1. The server firmware is occasionally called UEFI in this document. 2. The server firmware is fully compatible with non-UEFI operating systems. This document explains how to use the functions of the IMM in a Lenovo Thinkserver server. The IMM works with the server firmware to provide systems-management capability for ThinkServer servers.
IMM documentation. Note: Changes are made periodically to the Lenovo Support Web site. Procedures for locating firmware and documentation might vary slightly from what is described in this document.
v LAN over USB for in-band communications to the IMM v Event logs that are time stamped, saved on the IMM, and can be attached to e-mail alerts v Industry-standard interfaces and protocols v OS watchdogs v Remote configuration through Advanced Settings Utility (ASU) v Remote firmware updating v Remote power control v Seamless remote accelerated graphics...
Page 10
Table 1. Comparison of the IMM features and combined BMC and Remote Supervisor Adapter II features in ThinkServer servers BMC with Remote Supervisor Adapter II Description (TS100, TS100, TS100x, RS110, and RD120) IMM(RD210, RD220, and later) Network connections BMC uses a network connection that is The IMM provides both BMC and Remote shared with a server and an IP address that is Supervisor Adapter II functionality through...
Page 11
Management Task Force specifications itself. DSP0244 and DSP8007. Note: For an explanation of a specific event or message, see the Hardware Maintenance Manual that is available on the Lenovo Support Web site at http:// www.lenovo.com/support. Monitoring The BMC with Remote Supervisor Adapter II...
Page 12
Table 1. Comparison of the IMM features and combined BMC and Remote Supervisor Adapter II features in ThinkServer servers (continued) BMC with Remote Supervisor Adapter II Description (TS100, TS100, TS100x, RS110, and RD120) IMM(RD210, RD220, and later) Remote presence The BMC with Remote Supervisor Adapter II This feature is available only with IMM has the following remote presence Premium.
Web browser and operating-system requirements The IMM Web interface requires the Java Plug-in 1.5 or later (for the remote presence feature) and one of the following Web browsers: ® ® v Microsoft Internet Explorer version 6.0 or later with the latest Service Pack v Mozilla Firefox version 1.5 or later The following server operating systems have USB support, which is required for the remote presence feature:...
Page 14
Integrated Management Module: User Guide...
Notes: a. If you choose to use a static IP address, you must specify the IP address, the subnet mask, and the default gateway. b. You can also use the Setup Utility to select a dedicated or shared IMM network connection. On the Network Configuration screen, select Dedicated or Shared in the Network Interface Port field.
IMM action descriptions Table 2 lists the actions that are available when you are logged in to the IMM. Table 2. IMM actions Link Action Description System Status View system health for a server, You can monitor the server power and health state, and view the operating-system-failure the temperature, voltage, and fan status of your server on screen capture, and view the...
Page 18
Table 2. IMM actions (continued) Link Action Description System Settings View and change the IMM server You can configure the server location and general settings information, such as the name of the IMM, server timeout settings, and contact information for the IMM, from the System Settings page.
Page 19
Table 2. IMM actions (continued) Link Action Description Restore Default Restore the IMM default settings Attention: When you click Restore Defaults, all of the Settings modifications that you made to the IMM are lost. You can reset the configuration of the IMM to the factory defaults.
Page 20
Integrated Management Module: User Guide...
1. Log in to the IMM where you want to set the system information. For more information, see Chapter 2, “Opening and using the IMM Web interface,” on page 9. 2. In the navigation pane, click System Settings. Note: The available fields in the System Settings page are determined by the accessed remote server.
fails to respond to one of these checks, the IMM generates an OS timeout alert and restarts the server. After the server is restarted, the OS watchdog is disabled until the operating system is shut down and the server is power cycled. To set the OS watchdog value, select a time interval from the menu.
number from 00 - 23 as represented on a 24-hour clock. The minutes (mm) and seconds (ss) must be numbers from 00 - 59. 6. In the GMT offset field, select the number that specifies the offset, in hours, from Greenwich mean time (GMT), corresponding to the time zone where the server is located.
Disabling the USB in-band interface Important: If you disable the USB in-band interface, you cannot perform an in-band update of the IMM firmware, server firmware, and DSA firmware by using the Linux or Windows flash utilities. If the USB in-band interface is disabled, use the Firmware Update option on the IMM Web interface to update the firmware.
Creating a login profile Use the Login Profiles table to view, configure, or change individual login profiles. Use the links in the Login ID column to configure individual login profiles. You can define up to 12 unique profiles. Each link in the Login ID column is labeled with the configured login ID of the associated profile.
Page 27
Note: If you have not configured a profile, it does not appear in the Login Profiles table. The Login Profiles page displays each login ID, the login access level, and the password expiration information. Important: By default, the IMM is configured with one login profile that enables remote access using a login user ID of USERID and a password of PASSW0RD (the 0 is a zero, not the letter O).
Page 28
v Adapter Configuration - Advanced: A user has no restrictions when configuring the IMM. In addition, the user is said to have administrative access to the IMM, meaning that the user can also perform the following advanced functions: firmware updates, PXE network boot, restore IMM factory defaults, modify and restore IMM configuration from a configuration file, and restart and reset the IMM.
Access Type Use this field to specify either Get or Set as the access type. SNMPv3 users with the access type Get can perform only query operations. With the access type Set, SNMPv3 users can both perform query operations and modify settings (for example, setting the password for an user). Hostname/IP address for traps Use this field to specify the trap destination for the user.
5. In the Lockout period after 5 login failures field, specify how long, in minutes, the IMM prohibits remote login attempts if more than five sequential failures to log in remotely are detected. The lockout of one user does not prevent other users from logging in.
2. In the navigation pane, click Alerts. The Remote Alert Recipients page is displayed. You can see the notification method and alert status for each recipient, if they are set. 3. Click one of the remote alert recipient links or click Add Recipient. An individual recipient window opens.
Delay between entries Use the Delay between entries field to specify the time interval (in minutes) that the IMM waits before sending an alert to the next recipient in the list. Delay between retries Use the Delay between retries field to specify the time interval (in minutes) that the IMM waits between retries to send an alert to a recipient.
To configure the serial data-transfer rate and redirection, complete the following steps: 1. Log in to the IMM on which you want to configure the serial port. For more information, see Chapter 2, “Opening and using the IMM Web interface,” on page 9.
Configuring port assignments To change the port numbers of IMM services, complete the following steps: 1. Log in to the IMM where you want to configure the port assignments. For more information, see Chapter 2, “Opening and using the IMM Web interface,” on page 9.
Page 35
1. Log in to the IMM where you want to set up the configuration. For more information, see Chapter 2, “Opening and using the IMM Web interface,” on page 9. 2. In the navigation pane, click Network Interfaces. 3. If you want to use an Ethernet connection, select Enabled in the Interface field.
Page 36
8. In the Gateway address field, type your network gateway router. The gateway address must contain four integers from 0 - 255 with no spaces or consecutive periods and separated by periods. 9. Scroll to the bottom of the page and click Save. 10.
15. Click Save. 16. Click View Configuration Summary to see a summary of all current configuration settings. 17. In the navigation pane, click Restart IMM to activate the changes. Note: You can also configure the IMM network connection through the Setup Utility.
v A system contact must be specified on the System Settings page. For information about the System Settings page settings, see “Setting system information” on page 15. v System location must be specified on the System Settings page. v At least one community name must be specified. v At least one valid IP address or host name (if DNS is enabled) must be specified for that community.
Configuring Telnet To configure Telnet, complete the following steps: 1. Log in to the IMM where you want to configure Telnet. For more information, see Chapter 2, “Opening and using the IMM Web interface,” on page 9. 2. In the navigation pane, click Network Protocols and scroll down to the Telnet Protocol area of the page.
Page 40
v To dynamically discover the LDAP server, select Use DNS to Find LDAP Servers. If you choose to discover the LDAP server dynamically, the mechanisms that are described by RFC2782 (a DNS RR for specifying the location of services) are applied to find the server. This is known as DNS SRV. The parameters are described in the following list: Domain Source The DNS SRV request that is sent to the DNS server must specify a...
Page 41
On Active Directory servers, this attribute name is usually sAMAccountName. On Novell eDirectory and OpenLDAP servers, it is usually uid. If this field is left blank, it defaults to uid. Group Filter This field is used for group authentication. Group authentication is attempted after the user’s credentials are successfully verified.
a second attempt to bind is attempted, this time with the DN that is retrieved from the user’s LDAP record and the password that was entered during the login process. If this fails, the user is denied access. The second bind is performed only when the Anonymously or Configured Credentials binding methods are used.
Page 43
If this field is left blank, the user is assigned a default of read-only permissions, assuming that the user passes the user and group authentication. The attribute value that is returned by the LDAP server is searched for the keyword string IBMRBSPermission=. This keyword must be immediately followed by a bit string that is entered as 12 consecutive 0’s or 1’s.
v Ability to Clear Event Logs (bit position 9): If this bit is set, the user can clear the event logs. All users can view the event logs, but this particular permission is required to clear the logs. v Advanced Adapter Configuration (bit position 10): If this bit is set, the user has no restrictions when configuring the IMM.
a. Disable the SSL client. Use the SSL Client Configuration for LDAP Client area on the Security page. b. Generate or import a certificate. Use the SSL Client Certificate Management area on the Security page (see “SSL client certificate management” on page 43). c.
to generate a certificate-signing request. You must then send the certificate-signing request to a certificate authority and make arrangements to procure a certificate. When the certificate is received, it is then imported into the IMM through the Import a Signed Certificate link, and you can enable SSL. The function of the certificate authority is to verify the identity of the IMM.
Page 47
1. In the navigation pane, click Security. 2. In the SSL Server Configuration for Web Server area, make sure that the SSL server is disabled. If it is not disabled, select Disabled in the SSL Server field and then click Save. 3.
Page 48
Contact Person Use this field to indicate the name of a contact person who is responsible for the IMM. This field can contain a maximum of 60 characters. Email Address Use this field to indicate the e-mail address of a contact person who is responsible for the IMM.
openssl req -in csr.der -inform DER -out csr.pem -outform PEM 7. Send the certificate-signing request to your certificate authority. When the certificate authority returns your signed certificate, you might have to convert the certificate to DER format. (If you received the certificate as text in an e-mail or a Web page, it is probably in PEM format.) You can change the format using a tool that is provided by your certificate authority or using a tool such as OpenSSL (http://www.openssl.org).
certificate of the LDAP server. At least one certificate must be imported to the IMM before the SSL client is enabled. You can import up to three trusted certificates. To import a trusted certificate, complete the following steps: 1. In the navigation pane, select Security. 2.
Generating a Secure Shell server key A Secure Shell server key is used to authenticate the identity of the Secure Shell server to the client. Secure shell must be disabled before you create a new Secure Shell server private key. You must create a server key before you enable the Secure Shell server.
Backing up your current configuration You can download a copy of your current IMM configuration to the client computer that is running the IMM Web interface. Use this backup copy to restore your IMM configuration if it is accidentally changed or damaged. Use it as a base that you can modify to configure multiple IMMs with similar configurations.
Note: When you click Restore or Modify and Restore, an alert window might open if the configuration file that you are attempting to restore was created by a different type of service processor or was created by the same type of service processor with older firmware (and therefore, with less functionality).
Page 56
The Temperature Thresholds page displays the temperature levels at which the IMM reacts. The temperature threshold values are preset on the remote server and cannot be changed. The reported temperatures are measured against the following threshold ranges: Non-Critical When the temperature reaches a specified value, a temperature alert is sent to the configured remote alert recipients.
Page 57
select the Warning Alerts check box in the SNMP Alerts Settings area of the Alerts page for the alert to be sent. For more information about selecting alert options, see “Configuring SNMP alert settings” on page 26. Critical When the voltage drops below or exceeds a specified voltage range, a voltage alert is sent to configured remote alert recipients, and the server begins the shutdown process with an orderly operating-system shutdown.
Viewing the event logs Note: For an explanation of a specific event or message, see the Hardware Maintenance Manual that is available on the Lenovo Support Web site at http://www.lenovo.com/support. Error codes and messages are displayed in the following types of event logs:...
Messages are listed on the left side of the screen, and details about the selected message are displayed on the right side of the screen. To move from one entry to the next, use the Up Arrow (↑) and Down Arrow (↓) keys. The system-event log indicates an assertion event when an event has occurred.
Preboot or to download a DSA Preboot CD image, go to http://www.lenovo.com/ support or complete the following steps: Note: Changes are made periodically to the Lenovo Web site. The actual procedure might vary slightly from what is described in this document.
Run Portable or Installable DSA to view the event logs or create an output file that you can send to Lenovo service and support. v Type the IP address of the IMM and go to the Event Log page.
Page 62
Table 7. Machine-level vital product data Field Function Machine type Identifies the server type and model number that the IMM is and model monitoring. Serial number Identifies the serial number of the server that the IMM is monitoring. UUID Identifies the universal unique identifier (UUID), a 32-digit hexadecimal number, of the server that the IMM is monitoring.
To perform server power and restart actions, complete the following steps. Note: Select the following options only in case of an emergency, or if you are offsite and the server is nonresponsive. 1. Log in to the IMM. For more information, see Chapter 2, “Opening and using the IMM Web interface,”...
v Uploading a diskette image to the IMM memory and mapping it to the server as a virtual drive Updating your IMM firmware and Java applet Important: The IMM uses a Java applet to perform the remote presence function. When the IMM is updated to the latest firmware level, the Java applet is also updated to the latest level.
To remotely access a server console, complete the following steps: 1. Log in to the IMM. For more information, see Chapter 2, “Opening and using the IMM Web interface,” on page 9. 2. In the navigation pane, click Remote Control. 3.
Windowed The Video Viewer switches out of full screen mode into windowed mode. This option is available only while the Video Viewer is in full screen mode. The Video Viewer resizes to completely display the target desktop without an extra border or scrollbars. This requires that the client desktop be large enough to display the resized window.
a remote user has a different keyboard layout from the server, the user can switch the server layout while it is being accessed remotely and then switch back again. Keyboard pass-through mode The keyboard pass-through feature disables the handling of most special key combinations on the client so that they can be passed directly to the server.
Page 69
4. Select one of the following mouse modes: Absolute The client sends mouse location messages to the server that are always relative to the origin (top left) of the viewing area. Relative The client sends the mouse location as an offset from the previous location.
Remote power control You can send server power and restart commands from the Video Viewer window without returning to the Web browser. To control the server power with the Video Viewer, complete the following steps: 1. In the Video Viewer window, click Tools. 2.
Page 71
v Red Hat Linux versions 4.0 and 5.0 v SUSE Linux version 10.0 v Novell NetWare 6.5 2. The client server requires the Java 1.5 Plug-in or later. ® ® 3. The client server must have an Intel Pentium III microprocessor or later, operating at 700 MHz or faster, or equivalent.
1. Click RDOC. 2. When the new window opens, click Upload. 3. Click Browse to select the image file that you want to use. 4. In the Name field, enter a name for the image and click OK to upload the file. Note: To unload the image file from memory, select the name in the RDOC Setup window and click Delete.
Dynamic System Analysis (DSA) firmware. To update the firmware, complete the following steps. Note: Changes are made periodically to the Lenovo Support Web site. The actual procedure might vary slightly from what is described in this document.
Lenovo Support Web site at http://www.lenovo.com/support. To check for updates to tools and utilities, complete the following steps. Note: Changes are made periodically to the Lenovo Support Web site. Procedures for locating firmware and documentation might vary slightly from what is described in this document.
Page 75
v SNMPv3 v Telnet CLI v SSH CLI Chapter 5. Performing IMM tasks...
Page 76
Integrated Management Module: User Guide...
Note: A new local area connection is displayed and might state This connection has limited or no connectivity. Ignore this message. 10. Go back to the Device Manager. Verify that Lenovo USB Remote NDIS Network Device appears under Network Adapters.
11. Open a command prompt, type ipconfig, and press Enter. The local area connection for the IBM USB RNDIS is displayed with an IP address in the range of 169.254.xxx.xxx with a subnet mask set to 255.255.0.0. Installing the LAN over USB Linux device driver Current versions of Linux, such as RHEL5 Update 2 and SLES10 Service Pack 2, support the LAN over USB interface by default.
Page 80
Integrated Management Module: User Guide...
Command syntax Read the following guidelines before you use the commands: v Each command has the following format: command [arguments] [-options] v The command syntax is case sensitive. v The command name is all lowercase. v All arguments must immediately follow the command. The options immediately follow the arguments.
v In the command-line interface, the output buffer limit is 2 KB. There is no buffering. The output of an individual command cannot exceed 2048 characters. This limit does not apply in serial redirect mode (the data is buffered during serial redirect).
history command Description Use the history command to display an indexed history list of the last eight commands that were issued. The indexes can then be used as shortcuts (preceded by !) to reissue commands from this history list. Example system>...
readlog command Syntax readlog [options] option: Description Use the readlog command to display the IMM event log entries, five at a time. The entries are displayed from the most recent to the oldest. readlog displays the first five entries in the event log, starting with the most recent, on its first execution, and then the next five for each subsequent call.
Example system> vpd dsa Type Version ReleaseDate ---- ------- ----------- D6YT19AUS 02/27/2009 system> Server power and restart control commands The server power and restart commands are as follows: v power v reset power command Syntax power on power off [-s] power state power cycle [-s] Description...
-g 0.0.0.0 -s 255.255.255.0 -n IMMA00096B9E003A -r auto -d auto -m 1500 -b 00:09:6B:9E:00:3A -l 00:00:00:00:00:00 system> ifconfig eth0 -c static -i 192.168.70.133 These configuration changes will become active after the next reset of the IMM. system> Note: The -b option in the ifconfig display is for the burned-in MAC address. The burned-in MAC address is read-only and is not configurable.
Option Description Values Login permission String of up to 63 characters for string attribute Domain source Extract search domain from login ID, use only configured search domain, try login first then configured value Service name String of up to 15 characters for service_name Client password String of up to 15 characters for client_pw Confirm client...
The following table shows the arguments for the options. Option Description Values Enables or disables the Enabled, disabled Network Time Protocol Name or IP address of the The name of the NTP server to be used Network Time Protocol for clock synchronization. server The frequency (in minutes) 3 - 1440 minutes...
system> passwordcfg Security Level: Customize -exp: 365 -cnt: 5 -nul: allowed portcfg command Syntax portcfg [options] portcfg [options] options: -b baud_rate -climode cli_mode -cliauth cli_auth Description Use the portcfg command to configure the serial port. To change the serial port configuration, type the options, followed by the values.
options, followed by the values. To change the serial redirect configuration, you must have at least Adapter Networking and Security Configuration authority. The following table shows the arguments for the -exitcliseq option. Option Description Values -exitcliseq Exit a User-defined keystroke sequence to exit the CLI. For command-line details, see the values for the -entercliseq option in interface...
SSL server CSR key status This status display is read-only and cannot be set directly. Possible command line output values are as follows: Private Key and Cert/CSR not available Private Key and CA-signed cert installed Private Key and Auto-gen self-signed cert installed Private Key and Self-signed cert installed Private Key stored, CSR available for download SSL client LDAP key status...
system> timeouts -o 2.5 -l 3.5 usbeth command Syntax usbeth [options] options: -en <enabled|disabled> Description Use the usbeth command to enable or disable the in-band LAN over USB interface. For more information about enabling or disabling this interface, see “Disabling the USB in-band interface” on page 19. Example system>usbeth -en : disabled...
nsc (Adapter configuration [network and security]) ac (Adapter configuration [advanced]) Example system> users 1. USERID Read/Write Password Expires: no expiration 2. manu Read Only Password Expires: no expiration 3. eliflippen Read Only Password Expires: no expiration 4. <not used> 5. jacobyackenovic custom:cel|ac Password Expires: no expiration system>...
clock command Syntax clock [options] options: -d mm/dd/yyyy -t hh:mm:ss -g gmt offset -dst on/off/special case Description Use the clock command to display the current date and time according to the IMM clock and the GMT offset. You can set the date, time, GMT offset, and daylight saving time settings.
resetsp command Description Use the resetsp command to restart the IMM or IMM. You must have at least Advanced Adapter Configuration authority to be able to issue this command. update command Syntax update -i TFTP_server_IP_address -l filename Description Use the update command to update the firmware on the IMM or IMM. To use this command, you must have at least Advanced Adapter Configuration authority.
Page 100
Example In the verbose mode, the flashing progress is displayed in real time in the percentage of completion. system>update -i 192.168.70.200 -l imm_yuoo20a.upd -v Firmware update is in progress. Please wait.. Downloading image - 66% system>update -i 192.168.70.200 -l imm_yuoo20a.upd -v Firmware update is in progress.
Appendix A. Getting help and technical assistance If you need help, service, or technical assistance or just want more information about Lenovo products, you will find a wide variety of sources available from Lenovo to assist you. This section contains information about where to go for...
Getting help and information from the World Wide Web On the World Wide Web, the Lenovo Web site has up-to-date information about Lenovo systems, optional devices, services, and support. For general information about Lenovo products or to purchase Lenovo products, go to http://www.lenovo.com.
Service availability and service name might vary by country or region. For more information about these services, go to the Lenovo Web site at http://www.lenovo.com/. Lenovo product service...
Page 104
Integrated Management Module: User Guide...
Actual results may vary. Users of this document should verify the applicable data for their specific environment. Trademarks The following terms are trademarks of Lenovo in the United States, other countries, or both: Lenovo The Lenovo logo...
Lenovo recomienda a los propietarios de equipos de tecnología de la información (TI) que reciclen responsablemente sus equipos cuando éstos ya no les sean útiles. Lenovo dispone de una serie de programas y servicios de devolución de productos, a fin de ayudar a los propietarios de equipos a reciclar sus productos de TI.
EEE on the environment and human health due to the potential presence of hazardous substances in EEE. For proper collection and treatment, contact your local Lenovo representative. Compliance with Republic of Turkey Directive on the Restriction of...
The battery must be recycled or disposed of properly. Recycling facilities may not be available in your area. For information on disposal or batteries outside the United States, go to http://www.lenovo.com/lenovo/environment or contact your local waste disposal facility. For Taiwan: Please recycle batteries.
Page 110
For proper collection and treatment, go to http://www.lenovo.com/lenovo/environment. For California: Perchlorate material - special handling may apply. See http://www.dtsc.ca.gov/ hazardouswaste/perchlorate/.
Properly shielded and grounded cables and connectors must be used in order to meet FCC emission limits. Lenovo is not responsible for any radio or television interference caused by using other than recommended cables and connectors or by unauthorized changes or modifications to this equipment.
Grenzwerte der EN 55022 Klasse A ein. Um dieses sicherzustellen, sind die Geräte wie in den Handbüchern beschrieben zu installieren und zu betreiben. Des Weiteren dürfen auch nur von der Lenovo empfohlene Kabel angeschlossen werden. Lenovo übernimmt keine Verantwortung für die Einhaltung der Schutzanforderungen, wenn das Produkt ohne Zustimmung der Lenovo verändert bzw.
Dieses Gerät ist berechtigt, in Übereinstimmung mit dem Deutschen EMVG das EG-Konformitätszeichen - CE - zu führen. Verantwortlich für die Konformitätserklärung nach Paragraf 5 des EMVG ist die Lenovo (Deutschland) GmbH, Gropiusplatz 10, D-70563 Stuttgart. Informationen in Hinsicht EMVG Paragraf 4 Abs. (1) 4: Das Gerät erfüllt die Schutzanforderungen nach EN 55024 und EN 55022 Klasse...
Page 117
Web server, secure 39 security 38 temperature monitoring 49 Web site self-signed certificate, generating 40 timeouts, see server timeouts 16 Lenovo support 2 Serial over LAN 75 tools 68 publication ordering 95 serial ports, configuring 26 Advanced Settings Utility (ASU) 68...
Page 118
Integrated Management Module: User Guide...