How To Begin Directory Implementation; Methods For Directory Services Implementation - HP AB500A - Integrated Lights-Out Advanced Configuration

How to begin directory implementation

Information helpful for understanding directory implementation is available in the Integration Note,
"Integrating HP ProLiant Lights-Out processors with Microsoft Active Directory" available in 'For more
information' at the end of this paper.
Figure 4 details the process for directory implementation and the basic decisions administrators must
make.
Figure 4. Directory implementation
Directory implementation decision process
Can schema
extensions be
applied to
the directory?
Yes
Scalability Questions:
•Are iLO rights likely to change for
a directory group of users?
•Are regular scripted iLO
configuration changes a problem?
•Will more than 5 groups be used
to regulate iLO rights?
Yes
Yes
Consensus?
Use HP Schema
Extensions
NOTE:
An administrator may want to disable local user accounts or remove them
entirely after successfully integrating Directory Services with lights-out
processors.

Methods for directory services implementation

Using directory services is one of the best ways to manage multiple lights-out devices. HP offers
flexible directory implementations to suit a variety of needs. The first implementation uses the HP
Default Schema (sometimes referred to as Schema-free method) allows the use of directory services
without altering the schema. The second implementation uses HP Schema extensions to make the
directory the central place for user administration.
No
Use Group-based Default Schema
For example, would a group be assigned iLO rights, such as 'access
Remote Console', but later have those rights revoked?
Consider: If one user groupis used for provisioning and deploying a
system, but another group is used for operation after deployment,
this could be an instance of rights changing.
If this is expected to happen frequently schema-based is more
attractive because the changes happen in a single place, the
directory. I the default Schema case, group rights changes are rolled
out (via scripting) to all iLO targets.
If a single group is used to administer all iLOs, this can be
accomplished through either schema-based or default schema, but if
there are multiple groups of iLOs and multiple groups of users
No
encompassing more than 5 group distributions, it may be more
attractive to use the HP schema extensions.
Deploy an instance of HP Default
Schema and assess if this is compatible
with current policies and procedures
Schema extensions can always be
deployed later.
integration does not fit the
No
Using MS
Active
Directory? evaluation directory server
to evaluate the benefits of
Yes
Perhaps directory
environment.
Consider deploying an
directory integration.
13