Huawei FusionServer IBMC Software White Paper

HUAWEI Server iBMC Intelligent Management
System
White Paper V1.1

Issue
02
Date
2015-02-13
HUAWEI TECHNOLOGIES CO., LTD.
Copyright Huawei Technologies Co., Ltd. 2015. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address:
Huawei Industrial Base

Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website:
http://www.huawei.com
Email:
support@huawei.com
Issue 02 (2015-02-13)
Huawei Proprietary and Confidential

Copyright Huawei Technologies Co., Ltd.
HUAWEI Server iBMC Intelligent Management System

White Paper V1.1
Contents
Contents
1 Overview.........................................................................................................................................1
1.1 Introduction to iBMC.....................................................................................................................................................2
1.2 System Design................................................................................................................................................................3
2 Functions.........................................................................................................................................4
2.1 Various Management Interfaces.....................................................................................................................................6
2.1.1 Standard IPMI 1.5 or IPMI 2.0 Interface.....................................................................................................................6
2.1.2 CLI...............................................................................................................................................................................8
2.1.3 HTTPS Interface..........................................................................................................................................................9
2.1.4 SNMP Interface.........................................................................................................................................................10
2.2 Fault Detection and Alarm Management......................................................................................................................12
2.2.1 Fault Detection..........................................................................................................................................................12
2.2.2 System Running Recorder.........................................................................................................................................12
2.2.3 Startup Self-Check Code...........................................................................................................................................13
2.2.4 Event Management....................................................................................................................................................14
2.2.5 Fault Reporting..........................................................................................................................................................15
2.3 Virtual KVM and Virtual Media..................................................................................................................................16
2.3.1 Virtual KVM..............................................................................................................................................................17
2.3.2 Virtual Media.............................................................................................................................................................18
2.4 HTTPS-based Visualization Management Interface....................................................................................................20
2.4.1 Viewing System Information.....................................................................................................................................20
2.4.2 Querying System Information...................................................................................................................................21
2.4.3 Real-Time Monitoring...............................................................................................................................................22
2.4.4 Device Location.........................................................................................................................................................25
2.5 Breakdown Screenshot and Breakdown Video............................................................................................................25
2.5.1 Breakdown Screenshot..............................................................................................................................................25
2.5.2 Breakdown Video......................................................................................................................................................26
2.6 Screen Snapshot and Screen Video..............................................................................................................................27
2.6.1 Screen Snapshot.........................................................................................................................................................27
2.6.2 Screen Video..............................................................................................................................................................29
2.7 Domain Management and Directory Service...............................................................................................................30
2.7.1 Domain Management................................................................................................................................................30
2.7.2 Directory Service.......................................................................................................................................................31
Issue 02 (2015-02-13)

ii

White Paper V1.1
Contents
2.8 Firmware Management.................................................................................................................................................34

2.8.1 Firmware Dual-image Backup...................................................................................................................................34
2.8.2 Firmware Upgrade.....................................................................................................................................................34
2.9 Intelligent Power Management.....................................................................................................................................35
2.9.1 Power Control............................................................................................................................................................35
2.9.2 Power Capping..........................................................................................................................................................36
2.9.3 Power Statistics and Power History Line..................................................................................................................37
2.10 SOL and System Serial Port Running Information Record........................................................................................38
2.10.1 SOL..........................................................................................................................................................................38
2.10.2 Recording System Serial Port Information..............................................................................................................38
2.11 Security Management.................................................................................................................................................39
2.11.1 Scenario-based Login Restriction............................................................................................................................39
2.11.2 Account Security.....................................................................................................................................................40
2.11.3 SSL Certificate Management...................................................................................................................................41
2.11.4 Service Management...............................................................................................................................................42
2.11.5 Operation Log Management....................................................................................................................................43
2.11.6 Enhanced Encryption Algorithm.............................................................................................................................44
2.11.7 Hardware Encryption...............................................................................................................................................45
2.12 Access Management...................................................................................................................................................45
2.12.1 Management Network Port Auto-Adaptation..........................................................................................................45
2.12.2 NC-SI.......................................................................................................................................................................46
2.12.3 IPv6..........................................................................................................................................................................47
2.13 Unified User Management..........................................................................................................................................48
3 Technical Specifications.............................................................................................................50
Issue 02 (2015-02-13)

iii

White Paper V1.1
Figures
Figures
Figure 1-1 System architecture................................................................................................................................3
Figure 2-1 iBMC management interfaces................................................................................................................6
Figure 2-2 System running recorder......................................................................................................................12
Figure 2-3 Downloading black box data...............................................................................................................13
Figure 2-4 Startup self-check code page................................................................................................................13
Figure 2-5 System Events page.............................................................................................................................14
Figure 2-6 SNMP trap configuration page............................................................................................................16
Figure 2-7 SMTP configuration page....................................................................................................................16
Figure 2-8 Remote console....................................................................................................................................17
Figure 2-9 Virtual KVM in iBMC.........................................................................................................................18
Figure 2-10 Virtual media in the iBMC................................................................................................................19
Figure 2-11 Entering the iBMC IP address...........................................................................................................20
Figure 2-12 iBMC login page................................................................................................................................20
Figure 2-13 Overview page...................................................................................................................................21
Figure 2-14 Firmware Version page......................................................................................................................22
Figure 2-15 System Hardware page......................................................................................................................22
Figure 2-16 Real-time data page............................................................................................................................23
Figure 2-17 Sensor page........................................................................................................................................24
Figure 2-18 Device Location page.........................................................................................................................25
Figure 2-19 Rule of the breakdown screenshot.....................................................................................................25
Figure 2-20 Breakdown screenshot.......................................................................................................................26
Figure 2-21 Video playback console.....................................................................................................................27
Figure 2-22 Obtaining screen snapshots................................................................................................................28
Figure 2-23 Enabling/Disabling the screen video function...................................................................................29
Figure 2-24 Video playback console.....................................................................................................................30
Figure 2-25 Configuring DNS parameters............................................................................................................31
Figure 2-26 Host Name page.................................................................................................................................31
Figure 2-27 Directory service work process..........................................................................................................32
Figure 2-28 LDAP User page................................................................................................................................33
Figure 2-29 Firmware Upgrade page.....................................................................................................................34
Figure 2-30 Firmware Upgrade page.....................................................................................................................35
Figure 2-31 Power Control....................................................................................................................................36
Issue 02 (2015-02-13)

iv

White Paper V1.1
Figures
Figure 2-32 Power Capping page..........................................................................................................................37

Figure 2-33 Power Statistics page.........................................................................................................................37
Figure 2-34 Power History page............................................................................................................................38
Figure 2-35 SOL....................................................................................................................................................38
Figure 2-36 Recording system serial port information..........................................................................................39
Figure 2-37 Setting WebUI login rules.................................................................................................................40
Figure 2-38 Account security configuration..........................................................................................................40
Figure 2-39 SSL certificate management page......................................................................................................41
Figure 2-40 SNMP configurations page................................................................................................................42
Figure 2-41 Service configuration page.................................................................................................................43
Figure 2-42 Viewing operation logs......................................................................................................................44
Figure 2-43 Management network connection......................................................................................................46
Figure 2-44 Configuring network port auto-adaptation.........................................................................................46
Figure 2-45 NS-CI framework...............................................................................................................................47
Figure 2-46 NS-CI data flow diagram...................................................................................................................47
Figure 2-47 IPv6 address configuration screen.....................................................................................................48
Figure 2-48 User management page......................................................................................................................49
Issue 02 (2015-02-13)


White Paper V1.1
Tables
Tables
Table 2-1 Operating environment of clients..........................................................................................................10
Table 2-2 System event parameters.......................................................................................................................15
Table 2-3 OSs not supporting mouse synchronization (The OSs include, but not limited to the OSs in the table)
................................................................................................................................................................................18
Table 2-4 Threshold sensor parameters.................................................................................................................24
Table 2-5 Encryption algorithms...........................................................................................................................44
Issue 02 (2015-02-13)

vi

White Paper V1.1
1 Overview
Overview
About This Chapter

1.1 Introduction to iBMC
1.2 System Design
Issue 02 (2015-02-13)


White Paper V1.1
1 Overview
1.1 Introduction to iBMC

As a Huawei's proprietary intelligent management system, the integrated baseboard management
controller (iBMC) remotely manages servers,And the previous-generation BMC is iMana.
iBMC complies with Intelligent Platform Management Interface 2.0 (IPMI 2.0) standards and
Simple Network Management Protocol (SNMP). It provides various functions, including
keyboard, video, and mouse (KVM) redirection, text console redirection, remote virtual media,
and reliable hardware monitoring and management. iBMC supports various features, which are
described as follows:
l
Various management interfaces

iBMC provides IPMI, command-line interface (CLI), Hypertext Transfer Protocol Secure
(HTTPS), and SNMP interfaces, meeting various system integration requirements.
Compliance with IPMI 1.5 and IPMI 2.0

iBMC provides standard IPMI management interfaces, which allow integration with
standard management systems.
Fault detection and alarm management

iBMC implements fault detection and alarm management, ensuring stable uninterrupted
24/7 system operation.
Virtual KVM and virtual media

iBMC provides virtual KVM and virtual media, facilitating remote maintenance.
Web-based user interface (WebUI)

iBMC provides the web-based UI, helping you rapidly set and query device information.
Breakdown screenshots and videos

iBMC allows screenshots and videos to be created when the system collapses. The
screenshots and videos help to identify the cause of system breakdown.
Screen snapshots and videos

iBMC offers screen snapshots and videos, which simplify routine preventive maintenance,
recording, and auditing.
Support for DNS and LDAP

iBMC supports domain name system (DNS) and Lightweight Directory Application
Protocol (LDAP) to implement domain management and directory service. This feature
simplifies the server management network.
Dual-image backup
iBMC provides software dual-image backups, which allows software to restart from the
backup image when a failure occurs. This feature enhances system security.
Asset management
iBMC facilitates asset management.
Intelligent power management

iBMC uses the power capping technology to improve deployment density and uses dynamic
power saving to reduce the operational expenditure (OPEX).
l
Issue 02 (2015-02-13)
Security management

White Paper V1.1
1 Overview
iBMC implements security management in terms of access, account, transmission, and

storage. This feature ensures the server security.
1.2 System Design

Figure 1-1 shows the iBMC system architecture, iBMC uses the Hi1710 chip developed by
Huawei Hisilicon. Hi1710 is used for board-level management based on the x86 CPU platform.
It consists of a single-core A9 CPU with a maximum dominant frequency of 800 MHz, an 8051
single-chip microcomputer, and a co-processor with a dominant frequency of 200 MHz. Hi1710
supports remote KVM, IPMI, and PCIe for receiving and transmitting MCTP packets. It provides
the local VGA, GE, and RMII ports, as well as peripheral ports and other ports for board-level
management. The following provide details about the Hi1710:
l
The KVM module implements remote keyboard and mouse control. When the KVM
module receives video data from x86 systems over the video graphics array (VGA) port,
it compresses the video data and sends the compressed data to a remote KVM client over
the network. When the KVM module receives keyboard and mouse data from the remote
KVM client, it transmits the data to x86 systems by using a simulated USB keyboard and
mouse device.
iBMC uses a system running recorder (black box) to receive data from x86 systems over
the Peripheral Component Interconnect Express (PCIe) interface and to export the recorded
information.
iBMC communicates with x86 systems through a local PC interface to implement IPMI
management.
iBMC provides GE interfaces, through which remote management is performed over the
network using IPMI and HTTPS.
iBMC uses sensors to monitor the temperature and voltage of servers. It also intelligently
manages the fan modules and power supply units (PSUs) of servers.
iBMC supports the network controller sideband interface (NC-SI) technology and VLAN
function, which allow more flexible management networking.
Figure 1-1 System architecture
Issue 02 (2015-02-13)


White Paper V1.1
2 Functions
Functions
About This Chapter

iBMC provides diversified functions to improve management efficiency and reduce the OPEX.
l
As a Huawei home-grown intelligent management system, iBMC serves as the advanced

software for remotely managing servers. It supports KVM redirection, text console
redirection, remote virtual media (mapping the DVD-ROM drive and floppy disk drive
(FDD) from the terminal to the server), and IPMI 2.0-based hardware monitoring and
management. iBMC is designed based on the carrier-class reliability requirements and
supports dual-image backups for software.
iBMC provides various user interfaces, such as the CLI, Web-based UI, IPMI integrated
interfaces, and SNMP integrated interfaces. All user interfaces adopt an authentication
mechanism and a highly secure encryption algorithm, ensuring access and transmission
security.
iBMC not only monitors servers, but also provides diversified alarms and detailed logs.
For example, the logs contain the CPU core temperatures, voltages, fan speed, PSU faults,
and bus faults. In addition, the iBMC allows you to query the information about CPUs,
memory, and hard disks.
When a server breaks down, iBMC automatically saves the last information displayed on
the screen, which is used for fault identification. iBMC allows a third party to set regular
or periodical tasks for capturing screenshots, which requires no manual intervention and
saves maintenance time.
2.1 Various Management Interfaces

2.2 Fault Detection and Alarm Management
2.3 Virtual KVM and Virtual Media
2.4 HTTPS-based Visualization Management Interface
2.5 Breakdown Screenshot and Breakdown Video
2.6 Screen Snapshot and Screen Video
2.7 Domain Management and Directory Service
2.8 Firmware Management
Issue 02 (2015-02-13)


White Paper V1.1
2 Functions
2.9 Intelligent Power Management

2.10 SOL and System Serial Port Running Information Record
2.11 Security Management
2.12 Access Management
2.13 Unified User Management
Issue 02 (2015-02-13)


White Paper V1.1
2 Functions
2.1 Various Management Interfaces

iBMC is an out-of-band standalone management system, which complies with the industry
management standards. It is a subnode on the data center management network and manages,
controls, and diagnoses servers. It provides various man-machine interfaces and machinemachine interfaces, meeting application and integration requirements for server management.
Figure 2-1 iBMC management interfaces
2.1.1 Standard IPMI 1.5 or IPMI 2.0 Interface

iBMC complies with IPMI 1.5 and IPMI 2.0 standards. It effectively manages servers by using
third-party tools, such as IPMITool, through a LPC-based Block Transfer (BT) or local area
network (LAN) User Datagram Protocol (UDP) or Internet Protocol (IP). If BT channels are
used, the third-party tools must run on the operating system (OS) of the server. If LAN channels
are used, the third-party tools can remotely manage servers. iBMC uses the AES-CBC-128
encryption algorithm and the HMAC-SHA1 algorithm for authentication and integrity
verification. The third-party tools must support Windows or Linux.
The following describes the ipmitool command.
l
ipmitool command syntax: ipmitool [interface] [parameter] <command>
ipmitool interfaces:
Interfaces:
open
imb
lan
lanplus
l
Issue 02 (2015-02-13)
Linux OpenIPMI Interface [default]

Intel IMB Interface
IPMI v1.5 LAN Interface
IPMI v2.0 RMCP+ LAN Interface
ipmitool parameters:

White Paper V1.1
2 Functions
Parameters:
-h
This help
-V
Show version information
-v
Verbose (can use multiple times)
-c
Display output in comma separated format
-d N
Specify a /dev/ipmiN device to use (default=0)
-I intf
Interface to use
-H hostname
Remote host name for LAN interface
-p port
Remote RMCP port [default=623]
-U username
Remote session username
-f file
Read remote session password from file
-S sdr
Use local file for remote SDR cache
-a
Prompt for remote password
-e char
Set SOL escape character
-C ciphersuite
Cipher suite to be used by lanplus interface
-k key
Use Kg key for IPMIv2 authentication
-y hex_key
Use hexadecimal-encoded Kg key for IPMIv2
authentication
-L level
Remote session privilege level
[default=ADMINISTRATOR] Append a '+' to use name/privilege lookup in
RAKP1
-A authtype
Force use of auth type NONE, PASSWORD, MD2, MD5 or
OEM
-P password
Remote session password
-E
Read password from IPMI_PASSWORD environment
variable
-K
Read kgkey from IPMI_KGKEY environment variable
-m address
Set local IPMB address
-b channel
Set destination channel for bridged request
t
address
Bridge request to remote target address
-B channel
Set transit channel for bridged request (dual
bridge)
-T address
Set transit address for bridge request (dual
bridge)
-l lun
Set destination lun for raw commands
-o oemtype
Setup for OEM (use 'list' to see available OEM
types)
-O seloem
Use file for OEM SEL event descriptions
ipmitool commands:
Commands:
raw
i2c
response
spd
lan
chassis
power
event
mc
sdr
sensor
fru
gendev
locators sdr
sel
pef
sol
tsol
LAN
Issue 02 (2015-02-13)
Send a RAW IPMI request and print response

Send an I2C Master Write-Read command and print
Print SPD info from remote I2C device
Configure LAN Channels
Get chassis status and set power state
Shortcut to chassis power commands
Send pre-defined events to MC
Management Controller status and global enables
Print Sensor Data Repository entries and readings
Print detailed sensor information
Print built-in FRU and scan SDR for FRU locators
Read/Write Device associated with Generic Device
Print System Event Log (SEL)
Configure Platform Event Filtering (PEF)
Configure and connect IPMIv2.0 Serial-over-LAN
Configure and connect with Tyan IPMIv1.5 Serial-over-


White Paper V1.1
isol
user
channel
session
sunoem
kontronoem
picmg
fwum
Manager
firewall
delloem
shell
exec
set
hpm
ekanalyzer
2 Functions
Configure IPMIv1.5 Serial-over-LAN

Configure Management Controller users
Configure Management Controller channels
Print session information
OEM Commands for Sun servers
OEM Commands for Kontron devices
Run a PICMG/ATCA extended cmd
Update IPMC using Kontron OEM Firmware Update
Configure Firmware Firewall
OEM Commands for Dell systems
Launch interactive IPMI shell
Run list of commands from file
Set runtime variable for shell and exec
Update HPM components using PICMG HPM.1 file
Run FRU-Ekeying analyzer using FRU files
For example, to query all the local users on iBMC, run the following command:
BT-based ipmitool command: ipmitool user list
LAN-based ipmitool command: ipmitool -H *.*.*.* -I lanplus -U <user name> -P
<password> user list 1
H: Enter the IP address of the iBMC network port after H.
I: Enter a transmission protocol after I. lan indicates non-encryption. lanplus indicates
encryption.
U: Enter the local user name after U.
P: Enter the password for a local user after P.
2.1.2 CLI
iBMC offers the easy-to-use CLI and supports two basic commands: ipmcget and ipmcset.
iBMC uses these two commands to remotely manage servers. You can log in to iBMC over SSH
and Telnet to run the two commands.
l
ipmcget command syntax:
Usage: ipmcget [-t target] -d dataitem [-v value]

-t <target>
fru0
Get the information of the fru0
sensor
Print detailed sensor information
smbios
Get the information of smbios
trap
Get SNMP trap status
service
Get service information
-d <dataitem>
faninfo
port80
diaginfo
systemcom
blackbox
bootdevice
shutdowntimeout
powerstate
health
healthevents
sel
operatelog
version
Issue 02 (2015-02-13)
Get fan mode and the percentage of the fan speed

Get the diagnose code of port 80
Get diagnostic info of management subsystem
Get system com data
Get black box data
Get boot device
Get graceful shutdown timeout value
Get power state
Get health status
Get health events
Print System Event Log (SEL)
Print operation log
Get iBMC version


White Paper V1.1
serialnumber
userlist
fruinfo
time
macaddr
serialdir
rollbackstatus
passwordcomplexity
ledinfo
ipinfo
ethport
2 Functions
Get system serial number

List all user info
Get fru information
Get system time
Get mac address
Get currently connected serial direction
Get rollback status
Get password complexity check enable state
Get led information
Get ip information
Get usable eth port
ipmcset command syntax:

Usage: ipmcset [-t target] -d dataitem [-v value]
-t <target>
fru0
Operate with fru0
trap
Operate SNMP trap
service
Operate with service
user
Operate with user
-d <dataitem>
fanmode
fanlevel
reset
identify
upgrade
clearcmos
bootdevice
shutdowntimeout
frucontrol
powerstate
sel
adduser
password
deluser
privilege
serialdir
printscreen
rollback
timezone
passwordcomplexity
ipaddr
ipmode
gateway
ipaddr6
ipmode6
gateway6
netmode
activeport
vlan
restore
notimeout
emergencyuser
Set fan mode,you can choose manual or auto

Set fan speed percent
Reboot iBMC system
Operate identify led
Upgrade component
Clear CMOS
Set boot device
Set graceful shutdown timeout value
Fru control
Set power state
Clear SEL
Add user
Modify user password
Delete user
Set user privilege
Set serial direction
Print current screen to iBMC
Perform a manual rollback
Set time zone
Set password complexity check enable state
Set ip address
Set ip mode
Set gateway
Set ipv6 address
Set ipv6 mode
Set ipv6 gateway
Set net mode
Set EthGroup active port
Set sideband vlan
Restore factory setting
Set no timeout state
Set emergency user
2.1.3 HTTPS Interface

iBMC offers visual web-based UI for management by using HTTPS.
l
Issue 02 (2015-02-13)
You can quickly set parameters and query tasks on the UI.

White Paper V1.1
2 Functions
iBMC monitors the OS startup, OS operations, and DVD-ROM drive or FDD mapping
over a remote console.
Open Internet Explorer, enter the IPv4 or IPv6 address or domain name of the iBMC network
port in the address box, and press Enter. The login page is displayed. Enter a local user account
or LDAP domain account to log in to the iBMC Web.
Table 2-1 lists the OSs, browsers, and Java runtime environment (JRE) supported by the iBMC
Web.
Table 2-1 Operating environment of clients

Running
Environment
Configuration Requirement
OS
Windows 7 32-bit or 64-bit

Windows 8 32-bit or 64-bit
Windows Server 2008 R2 64-bit
Windows Server 2012 64-bit
Red Hat Enterprise Linux 4.3 64-bit
Red Hat Enterprise Linux 6.0 64-bit
Mac OS X v10.7
Web browser
Internet Explorer 8.0 and 10.0 (applicable only to Windows)

Mozilla Firefox 9.0 or 23.0
Chrome 13.0 and 31.0 (applicable only to Windows)
Safari 5.1 (applicable only to Mac)
JRE
JRE 1.6.0 U25 or 1.7.0 U40
2.1.4 SNMP Interface

SNMP is a communication protocol between Network Management Services (NMSs) and
Agents. It defines the standard management framework, common languages in communication,
and security and access control mechanisms used for monitoring and managing devices on a
network.
SNMP has the following advantages:
l
TCP/IP-based standard protocol, with UDP as the transport layer protocol
Automatically manages the network. Administrators can search and modify information,
identify and diagnose network problems, plan for capacity, and generate reports on network
nodes using the SNMP platform.
Issue 02 (2015-02-13)

10

White Paper V1.1
2 Functions
Shields physical differences between various devices, implementing automatic

management of products from different vendors. Offering only the basic set of functions,
SNMP makes the management tasks independent of both the physical features of the
managed devices and the underlying networking technology. Therefore, SNMP achieves
effective management of devices from different vendors.
Combines simple request-reply mode and active notification mode and provides a timeout
and retransmission mechanism.
Few packet types and simple packet format, which facilitates resolution and
implementation.
Authentication and encryption mechanisms provided in SNMPv3, which enhances security

by the user-based and view-based access control function.
iBMC provides SNMP interfaces. SNMP provides operations including Get, Set, and Trap,
enabling third-party software to manage servers in a centralized manner by using the SNMP
interfaces. The SNMP agent supports SNMPv1, v2c, and v3. Only SNMPv3 is enabled by
default. Different community names are used for the Get and Set operations for SNMPv1 and
SNMPv2c. SNMPv3 supports Message Digest Algorithm 5 (MD5) or Secure Hash Algorithm
(SHA) for authorization and Data Encryption Standard (DES) or Advanced Encryption Standard
(AES) for encryption. The security user name and login user name are the same. The SNMPv3
security user shares the same set of local user names with the web-based UI, CLI, SMASH-CLP,
and IPMI LAN interfaces. The password of the SNMPv3 security user must contain at least eight
characters.
The SNMP agent interface supports query of the following information: system health status,
system health events, hardware status, memory and CPU models, alarm reporting configuration,
local user and domain account (LDAP) configuration, power statistics, asset information, heat
dissipation management, firmware version, network management, power capping, and DNS.
SNMP interface application scenario:
l
Scenario 1open-source based management
You can use the third-party MIB tool, such as MG-SOFT MIB Browser, and CLI tool to perform
operations on each MIB node over SNMP, usually for testing or temporary remote management
and maintenance for servers.
l
Scenario 2simple integration management
Network management software compiles and imports SNMP MIB definition files. Using the
network management software, you can manage servers over SNMP interfaces, set trigger scripts
for important information, and re-map trap events. Huawei network management software is
connected to command management software, such as CA, IBM System Director, and HP SIM.
l
Scenario 3in-depth integration management
Network management software supports various integrated management plug-ins for different
server vendors. The plug-in can receive operation commands from the network management
software, query and set iBMC information over the SNMP interface, and send back the
information to the network management software for display in the format defined by the
interface. Huawei has developed plug-ins for VMware vCenter and Microsoft System Center.
Issue 02 (2015-02-13)

11

White Paper V1.1
2 Functions
2.2 Fault Detection and Alarm Management

2.2.1 Fault Detection
iBMC not only monitors servers, but also provides reliable fault detection and fault predict
mechanisms. iBMC detects the following faults:
l
CPU hardware faults (CAT ERROR, self-checking failures, and configuration errors)
High temperature faults (for air intake vents, CPUs, DIMMs, and PSUs)
Mainboard and board voltage fault
Fan faults
PSU faults (AC/DC input lost, high temperatures, and fan module faults for PSUs)
Bus faults (I2C and IPMB)
Memory faults (number of correctable ECC errors exceeds the threshold, high
temperatures, and configuration errors)
Hard disk faults (PFAs and invalid RAID)
System breakdown
2.2.2 System Running Recorder

iBMC provides the system running recorder function. The system running recorder consists of
a black box (KBox) module, FPGA, iBMC, and analysis tool (hwkbox). The function is disabled
by default. Figure 2-2 shows how the Linux system running recorder works. The system running
recorder records the kernel stack information when kernel panic occurs, and exports and provides
the information to the third party. The third party defines the information itself. The fault data
(black box data) cannot be lost upon system startup and power-on or power off, but can be lost
only at AC power failure.
Figure 2-2 System running recorder
Issue 02 (2015-02-13)

12

White Paper V1.1
2 Functions
Application scenario 1
When kernel panic occurs, the registered black box automatically records the kernel stack
information and saves the location information to a DDR using a DDR controller over a PCIe
interface. Only 16 MB data can be saved. After the system restarts, a system-side location tool
reads and analyzes the location information in the DDR over the PCIe interface. Even if the
system cannot be started, iBMC can export the information from the DDR (as shown in Figure
2-3)and analyzes the information using a dedicated analysis tool. Currently, the location
information can be exported only to the OS and analyzed using the hwkbox analysis tool.
Application scenario 2
The third-party application records a maximum of 2 MB run logs to the iBMC DDR using a
write interface of the black box. When the application is faulty, the system reads and analyzes
the run logs using a read interface on the black box or iBMC. This facilitates fault location.
Figure 2-3 Downloading black box data
2.2.3 Startup Self-Check Code

A startup self-check code records information about the self-check performed upon system
startup. The information indicates whether a specific fault occurs. Different codes indicate
different faults. You can locate the startup faults by querying the fault code table. See Figure
2-4. Digits in the square brackets indicate the fault code.
Figure 2-4 Startup self-check code page
iBMC:/->ipmcget -d port80
port80 diagnose code:
02-03-06-70-74-76-7C-A1-A3-A3-A7-A9-A7-A7-A7-A8
A9-A9-A9-AA-AA-AA-AE-AF-B0-B1-B4-B2-B3-B6-B7-B8
B9-BA-B7-BB-BC-BF-83-4B-52-4D-4B-59-5A-A2-10-11
12-13-15-FF-20-1A-1A-16-17-18-1D-26-16-17-18-16
17-18-27-28-F9-[59]-5A-A2-10-11-12-13-15-FF-20-1A
1A-16-17-18-1D-26-16-17-18-16-17-18-27-28-F9-7B
C5-C3-25-2F-F8-E0-60-FB-D0-41-E0-8B-13-CA-13-EC
91-39-2D-AD-FE-6E-E4-12-F3-D9-64-DB-02-14-CD-78
E5-CF-A9-2E-34-25-2B-5A-57-18-17-F5-5E-0C-D5-BC
D0-E7-FB-E0-41-4C-FE-52-46-B5-41-BA-90-85-1B-54
D2-C2-E6-61-DA-EA-B9-58-4D-2F-09-84-93-F1-3A-0B
25-E2-1E-0D-8E-17-0A-F2-57-6B-A2-97-3A-53-1F-D5
Issue 02 (2015-02-13)

13

White Paper V1.1
2 Functions
8B-6B-F6-CD-D5-BB-C6-18-E8-85-5C-D7-68-68-52-9A
B1-67-47-A2-EC-CB-52-F9-D8-D4-74-0A-E9-23-7A-C4
FE-28-74-A7-1C-F3-C2-0C-E5-BF-D0-BC-88-05-22-1B
71-E9-AE-F1-E3-0C-BB-83-FD-10-BA-53-3B-86-B0-40
2.2.4 Event Management

iBMC provides the following alarm management functions:
l
Monitoring and alarm management for all hardware
Detailed log description
Local storage and archiving
Log management based on visualization, filtering, sorting, and downloading
Remote alarm reporting over SNMP trap, and emails
Alarm reporting to multiple destinations
System events are recorded in files in real time. When 2000 events are recorded, automatic
backup occurs. Only one backup file can be saved. If there are more than one file, the old backup
file is automatically deleted.
The System Events page allows you to query, sort, filter, and clear all system events, as shown
in Figure 2-5.
Figure 2-5 System Events page
Table 2-2 describes the system event parameters.
Issue 02 (2015-02-13)

14

White Paper V1.1
2 Functions
Table 2-2 System event parameters

Parameter
Description
Severity
Indicates the severity level of the event. Values: OK, Minor, Major, and
Critical
Generation time
Specifies the time when the event is generated.
Sensor
Specifies the sensor where the event is generated.
Event
description
Provides information about the event.
Event source
State
Indicates the current status of the event. Values: Generated and Cleared
2.2.5 Fault Reporting

iBMC monitors hardware and system status in real time and reports alarms to remote destination
servers over SNMP trap and emails.
SNMP trap supports the following features: A maximum of four destinations. You can set status,
IP addresses, ports, and alarm formats for the destinations. Event reporting based on severity.
Versions of v1, v2c, and v3. SNMPv1 is enabled by default. If you use SNMPv3, select a trap
v3 security user from local users and configure v3 authentication and encryption algorithms.
Host identifiers and location contained in trap messages. A host identifier can be a board SN,
product asset label, or host name. Test messages can be sent to the destinations. See Figure
2-6.
SMTP supports a maximum of four destinations. The following operations are supported:
Set the addresses and states of the mail boxes that receive logs and alarms.
Send test mails to the destinations.
Log in to the SMTP server with or without authentication.
Enable TLS to encrypt mails.
Configure the title and mail sender of the email template. See Figure 2-7.
Issue 02 (2015-02-13)

15

White Paper V1.1
2 Functions
Figure 2-6 SNMP trap configuration page
Figure 2-7 SMTP configuration page
2.3 Virtual KVM and Virtual Media

On the Remote Control page, you can use the virtual KVM, virtual media, and manual recording
functions to power on, power off, or restart servers. Figure 2-8 shows the Remote Control page.
In full screen or split-screen mode of the remote console, press Ctrl+Alt+Shift to show the
toolbar.
Issue 02 (2015-02-13)

16

White Paper V1.1
2 Functions
Figure 2-8 Remote console
2.3.1 Virtual KVM

The virtual KVM function allows you to monitor and control remote devices in real time by
using the local KVM. You can operate remote devices using the virtual KVM. The virtual KVM
supports:
l
640 x 480 to 1920 x 1280 resolution
Mouse synchronization: Ensure that the remote OSs support mouse synchronization. Table
2-3 lists the OSs that do not support mouse synchronization.
Absolute, relative, and single mouse modes
Exclusive and collaborative modes: Both parties in collaborative mode can operate a remote
server at the same time. To ensure security, use the exclusive mode.
Operating environment: To enable the virtual KVM function, the browser, OS, and JRE
versions on the client must meet the software requirements listed in Table 2-1.
Color depth: 32-bit color, providing a maximum of 16.77 million colors.
Combination key: allows users to customize any six-key combination for sending
commands.
Encryption: The AES128 CBC encryption algorithm is adopted for video, keyboard, and
control command data.
For OSs that cannot provide the position of the mouse in absolute mode, the virtual KVM does
not support the mouse synchronization function.
Issue 02 (2015-02-13)

17

White Paper V1.1
2 Functions
Table 2-3 OSs not supporting mouse synchronization (The OSs include, but not limited to the
OSs in the table)
OS Not Supporting Mouse Synchronization
SUSE Linux Enterprise Server 11 Service Pack 1 for x86 (32-Bit)
SUSE Linux Enterprise Server 11 Service Pack 1 for Intel EM64T (64-Bit)
Figure 2-9 shows how the virtual KVM is implemented.

l
When receiving data from a remote client, iBMC compresses the data and transmits the
compressed data to the local client over a network. The local client console decompresses
the data received and displays the data on the local client.
The virtual KVM console captures local mouse and keyboard events and transmits the
events to a remote client over a network. iBMC simulates the local keyboard and mouse to
transmit the events to a remote server service system over the USB channel.
Figure 2-9 Virtual KVM in iBMC
2.3.2 Virtual Media

The virtual media function allows you to use a virtual USB DVD-ROM drive or an FDD to
remotely access the local media (such as the DVD-ROM drive, FDD, DVD-ROM image file,
and floppy disk image file) over a network. The virtual media data is encrypted using the AES128
CBC encryption algorithm. To use the virtual media function, the client must be equipped with
the OS and the JRE of proper versions. For details, see Table 2-1.
The purpose of virtual media is to virtualize the local media devices to the media devices on the
remote client over a network. Figure 2-10 shows how virtual media is implemented.
Issue 02 (2015-02-13)

18

White Paper V1.1
2 Functions
Figure 2-10 Virtual media in the iBMC
iBMC exchanges data with hosts through USB 2.0 channels. The virtual media provides the
following functions:
l
Virtualizing devices
The PC or image file on a client is mapped to a connected server. Then the server can detect
the client as a USB device.
The following can be virtualized:
FDD
DVD-ROM drive
An FDD can be virtualized along with other devices.
The virtual media provides the following features:

The virtual DVD-ROM drive supports a transmission rate of up to 32 Mbit/s and 24 Mbit/
s in a VLAN.
The virtual FDD supports a maximum transmission rate of 4 Mbit/s.
Preparing image files

The content on a floppy disk or a DVD-ROM can be created as an image file and stored
on a hard disk.
Issue 02 (2015-02-13)

19

White Paper V1.1
2 Functions
2.4 HTTPS-based Visualization Management Interface

iBMC offers web-based UI for visual management by using HTTPS. You can quickly set and
query information on the UI. Table 2-1 shows OSs and browsers supported by iBMC. The
following uses the RH1288 V3 as ax example.
To log in to the iBMC Web, perform the following steps:
Step 1 Open Internet Explorer, enter https://iBMC IP[:sslport] in the address box, and press Enter. See
Figure 2-11.
NOTE
The port number is optional. If the port number is not 80 or the sslport port number is not 443, you must
enter the port number after the IP address. For a method of changing the port number, see 2.11.4 Service
Management.
Figure 2-11 Entering the iBMC IP address
Step 2 On the login page, enter the user name and password or select a domain if a domain account is
used, and click Log In, as shown in Figure 2-12.
Figure 2-12 iBMC login page
----End
2.4.1 Viewing System Information

The Overview page displays the system information, including the system status, iBMC
information, system configurations, virtual buttons, and power saving statistics, and provides
links to common operations, as shown in Figure 2-13.
Issue 02 (2015-02-13)

20

White Paper V1.1
2 Functions
Figure 2-13 Overview page
2.4.2 Querying System Information

The system information includes the firmware versions, asset information, and system hardware
information.
Firmware Version
The firmware version information includes the iBMC, BIOS, U-Boot and CPLD versions, as
well as baseboard PCB versions, baseboard IDs, baseboard manufacturers, baseboard models,
and baseboard serial numbers. See Figure 2-14.
Issue 02 (2015-02-13)

21

White Paper V1.1
2 Functions
Figure 2-14 Firmware Version page
System Hardware
The system hardware information includes the configured number and maximum number of key
system components, and component models. Figure 2-15 shows the System Hardware page.
Figure 2-15 System Hardware page
2.4.3 Real-Time Monitoring

Real-time monitoring involves monitoring of components, sensors, and indicators.
Issue 02 (2015-02-13)

22

White Paper V1.1
2 Functions
Real-Time Data
Figure 2-16 shows the history lines of real-time data for items including CPU usage, memory
bandwidth usage, and air intake vent temperature. The CPU usage and memory bandwidth usage
are measured every minute and the air intake vent temperature is measured every 10 minutes.
This allows users to view the data in real time and understand the service running status.
Figure 2-16 Real-time data page
Sensor
The Sensor page displays all sensor information, as shown in Figure 2-17. Table 2-4 describes
sensor parameters.
Issue 02 (2015-02-13)

23

White Paper V1.1
2 Functions
Figure 2-17 Sensor page
Table 2-4 Threshold sensor parameters
Issue 02 (2015-02-13)
Parameter
Description
Sensor
Name of a sensor
Current value
Current value of the sensor
Unit
Unit of the sensor value
Lower critical
The system generates a critical alarm when the sensor value exceeds
this threshold.
Lower major
The system generates a major alarm when the sensor value exceeds
this threshold.
Lower minor
The system generates a minor alarm when the sensor value exceeds
this threshold.
Upper minor
The system generates a minor alarm when the sensor value exceeds
this threshold.
Upper major
The system generates a major alarm when the sensor value exceeds
this threshold.
24

White Paper V1.1
2 Functions
Parameter
Description
Upper critical
The system generates a critical alarm when the sensor value exceeds
this threshold.
2.4.4 Device Location

The Device Location page allows you to set the status of the location indicator. By illuminating
the UID indicator on the device panel, you can quickly locate the device to be operated among
a large number of devices in the equipment room. See Figure 2-18.
Figure 2-18 Device Location page
2.5 Breakdown Screenshot and Breakdown Video

2.5.1 Breakdown Screenshot
When detecting a system breakdown, iBMC stores the last screenshot in a specific format, as
shown in Figure 2-19. You can log in to iBMC to view the screenshot or remotely download
the screenshot to a local folder to locate a fault.
Figure 2-19 Rule of the breakdown screenshot
iBMC stores a maximum of three breakdown screenshots. The oldest screenshot will be
overwritten when a new screenshot is created.
Issue 02 (2015-02-13)

25

White Paper V1.1
2 Functions
You can choose Events and Logs > Remote System Screen > Last Screen to view
screenshots, as shown in Figure 2-20.
Figure 2-20 Breakdown screenshot
2.5.2 Breakdown Video

When iBMC detects a system breakdown, it records the screen output that was displayed 1
minute around the breakdown and stores the compressed screen video to an external storage
device. iBMC supports automatic video recording when the host CAT error, system power-off,
or system restart occurs. For the host CAT error, the recording files are stored in iBMC flash
memory, and for the other two situations, the recording files are stored in the iBMC memory.
When a server breaks down, you can log in to iBMC to export the video clip to a local folder
and view the video using the video playback console for fault location.
Figure 2-21 shows the video playback console.
Issue 02 (2015-02-13)

26

White Paper V1.1
2 Functions
Figure 2-21 Video playback console
2.6 Screen Snapshot and Screen Video

2.6.1 Screen Snapshot
The screen snapshot function is designed for system inspection. You can capture and save the
screen outputs of the system using the CLI and WebUI. You can remotely obtain screen outputs
Issue 02 (2015-02-13)

27

White Paper V1.1
2 Functions
from a local client and view screens of all inspected servers using Secure File Transfer Protocol
(SFTP).
Compared with the virtual KVM, the screen snapshot does not need login over HTTPS. You
can obtain screen snapshots by using the CLI. The CLI allows scripts to be executed, which
facilitates automatic server inspection. You can also obtain current system screen snapshots on
the WebUI.
Obtaining Screen Snapshots Using the CLI

Syntax
ipmcset -d printscreen -v wakeup
Parameter description
When the wakeup parameter is used, the system takes a screenshot for the current information
and is woken up from the Screen Saver mode.
Usage guidelines
After the printscreen command is executed, iBMC automatically saves the screenshot as the
screen.jpg file to the tmp directory. You need to load the file to a client that supports viewing .jpg
files over FTP or SFTP before viewing the screenshot.
Obtaining Screen Snapshots from the Web Page

On the iBMC WebUI, you can choose Events and Logs > Remote System Screen > Manual
to obtain the screen snapshot, as shown in Figure 2-22.
Figure 2-22 Obtaining screen snapshots
Issue 02 (2015-02-13)

28

White Paper V1.1
2 Functions
2.6.2 Screen Video

The screen video is a remote KVM recording function provided by the remote console, and can
be enabled. The video format is defined by a user and the video file is saved in the local (the
KVM console is opened). It records virtual KVM operations to ensure security or meet other
special requirements. When the screen video function is enabled, the virtual KVM console
automatically records all information displayed on the screen and all operations that have been
performed to a self-defined video file.
Figure 2-23 Enabling/Disabling the screen video function
iBMC integrates a video file playback tool for playing videos.
Issue 02 (2015-02-13)

29

White Paper V1.1
2 Functions
Figure 2-24 Video playback console
2.7 Domain Management and Directory Service

With development of enterprise applications, IT infrastructure capacity is increasing, which
increases workloads in asset management and daily management. iBMC provides domain
management and directory service to streamline tedious IT infrastructure management.
2.7.1 Domain Management

You can add all managed servers to a domain and visit access iBMC using the domain name. If
the domain name is the asset number of a managed server, the domain controller can help count
assets. This greatly reduces IT asset management costs.
Step 1 Add the computer to the domain.
1.
Log in to iBMC WebUI using the domain name, and open the DNS tab. See Figure 2-25.
NOTE
Domain Name System (DNS) is an Internet service. The DNS maps easy-to-remember domain names
and IP addresses. This helps you easily access the network.
2.
The UI shown in Figure 2-25 enables you to set DNS bound network port and methods of
obtaining DNS information. Click OK to save the settings.
3.
Set Domain Name, Primary DNS Server, and Secondary DNS Server if Manually
Obtain DNS Information is selected.
Issue 02 (2015-02-13)

30

White Paper V1.1
2 Functions
Figure 2-25 Configuring DNS parameters
Step 2 Set a host name. See Figure 2-26.

----End
Figure 2-26 Host Name page
----End
2.7.2 Directory Service

The directory service integrates user management, rights assignment, and validity period
management on iBMC into the directory server, as shown in Figure 2-27. This minimizes
repeated user configuration tasks and improves management efficiency. In addition, centralized
user management greatly enhances the security of iBMC.
The advantages of LDAP are as follows:
Scalability: dynamically add users on the LDAP server in all iBMCs at the same time.
Security: User password policies are all implemented on the LDAP server.
Real-time performance: Any account update on the LDAP server takes effect immediately on
all iBMCs.
High efficiency: integrates user management, rights assignment, and validity management on
iBMC into the catalog server. This minimizes repeated user configuration tasks and improves
management efficiency.
Supports the active directory and New Technology LAN Manager (NTLM) authentication
function.
Issue 02 (2015-02-13)

31

White Paper V1.1
2 Functions
To ensure security, LDAP supports only LDAPS that uses the SSL encryption algorithm and
allows you to modify LDAPS port information. Plain text-based LDAP is not supported. To
ensure the authenticity of an LDAP server, LDAP supports certificate authentication for servers
and you can import the root CA certificate of the LDAP server into iBMC for verification. Set
the domain controller address to the user name of the root CA certificate because the consistency
of the two needs to be checked during authentication.
Figure 2-27 Directory service work process
The LDAP User page is displayed, as shown in Figure 2-28.

NOTE
LDAP is a protocol for accessing online directory services over an IP network. LDAP directories can help
store any types of data, such as email addresses and mail routing information, so that you can query the
information conveniently.
View or set the LDAP user information on the LDAP User page, as shown in Figure 2-28.
Issue 02 (2015-02-13)

32

White Paper V1.1
2 Functions
Figure 2-28 LDAP User page
On the LDAP User page, you can perform the following operations:
l
Enable or disable LDAP.
Enable certificate verification.
Set the LADPS port number. The default value is 636.
Import LDAP root certificate.
Set a domain controller address.

The domain controller address is the IP address or domain name of the server where the
active directory is located. The domain controller address consists of a maximum of 255
characters.
Set a user domain.

The user domain is the domain for logging in to the iBMC page in the active directory. The
user domain name can contain a maximum of 255 characters.
Set a group name.

The group name is the name for logging in to the iBMC page in the active directory. The
group name can contain a maximum of 32 characters.
Set a group domain.

The group domain is the domain for logging in to the iBMC page in the active directory.
The group domain name can contain a maximum of 255 characters.
Set the group privilege.

The group privilege is the permission for logging in to the iBMC page in the active directory.
There are three types of users: administrators, operators, and common users. They are
granted with different operation permissions.
Issue 02 (2015-02-13)

33

White Paper V1.1
2 Functions
2.8 Firmware Management

Firmware management involves the iBMC firmware, BIOS, CPLD, and LCD. It allows you to
query firmware version, upgrade firmware, and switch over dual images.
2.8.1 Firmware Dual-image Backup

iBMC uses firmware dual-image backup to improve system reliability. When flash
misoperations occur or storage modules are damaged, the system automatically switches to the
backup image and generates an alarm, indicating that image redundancy becomes invalid.
Switching Over Images on the Web Page

In the navigation tree, choose System Management > Firmware Upgrade. The Firmware
Upgrade page is displayed, as shown in Figure 2-29.
The iiBMC and BIOS version information are displayed on this page, and a user is allowed to
switch images and restart iBMC.
Figure 2-29 Firmware Upgrade page
2.8.2 Firmware Upgrade

The firmware upgrade involves iBMC firmware, BISO, CPLD (mainboard, backplane, mezz
card, and expansion card), and LCD upgrades. iBMC firmware upgrade supports version
rollback and manual and automatic modes. Figure 2-30 shows the Firmware Upgrade page.
For the compatibility purpose, you are advised to upgrade active and standby iBMC images to
the same version.
Issue 02 (2015-02-13)

34

White Paper V1.1
2 Functions
Figure 2-30 Firmware Upgrade page
2.9 Intelligent Power Management

iBMC provides multiple intelligent power management methods to reduce total cost of
ownership (TCO).
2.9.1 Power Control

The Power Control page allows you to control the power supply for a server, as shown in
Figure 2-31.
You can perform the following operations:
l
Power On: powers on the server.
Graceful Power Off: powers off a server. iBMC sends an ACPI interrupt to the OS. If the
OS supports the ACPI interrupt, iBMC shuts down the OS (ends all running processes) and
then powers off the device. If the OS does not support the ACPI interrupt, iBMC powers
off the device forcibly after the graceful power-off timeout period ends. The result is the
same as the operation that you press the power button on the front panel of the server.
Forcibly Power Off: powers off a server without waiting for the response from the OS.
This option has the same result as the operation that you hold down the power button on
the front panel of the server.
Restart: indicates cold reset. iBMC can reset the system through the southbridge directly,
without the need of powering off the OS.
Graceful Reboot: powers off and then powers on the server. iBMC shuts down the OS and
then power off the server. iBMC powers off the server forcibly after the graceful poweroff timeout period ends, and then powers on the server.
NMI: sends a non-maskable interrupt (NMI) to the OS to collect kernel stack information
and sends the information to the console, which is used for identifying the causes of system
exceptions.
Disable Panel Power Button: disables buttons on a server panel.
Issue 02 (2015-02-13)

35

White Paper V1.1
2 Functions
Figure 2-31 Power Control
2.9.2 Power Capping

Currently, data centers are facing a challenge that enterprises consume a lot of electric power
and space and have high refrigeration costs. The available resources can hardly meet everincreasing energy and refrigeration requirements. The top priority for data centers is to save
energy and reduce energy consumption using innovative technologies. In traditional data centers,
customers spend enormous amounts building electric power infrastructure to ensure service
continuity. In addition, IT administrators usually use excessive power supply to meet system
power requirements. The power capping technology helps control energy consumption of each
server, avoiding excessive energy supply. The saved energy realized by the power capping
technology can be used for capacity expansion in data centers.
In the navigation tree, choose PS Management > Power History. The Power History page is
displayed, as shown in Figure 2-32.
You can set the power upper limit. If the system power exceeds the upper limit, specific actions
are triggered to ensure that the chassis power is properly distributed.
iBMC collects system power data every one second for 40 times or more during system startup.
It deletes the invalid values, calculates the average value, and then multiples the value by a
coefficient varying by product. The calculation result is the minimum power.
Set Power Capping State, Power Limit, and Follow-up Action After Power Capping Fails
as required, and click OK, as shown in Figure 2-32. After the configuration, Operation
performed successfully is displayed.
Follow-up Action After Power Capping Fails has the following value options:
l
Event log: logs information about a power capping failure in the system event file. This
function is enabled by default.
Power off: iBMC forcibly powers off the server within 15s.
Issue 02 (2015-02-13)

36

White Paper V1.1
2 Functions
Figure 2-32 Power Capping page
2.9.3 Power Statistics and Power History Line

iBMC provides accurate energy monitoring information and historical power statistics. This
helps system administrators know about the actual usage of electric power and heat dissipation
resources. You can adjust the server consumption based on historical power data.
In the navigation tree, choose PS Management > Power Statistics. The Power Statistics page
is displayed, as shown in Figure 2-33. The page displays Current Power, Total CPU Power,
Total Memory Power, Peak System Power, Average System Power, and Consumed
Electricity.
Click Recollect to recollect information about the peak system power, average system power,
and consumed electricity.
Figure 2-33 Power Statistics page
In the navigation tree, choose PS Management > Power History. The power history user
interface (UI) is displayed, as shown in Figure 2-34.
iBMC collects and saves the system power every 10 minutes. The Power History page displays
the recent power history in a line chart. To view the power statistics in recent periods, click Last
Week or Last Day. To refresh the line charts and tables, click Recollect. To download historical
power information, click Download.
On this page, you can view the recent device power changes and understand the device running
status in a certain period.
Issue 02 (2015-02-13)

37

White Paper V1.1
2 Functions
Figure 2-34 Power History page
2.10 SOL and System Serial Port Running Information

Record
2.10.1 SOL
iBMC provides the SOL function. This function redirects the serial port data, which is sent only
through a serial cable originally, to the remote network devices for sending, and allows the
system to receive data from remote network devices. Figure 2-35 shows how the SOL function
is implemented. Management personnel can query the data using a network terminal sent by the
serial port in real time and perform operations on the OS. The effect is the same as that a nearend serial port is used.
Figure 2-35 SOL
2.10.2 Recording System Serial Port Information

iBMC records system serial port information. Figure 2-36 shows how the function is
implemented. iBMC records real-time system serial port data to a DDR. If the data volume
Issue 02 (2015-02-13)

38

White Paper V1.1
2 Functions
exceeds 1 MB, the earliest data will be overwritten. When the system breaks down or restarts,
you can export and view the serial port information from iBMC.
Figure 2-36 Recording system serial port information
2.11 Security Management

2.11.1 Scenario-based Login Restriction
To ensure security, iBMC restricts the server management access to the minimum scope based
on time, location (IP address or MAC address), and roles. This feature is applicable only to the
login from the web.
You can set the login whitelist that supports a maximum of three login rules. A user who follows
any of these rules can log in to iBMC; otherwise, login fails.
Each login rule contains the duration, user source IP address segment, and user source MAC
address segment. A login rule is followed only when all the three conditions are met. Login rules
are applicable to each local user and LDAP user group. By default, users have no login rule.
After the access duration has expired, login users are forced to log out. iBMC supports an
emergency administrator who has no login restriction when the password is invalid. You can
log in to iBMC as the emergency administrator for management when other user accounts cannot
log in.
The three fields of a login rule are described as follows:
Duration: includes the start time and end time in the format of YYYY-MM-DD HH:MM, YYYYMM-DD, or HH:MM. The value can be empty.
IP address: supports a single IPv4 address or IPv4 address segment, and does not support an
IPv6 address. The value can be empty.
MAC address: supports a single MAC address of MAC address segment (specifies the NIC
vendor by using only the first three fields in an MAC address). The value can be empty.
The page allows you to set and enable login rules, as shown in Figure 2-37.
Issue 02 (2015-02-13)

39

White Paper V1.1
2 Functions
Figure 2-37 Setting WebUI login rules
2.11.2 Account Security

Account security measures include the password complexity check, password validity period,
maximum historical password repetition times, and account lock.
The password validity period is applicable to all local users, in the unit of day. You can log in
to iBMC for management only within the validity period. When the validity period expires, you
are not allowed to log in to iBMC, but login user can continue to access iBMC.
The validity period of a password ranges from 0 to 365 days. 0 indicates that the password is
permanently valid. The validity period starts from the creation date and counted by natural time.
The days when servers with AC power failures are also included in the validity period. The
period is not affected even if the iBMC system time changes. When the iBMC system time
changes, iBMC automatically updates the start time of the validity period of each user password.
When your password will expire within 10 days, the system reminds you to change the password
in a timely manner after you log in from the web or CLI. The system records a security log after
a password validity period has expired.
To prevent the inconvenience caused by expired passwords, you can perform the following
operations:
1.
Configure an emergency administrator account whose password is permanently valid and

who can log in to iBMC during login restriction.
2.
Log in to the BIOS and change the password of user 2, which is an administrator by default.
3.
Log in to the OS on the local device and use a third-party tool (for example, IPMItool) to
set a new password through BT channels.
4.
Set a new password for a blade server by using the management module (MM).
Figure 2-38 Account security configuration
Issue 02 (2015-02-13)

40

White Paper V1.1
2 Functions
2.11.3 SSL Certificate Management

The SSL certificate is used by a Web service terminal.
SSL certificate management enables you to view the current certificate information, such as the
user, certificate authority, validity period, and serial number, generate a CSR file, import the
signature certificate (only public key and PKCS#10) generated by the CSR file, and import a
self-defined certificate (including public and private keys and PKSC#12). When the certificate
that maps to the CSR file is successfully imported, or the default setting is restored, the CSR file
is deleted. The certificate format is Base 64 X.509 and the encapsulation format is PKCS#10 or
PKCS#12. The certificate in PKCS#12 supports setting of a password for the private key.
The SSL certificate for servers using iBMC is a self-signed certificate by default. The certificate
is signed using SHA1 and RSA (2048-bit). iBMC provides two non-signed certificate generation
methods:
Method 1
1. Log in to the iBMC WebUI, and modify the user information on the WebUI.
2. Generate a CSR file.
3. Export the CSR file.
4. Submit the CSR file to the CA.
5. Generate a signature certificate in the PKCS#10 format.
6. Import the signature certificate to iBMC.
7. Restart iBMC for the certificate to take effect.
Note: The signature certificate must correspond to the CSR file, that is, you have to use the
mapped CSR file to apply for a server certificate from the CA.
Method 2
1. Generate a self-defined certificate using the customer's CA server or purchase a certificate
from the CA.
2. Log in to the iBMC WebUI, and import the certificate to iBMC.
3. Restart iBMC for the certificate to take effect.
Figure 2-39 SSL certificate management page
Issue 02 (2015-02-13)

41

White Paper V1.1
2 Functions
2.11.4 Service Management

Security risks exist in insecure protocols and default ports. The service management function
enables you to enable, disable, or modify settings for protocols and ports. The insecure protocols,
including the FTP, Telnet, HTTP, RMCP, and SNMPv1 and v2c, are disabled by default.
iBMC provides the following services: Web, FTP, SSH, Telnet, Remote Control, SNMP Agent,
and IPMI LAN. See Figure 2-40 and Figure 2-41.
Figure 2-40 SNMP configurations page
Issue 02 (2015-02-13)

42

White Paper V1.1
2 Functions
Figure 2-41 Service configuration page
2.11.5 Operation Log Management

iBMC records all non-query operations through all interfaces, both successful operations and
failed operations. Operation logs include Linux OS logs and user process logs. The user process
log records the operation time, interfaces, source IP addresses, source users, and action
descriptions.
Operation logs are saved in files in real time. When the size of operation logs exceeds 200 KB,
automatic backup occurs. Only one backup file can be saved. If there are more than one file, the
old backup file is automatically deleted.
The operation log management function enables you to view and export operation logs using
the WebUI.
Issue 02 (2015-02-13)

43

White Paper V1.1
2 Functions
Figure 2-42 Viewing operation logs
2.11.6 Enhanced Encryption Algorithm

The enhanced encryption algorithm ensures:
l
Confidentiality: Sensitive data is not obtained by unauthorized entities. For example, a

password is adopted or the stored data is encrypted so that only the user having the key can
access the protected data.
Integrity: The data integrity is ensured using cryptographic methods during transmission
and storage. For example, you can use the hash function to perform data check for security.
Authenticity: Use cryptographic algorithm methods to identify remote users or system

users. For example, the SSL certificate on the web server ensures that the user is connected
to the correct server.
Non-repudiation: A user that performs one operation can be accurately located. The user
cannot deny his or her operation.
The encryption algorithms supported by iBMC are as follows:

Table 2-5 Encryption algorithms
Encryption
Algorithm
Application Scenario
Function
DSA/RSA 2048 bit
Web server certificate and SSH host certificate
Digital
signature
AES 128 CBC
IPMI LAN transmission encryption
Encryption
KVM, video, and control data encryption VMM

data encryption
Web HTTPS transmission encryption
SNMPv3 transmission encryption
SSH transmission encryption
Issue 02 (2015-02-13)

44

White Paper V1.1
2 Functions
Encryption
Algorithm
Application Scenario
Function
AES 256 CBC
Web HTTPS transmission encryption and SSH

transmission encryption
Encryption
DES 64
SNMPv3 transmission encryption
Encryption
HMAC-MD5-96
SNMPv3 authentication
Authentication
HMAC-SHA1-96
SNMPv3 authentication and IPMI LAN

authentication
Authentication
SHA256
HTTPS integrity check and Linux user password

encryption
Integrity and
encryption
2.11.7 Hardware Encryption

The Hi1710 chip integrates with a security engine, which is a hardware acceleration module for
enhancing security functions of the CPU. The engine primarily applies to authentication and
data encryption and decryption. The engine supports the DES/3DES, AES, SHA-1,
SHA-256/224, and MD5 algorithms, as well as the HMAC algorithm based on SHA-1,
SHA-256/224, and MD5. DES/3DES supports the ECB, CBC, CFB, and OFB working modes,
and AES supports the ECB, CBC, CFB, OFB, and CTR working modes. AES supports 128-,
192-, and 256-bit keys; SHA-1 and SHA-256/224 support 160-, 256-, and 224-bit message
digests; MD5 supports 128-bit message digests.
2.12 Access Management

iBMC supports both IPv4 and IPv6 addresses and access over a dedicated management port or
shared network port using the NC-SI function. The shared network port supports the VLAN
function.
2.12.1 Management Network Port Auto-Adaptation

A rack server or node server has two management network ports: a GE management network
port and a sideband network port using NC-SI (share the physical management network port
with the host). The NC-SI function automatically associates the logical network port with a
physical network port based on the network port link status.
After auto-adaptation is enabled for a network port and the server network is changed, you can
use a network cable to connect to the dedicated management network port or sideband
management network port to access the management GUI without any new network settings and
perform smooth switch. This eliminates complicated configuration and improves the
maintenance efficiency.
Issue 02 (2015-02-13)

45

White Paper V1.1
2 Functions
Figure 2-43 Management network connection
The page for configuring network port auto-adaptation allows you to query the network port
mode and set port parameters. If the network port is in auto-adaptation mode, you can specify
a host network port as the sideband network port, which is network port 1 by default, as shown
in Figure 2-44.
Figure 2-44 Configuring network port auto-adaptation
2.12.2 NC-SI
NS-CI enables the management system and the host system to share a physical network port on
the host using the NC-SI technology, implementing management and service handling,
simplifying networking, and reducing ports on the switch. Preferentially considering the service
data, the maximum bandwidth for data management is 100 Mbit/s. For the security purpose,
divide the management and service in different network segments using the VLAN technology.
Issue 02 (2015-02-13)

46

White Paper V1.1
2 Functions
Figure 2-45 NS-CI framework
Figure 2-46 NS-CI data flow diagram
2.12.3 IPv6
iBMC supports IPv6 to ensure sufficient IP addresses because the IPv4 address is insufficient.
iBMC supports the Web, Telnet, SSH, and SNMP interfaces, which support IPv6. Physical
Issue 02 (2015-02-13)

47

White Paper V1.1
2 Functions
channels using the dedicated management network port and the shared network port (NC-SI)
also support IPv6.
Figure 2-47 IPv6 address configuration screen
Manually set the IPv6 address or obtain it from a iBMC DHCP server.
2.13 Unified User Management

iBMC is a management subsystem based on the built-in CPU and the OS and provides only fixed
maintenance and integration ports. The OS and applications are integrated. The OS (CLI),
SNMP, IPMI LAN, and Web interfaces are independently managed by respective local users.
To access iBMC through these interfaces, users have to set each interface. However, the unified
user management function enables a user to access iBMC through all those interfaces as long
as one interface is set. iBMC synchronizes the setting among all interfaces.
iBMC supports a maximum of 17 users including anonymous users with ID 1 and enables you
to add, modify, and delete users. The user types and user rights are as follows:
Administrator: The user has all configuration and control rights for iBMC.
Operator: The user has all configuration and control rights, excluding user management and
security configuration.
Common user: The user has only permission to view information, excluding OS information
and operation logs.
Customized group: The user specifies its right.
Issue 02 (2015-02-13)

48

White Paper V1.1
2 Functions
Figure 2-48 User management page
Issue 02 (2015-02-13)

49

White Paper V1.1
3 Technical Specifications
Technical Specifications
Component
Specifications
Supported products
RH1288A V2, RH2288A V2, RH1288 V3, RH2288 V3, RH2288H V3,
RH8100 V3, XH622 V3, XH628 V3, CH121 V3, CH140 V3, CH220
V3, CH222 V3, and CH242 V3
KVM
l Maximum resolution: 1920 x 1280

l Minimum resolution: 640 x 480
l 32-bit color, providing 16.77 million colors
l One integrated 1000 Mbit/s dedicated Ethernet port
Network port
l One integrated 100 Mbit/s shared Ethernet port

l The virtual DVD-ROM drive supports a maximum transmission
rate of 32 Mbit/s.
Virtual media
l The virtual FDD supports a maximum transmission rate of 4 Mbit/

s.
l HTTPS
User interface
l IPMI LAN/BT
l SNMP
l CLI
Security feature
l User management
l Role authentication
l Data encryption
l Scenario-based login restriction
l Account security
l SSL certificate management
Issue 02 (2015-02-13)

50

Huawei FusionServer IBMC Software White Paper

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Huawei FusionServer IBMC Software White Paper

Загружено:

Авторское право:

Доступные форматы

HUAWEI Server iBMC Intelligent Management

White Paper V1.1

HUAWEI TECHNOLOGIES CO., LTD.

Copyright Huawei Technologies Co., Ltd. 2015. All rights reserved.

Trademarks and Permissions

Huawei Technologies Co., Ltd.

Huawei Industrial Base

Huawei Proprietary and Confidential

HUAWEI Server iBMC Intelligent Management System

Huawei Proprietary and Confidential

HUAWEI Server iBMC Intelligent Management System

2.8 Firmware Management.................................................................................................................................................34

Huawei Proprietary and Confidential

HUAWEI Server iBMC Intelligent Management System

Huawei Proprietary and Confidential

HUAWEI Server iBMC Intelligent Management System

Figure 2-32 Power Capping page..........................................................................................................................37

Huawei Proprietary and Confidential

HUAWEI Server iBMC Intelligent Management System

Huawei Proprietary and Confidential

HUAWEI Server iBMC Intelligent Management System

About This Chapter

Huawei Proprietary and Confidential

HUAWEI Server iBMC Intelligent Management System

1.1 Introduction to iBMC

Various management interfaces

Compliance with IPMI 1.5 and IPMI 2.0

Fault detection and alarm management

Virtual KVM and virtual media

Web-based user interface (WebUI)

Breakdown screenshots and videos

Screen snapshots and videos

Support for DNS and LDAP

Intelligent power management

HUAWEI Server iBMC Intelligent Management System

iBMC implements security management in terms of access, account, transmission, and

1.2 System Design

Figure 1-1 System architecture

Huawei Proprietary and Confidential

HUAWEI Server iBMC Intelligent Management System

About This Chapter

As a Huawei home-grown intelligent management system, iBMC serves as the advanced

2.1 Various Management Interfaces

Huawei Proprietary and Confidential

HUAWEI Server iBMC Intelligent Management System

2.9 Intelligent Power Management

Huawei Proprietary and Confidential

HUAWEI Server iBMC Intelligent Management System

2.1 Various Management Interfaces

Figure 2-1 iBMC management interfaces

2.1.1 Standard IPMI 1.5 or IPMI 2.0 Interface

ipmitool command syntax: ipmitool [interface] [parameter] <command>

Linux OpenIPMI Interface [default]

HUAWEI Server iBMC Intelligent Management System

Send a RAW IPMI request and print response

Huawei Proprietary and Confidential

HUAWEI Server iBMC Intelligent Management System

Configure IPMIv1.5 Serial-over-LAN

ipmcget command syntax:

Usage: ipmcget [-t target] -d dataitem [-v value]

Get fan mode and the percentage of the fan speed

Huawei Proprietary and Confidential

HUAWEI Server iBMC Intelligent Management System

Get system serial number