Page 1 SPARC Enterprise M3000/M4000/M5000/M8000/M9000 Servers XSCF User's Guide Part No.: E25381-01, Manual Code: C120-E332-11EN January 2012...
Page 2 INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. Unless otherwise expressly set forth in such agreement, to the extent allowed by applicable law, in no event shall Oracle or Fujitsu Limited, and/or any of their affiliates have any liability to any third party under any legal theory for any loss of revenues or profits, loss of use or data, or business interruptions, or for any indirect, special, incidental or consequential damages, even if advised of the possibility of such damages.
Page 3 OU À L’ABSENCE DE CONTREFAÇON, SONT EXCLUES, DANS LA MESURE AUTORISÉE PAR LA LOI APPLICABLE. Sauf mention contraire expressément stipulée dans ce contrat, dans la mesure autorisée par la loi applicable, en aucun cas Oracle ou Fujitsu Limited et/ou l’une ou l’autre de leurs sociétés affiliées ne sauraient être tenues responsables envers une quelconque partie tierce, sous quelque théorie juridique que ce soit, de tout manque à...
Page 5: Table Of Contents
Contents Preface xiii XSCF Overview 1–1 XSCF Features 1–1 XSCF Functions 1–9 1.2.1 Major Differences Among the Server Models 1–14 Types of Connection to XSCF 1–14 1.3.1 Examples of LAN Connection Operations 1–16 1.3.2 NTP Configuration and Time Synchronization 1–20 1.3.3 The CD-RW/DVD-RW Drive Unit and Tape Drive Unit 1–20 XSCF User Interfaces 1–21...
Page 6 2.2.3 LDAP Administration 2–43 2.2.4 Active Directory Administration 2–48 2.2.5 LDAP/SSL Administration 2–70 2.2.6 Time Administration 2–90 2.2.7 SSH/Telnet Administration 2–101 2.2.8 Https Administration 2–109 2.2.9 Audit Administration 2–116 2.2.10 Log Archiving Administration 2–123 2.2.11 SNMP Administration 2–128 2.2.12 Mail Administration 2–139 2.2.13 Domain Configuration 2–142 2.2.14...
Page 7 3.2.1 Connecting XSCF via the XSCF-LAN Port Or the Serial Port 3–12 3.2.2 XSCF-LAN and Serial Connection Purposes 3–15 Operation of the Server 4–1 Display Server Hardware Environment 4–1 4.1.1 Displaying System Information 4–2 4.1.2 Display Server Configuration/Status Information 4–6 Display Domain Information 4–9 4.2.1 Domain Information 4–10...
Page 8 Displaying State of an External I/O Expansion Unit and Administration 4–27 4.10 Restore Factory Settings of the Server or XSCF Unit 4–32 Overview of the XSCF Shell 5–1 Overview of the XSCF Command Shell 5–1 Login to XSCF Shell 5–7 5.2.1 Before Logging In 5–7 5.2.2...
Page 9 Upgrade of XSCF Firmware and Maintenance 8–1 Update the XSCF Firmware 8–1 8.1.1 Firmware Update Overview 8–1 8.1.2 Firmware Update Conditions and Environment 8–3 8.1.3 Method of Delivering Firmware 8–4 8.1.4 Method of Checking the Firmware Version 8–5 8.1.5 Three Steps of the Firmware Update 8–6 8.1.6 Features of XSCF Firmware Update 8–7 8.1.7...
Page 10 XSCF Web Pages 9–9 XSCF Web Error Messages 9–30 A. Warning and Information Messages A–1 Message Types A–1 Messages in Each Function A–3 B. XSCF Log Information B–1 XSCF Error Log B–1 Power Log B–5 Event Log B–7 Using the showlogs Command to Display Other Logs B–8 B.4.1 Monitor Message Log B–8 B.4.2...
Page 11 Troubleshooting the Server While XSCF Is Being Used D–7 E. Software License Conditions E–1 Index Index–1 Contents...
Page 12 SPARC Enterprise Mx000 Servers XSCF User’s Guide • January 2012...
Page 13: Preface
System Control Facility (XSCF), which is used to control, monitor, operate, and service SPARC Enterprise M3000/M4000/M5000/M8000/M9000 servers and domains from Oracle and Fujitsu. XSCF may also be referred to as the System Control Facility (SCF). Unless otherwise stated in this manual, the SPARC Enterprise system is described as “the server” or “the system”.
Page 14: Related Documentation
All documents for your server are available online at the following locations: Documentation Link Sun Oracle software-related manuals http://www.oracle.com/documentation (Oracle Solaris OS, and so on) Fujitsu documents http://www.fujitsu.com/sparcenterprise/manual / Oracle M-series server documents http://www.oracle.com/technetwork/documentation/s parc-mseries-servers-252709.html The following table lists titles of related documents.
Page 15 Related SPARC Enterprise M3000/M4000/M5000/M8000/M9000 Servers Documents SPARC Enterprise M3000 Server Safety and Compliance Guide SPARC Enterprise M4000/M5000 Servers Safety and Compliance Guide SPARC Enterprise M8000/M9000 Servers Safety and Compliance Guide External I/O Expansion Unit Safety and Compliance Guide SPARC Enterprise M4000 Server Unpacking Guide SPARC Enterprise M5000 Server Unpacking Guide SPARC Enterprise M8000/M9000 Servers Unpacking Guide SPARC Enterprise M3000 Server Installation Guide...
Page 16: Text Conventions
Text Conventions This manual uses the following fonts and symbols to express specific types of information. Font/symbol Meaning Example What you type, when contrasted XSCF> adduser jsmith AaBbCc123 with on-screen computer output. This font represents the example of command input in the frame. The names of commands, files, and AaBbCc123 XSCF>...
Page 17: Documentation Feedback
If you have any comments or requests regarding this document, go to the following websites: For Oracle users: ■ http://www.oracle.com/goto/docfeedback Include the title and part number of your document with your feedback: SPARC Enterprise M3000/M4000/M5000/M8000/M9000 Servers XSCF User’s Guide, part number E25381-01 For Fujitsu users: ■ http://www.fujitsu.com/global/contact/computing/sparce_index.html Preface xvii...
Page 18 xviii SPARC Enterprise Mx000 Servers XSCF User’s Guide • January 2012...
Page 19: Xscf Overview
C H A P T E R XSCF Overview This chapter provides an overview of the system monitoring and control facility (eXtended System Control Facility, or XSCF). XSCF Features The XSCF firmware is a system monitoring and control facility consisting of a dedicated processor (Note 1) that is independent from the system processor.
Page 20: External Interfaces
the XSCF Unit is fixed to the Motherboard Unit (MBU). For details of the server differences, see Section 1.2.1, “Major Differences Among the Server Models” on page 1-14. Note – (1) Processors on server boards are called CPUs. Note – (2) Only the system model with a special interface can power on and off the peripheral devices.
Page 21 Remote Cabinet Interface (RCI) port to perform power supply interlock by ■ connecting a system and an I/O device with an RCI device The RCI is the power and system control interface that connects a peripheral device with an RCI connector to the server, and performs such functions as power supply interlock and alarm notification and recognition.
Page 22 Outline Drawing of the Rear Panel (In the Entry-level Server) FIGURE 1-1 Number Description Number Description RCI port ACT LED USB port LAN 1 port (XSCF-LAN#1 port) READY LED LAN 0 port (XSCF-LAN#0 port) CHECK LED UPC 1 port Serial port UPC 0 port Link Speed LED RCI Port...
Page 23: Usb Port
Note – To use the RCI function, peripheral devices with the RCI connector and the server on which the RCI function is supported are required. For the information whether the RCI function is supported on your server, see the SPARC Enterprise M3000/M4000/M5000/M8000/M9000 Servers Product Notes.
Page 24 XSCF-LAN Port (Ethernet Port) There are two XSCF-LAN ports. Both use an RJ-45 connector and are compatible with 10BASE-T/100BASE-T (TX). The XSCF-LAN ports are used with the XSCF Shell and XSCF Web to perform system administrator operations, output the system status, perform domain operations, and display the console.
Page 25 Outline Drawing of the XSCF Unit Front Panel (In the Midrange Servers) FIGURE 1-2 XSCF Unit (Front) Number Description Number Description RCI port ACT LED Serial port UPC#1 port USB port UPC#0 port ETHERNET#1 port CHECK LED (XSCF-LAN#1 port) ETHERNET#0 port READY LED (XSCF-LAN#0 port) Link Speed LED...
Page 26 Outline Drawing of the XSCF Unit Front Panel (In High-End Servers) FIGURE 1-3 XSCF Unit (Front) XSCF Unit ( Front ; in Expansion cabinet Number Description Number Description Link Speed LED RCI port ACT LED ACTIVE LED ETHERNET#0 port READY LED (XSCF-LAN#0 port) ETHERNET#1 port CHECK LED...
Page 27: Xscf Functions
ACTIVE LED The ACTIVE LED lights up in green. If the XSCF Unit is in a redundant configuration, the ACTIVE LED indicates the active XSCF Unit. Connector That Connects the XSCF Unit for the Base Cabinet With the XSCF Unit for the Expansion Cabinet The connector for connecting between XSCF Units is used to connect the Base cabinet to an Expansion cabinet on the M9000 server.
Page 28 Initial System Configuration Function XSCF configures the initial hardware settings of the XSCF Unit and initializes hardware as required to start the Oracle Solaris Operating System (Oracle Solaris OS). XSCF also controls the initial system configuration information. XSCF User Account Control XSCF controls the user accounts for XSCF operations.
Page 29 Automatically shut down and cancel a power on operation when an error is ■ detected If a system abnormality occurs, the Oracle Solaris OS is automatically shut down, and the subsequent power on will not be started. This can minimize damage to the system.
Page 30: Dynamic Reconfiguration Function
Internal Cabinet Configuration, Recognition, and Domain Configuration Control Functions To use XSCF, you can display the system configuration status, and create and change domain configuration definitions. It also provides domain start and stop functions, mainly for its own use. In the server, the user can configure a domain as a single Physical System Board (PSB) that has CPU, memory, and I/O device, or a PSB logically divided, which are the eXtended System Boards: (XSBs).
Page 31 Capacity on Demand Function Capacity on Demand is an option to purchase spare processing resources (CPUs) for your server. The spare resources are provided in the form of one or more CPUs on COD boards that are installed on your server. When you need the spare processing resources (CPUs) for the server, XSCF assists the operation to add or delete the resources.
Page 32: Major Differences Among The Server Models
Firmware Update Function The web browser and commands can be used to download new firmware image (XSCF firmware and OpenBoot PROM firmware) without stopping the domain and to update firmware without stopping other domains. To complete updating the OpenBoot PROM firmware in the target domain, the domain must be rebooted. For details on updating firmware, see Chapter 1.2.1...
Page 33: Types Of Connection To Xscf
Types of Connection to XSCF This section outlines types of connection to the XSCF. XSCF enables access to the server over a serial port or from networks connected to XSCF-LAN. outlines the connections to the XSCF. FIGURE 1-4 Connections to XSCF (In the Midrange Servers) FIGURE 1-4 SSH/telnet/ SSH/telnet/...
Page 34: Examples Of Lan Connection Operations
The following connections in the XSCF Unit connection configuration shown in are described below: FIGURE 1-4 Serial port connection ■ XSCF-LAN Ethernet connection ■ Serial Port Connection The serial port enables workstations, PCs, and ASCII terminals to connect to the XSCF through the serial (RS-232C) port.
Page 35 XSCF-LAN Operation Examples 1 TABLE 1-2 LAN Name Operation XSCF-LAN#0 port • For system administrator operation The system administrator can control the server, control domains, and display the console using the XSCF Shell. XSCF-LAN#1 port • For field engineer operation. Field engineers can configure the server and perform maintenance tasks using the XSCF Shell.
Page 36 XSCF-LAN Redundancy In the M3000/M4000/M5000/M8000/M9000 servers, the XSCF-LAN paths can be made redundant (duplicated). If a LAN failure occurs, it contributes significantly to reducing system availability. However, in a system equipped with a duplicate LAN, the routes (paths) in the remaining network can be used even if one subnetwork is faulty.
Page 37 Two XSCF-LANs and Two XSCF Units Configuration (In High-End Servers) FIGURE 1-6 c) A subnet failed Failure of a path Active Standby XSCF XSCF System d) XSCF failed Active Standby XSCF XSCF System XSCF failed Failover For details on LAN configurations and connections, see Chapter 3.
Page 38: Ntp Configuration And Time Synchronization
1.3.2 NTP Configuration and Time Synchronization The system uses the XSCF Unit clock for the system standard time. The domains in the server synchronize their times based on the XSCF Unit clock when the domains are started. The XSCF Unit clock can be adjusted to the exact time through a network connection to an external NTP server.
Page 39: Xscf User Interfaces
In the M8000/M9000 servers, a basic cabinet and an expansion cabinet contain one DVD drive/tape drive unit respectively, and they are assigned to a single operating domain of each cabinet. The DVD drive/tape drive unit can be used by assigning it to a specific card port on the I/O unit.
Page 40 Caution – IMPORTANT – To use the function as explained previously, you must create your XSCF account. Create your account before you start using the XSCF functionality. In addition, create an account for your field engineer (FE) with the privilege of fieldeng during initial setup. To use these XSCF interfaces, users need to log in to XSCF with an XSCF user account, and then enter a password.
Page 41: User Accounts And User Privileges
XSCF Functions and Connection Ports (Continued) TABLE 1-6 XSCF-LAN Functions Contents Serial port Ethernet XSCF Web Provides the same functions as the functions of the XSCF Shells, but provides graphical displays for easier operation. Mail report Mail notification in the event of a failure enables prompt action to be taken.
Page 42 User Privilege Names and Descriptions TABLE 1-7 User privilege Outline Description of Defined Contents domainop@n Reference of the status of any • Can refer to the status of any hardware mounted part of one entire domain_n in a domain_n. • Can refer to the status of any part of a domain_n. •...
Page 43 User Privilege Names and Descriptions (Continued) TABLE 1-7 User privilege Outline Description of Defined Contents auditadm Audit control (Note) • Can monitor and control XSCF access. • Can delete an XSCF access monitoring method. fieldeng Field engineer operations • Allows field engineers to perform the maintenance tasks or change the server configuration.
Page 44: Setting Up Xscf
C H A P T E R Setting Up XSCF This chapter explains how to set up XSCF. XSCF Setup Summary Each XSCF function must be configured before it can be used. Make the following settings: User Account Administration (required) ■...
Page 45 Altitude Administration (required) ■ DVD Drive/Tape Drive Unit Administration (optional) ■ COD Administration (optional) (see the following Note 4) ■ Note – (1) This document does not provide details on the remote maintenance service functions. For the information of the remote maintenance service, see the Product Notes for your server.
Page 46: Setup Summary By The Xscf Shell
2.1.1 Setup Summary by the XSCF Shell This section describes the step summary of setup using the XSCF Shell. This procedure contains examples of command usage and setting items. For details on settings, see the corresponding parts of Section 2.2, “Specifying the XSCF Settings” on page 2-15.
Page 47 login: default Change the panel mode switch to Service and press return... (Operation : Locked state -> Service -> Return) Leave it in that position for at least 5 seconds. Change the panel mode switch to Locked, and press return... (Operation : Wait more than 5 seconds ->...
Page 48 4. Set the time. • Set and display the time zone. showtimezone(8), settimezone(8), • Set and display the XSCF time. showdate(8), setdate(8) • Reset and display the time subtraction showdateoffset(8) between the XSCF and the domain. resetdateoffset(8) (See Section 2.2.6, “Time Administration” on page 2-92) When the system time is updated, the XSCF reset is done and the XSCF session is...
Page 49 XSCF> showssh SSH status: enabled SSH DSCP: accept RSA key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEArmf46B4xSvunUNZPWOi4mRbqO9hsunxHitwR/ 0P6NTQbNK8BqCpCsyzK6nfjrARztO1rgXIdFfXLDEIY2hudEkuMCjyorX1HK+d8WH C7eydTCM8Edwwtwm0Q4o66peB/QwI/OL4lDCNRg+4aGyWUHZBwmiwahum+7MJDCKs fKKM= Fingerprint: 1024 14:75:fd:5c:e1:68:79:f6:db:cb:a7:36:25:53:25:9a DSA key: ssh-dss AAAAB3NzaC1kc3MAAACBAMMG1ewTyceFX7EnKuDIp1BVnuxf+UTtALVinkfXLQbUn gn84G8xp9GPnWOpNqiWXxAL8wInQrpz9wFd7n4sZk74HALM+gIhpjbpdXR76FpEvO MzCi6qYuv4yQ/0+uKCHmJEfzIOvQnDoofVElXYRKxTIyQY5+mtsf+44IoGzJbxAAA AFQCTNSxe0+5hbDziCOlgvch7FdUM3QAAAIBKGSbFr3XMYxubT7ViDHHIFgFpjEMw DREJD05g7XwlslgFX4Ff2nqItepyfnok/CeDi1bv1Xs0JGAGsbcwpBeKe7YcSepM3 xe8vGXSIdVqGbfDvqbO9P1q1n58qEKTA2Cj5L9a+6usSYfKHOSDhnvX3R8/Hk+Iiy 6EUaVSaJUHjgAAAIAZ+qQahRLAMuOq5FCuQ000xgfZzExRBIa1Q7sBhMTrg1dksKP +yPN9YjIw6QJXUD69acCWHD+nIKBTnSdO/NdwxDRKU2+9cOvNriUpbs5RoZgiCNCd 7nMMQUMFTzc78nd3w+pcjD5mBB6kELKuQurWbIDELTgYJcfm52C9TlR5WA== Fingerprint: 1024 e2:66:1a:c8:8f:37:6f:ec:6c:2a:d4:93:a7:6f:dc:5c 7. Installing the user public key. Before using the SSH user key for an XSCF-LAN connection, generate a user ■...
Page 50 8. Configure the network. • Display and set the DSCP showdscp(8), setdscp(8), • Display XSCF network settings (enable/disable, IP shownetwork(8), address, netmask) and configure/remove an XSCF setnetwork(8) network. • Display and set XSCF host name. showhostname(8), sethostname(8) • Display XSCF route settings (destination IP address, showroute(8), setroute(8) gateway, netmask, interface) and configure an XSCF route.
Page 51 RSA key fingerprint is xxxxxx Connecting? [yes|no] : yes Type the passphrase you have already set in the case that you would be using SSH with user key authentication. Enter passphrase for key ’/home/nana/.ssh/id_rsa’ :xxxxxxxx Warning: No xauth data; using fake authentication data for X11 forwarding.
Page 52 This manual does not provide details on LDAP, Active Directory, and LDAP/SSL, so see the available LDAP, Active Directory, and LDAP/SSL manuals. 10. Configure the LDAP settings. Configure XSCF as an LDAP client. ■ • Display and set LDAP client information. showldap(8), setldap(8) (See Section 2.2.3, “LDAP Administration”...
Page 53 14. Configure the log archiving settings. • Display log archiving settings and showarchiving(8), setarchiving(8) configure log archiving. (See Section 2.2.10, “Log Archiving Administration” on page 2-127) 15. Configure the audit settings. • Display audit settings and configure showaudit(8), setaudit(8) auditing. (See Section 2.2.9, “Audit Administration”...
Page 54 19. Configure the domain settings. • Display domain information and specify showboards(8), showdcl(8), setdcl(8) the domain configuration. (DCL displaying and settings, configuration policy settings, System board settings) • Add, delete, or move a system board. addboard(8), deleteboard(8), moveboard(8) (See Section 2.2.13, “Domain Configuration” on page 2-146) In the M3000 server, you cannot perform operations such as setting the domain...
Page 55: Setup Summary Using The Xscf Web
21. Configure the Locale settings. • Display and set the Locale. showlocale(8), setlocale(8) (See Section 2.2.16, “Locale Administration” on page 2-190) 22. Configure the Altitude Administration settings. • Display altitude settings and configure showaltitude(8), setaltitude(8) altitude. (See Section 2.2.17, “Altitude Administration”...
Page 56 Before attempting to establish a connection to the XSCF and log in from the web browser window of the XSCF Web, perform Step 1 Step 8 Section 2.1.1, “Setup Summary by the XSCF Shell” on page 2-3, and enable https in Section 2.2.8, “Https Administration”...
Page 57: Specifying The Xscf Settings
10. Establish a connection to XSCF and log in from a web browser. Specify the host name or the IP address of the XSCF during the network ■ configuration, in a web browser running on a PC with an XSCF-LAN port used to establish a connection to the XSCF.
Page 58: Specifying The Xscf Settings
Specifying the XSCF Settings This section describes the XSCF settings in detail. XSCF settings can be made in the following ways: On the PC connected to the serial port, or you can specify the IP address of the ■ XSCF to establish a connection to the XSCF, and then use the XSCF Shell over an Ethernet or a user LAN connection.
Page 59: Network Configuration
2.2.1 Network Configuration Network Configuration is used to specify items relating to network interfaces like XSCF-LANs and Domain-SP Communication Protocol(DSCP), also, routing, and DNS. lists terms used in Initial Configuration. TABLE 2-1 Network Configuration Terms TABLE 2-1 Term Explanation XSCF network General term for an interface required in XSCF network configuration.
Page 60 lists setting items and the corresponding shell commands. TABLE 2-2 To complete the network settings, the XSCF reset is required. Reset the XSCF by using the rebootxscf(8) command. After the XSCF is reset, the XSCF session is disconnected. Please log in again to the XSCF. Network Configuration TABLE 2-2 Item...
Page 61 Network Configuration (Continued) TABLE 2-2 Item Description Shell Command Remarks Host Sets a host name and a domain name for the No default setting sethostname name/domain XSCF Unit. has been specified. name FQDN cannot be specified for the host name. A host name can be specified up to 64 characters.
Page 62 Network Configuration (Continued) TABLE 2-2 Item Description Shell Command Remarks Add/delete DNS Add or delete the IP address of a name No default setting setnameserver server and the domain name of a search has been specified. path. If the DNS Up to three name servers can be registered.
Page 63 XSCF network interface configuration The XSCF network interface includes the following. LAN (XSCF-LAN) for users to access to XSCF ■ LAN (ISN) for the communication between XSCF Units (M8000/M9000 servers ■ only) LAN (DSCP) for the communication between XSCF and each domain ■...
Page 64 Network Interface Required for XSCF Network Configuration (In the FIGURE 2-1 High-End Servers) Server DomainID 1 DomainID 0 DomainID X 10+X XSCFU#1 XSCFU#0 Ethernet 1-6; Addresses of XSCF-LAN Inside LAN 7,8; Addresses of Inter SCF Network(ISN) 9,10,..,10+X; Addresses of DSCP links Chapter 2 Setting Up XSCF 2-21...
Page 65: Network Configuration
Number Description Number Description XSCF-LAN#0 address ISN address. (XSCFU#0 side) (XSCFU#0 side) XSCF-LAN#0 address ISN address. (XSCFU#1 side) (XSCFU#1 side) Takeover IP address DSCP link address between XSCF-LAN#0s (XSCF side) XSCF-LAN#1 address 10 or DSCP link addresses (XSCFU#0 side) later (Domains side) XSCF-LAN#1 address (XSCFU#1 side)
Page 66 To make the IP address redundant, specify the same subnet address to the LAN port of XSCFU#0 side and to the LAN port of XSCFU#1 side which share the same LAN port number. Also, The IP address of XSCF-LAN#0 and the IP address of XSCF-LAN#1 must be specified in different subnet addresses.
Page 67 5. Specify the host name, routing, and DNS. In the M8000/M9000 servers, subsequently to the XSCFU#0 side, specify the host name and the routing of the XSCFU#1 side. (See showhostname(8), sethostname(8), showroute(8), setroute(8), shownameserver(8), and setnameserver(8).) 6. Configure IP packet filtering rules. Configure IP packet filtering rules for XSCF-LANs.
Page 68 Enabling or Disabling the XSCF Network and Specifying an IP Address and Netmask for the Network and DSCP Command operation ■ 1. Use the shownetwork(8) command to display network interface information. <Example 1> Display information on all network interfaces of XSCF. XSCF>...
Page 69 2. Use the showdscp(8) command to display DSCP information. <Example> Display DSCP information. XSCF> showdscp DSCP Configuration: Network: 192.168.244.0 Netmask: 255.255.255.0 Location Address ---------- --------- XSCF 192.168.244.1 Domain #00 192.168.244.2 Domain #01 192.168.244.3 Domain #02 192.168.244.4 Domain #03 192.168.244.5 3. Use the setnetwork(8) command to specify network interface information. <Example 1>...
Page 70 4. Use the setdscp(8) command (see Note) to specify network interface information. < Example 1> Specify the entire DSCP network IP address 192.168.2.0 and netmask 255.255.255.0. XSCF> setdscp -i 192.168.2.0 -m 255.255.255.0 <Example 2> Specify IP address 192.168.2.1 for the XSCF. XSCF>...
Page 71: Specifying A Host Name For Xscf
This is because the DSCP communication protocol, PPP (Point to Point Protocol), does not notify the netmask value specified by the -m option to the domain side, and also because the ifconfig(1M) displays the netmask value corresponding to the class of IP address in the DSCP interface. Note –...
Page 72 Configuring XSCF Routing In a redundant XSCF unit configuration, the following are examples of data when routing is done in each subnet. <Example> XSCF Unit 0 XSCF Unit 1 xscf#0-lan#0 [192.168.1.10] xscf#1-lan#0 [192.168.1.20] +------------------------------+ XSCF-LAN#0 XSCF-LAN#0 XSCF Unit 0 XSCF Unit 1 xscf#0-lan#1 [10.12.108.10] xscf#1-lan#1 [10.12.108.20] +------------------------------+ XSCF-LAN#1...
Page 73 2. Use the setroute(8) command to specify the routing environment for a network interface. <Example 1> Add routing with Destination 192.168.1.0 and Netmask 255.255.255.0 to XSCF-LAN#0 in the XSCFU#0. XSCF> setroute -c add -n 192.168.1.0 -m 255.255.255.0 xscf#0-lan#0 <Example 2> Add routing with the default network for Destination and Gateway 10.12.108.1 to XSCF-LAN#1 in the XSCFU#0.
Page 74 2. Use the setnameserver(8) command to specify the name server and the search path. <Example 1> Add the three IP addresses 10.0.0.2, 172.16.0.2, and 192.168.0.2 as name servers. XSCF> setnameserver 10.0.0.2 172.16.0.2 192.168.0.2 <Example 2> Delete all available name servers. XSCF>...
Page 75 Configuring IP Packet Filtering Rules for XSCF Network Command operation ■ 1. Use the showpacketfilters(8) command to display the IP packet filtering rules for XSCF-LANs. <Example 1> Display the IP packet filtering rules settings for XSCF network. XSCF> showpacketfilters -a -i xscf#0-lan#0 -j ACCEPT -i xscf#0-lan#1 -j ACCEPT -s 173.16.0.0/255.255.0.0 -j ACCEPT...
Page 76 <Example 1> Permit the IP address 192.168.100.0/255.255.255.0 to go through. XSCF> setpacketfilters -y -c add -i xscf#0-lan#0 -s 192.168.100.0/255.255.255.0 -s 192.168.100.0/255.255.255.0 -i xscf#0-lan#0 -j ACCEPT NOTE: applied IP packet filtering rules. Continue? [y|n] :y <Example 2> Communication to xscf#0-lan#0 exclusively accepts those IP packets sent from the 192.168.100.0/255.255.255.0 network.
Page 77 Note – You can set the IP filtering rules to the input packets, not to the output packets. Applying the XSCF Network Settings Command operation ■ 1. After performing the setnetwork(8), sethostname(8), setroute(8), and setnameserver(8) commands, apply these Network settings. 2.
Page 78 XSCF> rebootxscf The XSCF will be reset. Continue? [y|n] :y At this time, the window session is disconnected, so please reconnect to the XSCF ■ by using the new network interface and log in again. 4. Display the Network Configuration by using the shownetwork(8), showhostname(8), showroute(8) and shownameserver(8) commands again and check the new network information.
Page 79: User Account Administration
3. Use the traceroute(8) command to confirm the network path to network devices. <Example> Display the network path to the host server.example.com. XSCF> traceroute server.example.com traceroute to server.example.com (XX.XX.XX.XX), 30 hops max, 40 byte packets XX.XX.XX.1 (XX.XX.XX.1) 1.792 ms 1.673 ms 1.549 ms XX.XX.XX.2 (XX.XX.XX.2) 2.235 ms...
Page 80 lists setting items and the corresponding shell commands. TABLE 2-4 User Account Administration TABLE 2-4 Item Description Shell Command Remarks Display user Displays user account management The item displayed is showuser account information. Never, which means management unlimited. information Add/delete user Adds or deletes a user account.
Page 81 User Account Administration (Continued) TABLE 2-4 Item Description Shell Command Remarks Password policy Sets a password policy as described below. • Once an account is setpassword-pol locked after password • Minimum number of days that must expiration, its user elapse before the password can be must contact the changed (Mindays) system administrator...
Page 82 User Account Administration (Continued) TABLE 2-4 Item Description Shell Command Remarks Enable/disable Enables or disables the lockout function. setloginlockout • The lockout is disabled lockout function by default. To disable the lockout, specify 0 minutes for lockout period. To enable lockout, •...
Page 83 Adding or Deleting a User Account and Specifying a Password Command operation ■ 1. Use the showuser(8) command to display all of the user account information. (See the description of the password policy in TABLE 2-4 XSCF> showuser -l User Name: user001 UID: Status:...
Page 84: Specifying A User Privilege
3. Use the password(8) command to specify a password. <Example 1> Specify a password. XSCF> password jsmith Changing password for platadm (current) XSCF password: xxxxxx New XSCF password: xxxxxx BAD PASSWORD: is too similar to the old one New XSCF password: xxxxxx BAD PASSWORD: it is too simplistic/systematic New XSCF password: xxx BAD PASSWORD: it’s WAY too short...
Page 85 3. Use the showuser(8) command to confirm the privilege. XSCF> showuser -p User Name: jsmith Privileges: useradm auditadm Enabling or Disabling a User Account Command operation ■ 1. Use the showuser(8) command to display user account settings. XSCF> showuser -a 2.
Page 86 2. Use the setpasswordpolicy(8) command to specify a password policy. <Example> Specify 3 for the retry count, an eight-character password containing at least two digits, 60 days for the expiration period, and 15 days for the advance notice of expiration. XSCF>...
Page 87: Ldap Administration
2.2.3 LDAP Administration LDAP administration is used to specify items relating to LDAP clients. The LDAP server, bind ID, password, baseDN and so on are set. In the LDAP server, the XSCF user information is managed. Note – This section does not cover LDAP configuration and administration. An administrator who is familiar with LDAP should perform the LDAP design.
Page 88 lists setting items and the corresponding shell commands: TABLE 2-6 LDAP Administration TABLE 2-6 Item Description Shell command Remarks Display the Displays the use of an LDAP server for showlookup use of LDAP authentication and privilege lookup. Enable/ Enables or disables the use of an LDAP server If this specifies that setlookup disable the...
Page 89 Note – PEM: Abbreviation for Privacy Enhanced Mail. Mail to be sent is encrypted for increased privacy. Enabling or Disabling the LDAP Server Command operation ■ 1. Use the showlookup(8) command to display the lookup method of authentication and user privileges. XSCF>...
Page 90 2. Use the setldap(8) command to configure an LDAP client. <Example 1> Specify bind ID and search base (baseDN). XSCF> setldap –b "cn=Directory Manager" –B "ou=People,dc=users,dc= apl,dc=com,o=isp" <Example 2> Specify bind password. XSCF> setldap -p Password:xxxxxxxx <Example 3> Specify the primary and secondary LDAP servers and port numbers.
Page 91 3. Use the showldap(8) command to confirm that you have imported the certificate chain. XSCF> showldap Bind Name: cn=Directory Manager Base Distinguished Name: ou=People,dc=users,dc=apl,dc=com,o=isp LDAP Search Timeout: Bind Password: LDAP Servers: ldap://onibamboo:389 ldaps://company2.com:636 CERTS: Exists Testing a Connection to an LDAP Server Command operation ■...
Page 92: Active Directory Administration
2.2.4 Active Directory Administration Active Directory administration is used to specify items relating to Active Directory clients. The Active Directory server, loading of server certificate, group name, privileges, user domain, log, DNS locator query, and so on are set. In the Active Directory server, the XSCF user information is managed.
Page 93 If the defaultrole parameter is not configured or set, user privileges are learned ■ from the Active Directory server based on the user’s group membership. On XSCF, the group parameter must be configured with the corresponding group name from the Active Directory server. Each group has privileges associated with it which are configured on the XSCF.
Page 94 Active Directory Administration (Continued) TABLE 2-8 Item Description Shell command Remarks Enable/ Enables or disables the expanded search mode. The expanded search mode is setad disable disabled by default. The expanded search mode is only enabled expanded when to address specific customer environment search mode where user's account is not UserPrincipalName (UPN) format.
Page 95 Active Directory Administration (Continued) TABLE 2-8 Item Description Shell command Remarks Operator Assigns group name for up to five specified setad group operator groups. The operator group has platop and auditop privileges and you cannot change that. Custom group Assigns group name and privileges for up to setad five groups.
Page 96 While Active Directory is enabled, when you attempt to login to XSCF via the ■ telnet, you might fail to login due to timeout of the query to secondary alternated server or later. If the specified timeout is too brief for the configuration, the login process or ■...
Page 97 Specifying an Active Directory Server and Port Number Command operation ■ 1. Use the showad(8) command to display Active Directory server settings. XSCF> showad server Primary Server address: (none) port: 0 XSCF> showad server -i Alternate Server address: (none) port: 0 Alternate Server address: (none) port: 0...
Page 98 3. Use the showad(8) command to confirm the Active Directory server setting. XSCF> showad server Primary Server address: 10.24.159.150 port: 8080 XSCF> showad server -i Alternate Server address: 10.24.159.151 port: 0 Alternate Server address: (none) port: 0 Alternate Server address: (none) port: 0 Alternate Server address: (none)
Page 99 3. Use the showad(8) command to confirm the DNS locator mode status. XSCF> showad dnslocatormode: enabled expsearchmode: disabled state: enabled strictcertmode: disabled timeout: 4 logdetail: none Configuring the DNS locator Query Command operation ■ 1. Use the showad(8) command to display the configuration of the DNS locator query.
Page 100 Enabling or Disabling the Expanded Search Mode Command operation ■ 1. Use the showad(8) command to display the expanded search mode status. XSCF> showad dnslocatormode: enabled expsearchmode: disabled state: enabled strictcertmode: disabled timeout: 4 logdetail: none 2. Use the setad(8) command to enable or disable the expanded search mode. <Example1>...
Page 101 2. Use the setad(8) command to enable or disable the strictcertmode. <Example1> Enable the strictcertmode. XSCF> setad strictcertmode enable <Example2> Disable the strictcertmode. XSCF> setad strictcertmode disable 3. Use the showad(8) command to confirm the strictcertmode status. XSCF> showad dnslocatormode: enabled expsearchmode: enabled state: enabled strictcertmode: enabled...
Page 102 Loading or Deleting the Server Certificate Command operation ■ 1. Use the showad(8) command to display the server certificate information. XSCF> showad cert Primary Server: certstatus = certificate not present issuer = (none) serial number = (none) subject = (none) valid from = (none) valid until = (none) version = (none)
Page 103 2. Use the setad(8) command to load the server certificate to the XSCF. <Example1> Loads a server certificate for the primary server using a username and password XSCF> setad loadcert -u yoshi http://domain_2/UID_2333/testcert Warning: About to load certificate for Primary Server. Continue? [y|n]: y Password: <Example2>...
Page 104 3. Use the showad(8) command to confirm that the server certificate is loaded. XSCF> showad cert Primary Server: certstatus = certificate present issuer = DC = local, DC = xscf, CN = apl serial number = 55:1f:ff:c4:73:f7:5a:b9:4e:16:3c:fc:e5:66:5e:5a subject = DC = local, DC = xscf, CN = apl valid from = Mar 9 11:46:21 2010 GMT valid until = Mar...
Page 105 Setting a user domain Command operation ■ 1. Use the showad(8) command to display user domains. XSCF> showad userdomain domain 1: (none) domain 2: (none) domain 3: (none) domain 4: (none) domain 5: (none) 2. Use the setad(8) command to set the user domain. <Example1>...
Page 106 2. Use the setad(8) command to set default roles. XSCF> setad defaultrole platadm platop 3. Use the showad(8) command to confirm the default roles. XSCF> showad defaultrole Default role: platadm platop Chapter 2 Setting Up XSCF 2-63...
Page 107 Setting Group name and privileges Command operation ■ 1. Use the showad(8) command to display the group name. <Example1> Displays configuration for administrator group. XSCF> showad group administrator Administrator Group 1 name: (none) Administrator Group 2 name: (none) Administrator Group 3 name: (none) Administrator Group 4 name: (none)
Page 108 2. Use the setad(8) command to set group name and privileges. <Example1> Sets administrator group 1. XSCF> setad group administrator -i 1 name CN=SpSuperAdmin,OU= Groups,DC=davidc,DC=example,DC=aCompany,DC=com <Example2> Sets operator group 1. XSCF> setad group operator -i 1 name CN=OpGroup1,OU=SCFTEST,DC= aplle,DC=local <Example3> Sets custom group 1. XSCF>...
Page 109 3. Use the showad(8) command to confirm the group name and privileges. <Example1> Confirm administrator group. XSCF> showad group administrator Administrator Group 1 name: CN=<USERNAME>,CN=SpSuperAdmin,OU=Groups,DC=davidc,DC= example,DC=aCompany,DC=com Administrator Group 2 name: (none) Administrator Group 3 name: (none) Administrator Group 4 name: (none) Administrator Group 5 name: (none) <Example2>...
Page 110 The administrator group has platadm, useradm, and auditadm privileges and you cannot change that. Also the operator group has platop and auditop privileges and you cannot change that. Setting timeout Command operation ■ 1. Use the showad(8) command to display timeout period. XSCF>...
Page 111 Enabling or Disabling the Logging of Active Directory Authentication and Authorization Diagnostic Messages Command operation ■ 1. Use the showad(8) command to display the log detail level. XSCF> showad dnslocatormode: enabled expsearchmode: enabled state: enabled strictcertmode: enabled timeout: 10 logdetail: none 2.
Page 112 2. Use the showad(8) command to display the diagnostic messages. <Example> Displays diagnostic messages in real time. XSCF> showad log -f Mon Nov 16 14:47:53 2009 (ActDir): module loaded, OPL Mon Nov 16 14:47:53 2009 (ActDir): --error-- authentication status: auth-ERROR Mon Nov 16 14:48:18 2009 (ActDir): module loaded, OPL 3.
Page 113 3. Use the showad(8) command to confirm the default settings. XSCF> showad dnslocatormode: disabled expsearchmode: disabled state: disabled strictcertmode: disabled timeout: 4 logdetail: none 2-70 SPARC Enterprise Mx000 Servers XSCF User’s Guide • January 2012...
Page 114: Ldap/Ssl Administration
2.2.5 LDAP/SSL Administration LDAP/SSL administration is used to specify items relating to LDAP/SSL clients. The LDAP/SSL server, loading of server certificate, group name, privileges, user domain, log, and so on are set. In the LDAP/SSL server, the XSCF user information is managed.
Page 115 LDAP/SSL server. Each group has privileges associated with it which are configured on the XSCF. A user's group membership is used to determine the user's privileges once authenticated. 2-72 SPARC Enterprise Mx000 Servers XSCF User’s Guide • January 2012...
Page 116 lists setting items and the corresponding shell commands: TABLE 2-10 LDAP/SSL Administration TABLE 2-10 Item Description Shell command Remarks Display the Displays the current setting of LDAP/SSL, such showldapssl status of as enabled/disabled, usermapmode, and so on. LDAP/SSL Enable/ Enables or disables the use of an LDAP/SSL LDAP/SSL is disabled setldapssl disable the...
Page 117 LDAP/SSL Administration (Continued) TABLE 2-10 Item Description Shell command Remarks Load/Delete Loads or deletes the certificate of primary and The strictcertmode must be in setldapssl certificate up to five alternate LDAP/SSL servers. the disabled state for a certificate to be removed. Display Displays the userdomain.
Page 118 Before LDAP/SSL settings Note the following before settings: LDAP/SSL is supported in XCP1091 or later. ■ The useradm privilege is required for the LDAP/SSL settings. ■ If the XSCF is configured to use LDAP, Active Directory, or LDAP/SSL for user ■...
Page 119 3. Use the showldapssl(8) command to confirm the use of LDAP/SSL server. XSCF> showldapssl usermapmode: disabled state: enabled strictcertmode: disabled timeout: 4 logdetail: none Specifying an LDAP/SSL Server and Port Number Command operation ■ 1. Use the showldapssl(8) command to display LDAP/SSL server settings. XSCF>...
Page 120 3. Use the showldapssl(8) command to confirm the LDAP/SSL server setting. XSCF> showldapssl server Primary Server address: 10.18.76.230 port: 4041 XSCF> showldapssl server -i Alternate Server address: 10.18.76.231 port: 0 Alternate Server address: (none) port: 0 Alternate Server address: (none) port: 0 Alternate Server address: (none)
Page 121 3. Use the showldapssl(8) command to confirm the usermapmode status. XSCF> showldapssl usermapmode: enabled state: enabled strictcertmode: disabled timeout: 4 logdetail: none Configuring or Clearing the Usermap Command operation ■ 1. Use the showldapssl(8) command to display the configuration of the usermap. XSCF>...
Page 122 4. Use the setldapssl(8) command to clear the usermap. <Example1> Clears the attribute information. XSCF> setldapssl usermap attributeInfo <Example2> Clears the bind distinguished name. XSCF> setldapssl usermap binddn <Example3> Clears the bind password. XSCF> setldapssl usermap bindpw <Example4> Clears the search base. XSCF>...
Page 123 3. Use the showldapssl(8) command to confirm the strictcertmode status. XSCF> showldapssl usermapmode: enabled state: enabled strictcertmode: enabled timeout: 4 logdetail: none If strictcertmode is enabled, the server's certificate must have already been uploaded to the XSCF. 2-80 SPARC Enterprise Mx000 Servers XSCF User’s Guide • January 2012...
Page 124 Loading or Deleting the Server Certificate Command operation ■ 1. Use the showldapssl(8) command to display the server certificate information. XSCF> showldapssl cert Primary Server: certstatus = certificate not present issuer = (none) serial number = (none) subject = (none) valid from = (none) valid until = (none) version = (none)
Page 125 2. Use the setldapssl(8) command to load the server certificate to the XSCF. <Example1> Loads a server certificate for the primary server using a username and password XSCF> setldapssl loadcert -u yoshi http://domain_3/UID_2333/testcert Warning: About to load certificate for Primary Server. Continue? [y|n]: y Password: <Example2>...
Page 126 3. Use the showldapssl(8) command to confirm that the server certificate is loaded. XSCF> showldapssl cert Primary Server: certstatus = certificate present issuer = DC = local, DC = xscf, CN = apl serial number = 55:1f:ff:c4:73:f7:5a:b9:4e:16:3c:fc:e5:66:5e:5a subject = DC = local, DC = xscf, CN = apl valid from = Mar 9 11:46:21 2010 GMT valid until = Mar...
Page 127 Setting a user domain Command operation ■ 1. Use the showldapssl(8) command to display user domains. XSCF> showldapssl userdomain domain 1: (none) domain 2: (none) domain 3: (none) domain 4: (none) domain 5: (none) 2. Use the setldapssl(8) command to set the user domain. <Example1>...
Page 128 3. Use the showldapssl(8) command to confirm the default roles. XSCF> showldapssl defaultrole Default role: platadm platop Chapter 2 Setting Up XSCF 2-85...
Page 129 Setting Group name and privileges Command operation ■ 1. Use the showldapssl(8) command to display the group name. <Example1> Displays configuration for administrator group. XSCF> showldapssl group administrator Administrator Group 1 name: (none) Administrator Group 2 name: (none) Administrator Group 3 name: (none) Administrator Group 4 name: (none)
Page 130 2. Use the setldapssl(8) command to set group name and privileges. <Example1> Sets administrator group 1. XSCF> setldapssl group administrator -i 1 name CN=SpSuperAdmin,OU= Groups,DC=davidc,DC=example2,DC=aCompany,DC=com <Example2> Sets operator group 1. XSCF> setldapssl group operator -i 1 name CN=OpGroup1,OU= SCFTEST,DC=aplle2,DC=local <Example3> Sets custom group 1. XSCF>...
Page 131 3. Use the showldapssl(8) command to confirm the group name and privileges. <Example1> Confirm administrator group. XSCF> showldapssl group administrator Administrator Group 1 name: CN=<USERNAME>,CN=SpSuperAdmin,OU=Groups,DC=davidc,DC= example2,DC=aCompany,DC=com Administrator Group 2 name: (none) Administrator Group 3 name: (none) Administrator Group 4 name: (none) Administrator Group 5 name: (none) <Example2>...
Page 132 The administrator group has platadm, useradm, and auditadm privileges and you cannot change that. Also the operator group has platop and auditop privileges and you cannot change that. Setting timeout Command operation ■ 1. Use the showldapssl(8) command to display timeout period. XSCF>...
Page 133 2. Use the setldapssl(8) command to set the log detail level. <Example1> Enable the log and trace is set for detail level. XSCF> setldapssl logdetail trace <Example2> Disable the log. XSCF> setldapssl logdetail none 3. Use the showldapssl(8) command to confirm the log detail level. XSCF>...
Page 134 Change the LDAP/SSL Settings Back to the Default Command operation ■ 1. Use the showldapssl(8) command to display the LDAP/SSL settings. XSCF> showldapssl usermapmode: enabled state: enabled strictcertmode: enabled timeout: 10 logdetail: trace 2. Use the setldapssl(8) command to change the LDAP/SSL setting back to the default.
Page 135: Time Administration
2.2.6 Time Administration Time administration is used to specify the time and the NTP settings for this system. The server (all domains) uses the XSCF Unit clock as the reference time. Note – The customer should decide the NTP server operating mode. For details on NTP, see the NTP manuals.
Page 136 lists the settings and the corresponding shell commands. TABLE 2-11 Setting Time and Date TABLE 2-11 Item Description Shell Command Remarks Display time Displays the time zone and Daylight Saving showtimezone zone Time information. Time zone Sets the time zone and Daylight Saving The time zone provided by settimezone Time.
Page 137: Specifying A Time Zone
Setting Time and Date (Continued) TABLE 2-11 Item Description Shell Command Remarks Prefer Specifies/cancels “prefer” to an NTP server The default is prefer setntp for XSCF network. specified. If prefer is specified, the NTP server specified first by setntp (8) command has priority over the others.
Page 138: Specifying A Daylight Saving Time
<Example 1> Display the timezone list. XSCF> settimezone -c settz -a Africa/Abidjan Africa/Accra <Example 2> Set the timezone. XSCF> settimezone -c settz -s Asia/Tokyo Asia/Tokyo The set time zone takes effect after executing the command. 3. Use the showtimezone(8) command to confirm the setting. Specifying a Daylight Saving Time Command operation ■...
Page 139 2. Use the settimezone(8) command to set the Daylight Saving Time information. <Example 1> Sets the Daylight Saving Time information as follows: abbreviation of time zone is JST, the offset from GMT is +9 hours, the name of Daylight Saving Time is JDT, the offset of Daylight Saving Time from GMT is +10 hours, and the time period is from the first Sunday of April 0:00(JST) to the first Sunday of September 0:00(JDT).
Page 140: Setting The Xscf Time
Setting the XSCF Time Command operation ■ 1. Use the showdate(8) command to display the XSCF time. <Example 1> Display the current time with local time. XSCF> showdate Mon Jan 23 14:53:00 JST 2006 <Example 2> Display the current time with UTC. XSCF>...
Page 141 Configuring an NTP Server Command operation ■ 1. Use the showntp(8) command to display the NTP server for the XSCF network. XSCF> showntp -a server ntp1.example.com prefer server ntp2.example.com 2. Use the showntp(8) command to check synchronization and display the status. XSCF>...
Page 142: Specifying Or Canceling Prefer For Ntp Server
5. Use the showntp(8) command to confirm the NTP server. XSCF> showntp -a server ntp1.red.com prefer server ntp2.blue.com Specifying or Canceling prefer for NTP Server Command operation ■ 1. Use the showntp(8) command to display the prefer settings. XSCF> showntp -m prefer : on localaddr : 0 2.
Page 143 Changing Stratum Value for XSCF Command operation ■ 1. Use the showntp(8) command to display the stratum value for the XSCF network. XSCF> showntp -s stratum : 5 2. Use the setntp(8) command to change a stratum value. <Example> Set 7 as stratum value for XSCF network. XSCF>...
Page 144 2. Use the setntp(8) command to change a clock address of the XSCF's own local clock. <Example> Set 1 as the least significant byte of the clock address. XSCF> setntp -m localaddr=1 Please reset the XSCF by rebootxscf to apply the ntp settings. When you use the setntp(8) command to specify the localaddr value, execute the rebootxscf(8) command to apply the specified configuration and reset the XSCF.
Page 145 XSCF> showntp –l remote refid st t when poll reach delay offset jitter ============================================================================== 192.168.1.2 LOCAL(0) 10 1024 0.000 0.000 0.000 *127.127.1.0 .LOCL. 0.000 0.000 0.008 Of the two NTP server outputs, the upper (192.168.1.2) indicates the NTP server which is set by using the setntp(8) command. The refid is LOCAL(0), which means that the local clock which has the address of "127.127.1.0"...
Page 146: Setting The Domain Time To The Xscf Time
specified. By specifying either from 1 to 3, the address of an NTP server which is referring to the local clock does not correspond to the address of the XSCF internal local clock anymore, and a server which is referring to the local clock can also be set as the NTP server of XSCF.
Page 147: Ssh/Telnet Administration
5. Use the poweron(8) command to turn on power to all domains. XSCF> poweron -a DomainIDs to power on:00,01,02,03 Continue? [y|n] :y 00 :Powering on 01 :Powering on 02 :Powering on 03 :Powering on *Note* This command only issues the instruction to power-on. The result of the instruction can be checked by the "showlogs power".
Page 148: Ssh Client
SSH/Telnet Administration Terms TABLE 2-12 Term Description RW console RW (Read and Write). This is a write-enabled OS console (domain console). RO console RO (Read Only). This is a read-only OS console SSH Client In this system, you can use the following SSH clients. Oracle Solaris Secure Shell ■...
Page 149 SSH/Telnet Administration (Continued) TABLE 2-13 Item Description Shell command Remarks Host key Generates an SSH2 host key (RSA key and When the SSH is enabled setssh DSA key). first, the host key is generated. The DSA key length is 1024 bits. The RSA key length is 1024 bits by default.
Page 150 Note – The control function of SSH access from domain by XSCF Shell command is supported only on M3000/M4000/M5000/M8000/M9000 servers that run certain versions of XCP firmware (beginning with XCP 1081). Note – The XCP 1110 is the first release to support the RSA key of 2048 bit length. Chapter 2 Setting Up XSCF 2-107...
Page 151 Enabling or Disabling SSH/Telnet Command operation ■ 1. Use the showssh(8) command to display SSH settings or use the showtelnet(8) command to display telnet settings. <Example 1> Display SSH settings XSCF> showssh SSH status: enabled SSH DSCP: accept RSA key: DSA key: <Example 2>...
Page 152 Permitting or Refusing the SSH Access to XSCF from Domain via DSCP Command operation ■ 1. Use the showssh(8) command to display SSH settings. XSCF> showssh SSH status: enabled SSH DSCP: accept RSA key: DSA key: 2. Use the setssh(8) command to permit or refuse the SSH access to XSCF from domain via DSCP.
Page 153: Specifying An Ssh Host Key
Specifying an SSH Host Key Command operation ■ 1. Use the showssh(8) command to display the host key and fingerprint. XSCF> showssh SSH status: enabled SSH DSCP: accept RSA key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAt0IG3wfpQnGr51znS9XtzwHcBBb/UU0LN08Si lUXE6j+avlxdY7AFqBf1wGxLF+Tx5pTa6HuZ8o8yUBbDZVJAAAAFQCfKPxarV+/5q zK4A43Qaigkqu/6QAAAIBMLQl22G8pwibESrh5JmOhSxpLz l3P26ksI8qPr+7BxmjLR0k= Fingerprint: 1024 e4:35:6a:45:b4:f7:e8:ce:b0:b9:82:80:2e:73:33:c4 DSA key: ssh-dss AAAAB3NzaC1kc3MAAACBAJSy4GxD7Tk4fxFvyW1D0NUDqZQPY3PuY2IG7QC4BQ1ke wDnblB8/JEqI+8pnfbWzmOWU37KHL19OEYNAv6v+WZT6RE...
Page 154: Specifying The Timeout Period Of Ssh/Telnet
Specifying the Timeout Period of SSH/Telnet Command operation ■ 1. Use the showlogout(8) command to display the timeout period. XSCF> showautologout 30min 2. Use the setautologout(8) command to set the timeout period. <Example 1> Specify 255 (minutes) for the timeout period. XSCF>...
Page 155 4. Use the showssh(8) command to confirm the user public key and its number. <Example> The user key is set by number 1. XSCF> showssh -c pubkey Public key: 1 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzFh95SohrDgpnN7zFCJCVNy+jaZ PTjNDxcid/QGbihYDCBttI4151Y0Sv85FJwDpSNHNKoVLMYLjtBmUMPbGgGVB61qs kSv/FeV44hefNCZMiXGItIIpKP0nBK4XJpCFoFbPXNUHDw1rTD9icD5U/wRFGSRRx FI+Ub5oLRxN8+A8= efgh@example.com Do the SSH connection by using the user account of XSCF on the client software when you log in the XSCF Shell next time.
Page 156: Https Administration
2.2.8 Https Administration Use https administration to specify the settings required for operating the web browser window of the XSCF Web over an XSCF-LAN connection. Here, you can specify the enabling/disabling of https and configure https settings. In this system, https is disabled by default.
Page 157 5. Enable https. Step 1 Step 5 above, specify each option using the sethttps(8) command. Also, when using the XSCF Web, select the appropriate items for each setting. When the XSCF Unit is redundant, the https settings are automatically applied to ■...
Page 158: Https Administration
https Administration (Continued) TABLE 2-15 Item Description Shell Command Remarks External When the external CA and CA in Intranet are Specify the following sethttps authentication used, set the following. Distinguished Name for making a CSR. • Create a web server private key of XSCF •...
Page 159 Enabling or Disabling Https Command operation ■ 1. Use the showhttp(8) or the showhttps(8) command to display https settings. <Example> Display the https settings. XSCF> showhttps HTTPS status: enabled Server key: installed in Apr 24 12:34:56 JST 2006 CA key: installed in Apr 24 12:00:34 JST 2006 CA cert: installed in Apr 24 12:00:34 JST 2006 CSR: -----BEGIN CERTIFICATE REQUEST-----...
Page 160 3. To enable the https, the XSCF reset is required. Use the rebootxscf(8) command to reset the XSCF. XSCF> rebootxscf The XSCF will be reset. Continue? [y|n] :y After the XSCF reset, the XSCF session is disconnected. Please log in again to the ■...
Page 161 4. Send the copied CSR to the CA and request the web server certificate. 5. Perform the sethttps(8) command with option for import. Then copy and paste the signed web server certificate in the window. Please press Enter and press the "Ctrl" and "D" keys. Then the importing is completed. XSCF>...
Page 162 Creating a Web Server Certificate by Constructing the Self CA Command operation ■ 1. Use the sethttps(8) command to create a self-signed web server certificate by specifying the DN. <Example> Specify the DN (JP, Kanagawa, Kawasaki, Example, Development, scf-host, abc@example.com) XSCF>...
Page 163: Audit Administration
2.2.9 Audit Administration Audit administration is used to specify logging of access details, such as which users logged in to XSCF, their login times, and the operations that they executed. In the server, the default access audit setting is enabled. The main audit settings include the access audit enable/disable setting (see ) and audit trail management TABLE 2-16...
Page 164 Audit Administration Terms (Continued) TABLE 2-16 Term Description Audit trail Set of audit files. The user refers to an audit trail to analyze the information contained in it. Audit policy Audit settings. The audit policy mainly defines whether auditing is enabled or disabled and the management method when audit trail becomes full.
Page 165 Audit Administration (Continued) TABLE 2-17 Item Description Shell Command Remarks Display audit Displays an audit trail. • To use a delimiter as part of viewaudit trail input data, enclose it in To display an audit trail, select one of the items quotation marks.
Page 166 If the audit trail becomes full while count is the specified policy, new audit trail data is discarded, and the number of times that records are dropped is counted. If you plan to specify suspend, you need to generate in advance a user account that has the auditadm privilege specified, and whose audit policy is set to disable.
Page 167 Enabling or Disabling Audit, Transferring a Log File, and Deleting Audit Data Command operation ■ 1. Use the showaudit(8) command to display audit settings. <Example> Display all information on the current audit status in the system. XSCF> showaudit all Auditing: enabled Audit space used: 13713 (bytes)
Page 168: Specifying The Audit Policy
Specifying the Audit Policy Command operation ■ 1. Use the showaudit(8) command to display the audit policy. XSCF> showaudit all Auditing: enabled Audit space used: 13713 (bytes) Audit space free: 4180591 (bytes) Records dropped: Policy on full trail: suspend User global policy: enabled Mail: Thresholds:...
Page 169 3. Use the showaudit(8) command to confirm the setting. XSCF> showaudit all Auditing: enabled Audit space used: 13713 (bytes) Audit space free: 4180591 (bytes) Records dropped: Policy on full trail: count User global policy: enabled Mail: yyyy@example.com Thresholds: 50% 75% 90% User policy: Events: AEV_AUDIT_START...
Page 170: Log Archiving Administration
2.2.10 Log Archiving Administration This section explains how to set the log archiving function, which saves the logs retained on an XSCF Unit. The archive host, the archive directory, enable/disable for the log archiving and so on are set. Note – Logs archived on the log host should be rotated at regular intervals to avoid loss of log information.
Page 171 Log Archiving Administration (Continued) TABLE 2-19 Item Description Shell Command Remarks Password Sets a password used for ssh login to the The password is used for setarchiving archive host. the ssh login. Host public Sets a public key used in server authentication •...
Page 172 Specifying a Host Name, Directory Name, Login User Name and Password for the Target of Log Archiving, and Enabling or Disabling the Log Archiving Command operation ■ 1. Use the showarchiving(8) command to display log archiving settings. <Example> No values have been set for the settings XSCF>...
Page 173 4. Use the showarchiving(8) command to confirm the settings. XSCF> showarchiving *** Archiving Configuration *** Archiving state ---------- Enabled Archive host ------------- example.com Archive directory -------- /var/logs/xx User name for ssh login -- foo Specifying the Host Public Key for the Archive Host Command operation ■...
Page 174 Setting Capacity Limits for the Log Archiving Function Command operation ■ 1. Use the showarchiving(8) command to display the amount of space used for log archiving. XSCF> showarchiving -v *** Archiving Configuration *** Archiving state ---------- Enabled Archive host ------------- example.com Archive directory -------- /var/logs/this-xscf/xx User name for ssh login -- foo Archive host public key -- Server authentication disabled...
Page 175: Snmp Administration
Displaying Log Archiving Error Information Command operation ■ ● Use the showarchiving(8) command to display details of log archiving errors. <Example 1> Three errors occurred XSCF> showarchiving -e 2004/06/17 01:12:12 - Failed to connect to the archive host. - Output from ssh: "ssh: foo.bar: host not responding" 2004/06/19 22:15:46 - Failed to create a file on the archive host.
Page 176 SNMP Administration Terms (Continued) TABLE 2-20 Term Description VACM Abbreviation for View-based Access Control Model. This view-based access control model is defined by SNMPv3. Group Users belonging to a VACM model. The group is defined in the access privilege of every user in the group.
Page 177: Snmp Administration
SNMP Administration (Continued) TABLE 2-21 Item Description Shell Command Remarks SNMPv1/ Enables/disables SNMPv1 and SNMPv2c The community string setsnmp SNMPv2c communication. used to enable communication SNMPv1/SNMPv2c is Read-Only. SNMPv3 trap Makes the following SNMPv3 trap settings: • Must start with 0x, but setsnmp also consist of an even •...
Page 178 SNMP Administration (Continued) TABLE 2-21 Item Description Shell Command Remarks Sets USM management information for the • SNMPv3 settings. setsnmpusm management following for the SNMP agent: • Specify the password information • Specifying a user authentication algorithm over 8 characters. •...
Page 179 Setting the SNMP Agent’s System Management Information and Enabling/Disabling the SNMP Agent Command operation ■ 1. Use the showsnmp(8) command to display the SNMP settings. <Example> Display of the status when no management information has been set XSCF> showsnmp Agent Status: Disabled Agent port: System Location:...
Page 180: Setting Snmpv3 Trap
Setting SNMPv3 Trap Command operation ■ 1. Use the showsnmp(8) command to display SNMP settings. <Example> Display of the status when settings have been made for SNMPv1 and SNMPv2c XSCF> showsnmp Agent Status: Enabled Agent Port: System Location: MainTower21F System Contact: foo@example.com System Description: DataBaseServer Trap Hosts:...
Page 181 3. Confirm the SNMPv3 trap settings. XSCF> showsnmp Agent Status: Enabled Agent Port: System Location: MainTower21F System Contact: musha@jp.fujitsu.com System Description: DataBaseServer Trap Hosts: Hostname Port Type Community String Username Auth Protocol -------- ---- ---- ---------------- -------- ------------- host3 yyyyy...
Page 182 Enabling/Disabling the SNMPv1 and SNMPv2c Communication Command operation ■ 1. Use the showsnmp(8) command to display SNMP settings. XSCF> showsnmp 2. Use the setsnmp(8) command to enable the SNMPv2c agent. <Example 1> Enable SNMPv1 and SNMPv2c XSCF> setsnmp enablev1v2c public <Example 2>...
Page 183 Disabling Traps to the Target Host of SNMPv1/SNMPv2c Command operation ■ 1. Use the showsnmp(8) command to display SNMP settings. XSCF> showsnmp 2. Use the setsnmp(8) command to disable the trap destination host of the SNMPv1 or SNMPv2c target. <Example> Disables trap host for SNMPv2c type. XSCF>...
Page 184 5. Confirm the SNMP settings. XSCF> showsnmp Note – When you changed the SNMP settings back to the default, if the Sun Management Center (Sun MC) is being used, the SNMP agent information for Sun MC is also cleared. To set the SNMP agent information for Sun MC again, execute the setsunmc(8) command with the -s option.
Page 185 3. Use the showsnmpusm(8) command to display USM management information. XSCF> showsnmpusm Username Auth Protocol -------------- ------------------ yyyyy user2 Creating a User Account in an Access Control Group, Deleting a User Account From an Access Control Group, Creating and Deleting MIB Access Control Views, Providing an MIB Access Control View to a Group, and Deleting a Group From All MIB Access Control Views, All of Which is VACM Management Information...
Page 186: Mail Administration
2. Use the setsnmpvacm(8) command to set VACM management information. <Example 1> Add a user to an access control group xxxxx. XSCF> setsnmpvacm creategroup -u yyyyy xxxxx <Example 2> Delete a user from an access control group xxxxx. XSCF> setsnmpvacm deletegroup -u yyyyy xxxxx <Example 3>...
Page 187 lists the settings and the corresponding shell commands. TABLE 2-22 Mail Administration TABLE 2-22 Shell Item Description Command Remarks Display SMTP Displays SMTP server setting showsmtp server settings information. SMTP server Sets the host name or IP address of the No default value has been setsmtp SMTP server.
Page 188: Smtp Server
Specifying the Host Name, Port Number, and Reply Address of the SMTP Server Command operation ■ 1. Use the showsmtp(8) command to display SMTP server setting information. XSCF> showsmtp Mail Server: Port: 25 Authentication Mechanism: none Reply address: 2. Use the setsmtp(8) command to set SMTP server setting information. <Example 1>...
Page 189: Domain Configuration
Enabling or Disabling the Mail Report Function and Specifying the Recipient Address Used for Notification Command operation ■ Specifying the Host Name, Port Number, 1. Set the SMTP server as described in and Reply Address of the SMTP Server. Use the showemailreport(8) command to display mail report setting information.
Page 190 In the M3000 server, you cannot perform the operations such as setting the domain configuration, or adding or deleting the system board. Domain has been configured by default and cannot be changed. However, you can set the configuration policy and display the domain information. For an overview of the domain and the system board, see the Overview Guide for your server.
Page 191: Domain Configuration
Domain Configuration Terms (Continued) TABLE 2-23 Term Description Domain Divides hardware resources in this system into independent software-based units. Configuration Partitioning is performed with XSCF as follows: 1. XSBs are defined with each consisting of a CMU or MBU and an I/O unit divided by software.
Page 192 Domain Configuration Terms (Continued) TABLE 2-23 Term Description XSB status The power status and the diagnostic, assignment, and integration conditions of a system board belonging to a domain are displayed for each XSB. The progress of changes in conditions can be found by switching the domain configuration. The XSB status information can be referred to with showdcl(8) and showboards(8).
Page 193 Number of Domains and XSBs for Each System TABLE 2-24 Range of Domain Maximum Number of System XSBs Memory Mirror (Note) Entry-level systems The system containing Not available 1 CPU chip. (M3000 server) Midrange systems The system containing 0 - 1 4 (1 x 4) Enabled for both up to 4 CPU chips.
Page 194 If a PSB has one XSB number, the Uni-XSB configuration is assumed; and if it has four XSB numbers, the Quad-XSB configuration is assumed. PSB, XSB, and LSB Numbers to be Assigned (Decimal) TABLE 2-25 XSB Number XSB Number (Quad-XSB) PSB Number (Note) (Uni-XSB) (Note) (Note)
Page 195 DCL Information (Continued) TABLE 2-26 DCL Item Setting Details and Notes Floating Board True : Selects a Floating Board. False : Does not select a Floating Board (default). Configuration policy FRU : Removal in units of Field Replaceable Unit (FRU) components. (Default) XSB : Removal in XSB units System : Hardware is degraded in units of domains or the relevant domain is stopped without degradation.
Page 196 XSB Status Information TABLE 2-27 Item Explanation XSB number XSB number. Domain ID. LSB number that is used for domain. assignment Status of pre-arranged registration in a domain (Assignment) unavailable: ..The XSB is in the system board pool (not assigned to a domain) and its status is one of the following: not-yet diagnosed, under diagnosis, or diagnosis error.
Page 197 XSB Status Information (Continued) TABLE 2-27 Item Explanation fault_code Indicates that state of a degradation in the XSB. (Fault) Normal: ..Normal. Degraded: ..A component is to be removed. Faulted: ..Error found in initial diagnosis. Reservation Displays the reservation status of XSB. If * mark is displayed in the XSB, DR processing is reserved.
Page 198 Domain Hardware and Software Configurations lists the hardware resources that configure a domain. XSCF manages the FIGURE 2-2 hardware configuration of each domain in the server. The CPU and the memory (DIMM) are installed in a CMU or MBU. The domain uses CPU, memory, and I/O device logically divided as one system board.
Page 199 XSCF-Domain Correlation Diagram FIGURE 2-3 XSCF modules SCF Interface DSCP Interface XSCF-Domain Command XSCF-Domain network Domain modules 2-156 SPARC Enterprise Mx000 Servers XSCF User’s Guide • January 2012...
Page 200 show XSB hardware configuration diagrams in the FIGURE 2-4 FIGURE 2-5 midrange servers. The number of hardware resources depends on whether the PSB type is a Uni-XSB or Quad-XSB. are examples when two FIGURE 2-4 FIGURE 2-5 CMUs are mounted on the MBU. XSB Configuration Diagram (Uni-XSB) (In the Midrange Servers) FIGURE 2-4 When PSB#n is Uni-XSB type...
Page 201 XSB Configuration Diagram (Quad-XSB) (In the Midrange Servers) FIGURE 2-5 When PSB#n is Quad-XSB type Memory I/O device XSB#00-0 Memory XSB#00-1 I/O device Memory XSB#00-2 Memory XSB#00-3 Memory XSB#01-0 I/O device Memory XSB#01-1 I/O device Memory XSB#01-2 Memory XSB#01-3 2-158 SPARC Enterprise Mx000 Servers XSCF User’s Guide •...
Page 202 show XSB hardware configuration diagrams in the FIGURE 2-6 FIGURE 2-7 high-end servers. The number of hardware resources depends on whether the PSB type is a Uni-XSB or Quad-XSB. shows Uni- XSB hardware configuration diagrams in high-end servers. FIGURE 2-6 XSB Configuration Diagram (Uni-XSB) (In the High-End Servers) FIGURE 2-6 When PSB#n is Uni-XSB type...
Page 203 shows Quad-XSB hardware configuration diagrams in high-end servers. FIGURE 2-7 XSB Configuration Diagram (Quad-XSB) (In the High-End Servers) FIGURE 2-7 When PSB#n is Quad-XSB type CMU#n IOU#n XSB#xx-0 Memory I/O device XSB#xx-1 Memory I/O device XSB#xx-2 Memory I/O device XSB#xx-3 Memory I/O device 2-160...
Page 204 shows Uni-XSB hardware configuration diagrams in an entry-level server. FIGURE 2-8 The PSB type is fixed to Uni-XSB. In the entry-level server, the number of domains is one, and the domain fully uses the resources in the PSB XSB Configuration Diagram (Uni-XSB) (In the Entry-Level Server) FIGURE 2-8 Domain Configuration Procedure and Reference Sources The steps from making domain configuration settings to activating a domain are...
Page 205 Note – For the procedure for installing, removing, or replacing a system board in the server, see the Service Manual for your server. Also, for details on using the DR function, see the Dynamic Reconfiguration User’s Guide. Note – For an overview of configuring domains, including an extensive example, refer to the Administration Guide.
Page 206 Domain Configuration (Continued) TABLE 2-28 Item Description Shell command Remarks Delete from Deletes an XSB from a domain. • The XSB is placed in deleteboard domain the assigned state Specify the following: when "disconnect" is • Number of the deleted XSB performed.
Page 207 Displaying the XSB Status By referring to the XSB status of a domain, the user obtains information about an XSB, such as whether its has been assigned and whether it has been recognized by the Oracle Solaris OS. Such information also includes the current process and state of the XSB and whether it was added or deleted successfully.
Page 208 Displaying or Specifying DCL Information Command operation ■ 1. Use the showdcl(8) command to display DCL information. <Example> Display DCL information on domain ID 2. XSCF> showdcl -v -d 2 Status No-Mem No-IO Float Cfg-policy Powered Off System 00-0 False False False 2.
Page 209 3. Use the showdcl(8) command to display DCL information. XSCF> showdcl -va System No-Mem No-IO Float Cfg-policy Powered Off System 00-0 False False False 01-0 False False False 01-1 False False False 01-2 False False False 01-3 False False False 2-166 SPARC Enterprise Mx000 Servers XSCF User’s Guide •...
Page 210 Assigning or Configuring a System Board to a Domain Command operation ■ 1. After the DCL information, use the showfru(8), showdcl(8) commands to display XSB status information. XSCF> showfru –a sb Device Location XSB Mode Memory Mirror Mode Quad XSCF> XSCF>...
Page 211 3. Use the addboard(8) command to add an XSB and use the showboards(8) command to confirm the XSB status. <Example> Assign XSB#00-0, XSB#01-0, XSB#01-1, XSB#01-2, XSB#01-3 to domain ID 2. XSCF> addboard -c assign -d 2 00-0 01-0 01-1 01-2 01-3 XSB#00-0 will be assigned to DomainID 2.
Page 212 6. Use the showboards(8) command to confirm the XSB status. (See TABLE 2-27 XSCF> showboards –va R DID(LSB) Assignment Conn Conf Test Fault ---- - -------- ----------- ---- ---- ---- ------- -------- ---- 00-0 02(00) Assigned Passed Normal 01-0 02(07) Assigned Passed Normal...
Page 213 Deleting a System Board From a Domain Command operation ■ 1. Use the showdevices(8) command to display the usage of XSB resources. <Example> Display usage of XSB resources of domain ID 2. XSCF> showdevices -d 2 CPU: ---- DID XSB state speed ecache...
Page 214 2. Use the showboards(8) command to display XSB status information. XSCF> showboards –va R DID(LSB) Assignment Conn Conf Test Fault ---- - -------- ----------- ---- ---- ---- ------- -------- ---- 00-0 02(00) Assigned Passed Normal 01-0 02(07) Assigned Passed Normal 01-1 02(08) Assigned...
Page 215 Note – When you delete the system board, please confirm the domain status, the system board status, the device usage status on the system board, and also the processes usage that are bound to the CPU or are accessing I/O devices. Then confirm whether you should be able to delete the system board.
Page 216 3. Use the showdcl(8) command to confirm the DCL information. XSCF> showdcl –a Status Powered Off 00-0 01-1 01-2 01-3 ------------------------------------------ Powered Off 00-0 01-0 01-1 01-2 01-3 4. Use the showboards(8) command to display XSB status information. XSCF> showboards –va R DID(LSB) Assignment Conn Conf Test Fault...
Page 217 6. Use the showboards(8) command to display the XSB status again. XSCF> showboards –va R DID(LSB) Assignment Conn Conf Test Fault ---- - -------- ----------- ---- ---- ---- ------- -------- ---- 00-0 02(00) Assigned Passed Normal 01-0 01(00) Assigned Passed Normal 01-1 Available...
Page 218: System Board Configuration
2.2.14 System Board Configuration System board configuration settings are used to specify XSB division information for a PSB and configure the memory mirror mode. System board configuration is a function which is available on the M4000/M5000/M8000/M9000 servers. In the M3000 server, the system board has been configured by default and you cannot change the settings.
Page 219: System Board Configuration
System Board Configuration (Continued) TABLE 2-30 Item Description Shell Command Remarks Delete device The device, such as a system board, is deleted. (Note 2) deletefru Replace device The device, such as a system board, is replaced. (Note 2) replacefru Diagnosis Diagnose the system board.
Page 220: Setting The Memory Mirror Mode For A Psb
3. Use the showfru(8) command to display information on dividing a PSB into XSBs. XSCF> showfru –a sb Device Location XSB Mode Memory Mirror Mode Quad Setting the Memory Mirror Mode for a PSB Command operation ■ 1. Use the showfru(8) command to display PSB memory mirror mode information.
Page 221: Domain Mode Configuration
4. Use the testsb(8) command to check the PSB, then check the results by using the showboards(8) command. XSCF> testsb 0 Initial diagnosis is about to start. Continue? [y|n] : y Initial diagnosis is executing. Initial diagnosis has completed. Test Fault ---- ------- -------- 00-0 Passed...
Page 222: Domain Mode Configuration
lists terms used in domain mode configuration. TABLE 2-31 Domain Mode Configuration Terms TABLE 2-31 Term Description Initial hardware Sets a POST diagnostic level. diagnostic level The following levels can be set: • Maximum • Standard • None Host watchdog Based on communication between XSCF and a domain, the host watchdog function checks whether the domain is alive (heart beat or alive check).
Page 223 lists setting items and the corresponding shell commands. TABLE 2-32 Domain Mode Configuration TABLE 2-32 Item Description Shell command Remarks Display Displays domain host ID, ethernet address (mac showdomainmode domain mode address), and domain mode setting information setting on the specified domain. information Initial Sets the initial hardware diagnostic level for the...
Page 224: Operational Modes
Note – The display for domain ethernet address (mac address) by the showdomainmode(8) command is supported only on M3000/M4000/M5000/M8000/M9000 servers that run certain versions of XCP firmware (beginning with XCP 1082). The Status of the Mode Switch on Oracle Solaris OS When you execute the prtdiag(1M) command on Oracle Solaris OS, either "LOCK"...
Page 225 Note – Supported firmware releases and Oracle Solaris releases vary based on processor type. For details, see the Product Notes that apply to the XCP release running on your server and the latest version of the Product Notes (no earlier than XCP version 1100).
Page 226 SPARC64 VI Compatible Mode (for M4000/M5000/M8000/M9000 servers only) ■ All processors in the domain behave like and are treated by the Oracle Solaris OS as SPARC64 VI processors. The extended capabilities of SPARC64 VII+ and SPARC64 VII processors are not available in this mode. Domains 1 and 2 in correspond to this mode.
Page 227 DR operations work normally on M4000/M5000/M8000/M9000 server domains running in SPARC64 VI Compatible Mode. You can use DR to add, delete or move boards with any of the processor types, which are all treated as if they are SPARC64 VI processors. The M3000 servers do not support DR operations. DR also operates normally on domains running in SPARC64 VII Enhanced Mode, with one exception: You cannot use DR to add or move into the domain a system board that contains any SPARC64 VI processors.
Page 228 Changing the Initial Hardware Diagnostic Level Command operation ■ 1. Use the showdomainmode(8) command to display the initial hardware diagnostic level. <Example> Display the initial hardware diagnostic levels of domain ID 0. XSCF> showdomainmode -d 0 -v Host-ID :0f010f10 Diagnostic Level :min Secure Mode :off...
Page 229 2. Use the setdomainmode(8) command to change the initial hardware diagnostic level. <Example> Specify the maximum initial hardware diagnostic level for domain ID 0. XSCF> setdomainmode -d 0 -m diag=max Diagnostic Level :min -> max Secure Mode :off -> - Autoboot ->...
Page 230 2. Use the setdomainmode(8) command to specify host watchdog and break signal suppression. <Example> Enable Host watchdog and Break signal suppression for domain ID 0. XSCF> setdomainmode -d 0 -m secure=on Diagnostic Level :max -> - Secure Mode :off -> on Autoboot ->...
Page 231 2. Use the setdomainmode(8) command to disable automatic boot. <Example> Disable automatic boot for domain ID 0. XSCF> setdomainmode -d 0 -m autoboot=off Diagnostic Level :max -> - Secure Mode -> - Autoboot -> off CPU Mode :auto -> - The specified modes will be changed.
Page 232 3. Use the setdomainmode(8) command to set the CPU operational mode. <Example> Specify SPARC64 VI compatible mode for CPU operational mode of domain ID 0. XSCF> setdomainmode -d 0 -m cpumode=compatible Diagnostic Level :max -> - Secure Mode -> - Autoboot ->...
Page 233: Locale Administration
2.2.16 Locale Administration Locale administration is used to set the XSCF Shell default locale. lists setting items and the corresponding shell commands. TABLE 2-35 Locale Administration TABLE 2-35 Item Description Shell Command Remarks Display locale Displays the locale of XSCF Shell. showlocale Locale Specify the following a default locale:...
Page 234: Altitude Administration
2.2.17 Altitude Administration This section explains the altitude settings. The server changes the system monitoring due to the altitude of the server. Therefore, the operator must set the altitude during the initial system setting. This setting is done by FEs. With the altitude setting, the fan speed level varies by the environmental temperature.
Page 235: Dvd Drive/Tape Drive Unit Administration
2.2.18 DVD Drive/Tape Drive Unit Administration DVD drive/tape drive unit configuration is used to specify a DVD drive unit and tape drive unit by specifying a PCI card port that can connect to the DVD/tape drive. Note – A DVD drive unit and tape drive unit needs to be specified only for M8000/M9000 servers.
Page 236 lists the settings and the corresponding shell commands. TABLE 2-38 DVD Drive/Tape Drive Unit Configuration TABLE 2-38 Item Description Shell Command Remarks Display DVD Displays the DVD drive/tape drive unit setting cfgdevice drive/tape information for an IOUA port. drive unit setting information Sets the target IOUA port for connecting or...
Page 237 Changing the DVD Drive/Tape Drive Unit Settings Command operation ■ 1. Use the cfgdevice(8) command to display DVD drive/tape drive unit settings. <Example> Display DVD drive/tape drive unit setting information. XSCF> cfgdevice -l Current connection for DVD/DAT: Main chassis: port 0-2 Expansion chassis: port 8-0 Expander status Port No.
Page 238: Save And Restore Xscf Configuration Information
Save and Restore XSCF Configuration Information To save/restore the XSCF configuration information, execute the dumpconfig(8) and the restoreconfig(8) command in the XSCF Shell. When the command is executed with some options, all XSCF configuration information is saved at the specified location and is restored from the specified location. Note –...
Page 239 The dumpconfig(8) command can encrypt saved data by specifying an option. ■ You can safely restore the encrypted data by performing the restoreconfig(8) command, then input the specified key when saving. The head of the saved configuration file contains the following identification data. ■...
Page 240 Saving the Configuration Information to a Specified Target Directory Over a Network Command operation ■ 1. Perform the dumpconfig(8) command specifying the target directory. XSCF> dumpconfig ftp://server/backup/backup-sca-ff2-16.txt 2. When the data transfer is complete, confirm the identification data in the head of the saved configuration file.
Page 241 3. Perform the restoreconfig(8) command and specify the local USB device on the XSCF Unit for the input file. XSCF> restoreconfig file:///media/usb_msd/backup-file.txt Configuration backup created on Tue Jul 19 17:04:48 2011 *** You will need to power-cycle the entire system after this operation is completed *** Do you want to restore this configuration to your system? [y|n]: 4.
Page 242 3. The message includes the identification data. Verify that the correct desired configuration file was selected and answer yes to continue. 4. The XSCF will be reset. After about 10 minutes, the data is restored and the XSCF halts. Note – If a serial terminal is connected to the XSCF Unit, you should see the message, "XSCF BOOT STOP (recover by NFB-OFF/ON)".
Page 243: Connecting To The Xscf And The Server
C H A P T E R Connecting to the XSCF and the Server This chapter describes how to connect consoles and terminals to XSCF in order to use the software, and how to connect to the server. Connect Terminals to the XSCF XSCF monitors and controls the server.
Page 244: Terminal Operating Modes For Connection To Xscf
3.1.1 Terminal Operating Modes for Connection to XSCF shows the terminal operating modes for connecting to XSCF. FIGURE 3-1 Operating Modes for Connection to XSCF (In Midrange Servers) FIGURE 3-1 SSH/telnet/ SSH/telnet/ https https connection connection Terminal Terminal Mail Router notification XSCF-LAN Server...
Page 245: Port And Terminal Types Connected To The Xscf
3.1.2 Port and Terminal Types Connected to the XSCF As shown in , two types of ports, serial and Ethernet, can be used for FIGURE 3-1 connecting to the XSCF and the XSCF terminal. Serial The XSCF Shell and domain console (OS console) can be used while a terminal is connected to a serial port.
Page 246 lists the types of terminals connected to each port shown in TABLE 3-1 FIGURE 3-1 corresponding port numbers. Types of Terminals Connected With XSCF TABLE 3-1 Port Terminal Type Port Number, Cable XSCF-LAN port XSCF Shell terminal SSH: 22 (2 ports per XSCF •...
Page 247: About The Xscf-Lan/The Dscp Link Port Number And The Function And The Firewall
Types of Terminals Connected With XSCF (Continued) TABLE 3-1 Port Terminal Type Port Number, Cable Serial port XSCF Shell terminal A RS-232C serial crosscable is (One per XSCF Unit) • The XSCF Shell can be used immediately following connection required. to a serial port.
Page 248 XSCF-LAN Port Numbers and Connection Directions for Functions TABLE 3-2 Port Number / Protocol Function Connection Direction 22/TCP XSCF Shell (SSH) External network -> XSCF 22/TCP Log archiving, firmware update and data collector XSCF -> External network (snapshot) 23/TCP XSCF Shell (telnet) External network ->...
Page 249: Connecting To Xscf Via The Serial Port
3.1.4 Connecting to XSCF via the Serial Port The following is the procedure for connecting to a terminal to XSCF via the serial port. 1. Confirm that a serial cable is inserted into the serial connector on the front of the XSCF Unit, and confirm that the PC and workstation to be used are correctly connected.
Page 250: Connecting To Xscf Using Ssh Via The Lan Port
3. On the PC or workstation to be used, use one of the following procedures: Connecting the XSCF Shell terminal ■ a. Establish a connection via the serial port to use the XSCF Shell terminal. b. Enter a user account and password to login to the XSCF Shell. c.
Page 251: Connecting To Xscf Using Telnet Via The Lan Port
Note – To start up the SSH client, see your SSH manual. For details on login, see Chapter Connecting the domain console (OS console) ■ a. If the domain is powered off, use the poweron(8) command for the domain on the XSCF Shell terminal and turn it on to start the Oracle Solaris OS. Step a Step c “Connecting the XSCF Shell...
Page 252: Switching Between The Xscf Shell And The Domain Console
Example of Starting the Terminal Emulator FIGURE 3-3 a. To establish a telnet connection, activate the terminal emulator and specify the IP address of XSCF and port number 23. In the systems with redundant XSCF Units, specify the IP address of active XSCF. b.
Page 253: Types Of Xscf Connections
1. Perform the console(8) command on the XSCF Shell terminal screen to select the domain console. XSCF> console -d 0 Note – One RW console can be connected in one domain. If a user with platadm or domainadm user privilege forcibly connects a RW console, the currently connected RW console is disconnected.
Page 254: Connecting Xscf Via The Xscf-Lan Port Or The Serial Port
3.2.1 Connecting XSCF via the XSCF-LAN Port Or the Serial Port XSCF Connection via an XSCF-LAN Port (Recommended) Establish an XSCF connection via a XSCF-LAN port. The Ethernet connection used for XSCF connection is shown in . The XSCF connection to the LAN FIGURE 3-1 utilizes the functions listed below.
Page 255 shows the intranet connection. FIGURE 3-4 Intranet Connection (In a High-End Server) FIGURE 3-4 SSH/telnet/ https SSH/telnet/ connection https connection Terminal Terminal Mail Router Notification XSCF-LAN port Basic cabinet DomainID m XSCFU Intranet DomainID n User DomainID x XSCFU DomainID y User Serial port When you use the XSCF Shell, you can have high security by using SSH not telnet.
Page 256 shows the connection via an external network. FIGURE 3-5 Connection of External Internet Using VPN Communication (In High-End FIGURE 3-5 Server) SSH/telnet/ SSH/telnet/ https https connection Internet connection Terminal Terminal Mail Router Router Notification VPN communication XSCF-LAN port Basic cabinet DomainID m XSCFU DomainID n...
Page 257: Xscf-Lan And Serial Connection Purposes
XSCF Connection via a Serial Port Establish an XSCF connection via a serial port. Connect the serial port as shown in . An XSCF connection via the serial port has the following functions and FIGURE 3-1 advantages: XSCF Shell ■ Advantageous when connection to the LAN is not desirable for reasons of ■...
Page 258 In the example of the configuration shown in , if errors occur in either of FIGURE 3-6 the two LAN ports and its switch hub, its LAN is replaced by the other LAN. Moreover, if an error occurs in the switch hub, the other LAN can be relied on for notification.
Page 259 Example of LAN Port Connections Made Redundant FIGURE 3-6 Fire Wall Remote Services Basic cabinet DomainID m Maintenance port XSCFU DomainID n User DomainID x XSCFU DomainID y Fire Wall System User administration port Serial Direct attach port Serial for initial setup maintenance Port from XSCFU#0 Port from XSCFU#1...
Page 260 Example of LAN Port Connections Not Made Redundant FIGURE 3-7 Fire Wall Remote Services Basic cabinet DomainID m Maintenance port XSCFU DomainID n User DomainID x XSCFU DomainID y System administration port User Serial Direct attach port Serial for initial setup maintenance Port from XSCFU#0 Port from XSCFU#1...
Page 261 Example of a Connection With One LAN Port FIGURE 3-8 Fire Wall Basic cabinet Remote Services DomainID m Maintenance port XSCFU DomainID n User DomainID x XSCFU DomainID y Direct attach port for initial setup User maintenance Serial Serial Port from XSCFU#0 Port from XSCFU#1 (System with redundant XSCFU only) Chapter 3...
Page 262: Operation Of The Server
C H A P T E R Operation of the Server This chapter mainly describes operation of the server hardware. Display Server Hardware Environment This section describes methods for checking the configuration and status of the server hardware during system configuration or operation. To display the configuration and status of a server, use the XSCF Shell.
Page 263: Displaying System Information
4.1.1 Displaying System Information Command operation ■ 1. Use the showhardconf(8) command to check the mode switch status. XSCF> showhardconf SPARC Enterprise xxxx; + Serial:PP20605005; Operator_Panel_Switch:Locked; + Power_Supply_System:Single; SCF-ID:XSCF#0; + System_Power:On; System_Phase:Cabinet Power On; Domain#0 Domain_Status:Powered Off; MBU_B Status:Normal; Ver:0101h; Serial:7867000282 2.
Page 264 4. Use the showstatus(8) command to display information on degraded components in the system. XSCF> showstatus BP_A Status:Degraded; DDC_A#0 Status:Faulted; PSU#0 Status:Faulted; (This screenshot is provided as an example.) 5. Use the showenvironment(8) command to display the ambient temperature, humidity, and voltage of the system. XSCF>...
Page 265 The M8000/M9000 servers do not indicate Middle speed. The M3000 server indicates multi levels. In case errors detected in the fan, Full or High speed will be indicated. list the fan speed level indicated by using the TABLE 4-1 TABLE 4-2 TABLE 4-3 showenvironment(8) command, which corresponding to the altitude configured and the environmental temperature.
Page 266 Power consumption and Exhaust air To display power consumption and exhaust air of a server, use the power consumption monitoring function and the airflow indicator. Power consumption monitoring function and airflow indicator make it possible to routinely confirm the amount of power consumed on and airflow emitted while the server is up and running.
Page 267: Display Server Configuration/Status Information
The showenvironment power and showenvironment air commands do not include the information of External I/O Expansion Unit and peripheral I/O device. Also, the M4000/M5000/M8000/M9000 servers do not indicate power consumption by showenvironment command. For a power consumption value of the M4000/M5000/M8000/M9000 servers, see the SPARC Enterprise M4000/M5000 Servers Site Planning Guide or the SPARC Enterprise M8000/M9000 Servers Site Planning Guide.
Page 268 CPU/Memory board unit / Motherboard unit information ■ Unit number, status, version, serial number, FRU number, memory capacity, and type. In the M3000 server, the displayed information is CPU status, CPU operating frequency, CPU type, number of CPU cores, and number of CPU strands.
Page 269 The displayed information on each I/O boat includes the unit number, serial number, and link information. The displayed link information includes the version, serial number, and type. The displayed information on each power supply unit includes the unit number and serial number. XSCF Unit information ■...
Page 270: Display Domain Information
Note – 8GB DIMM is supported in XCP1081 or later. "Type" in the CPU/Memory board unit information is supported in XCP1090 or later on M8000/M9000 servers. "Type" in the Motherboard unit information is supported in XCP1100 or later on M4000/M5000 servers. "Type"...
Page 271: Domain Information
4.2.1 Domain Information Command operation ■ 1. Use the showdcl(8) command to check the domain ID, LSB number, configuration policy, No memory state (true/false), No IO state (true/false), floating board state, and degradation information. <Example 1> In the SPARC Enterprise M4000/M5000/M8000/M9000 servers XSCF>...
Page 272: Adding Or Removing Domains
3. Use the showboards(8) command to check the XSB number, domain ID, LSB number, and XSB status. XSCF> showboards -a DID(LSB) Assignment Conn Conf Test Fault ---- -------- ----------- ---- ---- ---- ------- -------- 00-0 00(00) Assigned Passed Normal 00-1 00(01) Assigned Passed Normal...
Page 273: Server And Domain Power Operations
■ deleteboard moveboard ■ For details on adding or changing a domain, see Chapter 2 of the XSCF Reference Manual or the Administration Guide. For details on using the DR function to change the domain configuration, see the Dynamic Reconfiguration User’s Guide. Server and Domain Power Operations This section describes power operations for servers and domains, and it explains how to display the power status of a server or domain.
Page 274: System Power On
Domain reset ■ Sending break signal to a domain ■ Air-conditioning wait time administration ■ Warm-up time administration ■ Dual power feed ■ 4.4.1 System Power On Command operation ■ 1. Use the showlogs power command to check the status of system power off. The System Power Off status means one of the following.
Page 275: System Power Off
3. Use the showlogs power command to check the system power on. XSCF> showlogs power Feb 26 14:12:19 JST 2010 System Power On Operator Service Note – Use the showdomainstatus(8) command to check the power status of the domain. 4.4.2 System Power Off Command operation ■...
Page 276: Domain Power On
Note – Only the domains that are able to be powered off are displayed. Note – If the poweroff(8) command is performed, and the shutdown has completed, then the domain is powered off. 4. Use the showlogs power command to check the system power off. XSCF>...
Page 277: Domain Power Off
4.4.4 Domain Power Off Command operation ■ 1. Use the showdomainstatus(8) command to check the power status of all domains. XSCF> showdomainstatus -a Domain Status Running Running Running Powered Off 2. Use the poweroff(8) command to turn off power to the specified domain. <Example 1>...
Page 278: Sending A Domain Panic Request
Note – If the poweroff(8) command is performed, and the shutdown has completed, then the domain is powered off. Caution – IMPORTANT - See the following paragraphs for important information about the domain power-off procedure. When Oracle Solaris OS of the domain is being booted, the power cannot be ■...
Page 279 <Example> Issue a panic instruction to the specified domain. XSCF> reset -d 0 panic DomainID to panic:00 Continue? [y|n] :y 00 :Panicked *Note* This command only issues the instruction to reset. The result of the instruction can be checked by the "showlogs power".
Page 280: Domain Reset
4.4.6 Domain Reset Command operation ■ 1. Use the showdomainstatus(8) command to check the power status of the domain. XSCF> showdomainstatus -a Domain Status Running Running Running Running 2. Use the reset(8) command to issue a reset instruction to the specified domain. <Example 1>...
Page 281: Sending A Break Signal To A Domain
3. Use the showdomainstatus(8) command to check the power status of the domain specified to be reset. XSCF> showdomainstatus -a Domain Status Booting/OpenBoot PROM prompt Running Running Running Note – When the mode switch on the operator panel is set to "Service" or auto boot is disabled by the setdomainmode(8) command, automatic boot of the Oracle Solaris OS after the reset instruction is suppressed.
Page 282: Air-Conditioning Wait Time Administration
3. Confirm ok prompt on the specified domain console. Note – To send the break signal to the domain, the domain mode setting is required. When the mode switch on the operator panel is set to Service, the automatic boot and host watchdog functions are suppressed and the break signal is received, regardless of the domain mode settings.
Page 283: Warm-Up Time Administration
4.4.9 Warm-Up Time Administration The warm-up time is intended to prevent the power supply unit and the fan from running until the power supply environments of peripheral units are prepared after the server starts the power-on processing. Once the warm-up time is set, the OpenBoot PROM will start after the server power supply is turned on, the power-on processing starts, and the set warm-up time elapses.
Page 284: Shutdown Wait Time Administration
Caution – IMPORTANT - When the power is turned on from the operator panel, the air-conditioning time and warm-up time that you set are ignored. If you have set these times and wish to observe them at startup, perform the poweron(8) command. 4.4.10 Shutdown Wait Time Administration The shutdown wait time administration is a setting to delay the shutdown start by...
Page 285 Command operation ■ 1. Use the showdualpowerfeed(8) command to display the current setting status of the dual power feed. XSCF> showdualpowerfeed Dual power feed is disabled. 2. Use the setdualpowerfeed(8) command to enable or disable the dual power feed of this system. <Example 1>...
Page 286: Identifying The Location Of The System
Identifying the Location of the System When more than one same type of system is installed in the same area, it may be difficult to locate the target system. You can easily find target machine, even when it does not have any faulty components, by using the XSCF Shell showlocator(8) command and looking for the blinking the CHECK LED on the operator panel.
Page 287: Clearing The Fault/Degradation Information
Command operation ■ ● Use the showstatus(8) command to display the unit status. An asterisk (*) is attached to a unit in abnormal status. <Example 1> The memory board and memory on the motherboard unit (MBU) are degraded due to failure. XSCF>...
Page 288: Changing The Time
Changing the Time The time of the server is based on the XSCF time. Time can be displayed or set to local time or UTC. For details on displaying or setting the system time, see Chapter Switching the XSCF Unit In some cases, such as when an error occurs in the LAN route of the XSCF Unit on the active side in a system in which the XSCF Unit is redundantly configured, it may be necessary to switch the active side over to the standby side.
Page 289: Displaying State Of An External I/O Expansion Unit And Administration
Caution – IMPORTANT - An XSCF reset or failover might prevet the above setting operation from completing. If a reset or failover occurs during the operation, log in to the active XSCF to determine if the operation succeeded. If not, try it again. For details on DR, see the Dynamic Reconfiguration User’s Guide.
Page 290 lists setting items and the corresponding shell commands. TABLE 4-5 External Administration I/O Expansion Unit TABLE 4-5 Item Description Shell Command Remarks Display list Displays a list of External I/O Expansion External I/O Expansion ioxadm Units and cards in the host slot is identified by Unit numbers are set in two the host_path to the card.
Page 291 External Administration (Continued) I/O Expansion Unit TABLE 4-5 Item Description Shell Command Remarks Display/set Displays and sets the locator LED state for Only one locator LED can ioxadm locator LED individual components in the specified be enabled or disabled at a (Note 2) External I/O Expansion Unit.
Page 292 Displaying a List of External I/O Expansion Units, I/O Boards, Link Cards, and Power Supply Units or Displaying Their Environment Information Command operation ■ ● Use the ioxadm(8) command to display a list of External I/O Expansion Units and downlink card paths and to display information for each component. <Example 1>...
Page 293 Displaying and Setting the Locator LED State of Each Specified Component in an External I/O Expansion Unit Command operation ■ ● Use the ioxadm(8) command to display or set the locator LED state of the specified component. <Example 1> Display the locator LED states of an External I/O Expansion Unit and components.
Page 294: Restore Factory Settings Of The Server Or Xscf Unit
Displaying and Clearing the Card with ESM Command operation ■ ● Use the ioxadm(8) command to display and clear runtime of the card with ESM. <Example 1> Display runtime of card with ESM using verbose output. XSCF> ioxadm -v lifetime IOU#0-PCI#1 Total Time On (% of life) Warning Time...
Page 295 2. Log in the XSCF Unit. 3. Use the restoredefaults(8) command to initialize the server (operator panel and XSCF Unit) or the XSCF Unit. For specifying an option in the restoredefaults(8) command, see the XSCF Reference Manual. Note – For this command support information, see the Product Notes for your server.
Page 296: Overview Of The Xscf Shell
C H A P T E R Overview of the XSCF Shell This chapter describes how to use the XSCF Shell. The chapter also describes how to use commands and log in with an XSCF user account. It also explains command errors.
Page 297 auditop: The user can refer to the audit method of the XSCF and the audit ■ records. auditadm: The user can control the audit to the XSCF. ■ fieldeng: The user can perform the commands for FEs. ■ outlines the XSCF Shell commands. For details on each command and user TABLE 5-1 privileges, see the man page or the XSCF Reference Manual.
Page 298 XSCF Commands (Continued) TABLE 5-1 Command Description Checks the response for a host. ping Displays the network path to the host by list. traceroute Sets the IP packet filtering rules to be used in the XSCF network. setpacketfilters Displays the IP packet filtering rules that are set in the XSCF network. showpacketfilters Specifies the time zone.
Page 299 XSCF Commands (Continued) TABLE 5-1 Command Description Displays LDAP/SSL client settings. showldapssl Configures the https settings. sethttps Displays the https settings. showhttps • Sets up platform-specific settings. setupplatform Note: In the platform-specific settings, the following items can be optionally configured. Each item is the same as the setting of Chapter •...
Page 300 XSCF Commands (Continued) TABLE 5-1 Command Description Specifies the number of XSB partitions of the system board and sets the memory setupfru mirror mode. Displays the specified number of XSB partitions of the system board and the showfru memory mirror mode that is set. Diagnoses the system board.
Page 301 XSCF Commands (Continued) TABLE 5-1 Command Description Displays the temperature, humidity, voltage, fan rotation speed, power showenvironment consumption, and exhaust airflow. Lists degraded components. showstatus Displays all components mounted in the server. showhardconf Turns on power to all domains or the specified domain. poweron Turns off power to all domains or the specified domain.
Page 302: Login To Xscf Shell
XSCF Commands (Continued) TABLE 5-1 Command Description Initializes the server or XSCF Unit to the factory shipping state. restoredefaults Saves log information to the specified destination. snapshot Displays the XSCF monitoring messages on console in real time. showmonitorlog Displays an error log, power log, event log, console log, panic log, IPL log, showlogs temperature/humidity log, and monitor message log.
Page 303: Operation From A Terminal Connected To The Serial Port
After login, if the shell has not been accessed for a certain period, XSCF ■ automatically terminates the shell. The default timeout period is 10 minutes. The timeout period can be specified. For details on specifying the timeout period, see Chapter In one domain, only one user can use the RW console (write-enabled console).
Page 304 2. From an SSH client, specify the IP address or host name of XSCF and the port number, if necessary (default port number 22), and use SSH connection via XSCF-LAN. 3. Enter a user account and password when prompted by XSCF. 4.
Page 305: Operation For Connecting Via The Xscf-Lan (Telnet)
The following is a login example: [foo@phar foo]% ssh june@192.168.0.2 The authenticity of host '192.168.0.2 (192.168.0.2)' can't be established. RSA key fingerprint is 03:4b:b4:b2:3d:4d:0c:24:03:ca:f1:63:f2:a7:f3:35. Are you sure you want to continue connecting ? [yes|no] : yes Warning: Permanently added '192.168.0.2' (RSA) to the list of known hosts. foo@phar's password:xxxxxx XSCF>...
Page 306: View Server Status And Control Commands
View Server Status and Control Commands This section describes the typical XSCF Shell commands that can be used to display the server status, operate the server, and control the server. For details on the commands, see the man page or the XSCF Reference Manual. For XSCF setup commands, see Chapter showenvironment...
Page 307 fmadm / fmdump / fmstat The server has an architecture that performs fault management (FMA) for CPUs, memory, and the I/O system during Oracle Solaris OS operation. The system administrator can use the fmadm(8) command to display configuration and status information about individual FMA modules that detect faults, perform fault diagnoses, and resolve faults.
Page 308: Server Configuration Information Commands
Server Configuration Information Commands This section describes the typical XSCF Shell commands used to display configuration information on components in the server, such as the number of CPUs and memory capacity, the XSCF network configuration, the time, and degradation information. showhardconf ■...
Page 309: Domain Control And Maintenance Commands
showntp / showdate The showntp(8) command displays the NTP server configured with the server and the XSCF's own local clock informations. The showdate(8) command displays the system standard time (XSCF time). The system administrator can use the showdate(8) command to determine the reference time used in the server. showstatus The system administrator can use the showstatus(8) command to list degraded components.
Page 310 console The console(8) command establishes a connection to the domain console. This command supports both interactive and read-only connections. showdcl / setdcl The showdcl(8) command displays the domain configuration information (DCL) specified for individual domains or LSBs that compose a domain, and the setdcl(8) command specifies the configuration.
Page 311: View And Archive The Xscf Logs
showdomainmode / setdomainmode In a certain domain, the user may want to suppress the break signal or panic with host watchdog or disable the automatic boot function. The system administrator can use the showdomainmode(8) command to display the related function settings and the setdomainmode(8) command to suppress or disable one of these functions for a domain.
Page 312: User Management And Security Commands
User Management and Security Commands This section describes the typical XSCF commands for user management and security management. showuser / adduser / deleteuser / enableuser / disableuser ■ password / setprivileges / showpasswordpolicy / setpasswordpolicy ■ showlookup / setlookup / showldap / setldap / showad / setad / showldapssl ■...
Page 313: Use The Xscf Other Commands
server. The showldapssl(8) and setldapssl(8) commands display and specify LDAP/SSL client settings, which are used when retrieving user informations from an LDAP/SSL server. showaudit / setaudit / viewaudit The showaudit(8) and setaudit(8) commands display and specify information such as which events can be subject for auditing. The system administrator can use the viewaudit(8) command to display audit records (audit trail).
Page 314: View Xscf Shell Error Messages
exit The exit(1) command ends the XSCF Shell. version The version(8) command displays the comprehensive firmware version (XCP version, see Note) of the XSCF firmware and POST/OpenBoot PROM firmware. The system administrator can display version information when upgrading firmware. Note – XCP: XSCF Control Package that includes the programs which control the hardware components making up a computer system.
Page 315: Xscf Mail Function
C H A P T E R XSCF Mail Function This chapter describes the XSCF mail function. Overview of XSCF Mail Function The mail report function, used by XSCF firmware to send messages to the administrator, has the following features: Notification by email of faults in system components monitored by the XSCF ■...
Page 316 outlines the XSCF mail function. FIGURE 6-1 XSCF Mail Function FIGURE 6-1 Mail server SMTP server / POP auth SMTP auth server server Authenti Via SMTP sever cation Internet XSCF Parts fault Unauthorized access System Mail terminal XSCF Email Notification Path The email notification path is described below.
Page 317: Setting Up The Mail Function
Parts Fault Notification XSCF monitors components (such as CPU modules, fan units, CPU/Memory Board unit) in the server. XSCF can notify the system administrator by email of any fault that occurs in these devices. shows mail being sent for parts fault notification to the system FIGURE 6-2 administrator.
Page 318 Reply address (from specification)—(See setsmtp(8)) Recipient address for mail for the system administrator—(See setemailreport(8)) 3. Enable the XSCF mail function. (See setemailreport(8)) 4. Send test mail. Test mail is automatically sent when the work for these mail settings is completed. If the email message sent as test mail is confirmed to have been received by the system administrator, it means that the correct settings have been made.
Page 319: Contents Of Parts Fault Notification
Contents of Parts Fault Notification This section explains the contents of the email messages sent for parts faults that occur. shows the contents of mail sent for a parts fault that occurred. FIGURE 6-3 Mail Sent for an XSCF Parts Fault That Occurred FIGURE 6-3 Date: Mon, 02 Jun 2003 14:03:16 +0900 From: XSCF <root@host-name.example.com>...
Page 320: Test Mail
MSG-ID: Message ID. Use the message ID for accessing the specified URL to ■ acquire detailed information on this problem. For the specified URL, see the Web site information about messages described in the Product Notes for your server. For the message ID, the following information can be confirmed at the Web site: Message type (Type) ■...
Page 321: Xscf Snmp Agent Function
C H A P T E R XSCF SNMP Agent Function This chapter explains the XSCF SNMP agent function. Overview of the XSCF SNMP Agent XSCF supports the Simple Network Management Protocol (SNMP) agent function.
Page 322 shows an example of a network management environment using SNMP. FIGURE 7-1 Example of a Network Management Environment FIGURE 7-1 SNMP SNMP is a protocol for managing networks. The SNMP manager consolidates management of the operating conditions of terminals and network problems. The SNMP agent responds with management information from the Management Information Base (MIB) to requests from the manager.
Page 323: Mib Definition File
MIB Definition File The SNMP agent responds with management information from the MIB information to requests from the manager. Standard MIB XSCF supports MIB-II (supports SNMPv2c and SNMPv3) and MIB-I (supports SNMPv1), which are Internet standards, to manage mainly the following information: Basic XSCF-LAN information (such as, administrator name) ■...
Page 324 The following shows data as an example of MIB management information. scfMachineType OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "System model name and model type name." ::= { scfInfo 1 } scfNumberOfCpu OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Number of CPUs"...
Page 325: About Trap
About Trap When an event occurs, the SNMP agent function notifies the SNMP manager of the event. This function is called a Trap (see ). The XSCF Trap covers the FIGURE 7-2 following events: 1. XSCF failover 2. Additions, removals, and replacements of a component such as a system board 3.
Page 326 TRAP agent:10.123.223.18 community:- generic:6 enterprise:enterprises.42.2.195.1.7 specific:1 timestamp:754201501 varbind:(enterprises.42.2.195.1.1.1.2.36.51.101.49.52.53.52.53.50.45.54.53.52. 57.45.52.97.55.101.45.57.97.99.52.45.49.100.55.52.98.101.49.57.53.98.56.52 [2 36 0] 3e145452-6549-4a7e-9ac4- 1d74be195b84)(enterprises.42.2.195.1.1.1.3.36.51.101.49.52.53.52.53.50.45.54.5 3.52.57.45.52.97.55.101.45.57.97.99.52.45.49.100.55.52.98.101.49.57.53.98.56.5 2 [2 11 0] FMD-8000- 11)(enterprises.42.2.195.1.1.1.4.36.51.101.49.52.53.52.53.50.45.54.53.52.57.45 .52.97.55.101.45.57.97.99.52.45.49.100.55.52.98.101.49.57.53.98.56.52 [2 54 0] http://xxxx.com/sparcenterprise/msg/FMD-8000-11) In the example above, the following items are displayed: agent-address: The IP address of the XSCF which sent trap. (TRAP agent) ■...
Page 327 is a conceptual diagram of issuance of a Trap. FIGURE 7-2 Trap Issuance FIGURE 7-2 System XSCF Trap issued XSCF SNMP agent function started System XSCF Unauthorized access to XSCF SNMP agent System SNMP manager XSCF Parts fault System XSCF Faulty part replaced System XSCF...
Page 328: Setting Up The Xscf Snmp Agent Function
Setting Up the XSCF SNMP Agent Function This section explains how to set up the XSCF SNMP agent function. The workflow is as described below. Perform each setup step with the setsnmp(8) command of the XSCF Shell. For details on setup, see Chapter Starting Transmission Step 1:...
Page 329 Community name ■ Port number of the trap destination ■ Host name of the trap destination ■ Step 3: ■ Enable the XSCF SNMP agent function. Enable one or both of the following, according to the user environment: SNMPv1 and SNMPv2c ■...
Page 330 Performing User Management (USM Management) and Management of the Access Control Views of the MIB Definition File (V ACM Management) Step 1: ■ Set, change, and delete user management information by performing the following operations individually: Specifying a user authentication algorithm ■...
Page 331: Upgrade Of Xscf Firmware And Maintenance
C H A P T E R Upgrade of XSCF Firmware and Maintenance This chapter explains how to update the firmware and how to collect log data. Update the XSCF Firmware This section explains firmware update functions and how to update the firmware. The firmware update work is performed by the system administrator or a field engineer.
Page 332: Flash Memory
is a conceptual diagram of the firmware update. FIGURE 8-1 Conceptual Diagram of the Firmware Update FIGURE 8-1 Web site CD-ROM, DVD-ROM, or flash drive Server Flash memories of CMUs/MBUs Flash memory of the XSCF PROM XCP data DomainID 0 PROM DomainID 1 PROM...
Page 333: Firmware Update Conditions And Environment
Note – The OpenBoot PROM firmware is applied by a domain reboot. In the M3000 server, this function updates the OpenBoot PROM firmware which is in the flash memory of the single MBU. And the number of domains to be updated is one. User Interfaces The following function is used for the firmware update: Firmware update using XSCF Web in a browser...
Page 334: Method Of Delivering Firmware
fieldeng ■ Firmware Update Environment The following environment is required for the firmware to update properly: The update is performed from a browser connected to the XSCF-LAN. ■ The update is performed after the domain console is switched to the XSCF Shell ■...
Page 335: Method Of Checking The Firmware Version
8.1.4 Method of Checking the Firmware Version The firmware version for this system is called the XCP version. Higher version numbers represent newer firmware. Before updating the firmware, be sure to check the XCP version in the current system. The following example shows a command that displays the XCP version: XSCF>...
Page 336: Three Steps Of The Firmware Update
8.1.5 Three Steps of the Firmware Update The firmware update for the server has three steps (XCP import, update, application) as explained below. 1. XCP import Storing the obtained XCP data in this system is called "XCP import." The system administrator or a field engineer obtains the XCP data files from the network or external media (CD-ROM, DVD-ROM, or flash drive), then he or she imports the data file using an XSCF console from a client (personal computer or workstation)
Page 337 Note – The update of the pool system board is completed at the following timing. - Using DR functions, when you configure the board into a domain, the board is automatically matched to the version of target domain. After rebooting the target domain, the board is updated to new firmware version.
Page 338: Features Of Xscf Firmware Update
8.1.6 Features of XSCF Firmware Update The firmware update that is managed by XSCF has the following features: New firmware for a domain can be updated without stopping the domain. To ■ update the OpenBoot PROM firmware, however, the target domain must be rebooted so that the firmware can be applied.
Page 339 describes the firmware update types and update times. TABLE 8-1 Firmware Update Types and Timing TABLE 8-1 Type Description Conditions Update Time Operator's update Imports XCP and updates The system power is off XCP update time the XSCF firmware and (input power is on and all (XCP update) OpenBoot PROM firmware...
Page 340: Firmware Update For Redundant Xscf Units
Note – (2) The replacement of the XSCF Unit and the version matching is performed by FEs. When both XSCF Units are replaced in the systems with redundant XSCF Units (the M8000/M9000 servers), or when in the M4000/M5000 servers, or when a Motherboard unit is replaced (an XSCF Unit is replaced) in the M3000 server, the firmware version cannot be automatically set to match the version of the replaced unit.
Page 341: Firmware Update Procedure
Making Versions Agree With Each Other XSCF automatically sets firmware versions to match each other as follows: When power to a domain is turned on, the versions on the system boards in the ■ domain are automatically set to match each other. When a system board is moved to a domain by the DR function, the version on ■...
Page 342 Firmware Update Tasks TABLE 8-2 Firmware Update Task Item Outline Task time Updating XCP From the Obtain the XCP files from the • In the system with a XSCF Network appropriate web site, and use XSCF to Unit; About 45 minutes import XCP.
Page 343 Firmware Update Tasks (Continued) TABLE 8-2 Firmware Update Task Item Outline Task time Confirming That the XSCF The firmware update is automatically About 5 minutes Firmware is Updated When an performed by using the maintenance (Excludes the time for component XSCF Unit Is Replaced (There guidance for FE.
Page 344 2. Confirm the XCP version. To confirm the XCP version, see the figure of a four-digit number that exists in the firmware program (tar.gz) file name. The latest XCP information is released on a web site. To obtain the URL of the web site, see the description of the firmware download in the Product Notes for your server.
Page 345 c. If complete message, "Download successful: ..." and "MD5: ..." are displayed, the XCP import has ended. Use the getflashimage(8) command with -l option to confirm the imported version. Note – After importing, if “Error: File is invalid or corrupt” message is displayed, it means the XCP file that imported is not a correct file.
Page 346 Note – If the "XCP update requires all domains to be rebooted (Previous OpenBoot PROM update has not been completed)" message is displayed, you cannot update the firmware because previous OpenBoot PROM firmware update has not been completed. Perform the firmware update again after rebooting all domains. c.
Page 347 Note – The display might be different according to XCP version and system configuration. At this time, the XSCF will reset and the XSCF session will disconnect, so please connect the XSCF again. Only the application of the XSCF firmware is completed.
Page 348 5. Confirm that the version of the system firmware that is running is that of the firmware applied at the XSCF Shell command line by using the version(8) command. Web browser operation ■ For information about using the XSCF Web, see Chapter 1.
Page 349 Note – In a system with redundant XSCF Units: i) Perform the firmware update in order, beginning with the standby side and then the active side automatically. After the update on the standby side is completed, the active and standby sides are switched. At this time, the XSCF reset is done and the XSCF session is disconnected.
Page 350 1. After a CMU/MBU addition or replacement task and an allocation to a domain have completed, turn on power to the domain. The update of the OpenBoot PROM firmware is automatically performed at this time (automatic matching of versions). 2. Confirm that the firmware version of the target domain agrees with the version of the XSB firmware allocated to the added or replacement CMU/MBU.
Page 351 1. Turn on power to the server after completing XSCF Unit replacement task. 2. If the replacement unit and the replaced unit have different versions, a message is displayed such as the following. XCP version of Panel EEPROM and XSCF FMEM mismatched, Panel EEPROM=1080, XSCF FMEM=1090 3.
Page 352 Confirming That the XSCF Firmware Is Updated When the XSCF Unit Is Replaced (in a System With a Single XSCF Unit or Both Replacement in a System With Redundant XSCF Units) 1. Turn on power to the server after completing the XSCF Unit replacement task. 2.
Page 353: If An Error Occurs During Xscf Firmware Update
8.1.11 If an Error Occurs During XSCF Firmware Update If the system hangs or any of the messages shown below is output during the firmware update, the XSCF Unit on the faulty side cannot be used and is treated as a faulty component.
Page 354: Collecting Xscf Logs
Collecting XSCF Logs Log information for the XSCF firmware is used for investigating hardware or firmware faults. XSCF log information can be viewed by the system administrator, domain administrators, and FEs. 8.2.1 Log Types and Reference Commands You can view XSCF log information from the XSCF console after logging in to XSCF. When the log archiving function is enabled, logs are stored on the archive host (see Section 8.2.2, “Method of Collecting the Log Information”...
Page 355 Logs Containing Fault Information If a failure occurs in the system, the system and XSCF collects some fault information logs. lists the types of logs that are collected, descriptions, and TABLE 8-3 reference methods. For details on commands, see the XSCF Reference Manual and the man page.
Page 356 Other Logs outlines other logs collected for XSCF log information. TABLE 8-4 Other Logs TABLE 8-4 Standard Size Storage Period Type Description (Entry Size) Archiving Reference Method Power log Log for recording power events of 1920 generations About 1 month •...
Page 357: Method Of Collecting The Log Information
Other Logs (Continued) TABLE 8-4 Standard Size Storage Period Type Description (Entry Size) Archiving Reference Method LDAP/SSL Log for LDAP/SSL authentication 250KB Not Archived • showldapss and authorization diagnostic (About 3000 messages lines) • XSCF Web Temperature Log containing a history of the 16384 About 6 months •...
Page 358 The configuration information can be saved and restored when a USB device has ■ been connected to the USB connector mounted on the XSCF Unit front panel of the M4000/M5000/M8000/M9000 servers or on the rear panel of the M3000 server. The log data is transmitted through the network with an encryption protocol.
Page 359 The following is the procedure for saving logs. Saving the Logs by Connecting the USB Device for Exclusive Use to the Front Panel of the XSCF Unit Web browser operation ■ 1. Select the snapshot (Note) menu for saves of the logs menu and display the saving operation page.
Page 360 3. Execute the data transfer. When the data transfer is complete, please contact authorized service personnel. Command operation ■ 1. Perform the snapshot(8) command using a public key, specifying the target directory, and specifying the encryption password for the output file. XSCF>...
Page 361: How To Use The Xscf Web
C H A P T E R How to Use the XSCF Web This chapter describes how to use the XSCF Web. Overview of the XSCF Web The XSCF Web uses https and the SSL/TLS protocols for connection to the server connected to a user network and for web-based support of server status display, server operation control, and configuration information display.
Page 362 outlines each page. TABLE 9-1 XSCF Web Pages TABLE 9-1 Basic Page Description Login page XSCF Web console login page. Log in with an XSCF user account from the login page. Masthead frame The page on the upper part of the screen. The masthead frame displays the user account name specified at login, the connected host name, and so on.
Page 363 The following figures show examples of these pages in a web browser. shows an e xample of the Login page. FIGURE 9-1 Example of the Login Page FIGURE 9-1 Chapter 9 How to Use the XSCF Web...
Page 364 shows an example of the Tree frame. FIGURE 9-2 Example of the Tree Frame FIGURE 9-2 SPARC Enterprise Mx000 Servers XSCF User’s Guide • January 2012...
Page 365: Start The Xscf Web
shows an example of the Tree frame and main page. FIGURE 9-3 Example of the Tree Frame and Main Page FIGURE 9-3 Note – Screen layouts and displays are provided as image examples, and they may be changed to improve functionality. The screen displays shown may also depend on the model and other conditions.
Page 366: Prerequisites
9.2.1 Prerequisites Some settings are disabled in the initial settings of the XSCF Web. To use this function, advance configuration is required as follows: Create an XSCF user account. ■ Enable https at the https setting to use the XSCF Web. ■...
Page 367: Specifying The Url
9.2.4 Specifying the URL When specifying the URL, specify the IP address configured with XSCF or the XSCF host name as the root directory. Example: URL https://192.168.111.111/ (Note: The IP address of XSCF is input by number) Alternatively, https://XSCF-host-name/ (Note: Not the host name of a domain) Note –...
Page 368: Logging Out From Xscf
The authentication timeout setting can be changed. The authentication timeout is 10 minutes by default. The monitoring interval ranges from 1 to 255 minutes. You can set the monitoring interval ranges at the [Menu]-[Settings]-[Autologout] page. 9.3.3 Logging Out From XSCF To exit the XSCF Web, log out by selecting "logout"...
Page 369: Xscf Web Pages
XSCF Web Pages This section describes the configuration of pages available with the XSCF Web console. Menu and page configuration are described below. • Menu tree When you select an item on the menu, the target page is displayed on the main page. + XSCF Pages, which are the system/domain state + Status...
Page 370 (Continued) + Utility - Firmware Update - Switch Over - Reboot XSCF + Logs - Error Log - Power Log - Event Log - Console Log - Panic Log - Environment Log - IPL Message Log - Monitor Message Log - Audit Log - Active Directory Log - LDAP/SSL Log...
Page 371: Displaying System Status
Displaying System Status lists the functions for displaying the status of the entire system. Select TABLE 9-3 [Status]-[System Status] in the Menu tree. System Status Display TABLE 9-3 Function Remarks Mode switch display Displays the mode switch status of the operator panel.
Page 372 lists the functions for displaying the status of a domain. Select TABLE 9-4 [Status]-[Domain Status] in the Menu tree. Domain Status Display TABLE 9-4 Function Remarks Domain configuration information display Displays the XSB number corresponding to each LSB number of each domain in the form of a table. Note - In the M3000 server, this function does not display the table of the corresponding XSB and LSB, but displays the detail information which is...
Page 373 System and Domain Operation lists the function used for the system as a whole and individual domains. TABLE 9-6 Select [Operation]-[Domain Operation]-[Domain Power] in the Menu tree. System and Domain Operation TABLE 9-6 Function Remarks System power on/off Specifies the system power on/off. This function is equivalent to the poweron(8) / poweroff(8) commands.
Page 374 lists the functions used for System board configuration. Select TABLE 9-8 [Operation]-[Domain Configuration]-[System Board Configuration] in the Menu tree. System Board Configuration TABLE 9-8 Function Remarks System board configuration information display Displays the XSB division information, the XSB number, and the memory mirror information for each PSB in the form of table.
Page 375 lists the functions for the domain configuration. Select TABLE 9-9 [Operation]-[Domain Configuration]-[Domain Configuration] in the Menu tree. Domain Configuration TABLE 9-9 Function Remarks Domain configuration information display (DCL) Displays the DCL information for a system board in the specified domain, and sets the configuration policy for the domain.
Page 376 Setting System lists the functions for the network configuration of XSCF. Select TABLE 9-10 [Settings]-[Network]-[Current] or [Settings]-[Network]-[Reserve] in the Menu tree. You can make the network configuration from both [Current] and [Reserve] menus. The [Current] menu displays the XSCF network information which is running on the server, and the [Reserve] menu can be used to confirm the data you configured.
Page 377 Network Configuration (2 of 2) TABLE 9-10 Menu Function Remarks Reserve XSCF network configuration information Displays the XSCF network configuration display and configuration information. This function is equivalent to the applynetwork(8) command. Also, this function sets each host name, domain name, IP address, netmask, and enabling/disabling of the XSCF network interface.
Page 378 Note – The IP packet filtering rules cannot be set and displayed through the XSCF Web. Set and display the filtering rules by using the setpacketfilters(8) and showpacketfilters(8) commands. 9-18 SPARC Enterprise Mx000 Servers XSCF User’s Guide • January 2012...
Page 379 lists the functions for setting the XSCF time. Select [Settings]-[Time] in the TABLE 9-11 Menu tree. Time Settings TABLE 9-11 Function Remarks System time display and setting Displays and sets the current system time. This function is equivalent to the applynetwork(8) and rebootxscf(8) commands.
Page 380 lists the functions for configuring LDAP. Select [Settings]-[LDAP] in the TABLE 9-13 Menu tree. LDAP Configuration TABLE 9-13 Function Remarks LDAP server display and registration Displays and configures the LDAP server when XSCF is as an LDAP client. This function is equivalent to the showldap(8) and setldap(8) commands.
Page 381 lists the functions for configuring LDAP/SSL. Select TABLE 9-14 [Settings]-[LDAP/SSL] in the Menu tree. LDAP/SSL Configuration TABLE 9-14 Function Remarks LDAP/SSL server display and configuration When XSCF is as an LDAP/SSL client, enable and disable the LDAP/SSL. Displays and configures an LDAP/SSL server, modes, timeout piriod, log, default settings, and so on.
Page 382 lists the functions for configuring Active Directory. Select TABLE 9-15 [Settings]-[Active Directory] in the Menu tree. Active Directory Configuration TABLE 9-15 Function Remarks Active Directory Active Directory server display and configuration When XSCF is as an client, Active Directory enable and disable the .
Page 383 lists the functions for configuring XSCF user management. Select TABLE 9-16 [Settings]-[User Manager] in the Menu tree. User Management Configuration TABLE 9-16 Function Remarks User accounts list display Displays user accounts information and the state being registered now. The useradm privilege is required.
Page 384 lists the functions for configuring XSCF audit. Select [Settings]-[Audit] in TABLE 9-17 the Menu tree. Audit Configuration TABLE 9-17 Function Remarks Audit enabling and disabling Enable and disable the auditing. This function is equivalent to the setaudit(8) command. Request the archive and data deletion Request the log archive for the audit trail.
Page 385 Mail Configuration (SMTP) TABLE 9-18 Function Remarks SMTP server display and configuration Displays SMTP server setting information. Sets the host name and the port number of the SMTP server. These functions are equivalent to the showamtp(8) and setsmtp(8) commands. Authentication server display and configuration When you enable the Authentication, displays and specifies the authentication mechanism and authentication server.
Page 386 SNMP Configuration TABLE 9-20 Function Remarks Agent display and configuration Enables and disables the SNMPv1v2c or SNMPv3 agent, sets the system management information, and selects the MIB module. This functions is equivalent to the showsnmp(8) and setsnmp(8) commands. Notification destination server display and setting Displays and sets the trap host for SNMPv1v2c or SNMPv3.
Page 387 lists the functions for configuring security access for SNMPv3. Select TABLE 9-21 [Settings]-[SNMP Security] in the Menu tree. SNMP Configuration (Security Access) TABLE 9-21 Function Remarks USM management information display and setting Displays and sets the USM management information for SNMPv3. This function is equivalent to the showsnmpusm(8) and setsnmpusm(8) commands.
Page 388 For COD settings and command information, see the COD User’s Guide and the XSCF Reference Manual. Note – In the M3000 server, this function is not available. lists the functions for configuring Sun Management Center agent. Select TABLE 9-23 [Setting]-[Sun MC] in the Menu tree. Sun Management Center Agent Configuration TABLE 9-23 Function...
Page 389 lists the functions for the firmware update. Select [Utility]-[Firmware TABLE 9-25 Update] in the Menu tree. Firmware Updating TABLE 9-25 Function Remarks XCP version display Displays the XCP version. This function is equivalent to the version(8) command. XSCF/OpenBoot PROM version display Displays the XSCF firmware and the OpenBoot PROM firmware versions.
Page 390 Logs lists the functions for referring and saving each log. Select [Logs] in the TABLE 9-26 Menu Tree, and select a target log. Log Collection TABLE 9-26 Function Remarks Error log display Display the error log. Also, you can search the logs. This function is equivalent to the error option of the showlogs(8) command.
Page 391: Component Information
Log Collection (Continued) TABLE 9-26 Function Remarks LDAP/SSL log display Display the LDAP/SSL log. This function is equivalent to the log option of the showldapssl(8) command. Snapshot (or Data Collector) Collects the log. This function is equivalent to the snapshot(8) command. COD log display Display the COD log.
Page 392: Xscf Web Error Messages
XSCF Web Error Messages lists the typical messages category from the XSCF Web. Moreover, in each TABLE 9-27 category, detailed messages are displayed. Also, the message from XSCF Web is almost the same as the error message of the XSCF Shell command. For typical messages from the XSCF Shell command, see Chapter Error Messages of XSCF Web TABLE 9-27...
Page 393: Warning And Information Messages
A P P E N D I X Warning and Information Messages This appendix explains the XSCF fault and informational messages output during the operation with the console, mail, or SNMP function of the server. Message Types syslog message ■ The Oracle Solaris OS outputs this message to the domain console.
Page 394 Panic message ■ This message is output in case of panic. The panic message is output to the domain console and retained as log information in the XSCF. The panic log retains the information corresponding to the last single panic event that occurred. The showlogs(8) command of XSCF can be used to display the panic log.
Page 395: Messages In Each Function
Messages in Each Function This section explains each Oracle Solaris OS and XSCF function by which the user can recognize status notification or fault information in the server, including messages. Recognizing Status Notification or Fault Information by a Message on the Domain Console 1.
Page 396 3. The contents of notification or fault information can be confirmed by accessing the specified URL according to the message ID (SUNW-MSG-ID) displayed on the domain console. If no message ID (MSG-ID) is found, acquire detailed information from the syslog information. 4.
Page 397 Recognizing Status Notification or Fault Information in a Monitoring Message on the XSCF Shell Terminal 1. The user recognizes status notification or fault information in a XSCF monitoring message output by using showmonitorlog(8) comannd. The following shows an example of the XSCF monitoring message. Jun 16 12:20:37 JST 2005 FF2-5-0:Alarm:/CMU#0/CPU#0:XSCF:Uncorrectable error ( 80006000-20010000-0108000112345678) (The example is subject to change without previous notice for functional...
Page 398 SPARC Enterprise Mx000 Servers XSCF User’s Guide • January 2012...
Page 399: Xscf Log Information
A P P E N D I X XSCF Log Information This appendix explains the following XSCF log information that can be referenced using the XSCF Shell showlogs(8) command on the XSCF console. The log types that can be referenced by the showlogs(8) command are shown below.
Page 400 ■ fmdump(8) The showlogs(8) error option displays fault information in a format specific to the platform. Conversely, the fmdump command displays fault information in a format compatible with the Oracle Solaris OS. This latter command is provided for users who are familiar with the Oracle Solaris OS. When the log is referenced by these two commands, there is a difference in display format but little difference in the information.
Page 401 Alarm: The relevant component failed. Warning: Some subcomponents in the relevant component failed or degraded. Information: Notification. Notice: System state notification. Time at which each problem occurred (Occurred). This is indicated in local time. ■ Replacement component (FRU) that is probably faulty. A comma (,) separates two ■...
Page 402 The above indicates the following: CMU#0/MEM#02A-02B was detected as the suspect component, and memory slot No.02A and No.02B of CMU 0 are problematic. It may be necessary to replace the memory as pairs in memory slots No.02A and No.02B as circumstances require. One-row message to indicate an outline of the problem (Msg).
Page 403: Power Log
Time at which the problem was registered in the log (TIME). ■ Universal Unique Identifier that can be used to uniquely identify the problem in ■ an optional system set (UUID) Message ID (MSG-ID) that can be used to access the corresponding description of ■...
Page 404 <Example 1> Power logs are displayed as a list. XSCF> showlogs power Date Event Cause Switch Mar 30 17:25:31 JST 2005 System Power Off Pow.Fail/Recov.-- Service Mar 30 17:35:31 JST 2005 System Power On Pow.Fail/Recov.-- Locked Mar 30 17:45:31 JST 2005 Domain Power Off Operator Locked...
Page 405: Event Log
Panel: Operating a switch on the operator panel caused a power event. Scheduled: Setting the TOD timer caused a power event. RCI: The I/O device connected to the RCI caused a power event. Pow.Fail/Recov.: Power recovery turned on the power supply. Operator: An operator's instruction caused a power event.
Page 406: Using The Showlogs Command To Display Other Logs
<Example> XSCF event logs are displayed as a list. XSCF> showlogs event Date Message Mar 30 17:45:31 JST 2005 System power on Mar 30 17:55:31 JST 2005 System power off (The example is subject to change without previous notice for functional improvement.) In the example above, the following items are displayed: Time at which each event log was gathered (Date).
Page 407: Temperature And Humidity History Log
B.4.2 Temperature and Humidity History Log Using the showlogs(8) Command to Reference Temperature and Humidity History Logs The XSCF firmware collects the environment and temperature and humidity history regarding the server in a temperature and humidity log. The temperature and humidity history log is displayed at ten-minute intervals.
Page 408: Panic Log
B.4.4 Panic Log Using the showlogs(8) Command to Reference Panic Logs In case of panic, a console message is output to the domain console. This console message is collected by the XSCF firmware in a panic log. In some cases, panic logs may be called panic message logs.
Page 409 Using the viewaudit(8) Command to Confirm the Audit Trail ● Perform the viewaudit(8) command on the XSCF Shell. <Example> Display all audit records. XSCF> viewaudit file,1,2006-04-26 21:37:25.626 +00:00,20060426213725.0000000000.SCF-4-0 header,20,1,audit - start,0.0.0.0,2006-04-26 21:37:25.660 +00:00 header,43,1,authenticate,0.0.0.0,2006-04-26 22:01:28.902 +00:00 authentication,failure,,unknown user,telnet 27652 0.0.197.33 header,37,1,login - telnet,0.0.0.0,2006-04-26 22:02:26.459 +00:00 subject,1,opl,normal,telnet 50466 10.18.108.4 header,78,1,command - setprivileges,0.0.0.0,2006-04-26...
Page 410 Return Token ■ Label, return value Text Token ■ Label, text string Note – Some fields might not be output according to the environment. The following lists the principal audit events and Tokens: Login telnet ■ header subject text return Login SSH ■...
Page 411: Active Directory Log
Active Directory Log This section explains how to reference the Active Directory logs by using the showad(8) command. For details of each log option of showad(8), see the XSCF Reference Manual or the main page. See for the size and generation number TABLE 8-3 of each log.
Page 412: Cod Activation Log
Console message ■ COD Activation Log When an addition and a deletion of COD hardware activation permit occurs in the server, the XSCF firmware collects an COD activation log. Specify the log option on the XSCF Shell and perform the showcodactivationhistory(8) command to reference COD activation logs.
Page 413: Xscf Mib
A P P E N D I X XSCF MIB This appendix explains the XSCF Management Information Base (MIB), which is supported by the XSCF SNMP agent function. MIB Object Identifiers below explains the MIB object identifiers supported by the XSCF. TABLE C-1 MIB Object Identifiers TABLE C-1...
Page 414 OBJECT IDENTIFIER ::= { private 1 } fujitsu OBJECT IDENTIFIER ::= { enterprises 211 } product OBJECT IDENTIFIER ::= { fujitsu 1 } solaris OBJECT IDENTIFIER ::= { product 15 } sparcEnterprise OBJECT IDENTIFIER ::= { solaris 3 } oplSpMIB...
Page 415: Standard Mib
MIB Object Identifiers (Continued) TABLE C-1 scfMIBObjectGroups OBJECT IDENTIFIER ::= { scfMIBGroups 1 } scfMIBNotifGroups OBJECT IDENTIFIER ::= { scfMIBGroups 2 } Standard MIB The standard MIB supported by the XSCF conforms to the following RFC (Note). For the standard MIB definition file, see the general RFC document. MIB II RFC1213 User-based Security Model (USM)
Page 416 Note – In the M3000/M4000/M5000/M8000/M9000 servers, information has been added, such as power consumption and exhaust air. If you install a new server, reinstall the XSCF extension MIB definition file to the SNMP manager. For specific information about power consumption and exhaust air, see the latest version of the Product Notes (no earlier than the XCP 1080 edition) for your server.
Page 417: Trap
11. scfIoBoxInfo group This group provides information for the External I/O Expansion Unit (IOBOX) that is attached to the system and the components which make it up. The components include I/O boats, Link Cards, and Power Supplies/Fans. For details about these components, see the Service Manual for your server. 12.
Page 418 SPARC Enterprise Mx000 Servers XSCF User’s Guide • January 2012...
Page 419: Troubleshooting
A P P E N D I X Troubleshooting This chapter describes problems that can occur during use of the XSCF console or during the operation of the system and provides solutions for them. Troubleshooting XSCF and FAQ This section describes problems that may occur during the use of XSCF and provides solutions for the problems.
Page 420 Could Not Connect to XSCF Through the Serial Port Check the connection between the terminal software and the serial port. ■ Check the settings of the terminal software (baud rate is set to 9600 bps, delay is ■ set to 0, etc.). For information about the settings, see "Connecting to XSCF via the serial port"...
Page 421 Do Not Know the IP Address of XSCF Use the shownetwork(8) command to check the current network configuration. If ■ it has not yet been set, ask the network administrator to check the setting. If necessary, use the console on the personal computer that is directly connected ■...
Page 422 A Mail Report Was Not Received From XSCF XSCF does not necessarily report all events. It sends a mail message for each part ■ fault or authentication failure event. Check for the relevant event in the error log, or use the reference for event logs in Appendix B to check whether this is an event in an event log to be reported.
Page 423 Web Pages of the XSCF Web Function are not Displayed Correctly Some versions of web browsers do not display the windows correctly. See ■ "Supported browsers" in Chapter 9, and update your browser to the latest version. Alert Message is Displayed in XSCF Web Please confirm the content of the security alert message and stop the use of XSCF ■...
Page 424 Method 1. Press and hold down the POWER switch on the operator panel of the main unit for four seconds. Method 2. Execute the poweroff(8) command from the XSCF Shell. Q. What kind of processing is executed by XSCF from the time that input power to the main unit is turned on until the Oracle Solaris OS starts? A.
Page 425 Note – The above examples vary depending on the client software on the terminal. Q. What is the relationship between the XSCF error log and error information in the MIB file? A. Error information reflected in the MIB file is the latest log data of XSCF. Troubleshooting the Server While XSCF Is Being Used This section describes how to effectively use XSCF in case the main unit is not...
Page 426 Use the following commands to check the events that occurred at the time the problem occurred: showlogs error ■ showlogs event ■ showlogs power ■ showlogs monitor ■ showlogs console ■ fmdump ■ If you find an error, see Appendix B in this manual for the corrective action.
Page 427 A P P E N D I X Software License Conditions Some of the software functions explained in this manual are licensed under public licenses (GNU Public License (GPL), GNU Lesser Public License (LGPL), and others). This appendix lists these public licenses and conditions.
Page 428 GNU GENERAL PUBLIC LICENSE Version 2, June 1991 a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. Copyright (C) 1989, 1991 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA b) You must cause any work that you distribute or publish, that in whole Everyone is permitted to copy and distribute verbatim copies of this...
Page 429 END OF TERMS AND CONDITIONS 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original Appendix: How to Apply These Terms to Your New Programs licensor to copy, distribute or modify the Program subject to these terms and conditions.
Page 430 When we speak of free software, we are referring to freedom of use, not 0. This License Agreement applies to any software library or other price. Our General Public Licenses are designed to make sure that you program which contains a notice placed by the copyright holder or other have the freedom to distribute copies of free software (and charge for authorized party saying it may be distributed under the terms of this this service if you wish);...
Page 431 will operate properly with a modified version of the library, if 3. You may opt to apply the terms of the ordinary GNU General Public the user installs one, as long as the modified version is License instead of this License to a given copy of the Library. To do interface-compatible with the version that the work was made with.
Page 432 of software distributed through that system in reliance on consistent You should have received a copy of the GNU Lesser General Public application of that system; it is up to the author/donor to decide if he License along with this library; if not, write to the Free Software or she is willing to distribute software through any other system and a Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110- licensee cannot impose that choice.
Page 433 notice, this list of conditions and the following disclaimer. * Here is the statement of the license: * 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the * This software is provided 'as-is', without any express or implied documentation and/or other materials provided with the distribution.
Page 434 Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd and Clark Cooper "Reasonable copying fee" is whatever you can justify on the basis of media cost, duplication charges, time of people involved, and so on. (You will Permission is hereby granted, free of charge, to any person obtaining a not be required to justify it to the Copyright Holder, but only to the copy of this software and associated documentation files (the "Software"), computing community at large as a market that must bear the fee.)
Page 435 4) Exclusions From License Grant. Nothing in this License shall be deemed * 1. Redistributions of source code must retain the above copyright to grant any rights to trademarks, copyrights, patents, trade secrets or notice, this any other intellectual property of Licensor except as expressly stated list of conditions and the following disclaimer.
Page 436 Miscellaneous. This License represents complete agreement concerning the subject matter hereof. If any provision of this License is "Contribution" shall mean any work of authorship, including the original held to be unenforceable, such provision shall be reformed only to the version of the Work and any modifications or additions to that Work or extent necessary to make it enforceable.
Page 437 6. Trademarks. This License does not grant permission to use the trade * This software is not subject to any license of the American Telephone names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of * Telegraph Company or of the Regents of the University of California.
Page 438 PCRE software which distribute others, commercially * Copyright (c) 1991 Bell Communications Research, Inc. (Bellcore) otherwise, you must put a sentence like this * Permission to use, copy, modify, and distribute this material for any Regular expression support is provided by the PCRE library package, which purpose is open source software, written by Philip Hazel, and copyright by the * and without fee is hereby granted, provided...
Page 439 2. Redistributions in binary form must reproduce all prior and current copyright notices, this list of conditions, and the following disclaimer ---- Part 2: Networks Associates Technology, Inc copyright notice (BSD) - documentation and/or other materials provided with ---- distribution. Copyright (c) 2001-2003, Networks Associates Technology, Inc All rights 3.
Page 440 Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Copyright (c) David L. Mills 1992-2003 Neither the name of the Sun Microsystems, Inc. nor the names of its contributors may be used to endorse or promote products derived from this * Permission to use, copy, modify, and distribute this software and software without specific prior written permission.
Page 441 [However, none of that term is relevant at this point in time. of these restrictively licenced software components which he talks about * This code is hereby placed in the public domain. have been removed from OpenSSH, i.e., * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY - RSA is no longer included, found in the OpenSSL library * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, - IDEA is no longer included, its use is deprecated...
Page 442 * 4. If you include any Windows specific code (or a derivative thereof) * 2. Redistributions in binary form must reproduce the above copyright from notice, this list of conditions and the following disclaimer in the apps directory (application code) must include * documentation and/or other materials provided with the distribution.
Page 443 [C] The Regents of the University of Michigan and Merit Network, Inc. 1992, ---- 1993, 1994, 1995 All Rights Reserved * Copyright (c) 1990 The Regents of the University of California. Permission to use, copy, modify, and distribute this software and its * All rights reserved.
Page 444 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL Copyright 2001 by Steve Grubb * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR This is an exerpt from an email I recieved from the original author, * PROFITS;...
Page 445 Index Audit policy 2-121 Adding or deleting a user account and specifying a specifying, 2-39 2-116 password, Audit record, Administration 2-117 Audit token, 2-185 altitude, 2-117 Audit trail, 2-116 audit, Automatic boot function 2-109 https, 2-181 enabling or disabling, 2-184 locale, 2-123 log archiving,...
Page 446 2-173 Domain Time domain mode, 2-100 2-16 setting to XSCF time, network, 4-22 2-170 Dual power feed, system board, 2-186 2-95 DVD drive/tape drive unit administration, Configuring an NTP server, Configuring IP Packet Filtering Rules for XSCF 2-31 Network, Enabling or disabling 2-28 Configuring XSCF routing, 2-24...
Page 447 Installing and Uninstalling an ssh user public 2-170 Memory mirror mode, 2-107 key, Message types, Messages in functions, 2-43 2-48 2-70 LDAP, information, Locale monitoring, 2-184 setting, types, 2-184 Locale Administration, warning, B-10 audit, definition file, B-10 B-12 B-13 confirm the audit trail, extended, console, object identifiers,...
Page 448 2-41 Specifying a password policy, 2-43 2-48 2-70 2-92 Security administration, Specifying a time zone, 5-16 2-40 Security commands, Specifying a user privilege, Server 2-106 Specifying an ssh host key, 5-10 5-12 configuration, Specifying or Canceling prefer for NTP Server, 5-10 control, 5-10...
Page 449 Administration Redundant XSCFs, 2-35 2-28 user account, routing, 5-16 User management commands, SNMP agent, User privilege 2-27 specifying a host name, 2-40 specifying, 4-26 standby XSCF, 2-137 USM management information, telnet connection, terminal operating modes, TRAP, 2-138 VACM management information, troubleshooting, XSCF command shell, Web server certificate...
Page 450 Index-6 SPARC Enterprise Mx000 Servers XSCF User’s Guide • January 2012...

This manual is also suitable for:

Sparc enterprise m5000 Sparc enterprise m4000 Sparc enterprise m8000 Sparc enterprise m9000 Sparc enterprise m3000

Fujitsu SPARC EnterpriseM3000 User Manual

Preface

1 XSCF Overview

2 Setting up XSCF

3 Connecting to the XSCF and the Server

4 Operation of the Server

5 Overview of the XSCF Shell

6 XSCF Mail Function

7 XSCF SNMP Agent Function

8 Upgrade of XSCF Firmware and Maintenance

9 How to Use the XSCF Web

Warning and Information Messages

XSCF Log Information

Xscf Mib

Troubleshooting

Quick Links

Related Manuals for Fujitsu SPARC EnterpriseM3000

Summary of Contents for Fujitsu SPARC EnterpriseM3000