User Interfaces For Onboard Administrator; Security; Role-Based User Accounts - HP BladeSystem c3000 Manual

service port that allows users to temporarily connect a laptop PC to any of the linked enclosure
Onboard Administrators for local diagnostics and debugging.
Updating firmware
The Onboard Administrator manages firmware updates for the enclosure's management devices.
Updating firmware, including server BIOS firmware, NIC and mezzanine BIOS firmware, and iLO 2
firmware, is possible using HP System Update Manager or the blade firmware update maintenance
CD. These utilities can be connected to all the server blades in the enclosure using the Onboard
Administrator enclosure DVD feature. When the active Onboard Administrator detects that an external
USB DVD drive is installed in the internal DVD option or plugged into the USB port, it scans the DVD
drive for a CD or DVD disk. This disk can then be connected to one or more server blades using the
Onboard Administrator GUI, CLI, or Insight Display.

User interfaces for Onboard Administrator

Three user interfaces to the Onboard Administrator allow control and provide information about the
enclosure and installed components:
• Web browser GUI
• Scriptable OA CLI with optional KVM Module to access OA CLI
• Insight Display diagnostic LCD panel
Remote network access to the Onboard Administrator GUI and CLI is available through the
management Ethernet port. The Onboard Administrator serial port is available for local CLI access
and Onboard Administrator flash recovery. The c-Class enclosure link-up port is also available as the
service port for temporary local Ethernet access to the Onboard Administrators and devices in linked
enclosures.
Insight Display is accessed directly through the buttons on the display or remotely through the
Onboard Administrator GUI. The Optional KVM Module provides access to the Onboard
Administrator CLI through the external VGA monitor and USB keyboard.

Security

Security is maintained for all user interfaces through user authentication. User accounts created in the
Onboard Administrator define three user privilege levels and the component bays to which each level
is granted access. The Onboard Administrator stores the passwords for local user accounts and can
be configured to use Lightweight Directory Access Protocol (LDAP) authentication for user group
accounts. The Insight Display can be protected by an LCD PIN code or completely disabled. The
Optional KVM Module protects against changes to server power or enclosure DVD connection using
the LCD PIN code. Use of the KVM Module to access server consoles is protected by server operating
system username/passwords.

Role-based user accounts

The Onboard Administrator provides configurable user accounts that can provide complete isolation
of multiple administrative roles such as server, LAN and SAN. User accounts are configured with
specific device bay or interconnect bay permissions and one of three privilege levels: administrator,
operator, or user. An account with administrator privileges including Onboard Administrator bay
permission can create or edit all user accounts retained in an enclosure. Operator privileges allow full
information access and control of permitted bays. User privileges allow information access but no
control capability.
The Onboard Administrator requires user login to the web GUI or CLI with an account and password.
The account can be a local account where the password is stored on the Onboard Administrator, or
an LDAP account, where the Onboard Administrator contacts the defined LDAP server to check the
8