack 1 for Intel EM64T (64-Bit)

Figure 2-12 shows how the virtual KVM is implemented.

l When receiving data from a remote client, the iMana 200 compresses the data and transmitsthe compressed data to the local client over a network. The local client consoledecompresses the data received and displays the data on the local client.

l The virtual KVM console captures local mouse and keyboard events and transmits theevents to a remote client over a network. The iMana 200 simulates the local keyboard andmouse to transmit the events to a remote server service system over the USB channel.

Figure 2-12 Virtual KVM in the iMana 200

2.3.2 Virtual MediaThe virtual media function allows you to use a virtual USB DVD-ROM drive or an FDD toremotely access the local media (such as the DVD-ROM drive, FDD, DVD-ROM image file,



21

floppy disk image file, hard disk folder, and USB key) over a network. The virtual media datais encrypted using the AES128 CBC encryption algorithm. To use the virtual media function,the client must be equipped with the OS and the JRE of proper versions. For details, see Table2-1.

The purpose of virtual media is to virtualize the local media devices to the media devices on theremote client over a network. Figure 2-13 shows how virtual media is implemented.

Figure 2-13 Virtual media in the iMana 200

The iMana 200 exchanges data with hosts through USB 2.0 channels. The virtual media providesthe following functions:

l Virtualizing devices

The PC or image file on a client is mapped to a connected server. Then the server can detectthe client as a USB device.

The following can be virtualized:

FDD

DVD-ROM drive

USB key

Folder

An FDD can be virtualized along with other devices.



22

l The virtual media provides the following features:

The virtual DVD-ROM drive supports a transmission rate of up to 32 Mbit/s and 24 Mbit/s in a VLAN.

The virtual FDD supports a maximum transmission rate of 4 Mbit/s.

l Preparing image files

The content on a floppy disk or a DVD-ROM can be created as an image file and storedon a hard disk.

2.4 HTTPS-based Visualization Management InterfaceThe iMana 200 offers web-based UI for visual management by using HTTPS. You can quicklyset and query information on the UI. The iMana 200 supports Internet Explorer, Firefox, Chrome,and Safari. For details, see Table 2-1.

To log in to the iMana Web, perform the following steps:

Step 1 Open Internet Explorer, enter http://iMana IP address[:port] or https://iMana IP address[:sslport] in the address box, and press Enter, as shown in Figure 2-14.

NOTE

The port number is optional. If the port number is not 80 or the sslport port number is not 443, you mustenter the port number after the IP address. For a method of changing the port number, see 2.11.4 ServiceManagement.

Figure 2-14 Entering the iMana IP address

Step 2 On the login page, enter the user name and password or select a domain if a domain account isused, and click Log In, as shown in Figure 2-15.

Figure 2-15 iMana 200 login page



23

NOTE

The Summary tab page displays the key system information, as shown in Figure 2-16.

Figure 2-16 Summary tab page

----End

2.4.1 Viewing System InformationThe Overview page displays the system information, including the system status, iManainformation, system configurations, and active alarm information, and provides links to commonoperations, as shown in Figure 2-17.

Figure 2-17 Overview page



24

2.4.2 Querying System InformationThe system information includes the firmware versions, asset information, and system hardwareinformation.

Firmware Version

The firmware version information includes the iMana, CPLD, FPGA, BIOS, and Uboot versions,the PCB versions and board IDs of mezz modules (RAID controller cards, mezz modules, andhard disk backplane). Figure 2-18 shows the Firmware Version page.

Figure 2-18 Firmware Version page

Asset Information

The asset information includes information about the mainboard and all FRUs. Figure 2-19shows the Asset Information page.

Figure 2-19 Asset Information page



25

When working with the in-band board management agent (BMA) module, the iMana 200 allowsyou to view physical hard disk information, including the manufacturer, maximum rotationalspeed, capacity, bus protocol type, serial number, online status, RAID reconstruction progress,model, and firmware versions. The iMana 200 of the current version does not allow you to viewthe information about the hard disks that connect to standard RAID controller cards and PlatformController Hub (PCH) storage controller unit (SCU) interfaces. For details about the BMAmodule, see the Server BMA V100R002 User Guide at http://support.huawei.com/enterprise/productsupport.

System HardwareThe system hardware information includes the configured number and maximum number of keysystem components, and component models. Figure 2-20 shows the System Hardware page.

Figure 2-20 System Hardware page

2.4.3 Real-Time MonitoringReal-time monitoring involves monitoring of components, sensors, and indicators.

ComponentThe Component page displays the key monitoring information, as shown in Figure 2-21.



26

Figure 2-21 Component page

Sensor

The Sensor page displays all sensor information, as shown in Figure 2-22. Table 2-4 describessensor parameters.

Figure 2-22 Sensor page

Table 2-4 Sensor parameters


Sensor Name of a sensor



27


Current value Current value of the sensor

Unit Unit of the sensor value

Lower critical The system generates a critical alarm when the sensor value exceedsthis threshold.

Lower major The system generates a major alarm when the sensor value exceedsthis threshold.

Lower minor The system generates a minor alarm when the sensor value exceedsthis threshold.

Upper minor The system generates a minor alarm when the sensor value exceedsthis threshold.

Upper major The system generates a major alarm when the sensor value exceedsthis threshold.

Upper critical The system generates a critical alarm when the sensor value exceedsthis threshold.

Indicator

The Indicator page displays sensor information, including the indicator name, state, supportedcolors, and default colors for the local control and override state, as shown in Figure 2-23.

The indicator state information includes the control state, illumination state, and current color.

l The control state includes the following states:

– Local Control: indicates that the system sets the indicator status based on the serverhealth status.

– Override: indicates that the indicator status is set by users.

l The illumination state includes on and off.

You can click an indicator name to set the indicator status, blinking frequency, test period, color,and on/off state. Table 2-5 describes the indicator parameters.

Figure 2-23 LED



28

Table 2-5 Indicator parameters


State Specifies the indicator status.

Blink Specifies the indicator blinking interval. You can select an indicator colorfrom the Color drop-down list.NOTE

The blinking duration ranges from 10 ms to 2500 ms.

Test Time for which an indicator is on. You can select an indicator color fromthe Color drop-down list.NOTE

The time range is 100 ms to 12,700 ms.

On/Off Switch for turning on or off an indicator.

Switch to thenormal state

Restores the indicator to the normal state.

2.4.4 Device LocationThe Device Location page allows you to set the status of the location indicator. By illuminatingthe UID indicator on the device panel, you can quickly locate the device to be operated amonga large number of devices in the equipment room.

Figure 2-24 Device Location page

2.4.5 ConfigurationThe Configuration page displays all information configured on the iMana 200, as shown inFigure 2-25. The iMana 200 also allows you to restore the default settings.



29

Figure 2-25 Configuration page

2.5 Breakdown Screenshot and Breakdown Video

2.5.1 Breakdown ScreenshotWhen detecting a system breakdown, the iMana 200 stores the last screenshot in a specificformat, as shown in Figure 2-26. You can log in to the iMana 200 to view the screenshot orremotely download the screenshot to a local folder to locate a fault.

Figure 2-26 Rule of the breakdown screenshot

The iMana 200 stores a maximum of three breakdown screenshots. The oldest screenshot willbe overwritten when a new screenshot is created.

You can choose Events and Logs > Remote System Screen > Last Screen to view screenshots,as shown in Figure 2-27.



30

Figure 2-27 Breakdown screenshot

2.5.2 Breakdown VideoWhen the iMana 200 detects a system breakdown, it records the screen output that was displayed1 minute around the breakdown and stores the compressed screen video to an external storagedevice. The iMana 200 supports automatic video recording when the host CAT error, systempower-off, or system restart occurs. For the host CAT error, the recording files are stored in theiMana 200 flash memory, and for the other two situations, the recording files are stored in theiMana 200 memory. When a server breaks down, you can log in to the iMana 200 to export thevideo clip to a local folder and view the video using the video playback console for fault location.

Figure 2-28 shows the video playback console.



31

Figure 2-28 Video playback console

2.6 Screen Snapshot and Screen Video

2.6.1 Screen SnapshotThe screen snapshot function is designed for system inspection. You can capture and save thescreen outputs of the current system on the CLI. You can remotely obtain screen outputs froma local client and view screens of all inspected servers.

Compared with the virtual KVM, the screen snapshot does not need login over HTTPS. Youcan obtain screen snapshots by using the CLI. The CLI allows scripts to be executed, whichfacilitates automatic server inspection. You can also obtain current system screen snapshots onthe WebUI.

Obtaining Screen Snapshots by Using the CLIScreenshot command: printscreen

The printscreen command is used to take screenshots for information displayed on a servermonitor.

Function

The printscreen command is used to take screenshots for information displayed on a servermonitor.

Syntax



32

ipmcset -d printscreen -v wakeup

Parameter description

When the wakeup parameter is used, the system takes a screenshot for the current informationand is woken up from the screensaver mode.

Usage guidelines

After the printscreen command is executed, the iMana 200 automatically saves the screenshotas the screen.bmp file to the tmp directory. You need to load the file to a client that supportsviewing .bmp files over FTP or SFTP before viewing the screenshot.

Obtaining Screen Snapshots from the Web PageOn the iMana 200 WebUI, you can choose Events and Logs > Remote System Screen >Manual to obtain the screen snapshot, as shown in .

Figure 2-29 Obtaining screen snapshots

2.6.2 Screen VideoThe screen video is a remote KVM recording function provided by the remote console, and canbe enabled. The video format is defined by a user and the video file is saved in the local (theKVM console is opened). It records virtual KVM operations to ensure security or meet otherspecial requirements. When the screen video function is enabled, the virtual KVM consoleautomatically records all information displayed on the screen and all operations that have beenperformed to a self-defined video file.



33

Figure 2-30 Enabling/Disabling the screen video function

The iMana 200 integrates a video file playback tool for playing videos.

Figure 2-31 Video playback console



34

2.7 Domain Management and Directory ServiceWith development of enterprise applications, IT infrastructure capacity is increasing, whichincreases workloads in asset management and daily management. The iMana 200 providesdomain management and catalog service to streamline tedious IT infrastructure management.

2.7.1 Domain ManagementYou can add all managed servers to a domain and visit access the iMana 200 using the domainname. If the domain name is the asset number of a managed server, the domain controller canhelp count assets. This greatly reduces IT asset management costs.

Step 1 Add the computer to the domain.

1. Log in to the iMana 200 using the domain name, choose Configuration > Network >DNS, and click the DNS tab.

NOTE

Domain Name System (DNS) is an Internet service. The DNS maps easy-to-remember domain namesand IP addresses. This helps you easily access the network.

2. The UI shown in Figure 2-32 enables you to set DNS bound network port and methods ofobtaining DNS information. Click OK after setting operations.

3. Set Domain Name, Primary DNS Server, and Secondary DNS Server if ManuallyObtain DNS Information is selected.



35

Figure 2-32 Configuring DNS parameters

Step 2 Set a host name. See Figure 2-33.

----End

Figure 2-33 Host Name page

----End

2.7.2 Directory ServiceThe directory service integrates user management, rights assignment, and validity managementon the iMana 200 into the directory server, as shown in Figure 2-34. This minimizes repeateduser configuration tasks and improves management efficiency. In addition, centralized usermanagement greatly enhances the security of the iMana 200.

The advantages of LDAP are as follows:

Scalability: dynamically add users on the LDAP server in all the iMana 200s at the same time.

Security: User password policies are all implemented on the LDAP server.

Real-time performance: Any account update on the LDAP server takes effect immediately onall the iMana 200s.

High efficiency: integrates user management, rights assignment, and validity management onthe iMana 200 into the catalog server. This minimizes repeated user configuration tasks andimproves management efficiency.

Supports the active directory and New Technology LAN Manager (NTLM) authenticationfunction.

To ensure security, LDAP supports only LDAPS that uses the SSL encryption algorithm andallows you to modify LDAPS port information. Plain text-based LDAP is not supported. Toensure the authenticity of an LDAP server, LDAP supports certificate authentication for serversand you can import the root CA certificate of the LDAP server into the iMana 200 for verification.Set the domain controller address to the user name of the root CA certificate because theconsistency of the two needs to be checked during authentication.



36

Figure 2-34 Directory service work process

The LDAP User page is displayed, as shown in Figure 2-35.

NOTE

LDAP is a protocol for accessing online directory services over an IP network. LDAP directories can helpstore any types of data, such as email addresses and mail routing information, so that you can query theinformation conveniently.

View or set the LDAP user information on the LDAP User page, as shown in Figure 2-35.

Figure 2-35 LDAP User page

On the LDAP User page, you can perform the following operations:

l Enable or disable LDAP.



37

l Enable certificate verification.

l Set the LADPS port number. The default value is 636.

l Import LDAP root certificate.

l Set a domain controller address.

The domain controller address is the IP address or domain name of the server where theactive directory is located. The domain controller address consists of a maximum of 255characters.

l Set a user domain.

The user domain is the domain for logging in to the iMana 200 page in the active directory.The user domain name can contain a maximum of 255 characters.

l Set a group name.

The group name is the name for logging in to the iMana 200 page in the active directory.The group name can contain a maximum of 32 characters.

l Set a group domain.

The group domain is the domain for logging in to the iMana 200 page in the active directory.The group domain name can contain a maximum of 255 characters.

l Set the group privilege.

The group privilege is the permission for logging in to the iMana 200 page in the activedirectory. There are three types of users: administrators, operators, and common users.They are granted with different operation permissions.

2.8 Firmware ManagementFirmware management involves the iMana firmware, BIOS, CPLD, and LCD. It allows to queryfirmware version, upgrade firmware, and switch dual-image.

2.8.1 Firmware Dual-image BackupThe iMana 200 uses firmware dual-image backup to improve system reliability. When flashmisoperations occur or storage modules are damaged, the system automatically switches to thebackup image and generates an alarm, indicating that image redundancy becomes invalid.

Switching Over Images Using CLI Commands

Function

The rollback command implements switchovers between the current iMana image file and itsbackup.

Syntax

ipmcset -d rollback

Switching Over Images on the Web Page

In the navigation tree, choose Configuration > Firmware Upgrade. The FirmwareUpgrade page is displayed, as shown in Figure 2-36.



38

The iMana and BIOS version information are displayed on this page, and a user is allowed toswitch images and restart the iMana 200.

Figure 2-36 Firmware Upgrade page

2.8.2 Firmware UpgradeThe firmware upgrade involves iMana firmware (including FPGA), BISO, and CPLD upgrades.iMana firmware upgrade supports version rollback and two take-effect modes (manual andautomatic). Figure 2-37 shows the Firmware Upgrade page. For the compatibility purpose,you are advised to upgrade active and standby iMana images to the same version.

Figure 2-37 Firmware Upgrade page

2.9 Intelligent Power ManagementThe iMana 200 provides multiple intelligent power management methods to reduce total costof ownership (TCO).

2.9.1 Power ControlThe Power Control function allows you to control the power supply for a server, as shown inFigure 2-38; Support for disabling panel power button.

Power control involves the following:



39

l Power On: powers on the server.l Forcibly Power Off: powers off a server without waiting for the response from the OS. This

option has the same result as the operation that you hold down the power button on thefront panel of the server.

l Graceful Power Off: powers off a device. The iMana 200 sends an ACPI interrupt to theOS. If the OS supports the ACPI interrupt, the iMana 200 shuts down the OS (ends allrunning processes) and then powers off the device. If the OS does not support the ACPIinterrupt, the iMana 200 powers off the device forcibly after the graceful power-off timeoutperiod ends. The result is the same as the operation that you press the power button on thefront panel of the server.

l Restart: indicates cold reset. The iMana 200 can reset the system through the southbridgedirectly, without the need of powering off the OS.

l Graceful Reboot: powers off and then powers on the server. The iMana 200 shuts downthe OS and then power off the server. The iMana 200 powers off the device forcibly afterthe graceful power-off timeout period ends, and then powers on the server.

l NMI: sends a non-maskable interrupt (NMI) to the OS to collect kernel stack informationand sends the information to the console, which is used for identifying the causes of systemexceptions.

Figure 2-38 Power Control page

2.9.2 Power CappingCurrently, data centers are facing a challenge that enterprises consume a lot of electric powerand space and have high refrigeration costs. The available resources can hardly meet ever-increasing energy and refrigeration requirements. The top priority for data centers is to saveenergy and reduce energy consumption using innovative technologies. In traditional data centers,customers spend enormous amounts building electric power infrastructure to ensure servicecontinuity. In addition, IT administrators usually use excessive power supply to meet systempower requirements. The power capping technology helps control energy consumption of eachserver, avoiding excessive energy supply. The saved energy realized by the power cappingtechnology can be used for capacity expansion in data centers.

In the navigation tree, choose PS Management > Power Capping. The Power Capping pageis displayed, as shown in Figure 2-39.

You can set the power upper limit. If the system power exceeds the upper limit, specific actionsare triggered to ensure that the chassis power is properly distributed.

Set Power Capping State, Power Limit, and Follow-up Action After Power Capping Failsas required, and click OK, as shown in Figure 2-39. After the configuration, Operationperformed successfully is displayed.



40

Follow-up Action After Power Capping Fails has the following value options:

l Event log: logs information about a power capping failure in the system event file.l Shut down: The iMana forcibly powers off the server within 15s.

Figure 2-39 Power Capping page

2.9.3 Power Statistics and Power History LineThe iMana 200 provides accurate energy monitoring information and historical power statistics.This helps system administrators know about the actual usage of electric power and heatdissipation resources. You can adjust the server consumption based on historical power data.

In the navigation tree, choose PS Management > Power Statistics. The Power Statistics pageis displayed, as shown in Figure 2-40. The page displays Current Power, Total CPU Power,Total Memory Power, Peak System Power, Average System Power, and ConsumedElectricity.

Click Recollect to recollect information about the peak system power, average system power,and consumed electricity.

Figure 2-40 Power Statistics page

In the navigation tree, choose PS Management > Power History. The power history userinterface (UI) is displayed, as shown in Figure 2-41.

The page displays the recent power history in line charts and tables. To view the power statisticsin recent periods, click Last Week or Last Day. To refresh the line charts and tables, clickRecollect. To download historical power information, click Download.



41

On this page, you can view the recent device power changes and understand the device runningstatus in a certain period.

Figure 2-41 Power History page

2.9.4 Active and Standby PSUsWhen the service power consumption requirement is met, set some power to hot standby toimprove the power conversion efficiency.

l The feature implementation principles are described as follows:

When the service power consumption requirement is met, set the output voltage of some PSUsto 0.3 V lower than the output voltages of other PSUs to suppress the current output of the standbyPSUs by using the voltage difference. The service system is powered by the active PSUs, andthe PSUs with a lower output voltage work in hot standby mode. If the active PSUs are abnormal,the standby PSUs switch to the active state to supply power to the entire service system, withoutaffecting services.

The standby PSUs switch to the active state (from the active/standby mode to the load balancingmode) when:

1. Active PSUs are removed.

2. The output voltage of active PSUs is low or active PSUs have no output.

3. Active PSUs have a high temperature, no input, overcurrent, or overvoltage.

The system power reaches 75% of the total rated power of active PSUs (Note: When the systempower is less than 65% of the total rated power of active PSUs, the previous standby PSUsswitches to the standby state).

The page allows you to set the PSU working mode and set active PSUs, as shown in Figure2-42.



42

Figure 2-42 Active and standby PSUs page

2.10 SOL and System Serial Port Running InformationRecord

2.10.1 SOLThe iMana 200 provides the SOL function. This function redirects the serial port data, which issent only through a serial cable originally, to the remote network devices for sending, and allowsthe system to receive data from remote network devices. Figure 2-43 shows how the SOLfunction is implemented. Management personnel can query the data using a network terminalsent by the serial port in real time and perform operations on the OS. The effect is the same asthat a near-end serial port is used.

Figure 2-43 SOL

2.10.2 Recording System Serial Port InformationThe iMana 200 records the system serial port information. Figure 2-44 shows how the functionis implemented. The iMana 200 records real-time system serial port data to the FPGA DDR. Ifthe data volume exceeds 1 MB, the earliest data will be overwritten. When the system breaksdown or restarts, you can export and view the serial port information from the iMana 200.



43

Figure 2-44 Recording system serial port information

2.11 Security Management

2.11.1 Scenario-based Login RestrictionTo ensure security, the iMana restricts the server management access to the minimum scopebased on time, location (IP address or MAC address), and roles. This feature is applicable onlyto the login from the web.

You can set the login whitelist that supports a maximum of three login rules. A user who followsany of these rules can log in to the iMana; otherwise, login fails.

Each login rule contains the duration, user source IP address, and user source MAC address. Alogin rule is followed only when all the three conditions are met. Login rules are applicable toeach local user and LDAP user group. By default, users have no login rule.

After the access duration has expired, login users are forced to log out. The iMana 200 supportsan emergency administrator who has no login restriction when the password is invalid. You canlog in to the iMana 200 as the emergency administrator for management when other user accountscannot log in.

The three fields of a login rule are described as follows:

Duration: includes the start time and end time in the format of YYYY-MM-DD HH:MM, YYYY-MM-DD, or HH:MM. The value can be empty.

IP address: supports a single IPv4 address or IPv4 address segment, and does not support anIPv6 address. The value can be empty.

MAC address: supports a single MAC address of MAC address segment (specifies the NICvendor by using only the first three fields in an MAC address). The value can be empty.

The page allows you to set and enable login rules, as shown in Figure 2-45



44

Figure 2-45 Setting login rules

2.11.2 Account SecurityAccount security measures include the password complexity check, password validity period,maximum historical password repetition times, and account lock.

The password validity period is applicable to all local users, in the unit of day. You can log into the iMana 200 for management only within the validity period. When the validity periodexpires, you are not allowed to log in to the iMana, but login user can continue to access theiMana 200.

The validity period of a password ranges from 0 to 360 days. 0 indicates that the password ispermanently valid. The validity period starts from the creation date and counted by natural time.The days when servers with AC power failures are also included in the validity period. Theperiod is not affected even if the iMana system time changes. When the iMana system timechanges, the iMana 200 automatically updates the start time of the validity period of each userpassword. When your password will expire within 10 days, the system reminds you to changethe password in a timely manner after you log in from the web or CLI. The system logs an eventafter a password validity period expires.

To prevent the inconvenience caused by expired passwords, you can perform the followingoperations:

1. Configure an emergency administrator account whose password is permanently valid andwho can log in to the iMana 200 during login restriction.

2. Log in to the BIOS and change the password of user 2, which is an administrator by default.3. Log in to the OS on the local device and use a third-party tool (for example, IPMItool) to

set a new password through BT channels.4. Set a new password for a blade server by using the management module (MM).

Figure 2-46 Account security configuration

2.11.3 SSL Certificate ManagementThe SSL certificate is used by both the Web service terminal and the WS-MAN service terminal.

SSL certificate management enables you to view the current certificate information, such as theuser, certificate authority, validity period, and serial number, generate a CSR file, import thesignature certificate (only public key and PKCS#10) generated by the CSR file, and import a



45

self-defined certificate (including public and private keys and PKSC#12). When the certificatethat maps to the CSR file is successfully imported, or the default setting is restored, the CSR fileis deleted. The certificate format is Base 64 X.509 and the encapsulation format is PKCS#10 orPKCS#12. The certificate in PKCS#12 supports setting of a password for the private key.

The SSL certificate for servers using the iMana 200 is a self-signed certificate by default. Thecertificate is signed using SHA1 and RSA (2048-bit). The iMana 200 provides two non-signedcertificate generation methods:

Method 1

1. Log in to the iMana WebUI, and modify the user information on the WebUI.

2. Generate a CSR file.

3. Export the CSR file.

4. Submit the CSR file to the CA.

5. Generate a signature certificate in the PKCS#10 format.

6. Import the signature certificate to the iMana 200.

7. Restart the iMana 200 for the certificate to take effect.

Note: The signature certificate must correspond to the CSR file, that is, you must use the mappedCSR file to apply for a server certificate from the CA.

Method 2

1. Generate a self-defined certificate using the customer's CA server or purchase a certificatefrom the CA.

2. Log in to the iMana WebUI, and import the certificate to the iMana 200.

3. Restart the iMana 200 for the certificate to take effect.

Figure 2-47 SSL certificate management page



46

2.11.4 Service ManagementSecurity risks exist in insecure protocols and default ports. The service management functionenables you to enable, disable, or modify settings for protocols and ports. The insecure protocols,including the FTP, TELET, HTTP, and RMCP, are disabled by default.

The iMana 200 provides the following services: Web, FTP, SSH, Telnet, Remote Control, WS-MAN, SNMP Agent, and IPMI LAN. See Figure 2-48 and Figure 2-49.

Figure 2-48 SNMP configurations page



47

Figure 2-49 Service configuration page

2.11.5 Operation Log ManagementThe iMana 200 records all non-query operations through all interfaces, but only operations thatare successful operations, preventing normal logs from being overwritten by logs generatedduring malicious attacks (for example, malicious login attempts). Operation logs includes theLinux OS log and user process log. The user process log records the operation types, source IPaddresses, source users, actions, action descriptions, and log codes.

Operation logs are saved in files in real time. When the operation log exceeds 100 KB, automaticbackup occurs. A maximum of three backup files can be saved. If there are more than three files,the oldest backup file is automatically deleted.

The operation log management function enables you to view, filter, and export operation logsusing the WebUI.

Figure 2-50 Viewing operation logs



48

2.11.6 Enhanced Encryption AlgorithmThe enhanced encryption algorithm ensures:

l Confidentiality: Sensitive data is not obtained by unauthorized entities. For example, apassword is adopted or the stored data is encrypted so that only the user having the key canaccess the protected data.

l Integrity: The data integrity is ensured using cryptographic methods during transmissionand storage. For example, you can use the hash function to perform data check for security.

l Authenticity: Use cryptographic algorithm methods to identify remote users or systemusers. For example, the SSL certificate on the web server ensures that the user is connectedto the correct server.

l Non-repudiation: A user that performs one operation can be accurately located. The usercannot deny his or her opreation.

The encryption algorithms supported by the iMana 200 are as follows:

Table 2-6 Encryption algorithms

EncryptionAlgorithm

Application Scenario Function

DSA/RSA 2048 bit WEB/WS-MAN server certificate and SSH hostcertificate

Digitalsignature

AES 128 CBC IPMI LAN transmission encryptionKVM, video, and control data encryptionVMM data encryptionWS-MAN HTTPS transmission encryptionWeb HTTPS transmission encryptionSNMPv3 transmission encryptionSSH transmission encryption

Encryption

AES 256 CBC WS-MAN HTTPS transmission encryptionWeb HTTPS transmission encryptionSSH transmission encryption

Encryption

DES 64 SNMPv3 transmission encryption Encryption

HMAC-MD5-96 SNMPv3 authentication Authentication

HMAC-SHA1-96 SNMPv3 authentication and IPMI LANauthentication

Authentication

SHA256 HTTPS integrity check and Linux user passwordencryption

Integrity andencryption



49

2.12 Unified Communication InterfaceThe server has two independent systems: a host (in-band system) system and a managementsubsystem (out-of-band system). Each has its own CPUs, DIMMs, and storage devices. The twosystems are physically isolated and communicate with each other over BT on the LPC bus.

The BMA module is an in-band management module running on the host OS. The BMA moduleis not shipped with the server, and you need to install it independently. For details about theBMA module, search Server BMA V100R002 User Guide at http://support.huawei.com/enterprise/productsupport.

To simplify networking and enhance the management function, the two systems need to obtaininformation from each other. For example, the management subsystem obtains the systemresource usage and hard disk information from the host system and the host system obtainsinformation about PSUs and fan modules from the management subsystem. The unified interfaceis designed to implement. data exchange beween the iMana 200 and BMA.

Figure 2-51 Data exchange between the iMana 200 and BMA module

2.12.1 System Resource MonitoringSystem resources include CPU, memory, and hard disk resources. The out-of-band managementsystem cannot obtain the resource usage. The system resource monitoring function is enabledbased on a unified communication interface. The BMA module detects and compares theresource usage with the threshold in real time. When the resource usage exceeds the threshold(during multiple detections), an alarm is reported to the iMana 200. The iMana 200 reports thealarm to the server and provides an interface for modifying the threshold. The iMana 200 allowsyou to query and set the resource usage threshold only over the WebUI. The default thresholdis 100%. The system resource threshold is saved in the flash memory of the iMana 200. TheBMA module reads and updates the threshold on the iMana 200 regularly.



50

Figure 2-52 System Resource Usage page

2.12.2 Hard Disk InformationThe hard disk information is hard disk physical properties, including the vendors, maximumspeeds, capacity, bus protocol types, serial numbers, cascading status, RAID rebuild process,models, and firmware versions. Those are customers' concern. The iMana 200 only supportsinformation collection from the in-band management system, rather than from the RAIDcontroller card. Using the unified communication interface, the BMA module reads the harddisk information and saves the information to the iMana 200 memory during startup, or whendetecting that the hard disk is changed or the RAID is rebuilt. You can query the hard diskinstallation information by refreshing the Asset page on the iMana 200. This function onlysupports hard disks in the RAID controller card management domain.

2.13 Access ManagementThe iMana 200 supports both IPv4 and IPv6 addresses and access over a dedicated managementport or shared network port using the NCSI function. The shared network port supports theVLAN function.

2.13.1 Management Network Port Auto-AdaptationA rack server or node server has two management network ports: a dedicated managementnetwork port and a sideband network port using NC-SI (share the physical management networkport with the host). The NCSI function automatically associates the logical network port with aphysical network port based on the network port link status.

After auto-adaptation is enabled for a network port and the server network is changed, you canuse a network cable to connect to the dedicated management network port or sidebandmanagement network port to access the management GUI without any new network settings andperform smooth switch. This eliminates complicated configuration and improves themaintenance efficiency.



51

Figure 2-53 Management network connection

The page for configuring network port auto-adaptation allows you to query the network portmode and set port parameters. If the network port is in auto-adaptation mode, you can specifya host network port as the sideband network port, which is network port 1 by default, as shownin Figure 2-54.

Figure 2-54 Configuring network port auto-adaptation

2.13.2 NC-SINSCI enables the management system and the host system to share a physical network port onthe host using the NC-SI technology, implementing management and service handling,simplifying networking, and reducing ports on the switch. Preferentially considering the servicedata, the maximum bandwidth for data management is 100 Mbit/s. For the security purpose,divide the management and service in different network segments using the VLAN technology.



52

Figure 2-55 NSCI framework

Figure 2-56 NSCI data flow diagram

2.13.3 IPv6The iMana 200 supports IPv6 to ensure sufficient IP addresses because the IPv4 address isinsufficient. The iMana 200 supports the Web, Telnet, SSH, SNMP, and WS-MAN and IPMI



53

LAN interfaces, which support IPv6. Physical channels using the dedicated managementnetwork port and the shared network port (NCSI) also support IPv6.

Figure 2-57 IPv6 address configuration screen

Manually set the IPv6 address or obtain it from a DHCP server.

2.14 Uniform User ManagementThe iMana 200 is a management subsystem based on the built-in CPU and OS and provides onlyfixed maintenance and integration ports. The OS and applications are integrated. The OS (CLI),SNMP, IPMI LAN, and Web interfaces are independently managed by respective local users.To access the iMana 200 through these interfaces, users have to set each interface. However,the unified user management function enables a user to access the iMana 200 through all thoseinterfaces as long as one interface is set. The iMana 200 synchronizes the setting among allinterfaces.

The iMana 200 supports a maximum of 17 users including anonymous users with ID 1 andenables you to add, modify, and delete users. The user types and user rights are as follows:

Administrator: The user has all configuration and control rights for the iMana 200.

Operator: The user has all configuration and control rights, excluding user management andsecurity configuration.

Common user: The user has only permission to view information, excluding OS informationand operation logs.

Figure 2-58 User management page



54

2.15 NTPThe Network Time Protocol (NTP) is used for synchronizing times between computers. TheiMana 200 can synchronize its time from multiple time sources, but only one time source at atime. See Table 2-7. The NTP function is disabled by default and can be enabled. The IPv4 orIPv6 addresses for the preferred and alternate NTP servers can be manually set or automaticallyobtained. If you choose to manually set IP addresses, fully qualified domain names (FQDNs)are supported.

Table 2-7 Time synchronization sources supported by the iMana 200

iMana Supported Time Source Default Time Source

Rack server System RTC (BIOS/OS) and NTP System RTC (BIOS/OS)

Blade server Chassis management module Chassis managementmodule

High-density server System RTC (BIOS/OS) and NTP System RTC (BIOS/OS)

Figure 2-59 Configuring NTP parameters



55

3 Technical Specifications

Component Specifications

Supported products BH620 V2(JDM), BH621 V2(JDM), BH622 V2, BH640 V2, RH1288V2, RH2285 V2, RH2285H V2, RH2288 V2, RH2288H V2, RH2485V2, RH5885H V3, RH2288E V2, XH310 V2(JDM), XH311 V2(JDM),XH320 V2, XH321 V2, XH621 V2, DH320 V2 (X8000 and X6000),DH321 V2 (X8000 and X6000), DH620 V2, DH621 V2, and DH628V2

KVM l Maximum resolution: 1280 x 1024l Minimum resolution: 400 x 400l 255 colors

Network port l One integrated 100 Mbit/s private Ethernet portl One integrated 100 Mbit/s shared Ethernet port

Virtual media l The virtual DVD-ROM drive supports a maximum transmissionrate of 32 Mbit/s.

l The virtual FDD supports a maximum transmission rate of 4 Mbit/s.

User interface l HTTPSl IPMI LAN/BTl SNMPl WS-MANl CLIl SMASH-CLP

HUAWEI Server iMana Intelligent Management SystemWhite Paper V1.3 3 Technical Specifications


56

Component Specifications

Security feature l User managementl Role authenticationl Data encryptionl Scenario-based login restrictionl Account securityl SSL certificate management

HUAWEI Server iMana Intelligent Management SystemWhite Paper V1.3 3 Technical Specifications


57

White Paper V1 - Hammer Huawei - Home iMana 200 provides IPMI, command-line interface (CLI),...

Documents

Transcript of White Paper V1 - Hammer Huawei - Home iMana 200 provides IPMI, command-line interface (CLI),...