HPE OneView 3.0 User Guide for
HPE Synergy
Abstract
This guide describes HPE OneView features, interfaces, resource model design, and secure working environment. It
describes up-front planning considerations and how to use the HPE OneView appliance UI or REST APIs to configure,
manage, monitor, and troubleshoot your data center infrastructure. It also includes information about the SCMB
(State-Change Message Bus). It is intended for infrastructure administrators, network administrators, and server
administrators that plan, configure, and manage data center hardware and software throughout its lifecycle, and for
backup administrators and operations personnel that monitor and troubleshoot data center hardware and software.
Part Number: 5200-1732
Published: October 2016
Edition: 1
© Copyright 2013-2016 Hewlett Packard Enterprise Development LP
Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use or copying. Consistent with FAR
12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed
to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice. The
only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such
products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable
for technical or editorial errors or omissions contained herein.
Acknowledgements
Google® is a registered trademark of Google Inc. Java® is a trademark of Oracle or its affiliates. Microsoft®, Windows®, and Windows Server®
are trademarks of the Microsoft Group of companies.Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
VMware® is a registered trademark of VMware Inc.
Warranty
Hewlett Packard Enterprise will replace defective delivery media for a period of 90 days from the date of purchase.
Contents
I Learning about HPE OneView............................................................................19
1 Learning about HPE OneView......................................................................21
1.1 HPE Synergy composable infrastructure................................................................................21
1.2 HPE OneView for composable infrastructure management....................................................22
1.3 Provisioning features...............................................................................................................23
1.3.1 Resource templates, groups, and sets............................................................................23
1.3.2 Server profiles and server profile templates....................................................................24
1.3.3 Automatic discovery of server hardware.........................................................................25
1.3.4 Operating system deployment........................................................................................25
1.3.5 Storage provisioning and management..........................................................................25
1.4 Networking features.................................................................................................................26
1.5 Firmware and configuration change management features....................................................27
1.5.1 Simplified firmware management....................................................................................27
1.5.2 Simplified configuration change management................................................................28
1.5.3 Smart Update Tools features...........................................................................................28
1.6 Monitoring the environment and responding to issues............................................................29
1.6.1 Data center environmental management........................................................................30
1.6.2 Resource utilization monitoring.......................................................................................30
1.6.3 Activity and health management ....................................................................................30
1.6.4 Hardware and firmware inventory information................................................................31
1.6.5 Remote Support..............................................................................................................31
1.7 Backup and restore features...................................................................................................31
1.8 Security features......................................................................................................................32
1.9 High availability features..........................................................................................................33
1.10 Graphical and programmatic interfaces................................................................................33
1.11 Integration with other management software .......................................................................34
1.11.1 Other management software warnings.........................................................................35
1.12 HPE Synergy Image Streamer..............................................................................................36
1.13 Open integration....................................................................................................................36
2 Understanding the resource model...............................................................39
2.1 Resource model summary diagram........................................................................................40
2.2 Appliance.................................................................................................................................40
2.3 Connections.............................................................................................................................41
2.4 Connection templates..............................................................................................................42
2.5 Data centers............................................................................................................................42
2.6 Domains..................................................................................................................................43
2.7 Drive Enclosures.....................................................................................................................44
2.8 Enclosures...............................................................................................................................44
2.9 Enclosure groups.....................................................................................................................45
2.10 Enclosure types.....................................................................................................................45
2.11 Interconnects.........................................................................................................................46
2.12 Interconnect types.................................................................................................................47
2.13 Logical enclosures.................................................................................................................47
2.14 Logical interconnects.............................................................................................................48
2.15 Logical interconnect groups..................................................................................................50
2.16 Networks................................................................................................................................51
2.17 Network sets..........................................................................................................................51
2.18 OS deployment servers.........................................................................................................52
Contents
3
2.19 Power delivery devices..........................................................................................................52
2.20 Racks.....................................................................................................................................53
2.21 SAN Managers......................................................................................................................54
2.22 SANs.....................................................................................................................................54
2.23 Server hardware....................................................................................................................55
2.24 Server hardware types..........................................................................................................56
2.25 Server profiles.......................................................................................................................56
2.26 Server profile templates.........................................................................................................57
2.27 Storage Pools........................................................................................................................58
2.28 Storage Systems...................................................................................................................58
2.29 Unmanaged devices..............................................................................................................59
2.30 Uplink sets.............................................................................................................................60
2.31 Volumes.................................................................................................................................60
2.32 Volume Templates.................................................................................................................61
3 Understanding the security features of the Synergy Composer....................63
3.1 About security hardening.........................................................................................................63
3.2 Best practices for maintaining a secure Synergy Composer...................................................65
3.3 Creating a login session..........................................................................................................66
3.4 Authentication for Synergy Composer access........................................................................66
3.5 Controlling access for authorized users..................................................................................67
3.5.1 Specifying user accounts and roles................................................................................67
3.5.2 Mapping of SSO roles for iLO.........................................................................................67
3.5.3 Mapping HPE OneView interactions with iLO and iPDU.................................................67
3.6 Protecting credentials..............................................................................................................68
3.7 Understanding the audit log....................................................................................................68
3.8 Choosing a policy for the audit log..........................................................................................70
3.9 Synergy Composer access over SSL......................................................................................70
3.10 Managing certificates from a browser...................................................................................70
3.10.1 Self-signed certificate....................................................................................................71
3.10.2 Using a certificate authority...........................................................................................71
3.10.3 Create a certificate signing request...............................................................................71
3.10.4 Create a self-signed certificate......................................................................................72
3.10.5 Import a certificate.........................................................................................................72
3.10.6 View the Certificate settings..........................................................................................72
3.10.7 Downloading and importing a self-signed certificate into a browser.............................72
3.10.8 Verifying a certificate.....................................................................................................73
3.11 Nonbrowser clients................................................................................................................73
3.11.1 Passwords.....................................................................................................................73
3.11.2 SSL connection.............................................................................................................74
3.12 Ports required for HPE OneView...........................................................................................74
3.13 Controlling access to the Synergy Composer console..........................................................74
3.13.1 Enable or disable authorized services access..............................................................75
3.14 Files you can download from the Synergy Composer...........................................................75
4 Navigating the graphical user interface.........................................................77
4.1 About the graphical user interface...........................................................................................77
4.2 Activity sidebar........................................................................................................................78
4.2.1 About the Activity sidebar................................................................................................78
4.2.2 Activity sidebar details.....................................................................................................78
4.2.3 Expand or collapse the Activity sidebar..........................................................................78
4.3 Audit tracking...........................................................................................................................78
4.4 Banner and main menu...........................................................................................................79
4
Contents
4.5 Browsers..................................................................................................................................80
4.5.1 Browser best practices for a secure environment...........................................................80
4.5.2 Commonly used browser features and settings..............................................................80
4.5.3 Browser requirements.....................................................................................................81
4.5.4 Set the browser for US or metric units of measurement.................................................81
4.6 Button functions.......................................................................................................................82
4.7 Filters sidebar..........................................................................................................................82
4.8 Help sidebar............................................................................................................................83
4.8.1 View the End-User License agreement...........................................................................84
4.8.2 View the Written Offer.....................................................................................................84
4.9 Appliance status screens.........................................................................................................84
4.9.1 Starting............................................................................................................................84
4.9.2 Oops................................................................................................................................84
4.9.3 Updating the appliance...................................................................................................84
4.9.4 Temporarily unavailable..................................................................................................85
4.9.5 Resetting.........................................................................................................................85
4.9.6 Waiting............................................................................................................................85
4.10 Icon descriptions....................................................................................................................86
4.10.1 Status and severity icons..............................................................................................86
4.10.2 User control icons.........................................................................................................86
4.10.3 Informational icons........................................................................................................87
4.11 Labels screen details.............................................................................................................87
4.12 Map view screen details.....................................................................................................87
4.13 Notifications area...................................................................................................................88
4.14 Log out of the appliance........................................................................................................89
4.15 Organizing resources into groups by assigning labels..........................................................89
4.15.1 View resources by label................................................................................................91
4.16 Performing an action on multiple resources..........................................................................91
4.17 Search help topics.................................................................................................................92
4.17.1 Help search features and limitations.............................................................................93
4.18 Search resources..................................................................................................................94
4.18.1 Clear the Smart Search box..........................................................................................96
4.19 View resources according to their health status....................................................................96
4.19.1 Reset the health status view.........................................................................................97
5 Using the REST APIs and other programmatic interfaces............................99
5.1 Resource operations...............................................................................................................99
5.2 Return codes...........................................................................................................................99
5.3 URI format...............................................................................................................................99
5.4 Resource model format.........................................................................................................100
5.5 Log in to the appliance using REST APIs.............................................................................100
5.6 REST API version and backward compatibility.....................................................................100
5.7 Asynchronous versus synchronous operations.....................................................................101
5.8 Task resource........................................................................................................................102
5.9 Error handling........................................................................................................................102
5.10 Concurrency control using etags.........................................................................................102
5.11 Querying resources and pagination using common REST API parameters........................103
5.12 State-Change Message Bus...............................................................................................104
5.13 Metric Streaming Message Bus..........................................................................................104
5.14 Analysis and troubleshooting..............................................................................................104
5.14.1 HPE Operations Analytics integration with HPE OneView..........................................104
5.15 Developer tools in a web browser.......................................................................................105
5.16 PowerShell and Python code sample libraries....................................................................105
Contents
5
6 Accessing documentation and help.............................................................107
6.1 Online help—conceptual and task information as you need it..............................................107
6.2 This user guide supplements the online help........................................................................107
6.3 Where to find HPE OneView documentation........................................................................108
6.4 Enable off-appliance browsing of UI help and REST API help..............................................108
II Configuration quick starts................................................................................109
7 Quick Start: Initial setup..............................................................................111
7.1 Initial hardware setup............................................................................................................111
7.2 Verify hardware configuration................................................................................................111
7.2.1 Prerequisites.................................................................................................................111
7.2.2 Verifying hardware configuration...................................................................................111
7.3 About Hardware Setup..........................................................................................................112
7.4 Hardware setup screen details..............................................................................................112
7.4.1 Checklist........................................................................................................................112
7.4.2 Inventory........................................................................................................................112
7.5 Configure the appliance network at first-time login...............................................................113
8 Quick Start: Initial configuration of HPE OneView.......................................115
8.1 Initial configuration of resources in HPE OneView................................................................115
8.1.1 Prerequisites.................................................................................................................115
8.1.2 Configure resources in HPE OneView..........................................................................115
8.2 Define physical dimensions and power systems in HPE OneView.......................................116
9 Quick Start: Initial configuration of HPE Synergy Image Streamer.............119
9.1 Configure HPE Synergy Image Streamer for HPE OneView................................................119
9.1.1 Prerequisites.................................................................................................................119
9.1.2 Configuring HPE OneView to work with HPE Synergy Image Streamer......................119
9.1.3 Configuring HPE OneView to deploy OS build artifacts to servers...............................120
9.1.4 Quick Start: Initial hardware setup for an added management appliance....................120
9.1.4.1 Initial hardware setup for a management appliance.............................................120
9.1.4.2 Verify management appliance setup.....................................................................120
10 Quick Starts for networks, enclosures, and storage..................................123
10.1 Quick Start: Add a network and associate it with an existing server...................................123
10.1.1 Adding a network and associating it with an existing server.......................................124
10.2 Quick Start: Add an HPE ProLiant DL rack mount server to manage.................................125
10.2.1 Adding an HPE ProLiant DL rack mount server to manage........................................126
10.3 Quick Start: Configuring an HPE 5900 for management by HPE OneView........................126
10.4 Quick Start: Configuring a Cisco switch to be added as a SAN manager for management
by HPE OneView.........................................................................................................................127
10.5 Quick Start: Configure server hardware MAC address binding for FCoE server profiles....128
10.5.1 Prerequisites...............................................................................................................128
10.5.2 Configuring server hardware MAC address binding for FCoE server profiles............129
III Configuration and management.....................................................................131
6
Contents
11 Best practices............................................................................................133
12 Managing server hardware, server profiles, and server profile templates.135
12.1 Managing server hardware..................................................................................................135
12.1.1 Roles...........................................................................................................................136
12.1.2 Tasks for server hardware...........................................................................................136
12.1.3 Server hardware management features......................................................................136
12.1.4 Prerequisites for bringing server hardware into an appliance.....................................137
12.1.5 About server hardware................................................................................................137
12.1.5.1 How the appliance handles unsupported hardware............................................137
12.1.5.2 About monitored server hardware.......................................................................138
12.1.5.3 About unmanaged devices.................................................................................138
12.1.6 Tasks for server hardware types.................................................................................138
12.1.7 About server hardware types......................................................................................138
12.1.8 How the iLO is changed as a result of HPE OneView management..........................139
12.1.9 Launch the iLO console to manage servers remotely.................................................139
12.2 Managing server profiles.....................................................................................................141
12.2.1 Roles...........................................................................................................................142
12.2.2 Tasks for server profiles..............................................................................................142
12.2.3 About server profiles...................................................................................................142
12.2.3.1 Capturing best-practice configurations...............................................................143
12.2.3.2 About editing a server profile..............................................................................144
12.2.3.3 About moving a server profile.............................................................................145
12.2.3.4 About migrating server profiles...........................................................................145
12.2.3.5 Working with server profiles to control remove-and-replace behavior................146
12.2.3.6 About assigning a server profile to an empty device bay...................................146
12.2.3.7 About server profile connections.........................................................................146
12.2.3.8 About server profile connections and changing server hardware types.............147
12.2.3.9 About server profiles and operating system deployment....................................147
12.2.3.10 About server profiles and local storage.............................................................149
12.2.3.11 About attaching SAN volumes to a server profile..............................................152
12.2.3.12 About server profile consistency validation.......................................................153
12.2.3.13 Virtual functions................................................................................................154
12.2.4 When to use a server profile.......................................................................................154
12.3 Managing server profile templates......................................................................................155
12.3.1 Roles...........................................................................................................................155
12.3.2 Tasks for server profile templates...............................................................................155
12.3.3 About server profile templates....................................................................................156
12.3.3.1 About creating a server profile template.............................................................156
12.3.3.2 About editing a server profile template...............................................................156
12.3.4 When to use a server profile template........................................................................156
12.4 Learning more.....................................................................................................................157
13 Managing fabrics.......................................................................................159
13.1 Roles...................................................................................................................................159
13.2 About fabrics........................................................................................................................159
13.3 About reserved VLAN pools................................................................................................159
14 Managing licenses.....................................................................................161
14.1 UI screens and REST API resources..................................................................................161
14.2 Roles...................................................................................................................................161
14.3 Tasks for licenses................................................................................................................161
Contents
7
14.4 About licensing....................................................................................................................161
14.4.1 License types..............................................................................................................161
14.4.1.1 Interconnect licenses..........................................................................................161
14.4.1.2 Server hardware licenses...................................................................................161
14.4.1.3 Other licenses.....................................................................................................161
14.4.2 About interconnect licensing.......................................................................................162
14.4.2.1 Licensing for managed interconnects.................................................................162
14.4.2.2 Licensing for unmanaged interconnects.............................................................162
14.4.3 Purchasing or obtaining licenses................................................................................162
14.4.4 License delivery..........................................................................................................163
14.4.5 License reporting.........................................................................................................163
14.5 Learning more.....................................................................................................................163
15 Managing networks and network resources..............................................165
15.1 Roles...................................................................................................................................165
15.2 Tasks for networks...............................................................................................................165
15.2.1 Tasks for Fibre Channel networks...............................................................................165
15.2.2 Tasks for Ethernet networks........................................................................................165
15.2.3 Tasks for FCoE networks............................................................................................166
15.3 About networks....................................................................................................................166
15.4 About network sets..............................................................................................................166
15.5 About Fibre Channel networks............................................................................................168
15.5.1 Fibre Channel network types......................................................................................168
15.5.2 Fabric-attach Fibre Channel networks........................................................................168
15.5.3 Direct-attach Fibre Channel networks.........................................................................168
15.6 About Ethernet networks.....................................................................................................168
15.6.1 About tagged Ethernet networks.................................................................................168
15.6.2 About untagged Ethernet networks.............................................................................169
15.6.3 About tunnel Ethernet networks..................................................................................169
15.6.4 About Smart Link.........................................................................................................169
15.7 About the HPE Image Streamer management network......................................................169
15.8 About Fibre Channel over Ethernet (FCoE) networks.........................................................169
15.9 Data center switch port requirements..................................................................................170
15.10 Learning more...................................................................................................................170
16 Managing interconnects, logical interconnects, and logical interconnect
groups............................................................................................................171
16.1 Managing enclosure interconnect hardware.......................................................................171
16.1.1 Roles...........................................................................................................................171
16.1.2 Tasks for interconnects...............................................................................................171
16.1.3 About interconnects....................................................................................................171
16.1.3.1 About managed and monitored interconnects....................................................171
16.1.3.2 About unmanaged and unsupported interconnects............................................172
16.1.3.3 FIP snooping.......................................................................................................172
16.1.3.4 Connectivity and synchronization with the appliance.........................................173
16.1.4 Learning more.............................................................................................................173
16.2 Managing logical interconnects and logical interconnect groups........................................173
16.2.1 Roles...........................................................................................................................173
16.2.2 Tasks for logical interconnects....................................................................................173
16.2.3 Tasks for logical interconnect groups..........................................................................174
16.2.4 About logical interconnects.........................................................................................174
16.2.4.1 About uplink sets.................................................................................................174
16.2.4.2 About defining Image Streamer uplink sets in logical interconnects...................176
8
Contents
16.2.4.3 About internal networks......................................................................................176
16.2.4.4 About stacking links and stacking health............................................................177
16.2.4.5 Creating or deleting a logical interconnect..........................................................177
16.2.5 About logical interconnect groups...............................................................................178
16.2.5.1 About the logical interconnect group graphical interface....................................179
16.2.5.2 About multiple logical interconnect groups in an enclosure group......................179
16.2.5.3 About interconnect bay sets................................................................................180
16.2.5.4 About redundancy modes...................................................................................180
16.2.5.5 Valid configurations for enclosure groups with multiple logical interconnect
groups...............................................................................................................................181
16.2.5.6 About copying a logical interconnect group........................................................183
16.2.5.7 About copying and resizing a logical interconnect group....................................183
16.2.5.8 About uplink sets in a logical interconnect group................................................184
16.2.5.9 About defining Image Streamer uplink sets in logical interconnect groups........184
16.2.5.10 About Link Layer Discovery Protocol (LLDP) tagging.......................................185
16.2.6 About firmware associated with a logical interconnect................................................185
16.2.6.1 About updating firmware for logical interconnects..............................................186
16.2.7 About loop protection..................................................................................................186
16.2.8 About SNMP settings..................................................................................................187
16.2.9 About Quality of Service for network traffic.................................................................187
16.2.10 Add an uplink set.......................................................................................................188
16.2.11 Update firmware for logical interconnects within enclosures.....................................188
16.2.11.1 Stage and activate firmware for update from logical interconnect....................188
16.2.11.2 Stage firmware for later activation for update from logical interconnect...........189
16.2.11.3 Activate the firmware for update from logical interconnect...............................190
16.2.12 Update the logical interconnect configuration from the logical interconnect group....190
16.2.13 Create a logical interconnect group..........................................................................191
16.2.14 Learning more...........................................................................................................193
17 Managing enclosures, enclosure groups, and logical enclosures.............195
17.1 Roles...................................................................................................................................195
17.2 Managing enclosures..........................................................................................................195
17.2.1 Tasks for enclosures...................................................................................................195
17.2.2 About enclosures or Synergy frames.........................................................................196
17.2.2.1 About an HPE Synergy 12000 Frame.................................................................196
17.2.3 Checklist: connecting a server to a data center network.............................................202
17.2.4 Add a Synergy frame (enclosure)...............................................................................202
17.2.5 Reset an HPE Synergy Frame Link Module to original factory settings.....................203
17.3 Managing enclosure groups................................................................................................204
17.3.1 Tasks for enclosure groups.........................................................................................204
17.3.2 About enclosure groups..............................................................................................204
17.3.2.1 Enclosure groups and logical interconnect groups.............................................204
17.3.2.2 About configuring an HPE Synergy Image Streamer OS deployment network...205
17.3.3 Create an enclosure group..........................................................................................207
17.3.3.1 Prerequisites.......................................................................................................207
17.3.3.2 Creating an enclosure group...............................................................................207
17.4 Managing logical enclosures...............................................................................................207
17.4.1 Tasks for logical enclosures........................................................................................207
17.4.2 About logical enclosures.............................................................................................208
17.4.2.1 About inconsistent logical enclosures.................................................................208
17.4.2.2 About deleting or forcibly deleting a logical enclosure........................................208
17.4.2.3 About updating firmware from a logical enclosure..............................................209
17.4.3 About growing a logical enclosure..............................................................................209
17.4.4 About orchestrated and parallel activation..................................................................210
Contents
9
17.4.5 Create a logical enclosure...........................................................................................210
17.4.6 Update firmware from a logical enclosure...................................................................211
17.4.7 Create a logical enclosure support dump file..............................................................211
17.5 Learning more.....................................................................................................................212
18 Managing firmware for managed devices.................................................213
18.1 Tasks for firmware...............................................................................................................213
18.2 About firmware bundles.......................................................................................................213
18.3 About unsupported firmware...............................................................................................215
18.4 Best practices for managing firmware.................................................................................216
18.5 Create a custom SPP..........................................................................................................216
18.6 Update firmware on managed devices................................................................................218
18.6.1 Update firmware on the logical enclosure...................................................................218
18.6.2 Update firmware with a server profile..........................................................................219
18.6.3 Update firmware with a server profile template...........................................................219
18.7 Learning more.....................................................................................................................220
19 Managing power, temperature, and the data center.................................221
19.1 Managing power..................................................................................................................221
19.1.1 Roles...........................................................................................................................221
19.1.2 Tasks for managing power..........................................................................................221
19.1.3 About power delivery devices.....................................................................................221
19.2 Managing your data center..................................................................................................222
19.2.1 Roles...........................................................................................................................222
19.2.2 Tasks for data centers.................................................................................................222
19.2.3 About data centers......................................................................................................223
19.3 Managing racks...................................................................................................................223
19.3.1 Roles...........................................................................................................................223
19.3.2 Tasks for racks............................................................................................................223
19.3.3 About racks.................................................................................................................223
19.4 Learning more.....................................................................................................................224
20 Managing OS Deployment servers ..........................................................225
20.1 Roles...................................................................................................................................225
20.2 Tasks for OS deployment servers.......................................................................................225
20.3 About OS Deployment Servers...........................................................................................225
20.4 About HPE Synergy Image Streamer deployment server...................................................225
20.5 About designating the HPE Synergy Image Streamer primary cluster................................225
20.6 About deleting OS deployment server.................................................................................226
21 Managing storage......................................................................................227
21.1 Drive enclosures..................................................................................................................228
21.1.1 Tasks for drive enclosures...........................................................................................228
21.1.2 About drive enclosures................................................................................................228
21.1.2.1 About drive enclosure and server hardware power sequencing requirements....228
21.2 Storage systems..................................................................................................................228
21.2.1 Roles...........................................................................................................................229
21.2.2 Tasks...........................................................................................................................229
21.2.3 About storage systems................................................................................................229
21.2.3.1 About HPE 3PAR StoreServ Storage systems...................................................229
21.3 Storage pools......................................................................................................................229
21.3.1 Roles...........................................................................................................................230
10
Contents
21.3.2 Tasks...........................................................................................................................230
21.3.3 About storage pools....................................................................................................230
21.4 Volumes...............................................................................................................................230
21.4.1 Roles...........................................................................................................................230
21.4.2 Tasks...........................................................................................................................230
21.4.3 About volumes............................................................................................................230
21.4.3.1 About snapshots.................................................................................................230
21.5 Volume templates................................................................................................................231
21.5.1 Roles...........................................................................................................................231
21.5.2 Tasks...........................................................................................................................231
21.5.3 About volume templates..............................................................................................231
21.6 SAN Managers....................................................................................................................231
21.6.1 Roles...........................................................................................................................231
21.6.2 Tasks...........................................................................................................................231
21.6.3 About SAN managers.................................................................................................231
21.6.3.1 About zone sets..................................................................................................232
21.6.3.2 Configuring SAN managers to be managed by HPE OneView..........................232
21.7 SANs...................................................................................................................................233
21.7.1 Tasks...........................................................................................................................233
21.7.2 About SANs.................................................................................................................233
21.7.2.1 About SAN zoning...............................................................................................233
21.8 Learning more.....................................................................................................................234
22 Managing users and authentication..........................................................235
22.1 Roles...................................................................................................................................235
22.2 Tasks for managing users and groups................................................................................235
22.3 About user accounts............................................................................................................235
22.4 About user roles..................................................................................................................236
22.5 Action privileges for user roles............................................................................................237
22.6 About authentication settings..............................................................................................241
22.7 About directory service authentication................................................................................242
22.8 Managing user passwords..................................................................................................243
22.9 Reset the administrator password.......................................................................................244
22.10 Learning more...................................................................................................................245
23 Backing up an appliance...........................................................................247
23.1 Roles...................................................................................................................................247
23.2 About backing up the Synergy Composer...........................................................................247
23.3 Best practices for backing up a Synergy Composer...........................................................249
23.4 Determining your backup policy..........................................................................................249
23.5 Back up a Synergy Composer manually.............................................................................249
23.6 Using REST APIs to create and download an appliance backup file..................................250
23.7 Creating a custom script to create and download an appliance backup file.......................251
23.8 Configure automatic remote backups..................................................................................251
23.9 Disable automatic remote backups.....................................................................................251
23.10 Learning more...................................................................................................................252
24 Restoring an appliance from a backup file................................................253
24.1 Roles...................................................................................................................................253
24.2 About restoring the Synergy Composer..............................................................................253
24.3 Best practices for restoring a Synergy Composer...............................................................255
24.4 Restore a Synergy Composer from a backup file................................................................256
24.5 Using REST APIs to restore an appliance from a backup file.............................................258
Contents
11
24.6 Creating a custom script to restore an appliance................................................................258
24.7 Post-restoration tasks..........................................................................................................258
25 Managing the appliance............................................................................259
25.1 Updating the appliance........................................................................................................259
25.1.1 Roles...........................................................................................................................259
25.1.2 Tasks...........................................................................................................................259
25.1.3 About appliance updates.............................................................................................259
25.1.4 Learning more.............................................................................................................260
25.2 Administering a high-availability appliance cluster..............................................................260
25.2.1 Determining the active and standby appliances of a Synergy frame..........................260
25.2.2 About the high availability appliance cluster...............................................................260
25.2.3 Activate the standby appliance...................................................................................261
25.2.4 Remove a Synergy Composer from the appliance cluster..........................................261
25.3 Managing appliance availability...........................................................................................262
25.3.1 Roles...........................................................................................................................262
25.3.2 Tasks...........................................................................................................................262
25.3.3 Shut down the Synergy Composer from the UI...........................................................263
25.3.4 Restart the Synergy Composer from the UI ...............................................................263
25.3.5 How the appliance handles an unexpected shutdown................................................264
25.4 Managing settings...............................................................................................................264
25.4.1 Roles...........................................................................................................................265
25.4.2 Tasks...........................................................................................................................265
25.4.3 Reset the Synergy Composer to the original factory settings.....................................265
25.4.4 About appliance proxy settings...................................................................................266
25.4.5 About scopes..............................................................................................................267
25.4.5.1 Scope-enabled resource categories...................................................................267
25.5 Managing addresses and ID pools......................................................................................267
25.5.1 Roles...........................................................................................................................268
25.5.2 Tasks for addresses and identifiers.............................................................................268
25.5.3 About ID pools.............................................................................................................268
25.5.4 Image Streamer IPv4 address requirements..............................................................269
25.5.5 Add an IPv4 subnet and address range......................................................................269
25.6 Managing the security features of the appliance.................................................................269
25.7 Enabling or disabling Hewlett Packard Enterprise support access to the appliance...........269
25.7.1 Roles...........................................................................................................................270
25.7.2 Tasks...........................................................................................................................270
25.8 Managing TLS certificates...................................................................................................270
25.8.1 Roles...........................................................................................................................270
25.8.2 Tasks...........................................................................................................................270
25.8.3 Learning more.............................................................................................................270
25.9 Managing the Hewlett Packard Enterprise public key.........................................................270
25.9.1 Roles...........................................................................................................................271
25.9.2 Tasks...........................................................................................................................271
25.10 Downloading audit logs.....................................................................................................271
25.10.1 Roles.........................................................................................................................271
25.10.2 Tasks.........................................................................................................................271
25.10.3 Download audit logs..................................................................................................271
25.10.4 Learning more...........................................................................................................272
25.11 Connect to the Synergy console........................................................................................272
25.11.1 Connect to the Synergy console with a keyboard, video monitor, and mouse..........272
25.11.1.1 Prerequisites.....................................................................................................272
25.11.1.2 Connecting to the Synergy console with a keyboard, video monitor, and
mouse...............................................................................................................................272
12
Contents
25.11.2 Connect to the Synergy console with a notebook computer.....................................273
25.11.2.1 Prerequisites.....................................................................................................273
25.11.2.2 Connecting to the Synergy console with a notebook computer........................273
25.12 Prepare a USB flash drive for reimaging an appliance.....................................................273
25.13 Reimage the appliance with the preloaded USB drive......................................................274
IV Monitoring......................................................................................................279
26 Monitoring data center status, health, and performance...........................281
26.1 Daily monitoring...................................................................................................................281
26.1.1 Initial check: the Dashboard........................................................................................281
26.1.2 Activities......................................................................................................................281
26.1.3 Utilization graphs.........................................................................................................281
26.1.4 Monitor data center temperature.................................................................................282
26.2 Best practices for monitoring data centers..........................................................................282
26.2.1 Best practices for monitoring health with the appliance UI.........................................282
26.2.2 Best practices for monitoring health using SCMB or REST APIs...............................283
26.3 Managing activities..............................................................................................................285
26.3.1 About Activity..............................................................................................................285
26.3.2 Activity types: alerts and tasks....................................................................................286
26.3.2.1 About alerts.........................................................................................................286
26.3.2.2 About tasks.........................................................................................................287
26.3.3 Activity states..............................................................................................................288
26.3.4 Activity statuses..........................................................................................................289
26.3.5 Service alerts..............................................................................................................289
26.4 Managing email notifications...............................................................................................290
26.5 About email notification of alert messages..........................................................................290
26.6 Configure the appliance for email notification of alerts........................................................290
26.7 Using the Dashboard screen...............................................................................................291
26.7.1 Learning about the Dashboard....................................................................................291
26.7.2 Dashboard screen details...........................................................................................291
26.7.3 How to interpret the Dashboard charts.......................................................................292
26.7.4 Customizing the dashboard........................................................................................294
26.8 Managing remote support...................................................................................................294
26.8.1 About remote support..................................................................................................294
26.8.2 About channel partners...............................................................................................294
26.8.3 About data collection...................................................................................................295
27 Monitoring power and temperature...........................................................297
27.1 Monitoring power and temperature with the UI...................................................................297
27.1.1 Monitoring data center temperature............................................................................297
27.1.1.1 Manipulating the view of the data center visualization........................................298
27.1.2 Monitoring power and temperature utilization.............................................................299
27.1.2.1 About the Utilization panel..................................................................................299
27.1.2.2 About utilization graphs and meters....................................................................299
27.2 REST API power and temperature monitoring....................................................................301
27.2.1 Update enclosure power capacity settings..................................................................301
27.2.2 Update server hardware power capacity settings.......................................................302
28 Using a message bus to send data to subscribers...................................303
28.1 About accessing HPE OneView message buses................................................................303
28.2 Using the State-Change Message Bus (SCMB).................................................................303
Contents
13
28.2.1 Connect to the SCMB.................................................................................................303
28.2.2 Set up a queue to connect to the HPE OneView SCMB exchange............................304
28.2.3 JSON structure of message received from the SCMB................................................305
28.2.4 Example to connect and subscribe to SCMB using .NET C#.....................................306
28.2.5 Example to connect and subscribe to SCMB using Java............................................309
28.2.6 Examples to connect and subscribe to SCMB using Python......................................310
28.2.6.1 Installation...........................................................................................................310
28.2.6.2 Pika.....................................................................................................................311
28.2.6.3 AMQP.................................................................................................................312
28.2.7 Re-create the AMQP client certificate.........................................................................313
28.3 Using the Metric Streaming Message Bus (MSMB)............................................................313
28.3.1 Connect to the MSMB.................................................................................................314
28.3.2 Set up a queue to connect to the HPE OneView MSMB exchange............................315
28.3.3 JSON structure of message received from the MSMB...............................................315
28.3.4 Example to connect and subscribe to MSMB using .NET C#.....................................318
28.3.5 Example to connect and subscribe to MSMB using Java...........................................320
28.3.6 Examples to connect and subscribe to MSMB using Python......................................321
28.3.6.1 Installation...........................................................................................................321
28.3.6.2 Pika.....................................................................................................................322
28.3.6.3 AMQP.................................................................................................................323
28.3.7 Re-create the AMQP client certificate.........................................................................324
29 Generating reports....................................................................................325
29.1 Roles...................................................................................................................................325
29.2 Tasks for reports..................................................................................................................325
29.3 About reports.......................................................................................................................325
30 Using data services...................................................................................327
30.1 About data services.............................................................................................................327
30.1.1 About metric streaming...............................................................................................327
30.1.2 About log forwarding to a remote syslog server..........................................................327
30.2 REST API to enable metric streaming.................................................................................328
30.2.1 Roles...........................................................................................................................328
30.2.2 Tasks for metrics REST API........................................................................................328
30.3 REST API to leverage remote system logs.........................................................................328
30.3.1 Roles...........................................................................................................................329
30.3.2 Tasks for remoteSyslog REST API.............................................................................329
V Troubleshooting..............................................................................................331
31 Troubleshooting.........................................................................................333
31.1 Basic troubleshooting techniques .......................................................................................333
31.2 About the support dump file................................................................................................334
31.3 Create a support dump file..................................................................................................335
31.4 Create a support dump file and write it to a USB drive from the UI.....................................336
31.5 Create a support dump for authorized technical support using REST API scripting...........338
31.6 Troubleshooting activity.......................................................................................................338
31.6.1 Alert is locked .............................................................................................................338
31.6.2 Alerts are not visible in the user interface...................................................................339
31.6.3 Alert status is reported as blank or unexpected .........................................................339
31.6.4 Alert state is unexpected.............................................................................................339
31.7 Troubleshooting the appliance............................................................................................340
14
Contents
31.7.1 Synergy Composer performance is slow....................................................................341
31.7.2 Unexpected appliance shutdown................................................................................341
31.7.3 Cannot update Synergy Composer.............................................................................342
31.7.4 Appliance update file downloads, but update fails......................................................343
31.7.5 Appliance update is unsuccessful...............................................................................343
31.7.6 Browser does not display the HPE OneView user interface.......................................344
31.7.7 Icons are not visible on the appliance dashboard.......................................................344
31.7.8 Could not retrieve the browser session ......................................................................345
31.7.9 Cannot create or download a backup file ...................................................................345
31.7.10 Support dump was not created ................................................................................347
31.7.11 Support dump file not saved .....................................................................................347
31.7.12 Support dump does not contain data for standby appliance.....................................348
31.7.13 Cannot create unencrypted support dump ...............................................................348
31.7.14 Cannot download support dump to USB flash drive ................................................349
31.7.15 USB drive not recognized ........................................................................................349
31.7.16 Unable to import a certificate ...................................................................................350
31.7.17 Certificate was revoked ............................................................................................350
31.7.18 Invalid certificate chain prevents operations ............................................................350
31.7.19 Invalid certificate content prevents operations .........................................................351
31.7.20 Audit log could not be downloaded ..........................................................................351
31.7.21 Audit entries are not logged .....................................................................................351
31.7.22 Audit log is absent ....................................................................................................351
31.7.23 Restore action was unsuccessful .............................................................................352
31.7.24 Synergy Composer did not shut down......................................................................353
31.7.25 Cannot restart the Synergy Composer after a shutdown..........................................354
31.7.26 You cannot log in ......................................................................................................355
31.7.27 Hardware setup user cannot log in...........................................................................355
31.7.28 Cannot log in after a factory reset action..................................................................355
31.7.29 Reinstall the remote console ....................................................................................356
31.7.30 Active and standby appliances are not connected....................................................356
31.7.31 Synergy Composer is offline, manual action is required...........................................357
31.7.32 Synergy Composer is offline and unusable...............................................................358
31.8 Troubleshooting the appliance network setup.....................................................................359
31.8.1 Synergy Composer cannot access the network..........................................................359
31.8.2 Synergy Composer cannot retrieve DNS information from DHCP server...................359
31.8.3 DNS server is unreachable ........................................................................................360
31.8.4 Gateway server is unreachable ..................................................................................360
31.8.5 Cannot change network settings ................................................................................360
31.8.6 NTP synchronization fails ...........................................................................................361
31.9 Troubleshooting email notifications.....................................................................................361
31.9.1 Cannot configure email notification of alerts...............................................................361
31.9.2 Unable to connect through <sending email address host name> ..............................362
31.9.3 Host does not respond as an SMTP server ...............................................................362
31.9.4 Unable to deliver email messages to some email IDs ...............................................364
31.9.5 Designated recipients are not receiving email notifications of events ........................364
31.9.6 Frequent, irrelevant email messages .........................................................................365
31.9.7 Test message could not be sent .................................................................................366
31.9.8 Some test messages were not received ....................................................................366
31.10 Troubleshooting enclosures and enclosure groups...........................................................367
31.10.1 Enclosure is no longer manageable .........................................................................367
31.10.2 Communication from Synergy Frame Link Module failed.........................................367
31.10.3 Enclosure configuration incomplete .........................................................................368
31.10.4 Enclosure inventory incomplete ...............................................................................368
31.10.5 Frame Link Module port state is unlinked or disabled ..............................................369
31.11 Troubleshooting firmware bundles.....................................................................................370
Contents
15
31.11.1 Incorrect credentials .................................................................................................370
31.11.2 Lost iLO connectivity ................................................................................................370
31.11.3 SUM errors ...............................................................................................................371
31.11.4 Failed firmware update on enclosure add ................................................................371
31.12 Troubleshooting interconnects..........................................................................................371
31.12.1 Interconnect edit is unsuccessful .............................................................................371
31.13 Troubleshooting licenses...................................................................................................372
31.13.1 Licensing numbers appear to be inaccurate ............................................................372
31.13.2 Could not view license details ..................................................................................373
31.13.3 Could not add license ...............................................................................................373
31.13.4 Could not add license key ........................................................................................374
31.13.5 Could not apply license ............................................................................................375
31.14 Troubleshooting locale issues...........................................................................................376
31.15 Troubleshooting logical interconnects...............................................................................376
31.15.1 I/O bay occupancy errors .........................................................................................376
31.15.2 Uplink set warnings or errors ...................................................................................376
31.15.3 Physical interconnect warnings or errors .................................................................377
31.15.4 Firmware update errors ............................................................................................377
31.16 Troubleshooting networks.................................................................................................378
31.16.1 Network create operation is unsuccessful.................................................................378
31.17 Troubleshooting the OS deployment server......................................................................378
31.17.1 Unable to communicate with the selected primary cluster .......................................378
31.18 Troubleshooting reports.....................................................................................................378
31.18.1 Cannot view reports .................................................................................................378
31.19 Troubleshooting scopes....................................................................................................379
31.19.1 Cannot add scope ....................................................................................................379
31.19.2 Cannot edit or delete scope .....................................................................................379
31.20 Troubleshooting server hardware......................................................................................379
31.20.1 Cannot control power on server ...............................................................................380
31.20.2 Lost connectivity to server hardware after appliance restarts...................................380
31.20.3 Replace a server with an assigned server profile ....................................................380
31.20.4 Replace a server adapter on server hardware with an assigned server profile .......381
31.21 Troubleshooting server profiles.........................................................................................382
31.21.1 Server profile is not created or updated correctly ....................................................382
31.21.2 Cannot apply the server profile ................................................................................384
31.21.3 Profile operations are not successful .......................................................................385
31.21.4 Cannot update or delete profile ................................................................................385
31.21.5 Inconsistent firmware versions .................................................................................387
31.22 Troubleshooting storage....................................................................................................388
31.22.1 Brocade Network Advisor (BNA) SAN manager fails to add ....................................388
31.22.2 Unable to establish connection with Brocade Network Advisor (BNA) SAN
manager.................................................................................................................................389
31.22.3 Volume not available to server hardware .................................................................389
31.22.4 Volume is visible from the storage system but not visible on the appliance.............391
31.22.5 Target port failure .....................................................................................................391
31.22.6 Zone operations fail on Cisco SAN manager ...........................................................392
31.22.7 Storage system port is in an undesired state............................................................392
31.23 Troubleshooting user accounts.........................................................................................393
31.23.1 Incorrect privileges ...................................................................................................393
31.23.2 Cannot modify local user account ............................................................................394
31.23.3 Cannot delete local user account .............................................................................394
31.23.4 Unauthenticated user or group .................................................................................394
31.23.5 User public key is not accepted ...............................................................................395
31.23.6 Directory service not available .................................................................................395
31.23.7 Cannot add directory service ...................................................................................396
16
Contents
31.23.8 Cannot add server for a directory service ................................................................397
31.23.9 Cannot add directory group ......................................................................................398
31.23.10 Cannot find directory group ....................................................................................399
32 Documentation and troubleshooting resources for HPE Synergy.................401
32.1 HPE Synergy documentation....................................................................................................401
32.2 HPE Synergy Configuration and Compatibility Guide..............................................................401
32.3 HPE OneView User Guide for HPE Synergy............................................................................401
32.4 HPE OneView Global Dashboard.............................................................................................401
32.5 HPE Synergy Software Overview Guide..................................................................................401
32.6 Best Practices for HPE Synergy Firmware and Driver Updates...............................................401
32.7 HPE OneView Support Matrix for HPE Synergy.......................................................................402
32.8 HPE Synergy Image Streamer Support Matrix.........................................................................402
32.9 HPE Synergy Glossary.............................................................................................................402
32.10 HPE Synergy troubleshooting resources................................................................................402
32.11 Troubleshooting within HPE OneView....................................................................................402
32.12 HPE Synergy Troubleshooting Guide.....................................................................................402
32.13 HPE Error Message Guide.....................................................................................................402
32.14 HPE OneView Help................................................................................................................402
32.15 HPE Synergy Quick Specs.....................................................................................................403
32.16 HPE Synergy documentation map.........................................................................................403
33 Support and other resources.........................................................................405
33.1 Accessing Hewlett Packard Enterprise Support.......................................................................405
33.2 Accessing updates....................................................................................................................405
33.3 Websites...................................................................................................................................406
33.4 Remote support........................................................................................................................406
33.5 Customer self repair.................................................................................................................407
33.6 Documentation feedback..........................................................................................................407
A Backup and restore script examples...............................................................409
A.1 Sample backup script.................................................................................................................409
A.2 Sample restore script.................................................................................................................420
B Authentication directory service......................................................................431
B.1 Microsoft Active Directory configurations...................................................................................431
B.1.1 Users and groups in same OU...........................................................................................431
B.1.2 Users and groups in different OUs, under same parent....................................................431
B.1.3 Users and groups in different OUs, under different parents..............................................432
B.1.4 Built-in groups....................................................................................................................433
B.2 OpenLDAP directory configuration.............................................................................................434
B.3 Validate the directory server configuration.................................................................................435
B.4 LDAP schema object classes.....................................................................................................436
C Smart Update Tools installation with HPE Insight Control server
provisioning........................................................................................................439
D Maintenance console......................................................................................441
D.1 About the Maintenance console.................................................................................................441
D.2 Access the Maintenance console...............................................................................................443
Contents
17
D.3 Log in to the Maintenance console............................................................................................445
D.4 About the Maintenance console password................................................................................445
D.5 About the factory reset operation...............................................................................................446
D.6 Maintenance console main menu screen details.......................................................................447
D.7 Maintenance console Details screen details..............................................................................447
D.8 Maintenance console appliance states......................................................................................449
D.9 View the appliance details..........................................................................................................450
D.10 Reset the Maintenance console password..............................................................................450
D.11 Reset the administrator password with the Maintenance console...........................................451
D.12 Restart the Synergy Composer using the Maintenance console.............................................452
D.13 Shut down the Synergy Composer using the Maintenance console........................................452
D.14 Create a support dump file from the Maintenance console.....................................................453
D.15 Perform a factory reset using the Maintenance console .........................................................454
D.16 Configure appliance networking from the Maintenance console.............................................454
D.17 Activate the Synergy Composer manually when it is not highly available...............................455
D.18 Recovering an HPE Synergy Composer..................................................................................455
Index...................................................................................................................457
18
Contents
Part I Learning about HPE OneView
This part describes HPE OneView and its model for data center resources and introduces you to the
terms and concepts used in this document and the appliance online help.
20
1 Learning about HPE OneView
Designed for composable infrastructure environments, HPE OneView is a single integrated
platform, packaged as an appliance, that implements a software-defined approach to managing
your physical infrastructure through its entire life cycle. To learn more about HPE OneView, start
with the introduction or select a topic from the following list.
•
“Provisioning features” (page 23)
•
“Networking features” (page 26)
•
“Firmware and configuration change management features” (page 27)
•
“Monitoring the environment and responding to issues” (page 29)
•
“Backup and restore features” (page 31)
•
“Security features” (page 32)
•
“High availability features” (page 33)
•
“Graphical and programmatic interfaces” (page 33)
•
“Integration with other management software ” (page 34)
•
“HPE Synergy Image Streamer” (page 36)
•
“Open integration” (page 36)
1.1 HPE Synergy composable infrastructure
HPE OneView enables you to manage an HPE Synergy system throughout the hardware lifecycle.
HPE OneView is designed to manage both traditional (operation-driven) and next generation
(application-driven) workloads within a composable infrastructure such as HPE Synergy. The
composable infrastructure is based on the following design principles:
•
Hardware and management software in one
•
Fluid pool of resources
•
Software-defined intelligence
•
Unified API
Hardware and management software in one
The HPE Synergy 12000 Frame contains a management appliance called the HPE Synergy
Composer which hosts HPE OneView. Servers (compute modules), storage, networking (fabric),
and management appliances (such as HPE Synergy Image Streamer), are easily plugged in and
are automatically discovered.
HPE Synergy frames (enclosures) can be connected as a group of frames to form a dedicated
management network. With one instance of HPE OneView on one Synergy Composer, you can
manage the entire group of frames. With an additional Synergy Composer, you can provide high
availability management.
Fluid pool of resources
HPE Synergy provides a single infrastructure with virtualized compute servers, storage, and
networks derived from the physical components in an HPE Synergy Frame. The same hardware
can be configured and reconfigured through templates to support specific workloads. With a fluid
pool of resources, you can tailor the infrastructure precisely, with the right amount of compute,
storage, and connectivity to meet the needs of each workload.
1.1 HPE Synergy composable infrastructure
21
Software-defined intelligence
HPE Synergy contains embedded software-defined intelligence (HPE OneView) that provides
discovery, auto-integration, self-securing, self-orchestrating, and self-diagnosing capabilities.
HPE OneView automates infrastructure management by taking a template-driven approach to
provisioning and updating servers, storage, and networking.
Unified API
With a unified RESTful API, operational, and configuration changes can be easily automated
and developers can manage the infrastructure with simplified code. The unified API provides a
single interface to discover, search, inventory, configure, provision, update, and diagnose the
composable infrastructure. For example, a single line of code can fully describe and provision
the infrastructure required for an application, eliminating time-consuming scripting.
More information
“Learning about HPE OneView” (page 21)
“HPE OneView for composable infrastructure management” (page 22)
HPE Synergy documentation at www.hpe.com/info/synergy-docs
1.2 HPE OneView for composable infrastructure management
Optimized for collaboration, productivity, and reliability, HPE OneView is designed to provide
simple, single-pane-of-glass lifecycle management for the complex aspects of enterprise
IT—servers, networking, software, power and cooling, and storage.
HPE
Composable
Infrastructure
Storage
Servers
Power and cooling
Network
Management
software
22
•
Servers are represented and managed through server profiles and server profile templates.
•
Networking is an essential component to provisioning and managing data center servers.
•
Management software is integrated with HPE OneView for seamless operation. In addition,
other management appliances (HPE Synergy Image Streamer) can be added to the
composable infrastructure through a management appliance module.
Learning about HPE OneView
•
Power and cooling and space planning requires that you consider all the equipment in the
entire data center, including equipment not managed by HPE OneView. HPE OneView
consolidates data center power and cooling information into one interface view.
•
Storage provisioning with automated zoning is available. Storage devices connect to the
enclosures using either Fibre Channel fabric attach (SAN switch) connections or Fibre
Channel direct attach (flat SAN) connections.
1.3 Provisioning features
Features for provisioning hardware and bringing resources under management include:
•
Resource templates, groups, and sets (page 23)
•
Server profiles and server profile templates (page 24)
•
Automatic discovery of server hardware (page 25)
•
Operating system deployment (page 25)
•
Storage provisioning and management (page 25)
1.3.1 Resource templates, groups, and sets
With the HPE OneView template-driven approach, you can:
•
Define server and networking configurations for specific environments.
•
Provision multiple servers quickly and consistently without requiring someone to take action
for every server you deploy.
•
Simplify the distribution of configuration changes across your data center.
HPE OneView is a scalable, resource-oriented solution focused on the entire life cycle—from
initial configuration to on-going monitoring and maintenance—of both physical and logical
resources:
•
Physical resources are objects you can touch, such as server hardware, interconnects,
top-of-rack switches, enclosures, drive enclosures, storage systems, and racks.
•
Logical resources are virtual objects that represent a template or a configured resource.
Some logical resources are templates that your experts define to meet various workload
demands. These templates can then be applied over and over again to the physical resources
ensuring quick and consistent configurations. Some examples include: server profile
templates, logical interconnect groups, enclosure groups, and volume templates.
Other logical resources represent the physical resource configured to work as needed in
your environment. These resources actually run the workloads. Some examples include
server profiles, logical interconnects, logical enclosures, and volumes.
1.3 Provisioning features
23
More information
“Understanding the resource model” (page 39)
“Learning about HPE OneView” (page 21)
1.3.2 Server profiles and server profile templates
Server profiles and server profile templates enable you to provision hardware quickly and
consistently according to your best practices. Store your best practice configuration in a server
profile template and then use the server profile template to create and deploy server profiles.
A server profile captures key aspects of a server configuration in one place, including:
•
Firmware update selection and scheduling
•
OS deployment settings
•
BIOS settings
•
Local RAID configuration
•
Network connectivity
•
Boot order configuration
•
Local storage and SAN storage
•
Unique IDs
Server profiles enable your experts to specify a server configuration before the server arrives.
When the server hardware is installed, your administrators can quickly bring the new server under
management.
For example, you can deploy a server profile from a template that is not assigned to a particular
server, but specifies all the configuration aspects—such as BIOS settings, network connections,
24
Learning about HPE OneView
and boot order—to use for a type of server hardware. Before the server is installed in an enclosure
bay, you can do one of the following:
•
Assign the server profile at the time of creation to an empty bay in an enclosure where the
server will eventually reside.
•
Create an unassigned profile and assign it once the hardware arrives.
You can move a server profile that has been assigned to hardware in an enclosure bay. You can
copy server profiles to multiple servers by using server profile templates.
You can control the server profile behavior. For example, you can assign a server profile to an
empty bay and when an appropriate server is inserted into that bay, the server profile is
automatically applied to the server hardware. The server profile can also be associated with a
specific server to ensure that the profile is not applied if the wrong server is accidentally inserted
into the bay.
More information
“About server profiles” (page 142)
“About server profile templates” (page 156)
“Learning about HPE OneView” (page 21)
1.3.3 Automatic discovery of server hardware
HPE Synergy enclosures (frames) are automatically discovered, including the server hardware
and interconnects, and brought into HPE OneView as Monitored enclosures. After confirming
the HPE Synergy frames are installed correctly, the frames can be managed by HPE OneView
by creating a Logical Enclosure.
More information
“About auto-discovering a Synergy frame” (page 200)
“Learning about HPE OneView” (page 21)
1.3.4 Operating system deployment
Server profiles and enclosure groups make it easier to prepare a bare-metal server for operating
system deployment.
For example, you can use server profiles in conjunction with deployment tools such as:
•
HPE Insight Control server provisioning to install an operating system on the server
•
HPE OneView for VMware vCenter Auto Deploy to deploy hypervisors from bare metal and
add them to existing clusters automatically
•
HPE Synergy Image Streamer for boot/run storage provisioning and operating system
deployment
More information
“Learning about HPE OneView” (page 21)
1.3.5 Storage provisioning and management
HPE OneView provides automated, policy-driven provisioning of supported storage resources.
It is fully integrated with server profiles so that you can manage your new or existing storage
infrastructure. With HPE OneView you can view and manage your storage system and storage
pools. You add existing volumes and create new volumes, and you can create volume templates
to provision multiple volumes with the same configuration.
Switched fabric, direct attach, and vSAN SAN topologies are supported.
1.3 Provisioning features
25
Storage system are added to the appliance and are associated with networks. Storage pools are
added from which HPE OneView creates volumes. The volumes can then be attached to servers.
You can also add SAN managers to make their managed SANs available to the appliance.
Managed SANs can be associated with Fibre Channel or Fibre Channel over Ethernet networks
on the appliance to enable automated zoning and automatic detection of connectivity.
Supported storage automation features
Automated storage provisioning
When you import supported storage systems and existing storage pools, HPE OneView can
quickly create volumes.
Automatic SAN zoning
HPE OneView automatically manages SAN zoning for server profile volume attachments.
Storage integration through server profiles
Create and make new private volumes accessible to the server hardware by adding volume
attachments to the server profile.
Make existing private or shared volumes accessible to server hardware by adding volume
attachments to the server profile.
HPE OneView tracks the connection status between server profiles and SANs.
Volume management
You can use HPE OneView to manage the full life cycle of your volumes. You can add existing
volumes, create new volumes, grow volumes, and remove or delete volumes using HPE OneView.
You can also create volume snapshots, create a volume from a snapshot, and revert a volume
to a snapshot using HPE OneView.
Zoning policies
HPE OneView enables you to set a zoning policy for your managed SANs. You can define SAN
zoning policies which HPE OneView will follow as it auto-zones your SAN.
Zone naming and aliases
HPE OneView uses rules-based zone naming to give you full control of your zone names. You
can use zone naming to incorporate your current naming structure, which HPE OneView will use
during the automated zoning process.
HPE OneView enables you to create aliases for initiators, targets, and target groups, which HPE
OneView displays in place of their WWPNs.
More information
“About storage systems” (page 229)
“About SAN managers” (page 231)
HPE OneView Support Matrix for HPE Synergy
1.4 Networking features
HPE OneView provides several networking features to streamline the provisioning of networking
resources for server blades and to manage configuration changes, including firmware updates,
to Virtual Connect interconnect modules.
26
Learning about HPE OneView
Supported networks
The Virtual Connect interconnect modules in enclosures support the following types of data center
networks:
•
Ethernet for data networks, including tagged, untagged, or tunnel networks.
•
Fibre Channel for storage networks, including Fibre Channel fabric attach (SAN switch)
connections, and Fibre Channel direct attach (Flat SAN) connections to supported 3PAR
storage systems.
•
Fibre Channel over Ethernet (FCoE) for storage networks where storage traffic is carried
over a dedicated Ethernet VLAN.
More information
Logical interconnects
Logical interconnect group
Network set
“Learning about HPE OneView” (page 21)
1.5 Firmware and configuration change management features
1.5.1 Simplified firmware management
HPE OneView provides fast, reliable, and simple firmware management across the appliance.
When you add a resource to the appliance to be managed to ensure compatibility and seamless
operation, the appliance automatically updates the resource firmware to the minimum version
required to be managed by the appliance.
Updating firmware for an entire HPE Synergy frame and every component inside can be done
by a single administrator with minimal disruptions. Server firmware and driver updates can be
staged and then activated during a maintenance window.
A firmware bundle, also known as an SPP (Service Pack for ProLiant), is a tested update package
of firmware, drivers, and utilities. Firmware bundles enable you to update firmware on managed
server blades, and infrastructure (enclosures and interconnects).
An on-appliance firmware repository enables you to upload SPP firmware bundles and deploy
them across your environment according to your best practices. For example, you can:
•
View the versions and contents of firmware bundles stored in the firmware repository.
•
View the version of firmware installed on supported hardware from the Server Hardware.
•
Set a firmware baseline—a desired state for firmware versions—on a managed resource,
such as a server profile, or on a group of resources, such as all of the interconnects in a
logical interconnect.
•
Detect when a managed resource does not comply with the firmware baseline.
•
Identify firmware compatibility issues.
•
Update firmware for an entire enclosure.
•
Update firmware for individual resources or for groups of resources, such as logical
1
interconnects.
•
Update OS drivers and firmware
•
Remove a firmware bundle from the repository
Hewlett Packard Enterprise occasionally releases component hotfixes between main SPP
releases. Hewlett Packard Enterprise notifies you that a hotfix is available to upload and provides
1. Enclosure groups do not include a firmware baseline; therefore, updates to enclosure firmware are managed through
a logical enclosure configuration.
1.5 Firmware and configuration change management features
27
details about the SPP to which the hotfix applies. Different mechanisms are available for applying
a hotfix in HPE OneView.
More information
Best Practices for HPE Synergy Firmware and Driver Updates at www.hpe.com/info/
synergy-docs
1.5.2 Simplified configuration change management
Templates and groups simplify the distribution of configuration changes across the appliance.
For example:
•
You can reduce errors by making multiple and complex changes to a group. Then, for each
member of the group, you can use a single action to update the configuration to match the
configuration of the group.
•
The appliance notifies you when it detects that a device does not comply with the current
template or group. You control when and if a device configuration is updated.
•
The logical interconnect settings manage the firmware for physical interconnects to ensure
that all interconnects within the logical enclosure have compatible firmware.
1.5.3 Smart Update Tools features
Smart Update Tools (SUT) is an operating system utility for HPE OneView that enables an
administrator to perform online firmware and driver updates. SUT polls HPE OneView every five
minutes for new requests, processes those requests, and provides HPE OneView with a status.
HPE OneView posts the progress in the Firmware section of the Server Profile page. SUT
installs updates in the correct order and ensures that all dependencies are met before starting
an update. If there are unmet dependencies, SUT prevents the installation and notifies the HPE
OneView administrator that the installation cannot continue due to a dependency.
Key features:
•
Combined driver, software, and firmware updates
•
Compliance reporting in the HPE OneView dashboard based on the status received from
SUT
•
An increase in the maximum uptime by minimizing the number of reboots required for
activation
•
The ability to perform firmware staging and development tasks outside of the actual
maintenance window so that one reboot during the maintenance window activates both
firmware and driver updates
•
Multiple user roles:
•
◦
HPE OneView Infrastructure administrator who defines the desired state using the
firmware options in the server profile
◦
SUT administrator who uses SUT to update the firmware and the software on the server
Manual control and varying levels of automation:
◦
On demand or manual updates
◦
◦
Semiautomatic when staging is automatic or staging and installation are automatic
Fully automatic update
NOTE: SUT requires HPE iLO 4 version 2.30 and later to function correctly. If HPE
OneView manages the server firmware, HPE OneView automatically updates the iLO
firmware to enable SUT to proceed.
28
Learning about HPE OneView
1.6 Monitoring the environment and responding to issues
One user interface
You use the same interface for monitoring that you use to provision resources. There are no
additional tools or interfaces to learn.
Isolated management network
The appliance architecture is designed to separate the management traffic from the production
network, which increases reliability and security of the overall solution. For example, your data
center resources remain operational even in the unlikely event of an appliance outage.
Automatic configuration for monitoring health and utilization
When you add resources to the appliance, they are automatically configured for monitoring health,
activity, alerts, and utilization. You can monitor resources immediately without performing additional
configuration or discovery steps.
Management from other platforms using the REST APIs and message buses
The REST APIs and the SCMB (State-Change Message Bus) or MSMB (Metric Streaming
Message Bus) also enable you to monitor the HPE OneView environment from other management
platforms. For more information about message buses, see “Using a message bus to send data
to subscribers” (page 303)
Monitoring the environment and responding to issues
Features for monitoring the environment and responding to issues include the following:
•
The Dashboard screen (page 291), which displays a summary view of data center capacity
and health information
•
The Activity screen (page 285), which displays and enables you to filter all system tasks and
alerts
•
Data center environmental management (page 30)
•
Resource utilization monitoring (page 30)
•
Activity and health management (page 30)
•
Hardware and firmware inventory information (page 31)
More information
HPE iLO 4 with AMS traps supported for alerting in HPE OneView at http://www.hpe.com/info/
oneview/docs
1.6 Monitoring the environment and responding to issues
29
1.6.1 Data center environmental management
HPE OneView integrates these critical areas for environmental management of the data center:
•
Thermal data visualization in 3D
•
Power delivery infrastructure representation
•
Physical asset location in 3D
Feature
Description
Thermal data
visualization
3D data center thermal mapping provides a view of the thermal status of your entire data
center. The appliance collects thermal data from the managed resources in each data
center rack and presents the data graphically, enabling easy identification of hot spots in
a rack.
Power delivery
infrastructure
representation
HPE OneView collects and reports processor utilization and power and temperature
history for your data center hardware. The appliance monitors power, automatically detects
and reports power delivery errors, and provides precise power requirement information
for HPE ProLiant Gen8 (or later) servers and HPE BladeSystem enclosures that you can
use for planning rack and power usage.
Power Discovery Services enable automatic discovery and visualization of the power
delivery topology for your data center. HPE iPDUs enable the appliance to map the rack
power topology automatically. The appliance detects wiring errors—such as lack of
redundancy—and updates electrical inventory automatically when new servers are
installed. The appliance also supports per-outlet power control for remote power cycling
of each iPDU outlet.
You can manually define the power requirements and power topology for devices that do
not support Power Discovery Services.
Physical asset location
Location Discovery Services enable the appliance to automatically display the exact 3D
location of HPE ProLiant Gen8 (or later) servers in HPE Intelligent Series Racks, reducing
labor time, lowering operational costs, and eliminating human errors associated with
inventory and asset management.
You can manually define the positions of racks and devices that do not support Location
Discovery Services.
More information
“Managing power, temperature, and the data center” (page 221)
“Monitoring power and temperature” (page 297)
1.6.2 Resource utilization monitoring
HPE OneView periodically collects and maintains CPU utilization information for all of the servers
it manages. HPE OneView also collects port-level statistics for networking, including transmit,
receive, and error counters. HPE OneView displays all of this data in the UI and makes the data
available through the REST APIs.
More information
“Monitoring power and temperature utilization” (page 299)
“Utilization graphs” (page 281)
1.6.3 Activity and health management
HPE OneView provides streamlined activity monitoring and management. The appliance
automatically registers alerts and notifications from all managed resources, and resources added
to the appliance are immediately available for monitoring and management. When the appliance
notifies you of a problem, when possible, it suggests a way to correct the problem.
30
Learning about HPE OneView
Using the UI and REST APIs, you can:
•
View all activities (alerts and tasks) by description or source, and filter activities using multiple
filter criteria.
•
Assign alerts to specific users.
•
Annotate activities with notes from administrators, enabling the administrators of the data
center to collaborate through the appliance instead of through outside tools such as email.
•
View alerts for a specific resource from the UI screen for that resource or using the REST
API for that resource.
•
Automatically forward SNMP traps from managed resources to enterprise monitoring consoles
or centralized SNMP trap collectors.
More information
HPE iLO 4 with AMS traps supported for alerting in HPE OneView at http://www.hpe.com/info/
oneview/docs
1.6.4 Hardware and firmware inventory information
HPE OneView provides detailed hardware and firmware inventory information about the resources
it manages. You can access the following data through the UI and the REST APIs:
•
Summary and detailed views of managed hardware, such as servers, enclosures, and
interconnects.
•
Summary of monitored hardware, such as servers and enclosures.
•
Summary and detailed views of firmware bundle contents.
•
Firmware inventory for server and enclosure components.
You can use the Smart Search feature of the UI to find specific items in the inventory.
Reports are available to help you monitor your inventory as well as help you monitor your
environment. The inventory reports provide information about your servers or enclosures such
as model, serial number, part number, and so on. Other reports provide a picture of the overall
status of your environment.
1.6.5 Remote Support
By registering for Remote Support in HPE OneView, you enable Proactive Care and automatic
case creation for hardware failures on Gen8 and newer servers and enclosures. Once enabled,
all eligible devices added in the future will be automatically enabled for remote support.
Hewlett Packard Enterprise will contact you to ship a replacement part or send an engineer for
devices that are under warranty or support contract.
Remote support enables Proactive Care services including Proactive Scan reports and
Firmware/Software Analysis reports with recommendations that are based on collected
configuration data.
More information
“About remote support” (page 294)
1.7 Backup and restore features
HPE OneView provides services to back up an appliance to a file, and to restore an appliance
from a backup file. Backups can be scheduled to occur automatically and stored remotely.
1.7 Backup and restore features
31
One proprietary backup file for both the appliance and its database
Backup files are proprietary and contain configuration settings and management data—there is
no need to create separate backup files for the appliance and its database.
Flexible scheduling and an open interface for backup operations
You can create backup files while the appliance is online. Also, you can use REST APIs to:
•
Schedule a backup process from outside the appliance.
•
Collect backup files according to your site policies.
•
Integrate with enterprise backup and restore products.
•
Utilize the backup and restore scripts.
A backup file is a snapshot of the appliance configuration and management data at the time the
backup file was created. Hewlett Packard Enterprise recommends that you create regular backups,
preferably once a day and after you make hardware or software configuration changes in the
managed environment.
Specialized user role for creating backup files
HPE OneView provides a user role (Backup administrator) specifically for backing up the appliance
by permitting access to other resource views without permitting actions on those resources, or
other tasks.
Recovery from catastrophic failures
You can recover from a catastrophic failure by restoring your appliance from the backup file.
When you restore an appliance from a backup file, all management data and most configuration
settings on the appliance are replaced with the data and settings in the backup file, including
things like user names and passwords, audit logs, and available networks.
The state of the managed environment is likely to be different from the state of that environment
at the time the backup file was created. During a restore operation, the appliance reconciles the
data in the backup file with the current state of the managed environment. After the restore
operation, the appliance uses alerts to report any discrepancies that it cannot resolve automatically.
More information
“Backing up an appliance” (page 247)
1.8 Security features
To ensure a secure platform for data center management, the appliance includes features such
as the following:
•
Separation of the data and management environments, which is critical to protect against
Denial of Service attacks.
Hewlett Packard Enterprise recommends that you follow best practices to protect and isolate
management networks from production data networks. To ensure high availability and
safeguard against various network attacks, it is recommended that the HPE Synergy
Composer management network be isolated from the production network using appropriate
mechanisms (such as firewalls and intrusion detection systems).
32
•
RBAC (role-based access control), which enables an administrator to establish access
control and authorization for users based on their responsibilities for specific resources.
•
Single sign-on to iLO without storing user-created credentials.
Learning about HPE OneView
•
Audit logging for all user actions.
•
Support for authentication and authorization using an optional directory service such as
Microsoft Active Directory.
•
Use of certificates for authentication over Transport Layer Security (TLS).
•
A UI that restricts access from host operating system users.
•
An automated remote backup feature that allows you to set the day and time a backup will
be performed and the ability to specify a remote SSH or SFTP server to store the backup
files automatically.
More information
“Understanding the security features of the Synergy Composer” (page 63)
1.9 High availability features
HPE OneView achieves high availability through an appliance cluster that comprises two
appliances. The appliances are defined by their role of active or standby. The standby appliance
monitors the active appliance and assumes control when contact is lost, protecting against data
loss (management data and audit log) if the active appliance fails. In the unlikely event that HPE
OneView experiences an outage, the managed resources continue to run. HA also protects
against data loss (management data and audit log) if the active appliance fails.
More information
“Best practices: Synergy Composer installation and configuration notes” in the online help
“Maintenance console” (page 441)
1.10 Graphical and programmatic interfaces
HPE OneView was developed to use a single, consistent resource model embodied in a fast,
modern, and scalable HTML5 user interface and industry-standard REST APIs for mobile, secure
access, and open integration with other management software.
User interface—efficiency and simplicity by design
The UI is designed for the way you work, providing powerful, easy-to use tools, including the
following:
Feature
Description
Dashboard screen
Provides a graphical representation of the general health and capacity of the resources
in your data center. From the Dashboard you can immediately see the areas that need
your attention.
Map view
Available from each resource, the Map view enables you to examine the configuration
and understand the relationships between logical and physical resources in your data
center.
Smart Search box
The banner of every screen includes the Smart Search feature, which enables you to
find resource-specific information such as specific instances of resource names, serial
numbers, WWNs, and IP and MAC addresses.
Labels view
Available from each resource, the Labels view enables you to organize resources into
groups. For example, you might want to identify the servers that are used primarily by
the Finance team, or identify the storage systems assigned to the Asia/Pacific division.
Scopes view
A grouping of resources that can be used to restrict the range of an operation or action.
The resources are arranged by categories. All the resources in these categories can be
added to or removed from a scope, including enclosures, server hardware, networks,
network sets, interconnects, logical interconnects, and logical interconnect groups.
1.9 High availability features
33
Feature
Description
Activity feed
The Activity feed gives you a unique perspective into the health of your environment
by interleaving the tasks, alerts, and administrator notes into a single view. The Activity
feed simplifies the correlation of user activity with system health, allowing for timely
resolution of issues.
Resource-specific
management screens
These screens enable you to focus on the resources you are authorized to view and
manage. Resource group screens enhance scalability by enabling you to manage multiple
resources as one.
The UI provides on-screen hints and tips to help you avoid and correct errors, and provides links
to learn more about the tasks. At the top of each screen, the help icon gives you access to the
entire help system.
REST APIs—automation and integration
HPE OneView has a resource-oriented architecture that provides a uniform REST interface.
The REST APIs:
•
Provide an industry-standard interface for open integration with other management platforms.
•
Are designed to be ubiquitous—every resource has one URI (Uniform Resource Identifier)
and represents a physical device or logical construct.
•
Enable you to automate anything you can do from the UI using your favorite scripting or
programming language.
•
Are designed to be highly scalable.
More information
“Navigating the graphical user interface” (page 77)
“Accessing documentation and help” (page 107)
HPE OneView REST API Scripting Help
1.11 Integration with other management software
To use the integrated management software listed in this section, you must purchase HPE
OneView Advanced licenses. For more information, see “About licensing” (page 161).
HPE Integrated Lights-Out
HPE OneView interacts seamlessly with the iLO management processor to provide complete
management of server hardware. HPE OneView automatically configures the iLO according to
the settings specified by the HPE OneView server profile. HPE OneView configures seamless
access to the iLO graphical remote console, enabling you to launch the iLO remote console from
the HPE OneView UI in a single click. Your iLO privileges are determined by the role assigned
to your HPE OneView appliance account.
HPE Insight Control
Full licenses of HPE OneView Advanced include the right to use HPE Insight Control which
delivers essential infrastructure management. Insight Control can save you time and money by
making it easy to deploy, migrate, monitor, and optimize your IT infrastructure through a single,
simple management console for your ProLiant ML/DL/SL and BladeSystem servers. You can
elect to use either HPE OneView or the corresponding license for HPE Insight Control to manage
devices. You do not need to purchase two licenses for the same server. However, you cannot
operate HPE OneView and Insight Control licenses to manage the same server at the same
time. The exception is Insight Control server provisioning, which can be used simultaneously
with HPE OneView to manage the same server.
34
Learning about HPE OneView
HPE Insight Control is not included in the HPE OneView download or media, but can be
downloaded from http://www.hpe.com/info/insightupdates by using the HPE Insight Control
license key provided during the entitlement or fulfillment process.
HPE Insight Control server provisioning
HPE OneView Advanced includes the right to use Insight Control server provisioning, a capability
for multi-server, physical OS provisioning, and server configuration. Insight Control server
provisioning software is not included in the HPE OneView media, but can be downloaded from
http://www.hpe.com/info/insightupdates.
HPE OneView for Microsoft System Center
HPE OneView Advanced includes the right to use HPE OneView for Microsoft System Center.
HPE OneView for Microsoft System Center fully integrates the HPE management ecosystem
into Microsoft System Center, delivering capabilities such as proactive monitoring, remote
management and provisioning of HPE servers, networking and storage. HPE OneView for
Microsoft System Center can be downloaded from http://www.hpe.com/products/ovsc.
HPE OneView for VMware vCenter
HPE OneView Advanced includes the right to use HPE OneView for VMware vCenter, HPE
OneView for VMware vCenter/vRealize Operations, and HPE OneView for VMware vCenter Log
Insight. HPE OneView for VMware fully integrates the HPE management ecosystem to deliver
capabilities such as proactive monitoring, deep troubleshooting, remote management, and
provisioning of HPE servers, networking, and storage. HPE OneView integrations with VMware
can be downloaded from http://www.hpe.com/products/ovvcenter.
1.11.1 Other management software warnings
Do not use external managers, such as HPE Systems Insight Manager (SIM) or third-party
management software, to manage hardware that is under management using HPE OneView.
Using another external manager can cause errors and unexpected behavior. For example: iLO
has a maximum of three trap destinations, one of which is HPE OneView. If external managers
define additional trap destinations, iLO removes one of the existing trap destinations. If HPE
OneView is the trap destination iLO removes, HPE OneView will no longer receive SNMP traps
and will not display server health or lifecycle alerts.
NOTE: Third-party tools do not provide a warning, so use caution if those tools make or require
configuration changes to the server.
If you attempt to change a resource managed by HPE OneView with other HPE management
tools such as ROM-Based Setup Utility (RBSU) or UEFI System Utilities, a warning message
displays.
•
If you attempt to change server firmware using SUM, and the firmware baseline associated
with the server profile for that server is not set to Managed manually, SUM displays a
warning:
HPE OneView is managing the server and it is configured for Service
Pack for ProLiant version x. It cannot be updated to a different
version directly using SUM.
•
If HPE OneView manages the iLO, the iLO login screen displays a warning.
1.11 Integration with other management software
35
Figure 1 iLO warning
•
If you attempt to make BIOS or iLO changes in Intelligent Provisioning, a warning displays.
1.12 HPE Synergy Image Streamer
HPE Synergy Image Streamer is a management appliance used to deploy and customize operating
systems for Synergy servers. Administrators build a library of templates and OS images that can
be used for repeatable, reliable, and scalable deployment.
HPE OneView and Image Streamer create a stateless server environment where bootable images
are separated from the physical servers. With this stateless server environment, you can quickly
replace the physical servers without the need to redeploy the operating system.
Unified REST API access to Synergy Image Streamer enables programmatic control of its
functions. Provisioning can be controlled from the HPE OneView UI or it can be seamlessly
integrated into existing scripting processes.
More information
“About HPE Synergy Image Streamer” (page 200)
HPE Synergy Image Streamer documentation at www.hpe.com/info/synergy-docs
1.13 Open integration
The single, consistent resource model, REST APIs, SCMB (State-Change Message Bus), and
MSMB (Metric Streaming Message Bus) enable you to use scripting to integrate HPE OneView
with other enterprise applications to address user needs and perform tasks such as:
•
Automating standard workflows and troubleshooting steps
•
Automating integrations with other software, such as a CMDB (configuration management
database)
•
Connecting to service desks
•
Monitoring resources, collecting data, and mapping and modeling systems
•
Exporting data to formats that suit your needs
•
Attaching custom databases, data warehouses, or third-party business intelligence tools
•
Integrating in-house user customizations
The SCMB is an interface that uses asynchronous messaging to notify subscribers of changes
to managed resources—both logical and physical. For example, you can program applications
to receive notifications when new server hardware is added to the managed environment or when
the health status of physical resources changes—without having to continuously poll the appliance
for status using the REST APIs.
36
Learning about HPE OneView
More information
HPE OneView REST API Scripting Help
“Using a message bus to send data to subscribers” (page 303)
1.13 Open integration
37
38
2 Understanding the resource model
HPE OneView uses a resource model that reduces complexity and simplifies the management
of your data center. This model provides logical resources, including templates, groups, and sets,
that when applied to physical resources, provides a common structure across your data center.
The UI distinguishes between physical and virtual resources by using certain actions. For example:
•
You can create, delete, or copy a logical resource, but not a physical resource
•
You can add or remove a physical resource
High-level overview
Network resources
• Resource model summary diagram (page 40)
• Networks (page 51)
Server resources
• Network sets (page 51)
• Server profile templates (page 57)
Storage resources
• Server profiles (page 56)
• Storage Systems (page 58)
• Connections (page 41)
• Storage Pools (page 58)
• Connection templates (page 42)
• Volumes (page 60)
• Server hardware (page 55)
• Volume Templates (page 61)
• Server hardware types (page 56)
• SAN Managers (page 54)
• “OS deployment servers” (page 52)
• SANs (page 54)
Network provisioning resources
• Drive Enclosures (page 44)
• Enclosure groups (page 45)
Appliance resources
• Enclosure types (page 45)
• Appliance (page 40)
• Enclosures (page 44)
• Domains (page 43)
• Interconnect types (page 47)
• Interconnects (page 46)
Data center power and cooling management
resources
• Logical enclosures (page 47)
• Data centers (page 42)
• Logical interconnect groups (page 50)
• Racks (page 53)
• Logical interconnects (page 48)
• Power delivery devices (page 52)
• Uplink sets (page 60)
• Unmanaged devices (page 59)
Learn more
• For a complete list of resources, see the HPE OneView REST
API Reference in the online help.
• For information about using HPE OneView, see the other
chapters in this guide and the online help.
39
2.1 Resource model summary diagram
The following figure summarizes some of the most frequently used resources and shows the
relationships between them.
Figure 2 Resource model summary diagram
Volume
Templates
Volume
Attachments
Volumes
Storage
Pools
Domains
Appliance
Server
Profiles
Deployed
Targets
Deployment
plan
Connection
Templates
Server
Profile
Templates
Connections
SAS Logical
JBOD Attach
Power
Delivery
Devices
Drive
Bay
Racks
Storage
Systems
Deployment
Servers
Device
Bay
Device
Bay
Enclosures
Data
Centers
Has a type
Specified in a server profile
Physical resource
Logical resource
I/O
Bay
I/O
Bay
Logical
Enclosure
Server
Hardware
Types
Types
SAN
Manager
Networks
SANs
SAS Logical
JBOD
Drive
Bay
IO
Enclosure Adapter Drive
Server
Hardware
or
Network
Sets
SAS Logical
Interconnects
SAS Logical
Interconnect
Groups
SAS
Interconnects
Interconnects
Uplink Sets
Uplink Sets
Enclosure
Groups
Logical
Interconnect
Groups
Enclosure
Types
Interconnect
Types
Logical
Interconnects
The UI and REST APIs are organized by resource. The documentation for the UI and REST APIs
are also organized by resource.
The complete list of resources are included in the HPE OneView REST API Reference in the
online help.
The following sections introduce the resources shown in Figure 2: Resource model summary
diagram (page 40).
More information
Understanding the resource model (page 39)
2.2 Appliance
The appliance resource defines configuration details specific to the HPE OneView appliance (as
distinct from the resources HPE OneView manages).
Relationship to other resources
An appliance resource is associated with the following resources in the resource summary
diagram (page 40):
40
•
Exactly one domain
•
Zero or more instances of the other resources in the summary diagram (page 40)
Understanding the resource model
UI screens and REST API resources
Several REST API resources are related to the appliance and appliance settings. See the
resources in the following categories in the HPE OneView REST API Reference in the online
help:
UI screen
REST API resource
Settings
• Appliance time, locale, and timezone settings
appliance/configuration/timeconfig/locales
appliance/configuration/time-locale
• Appliance device READ community string
appliance/device-read-community-string
• Reset the appliance to the factory defaults
appliance
• Upgrade or patch the appliance firmware
appliance/firmware
• Health of appliance components
appliance/health-status
• Configure and retrieve network information of the appliance
appliance/network-interfaces
• Shut down or restart an appliance
appliance/shutdown
• Generating and downloading support dumps from an appliance
appliance/support-dumps
• Trap destinations in the management appliance
appliance/trap-destinations
OneView License
• Status of the End User License Agreement (EULA) and related data
appliance/eula
More information
Managing the appliance (page 259)
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.3 Connections
A connection is the logical representation of a connection between a server and a network or
network set. Connections can be configured in server profiles. A connection specifies the following:
•
The network or network set to which the server is to be connected
•
Configuration overrides (such as a change to the preferred bandwidth) to be made to the
default configuration for the specified network or network set
•
Boot order
2.3 Connections
41
Relationship to other resources
A connection resource is associated with the following resources in the resource summary
diagram (page 40):
•
Exactly one server profile resource.
•
Exactly one connection template resource.
•
Exactly one network or network set resource. The resources that are available to the
connection depend on the configuration of the logical interconnect of the enclosure that
contains the server hardware.
UI screens and REST API resources
UI screen
REST API resources
Server Profiles
connections and server-profiles
More information
About server profiles (page 142)
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.4 Connection templates
A connection template defines default configuration characteristics, such as the preferred
bandwidth and maximum bandwidth, for a network or network set. When you create a network
or network set, HPE OneView creates a default connection template for the network or network
set.
Relationship to other resources
A connection template resource is associated with zero or more connection resources. A
connection resource is associated with the appropriate connection template for a type of network
or network set.
UI screens and REST API resources
UI screen
REST API resource
Notes
None
connection-templates
The UI does not display or refer to connection
templates, but connection templates determine
the default values displayed for the connection
when you select a network or network set.
More information
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.5 Data centers
In HPE OneView, a data center represents a physically contiguous area in which racks containing
IT equipment—such as servers, enclosures, and devices—are located. You create a data center
to describe a portion of a computer room, summarizing your environment and its power and
thermal requirements. A data center resource is often a subset of your entire data center and
can include equipment that is not managed by HPE OneView. By representing the physical layout
42
Understanding the resource model
of your data center equipment, including unmanaged devices, you can use detailed monitoring
information for space planning and determining power and cooling requirements.
In HPE OneView, you can:
•
View a 3D model of the data center layout that includes a color-coding scheme to help you
identify areas that are too hot or too cold.
•
View temperature history data.
•
More easily locate specific devices for hands-on servicing.
Relationship to other resources
A data center resource is associated with the following resources in the resource summary
diagram (page 40):
•
Zero or more racks
UI screens and REST API resources
UI screen
REST API resource
Data Centers
datacenters
More information
Managing your data center (page 222)
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.6 Domains
The domain resource describes the management domain for the appliance. All physical and
logical resources managed by the appliance are part of a single management domain.
Relationship to other resources
A domain resource is associated with the following resources in the resource summary
diagram (page 40):
•
Exactly one appliance
•
Zero or more instances of the other resources in the summary diagram (page 40)
UI screens and REST API resources
UI screen
REST API resource
Notes
None
domains
The UI does not display or refer to domains, but the domain
resource provides information about limits such as the total number
of networks that you can add to the appliance. You can use the
domains REST API to obtain information about the domain.
More information
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.6 Domains
43
2.7 Drive Enclosures
Drive enclosures are hardware devices that contain a set of drive bays. A drive enclosure is
installed in a device bay of an enclosure, and provides composable storage to servers. Server
profile templates or server profiles allow you to automatically apply storage resource configuration
to the storage devices within the drive enclosure.
In the resource model:
•
Drive enclosures are associated with the frame (enclosure) in which they are installed.
•
Drive enclosures are associated with a logical JBOD, which is defined in a server profile,
and which specifies attachments to server hardware.
Relationship to other resources
A drive enclosure is associated with the following resources in the resource model summary
diagram (page 40):
•
One enclosure in which it is installed through one logical enclosure.
•
One or more server profiles though logical JBODs, which specify which volumes in the drive
enclosure are attached to specific server hardware.
•
One or two SAS interconnects, through a logical interconnect.
UI screens and REST API resources
UI screen
REST API resource
Drive Enclosures
drive-enclosures
More information
Drive enclosures (page 228)
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.8 Enclosures
An enclosure is a physical structure with device bays supporting server, networking, and storage
building blocks. These building blocks share the enclosure's common power, cooling, and
management infrastructure.
The enclosure provides the hardware connections between the interconnect downlinks and the
installed servers. The enclosure interconnects provide the physical uplinks to the data center
networks.
When you set up an HPE Synergy 12000 Frame, HPE OneView discovers and adds all of the
components within the enclosure, including any installed servers and any installed interconnects.
Relationship to other resources
An enclosure resource is associated with the following resources in the resource summary
diagram (page 40):
44
•
One logical enclosure
•
Exactly one enclosure group
•
Zero or more physical interconnects
•
One or more logical interconnects and one or more logical interconnect groups (through the
enclosure’s association with an enclosure group and interconnects)
Understanding the resource model
•
Zero or one rack resource
•
Zero or more power delivery devices
UI screens and REST API resources
UI screen
REST API resource
Enclosures
enclosures
More information
Managing enclosures (page 195)
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.9 Enclosure groups
An enclosure group is a template that defines a consistent configuration for a logical enclosure.
Network connectivity for an enclosure group is defined by the logical interconnect groups
associated with the enclosure group.
Using enclosure groups, you can quickly add many enclosures and have them configured into
identical logical enclosures.
Relationship to other resources
An enclosure group resource is associated with the following resources in the resource summary
diagram (page 40):
•
Zero or more logical enclosures
•
Zero or more server profiles
•
Zero or more logical interconnect groups
UI screens and REST API resources
UI screen
REST API resource
Enclosure Groups
enclosure-groups
More information
Managing enclosure groups (page 204)
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.10 Enclosure types
An enclosure type defines characteristics of a specific Hewlett Packard Enterprise enclosure
hardware model, such as an HPE Synergy 12000 Frame.
Relationship to other resources
An enclosure type resource is associated with zero or more enclosures.
2.9 Enclosure groups
45
UI screens and REST API resources
UI screen
REST API resource
Notes
None
None
The UI does not refer to enclosure
type, but the enclosure type is used by
HPE OneView when you add an
enclosure. The enclosures REST
resource includes an enclosureType
attribute.
More information
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.11 Interconnects
An interconnect is a physical resource that enables communication between hardware in the
enclosure and the data center Ethernet LANs and Fibre Channel SANs.
An interconnect has the following types of ports:
Port type
Description
Uplinks
Uplinks are physical ports that connect the interconnect to the data center networks. For example,
the Q1 port of an HPE Virtual Connect SE 40Gb Module for HPE Synergy is an uplink.
Downlinks
Downlinks are physical ports that connect the interconnect to the server hardware through the
enclosure midplane.
Stacking links
Stacking links are external physical ports that join interconnects to provide redundant paths for
Ethernet traffic from servers to the data center networks. Stacking links are based on the
configuration of the associated logical interconnect group.
Interconnect Link
Ports
Physical ports linking Interconnect Link Modules and an HPE VC SE 40Gb F8 Module to provide
seamless support for a multi-frame solution.
In the resource model:
46
•
Interconnects that are managed are put in a Configured state when the HPE Synergy
frame is configured by creating a logical enclosure. An unmanaged interconnect remains in
the Monitored state when the HPE Synergy frame is configured by creating a logical
enclosure.
•
Interconnects are defined by a logical interconnect group, which in turn defines the logical
interconnect configuration to be used for an enclosure. The physical interconnect configuration
in the enclosure must match the logical interconnect group configuration before an
interconnect can be managed.
•
For an interconnect to be usable, it must be installed in an enclosure and must be defined
as part of a logical interconnect. Each physical interconnect can contribute physical uplink
ports to an uplink set.
•
Firmware baselines and firmware updates for physical interconnects are managed by the
logical interconnect.
•
Serial Attached SCSI (SAS) interconnects, used to connect to storage, have their own logical
interconnect group and logical interconnect.
Understanding the resource model
Relationship to other resources
An interconnect resource is associated with the following resources in the resource summary
diagram (page 40):
•
Exactly one enclosure
•
One or more logical interconnects, and, through that logical interconnect, one or more logical
interconnect groups
UI screens and REST API resources
UI screen
REST API resources
Interconnects
interconnects, interconnect-types, and
logical-interconnects
More information
Managing enclosure interconnect hardware (page 171)
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.12 Interconnect types
The interconnect type resource defines the characteristics of a model of interconnect, such as
the following:
•
Downlink capabilities and the number of downlink ports
•
Uplink port capabilities and the number of uplink ports
•
Supported firmware versions
Relationship to other resources
An interconnect type resource is associated with the following resources in the resource summary
diagram (page 40):
•
Zero or more interconnects
UI screens and REST API resources
UI screen
REST API resource
Notes
Interconnects
interconnect-types
The UI does not display or refer to the
interconnect type resource specifically,
but the information is used by HPE
OneView when you add or manage an
interconnect using the Interconnects
screen.
More information
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.13 Logical enclosures
A logical enclosure contains the configuration intended for a set of physical enclosures. If the
intended configuration in the logical enclosure does not match the actual configuration on the
enclosure, the logical enclosure becomes inconsistent.
2.12 Interconnect types
47
You must manually create a logical enclosure for HPE Synergy frames for HPE OneView to
manage them.
Relationship to other resources
A logical enclosure resource is associated with the following resources in the resource summary
diagram (page 40):
•
One or more enclosures, and through the enclosure(s), one enclosure group
UI screens and REST API resources
UI screen
REST API resource
Logical Enclosures
logical-enclosures
More information
Managing logical enclosures (page 207)
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.14 Logical interconnects
A logical interconnect is a single entity for multiple physical interconnects
A logical interconnect is a single administrative entity that consists of the configuration for a set
of interconnects in an enclosure. This configuration includes:
•
Interconnects, which are required for the enclosure to connect to data center networks.
•
Uplink sets, which map data center networks to physical uplink ports. If no uplink sets are
defined, the logical interconnect cannot connect to data center networks, and the servers
attached to the downlinks of the logical interconnect cannot connect to data center networks.
•
Downlink ports, which connect through the enclosure midplane to the servers in the enclosure.
A logical interconnect includes all of the physical downlinks of all of the member interconnects.
The downlinks connect the interconnects to physical servers. The set of downlinks that share
access to a common set of networks is called logical downlinks.
•
Internal networks, which are used for server-to-server communications without traffic
egressing any uplinks.
•
Stacking links, if used, join interconnects through external cables between the external ports
of the interconnects.
•
The firmware baseline, which specifies the firmware version to be used by all of the member
interconnects. The firmware baseline for physical interconnects is managed by the logical
interconnect.
A Serial Attached SCSI (SAS) logical interconnect connects storage hardware and servers.
A SAS logical JBOD, a group of physical disk drives, is assigned to server hardware from server
profiles or server profile templates.
48
Understanding the resource model
The Network administrator configures multiple paths from server bays to
networks
The Network administrator can ensure that every server bay of an enclosure has two independent
paths to an Ethernet data center network by creating a logical interconnect for which the following
conditions are true:
•
The logical interconnect has at least two interconnects that are joined by stacking links, or
two interconnects are defined in separate logical interconnect groups.
•
The logical interconnect has at least one uplink set that includes uplinks to the network from
at least two physical interconnects.
HPE OneView detects and reports a configuration or state in which there is only one path (no
redundant paths) to a network or in which there are no paths to a network.
The Server administrator is not required to know the details about
interconnect configurations
Because a logical interconnect is managed as a single entity, the server administrator is isolated
from the details of interconnect configurations. For example, if the network administrator configures
the logical interconnect to ensure redundant access from each server bay in the enclosure to
each Ethernet data center network, the server administrator must only ensure that a server profile
includes two connections to a network or to a network set that includes that network.
Relationship to other resources
A logical interconnect resource is associated with the following resources in the resource summary
diagram (page 40):
•
Zero or more interconnects. For a logical interconnect to be usable, it must include at least
one interconnect. If there are zero interconnects, the enclosure and its contents do not have
any uplinks to the data center networks.
•
One or more logical interconnect groups associated with an enclosure group, which define
the initial configuration of the logical interconnects.
•
Zero or more uplink sets, which associate zero or more uplink ports and zero or more
networks.
•
Zero or one logical enclosure
UI screens and REST API resources
UI screen
REST API resource
Notes
Logical Interconnects
logical-interconnects and
logical-downlinks
You use the logical-downlinks REST
API to obtain information about the common
set of networks and capabilities available
to a downlink.
More information
Managing logical interconnects and logical interconnect groups (page 173)
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.14 Logical interconnects
49
2.15 Logical interconnect groups
The logical interconnect group is a template that defines the physical and logical configuration
of the interconnects that are configured together to form a logical interconnect. This configuration
includes the following:
•
The interconnect types, interconnect configurations, and interconnect downlink capabilities
•
The interconnect ports used for stacking links
•
The uplink sets, which map uplink ports to Ethernet or Fibre Channel networks
•
The available networks based on the uplink sets and internal networks
In the resource model:
•
A logical interconnect group or groups is associated with an enclosure group instead of an
individual enclosure.
•
A multiple-enclosure logical interconnect group must match the interconnect link topology
within the set of linked enclosures. All bays must be properly populated in all enclosures in
the interconnect link topology.
•
A Serial Attached SCSI (SAS) logical interconnect group is a single-enclosure logical
interconnect group which can be applied to individual bays in individual enclosures in the
interconnect link topology.
•
The uplink sets defined by the logical interconnect group establish the initial configuration
for uplink sets for each logical interconnect in the enclosure group. If you change uplink sets
for an existing logical interconnect group:
◦
Only enclosures that you add after the configuration change are configured with the
new uplink set configuration.
◦
Existing logical interconnects are reported as not being consistent with the logical
interconnect group. You can then request that those existing logical interconnects be
updated with the new configuration.
After a logical interconnect has been created and associated with a logical interconnect group,
it continues to be associated with that group and reports if its configuration differs from the group.
You can then change the configuration of the logical interconnect to match the group.
Relationship to other resources
A logical interconnect group resource is associated with the following resources in the resource
summary diagram (page 40):
•
Zero or more logical interconnects
•
Zero or more enclosure groups
The uplink sets defined by a logical interconnect group specify the initial configuration of the
uplink sets of each logical interconnect in the group.
UI screens and REST API resources
UI screen
REST API resource
Logical Interconnect Groups
logical-interconnect-groups
More information
Managing logical interconnects and logical interconnect groups (page 173)
Resource model summary diagram (page 40)
50
Understanding the resource model
Understanding the resource model (page 39)
2.16 Networks
A network represents a Fibre Channel, Ethernet, or Fibre Channel over Ethernet (FCoE) network
in the data center.
Relationship to other resources
A network resource is associated with the following resources in the resource summary
diagram (page 40):
•
Zero or more connections
•
Zero or one uplink set per logical interconnect
•
For tagged, Ethernet networks, zero or more network sets
UI screens and REST API resources
UI screen
REST API resource
Networks
fc-networks or ethernet-networks or
fcoe-networks
More information
Managing networks and network resources (page 165)
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.17 Network sets
A network set represents a group of tagged, Ethernet networks identified by a single name.
Network sets are used to simplify server profile configurations and server profile templates. When
a connection in a server profile specifies a network set, it can access any of the member networks.
Additionally, if networks are added to or deleted from a network set, server profiles that specify
the network set are isolated from the change. One common use for network sets is as a trunk
for multiple VLANs to a vSwitch.
In the resource model:
•
A network set can contain zero or more tagged, Ethernet networks.
•
A tagged, Ethernet network can be a member of zero or more network sets.
•
A connection in a server profile can specify either a network or a network set.
•
A network set cannot be a member of an uplink set.
Other configuration rules apply.
Relationship to other resources
A network set resource is associated with the following resources in the resource summary
diagram (page 40):
•
Zero or more connections, and, through those connections, zero or more server profiles
•
Zero or more Ethernet networks
2.16 Networks
51
UI screens and REST API resources
UI screen
REST API resource
Network Sets
network-sets
More information
About network sets (page 166)
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.18 OS deployment servers
An OS deployment server is a resource that enables you to deploy (install and configure) operating
systems for use by servers. HPE OneView connects to an OS deployment server and configures
it for deploying operating systems. An HPE Synergy Image Streamer appliance hosts software
used to deploy and customize operating systems for use by Synergy servers.
HPE OneView manages the OS deployment server after it is configured and displays the list of
attributes, management settings, the OS deployment plans, and the server profiles that reference
the available OS deployment plans.
Relationship to other resources
An OS deployment server is associated with the following resources in the resource model
summary diagram (page 40):
•
One Synergy Image Streamer management network to connect the Synergy Image Streamer
and Synergy Composer appliances.
•
One Synergy Image Streamer OS deployment network through which iSCSI traffic flows
between servers and volumes deployed by Synergy Image Streamer.
•
One or more logical interconnect groups.
•
Exactly one enclosure group.
•
Exactly one logical enclosure.
•
One or more server profiles with server-specific settings for OS deployment.
•
One Synergy Image Streamer OS deployment plan through deployed targets.
UI screens and REST API resources
UI screen
REST API resource
OS Deployment Servers
deployment-servers
More information
Managing OS Deployment servers (page 225)
HPE Synergy Image Streamer documentation at www.hpe.com/info/synergy-docs
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.19 Power delivery devices
A power delivery device is a physical resource that delivers power from the data center service
entrance to the rack components. You create the power distribution device objects to describe
52
Understanding the resource model
the power source for one or more components in the rack. Power delivery devices can include
power feeds, breaker panels, branch circuits, PDUs, outlet bars, outlets, and UPS devices.
For a complete list of power delivery devices, see the screen details online help for the Power
Delivery Devices screen.
Relationship to other resources
A power delivery device resource is associated with the following resources in the resource
summary diagram (page 40):
•
Zero or more racks
•
Zero or more unmanaged devices
UI screens and REST API resources
UI screen
REST API resource
Power Delivery Devices
power-devices
More information
Managing power (page 221)
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.20 Racks
A rack is a physical structure that contains IT equipment such as enclosures, servers, power
delivery devices, and unmanaged devices in a data center. By describing the physical location,
size, and thermal limit of equipment in the racks, you enable space and power planning and
power analysis features for your data center.
Relationship to other resources
A rack resource is associated with the following resources in the resource summary
diagram (page 40):
•
Zero or one data centers
•
Zero or more enclosures
•
Zero or more instances of server hardware
•
Zero or more unmanaged devices
•
Zero or more power delivery devices
UI screens and REST API resources
UI screen
REST API resource
Racks
racks
More information
Managing power (page 221)
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.20 Racks
53
2.21 SAN Managers
SAN Managers enables you to bring systems that manage SANs under management of HPE
OneView. When you add a SAN manager to HPE OneView, the SANs that it manages become
available to associate with HPE OneView networks that you can attach to server profiles.
In the resource model:
•
SAN managers are not associated with HPE OneView resources directly. The SANs they
manage (known as managed SANs) can be associated with HPE OneView networks, which
can then be configured in server profiles.
Relationship to other resources
The SAN managers resource is associated with the following resources in the resource model
summary diagram (page 40):
•
A managed SAN on a SAN manager can be associated with one HPE OneView network,
which can be associated with one server profile.
UI screens and REST API resources
UI screen
REST API resource
SAN Managers
device-managers
More information
SAN Managers (page 231)
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.22 SANs
SANs are discovered by SAN Managers and become managed when they are associated with
HPE OneView networks. Server profile attachments to volumes over SANs auto configure the
server, SAN zoning, and storage system enabling the server to access the volume.
SANs are made available to HPE OneView when the SAN manager to which they belong is
added.
In the resource model:
•
SANs are associated with the SAN Manager on which they reside.
•
SANs can be associated with one or more Fibre Channel (FC) or Fibre Channel over Ethernet
(FCoE) networks.
Relationship to other resources
The SANs resource is associated with the following resources in the resource model summary
diagram (page 40):
•
A managed SAN on a SAN manager can be associated with one or more Fibre Channel
(FC) and/or one or more Fibre Channel over Ethernet (FCoE) network.
UI screens and REST API resources
54
UI screen
REST API resource
SANs
fc-sans
Understanding the resource model
More information
SANs (page 233)
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.23 Server hardware
Server hardware represents an instance of server hardware.
For information about the supported server hardware, see the HPE OneView Support Matrix
for HPE Synergy.
Relationship to other resources
A server hardware resource is associated with the following resources in the resource summary
diagram (page 40):
•
Zero or one server profile. If a server does not have a server profile assigned, you cannot
perform actions that require the server profile resource, such as managing firmware or
connecting to data center networks. However, you can:
◦
Add the managed server hardware to HPE OneView, including automatically updating
the server firmware to the minimum version required for management by HPE OneView.
NOTE: Attempts to add monitored servers with less than the minimum firmware
version required by HPE OneView will fail, and the firmware must be updated outside
of HPE OneView, for example, with Smart Update Manager.
◦
View inventory data.
◦
Power on or power off the server.
◦
Launch the iLO remote console.
◦
Monitor power, cooling, and utilization.
◦
Monitor health and alerts.
•
Exactly one server hardware type.
•
Exactly one device bay of an enclosure. This association also applies to full-height server
blades, which occupy two device bays but are associated with the top bay only.
UI screens and REST API resources
UI screen
REST API resource
Notes
Server Hardware
server-hardware
You use the server hardware resource,
not the server profile resource, to
perform actions such as powering off
or powering on the server, resetting
the server, and launching the HPE iLO
remote console. You can launch the
iLO remote console through the UI.
The REST APIs do not include an API
to launch the iLO remote console.
More information
Managing server hardware (page 135)
Resource model summary diagram (page 40)
2.23 Server hardware
55
Understanding the resource model (page 39)
2.24 Server hardware types
A server hardware type captures details about the physical configuration of server hardware,
and defines which settings are available to the server profiles assigned to that type of server
hardware. For example, the server hardware type for the HPE Synergy 480 Gen9 Compute
Module includes a complete set of default BIOS settings for that server blade hardware
configuration.
When you add an enclosure to HPE OneView, HPE OneView detects the servers installed in the
enclosure and creates a server hardware type for each unique server configuration it discovers.
When you add a unique rack mount server model, HPE OneView creates a new server hardware
type for that server configuration.
Relationship to other resources
A server hardware type resource is associated with the following resources in the resource
summary diagram (page 40):
•
Zero or more server profiles
•
Zero or more server profile templates
•
Zero or more servers of the type defined by that server hardware type
UI screens and REST API resources
UI screen
REST API resource
Server Hardware Types
server-hardware-types
More information
About server hardware types (page 138)
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.25 Server profiles
Server profiles capture key aspects of the server configuration in one place, enabling you to
provision converged infrastructure hardware quickly and consistently according to your best
practices.
A server profile can contain the following configuration information about the server hardware:
56
•
Basic server identification information
•
Operating system deployment settings
•
Firmware versions
•
Connections to Ethernet networks, Ethernet network sets, FCoE networks, and Fibre Channel
networks
•
Local storage
•
SAN storage
•
Boot settings
•
BIOS settings
•
Physical or virtual UUIDs (universally unique identifiers), MAC (media access control)
addresses and WWN (World Wide Name) addresses
Understanding the resource model
Relationship to other resources
A server profile is associated with the following resources in the resource summary
diagram (page 40):
•
Zero or one server profile template
•
Zero or more connection resources. You use a connection resource to specify connection
from the server to a network or network set. If you do not specify at least one connection,
the server cannot connect to data center networks. The networks and network sets that are
available to a server profile connection depend on the configuration of the logical interconnect
of the enclosure that contains the server hardware.
•
Zero or one server hardware resource.
•
Exactly one server hardware type resource.
•
Exactly one enclosure group resource.
To enable portability of server profiles, a server profile is associated with an enclosure group
resource instead of an enclosure resource. Because enclosures in the enclosure group are
configured identically, you can assign a server profile to any appropriate server hardware,
regardless of which enclosure and bay in the enclosure group contains that server hardware.
UI screens and REST API resources
UI screen
REST API resource
Server Profiles
server-profiles
More information
Managing server profiles (page 141)
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.26 Server profile templates
Server profile templates help to monitor, flag, and update server profiles in HPE OneView.
A server profile template defines the source for the configuration of:
•
Firmware versions
•
Connections to Ethernet networks, Ethernet network sets, and Fibre Channel networks
•
Local storage
•
SAN storage
•
Boot settings
•
BIOS settings
•
Profile affinity
Relationship to other resources
A server profile template is associated with the following resource in the resource summary
diagram (page 40):
•
Zero or more server profile resources.
•
Zero or more connection resources.
2.26 Server profile templates
57
•
Exactly one server hardware type resource.
•
Exactly one enclosure group resource.
To enable portability of server profiles, a server profile is associated with an enclosure group
resource instead of an enclosure resource. Because enclosures in the enclosure group are
configured identically, you can assign a server profile to any appropriate server hardware,
regardless of which enclosure and bay in the enclosure group contains that server hardware.
UI screens and REST API resources
UI screen
REST API resource
Server Profile Templates
server-profile-templates
More information
Managing server profile templates (page 155)
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.27 Storage Pools
A storage pool exists on a storage system and contains volumes. Storage pools are created on
a storage system using the management software for that system. After you add a storage pool
to HPE OneView, you can add existing volumes or create new volumes.
In the resource model:
•
A storage pool exists on only one storage system.
•
A storage pool can contain zero or more volumes.
•
A storage pool can be associated with zero or more volume templates.
Relationship to other resources
A storage pool resource is associated with the following resources in the resource model summary
diagram (page 40):
•
One storage system, and through it, zero or more volumes, which can be connected to zero
or more server profiles
UI screens and REST API resources
UI screen
REST API resource
Storage Pools
storage-pools
More information
Storage pools (page 229)
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.28 Storage Systems
You can connect supported storage systems to HPE OneView to manage storage pools and
volumes.
58
Understanding the resource model
In the resource model:
•
A storage system can have zero or more storage pools.
•
A storage system can have zero or more volumes in each storage pool.
Relationship to other resources
A storage system resource is associated with the following resources in the resource model
summary diagram (page 40):
•
Zero or more storage pools, and through those storage pools, zero or more volumes.
•
Zero or more server profiles, through zero or more volumes.
UI screens and REST API resources
UI screen
REST API resource
Storage Systems
storage-systems
More information
Storage systems (page 228)
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.29 Unmanaged devices
An unmanaged device is a physical resource that is located in a rack or consumes power but is
not currently managed by HPE OneView. Some unmanaged devices are unsupported devices
that cannot be managed by HPE OneView.
All devices connected to an Intelligent Power Distribution Unit (iPDU) using an Intelligent Power
Discovery (IPD) connection are added to HPE OneView as unmanaged devices.
Other devices that do not support IPD—such as KVM switches, routers, in-rack monitors and
keyboards—are not added to the list of unmanaged devices automatically. To include these
devices in HPE OneView, you can add them manually and describe their names, rack positions,
and power requirements.
Relationship to other resources
An unmanaged device resource is associated with the following resources in the resource
summary diagram (page 40):
•
Zero or more racks
•
Zero or more power delivery devices
UI screens and REST API resources
UI screen
REST API resource
Notes
Unmanaged Devices
unmanaged-devices
You can view, add, or edit the properties of
unmanaged devices using either the UI or the REST
APIs. To delete an unmanaged device, you must use
the REST APIs.
More information
About unmanaged devices (page 138)
2.29 Unmanaged devices
59
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.30 Uplink sets
An uplink set assigns data center networks to uplink ports of interconnects. The uplinks must be
from physical interconnects that are members of the logical interconnect to which the uplink set
belongs. An uplink set is part of a logical interconnect. For each logical interconnect:
•
An uplink set cannot include a network set.
•
A network can be a member of one uplink set per logical interconnect group.
•
An uplink set can contain one Fibre Channel network.
•
An uplink set can contain multiple Ethernet networks.
•
An uplink set can contain one or more FCoE networks, but the uplinks must be contained
within a single FCoE-capable interconnect.
•
Internal networks allow server-to-server connectivity within the logical interconnect. Internal
networks are created by adding existing networks to internal networks and not associating
them with an uplink set. If you add an internal network to an uplink set, the network is
automatically removed from the internal networks.
Uplink sets that support connections to Synergy Image Streamer in a multi-frame configuration
must be assigned the type Image Streamer to correctly configure the associated ports. Image
Streamer uplink sets consist of one network and four uplink ports. An uplink set in a single-frame
Image Streamer configuration must be assigned the type Ethernet and use one uplink port.
Relationship to other resources
An uplink set is part of a logical interconnect or a logical interconnect group.
The uplink sets defined by a logical interconnect group specify the configuration for uplink sets
used by logical interconnects that are members of the group. If the uplink sets of a logical
interconnect do not match the uplink sets of the logical interconnect group, HPE OneView notifies
you that the logical interconnect is not consistent with its group.
UI screens and REST API resources
UI screen
REST API resource
Logical Interconnects or Logical Interconnect Groups uplink-sets
More information
About uplink sets (page 174)
Managing logical interconnects and logical interconnect groups (page 173)
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.31 Volumes
A volume is a virtual disk allocated from a storage pool. A server profile can define the attachment
of a server to a volume.
In the resource model:
60
•
A volume exists in only one storage pool, which exists on only one storage system.
•
A volume can be attached to zero, one, or many server profiles.
Understanding the resource model
Relationship to other resources
A volume resource is associated with the following resources in the resource model summary
diagram (page 40):
•
One storage pool, and through it, one storage system
•
Zero, one, or many server profiles through volume attachments
UI screens and REST API resources
UI screen
REST API resource
Volumes
storage-volumes
More information
Volumes (page 230)
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.32 Volume Templates
A volume template defines the settings for the volumes created from it. Use a volume templates
to create multiple volumes with the same configuration.
In the resource model:
•
A volume template can be associated with one storage pool.
Relationship to other resources
A volume template resource is associated with the following resources in the resource model
summary diagram (page 40):
•
One storage pool, which can have zero, one, or many volume templates associated with it
UI screens and REST API resources
UI screen
REST API resource
Volume Templates
storage-volume-templates
More information
Volume templates (page 231)
Resource model summary diagram (page 40)
Understanding the resource model (page 39)
2.32 Volume Templates
61
62
3 Understanding the security features of the Synergy
Composer
HPE OneView runs on a dedicated Synergy Composer (management software embedded into
the hardware). HPE OneView is configured to be secure-hardened out-of-the-box.
Only Transport Layer Security (TLS) protocols are now supported for GUI, REST API, and
message bus access. Any reference in the documentation to "SSL" should be understood to
mean "TLS" protocols.
3.1 About security hardening
The following are the secure (hardened) features of HPE OneView:
•
Best practice operating system security guidelines are followed:
◦
HPE OneView minimizes its vulnerability by running only the services required to provide
functionality.
◦
HPE OneView enforces mandatory access controls.
◦
HPE OneView maintains a firewall that allows traffic on specific ports and blocks all
unused ports. See “Ports required for HPE OneView” (page 74) for the list of network
ports used.
◦
Key services run only with the required privileges; they do not run as privileged users.
◦
The operating system bootloader is password protected. HPE OneView cannot be
compromised by someone attempting to boot in single-user mode.
◦
There are no users allowed at the operating system level (no interactive OS logins are
allowed). Users interact with HPE OneView strictly through:
–
REST APIs (either programmatically or through the graphical user interface)
–
the State Change Message Bus (AMPQ interface)
–
a captive CLI shell used to access unmanaged interconnects
•
HPE OneView is designed to operate entirely on an isolated management LAN. Access to
the production LAN is not required.
•
RBAC (role-based access control) enables an administrator to quickly establish access
control and authorization for users based on their responsibilities for specific resources.
RBAC also simplifies what is shown in the UI:
◦
Users can initiate actions only for the resources for which they are authorized. For
example, users with the role of Network administrator can initiate actions for the network
resources only, and users with the role of Server administrator can initiate actions for
the server resources only.
◦
Users with the role of Infrastructure administrator have full access to all screens and
actions.
•
HPE OneView supports integration with Microsoft Active Directory or OpenLDAP for user
authentication. Local HPE OneView user accounts can be completely disabled when
enterprise directories are in use. See “About directory service authentication” (page 242) for
more information.
•
HPE OneView enforces a password change at first login. The default password cannot be
used again.
3.1 About security hardening
63
•
HPE OneView supports self-signed certificates and certificates issued by a certificate
authority.
HPE OneView is initially configured with a self-signed certificate. As the Infrastructure
administrator, you can generate a CSR (certificate signing request) and, upon receipt, upload
the certificate. This ensures the integrity and authenticity of your HTTPS connection to the
Synergy Composer.
64
•
A UI that restricts access from host operating system users.
•
All browser operations and REST API calls use HTTPS. All weak SSL (Secure Sockets
Layer) ciphers are disabled.
•
The firmware image of the Synergy Composer is digitally signed by HPE. When re-imaging
the Composer in order to quickly bring it to a specific firmware revision level, the digital
signature is verified by the re-imaging process. This ensures the authenticity and integrity
of the image.
•
HPE OneView supports a secure update procedure for installing patches or upgrading to
the next version. The updates are digitally signed by HPE and the update procedure verifies
the digital signature. The signature and verification ensures the authenticity and integrity of
software updates.
•
Data downloads are restricted to support dump files (encrypted by default), proprietary
backup files, audit logs, and certificates.
•
Backup files and transaction logs are proprietary.
•
Support dumps are encrypted by default, but an Infrastructure administrator has the option
to not encrypt them. Support dumps are automatically encrypted when a user with another
role creates them, to protect customer information.
•
HPE OneView supports Service console access which enables an HPE Support
representative to obtain, with customer permission, a one-time password for privileged
access to the Synergy Composer in order to perform advanced diagnostics. See “Enable
or disable authorized services access” (page 75).
•
Hewlett Packard Enterprise closely monitors security bulletins for threats to HPE OneView
software components and, if necessary, issues software updates.
Understanding the security features of the Synergy Composer
3.2 Best practices for maintaining a secure Synergy Composer
The following table comprises a partial list of security best practices that Hewlett Packard
Enterprise recommends in both physical and virtual environments. Differing security policies and
implementation practices make it difficult to provide a complete and definitive list.
Topic
Best Practice
Accounts
• Limit the number of local accounts. Integrate HPE OneView with an enterprise directory solution
such as Microsoft Active Directory or OpenLDAP.
Certificates
• Use certificates signed by a trusted certificate authority (CA), if possible.
HPE OneView uses certificates to authenticate and establish trust relationships. One of the
most common uses of certificates is when a connection from a web browser to a web server
is established. The machine level authentication is carried out as part of the HTTPS protocol,
using TLS. Certificates can also be used to authenticate devices when setting up a
communication channel.
HPE OneView supports self-signed certificates and certificates issued by a CA.
HPE OneView is initially configured with self-signed certificates for the web server and message
broker software.
Hewlett Packard Enterprise advises customers to examine their security needs (that is, to
perform a risk assessment) and consider the use of certificates signed by a trusted CA. For
the highest level of security, Hewlett Packard Enterprise recommends that you use certificates
signed by a trusted certificate authority:
◦
Ideally, you should use your company's existing CA and import their trusted certificates.
The trusted root CA certificate should be deployed to user’s browsers that will contact
systems and devices that will need to perform certificate validation.
◦
If your company does not have its own certificate authority, then consider using an external
CA. There are numerous third-party companies that provide trusted certificates. You will
need to work with the external CA to have certificates generated for specific devices and
systems and then import these trusted certificates into the components that use them.
As the Infrastructure administrator, you can generate a CSR (certificate signing request) and,
upon receipt, upload the certificate to the HPE OneView web server. This ensures the integrity
and authenticity of your HTTPS connection to the Synergy Composer. Certificates can also
be uploaded for the database and message broker.
For more information, see “Using a certificate authority” (page 71).
Network
• Hewlett Packard Enterprise recommends creating a private management LAN and keeping
that separate from production LANs, using VLAN or firewall technology (or both).
◦
Management LAN
Grant management LAN access to authorized personnel only. For example, Infrastructure
administrators, Network administrators, and Server administrators.
• Do not connect management systems (for example, the Synergy Composer, the iLO) directly
to the Internet.
If you require inbound Internet access, use a corporate VPN (virtual private network) that
provides firewall protection. For outbound Internet access (for example, for Remote Support),
use a secured web proxy. To set the web proxy, see ”Preparing for remote support registration”
or “Configure the proxy settings” in the online help for more information.
3.2 Best practices for maintaining a secure Synergy Composer
65
Topic
Best Practice
Nonessential
services
• HPE OneView is preconfigured so that nonessential services are removed or disabled in its
management environment. Ensure that you continue to minimize services when you configure
host systems, management systems, network devices (including network ports not in use) to
significantly reduce the number of ways your environment could be attacked.
Passwords
Hewlett Packard Enterprise recommends that you integrate HPE OneView with an enterprise
directory such as Microsoft Active Directory or OpenLDAP and disable local HPE OneView
accounts. Your enterprise directory can then enforce common password management policies
such as password lifetime, password complexity, and minimum password length.
Roles
• Clearly define, and assign roles to users according to the access they need to perform their
tasks.
The Infrastructure administrator role should be reserved for the highest access.
Service
Management
• Consider using the practices and procedures, such as those defined by the Information
Technology Infrastructure Library (ITIL). For more information, see the following website:
http://www.itil-officialsite.com/home/home.aspx
Updates
• Sign up for HPE OneView bulletins at www.hpe.com/support/e-updates
• Install updates for all components in your environment on a regular basis.
Managed
Environment
• Educate administrators about changes to their roles and responsibilities.
• Restrict access to console to authorized users. For more information, see “Controlling access
to the Synergy Composer console” (page 74)
• If you use an Intrusion Detection System (IDS) solution in your environment, ensure that the
solution has visibility into network traffic in the virtual switch.
• Maintain a zone of trust, for example, a DMZ (demilitarized zone) that is separate from
production machines.
• Ensure proper access controls on Fibre Channel devices.
• Use LUN masking on both storage and compute hosts.
• Ensure that LUNs are defined in the host configuration, instead of being discovered.
• Use hard zoning (which restricts communication across a fabric) based on port WWNs
(Worldwide Names), if possible.
• Ensure that communication with the WWNs is enforced at the switch-port level.
3.3 Creating a login session
You create a login session when you log in to HPE OneView through the browser or some other
client (for example, using the REST API). Additional requests to HPE OneView use the session
ID, which must be protected because it represents the authenticated user.
A session remains valid until you log out or the session times out (for example, if a session is
idle for a longer period of time than the session idle timeout value).
The default timeout value is 24 hours. To change the value on a per-session basis, use POST
/rest/sessions/idle-timeout.
3.4 Authentication for Synergy Composer access
Access to HPE OneView requires authentication using a user name and password. User accounts
are configured in HPE OneView or in an enterprise directory. All access (browser and REST
APIs), including authentication, occurs over SSL to protect the credentials during transmission
over the network.
66
Understanding the security features of the Synergy Composer
3.5 Controlling access for authorized users
Access to HPE OneView is controlled by roles, which describe what an authenticated user is
permitted to do. Each user must be associated with at least one role.
3.5.1 Specifying user accounts and roles
User login accounts in HPE OneView must be assigned a role, which determines what the user
has permission to do.
For information on each role, and the capabilities these roles provide, see “About user roles” (page
236).
For information on how to add, delete, and edit user accounts, see the online help.
3.5.2 Mapping of SSO roles for iLO
HPE OneView enables SSO (single sign-on) to iLO without storing user-created iLO credentials.
The following table describes the mapping of roles between HPE OneView and iLO.
HPE OneView role
SSO to iLO roles
Infrastructure administrator
Admin
Server administrator
Admin
Network administrator
User
Read only
User
Backup administrator
None
Storage administrator
User
HPE OneView roles
See “About user roles” (page 236).
iLO roles
•
Administrator privileges enable assigning all administrative rights for server reset, remote
console, and login tasks.
•
User privileges have access restrictions, based on IP address, DNS name, or time.
3.5.3 Mapping HPE OneView interactions with iLO and iPDU
HPE OneView performs configurations on the iLO and iPDU. The following table summarizes
how HPE OneView interacts with these devices.
For firewall information, see “Ports required for HPE OneView” (page 74).
Protocol or
interaction
Description
iLO
Use
iPDU
Configure
Configure
✓
✓
Use
Configure
NTP
Configures NTP
SNMP
Enables and
configures SNMP to
collect information
✓
✓
✓
✓
✓
SNMP traps
Enables and
configures SNMP traps
sent to HPE OneView
✓
✓
✓
✓
✓
3.5 Controlling access for authorized users
67
Protocol or
interaction
Description
iLO
Use
iPDU
Configure
HTTPS
Collects information
1
(RIBCL/SOAP/JSON) (the specific protocol
varies, but all use SSL)
✓
Remote Console
Links from the UI to the
iLO Remote Console
✓
SSH
Not used
Telnet
Not used
XML reply
Collects generic
system information
✓
SSO
Enables and
configures an SSO
certificate for UI
access. See “Mapping
of SSO roles for
iLO” (page 67) for the
privileges that are
granted.
✓
✓
HPE OneView user
account
Configures and
manages the system
using an
administrator-level
user account (and
randomly generated
password)
✓
✓
1
Configure
Use
Configure
✓
✓
✓
✓
SSL encrypts traffic on the network, but does not authenticate the remote system's certificate.
3.6 Protecting credentials
Local user account passwords are stored using a salted hash; that is, they are combined with a
random string, and then the combined value is stored as a hash. A hash is a one-way algorithm
that maps a string to a unique value so that the original string cannot be retrieved from the hash.
Passwords are masked in the browser. When transmitted between HPE OneView and the browser
over the network, passwords are protected by SSL.
Local user account passwords must be a minimum of eight characters, with at least one uppercase
character. HPE OneView does not enforce additional password complexity rules. Site security
policy determines password strength and expiration (see “Best practices for maintaining a secure
Synergy Composer” (page 65)). Hewlett Packard Enterprise recommends that you integrate an
external authentication directory service (also known as an enterprise directory) with HPE
OneView. The directory service will enforce password management policies such as minimum
length and complexity.
3.7 Understanding the audit log
The audit log contains a record of actions performed on HPE OneView, which you can use for
individual accountability.
You must have Infrastructure administrator privileges to download the audit log.
For information on downloading the audit log from the UI, see “Download audit logs” (page 271).
Monitor the audit logs because they are rolled over periodically to prevent them from getting too
large. Download the audit logs periodically to maintain a long-term audit history.
68
Understanding the security features of the Synergy Composer
Each user has a unique logging ID per session, enabling you to follow a user’s trail in the audit
log. Some actions are performed by HPE OneView and might not have a logging ID.
A breakdown of an audit entry follows:
Token
Description
Date/time
The date and time of the event
Internal component The unique identifier of an internal component
ID
Reserved
The organization ID. Reserved for internal use
User domain
The login domain name of the user
User name/ID
The user name
Session ID
The user session ID associated with the message
Task ID
The URI of the task resource associated with the message
Client host/IP
The client (browser) IP address identifies the client machine that initiated the request
Result
The result of the action, which can be one of the following values:
• SUCCESS
• FAILURE
• SOME_FAILURES
• CANCELED
• KILLED
Action
Severity
A description of the action, which can be one of the following values:
• ADD
• LIST
• UNSETUP
• CANCELED
• MODIFY
• ENABLE
• DEPLOY
• LOGIN
• DELETE
• DISABLE
• START
• LOGOUT
• ACCESS
• SAVE
• DONE
• DOWNLOAD_START
• RUN
• SETUP
• KILLED
A description of the severity of the event, which can be one of the following values, listed in
descending order of importance:
• INFO
• NOTICE
• WARNING
• ERROR
• ALERT
• CRITICAL
Resource category For REST API category information, see the HPE OneView REST API Reference in the online
help.
Resource
URI/name
The resource URI/name associated with the task
Message
The output message that appears in the audit log
Maintenance console entries
The audit log includes entries for these Maintenance console events:
3.7 Understanding the audit log
69
•
Successful logins
•
Unsuccessful logins
•
Unsuccessful challenge-response authorization attempts
•
Attempted HPE OneView restarts
•
Attempted HPE OneView shutdowns
•
Attempts to reset the administrator password
•
Attempts to activate the Synergy Composer
•
Service console launches and exits
•
Entries in which no login was required
3.8 Choosing a policy for the audit log
Choose a policy for downloading and examining the audit log.
The audit log contains a record of actions performed on HPE OneView, which you can use for
individual accountability. As the audit log gets larger, older information is deleted. To maintain a
long-term audit history, you must periodically download and save the audit log.
For more information about the audit log, see “Understanding the audit log” (page 68).
3.9 Synergy Composer access over SSL
All access to HPE OneView is through HTTPS (HTTP over SSL), which encrypts data over the
network and helps to ensure data integrity. For a list of supported cipher suites, see Algorithms
for securing the appliance in the online help.
3.10 Managing certificates from a browser
A certificate authenticates HPE OneView over SSL. The certificate contains a public key, and
HPE OneView maintains the corresponding private key, which is uniquely tied to the public key.
NOTE: This section discusses certificate management from the perspective of the browser.
For information on how a non-browser client (such as cURL) uses the certificate, see the
documentation for that client.
The certificate also contains the name of the Synergy Composer, which the SSL client uses to
identify the Synergy Composer.
The certificate has the following boxes:
•
Common Name (CN)
This name is required. By default it contains the fully qualified host name of the Synergy
Composer.
•
Alternative Name
The name is optional, but Hewlett Packard Enterprise recommends supplying it because it
supports multiple names (including IP addresses) to minimize name-mismatch warnings
from the browser.
By default, this name is populated with the fully qualified host name (if DNS is in use), a
short host name, and the Synergy Composer IP address.
NOTE:
Name.
70
If you enter Alternative Names, one of them must be your entry for the Common
Understanding the security features of the Synergy Composer
These names can be changed when you manually create a self-signed certificate or a certificate
signing request.
3.10.1 Self-signed certificate
The default certificate generated by HPE OneView is self-signed; it is not issued by a trusted
certificate authority.
By default, browsers do not trust self-signed certificates because they lack prior knowledge of
them. The browser displays a warning dialog box; you can use it to examine the content of the
self-signed certificate before accepting it.
3.10.2 Using a certificate authority
Use a trusted CA (certificate authority) to simplify certificate trust management; the CA issues
certificates that you import. If the browser is configured to trust the CA, certificates signed by the
CA are also trusted. A CA can be internal (operated and maintained by your organization) or
external (operated and maintained by a third party).
You can import a certificate signed by a CA, and using it instead of the self-signed certificate.
The overall steps are as follows:
1.
2.
3.
4.
5.
You generate a CSR (certificate signing request).
You copy the CSR and submit it to the CA, as instructed by the CA.
The CA authenticates the requestor.
The CA sends the certificate to you, as stipulated by the CA.
You import the certificate.
For information on generating the CSR and importing the certificate, see the UI help.
3.10.3 Create a certificate signing request
HPE OneView uses a certificate for authentication over SSL. The certificate contains a public
key, and HPE OneView maintains the corresponding private key, which is uniquely tied to the
public key.
A certificate authority (CA) is a trusted party that issues a certificate that enables others, who
trust the CA, to also trust the host. In essence, the CA vouches for the host.
For information on creating a self-signed certificate, see “Create a self-signed certificate” (page 72).
Prerequisites
•
Minimum required privileges: Infrastructure administrator.
•
Gather the information for the request, as required by the CA.
•
Obtain the CA’s challenge password.
Creating a certificate signing request
1.
2.
3.
4.
5.
6.
From the main menu, select Settings.
Select Actions→Create certificate signing request.
Supply the data requested on the screen.
Click OK.
Copy the certificate request data from the dialog box and send it to the CA. The CA designates
how and where to send the certificate request data.
Click OK.
Next steps: After you receive the certificate from the CA, import the certificate. See Import a
certificate.
3.10 Managing certificates from a browser
71
3.10.4 Create a self-signed certificate
HPE OneView uses a certificate for authentication over SSL. The certificate contains a public
key, and HPE OneView maintains the corresponding private key, which is uniquely tied to the
public key.
A self-signed certificate indicates that a host vouches for itself, which, in some cases, might be
adequate. By default, browsers do not trust self-signed certificates and display a warning.
A more secure alternative is a certificate issued by a third-party certificate authority. For information
on these certificates, see “Create a certificate signing request” (page 71).
Prerequisites
•
Minimum required privileges: Infrastructure administrator
Creating a self-signed certificate
1.
2.
3.
4.
5.
6.
7.
From the main menu, select Settings.
Click Security.
Select Actions→Create self-signed certificate.
Supply the data requested on the screen.
Enter optional information, as needed.
Click OK.
Verify that the certificate was created. The certificate information is shown on the screen.
3.10.5 Import a certificate
After sending a certificate signing request to the CA and receiving a certificate, you must import
it.
Prerequisites
•
Minimum required privileges: Infrastructure administrator.
•
Ensure that no other users are logged in to HPE OneView.
Importing a certificate
1.
2.
3.
4.
5.
6.
From the main menu, select Settings.
Click Security.
Select Actions→Import certificate.
Copy the certificate text and paste it into the box provided.
Click OK.
After the web server restarts and reconnects, log in to HPE OneView.
3.10.6 View the Certificate settings
Prerequisites
•
Minimum required privileges: Infrastructure administrator, Backup administrator, Read only
Viewing the Certificate settings
1.
2.
Navigate from the main menu to the Settings screen.
Select Overview→Security→Certificate.
3.10.7 Downloading and importing a self-signed certificate into a browser
The advantage of downloading and importing a self-signed certificate is to circumvent the browser
warning.
In a secure environment, it is never appropriate to download and import a self-signed certificate,
unless you have validated the certificate and know and trust the specific appliance.
72
Understanding the security features of the Synergy Composer
In a lower security environment, it might be acceptable to download and import the appliance
certificate if you know and trust the certificate originator. However, Hewlett Packard Enterprise
does not recommend this practice.
Microsoft Internet Explorer and Google Chrome share a common certificate store. A certificate
downloaded with Internet Explorer can be imported with Google Chrome as well as Internet
Explorer. Likewise, a certificate downloaded with Google Chrome can also be imported by both
browsers. Mozilla Firefox has its own certificate store, and must be downloaded and imported
with that browser only.
The procedures for downloading and importing a self-signed certificate differ with each browser.
Downloading a self-signed certificate with Microsoft Internet Explorer
1.
2.
3.
4.
5.
6.
Click in the Certificate error area.
Click View certificate.
Click the Details tab.
Verify the certificate.
Select Copy to File...
Use the Certificate Export Wizard to save the certificate as Base-64 encoded X.509 file.
Importing a self-signed certificate with Microsoft Internet Explorer
1.
2.
3.
4.
5.
Select Tools→Internet Options.
Click the Content tab.
Click Certificates.
Click Import.
Use the Certificate Import Wizard.
a. When it prompts you for the certificate store, select Place….
b. Select the Trusted Root Certification Authorities store.
3.10.8 Verifying a certificate
You can verify the authenticity of the certificate by viewing it with your browser.
After logging in to HPE OneView, choose Settings→Security to view the certificate. Make note
of these attributes for comparison:
•
Fingerprints (especially)
•
Names
•
Serial number
•
Validity dates
Compare this information to the certificate displayed by the browser, that is, when browsing from
outside HPE OneView.
3.11 Nonbrowser clients
HPE OneView supports an extensive number of REST APIs. Any client, not just a browser, can
issue requests for REST APIs. The caller must ensure that they take appropriate security measures
regarding the confidentiality of credentials, including:
•
The session token, which is used for data requests.
•
Responses beyond the encryption of the credentials on the wire using HTTPS.
3.11.1 Passwords
Passwords are likely displayed and stored in clear text by a client like cURL.
3.11 Nonbrowser clients
73
Take care to prevent unauthorized users from:
•
Viewing displayed passwords
•
Viewing session identifiers
•
Having access to saved data
3.11.2 SSL connection
The client should specify HTTPS as the protocol to ensure SSL is used on the network to protect
sensitive data. If the client specifies HTTP, it will be redirected to HTTPS to ensure that SSL is
used.
The appliance certificate, which the client requires, allows the SSL connection to succeed. A
convenient way to obtain a certificate is to use a browser pointed at the appliance; for more
information on obtaining a certificate with a browser, see “Managing certificates from a browser”
(page 70)
3.12 Ports required for HPE OneView
HPE OneView requires specific ports to be available to manage servers, enclosures, and
interconnects.
Table 1 Ports required for HPE OneView
Port number
Protocol
Use
Description
22
TCP
Inbound and
Outbound
Used for SSH and SFTP. SSH is required to communicate
with interconnect modules. SFTP is required for actions such
as firmware upgrades and support dumps.
80
TCP
Inbound
Used for the HTTP interface. Typically, this port redirects to
port 443; this port provides the access required by the iLO.
123
UDP
Inbound
HPE OneView acts as an NTP server, iLO requires access.
123
UDP
Outbound
Used as an NTP client to synchronize HPE OneView time.
161
UDP
Outbound
Supports SNMP GET calls to obtain status data from a server
through iLO. Also used for iPDU.
162
UDP
Inbound
Used for SNMP trap support from the iLO, and iPDU devices.
This port is also used to monitor the VC interconnects and
trap forwarding.
443
TCP
Inbound
Used for the HTTPS interface to user interface and APIs.
443
TCP
Outbound
Used for secure SSL access to the iLO. Used for Redfish,
RIBCL, SOAP, and iPDU communication.
2162
UDP
Inbound
Used as an alternative SNMP trap port.
5671
TCP
Inbound
Allows external scripts or applications to connect to and
monitor messages from the SCMB (State-Change Message
Bus).
17988
TCP
Outbound
Used for virtual media access to the iLO from HPE OneView.
17990
TCP
Browser to iLO
Provides browser access to the remote console.
3.13 Controlling access to the Synergy Composer console
Typical legitimate uses for access to the console are:
74
•
Performing hardware setup operations
•
Troubleshooting network configuration issues
Understanding the security features of the Synergy Composer
•
Resetting an administrator password
For information on how to reset the administrator password, see “Reset the administrator
password” (page 244).
•
Enabling service access by an on-site authorized support representative
3.13.1 Enable or disable authorized services access
When you first start up HPE OneView, you can choose to enable or disable access by on-site
authorized support representatives. By default, on-site authorized support representatives are
allowed to access your system through the Synergy Composer console and diagnose issues
that you have reported.
Support access is privileged, which enables the on-site authorized support representative to
debug any problems on the Synergy Composer. Access to the services access account requires
the technician to obtain a one-time password using a challenge/response mechanism similar to
the one for a password reset.
Any time after the initial configuration of HPE OneView, an Infrastructure administrator can enable
or disable services access through the UI with the following procedure:
Prerequisites
•
Minimum required privileges: Infrastructure administrator
Enabling or disabling authorized services access
1.
2.
From the main menu, select Settings.
Click the Edit icon in the Security panel.
The Edit Security window opens.
3.
4.
Select the appropriate setting for Service console access:
•
Disabled to prevent access to the console.
•
Enabled to allow access to the console.
Click OK.
You can also use an /rest/appliance/settings REST API to enable or disable services
access.
CAUTION: Hewlett Packard Enterprise recommends that you enable access. Otherwise, the
authorized support representative will not be able to access HPE OneView to troubleshoot issues.
3.14 Files you can download from the Synergy Composer
You can download the following data files from HPE OneView:
•
Support dump
By default, all data in the support dump is encrypted and accessible by an authorized support
representative only.
•
Backup file
All data in the backup file is in a proprietary format. Hewlett Packard Enterprise recommends
that you encrypt the file according to your organization's security policy.
•
Audit logs
Session IDs are not logged, only the corresponding logging IDs are logged. Passwords and
other sensitive data are not logged.
3.14 Files you can download from the Synergy Composer
75
76
4 Navigating the graphical user interface
4.1 About the graphical user interface
To learn the names of common areas, icons, and controls on a UI screen, see the numbered
descriptions that appear after the image.
Figure 3 Screen topography
1
2
3
4
HPE OneView main menu: The primary
menu for navigating to resources. Click
the
icon or click anywhere in the area
to expand the menu.
View selector: Enables you to control the
information displayed about a resource
so that you can focus only on what you
are interested in.
Map view icon: Provides a graphical
representation of the relationships
between the selected resource and other
resources. To see these relationships,
select the icon or the select the Map
view in the view selector
Actions menu: Provides the actions that
are available to run on the current
resource. Actions include, but are not
limited to: adding, creating, deleting,
removing, and editing a resource instance.
If you do not have the appropriate
permissions to perform an action, the
6
7
8
9
10
Session control: Tracks who is currently
logged in to the appliance and the duration
of each login session. Also enables you to
and edit some user account information,
depending on your user credentials.
Help control: Expands (or hides) a sidebar
which provides access to UI and REST API
help, the EULA and Written Offer, and the
HPE OneView online user forum.
Activity sidebar: Shows recent alerts and
task activity for the current resource. Use
the Activity control icon to open (or close)
this sidebar.
Details pane: Provides all information
known about a selected resource instance.
To see details about a particular resource
instance, click its name in the master pane.
Master pane: Lists all resource instances
that have been configured on the
appliance. In some cases, a status icon
indicates general health of the resource.
4.1 About the graphical user interface
77
5
action does not appear on the Actions
menu.
Activity control: Expands (or hides) a
sidebar of recent appliance, resource, or
user activity (from the current login
session and browser window).
In addition to the screen components shown in Figure 3 (page 77), every UI screen has a
notifications area that notifies you when an event or activity requires your attention.
Some screens also have a filters sidebar that enables you to control the type of information
displayed in the master pane.
4.2 Activity sidebar
4.2.1 About the Activity sidebar
The Activity sidebar shows tasks initiated during the current session. The most recent task is
displayed first.
Task notifications provide information (including in-progress, error, and completion messages)
about tasks that were launched.
The Activity sidebar differs from the Activity screen because it displays only recent activity.
The Activity screen, in contrast, displays all activities and allows you to list, sort, and filter them.
For more information, see “About Activity” (page 285).
Click an activity to show more details.
4.2.2 Activity sidebar details
The Activity sidebar shows task activities generated during your current login session.
Component
Description
Shows recent task activity generated during your login session.
When the Activity sidebar is closed, the number of alert or task notifications that have not
yet been viewed appears next to the Activity icon.
Activity
Describes the alert or task and the affected resource.
A health status icon indicates the current status of the resource associated with the activity.
4.2.3 Expand or collapse the Activity sidebar
Prerequisites
•
Minimum required privileges: Network administrator, Server administrator, Infrastructure
administrator, Backup administrator, Read only
Expanding or collapsing the Activity filter sidebar
1.
Use the right pin icon ( ) to expand the Activity filter sidebar.
Use the left pin icon ( ) to collapse the Activity filter sidebar.
2.
Select an activity to reveal more details.
Next step: Filter activities.
4.3 Audit tracking
Change tracking provides a history of the changes you make within an action dialog box, such
as an add action. Click
78
in the lower left corner in the dialog to view the changes.
Navigating the graphical user interface
Figure 4 Expanded view of audit tracking
4.4 Banner and main menu
The main menu is the primary method for navigating to resources and the actions that can be
performed on them.
To expand the main menu, click inside the main menu area of the banner.
Figure 5 Banner
The main menu provides access to resources; each resource screen contains an Actions menu.
•
If you are not authorized to view a resource, that resource does not appear in the main menu.
•
If you do not have the appropriate permissions to perform an action, the action does not
appear on the Actions menu.
Figure 6 Expanded main menu
4.4 Banner and main menu
79
4.5 Browsers
For general information about browser use, see the following topics:
•
“Browser best practices for a secure environment” (page 80)
•
“Commonly used browser features and settings” (page 80)
•
“Browser requirements” (page 81)
•
“Set the browser for US or metric units of measurement” (page 81)
4.5.1 Browser best practices for a secure environment
Best practice
Description
Use supported browsers
See the HPE OneView Support Matrix for HPE Synergy to ensure that your browser
and browser version are supported and the appropriate browser plug-ins and settings
are configured.
Log out of the appliance
before you close the
browser
In the browser, a cookie stores the session ID of the authenticated user. Although the
cookie is deleted when you close the browser, the session is valid on the appliance
until you log out. Logging out ensures that the session on the appliance is invalidated.
NOTE:
hours.
If you close the browser, any open sessions will be invalidated within 24
Avoid linking to or from sites When you are logged in to the appliance, avoid clicking links to or from sites outside
outside of the appliance UI the appliance UI, such as links sent to you in email or instant messages. Content outside
the appliance UI might contain malicious code.
Use a different browser to
access sites outside the
appliance
When you are logged in to the appliance, avoid browsing to other sites using the same
browser instance (for example, via a separate tab in the same browser).
For example, to ensure a separate browsing environment, use Firefox for the appliance
UI, and use Chrome for non-appliance browsing.
4.5.2 Commonly used browser features and settings
80
Feature
Description
Screen resolution
For optimum performance, the minimum screen size is 1280 × 1024 pixels for desktop
monitors and 1280 × 800 for laptop displays. The minimum supported screen size is
1024 × 768 pixels.
Language
US English, Japanese, and Simplified Chinese are the supported languages.
Close window
You can close browser windows at any time. Closing the window while you are logged
in invalidates your session after 24 hours.
Copy and paste
You can select and copy most text, with the exception of text in images. You can paste
text into text entry boxes.
Search in a screen
Press Ctrl+F to search for text in the current screen.
Local history
Right-click the browser back button to view the history of the active tab. Use this feature
to determine how you arrived at the current screen.
Navigating the graphical user interface
Feature
Description
Back and forward buttons
You can use the browser back and forward buttons to navigate the UI.
NOTE: Pop-up dialog boxes are not considered screens. If you click the back button
while a pop-up dialog box is displayed, you return to the previous screen.
If you click the forward button to go to a pop-up dialog box, you go instead to the screen
with the link to the pop-up dialog box.
The exceptions are screens that you access directly from the Actions menu. If you
use the browser navigation buttons with these screens, you lose any unsaved changes
you made on the screens.
Bookmarks
You can create bookmarks for commonly-used screens. You can email these links to
other users, who must log in and have the appropriate authorization for the screen.
Open screens in a new tab Right-click a hyperlink in the appliance to a resource or screen to open the link in a
or window
new tab or window.
NOTE: If you right-click a link while in an edit screen, the actions you take on another
screen do not automatically refresh the form in the first screen.
Browser refresh
If you click the browser refresh button to refresh a screen on which you have added
but not saved information, you lose the information.
Zoom in/zoom out
Use the zoom in or zoom out feature to increase or decrease the text size.
4.5.3 Browser requirements
The appliance has specific browser requirements that can affect its use. The following browsers
are supported:
•
Microsoft Internet Explorer: Version 10 and Version 11
•
Mozilla Firefox: ESR Version 17, Personal edition (latest version)
•
Google Chrome (latest version)
4.5.4 Set the browser for US or metric units of measurement
To configure how units of measurement are displayed—either in United States (US) or metric
units—change the region portion of the language setting in your browser.
Metric units are used for all regions except the United States region. Specify the United States
as your region code if you want United States customary units. Specify any other region code if
you want metric units.
4.5 Browsers
81
Table 2 Set US or metric units of measurement
Browser
Procedure
Google Chrome
1.
2.
3.
4.
5.
Microsoft Internet Explorer
The browser locale and regions locale are derived from your Windows settings.
Click the Google menu icon.
Select Settings→Show advanced settings...
Scroll down to Languages and click Language and input settings...
Click Add and then select the language you want to use.
Restart the browser to apply your changes.
1. Select Tools+Internet Options+General (tab)+Languages→Language
Preference.
2. Specify your own language tags. Click Add button in the Language
Preferences dialog box, and then enter your language tag in the User-defined
box.
3. Click OK.
4. Restart the browser to apply your changes.
Mozilla Firefox
The browser locale and regions locale are derived from the version of Firefox
you are running.
1. Select Tools→Options→Content→Languages→Choose.
2. Select your preferred language and then click OK.
3. Restart the browser to apply your changes.
4.6 Button functions
UI buttons have the same function, whether they appear on screens or dialog boxes.
Table 3 Standard UI buttons
Button
Description
Add and Add +
Adds items from your data center environment . for management or monitoring
• Add adds a single item and closes the screen or dialog box.
• Add + enables you to add another item in the same dialog box.
Create and Create +
Creates logical constructs used by the appliance (such as server profiles, logical
interconnect templates, and network sets).
• Create creates a single item and closes the screen or dialog box.
• Create + enables you to create another item in the same session.
Close
Closes a screen or dialog box and returns you to the previous screen.
Cancel
Discards unsaved changes on a screen or dialog box and then closes the screen or
dialog box.
OK
Confirms and saves your entries and then closes the screen or dialog box.
4.7 Filters sidebar
Some resource screens have a Filters sidebar that enables you to control the amount and type
of information displayed in the details pane.
82
Navigating the graphical user interface
Figure 7 Filters sidebar
OneView
1
Search
Enclosures 1
Filters
Reset
Status:
All statuses
+ Add enclosure
Name
Encl1
Critical
Warning
OK
2
Unknown
Disabled
Labels:
All labels
finance
mkting
sales
1
2
Pin control: Switches between the Filters sidebar and Filters banner bar when clicked.
When the filter banner is in view, the filter headings display across the screen below the
resource title. Click the filter name to access the filter options when in the banner bar view.
Filtering criteria enables you to refine the information displayed for a resource in the master
pane.
4.8 Help sidebar
Click
in the banner to open the help sidebar. The help sidebar provides hyperlinks to the help
system, open source code used in the product, partner program, initial configuration procedures,
license agreement, written offer, and the online user forum.
Figure 8 Help sidebar
1
Opens context-sensitive help for the current screen in a new browser window or tab.
4.8 Help sidebar
83
2
3
4
5
6
7
8
Opens the top of the help contents in a new browser window, which enables you to navigate
to the entire table of contents for the UI help.
Opens the top of the REST API Reference contents in a new browser window, which enables
you to navigate to the entire table of contents for the REST API Reference.
Opens a new browser window to the Composable Infrastructure partner program website.
Opens the first-time setup help in a new browser window, which guides you through initial
configuration tasks to make your data center resources known to the appliance and bring
them under management.
Displays the End-User License agreement (EULA).
Displays the Written offer, which describes the open source products used by HPE OneView.
Opens a new browser window to the online user forum where you can share your
experiences using HPE OneView and pose or answer questions.
4.8.1 View the End-User License agreement
Use this procedure to view the End-User License agreement for HPE OneView.
Viewing the End-User License agreement
1.
2.
Click the icon in the banner to open the Help sidebar.
Click End-User License agreement.
4.8.2 View the Written Offer
Use this screen to review the Written offer, which describes how to send a request for source
code, as stipulated under applicable third-party licenses.
Viewing the Written Offer
1.
2.
Click the icon in the banner to open the Help sidebar.
Click Written Offer.
4.9 Appliance status screens
Depending on certain conditions and situations, status screens will provide recommendations
for corrective action or troubleshooting hints and tips. Should those screens appear, refer to the
following topics for more information.
4.9.1 Starting
The appliance is starting up or restarting.
Initially, a rotating in-progress icon is displayed, eventually followed by a progress bar. As web
applications for the appliance become active, a progress bar advances. On completion, the login
screen displays.
4.9.2 Oops
The appliance encountered a serious error and could not recover from it.
Restarting the appliance might resolve the error.
The error message will advise you to create a support dump file and save it to a USB drive and
contact your authorized support representative.
CAUTION:
Creating the support dump file overwrites any backup file that exists on the appliance.
4.9.3 Updating the appliance
An appliance update is in progress.
84
Navigating the graphical user interface
The appliance will restart after it is updated and you will be presented with a login screen. This
restart will not disrupt the operation of the systems under management.
4.9.4 Temporarily unavailable
The appliance is off-line or unresponsive.
This screen is also displayed after you shut down the appliance.
4.9.5 Resetting
The Synergy Composer is currently being reset to its original, factory defaults.
The factory reset operation has the option to preserve or destroy the appliance network settings.
If they were destroyed, you will need to reset the network settings.
After the reset operation is complete, you need to determine the IP address to use in the browser
window so that you can log in to the Synergy Composer. Do one of the following to configure the
Synergy Composer:
•
Restore the Synergy Composer from a backup file. See “Restore a Synergy Composer from
a backup file” (page 256)
•
Configure the Synergy Composer manually. See “Initial configuration of resources in HPE
OneView” (page 115).
IMPORTANT: The factory reset operation is not available while the appliance is highly available.
Before you can perform the factory reset operation on the appliance, you must remove the standby
appliance. The standby appliance is factory reset as part of the removal operation.
The UI will not be available from any monitor port of the frame link module unless you restore
the appliance from a recent backup file. Otherwise you must also perform a factory reset of the
frame link module.
If the Maintenance console indicates the HPE Synergy Composer is offline and unusable or
requires manual action, see “Synergy Composer is offline and unusable” (page 358) or “Synergy
Composer is offline, manual action is required” (page 357), as needed.
More information
“About the factory reset operation” (page 446)
4.9.6 Waiting
The appliance is currently waiting for resources:
•
To become available while it is restarting.
The Starting status screen displays when those resources are available.
•
To become available while it is being updated
The Updating status screen displays when those resources are available.
•
To quiesce while it is shutting down.
The Temporarily unavailable status screen will be displayed.
There is also the possibility that the appliance encountered an error. In that case, the Oops status
screen will be displayed.
4.9 Appliance status screens
85
4.10 Icon descriptions
HPE OneView uses icons as user controls and to show the current status of resources and
activities.
•
“Status and severity icons” (page 86)
•
“User control icons” (page 86)
•
“Informational icons” (page 87)
4.10.1 Status and severity icons
Large icon
Small icon
Resource
Activity
Task
Critical
Critical
Failed/Interrupted
Warning
Warning
Warning
OK
Informational
Success
Disabled
Canceled
Unknown
An In progress rotating icon indicates that a change is being applied or a task is running.
This icon can appear in combination with any of the resource states. For example:
4.10.2 User control icons
Icon
Name
Action
Expand
menu
Expands a menu to show all options
View details Identifies a title that has additional information. Clicking the title changes the view to
display details.
86
Expand
Expands a collapsed list item
Collapse
Collapses an expanded list item
Edit
Enables editing
Delete or
remove
Deletes the current entry
Search
Searches for the text you enter in the Search box. This is especially useful for finding
types of resources or specific resources by name.
Navigating the graphical user interface
Icon
Name
Action
Pin
The left pin expands or collapses the Filters sidebar
The right pin expands or collapses the Activity sidebar or Help sidebar
Sort
Determines whether items are displayed in ascending or descending order
UID
Turns the light on or off on the corresponding device so that you can locate the device
in the Data Center.
4.10.3 Informational icons
Icon
Name
Description
Map
Provides a graphical representation of the relationships between the current resource
and other resources
Activity
control
Provides a recent history of user and appliance initiated tasks and alerts
Session
control
Displays your login name and the duration of your current session. Also provides a link
you can use to log out of the appliance.
To change your full name, password, and contact information, click the Edit icon next
to your login name.
Help control • When this icon is at the top of a dialog box, you can click it to open context-sensitive
help for that topic in another window or tab.
• In the banner, this icon expands or collapses the Help sidebar, where you can browse
the help documentation or find help on the screen currently displayed. The help
sidebar provides the following:
◦
A Help on this page hyperlink to access context-sensitive help for the current
screen
◦
A Browse help hyperlink to access the entire help system
◦
Links that you can use to display the EULA and the Written Offer.
◦
A link to the HPE OneView Forum, an online forum for customers and partners
to share their experiences and pose questions related to using HPE OneView.
Community members as well as Hewlett Packard Enterprise representatives are
welcome to assist with answering questions.
4.11 Labels screen details
The Labels view enables you to view the labels for a resource. Labels can be used to organize
resources into groups. For example, you might want to identify the servers that are used primarily
by the Finance team, or identify the storage systems assigned to the Asia/Pacific division. You
can filter and search for labels across all resource types or within a specific resource.
4.12 Map view
screen details
The Map view enables you to examine the configuration and understand the relationships
between logical and physical resources in your data center. This view gives you immediate
visibility into your resources from the individual Ethernet, Fibre Channel, and FCoE networks all
the way up to the enclosure, rack, and top-level physical data center.
The Map view was designed to be highly interactive and useful even at scale.
4.11 Labels screen details
87
To open the relationship view for a resource, do one of the following:
•
Select Map from the view selector.
•
Select the
icon.
Providing context for a resource can be helpful when troubleshooting problems with the resource.
By looking at the Map view, you can determine if anything related to the resource is also having
a problem.
A status icon indicates the general health of the resource and provides a quick path to track
errors.
Figure 9 Sample Map view
The selected resource is located at the center of the Map view. Everything above the resource
is an ancestor; everything below the resource is a descendant.
A connecting line between boxes indicates a direct relationship, such as servers in an enclosure.
Use your pointer to hover over any resource to see its direct relationships to other resources.
Other items can be indirectly related to the resource, such as logical interconnect groups and
server profiles.
Click any resource that appears in a relationship view to open its specific Map view.
4.13 Notifications area
The notifications area on a resource UI screen appears when an activity (an alert or task) has
affected the resource, which might require your attention.
By default, one line of information appears in the notifications area. Click anywhere in the yellow
box to expand the notifications area and view more information associated with the activity. Click
again to collapse the notifications area.
88
Navigating the graphical user interface
Figure 10 Notifications area
1
A, Slot 1
!
Overview
The system A, Slot 1 is not configured for redundant power because it has 1 c...
Actions
All
0
1
0
General >
Model
Manag
!
A, Slot 1
Overview
Actions
Location
Power
Maximum
2
Serial
The system A, Slot 1 is notconfigured for redundant power because it has 1
connected power input(s). The system must have at least 2 connected power
inputs(s) to have redundant power.
All
0
1
0
The system A, Slot 1 is ...
Resolution: Configure the system with 1 more redundant power delivery
device(s) or verify that the configuration matches the target system
1
2
Powered by
parentLS1
Maximum power
280 Watts
Serial number
a963fdec-ebfb-4ba4
A collapsed notifications area (the default). Select All to view all activity associated with the
resource.
An expanded notifications area, which provides resolutions for critical or warning alerts that
require your attention, with links to Details, when they are available.
4.14 Log out of the appliance
1.
2.
Click the Session control icon in the banner.
Select Logout.
4.15 Organizing resources into groups by assigning labels
Labels identify resources so you can organize them into groups. After labeling your resources,
you can quickly view them by searching on the labels.
Prerequisites
•
Required privileges: Edit privileges for the resource
Adding a new label to a resource
1.
2.
From the main menu, select the resource, and then select the resource instance you want
to label.
Select Labels from the view selector.
3.
Select the
icon.
4.14 Log out of the appliance
89
4.
5.
Follow these guidelines to create a label name:
•
Labels are not case sensitive, but are displayed as entered.
•
Labels must be alphanumeric and a maximum of 80 characters. Labels can contain
spaces.
Click Add.
The new labels are shown.
6.
Click OK to add the labels to this resource.
Adding an existing label to a resource
1.
2.
From the main menu, select the resource category, and then select the resource instance
you want to label.
Select Labels from the view selector.
3.
4.
Select the icon.
Determine if you want to search for all labels or for a specific label.
5.
6.
•
To search for all labels for this resource type, click
label you want.
•
To search for a specific label, in the Name box, enter an existing label name or a portion
of the name, and then click .
. Scroll through the list to find the
Select the existing label and click Add.
Click OK to add the label to the resource.
Removing a label from a resource
1.
2.
From the main menu, select the resource, and then select the resource instance from which
you want to remove a label.
Select Labels from the view selector.
3.
4.
5.
Select the icon.
Click the Delete icon for the label you want to remove from this resource.
Click OK to remove the label from the resource.
Searching for resources by label
1.
Click in the Smart Search box and enter labels: followed by the label name.
TIP: Enter complete words or names as your search criteria. Partial words or names might
not return the expected results.
To search for a label with a space, enter the label name in quotes. For example,
labels:”Asia Pacific Division”.
Search
90
Navigating the graphical user interface
2.
Determine if you want to search for a specific label for the resource type, or search for a
label across all resource types.
•
To search for a label for a specific resource type:
a. Select the Scope for the resource type.
b. Press Enter.
The resources that share that label are shown.
•
To search for a label across all resource types:
a. Select Everything for the Scope.
a.
Press Enter.
A search results page lists the top matches for all resource types.
b.
Click on a resource instance (a hyperlink) on the results page to go to that resource.
The Overview view for the resource is shown.
4.15.1 View resources by label
On most screens, you can filter the view of resource instances based on their label.
The default filter is All labels, which shows all resource instances.
To filter the view based on a specific label or labels, select the label or labels from the Labels
menu. All resource instances with those labels are shown.
To clear selected label filters, select All labels.
NOTE: Up to 100 labels are shown for the resource. If you do not see the label you are looking
for, see Searching resources using labels.
Filter resources using labels
OneView
Server Hardware 2
labels:mkting labels:sales
All Statuses
Labels
Reset
All labels
+ Add server hardware
mkting
sales
Name
Model
Server Profile
Encl1, bay 1
BL660c Gen9
none
Encl1, bay 2
BL660c Gen9
none
4.16 Performing an action on multiple resources
For some actions, you can select multiple resources in the rather than performing the action on
one resource at a time. For example, you can power on many server blades with one operation.
Each action on a resource instance is logged individually in the Activity screen.
4.16 Performing an action on multiple resources
91
If the action cannot be performed on a specific resource instance, the resource is excluded
from the action. For example, if you try to power on a server that is already powered on, the
action is not performed on that server. Opening the for an action displays the results, which in
this example, shows that one server was powered on and two were excluded:
If any resource is excluded from the action, a critical or warning icon is displayed. A resource
is excluded if the action is not possible, such as attempting to delete a server profile for a
powered-on server. If multiple resources are excluded, select a single resource and try the action
again to determine why a resource was excluded.
Use the following key combinations to select multiple resources in the master pane:
•
To select a contiguous range of objects, select the resource at the beginning of the range
and press Shift and hold as you select the end of the range.
•
To select individual objects, press Ctrl and hold as you point to and select each object.
Use the Ctrl key to unselect any previously-selected objects.
4.17 Search help topics
1.
2.
On any screen, click the icon in the banner to open the help sidebar.
In the Help sidebar, select Help on this page.
Context-specific help appears in a separate browser window.
3.
In the new browser window where the help is displayed, click Search at the top of the left
navigation pane, next to the Contents and Index links.
Figure 11 UI help search box
4.
5.
Enter a search term in the Search box.
Press Enter or click List Topics to start the search process.
Search results are presented as links to the sections in which the search term appears.
6.
92
Scan the search results for the section title or titles that best match what you are looking for,
and click the link to view the content. Each instance of your search term is highlighted in
yellow for easy identification.
Navigating the graphical user interface
More information
“Help search features and limitations” (page 93)
4.17.1 Help search features and limitations
Features
Case sensitivy.
By default, searches are case-insensitive. The Case
sensitive check box enables you to search matching the
case of the word or phrase you enter.
Full word and phrase matches
You can search for full or hyphenated words.
Phrase search enables you to search for documents
containing an exact sentence or phrase by entering the
search text in double quotes (“).
Do not include special characters in the search text of a
phrase search.
Wildcard characters
The wildcard feature enables you to replace individual
letters, or sequences of letters, within the search word.
Use a question mark (?) to replace a single character.
Use an asterisk (*) to represent several (or zero)
characters.
Keyboard pasted characters
When entering a search keyword, you may find it useful to
copy it from another window, right-click in the text box, and
select Paste.
Boolean operators
This feature lets you combine keywords with the Boolean
operators to produce more relevant results:
Use a space character for Boolean AND.
Use either OR or or for Boolean OR.
Use a hyphen character (-) for NOT.
Auto complete
Auto-complete monitors what you are typing and, after
typing the first few characters, displays a list of suggested
words. If one of those words matches what you intended
to type, you can select it from the list.
Highlighting
Search highlighting highlights the searched key words or
phrase in the resulting documents.
Fuzzy search
Like a spelling corrector, a fuzzy search tries to correct
misspelled search text and suggests corrected text.
Proximity search
Proximity search looks for documents where two or more
word occurrences are at most ten words apart.
The proximity search operators are NEAR and FBY
(meaning “followed by”). These operators can be entered
in upper or lower case.
Synonym search
This feature suggests links to synonyms of the keyword.
Limitations
Special characters
Special characters are not allowed in word search.
The search function does not return topics or index entries that
contain special characters, such as the copyright symbol.
4.17 Search help topics
93
The backslash character (\) is not allowed inside a phrase.
Hyphen
The search function does not return topics or index entries that
contain a hyphen.
Common words
The search feature does not return common words such as a, an,
and the.
Initials
The search function does not return topics or index entries that
contain initials, such L.P..
Boolean searches
Boolean operator names must be entered in English.
The AND and OR Boolean operators cannot be combined in a
search text.
NOT operators must be at the end of the search string.
Proximity searches
The proximity operators must be entered in English.
More information
“Search help topics” (page 92)
4.18 Search resources
The banner of every screen includes the Smart Search feature, which enables you to find
resource-specific information such as specific instances of resource names, serial numbers,
WWNs (World Wide Names), and IP and MAC addresses.
In general, anything that appears in a resource master pane is searchable.
Smart Search makes locating resources easy, enabling you to inventory or take action on a
desired set of devices.
Perhaps you are looking for all resources in a given enclosure or need to find one server using
a certain MAC address. Smart Search instantly gives you the information you are seeking.
The default search behavior is to focus on the resource you are currently viewing. However, to
broaden the scope of your search across all resources, you must select the option to search
Everything, which searches all resources.
Search the current resource
Search all resources
1. Click in the Smart Search box.
1. Click in the Smart Search box.
Search
2. Enter your search text and press Enter.
Search
2. Select Everything.
The search results are focused in your current
location in the UI.
3. Enter your search text and press Enter.
Some resources might not include the option to choose between the current resource or
everything, in which case the default search is for everything.
94
Navigating the graphical user interface
When you start typing, search suggestions are provided based on pattern matching and
previously-entered search criteria.
•
You can either select a suggestion (the screen displays data containing that selection) or
click Enter.
•
If your search term is a resource, then the list of resources in a master pane is filtered to
match your search input.
TIP:
•
Enter complete words or names as your search criteria. Partial words or names might not
return the expected results.
•
If you enter a multi-word search term, results show matches for all words you enter.
•
Enclose a search term in double quotes (”) if the search term contains spaces.
When you find what you are looking for in the search results, which are organized by type, select
the item to navigate to it.
NOTE: The Smart Search feature does not search the help system. To learn how to search
the UI and REST API help, see “Search help topics” (page 92).
The most recent filter selection is displayed in the Smart Search box.
Table 4 Advanced searching and filtering with properties
Example of advanced filtering syntax
Search results
By model name:
HPE Synergy 660 Gen9
All hardware that matches the model number and name.
By name or address:
name:enclosure10
An enclosure with the name enclosure10.
name:"192.0.2.0, PDU 1"
A power delivery device with the name 192.0.2.0, PDU
1.
name:"192.0.2"
A list of physical machines whose IP addresses begin with
192.0.2.
name:"mysystem"
A list of physical machines for which the host name is
mysystem.
By health status:
status:Critical
All resources that are in a critical state.
For other health status values, see “Activity statuses” (page
289).
By associated resource:
Associated resource category:Networks"
All networks
By user role:
roles:"network administrator"
All users (by name) assigned with the Network
administrator role.
For other values for role, see “About user roles” (page 236).
By owner:
owner:Administrator
All resources and messages owned by the Infrastructure
administrator.
4.18 Search resources
95
Table 4 Advanced searching and filtering with properties (continued)
Example of advanced filtering syntax
Search results
By date:
created:<7d
Created within the last 7 days.
Refine results by combining properties:
A space character separating two of the same object
operates as a logical OR.
model:"HPE Synergy 480 Gen9" model:"HPE
Synergy 660 Gen9"
All HPE Synergy 480 Gen9 and Synergy 660 Gen9
hardware.
status:Critical status:Warning
All resources that are in either a critical or warning state.
A space character separating two dissimilar objects
operates as an AND.
owner:Administrator firmware
All activities owned by the Administrator and related to
firmware.
NTP status:critical
All critical messages related to NTP.
status:unknown state:locked
owner:Administrator
All messages with unknown status, having a locked state,
and owned by Administrator.
Combining AND and OR operations
The OR operator is useful for specifying similar objects.
The AND operator is useful for combining dissimilar
objects.
status:critical OR status:disabled
All messages with either a Critical or Warning status.
name:host.example.com status:Critical
status:Warning
All messages with either a Critical or Warning status and
related to the resource host.example.com.
associatedresourcecategory:network OR
associatedresourcecategory:Network sets
All messages pertaining to either the Network or Network
Sets resource categories.
associatedresourcecategory:power-devices
AND status:warning OR status:critical
All Critical or Warning messages for the power devices
resource category.
NOT operation
status:Warning NOT model:"ProLiant BL465c All messages with a Warning status except those that apply
to ProLiant BL465c G7 models
G7"
NOTE: You can only use NOT once in a query. NOT
operators that follow are treated as text.
4.18.1 Clear the Smart Search box
The Smart Search box retains filter options. Use this procedure to clear it before entering a
search parameter.
Clearing the Smart Search box
1.
2.
From the main menu, navigate to the Activity screen.
Click Reset in the Activity heading or the Activity filter sidebar.
4.19 View resources according to their health status
On most screens, you can filter the view of resource instances based on their health status, which
might be useful for troubleshooting or maintenance purposes.
96
Navigating the graphical user interface
The default filtering is All statuses, which means that all resource members are shown, regardless
of their health status.
To filter that view based on a specific health status, select the health status you are interested
in viewing from the Status menu.
For more information about health status icons and what they mean, see “Icon descriptions” (page
86).
Figure 12 Filter resource instances by their health status
OneView
Server Hardware 32
Search
All Labels
Status
All statuses
+ Add server hardware
Critical
none
Encl1, bay 1
Warning
Model
Model
Ok
Dl 360P Gen8
DL660c
Gen9
Unknown
Dl 360P Gen8
Disabled
BL660c
Gen9
Encl1, bay 2
BL660c Gen9
none
Name
172.18.6.15
Server Profile
none
4.19.1 Reset the health status view
OneView
Server Hardware 6
status:Warning
Warning
Labels
Reset
1
+ Add server hardware
1
Name
Model
Server Profile
172.18.6.15
DL360p Gen8
none
172.18.6.16
DL380p Gen8
none
172.18.6.31
DL360 Gen9
none
To return to the default view, All statuses, click the Reset link.
4.19 View resources according to their health status
97
98
5 Using the REST APIs and other programmatic interfaces
REST (Representational State Transfer) is a web service that uses basic CRUD (Create, Read,
Update and Delete) operations performed on resources using HTTP POST, GET, PUT, and DELETE.
To learn more about REST concepts, see http://en.wikipedia.org/wiki/
Representational_state_transfer.
The appliance has a resource-oriented architecture that provides a uniform REST interface.
Every resource has one URI (Uniform Resource Identifier) and represents a physical device or
logical construct. You can use REST APIs to manipulate resources.
5.1 Resource operations
RESTful APIs are stateless. The resource manager maintains the resource state that is reported
as the resource representation. The client maintains the application state and the client might
manipulate the resource locally, but until a PUT or POST is made, the resource as known by the
resource manager is not changed.
Operation
HTTP Verb
Description
Create
POST resource URI (payload
= resource data)
Creates new resources. A synchronous POST returns the newly
created resource. An asynchronous POST returns a TaskResource
URI in the Location header. This URI tracks the progress of the
POST operation.
Read
GET resource URI
Returns the requested resource representation(s)
Update
PUT resource URI (payload = Updates an existing resource
update data)
PATCH resource URI (payload Updates a part of the resource. For example, when you only need to
update one field of the resource.
= update data)
Delete
DELETE resource URI
Deletes the specified resource
5.2 Return codes
Return code
Description
2xx
Successful operation
4xx
Client-side error with error message returned
5xx
Appliance error with error message returned
NOTE: If an error occurs, indicated by a return code 4xx or 5xx, an ErrorMessage is returned.
The expected resource model is not returned.
5.3 URI format
All URIs point to resources. The client does not need to create or modify URIs. The URI for a
resource is static and uses the format https://{appl}/rest/resource
category/resource ID where:
https://{appl}
The appliance address
/rest
The type of URI
/resource category
The category of the resource (for example,
server-profiles)
5.1 Resource operations
99
/resource instance ID
The specific resource instance identifier (optional)
5.4 Resource model format
The resources support JSON (JavaScript Object Notation) for exchanging data using a REST
API. If not otherwise specified in the REST API operation, the default is JSON.
5.5 Log in to the appliance using REST APIs
When you log in to the appliance using the login-sessions REST API, a session ID is returned.
You use the session ID in all subsequent REST API operations in the auth header. The session
ID is valid for 24 hours.
Log in
Log out
Operation
Operation
POST
DELETE
API
API
/rest/login-sessions
/rest/login-sessions
Request headers
Request headers
REST API Request Headers
auth:{YourSessionID}
Request body
REST API Request Headers
{"userName":"YourUserName","password":"YourPassword"} Request body
None
NOTE: This is an example of a local log in on the
appliance. If you are using a directory service, you must Response
add the following attributes: authnHost and
204 No Content
authLoginDomain.
Response
The LoginSessionIdDTO that includes the session ID
5.6 REST API version and backward compatibility
When you perform a REST API operation, an X-API-Version header is required. This version
header corresponds to the REST API version of software currently running on the appliance. To
determine the correct REST API version, perform /rest/version. This GET operation does
not require an X-API-Version header. If multiple appliances are running in your environment,
you need to determine the REST API version required by each appliance.
NOTE: If an X-API-Version header is not included in the request, the APIs default to version
1. Because most APIs in HPE OneView have a minimum of 3 or greater, invoking an API without
including the X-API-Version header will likely result in an HTTP 404 error, because that version
of the API will not be found.
The requests documented in the HPE OneView REST API Scripting Help correspond to the API
Reference version included in the product.
Supported REST API versions
This release of HPE OneView supports the latest REST API version in addition to supporting the
REST API versions supported in previous releases of HPE OneView.
The HPE OneView REST API documentation for older REST API versions is available online at
www.hpe.com/info/oneview/docs, and the documentation for the current version of supported
REST APIs is included with the online help for this release as well as online.
100 Using the REST APIs and other programmatic interfaces
Backward compatibility
The following list explains how to preserve your existing scripts when upgrading to a new version
of HPE OneView, take advantage of new functionality, and find the current and previous versions
of the HPE OneView REST API documentation.
•
Prevent scripts from breaking
To prevent your existing scripts from breaking that were written for a specific API version,
use the same X-API-Version value for that specific REST API. This ensures that the
same set of data is sent and returned in the response body during PUT and POST operations.
NOTE: The set of possible enumerated values that may be returned in a given resource
attribute may be extended from release to release (independent of the API version). Clients
should ignore any values that they do not expect.
To maintain backward compatibility, the set of enumerated values will not be reduced and
the meaning of these values will not change for a given API version.
NOTE: The Index or SCMB always returns the latest version of resource data, independent
of what is sent in the X-API-Version header on the request (this header controls the Index
DTO model, but not the data contained within). To obtain a specific version of a resource’s
data, perform a GET on the resource’s URI with the desired X-API-Version header.
•
Use new functionality
To take advantage of new functionality, you must move to the new X-API-Version value.
If the X-API-Version value is set globally in your scripts, moving to a new X-API-Version
will likely impact multiple REST APIs. To view a list of REST APIs that have changed, see
What's New in the HPE OneView API Reference.
If you do not need to use the new functionality, you can use a previous X-API-Version
and avoid impacting your existing scripts. Hewlett Packard Enterprise recommends that you
move to the new X-API-Version, because backward compatibility is not guaranteed from
release to release, and older functionality will be deprecated.
The current version of the REST APIs are documented in the HPE OneView REST API
Reference that is included on the appliance. To view previous versions of the REST API
reference, go to www.hpe.com/info/oneview/docs.
5.7 Asynchronous versus synchronous operations
A synchronous operation returns a response after the REST API operation completes. For
example, POST /rest/server-profiles returns a newly created server profile in the response
body. An asynchronous operation, such as creating an appliance backup, returns the URI of a
task in the Location response header. You can use the task URI to retrieve the current status of
the operation, and to obtain the associated resource once the task is complete.
•
This is common behavior for all asynchronous APIs.
•
You should not depend on any other behavior to get the current status of the operation (such
as the content of the returned response body), as it varies from API to API.
See the API Reference for the behavior of each specific API.
•
You should not depend on any other behavior to occur, as it is subject to change in the
future, even for the same API version.
5.7 Asynchronous versus synchronous operations 101
Example 1 Example response header returned from an asynchronous appliance backup
REST call
HTTP/1.1 202 Accepted
Date: Tue, 26 Jan 2016 23:19:14 GMT
Server: Apache
Location:
https://<hostname>/rest/tasks/39CE80C4-EF2C-4717-90EA-EF166E83B49F
Content-Length: 0
cache-control: no-cache
5.8 Task resource
When you make an asynchronous REST API operation, HTTP status 202 Accepted is returned
and the URI of a TaskResource resource model is returned in the Location header of the
response.
You can then perform a GET on the TaskResource model URI to poll for the status of the
asynchronous operation. The TaskResource model also contains the name and URI of the
resource that is affected by the task in the associatedResource attribute.
Creating an appliance backup example
1. Create an appliance backup.
/rest/backups
The URI of a TaskResource in the Location header is returned in the response.
2. Poll for status of the backup using the TaskResource URI returned in step 1.
/rest/tasks/{id}
3. When the task reaches the Completed state, use the associatedResource URI in the TaskResource to
download the backup file.
GET {associatedResource URI}
5.9 Error handling
If an error occurs during a REST API operation, a 4xx (client-side) or 5xx (appliance) error is
returned along with an error message (ErrorMessage resource model). The error message
contains a description and might contain recommended actions to correct the error.
A successful REST API POST operation returns the newly created resource (synchronous) or a
TaskResource URI in the Location header (asynchronous).
5.10 Concurrency control using etags
A client uses etags to verify the version of the resource model. This prevents the client from
modifying (PUT) a version of the resource model that is not current. For example, if a client
performs a GET on a server profile and receives an etag in the response header, modifies the
server profile, and then updates (PUT) the resource model, the etag in the PUT request header
must match the resource model etag. If the etags do not match, the client PUT request will not
complete and a 412 PRECONDITION FAILED error is returned.
102 Using the REST APIs and other programmatic interfaces
5.11 Querying resources and pagination using common REST API
parameters
Querying resources
You can use a set of common parameters to customize the results returned from a GET operation,
such as sorting or filtering. Each REST API specification lists the set of available common
parameters.
Pagination when querying for a collection of resources
When you perform a GET operation to retrieve multiple resources (that is, a GET on a collection
URI, such as /rest/server-profiles), the resources are returned in a collection object that
includes an array of resources along with information about the set of resources returned. This
collection of resources may be automatically truncated into pages to improve performance when
a query would return a large number of resources. The collection attributes (described below)
provide information needed to determine whether the full set of resources were returned, or if
additional queries are required to retrieve additional pages.
For example, a collection object includes a next page and previous page URI. These URIs indicate
whether additional pages are available, and can be retrieved via a GET operation on these URIs.
This provides a simple model for ensuring all resources in the query have been retrieved, by
doing iterative GETs on the nextPageUri attribute until the attribute comes back empty/null
(See Example: Return all resources in a specific collection query below.).
It’s also possible to query for a specific page of resources, using the start and count query
parameters. These parameters indicate the index of the first resource to be returned, and the
number of resources to return in the page, respectively.
NOTE: Queries across multiple pages in a collection are stateless, and are based simply on
the start index and a count of resources returned from that starting point at the time the query is
made. For example, if any server profiles were added or deleted after you performed a GET
operation using a specific next page URI from a collection of server profile resources, and you
perform the GET again, the returned page using the same next page URI may not contain the
same set of resources.
Note also that the specific set of resources returned with a given start and count parameter is
highly dependent on any filter, query and sort parameters sent in the request, therefore
it’s important to always pass the same filter, query and sort parameters on all requests for
additional pages. The nextPageUri and prevPageUri attributes will be pre-populated with
any filter, query and sort parameters from the current request.
Attributes returned in all GET operations performed on a collection URI, for
example/rest/server-profile:
total
The total number of resources available in the requested collection
(taking into account including any filters). Not necessarily what was
returned.
count
The actual number of resources returned (in the members attribute).
start
The zero-based index of the first item returned (in the members attribute).
members
The array of resources returned in the current result set.
nextPageUri
A URI that can be used to query for the next page in the result set (using
the same count specified in the current query).
prevPageUri
A URI that can be used to query for the previous page in the result set
(using the same count specified in the current query).
5.11 Querying resources and pagination using common REST API parameters 103
NOTE: A null or empty nextPageUri or prevPageUri attribute is
an indication that you have reached the last or first page (respectively)
in the query. This allows scripts to iterate on nextPageUri until null,
in order to retrieve the full set of resources in the query.
Example: Return all resources in a specific collection query
The number of resources returned in a query might not match what was specified in the count
parameter. Clients must always check the returned results to determine whether the full results
set was returned or not. The two reasons that all the resources may not be returned in a query
are:
•
You've reached the last page of the query (and there are simply not that many resource left
to return). This is also indicated by a returned prevPageUri with a null value.
•
For performance reasons, the service may automatically truncate the returned result set,
requiring additional GET requests (with appropriate start & count parameters set) in order to
retrieve the full set of resources.
The simplest way to make sure that you have retrieved all resources in a specific collection is to
always perform iterative GET requests using the returned nextPageUri until the value is null.
See the following example in pseudo-code based on any filters/queries and sort order:
currentCollection = doGet("/rest/server-hardware");
allResources = currentCollection.members;
While (currentCollection.nextPageUri) {
currentCollection = doGet(currentCollection.nextPageUri);
allResources.Append(currentCollection.members);
}
5.12 State-Change Message Bus
The State-Change Message Bus (SCMB) is an interface that uses asynchronous messaging to
notify subscribers of changes to managed resources—both logical and physical. For example,
you can program applications to receive notifications when new server hardware is added to the
managed environment or when the health status of physical resources changes—without having
to continuously poll the appliance for status using the REST APIs. To learn more about receiving
asynchronous messages about changes in the appliance environment, see “Using a message
bus to send data to subscribers” (page 303).
5.13 Metric Streaming Message Bus
The Metric Streaming Message Bus (MSMB) is an interface that uses asynchronous messaging
to notify subscribers about the most recent metrics for managed resources. You can configure
the interval and the metrics that you want to receive using the REST APIs. To learn more, see
“Using a message bus to send data to subscribers” (page 303).
5.14 Analysis and troubleshooting
You can use REST APIs to capture data obtained from remote system logs and iLO and make
this data accessible for use by powerful troubleshooting and analysis tools.
5.14.1 HPE Operations Analytics integration with HPE OneView
The integration of Operations Analytics and HPE OneView provides IT professionals with
troubleshooting, analysis, and capacity planning information for devices managed using HPE
OneView. Using HPE OneView REST APIs, you can capture data from logs, metrics, alerts, and
inventories, and import them into Operations Analytics for graphical display and viewing.
104 Using the REST APIs and other programmatic interfaces
Real-time troubleshooting applications like Operations Analytics need access to HPE OneView
resources, relationships, metrics, alerts, and logs at near real time intervals. This data is then
used to pinpoint developing issues and avoid infrastructure downtime by predicting failure in
advance.
For technical information about Operations Analytics, see HPE Operations Analytics Manuals.
5.15 Developer tools in a web browser
You can use developer/debug tools in your web browser to view the REST API operations as
they happen in the UI. The UI uses REST APIs for all operations; therefore, anything you can
do in the UI can be done using REST API operations.
5.16 PowerShell and Python code sample libraries
Windows PowerShell and Python libraries are available on Git-compliant websites to download
and use for your REST API scripting. The libraries are currently under the MIT Open Source
license, and you can modify the source code for your own purposes. Each library provides
methods for you to submit feedback, issues, and other discussions to Hewlett Packard Enterprise.
About Git version control:
The repository layouts and overall workflows use a very standard simple workflow where the
master branch is always the top of tree trunk. Hewlett Packard Enterprise tags each release and
branches a release only to fix an issue on a specific release.
To learn more about using Git, see http://git-scm.com/book.
NOTE: If you have questions about REST API scripting or HPE OneView, post your questions
to the user community forum at http://www.hpe.com/info/oneviewcommunity.
PowerShell library
The PowerShell library is hosted on GitHub and is available here: https://github.com/
HewlettPackard/POSH-HPOneView. To subscribe to the site and monitor the project, you need
a valid Microsoft or GitHub account. Downloading releases or source code does not require
authentication.
For ease of use when the library is updated, a new installer is provided.
You can use a browser or a GIT Windows client to download the source code and samples. To
download the Windows client, see http://windows.github.com/.
The GitHub site provides an issues tracker to submit issues or feature requests.
Python library
The Python library is hosted on a GitHub website and is available here: https://github.com/
HewlettPackard/python-hpOneView.
To receive development discussions, sign up on the public mailing list at https://
groups.google.com/forum/#!forum/hp-oneview-python.
5.15 Developer tools in a web browser 105
106
6 Accessing documentation and help
This chapter describes how to access help from the appliance, how to access the publicly available
online information library, and where to find REST API help and reference documentation.
6.1 Online help—conceptual and task information as you need it
The online help documents both the UI and the REST APIs, and includes:
•
Overviews of the appliance and its features
•
Descriptions of resources and UI screens
•
Quick-start instructions for bringing your data center under management
•
Step-by-step instructions for using the UI to perform tasks
•
Information about using REST API scripting to perform tasks
•
The HPE OneView REST API Reference
•
Information about using the SCMB (State-Change Message Bus) to subscribe to state change
messages
REST API help design
The REST API help is designed so that:
•
Each resource is documented in its own chapter.
•
Each REST API scripting chapter identifies the REST API calls you must invoke to complete
the tasks.
•
Each REST API call links to the HPE OneView REST API Reference for details about the
API, such as attributes and parameters, the resource model schema, and JSON (JavaScript
Object Notation) examples.
UI help design
The online help for the UI is designed so that each resource is documented in its own chapter.
At the top of each help chapter is a navigation box that directs you to:
•
Tasks that you can perform using the UI
•
An About section that provides conceptual information about the resource
•
A screen details section for every screen, which provides definitions of screen components
to assist you in data entry and decision making
•
Troubleshooting information in case you encounter a problem
•
Links to the help for the associated REST APIs if you prefer to use REST API scripting to
perform a task
6.2 This user guide supplements the online help
This user guide provides:
•
Conceptual information and describes tasks you can perform using the UI or REST APIs. It
does not duplicate the step-by-step instructions provided by the online help unless the
information might be needed when the online help is not available.
•
For procedures that use the REST APIs, the REST APIs are listed, but the complete syntax
and usage information is included in the HPE OneView REST API Reference in the online
help.
6.1 Online help—conceptual and task information as you need it 107
•
Planning information, including configuration decisions to make and tasks that you might
need to perform before you install an appliance, add managed devices, or make configuration
changes.
•
Quick starts that provide high-level step-by-step instructions for selected tasks that might
require that you configure multiple resources using the UI or REST APIs.
6.3 Where to find HPE OneView documentation
User guides and other manuals
HPE OneView user guides and other manuals are available on the Hewlett Packard Enterprise
Information Library. See “Websites” (page 406) for other information resources.
Online help
To view help on the appliance, click
in a new browser window or tab:
to open the Help sidebar. Links in the sidebar open help
•
Help on this page opens help for the current screen
•
Browse help opens the top of the help system where you decide which help topics you want
to read about
•
Browse REST API help opens help for API scripting and reference information
•
Clicking
on a screen or dialog box opens context-sensitive help for that dialog box
NOTE: To submit feedback about HPE OneView documentation, send email to
[email protected].
6.4 Enable off-appliance browsing of UI help and REST API help
The off-appliance versions of the HPE OneView help systems are useful for developers who are
writing REST API scripts or other users who prefer the convenience of accessing help locally
without logging in to the appliance.
NOTE:
You can also browse the API Reference at http://www.hpe.com/info/oneview/docs.
Downloading HTML UI help and HTML REST help
1.
Go to the Enterprise Information Library:
http://www.hpe.com/info/oneview/docs
2.
3.
4.
5.
Select the HPE OneView online help and API Reference (download) zip and save it to your
computer or to a local directory on a web server.
Use the utility of your choice to extract the contents of the .zip file.
Navigate to the content directory.
Double-click the index.html file to open the HPE OneView help system.
108 Accessing documentation and help
Part II Configuration quick starts
The quick starts provided in this part describe the basic resource configuration tasks required to quickly
bring the primary components of your hardware infrastructure under appliance management. Additional
resource configuration and ongoing management tasks are documented in Part IV.
110
7 Quick Start: Initial setup
The topics in this chapter describe how to plan for and use the appliance user interface to bring
your IT infrastructure into HPE OneView.
I want to ...
Learn more
• “Initial hardware setup” (page 111)
• “About Hardware Setup” (page 112)
◦
“Verify hardware configuration” (page 111)
• “Hardware setup screen details” (page 112)
7.1 Initial hardware setup
Skip any steps you have already completed.
1.
Install and connect the Synergy hardware in the appropriate bay with correct cabling for your
planned configuration.
See the HPE Synergy 12000 Frame Setup and Installation Guide and the HPE Synergy
Configuration and Compatibility Guide for more information.
2.
On a frame that contains an Synergy Composer appliance module, connect to the Synergy
console.
The HPE Synergy console starts and the screen displays a link to access HPE OneView.
3.
Access the Hardware Setup screen in HPE OneView by doing one of the following:
•
Log in as the HardwareSetup user
Click the Hardware Setup button on the HPE OneView login screen.
With a direct connection to the monitor port, you can access the HPE OneView hardware
setup without providing credentials.
•
Log in as Administrator
See the HPE OneView User Guide for HPE Synergy for information about logging in
as Administrator for the first time.
4.
Verify your hardware configuration using the guidance on the HPE OneView Hardware
Setup screen.
More information
“About Hardware Setup” (page 112)
www.hpe.com/info/synergy-docs
7.2 Verify hardware configuration
7.2.1 Prerequisites
•
You have completed Initial hardware setup.
•
If you are going to configure the appliance network, you will need the network address.
7.2.2 Verifying hardware configuration
1.
From the Hardware Setup screen, verify that the Inventory list contains all of the hardware
that you expect.
NOTE: A spinning icon at the top of the inventory section indicates when HPE OneView
is bringing the enclosures and the devices within them under management. Devices may
not be listed until the discovery process is complete.
7.1 Initial hardware setup
111
2.
View and resolve any alerts in the Checklist.
The Checklist will display Setup incomplete until all alerts are resolved, then it will
display Setup complete.
3.
Optional: configure the appliance network.
NOTE: If you have logged in as Administrator for the first time, the Hardware Setup screen is
displayed. However, in all subsequent logins, the Dashboard displays. To access the Hardware
Setup screen from this location, select Hardware Setup in the main menu.
More information
HPE Synergy Troubleshooting Guide at www.hpe.com/info/synergy-docs
HPE Synergy Interactive Cabling Guide at www.hpe.com/info/synergy-docs
HPE Synergy 12000 Frame Setup and Installation Guide
7.3 About Hardware Setup
The Hardware setup screen allows the Hardware setup user or Administrator to view a list of
alerts and an inventory of discovered hardware. The alerts provide instructions and allow you to
drill down into problem areas to inspect the affected resource or device. The Hardware setup
user and the Administrator also have access to the consoles of installed server hardware and to
the CLI management consoles of non-VC interconnects.
Some examples of issues that you can troubleshoot using hardware setup:
•
Faulty hardware such as memory, processors, disks, fans, and power supplies
•
High temperature conditions
•
Backplane connector seating
•
Component connectivity, such as:
◦
Link faults
◦
Mezzanine ports
◦
Interconnect module downlinks and uplinks
◦
Link module management port status
◦
Link module link ports
◦
Server hardware and interconnect module management processor port links
7.4 Hardware setup screen details
7.4.1 Checklist
The checklist displays alerts.
7.4.2 Inventory
Enclosures
Displays the number of enclosures discovered by HPE OneView.
Interconnects
Displays the number of interconnects discovered by HPE OneView.
112
Quick Start: Initial setup
Server Hardware
Displays the number of server hardware devices discovered by HPE OneView.
7.5 Configure the appliance network at first-time login
The first time you log in to the appliance as administrator, you are instructed to configure
the appliance network. However, if you are logging in from the console, you do not need to enter
the networking configuration data.
Prerequisites
•
You have gathered the information you need to configure the appliance network.
•
Ensure that the tasks for adding enclosures have completed.
•
Ensure that the tasks for forming a high availability cluster have completed.
Configuring the appliance network
1.
2.
Enter the appliance network configuration information described in the networking panel
screen details.
Click OK to configure the network.
A security warning is displayed. Click Proceed Anyway.
7.5 Configure the appliance network at first-time login
113
114
8 Quick Start: Initial configuration of HPE OneView
Initial configuration of resources in HPE OneView is no different from configuring resources as
part of routine maintenance.
While HPE OneView is designed to allow flexibility in the order in which you create, add, and
edit resources and devices, Hewlett Packard Enterprise recommends using the following workflow
sequence for initial configuration or whenever you make significant additions or changes to your
environment.
To use REST APIs to configure the appliance and bring your environment under management
for the first time, see the REST API help, which is available from the Help Sidebar.
8.1 Initial configuration of resources in HPE OneView
8.1.1 Prerequisites
•
You have completed hardware setup. See “About Hardware Setup” (page 112) and the HPE
Synergy 12000 Frame Setup and Installation Guide for more information.
•
You have configured the appliance network.
•
You are logged on as Administrator.
8.1.2 Configure resources in HPE OneView
1.
Add users to the appliance.
Create user accounts with specific privileges and local or directory-based authentication:
•
Add a fully authorized local user (Infrastructure administrator)
•
Add a local user with specialized access
•
Add a fully authorized user with authentication by membership in an organizational
directory
•
Add a user with role-based access and authentication by membership in an
organizational directory
Create user accounts assigned with predefined or specialized privileges with local or
directory-based authentication.
See the Users and Groups online help for more information.
2.
Add firmware bundle to the appliance firmware repository.
Add the latest firmware bundle to the appliance.
See the Firmware Bundles online help for more information.
3.
Create networks.
Create Ethernet networks for data and Fibre Channel over Ethernet networks for storage.
See the Networks online help for more information.
4.
Create network sets.
Create network sets to group Ethernet networks together to simplify management.
See the Network Sets online help for more information.
5.
Create one or more logical interconnect groups.
Create one or more logical interconnect groups to define the connections between your
networks and interconnect uplink ports.
See the Logical Interconnect Groups online help for more information.
8.1 Initial configuration of resources in HPE OneView
115
6.
Create an enclosure group.
Create an enclosure group to define and maintain consistent configurations and to be able
to detect and manage devices such as interconnects and server hardware in your enclosures.
See the Enclosure Groups online help for more information.
7.
Create a logical enclosure.
Create a logical enclosure to define a set of enclosures to which to apply an enclosure group.
See the Logical Enclosures online help for more information.
8.
Optional: Add storage systems and storage pools.
Add storage systems to the appliance and then add storage pools to the appliance.
See the Storage Systems online help and the Storage Pools online help for more
information.
9.
Optional: Create volumes.
Create volumes in the storage pools. You can also create volumes by creating volume
templates.
You can add existing volumes from storage systems to the appliance.
See the Volumes online help and the Volume Templates online help for more information.
10. Optional: Add a SAN manager to the appliance to manage SAN storage.
Add a SAN manager to access the SANs it manages.
See the SAN Managers online help for more information.
11. Optional: Associate SANs with networks.
Associate SANs with networks in HPE OneView.
See the SAN Managers online help for more information.
12. Create server profiles and apply them to server hardware.
Create and apply server profiles to define common configurations for your server hardware.
See the Server Profiles online help for more information.
13. Optional: Attach a SAN volume to a server profile.
Attach a SAN volume to a sever profile.
See the Server Profiles online help for more information.
14. Save the appliance configuration to a backup file.
Save the initial appliance configuration settings and database to a backup file in the event
that you need to restore the appliance to its current configuration in the future.
See the Settings online help for more information about creating and saving appliance
backup files.
8.2 Define physical dimensions and power systems in HPE OneView
Defining the physical dimensions of the space that the networking hardware inhabits and
positioning enclosures, power delivery devices, server hardware, and other devices in racks
within HPE OneView provides the appliance with an accurate diagram of the devices in your
116
Quick Start: Initial configuration of HPE OneView
data center and their physical connections. The appliance can then provide powerful monitoring
and management functionality, including:
•
The Data Centers screen generates a 3D model of your IT environment, which you can use
for planning and organization.
•
The Data Centers screen displays power and temperature data to enable you to analyze
power consumption rates. The appliance reports peak temperatures for racks and their
components to identify and alert you about potential cooling issues.
•
The Power Delivery Devices screen provides data to enable you to analyze power
consumption rates and power caps.
Add power devices.
1.
Define your power devices and power connections.
See the Power Delivery Devices online help for more information.
2.
Add racks and configure the rack layout.
Add racks and configure the layout of enclosures, power delivery devices, and other rack
devices.
See the Racks online help for more information.
3.
Create data centers and position racks in them.
Define the physical topology and cooling and power characteristics of your data center,
which enables 3D visualization and temperature monitoring.
See the Data Centers online help for more information.
8.2 Define physical dimensions and power systems in HPE OneView
117
118
9 Quick Start: Initial configuration of HPE Synergy Image
Streamer
HPE OneView uses Image Streamer to deploy stateless servers. Once you have correctly installed
an Image Streamer appliance, you will need to configure HPE OneView resources to locate,
allocate, and use the OS deployment artifacts provided by an Image Streamer OS deployment
server.
9.1 Configure HPE Synergy Image Streamer for HPE OneView
9.1.1 Prerequisites
•
You have installed and configured HPE Synergy Image Streamer appliance.
•
You have validated the hardware setup.
9.1.2 Configuring HPE OneView to work with HPE Synergy Image Streamer
1.
Add an IPv4 subnet and address range.
Define the range of IPv4 addresses and subnets to set aside for each Image Streamer
appliance in the frame link topology, plus the number of operating system servers expected
to be deployed in the settings screen.
2.
Create a management network.
Create a management network that is consistent with the HPE OneView management
network.
3.
Add an OS deployment server.
Add an OS deployment server for use in HPE OneView to deploy operating systems to
managed servers.
4.
Create a deployment network.
Create a deployment network to enable operating system deployment to servers using Image
Streamer.
5.
Create one or more logical interconnect groups.
Create one or more logical interconnect groups to define the connections between Image
Streamer appliances and the servers they will support.
NOTE: If you are creating a single-frame configuration to use Synergy Image Streamer,
create an Image Streamer uplink set choosing Ethernet for the type and containing one
uplink port.
6.
Create an enclosure group.
Create an enclosure group that includes the Image Streamer configuration.
NOTE: If you are creating a single-frame configuration to use Synergy Image Streamer,
select External for the deployment network type.
7.
Create a logical enclosure.
Create a logical enclosure to define the set of frames to which to apply the Image Streamer
enclosure group.
NOTE: If you are creating a single-frame configuration to use Synergy Image Streamer,
select the single Synergy frame.
9.1 Configure HPE Synergy Image Streamer for HPE OneView
119
9.1.3 Configuring HPE OneView to deploy OS build artifacts to servers
Once you add an Image Streamer OS deployment server in HPE OneView, you can launch the
Image Streamer graphical user interface from the HPE OneView OS Deployment Servers screen.
1.
Upload artifacts from a bundle or create new artifacts
From the Image Streamer interface, the software administrator can upload artifacts from a
bundle for use in HPE OneView or use the Image Streamer interface to create golden images
and other OS build artifacts.
2.
Create or configure a server profile.
Create and apply a server profile which includes an OS deployment selection and values
for the server-specific settings for the selected OS deployment.
3.
Verify operating system deployment.
Review the online server profile screen details to view the operating system volume that has
been created as a result of deployment.
4.
Power on server.
Power on server to boot from deployed operating system.
More information
“Managing OS Deployment servers ” (page 225)
www.hpe.com/info/synergy-docs
9.1.4 Quick Start: Initial hardware setup for an added management appliance
This section describes how to bring a management appliance, such as HPE Synergy Image
Streamer into HPE OneView.
9.1.4.1 Initial hardware setup for a management appliance
Install and connect the management appliance in the appropriate bay with correct cabling for
your planned configuration. Cabling for a particular appliance depends on the software embedded
on the appliance.
See the HPE Synergy 12000 Frame Setup and Installation Guide and the HPE OneView Synergy
Configuration and Compatibility Guide for specific guidance for the appliance that you are
installing.
9.1.4.2 Verify management appliance setup
With a direct connection to the DisplayPort in the HPE Synergy Frame Link Module, you can
access the HPE OneView hardware setup without providing credentials. To access HPE OneView
Hardware Setup from a direct connection to the Frame Link Module see “About an HPE Synergy
Frame Link Module” (page 196).
To verify the management appliance setup through HPE OneView remotely, continue with this
procedure.
Prerequisites
•
Privileges: Infrastructure administrator
•
The appliance network for Synergy Composer is configured.
•
You have completed Initial hardware setup for a management appliance.
120 Quick Start: Initial configuration of HPE Synergy Image Streamer
Verifying management appliance setup
1.
2.
3.
In a supported browser, type the IP address for the HPE OneView that is managing the
frame containing the management appliance.
From the main menu, select Hardware Setup.
From the Hardware Setup screen, view and resolve any alerts in the Checklist related to
your appliance.
The Checklist will display Setup incomplete until all alerts are resolved, then it will
display Setup complete.
4.
5.
Verify that the Inventory list contains the number of appliances that you expect.
From the main menu, select Enclosures and navigate to the Composable Infrastructure
Appliances section to view details for your appliance(s).
More information
“Hardware setup screen details” (page 112)
www.hpe.com/info/synergy-docs
9.1 Configure HPE Synergy Image Streamer for HPE OneView 121
122
10 Quick Starts for networks, enclosures, and storage
10.1 Quick Start: Add a network and associate it with an existing server
This quick start describes how to add a network to the appliance and enable existing servers to
access that network.
Prerequisites
•
Required privileges: Infrastructure administrator or Network administrator for adding the
network.
•
Required privileges: Infrastructure administrator or Server administrator for changing the
configurations of the server profiles.
•
The enclosures and server hardware are added to the appliance.
•
All data center switch ports that connect to the Virtual Connect interconnects are configured
as described in “Data center switch port requirements” (page 170).
10.1 Quick Start: Add a network and associate it with an existing server 123
10.1.1 Adding a network and associating it with an existing server
When you add a network to the appliance, you might need to make configuration changes to the
following resources:
Resource
Task
Description
Networks
1. Add the network.
• Adding a network does not require that you take resources offline.
• For more information about networks, see “Managing networks and
network resources” (page 165), the online help for the Networks
screen, or the REST API scripting help for networks and network
sets.
Logical
2. Add the network to an
Interconnect
uplink set or internal
Groups
networks.
• You can either add the network to an existing uplink set or create
an uplink set for the network.
• Changing the configuration of an uplink set does not require that
you take resources offline.
• Configuration changes made to a logical interconnect group are not
automatically propagated to the member logical interconnects.
However, by changing the logical interconnect group, you can
update each logical interconnect with a single action.
• For more information, see “Managing interconnects, logical
interconnects, and logical interconnect groups” (page 171), the online
help for the Logical Interconnect Groups screen, or the REST
API scripting help for logical interconnects and the REST API for
the uplink-sets resource.
Logical
3. Do one of the following:
• Changing the configuration of an uplink set does not require that
Interconnects
you take resources offline.
• Add the network to an
(one or more)
uplink set or internal
• Configuration changes made to a logical interconnect group are not
networks.
automatically propagated to the member logical interconnects. To
update a logical interconnect with changes made to its logical
• Update the logical
interconnect group, do one of the following:
interconnect from the
logical interconnect
◦ Select Logical Interconnects→Actions→Update from group.
group.
◦
Use the REST APIs to reapply the logical interconnect group.
When adding a network, updating a logical interconnect from its
group does not require that you take resources offline.
• You can make changes to a logical interconnect without also
changing the logical interconnect group. In this case, you add the
network to an uplink set on the logical interconnect. However, the
appliance labels the logical interconnect as being inconsistent with
its group.
• For more information, see “Managing interconnects, logical
interconnects, and logical interconnect groups” (page 171), the online
help for the Logical Interconnects screen, or the REST API
scripting help for logical interconnects.
Network
Sets
4. (Optional) Add the
• Applies to Ethernet networks only.
network to a network set.
• Adding a network to a network set does not require that you take
resources offline. You do not need to update server profiles that
have connections to the network set.
• For more information about network sets, see “Managing networks
and network resources” (page 165), the online help for the Network
Sets screen, or the REST API scripting help for networks and
network sets.
124 Quick Starts for networks, enclosures, and storage
Resource
Task
Description
Server
Profiles and
Server
Hardware
5. Power off the server
• For a server to connect to the network, the server profile for the
before you edit the server
server hardware must include a connection to either the network or
profile.
a network set that includes the network.
6. Edit the server profile to
• If you add the network to a network set, server profiles that have
add a connection to the
connections to the network set automatically have access to the
network.
added network. You do not have to edit these server profiles.
7. Power on the server after
•
If the network is not added to a network set, you must add a
you apply the server
connection to the network in the server profiles that you want to
profile.
connect to that network. Power off the server hardware before
adding the connection to a server profile.
• For more information about server profiles, see “Managing server
hardware, server profiles, and server profile templates” (page 135),
the online help for the Server Profiles screen, or the REST API
scripting help for server profiles.
10.2 Quick Start: Add an HPE ProLiant DL rack mount server to manage
This quick start describes the process for adding a rack mount server to manage.
The features supported by the appliance vary by server model. For information about the features
supported for HPE ProLiant DL servers, see “Server hardware management features” (page 136).
Prerequisites
•
Required privileges: Infrastructure administrator or Server administrator.
•
The server is connected to a live power source.
•
See “Prerequisites for bringing server hardware into an appliance” (page 137) for prerequisites
and preparation you must complete before you add a server.
10.2 Quick Start: Add an HPE ProLiant DL rack mount server to manage 125
10.2.1 Adding an HPE ProLiant DL rack mount server to manage
Resource
Task
Description
Server Hardware
1. Add the server using the
Server Hardware screen or
the REST APIs for the
server-hardware
resource.
2. Power on the server.
• When you add a server, you must provide the following
information:
◦
Specify Managed.
◦
The iLO IP address or host name.
◦
The user name and password for an iLO account with
administrator privileges.
◦
A license type to use for the server hardware.
For more information about server hardware, see
“Managing server hardware, server profiles, and server
profile templates” (page 135), the online help for the
Server Hardware screen, or the REST API scripting help
for server hardware.
• If this server configuration differs from the other servers
in the appliance, the appliance automatically adds a
server hardware type for this model.
• Because this is a rack mount server:
◦
You cannot use the appliance to provision any
networks for this server.
◦
The features supported by the appliance vary by
server model. For information about the features
supported for HPE ProLiant servers, see “Server
hardware management features” (page 136).
10.3 Quick Start: Configuring an HPE 5900 for management by HPE
OneView
To add an HPE 5900 to the appliance as a SAN manager, you must configure the switch as
described in this document. The following procedures describe how to configure an HPE 5900
using the switch software so that you can add it to HPE OneView.
See also:
•
The SAN Managers chapter in the UI help
•
The SAN Managers chapter in the REST API scripting help
See the HPE OneView Support Matrix for HPE Synergy for more information about supported
SAN managers.
NOTE: In a cascaded switch environment, all zone and zone alias operations should be
performed from a single switch that is added as SAN manager (device manager) in HPE OneView.
Zone and zone aliases created through other switches in the fabric will not be visible in HPE
OneView.
126 Quick Starts for networks, enclosures, and storage
Table 5 Enable SSH and create an SSH user
✓ Configuration
Enable SSH on the HPE 5900 and create an SSH user (named a5900 with password sanlab1 in this example)
on the HPE 5900 using the HPE 5900 software:
1. system-view
2. public-key local create rsa
3. public-key local create dsa
4. ssh server enable
5. user-interface vty 10 15
6. authentication-mode scheme
7. quit
8. local-user a5900 class manage
9. password simple sanlab1
10. service-type ssh
11. authorization-attribute user-role network-admin
12. quit
13. ssh user a5900 service-type stelnet authentication-type password
Table 6 Create an SNMPv3 user
✓ Configuration
The 5900 has a predefined view named ViewDefault. This view grants access to the iso MIB but does not
provide access to the snmpUsmMIB, snmpVasmMIB, snmpModules.18 MIBs. The following steps show how
to assign a SNMP v3 user with default read permission.
Create an SNMPv3 user with default read permissions
Use this procedure if you want the user to have the default level of access.
1. Enter system-view on the HPE 5900 by issuing the command:
system-view
2. Create a group (named DefaultGroup in this example) and set Readview permission to ViewDefault:
snmp-agent group v3 DefaultGroup privacy read-view ViewDefault
3. Create an SNMPv3 user (named defaultUser with MD5 authentication password authPass123 and
AES-128 privacy password privPass123 in this example) and add it to the group created in Step 1:
snmp-agent usm-user v3 defaultUser DefaultGroup simple authentication-mode md5
authPass123 privacy-mode aes128 privPass123
4. Save the changes:
save
NOTE:
HPE OneView supports the following privacy protocols:
• AES-128
• DES-56
10.4 Quick Start: Configuring a Cisco switch to be added as a SAN
manager for management by HPE OneView
To add a Cisco SAN manager to the appliance as a SAN manager, you must configure the switch
as described in this document. The following procedures describe how to configure a Cisco SAN
manager using the switch software so that you can add it to HPE OneView.
See also:
•
The SAN Managers chapter in the UI help
•
The SAN Managers chapter in the REST API scripting help
10.4 Quick Start: Configuring a Cisco switch to be added as a SAN manager for management by HPE OneView 127
See the HPE OneView Support Matrix for HPE Synergy for more information about supported
SAN managers.
NOTE: In a cascaded switch environment, all zone and zone alias operations should be
performed from a single switch that is added as SAN manager (device manager) in HPE OneView.
Zone and zone aliases created through other switches in the fabric will not be visible in HPE
OneView.
Table 7 Create an SNMPv3 user with write permissions
✓ Configuration
1. Enter the config mode using the command
config t
2. Create the user with required authentication and privacy
snmp-server user <user name> auth <authentication mode, SHA or MD5> <auth password> priv <privacy
protocol, AES128, DES> <priv password> <group/role name>
example 1, creating a AUTHPRIV user with SHA and AES128 and adding to network-admin group
(switch)#snmp-server user AuthPrivUser auth sha authString123 priv aes-128 privString123 network-admin
example 2, creating a AUTHPRIV user with MD5 and DES and adding to network-admin group
(switch)#snmp-server user AuthPrivUser auth md5 authString123 priv privString123 network-admin
3. Optional : To create a role for the user, use the following commands
role name <role name>
rule 1 permit read-write
example 3, creating a AUTHNOPRIV user with MD5 and adding to new role/group
(switch)#role name newRole
(switch)#rule 1 permit read-write
(switch)#snmp-server user AuthUser auth md5 authString123 newRole
NOTE:
• Cisco supports AUTHPRIV and AUTHNOPRIV users only. The SNMP user can be added to the
network-admin group/role which will be present on the switch or a role can be created and the user assigned
to it.
• HPE OneView supports the following authentication protocols:
◦
SHA
◦
MD5
• HPE OneView supports the following privacy protocols:
◦
AES-128
◦
DES-56
10.5 Quick Start: Configure server hardware MAC address binding for
FCoE server profiles
In order to configure a SAN so that the server profile volume attachments are visible to the server
hardware, you need to perform a binding configuration for each server hardware.
10.5.1 Prerequisites
•
You intend to attach volumes to server hardware using FCoE.
•
You have configured at least one FCoE connection in a server profile.
128 Quick Starts for networks, enclosures, and storage
10.5.2 Configuring server hardware MAC address binding for FCoE server profiles
1.
2.
3.
4.
5.
From the main menu, select Server Profiles.
In the master pane, select the server profile that specifies the server hardware with an FCoE
connection.
From the View selector, select Connections.
For each connection that you want to bind to a vfc interface, click the expander to display
the details of the connection. Note the MAC address of the connection.
Use SSH to bind the server hardware MAC address to the vfc interface on the vSAN. See
“Adding a FCoE volume in a multi-hop FCoE environment” in the FCOE Cookbook for HP
Virtual Connect for information on binding the server hardware MAC addresses to vfc
interfaces on the vSAN.
10.5 Quick Start: Configure server hardware MAC address binding for FCoE server profiles 129
130
Part III Configuration and management
The chapters in this part describe the configuration and management tasks for the appliance and the
resources it manages.
132
11 Best practices
Hewlett Packard Enterprise recommends the following best practices for HPE OneView:
•
“Best practices for maintaining a secure Synergy Composer” (page 65)
•
“Best practices for backing up a Synergy Composer” (page 249)
•
“Best practices for restoring a Synergy Composer” (page 255)
•
“Best practices for managing firmware” (page 216)
•
“Best practices for monitoring health with the appliance UI” (page 282)
133
134
12 Managing server hardware, server profiles, and server
profile templates
Managing servers with the appliance involves interacting with several different resources on the
appliance:
•
A server profile captures the entire server configuration in one place, enabling you to
consistently replicate new server profiles and to rapidly modify them to reflect changes in
your data center environment.
•
A server profile enables management of your server hardware.
•
A server profile template provides a mechanism to store configurations for a server profile.
All of the configuration constructs of a server profile are present in the server profile template.
•
An instance of server hardware is a physical server, such as an HPE ProLiant BL460c Gen8
Server Blade, installed in an enclosure or an HPE ProLiant DL380p rack mount server.
•
A server hardware type defines the characteristics of a specific server model and set of
hardware options, such as mezzanine cards.
•
A connection, which is associated with a server profile, connects a server to the data center
networks.
Server profiles provide most of the management features for servers, but server hardware and
server profiles are independent of each other:
•
A physical server, which is an instance of server hardware, might or might not have a server
profile assigned to it.
•
A server profile might be assigned to one instance of server hardware, or no server hardware
at all.
It is the combination of the server hardware and the server profile assigned to it that is the
complete server in the appliance.
You must use the server hardware resource to add physical servers to the appliance when you
install a rack mount server. Server blades are added to the appliance automatically when you
add an enclosure or install a server blade in an existing enclosure.
UI screens and REST API resources
UI screen
REST API resource
Server Profiles
server-profiles and connections
Server Profile Templates
server-profile-templates
Server Hardware
server-hardware
Server Hardware Types
server-hardware-types
12.1 Managing server hardware
Server hardware represents an instance of server hardware, such as a physical server blade
installed in an enclosure, or a physical rack server. A server hardware type captures details about
the physical configuration of server hardware, and defines which settings are available to the
server profiles assigned to that type of server hardware.
12.1 Managing server hardware 135
12.1.1 Roles
•
Minimum required privileges: Infrastructure administrator or Server administrator
12.1.2 Tasks for server hardware
The appliance online help provides information about using the UI or the REST APIs to:
•
Get information about the server hardware.
•
Power on and power off a server.
•
Reset a server.
•
Collect remote support data for server hardware.
•
Launch the iLO remote console to manage servers remotely.
•
Add a server to an existing enclosure.
•
Remove a server from an existing enclosure.
•
Refresh the connection between the appliance and the server hardware.
•
View activities.
12.1.3 Server hardware management features
HPE OneView, which is embedded on the HPE Synergy Composer, allows you to access and
operate the following compute module functions and configurations from the HPE OneView user
interface or REST API.
Feature
Supported server
hardware
Gen9
Power on or power off the server
✓
Turn on or turn off the UID light
✓
View inventory data
✓
Monitor power, cooling, and utilization
✓
Monitor health and alerts
✓
Launch iLO remote console
✓
SSO (single sign-on) to iLO web interface
✓
Automatic firmware upgrade (iLO) to minimum supported version when added to the
HPE Synergy Composer and the enclosure is configured
✓
Rack visualization and editing
✓
Automatic discovery of server hardware type
✓
Remote support
✓
Server profile features when the server is managed:
BIOS settings
✓
Firmware
✓
Connections to networks
✓
Boot order
✓
136 Managing server hardware, server profiles, and server profile templates
Feature
Supported server
hardware
Gen9
Local storage
✓
SAN storage
✓
12.1.4 Prerequisites for bringing server hardware into an appliance
Server hardware model
The server hardware must be a supported model listed in the HPE OneView 3.0 Support Matrix
for HPE Synergy or the HPE OneView Synergy Configuration and Compatibility Guide.
The server hardware is connected to a live power source.
The server hardware must have a valid serial number and product ID to be managed by HPE
OneView.
iLO firmware
The iLO (Integrated Lights-Out) firmware version must meet the minimum requirement listed in
the HPE OneView 3.0 Support Matrix for HPE Synergy or the HPE OneView Synergy
Configuration and Compatibility Guide.
IP addresses
IPv4 configuration is required.
iLOs on rack server hardware must have an IP address.
Local user accounts
iLOs must be configured to allow for local user accounts.
12.1.5 About server hardware
A server hardware resource represents an instance of server being managed or monitored by
HPE OneView.
For a managed server hardware resource, the configuration can be applied by assigning a server
profile to it.
12.1.5.1 How the appliance handles unsupported hardware
Unsupported hardware is any device that the appliance cannot manage. Unsupported devices
are similar to unmanaged devices in that all unsupported devices are not managed by the
appliance. The difference is that you can bring unmanaged devices under management of the
appliance if you take the appropriate actions or properly configure them. Unsupported hardware
can never be managed by the appliance.
The appliance detects the unsupported hardware and displays the model name and other basic
information that it obtains from the device for inventory purposes. The appliance also accounts
for the physical space unsupported devices occupy in enclosures and racks.
To account for the space a device occupies, the appliance represents unsupported hardware
the same way it represents unmanaged devices.
The action available for unsupported hardware is Remove.
12.1 Managing server hardware 137
12.1.5.2 About monitored server hardware
Any servers in a Synergy 12000 Frame are automatically added to the Synergy management
appliance.
If the frame is not yet part of a logical enclosure, then any newly discovered server will be placed
in the monitored state. The monitored state allows you to see server details and health information
as well as perform basic server operations like power on and off, activate the UID light, and
access the iLO UI and remote console. Profiles cannot be applied to a server in the monitored
state. Once the frame becomes part of a logical enclosure, the installed server hardware becomes
"managed", and enters the "No profile applied" state. A server profile can now be applied to the
server, moving it to the "Profile applied" state. Additional actions are available for server hardware
in one of these managed states including making BIOS settings, updating firmware and configuring
boot settings.
CAUTION: The UID light blinks automatically to indicate that a critical operation is underway,
such as Remote Console access for server hardware or a firmware update. Do not remove power
from server hardware when its UID light is blinking.
12.1.5.3 About unmanaged devices
An unmanaged device is a device, such as a server, enclosure, KVM (keyboard, video and
mouse) switch, in-rack monitor/keyboard, or router, that occupies space in a rack and/or consumes
power but is not managed by the appliance.
Unmanaged devices are created automatically to represent devices that are attached to an
Intelligent Power Distribution Unit (iPDU) using Power Discovery Services connections.
BladeSystem enclosures and ProLiant DL series servers are shown in the unmanaged or
unsupported state in the Enclosures and Server Hardware in the master pane, respectively.
These will be represented as unmanaged enclosures and servers; as such, they are not included
in the Unmanaged Devices resource list.
When creating an unmanaged device, you provide its name, model description, height in U-slots
and maximum power requirements. These values are used in power and cooling capacity analysis
and enable alerts to be generated identify potential power and cooling issues.
Because there is no communication to the unmanaged device, the status is disabled unless
appliance-generated alerts identify issues to be addressed.
For purposes of power configuration, unmanaged devices are assumed to have two power supply
connections to support redundant power. These are identified as power supplies 1 and 2. If an
unmanaged device does not support redundant power, connect only power supply 1, then clear
the alert about lack of redundant power to the device.
For devices that are not discovered through Power Discovery Services connections, you can
manually add these devices to the appliance for tracking, inventory, and power management
purposes.
12.1.6 Tasks for server hardware types
The appliance online help provides information about using the UI or the REST APIs to:
•
Edit the name or description of the server hardware type.
•
Delete a server hardware type.
12.1.7 About server hardware types
A server hardware type defines the physical configuration for server hardware and defines the
settings that are available to server profiles to be assigned to that type of server hardware. For
example, the server hardware type for the HPE ProLiant BL460c Gen8 Server Blade includes a
complete list of BIOS settings and the defaults for that model.
138 Managing server hardware, server profiles, and server profile templates
The appliance creates server hardware types according to the server hardware it detects. The
server hardware type is used when you create a server profile to show which settings are available.
12.1.8 How the iLO is changed as a result of HPE OneView management
When server hardware is being managed by the appliance, the following configuration changes
are made to the iLO on the server:
•
A management account (_HPOneViewadmin) is created and can be viewed on the iLO
Overview and User Administration screens.
•
SNMP is enabled and the appliance is added as an SNMP trap destination. iLOs allow for
three possible trap destinations, and on Synergy servers, the SNMP information is always
written into the third entry for trap registration.
WARNING! If you modify the information in the third entry location, the Synergy appliance
will overwrite the entry without warning.
•
NTP is enabled and the appliance becomes the server hardware’s NTP time source.
•
An appliance certificate is installed to enable single sign-on operations.
•
iLO firmware is updated to the minimum versions listed in the HPE OneView 3.0 Support
Matrix for HPE Synergy or the HPE OneView Synergy Configuration and Compatibility
Guide for managed servers.
•
The Synergy management appliance is added as a destination for RESTful interface events.
•
The iLO time zone is set to Atlantic/Reykjavik as recommended by the iLO
documentation.
The time zone setting determines how the iLO adjusts UTC time to obtain the local time and
how it adjusts for daylight savings time (summer time). For the entries in the iLO event log
and IML to display the correct local time, you must specify the time zone in which the server
is located.
If you want iLO to use the time provided by the SNTP server, without adjustment, configure
the iLO to use a time zone that does not apply an adjustment to UTC time. In addition, that
time zone must not apply a daylight saving time (summer time) adjustment.
There are several time zones that fit this requirement. One example is the
Atlantic/Reykjavik time zone. This time zone is neither east nor west of the prime
meridian and time does not change in the spring or fall.
More information
“About SNMP settings” (page 187)
12.1.9 Launch the iLO console to manage servers remotely
The iLO remote console is only available for servers with an iLO license. The console enables
you to remotely connect to the server to do the following:
•
Access a screen on the physical server to install or use the operating system (Windows or
Linux)
•
Power on, power off, or reset a server
•
Mount CD/DVD installation media from a remote client to enable an OS installation
The iLO user web interface exposes these iLO features:
•
Power monitoring
•
Power on or power off
12.1 Managing server hardware 139
•
Remote console
•
Health data
•
Account creation
•
Security
•
Other iLO management tasks
You launch the iLO remote console from the Server Hardware or Server Profiles screen. The
steps involved to launch the iLO remote console depend upon the client operating system
(Windows or Linux) and your browser (Internet Explorer, Chrome, or Firefox).
Prerequisites
•
Required privileges: Infrastructure administrator or Server administrator
Launching the iLO console to manage servers remotely
1.
From the main menu, select one of the following:
•
Server Hardware, and then select a server
•
Server Profiles, and then select a server profile
140 Managing server hardware, server profiles, and server profile templates
2.
Select Actions→Launch console.
•
Windows client with Internet Explorer, Chrome, or Firefox
The iLO console is a Windows binary application that is installed on each client computer
the first time the console is launched. Once the first-time installation completes, click
the My installation is complete — Launch console button to launch the remote
console. After the console is installed, it can be launched directly from the Actions
menu.
NOTE:
Installing the application provides the best user experience from HPE OneView.
The initial Launch console action prompts for an installation and will attempt to open
the installer. The number of dialog boxes presented during installation depends on the
browser.
◦
In Internet Explorer, click Run when prompted.
If you attempt a Launch console action and no errors occur during installation,
but no console is displayed, press and hold the Shift key and then select
Actions→Launch console to reinstall the remote console as described in “Reinstall
the remote console ” (page 356).
◦
In Chrome, when you click Install software, the downloaded HPE iLO Integrated
Remote Console installer file is displayed in the lower left corner of the browser.
Click this file name to begin the installation.
If you attempt a Launch console action and no errors occur during installation,
but no console is displayed, press and hold the Shift key and then select
Actions→Launch console to reinstall the remote console as described in “Reinstall
the remote console ” (page 356).
◦
In Firefox, click the Save File button when Firefox first tries to open the installer,
and then double-click the installer file when it is displayed in the Downloads dialog
to begin the installation.
If you attempt a Launch console action during installation you will receive a
notification, press and hold the Shift key and then select Actions→Launch console
to reinstall the remote console as described in “Reinstall the remote console ” (page
356).
•
Windows client with Java plug-in
If you are not running Internet Explorer, you can alternatively launch an iLO Java plug-in
console by clicking the launch link in the Install software dialog. This is for cases
where you are on a Windows workstation and are not permitted to install any software.
With Internet Explorer, the Install software dialog is never displayed so you cannot
launch the Java console.
NOTE: The Java plug-in console opens a popup window. Hewlett Packard Enterprise
recommends that you disable your browser’s popup blocker.
•
Linux client with any browser
Linux clients will launch the Java plug-in console with single sign-on authentication
directly on the iLO. This console requires JRE to be installed on the client, otherwise
you will be prompted to install it. The number of dialogs presented during installation
depends on the browser.
12.2 Managing server profiles
12.2 Managing server profiles 141
Servers are represented and managed through their server profiles. A server profile captures
key aspects of a server configuration in one place, including firmware levels, BIOS settings,
network connectivity, boot order configuration, iLO settings, and unique IDs.
12.2.1 Roles
•
Minimum required privileges: Infrastructure administrator or Server administrator
12.2.2 Tasks for server profiles
The appliance online help provides information about using the UI or the REST APIs for the
following tasks:
•
Get information about a server profile.
•
Add a SAN volume to a server profile.
•
Boot from an attached SAN volume.
•
Create and apply a server profile or server profile template.
•
Copy, edit, or delete a server profile.
•
Install a firmware bundle using a server profile.
•
Connect the server to data center networks by adding a connection to a server profile.
•
Allocate virtual functions to a server profile connection.
•
Manage local storage of a server.
•
Manage SAN storage by attaching new or existing SAN volumes to the server profile.
•
Manage the boot settings of a server.
•
Manage the BIOS settings of a server.
•
Manage virtual or physical IDs for the server hardware.
•
Migrate an existing server profile.
•
Move a server profile to another server.
•
Power on and off the server hardware to which the server profile is assigned.
•
Specify identifiers and addresses when creating a server profile.
•
Update firmware with a server profile.
•
Update the profile configuration from the server profile template.
•
View activities.
12.2.3 About server profiles
•
“Capturing best-practice configurations” (page 143)
•
“About editing a server profile” (page 144)
•
“About moving a server profile” (page 145)
•
“About migrating server profiles” (page 145)
•
“Working with server profiles to control remove-and-replace behavior” (page 146)
•
“About assigning a server profile to an empty device bay” (page 146)
•
“About server profile connections” (page 146)
•
“About server profile connections and changing server hardware types” (page 147)
142 Managing server hardware, server profiles, and server profile templates
•
“About server profiles and operating system deployment” (page 147)
•
“About server profiles and local storage” (page 149)
•
“About attaching SAN volumes to a server profile” (page 152)
12.2.3.1 Capturing best-practice configurations
After setting up your data center, you can create server profiles to provision hundreds of servers
as easily as you provision one server. A server profile is the configuration for a server instance.
Server profiles and server profile templates capture the entire server configuration in one place,
enabling you to replicate new server profiles and to modify them to reflect changes in your data
center.
A server profile includes:
•
Basic server identification information
•
Connectivity settings for Ethernet networks, network sets, Fibre Channel, and FCoE networks
•
Firmware versions
•
Local storage settings
•
SAN storage settings
•
Boot settings
•
BIOS settings
When you create a server profile, you can specify the server hardware to which you want to apply
the profile. Leave the server hardware unassigned if the server hardware is not yet installed.
Typically, you capture best-practice configurations in a server profile template, and then create
individual server profiles. Server profiles enable you to create a provisioning baseline for server
hardware types in an enclosure.
When you create a server profile, it is designated for a server hardware type and enclosure group
(for servers), whether the profile is assigned or unassigned. Server hardware can have only one
profile assigned to it.
By default, the server profile controls the server boot behavior. The server hardware type
determines the available options you can select in the server profile. If applicable, you can select
the boot mode and PXE boot policy. You also have the option of specifying the order in which
the server hardware attempts to boot. HPE ProLiant Gen9 servers support both legacy BIOS
and UEFI for configuring the boot process while HPE ProLiant Gen8 are legacy BIOS mode
servers only. For more information about UEFI, see UEFI FAQs at Unified Extensible Firmware
Interface Forum.
By selecting to manage BIOS settings through the appliance, you can view all settings, only those
you have modified, or only those that are different than the default values. The BIOS settings
displayed depend on the supported server hardware.
Applying the sections of a server profile to server hardware is a sequential process. The screen
displays the current section being applied, followed by other sections that have been applied
successfully. If a server profile needs to be reapplied due to an error, only the unconfigured
sections and unapplied sections are reapplied. For example, if a firmware update succeeds, but
the subsequent BIOS portion of the apply operation fails, the firmware is not applied a second
time when the profile is reapplied. This helps to prevent unnecessary and time-consuming updates
for the profile.
Best practice: Perform server profile management tasks on one enclosure at a time
For best performance, create, delete, edit, copy, or move server profiles for server hardware on one enclosure before
managing server profiles on a different enclosure.
12.2 Managing server profiles 143
12.2.3.2 About editing a server profile
Edit a server profile to change the settings associated with that profile. You can edit a server
profile any time after it has been created. You can also edit a server profile with an Error
condition to make corrections.
When you edit a server profile, the state of the server changes. The appliance analyzes the
changes and determines the actions to update the server. For example, if you change the BIOS
settings but not the firmware baseline, the firmware is not updated. Only the requested changes
are applied.
NOTE: If you change the server settings or state using tools other than the appliance, the
changes are not detected or managed. These changes might be overwritten the next time the
profile is edited.
When you edit a server profile, consider the following:
•
Editing a profile is an asynchronous operation. Name and description changes take effect
immediately, but other changes might take time to complete. If a profile is associated with
a server profile template, changes can cause the profile to be out of compliance with its
template. See “About server profile consistency validation” (page 153) for more information.
•
Profile names must be unique.
•
When unassigning a server profile with local storage configured, the logical drive contents
are at risk of being lost. To preserve the logical drive, physically remove the disk drives or
make a copy of the contents of the logical drive so that you can reassign the profile at a later
time.
•
BIOS settings are managed using the server profile and the settings on the server are
overwritten when the server profile is applied.
•
You cannot switch between virtual and physical identifiers for the following, unless you delete
and recreate the profile connection:
◦
Serial number/UUID
◦
MAC address
◦
WWN
To edit some server profile settings, the server hardware must be powered off; for others, the
server hardware can remain powered on. You can edit the following settings with the server
hardware powered on:
•
Profile name
•
Profile description
•
Profile affinity
•
Requested bandwidth of an existing connection
•
Network and network set of an existing connection except when the connection is bootable
NOTE: You cannot change an existing connection between an Ethernet network or network
set and a Fibre Channel network.
A Fibre Channel network can only be changed to another Fibre Channel network on the
same interconnect.
•
Create, attach, and edit storage volumes.
NOTE: If the server is configured to boot using the storage path, that path cannot be
disabled.
144 Managing server hardware, server profiles, and server profile templates
•
Firmware and OS Drivers using Smart Update Tools
•
Firmware only using Smart Update Tools
The profile cannot be modified while the server hardware is powered on if the previous modification
were not successfully applied, unless the failure was solely due to SAN storage.
12.2.3.3 About moving a server profile
You can move a server profile to another piece of server hardware; for example, if you are
removing one piece of server hardware and replacing it with another that is similar. The move
operation enables you to quickly change the hardware destination without rebuilding the entire
server profile.
If you cannot move a server profile directly to the new server hardware, you can change it to
unassigned. This enables you to retain server profiles that are not currently assigned to any
server.
IMPORTANT: When you move a server profile to a different server, and the profile is managing
internal local storage, you must manually move the physical disks from the original server to the
new server in order to preserve your data.
12.2.3.4 About migrating server profiles
Existing server profiles can be assigned to new hardware when hardware is upgraded or added
to your environment. For example, when you upgrade server hardware, the server hardware
type can change and, as a result, an assigned server profile might no longer match the new
hardware configuration. In this case, you can edit the existing server profile to update the server
hardware type and not have to recreate a potentially complex server profile from scratch.
The ability to edit existing server profiles and change the server hardware type and enclosure
group allows you to perform tasks such as:
•
Add or remove a mezzanine card to or from a server
•
Move server hardware from one enclosure to another enclosure with a different configuration
•
Move server profiles to servers with different adapters, different generations of hardware,
and different hardware models
•
Move workloads to different servers or enclosure configurations
In an existing server profile, click the Change link adjacent to the Server hardware type or
Enclosure group settings to change these values.
If you change the server hardware type or enclosure group, other settings within a server profile
can be affected. For most of the following attributes, settings remain unchanged so long as the
selected server hardware type or enclosure group support the existing settings. If the settings
do not support the selected server hardware type or enclosure group, the settings are removed.
Exceptions are noted as follows.
Affinity
Unchanged if supported, or removed (if the new configuration is a rack
server).
Firmware
Unchanged if supported, or removed.
Connections
Most settings are unchanged if supported, though ports will be set to Auto.
Unsupported settings are removed.
Local storage
Unchanged if supported, or removed.
SAN storage
Settings remain unchanged if supported, or storage paths are removed, or
all SAN configurations are removed (if the new configuration is a rack
server).
Boot settings
Settings are always adjusted to support the new configuration.
12.2 Managing server profiles 145
BIOS
Unchanged if supported, or removed if the profile is migrated to a different
server model.
12.2.3.5 Working with server profiles to control remove-and-replace behavior
In a server profile, the Affinity control sets the remove-and-replace behavior for server blade. If
you apply a server profile to a servers and the server is subsequently removed from the device
bay, the Affinity setting controls whether the server profile is reapplied when you insert a server
into the empty bay. Server profiles for rack servers do not have affinity.
Affinity value
Description
Device bay
The server profile you assign to the (empty) device bay is applied to any server you insert
into the bay, provided the server hardware type of the inserted server matches the server
hardware type specified in the server profile.
Device bay affinity is the default.
Device bay + server
hardware
The server profile you assign to the (empty) device bay is not applied if you insert a different
server into the bay. The serial number and server hardware type of the inserted server
must match the values in the server profile. Affinity between the server profile and the
server hardware is established when one of the following conditions is met:
• The server profile is assigned to server hardware in a device bay.
• The server profile is assigned to an empty device bay and you subsequently insert a
server with a matching server hardware type into the bay.
Editing a server profile resets its server hardware affinity. If you assign the server profile
to a populated device bay, the server hardware in the bay becomes associated with the
profile. If the server profile is unassigned or assigned to an empty device bay, any current
association is cleared.
12.2.3.6 About assigning a server profile to an empty device bay
You can assign a server profile to an empty bay. The server profile is applied automatically to
the server hardware when the server is inserted into the bay and meets the following criteria:
•
The enclosure bay is not assigned by another server profile (for example, you cannot assign
a profile to bay 9 if a profile for a full-height server hardware type is assigned to bay 1). This
is checked when the profile is assigned.
•
The server hardware type of the hardware matches the server hardware type specified in
the server profile.
When you create the server profile, select Device bay or Device bay + server hardware affinity.
If you select the affinity Device bay + server hardware for an empty bay, the UUID is set when
a matching server hardware type is inserted into the bay.
12.2.3.7 About server profile connections
The maximum number of connections supported by a profile is dependent on the total number
of virtual ports defined by the server hardware type and enclosure group associated with the
profile. The total number of virtual ports is determined by multiplying the number of virtual ports
per FlexFabric adapter by the number of FlexFabric adapters defined by the server hardware
type. The maximum number of connections is 50 or the total number of virtual ports (plus two
for unassigned connections), whichever is greater.
Supported software iSCSI boot configurations
You can use HPE OneView to select an iSCSI software boot target. The following parameters
are supported:
146 Managing server hardware, server profiles, and server profile templates
•
iPv4
•
Static IP (DHCP is not supported)
•
Bootable Ethernet connection using iSCSI software can only be on the first virtual function
of the physical port
NOTE:
HPE OneView does not automatically discover iSCSI configuration parameters.
12.2.3.8 About server profile connections and changing server hardware types
When changing the server hardware type on a server profile with deployed connections, the new
server hardware type must define enough ports to allow automatic port assignment of all currently
deployed connections. If the new server hardware type does not have sufficient port capacity,
automatic port assignment fails when applied to a server and results in the failure of the profile
edit operation. To avoid this condition, do one of the following:
•
Delete connections so that the remaining number can be automatically assigned.
•
Edit the connections and set the port assignment to None so that those connections are not
deployed.
12.2.3.9 About server profiles and operating system deployment
Server profile OS Deployment settings control operating system installation and configuration.
The deployment plan that you select defines the settings that display. The OS deployment plan
specifies:
•
The operating system image to deploy. The image can be a hypervisor or can include
application software.
•
The deployment settings to configure the operating system image with the user specified
settings
The settings do not specify the boot configuration, but with the deployment plan selection, the
boot mode in the server profile is set to UEFI Optimized.
The OS deployment plan, OS volume, and deployment settings will display in the UI.
OS deployment plan
A hyperlink to the deployment plan in the Image Streamer graphical
user interface. Displays not set if OS deployment settings are
not specified for the server profile.
You can specify an OS deployment plan on the server profile only
if the enclosure group has OS deployment configured, else a static
message displays indicating that deployment is not supported.
OS volume
An OS volume is created as a result of an OS deployment when
the server profile is applied on server hardware with a deployment
plan. The server boots from this volume on power cycle. If the
server profile has no assigned server hardware, pending
assignment displays.
OS volume is a hyperlink to the volume in the Image Streamer
graphical user interface.
Deployment settings
Deployment settings (deployment plan attributes and their
configured values) for the selected deployment plan.
Each OS deployment plan is unique and contains deployment
settings appropriate for that individual deployment plan. This can
be empty if a deployment plan does not define any attributes.
12.2 Managing server profiles 147
A deployment plan indicates the operating system software to be installed and method for
configuration. When you select a deployment plan, the deployment plan attributes configured
with default values display as deployment settings. You can examine current values and provide
new values for the deployment settings in the server profile. Changing the selected deployment
plan or settings values results in Image Streamer redeploying an OS boot volume for the server
configured. Redeployment deletes the current OS volume and creates a new volume as a result
of deployment.
When a deployment plan is selected, two connections to the OS deployment network are
automatically added in the UI and are used for booting from the OS volume. The port for the
primary boot is set to the first 1:a adapter. The port for the secondary boot is set to the first 2:a
adapter. The boot mode is automatically configured to UEFI optimized.
For a server to access and boot from the new OS volume, the following iSCSI configuration tasks
occur automatically:
•
The server is configured for iSCSI boot using UEFI software.
•
IP addresses are allocated from the deployment network IP pool and the network adapter
on the server is configured.
•
The iSCSI initiator and target names are generated and configured on server hardware and
volume.
NOTE: Some server profile operations require operating system redeployment due to
assignment to server hardware or the server's ability to access the OS volume.. See the HPE
Synergy Image Streamer documentation at www.hpe.com/info/synergy-docs for more
information.
When a deployment plan is removed from a server profile, or the deployment plan is changed,
the existing OS volume is deleted and the OS image is redeployed. The boot configuration is
updated for the new OS volume.
OS volumes and replacing server hardware
If an OS volume is associated with a server profile and assigned to specific hardware, and then
the hardware is replaced, the OS volume is retained when:
•
The hardware is replaced with the same model, and if the affinity is set to Device bay and
server hardware.
•
The hardware is replaced with the same or different model, and if the affinity is set to Device
bay.
When the hardware is powered on, it can boot from the associated OS volume.
Restoring Image Streamer artifacts and server profiles
If you restore an Image Streamer deployment server or the Synergy Composer from a backup,
the OS deployment plan used by a server profile can be missing or might have changed. In this
case, you can select a new deployment plan. Restoring the Image Streamer deployment server
reattaches the server profile to the server OS volume, if that OS volume is still present in the
Image Streamer appliance.
If the deployment plan has changed, redeploy the OS volume using the changed deployment
plan by editing the server profile and configuring the deployment settings with new or updated
values.
If settings did not change, remove and add back the deployment plan and settings on the server
profile.
NOTE:
You cannot edit or remove a deployment plan in use in a server profile.
148 Managing server hardware, server profiles, and server profile templates
If the deployment plan becomes missing due to Image Streamer failure, replacement, or restore
from backup, a critical alert is created for the server profile indicating that the deployment plan
associated with the server profile no longer exists.
Server profile templates and OS deployment
OS deployment settings are not specified in a server profile template.
If a server profile template is used and an associated server profile has OS deployment configured,
two network connections are automatically added in the server profile. The new connections
cause the server profile template and server profile to become inconsistent. Avoid the
inconsistency notifications by defining the needed connections in the server profile template.
If the server profile template is configured for non UEFI boot mode and the server profile boot
mode is set to UEFI optimized, the profile becomes inconsistent. Avoid the inconsistency
notifications by setting the server profile template boot mode to UEFI optimized.
12.2.3.10 About server profiles and local storage
You can manage local storage on server hardware using server profiles.
•
“Logical drives and unique identifiers” (page 149)
•
“About RAID level and controller” (page 150)
•
“RAID levels and number of physical drives” (page 150)
•
“About local storage and integrated storage controllers” (page 150)
•
“About local storage and mezzanine storage controllers” (page 151)
NOTE: HPE OneView does not erase data from physical drives when the server profile that
specifies the drives is deleted or unassigned. It might be possible to access the data, so if you
want to ensure the data is inaccessible, erase all sensitive data before you delete the server
profile or the local storage configuration.
IMPORTANT: Before deleting a profile with local storage settings, back up any important data.
Logical JBODs and logical drives on mezzanine controllers are deleted when the profile is deleted
and their data will not be recoverable. It is also recommended that you create a backup of the
HPE OneView appliance before deleting such profiles as a way to recover access to the physical
drives if the profile is deleted accidentally.
12.2.3.10.1 Logical drives and unique identifiers
If you configure new logical drives in your server profile or import the existing logical drives from
the server hardware, HPE OneView stores a unique identifier for each logical drive in the server
profile configuration when the server profile is applied.
On subsequent server profile apply operations, HPE OneView checks for the existence of the
identifier on the physical drives of the assigned server hardware. If the identifier is missing, the
apply operation fails in order to ensure that if the server profile is re-assigned to new server
hardware, the physical drives are inserted correctly.
HPE OneView erases the current identifier in a server profile apply operation if any of the following
conditions exist:
•
Re-initialize internal storage is selected.
•
The Logical drive has been deleted from the server profile.
•
The storage controller is set to managed manually.
12.2 Managing server profiles 149
12.2.3.10.2 About RAID level and controller
You can use RAID to define logical drives or HBA to present drives directly to the controller. The
RAID levels which the controller can support are defined in the specifications of each controller.
You must check the specifications of each controller to verify which RAID levels the controller
supports. Supported RAID levels depend on the server hardware type and on the physical server
configuration. Ensure you have enough physical drives present for the selected RAID level.
NOTE: Although RAID 50 and RAID 60 are supported by some controllers, they are not
supported by HPE OneView. To use RAID 50 or RAID 60, set the controller to manage manually
in HPE OneView.
More information
“RAID levels and number of physical drives” (page 150)
12.2.3.10.3 RAID levels and number of physical drives
See the HPE OneView Support Matrix for HPE Synergy for information on the number of drives
supported by specific server hardware.
RAID 0
Minimum of 1 drive, increments of 1.
RAID 1
Requires 2 drives.
RAID 10
Requires 4 drives, increments of 2.
RAID 1 ADM
Requires 3 drives.
RAID 5
Minimum of 3 drives, increments of 1.
RAID 6
Minimum of 4 drives, increments of 1.
12.2.3.10.4 About local storage and integrated storage controllers
•
HPE OneView is not aware of existing local storage configuration in the integrated storage
controller unless you import the local storage when applying a server profile to the server
hardware.
•
The import option is not a guarantee that no data will be lost. For example, if the server is
currently in HBA mode, you must change it to RAID mode before it can be imported, and
that change in controller mode can cause data loss.
•
Once you create a logical drive and apply it to server hardware, that logical drive can no
longer be modified.
While deleting or unassigning a server profile does not directly delete local storage data from
the server hardware, data can be lost if a server profile that contains changes to the local storage
configuration is applied to the server hardware in the future. The table below describes how to
preserve your data when making profile or hardware changes.
150 Managing server hardware, server profiles, and server profile templates
Table 8 Make a change to server hardware/server profile and preserve integrated local
storage data
Change in server hardware
Procedure
Move server profile from one server
hardware to another
Move physical drives to new • The appliance verifies that the
physical drives have been inserted
server hardware
1. Unassign server profile from the
current server hardware.
2. Physically remove the local
storage drives from the server
hardware.
3. Insert the local drives into new
server hardware.
4. Do not select Re-initialize
internal storage when you apply
the server profile to the new server
hardware.
Assign a server profile to server
hardware that has local storage
configured
Result
correctly by validating the saved
unique identifier.
A. Import existing drives and • The unique identifier is preserved.
data
• The existing logical drives and data
1. Delete or unassign the current
server profile.
2. Select Import existing logical
drives when applying the new
server profile.
B. Back up and copy data
1. Back up data.
2. Delete or unassign the server
profile.
3. Select Re-initialize internal
storage when applying the new
server profile.
4. Copy the backed-up data to the
new logical drive on the server
hardware.
are imported.
• A new logical drive is created with
a new unique identifier.
• The backed-up data is copied to the
new logical drive.
12.2.3.10.5 About local storage and mezzanine storage controllers
Logical drives on a mezzanine storage controller are backed by a SAS logical JBOD. Once the
logical drive gets instantiated (that is, not pending), you can view the details of the associated
SAS logical JBOD on the Logical Interconnects screen.
Effects of changing the mezzanine storage controller mode
•
Changing between HBA and RAID causes all logical drives or logical JBODs to be deleted
from the controller.
•
Changing from managed manually to HBA or RAID causes all logical drives or logical
JBODs to be deleted from the controller.
•
Changing from HBA or RAID to managed manually results in logical drives or logical
JBODs already configured on the controller to remain attached to the storage controller with
no data loss. However, the controller configuration settings and the logical drive tracking
data are discarded from the server profile.
12.2 Managing server profiles 151
12.2.3.11 About attaching SAN volumes to a server profile
Volumes are associated with server profiles through volume attachments. Attaching a volume
to a server profile gives the server hardware assigned to the server profile access to storage
space on a storage system.
As you create or edit a server profile, you can attach an existing volume or dynamically create
a new volume to attach.
Newly created volumes can be marked as permanent so that they continue to exist after they
are removed from the profile or if the profile is deleted. Otherwise, a nonpermanent volume is
deleted when the server profile is deleted.
Properties for attaching a volume can be configured through the server profile. For example, you
can enable and disable storage paths from the server to the SAN storage.
Storage targets
Within a server profile, storage target ports for volume attachment can be assigned automatically
or you can manually assign available ports. The target ports that are assigned automatically will
belong to same port group. Target ports that you assign manually can belong to the same or
different port groups. Port groups are created when you add a storage system to HPE OneView.
Existing HPE 3PAR volumes
On 3PAR StoreServ Storage systems, a host sees VLUN allows only a specific host to see a
volume and a matched set VLUN allows only a specific host on a specific port to see the volume.
To reuse a host sees configuration in HPE OneView when adding an existing 3PAR volume to
a profile, you must enter the exact LUN value as configured on the 3PAR array.
In HPE OneView, use the Manual LUN option to add the exact LUN value in the Add Volume
dialog. To reuse end-to-end connectivity for the volume, manually specify the following:
•
LUN value (matching the LUN on the 3PAR storage system)
•
Target ports
Also, to attach (export) a 3PAR volume as host sees, all storage paths to that volume must be
enabled or disabled together. Some paths cannot be enabled while some are disabled. For more
information, download the HPE 3PAR StoreServ Storage Concepts Guide from the HPE Storage
Information Library http://www.hpe.com/info/storage/docs.
152 Managing server hardware, server profiles, and server profile templates
12.2.3.12 About server profile consistency validation
Consistency checking is validating a server profile to ensure that it matches the configuration of
its parent server profile template. The appliance monitors both the server profile and server profile
template, compares the two, and checks the following for consistency.
Profile section
Consistency checking
General
• Server hardware type
• Enclosure group
• Affinity
NOTE: Server hardware type and enclosure group inconsistencies must be fixed manually;
that is, you must edit the profile and change the hardware type and enclosure group to match
the template.
Firmware
If firmware is not managed by a server profile template, then a firmware server profile
configuration is not validated for consistency. Otherwise, the following configurations are
validated for consistency.
• Firmware baseline
• Installation method
NOTE: Forcibly installed firmware is compared only if the firmware baseline is inconsistent.
Otherwise, forcibly installed firmware is not checked for consistency.
Connections
Connections are compared to identify if extra or missing connections are present. For similar
connections, the following attributes are checked for differences.
• Port
• Network
• Requested bandwidth
• Requested virtual functions (Ethernet)
• Connection boot settings
NOTE: Extra connections in the server profile with port id None are not considered
inconsistent.
Local Storage
If local storage is not managed by server profile template, then local storage server profile
configuration is not validated for consistency. Otherwise, the following configurations are
validated for consistency.
• Controller mode
• Logical drives
NOTE: Inconsistencies in local storage are not fixed automatically by Update from
Template. They must be fixed manually.
SAN Storage
If SAN storage is not managed by server profile template, then SAN storage server profile
configuration is not validated for consistency. Otherwise, for volumes with sharing type
private, the profile requires the same number of private volumes as defined in the server
profile template from the same storage pools, and that LUN numbers remain consistent. Any
differences in the number of private volumes, their storage pool, or a LUN number will be
flagged as an inconsistency.
For volumes with sharing type shared,the profile must be attached to all the shared volumes
associated to the server profile template with matching LUN numbers and storage paths to
remain consistent. Additional shared volumes can be attached without causing a consistency
state.
The Host OS type designated in a profile must match the server profile template to remain
compliant.
NOTE:
Extra attachments in the server profile do not cause inconsistency.
12.2 Managing server profiles 153
Profile section
Consistency checking
Boot Settings
If Boot settings are not managed by server profile template, then server profile configuration
for boot settings is not validated for consistency. Otherwise, all configurations must match
the server profile template.
BIOS Settings
If BIOS settings are not managed by server profile template, then BIOS server profile
configuration is not validated for consistency. Otherwise, all configuration must match the
server profile template.
Advanced
“Hide unused FlexNICs” instruction must match the server profile template.
If configurations match, the server profile Consistency state field is set to Consistent and is
considered to be compliant.
Any inconsistency results in an alert for the server profile and the Consistency state field is set
to Inconsistent with template.
12.2.3.13 Virtual functions
Virtual functions allow for sharing I/O devices by allocating a logical I/O hardware device to a
virtual machine (VM). Virtual functions provide a mechanism by which a single Ethernet port can
appear to be multiple separate physical devices, each containing the resources necessary for
I/O operations. Single root, I/O virtualization (SR-IOV)-capable devices provide configurable
numbers of independent virtual functions, each with its own configuration space. You can assign
one or more virtual functions to a virtual machine.
Single networks, network sets, tunneled networks, and untagged networks are supported as
virtualized functions.
To take advantage of this capability, the server BIOS must support virtual functions and must be
configured to enable this feature.
12.2.4 When to use a server profile
A server profile allows you to do the following tasks:
•
Manage the server hardware configuration separately from the actual server hardware.
•
Easily reapply the configuration to the server hardware if the server hardware is serviced or
replaced.
•
Define the server configuration before the server hardware installation.
•
Capture significant portions of the server configuration in one place, greatly simplifying and
hastening server configuration.
Depending on the hardware environment, you can configure many or all the following settings.
•
•
Firmware (optional):
◦
Specify the Service Pack for ProLiant (SPP) version and the installation method to install
the firmware and drivers while the server is powered on (the updates are applied over
the management network).
◦
Specify to install the firmware without drivers regardless of whether the server is powered
on or off (the server hardware will be powered on to install the firmware).
◦
Supported for Gen9 servers.
BIOS settings (optional):
◦
Specify the BIOS settings to apply on the selected server hardware.
◦
Supported for Gen 9 servers.
154 Managing server hardware, server profiles, and server profile templates
•
•
•
•
Boot Order (optional):
◦
Specify the BIOS boot order or UEFI Boot Order to apply on the selected server
hardware.
◦
Supported for Gen 9 servers.
Local Storage configuration (optional):
◦
Configure the disk drives directly connected to the integrated Smart Array controlled
with a specific RAID level to create a logical volume.
◦
Configure multiple logical volumes depending on the number of disk drivers supported
by the server hardware.
◦
Specify the local storage configuration for Gen 9.
Connections (required for Virtual Connect):
◦
Describe which Ethernet networks and Fibre Channel SANs are accessible by the server
hardware.
◦
Describe boot configuration options.
◦
Virtual Connect allows the MACs and WWNs to be virtualized, so that MACs and WWNs
presented to the networks remain constant when the underlying hardware components
change.
Storage Attachments (requires Virtual Connect):
◦
Describes which StoreServ volumes are accessible by the server and supports creation
of new StoreServ volumes, which are accessible using Fibre Channel or FCoE.
◦
Describes the StoreServ volumes to automate the presentation of the volumes to the
server hardware to eliminate the need to manually configure zoning.
More information
HPE OneView Support Matrix for HPE Synergy
HPE OneView Synergy Configuration and Compatibility Guide
“When to use a server profile template” (page 156)
12.3 Managing server profile templates
A server profile template serves as a structural reference when creating a server profile. All of
the configuration constructs of a server profile are present in the server profile template. This
template type defines the centralized source for the configuration of firmware, connections, local
storage, SAN storage, boot, BIOS, profile affinity, and whether unused FlexNICs are hidden.
12.3.1 Roles
•
Minimum required privileges: Infrastructure administrator or Server administrator
12.3.2 Tasks for server profile templates
The appliance online help provides information about using the UI or the REST APIs to:
•
Create a server profile template.
•
Copy, edit, or delete a server profile template.
12.3 Managing server profile templates 155
•
Update the profile configuration from the server profile template.
•
Update firmware with a server profile template.
12.3.3 About server profile templates
Server profile templates provide a mechanism to store configurations for a server profile. Typically,
you capture best-practice configurations in a server profile template, and then create and deploy
server profiles.
12.3.3.1 About creating a server profile template
You can create one or more templates to store the configurations for all the settings of a server
profile. When you create a server profile template, you can specify the server hardware type and
the enclosure group. You cannot change the server hardware type and the enclosure group after
creating the template. All profiles generated from the same template will have the same server
hardware type and enclosure group.
The connections are always mapped to ports; that is, a saved server profile template will never
have connections with Port=Auto. You cannot configure connections with Port=None.
You cannot add an existing private volume. For more information about creating a server profile
template, see the online help Server Profile Template screen details.
12.3.3.2 About editing a server profile template
Edit a server profile template to change the settings associated with that template. You can edit
a server profile template any time after it has been created. You can also edit a server profile
template that has an Error condition to make corrections.
When you edit a server profile template, the appliance analyzes the changes and updates the
template configuration. Then, all the server profiles created from the template are evaluated for
compliance and a notification is given indicating the number of profiles that will be affected by
the change. The profiles are marked as non-compliant. You can use Update from template
option in Server Profiles to accept all the changes from the template.
NOTE: Server hardware must be powered off to update from template, unless the changes
that are made can be made online such as networks and network bandwidth.
When you edit a server profile template, consider the following:
•
Server profile template names must be unique.
•
You cannot switch between virtual and physical identifiers for the following:
◦
Serial number/UUID
◦
MAC address
◦
WWN
12.3.4 When to use a server profile template
A server profile template allows you to do the following tasks:
•
Manage the server hardware configuration separately from the actual server hardware.
•
Easily reapply the configuration to the server hardware if the server hardware is serviced or
replaced.
•
Define the server configuration prior to the server hardware installation.
•
Capture significant portions of the server configuration in one place, greatly simplifying and
hastening server configuration.
156 Managing server hardware, server profiles, and server profile templates
Depending on the hardware environment, you can configure many or all of the server profile
settings.
Server profile templates are useful as you can:
•
Manage many server profiles with the same configuration.
•
Easily generate new server profiles from the template.
•
Control configuration changes for multiple servers at once. HPE OneView checks compliance
in all the server profiles that are referenced to the template.
•
Automatically resolve the compliance issues using the Update from Template action. The
server profile configuration is adjusted to match the server profile template.
More information
HPE OneView Synergy Configuration and Compatibility Guide
12.4 Learning more
•
“Understanding the resource model” (page 39)
•
“About enclosures or Synergy frames” (page 196)
•
“Managing licenses” (page 161)
•
“Troubleshooting server hardware” (page 379)
•
“Troubleshooting server profiles” (page 382)
12.4 Learning more 157
158
13 Managing fabrics
This chapter provides information on the creation of a fabric and what resources are associated
with it. In addition to the resources, a fabric contains the reserved VLAN pool range.
UI screens and REST API resources
UI screen
REST API resource
fabrics
13.1 Roles
•
Minimum required privileges: Network administrator
13.2 About fabrics
A fabric provides a common model and consistent state representation for both layer 2 and layer
3 network configurations and deployed network services associated with a physical network. The
set of available networks in a domain are consistent among the networks, interconnect modules,
and logical switches, when all are part of the same fabric.
Creating and deleting a fabric
A fabric is created and assigned a default name when a domain is created. A fabric is deleted
when the domain is deleted. Only a single, default fabric is created for each domain. Multiple
fabrics associated with one domain are not supported.
Associating resources with fabrics
The following resources are associated with a fabric:
•
Networks
•
Logical Interconnects
•
Logical Interconnect Groups
•
Reserved VLAN pool
When you create a resource, the resource is associated with a fabric. When you delete a resource,
the association to the fabric is deleted.
13.3 About reserved VLAN pools
A reserved VLAN pool is a range of VLANs used for allocation of non-tagged networks:
•
Tunnel
•
Untagged
Tagged networks and FCoE networks use VLANs outside of the reserved pool. You cannot use
a reserved VLAN for tagged or FCoE networks.
The VLAN pool allows the number of available VLANs to be segregated between tagged and
non-tagged networks. Because non-tagged networks use VLANs for internal translation resources,
a reserved VLAN pool can provide a sufficient number of VLANs available for allocation of those
internal VLANs. In addition, the reserved pool range removes the need for translation resources
to be used on tagged networks.
For the total number of VLANs allowed, see the HPE OneView 3.0 Support Matrix for HPE
Synergy or the HPE OneView Synergy Configuration and Compatibility Guide.
13.1 Roles 159
Creating and managing a reserved VLAN pool
A reserved VLAN pool is unique within a fabric, but independently allocated within each logical
interconnect. The reserved range is identical across all logical interconnects within a fabric. The
remaining VLANs (outside of the pool) are shared among all the logical interconnects within the
fabric.
•
For HPE OneView running embedded on a HPE Synergy 12000 Frame, the default range
starts at 3967 and the size is 128. The minimum size of the pool must be 50 VLANs to ensure
the pool is not exhausted.
The size of the pool cannot exceed 128 VLANs.
To change the default range or the size of the VLAN pool, see Update a VLAN pool range in the
REST API online help.
160 Managing fabrics
14 Managing licenses
You manage licenses from the Settings screen or by using the REST APIs.
14.1 UI screens and REST API resources
UI screen
REST API resource
Settings
licenses
14.2 Roles
•
Minimum required privileges: Infrastructure administrator
14.3 Tasks for licenses
The appliance online help provides information about using the UI or the REST APIs to:
•
Add a license key to the appliance license pool.
•
View licensing status information through license graphs.
14.4 About licensing
•
“License types” (page 161)
•
“Purchasing or obtaining licenses” (page 162)
•
“License delivery” (page 163)
•
“License reporting” (page 163)
14.4.1 License types
14.4.1.1 Interconnect licenses
Synergy 8Gb FC Upgrade license
The Synergy 8Gb FC Upgrade license is required for the following interconnects in order for
them to use Fibre Channel uplinks.
•
HPE Synergy 40Gb F8 Switch Module
•
HPE Virtual Connect SE 40Gb Module for HPE Synergy
14.4.1.2 Server hardware licenses
An HPE OneView Advanced license is included with all HPE Synergy server hardware. There
are no keys to redeem or manage.
For Synergy server hardware, an iLO Advanced license is also included.
14.4.1.3 Other licenses
14.4.1.3.1 EULA
The appliance has a EULA (End-User License agreement) that you must accept before using
the appliance for the first time. You can view the EULA from the Help sidebar.
14.1 UI screens and REST API resources 161
14.4.2 About interconnect licensing
Certain interconnects will need an interconnect license assigned to the bay in which they are
installed in order to use Fibre Channel uplinks. For unmanaged interconnects, Fibre Channel
capabilities are disabled if you do not have sufficient licenses.
You can purchase interconnects with licenses already installed, or you can purchase standalone
licenses separately and manually add them to the Synergy Composer from the Licenses section
of the Settings screen.
Interconnect licensing is designed so that you set your licensing intent to the bay that contains
the interconnect, not to the interconnect itself. This enables you to swap interconnects of the
same model into the bay without making any changes to licensing.
14.4.2.1 Licensing for managed interconnects
You assign licenses to managed interconnects by creating a Fibre Channel uplink set within the
logical interconnect that specifies that interconnect.
•
If you remove an interconnect and then re-insert the same model, a license is automatically
re-applied.
•
If you remove an interconnect and insert a different model, the license assigned to the bay
is not automatically re-applied.
•
If licenses are available, they are automatically assigned to interconnect bays that contain
managed interconnects.
•
When you physically remove a managed interconnect, the license remains assigned to the
interconnect bay.
•
When you remove the last remaining Fibre Channel uplink set from a managed interconnect,
the interconnect bay license is released back to the license pool.
14.4.2.2 Licensing for unmanaged interconnects
You assign licenses to unmanaged interconnects through the UI by specifying the licensing intent
for the interconnect from the Logical Enclosures+Edit dialog under Interconnect Bay Licensing
•
If you remove an interconnect and then re-insert the same model, a license is automatically
re-applied.
•
If you remove an interconnect and insert a different model, the license assigned to the bay
is not automatically re-applied.
•
When you insert an unmanaged interconnect and the bay has no licensing intent (license
setting specified in the logical enclosure), the intent defaults to No.
•
When you physically remove an unmanaged interconnect, the license is released back to
the license pool.
14.4.3 Purchasing or obtaining licenses
Purchasing factory-integrated (embedded) software and hardware provides the best licensing
experience because the license is delivered on the hardware and HPE OneView automatically
adds the licenses to the license pool on discovery of the hardware.
If you purchase nonintegrated licenses, you must activate and register the licenses using the
Hewlett Packard Enterprise licensing portal at My HPE Licensing. After you register your licenses,
you add the license keys to the appliance.
More information
“License types” (page 161)
162 Managing licenses
14.4.4 License delivery
Interconnect licenses
License delivery depends on how the license is purchased. The license delivery methods for the
Synergy 8Gb FC Upgrade license are:
•
Embedded on an interconnect. All interconnect licenses are automatically added to the HPE
OneView license pool when the interconnect with the embedded licenses is added to HPE
OneView.
•
Standalone license purchased separately from the hardware. You must manually add the
license to the HPE OneView license pool.
More information
“About interconnect licensing” (page 162)
14.4.5 License reporting
Basic license reporting indicates whether the appliance has enough licenses for the interconnect
bays in your environment.
From the Licenses view on the Settings screen, you can view the following:
•
The number of available licenses
•
The number of licensed interconnect bays
•
The number of licenses required for compliance (all interconnect bays licensed)
14.5 Learning more
•
“Troubleshooting licenses” (page 372)
14.5 Learning more 163
164
15 Managing networks and network resources
This chapter describes configuring and managing networks and network resources for the
enclosures and server blades managed by the appliance.
NOTE: The network features described in this chapter apply to enclosures and server blades
only. The appliance does not monitor or manage the network features and hardware for rack
mount servers or for networking equipment outside the enclosures.
UI screens and REST API resources
UI screen
REST API resource
Networks
connection-templates, ethernet-networks, fc-networks and
fcoe-networks
Network Sets
network-sets
15.1 Roles
•
Minimum required privileges: Infrastructure administrator or Network administrator
15.2 Tasks for networks
You can manage Fibre Channel, Ethernet, and FCoE networks from the UI Networks screen or
by using the REST APIs.
15.2.1 Tasks for Fibre Channel networks
The appliance online help provides information about using the UI or the REST APIs to:
•
Add and delete a Fibre Channel SAN.
•
Edit a Fibre Channel SAN configuration.
•
Associate a network with a managed SAN.
15.2.2 Tasks for Ethernet networks
The appliance online help provides information about using the UI or the REST APIs to:
•
Add, edit (change a network configuration), and delete a network.
•
Add an untagged or tunnel network.
•
Create the management network for Synergy Image Streamer.
•
Create the deployment network for Synergy Image Streamer.
•
Add, edit, and delete a network set.
15.1 Roles 165
15.2.3 Tasks for FCoE networks
The appliance online help provides information about using the UI or the REST APIs to:
•
Add, edit (change a network configuration), and delete a network.
15.3 About networks
The HPE Virtual Connect interconnects in enclosures support the following types of data center
networks:
•
Fibre Channel for storage networks using fabric-attach (SAN) Fibre Channel (FC) connections.
•
Ethernet for data networks, including tagged, untagged, or tunnel networks.
•
Fibre Channel over Ethernet (FCoE) for storage networks where storage traffic is carried
over a dedicated Ethernet VLAN.
IMPORTANT: The networking features described in this section apply to enclosures and
servers only. The appliance does not monitor or manage the network features and hardware for
rack mount servers or networking equipment outside the enclosures.
About creating networks
Before creating networks, be aware of the networking maximums. See the HPE OneView 3.0
Support Matrix for HPE Synergy or the HPE OneView Synergy Configuration and Compatibility
Guide for more information.
Before you create a connection in a server profile, you must:
•
Create at least one network
•
Add the network to a logical interconnect group
•
Assign the network to internal networks or an uplink set
You can create networks before you add an enclosure, which is known as pre-provisioning.
About provisioning networks
An Ethernet network is provisioned to an interconnect when the network is associated with an
uplink set or internal networks in a logical interconnect.
An FC or FCoE network is provisioned to an interconnect when the network is associated with
an uplink set in a logical interconnect.
An Ethernet and FCoE network must be provisioned to a logical interconnect and be consistent
with the logical interconnect group to be deployed in a server profile connection.
15.4 About network sets
A network set is a collection of tagged Ethernet networks that form a named group to simplify
server profile creation. Network sets are useful in virtual environments where each server profile
connection needs to access multiple networks. Use network sets in server profile connections
to make all networks on a connection's downlink port available. Network sets define how packets
will be delivered to the server when a server Ethernet connection is associated with the network
set. Network sets also enable you to define a VLAN trunk and associate it with a server connection.
166 Managing networks and network resources
Instead of assigning a single network to a connection in a server profile, you can assign a network
set to that connection.
•
Using network sets, you can quickly deploy changes to the network environment to multiple
servers. For example, you have 16 servers connected to a network set. To add a new network
to all 16 servers, you only need to add it to the network set instead of each server individually.
•
You can create a network set for your production networks and one for your development
networks.
Network set prerequisites
•
All networks in a network set must be Ethernet networks and must have unique external
VLAN IDs. Untagged and tunnel networks are single networks and do not use network sets.
•
All networks in a network set must be configured in the same appliance.
•
A network can be a member of multiple network sets.
•
All networks in a network set must be added to uplink sets or internal networks in the logical
interconnect group (and its logical interconnects) in order to be used in server profiles with
connections to the logical interconnect.
•
A network set can be empty (contain no networks) or can contain one or more of the networks
configured in the logical interconnect group and logical interconnect. Empty network sets
enable you to create network sets in the configuration before you create the member
networks, or to remove all of the member networks before you add their replacements.
However, if a server profile adds a connection to an empty network set, the server cannot
connect to any data center networks using that connection.
Creating, editing, and deleting network sets
•
When you create or modify a network set, you can designate a network for untagged packets.
If you do not designate an untagged network, untagged packets are rejected on the profile
connection associated with this network set.
•
Server traffic must be tagged with the VLAN ID of one of the Ethernet networks in the network
set. Untagged server traffic is either sent to the untagged network (if an untagged network
is defined) or is rejected (if no untagged network is defined).
•
The untagged network can send tagged and untagged traffic between the server and the
interconnect simultaneously.
When you create or modify a network set, you define the maximum bandwidth and the
preferred bandwidth for connections to that network set. A server profile can override the
preferred bandwidth but not the maximum bandwidth.
•
When a network is deleted, it is automatically deleted from all network sets to which it
belonged.
•
When you delete a network set, the networks that belong to the network set are not affected.
However, any servers with a connection to that network set are affected because their
connections are defined as being to the network set and not to the individual networks.
Because the network set is no longer available, the network traffic to and from that server
through that connection is stopped. When you delete a network set, any server profile
connections that specified that network set become disconnected.
•
When deleting networks in a network set, if all in-use networks are removed from the network
set, all assigned profiles using this network set are in error and the server profile connections
lose connectivity. To avoid connectivity loss, either leave at least one network in the network
set or disassociate the network set from all server profiles.
15.4 About network sets 167
15.5 About Fibre Channel networks
You can use Fibre Channel networks to connect to storage systems.
•
“Fibre Channel network types” (page 168)
•
“Fabric-attach Fibre Channel networks” (page 168)
15.5.1 Fibre Channel network types
The Virtual Connect interconnects in enclosures support the following type of Fibre Channel
networks when connecting to storage systems:
•
Fabric-attach networks—The enclosure interconnects connect to data center SAN fabric
switches.
15.5.2 Fabric-attach Fibre Channel networks
SAN infrastructures typically use a Fibre Channel switching solution involving several SAN
switches that implement NPIV (N-Port ID Virtualization) technology. NPIV uses N-ports and
F-ports to build a Fibre Channel SAN fabric. NPIV enables multiple N_Ports to connect to a switch
through a single F_Port, so that a server can share a single physical port with other servers, but
access only its associated storage on the SAN.
When you configure a fabric-attach Fibre Channel network, the port you choose for the uplink
from the enclosure interconnect to the storage SAN must support NPIV (N_Port ID Virtualization).
15.5.3 Direct-attach Fibre Channel networks
NOTE: Connecting servers directly to an HPE 3PAR Storage system using direct-attach Fibre
Channel networks is not supported for Synergy frames.
15.6 About Ethernet networks
You use Ethernet networks as data networks. You can create the following types of Ethernet
networks:
•
Tagged
•
Untagged
•
Tunnel
15.6.1 About tagged Ethernet networks
A tagged network uses virtual LANs (VLANs), allowing multiple networks to use the same physical
connections. By sharing physical uplinks, you can separate traffic streams from different servers
using the same set of uplinks.
Tagged Ethernet networks that are connected to enclosure interconnects require a VLAN ID.
•
Each network name in the appliance must be unique.
Tagged Ethernet networks and network sets
You can assign multiple tagged Ethernet networks to a named group called a network set. Later,
when you add a connection in a server profile, you can select this network set to enable multiple
networks to be selected for that single connection. Any change made to a network set is applied
to all server profiles using the network set.
168 Managing networks and network resources
15.6.2 About untagged Ethernet networks
An untagged network is a single dedicated network without a VLAN tag, used to pass traffic
without VLAN tags. Any tagged packets are dropped. Forwarding is done by MAC address. You
might want to configure an untagged network for iSCSI storage traffic or set up networks without
configuring VLANs.
15.6.3 About tunnel Ethernet networks
A tunnel network is a single dedicated network with a dedicated set of uplink ports used to pass
a group of VLANs without changing the VLAN tags. You can have a tunnel network with a
maximum of 4094 VLANs.
15.6.4 About Smart Link
Smart Link enables the server software to detect and respond to a loss of network connectivity
on the interconnect uplink ports. With Smart Link enabled, the Virtual Connect interconnects
will drop the Ethernet link on all server connections associated with the network if all uplink ports
within an uplink set lose their connection to the data center switches. Smart Link causes the
operating system to detect a failure and direct traffic to an alternate path.
Smart Link can be helpful when using certain server network teaming (bonding) policies.
15.7 About the HPE Image Streamer management network
The Image Streamer management network connects the Image Streamer and Synergy Composer
appliances to support managing the OS deployment server from HPE OneView. The management
network must have the same subnet, gateway, and DNS server configurations as HPE OneView.
The management network must be defined in HPE OneView as a tagged network and must have
an IP pool large enough to support configuration of all the Image Streamer appliances. Do not
use the management network for any other purpose.
IMPORTANT: The Image Streamer management network must be configured properly for
Image Streamer to operate correctly. Otherwise, the misconfigured OS deployment server must
be deleted and recreated.
Image Streamer management network must be tagged to permit connection between the
management network and interconnects. Tagging the Image Streamer management network
will not change the HPE Synergy Frame Link Module MGMT port configuration. Access to HPE
OneView and Image Streamer through MGMT ports will continue to be untagged.
Do not change the HPE OneView network settings because HPE OneView will lose the ability
to manage the Image Streamer deployment server. If the HPE OneView network settings must
be changed, the deployment server must be deleted and recreated.
HPE Synergy Image Streamer online help at www.hpe.com/info/synergy-docs
15.8 About Fibre Channel over Ethernet (FCoE) networks
FCoE networks are a combination of both Ethernet and Fibre Channel technology and are used
when storage traffic is carried over a dedicated Ethernet VLAN. Like a tagged Ethernet network,
FCoE networks use VLANs to allow multiple networks to use the same physical connection. See
the HPE OneView 3.0 Support Matrix for HPE Synergy or the HPE OneView Synergy
Configuration and Compatibility Guide for the number of FCoE networks that can be assigned
to a single interconnect and for a single logical interconnect or logical interconnect group. Like
FC traffic, FCoE traffic does not cross stacking links.
FCoE networks lower cost through:
15.7 About the HPE Image Streamer management network 169
•
Cable consolidation
•
Reduction in the number of SAN fabric switches
•
Adapter and interconnect consolidation
FCoE network requirements
•
Assigned VLAN ID, from 2 to 4094
•
Ethernet uplink set
•
Uplink ports are FCoE-capable and come from a single FCoE-capable interconnect module
15.9 Data center switch port requirements
Although you can configure an uplink set to receive incoming network traffic as untagged by
designating a network in that uplink set as Native, traffic egressing the uplink set is always
VLAN tagged (except for untagged uplink sets).
The switch ports for data center network switches that connect to the Virtual Connect interconnects
must be configured as follows:
•
Spanning tree edge (because the Virtual Connect interconnects appear to the switch as
access devices instead of switches).
•
VLAN trunk ports (tagging) to support the VLAN IDs included in the uplink set that connects
to the switch port.
For example, if you configure an uplink set, prodUS, that includes the production networks
prod 1101 through prod 1104 to use the Q ports of the interconnects in bay 1 and bay
2 of Enclosure 1, then the data center switch ports that connect to those Q ports must be
configured to support VLAN IDs 1101, 1102, 1103, and 1104.
•
If multiple uplinks in an uplink set connect the same logical interconnect to the same data
center switch, you must configure the data center switch ports for LACP (Link Aggregation
Control Protocol) in the same LAG (Link Aggregation Group) to ensure that all the uplinks
in the uplink set are active.
Set the frequency of control messages: short — every 1 second with a 3–second timeout;
or long — every 30 seconds with a 90–second timeout.
15.10 Learning more
•
“Understanding the resource model” (page 39)
•
“Managing interconnects, logical interconnects, and logical interconnect groups” (page 171)
•
“Troubleshooting networks” (page 378)
170 Managing networks and network resources
16 Managing interconnects, logical interconnects, and
logical interconnect groups
A logical interconnect group acts as a recipe for creating a logical interconnect representing the
available networks, uplink sets, stacking links, and interconnect settings for a set of physical
interconnects in a single enclosure.
UI screens and REST API resources
UI screen
REST API resource
Interconnects
interconnects
Logical Interconnects
logical-interconnects
Logical Interconnect Groups
logical-interconnect-groups
16.1 Managing enclosure interconnect hardware
When you add an enclosure, any interconnects in the enclosure are also added to the management
domain, and they remain in the domain as long as the enclosure is part of the domain. You can
manage enclosure interconnect hardware from the UI Interconnects screen or by using the
REST APIs.
16.1.1 Roles
•
Minimum required privileges: Infrastructure administrator or Network administrator
16.1.2 Tasks for interconnects
The appliance online help provides information about using the UI or the REST APIs to:
•
Add or replace a physical interconnect.
•
Clear port counters.
•
Enable or disable uplink ports or downlink ports.
•
Reapply an interconnect configuration.
•
Reset loop protection.
•
View data transfer statistics for uplink and downlink ports.
•
Power on or off an interconnect in a HPE Synergy 12000 Frame.
•
Reset an interconnect in a HPE Synergy 12000 Frame.
•
Power on or off an interconnect UID light in a HPE Synergy 12000 Frame.
16.1.3 About interconnects
Interconnects enable communication between the server hardware in the enclosure and the data
center networks.
16.1.3.1 About managed and monitored interconnects
Interconnects are added automatically when the enclosure that contains them is added to the
appliance.
Managed
HPE OneView manages the interconnects—enabling you to apply configurations,
collect statistics, and alert users to specific conditions.
16.1 Managing enclosure interconnect hardware 171
Monitored
HPE OneView monitors hardware for inventory and hardware status only.
Monitored interconnects are not associated with firmware baselines or logical
interconnects.
By default, newly added interconnects have their firmware in an unset state.
Managed interconnects
Managed interconnects are an integral part of an enclosure, and each managed interconnect is
a member of a logical interconnect. Each logical interconnect is associated with a logical
interconnect group, which is associated with an enclosure group. For more information about
logical interconnects, see “About logical interconnects” (page 174). For information about the
relationship that enclosures and enclosure groups have with interconnects, logical interconnects,
and logical interconnect groups, see .
You can update managed interconnect firmware using an SPP (Service Pack for ProLiant).
16.1.3.2 About unmanaged and unsupported interconnects
Unmanaged interconnects
If you create a logical enclosure in which the interconnects installed in the enclosure do not match
the associated logical interconnect group, each interconnect reports its state as unmanaged. An
interconnect can be the expected type, but if the firmware is out of date it is listed as unmanaged.
The physical interconnect configuration in the enclosure must match the logical interconnect
group associated with the logical enclosure before an interconnect can be managed.
HPE OneView allows you to monitor unmanaged interconnects and perform common actions
such as power on, power off, or reset, as well as turn the UID light on or off. You can also assign
an IP address for the enclosure group or use DHCP, and assign a Fibre Channel license for use
with uplink ports.
For interconnects not directly managed by HPE OneView, some support an embedded
management interface. When available, you can launch that management console using the link
provided.
NOTE: When using the system console, accessing an interconnect’s remote management
interface is not supported. The interconnect’s management URL will be displayed as text, and
not as a link. If required, you can access the interconnect’s serial (command line) interface when
on the console.
Unsupported interconnects
Unsupported hardware is hardware that the appliance cannot manage.
If you create a logical enclosure in which the interconnects installed in the enclosure do not match
anything that is supported, each interconnect reports its state as unsupported.
16.1.3.3 FIP snooping
Fibre Channel over Ethernet (FCoE) is used to transport Fibre Channel (FC) storage data over
a dedicated Ethernet cable. FCoE Initialization Protocol (FIP) handles the FC discovery and login
process for FCoE networks. FIP uses a Fibre Channel Forwarder (FCF), which is an Ethernet
switch capable of handling FCoE. An FCF is like a Fibre Channel switch that has Ethernet ports.
FIP provides an Ethernet MAC address used by FCoE to traverse the Ethernet network. FIP
obtains the Fibre Channel ID (FC ID) from the Ethernet network, which is required on the Fibre
Channel network.
FIP snooping provides statistical data that can be used to monitor, verify, or troubleshoot
connectivity.
172 Managing interconnects, logical interconnects, and logical interconnect groups
For a list of interconnects where FIP snooping is supported, see the appropriate support or
compatibility matrix on the Hewlett Packard Enterprise Information Library.
More information
“Additional uplink port details” in the online help.
“Additional downlink port details” in the online help
16.1.3.4 Connectivity and synchronization with the appliance
The appliance analyzes the health status of interconnects and issues alerts when there is a
change in status of an interconnect or port. The appliance maintains the configuration that you
specify on the interconnects that it manages.
The appliance also tracks the connectivity status of interconnects. If the appliance loses
connectivity with an interconnect, an alert is displayed until connectivity is restored. The appliance
attempts to resolve connectivity issues and clear the alert. If it cannot, you have to resolve the
issues and manually refresh the interconnect to synchronize it with the appliance.
You can manually refresh the connection between the appliance and an interconnect from the
Interconnects screen. See the online help for the Interconnects screen to learn more.
16.1.4 Learning more
•
“Interconnects” (page 46)
•
“Networking features” (page 26)
•
“Troubleshooting interconnects” (page 371)
16.2 Managing logical interconnects and logical interconnect groups
A logical interconnect represents the available networks, uplink sets, and stacking links for a set
of physical interconnects in a single enclosure. The Logical Interconnects screen provides a
graphical view of the logical interconnect configuration in an enclosure. Use this screen or the
REST APIs to manage the uplink sets for the logical interconnect.
When you add an enclosure, a logical interconnect is created automatically. The logical
interconnect group serves as a template to ensure the consistent configuration of all of its logical
interconnects.
16.2.1 Roles
•
Minimum required privileges: Infrastructure administrator or Network administrator
16.2.2 Tasks for logical interconnects
The appliance online help provides information about using the UI or the REST APIs to:
•
Add, edit, or delete an uplink set.
•
Change Ethernet settings such as:
◦
IGMP (Internet Group Management Protocol) snooping and idle timeout interval.
◦
Loop protection.
•
Configure a port to monitor network traffic.
•
Edit internal networks
•
Enable and disable physical ports.
•
Update firmware for the interconnects via the logical interconnects.
16.2 Managing logical interconnects and logical interconnect groups 173
•
Manage SNMP (Simple Network Management Protocol) trap destinations.
•
Manage the frequency of control messages through the LACP timer.
•
Reapply the logical interconnect configuration to its physical interconnects.
•
Update the logical interconnect configuration from the logical interconnect group.
•
View and download the MAC address table.
•
Define Quality of Service (QoS) settings for the logical interconnect
16.2.3 Tasks for logical interconnect groups
The appliance online help provides information about using the UI or the REST APIs to:
•
Create a logical interconnect group
•
Edit a logical interconnect group
•
Delete a logical interconnect group
•
Copy a logical interconnect group
•
Resize a logical interconnect group
•
Add or edit an uplink set that supports connections to Image Streamer
•
Define Quality of Service (QoS) settings to apply to the logical interconnect
16.2.4 About logical interconnects
A logical interconnect is a single administrative entity that consists of the configuration for a set
of interconnects in a single enclosure or a frame link topology, and includes:
•
The uplink sets, which connect to data center networks.
•
The mapping of networks to physical uplink ports, which is defined by the uplink sets for a
logical interconnect.
•
The internal networks, which are used for server-to-server communications without traffic
egressing any uplinks.
•
The downlink ports, which connect through the enclosure midplane to the servers in the
enclosure.
•
The connections between interconnects, which are called stacking links. Stacking links are
external cables between the external ports of interconnects.
See the appropriate support or compatibility matrix on the Hewlett Packard Enterprise
Information Library for the maximum number of networks that can be provisioned on a logical
interconnect.
For a server administrator, a logical interconnect represents the available networks through the
interconnect uplinks and the interconnect downlink capabilities through a physical server’s
interfaces. For a network administrator, a logical interconnect represents an Ethernet stacking
configuration, aggregation layer connectivity, stacking topology, network reachability, statistics,
and troubleshooting tools.
16.2.4.1 About uplink sets
An uplink set defines a single, dedicated network or a group of networks and physical ports on
a set of interconnects in an enclosure. An uplink set enables you to attach the interconnects to
the data center networks. An uplink set enables multiple ports to support port aggregation (multiple
ports connected to a single external interconnect) and link failover with a consistent set of VLAN
networks.
174 Managing interconnects, logical interconnects, and logical interconnect groups
Uplink sets that support connections to Image Streamer in a multi-frame configuration must be
assigned the type Image Streamer to correctly configure the associated ports. Image Streamer
uplink sets consist of one network and four uplink ports. An uplink set in a single-frame Image
Streamer configuration must be assigned the type Ethernet and use one uplink port.
•
For tagged Ethernet networks, an uplink set enables you to identify interconnect uplinks that
carry multiple networks over the same cable.
•
For untagged or tunnel Ethernet networks, an uplink set identifies interconnect uplinks that
are dedicated to a single network.
•
For Fibre Channel networks, you can add one network to an uplink set. Fibre Channel does
not allow virtual networks or VLANs.
•
For Fibre Channel over Ethernet (FCoE) networks, an uplink set enables you to carry multiple
Fibre Channel and tagged Ethernet networks over the same set of Ethernet cables.
•
For HPE VC SE 16Gb FC Modules, the total number of ports that you can assign to uplink
sets or use as a network analyzer port cannot exceed 12 ports per interconnect.
An uplink set is part of a logical interconnect. The initial configuration of the uplink sets for a
logical interconnect is determined by the configuration of the uplink sets for the logical interconnect
group, but you can change (override) the uplink sets for a specific logical interconnect.
Changes you make to the uplink sets for a logical interconnect group are not automatically
propagated to existing logical interconnects. For example, to propagate a newly added VLAN to
a logical interconnect group uplink set to its existing logical interconnects, you must individually
update each logical interconnect configuration from the logical interconnect group.
For each logical interconnect:
•
You can define zero or more uplink sets. See networking limits in the HPE OneView 3.0
Support Matrix for HPE Synergy or the HPE OneView Synergy Configuration and
Compatibility Guide for the maximum number of supported uplink sets and the maximum
network types supported in an uplink set.
If you do not define any uplink sets, the servers in the enclosure cannot connect to data
center networks.
•
A network can be a member of one uplink set per logical interconnect group only.
•
An uplink set can contain one or more tagged Ethernet networks. An uplink set for an
untagged or a tunnel network can only contain that one untagged or tunnel network.
•
An uplink set can contain one or more FCoE networks, but the uplinks must be contained
within a single FCoE-capable interconnect.
See firmware requirements in “About Fibre Channel over Ethernet (FCoE) networks” (page
169).
•
Within a logical interconnect group or logical interconnect, all VLAN IDs must be unique
across uplink sets and internal networks.
•
Internal networks allow server-to-server connectivity within the logical interconnect. Internal
networks are created by adding existing networks to the internal networks set. Internal
networks can be added to uplink sets which automatically removes them from the internal
networks set.
•
Ethernet networks in an uplink set must be specified individually and cannot be specified by
selecting a network set. The use of network sets in uplink sets is not supported for the
following reasons:
◦
The networking configuration is intended to be managed by users with a role of Network
administrator. Because users with a role of Server administrator can create and edit
network sets, allowing network sets to be members of uplink sets could result in server
16.2 Managing logical interconnects and logical interconnect groups 175
administrators changing the mapping of networks to uplink ports without the knowledge
of the network administrator.
◦
Because a network can be a member of more than one network set, allowing network
sets to be members of uplink sets would make it more difficult to ensure that no single
network is a member of more than one uplink set, especially as the network set
configurations change over time.
16.2.4.2 About defining Image Streamer uplink sets in logical interconnects
When you edit an Image Streamer uplink set to support connections to Image Streamer in a
multi-frame configuration, you designate four uplink ports. Both MGMT ports for link modules in
the same HPE Synergy 12000 Frame with an Image Streamer appliance must be connected to
uplink ports on different interconnects.
In a configuration with two enclosures, cross-connect the four MGMT and four uplink ports for
high availability, as outlined in the following table.
Enclosure
MGMT port
Interconnect
Uplink port
A
1
A
1
A
2
B
1
B
1
A
2
B
2
B
2
An uplink set in a single-frame Image Streamer configuration must be assigned the type Ethernet
and one uplink port.
More information
“About uplink sets” (page 174)
“About defining Image Streamer uplink sets in logical interconnect groups” (page 184)
HPE Synergy 12000 Frame Setup and Installation Guide
16.2.4.3 About internal networks
An internal network is a network that has no uplink ports and is used for server-to-server
communications within a logical interconnect. Servers that communicate with each other over
internal networks do so without the traffic egressing any uplinks.
Only tagged, untagged, and tunnel Ethernet networks can be members of internal networks.
If network connectivity outside of the logical enclosure is required, the network must be in an
uplink set associated with an uplink.
NOTE: A network is not available for profile connections until it is added to an uplink set or
internal networks in a logical interconnect group and the associated logical interconnect.
Adding and removing internal networks
Each logical interconnect group and logical interconnect has an internal network list which is
initially empty. Adding a network to the internal network list in both the logical interconnect group
and logical interconnect allows it to be used in server profile connections that can be mapped to
downlinks on the interconnects within the logical interconnect.
IMPORTANT: Duplicate networks in the internal networks list on more than one logical
interconnect can result in the inability for the servers in the enclosure to communicate.
176 Managing interconnects, logical interconnects, and logical interconnect groups
You can add or remove internal networks from the Logical Interconnects or Logical Interconnect
Groups screen. The internal network configuration created in the logical interconnect group is
inherited by associated logical interconnects. A logical interconnect can be made consistent with
the parent logical interconnect group by selecting Actions→Update from group.
Networks in the internal networks list appear as available networks for uplink sets. They are
automatically removed from internal networks if they are added to an uplink set.
Removing an Ethernet network from an uplink set in a logical interconnect automatically moves
it to internal networks so network connectivity is not lost for server profile connections using the
network. However, if you remove an Ethernet network from an uplink set in a logical interconnect
group, the network does not get moved automatically to the internal networks. If you want the
network to be internal, edit the logical interconnect group and add the network to the internal
networks.
16.2.4.4 About stacking links and stacking health
Stacking links
Stacking links apply to Ethernet networks only. You can connect all the interconnects to one
another through stacking links so that Ethernet traffic from a server connected to an interconnect
downlink can reach the data center networks through that interconnect or through a stacking link
from that interconnect to another interconnect. Before discovering enclosures, create a single
logical interconnect group with a single logical interconnect that contains all interconnects within
the enclosure. This creates a fully stacked enclosure.
To set up an enclosure that is not stacked, configure multiple logical interconnect groups where
each interconnect is in a separate logical interconnect group (and subsequently separate logical
interconnects). You can also set up a partially-stacked enclosure where you have more than one
interconnect in a logical interconnect group. See “About multiple logical interconnect groups in
an enclosure group” (page 179) for more information.
Stacking health
The appliance detects the topology within an enclosure of the connections between interconnects,
and determines the redundancy of paths between servers and data center networks. The appliance
reports redundancy information as the stacking health of the logical interconnect, which is one
of the following:
Redundantly Connected
There are at least two independent paths between any pair of
interconnects in the logical interconnect, and there are at least
two independent paths from any downlink port on any
interconnect in the logical interconnect to any other port (uplink
or downlink) in the logical interconnect.
Connected
There is a single path between any pair of interconnects in the
logical interconnect, and there is a single path from any
downlink port on any interconnect in the logical interconnect to
any other port (uplink or downlink) in the logical interconnect.
Disconnected
At least one interconnect is not connected to the other member
interconnects in the logical interconnect.
Not applicable
Interconnects do not support stacking or there is a single
interconnect in the logical interconnect.
16.2.4.5 Creating or deleting a logical interconnect
Creating a logical interconnect in an enclosure
During discovery, the interconnects and other enclosure hardware are brought into HPE OneView
in a Monitored state. To manage the interconnects and other hardware in HPE OneView, the
16.2 Managing logical interconnects and logical interconnect groups 177
enclosure must be configured by creating a logical enclosure. When you create the logical
enclosure, the following occurs:
•
The appliance detects the physical interconnects and their stacking links, if any.
•
The appliance automatically creates a single logical interconnect for each logical interconnect
group defined in the enclosure group.
NOTE: The number of logical interconnects that are created depends on how the enclosure
group was defined. See Edit a logical interconnect group in the online help.
•
The appliance automatically names the logical interconnects using the following naming
convention:
logical_enclosure_name-logical_interconnect_group_name
•
The data for the logical interconnects displays on the Logical Interconnects screen.
To add or change logical interconnects, see for more information.
Deleting a logical interconnect
To delete a logical interconnect, you must remove the logical interconnect group from the enclosure
group, and then perform an update from group on the logical enclosure. This deletes the logical
interconnect from the logical enclosure.
16.2.5 About logical interconnect groups
•
“About the logical interconnect group graphical interface” (page 179)
•
“About multiple logical interconnect groups in an enclosure group” (page 179)
•
“About interconnect bay sets” (page 180)
•
“About redundancy modes” (page 180)
•
“Valid configurations for enclosure groups with multiple logical interconnect groups” (page
181)
•
“About copying a logical interconnect group” (page 183)
•
“About copying and resizing a logical interconnect group” (page 183)
•
“About uplink sets in a logical interconnect group” (page 184)
•
“About defining Image Streamer uplink sets in logical interconnect groups” (page 184)
•
“About Link Layer Discovery Protocol (LLDP) tagging” (page 185)
One or more logical interconnect groups are associated with an enclosure group and are used
to define the logical interconnect configuration for every enclosure that is using that enclosure
group. Logical interconnect group configurations include the I/O bay occupancy, uplink sets,
available networks based on the uplink sets and internal networks, and downlinks.
There are different kinds of logical interconnect groups.
•
A multiple-enclosure logical interconnect group must match the interconnect link topology
within the set of linked enclosures. All bays must be properly populated in all enclosures in
the interconnect link topology. A multiple-enclosure logical interconnect group must include
an HPE VC SE 40Gb F8 Module and HPE Synergy Interconnect Link Module configuration.
•
Single-enclosure logical interconnect groups, such as a Serial Attached SCSI (SAS)
logical interconnect group, pertain only to the enclosure in which they are applied. A
single-enclosure logical interconnect group can be applied to individual bays in individual
enclosures in the interconnect link topology.
178 Managing interconnects, logical interconnects, and logical interconnect groups
All references to a logical interconnect group by an enclosure group or logical interconnect must
be removed before you can delete the logical interconnect group.
16.2.5.1 About the logical interconnect group graphical interface
Figure 13 Logical interconnect group screen topography
1
2
Edit icon: Click to edit the
associated object, such as
uplink set or internal
networks, for configuration
changes.
Delete icon: Click to
remove the associated
object, such as an uplink
set, from the configuration.
3
4
Add uplink set: Click to
add an additional uplink set
to the logical interconnect
group.
Uplink set connections:
Provides a graphical
representation of the uplink
set configuration with the
associated networks and
uplink ports. Hovering over
the uplink set or uplink ports
highlights the configuration
connections.
5
6
Uplink port: The assigned
uplink port and its status.
Hovering over the port
displays additional port
information.
Enclosure bay number:
Identifies the interconnect
bay of the enclosure.
16.2.5.2 About multiple logical interconnect groups in an enclosure group
Multiple logical interconnect groups can be associated with one enclosure group.
The advantage of configuring multiple logical interconnect groups to an enclosure group is to
create an air-gap separation between Ethernet networks and allow the isolation of network traffic.
You must configure multiple logical interconnect groups if you want to use more than one
interconnect bay set in an enclosure group. See “About interconnect bay sets” (page 180) for
more information.
16.2 Managing logical interconnects and logical interconnect groups 179
Logical interconnect group requirements
•
Interconnects in a logical interconnect group cannot span across interconnect bay sets.
Thus, a logical interconnect group can be specified for bays 1 and 4, or 2 and 5, or 3 and
6.
•
Only one HPE Virtual Connect SE 40Gb Module for HPE Synergy for each interconnect bay
set side.
•
You must choose a redundancy mode. Once the redundancy mode is set, it cannot be
changed.
For uplink sets:
•
Only QSFP ports 1–6 are eligible ports
•
QSFP 7 and 8 are reserved for logical interconnect stacking port connectivity
16.2.5.2.1 When to create a logical interconnect group
To utilize the benefits of multiple logical interconnect groups, create multiple groups after all the
HPE Synergy frames are discovered and placed in a monitored state. See “About multiple logical
interconnect groups in an enclosure group” (page 179) for more information.
•
Create logical interconnect groups with the interconnects that you want in each logical
interconnect.
•
Add the logical interconnect groups to an enclosure group
•
Create a logical enclosure using the enclosure group to bring the HPE Synergy frames under
management.
16.2.5.3 About interconnect bay sets
Interconnects have both a number and a side which are based on the placement of the
interconnect bays in the enclosure. The bays are paired for adjacency based on the mezzanine
card to which the pair connects. The following table summarizes the relationship between the
interconnect bays, interconnect bay set number and side, and mezzanine port.
Interconnect Interconnect
Interconnect Bay Set
Bay Set
Bay
Number
Side
1
1
A
2
2
A
3
3
A
4
1
B
5
2
B
6
3
B
Mezzanine ports
M1
M2
M3
Port
1
M4
M5
M6
Port
1
Port
1
M7
Port
1
M12
Port
1
Port
1
Port
2
Port
1
Port
2
Port
2
Port
2
M11
Port
1
Port
1
Port
2
Port
2
M10
Port
1
Port
2
Port
2
M9
Port
1
Port
1
Port
2
M8
Port
2
Port
2
Port
2
16.2.5.4 About redundancy modes
Redundancy is used to prevent loss of connectivity in the event of a failure. An interconnect is
duplicated so if it fails, a backup interconnect is available. HPE OneView uses the following
modes of redundancy.
180 Managing interconnects, logical interconnects, and logical interconnect groups
High Availability
Two interconnects on opposite sides of two enclosures that are
both available to all enclosures connected with interconnect link
modules. This configuration allows for the loss of any single
interconnect or enclosure without affecting connectivity of the
remaining enclosures.
Redundant
The same interconnect type on both sides of a single enclosure.
This configuration allows for the loss of the interconnect on one
side without affecting connectivity of the enclosure. The loss of
the interconnects on both sides causes the enclosure to lose
connectivity.
Non redundant side A
One interconnect in a single side A bay (1, 2, or 3) in an enclosure
that can be connected to other enclosures that have an
interconnect link module in the same bay. Loss of any
interconnect results in loss of connectivity.
Non redundant side B
One interconnect in a single side B bay (4, 5, or 6) in an enclosure
that can be connected to other enclosures that have an
interconnect link module in the same bay. Loss of any
interconnect results in loss of connectivity.
16.2.5.5 Valid configurations for enclosure groups with multiple logical interconnect groups
The interconnects must be in a valid configuration before you can select them when creating a
logical enclosure.
Valid single enclosure configurations
Redundancy setting
Side A Module
Side B Module
Redundant
HPE VC SE 40Gb F8 Module
HPE VC SE 40Gb F8 Module
Non redundant side A
HPE VC SE 40Gb F8 Module
Empty
Modules in side A and side B must occupy the same bay set.
Valid multiple enclosure configurations
This table shows valid enclosure configurations. For two-enclosure configurations, disregard
Enclosure 3–5 entries.
16.2 Managing logical interconnects and logical interconnect groups 181
NOTE: With 20Gb HPE Synergy Interconnect Link Modules, you can include up to 3 enclosures.
With 10Gb HPE Synergy Interconnect Link Modules, you can include up to 5 enclosures.
NOTE: To use HPE Synergy Image Streamer for operating system deployment in a highly
available environment, a pair of Synergy Image Streamer appliances is required for each HPE
VC SE 40Gb F8 Module and HPE Synergy Interconnect Link Module set of Synergy frames.
Redundancy setting
Enclosure
Bay
Module
High Availability
Enclosure 1
3
HPE VC SE 40Gb F8 Module
6
HPE Synergy Interconnect Link Module (10Gb or
20Gb)
3
HPE Synergy Interconnect Link Module (10Gb or
20Gb)
6
HPE VC SE 40Gb F8 Module
3
HPE Synergy Interconnect Link Module (10Gb or
20Gb)
6
HPE Synergy Interconnect Link Module (10Gb or
20Gb)
3
HPE Synergy Interconnect Link Module (10Gb only,
if 10Gb in enclosures 1-3)
6
HPE Synergy Interconnect Link Module (10Gb only,
if 10Gb in enclosures 1-3)
3
HPE Synergy Interconnect Link Module (10Gb only,
if 10Gb in enclosures 1-3)
6
HPE Synergy Interconnect Link Module (10Gb only,
if 10Gb in enclosures 1-3)
Enclosure 1
3
HPE VC SE 40Gb F8 Module
Enclosure 2
3
HPE Synergy Interconnect Link Module (10Gb or
20Gb)
Enclosure 3
3
HPE Synergy Interconnect Link Module (10Gb or
20Gb)
Enclosure 4
3
HPE Synergy Interconnect Link Module (10Gb only,
if 10Gb in enclosures 1-3)
Enclosure 5
3
HPE Synergy Interconnect Link Module (10Gb only,
if 10Gb in enclosures 1-3)
Enclosure 1
6
HPE VC SE 40Gb F8 Module
Enclosure 2
6
HPE Synergy Interconnect Link Module (10Gb or
20Gb)
Enclosure 3
6
HPE Synergy Interconnect Link Module (10Gb or
20Gb)
Enclosure 4
6
HPE Synergy Interconnect Link Module (10Gb only,
if 10Gb in enclosures 1-3)
Enclosure 5
6
HPE Synergy Interconnect Link Module (10Gb only,
if 10Gb in enclosures 1-3)
Enclosure 2
Enclosure 3
Enclosure 4
Enclosure 5
Non redundant side A
Non redundant side B
For more information, see the HPE Synergy Configuration and Compatibility Guide at
www.hpe.com/info/synergy-docs.
182 Managing interconnects, logical interconnects, and logical interconnect groups
16.2.5.6 About copying a logical interconnect group
To streamline the creation of logical interconnect groups, you can copy existing logical interconnect
groups.
When you copy a logical interconnect group, all the settings, uplink sets, and networks copy to
the new group. The new group is not associated automatically with enclosure groups or logical
interconnects. After copying a logical interconnect group, you can edit the logical interconnect
group or associate it to an enclosure group.
For example, you have an existing logical interconnect group and you want a new group with
the same settings, except a different internal network. Copy the existing logical interconnect
group, and then edit the new logical interconnect group to change the internal network.
NOTE: If you change the number of enclosures, you are copying and resizing the logical
interconnect group.
More information
“Copy a logical interconnect group” in the online help
16.2.5.7 About copying and resizing a logical interconnect group
Resizing a logical interconnect group is the same as copying a logical interconnect group in that
you create a new logical interconnect group. When you resize, you also grow or shrink the number
of HPE Synergy frames in the new logical interconnect group.
Copying and resizing a logical interconnect group creates a new logical configuration in HPE
OneView. To use the new logical interconnect group, you must associate it to an enclosure group.
The enclosure group can then be used to grow a logical enclosure.
NOTE:
You cannot resize the following logical interconnect groups:
•
A SAS logical interconnect group
•
An HPE VC SE 16Gb FC Module logical interconnect group
NOTE: If one or more HPE VC SE 16Gb FC Modules are already associated with the
original enclosure group, you can grow the logical enclosure. However, you cannot add any
new HPE VC SE 16Gb FC Modules when growing a logical enclosure.
Single-frame resizing
Growing from one frame to multiple HPE OneView changes the redundancy in the new logical
frames
interconnect group based on the redundancy of the original
logical interconnect group and the number of frames. For
example, a Non-redundant (A-side only) grows to
the same redundancy. A Redundant frame, however,
grows to Highly available.
When growing to two or three frames, HPE OneView
logically adds HPE Synergy 20Gb Interconnect Link
Modules. If you prefer to use HPE Synergy 10Gb
Interconnect Link Modules, you can edit the logical
interconnect group and change the interconnect link
modules after the resize.
When growing to four or five frames, HPE OneView
logically adds HPE Synergy 10Gb Interconnect Link
Modules.
16.2 Managing logical interconnects and logical interconnect groups 183
Multiframe resizing
Growing from two to three frames
HPE OneView logically adds the same HPE Synergy
Interconnect Link Modules as the original logical
interconnect group.
Growing to four or five frames
HPE OneView logically adds HPE Synergy 10Gb
Interconnect Link Modules. If 20Gb interconnect link
modules were used in frames one through three, HPE
OneView automatically changes the interconnect link
modules to 10Gb. Only 10Gb interconnect link modules
can be used in four- to five-frame configurations.
Shrinking to one frame
HPE OneView changes the redundancy in the new logical
interconnect group based on the redundancy of the original
logical interconnect group. For example, a
Non-redundant (A-side only) shrinks to the same
redundancy. A Highly available frame, however,
shrinks to Redundant. All HPE Synergy Interconnect Link
Modules are removed.
For Highly available or Non-redundant (B-side
only)frames, if an HPE Virtual Connect SE 40Gb Module
for HPE Synergy is associated with the second frame, HPE
OneView logically associates the 40Gb module to the first
frame.
More information
“Copy and resize a logical interconnect group” in the online help
“Valid configurations for enclosure groups with multiple logical interconnect groups” (page 181)
16.2.5.8 About uplink sets in a logical interconnect group
The uplink sets portion of the logical interconnect group defines the initial configuration for uplink
sets for each logical interconnect in the enclosure group. If you change the uplink sets for an
existing logical interconnect group, only enclosures that you add after the configuration change
are configured with the new uplink set configuration. Changing uplink sets in a logical interconnect
group makes the logical enclosure and logical interconnects associated with it inconsistent with
the logical interconnect group. Select Update from group to bring the logical enclosure and logical
interconnect back into compliance with the changes made to the logical interconnect group.
Uplink sets that support connections to Image Streamer in a multi-frame configuration must be
assigned the type Image Streamer to correctly configure the associated ports. An uplink set
in a single-frame Image Streamer configuration must be assigned the type Ethernet and one
uplink port.
16.2.5.9 About defining Image Streamer uplink sets in logical interconnect groups
When you to support connections to Image Streamer in a multi-frame configuration, you designate
four uplink ports. Both MGMT ports for link modules in the same HPE Synergy 12000 Frame
with an Image Streamer appliance must be connected to uplink ports on different interconnects.
In a configuration with two enclosures, cross-connect the four MGMT and four uplink ports for
high availability, as outlined in the following table.
Enclosure
MGMT port
Interconnect
Uplink port
A
1
A
1
A
2
B
1
184 Managing interconnects, logical interconnects, and logical interconnect groups
Enclosure
MGMT port
Interconnect
Uplink port
B
1
A
2
B
2
B
2
An uplink set in a single-frame Image Streamer configuration must be assigned the type Ethernet
and one uplink port.
When creating a logical interconnect group with an uplink set for Image Streamer, the
Redundancy mode is determined by the type of configuration:
•
A multi-frame Image Streamer configuration requires Redundant
•
A single-frame Image Streamer configuration requires Non-redundant (A-side only)
You cannot delete an Image Streamer uplink set from a logical interconnect group if the logical
interconnect group is associated with an enclosure group which has OS deployment configured.
More information
“About uplink sets” (page 174)
HPE Synergy 12000 Frame Setup and Installation Guide
HPE Synergy Image Streamer online help at www.hpe.com/info/synergy-docs
16.2.5.10 About Link Layer Discovery Protocol (LLDP) tagging
Link Layer Discovery Protocol (LLDP) information is sent by devices at a fixed interval in the form
of an Ethernet frame. Each frame contains one LLDP Data Unit (LLDPDU). Each LLDPDU is a
sequence of type-length-value (TLV) structures.
Untagged LLDP frames
By default, Virtual Connect interconnects use untagged LLDP frames to advertise their identity
and learn about their link partners. LLDP advertises the Virtual Connect interconnect’s
management IP addresses to uplink, downlink, and stacking link ports. LLDP frames also identify
stacking links in a logical interconnect.
Only the IPv4 address of the interconnect in the lowest number bay in the logical interconnect
is used in the LLDP management address TLV. Make sure that you have assigned IPv4 addresses
to the interconnects statically or with DHCP.
Tagged LLDP frames
LLDP can also be used to communicate with a virtual switch in the hypervisor through the use
of tagged LLDP frames on downlink ports. The tagged frame contains the VLAN ID that identifies
the subport of the configured FlexNIC. This information is used to build the network topology.
LLDP tagging can be enabled or disabled through the HPE OneView UI or REST API.
More information
“Interconnect settings” in the online help
“Enable or disable LLDP tagging” in the online help or REST API Scripting help
“About logical interconnect groups” (page 178)
“About logical interconnects” (page 174)
16.2.6 About firmware associated with a logical interconnect
All components in a logical enclosure must either run the same firmware version or run firmware
versions that are compatible to each other. You can select a single Service Pack for ProLiant
(SPP) and apply it to all components in an enclosure, therefore minimizing the chance of downtime
due to firmware incompatibility. You can also apply an SPP to a logical interconnect, which results
16.2 Managing logical interconnects and logical interconnect groups 185
in all associated interconnects having the same firmware baseline. This operation, by default,
updates firmware only on those member interconnects that are running a different version of
firmware and ignores the interconnects that are running the same firmware version.
The firmware version associated with the logical interconnect is automatically updated when an
enclosure is added and an SPP is selected for the firmware baseline. Network or traffic disruptions
do not occur as long as server profiles have not yet been defined or applied in the new enclosure.
However, if manage manually is selected during an enclosure add, the baseline for the
interconnects is Not set. If subsequent firmware updates apply to the enclosure only, the
baseline is still shown in HPE OneView as Not set. A baseline can be set for logical interconnect
firmware update either when adding the enclosure using the Enclosures screen, or when
updating the firmware from the Logical Enclosures screen and selecting Enclosure +
logical interconnect + server profiles. If a baseline for logical interconnect is never
set, the firmware for the enclosure must be managed manually.
16.2.6.1 About updating firmware for logical interconnects
Firmware activation options allow you to maintain network availability and reduce the probability
of outages due to human error. You also have the option of staging the firmware for later activation.
You can activate the staged firmware on an individual interconnect or on all interconnects.
You have the following options when updating firmware based on the logical interconnect:
Option
Description
Update firmware
(stage + activate)
Stages (uploads) the selected firmware to the secondary flash memory on the interconnect,
and then activates the firmware as the baseline. At the end of this operation, all member
interconnects are running the same firmware baseline and are compliant with one another.
This option and parallel activation affects the connectivity to and from the servers until the
activation is complete, but does update the firmware in the shortest time.
Stage firmware for
later activation
Stages (uploads) the selected firmware to the secondary flash memory on the interconnect,
but does not activate the firmware. You can activate the firmware at a later time.
This option allows manual sequencing of the firmware activation and is the preferred
approach to minimize service interruption.
Activate firmware
Activates the selected staged firmware.
When updating firmware based on the logical interconnect, if one or more interconnects are
already running the targeted firmware version, HPE OneView excludes those interconnects from
the firmware update.
16.2.7 About loop protection
The loop protection feature enables detection of loops on physical downlink ports.
HPE OneView network loop protection uses two methods to detect loops:
1.
2.
The interconnect monitors the downlinks for special packets transmitted from upstream
devices.
The interconnect reviews and intercepts common loop detection frames used in other
switches, such as Cisco and ProCurve to prevent loop protection on the upstream switch,
where externally generated frames are used to detect a loop condition.
When network loop protection is enabled on the Logical Interconnects screen, and a loop
detection frame is received on a downlink port, the server is disabled immediately. The interconnect
automatically re-enables the downlink port when the loop detection frames are no longer being
received on that port.
186 Managing interconnects, logical interconnects, and logical interconnect groups
16.2.8 About SNMP settings
Network management systems use SNMP (Simple Network Management Protocol) to monitor
network-attached devices for conditions that require administrative attention. By configuring
settings on the Logical Interconnect Groups and Logical Interconnects screens, you can
enable third-party SNMP managers to monitor (read-only) network status information of the
interconnects.
An SNMP manager typically manages a large number of devices, and each device can have a
large number of objects. It is impractical for the manager to poll information from every object on
every device. Instead, each SNMP agent on a managed device notifies the manager without
solicitation by sending a message known as an event trap.
HPE OneView enables you to control the ability of SNMP managers to read values from an
interconnect. You can designate the SNMP manager to which traps will be forwarded. By default,
SNMP is enabled with no trap destinations set.
When you create a logical interconnect, it inherits the SNMP settings from its logical interconnect
group. To customize the SNMP settings at the logical interconnect level, use the Logical
Interconnects screen or REST APIs.
16.2.9 About Quality of Service for network traffic
Quality of Service (QoS) is a set of service requirements that the network must meet in order to
ensure an adequate service level for data transmission. The goal of QoS is a guaranteed delivery
system for network traffic.
The QoS feature enables administrators to configure traffic queues for different priority network
traffic, categorize and prioritize ingress traffic, and adjust priority settings on egress traffic.
Administrators can use these settings to ensure that important traffic receives the highest priority
handling while less important traffic is handled at a lower priority. Network traffic is categorized,
and then classified. After being classified, traffic is given priorities and scheduled for transmission.
For end-to-end QoS, all hops along the way must be configured with similar QoS policies of
classification and traffic management. Traffic prioritization happens because of two things in an
end-to-end QoS policy.
•
At the interconnect, the packets are egressed based on the associated queue bandwidth.
The more the bandwidth, the higher the priority for the associated traffic at the queue.
•
Egress dot1p remarking helps achieve priority at the next hops in the network. If the queue
egress traffic is remarked to a dot1p value, and that dot1p value is mapped to a queue in
the next hops with higher bandwidth, then these packets in the end-to-end network are
treated with higher priority.
QoS configuration is defined in the logical interconnect group and applied to the logical
interconnect. QoS statistics are collected by the interconnects.
On HPE Synergy 12000 Frames, the QoS configuration option is available only for the HPE VC
SE 40Gb F8 Module logical interconnect group type.
Consistency state of a logical interconnect with QoS configurations
The UI displays only the currently active QoS configuration that is applied on the interconnects.
In addition, two inactive QoS configurations are stored for Custom (with FCoE) and Custom
(without FCoE) configuration types. These are the last known QoS configurations for the
corresponding configuration types, applied previously on the associated logical interconnect and
logical interconnect group.
While checking for consistency of a logical interconnect to its associated logical interconnect
group, the compliance of inactive QoS configurations is also checked (inactive QoS configurations
are not visible in the UI). Even if active QoS configurations are exactly the same between a logical
interconnect and associated logical interconnect group, because of inconsistencies in inactive
16.2 Managing logical interconnects and logical interconnect groups 187
QoS configurations stored internally, a logical interconnect’s consistency status can be shown
as Inconsistent. Perform an Update from group to bring the logical interconnect group and
logical interconnect into a consistent state.
16.2.10 Add an uplink set
Each uplink set must have a unique name within the logical interconnect or logical interconnect
group and contain at least one network. For more information about uplink sets, see “About
logical interconnects” (page 174).
Prerequisites
•
Required privileges: Infrastructure administrator or Network administrator
Adding an uplink set
1.
From the main menu, select Logical Interconnects, and then select the logical interconnect
to edit.
2. Select Actions→Edit.
3. Click the Add uplink set button.
4. Enter the data requested on the screen. See Add or edit uplink sets in Logical Interconnects
screen details in the online help for more information.
5. Click Add networks and select the networks to assign to the uplink set.
6. Click Add, or click Add + to add another network.
7. Click Add uplink ports and select the uplink ports.
8. Click Add, or click Add + to add another port.
9. Confirm the information you are entering is correct and click Create.
10. Click OK.
11. Verify that the uplink set was created in the details pane.
16.2.11 Update firmware for logical interconnects within enclosures
To update logical interconnect firmware, choose one of the following options:
•
Update firmware (stage + activate)
•
Stage firmware for later activation
•
Activate firmware
NOTE: When a logical interconnect firmware update is in progress, do not initiate a firmware
update from the logical enclosure of that logical interconnect.
16.2.11.1 Stage and activate firmware for update from logical interconnect
To upload the firmware and stage for activation, perform the following steps. To activate firmware
that is already staged, see “Activate the logical interconnect firmware” in the online help.
Prerequisites
•
Required privileges: Network administrator, Server administrator (for HPE Synergy 12Gb
SAS Connection Modules), or Infrastructure administrator
•
At least one enclosure with two interconnects added and at least one logical interconnect
•
At least one or more supported SPPs uploaded to the appliance
Staging and activating firmware for update from logical interconnect
1.
From the main menu, select Logical Interconnects.
188 Managing interconnects, logical interconnects, and logical interconnect groups
2.
3.
4.
5.
From the master pane, select the logical interconnect and then do one of the following:
•
Select Actions→Update firmware.
•
Select Update firmware from the Firmware panel.
From Update action, select Update firmware (stage + activate).
From Firmware baseline, select the firmware bundle to install.
Optional: Select Force installation to update firmware on all member interconnects and
driver enclosures regardless of whether or not a member already has the updated firmware.
To install a firmware version that is older than the version contained in the SPP, you must
select the Force installation option to downgrade the firmware. You might want to install
older firmware if the newer firmware is known to cause a problem in your environment.
6.
7.
8.
Select the firmware activation method and delay for the interconnects on which to activate
the firmware.
Click OK.
Verify the firmware version associated with the logical interconnect and its associated
interconnects in the Logical Interconnects page under the Firmware view.
NOTE: If the firmware is already at the selected firmware baseline, the firmware is not
updated and a message displays in the Activity screen saying no update required.
16.2.11.2 Stage firmware for later activation for update from logical interconnect
To upload the firmware and stage for activation later, perform the following steps. To activate
firmware that was already staged, see “Activate the logical interconnect firmware” in the online
help.
Prerequisites
•
Required privileges: Network administrator, Server administrator (for HPE Synergy 12Gb
SAS Connection Modules), or Infrastructure administrator
•
At least one enclosure with two interconnects added and at least one logical interconnect
•
At least one or more supported SPPs uploaded to the appliance
Staging firmware for later activation for update from logical interconnect
1.
2.
3.
4.
5.
From the main menu, select Logical Interconnects.
From the master pane, select the logical interconnect and then do one of the following:
•
Select Actions→Update firmware.
•
Select Update firmware from the Firmware pane.
From Update action, select Stage firmware for later activation.
From Firmware baseline, select the firmware bundle to install.
Optional: Select Force installation to update firmware on all member interconnects and
drive enclosures regardless of whether or not a member already has the updated firmware.
To install a firmware version that is older than the version contained in the SPP, you must
select the Force installation . You might want to install older firmware if the newer firmware
is known to cause a problem in your environment.
6.
7.
Click OK.
Verify the firmware version associated with the logical interconnect and its associated
interconnects in the Logical Interconnects page under the Firmware view.
NOTE: If the firmware is already at the selected firmware baseline, the firmware is not
updated and a message displays in the Activity screen saying no update required.
16.2 Managing logical interconnects and logical interconnect groups 189
16.2.11.3 Activate the firmware for update from logical interconnect
During staging for later activation, the firmware is written (uploaded) into the secondary flash
memory of the interconnect but is not activated. You need to activate the staged firmware for it
to become the new firmware baseline. A failure while staging the firmware on one or more
interconnects automatically ends the firmware update operation.
Both the current firmware baseline and the installed or staged firmware versions are displayed
for each interconnect on the Logical Interconnects screen.
Prerequisites
•
Required privileges: Network administrator, Server administrator (for HPE Synergy 12Gb
SAS Connection Modules), or Infrastructure administrator
•
At least one enclosure with two interconnects added and at least one logical interconnect
•
Previously staged firmware
Activating the firmware for update from logical interconnect
1.
2.
3.
From the main menu, select Logical Interconnects, and then select the logical interconnect
to manage its firmware.
Select Actions→Update firmware.
For Update action, select Activate firmware.
NOTE:
4.
5.
6.
7.
This will interrupt traffic through the module until the activation is complete.
Select the firmware activation method and delay for the interconnects on which to activate
firmware.
Click OK.
Check the Activity screen to determine if the firmware update action was completed.
To verify that the firmware version was installed after the firmware is activated, select the
Firmware view and compare the Installed and Baseline version number.
16.2.12 Update the logical interconnect configuration from the logical interconnect
group
Consistency checking is the validation of a logical interconnect to ensure that it matches the
configuration of its parent logical interconnect group. The appliance monitors both the logical
interconnect and logical interconnect group, comparing the two, and checks the following for
consistency:
Items
Consistency checking
Ethernet interconnect settings
Are there differences in the following logical interconnect settings from the
expected configuration defined by the logical interconnect group?
• Enabling IGMP snooping
• IGMP idle timeout intervals
• Loop protection
Uplink Sets
Are there differences in port assignments or network associations from the
configuration defined by the logical interconnect group? Did you add an uplink
set?
190 Managing interconnects, logical interconnects, and logical interconnect groups
Items
Consistency checking
Internal networks
Are there difference in the network assignments for server-to-server
communication from the configuration defined by the logical interconnect group?
Is an OS deployment network different from what is defined by the logical
interconnect group?
NOTE: An OS deployment network is one of the networks connected to
interconnect with an uplink set. There could be other networks on the logical
interconnect group, such as a management network.
Interconnect maps
Has the logical interconnect group been edited?
Quality of Service (QoS) settings Have the network service requirements been edited?
If both configurations match, the logical interconnect Consistency state field is set to
Consistent and is considered to be compliant.
Any inconsistency results in an alert for the logical interconnect and the Consistency state field
is set to Inconsistent with group.
Updating the logical interconnect configuration from the logical interconnect group
To bring a non-consistent (Inconsistent with group) logical interconnect configuration
back into consistency (Consistent) with the logical interconnect group, you must reapply the
settings from the logical interconnect group.
NOTE: You can also select Update from group in the logical enclosure because a
non-consistent logical interconnect results in a non-consistent logical enclosure.
1.
From the Logical Interconnects screen, select Actions→Update from group.
NOTE: The Update from group option is not available if the logical interconnect group
and logical interconnect are already compliant (Consistency state field is set to
Consistent).
Consistency alerts are cleared automatically and settings now match the logical interconnect
group.
NOTE: You cannot always make a logical interconnect compliant by editing or by manually
clearing the alert; typically you must select Actions→Update from group.
Clearing an alert will impact the health status of the logical interconnect resource (health is
equal to the state of the most severe alert that is not cleared). This is a valid use case if you
intend for the logical interconnect to not be consistent but want the dashboard to report a
healthy (green) status.
2.
3.
4.
Check the confirmation box, confirming you understand all of the implications.
Click Yes, update to confirm.
To verify that the activity is successful, check the activity for a green status in the “Notifications
area” (page 88) area.
If the activity is not successful, follow the instructions in the proposed resolution.
16.2.13 Create a logical interconnect group
Create a logical interconnect group based on the interconnects expected to be in a logical
enclosure.
If you want to use an existing logical interconnect group as a template, copy the logical
interconnect group rather than create a new one.
16.2 Managing logical interconnects and logical interconnect groups 191
Prerequisites
•
Required privileges: Network administrator, Server administrator (for HPE Synergy 12Gb
SAS Connection Modules), or Infrastructure administrator
Creating a logical interconnect group
1.
2.
3.
4.
5.
6.
From the main menu, select Logical Interconnect Groups, and then do one of the following:
•
Select Actions→Create.
•
Click + Create logical interconnect group.
Enter a name for the logical interconnect group.
Select the Interconnect type.
Enter any data requested on the screen, and then click Select interconnects. See the
Create Logical Interconnect Group screen details for more information.
Select from the list of available interconnects for an enclosure.
If you selected interconnect type HPE Synergy 12Gb SAS Connection Module, skip
to step 15.
7.
8.
9.
10.
11.
Click the Edit icon of the internal network area in the graphical view.
Click Add networks to select from available networks.
Click OK when you are finished adding the internal networks.
Click Add uplink set.
Enter the data requested on the screen for each uplink set you want to create. See “Add an
uplink set” (page 188) for more information.
12. Click Create to finish, or click Create + to create additional uplink sets.
13. Optional: Scroll down and, if necessary, make changes to the interconnect settings.
Any logical interconnects created from the interconnect group inherit these settings. For
more information, see Interconnect settings screen details in the online help.
14. Optional: Make any changes to the SNMP settings.
Any logical interconnects created from the interconnect group inherit these settings. For
more information, see SNMP screen details in the online help.
15. Optional: Make any changes to the Quality of Service (QoS) settings.
16. Click Create to finish, or click Create + to create additional logical interconnect groups.
17. To verify that the logical interconnect group was created, locate the group in the details
pane.
18. Optional: Select the logical interconnect group to edit, and then select Actions→Edit to
make changes to the utilization sampling settings, if necessary.
NOTE: If you selected interconnect type HPE Synergy 12Gb SAS Connection
Module, this option is not available.
These settings are used in data collection for the utilization graphs displayed on the
Interconnects screen. For more information, see Utilization Sampling screen details.
19. Click OK to apply any changes.
20. To verify the changes, locate them in the General view.
More information
“About logical interconnect groups” (page 178)
“About defining Image Streamer uplink sets in logical interconnect groups” (page 184)
192 Managing interconnects, logical interconnects, and logical interconnect groups
16.2.14 Learning more
•
“Logical interconnect groups” (page 50)
•
“Logical interconnects” (page 48)
•
“Uplink sets” (page 60)
•
“Troubleshooting logical interconnects” (page 376)
16.2 Managing logical interconnects and logical interconnect groups 193
194
17 Managing enclosures, enclosure groups, and logical
enclosures
Enclosures integrate the power, cooling, and I/O infrastructure needed to support modular server
hardware, interconnect, and storage components.
An enclosure group specifies a standard configuration for all of its member enclosures. Enclosure
groups enable administrators to provision multiple enclosures in a consistent, predictable manner
in seconds.
A logical enclosure represents a logical view of a set of physical enclosures with an enclosure
group serving as a template. If the intended configuration in the logical enclosure does not match
the actual configuration on the enclosure, the logical enclosure becomes inconsistent.
UI screens and REST API resources
UI screen
REST API resource
Enclosures
enclosures
Enclosure Groups
enclosure-groups
Logical enclosures
logical-enclsoures
17.1 Roles
•
Minimum required privileges: Infrastructure administrator or Server administrator
17.2 Managing enclosures
17.2.1 Tasks for enclosures
HPE OneView online help provides information about using the UI or the REST APIs to:
•
Add an HPE Synergy frame
•
Add a remote enclosure (frame)
•
Add server hardware and other components to managed enclosures.
•
Collect remote support data for enclosures
•
Edit an enclosure.
•
Power on the appliance
•
Reapply the enclosure configuration.
•
Refresh the enclosure to re-synchronize it with HPE OneView.
•
Remove a monitored (unmanaged) HPE Synergy from HPE OneView.
•
Remove a configured (managed) HPE Synergy frame from HPE OneView.
•
Remove a server and other components from an existing enclosure.
•
Reset an HPE Synergy Frame Link Module
•
Reset an HPE Synergy Frame Link Module to original factory settings.
•
Turn on or off a UID light in an HPE Synergy frame or its devices.
•
View activities (alerts and tasks).
17.1 Roles 195
17.2.2 About enclosures or Synergy frames
An enclosure or Synergy frame is a physical structure with device bays supporting compute,
networking, and storage building blocks. These building blocks share the enclosure's common
power, cooling, and management infrastructure.
For information about enclosures, see the following topics.
•
“About an HPE Synergy 12000 Frame” (page 196)
•
“About an HPE Synergy Frame Link Module” (page 196)
•
“About an HPE Synergy management appliance (composable appliance)” (page 198)
•
“About an HPE Synergy Composer” (page 200)
•
“About interconnect link topology ” (page 201)
•
“About frame link topology” (page 201)
•
“About adding remote enclosures (remote frame link topology)” (page 202)
17.2.2.1 About an HPE Synergy 12000 Frame
A single HPE Synergy frame is an enclosure that consists of:
•
One or two HPE Synergy Frame Link Modules.
•
One or two HPE Synergy Composers. The Composer hosts HPE OneView.
•
Other components such as servers, interconnects, power supplies, and fans.
•
Optionally, other HPE Synergy appliances such as Synergy Image Streamer. See HPE
Synergy Image Streamer documentation at www.hpe.com/info/synergy-docs for more
information.
One or more Synergy frames can be cabled together and managed by the active Composer
within those Synergy frames. See the HPE OneView Synergy Configuration and Compatibility
Guide for the number of frames that are supported. For hardware setup and cabling information,
see the HPE Synergy 12000 Frame Setup and Installation Guide at www.hpe.com/info/
synergy-docs.
More information
“About auto-discovering a Synergy frame” (page 200)
“About configuring a Synergy frame” (page 201)
“About interconnect link topology ” (page 201)
“About frame link topology” (page 201)
“About EFuse” (page 201)
17.2.2.1.1 About an HPE Synergy Frame Link Module
The frame link module is used by HPE OneView to discover and manage the Synergy frame.
The frame link module manages:
•
Power and cooling
•
Management network
•
Inventory and configuration checking
•
The system monitor port and USB port for setup, diagnostics, and consoles
196 Managing enclosures, enclosure groups, and logical enclosures
The frame link module is also an access point for hardware setup and the physical management
of the Synergy frames cabled together in the data center. Use the monitor port on the front panel
of the Synergy frame to connect to a display, keyboard, and mouse to:
•
Perform the initial configuration of HPE OneView and enable remote management using a
web browser
•
Perform tasks such as changing a password or restoring a backup
A single Synergy frame or enclosure has one or two frame link modules. For redundancy, or to
link multiple Synergy frames together, each frame must have two frame link modules. These link
modules automatically negotiate so that one frame link module takes on an Active state and
the other takes on a Standby state. Management of the Synergy frame is automatically maintained
during a failover. To manually change which frame link module is active, see“Set an HPE Synergy
Frame Link Module to active” in the REST API Scripting Help. In the event that both frame link
module fail, see “Communication from Synergy Frame Link Module failed” (page 367).
You can view screen details about the HPE Synergy Frame Link Modules from the Enclosures
screen, Link Modules view.
Synergy frame link modules are located in the rear panel of the frame. For more information
about the hardware, see also www.hpe.com/info/synergy-docs.
Synergy frame link module ports
MGMT — The port labeled MGMT on the frame link module is used to provide network connectivity
to the management LAN or to OS deployment software. For each frame containing a Composer,
connect the MGMT port on the frame link module that is in the same frame and bay as the
Composer to the management LAN. For example, if the Composer is in appliance bay 1, connect
the MGMT port of frame link module bay 1 to the management LAN. Connecting the MGMT port
on other frame link modules (that do not have a Composer) to the management LAN is optional
and can be done for redundancy.
For each frame containing Image Streamer, connect the MGMT port on the frame link module
to a Virtual Connect interconnect.
LINK — The port labeled LINK on the frame link module is used to provide connectivity to a
group of Synergy frames cabled together. Connect multiple Synergy frames together to manage
all the resources of the connected frames with one instance of HPE OneView. To connect the
frames, connect a cable from the LINK port in one frame link module to a LINK port in another
frame link module. The last frame in the group must have its frame link module cabled to the
frame link module of the first frame, forming a management ring. As you make the cable
connection, each new Synergy frame is automatically discovered.
For more information on cabling, see the HPE Synergy 12000 Frame Setup and Installation
Guide at www.hpe.com/info/synergy-docs
For a single Synergy frame, the two LINK ports must be cabled together.
17.2 Managing enclosures 197
Figure 14 HPE Synergy Frame Link Module ports
1
2
MGMT port — connector
used for network
connectivity to the
management LAN
Health LED light — light
indicates status of the frame
link module
Solid green — OK
Blinking amber — Warning
Blinking red — Critical
3
4
UID button — button turns
on the frame link module
UID light for location
purposes
USB port — connector used
to connect a keyboard or
mouse for Synergy console
use
5
6
LINK port — connector used
to link to other frame link
modules
Monitor port — connector
used to connect a monitor
17.2.2.1.2 About an HPE Synergy management appliance (composable appliance)
A Synergy frame has two appliance bays, which can host different types of appliances. The
Synergy Composer is a management appliance that hosts HPE OneView. Synergy Image
Streamer is the management appliance that hosts software used to deploy and customize
operating systems for use by Synergy servers.
You can view details about the management appliances on the Enclosures screen in the
Composable Infrastructure Appliances panel.
198 Managing enclosures, enclosure groups, and logical enclosures
Figure 15 An HPE Synergy management appliance
1
UID LED — button to toggle
on and off the UID light
Solid blue — Locator
Blinking blue — Appliance
firmware update or
management console
activity, do not power off or
remove
2
Health LED — light
indicates status of this
appliance
3
4
Active LED — Blinks green
indicates the appliance is
being reimaged.
Power LED — light
indicates power state of the
appliance
Off — No power
Blinking amber — Appliance
is powered off and iLO is
initializing
Solid green — Powered on
5
Reset button — recessed
button used to reset the
appliance using a paper clip
or similar item
Press and release — reboots
the appliance
Press and hold — reimages
the appliance
6
USB port— port used for
support dumps or to reimage
the appliance
Solid green — OK
Blinking amber — Warning
Blinking red — Failed
The appliances are located in the front panel of the frame. For more information, see also the
HPE Synergy 12000 Frame Setup and Installation Guide at www.hpe.com/info/synergy-docs
More information
“About an HPE Synergy Composer” (page 200)
“About HPE Synergy Image Streamer” (page 200)
“Power on the appliance” in the online help
“Shut down the appliance from the UI” in the online help
17.2 Managing enclosures 199
17.2.2.1.3 About an HPE Synergy Composer
The Composer is an appliance that runs HPE OneView and manages the group of Synergy
frames cabled together. You select the initial, active Composer during hardware setup by
connecting the Synergy monitor port to a frame link module in the same bay number as the
Composer you want to configure. A second Composer is automatically selected to create a
high-availability (HA) cluster for managing the Synergy frame in a standby role. If the active
Composer fails, the standby Composer automatically becomes the active Composer.
17.2.2.1.4 About HPE Synergy Image Streamer
Synergy Image Streamer is a composable infrastructure appliance that hosts software used to
deploy and customize operating systems for use by Synergy servers. HPE OneView automatically
discovers the presence of an Image Streamer appliance once it is inserted into the Synergy frame
and cabled into the network. Adding a deployment server configures the Image Streamer
appliances to support deployment.
Image Streamer hosts the operating system boot disk external to the Synergy servers. This
stateless server arrangement enables you to replace the physical servers without the need to
redeploy the operating system because the Image Streamer appliance acts as an OS volume
storage.
Hewlett Packard Enterprise recommends configuring Image Streamer in a highly available,
three-frame link topology. However, a single frame configuration can be used for certain purposes.
17.2.2.1.4.1 About using Synergy Image Streamer in a single-frame configuration
A single HPE Synergy frame can be configured for development and testing of Image Streamer
deployment plans and artifacts. The configuration, as a proof of concept, can demonstrate full
management and deployment functionality.
A single-frame configuration must use an external deployment network and a single uplink port.
IMPORTANT: A single-frame configuration is not highly available. If there is only one Image
Streamer appliance, HPE OneView will issue an alert because two appliances are expected.
To change a single-frame configuration into a highly-available configuration, the single-frame
configuration must be removed from HPE OneView (the logical enclosure is deleted) and
recreated. The physical frame must be reconfigured. The artifacts stored on the Image Streamer
appliance can be bundled and exported to the new highly-available configuration.
More information
“About HPE Synergy Image Streamer deployment server” (page 225)
HPE Synergy Configuration and Compatibility Guide at www.hpe.com/info/synergy-docs
HPE Synergy Image Streamer documentation at www.hpe.com/info/synergy-docs
17.2.2.1.5 About auto-discovering a Synergy frame
When a Synergy frame is cabled, powered on, and hardware setup is started, HPE OneView
automatically discovers the frame and its components and puts the frame in a Monitored state.
Using the Enclosures screen, you can view the Synergy frame, frame link modules, Composer
and other HPE Synergy appliances, servers, fans, interconnects, and power supplies. See
Enclosure screen details in the online help for more information.
A monitored enclosure or Synergy frame enables you to analyze power, thermal, and health
conditions. To fully utilize or manage the Synergy frame, the Synergy frame must be configured.
More information
“About configuring a Synergy frame” (page 201)
200 Managing enclosures, enclosure groups, and logical enclosures
17.2.2.1.6 About configuring a Synergy frame
After confirming that the Synergy frame was installed correctly, configure the Synergy frame so
that it can be managed by HPE OneView. A managed Synergy frame enables you to apply
configurations, deploy server profiles, monitor operation status, collect statistics, and alert users
to specific conditions. To configure the frame, see “Create a logical enclosure” in the online help.
17.2.2.1.7 About interconnect link topology
An interconnect link topology is a physically cabled connection of interconnects in a Master/Satellite
Fabric of a Synergy system. The topology connections are very specific, based on the hardware
(interconnects) installed.
In HPE OneView, an interconnect link topology consists of two or more Synergy frames where
an HPE Synergy Interconnect Link Module in one Synergy frame is connected to an HPE VC
SE 40Gb F8 Module in the other Synergy frame via interconnect link cables. This allows servers
in one Synergy frame to access the HPE VC SE 40Gb F8 Module in the other Synergy frame
for sending and receiving data to and from end-of-row switches. Currently, the allowed topologies
consist of up to five Synergy frames in a high availability, non-redundant A-side, or non-redundant
B-side configuration. A mix of Synergy 10/40Gb Pass-Thru Modules and any other interconnect
is not allowed in the same bay set. To learn more about supported configurations, see “About
multiple logical interconnect groups in an enclosure group” (page 179).To grow an interconnect
link topology without disrupting the existing environment, see “About growing a logical
enclosure” (page 209).
17.2.2.1.8 About frame link topology
A frame link topology is a series of Synergy frames that are physically connected by way of the
LINK ports of the frame link modules within each frame. See the HPE OneView Support Matrix
for HPE Synergy for the number of frames supported in a frame link topology.
You can configure primary and remote frame link topologies.
Primary frame link topology
The primary frame link topology contains at least one
Synergy Composer (two for high availability). The primary
frame link topology is connected to the management LAN
using the MGMT ports on the frame link modules.
Remote frame link topology
Remote frame link topologies do not include Synergy
Composers. Management LAN connectivity enables remote
frame link topologies to be managed by the Synergy
Composers in the primary frame link topology. You can
use the Add remote enclosures option to bring remote
frame link topologies under management. The remote
frame link topology must be in the same subnet as the
primary frame link topology.
More information
“About an HPE Synergy Frame Link Module” (page 196)
17.2.2.1.9 About EFuse
In the event that it becomes necessary to completely remove power from a device, EFuse allows
you to reset conditions without physically removing and re-inserting the device. Use the HPE
OneView REST API for EFuse to remove, then restore power to the device bay.
Use of EFuse addresses any firmware-related initialization issues with the device. In the rare
case that the issue is related to connectors in the device bay, physically removing the device
from the bay and re-inserting might be needed to restore the device to proper functioning.
17.2 Managing enclosures 201
NOTE: Performing an EFuse will disrupt the functioning of the device, any workload executing
on the device, and any management processor of the device. The device is removed from HPE
OneView appliance and then re-discovered by HPE OneView. This process may take several
minutes.
See the HPE OneView REST API Reference documentation of the PATCH operation on
/rest/enclosures for additional details about how to perform an EFuse operation.
17.2.2.1.10 About adding remote enclosures (remote frame link topology)
The Add remote enclosures option enables you to bring remote frame link topologies under
management of HPE OneView.
You can use the Add remote enclosures option to manage enclosures for which LINK cabling
is not directly connected to the primary frame link topology. This allows HPE OneView to manage
enclosures that are spread across racks and rows in the datacenter.
More information
See “Add remote enclosures (remote frame link topology)” in the online help.
17.2.3 Checklist: connecting a server to a data center network
The following configuration elements are required for a server to connect to a data center network.
The server must have a networking mezzanine card in a slot corresponding to the location of the
Virtual Connect interconnects in the enclosure.
Configuration requirement
Why you need it
A logical interconnect group must be
defined
A logical interconnect group defines the standard configurations to be
used for the interconnects in the enclosure. Determine if you want to
define single or multiple logical interconnect groups for the enclosure.
See “About multiple logical interconnect groups in an enclosure
group” (page 179).
At least one uplink set must be added to The uplink set determines which data center networks are permitted to
the logical interconnect group, with at least send traffic over which physical uplink ports. It defines the networks that
one network and one uplink port
are to be accessible from this logical interconnect and which uplink ports
can accept traffic from which networks.
An enclosure group must be defined and The enclosure group specifies a standard configuration for all of its
associated with one or more logical
member enclosures and identifies its member logical interconnect groups.
interconnect groups
The enclosure group defines the logical interconnect configurations in
the physical enclosure through the logical interconnect groups.
Enclosure must belong to a logical
enclosure
The logical enclosure identifies the enclosure group for the enclosure
and the associated logical interconnect groups and logical interconnects.
Server profile must be assigned to server The server hardware provides the physical connections to at least one
hardware
interconnect that is part of the logical interconnect.
Server profile must have at least one
You do not have to know the hardware configuration, but you do have to
connection, which must specify a network choose an available network or network set to specify which networks
or network set
the server is to use.
17.2.4 Add a Synergy frame (enclosure)
A Synergy frame is automatically added during hardware setup. If the Synergy frame is connected
to a group of linked Synergy frames, each Synergy frame in the group is discovered as part of
hardware setup.
Additional Synergy frames added after initial hardware setup are discovered automatically when
a cable is connected from the LINK port on the frame link module of an already discovered frame
202 Managing enclosures, enclosure groups, and logical enclosures
to the LINK port on the frame link module of another frame with factory settings. See “About an
HPE Synergy Frame Link Module” (page 196).
17.2.5 Reset an HPE Synergy Frame Link Module to original factory settings
A factory reset of the frame link module clears all configuration settings and other data to restore
it to factory settings. Perform this procedure when instructed by HPE OneView resolution
messages, or when resetting an appliance to its original factory settings or when moving the
frame to a different group of managed enclosures.
CAUTION: Do not perform this procedure when server hardware and interconnects are in use.
Resetting a frame link module disrupts workloads and results in a significant disruption until HPE
OneView reclaims and reconfigures the frame.
When resetting or reimaging an HPE Synergy Composer to factory settings, you must also reset
all the frame link modules managed by that HPE Synergy Composer to their factory settings.
However, if you intend to restore the HPE Synergy Composer settings from a backup after it is
reset or reimaged, and that backup contains the management configuration for the frame
components, you do not need to reset all the frame link modules.
Resetting a Synergy frame link module to original factory settings
1.
Locate the pinhole reset button on the Front Panel.
2.
Use an applicator or a paper clip to depress the pinhole reset button for more than ten
seconds.
NOTE: Momentarily depressing this button causes the HPE Synergy Frame Link Module
to reboot and reset, but does not perform a factory reset.
The UID LED turns on when the button is pressed and will start blinking after 10 seconds
3.
Release the button.
The reset operation starts.
4.
Wait for the factory reset to complete successfully.
Use the HPE Synergy console to determine that the factory reset completed successfully.
Select the
on the HPE Synergy console. For information on the Synergy Console, see
the HPE Synergy 12000 Frame Setup and Installation Guide.
HPE OneView manages the frame after the factory reset operation.
17.2 Managing enclosures 203
5.
Perform the appropriate step:
•
If the factory reset of the frame link module was performed without resetting the
HPE Synergy Composer, the enclosure will be brought back under management by
HPE OneView when its presence is detected.
If you performed a factory reset on a single enclosure when multiple enclosures are
under management, the enclosure will automatically be brought back under management.
Perform these actions if you have a single enclosure under management:
a. Navigate to the Enclosures page.
b. Select Action→Refresh
•
If you performed this factory reset in conjunction with a factory reset of the HPE
Synergy Composer, then either restore it from the backup file or rerun Hardware Setup
to bring the frame back under management.
To restore the appliance, you need to access HPE OneView using the IPv6 link local
address, which is available from the Maintenance console. If you cannot use an IPv6
link local address, then you must set up the hardware to enable networking.
After the restore operation is complete, you need to perform another factory reset of
the HPE Synergy frame link module.
More information
“Reset the Synergy Composer to the original factory settings” (page 265)
“Restore a Synergy Composer from a backup file” (page 256)
“About the Maintenance console” (page 441)
“Quick Start: Initial setup” (page 111)
17.3 Managing enclosure groups
17.3.1 Tasks for enclosure groups
The HPE OneView online help provides information about using the UI or the REST APIs to:
•
Create an enclosure group
•
Edit an enclosure group
•
Delete an enclosure group
17.3.2 About enclosure groups
An enclosure group is a template that defines a consistent configuration for a logical enclosure.
The network connectivity for an enclosure group is defined by the logical interconnect groups
associated with the enclosure group. An enclosure group can contain up to five enclosures.
17.3.2.1 Enclosure groups and logical interconnect groups
•
A logical interconnect group that is assigned to a bay within an enclosure group must have
that bay populated within the logical interconnect group.
•
All populated bays in a logical interconnect group must be assigned to the enclosure group.
For example, a logical interconnect group that has bays 1 and 2 populated must be assigned
to bays 1 and 2 of the enclosure group in order for the enclosure group to be created.
•
An enclosure group can contain logical interconnect groups that are highly available,
redundant, A-side only, or A-side and B-side. See “About interconnect bay sets” (page 180).
204 Managing enclosures, enclosure groups, and logical enclosures
•
Multiple-enclosure logical interconnect groups must have the proper bays populated in all
enclosures in the interconnect link topology. See About multiple logical interconnect groups
in an enclosure group.
•
Single-enclosure logical interconnect groups, such as a Serial Attached SCSI (SAS) logical
interconnect group, can be applied to individual bays in individual enclosures in the
interconnect link topology.
17.3.2.2 About configuring an HPE Synergy Image Streamer OS deployment network
To enable operating system deployment to servers from HPE Synergy Image Streamer, you
must specify the deployment network type and deployment network in an enclosure group.
Through this OS deployment network, iSCSI traffic flows between servers and volumes deployed
by Synergy Image Streamer.
For paired Synergy Image Streamer appliances, the RAID data traffic between appliances flows
through the same deployment network. The appliances and servers are on the same subnet
defined in the deployment network.
The OS deployment network must be a tagged Ethernet network. When creating a logical
enclosure, the OS deployment network must be associated with a subnet with sufficient IP
addresses available.
OS deployment network types
Internal
The Synergy Image Streamer appliance is directly connected to a Virtual Connect
interconnect. The network carries redundant storage data traffic between appliances
to support High Availability (HA). See Figure 16: “Internal Image Streamer OS
deployment network configuration”.
An internal OS deployment network must be assigned to the Image Streamer uplink
set in one of the logical interconnect groups associated with this enclosure group.
An internal OS deployment network is recommended.
External
An external network indicates a single-frame configuration. See Figure 17: “External
Image Streamer single-frame configuration (proof of concept)”
An external OS deployment network must be assigned to an Ethernet uplink set
in one of the logical interconnect groups associated with this enclosure group.
None
OS deployment is disabled.
17.3 Managing enclosure groups 205
Figure 16 Internal Image Streamer OS deployment network configuration
Frame
Link
Module
LINK
MGMT
Frame
Link
Module
LINK
MGMT
Composer
(HPE OneView)
Frame
Link
Module
LINK
MGMT
Image
Streamer
Frame
Link
Module
LINK
MGMT
Composer
(HPE OneView)
Datacenter
Management
Network
Interconnect
Internal
Image
Streamer
Frame
Link
Module
LINK
MGMT
Frame
Link
Module
LINK
MGMT
Interconnect
Figure 17 External Image Streamer single-frame configuration (proof of concept)
Composer
(HPE OneView)
Frame
Link
Module
LINK
MGMT
Image
Streamer
Frame
Link
Module
LINK
MGMT
Interconnect
Datacenter
Management
Network
External
More information
“About HPE Synergy Image Streamer” (page 200)
“About OS Deployment Servers” (page 225)
“Add an IPv4 subnet and address range” (page 269)
“About using Synergy Image Streamer in a single-frame configuration” (page 200)
17.3.2.2.1 OS deployment setting changes and impacts
OS deployment settings in the enclosure group can be changed. However, once the logical
enclosure is created from this enclosure group, you cannot change the OS deployment settings
in the logical enclosure. Any OS deployment setting changes in the enclosure group would cause
the logical enclosure to become inconsistent and you would not be able to update the logical
enclosure from the enclosure group. If OS deployment setting changes are required in the logical
206 Managing enclosures, enclosure groups, and logical enclosures
enclosure, delete the logical enclosure and recreate the logical enclosure using the updated
enclosure group.
17.3.3 Create an enclosure group
An enclosure group is a logical resource that defines a consistent configuration for a set of
enclosures making up a logical enclosure. The network connectivity for an enclosure group is
defined by the logical interconnect groups associated with the enclosure group.
17.3.3.1 Prerequisites
•
Required privileges: Infrastructure administrator or Server administrator
•
At least one created logical interconnect group
•
For OS deployment using Synergy Image Streamer, the OS deployment network must be
defined and assigned to the appropriate .
17.3.3.2 Creating an enclosure group
1.
2.
3.
4.
From the main menu, select Enclosure Groups, then:
•
Select Actions→Create.
•
Click Create enclosure group
Specify a unique name for a new enclosure group.
Choose how IPv4 addresses are managed.
Enter the data requested on the screen. See the Enclosure Groups screen details in the
online help if you need assistance with your entries.
NOTE: For OS deployment using Synergy Image Streamer, select the logical interconnect
group that is associated with the OS deployment network.
5.
6.
Click Create to create the enclosure group, or click Create + to create multiple enclosure
groups.
Verify that the enclosure group has been added by confirming it is listed in the master pane.
More information
“About enclosure groups” (page 204)
“About configuring an HPE Synergy Image Streamer OS deployment network” (page 205)
17.4 Managing logical enclosures
17.4.1 Tasks for logical enclosures
The appliance online help provides information about using the UI or the REST APIs to:
•
Create a logical enclosure
•
Edit a logical enclosure
•
Delete a logical enclosure
•
Grow a logical enclosure
•
Update firmware from a logical enclosure
•
Update the logical enclosure from the enclosure group
•
Reapply the configuration of the logical enclosure
•
Create a logical enclosure support dump
17.4 Managing logical enclosures 207
17.4.2 About logical enclosures
A logical enclosure contains the configuration intended for a set of physical enclosures. Its initial
values are taken from an enclosure group and applied to the physical enclosures. If the intended
configuration in the logical enclosure does not match the actual configuration on the enclosures,
the logical enclosure becomes inconsistent. Use the Logical Enclosures screen to manage
firmware, create a support dump, and to apply updates made from the Enclosure Groups screen
to the enclosures in the logical enclosure.
After Synergy frames are discovered automatically during hardware setup, you must manually
create a logical enclosure. The logical enclosure must contain the number of Synergy frames
that are connected together with interconnect link cables. For example, if you have three Synergy
frames cabled together, create a logical enclosure that contains all three Synergy frames.
17.4.2.1 About inconsistent logical enclosures
A logical enclosure can become inconsistent in the following cases:
•
The enclosure group referenced by the logical enclosure has changed to a new enclosure
group as part of a grow logical enclosure.
•
The enclosure group referenced by the logical enclosure has been modified. For example,
a logical interconnect group has been added, modified, or removed from the enclosure group.
•
The logical interconnects are inconsistent with the logical interconnect groups
•
Any other logical enclosure configuration is inconsistent with the enclosure group
•
There are extra or missing logical interconnects when compared to the enclosure group's
inventory of logical interconnect groups.
More information
“Update the logical enclosure configuration from the enclosure group” in the online help
17.4.2.2 About deleting or forcibly deleting a logical enclosure
About deleting a logical enclosure
Delete a logical enclosure if you intend to remove the physical frames that make up the logical
enclosure from the data center, or you no longer want to manage the frames. When you delete
a logical enclosure, the state of the Synergy frames in the logical enclosure are changed to
Monitored, including all physical resources such as interconnects. All configuration is removed.
Before deleting a logical enclosure, consider editing a logical enclosure or growing the logical
enclosure.
About forcibly deleting a logical enclosure
You should only forcibly delete a logical enclosure if you are attempting to delete the logical
enclosure and your attempts to establish communication with a Synergy frame within the logical
enclosure have failed.
By forcibly deleting the logical enclosure in HPE OneView:
•
All logical interconnects on the logical enclosure are deleted.
•
The Synergy frames that can still communicate with HPE OneView are put in a Monitored
state where they can be configured in another logical enclosure.
•
All data about physical resources are deleted for any Synergy frame where HPE OneView
cannot communicate with the link module.
•
The affected frame must be factory reset before the frame can be managed again.
208 Managing enclosures, enclosure groups, and logical enclosures
More information
See “Delete a logical enclosure” in the online help
17.4.2.3 About updating firmware from a logical enclosure
You can update firmware from a logical enclosure for shared infrastructure, shared infrastructure
and profiles, HPE Synergy Frame Link Module only and unmanaged interconnect modules, if
there are any.
From the Logical Enclosures screen, you can initiate firmware updates. Firmware is updated
in the following order:
1. HPE Synergy Frame Link Module
2. Logical interconnects and SAS interconnects
3. Unmanaged interconnects
4. Server hardware and their associated server profiles
NOTE: The HPE Synergy Frame Link Modules in a group of connected frames are updated
one at a time to avoid disrupting the group.
More information
“Update the firmware in a logical enclosure” in the online help
17.4.3 About growing a logical enclosure
In HPE OneView, you can grow your HPE Synergy interconnect link topology configuration from
a single frame to a maximum of five HPE Synergy frames using HPE Synergy Interconnect Link
Modules. In HPE OneView, the Synergy frames are added to the logical enclosure by associating
a new enclosure group with the logical enclosure and performing an update from group. HPE
OneView completes the change without disassociating frames from existing logical enclosures
or causing an outage to the existing environment.
Single-frame growth
A single-frame growth occurs when a redundant, single-frame configuration expands to a
two-frame high availability configuration. This physical growth occurs after a technician moves
an HPE VC SE 40Gb F8 Module from the B-side of an existing Synergy frame to the B-side of
the second Synergy frame. Then adds an HPE Synergy Interconnect Link Module to the B-side
of the existing Synergy frame and to the A-side of the second Synergy frame. The logical growth
occurs in HPE OneView when you grow the logical enclosure.
When growing from one to two frames, the maximum speed of all downlinks will be based on
the speed of the Interconnect Link Module being used. For example, if the HPE Synergy 10Gb
Interconnect Link Module is used to grow to two frames, then the maximum speed of all downlinks
in that logical interconnect is 10Gb.
Multiframe growth
A multiframe growth occurs when a configuration with two or more frames expands up to five
frames, depending on the type of the HPE Synergy Interconnect Link Module. The physical
growth occurs when a technician adds Synergy frames with HPE Synergy Interconnect Link
Modules. The logical growth occurs in HPE OneView when you grow the logical enclosure.
Frames configured to support HPE Synergy Image Streamer can grow from three to a four- or
five-frame configuration.
Supported and unsupported growth configurations
See “Valid configurations for enclosure groups with multiple logical interconnect groups” (page
181) for a list of supported configurations.
17.4 Managing logical enclosures 209
The following configurations are not supported when growing a logical enclosure:
•
An OS deployment configuration
•
A SAS logical interconnect configuration
•
An HPE VC SE 16Gb FC Module logical interconnect configuration
If one or more HPE VC SE 16Gb FC Modules are already associated with the original
enclosure group, you can grow the logical enclosure. However, you cannot add any new
HPE VC SE 16Gb FC Modules when growing a logical enclosure.
More information
“About an HPE Synergy 12000 Frame” (page 196)
17.4.4 About orchestrated and parallel activation
Orchestrated activation allows non-disruptive updates where no outages will be caused during
the update, as at any point in time there will be at least one connection link that is active. The
firmware update first happens on the standby (or secondary) interconnect. After the update the
standby interconnect becomes the active (or primary) interconnect and the interconnect that was
formerly the active becomes the standby device. The firmware is then updated on the new standby
interconnect.
Parallel activation activates all interconnect modules at the same time. This means network and
storage connectivity for all compute modules connecting through the interconnect modules are
disrupted. Perform parallel activation during a maintenance window when you can better coordinate
the downtime.
17.4.5 Create a logical enclosure
After Synergy frames are discovered automatically, you must manually create a logical enclosure.
The interconnect link topology of the interconnects in the enclosures determines whether a logical
enclosure can be created from them. To learn more about supported configurations, see “About
logical interconnect groups” (page 178).
Prerequisites
•
Required privileges: Infrastructure administrator or Server administrator
•
At least one created logical interconnect group
•
At least one created enclosure group
•
For Image Streamer:
◦
For multiframe configurations, one pair of Image Streamer appliances is installed and
cabled correctly. See the HPE Synergy Configuration and Compatibility Guide at
www.hpe.com/info/synergy-docs. One logical enclosure corresponds to one pair of
Image Streamer appliances.
For a single-frame Image Streamer configuration, one Image Streamer appliance is
installed and cabled correctly. See the HPE Synergy Configuration and Compatibility
Guide at www.hpe.com/info/synergy-docs.
◦
A deployment network is created and associated to a subnet with an appropriate address
range.
◦
An OS Deployment server is created.
Creating a logical enclosure
1.
From the main menu, select Logical Enclosures, and then select Actions→Create.
210 Managing enclosures, enclosure groups, and logical enclosures
2.
3.
4.
Enter the data requested on the screen. See Create Logical Enclosure in the Logical
Enclosure screen details section of the online help.
Click Create to complete the action or click Create + to create another logical enclosure.
Verify that the logical enclosure has been created in the master pane and that one or more
enclosures are now in a Configured state.
If the logical enclosure is configured for OS deployment using Image Streamer, the Create
Logical Enclosure task creates the Image Streamer deployment cluster and allocates the
storage addresses for the Image Streamer appliances using the IP addresses from the pool
associated with the deployment network.
See also
•
“About logical enclosures” (page 208)
•
“About configuring an HPE Synergy Image Streamer OS deployment network” (page 205)
•
Return to Quick Start: Initial configuration of resources in HPE OneView
•
Return to “Quick Start: Initial configuration of HPE Synergy Image Streamer” (page 119)
•
www.hpe.com/info/synergy-docs
17.4.6 Update firmware from a logical enclosure
You can update HPE Synergy Frame Link Modules, logical interconnects, serial attached SCSI
(SAS) interconnects, unmanaged interconnects (if any), and the servers with server profiles to
set the firmware to a specified baseline.
NOTE: When a logical enclosure firmware update is in progress, do not initiate a firmware
update from a logical interconnect that is part of that logical enclosure.
Prerequisites
•
Required privileges: Infrastructure administrator or Server administrator
•
One or more SPPs are added to the appliance firmware repository.
•
Power off any servers that do not have server profiles or that have been set to offline mode
or managed manually in the server profile.
Updating firmware from a logical enclosure
1.
2.
3.
4.
5.
From the main menu, select Logical Enclosures.
In the master pane, select the logical enclosure for which you want to update the firmware
bundle.
Select Actions→Update firmware.
Enter the data requested on the screen. See screen details in the online help.
Click OK.
As the update progresses, if any one component of the update fails, the logical enclosure
update will fail.
6.
Verify that the new firmware baseline is listed in the details pane of the Logical Enclosures
screen.
More information
“About updating firmware from a logical enclosure” (page 209)
17.4.7 Create a logical enclosure support dump file
A logical enclosure support dump file includes content from each member logical interconnect
in addition to the content of the appliance support dump. The entire bundle of files is compressed
17.4 Managing logical enclosures
211
and encrypted for downloading. The consolidated logical enclosure support dump is encrypted
as support dump information from the logical interconnects includes proprietary HPE intellectual
property.
NOTE: You can view the contents of an unencrypted appliance support dump by creating a
support dump file from the Settings: Appliance screen.
If instructed to create a support dump from more than one logical enclosure, navigate to each
logical enclosure screen individually and create a support dump. You must wait for each support
dump to complete before creating a subsequent support dump.
By default, the logical enclosure support dump includes the appliance support dump. If instructed
to create a logical enclosure support dump that does not contain the appliance support dump,
you must use the logical enclosure REST APIs. For more information, see the REST API scripting
online help for logical enclosures.
Prerequisites
•
A logical enclosure resource
•
Any user role can create a support dump
Creating a logical enclosure support dump
1.
2.
3.
From the main menu, select Logical Enclosures, and then select a logical enclosure.
Select Actions→Create logical enclosure support dump.
Click Yes, create to confirm.
You can continue doing other tasks while the support dump is created in the background.
4.
When this task completes, the support dump zip file is downloaded to your browser default
download folder, or you are prompted to indicate where to download the file.
The logical enclosure support dump file name has the format
host_name-LE-name-date-time.sdmp.
5.
6.
Verify the zip file is in the specified file location.
Contact your authorized support representative for instructions on delivering the support
dump file.
More information
“About the support dump file” (page 334)
“About logical enclosures” (page 208)
17.5 Learning more
•
“Understanding the resource model” (page 39)
•
“Managing licenses” (page 161)
212 Managing enclosures, enclosure groups, and logical enclosures
18 Managing firmware for managed devices
NOTE: This chapter describes how to manage the firmware for devices managed by the
appliance. For information about updating the firmware for the appliance, see “Updating the
appliance” (page 259).
A firmware bundle, also known as an HPE Service Pack for ProLiant (SPP), comprises a set of
deliverables, a full-support ISO file, and six subset ISOs divided by HPE ProLiant server family
and operating system. An SPP is a comprehensive collection of firmware and system software,
all tested together as a single solution stack that includes drivers, agents, utilities, and firmware
packages for HPE ProLiant servers, controllers, storage, server blades, and enclosures. Each
SPP deliverable contains the Smart Update Manager (SUM), and software and firmware smart
components.
UI screens and REST API resources
UI screen
REST API resource
Firmware Bundles
firmware-bundles
18.1 Tasks for firmware
The HPE OneView online help provides information about using the UI or the REST APIs to:
•
Add a firmware bundle to the appliance firmware repository
•
Create a custom SPP.
•
Downgrade firmware
•
Establish a firmware baseline for your managed devices
•
Remove a firmware bundle from the firmware bundle repository
•
Update firmware on managed devices
•
View the firmware repository for firmware bundles to see the following:
◦
List of firmware bundles in the repository
◦
Contents of a firmware bundle
◦
Available storage space for the repository
18.2 About firmware bundles
The appliance provides firmware management across the data center with no additional tools to
download and install. Using the firmware management features built in to the appliance, you can
define firmware baselines and perform firmware updates across many resources. When you add
a resource to the appliance, the appliance automatically updates the resource firmware to the
minimum version required to be managed by the appliance or version defined to be a baseline.
See also “About unsupported firmware” (page 215).
A firmware bundle, also known as an Service Pack for ProLiant (SPP), is a comprehensive
collection of firmware and system software components, all tested together as a single solution
stack that includes drivers, agents, utilities, and firmware packages. Firmware bundles enable
you to update firmware on HPE ProLiant servers, controllers, storage, servers, and enclosures.
You can forcibly downgrade appliance firmware to an older version, but be aware that doing so
can result in slower installation speeds and has the potential to render the device unusable.
18.1 Tasks for firmware 213
Firmware repository
An embedded firmware repository enables you to upload SPP firmware bundles and hotfixes to
the appliance and deploy them across your environment according to your best practices. You
can view the versions and contents of the SPPs in the repository from the Firmware Bundles
screen. Selecting a firmware bundle displays its release date, supported languages and operating
systems, and the bundle components. The screen also displays the amount of storage space
available for additional firmware bundles on the appliance. You cannot add a firmware bundle
that is larger than the amount of space available in the repository.
NOTE: To ensure that your hardware has the latest and most robust firmware bundle that
takes advantage of all available management features, download the latest firmware bundle to
your appliance and add it to the firmware repository.
HPE OneView supports 128 parallel server firmware updates for Windows and Linux, and 10
parallel server firmware updates for ESXi.
About applying SPPs as baselines
You can apply SPPs as baselines to enclosures, interconnects, and server profiles, establishing
a desired version for firmware and drivers across devices. When you download an SPP from
http://www.hpe.com/info/spp to your local system, upload it to the firmware bundle repository
on the appliance. Each SPP deliverable contains the Smart Update Manager and firmware smart
components. Managing firmware for the whole enclosure can be initiated from the Enclosures
screen. Logical interconnect firmware can be updated from the Logical Interconnects screen.
From the Server Profiles screen, you can set the firmware baseline for the assigned server
hardware. The appliance identifies firmware compatibilities issues, highlighting out-of-compliance
devices for updates with the selected firmware baseline.
You can remove any or all SPPs from the firmware bundle repository. However, Hewlett Packard
Enterprise recommends you have at least one SPP available at all times because an SPP is
required when adding resources to the appliance that are below the minimum firmware versions
for monitoring or managing. If you want to delete an SPP, Hewlett Packard Enterprise recommends
that you re-assign all resources to a different SPP before removing the SPP. You assign an SPP
by editing the server profile or enclosure and setting the Firmware baseline field.
If a SPP is specified, the HPE Synergy Frame Link Module and interconnects firmware will update
to match the version in the SPP. The baseline is also set on each of the logical interconnects in
the enclosure.
For HPE Synergy frames, select Not set if you do not want to select a firmware baseline.
About uploading and using hotfixes
Hewlett Packard Enterprise sometimes releases component hotfixes between main SPP releases.
Hewlett Packard Enterprise notifies you that a hotfix is available to upload and provides details
about the SPP to which the hotfix applies. Create a custom SPP in HPE OneView using the base
SPP and the hotfix. See “Upload a hotfix” in the REST API Scripting Help for more information.
The new custom SPP can be used to set the baseline on the various managed resources in HPE
OneView. If a hotfix pertains to a managed resource that is already on the baseline, then the
hotfix alone is applied.
NOTE: If the firmware update target system is Linux OS, the HPE ProLiant System ROM
version listed is the ROM Linux hotfix component. If not, the latest ROM version updated in the
SPP bundle is listed.
214 Managing firmware for managed devices
18.3 About unsupported firmware
When you add a resource to bring it under management, the resource firmware must be updated
to the minimum supported level. The appliance attempts to automatically update the firmware
while the resource is being added to the appliance. If the update fails, an alert is generated.
NOTE: You must upload a supported SPP to the appliance firmware repository before you
can update device firmware. See http://www.hpe.com/info/hpeoneview/updates to obtain
HPE OneView software updates and product-specific firmware bundles.
Unsupported firmware for firmware bundles
If you attempt to add a firmware bundle that contains firmware below the minimum versions
supported, an alert is generated and the firmware bundle is not added to the appliance firmware
repository.
Unsupported firmware for enclosures
When adding an enclosure, the appliance:
•
Generates an alert if the logical interconnect firmware for the interconnects is below the
required minimum level or if the interconnect firmware levels do not match. You must update
the logical interconnect firmware from the Logical Interconnects screen or REST APIs.
•
Updates the iLO firmware automatically, if below the required minimum (Must have a
supported SPP installed on the appliance)
Unsupported firmware for logical enclosures
When adding a logical enclosure, the appliance:
•
Generates an alert if the actual firmware versions for one or more components do not match
the required minimum. Even if you do not specify a baseline SPP, HPE Synergy Frame Link
Module and iLO firmware will be updated automatically, if below the required minimum (Must
have a supported SPP installed on the appliance). Select the firmware baseline from the
Logical Enclosures screen or REST APIs.
Unsupported firmware for server profiles
You are prevented from applying server profiles if the associated iLO firmware is below the
minimum supported version, and instead, are directed to the Server Hardware screen to update
iLO firmware.
Unsupported firmware for interconnects
If you attempt to add an interconnect with firmware that is below the minimum supported version,
an alert is generated. You must update the logical interconnect firmware from the Logical
Interconnects screen or REST APIs.
The Firmware panel of the Logical Interconnects screen displays the installed version of
firmware and the firmware baseline for each interconnect.
18.3 About unsupported firmware 215
18.4 Best practices for managing firmware
Best practice
Description
Upload the latest current SPP.
Download the latest SPP from www.hpe.com/downloads/synergy and then
upload the SPP to your appliance repository.
Apply your favorite filter to download an environment specific SPP.
NOTE: Each SPP deliverable contains the Smart Update Manager and firmware
smart components.
Set the same firmware baseline
for all devices in an enclosure.
Hewlett Packard Enterprise recommends that you set the firmware baseline using
the Update Firmware option on the Logical Enclosures screen. This action
updates all of the devices in the enclosure to the specified SPP level.
If you choose to create custom
Login to the web portal of SPP custom download at https://spp.hpe.com/custom/
SPPs, use SPP custom Download to create a custom SPP using environment specific filters. Apply server model
to create them.
filter or operating system filter to create a smaller sized SPP.
TIP:
Save the filter for convenience.
Update firmware in the proper
sequence.
Although Hewlett Packard Enterprise recommends that you set the firmware
baseline for all devices in an enclosure which will cause all firmware to be installed
in the proper order, you can update firmware on specific components. If you
choose to update component firmware independently, upgrade the firmware in
the following order: logical interconnect, and then the server profile. Hewlett
Packard Enterprise recommends that you install the drivers from the same SPP
that contains the firmware.
Update firmware and drivers using
Smart Update Tools (SUT) when
the server is powered on and
running an OS
Firmware and drivers can be updated via the server profile when using Smart
Update Tools. See the Smart Update Tools User Guide at
www.hpe.com/info/sut-docs for installation instructions.
Set SUT mode to AutoStage or AutoDeploy. Reboot in the maintenance window.
Verify the managed device setting Do not update the firmware using SUM or another external tool on a managed
before updating the firmware.
device unless the firmware baseline is set to Manage manually.
Store SPPs in a separate location HPE OneView does not back up the firmware repository, so store SPPs in a
from the appliance.
repository that is not on the appliance, such as in the SUM repository used to
create the custom SPP.
Remove older SPPs from the
firmware repository.
Have at least one SPP available at all times because an SPP is required when
adding resources to the appliance that are below the minimum firmware versions
for monitoring or managing. If you want to delete an older SPP, re-assign all
resources using that SPP to a different SPP before removing the SPP.
More information
“Managing firmware for managed devices” (page 213)
Best Practices for HPE Synergy Firmware and Driver Updates at www.hpe.com/info/
synergy-docs
18.5 Create a custom SPP
HPE sometimes releases component hotfixes between main SPP releases. Create a custom
SPP in HPE OneView using the base SPP and the hotfix. To apply the hotfix on the managed
resources, create a customized SPP with the hotfix.
Different mechanisms are available for applying a hotfix in OneView:
•
Use SPP custom download to create a new SPP with the hotfix (Hewlett Packard Enterprise
recommended approach).
•
Use SUM to create a new SPP with the hotfix.
•
Upload the hotfix and create a custom SPP using HPE OneView.
216 Managing firmware for managed devices
NOTE:
For any custom SPP you create, you must include iLO, and Virtual Connect firmware.
For VC and iLO hotfixes, please ensure to upload the .scexe version of the hotfix.
Prerequisites
•
Required privileges: Infrastructure administrator, Network administrator, or Server
administrator
•
Software that enables you to mount an ISO (image) file
Option 1: Use SPP custom download to create a custom SPP
Hewlett Packard Enterprise recommends using the SPP custom download feature to upload a
customized SPP into HPE OneView. For instructions and access, go to http://hpe.com/servers/
spp.
Option 2: Use SUM to create a custom ISO SPP
1.
2.
3.
4.
5.
6.
Download SUM from http://www.hpe.com/servers/hpsum.
Unzip the SUM file to a directory.
Download the SPP ISO file from http://www.hpe.com/info/spp to a local directory.
Mount the SPP ISO file on a file system you can access, following your software instructions.
Start SUM by double-clicking hpsum.bat in the \hpsum directory.
From the SUM main menu, select Baseline Library→+Add Baselines.
The hotfix is included in the custom baseline.
7.
8.
9.
For Location Details, browse to the hpe\swpackages directory of the mounted SPP.
Click Add. Let the add operation complete before proceeding.
Add any other components (updates) you have downloaded from HPE to the baseline library
that you want to include in the custom SPP.
10. Select the SPP and the components from the baseline library.
11. Select Actions→Create Custom.
12. Select any of the filters you want to use; however, the following filters are required:
•
Overview: Select Bootable ISO
•
OS Type: Select RHEL 5 and RHEL 6
13. Click Create ISO to create the new firmware bundle.
14. Add a firmware bundle to the appliance firmware repository. See the online help for more
information.
15. Verify that the upload completed by viewing the firmware bundle contents in the details pane
on the Firmware Bundles screen.
Option 3: Upload hotfix and create a custom SPP
Prerequisites
•
Required privileges: Infrastructure administrator, Network administrator, or Server
administrator
•
Minimum one valid hotfix should be available in the repository
1.
2.
3.
4.
5.
6.
From the main menu, select Firmware Bundles.
Select Actions→Create Custom firmware bundle.
Enter a custom spp name and select a base SPP.
Click Add Hotfix to add available hotfixes.
Click OK.
Verify that the upload completed by viewing the firmware bundle contents in the details pane
on the Firmware Bundles screen.
18.5 Create a custom SPP 217
You can also use REST APIs to upload a hotfix and create a custom SPP. See the REST API
scripting help for more information.
NOTE: Uploading a hotfix to create a custom SPP is to be specifically used for applying
hotfix(es) on a managed resource.
18.6 Update firmware on managed devices
Firmware bundles enable you to update firmware on managed servers and infrastructure
(enclosures and interconnects). You can choose to update all the resources within an enclosure,
just the HPE Synergy Frame Link Module firmware, the firmware within a logical interconnect,
or firmware for a specific server using a server profile. When you choose to update all resources
within an enclosure, all servers are updated even if they are not associated with a sever profile.
From the Logical Enclosures screen, you can initiate firmware updates for HPE Synergy Frame
Link Modules. See “Update firmware from a logical enclosure” (page 211) for more information.
You can also choose to update individual component firmware. As a best practice when updating
component firmware independently, update the firmware in this order:
1.
2.
HPE Synergy Frame Link Module
Server Profiles
18.6.1 Update firmware on the logical enclosure
Prerequisites
•
Required privileges: Infrastructure administrator or Server administrator (for enclosures)
•
One or more SPPs are added to the appliance firmware repository.
Updating the HPE Synergy Frame Link Module firmware on the logical enclosure
You can update logical enclosure firmware to set the HPE Synergy Frame Link Module firmware
to a specified baseline.
1.
2.
3.
4.
From the main menu, select Logical Enclosures.
In the master pane, select the logical enclosure on which you want to update the firmware
bundle.
Select Actions→Update firmware.
From Firmware baseline, select the firmware bundle to install.
If you select a firmware baseline, the HPE Synergy Frame Link Module firmware is updated
to the specified baseline during configuration. If the iLO firmware is below the minimum
version supported, it is updated to the version in the baseline.
If you select Not Set, the HPE Synergy Frame Link Module and iLO firmware are updated
only if they are below the minimum version supported, in which case, they are updated to
the version in the most recent SPP available in HPE OneView.
NOTE: To install an older firmware version than the version contained in the SPP, you
must select the Force installation option to downgrade the firmware. You might want to
install older firmware if the newer firmware is known to cause a problem in your environment.
CAUTION: Be aware that downgrading firmware can render a server unusable and might
result in slower installation speeds.
5.
6.
Click OK.
Verify that the new firmware baseline is listed in the details pane of the Logical Enclosures
screen.
218 Managing firmware for managed devices
18.6.2 Update firmware with a server profile
Prerequisites
•
Required privileges: Infrastructure administrator or Server administrator
Updating firmware with a server profile
To update the firmware for a specific server, edit the existing server profile or create a new server
profile and specify the version of the SPP.
NOTE:
1.
2.
The firmware baseline in the server profile will not be reapplied unless it has changed.
From the main menu, select Server Profiles, and then do one of the following:
•
Click Create profile in the master pane.
•
Select a server profile in the master pane, and then select Actions→Edit.
Select the firmware bundle for Firmware baseline.
To install an older firmware version contained in the SPP, you must select the Force
installation option to downgrade the firmware. You might want to install older firmware if
the newer firmware already installed on the server is known to cause a problem in your
environment, as noted in the Release Notes
CAUTION: Be aware that downgrading firmware can render an appliance unusable and
might result in slower installation speeds. For example, if the iLO Firmware is downgraded
to a previous version that does not use Rich Infrastructure Specification (RIS), the
communication between Smart Update Tools and HPE OneView will break.
3.
To complete the update, do one of the following:
•
If this is a new profile, click Create to create the server profile.
•
If you are editing an existing profile, click OK to update the server profile.
4.
Power on the server to activate the firmware.
a. From the main menu, select Server Hardware.
b. Select the server and then select Actions→Power on.
5.
Verify that the new firmware baseline is listed in the details pane on the Server Profiles
screen.
18.6.3 Update firmware with a server profile template
Prerequisites
•
Required privileges: Infrastructure administrator or Server administrator
Updating firmware with a server profile template
To update the firmware for a specific server, edit the existing server profile template or create a
new server profile template and specify the version of the SPP.
NOTE: The firmware baseline in the server profile template will not be reapplied unless it has
changed.
1.
From the main menu, select Server Profile Templates, and then do one of the following:
•
Click Create server profile template in the master pane.
•
Select a server profile template in the master pane, and then select Actions→Edit.
18.6 Update firmware on managed devices 219
2.
Select the firmware bundle for Firmware baseline.
To install an older firmware version contained in the SPP, you must select the Force
installation option to downgrade the firmware. You might want to install older firmware if
the newer firmware already installed on the server is known to cause a problem in your
environment, perhaps as noted in the Release Notes.
CAUTION: Be aware that downgrading firmware can render an appliance unusable and
might result in slower installation speeds. For example, if the iLO Firmware is downgraded
to a previous version that does not use Rich Infrastructure Specification (RIS), the
communication between Smart Update Tools and HPE OneView will break.
3.
4.
To complete the update, do one of the following:
•
If this is a new template, click Create to create the server profile template.
•
If you are editing an existing template, click OK to update the server profile template.
Verify that the new firmware baseline is listed in the details pane on the Server Profile
Templates screen.
18.7 Learning more
•
“Troubleshooting firmware bundles” (page 370)
•
“About enclosures or Synergy frames” (page 196)
•
“About firmware associated with a logical interconnect” (page 185)
•
“About server profiles” (page 142)
220 Managing firmware for managed devices
19 Managing power, temperature, and the data center
You can use the appliance to manage the power and temperature of your IT hardware. To manage
and monitor hardware temperature, add your server hardware to racks, position the server
hardware in the racks, and then add the racks to one or more data centers.
19.1 Managing power
To manage power, you describe your power delivery devices to the appliance using the Power
Delivery Devices screen or the REST APIs. The appliance discovers HPE Intelligent Power
Delivery Devices (iPDUs) and their connections automatically.
UI screens and REST API resources
UI screen
REST API resource
Power Delivery Devices
power-devices
enclosures (power capacity)
server-hardware (power capacity)
19.1.1 Roles
•
Required privileges: Infrastructure administrator or Server administrator
19.1.2 Tasks for managing power
The appliance online help provides information about using the UI and REST APIs to:
•
Add a power delivery device.
•
Add a power connection.
•
Filter power delivery devices.
•
View last 5 minutes of power consumption for an iPDU.
•
View last 24 hours of power consumption for an iPDU.
•
Edit the properties of a power delivery device.
•
Power on or off the locator light for a power delivery device.
•
Power down a power delivery device.
•
Remove a power delivery device.
•
Resolve connectivity issues between an iPDU and the appliance.
•
Add an iPDU currently being managed by another management system.
•
View power utilization statistics.
•
Update enclosure power capacity settings (REST API only).
•
Update server hardware power capacity settings (REST API only).
19.1.3 About power delivery devices
Power delivery devices provide power to IT hardware. A typical power topology in a data center
includes power delivery devices such as power feeds, breaker panels, branch circuits, and power
distribution units (PDUs), as well as the load segments, outlet bars, and outlet components of
19.1 Managing power 221
these devices. Adding your power delivery devices to the appliance enables power management
using thermal limits, rated capacity, and derated capacity.
The Power Delivery Devices screen describes the following classes of devices:
•
Intelligent Power Distribution Units (iPDUs), which the appliance can automatically discover
and control.
•
Other power delivery devices that the appliance cannot discover. By manually adding these
devices to the appliance, they become available for tracking, inventory, and power
management purposes.
Regardless of how power delivery devices are added to the appliance, the appliance automatically
generates the same types of analysis (capacity, redundancy, and configuration). For iPDUs, the
appliance gathers statistical data and reports errors.
Connectivity and synchronization with the appliance
The appliance monitors the connectivity status of iPDUs. If the appliance loses connectivity with
an iPDU, an alert displays until connectivity is restored. The appliance will try to resolve
connectivity issues and clear the alert automatically, but if it cannot, you must resolve the issue
and manually refresh the iPDU to bring it in synchronization with the appliance.
The appliance also monitors iPDU to remain synchronized with changes to hardware and power
connections. However, some changes to devices made outside of the control of the appliance
(from iLO for example) may cause them to become out of synchronization with the appliance.
You may have to manually refresh devices that lose synchronization with the appliance.
NOTE: Hewlett Packard Enterprise recommends that you do not use iLO to make changes to
a device. Making changes to a device from its iLO could cause it to lose synchronization with
the appliance.
You can manually refresh the connection between the appliance and an iPDU from the Power
Delivery Devices screen. See the online help for the Power Delivery Devices screen to learn
more.
19.2 Managing your data center
In the appliance, a data center represents a physically contiguous area in which racks containing
IT equipment—such as servers, enclosures, and devices—are located. The data center describes
a portion of a computer room and provides a useful grouping to summarize your environment
and its power and thermal requirements.
UI screens and REST API resources
UI screen
REST API resource
Data Centers
datacenters
19.2.1 Roles
•
Required privileges: Infrastructure administrator or Server administrator
19.2.2 Tasks for data centers
The appliance online help provides information about using the UI and REST APIs to:
•
Add and edit a data center.
•
Manipulate the view of a data center visualization.
222 Managing power, temperature, and the data center
•
Monitor data center temperature.
•
Remove a data center from management.
19.2.3 About data centers
A data center represents a physically contiguous area in which racks containing IT equipment
are located.
For example, you have IT equipment in two rooms or on separate floors. You could create a data
center for each of these areas.
Each server, enclosure, or power distribution device in your data center can report its power
requirements, but it can be difficult to understand the power and cooling requirements for your
data center as a whole. The appliance enables you to bring power and cooling management of
your servers, enclosures, and power delivery devices together in a single management system.
The Layout view of the data center is color-coded to depict the peak temperature recorded in
the last 24 hours.
Default data center: Datacenter 1
When you initialize the appliance for the first time, it creates a data center named Datacenter
1. The appliance provides this data center as a place to visualize your racks. You can rename
or edit this data center to match the values and layout of your data center, you can use it as the
basis for a planned data center model, or you can delete this data center without adverse effects.
Default rack placement
When you add a rack to the appliance for management, the appliance displays the rack in all
data centers even though its actual location is not known. If you view a data center that displays
unpositioned racks, a warning appears to alert you that unpositioned racks are being displayed.
When you assign a rack to a data center, it is no longer displayed in other data centers.
19.3 Managing racks
Racks allow you to manage temperature, power, and depict the layout of enclosures.
UI screens and REST API resources
UI screen
REST API resource
Racks
racks
19.3.1 Roles
•
Required privileges: Infrastructure administrator or Server administrator
19.3.2 Tasks for racks
•
Add, edit, or remove a rack.
•
Change layout of devices in a rack.
•
Set the thermal limit of a rack.
19.3.3 About racks
A rack is a physical structure that contains IT equipment such as enclosures, servers, power
delivery devices, and unmanaged devices (an unmanaged device uses slots in the rack and
consumes power or exhausts heat, but it is not managed by the appliance). You can manage
19.3 Managing racks 223
your racks and the equipment in them by adding them to the appliance. Having your racks
managed by the appliance enables you to use the appliance for space and power planning. The
appliance also gathers statistical data and monitors the power and temperature of the racks it
manages.
When you add an enclosure to the appliance, it automatically creates a rack and places the
enclosure in it. The appliance places into the rack all enclosures connected by management link
cables. When enclosures are added, the appliance places them in the rack from top to bottom.
When an enclosure is placed in an Intelligent Series Rack, the enclosure slots are automatically
detected. For other racks, to accurately depict the layout of your enclosures within the rack you
must edit the rack to place the enclosure in the proper slots.
You can use the appliance to view and manage your rack configuration and power delivery
topology. You can specify the physical dimensions of the rack (width, height, and depth), the
number of U slots, and the location of each piece of equipment in the rack. You can specify the
rack PDUs that provide power to the rack, and their physical position in the rack or on either side.
You can also describe how the devices in the rack are connected to those PDUs.
After adding a rack to the appliance for management, you can add the rack to a data center to
visualize the data center layout and to monitor device power and cooling data.
After the rack is under management, you can configure the power delivery topology with redundant
and uninterruptible power supplies to the devices in the rack.
Rack naming
The way a rack is named and how you change the name of a rack depends on how it was added
to the appliance.
Table 9 Rack naming
Add method
Initial naming method
Name change method
Automatically discovered from a ProLiant
server with Location Discovery Services for
Synergy frames
Assigned using rack serial
number as rack name
Edit rack
Manually from the Racks screen
Defined by the user
Edit rack
19.4 Learning more
•
“Monitoring power and temperature” (page 297)
•
“About utilization graphs and meters” (page 299)
224 Managing power, temperature, and the data center
20 Managing OS Deployment servers
UI screens and REST API resources
UI screen
REST API resource
OS Deployment Servers
deployment-servers
20.1 Roles
•
Required privileges: Infrastructure administrator
20.2 Tasks for OS deployment servers
•
Add, edit, or delete an OS deployment server
•
Change the primary appliance for an Image Streamer OS deployment server
20.3 About OS Deployment Servers
An OS deployment server is a resource that enables you to deploy (install and configure) operating
systems for use by servers. HPE OneView connects to an OS deployment server and configures
it for deploying operating systems.
HPE OneView manages the OS deployment server after it is configured and displays the list of
attributes, management settings, the OS deployment plans, and the server profiles that reference
the available OS deployment plans.
20.4 About HPE Synergy Image Streamer deployment server
You can add only a single Image Streamer deployment server. Once you add an Image Streamer
OS deployment server in HPE OneView, you can launch the Image Streamer graphical user
interface from the HPE OneView OS Deployment Servers screen. An Image Streamer OS
deployment server supports the deployment of plans that define the operating system artifacts
necessary for server hardware operation.
Adding a deployment server causes Image Streamer appliances to be clustered and configured
to manage OS deployment artifacts.
A software administrator can create, modify, and delete deployment plans using artifacts stored
on the Image Streamer appliance. These artifacts include the following:
•
Plan script: Plan scripts are used to accomplish the personalization (deployment) or
generalization (capture) processes.
•
Build plan: Build plans are recipes that modify the contents of a server volume to make the
golden image specific to the server for deployment or to retain server-specific content as
part of capture.
•
Golden image: A golden image is a generic format of any image that can be customized
for deployment using other artifacts provided by Image Streamer.
•
Deployment plan: Deployment plan is a combination of a golden image and build plan.
The deployment plans have the operating system, driver, and application software to be installed
and configured along with the recipe for configuration. The deployment plans take values for
configuration of a deployment instance for a server from server profiles.
20.5 About designating the HPE Synergy Image Streamer primary cluster
The primary appliance:
20.1 Roles 225
•
is the cluster where the Image Streamer user interface runs.
•
provides the interface for managing artifacts and detailed status and maintenance of Image
Streamer appliances.
•
coordinates deployment as directed by the server profile. The server profile is the interface
for controlling deployment.
The primary appliance is selected when the Image Streamer deployment server is added. Any
Image Streamer appliance can be selected as the primary appliance. Changing the primary does
not disrupt server access to OS volumes.
All Image Streamer appliances not designated as the primary are considered secondary
appliances. A secondary appliance hosts and serves the operating system volumes for the
compute modules in its logical enclosure and acts as a backup in case the primary appliance
fails. If there are appliance-related issues or a need to remove or decommission the primary
appliance, another Image Streamer can be selected as primary cluster by editing the deployment
server.
OS deployment is not possible until the deployment server is edited to select a primary. The new
primary requires time to reconfigure and take control of the group of appliances. During this time
servers continue to have uninterrupted access to OS volumes.
Before the primary is physically removed, a new primary should be selected. If the primary is
removed before selecting a new primary, it will not be possible to manage artifacts and OS
deployment will fail. Once a new primary is selected, normal operation will resume.
One cluster is composed of an Image Streamer appliance pair. An appliance is clustered for high
availability. This is important for mission critical use because the Image Streamer hosts the OS
volumes that servers use. Each logical enclosure has a cluster. The number of clusters possible
is limited by the maximum number of enclosures that can be managed by HPE OneView in a
multi-frame configuration.
20.6 About deleting OS deployment server
Deleting an Image Streamer OS deployment server removes the management and storage
networking configurations of all the Image Streamer appliances configured in HPE OneView. In
addition, the Image Streamer appliances are reset to factory defaults, removing all OS deployment
artifacts and all OS volumes.
226 Managing OS Deployment servers
21 Managing storage
This chapter describes the storage resources and the tasks associated with those resources.
•
Storage systems: hardware that contains multiple storage disks such as the HPE 3PAR
StoreServ Storage system.
•
Storage pools: groups of physical disks in a storage system.
•
Volumes: logical storage spaces provisioned from storage pools that you can attach to server
profiles.
•
Volume templates: you can create multiple volumes with the same configuration.
•
SAN managers: hardware or software systems that manages SANs
•
SANs: you can use SANs to automate fabric zoning.
•
Drive enclosures: hardware, installed in enclosure bays, that contains multiple physical disks
from which you can dynamically create virtual drives.
Figure 18 Storage management overview
UI screens and REST API resources
UI screen
REST API resource
SAN Managers
fc-sans/device-managers
fc-sans/providers
fc-sans/managed-sans
Storage Systems
storage-systems
Storage Pools
storage-pools
Volumes
storage-volumes
Volume Templates
storage-volume-templates
Drive Enclosures
drive-enclosures
227
21.1 Drive enclosures
21.1.1 Tasks for drive enclosures
The HPE OneView online help provides information about using the UI or the REST APIs to:
•
Refresh a drive enclosure
•
Reset a drive enclosure
•
Power a drive enclosure on or off
•
Power the UID light for a drive enclosure on or off
21.1.2 About drive enclosures
Drive enclosures are hardware devices that contain a set of drive bays. A drive enclosure is
installed in a device bay of an enclosure, and provides composable storage to servers.
Composable storage is a group of physical drives that you can dynamically define as virtual
drives. These virtual drives are called logical JBODs. A JBOD (just a bunch of disks) is a group
of physical disk drives that are assigned to server hardware. Unlike a RAID configuration, a JBOD
is a not redundant configuration. You can specify a RAID configuration when you create a logical
JBOD.
Logical JBODs are created and assigned to server hardware from server profiles or server profile
templates.
More information
“About local storage and mezzanine storage controllers” (page 151)
21.1.2.1 About drive enclosure and server hardware power sequencing requirements
•
The server hardware must be powered off for changes to the server profile to be applied,
including attaching drives from a drive enclosure.
•
After you have attached a drive enclosure to server hardware, you can physically add and
remove drives in the drive enclosure without powering the server hardware on and off.
•
A drive enclosure that contains drives attached to server hardware must be powered on
before the server hardware is powered on in order for the drives to be visible to the server
hardware.
•
If you power off or move a drive enclosure, you must power off all server hardware that have
attached drives in the drive enclosure, and power the server hardware back on after the
drive enclosure is powered on.
More information
“About interconnects” (page 171)
“About logical interconnects” (page 174)
21.2 Storage systems
A storage system is hardware that contains multiple storage disks such as the HPE 3PAR
StoreServ Storage system.
228 Managing storage
21.2.1 Roles
•
Minimum required privileges: Infrastructure administrator or Storage administrator
21.2.2 Tasks
The appliance online help provides information about using the UI and REST APIs to:
•
Add, edit, edit credentials, refresh, and remove a storage system
•
Add a volume
21.2.3 About storage systems
A storage system (or storage array) is a storage device from which logical disks (volumes) can
be provisioned and mapped or masked to servers. Bringing SAN storage systems under
management of the appliance enables you to add and create volumes. You can then attach
volumes to server profiles through volume attachments. This enables the server hardware
assigned to the server profiles to access the SAN storage system.
When adding a storage system, you must choose a domain on the storage system. You can then
select storage pools from that domain on the storage system to add to the appliance. After you
add storage pools, you can assign networks to the storage ports associated with the storage
system.
See the HPE OneView Support Matrix for HPE Synergy for a list of supported storage systems.
21.2.3.1 About HPE 3PAR StoreServ Storage systems
You can connect supported HPE 3PAR StoreServ Storage systems to the appliance. You must
configure a 3PAR system using the 3PAR software to bring it under management of the appliance.
Partner port states
Port state
Definition
Equivalent 3PAR state
none
Normal state, not failed over.
none
failing over
The port is offline and is in the process of failing over to
the partner port.
failover_pending
failed over
The port is offline and has failed over to the partner port. failed_over
failed
The port is off offline and cannot fail over to the partner
port.
active_down
recovering
The port is online and in the process of returning to a
normal state.
failback_pending
partner port failed
over
The partner port has failed over and the port is the partner active
port traffic.
partner failed
The partner port has failed and the fail over operation was active_down
not successful.
21.3 Storage pools
Storage pools are groups of physical disks in a storage system that you can divide into logical
volumes.
21.3 Storage pools 229
21.3.1 Roles
•
Minimum required privileges: Infrastructure administrator or Storage administrator
21.3.2 Tasks
The appliance online help provides information about using the UI and REST APIs to:
•
Add and remove a storage pool
21.3.3 About storage pools
A storage pool is an aggregation of physical storage resources (disks) in a storage system.
Storage systems contain information about the storage ports through which they can be accessed.
You can provision logical storage spaces, known as volumes, from storage pools.
You can choose one or more storage pools when adding a storage system to the appliance.
Storage pools are created on a storage system using the management software for that system.
You cannot create or delete storage pools from the appliance—you can only add or remove them
from management. After you add storage pools, you can provision volumes on them.
21.4 Volumes
Volumes are logical storage spaces provisioned in storage pools. You can create multiple volumes
with the same configuration using a volume template.
21.4.1 Roles
•
Minimum required privileges: Infrastructure administrator, Storage administrator, or Network
administrator
21.4.2 Tasks
The appliance online help provides information about using the UI and REST APIs to:
•
Create, add, edit, delete, and increase the capacity of a volume
•
Create a volume snapshot, create a volume from snapshot, and revert volume to snapshot
21.4.3 About volumes
A volume represents a logical disk provisioned from a storage pool on a storage system. You
can attach volumes to one or more servers by configuring a volume attachment in the server
profile. The volume attachment manages volume presentation on the storage system ( StoreServ
port selection, host and vlun creation) as well as SAN zoning on SANs (with automatic zoning
enabled) that connect the server and storage system.
Using volume templates, you can create multiple volumes with the same configuration.
You can increase (grow) the capacity of a volume by editing it. You cannot decrease the capacity
of a volume.
21.4.3.1 About snapshots
A snapshot is a virtual copy of an existing volume at a point in time. You can use a snapshot as
a backup of a volume, and then use the snapshot to revert a volume to the backup, or to create
new volumes from the snapshot.
A snapshot is a static copy of a volume at the point the snapshot is created. Snapshots are not
updated to reflect changes in the volume since the snapshot was taken.
230 Managing storage
A new volume created from a snapshot will be the same size as the snapshot and will contain
all of the data in the snapshot. The new volume has no relationship with the volume that was
used to create the snapshot.
Reverting a volume to a snapshot will revert to the data the volume contained when the snapshot
was taken. The size of the volume will remain the same as when it was reverted. For example,
if you take a snapshot of a 50 GiB volume, grow the volume to 100 GiB, and then revert to the
snapshot, the volume will be 100 GiB with the data from the 50 GiB snapshot.
Reverting to a snapshot of a volume will cause all data created or changed since the snapshot
was taken to be lost. Backup your data to prevent data loss.
21.5 Volume templates
You can use volume templates to create multiple volumes with the same configuration.
21.5.1 Roles
•
Minimum required privileges: Infrastructure administrator or Storage administrator
21.5.2 Tasks
The appliance online help provides information about using the UI and REST APIs to:
•
Add, edit and delete a volume template
21.5.3 About volume templates
A volume template is a logical resource that enables you to create a standard configuration from
which multiple volumes can be created.
21.6 SAN Managers
A SAN manager is a hardware or software system that manages SANs. A SAN manager is not
required to attach a volume to a server profile, but SAN managers enable automated fabric
zoning.
21.6.1 Roles
•
Minimum required privileges: Infrastructure administrator or Storage administrator
21.6.2 Tasks
The appliance online help provides information about using the UI or the REST APIs to:
•
Add, edit, and remove a SAN manager
21.6.3 About SAN managers
SAN Managers are a resource in HPE OneView that represent a connection to an external entity
through which SANs are discovered and managed. The external entity can be vendor-specific
management software or a physical switch.
SANs are created outside of HPE OneView in the SAN manager vendor’s management interface.
Once created, SANs can be discovered and managed in HPE OneView using the SAN Manager
resource.
When creating SAN managers, it is possible to have two SAN managers discovering the same
SAN, causing it to show up twice in the SAN view. When associating an HPE OneView network
to the SAN, the choice of which SAN to associate determines which SAN manager will be used
to manage the SAN, and the other will be removed (hidden) as HPE OneView does not permit
a SAN to be managed through more than one SAN manager.
21.5 Volume templates 231
HPE OneView supports SAN managers from different vendors. See the HPE OneView Support
Matrix for HPE Synergy for a list of supported SAN managers.
21.6.3.1 About zone sets
A zone set is a set of zones you can configure all zones on a SAN manager by activating a zone
set from the SAN manager. HPE OneView modifies the active zone set when performing zoning
or alias configuration. Zone sets are not exposed in HPE OneView.
Active zone set
The zone set currently enforced by the fabric.
Inactive zone set
The inactive zone sets for the SAN. Only one zone set can be activate
at a time.
SAN manager
Term for Inactive zone set
HPE
Standby zone set
Cisco
Local zone set
Brocade (BNA)
Zone configurations
21.6.3.2 Configuring SAN managers to be managed by HPE OneView
You must configure SAN managers using the management software provided by the SAN manager
vendor to properly manage them in HPE OneView. After properly configuring the SAN manager,
you can add it to HPE OneView.
CAUTION: Performing zone operations from multiple switches without executing a full zone
set distribution might result in the loss of zoning data.
NOTE: Switch vendors support fabric world wide name (FWWN) or node port world wide name
(PWWN) zone memberships. HPE OneView only uses PWWN for zone membership.
Best Practice: SAN managers
•
Always use a single switch to perform all zoning operations, regardless of the management
software you use to perform the zoning.
•
Always use the full zone set distribution commands and settings when making zone changes.
HPE OneView does this on the SAN manager and SAN through which it is managing by
default.
Configuring HPE SAN managers
•
You must have a valid SNMP v3 user with default read permissions. See “Quick Start:
Configuring an HPE 5900 for management by HPE OneView” (page 126).
•
HPE SANs must only be managed by a single HPE OneView appliance.
Configuring Cisco SAN manager
•
You must have a valid SNMP v3 user with write permissions. See “Quick Start: Configuring
a Cisco switch to be added as a SAN manager for management by HPE OneView” (page
127).
•
Cisco SANs must only be managed by a single HPE OneView appliance.
Configuring Brocade Network Advisor (BNA) SAN manager
•
You must have a valid user account with SMI Agent running. See the documentation for
your SAN manager for more information.
•
To allow HPE OneView to see SAN fabric topology changes automatically, you must disable
Track Fabric Changes on the BNA. Otherwise, you must perform an Accept Changes
232 Managing storage
operation on the BNA whenever you make changes to the SAN fabric topology for HPE
OneView to see them. See the BNA documentation for more information on disabling Track
Fabric Changes.
•
BNA based SANs can be managed by one or more HPE OneView appliances.
21.7 SANs
21.7.1 Tasks
The appliance online help provides information about using the UI or the REST APIs to:
•
Associate a managed SAN with a network
•
Turn automated zoning on or off for a managed SAN
•
Edit a SAN
•
Download SAN endpoints table
•
Generate an Unexpected Zoning Report
21.7.2 About SANs
SANs are Fibre Channel (FC) or Fibre Channel over Ethernet (FCoE) storage area networks that
connect servers to storage systems. The possible states for SANs are:
Discovered
A SAN that is not associated with a network. SANs are automatically discovered
when a SAN manager is added to HPE OneView.
Managed
A SAN that is associated with one or more networks in HPE OneView. Only
managed SANs can be configured to be automatically zoned by HPE OneView.
Direct-attach SANs
HPE OneView creates a direct-attach SAN (flat SAN) automatically when you configure an
enclosure with a logical interconnect that contains a direct-attach uplink set. HPE OneView names
the direct-attach SAN using the format <interconnect><uplink set>. The SAN that HPE
OneView creates is a Fibre Channel (FC) direct-attach SAN that is not zoned, and cannot be
edited.
NOTE: HPE OneView creates a SAN for each interconnect module that is connected to a
direct-attach Fibre Channel network.
Connecting servers directly to an HPE 3PAR Storage system using direct-attach Fibre Channel
networks is not supported for Synergy frames.
21.7.2.1 About SAN zoning
Zoning policy
A SAN zone enables communication between devices connected to the SAN. SAN zoning policies
determine how zoning should be configured on a SAN. SAN zoning policies define whether or
not zoning is automated as well as the naming format of zones and aliases. In HPE OneView,
you can specify the name format of the zones and aliases that will be created when you associate
a storage volume to a server profile via a volume attachment. By specifying zone name and alias
formats using text strings and server profile objects, you can create names that are meaningful
and conform with your naming conventions.
NOTE: HPE OneView performs zoning only when you add a connection to a server profile and
attach a SAN storage volume to it. When you do this, HPE OneView will determine if the current
zoning allows connectivity. If current zoning does not allow connectivity, HPE OneView will create
the necessary zoning based on the specified zoning policy.
21.7 SANs 233
Automate zoning
Automated zoning enables HPE OneView to automatically create, edit, and delete zones on a
zoned SAN when you attach storage volumes to servers through a volume attachment in a server
profile.
Yes Zoning is automated. HPE OneView takes full control of the zone naming and contents
based on the zoning policy for the SAN. Use automated zoning when you want HPE
OneView to configure new zones for volume attachments to server profiles. Existing zones
are not modified unless the SAN storage attributes defined in a server profile change.
No
Zoning is not modified by HPE OneView. You must manually manage zoning.
21.8 Learning more
•
“Understanding the resource model” (page 39)
•
“Troubleshooting storage” (page 388)
234 Managing storage
22 Managing users and authentication
The appliance requires users to log in with a valid user name and password, and security is
maintained through user authentication and role based authorization. User accounts can be local,
where the credentials are stored on the appliance or can be on a company or organizational
directory (Microsoft Active Directory, for example) hosted elsewhere, where the appliance contacts
the defined directory server to verify user credentials.
UI screens and REST API resources
UI screen
REST API resource
Users and Groups
users, roles, authz, logindomains,
logindomains/global-settings, and
logindomains/grouptorolemapping
22.1 Roles
•
Minimum required privileges: Infrastructure administrator
22.2 Tasks for managing users and groups
The appliance online help provides information about using the user interface or the REST APIs
to:
•
Add, edit (including updating a user password), or remove a user with local authentication.
•
Add a user with directory-based authentication.
•
Add a group with directory-based authentication.
•
Designate user privileges.
•
Reset the administrator password.
•
Add an authentication directory service.
•
Allow or disable local logins.
•
Change the authentication directory service settings.
•
Set an authentication directory service as the default directory.
•
Remove an authentication directory service from the appliance.
22.3 About user accounts
Role-based access
The appliance provides default roles to separate responsibilities in an organization. A user role
enables access to specific resources managed from the appliance.
Role-based access control enforces permissions to perform operations that are assigned to
specific roles. You assign specific roles to system users or processes, which gives them permission
to perform certain system operations. Because a user is not assigned permissions directly, but
instead acquires them through their role (or roles), individual user rights are managed by assigning
the appropriate roles to the user. At initial appliance startup, there is a default administrator
account with full access (Infrastructure administrator) privileges. For more information about the
actions each role can perform, see “Action privileges for user roles” (page 237).
22.1 Roles 235
Local authentication
You can add a user authorized to access all resources managed by the appliance (full access
user) or add a user who has access based on their job responsibilities (role-based specialist).
For each of these users, authentication is confirmed by comparing the user login information to
an authentication directory hosted locally on the appliance.
The default administrator login for the appliance is automatically assigned with full access
(Infrastructure administrator) privileges.
Directory-based authentication
You can add a user authorized by membership to access all resources managed by the appliance
(full access user) or add a user authorized by membership who has access based on their job
responsibilities (role-based specialist). For each of these users, authentication is confirmed by
comparing the user login information to an enterprise directory.
22.4 About user roles
User roles enable you to assign permissions and privileges to users based on their job
responsibilities. You can assign full privileges to a user, or you can assign a subset of permissions
to view, create, edit, or remove resources managed by the appliance.
Table 10 User role permissions
Role
Type of user
Permissions or privileges
Full
Infrastructure
administrator
View, create, edit, or remove resources managed or monitored by the
appliance, including management of the appliance, through the UI or using
REST APIs.
An Infrastructure administrator can also manage information provided by
the appliance in the form of activities, notifications, and logs.
Only an Infrastructure administrator can restore an appliance from a backup
file.
Read only
Read only
View managed or monitored resource information.
Cannot add, create, edit, remove, or delete resources.
Specialized
Backup
administrator
Create and download backup files, view the appliance settings and activities.
Has the authority to use scripts to log in to the appliance and run scripts to
back up the appliance.
Cannot restore the appliance from a backup file.
NOTE: This role is specifically intended for scripts using REST APIs to
log into the appliance to perform scripted backup creation and download
so that you do not expose the Infrastructure administrator credentials for
backup operations.
Hewlett Packard Enterprise recommends that users with this role should
not initiate interactive login sessions through the HPE OneView user
interface.
Network
administrator
View, create, edit, or remove networks, network sets, connections,
interconnects, uplink sets, and firmware bundles.
View related activities, logs, and notifications.
Cannot manage user accounts.
236 Managing users and authentication
Table 10 User role permissions (continued)
Role
Type of user
Permissions or privileges
Server
administrator
View, create, edit, or remove server profiles and templates, network sets,
enclosures, and firmware bundles.
Access the physical servers and hypervisor registration.
View connections, networks, racks, power, and related activities, logs, and
notifications.
Add volumes, but cannot add storage pools or storage systems.
Cannot manage user accounts.
Storage
administrator
View, add, edit, or remove storage systems.
View, add, or remove storage pools.
View, create, edit, add, or delete volumes.
View, create, edit, or delete volume templates.
View, add, or edit SAN managers.
View or edit SANs.
Software
Administrator
Creates and modifies Image Streamer artifacts like plan scripts, build plans,
and deployment plans.
Assigns a golden image for deployment.
Performs a capture from a web server.
Performs all the actions pertaining to the artifact bundles.
Can perform activities like appliance restart, shutdown, update firmware,
backup, restore, and activate standby.
HardwareSetup
A credential-less login for data center technicians that allows them to verify
cabling of Hewlett Packard Enterprise Synergy hardware and fix alerts
related to first time setup of hardware.
22.5 Action privileges for user roles
The following table lists the user action privileges associated with each user role.
The Use privilege is a special case that allows you to associate objects to objects that you own
but you are not allowed to change. For example, in a logical interconnect group, a user assigned
the role of Server administrator is not allowed to define logical interconnect groups, but can use
them when adding a frame.
Table 11 Action privileges for user roles
Category
Action privileges for user roles
(C=Create, R=Read, U=Update, D=Delete, Use)
Infrastructure Server
Network
Backup
Storage
Read
administrator administrator administrator administrator administrator only
Hardware Software
setup administrator
activities
CRUD
CRU
CRU
R
CRU
R
CRU
CRU
alerts
RUD
RUD
RUD
—
RUD
R
RUD
RUD
appliance
CRUD
R
R
R
R
R
R
R
artifactbundles
CRUD
R
R
CRUD
R
R
—
CRUD
audit logs
CR
R
R
—
R
—
—
—
backups
CRUD
R
R
CRD
R
R
R
R
22.5 Action privileges for user roles 237
Table 11 Action privileges for user roles (continued)
Category
Action privileges for user roles
(C=Create, R=Read, U=Update, D=Delete, Use)
community
string
Infrastructure Server
Network
Backup
Storage
Read
administrator administrator administrator administrator administrator only
Hardware Software
setup administrator
RU
R
CRU
—
R
—
—
R
connections CRUD
R
CR
R
R
R
—
R
connection
templates
CRUD, Use
R, Use
CRUD
R
R
R
—
R
console
users
CRUD
—
—
—
—
—
—
—
data centers CRUD
CRUD
R
R
R
R
CRUD
R
debug logs
CRUD
CRU
CRU
—
R
R
—
CRU
deployedtargets
CRUD
CRUD
R
R
R
R
—
R
deployment- CRUD
clusters
R
R
R
R
R
—
R
deployment- CRUD
groups
R
R
R
R
R
—
R
deployment- CRUD
managers
R
R
R
R
R
—
R
device bays CRUD
CRUD
R
R
R
R
CRUD
R
domains
CRUD
R
CRU
R
R
R
—
R
enclosures
CRUD
CRUD
R
R
R
R
CRUD
R
enclosure
groups
CRUD, Use
CRUD, Use
R
R
R
R
—
R
Ethernet
networks
CRUD
R
CRUD
R
R
R
—
R
events
CRU
CRU
CRU
—
R
R
CR
CRU
fabrics
CRUD
R
CRUD
R
R
R
—
R
FC aliases
CRUD
R
R
R
CRUD
R
—
R
FC device
managers
CRUD
R
R
R
CRUD
R
—
R
FC
endpoints
R
R
R
R
R
R
—
R
FC networks CRUD
R
CRUD
R
R
R
—
R
FCOE
networks
CRUD, Use
R
CRUD, Use R
R
R
—
R
FC ports
R
R
R
R
R
R
—
R
FC
providers
R
R
R
R
R
R
—
R
FC SANs
CRUD
R
R
R
CRUD
R
—
R
238 Managing users and authentication
Table 11 Action privileges for user roles (continued)
Category
Action privileges for user roles
(C=Create, R=Read, U=Update, D=Delete, Use)
FC SAN
services
Infrastructure Server
Network
Backup
Storage
Read
administrator administrator administrator administrator administrator only
Hardware Software
setup administrator
CRUD
R
R
R
CRUD
R
—
R
FC switches R
R
R
R
R
R
—
R
FC tasks
R
R
R
R
R
R
—
R
FC zones
CRUD
R
R
R
CRUD
R
—
R
firmware
drivers
CRUD
CRUD
CRUD
R
R
R
R
R
global
settings
CRUD
CRUD
CRUD
R
CRUD
R
CRUD
CRUD
goldenimages
CRUD
R
R
R
R
R
—
CRUD
goldenvolumes
CRUD
R
R
R
R
R
—
CRUD
grouptorole
mappings
CRUD
—
—
—
R
R
—
—
i3sCRUD
maintenanceservices
R
R
R
R
R
—
R
i3s-volumeservices
CRUD
R
R
R
R
—
CRUD
ID range
CRUD
vmacs (MAC
addresses)
R
CRU
R
R
R
—
R
ID range
vsns (serial
numbers)
CRUD
CRU
R
R
R
R
—
R
ID range
vwwns
(World Wide
Names)
CRUD
R
CRU
R
R
R
—
R
integrated
tools
CRUD
R
R
R
R
R
—
R
interconnects CRUD
CR
CRUD
R
R
R
CRUD, R
Use
interconnect R, Use
types
R
CRUD
R
R
R
CRUD
R
labels
CRUD
CRUD
CRUD
R
CRUD
R
R
CRUD
licenses
CRUD
CR
R
R
R
R
—
R
logical
downlinks
R
R
R
R
R
R
—
R
R, Use
RU, Use
R
R
R
—
R
CRUD
logical
CRU, Use
interconnects
22.5 Action privileges for user roles 239
Table 11 Action privileges for user roles (continued)
Category
Action privileges for user roles
(C=Create, R=Read, U=Update, D=Delete, Use)
Infrastructure Server
Network
Backup
Storage
Read
administrator administrator administrator administrator administrator only
Hardware Software
setup administrator
logical
CRUD, Use
interconnects
groups
R, Use
CRUD, Use R
R
R
—
R
login
domains
CRUD
—
—
—
R
R
—
R
login
sessions
CRUD
RU
RU
RU
RU
RU
—
—
managed
SANs
CRUD, Use
R
R, Use
R
CRUD, Use
R
—
—
migratable
CRUD, Use
VC domains
—
—
—
—
—
—
R
networks
R, Use
CRUD, Use R
R
R
—
—
CRUD
CRUD
R
R
R
—
R
notifications CRUD
CRD
CRD
R
R
R
—
—
oe-buildplans
CRUD
R
R
R
R
R
—
CRUD
oeCRUD
deploymentplans
R
R
R
R
R
—
CRUD
organizations CRUD
—
—
—
R
R
—
—
osCRUD
deploymentplans
R
R
R
R
R
—
CRUD
os-volumes
CRUD
R
R
R
R
—
R
plan-scripts CRUD
R
R
R
R
R
—
CRUD
ports
RU, Use
—
RU, Use
—
R
—
—
R
power
devices
CRUD
CRUD
R
R
R
R
CRUD
R
racks
CRUD
CRUD
R
R
R
R
CRUD
R
reports
R
R
R
R
R
R
—
R
restores
CRUD
—
—
—
—
R
—
—
roles
CRUD
—
—
—
—
R
—
—
SANS
CRUD, Use
R
R
R
CRUD, Use
R
—
—
SAN
manager
CRUD, Use
R
R
R
CRUD, Use
R
—
—
server
hardware
CRUD, Use
CRUD, Use
R
R
R
R
CRUD, R
Use
network
sets
CRUD, Use
CRUD, Use
CRUD
240 Managing users and authentication
1
Table 11 Action privileges for user roles (continued)
Category
Action privileges for user roles
(C=Create, R=Read, U=Update, D=Delete, Use)
Infrastructure Server
Network
Backup
Storage
Read
administrator administrator administrator administrator administrator only
Hardware Software
setup administrator
server
hardware
types
CRUD, Use
CRUD, Use
R
R
R
R
CRUD, R
Use
server
profiles
CRUD
CRUD
R
R
R
R
—
R
statelessservers
CRUD
CRUD
R
R
R
R
—
R
storage
pools
CRD
R
R
R
CRUD
R
—
R
storage
systems
CRUD
R
R
R
CRUD
R
—
R
storage
target ports
CRUD
R
R
R
CRUD
R
—
R
storage
volumes
CRUD
CRUD
R
R
CRUD
R
—
R
storage
CRUD
volume
attachments
CRUD
R
R
CRUD
R
—
R
storage
volumes
templates
CRUD
R
R
R
CRUD
R
—
R
switches
CRUD, Use
RU
CRUD
R
R
R
—
R
tasks
R
R
R
R
R
R
R
R
trap
forwarding
RU
R
R
R
R
R
—
R
unmanaged
devices
CRUD
CRUD
R
R
R
R
CRUD
R
uplink sets
CRUD
R
CRUD
R
R
R
—
R
users
CRUD
—
—
—
—
R
—
—
user
CRUD
preferences
—
—
—
—
R
—
—
1
Server administrators cannot edit bandwidths.
22.6 About authentication settings
Security is maintained through user authentication and role-based authorization. User accounts
can be local, where the user credentials are stored on the appliance, or they can be in a directory
(Microsoft Active Directory, for example) hosted elsewhere, where the appliance contacts the
designated directory server to verify the user credentials.
When logging in to the appliance, each user is authenticated by the authentication directory
service, which confirms the user name and password. Use the Authentication settings panel
to configure authentication settings on the appliance, which is populated with default values
during first-time setup of the appliance.
22.6 About authentication settings 241
To view or make changes to Authentication settings, log in with Infrastructure administrator
privileges. No other users are permitted to change or view these settings.
View and access the Authentication settings by using the UI and selecting
Settings→Security→Authentication or with the REST APIs.
22.7 About directory service authentication
You can use an external authentication directory service (also called an enterprise directory or
authentication login domain) to provide a single sign-on for groups of users instead of maintaining
individual local login accounts. Each user in a group is assigned the same role (for example,
Infrastructure administrator). An example of an authentication directory service is a corporate
directory that uses LDAP (Lightweight Directory Access Protocol).
After the directory service is configured, any user in the group can log in to the appliance. On
the login window, a user:
•
Enters their user name (typically, the Common-Name attribute, CN).
The format for the user name depends on the Directory type.
•
Enters their password.
•
Selects the authentication directory service.
In the Session control, ( ) the user is identified by their name preceded by the authentication
directory service. For example:
CorpDir\pat
IMPORTANT:
Unlike local users, if a user is deleted from an authentication directory, their active sessions
remain active until that user logs out.
If there is a change in the group-to-role assignment (including a deletion) for an authentication
directory group while a user from that group is logged in, their current active session is not affected
until they log out. Local users’ sessions are ended when such modifications are made.
Authenticating users
When you add an authentication directory service to the appliance, you provide location criteria
so that the appliance can find the group.
Adding a directory server
If you replicate the authentication directory service for high availability or disaster tolerance, add
the replicated directory service as a separate directory service.
After configuring and adding a directory server, you can designate it as the default directory
service.
After you add an authentication directory service and server
You can:
•
Add a group, which had already been defined in the directory service, so that all its members
can login on the appliance.
•
Allow local logins only, which is the default.
•
Allow both local logins and logins for user accounts authenticated by the directory service.
•
Disable local logins so that only users whose accounts are authenticated by the directory
service can log in. Local accounts are prevented from logging in.
242 Managing users and authentication
Considerations for configuring a Microsoft Active Directory directory service
•
The following maps the Active Directory attribute to the LDAP property:
LDAP property
Active Directory attribute
cn
Common-Name
uid
UID
userPrincipalName User-Principal-Name
sAMAccountName
SAM-Account-Name
If the user name does not contain either an @ character (to denote a UPN) or a \ character
(to denote a domain\login), then these logins are attempted in this order:
1.
2.
3.
•
The user name is treated as the sAMAccountName and directory-name gets
prepended (directory-name\user-name)
The user name is treated as a UID.
The user name is treated as a CN.
If a user object is created in the Active Directory Users and Computers Microsoft
Management Console, the names default as follows.
Specify the following components of the user’s name, displayed here with the corresponding
attribute:
User name
component
Attribute
First Name
givenName
Intials
initial
Last Name
sn
The field labeled Full Name defaults to this format and this string is assigned to the cn
attribute (Common Name).
givenName.initials.givenName.initial.sn
In the New Object – user dialog box, you are also required to specify a User logon name.
This, in combination with the DNS domain name, becomes the userPrincipalName.
The userPrincipalName is an alternative name that the user can use for logging in. It is
in the form:
LogonName@DNSDomain
For example:
[email protected]
•
Finally, as you enter the User logon name, the first twenty characters are automatically
filled in in the pre-Windows 2000 logon name field, which becomes the sAMAccountName
attribute.
•
CN-logins for built-in Active Directory user accounts, like Administrator, are not accepted.
Other login formats are acceptable if their respective attributes (sAMAccountName,
userPrincipalName, and UID) are set properly.
22.8 Managing user passwords
A user with Infrastructure administrator privileges can manage the passwords of all local users
on the appliance using the UI or the REST APIs. Users without Infrastructure administrator
privileges can manage only their own passwords.
22.8 Managing user passwords 243
As Infrastructure administrator, you can view all users logged in to the appliance with the Users
and Groups screen or REST APIs. Select any user, and then edit their password or assigned
role.
All other local users can edit their own passwords by using the UI or the REST APIs. In the UI,
click the Session icon in the top banner, and then click the Edit icon to change their current
password or contact information.
22.9 Reset the administrator password
If you lose or forget the administrator password, use the following operation to reset it. The
operation allows you to set a single-use password for the local administrator account.
NOTE: This operation resets the password for a local administrator account on the appliance.
It does not apply to administrator accounts authenticated by a directory service.
In an appliance cluster, this operation resets the password for the administrator account on
both appliances.
You will need to access the Maintenance console from the appliance console, access a unique
request code, and telephone your authorized support representative, who will send an
authorization code after verifying your information.
Prerequisites
•
You have access to the appliance console.
Resetting the administrator password with the Maintenance console
1.
2.
3.
Access the appliance console.
Access the Maintenance console main menu.
Select Reset password.
The Maintenance console displays a request code.
IMPORTANT: The request code is valid only while you are on the Password reset screen
of the Maintenance console. If you return to the main menu or end the Maintenance console
session, the request code will be invalid. You will need to start this procedure over again to
acquire a new request code.
4.
Telephone your authorized support representative and provide that person with the following
information:
•
The name of the person requesting the password to be reset.
•
The name of the company that owns the appliance.
•
The request code from the Maintenance console.
The authorized support representative verifies the information and then sends a message
to the authorized email address on file. This message contains the authorization code,
also known as a response code. An ISO image, which is also the authorization code, is
attached to the message.
For information on how to contact Hewlett Packard Enterprise, see “Accessing Hewlett
Packard Enterprise Support” (page 405).
5.
Do one of the following to enter the authorization code in the response field.
IMPORTANT:
invalid.
You must enter the authorization code within one hour or it becomes
244 Managing users and authentication
6.
7.
8.
9.
10.
11.
•
If you are able to paste information into the Maintenance console, copy the authorization
code from the email message and paste it into the response field of the Maintenance
console.
•
Read the authorization code from the ISO image:
1. Save the ISO image attached to the email message.
2. Mount the ISO image as a virtual media mount (a virtual CD-ROM).
3. Select Read from ISO in the Maintenance console.
4. The Maintenance console reads the ISO image and, after a moment, automatically
fills in the response field with the authorization code.
•
Type the authorization code into the response field.
Determine a single-use administrator password.
When prompted, enter and reenter the new password.
Select OK to set the single-use password.
Log into the UI with this account, using the single-use password.
Set a new password for this account in the screen provided.
Verify by logging out, then logging into this account with the new password.
See also
•
“Accessing Hewlett Packard Enterprise Support” (page 405).
•
[Conditionalized for FusionGuide and FusionHelp] “About the Maintenance console” (page
441)
22.10 Learning more
•
“Controlling access for authorized users” (page 67)
22.10 Learning more 245
246
23 Backing up an appliance
This chapter describes how to use the UI, REST APIs, or a custom-written PowerShell script to
save your appliance resource configuration settings and management data to a backup file.
UI screens and REST API resources
UI screen
REST API resource
Settings→Actions
backups
23.1 Roles
Users with Infrastructure administrator and Backup administrator privileges can create and
download backup files, however, only the Infrastructure administrator can restore an appliance
from a backup file.
The Backup administrator has the authority to use scripts to log in to the appliance and run scripts
to back up the appliance. This role is specifically intended for scripted backup creation and
download. Hewlett Packard Enterprise recommends that users with this role should not initiate
interactive login sessions through the HPE OneView user interface.
23.2 About backing up the Synergy Composer
HPE OneView provides the ability to save your configuration settings and management data to
a backup file and enables you to use that backup to restore a corrupted appliance in the event
of a catastrophic failure.
The backup process involves creating a backup file and then downloading that file so that you
can store it to a safe and secure (off-appliance) location for future use. You can schedule automatic
backup operations and designate a remote location for the backup file.
For advice on creating and archiving a backup file, see “Best practices for backing up a Synergy
Composer” (page 249).
For the procedure on creating a backup file from the UI, see “Back up a Synergy Composer
manually” (page 249). To configure automatic backups stored remotely, see “Configure automatic
remote backups” (page 251).
IMPORTANT: In the unlikely event you need to restore the appliance, Hewlett Packard
Enterprise recommends backing up your appliance configuration on a regular basis, preferably
daily and especially:
•
After adding hardware
•
After changing the appliance configuration
•
Before and after updating the appliance firmware
•
After performing a factory reset of the frame
To prevent a backup file from being overwritten or deleted, download it and save it to an
off-appliance location before running the next backup process. The appliance stores one backup
file or one support dump file on the appliance at a time. Creating a backup file replaces the current
backup file or support dump file. Likewise, creating a support dump file replaces the previous
support dump or the backup file.
If you start a backup while a support dump is in progress, the backup operation does not proceed
until the support dump operation completes. If you (as the Infrastructure administrator) start a
support dump while a backup operation is in progress, you have the option of cancelling the
backup and proceeding with the support dump.
23.1 Roles 247
HPE OneView provides a Backup administrator user role specifically for backing up the appliance
by permitting access to other resource views without permitting actions on those resources, or
other tasks. Only the Infrastructure administrator or the Backup administrator can create a backup
file, either through the UI or REST APIs.
What the backup process backs up
What the backup process does not back up
• HPE OneView database
• Non-data files: Static files that are installed as part of the
execution environment, and are not specific to the appliance or
managed environment configuration
• System files:
◦
Non-database data
◦
Audit log
◦
License files
• Log files (except the Audit log file)
• Appliance network configuration
• First-time setup configuration files
• Firmware bundles
• Any server settings, such as the following, that HPE OneView
has not set:
◦
Boot and BIOS configuration settings.
◦
SAN and Local storage configurations
◦
Network configurations
Settings such as these are neither validated by nor persisted by
HPE OneView
Use a backup file to do the following:
•
Restore the appliance from which the backup file was created.
•
Restore the settings to a different appliance. For example, if an appliance fails and cannot
be repaired, you can use a backup file to restore the management configuration settings
and management data to a replacement appliance created from the same version of the
machine image.
REST APIs let you:
•
Schedule a backup process from outside the appliance.
•
Collect backup files according to your site policies.
•
Integrate with enterprise backup and restore products.
Considerations for a clustered appliance
•
In a clustered appliance, the backup covers both cluster members.
•
In an appliance cluster, you can perform the following:
◦
Create a backup file from an appliance cluster and use it to restore an appliance cluster.
◦
Create a backup file from a standalone appliance and use it to restore an appliance
cluster.
◦
Create a backup file from an appliance cluster and use it to restore a standalone
appliance.
However, both the backup appliance and the restored appliance must be the same model
and their versions must be compatible.
248 Backing up an appliance
23.3 Best practices for backing up a Synergy Composer
Method
Description
Creating
Always use the HPE OneView backup feature to back up your appliance.
Frequency
Hewlett Packard Enterprise recommends backing up your appliance configuration with the
automatic remote backup feature regularly, preferably daily.
Hewlett Packard Enterprise also recommends backing up your appliance manually:
• After adding hardware
• After changing the appliance configuration
• Before and after updating the appliance firmware
You should always have a backup file with the same firmware version as the appliance.
Otherwise, a restore operation will fail.
• Before and after importing an enclosure
• After performing a factory reset of the frame
You can back up the appliance while it is in use and while normal activity is taking place. You do
not need to wait for tasks to stop before creating a backup file.
Archiving
The backup file format is proprietary.
Hewlett Packard Enterprise recommends that you:
1. Create and download the backup file.
2. Store the backup file in a safe, off-appliance location to protect your sensitive data.
Hewlett Packard Enterprise provides REST APIs for integration with enterprise backup products.
23.4 Determining your backup policy
A backup file is an snapshot of the appliance configuration and management data at the time
the backup file was created. Hewlett Packard Enterprise recommends that you create regular
backups, preferably once a day and after you make hardware or software configuration changes
in the managed environment.
As an alternative to using Settings→Backup→Actions→Create backup from the appliance
UI, you can write and run a script to automatically create and download an appliance backup
file. You can schedule the backup script to run automatically in interactive or batch mode on a
regular basis. Only a user with Backup administrator or Infrastructure administrator privileges
can run the script interactively.
Hewlett Packard Enterprise provides and recommends a remote backup facility for storing backup
files. After an initial configuration, backups are taken automatically on the specified day and time
and sent to a user’s folder on an SSH or SFTP server.
23.5 Back up a Synergy Composer manually
A backup file saves the configuration settings and management data for your appliance. You
can recover from a catastrophic failure by restoring your appliance from the backup file. For more
information, see “About backing up the Synergy Composer” (page 247).
NOTE: To reduce the size of the backup file and the time it takes to create it, the firmware
bundles you have uploaded to the appliance are not included in the backup file.
Prerequisites
•
Minimum required privileges: Infrastructure administrator, Software administrator, or Backup
administrator
•
You have completed all the best practices for backing up an appliance.
23.3 Best practices for backing up a Synergy Composer 249
Backing up a Synergy Composer manually
1.
From the main menu, select Settings and do one of the following:
•
Click Create backup in the Backup panel.
•
Click Backup on the Settings screen, and then select Actions→Create backup.
While the backup file is being created, a progress bar appears in the Overview pane.
Wait for the backup file creation to complete.
2.
Optionally, click the Create backup notification banner for more information and the name
of the backup file, which has the format:
appliance-host-name_backup_yyyy-mm-dd_hhmmss.bkp
3.
4.
5.
Verify that the backup file was created correctly. The backup file name should reflect the
current date and time.
After the backup file is created, do one of the following to download the backup file from the
appliance:
•
Click Download backup in the Backup panel.
•
Select Actions→Download backup.
Select the appropriate option in the dialog box to save the backup file for safekeeping:
•
Select Transfer backup to remote backup location to store the backup file in the
specified remote backup location.
For information on configuring the remote backup location and enabling that feature,
see “Configure automatic remote backups” (page 251).
•
Select Download the backup to my computer to store the backup file on the local
computer.
Do not store the backup file on the appliance.
More information
About backing up the appliance
Best practices for backing up an appliance
Configure automatic remote backups
Troubleshooting: Backup file creation or download action fails
“Recovering an HPE Synergy Composer” (page 455)
23.6 Using REST APIs to create and download an appliance backup file
After the backup is initiated, a TaskResource URI is created that you use to track the progress
of the backup. When the backup is complete, you can use a GET REST API operation to download
and change the backup file name. The latest backup is stored on the appliance and is replaced
when a new backup is initiated.
Prerequisites
•
Minimum required session ID privileges: Backup administrator
Creating and downloading an appliance backup file using REST APIs
1. Create the backup file.
POST /rest/backups
2. Download the backup file.
GET /rest/backups/archive/{backup URI}
250 Backing up an appliance
NOTE: After the POST operation is complete, a TaskResource URI and backup URI are
returned. You can use the TaskResource URI to monitor the progress of the backup. Use the
backup URI to refer to a specific backup when downloading the backup file or performing another
operation.
23.7 Creating a custom script to create and download an appliance backup
file
If you prefer to write a customized script to create and download your appliance backup file, and
schedule that script to run on a schedule according to your IT policies, see “Sample backup
script” (page 409) for a sample PowerShell script.
23.8 Configure automatic remote backups
Prerequisites
•
Minimum required privileges: Infrastructure administrator, Backup administrator
•
User account on a remote computer and the credentials for that account.
Configuring automatic remote backups
1.
2.
3.
From the main menu, select Settings.
Do one of the following:
•
In the Backup panel, click
•
Click Backup, and then select Actions→Edit backup.
.
Supply the data requested in the Edit Backup screen.
NOTE:
Some fields are hidden or revealed according to selections.
When scheduling an automatic remote backup, enter the Time as two numeric values
separated by a colon.
4.
5.
Click OK.
Verify the success of the configuration by monitoring the progress of the test backup file that
is generated and transmitted.
More information
“About backing up the Synergy Composer” (page 247)
23.9 Disable automatic remote backups
Prerequisites
•
Minimum required privileges: Infrastructure administrator
Disabling automatic remote backups
1.
2.
3.
From the main menu, select Settings.
Do one of the following:
•
In the Backup panel, click
•
Click Backup, and then select Actions→Edit backup.
.
In the Edit Backup screen, select Enable remote backup location to remove the check
mark.
The remainder of the screen is no longer displayed.
23.7 Creating a custom script to create and download an appliance backup file 251
4.
Click OK.
The scheduling data is retained in case you want to enable automatic remote backups again.
More information
“About backing up the Synergy Composer” (page 247)
23.10 Learning more
•
“Basic troubleshooting techniques ” (page 333)
252 Backing up an appliance
24 Restoring an appliance from a backup file
This chapter describes how to use the UI, REST APIs, or a custom-written PowerShell script to
restore a corrupted appliance from a backup file. A restore operation is required only to recover
from catastrophic failures, not to fix minor problems that can be resolved in other ways.
UI screens and REST API resources
UI screen
REST API resource
Settings→Actions
restores
For more information about restoring an appliance, see the online help for the Settings screen.
IMPORTANT:
an appliance.
Always use the HPE OneView UI and REST API restore operations to restore
24.1 Roles
Users with Infrastructure administrator or Backup administrator privileges can create and download
backup files, however, only an Infrastructure administrator can restore an appliance from a backup
file.
24.2 About restoring the Synergy Composer
Restoring an appliance from a backup file replaces all management data and most configuration
settings with the data and settings in the backup file, including user names and passwords, audit
logs, but does not include the appliance IP address settings.
The appliance is not operational during the restore operation and it can take several hours to
perform; the more resources and devices to restore, the longer the restore operation takes. A
restore operation cannot be canceled or undone after it has started. The appliance blocks login
requests while a restore operation is in progress.
IMPORTANT: A restore operation is required to recover from catastrophic failures, not to fix
minor problems that can be resolved in other ways.
Therefore, after the restore operation is complete, you can restore an appliance from a backup
file that was created on the same appliance or, if an appliance fails and cannot be repaired, from
24.1 Roles 253
a backup file from a different appliance. In this case, the backup file must have been created
from an appliance running the same version of HPE OneView.
Actions during the restore
operation
Description
Validates the resource
inventory
During a restore operation, the appliance firmware validates the resource inventory
(enclosures, servers, interconnects) and reconciles the data in the backup file with the
current state of the managed environment. The state of the managed environment is
likely to be different from the state of that environment at the time the backup file was
created. After the restore operation, the appliance uses alerts to report any discrepancies
that it cannot resolve automatically.
Rediscovers enclosures
to validate contents
During the restore operation, the appliance rediscovers each enclosure to validate its
contents—especially to ensure that the appliance can still claim them and that the given
instance of HPE OneView is the manager of the enclosure.
Clears virtual IDs
The appliance clears virtual IDs for server hardware that does not have a profile assigned
but does have virtual IDs configured. These servers most likely had a profile assigned
after the last backup was made.
See also “Post-restoration tasks” (page 258).
You can use the UI to upload a backup file and restore the appliance from it. You can also use
REST APIs for this purpose.
Considerations for a clustered appliance
In general, during the restore operation:
•
The active appliance is restored from the backup file.
•
The standby appliance joins the active appliance, forming the clustered appliance.
•
The standby appliance has its data synchronized with the restored active appliance.
IMPORTANT:
These network settings are not restored:
•
The host name of the clustered appliance
•
The IP address of the clustered appliance
•
The gateway IP
•
The subnet mask
•
The IP address of the DNS server
NOTE: The HPE Synergy Composer and HPE Synergy Frame Link Module are paired with
credentials and a claimed management IP address. The Synergy Composer needs the credentials
to access and manage the frame link module. The synchronization happens during the initial
discovery of hardware when both the Synergy Composer and frame link module are in the factory
fresh state. A Synergy Composer can only recover the credentials by restoring a backup.
Replacing a Synergy Composer when highly available does not require any remediation steps
except to replace the failed clustered appliance.
254 Restoring an appliance from a backup file
24.3 Best practices for restoring a Synergy Composer
Topic
Best Practice
Before you
begin
1. Note the passwords you use.
Maintain a list of the current user accounts on the appliance.
The restore operation resets the user names and passwords to those that were in effect when
the backup file was created.
2. Create a support dump.
Use the support dump to diagnose failures that occurred before the restore operation.
3. Download the existing audit logs, and store them for safekeeping.
The restore operation restores the audit logs from the backup file, overwriting the existing logs.
4. Stop all automatically scheduled backups.
If HPE OneView is configured for automatic backups, backups resume after the appliance is
restored.
5. Make the backup file accessible to the appliance from which you plan to issue the upload
request. If you are using an enterprise backup product to archive backup files, follow any steps
required by your backup product to prepare for the restore operation.
WARNING! The local backup file is removed during the restore process. Download the
backup file and store it in a safe, off-appliance location for future restorations.
6. If you added hardware to the appliance after the backup file was created, that hardware is not
in the appliance database when the restore process completes. Then, if you restore from the
backup file, you must add that hardware to the appliance and then repeat any other configuration
changes (such as assigning server profiles) that were made between the time the backup file
was created and the restore process completed.
Inform users
• Make sure that all users logged in to the appliance log out. Users who are logged in when the
restore operation begins are automatically logged out, losing whatever work was in progress.
All users are blocked from logging in during the restore operation.
Use the right
backup file
• Use the latest backup file to restore the appliance. The backup file will not include any changes
made after the backup file was created.
• Make sure the appliance IP addresses are the ones you want the appliance to use after the
restore operation. Appliance IP addresses are not restored from the backup file.
• Ensure that the appliance being restored and the appliance on which the backup file was
created have the same firmware version; otherwise, the restore operation fails.
The platform type, hardware model, and the major and minor numbers of the appliance firmware
must match to restore a backup. The format of the appliance firmware version is as follows:
majornumber.minornumber.revisionnumber-buildnumber
The revision and build numbers do not need to match.
If the backup file is incompatible with the firmware on the appliance, the upload returns an
error and the restore operation stops. You will need to update the firmware or select a different
backup file.
• If it is necessary to restore a backup to a new appliance and the old appliance is still functioning
(the hardware has not failed), remove the old appliance. Deleting the appliance ensures that
it no longer manages the devices it was managing when the backup file was created. Serious
errors can occur if multiple appliances attempt to manage the same devices.
• If the backup file was created on an appliance that is different from the one you are restoring,
reconfigure the original appliance so that it no longer manages the devices it was managing
when the backup file was created. Serious errors can occur if multiple appliances attempt to
manage the same devices.
24.3 Best practices for restoring a Synergy Composer 255
24.4 Restore a Synergy Composer from a backup file
Restoring an appliance from a backup file replaces all management data and most configuration
settings on the appliance. You are directed to re-enter unresolved data, if applicable. For more
information, see “About restoring the Synergy Composer” (page 253).
Prerequisites
•
Minimum required privileges: Infrastructure administrator or Software administrator.
•
You have completed all the best practices for restoring an appliance.
IMPORTANT: If you are using a backup file created on another appliance to restore a new or
replacement appliance:
1. Install HPE OneView on the new or replacement appliance. For instructions, see the HPE
OneView Installation Guide.
2. Configure the new appliance with the same network settings as the appliance on which the
backup file was created. Thus, you can use the network to upload the backup file to the new
appliance.
For more information on the network configuration settings, see the online help for the add
or edit appliance screen details.
If the network configuration for the new appliance does not exactly match the network
configuration in the backup file, the network configuration will not match the information in
the network certificates in the backup file. As a result, the browser loses connection with the
appliance and the appliance cannot be restored.
3.
When the new appliance network is configured, continue the restore operation described in
the following procedure.
Restoring a Synergy Composer from a backup file
Follow the procedure for the scenario that applies to your environment and practices:
•
“Scenario: Select a backup file and start the restoration immediately”
•
“Scenario: Select a backup file and start the restoration later”
Scenario: Select a backup file and start the restoration immediately
1.
2.
From the main menu, select Settings, and then select Backup.
Select Actions→Restore from backup.
A dialog box opens.
3.
4.
Read the on-screen notification, then select Select a backup file.
Do one of the following:
•
Drag the backup file and drop it into the indicated text box.
•
Click Browse, and then select the backup file to upload.
NOTE: Not all browsers and browser versions offer the ability to drag and drop files onto
applications.
5.
Click Upload and restore.
Wait until the restore process is complete. A status page indicates progress.
When the restore process completes, you are returned to the login page where you can log
in to the restored appliance.
256 Restoring an appliance from a backup file
6.
Upload the firmware bundles used by your server profiles, enclosures, and logical
interconnects. These were not saved as part of the backup file. Refer to each profile's
Firmware baseline setting to determine the file name for the required baseline.
If you used HPE OneView to create a custom SPP, use the CMDLET
Restore-HPOVCustomBaseline to re-create the custom SPP after the base SPP and
the hotfixes are uploaded to the repository. For more information, see https://github.com/
HewlettPackard/POSH-HPOneView/wiki/Restore-HPOVCustomBaseline .
7.
Verify that the restore operation was successful by logging in to the appliance and successfully
resolving any discrepancies that the restore operation cannot resolve automatically. See
“Post-restoration tasks” (page 258).
Scenario: Select a backup file and start the restoration later
1.
2.
From the main menu, select Settings, and then select Backup.
Select Actions→Restore from backup.
A dialog box opens.
3.
4.
Read the on-screen notification, then select Select a backup file.
Do one of the following:
•
Drag the backup file and drop it into the indicated text box.
•
Click Browse, and then select the backup file to upload.
NOTE: Not all browsers and browser versions offer the ability to drag and drop files onto
applications.
5.
Click Upload only.
Wait until the file upload is complete.
A progress bar appears. The file name, creation date, and version are displayed when the
file upload is complete.
6.
7.
8.
When you are ready to restore the appliance from the backup file, return to the dialog box
and verify that the backup file is correct and uploaded.
Select Restore from a backup file.
Click Restore.
Wait until the restore process is complete. A status page indicates progress.
When the restore process completes, you are returned to the login page where you can log
in to the restored appliance.
9.
Upload the firmware bundles used by your server profiles, enclosures, and logical
interconnects. These were not saved as part of the backup file. Refer to each profile's
Firmware baseline setting to determine the file name for the required baseline. You do
not need to upload the default baseline, Service Pack for ProLiant - Base
Firmware, which is included in the appliance image.
If you used HPE OneView to create a custom SPP, use the CMDLET
Restore-HPOVCustomBaseline to re-create the custom SPP after the base SPP and
the hotfixes are uploaded to the repository. For more information, see https://github.com/
HewlettPackard/POSH-HPOneView/wiki/Restore-HPOVCustomBaseline .
10. Verify the restore operation was successful by logging in to the appliance and successfully
resolve any discrepancies that the restore operation cannot resolve automatically. See
“Post-restoration tasks” (page 258).
24.4 Restore a Synergy Composer from a backup file 257
24.5 Using REST APIs to restore an appliance from a backup file
Prerequisites
•
Minimum required session ID privileges: Infrastructure administrator
•
You have uploaded a backup file to the appliance.
Restoring the appliance from a backup file using REST APIs
1. Initiate the restore process.
POST /rest/restores
The {restore URI} is returned.
2. List the status of the restore process.
GET /rest/restores
24.6 Creating a custom script to restore an appliance
If you prefer to write a script to restore an appliance from a backup file, see “Sample restore
script” (page 420) for a sample PowerShell script that you can customize for your environment.
24.7 Post-restoration tasks
During a restore operation, the appliance reconciles the data in the backup file with the current
state of the managed environment. There are some discrepancies that a restore operation cannot
resolve automatically; for example, if servers were added after the backup file was created. The
network configuration on these servers is unknown to the appliance after a restore and could
result in duplicate MAC addresses and World Wide Names (WWNs), as a result.
After a restore operation completes, you must manually resolve any remaining alerts and add
these servers back into the appliance to eliminate the risk of duplicate IDs. You must also perform
manual cleanup of hardware (servers, interconnects, and enclosures) if server profiles are forcibly
unassigned or the hardware is forcibly removed without first being unconfigured.
Preventing duplicate IDs on the network after a restore
1.
2.
3.
4.
After a restore operation is complete, re-add any enclosure or server hardware added since
the selected backup.
For any server profile alerts about the profile not matching the server hardware:
a. Identify all server profiles with a mismatch-type of error message. Make a list of these
server profiles and the assigned server hardware.
b. Power off the server, and then unassign all of the server profiles individually. From the
Server Profiles screen, select Actions→Edit, and then select Unassign from the
server hardware drop down selector. Click OK.
c. Select Actions→Edit again, and then reassign all of the documented profiles to the
documented server hardware.
For any alerts about ID ranges, the Network administrator should examine the address and
identifier ranges and edit them, if needed.
Re-create any profiles for the servers in any enclosures that were added in step 1.
258 Restoring an appliance from a backup file
25 Managing the appliance
25.1 Updating the appliance
You manage appliance updates from the Settings screen or by using the REST APIs.
UI screens and REST API resources
UI screen
REST API resource
Settings
appliance/firmware
25.1.1 Roles
•
Minimum required privileges: Infrastructure administrator
25.1.2 Tasks
Updating the appliance requires a single user accessing the appliance and causes the appliance
to restart. This does not disrupt the operation of the devices under management, but does result
in an outage of the appliance.
The appliance online help provides information about using the UI or the REST APIs to:
•
Determine if a newer appliance update is available. (Minimum required privileges: Read
only, Network administrator, or Infrastructure administrator)
•
Update the appliance. (Minimum required privileges: Infrastructure administrator)
25.1.3 About appliance updates
The appliance runs a combination of software and firmware. Maintaining up-to-date appliance
software and firmware fixes problems, improves performance, and adds new features to the
appliance. The appliance does not automatically notify you when an update is available, you
must determine if an appliance update file has been released.
To view the installed version of appliance firmware, use the Settings→Appliance view.
Then, verify if a newer version of an appliance update file is available to download from the
www.hpe.com/info/hpeoneview/updates website.
Before you update the appliance, examine the HPE OneView Release Notes to learn about
supported upgrade paths, new features delivered in the update, best practices, limitations,
troubleshooting hints and tips, and whether you must restart the appliance after it is updated.
NOTE: When you download the appliance update file, a link to the update HPE OneView
Release Notes appears in the download dialog box. Hewlett Packard Enterprise recommends
clicking that link to read and then save and print the information for future reference. Once the
download starts, you cannot access that link again.
You manage appliance updates from the Settings→Appliance→Actions→Update appliance
menu or by using the REST APIs. An appliance update is installed from a single file during the
update process. You can either download the file directly to the appliance or to another computer
and then transfer the file to the appliance.
When you install an appliance update, the appliance restarts and goes offline. When the appliance
is offline, it does not affect the managed resources—they continue to operate while the appliance
is offline.
Considerations for a clustered appliance
25.1 Updating the appliance 259
•
If an appliance update fails, the appliance reverts to its initial software version.
•
When a high availability cluster is updated, both appliances (first the active appliance and
then the standby appliance) are updated to the new software version.
•
If the active appliance cannot be updated, it (and the standby appliance) reverts to the
software version before the update.
•
If the update succeeds for the active appliance but not for the standby appliance, the high
availability appliance cluster is lost. Reimage the standby appliance so that its version
matches the active appliance. Then, bringing it up causes it to join the active appliance and
form the appliance cluster.
•
Appliance services are available while the standby appliance is updated. However, the
appliance cluster is not restored until the update of the standby appliance is complete.
25.1.4 Learning more
For more information about obtaining software updates, see “Support and other resources”
(page 405).
25.2 Administering a high-availability appliance cluster
25.2.1 Determining the active and standby appliances of a Synergy frame
1.
2.
From the main menu, select Settings→Appliance.
Locate the Appliance panel.
If an appliance cluster is formed, they are identified.
The active appliance and standby appliance are each identified by frame and bay number
within the frame.
More information
About high availability
25.2.2 About the high availability appliance cluster
HPE OneView achieves high availability through an appliance cluster that comprises two
appliances. The appliances are defined by their role:
Role
Function
active
Currently hosts the services for the appliance cluster.
standby
Ready to become the active appliance in case the active appliance becomes unavailable. The
standby appliance becomes active when:
• The active appliance is physically removed or loses power.
• The connection between the cluster members is broken or interrupted.
• The active appliance experiences repeated software faults, causing it to reboot itself.
unused
Ready to become a standby appliance if it has a compatible firmware version and the previous
standby appliance is no longer configured for standby or was removed from the enclosure.
The standby appliance monitors the active appliance and assumes control when contact is lost.
260 Managing the appliance
Consider two cluster members A and B:
•
The standby appliance (B) detects that it can no longer communicate with the active appliance
(A).
•
Cluster member B causes A to reboot.
•
Cluster member B assumes control of operations as the active appliance.
•
Cluster member A becomes the standby appliance.
•
The appliance cluster becomes highly available again.
25.2.3 Activate the standby appliance
Use this procedure to activate the standby appliance from the UI in order to force the standby
appliance to exchange roles with the active appliance.
NOTE:
•
The appliance is unavailable during the role exchange and unable to respond to requests
while services are reassigned.
HPE OneView services will be stopped on the active appliance and restarted on the standby
appliance. Operations in progress might fail and need to be restarted.
Prerequisites
•
Minimum required privileges: Infrastructure administrator or Software administrator.
•
The standby appliance must be accessible to and fully synchronized with the active appliance.
Activating the standby appliance
1.
2.
3.
From the main menu, select Settings and click Appliance on the Settings screen.
Select Actions→Activate standby
Verify that the standby appliance is activated either by examining the screen or by using the
View details command of Maintenance console. For more information, see View the
appliance details in the HPE OneView User Guide for HPE Synergy.
See also
“About the high availability appliance cluster” (page 260)
25.2.4 Remove a Synergy Composer from the appliance cluster
Use this procedure to remove a reachable appliance from the appliance cluster in HPE OneView.
You will need to remove the appliance from the cluster before removing the HPE Synergy
Composer from the enclosure for service or replacement.
Only a standby appliance can be removed from the appliance cluster. To remove the active
appliance from the cluster, you must activate the standby appliance so that both appliances swap
roles.
When the standby appliance is removed from the cluster and if there is an unused appliance that
is powered on and available, that unused appliance assumes the role of the standby appliance
if:
•
The unused appliance is powered on.
•
The unused appliance is same model as the active appliance.
•
The unused appliance runs the same version of HPE OneView as the active appliance.
Otherwise, the active appliance becomes a standalone appliance.
25.2 Administering a high-availability appliance cluster 261
IMPORTANT: Removing an appliance from cluster resets that appliance to its original factory
settings and then powers it off. That appliance cannot join the cluster until it is powered on.
Prerequisites
•
Minimum required privileges: Infrastructure administrator.
Removing a Synergy Composer from the appliance cluster
1.
2.
3.
From the main menu, select Settings and click Appliance on the Settings screen.
Use the information on the Appliance panel to determine if the appliance you want to remove
is the active appliance or the standby appliance.
To remove the active appliance, activate the standby appliance.
At the end of the operation, the appliances have swapped roles so the previous active
appliance is now the standby appliance and the previous standby appliance is the current
active appliance.
4.
5.
6.
Select Actions→Remove standby.
Select Yes, remove standby.
Verify that the standby appliance is removed from the cluster either by examining the screen
or by using the View details command of Maintenance console. For more information,
see View the appliance details in the HPE OneView User Guide for HPE Synergy.
See also
•
“About the high availability appliance cluster” (page 260)
•
“Activate the standby appliance” (page 261)
•
For information on physically removing an HPE Synergy Composer from the frame, see
HPE Synergy Appliance Maintenance and Service Guide.
25.3 Managing appliance availability
In the event of an appliance shutdown, your managed resources continue to operate. For more
information about how the appliance handles an unexpected shutdown, and what you can do to
recover, see:
•
“How the appliance handles an unexpected shutdown” (page 264)
•
“What to do when an appliance restarts” (page 264)
The appliance online help provides information about using the UI or the REST APIs to shut
down or restart the appliance.
UI screens and REST API resources
UI screen
REST API resource
Settings
appliance/shutdown
25.3.1 Roles
•
Minimum required privileges: Infrastructure administrator
25.3.2 Tasks
The appliance online help provides information about using the UI or the REST APIs to:
•
Shut down the appliance (Minimum required privileges: Infrastructure administrator)
•
Restart the appliance. (Minimum required privileges: Infrastructure administrator)
262 Managing the appliance
25.3.3 Shut down the Synergy Composer from the UI
Use this procedure to perform a graceful shutdown of the appliance from the UI.
NOTE: For a clustered appliance, this action shuts down both the standby appliance and the
active appliance, in that order.
However, if the standby appliance is not connected, then this action powers off the active
appliance. The only way to restart it is to power it back on. If the active appliance is restarted but
the standby appliance is still not connected, you will need to activate it from the Maintenance
console. For more information, see About the Maintenance console in the HPE OneView User
Guide for HPE Synergy.
Prerequisites
•
Minimum required privileges: Infrastructure administrator, Software administrator.
•
Ensure that all tasks have been completed or stopped, and that all other users are logged
off.
Shutting down the Synergy Composer from the UI
1.
2.
From the main menu, select Settings and then click Appliance.
Select Actions→Shut down.
A dialog box opens to inform you that all users will be logged out and ongoing tasks will be
canceled.
3.
4.
Select Yes, shut down in the dialog box.
Verify by observing the shutdown.
25.3.4 Restart the Synergy Composer from the UI
Use this procedure to perform a graceful shutdown and restart of the appliance from the UI. You
are returned to the login screen.
NOTE:
For a clustered appliance:
•
Both the active appliance and the standby appliance are restarted.
•
The appliance that completes the restart operation first becomes the active appliance. The
other appliance becomes the standby appliance when they form the appliance cluster.
Prerequisites
•
Minimum required privileges: Infrastructure administrator, Software administrator.
•
Ensure that all tasks have been completed or stopped, and that all other users are logged
off. Otherwise, restarting the appliance disconnects users and interrupts running tasks.
Restarting the Synergy Composer from the UI
1.
2.
From the main menu, select Settings and then click Appliance.
Select Actions→Restart.
A dialog box opens to inform you that users will be logged out and running tasks will be
interrupted.
3.
4.
Select Yes, restart in the dialog box.
Verify by logging in when the login screen reappears.
IMPORTANT: If the standby appliance is not connected, activate it after it restarts by
using the Maintenance console . For more information, see About the Maintenance console
in the HPE OneView User Guide for HPE Synergy.
25.3 Managing appliance availability 263
25.3.5 How the appliance handles an unexpected shutdown
The appliance has features, such as automatic backup and high availability, to enable it to
automatically recover from an unexpected shutdown, and managed resources continue to operate
while the appliance is offline. However, Hewlett Packard Enterprise recommends that you use
the appliance high-availability and backup features to ensure that the appliance is backed up
daily, and when you make significant configuration changes, such as adding or deleting a network.
Appliance recovery operations
When the appliance restarts, it performs the following operations:
•
Detects tasks that were in progress and resumes those tasks, if it is safe to do so. If the
appliance cannot complete a task, it notifies you that the task has been interrupted or is in
some other error state.
•
Attempts to detect differences between the current environment and the environment at the
time the appliance shut down, and then refreshes its database with the detected changes.
If you determine that the appliance data does not match the current environment, you can
request that the appliance refresh the data for certain resources, such as enclosures.
Appliance recovery during a firmware update of a managed resource
If the appliance shuts down during a firmware update of a managed resource, when the appliance
restarts, it detects the failed update and marks the firmware update tasks as being in an error
state. To update the firmware for this resource, you must re-initiate the firmware update task.
What to do when an appliance restarts
The online help provides information about using the user interface or the REST APIs to:
•
Check for critical alerts or failed tasks and follow the provided resolution instructions
•
Manually refresh a resource if the resource information displayed appears to be incorrect
or inconsistent
•
Create a support dump (recommended for unexpected crashes to help support personnel
to troubleshoot a problem)
•
Update firmware for a resource, if a firmware update task was in progress when the appliance
shut down.
25.4 Managing settings
On the Settings screen, appliance information is divided into panels where, at a glance, you see
the current status of such categories as Scopes and Proxy settings.
UI screens and REST API resources
UI screen
REST API resource
Settings→Scopes
/rest/scopes
Settings→Proxy
/rest/proxy
264 Managing the appliance
25.4.1 Roles
•
Required privileges: Infrastructure administrator
25.4.2 Tasks
The online help provides information on the following tasks:
•
Create, delete, and edit a new scope.
•
Assign a resource to a scope.
•
Configure the appliance HTTPS proxy settings.
25.4.3 Reset the Synergy Composer to the original factory settings
A factory reset restores the appliance to the original factory settings. It does not change the
installed firmware version.
You have the option of preserving or erasing the appliance network settings. A factory reset with
preserved network settings is necessary for recovering a Synergy Composer from an
unrecoverable error state. This option clears most faults so that you can restore the appliance
from a backup file.
You might need to reset the appliance either to decommission it (so that you can migrate the
hardware) or to return the appliance to a known state for reuse (for example, to restore the
appliance from a backup file).
CAUTION:
•
This action erases appliance data including logs and managed device settings in HPE
OneView.
This action does not affect the configuration of managed devices in any way. Therefore,
manual clean-up of devices might be required if HPE OneView will no longer manage them.
•
REST API calls and GUI operations are not allowed during the reset action.
•
If the Synergy Composer does not return to a normal state with factory setting, it might be
necessary to reimage the appliance.
25.4 Managing settings 265
IMPORTANT:
•
In an appliance cluster, the standby appliance must be removed from the cluster before
resetting the active appliance. Removing the standby appliance resets it to factory settings
and shuts it down.
•
If you intend to restore the HPE Synergy Composer settings from a backup file after it the
Composer is reset or reimaged, and that backup file contains the management configuration
for the enclosures, you do not need to reset all managed frames to their factory settings.
•
If you intend to re-import and manage the HPE Synergy frames, you must perform these
actions:
1. Reset the HPE OneView appliance to its factory settings.
2. Then, reset all the frames managed by that HPE Synergy Composer to their factory
settings.
Resetting HPE Synergy frames to factory defaults also removes the networking
configuration on the Interconnects in those frames, which disrupts workloads running
on compute modules in those frames.
•
If you do not have a backup file for HPE OneView, you will need to perform a factory reset
on all the devices in the domain.
Prerequisites
•
Minimum required privileges: Infrastructure administrator
•
Ensure that all tasks have been completed or stopped, and that all other users are logged
off.
Resetting the Synergy Composer to the original factory settings
1.
2.
3.
4.
5.
6.
If you are decommissioning the appliance and its managed environment, remove all hardware
from HPE OneView management, for example:
•
Delete or un-assign all server profiles.
•
Delete all logical enclosures.
•
Delete any storage volumes allocated within HPE OneView.
•
Reset managed devices (configured through IP address pools) to default IP addressing.
From the main menu, select Settings and then click Appliance.
Select Actions→Factory Reset.
Optionally select Preserve appliance network settings to erase the appliance data
without losing network connectivity, for example, to rebuild the appliance.
Select OK.
If you are decommissioning the appliance, ensure that all hardware managed by HPE
OneView is removed from management.
This action displays a progress bar while it is running. Logins are disabled automatically. When
the appliance reset is completed after several minutes, you can log in and set up your appliance
as you did for the first time.
25.4.4 About appliance proxy settings
The Proxy panel allows you to set the HTTPS proxy, port number for client connections, and
whether authentication requires a username and a password.
266 Managing the appliance
25.4.5 About scopes
A scope is a grouping of resources that can be used to restrict the range of an operation or action.
For example, you can create scopes based on:
•
Organization or department (Marketing, Research and Development, Finance)
•
Usage (Production, Development, Testing)
•
Skills (Linux, Windows)
When scopes are defined and resources assigned to them, you:
•
Restrict the resources displayed in the user interface (UI) to those assigned to the scope.
•
Can configure filtered email notifications for alerts based on previously-defined scopes.
“Scope-enabled resource categories” (page 267) lists the categories of resources that can be
added to a scope. There are categories of resources that cannot be added to a scope.
More information
About email notification of alerts
25.4.5.1 Scope-enabled resource categories
Only the following resource types can be added to or removed from a scope:
•
Enclosures
•
Server Hardware
•
Networks (Ethernet, FC, and FCoE)
•
Network Sets
•
Interconnects, excluding SAS resources
•
Logical Interconnects, excluding SAS resources
•
Logical Interconnect Groups, excluding SAS resources
IMPORTANT: For email notification of alerts, resources that are not categorized here are
included in any scope. An email notification filter that specifies one or more scopes does not
eliminate alerts generated by resources that are not currently categorized here are sent.
Inhibiting alerts from non-scope resources requires the use of associated resource categories,
which is described in “Edit an email recipient and filter entry” in the online help..
25.5 Managing addresses and ID pools
A default set of virtual ID pools for MAC addresses, WWNs, and serial numbers are provided at
startup. If you need additional addresses or identifiers, you can add autogenerated or custom
ranges of ID pools.
You manage the ID pools from the UI Settings screen or by using the REST APIs.
UI screens and REST API resources
UI screen
REST API resource
Settings
id-pools
25.5 Managing addresses and ID pools 267
25.5.1 Roles
•
Minimum required privileges: Infrastructure administrator
25.5.2 Tasks for addresses and identifiers
The appliance online help provides information about using the UI or the REST APIs to:
•
View a list of active ID pools and their properties.
•
Add an IPv4 subnet and address range.
•
Add an autogenerated ID pool for MAC addresses, WWNs, or serial numbers.
•
Add a custom ID pool range for MAC addresses, WWNs, or serial numbers.
25.5.3 About ID pools
An ID pool is a collection of one or more ranges that you can be randomly generate or specify
to provide large address spaces. By default, one virtual ID pool each of contiguous MAC
addresses, WWNs, and serial numbers are created automatically when you initialize the appliance.
The pools are composed of address and ID ranges. You can individually enable or disable a
range, or delete any unused ranges. ID pool ranges do not conflict with physical IDs, provided
the virtual ranges you create exclude the physical ID ranges.
Use an IPv4 address pool in a variety of applications:
•
Create an IPv4 subnet with one or more IPv4 address ranges you define. To assign static
IP addresses to device bays, associate these IP ranges with an enclosure group, in which
case IP addresses are assigned to the iLOs of server hardware populating these bays. IP
ranges are also associated with interconnect bays, in which case IP addresses are assigned
to the interconnect modules.
•
Associate an IPv4 subnet with an Ethernet network. If this is an iSCSI network used as a
deployment network, then Image Streamer appliances can consume an IP address from
one of the ranges for management of the appliance.
•
For Image Streamer, assign IPv4 addresses as deployment addresses (iSCSI initiators) for
servers to boot from their OS volumes hosted on Image Streamer appliances.
NOTE: You cannot use IPv4 addresses in the reserved range of 172.30.254.0 to
172.30.254.255. HPE OneView uses this range on an internal private VLAN within the enclosure
domain.
Supported ID pools
ID pool
Description
IPv4 addresses
Dot-decimal notation with four octets (decimals 0-255) separated by dots, for
example, 192.168.1.1
Virtual MAC addresses (vMAC) • 6 byte quantity represented as 12 hexadecimal characters, bytes separated
by a colon (:)
• Unicast address ranges only, multicast bit must not be set
Virtual World Wide Names
(vWWN)
• 8 byte quantity represented as 16 hexadecimal characters, bytes separated
by a colon (:)
Virtual Serial Numbers (vSN)
• 10 alphanumeric characters, uppercase
268 Managing the appliance
More information
“Image Streamer IPv4 address requirements” (page 269)
25.5.4 Image Streamer IPv4 address requirements
When planning for IPv4 subnets and addresses for Image Streamer configurations, consider the
following:
•
Five IPv4 addresses are required per Image Streamer appliance pair
•
Additional Image Streamer appliance pairs require additional IPv4 addresses (five per Image
Streamer appliance pair)
•
Additional deployment networks require additional IPv4 addresses. Every server that needs
to boot from a pair of Image Streamer appliances needs one IPv4 address.
25.5.5 Add an IPv4 subnet and address range
An IPv4 subnet and address range can be added to support an iSCSI network.
Prerequisites
•
Minimum required privileges: Network administrator, Infrastructure administrator
•
“Image Streamer IPv4 address requirements” (page 269)
Adding an IPv4 subnet and address range
1.
2.
3.
4.
5.
6.
7.
From the main menu, select Settings, and then do one of the following:
•
Click Addresses and Identifiers, and then click Actions→Edit.
•
Hover your pointer in the Addresses and Identifiers panel, and then click the
icon.
Edit
Click Add IPv4 subnet and address range and enter the requested subnet information.
Click Add address range and enter the requested address information.
Click Add, or Add + to add additional address ranges.
Click Add, or Add + to add additional subnets and address ranges.
Click OK to submit the changes.
Confirm that the new address range appears in the IPv4 Subnets and Address Ranges
panel.
25.6 Managing the security features of the appliance
To learn about the security features of the appliance, see “Understanding the security features
of the Synergy Composer” (page 63).
25.7 Enabling or disabling Hewlett Packard Enterprise support access
to the appliance
HPE OneView contains a technical feature that will allow an on-site authorized support
representative to access your system, through the system console, to assess problems that you
have reported. This access will be controlled by a password generated by Hewlett Packard
Enterprise that will only be provided to the authorized support representative. You can disable
access at any time while the system is running.
25.6 Managing the security features of the appliance 269
UI screens and REST API resources
UI screen
REST API resource
Settings
appliance/settings
25.7.1 Roles
•
Minimum required privileges: Infrastructure administrator
25.7.2 Tasks
The appliance online help provides information to enable or disable Hewlett Packard Enterprise
support access from either the Settings screen or the REST APIs.
25.8 Managing TLS certificates
A Transport Layer Security (TLS) certificate certifies the identity of the appliance. The certificate
is required by the underlying HTTP server to establish a secure (encrypted) communications
channel with the client web browser.
You manage certificates from the Settings screen or by using the appliance settings REST APIs.
UI screens and REST API resources
UI screen
REST API resource
Settings
certificates
25.8.1 Roles
•
Minimum required privileges for all tasks except as noted: Infrastructure administrator
25.8.2 Tasks
The appliance online help provides information about using the UI or the REST APIs to:
•
Create a self-signed certificate.
•
Create a certificate signing request.
•
Import a certificate.
•
View the TLS certificate settings (Minimum required privileges: Infrastructure administrator,
Backup administrator, or Read only).
25.8.3 Learning more
See “Understanding the security features of the Synergy Composer” (page 63).
25.9 Managing the Hewlett Packard Enterprise public key
The Hewlett Packard Enterprise public key verifies that:
•
Hewlett Packard Enterprise created its software packages (RPMs) and updates.
•
The code was not modified after it was signed.
270 Managing the appliance
25.9.1 Roles
•
Minimum required privileges: Infrastructure administrator
25.9.2 Tasks
The appliance online help provides information about managing public keys from the Settings
screen or by using the REST APIs to:
•
Acquire and install the Hewlett Packard Enterprise public key.
•
View the Hewlett Packard Enterprise public key.
25.10 Downloading audit logs
The audit log helps the security administrator understand what security-related actions took place.
You can gather log files and other information that your authorized support representative needs
so that they can diagnose and troubleshoot an appliance.
UI screens and REST API resources
UI screen
REST API resource
Settings
audit-logs
25.10.1 Roles
•
Minimum required privileges: Infrastructure administrator
25.10.2 Tasks
The appliance online help provides information how to download the audit logs from the Settings
screen or by using the REST APIs.
25.10.3 Download audit logs
The audit log shows the security administrator what security-related actions took place.
You can download log files and other information for your authorized support representative to
use to diagnose and troubleshoot an appliance.
NOTE: There is only one audit log for the clustered appliance. It can be downloaded from
either appliance.
Prerequisites
•
Minimum required privileges: Infrastructure administrator
Downloading audit logs
1.
2.
3.
4.
From the main menu, select Settings.
Click Security.
Select Actions→Download audit logs.
The appliance generates a compressed file of the audit logs and downloads it to your local
computer.
The compressed file is named following this format:
audit-logs-yyyy_mm_dd-hh_mm_ss
yyyy_mm_dd indicates the date, and hh_mm_ss indicates the time the file was created. The
name of the audit log file is displayed on the screen.
25.10 Downloading audit logs 271
The audit log file is downloaded to the default download folder. If no default download folder
is configured in your browser, you are prompted to specify a destination file.
5.
Verify the log was downloaded to the correct folder.
25.10.4 Learning more
•
“Understanding the audit log” (page 68)
•
“Choosing a policy for the audit log” (page 70)
25.11 Connect to the Synergy console
You can connect to the Synergy console using either a notebook computer or a video monitor,
keyboard, and mouse.
25.11.1 Connect to the Synergy console with a keyboard, video monitor, and mouse
25.11.1.1 Prerequisites
•
You have physical access to the frame
•
A video monitor with a monitor port cable, or an appropriate active adapter
•
A USB keyboard and mouse
NOTE: There is only a single USB port at each connection location. If your keyboard and
mouse require more than one USB port, you must use a USB hub.
25.11.1.2 Connecting to the Synergy console with a keyboard, video monitor, and mouse
1.
2.
Connect the video monitor to the monitor port, and connect the keyboard and mouse to the
USB port.
There are two locations to which you can connect the video monitor, keyboard, and mouse:
•
On the front of the frame, on the front panel module (illustration on left)
•
On the rear of the frame, on either HPE Synergy Frame Link Module (illustration on
right)
On connection, the Synergy console displays.
272 Managing the appliance
25.11.2 Connect to the Synergy console with a notebook computer
25.11.2.1 Prerequisites
•
You have physical access to the frame
•
You have configured the notebook computer Ethernet port for DHCP and enabled
auto-negotiation
•
A CAT5 cable
25.11.2.2 Connecting to the Synergy console with a notebook computer
1.
2.
Connect the CAT5 cable to the Ethernet port on the notebook computer.
Connect the CAT5 cable to the notebook port on the front of the frame, on the front panel
module (see illustration)
3.
On the notebook computer, launch a VNC client application to connect to the Synergy
console.
If prompted by the VNC client, enter the IP address (including port 5900) of the Synergy
frame to use for the connection: 192.168.10.1.
4.
The Synergy console is now available using the VNC client connection.
25.12 Prepare a USB flash drive for reimaging an appliance
IMPORTANT: Hewlett Packard Enterprise recommends preparing a USB flash drive immediately
after updating the appliance firmware so that you always have a USB flash drive that matches
the currently installed version of HPE OneView.
For environments with multiple versions of HPE OneView, create separate USB drives, one for
each version.
Prerequisites
•
Computer running either Linux or a Microsoft Windows operating system
•
USB flash drive with 4 GB of memory, or greater
•
Internet connection
Preparing a USB drive for reimaging an HPE Synergy Composer
1.
2.
Insert the USB flash drive in the computer’s USB port.
If necessary delete any unnecessary partitions to ensure adequate disk space.
25.12 Prepare a USB flash drive for reimaging an appliance 273
3.
Format the USB flash drive for one FAT32 partition using these guidelines:
•
For a Linux operating system, use /sbin/fdisk /dev/sdx command, where x
represents the numerical drive of the USB port used.
For a Windows operating system, right click the USB icon in the Computer window
and select Format.
NOTE:
4.
◦
For specific information on the procedure to format the USB flash drive, see the
online help for the operating system.
◦
Specify a label for your USB drive. It can be any name you want, except EMBEDDED,
which is a reserved name. Consider using the date as part of the label.
•
Create only 1 primary partition. Delete any existing partitions if necessary.
•
If prompted, specify the maximum value for Capacity.
•
The partition type is W95 FAT32 or FAT32.
•
If prompted, specify an allocation unit size of 4096 bytes.
•
If prompted, accept default values for the first and last block.
Download the compressed image from this website:
http://www.hpe.com/downloads/oneview/download
5.
6.
Unzip the compressed image.
Copy the contents of the compressed image to the USB flash drive.
IMPORTANT:
7.
Do not rename the files.
Optionally, remove the USB flash drive and store it for future use.
More information
“Reimage the appliance with the preloaded USB drive” (page 274)
“Recovering an HPE Synergy Composer” (page 455)
25.13 Reimage the appliance with the preloaded USB drive
Use this procedure to reimage an HPE Synergy Composer that you either want to add to the
current configuration or that must replace a defective Synergy Composer.
Reimaging a Synergy Composer ensures that it has the same firmware version as any other
Synergy Composer in the configuration.
CAUTION:
This operation destroys data on the reimaged HPE Synergy Composer.
274 Managing the appliance
Should I reset the frame to factory settings?:
If you intend to restore the HPE Synergy Composer settings from a backup file after it is reimaged,
and that backup file contains the management configuration for the enclosures it managed, you
should not reset the managed frames to factory settings. See the factory reset instructions in the
online help.
Otherwise, you must reset all the frame components managed by that HPE Synergy Composer
to their factory settings.
In cases where you have to reset the frame components, make sure that you do not factory reset
the frame link modules while HPE Synergy Composer is being reimaged. The frame link modules
should be reset after the HPE Synergy Composer is reimaged.
Prerequisites
•
Preloaded USB flash drive
•
Access to the faceplate of the HPE Synergy Composer
Reimaging the HPE Synergy Composer with the preloaded USB flash drive
1.
If there are two HPE Synergy Composer appliances in the frame, determine the one that
you need to reimage.
If those appliances form a cluster, remove the standby appliance.
If you cannot remove the appliance, then remove the peer appliance from the frame. You
can reinsert it after imaging is underway.
2.
Insert the preloaded USB flash drive into the USB port of the HPE Synergy Composer that
you need to reimage.
3.
Hewlett Packard Enterprise recommends using the Synergy console to monitor the reimaging
and rebooting operations:
25.13 Reimage the appliance with the preloaded USB drive 275
a.
Connect a keyboard, video, and mouse to the monitor and USB ports located:
•
On the Front Panel of the frame (illustration on left), or
•
On either HPE Synergy Frame Link Module at the rear of the frame (illustration on
right)
On connection, the Synergy console is displayed.
b.
c.
Click the monitor icon located at the top right of the screen.
Select the HPE Synergy Composer to monitor from the Appliances submenu.
A serial console window opens.
d.
4.
Press Enter.
Locate the Power/Reset button on the HPE Synergy Composer faceplate. See the illustration
in step 2. If there are two Composer appliances, locate the button for the one you need to
reimage.
1.
2.
3.
Pinhole within Power/Reset button
Power/Reset
Active LED
276 Managing the appliance
5.
Use the applicator or paperclip to depress the pinhole in the Power/Reset button for more
than ten seconds.
NOTE: Momentarily depressing this button causes the HPE Synergy Composer to reboot,
but does not reimage it.
After ten seconds, the Active LED starts to flash, which means that the reimage process
was triggered.
6.
Release the pinhole button as soon as you see the flashing Active LED.
If connected, the Synergy console shows progress messages.
After reimaging, the HPE Synergy Composer reboots, updates the firmware to the version
stored on the preloaded USB drive, and starts HPE OneView. Reimaging should be completed
in approximately one hour; at which time the initial HPE OneView login screen appears in
the Synergy console.
7.
8.
9.
Verify that the Synergy Composer is reimaged by examining the firmware version number
either on the Appliance panel of the Settings screen or by using the View details
command of Maintenance console.
Optionally, remove the preloaded USB flash drive and store it for possible future use.
Restore the Synergy Composer from a backup file.
Next step
“Quick Start: Initial setup” (page 111)
More information
“Prepare a USB flash drive for reimaging an appliance” (page 273)
“About restoring the Synergy Composer” (page 253)
“Best practices for restoring a Synergy Composer” (page 255)
“Recovering an HPE Synergy Composer” (page 455)
25.13 Reimage the appliance with the preloaded USB drive 277
278
Part IV Monitoring
The chapters in this part describe using the appliance to monitor your data center. You use the
information in this part after the appliance has been configured and the data center resources have
been added to the appliance.
280
26 Monitoring data center status, health, and performance
This chapter describes the recommended best practices for monitoring data center status, health,
and performance using HPE OneView.
26.1 Daily monitoring
As part of the daily monitoring of your data center, it is important to be able to quickly scan the
appliance-managed resources to assess the overall health of your data center. By reviewing the
UI screens, you are able to rapidly analyze the state and condition of your data center.
26.1.1 Initial check: the Dashboard
The Dashboard provides an at-a-glance visual health summary of the appliance resources you
are authorized to view. The Dashboard can display a health summary of the following:
•
Server Profiles
•
Server Hardware
•
Enclosures
•
Logical Interconnects
•
Storage Pools
•
Volumes
•
Appliance alerts
The status of each resource is indicated by an icon: OK ( ), Warning ( ), or Critical ( ).
You can link to the resource screens in the UI for more information by clicking on the status icons
displayed for each resource.
To learn more about the Dashboard screen, see “Using the Dashboard screen” (page 291).
26.1.2 Activities
The Activity screen provides a log of health and status notifications. The appliance verifies the
current activity of resources in your environment, and posts alerts to the Activity screen and to
the associated resource screens for you to review.
The Activity screen is also a database of all tasks that have been run, either synchronously or
asynchronously, and initiated by the user or system. It is similar to an audit log, but provides
more detail and is easily accessed from the UI.
26.1.3 Utilization graphs
For certain resources, the appliance collects CPU, power, and temperature utilization statistics
from management processors (the iLO and iPDU). Utilization graphs enable you to understand
recent utilization statistics relative to available capacity, see utilization trends over time, and see
historical utilization over time. Hover over the utilization area in the UI to display tool tips.
The Enclosures screen
View historical metrics of power consumption (average,
peak, and power cap) and temperature.
The Server Hardware screen
View historical metrics of CPU utilization/CPU frequency,
power consumption (average, peak, and power cap), and
temperature.
The Power Delivery Devices
screen
View historical metrics of power consumption (average and
peak and previous 5 minutes, previous 24 hours).
26.1 Daily monitoring 281
The Racks screen
View historical metrics of power consumption (average,
peak, and power cap) and temperature.
The Interconnects screen
View uplink port statistics of the bit transfer rates
(transmitted and received).
The Storage systems screen
View capacity amount of storage in tebibyte (TiB) of space.
To learn more about utilization graphs, see “Monitoring power and temperature” (page 297).
26.1.4 Monitor data center temperature
The appliance provides detailed monitoring data that you can use to determine the power and
cooling capabilities of the devices in your data center. The overall cooling in your data center
might be sufficient; however, there might be areas that are insufficiently cooled due to conditions
such as poor airflow, concentration of excessive heat output, or wrap-around airflow at the ends
of aisles. To easily identify temperature issues and look for thermal hotspots in all areas in your
data center, use the 3D visualization features provided by the Data Centers UI screen.
To learn more about temperature, see “Monitoring power and temperature” (page 297).
26.2 Best practices for monitoring data centers
The following are recommended best practices for using HPE OneView appliance to ensure the
health of the managed components in your data center environment.
26.2.1 Best practices for monitoring health with the appliance UI
Hewlett Packard Enterprise recommends the following best practices to monitor the health of
the resources in your environment.
General health monitoring steps
Monitoring step
Related information
1. Navigate to the Activity screen and filter activities, using the
filtering options that work best for the situation.
“About Activity” (page 285)
“Using the Dashboard screen” (page 291)
You can also start from the Dashboard screen to see alerts for
specific resources.
2. Navigate to a specific resource screen to view the specific activities “Icon descriptions” (page 86)
for that resource.
On the resource screen, verify the state of the resource instances
via health status icons.
3. Investigate each resource instance with a warning or error status.
4. Expand critical and warning alerts to see their full descriptions,
and click Event details to view additional information about the
event(s) that caused the alert.
5. Follow the instructions in the recommended resolution (if any) or
research the alert to correct the problem.
NOTE: If an alert is Active and no action is required, you can
clear the alert. If an alert is Locked, you cannot clear the alert
without fixing the condition that caused it.
To monitor the current health of a network, navigate to the Interconnects and Logical
Interconnects resources to view recent activity, alerts and notifications, and current health status.
282 Monitoring data center status, health, and performance
26.2.2 Best practices for monitoring health using SCMB or REST APIs
To ensure the health of the components in your data center environment, use the State-Change
Message Bus (SCMB) to receive health status messages. SCMB uses asynchronous messaging
to notify subscribers of changes to managed resources—both logical and physical. For example,
you can receive notifications when new server hardware is added to the managed environment
or when the health status of physical resources changes.
To use REST APIs to monitor health, see the following:
•
Overall health monitoring
•
Server hardware health monitoring
•
Network health monitoring
Overall health monitoring
NOTE: You can view health and alerts on all managed servers and some monitored servers.
To see what servers can be monitored, see monitored server hardware in the HPE OneView
Support Matrix for HPE Synergy.
Monitoring step
• Filter alerts based on severity or date to view current health issues.
GET /rest/alerts?filter="severity='{UNKNOWN, OK, WARNING, CRITICAL}'"&filter="created='{YYYY-MM-DDThh:mm:ss.sssZ}'"
NOTE:
The DISABLED severity is not applicable to alerts.
See the REST API scripting online help for more information about alerts.
• Get alerts for a specific physical resource type, such as server hardware.
GET /rest/alerts?filter="physicalResourceType='{physical_server}'"
See the REST API scripting online help for more information about server hardware.
View the originating event(s) that caused a specific alert.
1. Select an alert.
GET /rest/alerts/
2. Get a specific alert using the alert ID.
GET /rest/alerts/{id}
3. Get the associated event(s).
GET /rest/events/{id}
• Fix the problem. Use the recommended fix (perform a GET operation on the specific alert resource and view the
correctiveAction attribute), or research the alert.
26.2 Best practices for monitoring data centers 283
Server hardware health monitoring
A server or servers turn to a warning or critical status when there are problems detected in the
server hardware. If a server profile has been applied to server hardware in an error state, the
server profile will also be in an error state.
Monitoring step
• Use details from the alert to fix the problem. When available, attempt the recommended fix first. In some cases,
additional research of the alert might be needed to best determine the fix.
GET /rest/alerts?filter="physicalResourceType='{physical_servers}'"&filter="severity='{WARNING, CRITICAL}'"
See the REST API scripting online help for more information on alerts.
• Make sure that server profiles are appropriately assigned to the server hardware.
See the REST API scripting online help for more information on server profiles.
Network health monitoring
To determine the current health of a network or networks on the appliance, view alerts for
interconnects and logical interconnects to verify the correct connections. To list alerts, you can
perform a GET operation on alerts and filter for alerts related to interconnects. To list states, you
can perform a GET operation on interconnects and logical interconnects and filter for an OK state.
284 Monitoring data center status, health, and performance
Monitoring step
View alerts for interconnects.
1. Select an interconnect alert.
GET
/rest/alerts?filter="physicalResourceType='{interconnect}'"&filter="severity='{WARNING,
CRITICAL}'"
2. Get a specific alert using the alert ID.
GET /rest/alerts/{id}
See the REST API chapter in the online help for more information on interconnects.
Filter for logical interconnects with unhealthy stacking.
1. Get unhealthy logical interconnect.
GET /rest/logical-interconnects?filter="stackingHealth='{Unknown, Disconnected}'"
2. View specific unhealthy interconnect using the interconnect ID.
GET /rest/logical-interconnects/{id}
See the REST API chapter in the online help for more information on logical interconnects.
• Use information provided in the alert to fix the problem. Use the recommended fix if there is one, or research the
alert.
See the REST API scripting online help for more information on alerts.
26.3 Managing activities
The appliance online help provides information about using the UI or the REST APIs to:
•
View activities for a resource.
•
Filter activities by health, status, or date.
•
Assign an owner to an alert.
•
Add a note to an alert.
•
Clear an alert.
•
Restore a cleared activity to the active state.
26.3.1 About Activity
The Activity screen lists alerts and other notifications about appliance activity and events occurring
in your data center. You can filter, sort, and expand areas of the screen to refine how information
is displayed. Links within activity details also enable you to view additional information about
specific resources, especially if the notification is reporting an event that requires immediate
attention.
Activity screen components
The image shown here illustrates the important areas on the screen that you can use to monitor,
resolve, and manage activity.
26.3 Managing activities 285
OneView
Search
Activity 300 1
All types
All
All statuses
All states
All time
All owners
Reset
2
Actions
6
Name
Resource
Worst case power consumption for the
power delivery device Lab N32 Rack [4,2]
PDU A is 7,676 Watts which exceeds its
capacity by 3,683 Watts
Lab N32 Rack [4,2] PDU
A
7
Date
State
Owner
3
3
unassigned
v
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Nov 20 12:35 pm
Active
X
Power Delivery Devices
Resolution
Verify that the capacity of 3,9993 Watts is specified correctly. Change
the system configuration or apply a power cap to prevent the
attached devices from exceeding the capacity.
5
Notes
Write a note
Health category Power
4
Event details
corrective Action
1
By default, the Activity screen shows All alerts, tasks, and events that have occurred. To
quickly filter the default activity list to display the notifications that require your attention, click
the
icon to switch from All to Needs attention.
Use the filters and date range selectors on the Filters menu bar to pinpoint the type of activity
you want to see. To expand choices for any filtering selector on the filter banner, click the
icon next to each filtering selector
2
3
4
5
Use the Actions menu to assign, clear, or restore selected notifications.
To assign an alert or other notification to a specific user, select a name listed in the Owner
column of each notification.
When a notification is expanded, click the Event details link to view more details about this
notification, which is where you might find specific corrective action for an activity that requires
your attention.
Start typing in the note box to add instructions or other information to a notification.
TIP: You can click and drag the lower right corner of the note box to expand the box for
better viewing or easier editing.
6
7
Click the
icon to expand the view of a notification to see all information about it. Click
the
icon to collapse the notification into a single-line summary.
If a notification is reporting a status other than OK (green), click the link to view details about
the resource that generated the notification.
26.3.2 Activity types: alerts and tasks
26.3.2.1 About alerts
The appliance uses alert messages to report issues with the resources it manages and monitors.
The resources generate alerts to notify you that some meaningful event occurred and that an
action might be required.
An event describes a single problem or change that occurred on a resource. For example, an
event might be an SNMP trap received from a server's (iLO) management processor.
286 Monitoring data center status, health, and performance
Each alert includes the following information about the event it reports: severity, state, description,
and urgency. You can clear alerts, assign owners to alerts, and add notes to alerts.
While alerts have an active or locked state, they contribute to a resource’s overall displayed
status. After you change their state to Cleared, they no longer affect the displayed status.
IMPORTANT:
The appliance keeps a running count of incoming alerts. At intervals of 500 alert messages, the
appliance determines if the number of alerts has reached 75,000. When it does, an auto-cleanup
occurs, which deletes alert messages until the total number is fewer than 74,200. When the
auto-cleanup runs, it first removes the oldest cleared alerts. Then it deletes the oldest alerts by
severity starting with the least severe.
More information
“Service alerts” (page 289)
26.3.2.1.1 About HPE Synergy 12000 Frame alerts
The HPE OneView server health monitoring feature on an HPE Synergy 12000 Frame does not
forward trap messages “as is” from various devices. Instead, it forwards HPE Synergy server
and frame link module-related alerts created in HPE OneView as SNMP traps. These alerts are
created in HPE OneView based on Agentless Management Services (AMS) SNMP traps and
Rich Infrastructure Services (RIS) events sent by the server iLOs and frame link modules,
respectively. The alerts are forwarded as HPE OneView traps to the IP address destinations you
specify in the SNMP panel on the Settings screen.
See also the online help for Add Trap Destination.
The cpqoneview.mib file defines the trap formats. The file is a unique MIB that provides alert
definitions specific to HPE OneView-managed HPE Synergy 12000 Frame enclosures.
To download the HPE OneView traps MIB, do either of the following:
•
Enter the IP address of your HPE OneView appliance in the following URL:
https://OneView_IP/cpqoneview.mib
•
Obtain it from the HPE Systems Insight Manager MIB Kit at: http://h20564.www2.hpe.com/
hpsc/doc/public/display?docId=emr_na-c04272529〈=en-us;cc=us
See also:
•
HPE iLO 4 with AMS traps supported for alerting in HPE OneView at http://www.hpe.com/
support/Synergy/docs/
26.3.2.2 About tasks
All user- or system-initiated tasks are reported as activities:
•
User-initiated tasks are created when a user adds, creates, removes, updates, or deletes
resources.
•
Other tasks are created by processes running on the appliance, such as gathering utilization
data for a server.
The task log provides a valuable source of information that you can use to resolve an issue. You
can determine the type of task performed, whether the task was completed, when the task was
completed, and who initiated the task.
26.3 Managing activities 287
The types of tasks are:
Task type
Description
User
A user-initiated task, such as creating, editing, or removing an enclosure group or a network
set
Appliance
An appliance-initiated task, such as updating utilization data
Background
A task performed in the background. This type of task is not displayed in the log.
IMPORTANT: The appliance maintains a tasks database that holds information for
approximately 6 months' worth of tasks or 50,000 tasks. If the tasks database exceeds 50,000
tasks, blocks of 500 tasks are deleted until the count is fewer than 50,000. Tasks older than 6
months are removed from the database.
The tasks database and the stored alerts database are separate.
26.3.3 Activity states
Activity
State
Description
Alert
Active
The alert has not been cleared or resolved.
A resource’s active alerts are considered in the resource’s overall health
status.
Active alerts contribute to the alert count summary.
Locked
An Active alert that was set (locked) by an internal resource manager.
You cannot manually clear a Locked alert. Examine the corrective action
associated with an alert to determine how to fix the problem. After the problem
is fixed, the resource manager moves the alert to the Active state. At that
time, you can clear or delete the alert.
A resource’s locked alerts contribute to its overall status.
Cleared
The alert was addressed, noted, or resolved. You clear an activity when it
no longer needs to be tracked.
The appliance clears certain activities automatically.
Cleared activities do not affect the resource’s health status and they are
not counted in the displayed summaries.
Service alert
Pending
The support case is pending submission to HPE.
Submitted
The support case has been submitted to HPE.
Received
HPE has received the support case.
Open
The support case is open.
Closed
The support case is closed.
NOTE:
A support case can be closed without any action:
• If it is for a test event
• If the device is not enabled for remote support
• If the device is not covered under support contract or under warranty
Error
The service request encountered an error during processing.
None
There is no service alert. This is the default value.
288 Monitoring data center status, health, and performance
Activity
State
Description
Task
Completed
The task started and ran to completion.
Running
The task has started and is running, but has not yet completed.
Pending
The task has not yet run.
Interrupted
The task ran, but was interrupted. For example, it could be waiting for a
resource
Error
A task failed or generated a Critical alert.
Investigate Error states immediately.
Terminated
A task was gracefully shut down or cancelled.
Warning
An event occurred that might require your attention. A warning can mean
that something is not correct within the appliance.
Investigate Warning states immediately.
26.3.4 Activity statuses
For most HPE OneView resources, the status shown represents a single resource and not a
roll-up value for subcomponents, except for HPE Synergy frames. The overall health status of
an HPE Synergy frame is shown in the Master pane and reflects the most serious health status
of all infrastructure components. A health status icon for each component, such as a fan or server,
in an HPE Synergy frame, can be seen on the Front View or Rear View panels on the Enclosures
screen.
If a problem occurs with a particular infrastructure component, an alert is generated and displays
in the Notification panel on the Enclosures screen. For example, if the HPE Synergy Composer
detects a warning condition for a fan, the HPE Synergy Composer displays a Warning status
for the fan and generates an alert. Similarly, the Composer generates a Critical status for a
power supply and generates an alert. The overall status of the HPE Synergy frame is Critical
in this situation.
Status
Description
Critical
A critical alert message was received, or a task failed or was interrupted.
Investigate Critical status activities immediately.
Warning
An event occurred that might require your attention. A warning can mean that something is
not correct within the appliance and it needs your attention.
Investigate Warning status activities immediately.
OK
For an alert, OK indicates normal behavior or information from a resource.
For a task, OK indicates that it completed successfully.
Unknown
The status of the alert or task is unknown.
The status of a task that is set to run at a later time is Unknown.
Disabled
A task was prevented from continuing or completing.
26.3.5 Service alerts
A device (for example, an iLO) might generate a service alert associated with an alert. When it
is displayed in the Activity screen, the service alert provides service information including a case
identifier (Case ID) and primary contact information to facilitate a service call. The primary contact
information was entered when Remote Support was configured.
26.3 Managing activities 289
For devices that are under warranty or actively covered under a support contract, Remote Support
automatically closes and clears service alerts when conditions become normal; for example,
after a faulty fan is replaced. Remote Support takes no action on devices that are not actively
covered under a support contract.
More information
“Activity states” (page 288)
26.4 Managing email notifications
The appliance online help provides information about using the UI to:
•
Configure the appliance for email notification of alerts.
•
Add an email recipient and filter.
•
Edit an email recipient and filter entry.
•
Enable or disable an email recipient and filter.
•
Clear an alert.
•
Delete an email recipient and filter entry.
26.5 About email notification of alert messages
This feature notifies specified recipients when a certain alert occurs.
When this feature is configured and enabled, the appliance performs these steps in addition to
posting the alert:
•
The appliance compares the alert to configured search criteria.
•
If the alert matches, it creates an email message containing the text of the alert.
•
The appliance sends the email message to designated recipients in both plain text and HTML
MIME types. Sending in both types allows the recipient’s mail application to determine the
display.
You can enable or disable this email notification feature, or you can enable or disable individual
filter notifications, as required.
The appliance provides for as many as 100 recipient and filter combinations, and allows as many
as 50 recipients in a single email message. This flexibility lets you fine-tune which alert messages
are sent and to whom. For example, you can configure the appliance to send Warning alerts to
one recipient and Critical alerts to another.
You can verify the configuration by sending test messages.
26.6 Configure the appliance for email notification of alerts
Use this procedure to configure the appliance for sending email messages of alerts. Later, you
can add, edit, or delete entries for recipients or filters.
NOTE:
Email notification filters can only be configured for alert messages.
Prerequisites
•
Minimum required privileges: Infrastructure administrator
Configuring the appliance for email notification of alerts
1.
From the main menu, navigate to the Settings screen.
2.
3.
Locate the Notifications panel and click .
Supply the data requested in the Email panel of the Edit Notifications screen:
290 Monitoring data center status, health, and performance
NOTE: The SMTP server is automatically determined from the domain name in the email
address for the appliance. If you need to specify the SMTP settings, click SMTP options to
supply them.
4.
Proceed to add one or more entries.
26.7 Using the Dashboard screen
26.7.1 Learning about the Dashboard
The charts on the Dashboard provide a visual representation of the general health and status
of the appliance and managed resources in your data center. From the Dashboard, you can
immediately see resources that need your attention. For direct access to resources needing your
attention, click the resource name.
Each time you log in to the appliance, the Dashboard is the first screen you see. Select
Dashboard from the main menu any time you want to see the Dashboard charts.
The Dashboard displays status of the most relevant resources that are associated with assigned
user roles. If you are assigned multiple roles, such as Network and Storage roles, the default
dashboard displays the combination of resources that each role would see on the dashboard.
You can customize your Dashboard display by adding, deleting, and moving resource panels.
26.7.2 Dashboard screen details
IMPORTANT: The Dashboard is blank the first time you log in to the appliance because you
have not yet configured any resources.
If this is the first time you are logging in to the appliance, see “Quick Start: Initial setup” (page 111)
to define your data center environment and bring your infrastructure under appliance management.
Hover your pointer over a chart slice to view the count of resource instances being represented
by that slice. If you hover over a different slice in the same chart, the text and count displayed in
the center of the chart changes. Click on a slice to be taken to the resource page filtered by the
status or value associated with the slice.
If you view the Dashboard on a narrow screen, the charts are arranged vertically for resources
with multiple charts, and you can use the scroll bar to navigate to each chart.
26.7 Using the Dashboard screen 291
The Dashboard displays the following chart types:
Chart type
Description
Status
A Status chart summarizes health status.
The number displayed next to the resource name indicates the total number of resource
instances known to the appliance. To learn more, click the resource name to display the
resource's main screen and view detailed health and status information.
On a Status chart, a dark-gray chart slice indicates the number of resources that are not
reporting information because they are either disabled or are not being managed by the
appliance.
To filter the view of a resource based on its status, click the status icon.
To learn more about health status and severity icons, see “Icon descriptions” (page 86).
Servers with
profiles
The Servers with profiles chart reports the count of server hardware instances with server
profiles assigned to them.
If the chart is not solid blue, hover your pointer over the light-gray chart slice to see the count
of servers without server profile assignments.
Blade bays
The Blade bays chart reports the count of server hardware instances in all managed enclosure
bays.
If the chart is not solid blue, hover your pointer over the light-gray chart slice to see the count
of empty enclosure bays.
26.7.3 How to interpret the Dashboard charts
Dashboard chart colors help you to quickly interpret the reported data.
Table 12 Dashboard chart colors
Color
Indication
Green
A healthy status
Yellow
An event has occurred that might require your attention
Red
A critical condition requires your immediate attention
Blue
For a status graph, the resource instances that match the data being measured (a solid blue
chart indicates 100%)
For custom graphs, there may be different shades of blue, each representing a different value
for an attribute.
Light gray
The resource instances that do not match the data being measured (used in combination with
blue to total 100%)
Dark gray
Resource instances reporting status other than OK, Warning, or Critical, that is, they are
Disabled or Unknown
Status icons
To assist you in identifying resources that are not in a healthy state, status icons indicate the
number of resources with a status of OK (
), Warning (
), or Critical (
).
You can select a status icon to view the resource’s main screen, with resource instances filtered
by that status or click on the donut slice of the same color. If no resources are defined or if no
resource instances are detected with a particular status (indicated by the number zero), the
associated icon is nearly colorless (very pale gray).
To learn how to interpret the data displayed on the charts, see the numbered descriptions that
appear after the figure.
292 Monitoring data center status, health, and performance
Figure 19 Dashboard sample
1
2
Click a resource name to view the resource’s main screen for more information. The adjacent
number identifies how many instances of that resource are being managed by the appliance.
In this example, three enclosures have been added to the appliance, and one is in a healthy
status.
When you hover your pointer over a dashboard panel, additional icons appear as shown on
the Enclosures panel.
•
The remove or delete (x) icon removes the panel from the dashboard.
•
The move (
dashboard.
) cursor allows you to move the panel to a different position on the
•
3
For custom panels, the edit ( ) icon also appears, which allows you toedit a custom
panel.
The sample chart for the Interconnects resource shows a total of seven interconnects of
which four are in a Critical state and the other three are reporting a healthy status.
Click the Critical status icon to open the Interconnects screen to begin investigating
the cause.
4
On a Status chart, a dark-gray slice represents the count of resources that are not reporting
status information because the resource is disabled or the status is not known.
The sample chart for the Server Hardware resource shows a total of 30 instances of server
hardware, of which 14 are either disabled or are unknown devices. Hover your pointer over
the dark-gray chart slice to see a count of server hardware instances with a Disabled and
Unknown status.
5
6
7
The icon enables you to customize your dashboard by adding custom or pre-defined
panels. See “Customizing the dashboard” (page 294) to learn more about customizing panels.
The Ethernet Networks chart illustrates a customized panel where a user has defined the
number of Ethernet networks assigned to that user. For more examples, see “Customizing
the dashboard” (page 294).
The Storage Pools chart reports the state of storage pools that are being managed by the
appliance, if any.
See “About storage pools” (page 230) to learn more about storage pools.
26.7 Using the Dashboard screen 293
8
The Appliance Alerts area summarizes important appliance-related alerts, typically about
back up and licensing issues. Alerts related to other resources are not included here.
If one appliance alert is detected, the alert text appears here. For multiple alerts, the number
of alerts are shown, and you can click Appliance to go directly to the Activity screen for a
filtered view of all appliance-related alerts.
See “About Activity” (page 285) to learn more about alerts.
26.7.4 Customizing the dashboard
You can customize the dashboard to show panels that interest you.
•
You can select from a set of pre-defined panels such as Unassigned Alerts or Server Profiles.
•
You can create or edit your own custom panel by selecting the data you want to view through
the use of dashboard queries.
•
You can rearrange or move panels on the dashboard to suit your needs.
•
You can remove panels that do not interest you.
NOTE: If you want to clear any dashboard customizations and restore the dashboard to the
default, see the online help for information on resetting the dashboard..
26.8 Managing remote support
26.8.1 About remote support
Register with Hewlett Packard Enterprise to allow automatic case creation for hardware failures
on servers and enclosures and to enable Proactive Care. Once enabled, all eligible devices
added in the future will be automatically enabled for remote support.
Eligible devices are Gen8 and newer blades and enclosures.
NOTE:
Servers must be at iLO 2.1 firmware level or above to be enabled for remote support
Hewlett Packard Enterprise will contact you to ship a replacement part or send an engineer for
devices that are under warranty or support contract.
Remote support enables Proactive Care services including Proactive Scan reports and
Firmware/Software Analysis reports with recommendations that are based on collected
configuration data.
Remote support is secure. No business data is collected, only device-specific configuration and
fault data. All communications are outbound only and use industry standard TLS encryption
ensuring confidentiality and integrity of the information.
More information
Remote support doc
26.8.2 About channel partners
The Partner ID uniquely identifies a partner as an HPE Authorized Partner. Hewlett Packard
Enterprise is the default channel partner if no other channel partner is assigned.
HPE Authorized Resellers
By enabling remote support, you enable the reseller to access configuration reports and contract
warranty reports in Insight Online in the HPE Support Center, as well as configuration details
and some contract and warranty details.
294 Monitoring data center status, health, and performance
HPE Authorized Service Partners
In addition to the above information provided to Authorized Resellers, the Service Partner has
access to service event status and reports, with links into the HPE Channel Services Network
portal.
26.8.3 About data collection
Basic collection sends configuration information to Hewlett Packard Enterprise for analysis and
proactive services in accordance with your warranty and service agreements. This data is
transmitted every 30 days.
Active health sends information about the server’s health, configuration, and run-time telemetry
to Hewlett Packard Enterprise. This information is used to troubleshoot issues and closed-loop
quality analysis. This data is transmitted every 7 days.
26.8 Managing remote support 295
296
27 Monitoring power and temperature
HPE OneView enables you to monitor the power and temperature of your hardware environment.
Power and temperature monitoring feature overview
The appliance:
•
Displays 3D color-coded hardware temperature visualization (UI only)
•
Collects and reports power metric statistics
•
Collects and reports temperature metric statistics
•
Displays utilization statistics using customizable utilization graphs (UI only)
Power and temperature monitoring features by resource
•
Data Centers
◦
•
•
•
Color-coded temperature visualization of racks and the server hardware in them
Enclosures and Server Hardware
◦
Alerts for degraded and critical temperature and power
◦
Proactive analysis and alerting for power configuration errors
◦
Utilization graphs for power and temperature statistics
Power Delivery Devices
◦
Alerts on power thresholds
◦
Proactive analysis and alerting for power configuration errors
◦
Utilization graphs for power and temperature statistics
Racks
◦
Proactive analysis and alerting for power configuration errors
◦
Utilization graphs for power and temperature statistics
27.1 Monitoring power and temperature with the UI
The Data Centers screen provides a 3D visualization of your hardware environment, and uses
a color-coded system to display temperature data for your hardware.
The Utilization panel and Utilization graphs display utilization power and temperature statistics
via the Utilization view on the Enclosures, Interconnects (utilization graphs only), Power
Delivery Devices, Racks, and Server Hardware screens.
27.1.1 Monitoring data center temperature
The Data Centers resource provides a visualization of the racks in your data center and displays
their peak temperature using a color-coded system. To enable this, you must first specify the
physical positions of your racks and the position of the components in them using the Data
Centers resource.
You can use temperature visualization to identify over-cooled areas of your data center. You can
close vent tiles in areas that have low peak temperatures to increase airflow to areas that have
27.1 Monitoring power and temperature with the UI 297
insufficient cooling. If the entire data center is over-cooled, you can raise the temperature to save
on cooling costs.
Prerequisites
•
Required privileges: Server administrator.
•
You have created a data center and positioned your racks in it.
•
The placement of racks in your data center accurately depicts their physical locations.
•
You have specified a thermal limit for your rack using the Racks screen, if your policy dictates
a limit (optional).
Temperature collection and visualization details
•
The visualization displays peak rack temperature using a color-coded system. The rack is
colored based on the highest peak temperature (over the last 24 hours) of the device in the
rack with the highest peak temperature recorded (of devices which support ambient
temperature history reporting).
•
Temperatures are determined using the temperature utilization data collected from each
device.
•
Background data collection occurs at least once a day, so the reported peak temperature
for a rack will be within the past 48 hours.
•
Racks without an observed peak temperature with 48 hours are depicted without color coding
(gray).
Figure 20 3D data center visualization
27.1.1.1 Manipulating the view of the data center visualization
You can zoom in or zoom out and adjust the viewing angle of the data center from the Overview
view or Layout view of the Data Centers screen.
298 Monitoring power and temperature
Prerequisites
•
Required privileges: Server administrator
NOTE: The data center view controls do not appear in the Layout panel of the Overview view
until you hover your pointer over the panel.
Manipulating the view of the data center visualization
To change the data center view, do one or more of the following:
•
Move the horizontal slider left to zoom in and right to zoom out.
•
Move the vertical slider up and down to change the vertical viewing angle.
•
Click and drag the rotation dial to change the horizontal viewing angle.
27.1.2 Monitoring power and temperature utilization
Utilization statistics for power and temperature are displayed on:
•
The Utilization panel
•
Utilization graphs in the Utilization view
27.1.2.1 About the Utilization panel
The Enclosures, Power Delivery Devices, Racks, Server Hardware, and Storage Systems
screens display a Utilization panel in the Overview for each resource.
The possible states of the Utilization panel are:
Panel contents
Reason
Utilization meters display utilization data.
The appliance has collected data and it is being displayed.
A licensing message is displayed.
Server hardware without an iLO Advanced license will not
display utilization data.
no data is displayed.
The appliance has not collected data during the previous
24 hours.
not set is displayed (a gray meter with hash marks).
The meter might not be set for the following reasons:
• The page is loading and the data is not yet available.
• There is no utilization data prior to the most recent 5
minute collection period. There may be historic data
in the utilization graphs.
• Enclosures will not display temperature data if none
of the servers are powered on.
• Racks will not display data if there are no devices
mounted on the rack and the rack thermal limit is not
set.
not supported is displayed.
Utilization data gathering is not supported on the device.
See the online help for Utilization for more information.
27.1.2.2 About utilization graphs and meters
The appliance gathers and reports CPU, power consumption, temperature, and capacity data
for certain resources via utilization graphs and utilization meters.
27.1 Monitoring power and temperature with the UI 299
NOTE: The minimum data collection interval is 5 minutes (averaged) and the maximum is one
hour (averaged).
Utilization graphs can display a range of data up to a maximum of three years.
Table 13 Utilization statistics gathered by resource
Utilization metric
Resource
Power
Temperature
Custom
Enclosures
✓
✓
✓
Racks
✓
✓
Power
Delivery
Devices
✓
Server
Hardware
CPU
✓
✓
Storage
Systems
✓
Capacity
✓
✓
NOTE: You can use the Interconnects screen to view utilization graphs that display data
transfer statistics for interconnect ports. See the online help for the Interconnects screen.
Utilization statistics and licensing
Utilization statistics and graphs are disabled for server hardware that does not have an iLO
license assigned. See “About licensing” (page 161) to learn more.
If utilization is disabled, the Utilization panel displays a message stating the reason it is disabled
in the details pane for the unlicensed resource.
300 Monitoring power and temperature
Utilization graphs
1
2
3
4
Primary graph: The large primary utilization graph displays metric data (vertical axis) for
your devices over an interval of time (horizontal axis) using a line to graph data points.
Horizontal axis: The horizontal axis on the primary utilization graph depicts the time interval
for the data being displayed, with the most recent interval data on the right. The minimum
time interval is two minutes and the maximum is five days.
Vertical axis: The vertical axis on the primary utilization graph depicts the interval for the
metric displayed in the corresponding unit of measurement down the left side of the graph.
The interval for each unit of measurement is fixed and cannot be changed. Graphs that
display two metrics with different units of measurement have a second interval down the
right side of the graph. The measurement value at the top of the graph represents the
maximum utilization capacity for a given metric.
Navigation graph: The navigation graph below the primary graph displays the maximum
time interval of available data. Use the navigation graph to select the time interval you want
to display in the primary graph by highlighting the interval with your pointing device.
See the online help for more information on creating a custom utilization graph and how to change
the level of detail that the graph displays.
27.2 REST API power and temperature monitoring
27.2.1 Update enclosure power capacity settings
To update the enclosure capacity settings, perform a PUT operation that includes only the
calibratedMaxPower attribute. View the enclosure capacity settings attributes by using a GET
operation, edit the calibratedMaxPower attribute, and then perform a PUT operation that
includes only the edited calibratedMaxPower attribute.
27.2 REST API power and temperature monitoring 301
Prerequisites
•
Minimum required session ID privileges: Server administrator
Updating enclosure capacity settings using REST APIs
1. Select an enclosure URI.
GET /rest/enclosures
2. Get the enclosure capacity using the URI from step 1.
GET {enclosure URI}/environmentalConfiguration
3. Edit the enclosure capacity. The only attribute to send in the response body is calibratedMaxPower. Do not
send all attributes from the GET operation.
4. Update the enclosure capacity.
PUT {enclosure URI}/environmentalConfiguration
27.2.2 Update server hardware power capacity settings
To update server hardware capacity settings, perform a PUT operation that includes only the
calibratedMaxPower attribute. View server hardware capacity settings attributes by using a
GET operation, edit the calibratedMaxPower attribute, and then perform a PUT operation that
includes only the edited calibratedMaxPower attribute.
Prerequisites
•
Minimum required session ID privileges: Server administrator
Updating server hardware capacity settings using REST APIs
1. Select a server hardware URI.
GET /rest/server-hardware
2. Get the current server hardware capacity using the URI from step 1.
GET {server hardware URI}/environmentalConfiguration
3. Edit the server hardware capacity. The only attribute to send in the response body is calibratedMaxPower.
Do not send all attributes from the GET operation.
4. Update the server hardware capacity.
PUT {server hardware URI}/environmentalConfiguration
302 Monitoring power and temperature
28 Using a message bus to send data to subscribers
28.1 About accessing HPE OneView message buses
HPE OneView supports asynchronous messaging to notify subscribers of changes to managed
resources—both logical and physical – and changes to metrics on managed resources. For
example, you can program applications to receive notifications when new server hardware is
added to the managed environment or when the health status of physical resources changes,
and you can stream power, thermal and CPU metrics for managed resources. Using HPE OneView
REST APIs, you can obtain certificates to access the two message buses described in this
chapter: the State-Change Message Bus or the Metric Streaming Message Bus.
The message content is sent in JSON (JavaScript Object Notation) format and includes the
resource model.
Before you can set up subscription to messages, you must create and download an AMQP
(Advanced Message Queuing Protocol ) certificate from the appliance using REST APIs. Next,
you connect to the message bus using the EXTERNAL authentication mechanism with or without
specifying a user name and password. This ensures that you use certificate-based authentication
between the message bus and your client. After connecting to the message bus, you set up a
queue with the queue name empty, and AMQP generates a unique queue name. You use this
queue name to bind your client to exchanges and receive messages.
To connect to the message and set up a queue, you must use a client that supports the AMQP
.
28.2 Using the State-Change Message Bus (SCMB)
28.2.1 Connect to the SCMB
Prerequisites
•
Minimum required session ID privileges: Infrastructure administrator
To use the SCMB, you must do the following tasks:
•
Use REST APIs to create and download an Advanced Message Queuing Protocol (AMQP)
certificate from the appliance.
•
Connect to the SCMB using one or both of these methods:
◦
Use the “EXTERNAL” authentication mechanism
◦
Connect without sending a user name and password
Using one of these methods ensures that certificate-based authentication is used.
•
Set up a queue with an empty queue name.
AMQP generates a unique queue name. You use this queue name to bind to exchanges
and receive messages.
28.1 About accessing HPE OneView message buses 303
Create and download the AMQP client certificate
Creating and downloading the client certificate, private key, and root CA certificate
1. Create the certificate.
POST /rest/certificates/client/rabbitmq
Request body: {"type":"RabbitMqClientCertV2","commonName":"default"}
2. Download the certificate and private key.
GET /rest/certificates/client/rabbitmq/keypair/default
3. Download the root CA certificate.
GET /rest/certificates/ca
4. After you connect the client to the SCMB, you can “Set up a queue to connect to the HPE OneView SCMB
exchange” (page 304)
Figure 21 Connecting the client to the SCMB
1
2
The SCMB consumer
requests a client certificate
as part of the registration
process.
The appliance manages the
client certificates in a JVK
(Java KeyStore) file.
3
4
The appliance issues a
client certificate to the
SCMB consumer.
The SCMB client provides
an SSL client certificate to
create a connection with the
appliance.
5
6
The appliance can revoke
the SCMB client certificate to
deny access to the SCMB
client. The client is managed
into a CRL (Certificate
Revocation List) file.
The appliance authenticates
the SCMB client using the
client certificate.
28.2.2 Set up a queue to connect to the HPE OneView SCMB exchange
The state change messages are published to the HPE OneView SCMB exchange name. To
subscribe to messages, you must create a queue or connect to an existing queue that receives
messages from the SCMB exchange based on a routing key.
When you create a queue, you define the routing key associated with the queue to receive specific
messages.
304 Using a message bus to send data to subscribers
NOTE: The routing key is case sensitive. The change-type requires an initial capital letter.
The resource-category and resource-uri are lower-case.
For example, if you set the change-type in the routing key to created instead of Created,
you do not receive any messages.
The routing key syntax is:
scmb.resource-category.change-type.resource-uri where:
scmb
The HPE OneView exchange name.
resource-category
The category of resource. For a complete list of resources, see the
HPE OneView REST API Reference chapter in the online help.
change-type
The type of change that is reported. Valid values are Created,
Updated, and Deleted.
resource-uri
The URI of the specific resource associated with the state-change
message.
NOTE: The task resources routing key syntax is scmb.resource-category and does not
use change-type and resource-uri. To receive messages about all task resources:
•
scmb.#
•
scmb.tasks
Sample queues
Subscription
Example
Receive all SCMB messages for physical
servers
scmb.server-hardware.#
Receive all messages for created
connections
scmb.connections.Created.#
Receive all messages for the enclosure
with the URI /rest/enclosures/Enc1234
scmb.enclosures.*./rest/enclosures/Enc1234
Receive all created messages (for all
resource categories and types)
scmb.*.Created.#
NOTE: To match everything after a specific point in the routing key,
use the # character. This example uses # in place of resource-uri.
The message queue receives all server-hardware resource URIs.
NOTE: To match everything for an individual field in the routing key,
use the asterisk (*). This example uses * in place of change-type.
The message queue receives all change types: Created, Updated,
and Deleted.
28.2.3 JSON structure of message received from the SCMB
The following table lists the attributes included in the JSON payload of each message from the
SCMB. The resource model for the HPE OneView resource is included in the resource attribute.
To view all resource models, see the HPE OneView REST API Reference chapter in the online
help.
Attribute
Data type
Description
resourceUri
String
The URI for the resource.
changeType
String
The state-change type: Created, Updated, or Deleted. For details, see
“ChangeType values” (page 306).
28.2 Using the State-Change Message Bus (SCMB) 305
Attribute
Data type
Description
newState
String
The new state of the resource.
eTag
String
The ETag for the resource when the state change occurred.
timestamp
String
The time the message was sent.
newSubState
String
If substate messages are required (for substate machines associated with a
primary state), this is the resource-specific substate.
resource
Object
The resource model.
associatedTask
String
If a task is not associated with this message, the value is null.
userInitiatedTask String
The value of the userInitiated attribute included in the associatedTask
attribute.
changedAttributes Array
A list of top-level attributes that have changed based on the POST or PUT call
that caused the state-change message to be sent.
data
Object
Additional information about the resource state change.
ChangeType values
ChangeType value
Description
Created
The resource is created or is added to HPE OneView.
Updated
The resource state, attributes, or both are updated.
Deleted
The resource is permanently removed from HPE OneView.
Example 2 JSON example
{
"resourceUri" : "/rest/enclosures/123xyz",
"changeType" : "Created",
"newState" : "Managed",
"eTag" : "123456",
"timestamp" : "2013-07-10T18:30:44Z",
"newSubState" : "null",
"resource" : {
"category" : "enclosures",
"created" : "2013-07-10T18:30:00Z",
...
},
"associatedTask" : "/rest/tasks/4321",
"userInitiatedTask" : "true",
"changedAttributes" : [],
"data" : {},
}
28.2.4 Example to connect and subscribe to SCMB using .NET C#
Prerequisites
In addition to completing the prerequisites, you must complete the example-specific prerequisites
before using the .NET C# examples.
306 Using a message bus to send data to subscribers
To use the .Net C# examples, add the following to the Windows certificate store:
•
CA root certificate.
•
Client certificate
•
Private key
To try the .Net C# examples, do the following:
1.
Download the root CA certificate.
GET /rest/certificates/ca
2.
3.
4.
Save the contents in the response body into a text file named rootCA.crt. You must copy
and paste everything from -----BEGIN CERTIFICATE----- to -----END
CERTIFICATE-----, including the dashes, but not including the quotes.
Import the rootCA.crt file into the Windows certificate store under Trusted Root
Certification Authorities.
Download the client certificate and private key.
GET /rest/certificates/client/rabbitmq/keypair/default
5.
Save the contents of the client certificate and private key in the response body into a text
file named scmb.crt.
You must copy and paste everything from -----BEGIN CERTIFICATE----- to -----END
CERTIFICATE----- for the client certificate. Next, copy and paste everything from
-----BEGIN RSA PRIVATE KEY----- to -----END RSA PRIVATE KEY----- for the
private key. You must include the dashes, but do not include the quotes.
28.2 Using the State-Change Message Bus (SCMB) 307
Example 3 Using .Net C# to directly reference client certificate
Convert the client certificate and private key to PKCS format for .Net.
openssl.exe pkcs12 -passout pass:default -export -in scmb.crt -out scmb.p12
Example
public void Connect()
{
string exchangeName = "scmb";
string hostName = "OneView.domain";
string queueName = "";
string routingKey = "scmb.#";
ConnectionFactory factory = new ConnectionFactory();
factory.AuthMechanisms = new RabbitMQ.Client.AuthMechanismFactory[] { new ExternalMechanismFactory()
};
factory.HostName = hostname;
factory.Port = 5671;
factory.Ssl.CertPath = @".\scmb.p12";
factory.Ssl.CertPassphrase = "default";
factory.Ssl.ServerName = hostname;
factory.Ssl.Enabled = true;
IConnection connection = factory.CreateConnection();
IModel model = connection.CreateModel();
queueName = model.QueueDeclare(queueName, false, false, false, null);
model.QueueBind(queueName, exchangeName, routingKey, null);
using (Subscription sub = new Subscription(model, queueName))
{
foreach (BasicDeliverEventArgs ev in sub)
{
DoSomethingWithMessage(ev);
sub.Ack();
}
}
}
Example 4 Using .Net C# to import certificate to Microsoft Windows certificate store
Import the scmb.crt into your preferred Windows certificate store.
Example
public void Connect()
{
string exchangeName = "scmb";
string hostName = "OneView.domain";
string queueName = "";
string routingKey = "scmb.#";
string userName = "rabbitmq_readonly";
X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
X509Certificate cert = store.Certificates
.Find(X509FindType.FindBySubjectName, userName, false)
.OfType<X509Certificate>()
.First();
ConnectionFactory factory = new ConnectionFactory();
factory.AuthMechanisms = new RabbitMQ.Client.AuthMechanismFactory[] { new ExternalMechanismFactory()
};
factory.HostName = hostname;
factory.Port = 5671;
factory.Ssl.Certs = new X509CertificateCollection(new X509Certificate[] { cert });
factory.Ssl.ServerName = hostname;
factory.Ssl.Enabled = true;
IConnection connection = factory.CreateConnection();
IModel model = connection.CreateModel();
queueName = model.QueueDeclare(queueName, false, false, false, null);
model.QueueBind(queueName, exchangeName, routingKey, null);
using (Subscription sub = new Subscription(model, queueName))
{
foreach (BasicDeliverEventArgs ev in sub)
{
DoSomethingWithMessage(ev);
sub.Ack();
}
}
}
308 Using a message bus to send data to subscribers
NOTE: .Net C# code example 2 (Microsoft Windows certificate store) is referencing the Trusted
Root Certificate Authorities store, located under Local Computer.
•
StoreName.Root = Trusted Root Certificate Authorities
•
StortLocation.LocalMachine = Local Computer
28.2.5 Example to connect and subscribe to SCMB using Java
1.
Download the client certificate and private key.
GET /rest/certificates/client/rabbitmq/keypair/default
2.
Save the contents of the client certificate in the response body into a text file named
default-client.crt.
You must copy and paste everything from -----BEGIN CERTIFICATE----- to -----END
CERTIFICATE-----, including the dashes, but not including the quotes.
3.
Save the contents of the private key in the response body into a text file named
default-client.key.
You must copy and paste everything from -----BEGIN RSA PRIVATE KEY----- to
-----END RSA PRIVATE KEY-----, including the dashes, but not including the quotes.
4.
Create a PKCS12 keystore from the private key and the public certificate.
openssl pkcs12 -export -name myclientcert -in default-client.crt -inkey default-client.key -out myclient.p12
5.
Convert the PKCS12 keystore into a JKS keystore.
keytool -importkeystore -destkeystore c:\\MyKeyStore -srckeystore myclient.p12 -srcstoretype pkcs12 -alias
myclient
28.2 Using the State-Change Message Bus (SCMB) 309
Example 5 Example to connect and subscribe to SCMB using Java
//c://MyKeyStore contains client certificate and private key. Load it into Java Keystore
final char[] keyPassphrase = "MyKeyStorePassword".toCharArray();
final KeyStore ks = KeyStore.getInstance("jks");
ks.load(new FileInputStream("c://MyKeyStore"), keyPassphrase);
final KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keyPassphrase);
//c://MyTrustStore contains CA certificate. Load it into Java Trust Store
final char[] trustPassphrase = "MyTrustStorePassword".toCharArray();
final KeyStore ks = KeyStore.getInstance("jks");
tks.load(new FileInputStream("c:\\MyTrustStore"), trustPassphrase);
final TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(tks);
//load SSLContext with keystore and truststore.
final SSLContext c = SSLContext.getInstance("SSL");
c.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
final ConnectionFactory factory = new ConnectionFactory();
factory.setHost("192.168.2.144");
//Set Auth mechanism to "EXTERNAL" so that commonName of the client certificate is mapped to AMQP user name.
Hence, No need to set userId/Password here.
factory.setSaslConfig(DefaultSaslConfig.EXTERNAL);
factory.setPort(5671);
factory.useSslProtocol(c);
final Connection conn = factory.newConnection();
final Channel channel = conn.createChannel();
//do not specify queue name. AMQP will create a queue with random name starting with amq.gen* e.g.
amq.gen-32sfQz95QJ85K_lMBhU6HA
final DeclareOk queue = channel.queueDeclare("", true, false, true, null);
//Now get the queue name from above call and bind it to required Exchange with required routing key.
channel.queueBind(queue.getQueue(), "scmb", "scmb.#");
//Now you should be able to receive messages from queue
final GetResponse chResponse = channel.basicGet(queue.getQueue(), false);
if (chResponse == null)
{
System.out.println("No message retrieved");
}
else
{
final byte[] body = chResponse.getBody();
System.out.println("Received: " + new String(body));
}
channel.close();
conn.close();
28.2.6 Examples to connect and subscribe to SCMB using Python
The Python code examples show how to connect and subscribe to the SCMB. For more
information about Python (Pika AMQP client library and AMQP client library), see http://
pika.readthedocs.org/, http://www.python.org/, and https://pypi.python.org/pypi/amqplib/.
28.2.6.1 Installation
1.
Install the pika and amqp libraries.
a. Download and install the setuptools (Python setup.py install) at https://pypi.python.org/
pypi/setuptools#downloads.
b. Install the pika tools.
When you install the pika or amqp libraries, run the same python setup.py install
command from the downloaded pika or amqp directory.
2.
Create the certificate.
POST /rest/certificates/client/rabbitmq
Request body: {"type":"RabbitMqClientCertV2","commonName":"default"}
3.
Download the client certificate and private key.
GET /rest/certificates/client/rabbitmq/keypair/default
310 Using a message bus to send data to subscribers
4.
Save the contents of the client certificate in the response body into a text file named
client.pem.
You must copy and paste everything from -----BEGIN CERTIFICATE----- to -----END
CERTIFICATE-----, including the dashes, but not including the quotes. You must replace
all instances of \n with CR/LF (carriage return / line feed).
5.
Save the contents of the private key in the response body into a text file named key.pem.
You must copy and paste everything from -----BEGIN RSA PRIVATE KEY----- to
-----END RSA PRIVATE KEY-----, including the dashes, but not including the quotes.
You must replace all instances of \n with CR/LF (carriage return / line feed).
6.
Download the root CA certificate.
GET /rest/certificates/ca
7.
Save the contents in the response body into a text file named caroot.pem. You must copy
and paste everything from -----BEGIN CERTIFICATE----- to -----END
CERTIFICATE-----, including the dashes, but not including the quotes. You must replace
all instances of \n with CR/LF (carriage return / line feed).
28.2.6.2 Pika
Example 6 Pika example
When you invoke the script, you must pass –host:{hostname or IP}. See the following
examples:
•
--host:192.168.1.1
•
–host:my-appliance.example.com
IMPORTANT: If the connection fails on the first attempt to invoke this script after an appliance
reboot, try invoking the script again.
import pika, ssl
from optparse import OptionParser
from pika.credentials import ExternalCredentials
import json
import logging
logging.basicConfig()
###############################################
# Callback function that handles messages
def callback(ch, method, properties, body):
msg = json.loads(body)
timestamp = msg['timestamp']
resourceUri = msg['resourceUri']
resource = msg['resource']
changeType = msg['changeType']
print
print
print
print
print
print
("%s: Message received:" %(timestamp))
("Routing Key: %s" %(method.routing_key))
("Change Type: %s" %(changeType))
("Resource URI: %s" %(resourceUri))
("Resource: %s" %(resource))
#
Pem Files needed, be sure to replace the \n returned from the APIs with CR/LF
#
caroot.pem - the CA Root certificate
- GET /rest/certificates/ca
#
client.pem, first POST /rest/certificates/client/rabbitmq Request body:
{"type":"RabbitMqClientCert","commonName":"default"}
#
GET /rest/certificates/client/rabbitmq/keypair/default
#
client.pem is the key with -----BEGIN CERTIFICATE----#
key.pem is the key with -----BEGIN RSA PRIVATE KEY----# Setup our ssl options
ssl_options = ({"ca_certs": "caroot.pem",
"certfile": "client.pem",
"keyfile": "key.pem",
"cert_reqs": ssl.CERT_REQUIRED,
"server_side": False})
parser = OptionParser()
parser.add_option('--host', dest='host',
28.2 Using the State-Change Message Bus (SCMB)
311
help='Pika server to connect to (default: %default)',
default='localhost',
)
options, args = parser.parse_args()
# Connect to RabbitMQ
host = options.host
print ("Connecting to %s:5671, to change use --host hostName " %(host))
connection = pika.BlockingConnection(
pika.ConnectionParameters(
host, 5671, credentials=ExternalCredentials(),
ssl=True, ssl_options=ssl_options))
# Create and bind to queue
EXCHANGE_NAME = "scmb"
ROUTING_KEY = "scmb.#"
channel = connection.channel()
result = channel.queue_declare()
queue_name = result.method.queue
channel.queue_bind(exchange=EXCHANGE_NAME, queue=queue_name, routing_key=ROUTING_KEY)
channel.basic_consume(callback,
queue=queue_name,
no_ack=True)
# Start listening for messages
channel.start_consuming()
28.2.6.3 AMQP
Example 7 AMQP example
When you invoke the script, you must pass –host:{hostname or IP}. See the following
examples:
•
--host:192.168.1.1
•
–host:my-appliance.example.com
IMPORTANT: If the connection fails on the first attempt to invoke this script after an appliance
reboot, try invoking the script again.
#!/usr/bin/env python
from optparse import OptionParser
from functools import partial
import amqplib.client_0_8 as amqp
def callback(channel, msg):
for key, val in msg.properties.items():
print ('%s: %s' % (key, str(val)))
for key, val in msg.delivery_info.items():
print ('> %s: %s' % (key, str(val)))
print ('')
print (msg.body)
print ('-------')
print msg.delivery_tag
channel.basic_ack(msg.delivery_tag)
#
# Cancel this callback
#
if msg.body == 'quit':
channel.basic_cancel(msg.consumer_tag)
def main():
parser = OptionParser()
parser.add_option('--host', dest='host',
help='AMQP server to connect to (default: %default)',
default='localhost',
)
options, args = parser.parse_args()
host = options.host+":5671"
#
Pem Files needed, be sure to replace the \n returned from the APIs with CR/LF
#
caroot.pem - the CA Root certificate
- GET /rest/certificates/ca
#
client.pem, first POST /rest/certificates/client/rabbitmq Request body:
{"type":"RabbitMqClientCert","commonName":"default"}
312 Using a message bus to send data to subscribers
#
#
#
#
GET /rest/certificates/client/rabbitmq/keypair/default
client.pem is the key with -----BEGIN CERTIFICATE----key.pem is the key with -----BEGIN RSA PRIVATE KEY----ssl_options = ({"ca_certs": "caroot.pem",
"certfile": "client.pem",
"keyfile": "key.pem",
"cert_reqs": CERT_REQUIRED,
"server_side": False})
print ('Connecting to host %s, to change use --host hostName ' %host)
conn = amqp.Connection(host, login_method='EXTERNAL',
ssl=ssl_options)
print ('Successfully connected, creating and binding to queue')
ch = conn.channel()
qname, _, _ = ch.queue_declare()
ch.queue_bind(qname, 'scmb', 'scmb.#')
ch.basic_consume(qname, callback=partial(callback, ch))
print ('Successfully bound to queue, waiting for messages')
#pyamqp://
#
# Loop as long as the channel has callbacks registered
#
while ch.callbacks:
ch.wait()
ch.close()
conn.close()
if __name__ == '__main__':
main()
28.2.7 Re-create the AMQP client certificate
If you change the appliance name, you must re-create the AMQP client certificate.
Prerequisites
•
Minimum required session ID privileges: Infrastructure administrator
Re-creating and downloading the client certificate, private key, and root CA certificate
1. Revoke the certificate.
DELETE /rest/certificates/ca/rabbitmq_readonly
Request body is not required.
NOTE: When you revoke the default client certificate, the appliance re-generates the CA certificate, AMQP
server certificate, and the default client certificate.
2. Download the certificate and private key.
GET /rest/certificates/client/rabbitmq/keypair/default
3. Download the root CA certificate.
GET /rest/certificates/ca
28.3 Using the Metric Streaming Message Bus (MSMB)
The Metric Streaming Message Bus (MSMB) is an interface that uses asynchronous messaging
to notify subscribers about the most recent metrics of the managed resources. You can configure
the interval and the metrics that you want to receive using the REST APIs.
28.3 Using the Metric Streaming Message Bus (MSMB) 313
28.3.1 Connect to the MSMB
Prerequisites
To use the MSMB, you must do the following tasks:
•
Use REST APIs to create and download an Advanced Message Queuing Protocol (AMQP)
certificate from the appliance.
•
Connect to the MSMB using one or both of these methods:
◦
Use the “EXTERNAL” authentication mechanism
◦
Connect without sending a user name and password
Using one of these methods ensures that certificate-based authentication is used.
•
Set up a queue with an empty queue name.
AMQP generates a unique queue name. You use this queue name to bind to exchanges
and receive messages.
Create and download the AMQP client certificate
Creating and downloading the client certificate, private key, and root CA certificate
1. Create the certificate.
POST /rest/certificates/client/rabbitmq
Request body: {"type":"RabbitMqClientCertV2","commonName":"default"}
2. Download the certificate and private key.
GET /rest/certificates/client/rabbitmq/keypair/default
3. Download the root CA certificate.
GET /rest/certificates/ca
4. After you connect the client to the MSMB, you can “Set up a queue to connect to the HPE OneView MSMB
exchange” (page 315).
Figure 22 Connecting the client to the MSMB
1
The MSMB consumer
requests a client certificate
as part of the registration
process.
3
4
The appliance issues a
client certificate to the
MSMB consumer.
The MSMB client provides
a SSL client certificate to
314 Using a message bus to send data to subscribers
5
The appliance can revoke
the MSMB client certificate
to deny access to the MSMB
client. The client is managed
2
The appliance manages the
client certificates in a JVK
(Java KeyStore) file.
create a connection with the
appliance.
6
into a CRL (Certificate
Revocation List) file.
The appliance authenticates
the MSMB client using the
client certificate.
28.3.2 Set up a queue to connect to the HPE OneView MSMB exchange
The metric streaming messages are published to the HPE OneView MSMB exchange name. To
subscribe to messages, you must create a queue or connect to an existing queue that receives
messages from the MSMB exchange based on a routing key.
When you create a queue, you define the routing key associated with the queue to receive specific
messages.
Exchange Name: msmb
Routing Key: msmb.#
where:
msmb
The HPE OneView exchange name for metric streaming.
Sample queues
Subscription
Example
Receive all MSMB messages for physical
servers, enclosures, and power devices
The exchange is msmb
The routing key is msmb.#
Configure metric relay using Metric Streaming configuration API.
28.3.3 JSON structure of message received from the MSMB
The following table lists the attributes included in the JSON payload of each message from the
MSMB. The resource model for the HPE OneView resource is included in the resource attribute.
To view all resource models, see the HPE OneView REST API Reference chapter in the online
help.
Attribute
Data type
Description
resourceUri
String
The URI for the resource.
changeType
String
The state-change type: Created, Updated, or Deleted.
newState
String
The new state of the resource.
eTag
String
The ETag for the resource when the state change occurred.
timestamp
String
The time the message was sent.
newSubState
String
If substate messages are required (for substate machines associated with a
primary state), this is the resource-specific substate.
resource
MetricData
The resource model.
associatedTask
String
If a task is not associated with this message, the value is null.
userInitiatedTask String
The value of the userInitiated attribute included in the associatedTask
attribute.
changedAttributes Array
A list of top-level attributes that have changed based on the POST or PUT call
that caused the state-change message to be sent.
data
Object
Additional information about the resource state change.
28.3 Using the Metric Streaming Message Bus (MSMB) 315
MetricData
Attribute
Data type
Description
startTime
String
The starting time of the metric collection.
sampleIntervalInSeconds Integer
Interval between samples.
numberOfSamples
Integer
Number of samples in the list for each metric type.
resourceType
String
Identifies the category of resource. The supported devices are
server-hardware, enclosures, and power-devices.
resourceDataList
List
Metric sample list.
uri
String
Canonical URI of the resource.
category
String
Identifies the category of resource. The supported devices are
server-hardware, enclosures, and power-devices.
created
Timestamp
Date and time when the resource was created.
modified
Timestamp
Date and time when the resource was last modified.
eTag
String
Entity tag/version ID of the resource, the same value that is
returned in the ETag header on a GET of the resource.
type
String
Uniquely identifies the type of the JSON object.
316 Using a message bus to send data to subscribers
Example 8 Structure of message received from the MSMB
{
"eTag": null,
"resourceUri": "/rest/enclosures/09SGH100X6J1",
"changeType": "Updated",
"newState": null,
"newSubState": null,
"associatedTask": null,
"userInitiatedTask": false,
"changedAttributes": null,
"data": null,
"resource": {
"type": "MetricData",
"resourceType": "enclosures",
"resourceDataList": [
{
"metricSampleList": [
{
"valueArray": [
null
],
"name": "RatedCapacity"
},
{
"valueArray": [
523
],
"name": "AveragePower"
},
{
"valueArray": [
573
],
"name": "PeakPower"
},
{
"valueArray": [
null
],
"name": "PowerCap"
},
{
"valueArray": [
23
],
"name": "AmbientTemperature"
},
{
"valueArray": [
null
],
"name": "DeratedCapacity"
}
],
"resourceId": "09SGH100X6J1"
}
],
"numberOfSamples": 1,
"sampleIntervalInSeconds": 300,
"startTime": "2014-09-17T08:43:36.294Z",
"eTag": null,
"modified": null,
"created": null,
"category": "enclosures",
28.3 Using the Metric Streaming Message Bus (MSMB) 317
"uri": "/rest/enclosures/09SGH100X6J1"
},
"timestamp": "2014-09-17T08:48:36.819Z"
}
28.3.4 Example to connect and subscribe to MSMB using .NET C#
Prerequisites
In addition to completing the prerequisites, you must complete the example-specific prerequisites
before using the .NET C# examples.
To use the .Net C# examples, add the following to the Windows certificate store:
•
CA root certificate.
•
Client certificate
•
Private key
To try the .Net C# examples, do the following:
1.
Download the root CA certificate.
GET /rest/certificates/ca
2.
3.
4.
Save the contents in the response body into a text file named rootCA.crt. You must copy
and paste everything from -----BEGIN CERTIFICATE----- to -----END
CERTIFICATE-----, including the dashes, but not including the quotes.
Import the rootCA.crt file into the Windows certificate store under Trusted Root
Certification Authorities.
Download the client certificate and private key.
GET /rest/certificates/client/rabbitmq/keypair/default
5.
Save the contents of the client certificate and private key in the response body into a text
file named msmb.crt.
You must copy and paste everything from -----BEGIN CERTIFICATE----- to -----END
CERTIFICATE----- for the client certificate. Next, copy and paste everything from
-----BEGIN RSA PRIVATE KEY----- to -----END RSA PRIVATE KEY----- for the
private key. You must include the dashes, but do not include the quotes.
318 Using a message bus to send data to subscribers
Example 9 Using .Net C# to directly reference client certificate
Convert the client certificate and private key to PKCS format for .Net.
openssl.exe pkcs12 -passout pass:default -export -in msmb.crt -out msmb.p12
Example
public void Connect()
{
string exchangeName = "msmb";
string hostName = "OneView.domain";
string queueName = "";
string routingKey = "msmb.#";
ConnectionFactory factory = new ConnectionFactory();
factory.AuthMechanisms = new RabbitMQ.Client.AuthMechanismFactory[] { new ExternalMechanismFactory()
};
factory.HostName = hostname;
factory.Port = 5671;
factory.Ssl.CertPath = @".\msmb.p12";
factory.Ssl.CertPassphrase = "default";
factory.Ssl.ServerName = hostname;
factory.Ssl.Enabled = true;
IConnection connection = factory.CreateConnection();
IModel model = connection.CreateModel();
queueName = model.QueueDeclare(queueName, false, false, false, null);
model.QueueBind(queueName, exchangeName, routingKey, null);
using (Subscription sub = new Subscription(model, queueName))
{
foreach (BasicDeliverEventArgs ev in sub)
{
DoSomethingWithMessage(ev);
sub.Ack();
}
}
}
Example 10 Using .Net C# to import certificate to Microsoft Windows certificate store
Import the msmb.crt into your preferred Windows certificate store.
Example
public void Connect()
{
string exchangeName = "msmb";
string hostName = "OneView.domain";
string queueName = "";
string routingKey = "msmb.#";
string userName = "rabbitmq_readonly";
X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
X509Certificate cert = store.Certificates
.Find(X509FindType.FindBySubjectName, userName, false)
.OfType<X509Certificate>()
.First();
ConnectionFactory factory = new ConnectionFactory();
factory.AuthMechanisms = new RabbitMQ.Client.AuthMechanismFactory[] { new ExternalMechanismFactory()
};
factory.HostName = hostname;
factory.Port = 5671;
factory.Ssl.Certs = new X509CertificateCollection(new X509Certificate[] { cert });
factory.Ssl.ServerName = hostname;
factory.Ssl.Enabled = true;
IConnection connection = factory.CreateConnection();
IModel model = connection.CreateModel();
queueName = model.QueueDeclare(queueName, false, false, false, null);
model.QueueBind(queueName, exchangeName, routingKey, null);
using (Subscription sub = new Subscription(model, queueName))
{
foreach (BasicDeliverEventArgs ev in sub)
{
DoSomethingWithMessage(ev);
sub.Ack();
}
}
}
28.3 Using the Metric Streaming Message Bus (MSMB) 319
NOTE: Using .Net C# to import certificate to Microsoft Windows certificate store references
the Trusted Root Certificate Authorities store, located under Local Computer.
•
StoreName.Root = Trusted Root Certificate Authorities
•
StortLocation.LocalMachine = Local Computer
28.3.5 Example to connect and subscribe to MSMB using Java
1.
Download the client certificate and private key.
GET /rest/certificates/client/rabbitmq/keypair/default
2.
Save the contents of the client certificate in the response body into a text file named
default-client.crt.
You must copy and paste everything from -----BEGIN CERTIFICATE----- to -----END
CERTIFICATE-----, including the dashes, but not including the quotes.
3.
Save the contents of the private key in the response body into a text file named
default-client.key.
You must copy and paste everything from -----BEGIN RSA PRIVATE KEY----- to
-----END RSA PRIVATE KEY-----, including the dashes, but not including the quotes.
4.
Create a PKCS12 keystore from the private key and the public certificate.
openssl pkcs12 -export -name myclientcert -in default-client.crt -inkey default-client.key -out myclient.p12
5.
Convert the PKCS12 keystore into a JKS keystore.
keytool -importkeystore -destkeystore c:\\MyKeyStore -srckeystore myclient.p12 -srcstoretype pkcs12 -alias
myclient
320 Using a message bus to send data to subscribers
Example 11 Example to connect and subscribe to MSMB using Java
//c://MyKeyStore contains client certificate and private key. Load it into Java Keystore
final char[] keyPassphrase = "MyKeyStorePassword".toCharArray();
final KeyStore ks = KeyStore.getInstance("jks");
ks.load(new FileInputStream("c://MyKeyStore"), keyPassphrase);
final KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keyPassphrase);
//c://MyTrustStore contains CA certificate. Load it into Java Trust Store
final char[] trustPassphrase = "MyTrustStorePassword".toCharArray();
final KeyStore ks = KeyStore.getInstance("jks");
tks.load(new FileInputStream("c:\\MyTrustStore"), trustPassphrase);
final TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(tks);
//load SSLContext with keystore and truststore.
final SSLContext c = SSLContext.getInstance("SSL");
c.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
final ConnectionFactory factory = new ConnectionFactory();
factory.setHost("192.168.2.144");
//Set Auth mechanism to "EXTERNAL" so that commonName of the client certificate is mapped to AMQP user name.
Hence, No need to set userId/Password here.
factory.setSaslConfig(DefaultSaslConfig.EXTERNAL);
factory.setPort(5671);
factory.useSslProtocol(c);
final Connection conn = factory.newConnection();
final Channel channel = conn.createChannel();
//do not specify queue name. AMQP will create a queue with random name starting with amq.gen* e.g.
amq.gen-32sfQz95QJ85K_lMBhU6HA
final DeclareOk queue = channel.queueDeclare("", true, false, true, null);
//Now get the queue name from above call and bind it to required Exchange with required routing key.
channel.queueBind(queue.getQueue(), "msmb", "msmb.#");
//Now you should be able to receive messages from queue
final GetResponse chResponse = channel.basicGet(queue.getQueue(), false);
if (chResponse == null)
{
System.out.println("No message retrieved");
}
else
{
final byte[] body = chResponse.getBody();
System.out.println("Received: " + new String(body));
}
channel.close();
conn.close();
28.3.6 Examples to connect and subscribe to MSMB using Python
The Python examples show how to connect and subscribe to the MSMB. For more information
about Python (Pika AMQP client library and AMQP client library), see Introduction to Pika (http://
pika.readthedocs.org/, http://www.python.org/), and AMQP Client Library (https://
pypi.python.org/pypi/amqplib/).
28.3.6.1 Installation
1.
Install the pika and amqp libraries.
a. Download and install the setup tools (Python setup.py install) at https://
pypi.python.org/pypi/setuptools#downloads.
b. Install the pika tools.
When you install the pika or amqp libraries, run the same python setup.py install
command from the downloaded pika or amqp directory.
2.
Create the certificate.
POST /rest/certificates/client/rabbitmq
Request body: {"type":"RabbitMqClientCertV2","commonName":"default"}
28.3 Using the Metric Streaming Message Bus (MSMB) 321
3.
Download the client certificate and private key.
GET /rest/certificates/client/rabbitmq/keypair/default
4.
Save the contents of the client certificate in the response body into a text file named
client.pem.
You must copy and paste everything from -----BEGIN CERTIFICATE----- to -----END
CERTIFICATE-----, including the dashes, but not including the quotes. You must replace
all instances of \n with CR/LF (carriage return / line feed).
5.
Save the contents of the private key in the response body into a text file named key.pem.
You must copy and paste everything from -----BEGIN RSA PRIVATE KEY----- to
-----END RSA PRIVATE KEY-----, including the dashes, but not including the quotes.
You must replace all instances of \n with CR/LF (carriage return / line feed).
6.
Download the root CA certificate.
GET /rest/certificates/ca
7.
Save the contents in the response body into a text file named caroot.pem. You must copy
and paste everything from -----BEGIN CERTIFICATE----- to -----END
CERTIFICATE-----, including the dashes, but not including the quotes. You must replace
all instances of \n with CR/LF (carriage return / line feed).
28.3.6.2 Pika
Example 12 Pika example
When you invoke the script, you must pass –host:{hostname or IP}. See the following
examples:
•
--host:192.168.1.1
•
–host:my-appliance.example.com
IMPORTANT: If the connection fails on the first attempt to invoke this script after an appliance
reboot, try invoking the script again.
import pika, ssl
from optparse import OptionParser
from pika.credentials import ExternalCredentials
import json
import logging
logging.basicConfig()
###############################################
# Callback function that handles messages
def callback(ch, method, properties, body):
msg = json.loads(body)
timestamp = msg['timestamp']
resourceUri = msg['resourceUri']
resource = msg['resource']
changeType = msg['changeType']
print
print
print
print
print
print
("%s: Message received:" %(timestamp))
("Routing Key: %s" %(method.routing_key))
("Change Type: %s" %(changeType))
("Resource URI: %s" %(resourceUri))
("Resource: %s" %(resource))
#
Pem Files needed, be sure to replace the \n returned from the APIs with CR/LF
#
caroot.pem - the CA Root certificate
- GET /rest/certificates/ca
#
client.pem, first POST /rest/certificates/client/rabbitmq Request body:
{"type":"RabbitMqClientCert","commonName":"default"}
#
GET /rest/certificates/client/rabbitmq/keypair/default
#
client.pem is the key with -----BEGIN CERTIFICATE----#
key.pem is the key with -----BEGIN RSA PRIVATE KEY----# Setup our ssl options
ssl_options = ({"ca_certs": "caroot.pem",
"certfile": "client.pem",
"keyfile": "key.pem",
322 Using a message bus to send data to subscribers
"cert_reqs": ssl.CERT_REQUIRED,
"server_side": False})
parser = OptionParser()
parser.add_option('--host', dest='host',
help='Pika server to connect to (default: %default)',
default='localhost',
)
options, args = parser.parse_args()
# Connect to RabbitMQ
host = options.host
print ("Connecting to %s:5671, to change use --host hostName " %(host))
connection = pika.BlockingConnection(
pika.ConnectionParameters(
host, 5671, credentials=ExternalCredentials(),
ssl=True, ssl_options=ssl_options))
# Create and bind to queue
EXCHANGE_NAME = "msmb"
ROUTING_KEY = "msmb.#"
channel = connection.channel()
result = channel.queue_declare()
queue_name = result.method.queue
channel.queue_bind(exchange=EXCHANGE_NAME, queue=queue_name, routing_key=ROUTING_KEY)
channel.basic_consume(callback,
queue=queue_name,
no_ack=True)
# Start listening for messages
channel.start_consuming()
28.3.6.3 AMQP
Example 13 AMQP example
When you invoke the script, you must pass –host:{hostname or IP}. See the following
examples:
•
--host:192.168.1.1
•
–host:my-appliance.example.com
IMPORTANT: If the connection fails on the first attempt to invoke this script after an appliance
reboot, try invoking the script again.
#!/usr/bin/env python
from optparse import OptionParser
from functools import partial
import amqplib.client_0_8 as amqp
def callback(channel, msg):
for key, val in msg.properties.items():
print ('%s: %s' % (key, str(val)))
for key, val in msg.delivery_info.items():
print ('> %s: %s' % (key, str(val)))
print ('')
print (msg.body)
print ('-------')
print msg.delivery_tag
channel.basic_ack(msg.delivery_tag)
#
# Cancel this callback
#
if msg.body == 'quit':
channel.basic_cancel(msg.consumer_tag)
def main():
parser = OptionParser()
parser.add_option('--host', dest='host',
help='AMQP server to connect to (default: %default)',
default='localhost',
)
options, args = parser.parse_args()
28.3 Using the Metric Streaming Message Bus (MSMB) 323
host = options.host+":5671"
#
Pem Files needed, be sure to replace the \n returned from the APIs with CR/LF
#
caroot.pem - the CA Root certificate
- GET /rest/certificates/ca
#
client.pem, first POST /rest/certificates/client/rabbitmq Request body:
{"type":"RabbitMqClientCert","commonName":"default"}
#
GET /rest/certificates/client/rabbitmq/keypair/default
#
client.pem is the key with -----BEGIN CERTIFICATE----#
key.pem is the key with -----BEGIN RSA PRIVATE KEY-----
#
ssl_options = ({"ca_certs": "caroot.pem",
"certfile": "client.pem",
"keyfile": "key.pem",
"cert_reqs": CERT_REQUIRED,
"server_side": False})
print ('Connecting to host %s, to change use --host hostName ' %host)
conn = amqp.Connection(host, login_method='EXTERNAL',
ssl=ssl_options)
print ('Successfully connected, creating and binding to queue')
ch = conn.channel()
qname, _, _ = ch.queue_declare()
ch.queue_bind(qname, 'msmb', 'msmb.#')
ch.basic_consume(qname, callback=partial(callback, ch))
print ('Successfully bound to queue, waiting for messages')
#pyamqp://
#
# Loop as long as the channel has callbacks registered
#
while ch.callbacks:
ch.wait()
ch.close()
conn.close()
if __name__ == '__main__':
main()
28.3.7 Re-create the AMQP client certificate
If you change the appliance name, you must re-create the AMQP client certificate.
NOTE:
If the certificates are already created, you can skip this step.
Prerequisites
•
Minimum required session ID privileges: Infrastructure administrator
Re-creating and downloading the client certificate, private key, and root CA certificate
1. Revoke the certificate.
DELETE /rest/certificates/ca/rabbitmq_readonly
Request body is not required.
NOTE: When you revoke the default client certificate, the appliance re-generates the CA certificate, AMQP
server certificate, and the default client certificate.
2. Download the certificate and private key.
GET /rest/certificates/client/rabbitmq/keypair/default
3. Download the root CA certificate.
GET /rest/certificates/ca
324 Using a message bus to send data to subscribers
29 Generating reports
HPE OneView offers predefined reports to help you manage your appliance and its environment.
You can view the reports in the UI or generate them using REST API. You can also save the
reports as a Microsoft Excel workbook (*.xlsx) or CSV MS-DOS (*.csv).
UI screens and REST API resources
UI screen
REST API resource
Reports
reports
29.1 Roles
•
Minimum required privileges: Infrastructure administrator (for local users report)
29.2 Tasks for reports
The appliance online help provides information about using the UI or the REST APIs to:
•
View a report.
•
Save a report.
29.3 About reports
HPE OneView offers reports to help you monitor your inventory as well as help you monitor your
environment. The inventory reports provide information about your servers or enclosures such
as model, serial number, part number, and so on. Other reports provide a picture of the overall
status of your environment.
Select a report, by name, from the left navigation column of the Reports screen. You can view
or save the report. For more information, see View and save a report in the online help.
The main pane of the screen describes the report chosen. It provides a bar chart, a donut chart,
or both, and tabular data for more detailed information.
29.1 Roles 325
326
30 Using data services
Using REST APIs, you can collect metrics from devices managed by HPE OneView and preserve
that data remotely from the HPE OneView appliance for viewing in other software tools. This
gives you the flexibility to further analyze the data in meaningful ways.
30.1 About data services
Using data services, you can make data available for offline analysis and troubleshooting. For
information on supported data types, see the following sections on metric streaming and log
forwarding.
30.1.1 About metric streaming
The HPE OneView REST APIs allow you to configure the relay of enclosure, server-hardware,
and power-devices performance metrics over MSMB. Following is the list of metrics supported.
•
•
•
Enclosures:
◦
Rated Capacity: The limit of the enclosure’s peak power consumption, in watts.
◦
Derated Capacity: The limit of the enclosure’s average power consumption, in watts.
◦
Ambient Temperature: The temperature of the enclosure over the time interval in Celsius
or Fahrenheit.
◦
Average Power: The average power consumption of the device over the time interval,
in watts.
◦
Powercap: The power cap set for the enclosure, in watts.
◦
Peak Power: The peak power consumption of the enclosure over the time interval, in
watts.
Power-devices:
◦
Average Power: The average power consumption of the device over the time interval,
in watts.
◦
Peak Power: The peak power consumption of the device over the time period, in watts.
Server-hardware:
◦
CPU Utilization: The percentage of CPU utilized by the device over the time interval.
◦
CPU Average Frequency: The speed of the device CPU over the time interval, in GHz.
◦
Ambient Temperature: The temperature of the enclosure over the time interval in Celsius
or Fahrenheit.
◦
Average Power: The average power consumption of the device over the time interval,
in watts.
◦
Powercap: The user-defined power cap set for server-hardware.
◦
Peak Power: The peak power consumption of the device over the time period, in watts.
30.1.2 About log forwarding to a remote syslog server
REST APIs can be used to configure the remote syslog destination. Once configured, the logs
are streamed directly from the device using rsyslog.
30.1 About data services 327
30.2 REST API to enable metric streaming
Metrics for managed resources can be streamed at a specified interval.
•
/rest/metrics/capability
•
/rest/metrics/configuration
Table 14 Recommended metric frequency of relay for a maximum number of devices by
device type
Device type
Max
Frequency Max
Frequency Max
Frequency Max
Frequency Max
devices (sec)
devices (sec)
devices (sec)
devices (sec)
devices Frequency (sec)
Enclosure
5
300
5
300
10
600
20
900
40
1800
Power-devices 10
300
10
300
20
900
40
1800
80
3600
Server-hardware 40
300
80
600
160
900
320
1800
640
3600
For example, the recommended configuration for 640 servers, 80 power devices, and 40
enclosures is as follows:
{
"sourceTypeList": [
{
"frequencyOfRelayInSeconds": 3600,
"sampleIntervalInSeconds": 300,
"sourceType": "/rest/server-hardware"
},
{
"frequencyOfRelayInSeconds": 3600,
"sampleIntervalInSeconds": 300,
"sourceType": "/rest/power-devices"
},
{
"frequencyOfRelayInSeconds": 1800,
"sampleIntervalInSeconds": 300,
"sourceType": "/rest/enclosures"
}
]
}
30.2.1 Roles
•
Minimum required privileges: Infrastructure administrator
30.2.2 Tasks for metrics REST API
The appliance online help provides information about using the REST APIs to
•
Fetch metric streaming capability
•
Fetch metric streaming configuration
•
Update metric streaming configuration
NOTE: When configured, metrics are streamed only for servers with HPE OneView Advanced
license.
30.3 REST API to leverage remote system logs
The remoteSyslog REST API allows you to implement a remote system log server to receive
and retain remote Syslog data and to configure the data relay.
328 Using data services
This REST API allows you to configure a remote syslog destination server and port. Once
configured, all servers with HPE OneView Advanced license and enclosures will forward the logs
to this remote syslog server.
•
/rest/logs/remoteSyslog
30.3.1 Roles
•
Minimum required privileges: Infrastructure administrator
30.3.2 Tasks for remoteSyslog REST API
The appliance online help provides information about using the REST APIs to
•
Fetch remoteSyslog configuration
•
Update remoteSyslog configuration
30.3 REST API to leverage remote system logs 329
330
Part V Troubleshooting
The chapters in this part include information you can use when troubleshooting issues in your data
center, and information about restoring the appliance from a backup file in the event of a catastrophic
failure.
332
31 Troubleshooting
HPE OneView has a variety of troubleshooting tools you can use to resolve issues. By following
a combined approach of examining screens and logs, you can obtain a history of activity and of
the errors encountered along the way. For specific troubleshooting instructions, select a topic
from the following list.
Category
Learn more
• Activity
• “Basic troubleshooting techniques ” (page 333)
• Appliance
• “Create a support dump file” (page 335)
• Appliance network setup
• “Create a support dump for authorized technical support
using REST API scripting” (page 338)
• Enclosures and enclosure groups
• Firmware bundles
• “Troubleshooting locale issues” (page 376)
• Interconnects
• Licensing
• Logical interconnects
• Networks
• Server hardware
• Server profiles
• Storage
• User accounts and groups
31.1 Basic troubleshooting techniques
HPE OneView has a variety of troubleshooting tools you can use to resolve issues. By following
a combined approach of examining screens and logs, you can obtain a history of activity and the
errors encountered.
•
The Activity screen displays a log of all changes made on the appliance, whether user-initiated
or appliance-initiated. It is similar to an audit log, but with finer detail and it is easier to access
from the UI.
The Activity screen also provides a log of health alerts and status notifications.
•
Download an audit log to help an administrator understand what security relevant actions
took place on the system.
•
Create a support dump file to gather logs and other information required for debugging into
an encrypted, compressed file that you can send to your authorized support representative
for analysis.
•
Review reports for interconnect, server, and enclosure status. Reports can also provide
inventory information and help you see the types of server models and processors in your
data center. They can also show you what firmware needs to be updated.
31.1 Basic troubleshooting techniques 333
NOTE:
If the UI is not available, you can use the Maintenance console for troubleshooting.
Recommendation
Details
Look for a message
About syntax errors:
• The user interface checks for syntax when you enter a value. If you make a syntax error,
an instructional message appears next to the entry. The user interface or command line
continues to display messages until you enter the correct value.
About network setup errors:
• Before applying them, the appliance verifies key network parameters like the IP address
and the fully qualified domain name (FQDN), to ensure that they have the proper format.
• After network settings are applied, the appliance performs additional validation, such as
reachability checks and host name to IP lookup. If a parameter is incorrect, the appliance
generates an alert that describes validation errors for the Network Interface Card (NIC),
and the connection between the browser and the appliance can be lost.
About reported serious errors:
• Check connectivity to the enclosure from the appliance.
• Create a support dump and contact your authorized support representative.
Examine the Activity
screen
To find a message for an activity:
NOTE: You might need to perform these steps from the virtual console.
1. Locate recent activities with a Critical or Warning status.
2. Expand the activity to see recommendations on how to resolve the error.
3. Follow the instructions.
31.2 About the support dump file
Some error messages recommend that you create a support dump of the Synergy Management
appliance and send it to an authorized support representative for analysis. The support dump
process performs the following functions:
•
Deletes any existing support dump file
•
Gathers logs and other information required for debugging
•
Creates a compressed file with a name in the following format:
hostname-identifier—timestamp.sdmp
Where, for support dump files created from the UI, identifier is either CI (indicating an
appliance support dump) or LE (indicating a logical enclosure support dump).
The support dump contains data that might be considered customer sensitive such as hostnames,
IP addresses, and the appliance audit log.
Unless you specify otherwise, all data in the support dump file is encrypted so that only an
authorized support representative can access it.
You can choose not to encrypt the support dump file if you are an Infrastructure administrator.
This can be useful if you have an onsite, authorized support representative or if your environment
prohibits outside connections. You can also validate the contents of the support dump file and
verify that it does not contain data considered sensitive in your environment.
334 Troubleshooting
IMPORTANT: If the appliance is in an error state, a special Oops screen is displayed. Anyone
can create an encrypted support dump file from that screen without the need for logging in or
other authentication.
Creating the support dump file will remove the backup file that exists on the Synergy Management
appliance. Move the backup file to an external location before proceeding.
The support dump file contains the following:
•
Operating system logs
•
Product logs
•
The results of certain operating system and product-related commands
Items logged in the support dump file are recorded according to UTC time.
About support dump created from a clustered appliance
When created from a clustered appliance, the support dump file contains information from both
the active appliance and the standby appliance. If the standby appliance is not reachable, its
dump file data is not included— only the active appliance dump data is available; the support
dump will be named with the fully-qualified domain name, the enclosure name, and the appliance
bay of the active appliance, and can be retrieved using the Maintenance console on the active
appliance.
About logical enclosure support dumps
You can create a logical enclosure support dump, which, by default, includes the appliance
support dump. The logical enclosure support dump file includes content from each member
logical interconnect. After the logical enclosure support dump is created, it is incorporated into
the appliance support dump and the entire bundle of files is compressed into a zip file and
encrypted for downloading.
NOTE: To create a logical enclosure support dump that does not contain the appliance support
dump, you must use the logical enclosure REST APIs. For more information, see the REST API
scripting online help for logical enclosures.
See also
•
“Create a support dump file” (page 335)
31.3 Create a support dump file
Use this procedure to create a support dump file for the appliance only or for the logical enclosure
and the appliance.
CAUTION:
Creating the support dump file could overwrite an existing backup file. If a backup file exists on
the appliance, move it to an external location for safekeeping before creating the support dump.
31.3 Create a support dump file 335
Prerequisites
•
Minimum required privileges: Network administrator, Server administrator, Infrastructure
administrator, Backup administrator, Read only
NOTE: Only the Infrastructure administrator has the option of not encrypting a support
dump file. When a user with a different role creates a support dump file, it is encrypted
automatically.
Creating a support dump file
1.
For an appliance support dump file, do one of the following:
•
From the main menu, click Settings, and then in the Appliance panel, click Create
support dump.
•
From the main menu, click Settings, click Appliance, and then select Actions→Create
support dump.
2.
If you are an Infrastructure administrator, choose whether or not to encrypt the support dump
file:
a. To encrypt the support dump file, confirm that the Enable support dump encryption
check box is selected.
b. To turn off encryption, clear the Enable support dump encryption check box.
3.
Click Yes, create.
You can continue doing other tasks while the support dump file is created.
4.
5.
6.
The support dump file is downloaded when this task is completed. If your browser settings
specify a default download folder, the support dump file is placed in that folder. Otherwise,
you are prompted to indicate where to download the file.
Verify that the support dump file was saved to the correct folder.
Contact your authorized support representative for instructions on how to transfer the support
dump file to Hewlett Packard Enterprise.
For information on contacting Hewlett Packard Enterprise, see “Accessing Hewlett Packard
Enterprise Support” (page 405).
IMPORTANT: Unless you specify otherwise, the support dump file is encrypted so that only
an authorized support representative can view its contents.
The Hewlett Packard Enterprise data retention policy requires that all sent support dump files be
deleted after use.
See also
•
“About the support dump file” (page 334)
•
Troubleshooting: Cannot create a support dump file
31.4 Create a support dump file and write it to a USB drive from the UI
This procedure describes how to use the UI to create a support dump file from the console of a
physical appliance and store it on a USB drive.
CAUTION: Creating the support dump file could overwrite a backup file. If a backup file exists
on the USB drive, move it to an external location for safekeeping before creating the support
dump.
336 Troubleshooting
NOTE:
•
The support dump file is encrypted by default. Only the Infrastructure administrator has the
option to save the support dump file without encryption.
Prerequisites
•
Use a USB 2.0 or 3.0 device drive, formatted as an NTFS or FAT32 file system and with
only one partition. If necessary, use a computer to format the USB drive.
The USB drive must have enough free space (typically 1 to 4 GB) to store the support dump
file. USB drives with a capacity of up to 16 GB have been tested successfully.
•
The USB drive must be installed in the USB port of the active appliance.
•
Ensure that a backup file is not currently being created. If so, creating a new support dump
stops that operation and overwrites the backup file.
Creating a support dump file and writing it to a USB drive
1.
2.
Access HPE OneView on the physical console.
From the main menu, select Settings and do one of the following:
•
Click Create support dump in the Appliance panel.
•
Click Appliance on the Settings screen, and then select Actions→Create support
dump.
Alternatively, you can create a support dump file from the Oops screen by selecting Create
support dump. You will be required to log in as an Infrastructure administrator.
3.
If you are an Infrastructure administrator, choose whether or not to encrypt the support dump
file:
a. To encrypt the support dump file, confirm that the Enable support dump encryption
check box is selected.
b. To turn off encryption, clear the Enable support dump encryption check box.
4.
Click Yes, create.
You can continue doing other tasks while the support dump file is created.
5.
6.
7.
Wait until the support dump file is downloaded. There will be an message on the screen
stating that the support dump was successfully created and that it is safe to remove the USB
drive.
Verify that the support dump file was saved by examining the contents of the USB drive for
the support dump file name.
If necessary, contact your authorized support representative for instructions on how to send
the support dump file to Hewlett Packard Enterprise.
See also
•
“About the support dump file” (page 334)
•
“Accessing Hewlett Packard Enterprise Support” (page 405).
31.4 Create a support dump file and write it to a USB drive from the UI 337
31.5 Create a support dump for authorized technical support using REST
API scripting
Some error messages recommend that you create a support dump of the appliance to send to
an authorized support representative for analysis. The support dump process:
•
Deletes any existing support dump file
•
Gathers logs and other information required for debugging
•
Creates a compressed file
Unless you specify otherwise, all data in the support dump file is encrypted so that it is accessible
only by an authorized support representative. You might choose not to encrypt the support dump
file if you have an onsite, authorized support representative or if your environment prohibits
outside connections. You can also validate the contents of the support dump file and verify that
it does not contain sensitive data such as passwords.
IMPORTANT: If the appliance is in an error state, you can still create an encrypted support
dump file without logging in or other authentication.
The support dump file contains the following:
•
Operating system logs (from /var/log)
•
Product logs (from /ci/logs)
•
The results of certain operating system and product-related commands
Items logged in the support dump file are recorded in UTC (Coordinated Universal Time).
Prerequisites
•
Minimum required session ID privileges: Infrastructure administrator
Creating a support dump using REST APIs
1. Create a support dump.
POST /rest/appliance/support-dumps
2. Use the value of the uri element in the Response Body from the POST in step 1 to download the support dump.
GET /rest/appliance/support-dumps/{file name}
IMPORTANT: Unless you specify otherwise, the support dump file is encrypted so that only
authorized support personnel can view its contents.
In accordance with the Hewlett Packard Enterprise data retention policy, support dump files sent
to Hewlett Packard Enterprise are deleted after use.
31.6 Troubleshooting activity
Use the following information to troubleshoot alerts that appear on the Activity screen.
31.6.1 Alert is locked
Symptom
An alert is locked and cannot be cleared.
Cause
The locked alert was created by a resource.
338 Troubleshooting
Action
1.
2.
3.
Expand the alert and follow the recommended action described in Resolution.
If you need more information, expand the Event details and see the details for
correctiveAction.
When the resource detects a change, it will automatically change the alert status to Cleared.
31.6.2 Alerts are not visible in the user interface
Symptom
You cannot access the Alerts screen or alerts are not posted there.
Cause
Improper permission
Action
1.
2.
3.
If possible, log in as a privileged user. Otherwise, request that the Infrastructure administrator
change your role so that you can see alerts for the physical resource type.
Log in again.
View the Activity screen.
31.6.3 Alert status is reported as blank or unexpected
Symptom
The status of the alert is other than:
•
Critical
•
Warning
•
OK
•
Unknown
Cause
Action
1.
2.
Clear the alert.
Restore the alert.
31.6.4 Alert state is unexpected
Symptom
The state of the alert is other than
•
Active
•
Locked
•
Cleared
Cause
A resource reported an unexpected alert state for an underlying problem.
31.6 Troubleshooting activity 339
Action
1.
2.
3.
Expand the alert and follow the recommended action described in Resolution.
If you need more information, expand the Event details and see the details for
correctiveAction.
When the resource detects a change, it will automatically change the alert state to Cleared.
31.7 Troubleshooting the appliance
Audit log:
•
“Audit log is absent ” (page 351)
•
“Audit log could not be downloaded ” (page 351)
•
“Audit entries are not logged ” (page 351)
Backup/Restore:
•
“Cannot create or download a backup file ” (page 345)
•
“Restore action was unsuccessful ” (page 352)
Restart/Shutdown:
•
“Synergy Composer did not shut down” (page 353)
•
“Cannot restart the Synergy Composer after a shutdown” (page 354)
•
“Unexpected appliance shutdown” (page 341)
Security/Authentication:
•
“Unable to import a certificate ” (page 350)
•
“Certificate was revoked ” (page 350)
•
“Invalid certificate chain prevents operations ” (page 350)
•
“Invalid certificate content prevents operations ” (page 351)
•
“You cannot log in ” (page 355)
•
“ Hardware setup user cannot log in” (page 355)
•
“Cannot log in after a factory reset action” (page 355)
Support dump:
•
“Support dump was not created ” (page 347)
•
“Support dump file not saved ” (page 347)
•
“Support dump does not contain data for standby appliance” (page 348)
•
“Cannot create unencrypted support dump ” (page 348)
•
“Cannot download support dump to USB flash drive ” (page 349)
Update:
•
“Cannot update Synergy Composer” (page 342)
•
“Appliance update file downloads, but update fails” (page 343)
•
“Appliance update is unsuccessful” (page 343)
Other:
•
“Synergy Composer performance is slow” (page 341)
•
“Browser does not display the HPE OneView user interface” (page 344)
340 Troubleshooting
•
“Icons are not visible on the appliance dashboard” (page 344)
•
“Could not retrieve the browser session ” (page 345)
•
“USB drive not recognized ” (page 349)
•
“Reinstall the remote console ” (page 356)
•
“Active and standby appliances are not connected” (page 356)
•
“Synergy Composer is offline, manual action is required” (page 357)
•
“Synergy Composer is offline and unusable” (page 358)
31.7.1 Synergy Composer performance is slow
Symptom
The appliance operates, but its performance is slow.
Cause
The appliance configuration is not set for optimum performance.
Action
Ensure that the physical components satisfy the requirements described in the HPE OneView
Support Matrix for HPE Synergy.
2. Ensure proper network connection between the appliance and managed devices.
3. Ensure power management is not enabled.
4. Ensure the available storage is acceptable.
5. Ensure the host is not overloaded.
6. From the local computer, use the ping command to determine if the round-trip time of the
ping is acceptable. Long times can indicate browser problems.
7. Determine that the browser settings are correct.
8. Consider bypassing the proxy server.
9. Ensure the scale limits are not exceeded. See the HPE OneView Support Matrix for HPE
Synergy.
10. Create a support dump and contact your authorized support representative.
1.
31.7.2 Unexpected appliance shutdown
Symptom
Appliance crash
Cause
Unplanned shutdowns
Actions to take after a crash
•
Unexpected shutdowns are rare. Check for critical alerts or failed tasks. Follow the resolution
instructions, if provided.
•
Manually refresh a resource (Actions→Refresh) if the resource information displayed
appears to be incorrect or inconsistent.
•
Create a support dump (Settings→Actions→Create support dump) for unexpected
shutdowns to help your authorized support representative troubleshoot the problem.
31.7 Troubleshooting the appliance 341
31.7.3 Cannot update Synergy Composer
Symptom
The update appliance operation fails.
Solution 1
Cause
Improper permission
Action
Required privileges: Infrastructure administrator
1.
2.
Log in to the appliance as the Infrastructure administrator.
Perform the update operation again.
Solution 2
Cause
Appliance cannot access the network.
Action
“Synergy Composer cannot access the network” (page 359)
Solution 3
Cause
Appliance certificate is invalid, expired, or changed.
Action
1.
2.
Examine the certificate settings from the Security pane of the Settings screen.
Acquire a new appliance certificate if it is invalid or expired.
Depending on the certificate type, see “Create a self-signed certificate” (page 72) or “Create
a certificate signing request” (page 71).
3.
4.
5.
Refresh the browser page.
Accept the new certificate.
Retry the update operation.
Solution 4
Cause
Not enough disk space. The update operation requires twice the amount of disk space as the
update file, update.bin.
Action
1.
Perform the following REST API call to free disk space by deleting files related to the update
operation:
DELETE https://{appl}/rest/appliance/firmware/pending
Accept: application/json
Auth: authorization
X-Api-Version: 200
2.
Retry the update operation.
342 Troubleshooting
31.7.4 Appliance update file downloads, but update fails
Symptom
The update file was successfully downloaded but the update operation does not update the
appliance.
Solution 1
Cause
The download file is too large for the browser.
Action
1.
2.
Verify that the download size is within the capabilities of the browser.
Use a different browser.
Solution 2
Cause
File was deleted from the appliance.
Action
1.
2.
Download the update file.
Retry the update operation.
, See the online help for details.
Solution 3
Cause
The version of the appliance is outside the range of versions that apply to the update.
Action
1.
2.
Download a supported version (based on the appliance version) of the update file.
Retry the update operation. For information, see the online help.
31.7.5 Appliance update is unsuccessful
Any blocking or warning conditions affecting the appliance update are displayed prior to the
update operation.
Symptom
Update fails
Cause
Action
1.
2.
3.
Confirm you are not upgrading to the same version already installed.
Verify that all status indicators for LAN, CPU, and memory in the Appliance panel in the
Settings screen are green before retrying the update.
Create a support dump and contact your HPE support representative.
31.7 Troubleshooting the appliance 343
31.7.6 Browser does not display the HPE OneView user interface
Symptom
The browser does not display the HPE OneView user interface.
Solution 1
Cause
The browser is not supported.
Action
Use a supported browser.
Solution 2
Cause
The browser cache is full.
Action
1.
2.
Clear the browser cache and try again.
Refresh or reload the browser.
Solution 3
Cause
Javascript is not enabled.
Action
Enable Javascript on the browser.
Solution 4
Cause
There is a connectivity issue with the appliance.
Action
1.
2.
3.
Verify that the browser proxy setting is accurate.
Refresh or reload the browser.
Verify that the appliance can access the network.
“Synergy Composer cannot access the network” (page 359).
31.7.7 Icons are not visible on the appliance dashboard
Symptom
The dashboard is displayed without icons.
Cause
A timeout occurred before the browser could load the icons
344 Troubleshooting
Action
1.
2.
Refresh or reload the browser.
Verify that the appliance can access the network.
“Synergy Composer cannot access the network” (page 359).
31.7.8 Could not retrieve the browser session
Symptom
The browser does not display the session or the session appears frozen.
Solution 1
Cause
Session timed out
Action
1.
2.
Log out.
Log back in to start a new session.
Solution 2
Cause
You were logged out of the session.
Action
Log in to start a new session.
31.7.9 Cannot create or download a backup file
Symptom
A backup file could not be created or downloaded.
Solution 1
Cause
Other related operations are in progress. Only one backup file can be created at a time. A backup
file cannot be created during the restore operation or while a previous backup file is being uploaded
or downloaded.
Action
Required privileges: Infrastructure administrator
1. Log in as the Infrastructure administrator.
2. Verify that no other backup or restore operation is running. Look for a progress bar in the
Settings screen or a completion noted in the Activity sidebar.
3. Wait until the operation is complete.
4. If an alert appears, follow its resolution to
a. Retry the backup operation.
b. If the backup operation fails, restart the appliance.
c. Run the backup operation again after restarting the appliance.
31.7 Troubleshooting the appliance 345
Solution 2
Cause
Network connectivity issues prevent the download.
Action
Ensure that the network is correctly configured and performing as expected.
Solution 3
Cause
A profile operation was running during the backup operation resulting in any of the following:
•
Duplicate GUIDs in the network
•
Server with settings from a previous profile
•
Error message: The operation was interrupted
•
Error message: The configuration is inconsistent
Action
1.
2.
3.
4.
5.
6.
7.
Log in as the Infrastructure administrator.
Identify the server affected.
Unassign the profile from the server.
Reassign the profile to the server.
If either error message was reported, determine any factors (not related to HPE OneView)
that contributed to this condition, such as:
•
Was the server moved?
•
Was the server power turned off?
Create a support dump file.
Report this issue to your authorized support representative.
Symptom
Cannot download the backup file because a related operation is in progress.
Cause
A backup file cannot be uploaded or downloaded while a backup file creation or restore operation
is in progress.
Action
•
Ensure that another backup or restore operation is not running. They are indicated with a
progress bar in the Settings screen.
Symptom
The backup file does not appear to be downloading.
Cause
Downloading a large backup file can take several minutes or more, depending on the complexity
of the appliance configuration.
346 Troubleshooting
Action
•
Wait until the operation completes. Monitor the operation by observing the progress bar in
the Settings screen.
31.7.10 Support dump was not created
Symptom
Cannot find the expected support dump
Solution 1
Cause
Insufficient time elapsed
Action
1.
2.
Wait. Creating a support dump file can take several minutes. If the log files are large or if
the system is extensive, creating a support dump file can take even longer.
Retry the create support dump action.
Solution 2
Cause
Only the Infrastructure administrator can create a support dump file from the Oops screen.
Action
Provide the credentials for the Infrastructure administrator and try again.
31.7.11 Support dump file not saved
Symptom
The support dump file is absent on the appliance.
Solution 1
Cause
You can easily miss notifications of automatic downloads if the browser settings are not set
correctly.
Action
1.
2.
3.
Verify that the download has completed.
Verify the browser settings .
Retry the create support dump action and examine the download progress bar in the Activity
sidebar.
Solution 2
Cause
Insufficient disk space for the support dump file on the client side.
31.7 Troubleshooting the appliance 347
Action
1.
2.
Ensure that the local computer has enough disk space to accommodate the support dump
file.
Retry the create support dump action.
31.7.12 Support dump does not contain data for standby appliance
Symptom
The support dump file contains the data for the active appliance of a cluster, but not the standby
appliance.
Solution 1
Cause
The appliance does not have enough free space to accommodate all the data.
Action
1.
2.
3.
4.
Optional: Move the support dump file to an off-appliance location.
Delete the support dump file on the appliance.
Locate and delete any unnecessary files.
Retry the create support dump action.
Solution 2
Cause
Standby appliance is not online
Action
1.
2.
3.
Ensure that the standby appliance is online.
Retry the create support dump action.
Access the Maintenance console of the standby appliance and use the Maintenance console
to create a support dump file.
31.7.13 Cannot create unencrypted support dump
Symptom
You can create an encrypted support dump file, but not an unencrypted one.
Cause
You do not have proper authorization to create an unencrypted support dump file. Only the
Infrastructure administrator can do so.
Action
1.
2.
3.
4.
5.
Log into the appliance as the Infrastructure administrator.
Retry the create support dump action.
Specify the unencrypted support dump option.
Create the support dump.
Verify success by examining the progress bar.
348 Troubleshooting
31.7.14 Cannot download support dump to USB flash drive
Symptom
Attempts to create and download a support dump file to a USB flash drive fail.
Solution 1
Cause
The USB flash drive does not have enough disk space to accommodate the support dump file.
Action
1.
2.
3.
Ensure that the USB flash drive has 1 GB to 4 GB of free disk space.
Use a computer running either a Linux or Windows operating system to remove unneeded
files.
Retry the create support dump procedure to download the support dump file to the USB
flash drive.
Solution 2
Cause
Either the USB flash drive is not mounted or its format is incompatible.
Action
1.
2.
Do one of the following:
•
Ensure that the USB flash drive is properly mounted.
•
Reformat the USB flash drive as an NTFS or exFAT file system.
•
Use a different USB flash drive formatted as an NTFS or exFAT file system.
Retry the create support dump procedure to download the support dump file to the USB
flash drive.
Solution 3
Cause
The file system type of the USB flash drive is FAT32, and the support dump file exceeds 4 GB.
Action
1.
2.
Do one of the following:
•
Reformat the USB flash drive as an NTFS or exFAT file system.
•
Use another USB flash drive formatted as an NTFS or exFAT file system.
Retry the create support dump procedure to download the support dump file to the USB
flash drive.
31.7.15 USB drive not recognized
Symptom
A No USB mounted message was encountered.
Cause
The USB flash drive file system exceeds 16 GB.
31.7 Troubleshooting the appliance 349
Action
1.
2.
Ensure that you are inserting the USB flash drive into the correct enclosure.
Use a USB flash drive formatted with a single file system less than or equal to 16 GB in size.
The maximum size of a FAT32 file system is 4 GB.
3.
Retry the create support dump procedure to download the support dump file to the USB
flash drive.
31.7.16 Unable to import a certificate
Symptom
The appliance did not allow or accept the action of importing a certificate.
Solution 1
Cause
Your login account does not give you permission to import a certificate.
Action
Required privileges: Infrastructure administrator
1. Log in as the Infrastructure administrator.
2. Try the action again.
Solution 2
Cause
Appliance lost connection with browser.
Action
Required privileges: Infrastructure administrator
1. Verify that the network is working properly.
“Synergy Composer cannot access the network” (page 359)
2.
Wait for the web server to restart, and then try the action again.
31.7.17 Certificate was revoked
Symptom
The Certificate Authority no longer recognizes the certificate.
Cause
The certificate is no longer valid.
Action
1.
2.
As Infrastructure administrator, create or acquire a new certificate for the appliance.
Generate a new signing request.
31.7.18 Invalid certificate chain prevents operations
Symptom
The certificate chain in the remote appliance was corrupted.
350 Troubleshooting
Action
Required privileges: Infrastructure administrator
1. As Infrastructure administrator, create or acquire a new certificate for the appliance.
2. Generate a new signing request.
31.7.19 Invalid certificate content prevents operations
Symptom
Cause
The format of the certificate is invalid.
Action
Required privileges: Infrastructure administrator
1. As Infrastructure administrator, create or acquire a new appliance with a valid format.
“Create a certificate signing request” (page 71) or “Create a self-signed certificate” (page
72)
2.
Import the new certificate.
31.7.20 Audit log could not be downloaded
Symptom
No action menu item for downloading the audit log is visible.
Cause
Improper authorization.
Action
1.
2.
Log in as the Infrastructure administrator.
Download the audit log.
31.7.21 Audit entries are not logged
Symptom
Entries in the audit log are missing.
Cause
The audit log was edited which resulted in stopping the logging.
Action
Restart the appliance to resume logging.
31.7.22 Audit log is absent
Symptom
The audit log was deleted.
Action
Restart the appliance to create an audit log and resume logging.
31.7 Troubleshooting the appliance 351
31.7.23 Restore action was unsuccessful
Symptom
The restore and factory reset operations failed, and the appliance could not restart.
Solution 1
Cause
The backup file is incompatible.
Action
1.
2.
Log in as Infrastructure administrator.
Retry the restore operation with a recent backup file that fulfills this criteria:
The appliance being restored has the same HPE OneView major and minor version numbers
as the appliance on which the backup file was created.
The Settings screen displays the version number in this format:
Version major.minor.nn-nnnnn month—day—year
3.
Reconcile any discrepancies that the restore operation could not resolve automatically.
Solution 2
Cause
A serious error occurred.
Action
1.
2.
3.
Log in as Infrastructure administrator.
Create a support dump file, in case you might need to contact an authorized support
representative.
If possible, reset the appliance to factory settings.
Otherwise, reimage the Synergy Composer.
4.
Retry the restore operation.
Cause
Restore operation failed.
Action
Required privileges: Infrastructure administrator
1. Log in as Infrastructure administrator.
2. Create a support dump file, in case you might need to contact an authorized support
representative
.
3.
4.
Do one or both of the following:
•
Retry the restore operation, specifying the most recent backup file.
•
Try the restore operation with another backup file that is compatible with the appliance.
If the problem persists, contact your authorized support representative.
352 Troubleshooting
Cause
The status of the restore operation is IN PROGRESS, but the percentage of change does not
change for 2.5 hours or more.
Action
1.
2.
3.
Log in as Infrastructure administrator.
Restart the appliance.
Do one or both of the following:
•
Retry the restore operation, specifying the most recent backup file.
•
Try the restore operation with another backup file that is compatible with the appliance.
Symptom
Server hardware is booting from wrong device or incorrect BIOS settings
Cause
BIOS, firmware, and boot settings were changed after the backup and before the restore operation.
Action
1.
2.
3.
4.
Log in as the Infrastructure administrator.
Verify the BIOS firmware, and boot settings.
Unassign the profiles.
Reassign each profile to its corresponding server.
Symptom
Restore operation does not restore server profile.
Cause
The restore operation timed out or failed.
Action
Required privilege: Infrastructure administrator
1. Log in as the Infrastructure administrator.
2. Create a support dump file.
3. Do one of the following:
a. Retry the restore operation, specifying the most recent backup file.
b. Try the restore operation with another backup file that is compatible with the appliance.
4.
Verify that all the necessary actions were followed to put the profiles back in-line with the
environment. If there is a profile still in an inconsistent state, there might be incorrect behavior
in the data center.
31.7.24 Synergy Composer did not shut down
Symptom
The appliance stayed up in spite of a shutdown operation.
Cause
An internal server error might have occurred.
31.7 Troubleshooting the appliance 353
Action
Required privileges: Infrastructure administrator
1. Log in as the Infrastructure administrator.
2. Retry the shutdown action.
3. Retry the shutdown action from the Maintenance console.
4. If the problem persists, create a support dump.
5. Contact your authorized support representative and provide them with the support dump.
“Accessing Hewlett Packard Enterprise Support” (page 405).
31.7.25 Cannot restart the Synergy Composer after a shutdown
Symptom
The restart action resulted in a shutdown, but not a restart.
Cause
An internal server error might have occurred.
Action
Required privileges: Infrastructure administrator
1.
2.
3.
4.
5.
Log in as the Infrastructure administrator.
Retry the restart action.
Retry the restart action from the Maintenance console.
If the problem persists, create a support dump.
Contact your authorized support representative and provide them with the support dump.
“Accessing Hewlett Packard Enterprise Support” (page 405).
354 Troubleshooting
31.7.26 You cannot log in
Symptom
Possible cause and recommendation
There is no login
screen.
Appliance not yet started or browser not behaving correctly
There is a login
screen, but the
appliance rejects
your login.
Authentication for the local user account is invalid
1.
2.
3.
4.
Wait for the appliance to start completely.
Refresh your browser and try again.
Open a new browser and try again.
As Infrastructure administrator, use the REST APIs to restart the appliance.
1. Retype your login name and password in case you made an error.
2. Verify your login name and role settings with the Infrastructure administrator. If the
appliance was reset to its original factory settings, the Infrastructure administrator might
need to reinstate you.
3. As Infrastructure administrator, do the following:
a. Verify the account name and ensure that a role is assigned to the user.
b. Restart the appliance and try again.
Authentication for the Authentication directory service is invalid
1. Retype your login name and password, and choose the correct authentication directory
in case you made an error.
2. Verify your login name and your group and role settings with the Infrastructure administrator.
If the appliance was reset to its original factory settings, the Infrastructure administrator
might need to reinstate you.
3. As Infrastructure administrator, do the following:
a. Verify the account name and ensure that the user is a member of the group in the
directory service.
b. Verify that the authentication directory service is configured properly.
c. Verify that the directory service server is operational. See “Directory service not available
” (page 395)
d. Verify that the directory service host certificate is valid. If not, reacquire a certificate
and install it.
e. Contact the directory service provider to ensure that the credentials are accurate.
f. Restart the appliance and try again.
31.7.27 Hardware setup user cannot log in
Symptom
The authorization for the hardware setup user is blocked.
Cause
The appliance is configured to deny access to the hardware setup user.
Action
1.
2.
3.
4.
5.
Log in as Infrastructure administrator.
Access the Edit Security screen.
Enable Hardware setup access. For more information, see the online help.
Log out and log back in as the Hardware setup user.
Retry the operation.
31.7.28 Cannot log in after a factory reset action
Symptom
Log in not accepted following a factory reset operation.
31.7 Troubleshooting the appliance 355
Cause
The authentication was deleted by the factory reset.
Action
Log in to the appliance with the default credentials that you used when you logged in for the first
time.
31.7.29 Reinstall the remote console
When running Firefox or Chrome on a Windows client, the first-time installation of the iLO remote
console prevents the installation dialog box from being displayed again. If you need to reinstall
the console software, you must reset the installation dialog box.
Symptom
Installation dialog box is not displayed.
Cause
If you installed the iLO remote console software using one browser (Firefox or Chrome), but are
using another browser, the dialog box that prompts you to install the software is displayed, even
if the software is already installed.
Action
To reinstall the console, press the Shift key and select Actions→Launch console.
Reinstall the software
1.
2.
Click Install software and close all of the dialog boxes for installing the application.
Click My installation is complete — Launch console to launch the console after it is
installed.
31.7.30 Active and standby appliances are not connected
Symptom
The Appliance panel of the Settings page shows that the active appliance and the standby
appliance are not connected.
Solution 1
Cause
The standby appliance is not powered on.
Action
1.
2.
3.
4.
Log in as the Infrastructure administrator.
Open the Enclosures page.
Ensure that the standby appliance is powered on.
Log into the Maintenance console to verify the health status of the appliance.
Solution 2
Cause
The enclosure is not powered on.
356 Troubleshooting
Action
1.
2.
3.
Log in as the Infrastructure administrator.
Open the Enclosures page.
Ensure that the enclosure is powered on.
31.7.31 Synergy Composer is offline, manual action is required
Symptom
The Maintenance console indicates that the appliance is offline and manual action is required to
restore operation safely.
Neither appliance in the appliance cluster is active. Constraints for data integrity prevent the
automatic activation of the appliance.
Solution 1
Cause
Network issues or multiple disconnects in the link enclosure network might have caused the
outage. A cable that connects the LINK ports of the enclosures is disconnected.
Action
1.
Restore high availability by correcting the cause of the outage, if possible:
a. Repair network connectivity.
Ensure that all link enclosure network cables are properly connected.
b.
2.
Reconnect the cable connecting the LINK ports.
Bring the enclosure back online.
Use the Maintenance console View details command to identify the appliance for which the
status cannot be confirmed. The appliance is identified in terms of its enclosure and appliance
bay number.
If the corresponding enclosure or frame link module is offline, powering it on could correct
the problem.
3.
Move the appliance to an operational enclosure if the enclosure or frame link module cannot
be brought back online.
Whenever possible, install clustered appliances in different enclosures to improve fault
protection.
Solution 2
Cause
An appliance is nonfunctional and high availability cannot be restored.
Action
IMPORTANT:
This procedure requires you to override data integrity protection.
Use extreme care when following this procedure
1.
Determine the location of both appliances in the appliance cluster. The location is given in
terms of the enclosure and appliance bay. The Maintenance console View details action,
from either appliance, can provide this information for the other appliance.
CAUTION:
Misidentifying the appliance can result in unrecoverable data loss.
31.7 Troubleshooting the appliance 357
2.
3.
Determine whether each appliance:
•
Is present in the enclosure.
•
Is powered on.
•
Shows a warning in the Maintenance console Notification banner regarding changes
that have not been synchronized between appliances.
Select the appliance to activate. Use the following criteria:
•
If one appliance shows an unsynchronized changes warning, select it.
•
Select the other appliance if an appliance:
◦
Is lost and cannot be recovered.
◦
Cannot be brought online.
If the lost appliance contained unsynchronized changes, unrecoverable data loss
could occur.
4.
Ensure the unselected appliance:
•
Is powered off,
•
Is removed from the enclosure, or
•
Was just restarted.
This step is critical to ensure that both appliances do not become active at the same time.
Otherwise, it will be impossible to resynchronize them, and unrecoverable data loss will
result.
5.
In the Maintenance console of the selected appliance, select Activate and confirm the action.
See “Activate the Synergy Composer manually when it is not highly available” (page 455).
Refer to the appliance state to monitor progress.
31.7.32 Synergy Composer is offline and unusable
Symptom
The Maintenance console indicates that an appliance is offline and unusable because of
incomplete data.
Neither appliance in the appliance cluster is active. Constraints for data integrity prevent the
automatic activation of the appliance.
Cause
An appliance in an Offline / Unusable (incomplete data) state experienced an outage
while its data was being synchronized or it encountered a disk write error. The appliance cannot
be activated in this state.
Action
1.
Reconnect the offline/unusable appliance with the other appliance in the cluster.
The other appliance likely has the most up-to-date data.
Reestablishing a connection between the appliances will allow data synchronization to
complete.
2.
Bring the up-to-date appliance enclosure back online.
Use the View details command in the up-to-date appliance Maintenance console to locate
its location (enclosure and appliance bay).
358 Troubleshooting
If its enclosure or frame link module is offline, powering it on could correct the problem.
3.
Move the up-to-date appliance to an operational enclosure if the enclosure or frame link
module cannot be brought back online.
Whenever possible, install clustered appliances in different enclosures to improve fault
protection.
4.
Repair the connectivity between LINK ports
If the up-to-date appliance is operational, the cable linking LINK ports might be disconnected.
Ensure that all such cables are connected properly. Reconnecting them could resolve the
problem.
5.
Restore from backup
If the up-to-date appliance is in an irrecoverable state, use a backup copy of the appliance
data to restore operation:
a.
b.
c.
Factory reset or reimage both appliances.
Restore one appliance from a recent compatible backup file.
Allow the other (or another) appliance to join into a high availability cluster with the
restored appliance.
If a replacement appliance is required, you can add it later to restore high availability.
31.8 Troubleshooting the appliance network setup
31.8.1 Synergy Composer cannot access the network
Symptom
Operations that require network access do not function.
Cause
The appliance network was not properly configured.
Action
1.
2.
3.
4.
Log in as Infrastructure administrator.
Verify that the IP address assignment is correct.
Verify that the DNS IP address is correct.
Verify that the DNS server is not behind a firewall.
If it is, modify the firewall settings.
5.
6.
7.
Verify that the DNS server is operational.
Verify the gateway address for your network is correct.
Log in to the appliance as Infrastructure administrator and correct the network settings.
31.8.2 Synergy Composer cannot retrieve DNS information from DHCP server
Symptom
The DHCP server does not provide access to IP addresses.
Cause
DNS or the DHCP server was not properly configured
31.8 Troubleshooting the appliance network setup 359
Action
1.
2.
Verify that each DNS IP address is correct.
Verify that the DNS server is not behind a firewall.
If it is, you might need to modify the firewall settings.
3.
4.
Verify that the DNS server is operational.
If necessary, use static address assignment instead of DHCP.
31.8.3 DNS server is unreachable
Symptom
An alert message reports that an IP address is not responding as a DNS server.
Action
Required privileges: Infrastructure administrator
1.
2.
3.
Verify that each DNS IP address is correct.
Verify that the DNS server is operational.
Verify that the DNS server is not behind a firewall.
If it is, you might need to modify the firewall settings.
4.
Change the network settings accordingly.
31.8.4 Gateway server is unreachable
Symptom
An alert message reports that an IP address is not a valid gateway.
Cause
Action
Required privileges: Infrastructure administrator
1. Verify the gateway address for your network.
2. Verify that the gateway server is operational.
3. Change the network settings accordingly.
31.8.5 Cannot change network settings
Symptom
You are unable to change network settings.
Cause
Improper permission
Action
1.
2.
3.
If possible, log in as a privileged user. Otherwise, request that the Infrastructure administrator
change your role so that you can change network settings.
Log in again.
Change the network setting.
360 Troubleshooting
31.8.6 NTP synchronization fails
Symptom
Appliance time and date settings do not match the NTP server.
Solution 1
Cause
Appliance is not properly configured for NTP. The configuration of the appliance contains an
error.
Action
1.
2.
3.
As an Infrastructure administrator, verify that the host name or IP address you specified is
an NTP server.
Examine the Appliance panel of the Settings screen to confirm that the IP address of the
NTP server is correct.
Verify that the NTP server is not behind a firewall.
If it is, you might need to modify the firewall settings.
4.
5.
Verify that the NTP server is up and communicating.
Synchronize the appliance clock with the NTP server. For more information, see the online
help.
Allow sufficient time for the appliance and the NTP server to synchronize. This could be as
long as one hour for a global NTP server.
Solution 2
Cause
Appliance time differs from NTP server by more than 1000 seconds. The appliance cannot
synchronize with the NTP server.
Action
1.
2.
3.
Edit the appliance time and locale settings to set the appliance’s time manually. For the
procedure, see the online help.
Verify that the time according to the appliance matches the NTP server’s time.
Synchronize the appliance with the NTP server. For more information, see the online help.
NOTE:
HPE recommends using four NTP servers while synchronizing the appliance.
Allow sufficient time for the appliance and the NTP server to synchronize. This could be as
long as ten minutes.
31.9 Troubleshooting email notifications
Use the following information to troubleshoot alerts that appear on the Notifications panel of
the Settings screen.
31.9.1 Cannot configure email notification of alerts
Symptom
You cannot configure the email notification of alerts feature.
31.9 Troubleshooting email notifications 361
Cause
You do not have the necessary permissions to use this feature.
Action
1.
2.
3.
Log in to the appliance as the Infrastructure administrator.
Add or edit an email recipient and filter entry.
Verify that you were able to add or edit the email recipient and filter entry successfully. The
recipient will be listed in the panel.
31.9.2 Unable to connect through <sending email address host name>
Symptom
The appliance is not able to connect through the sending email host name. The appliance cannot
send alert messages using the configured email address.
Solution 1
Cause
One or more parameters for configuring email notification is invalid, preventing the appliance
from reaching the host used for sending email.
Action
1.
2.
3.
4.
As Infrastructure administrator, view the configuration parameters. See the online help for
more information.
Correct any invalid configuration parameter.
Save the configuration.
Verify the configuration either by pinging the host or by sending a test message.
Solution 2
Cause
The appliance is experiencing network issues, which prevents the appliance from sending email
messages.
Action
1.
2.
As Infrastructure administrator, verify that the host name for the sending email address is
on the network by pinging the host.
See Appliance cannot access the network to resolve problems connecting with the network.
31.9.3 Host does not respond as an SMTP server
Symptom
The host name, which should send the email messages, is not responding as an SMTP server.
Solution 1
Cause
The host name was not configured correctly.
362 Troubleshooting
Action
1.
2.
3.
4.
5.
6.
As Infrastructure administrator, verify that the host name for the sending email address is
on the network by pinging the host.
Verify the port number used is correct.
View the parameters for configuring email notification of alerts. For information, see the
online help.
Update the Email parameters as needed.
Save the configuration.
Verify the configuration with the telnet command. For example:
telnet mail.example.com 25
7.
Verify also by monitoring email notifications.
Solution 2
Cause
The SMTP server used for sending email notification has TLS/SSL security protocols.
Action
1.
Verify the connection to the SMTP server using the correct port with the telnet command.
For example:
telnet mail.example.com 587
2.
3.
View the parameters for configuring email notification of alerts. For information, see the
online help.
Ensure that the SMTP server does not have TLS/SSL support.
Update the Email parameters as needed.
4.
5.
Save the configuration.
Verify the configuration with the telnet command. For example:
telnet mail.example.com 25
6.
Verify also by monitoring email notifications.
Solution 3
Cause
The email notification configuration has an invalid password for the SMTP server. The email
cannot be sent because it fails to provide the correct authentication.
Action
1.
Use the telnet command to connect to the SMTP server to verify the password. For
example:
telnet mail.example.com
2.
3.
View the parameters for configuring email notification of alerts. For information, see the
online help.
Ensure that the SMTP server password is correct.
Update the Email parameters as needed.
4.
5.
Save the configuration.
Verify by monitoring email notifications.
31.9 Troubleshooting email notifications 363
31.9.4 Unable to deliver email messages to some email IDs
Symptom
Some users receive email messages regarding alerts but other users do not receive the same
messages.
Solution 1
Cause
The recipient is either not configured or not configured correctly.
Action
1.
2.
As Infrastructure administrator, follow the procedure for editing an email recipient in the
online help so that you can view the recipient and filter entries.
Verify that the recipient is specified.
Correct the entry as needed.
3.
Verify that the email address of each recipient is valid.
Correct the entry as needed.
4.
Verify by monitoring email notifications.
Solution 2
Cause
The email message is filtered and thus not delivered because it is considered junk mail or spam.
Action
1.
2.
3.
If the host sending the email and the recipient are in the same domain, examine the email
application of the recipient.
Ensure that the email application does not block the message and that it does not treat the
message as spam or send it to a junk folder.
Verify by monitoring email notifications.
31.9.5 Designated recipients are not receiving email notifications of events
Symptom
No configured recipient is receiving email notification of alerts.
Solution 1
Cause
Email notification is currently disabled.
Action
1.
As the Infrastructure administrator, view the configuration parameters.
2.
3.
4.
Ensure that email notification feature is enabled.
Ensure that each email recipient and filter entry is appropriately enabled or disabled.
Verify by monitoring email notifications.
364 Troubleshooting
Solution 2
Cause
Recipients cannot receive email messages because their parameters are not configured properly.
Action
1.
2.
3.
As the Infrastructure administrator, view the configuration parameters.
Verify that the recipient is specified and that their email address is valid.
If the recipient is not specified, do one of the following, as appropriate:
•
Include the recipient in the list of email addresses for an existing filter by editing the
recipient and filter entry.
•
Add the recipient to a new filter.
For information on these procedures, see the online help.
4.
Verify by monitoring email notifications.
Solution 3
Cause
The configuration for the email recipient contains an invalid filter specification that does not
capture any alerts for notification.
Action
1.
2.
3.
As Infrastructure administrator, follow the procedure for editing an email recipient in the
online help to view the filter entries.
Examine the alerts reported in the Activity screen and note the alerts you believe should
have been captured by the filter.
Review the filter entries.
Ensure that the filter is defined precisely and accurately.
4.
5.
Save the email recipient and filter entry.
Verify the configuration by monitoring email notifications.
31.9.6 Frequent, irrelevant email messages
Symptom
Email messages that do not pertain to certain recipients are sent to them.
Cause
The configuration for the email recipient contains a filter specification that allows unwanted,
irrelevant alerts.
Action
Required privileges: Infrastructure administrator
31.9 Troubleshooting email notifications 365
1.
2.
3.
4.
As Infrastructure administrator, follow the procedure for editing an email recipient in the
online help to view the filter entries.
Review the filter entries:
•
Ensure that there are no empty filter entries. When the filter entry is empty, an email
message is generated for any alert.
•
Ensure that filter entries are unique. Otherwise, at least twice as many messages are
sent.
•
Be precise when specifying the filter criteria. Edit the filter entry so that it acts on only
the alerts for which you want to be notified.
Save the email recipient and filter entry.
Verify the configuration by monitoring email notifications.
31.9.7 Test message could not be sent
Symptom
A test message was sent, but none of the recipients received it.
Solution 1
Cause
One or more parameters for configuring email notification is invalid, preventing the appliance
from reaching the host used for sending email.
Action
1.
2.
3.
4.
As Infrastructure administrator, view the parameters for configuring email notification of
alerts. For more information, see the online help.
Correct any invalid configuration parameter.
Save the configuration.
Verify the configuration either by pinging the host or by sending a test message again.
Solution 2
Cause
The appliance is experiencing network issues, which prevents the appliance from sending email
messages.
Action
1.
2.
As Infrastructure administrator, verify that the host name for the sending email address is
on the network by pinging the host.
See Appliance cannot access the network to resolve problems connecting with the network.
31.9.8 Some test messages were not received
Symptom
Some recipients receive the test message but other recipients do not receive the same message.
Solution 1
Cause
The recipient is either not configured or not configured correctly.
366 Troubleshooting
Action
1.
2.
As Infrastructure administrator, follow the procedure for editing an email recipient in the
online help so that you can view the recipient and filter entries.
Verify that the recipient is specified.
Correct the entry as needed.
3.
Verify that the email address of each recipient is valid.
Correct the entry as needed.
4.
Verify by sending another test message.
Solution 2
Cause
The test message was filtered and thus not delivered because it is considered junk mail or spam.
Action
1.
2.
3.
If the host sending the email and the recipient are in the same domain, examine the email
application of the recipient.
Ensure that the email application does not block the message and that it does not treat the
message as spam or send it to a junk folder.
Verify by sending another test message.
31.10 Troubleshooting enclosures and enclosure groups
•
“Communication from Synergy Frame Link Module failed” (page 367)
•
“Enclosure configuration incomplete ” (page 368)
•
“Enclosure is no longer manageable ” (page 367)
•
“Enclosure inventory incomplete ” (page 368)
•
“Frame Link Module port state is unlinked or disabled ” (page 369)
31.10.1 Enclosure is no longer manageable
Symptom
An alert or error displays: Link port on link module is disconnected.
Cause
An HPE Synergy frame is not properly configured for redundancy due to a disconnected cable.
Action
•
Connect each frame to another frame within the group, and cable every LINK port to another
LINK port.
31.10.2 Communication from Synergy Frame Link Module failed
Symptom
An alert or error indicates a Communication error with an HPE Synergy frame.
Cause
Connection with an HPE Synergy frame failed or was interrupted.
Common causes of communication failures are:
31.10 Troubleshooting enclosures and enclosure groups 367
•
HPE Synergy frame link module is being reset or factory reset
•
Firmware update is in progress
•
Frame link module failover in progress
•
LINK connections changing between frame link modules
Action
1.
2.
3.
4.
5.
Wait for any actions such as those listed above to complete. If connectivity is not restored,
follow the resolution instructions listed in the alert.
Verify that all alerts related to LINK port connectivity have been addressed for all HPE
Synergy frames in the group of connected HPE Synergy frames.
If connectivity is not restored, see “Refresh the communication between an enclosure and
the appliance” in the online help.
If communication continues to fail, see “Reset the HPE Synergy frame link module” in the
online help.
If the problem persists, contact your authorized support representative.
31.10.3 Enclosure configuration incomplete
Symptom
An alert or error indicates that Enclosure management settings are not fully applied.
Cause
An add or refresh of an HPE Synergy frame failed and not all settings could be applied
Action
1.
Follow the resolution instructions listed in the alert.
If instructed to reset the frame link module, see “Reset frame link module” in the online help
for more information. Do not perform this step unless instructed.
2.
3.
4.
5.
Review all alerts on the frame to check if other frame link modules or other hardware
components are functioning properly. For each alert, follow the resolution instructions.
Verify that each frame link module is properly seated and the health indicator light on the
link module is green.
See “Refresh the communication between an enclosure and the appliance” in the online
help.
If the problem persists, contact your authorized support representative.
31.10.4 Enclosure inventory incomplete
Symptom
An alert or error indicates that Enclosure inventory may be incomplete.
Cause
Gathering information about the resources in the HPE Synergy frame failed
Common causes of gathering information failures are:
•
A communication error occurred
•
A device such as a fan, power supply, server, frame link module, or interconnect was recently
inserted and is not ready to be discovered
368 Troubleshooting
Action
1.
2.
3.
4.
5.
Follow the resolution instructions listed in the alert.
Review all alerts pertaining to this specific device. For each alert, follow the resolution
instructions.
Verify that the device is properly seated and the health indicator light on the device is green.
If the problem persists, perform an EFuse using HPE OneView REST API on the device or
physically remove the device and re-insert it. See “Perform a hard reset on a bay using
EFuse” in the HPE OneView REST API Scripting Help.
If the problem persists, contact your authorized support representative.
31.10.5 Frame Link Module port state is unlinked or disabled
Symptom
An alert or error indicates that the LINK port is connected to an unknown device.
Cause
Cable connecting the frame link modules are not cabled correctly or the LINK port is connected
to an unknown device.
Action
Resolution:
1.
2.
Check the cabling.
•
For multiple HPE Synergy frames, check that each frame link module in a group of
frames is cabled to another frame link module in the group through the LINK port. The
last frame in the group must have its link module cabled to the link module of the first
frame.
•
For a single HPE Synergy frame, check that the two frame link modules are cabled
together.
If the cabling is correct, then try re-seating the frame link module.
For more information on cabling, see the HPE Synergy Configuration and Compatibility
Guide at www.hpe.com/info/synergy-docs.
Symptom
An alert or error indicates that the LINK port is not connected.
Cause
The cable attached to the LINK port is disconnected.
Action
Check the cabling and make sure each frame link module in a group of linked frames are cabled
to another frame link module in the group through the LINK port.
Symptom
An alert or error indicates a Link module mismatch — enclosure is managed by another
appliance.
Cause
The frame link module is connected to another frame link module in a different HPE Synergy
frame group.
31.10 Troubleshooting enclosures and enclosure groups 369
Action
Resolution:
1.
2.
Disconnect the frame link module that is connected to the frame in a different group of frames.
Check the cabling and make sure each frame link module in the same group is cabled to
another frame link module in the group through the LINK port.
For more information on cabling, see the HPE Synergy Configuration and Compatibility
Guide at www.hpe.com/info/synergy-docs.
3.
Perform a factory reset of the HPE Synergy frame link module so that it can communicate
with the new group of frames.
Symptom
An alert or error indicates that the MGMT port is disconnected.
Cause
The MGMT port of the frame link module corresponding to the HPE OneView appliance is
disconnected.
Action
Check the cabling. The MGMT port on a frame link module associated with a Synergy management
appliance bay must be connected to your management network. For example, there is a frame
link module in bay #1, and an HPE Synergy Composer in appliance bay #1, the MGMT port of
frame link module 1 should be connected to the management network.
For more information on cabling, see the HPE Synergy Configuration and Compatibility Guide
at www.hpe.com/info/synergy-docs.
31.11 Troubleshooting firmware bundles
31.11.1 Incorrect credentials
Symptom
The iLO user name or password is not valid
Cause
While attempting to update server firmware, the user name or password you supplied is not valid
for an iLO management processor or incorrect credentials specified for a server.
Action
To resolve the issue, enter the correct credentials and add the enclosure again.
31.11.2 Lost iLO connectivity
Symptom
Connection error
Cause
Action
Recommendation
1.
2.
Reset the server to restore network connectivity to the server's management processor
Update the firmware again.
370 Troubleshooting
31.11.3 SUM errors
Symptom
Unable to remove the firmware upgrade log files
Cause
Action
Recommendation
1.
2.
Restart the appliance.
Update the firmware again.
Symptom
Unable to initiate the firmware update request
Cause
Action
Update the firmware again.
31.11.4 Failed firmware update on enclosure add
NOTE: When adding an enclosure, the iLO firmware might fail to update to the minimum version
due to network or power outages, or other issues. The device is listed in an Unmanaged state.
Symptom
iLO firmware failed to update
Cause
Action
Recommendation
1.
2.
3.
From the main menu, select Server Hardware.
In the master pane, select the unmanaged server hardware.
Select Actions→Update iLO firmware.
NOTE: You will only see "Update iLO firmware" if the iLO firmware is below the minimum
required and the server hardware is listed in an Unmanaged Unsupported Firmware
state.
4.
5.
Click OK.
To verify that the activity is successful, check the activity for a green status in the Notifications
area.
If the activity is not successful, follow the instructions in the proposed resolution.
31.12 Troubleshooting interconnects
31.12.1 Interconnect edit is unsuccessful
Symptom
A notification displays that modifying an interconnect was unsuccessful.
31.12 Troubleshooting interconnects 371
Cause
Interconnect edit is unsuccessful.
Action
1.
2.
Verify that the prerequisites listed in the online help are met.
Follow the instructions provided by any notification message.
NOTE: When the interconnect has been edited successfully, a notification will display in the
banner at the top of the screen, and the desired port setting and port status will be displayed.
31.13 Troubleshooting licenses
31.13.1 Licensing numbers appear to be inaccurate
Symptom
Recently added or assigned licenses are not reported in the licensing graphs.
Cause
The license graphs are not up to date.
Action
•
Refresh the Settings screen for the license graphs to display recent changes.
Symptom
The license graphs show a higher number of licensed server hardware than the current number
of server hardware under management.
Cause
Server hardware that has been assigned an HPE OneView Advanced license has been removed
from management. When server hardware that has been assigned an HPE OneView Advanced
license is removed from management, the license remains assigned to it. This could cause the
number of servers licensed to be higher than the number of licensed server hardware currently
being managed.
Action
•
Use the REST API to view the entire list of all servers assigned to licenses.
Symptom
Cannot find license count for HPE OneView Standard license.
Cause
The appliance does not display HPE OneView Standard license counts.
Action
To obtain a count of server hardware licensed with an HPE OneView Standard license:
1. From the Server Hardware screen, click in the Smart Search box and for Scope select
Server Hardware.
2. In the Smart Search box, type state:Monitored and press Enter.
The master pane will display all monitored server hardware. All monitored server hardware
is assigned an HPE OneView Standard license.
372 Troubleshooting
31.13.2 Could not view license details
Symptom
License details are not available for the appliance.
Cause
There is no license assigned to the appliance.
Action
Required privileges: Infrastructure administrator
1. Log in as Infrastructure administrator.
2. Assign the license.
3. View the license details again.
Symptom
The filter criteria is blank or incorrect. The appliance could not return any results.
Cause
The filter criteria was not accurate and could not return any results.
Action
Required privileges:Infrastructure administrator
1. Log in as Infrastructure administrator.
2. Correct the filter criteria.
3. View the license details again.
31.13.3 Could not add license
Symptom
You are unable to add a license for the appliance.
Solution 1
Cause
License key is blank, incorrect, or invalid.
Action
1.
2.
3.
4.
5.
Log in as Infrastructure administrator.
Verify the license key that you entered.
Provide proper values and make sure that the license key format is valid.
Try again.
If the problem persists, contact your authorized support representative.
Solution 2
Cause
The license key expired.
31.13 Troubleshooting licenses 373
Action
1.
2.
3.
Log in as Infrastructure administrator.
Acquire a valid, current license key.
Try again with the new license key.
Solution 3
Cause
Invalid date and time setting for appliance. The license is not yet active. It is too early to add the
license.
Action
1.
2.
3.
Confirm the date and time setting of the appliance.
Inspect the date and time when the license becomes active.
If the problem persists, contact your authorized support representative.
31.13.4 Could not add license key
Symptom
You are unable to add a license key for the appliance.
Solution 1
Cause
The license key is blank, incorrect, or invalid.
Action
Required privileges: Infrastructure administrator
1. Log in as Infrastructure administrator.
2. Verify the license key that you entered.
3. Provide proper values and make sure that the license key format is valid.
4. Try again.
5. If the problem persists, contact your authorized support representative.
Solution 2
Cause
License key has expired.
Action
1.
2.
3.
Log in as Infrastructure administrator.
Acquire a valid, current license key.
Try again with the new license key.
Solution 3
Cause
Invalid date and time setting for appliance. The license is not yet active. It is too early to add the
license.
374 Troubleshooting
Action
1.
2.
3.
Confirm the date and time setting of the appliance.
Inspect the date and time when the license becomes active.
If the problem persists, contact your authorized support representative.
31.13.5 Could not apply license
Symptom
A license or license key could not be applied to an instance.
Solution 1
Cause
All the licenses in the license key are in use. The instance that you tried to license is recorded
as unlicensed.
Action
1.
2.
3.
Log in as Infrastructure administrator.
Acquire a new license key.
Try again with the new license key.
Solution 2
Cause
The license that you are trying to apply is already in use.
Action
1.
2.
If there are remaining unused licenses, try again with another license.
Otherwise, acquire a license key with unused licenses and try again with a license from the
new license key.
Solution 3
Cause
The license was applied to an instance or a product that is already licensed.
Action
1.
2.
Verify the instance or product that you are trying to license.
If necessary, try again with the correct instance or product name.
31.13 Troubleshooting licenses 375
31.14 Troubleshooting locale issues
Symptom
Possible cause and recommendation
Messages returned
from REST API calls
specifying Chinese
(zh) or Japanese (ja)
in the
Accept-Language
header are not
displayed correctly
When using a Microsoft Windows Command Prompt window to invoke REST APIs (either
directly or via scripts run in the Command Prompt window), messages returned from REST
API calls specifying Chinese (zh) or Japanese (ja) in the Accept-Language header are not
displayed correctly.
HPE OneView returns messages using the UTF-8 encoding. This is not
supported by current versions of the Command Prompt window
1. When using a Command Prompt window, set the REST API accept-language header to
a locale that is supported by Command Prompt such as en-us.
2. Redirect the output of the REST call to a text file and view the file using Windows tools
such and Notepad which supports UTF-8.
3. Use other third-party tools available for Windows that support UTF-8. For example, users
have reported that the Cygwin environment for Windows supports UTF-8.
31.15 Troubleshooting logical interconnects
31.15.1 I/O bay occupancy errors
Symptom
Cause
Change in interconnect state
Action
Interconnect state errors can be caused by:
•
Interconnect missing from an IO bay (Interconnect state is Absent)
•
Unsupported interconnect model found in an IO bay (Interconnect state is Unsupported)
•
Unable to manage interconnect in IO bay due to unsupported firmware (Interconnect state
is Unmanaged)
•
Mismatch between the interconnect type and the type specified by logical interconnect group
•
Mismatch of horizontally adjacent interconnect modules
31.15.2 Uplink set warnings or errors
Symptom
Uplink set not operational
Cause
Uplink set not operational due to:
•
One or more uplinks are not in operation due to a bad cable, no cable, lack of transceiver,
or invalid transceiver
•
No networks assigned
•
DCBX information is missing for an FCoE network
376 Troubleshooting
Action
1.
2.
3.
Verify that the following prerequisites are met:
•
At least one network is defined
•
You have Network administrator privileges or equivalent to manage networks.
•
DCBX information is required for FCoE networks
Verify that the data you entered on the Add Uplink Set screen is correct, and that the uplink
set name is unique.
Retry the operation.
31.15.3 Physical interconnect warnings or errors
Symptom
Interconnect-level warnings or errors
Cause
Interconnect warnings or errors can be caused by:
•
Downlink with a deployed connection is not operational
•
Incorrect firmware version (different from firmware baseline version)
•
Configuration error
•
Hardware fault
•
Lost communication
•
Administratively disabled ports
Action
31.15.4 Firmware update errors
Symptom
Firmware update fail entries shown in the Activity log.
Cause
Interconnect firmware errors can be caused by:
•
Restarting interconnect modules while a firmware update is in progress.
•
Starting a firmware update while another firmware update is already in progress.
•
An interconnect in the Logical Interconnect is not in a Configured state before starting the
upgrade.
•
HPE OneView cannot communicate with the enclosure.
Action
•
Do not restart interconnect modules while a firmware update is in progress.
•
Check the Activity Log for more information about the root cause.
1. If staging firmware failed, check the Activity Log, correct the problem and restart the
update.
2. If activating firmware failed, check the Activity Log, and then manually activate the
firmware.
31.15 Troubleshooting logical interconnects 377
•
Make sure that all interconnects in the Logical Interconnect are in the Configured state
before starting the upgrade.
•
If a firmware update persistently fails, see the online help to create a logical interconnect
support dump file and contact your Hewlett Packard Enterprise support representative.
31.16 Troubleshooting networks
31.16.1 Network create operation is unsuccessful
Symptom
Network creation is unsuccessful.
Cause
The network configuration is incorrect.
Action
1.
2.
Verify that:
•
The network name is unique. The VLAN ID is appended to the network name when
creating multiple tagged networks using a bulk operation.
•
The number of networks does not exceed the maximum as indicated in the HPE
OneView Support Matrix for HPE Synergy.
•
The number of private networks does not exceed the maximum as indicated in the HPE
OneView Support Matrix for HPE Synergy.
Retry the create network operation.
31.17 Troubleshooting the OS deployment server
31.17.1 Unable to communicate with the selected primary cluster
Symptom
HPE OneView is unable to communicate with the selected primary cluster.
Cause
The selected primary cluster is unpaired or unavailable.
Action
Select a new primary cluster by performing an edit operation on the OS deployment server and
restore deployment server backup to the new primary cluster.
31.18 Troubleshooting reports
31.18.1 Cannot view reports
Symptom
You cannot access any reports.
Cause
Improper authorization
378 Troubleshooting
Action
•
Log out, then log in with a user role that allows you to review reports. For example:
◦
Infrastructure administrator
◦
Network administrator
◦
Server administrator
◦
Storage administrator
◦
Read only
31.19 Troubleshooting scopes
31.19.1 Cannot add scope
Symptom
Clicking Create or Create+ does not generate a scope.
Solution 1
Cause
The scope name was entered with invalid characters.
Action
Re-enter the scope name using only alphanumeric characters, the plus sign (+), and space
characters for the scope name.
Solution 2
Cause
The name given for the scope is already in use.
Action
Supply a unique name for the scope.
31.19.2 Cannot edit or delete scope
Symptom
REST API call failed with Error 412, “Precondition Failed”.
Cause
The eTag passed in the “If-Match” request header does not match the current eTag of the scope
being edited or deleted.
Action
Try the operation again with either a current eTag or the eTag set to “*”.
31.20 Troubleshooting server hardware
For information on specific server hardware issues, see the HPE OneView Release Notes.
31.19 Troubleshooting scopes 379
31.20.1 Cannot control power on server
If you have difficulty with server power control, examine recent configuration and security changes
which might affect this feature. Often the iLO event log can be a useful starting point to see these
changes.
Hardware could have failed as well. Use the Integrated Management Log (IML) on the iLO for
Power On Self Test (POST) errors to determine if a hardware failure has occurred.
If a power on or power off action fails, follow the instructions in the notification message.
31.20.2 Lost connectivity to server hardware after appliance restarts
When the appliance restarts after a crash, the server inventory is evaluated for any long-running
activity that failed, such as applying server profile settings, that might have been in progress
when the crash occurred. You can recover by performing the same action again, such as
reapplying the server profile settings.
The appliance resynchronizes the servers. During resynchronization, each server hardware
enters the resyncPending state. A full resynchronization of individual server hardware includes
rediscovering the server hardware, verifying the server hardware power state and updating the
resource state accordingly, and updating the health status. The appliance creates a task queue
for each task during a resynchronization operation.
31.20.3 Replace a server with an assigned server profile
Symptom
Server Hardware failure
Cause
Server hardware failed and must be replaced.
Action
1.
2.
3.
Gracefully shut down the server hardware.
Remove the original server and install the replacement server.
If the server hardware type of the replacement server matches the server hardware type of
the original server then:
a. If the Affinity defined in the profile is set to Device bay, the server profile will be
automatically re-assigned to the new server. Proceed to step 5.
b. If the Affinity is set to Device bay + server hardware, the server profile must be edited
and re-saved to allow the appliance to reconfigure the profile for the new server. No
changes to the server profile are required. Proceed to step 5.
4.
If the server hardware type of the replacement server does not match the server hardware
type of the original server a new profile must be created that matches the server hardware
type of the replacement server. The original profile assigned to the server must be unassigned
or deleted and the new profile assigned to the replacement server. Or, the server hardware
type must be updated to match the inserted hardware.
If the iLO firmware version is greater than or equal to the minimum required firmware version,
proceed to Step 6. The minimum iLO firmware version is available in the HPE OneView
Support Matrix for HPE Synergy. If the replacement server has an iLO firmware version
less than the minimum required firmware version, an alert on the Server Hardware screen
is displayed and the server status is Unmanaged/Unsupported Firmware.
5.
380 Troubleshooting
a.
b.
6.
Select Actions→Update iLO firmware.
Click OK.
If the iLO firmware version is different from the baseline and the server profile is assigned
to a Gen8 server or later, the iLO server firmware can be updated automatically with the
re-assignment of the server profile.
a. From the main menu, select Server Profiles, and then select the server profile to edit.
b. Select Actions→Edit. If needed, select the proper server hardware.
c. To manage the firmware update manually, from the Firmware baseline list, select
managed manually.
d. To automatically update the firmware, select the appropriate firmware baseline. To force
install the firmware, select Force installation.
e. Click OK.
If the firmware version is different from the baseline and the server profile is assigned to a
G7 server, you must update the firmware outside of the appliance.
31.20.4 Replace a server adapter on server hardware with an assigned server
profile
IMPORTANT: The replacement adapter must match the old adapter. If the replacement adapter
does not match the old adapter, the server hardware type will change. If a server profile was
assigned to that server hardware, a new server profile must be created to support the changed
server hardware type.
Symptom
Server adapter failure
Cause
Server adapter failed and must be replaced.
Action
1.
2.
3.
Gracefully shut down the server.
Replace the adapter on the server.
If the corresponding server profile is configured with virtual identifiers (MAC & WWN
addresses) proceed to step 4. If the profile is configured with physical identifiers (MAC &
WWN), consider the following:
a. Due to change in the identifiers, any Ethernet network configurations may be lost on
the OS and may require a reconfiguration.
b. The server host WWN may need to be updated in your storage network zone and on
the storage array.
4.
Check the firmware version of the new adapter.
a. From the main menu, select Server Hardware or Server Profiles, and then select the
server hardware or server profile that contains the replaced adapter.
b. From the Server Hardware screen or Server Profile screen, select Actions→Launch
console. The iLO Remote Console is launched.
c. Power on the server and check the firmware version of the new adapter during boot.
31.20 Troubleshooting server hardware 381
NOTE: To check that the firmware version matches your firmware baseline, from the
main menu, select Firmware Bundles, and select your firmware baseline. Scroll through
the list of firmware to find what is offered in your baseline and compare it to your adapter
firmware.
5.
If the firmware version is different from the baseline and the server profile is assigned to a
Gen8 server or later, the server firmware can be updated automatically with the re-assignment
of the server profile.
a. From the main menu, select Server Profiles, and then select the server profile to edit.
b. Select Actions→Edit. If needed, select the proper server hardware.
c. To manage the firmware update manually, from the Firmware baseline list, select
managed manually.
d. To automatically update the firmware, select the appropriate firmware baseline. To force
install all of the firmware, even if it is the same or newer, select Force installation.
e. Click OK.
31.21 Troubleshooting server profiles
31.21.1 Server profile is not created or updated correctly
When a server profile is not created or updated correctly, a notification appears at the top of the
screen stating the profile operation was not successful; click the notification area to show more
details. Also, the status icon next to the server profile name indicates it is in an Error condition
(
). The profile remains on the appliance, but you must edit the profile to correct it. When you
correct the server profile, the profile status changes to OK (
).
Symptom
Cause
Server profile is not created or updated correctly.
Action
Verify the following conditions:
1.
2.
Verify that the prerequisites listed in the online help have been met.
Verify that the following conditions are TRUE:
•
The latest SPP is installed and applied
•
A profile name has been entered and is unique
•
The selected server hardware is powered off
•
The server hardware is in the No Profile Applied state, has the correct firmware,
the ports are mapped to the correct interconnect, and the device bay has no profile
assigned to it
•
The server hardware is able to power cycle, and a user did not shut down the server
hardware while the profile settings were being applied
•
You applied the correct iLO and system ROM firmware levels
•
You are using supported server hardware
•
The iLO has an IP address and network connectivity
382 Troubleshooting
3.
•
Communication exists with the server hardware iLO, including but not limited to whether
the iLO is functioning, network cabling is connected and functional, and there are no
problems with switches or interconnects in the management network
•
The appliance and managed resources are not separated by a firewall
•
The add enclosure operation successfully completed.
•
The add server hardware operation successfully completed.
•
The specified network or network set is available on the server hardware port.
•
The interconnects are in the Configured state, and have the correct firmware.
•
The logical interconnect configuration matches its logical interconnect group.
•
There are no duplicate networks on a physical port.
•
If multiple adapters are installed, all adapters must have the same firmware version.
•
User-specified addresses are unique and have correct format
When the issues have been addressed, either edit the profile or delete the profile and create
another profile.
If the server profile has duplicate networks on the same physical port:
•
Change the connection to a different port
•
Change the connection to use a different VLAN
Symptom
Cannot find a network when adding a connection
Cause
Action
Verify that the following condition is true:
•
The logical interconnect group is set up with the networks configured into uplink sets.
Symptom
Cannot add a connection from the profile
Cause
Action
Verify that the following conditions are true:
•
The interconnects in the logical interconnect group are in the Configured state and have
the correct firmware.
•
The servers are in the No Profile Applied state, have the correct firmware, and the
ports are mapped to the correct interconnect.
Symptom
A profile operation timeout when applying BIOS settings.
Cause
The server hardware or its iLO are powered-off/reset or the appliance cannot collect progress
information from the iLO.
31.21 Troubleshooting server profiles 383
Action
•
In most cases, retrying the operation resolves the problem.
Symptom
Auto-assignment for FlexNIC fails while assigning or deploying connections.
Cause
Invalid configuration
•
Auto-assignment for FlexNIC connections does not validate the following:
◦
Bandwidth oversubscription on the physical port
◦
Maximum networks (VLANs) on the physical port
◦
Duplicate networks (VLANs) on the physical port
Action
•
Manual assignment is required.
31.21.2 Cannot apply the server profile
Symptom
Cannot apply the server profile
Cause
Action
If you received an error that Intelligent Provisioning failed to boot in the required period of time,
perform these steps:
1.
2.
Attempt to boot into Intelligent Provisioning manually on the affected system by pressing
F10 during POST.
If manually booting to Intelligent Provisioning works, then retry the operation from HPE
OneView.
If manual booting still fails, reboot the iLO and then retry step 1.
3.
If the previous steps fail and the server is a BL465c with an active Smart Array Controller,
disable the IOMMU on the server temporarily using RBSU.
a. During system boot, press F9 to enter the RBSU.
b. Select System Options.
c. Select Processor Options.
d. Select AMD-Vi (IOMMU).
e. Select Disabled.
f. Save and exit RBSU.
4.
If booting still fails, install the latest version of Intelligent Provisioning found at http://hpe.com/
info/intelligentprovisioning..
Symptom
Cannot verify the status of the server hardware
384 Troubleshooting
Cause
Action
To verify the operational status of the server hardware:
1.
2.
3.
Click Cancel to exit from the Create Server Profile screen.
From the main menu, navigate to the Server Hardware screen.
Find, and then select the server hardware.
31.21.3 Profile operations are not successful
Symptom
Message indicates that the server is managed by another management system
Cause
The enclosure is no longer managed by HPE OneView.
Action
To prevent losing all allocated virtual IDs, perform the following steps before forcibly deleting the
server profile.
1. Use REST APIs or Powershell to get the server profile.
GET /rest/server-profiles
2.
3.
Force delete the profile using the UI or REST APIs.
Recreate the IDs using the User Specified option in the UI, or use REST APIs to create the
server profile:
a. Get the server profile.
GET /rest/server-profiles
b.
Edit the server profile.
1) Remove uri, serverHardwareTypeUri, enclosureGroupUri,
enclosureUri, and enclosureBay.
2) Change the serverHardwareUri value to the server the profile is going to be
associated to.
3) Change serialNumberType from Virtual to UserDefined.
4) In the connections property, change macType from Virtual to UserDefined.
5) In the connections property, change wwpnType from Virtual to UserDefined.
6) In the connections property, if applicable change networkUri with the correct
networks.
c.
Create the server profile.
POST /rest/server-profiles
31.21.4 Cannot update or delete profile
Symptom
Unable to update profile: MyProfile or make additional firmware changes
Cause
A firmware update is in progress.
31.21 Troubleshooting server profiles 385
Action
•
Wait until the firmware install is complete.
Solution 1
Symptom
Unable to delete profile: MyProfile or cannot make additional firmware changes
Cause
A firmware update is in progress.
Action
Do one of the following:
1.
2.
Wait until the firmware installation is complete. It is highly recommended that you do not
abort before the installation is completed.
Select the Force delete option.
Solution 2
Cause
Server is not powered off.
Action
To delete a profile:
•
Power off the server.
NOTE: Momentary press is allowed at all times but Press and Hold is restricted as it might
send the server to an inconsistent state.
Symptom
Unable to power off server profile
Cause
Press and hold operation is denied.
Action
Do one of the following:
•
Momentarily press the power button and SUT will ensure none of the hardware goes to an
inconsistent state.
•
Try the Press and hold power operation after SUT has moved to a terminal state.
NOTE:
•
The Press and hold power operation is not allowed while Smart Update Tools is updating
firmware or drivers.
•
It is highly recommended that you wait until the firmware installation is complete and that
you do not abort the process.
Symptom
Cannot complete firmware installation
386 Troubleshooting
Cause
The firmware on {server} does not match the firmware baseline.
Action
•
If you selected to update firmware using HPE SUT, you need to install HPE SUT to complete
the firmware and driver update.
31.21.5 Inconsistent firmware versions
Symptom
Firmware installation not complete or does not match baseline.
Cause
Firmware does not match firmware baseline.
Action
Do one of the following:
•
Install and run Smart Update Tools.
•
Edit the server profile to use the “Firmware only” option for firmware baseline installation.
Symptom
Unable to update firmware
Solution 1
Cause
Baseline not supported with Smart Update Tools.
Action
Do one of the following:
•
Select a baseline that has HP SUM 7.4 or above and iLO firmware version 2.30 or above.
For information about HP SUM, see the HP SUM Best Practices Implementation Guide at:
www.hpe.com/info/hpsum/documentation.
•
Edit the affected server profiles to use Firmware only.
Solution 2
Cause
Server does not have required license for virtual media.
Action
Apply an iLO Advanced license on the server or apply an iLO hotfix for 2.30.
Symptom
Servers powered on, but not configured for SUT.
Cause
Servers are powered on but their server profiles are not configured to use Smart Update Tools.
31.21 Troubleshooting server profiles 387
Action
Edit the affected server profiles and select a firmware update option that uses Smart Update
Tools.
NOTE: This symptom can also appear when attempting Logical Enclosure shared infrastructure
and server profile firmware update.
Symptom
Any failure to update firmware and OS drivers.
Cause
Some components did not deploy.
Action
1.
2.
If a few components fail to deploy, log in to the target server OS and run gatherlogs
bat/sh (use either bat or sh based on whether the OS is Windows or Linux, respectively).
gatherlogs is located in the target server staging directory.
To identify the staging directory, use the hpesut—status command from the staging
directory and send the report to HPE for troubleshooting. See the Smart Update Tools User
Guide at: http://www.hpe.com/info/hpsut/docs.
31.22 Troubleshooting storage
31.22.1 Brocade Network Advisor (BNA) SAN manager fails to add
Symptom
Adding the SAN manager fails with the error “No SAN manager can be found at the specified
location.”
Solution 1
Cause
The BNA or the Standalone SMI Agent is not installed on a server
Action
•
See the BNA software documentation.
Solution 2
Cause
A BNA administrator account with full access is not configured and available for use by the
appliance.
Action
•
See the BNA software documentation.
Solution 3
Cause
The Common Information Model Object Manager (CIMOM) is not installed and configured on
the server.
388 Troubleshooting
Action
•
See the BNA software documentation.
Solution 4
Cause
The BNA SSL setting and the SSL setting for the BNA on the appliance do not match.
Action
1.
2.
3.
4.
Use the BNA software to verify whether or not SSL is enabled. See the BNA software
documentation for more information.
From the SAN Managers screen, verify that the Use SSL setting on the appliance for BNA
matches the SSL setting in the BNA software. If the SSL setting does not match:
a. From the main menu, select SAN Managers, and do one of the following:
•
In the master pane, select the BNA and select Actions→Edit.
•
Hover your pointer device in the details pane and click the Edit icon.
For Use SSL, change the value so that it matches the SSL setting in the BNA software.
Click Ok to save your changes.
31.22.2 Unable to establish connection with Brocade Network Advisor (BNA) SAN
manager
Symptom
Possible cause and recommendation
Unable to establish
a connection with
the SAN manager
The CIMOM is not bound to the NIC that is on the same subnet as the
appliance
Binding the CIMOM to an NIC on the same subnet as the appliance is required for the
appliance to connect and communicate with the BNA network management software.
• See the BNA software documentation.
31.22.3 Volume not available to server hardware
Symptom
Volume not accessible on the server.
Solution 1
Cause
A possible cause of a volume not being accessible on the server is that the SAN zone is improperly
configured or missing.
Action
The following are recommended solutions:
Re-enable the attachment (Managed SAN case)
1.
2.
3.
4.
From the main menu, select Server Profiles.
In the master pane, select a server profile and select Actions→Edit.
Under SAN Storage locate the volume attachment and select Enable.
Click OK.
31.22 Troubleshooting storage 389
Create or configure the zone using the SAN management software (no managed SAN)
•
See the SAN manager documentation.
Using managed SANs
1.
2.
Verify that the SAN manager and SAN is associated with the network.
Verify that Automate zoning is enabled.
Automated zoning is not enabled on the SAN
Verify that the zone has been manually configured.
1.
See the SAN manager documentation.
Cause
A possible cause of a volume not being accessible on the server is that the Server initiators are
not logged into the fabric because the interconnect port is disabled.
Action
The following are recommended solutions:
Enable the interconnect port on the appliance
1.
2.
3.
4.
From the main menu, select Interconnects.
In the master pane, select an interconnect and select Actions→Edit.
Locate the port you want to enable and select Enable.
Click OK.
You can also use the REST API to complete this task.
REST API: /rest/interconnects/{id}/ports
See the HPE OneView REST API Reference for more information.
Re-configure the logical interconnect group
1.
2.
3.
4.
5.
6.
7.
From the main menu, select Logical Interconnect Groups.
In the master pane, select a logical interconnect group and select Actions→Edit.
Edit the uplink sets to connect the networks with the desired interconnect ports.
Click OK.
Verify that the logical interconnect group link comes online.
From the main menu, select Logical Interconnects.
In the master pane, select a logical interconnect and select Actions→Update from group.
You can also use the REST API to complete this task.
REST API: /rest/logical-interconnect-groups/{id} and
/rest/logical-interconnects/{id}/compliance
See the HPE OneView REST API Reference for more information.
Verify the cabling
1.
Verify the physical cabling is configured as intended.
Solution 2
Cause
A possible cause of a volume not being accessible on the server is that the connection has not
been defined in the server profile.
390 Troubleshooting
Action
Add a connection to a network in the server profile
1.
2.
3.
4.
5.
6.
From the main menu, select Server Profiles.
In the master pane, select a server profile and select Actions→Edit.
Under Connections click Add Connection.
For Device type select Fibre Channel over Ethernet.
For Network select a network that is connected to the storage system and click Add.
Click OK.
31.22.4 Volume is visible from the storage system but not visible on the appliance
Symptom
Possible cause and recommendation
Volume is not in a
normal state
A possible cause of a volume not being visible on the appliance is that the volume has been
moved to a storage pool that is not managed by the appliance.
Move the volume to a pool that is managed by the appliance and refresh
the volume using the storage system software
• See the storage system documentation.
Bring the storage pool in which the volume resides under management
of the appliance
NOTE: If the volume was moved by Adaptive Optimization, Hewlett Packard Enterprise
recommends bringing all pools that Adaptive Optimization might use under management of
the appliance. This will ensure that the volume is still available to the appliance if it is moved
by Adaptive Optimization.
1. From the main menu, select Storage Pools, and do one of the following:
• Click + Add storage pool in the master pane.
• Select Actions→Add.
2. For Storage System, select the storage system that contains the storage pools you want
to add.
3. For Storage Pool, select the storage pool you want to add.
4. Click Add to add the storage pool, or click Add + add another pool.
You can also use the REST API to complete this task.
REST API: /rest/storage-pools
See the HPE OneView REST API Reference for more information.
31.22.5 Target port failure
Symptom
Target port is in a failure state.
Solution 1
Cause
Target port failure is that the Actual and Expected network are mismatched. The expected network
needs to be updated on the appliance.
Action
To update the expected network on the appliance
1.
2.
From the main menu, select Storage Systems.
In the master pane, select the storage system and select Actions→Edit.
31.22 Troubleshooting storage 391
3.
4.
For the port change the Expected Network so that it matches the Actual Network.
Click OK.
You can also use the REST API to complete this task.
REST API: /rest/storage-systems/{id}
See the HPE OneView REST API Reference for more information.
Solution 2
Cause
The physical cabling is improperly configured (Fabric attach).
Action
•
Verify that the cabling between the storage system and the SAN switch is properly configured.
Solution 3
Cause
Port failed on device.
Action
•
Examine your storage system hardware. Repair as necessary.
31.22.6 Zone operations fail on Cisco SAN manager
Symptom
Zone operations on Cisco SAN manager fail.
Cause
The snmpd service has crashed.
View the SAN manager log from the SAN manager software to verify that the snmpd service has
crashed. One cause of the snmpd service crashing is out-of-date firmware on the SAN manager.
Action
Update the firmware on the SAN manager to the latest version
1.
2.
Follow the manufacturer’s instructions for updating the firmware on the SAN manager.
Re-try the zone operation on the appliance.
31.22.7 Storage system port is in an undesired state
Storage system port is in a failing over state
Cause
The port is offline and is in the process of failing over to the partner port.
Action
Wait for the state to change.
Storage system port is in a failed over state
Cause
The port is offline and has failed over to the partner port.
392 Troubleshooting
Action
Resolve the issue with the port on the storage system.
Verify connectivity to the infrastructure.
Storage system port is in a failed state
Cause
The port is off offline and cannot fail over to the partner port.
Action
Verify the status and configuration of both storage ports.
Verify cabling or other infrastructure issues.
Storage system port is in a recovering state
Cause
The port is online and in the process of returning to a normal state.
Action
Wait for the state to change.
Storage system port is in a partner port failed over state
Cause
The partner port has failed over and the port is the partner port traffic.
Action
Resolve the issue with the partner port on the storage system.
Verify port connectivity to the infrastructure.
Storage system port is in a partner failed state
Cause
The partner port has failed and the fail over operation was not successful.
Action
Verify the status and configuration of both storage ports.
Verify for cabling or other infrastructure issues.
31.23 Troubleshooting user accounts
31.23.1 Incorrect privileges
Users must have view privileges (at minimum) on a managed object to see that object in the user
interface.
Symptom
Unable to see specific resource information or perform a resource task
Cause
Your assigned role does not have the correct privileges.
31.23 Troubleshooting user accounts 393
Action
Request a different role or an additional role from the Infrastructure administrator in order to do
your work.
31.23.2 Cannot modify local user account
Symptom
You cannot add, edit, or delete a local user account.
Improper authorization
Cause
You do not have proper authorization or you entered invalid parameters.
Action
1.
2.
Log in to the appliance as the Infrastructure administrator.
Try to add, edit, or delete the user account again.
Network issues
Action
1.
2.
3.
Log in to the appliance as the Infrastructure administrator.
See “Synergy Composer cannot access the network” (page 359)
Try to add, edit, or delete the user account again.
Appliance certificate needs to be updated
Cause
The appliance certificate is invalid or it has expired.
Action
1.
2.
3.
4.
5.
6.
Log in to the appliance as the Infrastructure administrator.
Acquire a new appliance certificate.
Refresh the browser page.
Accept the new certificate.
Add the user account.
Try to add, edit, or delete the user account again.
31.23.3 Cannot delete local user account
Symptom
The deletion fails with error code 500.
Action
1.
Perform the following REST API call to modify the user account to be deleted:
PUT https://{appl}/rest/users
2.
Try to delete the user account again.
31.23.4 Unauthenticated user or group
Each user is authenticated on login to the appliance by the authentication service that confirms
the user name and password. The Edit Authentication screen enables you to configure
394 Troubleshooting
authentication settings on the appliance; the default values are initially populated during first time
setup of the appliance.
Symptom
Unable to configure a directory user or group
Cause
Authentication settings incorrect
Action
To configure authentication settings:
1.
2.
3.
4.
5.
From the Users screen, click Add Directory User or Group.
Click add a directory.
From the Edit Authentication screen, click Add directory.
Provide the requested information.
Click OK.
31.23.5 User public key is not accepted
Symptom
User public key does not work or is not accepted.
Cause
Hidden characters introduced during a copy/paste operation change the key code.
Action
•
Enter the key again, taking care to prevent special characters from being injected into the
key when pasting it into the public key field.
•
Only RSA keys are supported.
31.23.6 Directory service not available
Symptom
The directory service could not be accessed by the appliance.
Solution 1
The server for the directory service cannot be accessed.
Cause
Either the server for the directory service or the network is down.
Action
1.
2.
3.
Run theping command on the directory server IP address or host name to determine if it
is online.
Verify that the appliance network is operating correctly.
Contact the directory service administrator to determine if the server is down.
31.23 Troubleshooting user accounts 395
Solution 2
Cause
Configuration errors prevent the directory service from being reached
Action
1.
2.
3.
4.
5.
6.
Verify that the name of the directory service is unique and entered correctly. Duplicate names
are not accepted.
Verify that the Directory type is correct.
Ensure that the Base DN fields and, for OpenLDAP, the User naming attribute field, and
Organizational unit fields are correct.
Verify that the credentials of the authentication directory service administrator are correct.
Verify that the group is configured in the directory service.
Ensure that the role assigned to the group is correct.
31.23.7 Cannot add directory service
Symptom
You cannot add a directory service to the appliance.
Solution 1
Cause
An external problem disconnected the directory server host.
Action
1.
2.
3.
4.
5.
Log in as the Infrastructure administrator
Verify that the settings for the directory service host are accurate.
Locally run the ping command on the directory server’s IP address or host name to determine
if it is on-line.
Verify that the port for LDAP communication with the directory service is port 636.
Verify that the port (default port 636) you are using for communication is not blocked by any
firewalls.
See “Ports required for HPE OneView” (page 74).
6.
7.
Verify that the appliance network is operating correctly.
Determine that the appliance is functioning properly and that there are enough resources.
Solution 2
Cause
The directory server host is refusing to authenticate the appliance because the certificate has
expired.
Action
1.
2.
Log in as the Infrastructure administrator
Verify the login name and password are accurate.
Contact the directory service provider to ensure that the credentials are accurate.
3.
Reacquire and install the directory service host certificate.
396 Troubleshooting
Solution 3
Cause
The certificate is not in valid x509 format.
Action
1.
2.
3.
4.
Log in as the Infrastructure administrator
Correct the configuration and try again.
Re-acquire and install the directory service host certificate, if necessary.
Contact the directory service provider to ensure that the credentials are accurate.
Solution 4
Cause
The certificate does not contain the x509v3 key usage extension.
Action
1.
2.
3.
Log in as the Infrastructure administrator
Ensure that the certificate contains the key usage extension.
Re-acquire and install the directory service host certificate, if necessary.
Solution 5
Cause
The directory server host cannot authenticate the appliance because the credentials are invalid.
Action
1.
2.
3.
4.
5.
Log in as the Infrastructure administrator
Verify the login name and password are accurate.
Verify the search context information is accurate; you might be trying to access a different
account or group.
Re-acquire and install the directory service host certificate.
Contact the directory service provider to ensure that the credentials are accurate.
31.23.8 Cannot add server for a directory service
Symptom
You cannot configure a server for the directory service.
Solution 1
Cause
The appliance lost connection with the directory service, but that connection was lost.
Action
1.
2.
3.
Verify that the settings for the directory service host are accurate.
Verify that the correct port is used for the directory service.
Verify that the port (default port 636) you are using for communication is not blocked by any
firewalls.
See “Ports required for HPE OneView” (page 74).
31.23 Troubleshooting user accounts 397
4.
5.
Locally run the ping command on the directory service host’s IP address or host name to
determine if it is on-line.
Verify that the appliance network is operating correctly.
Solution 2
Cause
There is an authentication error when logging in to the server for the directory service.
1.
2.
3.
Verify that the login name and password are accurate.
Reacquire and install the directory service host certificate.
Contact the directory service provider to ensure that the credentials are accurate.
Solution 3
Cause
There are incorrect parameters when the directory service was configured.
Action
1.
2.
3.
4.
5.
Verify that the name of the directory service is unique and entered correctly. Duplicate names
are not accepted.
Verify that the Directory type is correct.
Ensure that the Base DN fields and, for OpenLDAP, the User naming attribute field, and
Organizational unit fields are correct.
Verify that the credentials of the authentication directory service administrator are correct.
Verify that the group is configured in the directory service.
31.23.9 Cannot add directory group
Symptom
The directory group could not be added as a group on the appliance.
Solution 1
Cause
The specified authentication directory and group specified already exist. Groups must be unique.
Action
1.
2.
Log in as Infrastructure administrator.
Reassign the current group to another role, or otherwise make the group unique.
Solution 2
Cause
An external problem disconnected the directory server host.
Action
1.
2.
3.
Log in as the Infrastructure administrator.
Verify that the settings for the directory service host are accurate.
Verify that the correct port is used for the directory service.
398 Troubleshooting
4.
Verify that the port (default port 636) you are using for communication is not blocked by any
firewalls.
See “Ports required for HPE OneView” (page 74).
5.
6.
Locally run the ping command on the directory service host IP address or host name to
determine if it is online.
Verify that the appliance network is operating correctly.
Solution 3
Cause
Authentication problems prevented the appliance from logging in to the directory service.
Action
1.
2.
3.
4.
Log in as the Infrastructure administrator.
Verify that the login name and password are accurate.
Reacquire and install the directory service host certificate.
Contact the directory service provider to ensure that the credentials are accurate.
31.23.10 Cannot find directory group
Symptom
A specified group could not be found in the authentication directory service.
Solution 1
Cause
Either the group is not configured in the authentication directory service or the search parameters
contained an error.
Action
1.
2.
3.
4.
5.
6.
Log in as the Infrastructure administrator
Verify the credentials for the authentication directory service.
Verify that the directory service is operational.
Verify the name of the group.
Contact the directory service administrator to verify that the group account is configured in
the directory service.
Try to find the group again.
For more information, see “About directory service authentication” (page 242).
Solution 2
Cause
The directory type was incorrectly specified. For example, an Active Directory service might have
be specified as OpenLDAP.
Action
1.
2.
Log in as the Infrastructure administrator
Verify that the settings for the directory service are accurate.
31.23 Troubleshooting user accounts 399
Solution 3
Cause
The specified search of the authentication directory service does not contain any groups.
Action
1.
2.
3.
4.
Log in as the Infrastructure administrator
Verify the directory server configuration.
For OpenLDAP, ensure that the directory server user has read privileges (rscdx) so that
HPE OneView can read the search results.
For OpenLDAP, add all search contexts to retrieve the wanted group or groups. Use the
Add button to generate additional multiple organizational units, with which to specify the
UID or CN.
Solution 4
Cause
An error occurred while accessing directory groups. Directory service servers could not be
reached.
Action
1.
2.
3.
4.
Log in as the Infrastructure administrator
Verify the directory server configuration.
Verify the connection to the directory server host.
For OpenLDAP, add all search contexts to retrieve the wanted group or groups. Use the
Add button to generate additional multiple organizational units, with which to specify the
UID or CN.
Solution 5
Cause
An external problem prevented the appliance from reaching the server configured for the directory
service.
Action
1.
2.
3.
Log in as the Infrastructure administrator
Verify the connection to the directory server host. See “Cannot add server for a directory
service ” (page 397).
Verify the directory server configuration.
400 Troubleshooting
32 Documentation and troubleshooting resources for HPE
Synergy
32.1 HPE Synergy documentation
The Hewlett Packard Enterprise Information Library (http://www.hpe.com/info/synergy-docs)
is a task-based repository that includes installation instructions, user guides, maintenance and
service guides, best practices, and links to additional resources. Use this website to obtain the
latest documentation, including:
•
Learning about HPE Synergy technology
•
Installing and cabling HPE Synergy
•
Updating the HPE Synergy components
•
Using and managing HPE Synergy
•
Troubleshooting HPE Synergy
32.2 HPE Synergy Configuration and Compatibility Guide
The HPE Synergy Configuration and Compatibility Guide, in the Hewlett Packard Enterprise
Information Library (http://www.hpe.com/info/synergy-docs), provides an overview of HPE
Synergy management and fabric architecture, detailed hardware component identification and
configuration, and cabling examples.
32.3 HPE OneView User Guide for HPE Synergy
The HPE OneView User Guide for HPE Synergy, in the Hewlett Packard Enterprise Information
Library (http://www.hpe.com/info/synergy-docs), describes resource features, planning tasks,
configuration quick start tasks, navigational tools for the graphical user interface, and more
support and reference information for HPE OneView.
32.4 HPE OneView Global Dashboard
The HPE OneView Global Dashboard provides a unified view of health, alerting, and key resources
managed by HPE OneView across multiple platforms and data center sites. The HPE OneView
Global Dashboard User Guide in the Hewlett Packard Enterprise Information Library (http://
www.hpe.com/info/synergy-docs) provides instructions for installing, configuring, navigating,
and troubleshooting the HPE OneView Global Dashboard.
32.5 HPE Synergy Software Overview Guide
The HPE Synergy Software Overview Guide, in the Hewlett Packard Enterprise Information
Library (http://www.hpe.com/info/synergy-docs), provides detailed references and overviews
of the various software and configuration utilities to support HPE Synergy. The guide is task-based
and covers the documentation and resources for all supported software and configuration utilities
available for HPE Synergy setup and configuration, OS deployment, firmware updates,
troubleshooting, and remote support.
32.6 Best Practices for HPE Synergy Firmware and Driver Updates
The Best Practices for HPE Synergy Firmware and Driver Updates, in the Hewlett Packard
Enterprise Information Library (http://www.hpe.com/info/synergy-docs), provides information
on recommended best practices to update firmware and drivers through HPE Synergy Composer,
which is powered by HPE OneView.
32.1 HPE Synergy documentation 401
32.7 HPE OneView Support Matrix for HPE Synergy
The HPE OneView Support Matrix for HPE Synergy, in the Hewlett Packard Enterprise Information
Library (http://www.hpe.com/info/synergy-docs), maintains the latest software and firmware
requirements, supported hardware, and configuration maximums for HPE OneView.
32.8 HPE Synergy Image Streamer Support Matrix
The HPE Synergy Image Streamer Support Matrix, in the Hewlett Packard Enterprise Information
Library (http://www.hpe.com/info/synergy-docs), maintains the latest software and firmware
requirements, supported hardware, and configuration maximums for HPE Synergy Image
Streamer.
32.9 HPE Synergy Glossary
The HPE Synergy Glossary, in the Hewlett Packard Enterprise Information Library (http://
www.hpe.com/info/synergy-docs), defines common terminology associated with HPE Synergy.
32.10 HPE Synergy troubleshooting resources
HPE Synergy troubleshooting resources are available within HPE OneView and in the Hewlett
Packard Enterprise Information Library (http://www.hpe.com/info/synergy-docs).
32.11 Troubleshooting within HPE OneView
HPE OneView graphical user interface includes alert notifications and options for troubleshooting
within HPE OneView. The UI provides multiple views of HPE Synergy components, including
colored icons to indicate resource status and potential problem resolution in messages.
You can also use the Enclosure view and Map view to quickly see the status of all discovered
HPE Synergy hardware.
32.12 HPE Synergy Troubleshooting Guide
The HPE Synergy Troubleshooting Guide, in the Hewlett Packard Enterprise Information Library
(http://www.hpe.com/info/synergy-docs), provides information for resolving common problems
and courses of action for fault isolation and identification, issue resolution, and maintenance for
both HPE Synergy hardware and software components.
32.13 HPE Error Message Guide
The HPE Error Message Guide, in the Hewlett Packard Enterprise Information Library (http://
www.hpe.com/info/synergy-docs), provides information for resolving common problems
associated with specific error messages received for both HPE Synergy hardware and software
components.
32.14 HPE OneView Help
The HPE OneView Help, the HPE OneView REST API Scripting Help, and the HPE OneView
API Reference are readily accessible, embedded online help available within the HPE OneView
user interface. These help files include “Learn more” links to common issues, as well as procedures
and examples to troubleshoot issues within HPE Synergy.
The help files are also available in the Hewlett Packard Enterprise Information Library (http://
www.hpe.com/info/synergy-docs).
402 Documentation and troubleshooting resources for HPE Synergy
32.15 HPE Synergy Quick Specs
HPE Synergy has system specifications as well as individual product and component
specifications. For complete specification information, see the Synergy and individual Synergy
product Quick Specs on the Hewlett Packard Enterprise website (http://www.hpe.com/info/qs).
32.16 HPE Synergy documentation map
http://www.hpe.com/info/synergy-docs
Planning
Managing
• HPE Synergy Site Planning Guide
• HPE OneView User Guide for HPE Synergy
• HPE Synergy Configuration and Compatibility
Guide
• HPE Synergy Image Streamer Help
• HPE OneView Support Matrix for HPE Synergy
• HPE Synergy Image Streamer Support Matrix
• HPE Synergy Setup Overview
Installing hardware
• HPE Synergy Start Here Poster (included with
frame)
• HPE Synergy Image Streamer User Guide
• HPE Synergy Image Streamer API Reference
Monitoring
• HPE OneView User Guide for HPE Synergy
• HPE OneView Global Dashboard Help
• HPE OneView Global Dashboard User Guide
• HPE Synergy 12000 Frame Setup and
Installation Guide
Maintaining
• HPE Rack Rails Installation Instructions
(included with frame)
• Best Practices for HPE Synergy Firmware and Driver
Updates Guide
• HPE Synergy 12000 Frame Rack Template
(included with frame)
• HPE OneView Help for HPE Synergy
• Hood labels
• User guides
• HPE Synergy Interactive Cabling Guide
• HPE OneView Help for HPE Synergy —
Hardware setup
• Product maintenance and service guides
• HPE OneView User Guide for HPE Synergy
Troubleshooting
• HPE OneView alert details
• HPE Synergy Troubleshooting Guide
• HPE Error Message Guide
Configuring for managing and monitoring
• HPE OneView API Reference
• HPE OneView Help for HPE Synergy
• HPE Synergy Image Streamer API Reference
• HPE OneView User Guide for HPE Synergy
• HPE OneView API Reference
• HPE OneView REST API Scripting Help
• HPE iLO 4 with AMS traps supported for alerting
in HPE OneView
• User Guides
32.15 HPE Synergy Quick Specs 403
404
33 Support and other resources
•
Accessing Hewlett Packard Enterprise Support
•
“Accessing updates” (page 405)
•
“Websites” (page 406)
•
Customer self repair
•
Documentation feedback
33.1 Accessing Hewlett Packard Enterprise Support
•
For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website:
www.hpe.com/assistance
•
To access documentation and support services, go to the Hewlett Packard Enterprise Support
Center website:
www.hpe.com/support/hpesc
Information to collect
•
Technical support registration number (if applicable)
•
Product name, model or version, and serial number
•
Operating system name and version
•
Firmware version
•
Error messages
•
Product-specific reports and logs
•
Add-on products or components
•
Third-party products or components
33.2 Accessing updates
•
Some software products provide a mechanism for accessing software updates through the
product interface. Review your product documentation to identify the recommended software
update method.
•
To download product updates, go to either of the following:
◦
Hewlett Packard Enterprise Support Center Get connected with updates page:
www.hpe.com/support/e-updates
◦
Software Depot website:
www.hpe.com/support/softwaredepot
•
To view and update your entitlements, and to link your contracts and warranties with your
profile, go to the Hewlett Packard Enterprise Support Center More Information on Access
to Support Materials page:
www.hpe.com/support/AccessToSupportMaterials
33.1 Accessing Hewlett Packard Enterprise Support 405
IMPORTANT: Access to some updates might require product entitlement when accessed
through the Hewlett Packard Enterprise Support Center. You must have an HP Passport
set up with relevant entitlements.
33.3 Websites
Website
Link
Hewlett Packard Enterprise Information Library
www.hpe.com/info/enterprise/docs
Hewlett Packard Enterprise Support Center
www.hpe.com/support/hpesc
Contact Hewlett Packard Enterprise Worldwide
www.hpe.com/assistance
HPE OneView Docs
www.hpe.com/info/oneview/docs
Subscription Service/Support Alerts
www.hpe.com/support/e-updates
Software Depot
www.hpe.com/support/softwaredepot
Customer Self Repair
www.hpe.com/support/selfrepair
Remote Support for HPE OneView FAQ document
Remote support doc
Single Point of Connectivity Knowledge (SPOCK) Storage www.hpe.com/storage/spock
compatibility matrix
HPE Virtual Connect user guides
http://www.hpe.com/info/virtualconnect
HPE Virtual Connect command line references
HPE 3PAR StoreServ Storage
http://www.hpe.com/info/storage
HPE Integrated Lights-Out
http://www.hpe.com/info/ilo
HPE BladeSystem enclosures
http://www.hpe.com/servers/bladesystem
HPE ProLiant server hardware websites
• General information: www.hpe.com/info/servers
• BL series server blades: http://www.hpe.com/info/
blades
• DL series rack mount servers: http://www.hpe.com/
servers/dl
Storage white papers and analyst reports
www.hpe.com/storage/whitepapers
33.4 Remote support
Remote support is available with supported devices as part of your warranty or contractual support
agreement. It provides intelligent event diagnosis, and automatic, secure submission of hardware
event notifications to Hewlett Packard Enterprise, which will initiate a fast and accurate resolution
based on your product's service level. Hewlett Packard Enterprise strongly recommends that
you register your device for remote support.
If your product includes additional remote support details, use search to locate that information.
Remote support and Proactive Care information
HPE Get Connected
www.hpe.com/services/getconnected
HPE Proactive Care services
www.hpe.com/services/proactivecare
406 Support and other resources
HPE Proactive Care service: Supported products list
www.hpe.com/services/proactivecaresupportedproducts
HPE Proactive Care advanced service: Supported products list
www.hpe.com/services/proactivecareadvancedsupportedproducts
Proactive Care customer information
Proactive Care central
www.hpe.com/services/proactivecarecentral
Proactive Care service activation
www.hpe.com/services/proactivecarecentralgetstarted
33.5 Customer self repair
Hewlett Packard Enterprise customer self repair (CSR) programs allow you to repair your product.
If a CSR part needs to be replaced, it will be shipped directly to you so that you can install it at
your convenience. Some parts do not qualify for CSR. Your Hewlett Packard Enterprise authorized
service provider will determine whether a repair can be accomplished by CSR.
For more information about CSR, contact your local service provider or go to the CSR website:
www.hpe.com/support/selfrepair
33.6 Documentation feedback
Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To
help us improve the documentation, send any errors, suggestions, or comments to Documentation
Feedback ([email protected]). When submitting your feedback, include the document
title, part number, edition, and publication date located on the front cover of the document. For
online help content, include the product name, product version, help edition, and publication date
located on the legal notices page.
33.5 Customer self repair 407
408
A Backup and restore script examples
A.1 Sample backup script
As an alternative to using Settings→Actions→Create backup from the appliance UI, you can
write and run a script to automatically create and download an appliance backup file.
Example 14 “Sample backup.ps1 script” provides a sample PowerShell script that uses REST
calls to create and download an appliance backup file. Cut and paste this sample script into a
file on a Windows system that runs PowerShell version 3.0, and edit the script to customize it
for your environment. See the REST API online help for more information about REST APIs.
You can schedule the backup script to run automatically in interactive or batch mode on a regular
basis (Hewlett Packard Enterprise recommends daily backups). Only a user with Backup
administrator or Infrastructure administrator privileges can run the script interactively.
•
To run the script interactively, do not include any parameters. The script prompts you to
enter the appliance host name, appliance user name and password, and the name of a file
to store these parameters for batch mode executions. Enter the name and password of a
user with the Backup administrator or Infrastructure administrator role. The user name and
password are stored encrypted.
Hewlett Packard Enterprise recommends that you run the script interactively the first time.
Then, you can schedule the script to run automatically in the background using the parameter
file created by the first run.
•
To run the script in batch mode, specify the name of the file containing the parameters on
the command line.
Hewlett Packard Enterprise recommends that you install cURL with the SSL option to improve
performance. The sample script works without cURL, but it might take several hours to download
a large backup file. To download cURL, see:
http://curl.haxx.se/download.html
NOTE: You might also need to install Microsoft Visual C++ Redistributable, the MSVCR100.dll
file, available here:
•
64 bit: http://www.microsoft.com/download/en/details.aspx?id=14632
•
32 bit: http://www.microsoft.com/download/en/details.aspx?id=5555
Make sure the path environment variable includes the path for cURL.
Sample script
The sample script makes the following calls to create and download a backup file:
1. Calls queryfor-credentials() to get the appliance host name, user name, and password
by either prompting the user or reading the values from a file.
2. Calls login-appliance() to issue a REST request to obtain a session ID used to authorize
backup REST calls.
3. Calls backup-appliance() to issue a REST request to start a backup.
4. Calls waitFor-completion() to issue REST requests to poll for backup status until the
backup completes.
5. Calls get-backupResource() to issue a REST request to get the download URI.
6. Calls download-backup() to issue a REST request to download the backup.
A.1 Sample backup script 409
Example 14 Sample backup.ps1 script
# (C) Copyright 2012-2014 Hewlett Packard Enterprise Development LP
###########################################################################################################################
# Name:
backup.ps1
# Usage:
{directory}\backup.ps1 or {directory}\backup.ps1 filepath
# Parameter: $filepath: optional, uses the file in that path as the login credentials. ie: host address, username,
#
password, and, optionally, the Active Directory domain name
# Purpose: Runs the backup function on the appliance and downloads it onto your machine's drive
#
in current user's home directory
# Notes:
To improve performance, this script uses the curl command if it is installed. The curl command
must
#
be installed with the SSL option.
#
Windows PowerShell 3.0 must be installed to run the script
###########################################################################################################################
#tells the computer that this is a trusted source that we are connecting to (brute force, could be refined)
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
$global:interactiveMode = 0
# The scriptApiVersion is the default Api version (if the appliance supports this level
# or higher). This variable may be changed if the appliance is at a lower Api level.
$global:scriptApiVersion = 3
# Using this Api version or greater requires a different interaction when creating a backup.
Set-Variable taskResourceV2ApiVersion -option Constant -value 3
try {
#this log must be added if not already on your computer
New-EventLog -LogName Application -Source backup.ps1 -ErrorAction stop
}
catch [System.Exception]
{
#this is just to keep the error "already a script" from showing up on the screen if it is already created
}
##### Querying user for login info #####
function queryfor-credentials ()
{
<#
.DESCRIPTION
Gathers information from User if in manual entry mode (script ran with zero arguments) or
runs silently and gathers info from specified path (script ran with 1 argument)
.INPUTS
None, this function does not take inputs.
.OUTPUTS
Returns an object that contains the login name, password, hostname and
ActiveDirectory domain to connect to.
.EXAMPLE
$variable = queryfor-credentials #runs function, saves json object to variable.
#>
if ($args[0] -eq $null)
{
Write-Host "Enter appliance name (https://ipaddress)"
$appliance = Read-Host
# Correct some common errors
$appliance = $appliance.Trim().ToLower()
if (!$appliance.StartsWith("https://"))
{
if ($appliance.StartsWith("http://"))
{
$appliance = $appliance.Replace("http","https")
} else {
$appliance = "https://" + $appliance
}
}
Write-Host "Enter username"
$username = Read-Host -AsSecureString | ConvertFrom-SecureString
Write-Host "Enter password"
$SecurePassword = Read-Host -AsSecureString | ConvertFrom-SecureString
Write-Host "If using Active Directory, enter the Active Directory domain"
Write-Host " (Leave this field blank if not using Active Directory.)"
$ADName = Read-Host
Write-Host "Would you like to save these credentials to a file? (username and password encrypted)"
$saveQuery = Read-Host
$loginVals = [pscustomobject]@{ userName = $username; password = $SecurePassword;
hostname = $appliance; authLoginDomain = $ADName }
$loginJson = $loginVals | convertTo-json
$global:interactiveMode = 1
410 Backup and restore script examples
if ($saveQuery[0] -eq "y") #enters into the mode to save the credentials
{
Write-Host "Enter file path and file name to save credentials (example: C:\users\bob\machine1.txt)"
$storagepath = Read-Host
try
{
$loginJson | Out-File $storagepath -NoClobber -ErrorAction stop
}
catch [System.Exception]
{
Write-Host $_.Exception.message
if ($_.Exception.getType() -eq [System.IO.IOException]) # file already exists throws an IO exception
{
do
{
Write-Host "Overwrite existing credentials for this machine?"
[string]$overwriteQuery = Read-Host
if ($overwriteQuery[0] -eq 'y')
{
$loginJson | Out-File $storagepath -ErrorAction stop
$exitquery = 1
}
elseif ($overwriteQuery[0] -eq 'n')
{
$exitquery = 1
}
else
{
Write-Host "Please respond with a y or n"
$exitquery = 0
}
} while ($exitquery -eq 0)
}
else
{
Write-Host "Improper filepath or no permission to write to given directory"
Write-EventLog -EventId 100 -LogName Application -Source backup.ps1 -Message "Improper filepath,
$storagepath " $_.Exception.message
return
}
}
$savedLoginJson = Get-Content $storagepath
Write-Host "Run backup?"
$continue = 0
do
{
$earlyExit = Read-Host
if ($earlyExit[0] -eq 'n')
{
return
}
elseif ($earlyExit[0] -ne 'y')
{
Write-Host "Please respond with a y or n"
}
else
{
$continue = 1
}
} while ($continue -eq 0)
}
else
{
return $loginJson
}
}
elseif ($args.count -ne 1)
{
Write-Host "Incorrect number of arguments, use either filepath parameter or no parameters."
return
}
else
{
foreach ($arg in $args)
{
$storagepath = $arg
}
try
{
$savedLoginJson = Get-Content $storagepath -ErrorAction stop
}
catch [System.Exception]
{
Write-Host "Login credential file not found. Please run script without arguments to access manual entry
mode."
A.1 Sample backup script
411
Write-EventLog -EventId 100 -LogName Application -Source backup.ps1 -Message "Login credential file not
found. Please run script without arguments to access manual entry mode."
return
}
}
return $savedloginJson
}
##### getApiVersion: Get X_API_Version #####
function getApiVersion ([int32] $currentApiVersion,[string]$hostname)
{
<#
.DESCRIPTION
Sends a web request to the appliance to obtain the current Api version.
Returns the lower of: Api version supported by the script and Api version
supported by the appliance.
.PARAMETER currentApiVersion
Api version that the script is currently using
.PARAMETER hostname
The appliance address to send the request to (in https://{ipaddress} format)
.INPUTS
None, does not accept piping
.OUTPUTS
Outputs the new active Api version
.EXAMPLE
$global:scriptApiVersion = getApiVersion()
#>
# the particular Uri on the Appliance to reqest the Api Version
$versionUri = "/rest/version"
# append the Uri to the end of the IP address to obtain a full Uri
$fullVersionUri = $hostname + $versionUri
# use setup-request to issue the REST request api version and get the response
try
{
$applianceVersionJson = setup-request -Uri $fullVersionUri -method "GET" -accept "application/json"
-contentType "application/json"
if ($applianceVersionJson -ne $null)
{
$applianceVersion = $applianceVersionJson | convertFrom-Json
$currentApplianceVersion = $applianceVersion.currentVersion
if ($currentApplianceVersion -lt $currentApiVersion)
{
return $currentApplianceVersion
}
return $currentApiVersion
}
}
catch [System.Exception]
{
if ($global:interactiveMode -eq 1)
{
Write-Host $error[0].Exception.Message
}
else
{
Write-EventLog -EventId 100 -LogName Application -Source backup.ps1 -Message $error[0].Exception.Message
}
}
}
##### Sending login info #####
function login-appliance ([string]$username,[string]$password,[string]$hostname,[string]$ADName)
{
<#
.DESCRIPTION
Attempts to send a web request to the appliance and obtain an authorized sessionID.
.PARAMETER username
The username to log into the remote appliance
.PARAMETER password
The correct password associated with username
.PARAMETER hostname
The appliance address to send the request to (in https://{ipaddress} format)
.PARAMETER ADName
The Active Directory name (optional)
.INPUTS
None, does not accept piping
.OUTPUTS
412 Backup and restore script examples
Outputs the response body containing the needed session ID.
.EXAMPLE
$authtoken = login-appliance $username $password $hostname $ADName
#>
# the particular Uri on the Appliance to reqest an "auth token"
$loginUri = "/rest/login-sessions"
# append the Uri to the end of the IP address to obtain a full Uri
$fullLoginUri = $hostname + $loginUri
# create the request body as a hash table, then convert it to json format
if ($ADName)
{
$body = @{ userName = $username; password = $password; authLoginDomain = $ADName } | convertTo-json
}
else # null or empty
{
$body = @{ userName = $username; password = $password } | convertTo-json
}
# use setup-request to issue the REST request to login and get the response
try
{
$loginResponse = setup-request -Uri $fullLoginUri -method "POST" -accept "application/json" -contentType
"application/json" -Body $body
if ($loginResponse -ne $null)
{
$loginResponse | convertFrom-Json
}
}
catch [System.Exception]
{
if ($global:interactiveMode -eq 1)
{
Write-Host $error[0].Exception.Message
}
else
{
Write-EventLog -EventId 100 -LogName Application -Source backup.ps1 -Message $error[0].Exception.Message
}
}
}
##### Executing backup ######
function backup-Appliance ([string]$authValue,[string]$hostname)
{
<#
.DESCRIPTION
Gives the appliance the command to start creating a backup
.PARAMETER authValue
The authorized sessionID given by login-appliance
.PARAMETER hostname
The location of the appliance to connect to (in https://{ipaddress} format)
.INPUTS
None, does not accept piping
.OUTPUTS
The task Resource returned by the appliance, converted to a hashtable object
.EXAMPLE
$taskResource = backup-Appliance $sessionID $hostname
#>
# append the REST Uri for backup to the IP address of the Appliance
$bkupUri = "/rest/backups/"
$fullBackupUri = $hostname + $bkupUri
# create a new webrequest and add the proper headers (new header, auth, is needed for authorization
# in all functions from this point on)
try
{
if ($global:scriptApiVersion -lt $taskResourceV2ApiVersion)
{
$taskResourceJson = setup-request -Uri $fullBackupUri -method "POST" -accept "application/json" -contentType
"application/json" -authValue $authValue
}
else
{
$taskUri = setup-request -Uri $fullBackupUri -method "POST" -accept "application/json" -contentType
"application/json" -authValue $authValue -returnLocation $true
if ($taskUri -ne $null)
{
$taskResourceJson = setup-request -Uri $taskUri -method "GET" -accept "application/json" -contentType
"application/json" -authValue $authValue
}
}
if ($taskResourceJson -ne $null)
{
A.1 Sample backup script 413
return $taskResourceJson | ConvertFrom-Json
}
}
catch [System.Exception]
{
if ($global:interactiveMode -eq 1)
{
Write-Host $error[0].Exception.Message
}
else
{
Write-EventLog -EventId 100 -LogName Application -Source backup.ps1 -Message $error[0].Exception.Message
}
}
}
##### Polling to see if backup is finished ######
function waitFor-completion ([object]$taskResource,[string]$authValue,[string]$hostname)
{
<#
.DESCRIPTION
Checks the status of the backup every twenty seconds, stops when status changes from running to a
different status
.PARAMETER taskResource
The response object from the backup-appliance method
.PARAMETER authValue
The authorized session ID
.PARAMETER hostname
The appliance to connect to (in https://{ipaddress} format)
.INPUTS
None, does not accept piping
.OUTPUTS
The new task resource object, which contains the Uri to get the backup resource in the next function
.EXAMPLE
$taskResource = waitFor-Completion $taskResource $sessionID $hostname
#>
# extracts the Uri of the task Resource from itself, to poll repeatedly
$taskResourceUri = $taskResource.uri
if ($taskResourceUri -eq $null)
{
# Caller will provide the error message
return
}
# appends the Uri to the hostname to create a fully-qualified Uri
$fullTaskUri = $hostname + $taskResourceUri
# retries if unable to get backup progress information
$errorCount = 0
$errorMessage = ""
if ($global:interactiveMode -eq 1)
{
Write-Host "Backup initiated."
Write-Host "Checking for backup completion, this may take a while."
}
# a while loop to determine when the backup process is finished
do
{
try
{
# creates a new webrequest with appropriate headers
$taskResourceJson = setup-request -Uri $fullTaskUri -method "GET" -accept "application/json" -authValue
$authValue -isSilent $true
# converts the response from the Appliance into a hash table
$taskResource = $taskResourceJson | convertFrom-Json
# checks the status of the task manager
$status = $taskResource.taskState
}
catch
{
$errorMessage = $error[0].Exception.Message
$errorCount = $errorCount + 1
$status = "RequestFailed"
Start-Sleep -s 15
continue
}
# Update progress bar
if ($global:interactiveMode -eq 1)
{
$trimmedPercent = ($taskResource.completedSteps) / 5
414 Backup and restore script examples
$progressBar = "[" + "=" * $trimmedPercent + " " * (20 - $trimmedPercent) + "]"
Write-Host "`r Backup progress: $progressBar " $taskResource.completedSteps "%" -NoNewline
}
# Reset the error count since progress information was successfully retrieved
$errorCount = 0
# If the backup is still running, wait a bit, and then check again
if ($status -eq "Running")
{
Start-Sleep -s 20
}
} while (($status -eq "Running" -or $status -eq "RequestFailed") -and $errorCount -lt 20);
# if the backup reported an abnormal state, report the state and exit function
if ($status -ne "Completed")
{
if ($global:interactiveMode -eq 1)
{
Write-Host "`n"
Write-Host "Backup stopped abnormally"
Write-Host $errorMessage
}
else
{
#log error message
Write-EventLog -EventId 100 -LogName Application -Source backup.ps1 -Message "Backup stopped abnormally"
Write-EventLog -EventId 100 -LogName Application -Source backup.ps1 -Message $errorMessage
}
return $null
}
# upon successful completion of task, outputs a hash table which contains task resource
else
{
Write-Host "`n"
$taskResource
return
}
}
##### Gets the backup resource #####
function get-backupResource ([object]$taskResource,[string]$authValue,[string]$hostname)
{
<#
.DESCRIPTION
Gets the Uri for the backup resource from the task resource and gets the backup resource
.PARAMETER taskResource
The task resource object that we use to get the Uri for the backup resource
.PARAMETER authValue
The authorized sessionID
.PARAMETER hostname
the appliance to connect to (in https://{ipaddress} format)
.INPUTS
None, does not accept piping
.OUTPUTS
The backup resource object
.EXAMPLE
$backupResource = get-BackupResource $taskResource $sessionID $applianceName
#>
# the backup Resource Uri is extracted from the task resource
if ($global:scriptApiVersion -lt $taskResourceV2ApiVersion)
{
$backupUri = $taskResource.associatedResourceUri
}
else
{
$backupUri = $taskResource.associatedResource.resourceUri
}
if ($backupUri -eq $null)
{
# Caller will provide the error message
return
}
# construct the full backup Resource Uri from the hostname and the backup resource uri
$fullBackupUri = $hostname + $backupUri
# get the backup resource that contains the Uri for downloading
try
{
# creates a new webrequest with appropriate headers
$backupResourceJson = setup-request -Uri $fullBackupUri -method "GET" -accept "application/json" -auth
$authValue
if ($backupResourceJson -ne $null)
A.1 Sample backup script 415
{
$resource = $backupResourceJson | convertFrom-Json
if ($global:interactiveMode -eq 1)
{
Write-Host "Obtained backup resource. Now downloading.
}
$resource
return
This may take a while ..."
}
}
catch [System.Exception]
{
if ($global:interactiveMode -eq 1)
{
Write-Host $error[0].Exception.Message
}
else
{
Write-EventLog -EventId 100 -LogName Application -Source backup.ps1 -Message $error[0].Exception.Message
}
}
}
##### Function to download the backup file #####
function download-Backup ([PSCustomObject]$backupResource,[string]$authValue,[string]$hostname)
{
<#
.DESCRIPTION
Downloads the backup file from the appliance to the local system. Tries to use the
curl command. The curl command has significantly better performance especially for
large backups. If curl isn't installed, invokes download-Backup-without-curl to
download the backup.
.PARAMETER backupResource
Backup resource containing Uri for downloading
.PARAMETER authValue
The authorized sessionID
.PARAMETER hostname
The IP address of the appliance
.INPUTS
None, does not accept piping
.OUTPUTS
The absolute path of the download file
.EXAMPLE
download-backup $backupResource $sessionID https://11.111.11.111
#>
$downloadUri = $hostname + $backupResource.downloadUri
$fileDir = [environment]::GetFolderPath("Personal")
$filePath = $fileDir + "\" + $backupResource.id + ".bkp"
$curlDownloadCommand = "curl -o " + $filePath + " -s -f -L -k -X GET " +
"-H 'accept: application/octet-stream' " +
"-H 'auth: " + $authValue + "' " +
"-H 'X-API-Version: $global:scriptApiVersion' " +
$downloadUri
$curlGetDownloadErrorCommand = "curl -s -k -X GET " +
"-H 'accept: application/json' " +
"-H 'auth: " + $authValue + "' " +
"-H 'X-API-Version: $global:scriptApiVersion' " +
$downloadUri
try
{
$testCurlSslOption = curl -V
if ($testCurlSslOption -match "SSL")
{
invoke-expression $curlDownloadCommand
}
else
{
if ($global:interactiveMode -eq 1)
{
Write-Host "Version of curl must support SSL to get improved download performance."
}
else
{
Write-EventLog -EventId 100 -LogName Application -Source backup.ps1 -Message "Version of curl must
support SSL to get improved download performance"
}
return download-Backup-without-curl $backupResource $authValue $hostname
}
if ($LASTEXITCODE -ne 0)
{
$errorResponse = invoke-expression $curlGetDownloadErrorCommand
if ($global:interactiveMode -eq 1)
416 Backup and restore script examples
{
Write-Host "Download using curl error: $errorResponse"
}
else
{
Write-EventLog -EventId 100 -LogName Application -Source backup.ps1 -Message "Download error:
$errorResponse"
}
if (Test-Path $filePath)
{
Remove-Item $filePath
}
return
}
if ($global:interactiveMode -eq 1)
{
Write-Host "Backup download complete!"
}
}
catch [System.Management.Automation.CommandNotFoundException]
{
return download-Backup-without-curl $backupResource $authValue $hostname
}
catch [System.Exception]
{
Write-Host "Not able to download backup"
Write-Host $error[0].Exception
return
}
return $filePath
}
##### Function to download the Backup file without using the curl command #####
function download-Backup-without-curl ([PSCustomObject]$backupResource,[string]$authValue,[string]$hostname)
{
<#
.DESCRIPTION
Downloads the backup file from the appliance to the local system (without using curl)
.PARAMETER backupResource
Backup resource containing Uri for downloading
.PARAMETER authValue
The authorized sessionID
.PARAMETER hostname
The IP address of the appliance
.INPUTS
None, does not accept piping
.OUTPUTS
The absolute path of the download file
.EXAMPLE
download-backup-without-curl $backupResource $sessionID https://11.111.11.111
#>
# appends Uri ( obtained from previous function) to IP address
$downloadUri = $hostname + $backupResource.downloadUri
$downloadTimeout = 43200000 # 12 hours
$bufferSize = 65536 # bytes
# creates a new webrequest with appropriate headers
[net.httpsWebRequest]$downloadRequest = [net.webRequest]::create($downloadUri)
$downloadRequest.method = "GET"
$downloadRequest.AllowAutoRedirect = $TRUE
$downloadRequest.Timeout = $downloadTimeout
$downloadRequest.ReadWriteTimeout = $downloadTimeout
$downloadRequest.Headers.Add("auth", $authValue)
$downloadRequest.Headers.Add("X-API-Version", $global:scriptApiVersion)
# accept either octet-stream or json to allow the response body to contain either the backup or an exception
$downloadRequest.accept = "application/octet-stream;q=0.8,application/json"
# creates a variable that stores the path to the file location. Note: users may change this to other file
paths.
$fileDir = [environment]::GetFolderPath("Personal")
try
{
# connects to the Appliance, creates a new file with the content of the response
[net.httpsWebResponse]$response = $downloadRequest.getResponse()
$responseStream = $response.getResponseStream()
$responseStream.ReadTimeout = $downloadTimeout
#saves file as the name given by the backup ID
$filePath = $fileDir + "\" + $backupResource.id + ".bkp"
$sr = New-Object System.IO.FileStream ($filePath,[System.IO.FileMode]::create)
$responseStream.CopyTo($sr,$bufferSize)
A.1 Sample backup script 417
$response.close()
$sr.close()
if ($global:interactiveMode -eq 1)
{
Write-Host "Backup download complete!"
}
}
catch [Net.WebException]
{
$errorMessage = $error[0].Exception.message
#Try to get more information about the error
try {
$errorResponse = $error[0].Exception.InnerException.Response.getResponseStream()
$sr = New-Object IO.StreamReader ($errorResponse)
$rawErrorStream = $sr.readtoend()
$error[0].Exception.InnerException.Response.close()
$errorObject = $rawErrorStream | convertFrom-Json
if (($errorObject.message.length -gt 0) -and
($errorObject.recommendedActions.length -gt 0))
{
$errorMessage = $errorObject.message + " " + $errorObject.recommendedActions
}
}
catch [System.Exception]
{
#Use exception message
}
if ($global:interactiveMode -eq 1)
{
Write-Host $errorMessage
}
else
{
Write-EventLog -EventId 100 -LogName Application -Source backup.ps1 -Message $errorMessage
}
return
}
return $filePath
}
function setup-request ([string]$uri,[string]$method,[string]$accept,[string]$contentType = "",[string]$authValue
= "",[object]$body = $null,[bool]$isSilent=$false, [bool]$returnLocation=$false)
{
try
{
[net.httpsWebRequest]$request = [net.webRequest]::create($uri)
$request.method = $method
$request.accept = $accept
$request.Headers.Add("Accept-Language: en-US")
if ($contentType -ne "")
{
$request.ContentType = $contentType
}
if ($authValue -ne "")
{
$request.Headers.Item("auth") = $authValue
}
$request.Headers.Item("X-API-Version") = $global:scriptApiVersion
if ($body -ne $null)
{
$requestBodyStream = New-Object IO.StreamWriter $request.getRequestStream()
$requestBodyStream.WriteLine($body)
$requestBodyStream.flush()
$requestBodyStream.close()
}
# attempt to connect to the Appliance and get a response
[net.httpsWebResponse]$response = $request.getResponse()
if ($returnLocation)
{
$taskUri = $response.getResponseHeader("Location")
$response.close()
return $taskUri
}
else
{
# response stored in a stream
$responseStream = $response.getResponseStream()
$sr = New-Object IO.StreamReader ($responseStream)
#the stream, which contains a json object, is read into the storage variable
$rawResponseContent = $sr.readtoend()
$response.close()
return $rawResponseContent
}
}
catch [Net.WebException]
418 Backup and restore script examples
{
$errorMessage = $error[0].Exception.message
#Try to get more information about the error
try {
$errorResponse = $error[0].Exception.InnerException.Response.getResponseStream()
$sr = New-Object IO.StreamReader ($errorResponse)
$rawErrorStream = $sr.readtoend()
$error[0].Exception.InnerException.Response.close()
$errorObject = $rawErrorStream | convertFrom-Json
if (($errorObject.message.length -gt 0) -and
($errorObject.recommendedActions.length -gt 0))
{
$errorMessage = $errorObject.message + " " + $errorObject.recommendedActions
}
}
catch [System.Exception]
{
#Use exception message
}
if ($isSilent) {
throw $errorMessage
}
elseif ($global:interactiveMode -eq 1)
{
Write-Host $errorMessage
}
else
{
Write-EventLog -EventId 100 -LogName Application -Source backup.ps1 -Message $errorMessage
}
#No need to rethrow since already recorded error
return
}
}
##### Start of function calls #####
#gets the credentials from user, either manual entry or from file
$savedLoginJson = queryfor-credentials $args[0]
if ($savedLoginJson -eq $null)
{
#if an error occurs, it has already been logged in the queryfor-credentials function
return
}
#extracts needed information from the credential json
try
{
$savedLoginJson = "[" + $savedLoginJson + "]"
$savedloginVals = $savedLoginJson | convertFrom-Json
$SecStrLoginname = $savedloginVals.userName | ConvertTo-SecureString -ErrorAction stop
$loginname =
[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecStrLoginName))
$hostname = $savedloginVals.hostname
$SecStrPassword = $savedloginVals.password | ConvertTo-SecureString -ErrorAction stop
$password =
[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecStrpassword))
$adname = $savedloginVals.authLoginDomain
}
catch [System.Exception]
{
if ($global:interactiveMode -eq 1)
{
Write-Host "Failed to get credentials: " + $error[0].Exception.Message
}
else
{
Write-EventLog -EventId 100 -LogName Application -Source backup.ps1 -Message "Failed to get credentials: "
+ $error[0].Exception.Message
}
}
#determines the active Api version
$global:scriptApiVersion = getApiVersion $global:scriptApiVersion $hostname
if ($global:scriptApiVersion -eq $null)
{
if ($global:interactiveMode -eq 1)
{
Write-Host "Could not determine appliance Api version"
}
Write-EventLog -EventId 100 -LogName Application -Source backup.ps1 -Message "Could not determine appliance
Api version"
return
}
A.1 Sample backup script 419
#sends the login request to the machine, gets an authorized session ID if successful
$authValue = login-appliance $loginname $password $hostname $adname
if ($authValue -eq $null)
{
if ($global:interactiveMode -eq 1)
{
Write-Host "Failed to receive login session ID."
}
Write-EventLog -EventId 100 -LogName Application -Source backup.ps1 -Message "Failed to receive login session
ID."
return
}
#sends the request to start the backup process, returns the taskResource object
$taskResource = backup-Appliance $authValue.sessionID $hostname
if ($taskResource -eq $null)
{
if ($global:interactiveMode -eq 1)
{
Write-Host "Could not initialize backup"
}
Write-EventLog -EventId 100 -LogName Application -Source backup.ps1 -Message "Could not initialize backup"
return
}
#loops to keep checking how far the backup has gone
$taskResource = waitFor-completion $taskResource $authValue.sessionID $hostname
if ($taskResource -eq $null)
{
if ($global:interactiveMode -eq 1)
{
Write-Host "Could not fetch backup status"
}
Write-EventLog -EventId 100 -LogName Application -Source backup.ps1 -Message "Could not fetch backup status"
return
}
#gets the backup resource
$backupResource = get-backupResource $taskResource $authValue.sessionID $hostname
if ($backupResource -eq $null)
{
if ($global:interactiveMode -eq 1)
{
Write-Host "Could not get the Backup Resource"
}
Write-EventLog -EventId 100 -LogName Application -Source backup.ps1 -Message "Could not get the Backup Resource"
return
}
#downloads the backup file to the local drive
$filePath = download-Backup $backupResource $authValue.sessionID $hostname
if ($filePath -eq $null)
{
if ($global:interactiveMode -eq 1)
{
Write-Host "Could not download the backup"
}
Write-EventLog -EventId 100 -LogName Application -Source backup.ps1 -Message "Could not download the backup"
return
}
if ($global:interactiveMode -eq 1)
{
Write-Host "Backup can be found at $filePath"
Write-Host "If you wish to automate this script in the future and re-use login settings currently entered,"
Write-Host "then provide the file path to the saved credentials file when running the script."
Write-Host "ie: " $MyInvocation.MyCommand.Definition " filepath"
}
else
{
Write-Host "Backup completed successfully."
Write-Host "The backup can be found at $filePath."
}
Write-EventLog -EventId 0 -LogName Application -Source backup.ps1 -Message "script completed successfully"
A.2 Sample restore script
As an alternative to using Settings→Actions→Restore from backup from the appliance UI,
you can write and run a script to automatically restore the appliance from a backup file.
NOTE:
Only a user with Infrastructure administrator privileges can restore an appliance.
420 Backup and restore script examples
Example 15 “Sample restore.ps1 script” provides a sample script that restores the appliance
from a backup file or obtains progress about an ongoing restore process.
Sample script
If you do not pass parameters to the script, the script uploads and restores a backup file.
1. Calls query-user() to get the appliance host name, user name and password, and backup
file path.
2. Calls login-appliance() to issue a REST request to get a session ID used to authorize
restore REST calls.
3. Calls uploadTo-appliance() to upload the backup to the appliance.
4. Calls start-restore() to start the restore.
5. Calls restore-status() to periodically check the restore status until the restore completes.
If you pass the -status option to the script, the script verifies and reports the status of the last
or an ongoing restore until the restore process is complete:
1. Calls recover-restoreID() to get the URI to verify the status of the last or an ongoing
restore.
2. Calls restore-status() to periodically verify the restore status until the restore completes.
A.2 Sample restore script 421
Example 15 Sample restore.ps1 script
#(C) Copyright 2012-2014 Hewlett Packard Enterprise Development LP
###########################################################################################################################
# Name:
restore.ps1
# Usage:
{directory}\restore.ps1 or {directory}\restore.ps1 -status https://{ipaddress}
# Purpose: Uploads a backup file to the appliance and then restores the appliance using the backup data
# Notes:
To improve performance, this script uses the curl command if it is installed. The curl command
#
must be installed with the SSL option.
#
Windows PowerShell 3.0 must be installed to run the script
###########################################################################################################################
# tells the computer that this is a trusted source we are connecting to (brute force, could be refined)
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
# The scriptApiVersion is the default Api version (if the appliance supports this level
# or higher). This variable may be changed if the appliance is at a lower Api level.
$global:scriptApiVersion = 3
##### Obtain information from user #####
function query-user ()
{
<#
.DESCRIPTION
Obtains information needed to run the script by prompting the user for input.
.INPUTS
None, does not accept piping
.OUTPUTS
Outputs an object containing the obtained information.
.EXAMPLE
$userVals = query-user
#>
Write-Host "Restoring from backup is a destructive process, continue anyway?"
$continue = 0
do
{
$earlyExit = Read-Host
if ($earlyExit[0] -eq 'n')
{
return
}
elseif ($earlyExit[0] -ne 'y')
{
Write-Host "Please respond with a y or n"
}
else
{
$continue = 1
}
} while ($continue -eq 0)
do
{
Write-Host "Enter directory backup is located in (ie: C:\users\joe\)"
$backupDirectory = Read-Host
# Add trailing slash if needed
if (!$backupDirectory.EndsWith("\"))
{
$backupDirectory = $backupDirectory + "\"
}
Write-Host "Enter name of backup (ie: appliance_vm1_backup_2012-07-07_555555.bkp)"
$backupFile = Read-Host
# Check if file exists
$fullFilePath = $backupDirectory + $backupFile
if (! (Test-Path $fullFilePath))
{
Write-Host "Sorry the backup file $fullFilePath doesn't exist."
}
} while (! (Test-Path $fullFilePath))
Write-Host "Enter appliance IP address (ie: https://10.10.10.10)"
$hostname = Read-Host
# Correct some common errors
$hostname = $hostname.Trim().ToLower()
if (!$hostname.StartsWith("https://"))
{
if ($hostname.StartsWith("http://"))
{
$hostname = $hostname.Replace("http","https")
} else {
$hostname = "https://" + $hostname
}
}
422 Backup and restore script examples
Write-Host "Enter username"
$secUsername = Read-Host -AsSecureString
$username =
[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($secUsername))
Write-Host "Enter password"
$secPassword = Read-Host -AsSecureString
$password =
[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($secPassword))
$absolutePath = $backupDirectory + $backupFile
Write-Host "If using Active Directory, enter the Active Directory domain"
Write-Host " (Leave this field blank if not using Active Directory.)"
$ADName = Read-Host
$loginVals = @{ hostname = $hostname; userName = $username; password = $password; backupPath = $absolutePath;
backupFile = $backupFile; authLoginDomain = $ADName; }
return $loginVals
}
##### getApiVersion: Get X_API_Version #####
function getApiVersion ([int32] $currentApiVersion,[string]$hostname)
{
<#
.DESCRIPTION
Sends a web request to the appliance to obtain the current Api version.
Returns the lower of: Api version supported by the script and Api version
supported by the appliance.
.PARAMETER currentApiVersion
Api version that the script is currently using
.PARAMETER hostname
The appliance address to send the request to (in https://{ipaddress} format)
.INPUTS
None, does not accept piping
.OUTPUTS
Outputs the new active Api version
.EXAMPLE
$global:scriptApiVersion = getApiVersion()
#>
# the particular Uri on the Appliance to reqest the Api Version
$versionUri = "/rest/version"
# append the Uri to the end of the IP address to obtain a full Uri
$fullVersionUri = $hostname + $versionUri
# use setup-request to issue the REST request api version and get the response
try
{
$applianceVersionJson = setup-request -Uri $fullVersionUri -method "GET" -accept "application/json"
-contentType "application/json"
if ($applianceVersionJson -ne $null)
{
$applianceVersion = $applianceVersionJson | convertFrom-Json
$currentApplianceVersion = $applianceVersion.currentVersion
if ($currentApplianceVersion -lt $currentApiVersion)
{
return $currentApplianceVersion
}
return $currentApiVersion
}
}
catch [System.Exception]
{
if ($global:interactiveMode -eq 1)
{
Write-Host $error[0].Exception.Message
}
else
{
Write-EventLog -EventId 100 -LogName Application -Source backup.ps1 -Message $error[0].Exception.Message
}
}
}
##### Send the login request to the appliance #####
function login-appliance ([string]$username,[string]$password,[string]$hostname,[string]$ADName)
{
<#
.DESCRIPTION
Attempts to send a web request to the appliance and obtain an authorized sessionID.
A.2 Sample restore script 423
.PARAMETER username
The username to log into the remote appliance
.PARAMETER password
The correct password associated with username
.PARAMETER hostname
The appliance address to send the request to (in https://{ipaddress} format)
.PARAMETER ADName
The Active Directory name (optional)
.INPUTS
None, does not accept piping
.OUTPUTS
Outputs the response body containing the needed session ID.
.EXAMPLE
$authtoken = login-appliance $username $password $hostname $ADName
#>
# the particular URI on the Appliance to reqest an "auth token"
$loginURI = "/rest/login-sessions"
# append the URI to the end of the IP address to obtain a full URI
$fullLoginURI = $hostname + $loginURI
# create the request body as a hash table, then convert it to json format
if ($ADName)
{
$body = @{ userName = $username; password = $password; authLoginDomain = $ADName } | convertTo-json
}
else # null or empty
{
$body = @{ userName = $username; password = $password } | convertTo-json
}
try
{
# create a new webrequest object and give it the header values that will be accepted by the Appliance, get
response
$loginRequest = setup-request -Uri $fullLoginURI -method "POST" -accept "application/json" -contentType
"application/json" -Body $body
Write-Host "Login completed successfully."
}
catch [System.Exception]
{
Write-Host $_.Exception.message
Write-Host $error[0].Exception
return
}
#the output for the function, a hash table which contains a single value, "sessionID"
$loginRequest | convertFrom-Json
return
}
##### Upload the backup file to the appliance #####
function uploadTo-appliance ([string]$filepath,[string]$authinfo,[string]$hostname,[string]$backupFile)
{
<#
.DESCRIPTION
Attempts to upload a backup file to the appliance. Tries to use the curl command.
The curl command has significantly better performance especially for large backups.
If curl isn't installed, invokes uploadTo_appliance-without-curl to upload the file.
.PARAMETER filepath
The absolute filepath to the backup file.
.PARAMETER authinfo
The authorized session ID returned by the login request
.PARAMETER hostname
The appliance to connect to
.PARAMETER backupFile
The name of the file to upload. Only used to tell the server what file is contained in the post
request.
.INPUTS
None, does not accept piping
.OUTPUTS
The response body to the upload post request.
.EXAMPLE
$uploadResponse = uploadTo-appliance $filePath $sessionID $hostname $fileName
#>
$uploadUri = "/rest/backups/archive"
$fullUploadUri = $hostname + $uploadUri
$curlUploadCommand = "curl -s -k -X POST " +
424 Backup and restore script examples
"-H 'content-type: multipart/form-data' " +
"-H 'accept: application/json' " +
"-H 'auth: " + $authinfo + "' " +
"-H 'X-API-Version: $global:scriptApiVersion' " +
"-F file=@" + $filepath + " " +
$fullUploadUri
Write-Host "Uploading backup file to appliance, this may take a few minutes..."
try
{
$testCurlSslOption = curl -V
if ($testCurlSslOption -match "SSL")
{
$rawUploadResponse = invoke-expression $curlUploadCommand
if ($rawUploadResponse -eq $null)
{
return
}
$uploadResponse = $rawUploadResponse | convertFrom-Json
if ($uploadResponse.status -eq "SUCCEEDED")
{
Write-Host "Upload complete."
return $uploadResponse
}
else
{
Write-Host $uploadResponse
return
}
}
else
{
Write-Host "Version of curl must support SSL to get improved upload performance."
return uploadTo-appliance-without-curl $filepath $authinfo $hostname $backupFile
}
}
catch [System.Management.Automation.CommandNotFoundException]
{
return uploadTo-appliance-without-curl $filepath $authinfo $hostname $backupFile
}
catch [System.Exception]
{
Write-Host "Not able to upload backup"
Write-Host $error[0].Exception
return
}
}
##### Upload the backup file to the appliance without using the curl command #####
function uploadTo-appliance-without-curl
([string]$filepath,[string]$authinfo,[string]$hostname,[string]$backupFile)
{
<#
.DESCRIPTION
Attempts to upload a backup to the appliance without using curl.
.PARAMETER filepath
The absolute filepath to the backup file.
.PARAMETER authinfo
The authorized session ID returned by the login request
.PARAMETER hostname
The appliance to connect to
.PARAMETER backupFile
The name of the file to upload. Only used to tell the server what file is contained in the post
request.
.INPUTS
None, does not accept piping
.OUTPUTS
The response body to the upload post request.
.EXAMPLE
$uploadResponse = uploadTo-appliance $filePath $sessionID $hostname $fileName
#>
$uploadUri = "/rest/backups/archive"
$fullUploadUri = $hostname + $uploadUri
$uploadTimeout = 43200000 # 12 hours
$bufferSize = 65536 # bytes
try
{
[net.httpsWebRequest]$uploadRequest = [net.webRequest]::create($fullUploadUri)
$uploadRequest.method = "POST"
$uploadRequest.Timeout = $uploadTimeout
$uploadRequest.ReadWriteTimeout = $uploadTimeout
$uploadRequest.SendChunked = 1
$uploadRequest.AllowWriteStreamBuffering = 0
A.2 Sample restore script 425
$uploadRequest.accept = "application/json"
$boundary = "----------------------------bac8d687982e"
$uploadRequest.ContentType = "multipart/form-data; boundary=----------------------------bac8d687982e"
$uploadRequest.Headers.Add("auth", $authinfo)
$uploadRequest.Headers.Add("X-API-Version", $global:scriptApiVersion)
$fs = New-Object IO.FileStream ($filepath,[System.IO.FileMode]::Open)
$rs = $uploadRequest.getRequestStream()
$rs.WriteTimeout = $uploadTimeout
$disposition = "Content-Disposition: form-data; name=""file""; filename=""encryptedBackup"""
$conType = "Content-Type: application/octet-stream"
[byte[]]$BoundaryBytes = [System.Text.Encoding]::UTF8.GetBytes("--" + $boundary + "`r`n")
$rs.write($BoundaryBytes,0,$BoundaryBytes.Length)
[byte[]]$contentDisp = [System.Text.Encoding]::UTF8.GetBytes($disposition + "`r`n")
$rs.write($contentDisp,0,$contentDisp.Length)
[byte[]]$contentType = [System.Text.Encoding]::UTF8.GetBytes($conType + "`r`n`r`n")
$rs.write($contentType,0,$contentType.Length)
$fs.CopyTo($rs,$bufferSize)
$fs.close()
[byte[]]$endBoundaryBytes = [System.Text.Encoding]::UTF8.GetBytes("`n`r`n--" + $boundary + "--`r`n")
$rs.write($endBoundaryBytes,0,$endBoundaryBytes.Length)
$rs.close()
}
catch [System.Exception]
{
Write-Host "Not able to send backup"
Write-Host $error[0].Exception
}
try
{
[net.httpsWebResponse]$response = $uploadRequest.getResponse()
$responseStream = $response.getResponseStream()
$responseStream.ReadTimeout = $uploadTimeout
$streamReader = New-Object IO.StreamReader ($responseStream)
$rawUploadResponse = $streamReader.readtoend()
$response.close()
if ($rawUploadResponse -eq $null)
{
return
}
$uploadResponse = $rawUploadResponse | convertFrom-Json
if ($uploadResponse.status -eq "SUCCEEDED")
{
Write-Host "Upload complete."
return $uploadResponse
}
else
{
Write-Host $rawUploadResponse
Write-Host $uploadResponse
return
}
}
catch [Net.WebException]
{
Write-Host $error[0]
$errorResponse = $error[0].Exception.InnerException.Response.getResponseStream()
$sr = New-Object IO.StreamReader ($errorResponse)
$frawErrorStream = $sr.readtoend()
$error[0].Exception.InnerException.Response.close()
$errorObject = $rawErrorStream | convertFrom-Json
Write-Host $errorObject.errorcode $errorObject.message $errorObject.resolution
return
}
}
##### Initiate the restore process #####
function start-restore ([string]$authinfo,[string]$hostname,[object]$uploadResponse)
{
<#
.DESCRIPTION
Sends a POST request to the restore resource to initiate a restore.
.PARAMETER authinfo
The authorized sessionID obtained from login.
.PARAMETER hostname
The appliance to connect to.
.PARAMETER uploadResponse
The response body from the upload request. Contains the backup URI needed for restore call.
.INPUTS
None, does not accept piping
426 Backup and restore script examples
.OUTPUTS
Outputs the response body from the POST restore call.
.EXAMPLE
$restoreResponse = start-restore $sessionID $hostname $uploadResponse
#>
# append the appropriate URI to the IP address of the Appliance
$backupUri = $uploadResponse.uri
$restoreUri = "/rest/restores"
$fullRestoreUri = $hostname + $restoreURI
$body = @{ type = "RESTORE"; uriOfBackupToRestore = $backupUri } | convertTo-json
# create a new webrequest and add the proper headers
try
{
$rawRestoreResponse = setup-request -uri $fullRestoreUri -method "POST" -accept "application/json" -contentType
"application/json" -authValue $authinfo -Body $body
$restoreResponse = $rawRestoreResponse | convertFrom-Json
return $restoreResponse
}
catch [Net.WebException]
{
Write-Host $_.Exception.message
}
}
##### Check for the status of ongoing restore #####
function restore-status ([string]$authinfo = "foo",[string]$hostname,[object]$restoreResponse,[string]$recoveredUri
= "")
{
<#
.DESCRIPTION
Uses GET requests to check the status of the restore process.
.PARAMETER authinfo
**to be removed once no longer a required header**
.PARAMETER hostname
The appliance to connect to
.PARAMETER restoreResponse
The response body from the restore initiation request.
.PARAMETER recoveredUri
In case of a interruption in the script or connection, the Uri for status is instead obtained through
this parameter.
.INPUTS
None, does not accept piping
.OUTPUTS
None, end of script upon completion or fail.
.EXAMPLE
restore-status *$authinfo* -hostname $hostname -restoreResponse $restoreResponse
or
restore-status -hostname $hostname -recoveredUri $recoveredUri
#>
$retryCount = 0
$retryLimit = 5
$retryMode = 0
# append the appropriate URI to the IP address of the Appliance
if ($recoveredUri -ne "")
{
$fullStatusUri = $hostname + $recoveredUri
write-host $fullStatusUri
}
else
{
$fullStatusUri = $hostname + $restoreResponse.uri
}
do
{
try
{
# create a new webrequest and add the proper headers (new header, auth is needed for authorization
$rawStatusResp = setup-request -uri $fullStatusUri -method "GET" -accept "application/json" -contentType
"application/json" -authValue $authinfo
$statusResponse = $rawStatusResp | convertFrom-Json
$trimmedPercent = ($statusResponse.percentComplete) / 5
$progressBar = "[" + "=" * $trimmedPercent + " " * (20 - $trimmedPercent) + "]"
Write-Host "`rRestore progress: $progressBar " $statusResponse.percentComplete "%" -NoNewline
}
catch [Net.WebException]
{
try
A.2 Sample restore script 427
{
$errorResponse = $error[0].Exception.InnerException.Response.getResponseStream()
$sr = New-Object IO.StreamReader ($errorResponse)
$rawErrorStream = $sr.readtoend()
$error[0].Exception.InnerException.Response.close()
$errorObject = $rawErrorStream | convertFrom-Json
Write-Host $errorObject.message $errorObject.recommendedActions
}
catch [System.Exception]
{
Write-Host "`r`n" $error[1].Exception
}
# The error may be transient; retry several times. If it still fails, return with an error.
$retryCount++
$retryMode = 1
if ($retryCount -le $retryLimit)
{
Write-Host "In restore-status retrying GET on $fullStatusUri. retry count: $retryCount`r`n"
sleep 5
continue
}
else
{
Write-Host "`r`nRestore may have failed! Could not determine the status of the restore."
return
}
}
if ($statusResponse.status -eq "SUCCEEDED")
{
Write-Host "`r`nRestore complete!"
return
}
if ($statusResponse.status -eq "FAILED")
{
Write-Host "`r`nRestore failed! System should now undergo a reset to factory defaults."
}
Start-Sleep 10
} while (($statusResponse.status -eq "IN_PROGRESS") -or ($retryMode -eq 1))
return
}
##### Recovers Uri to the restore resource if connection lost #####
function recover-restoreID ([string]$hostname)
{
<#
.DESCRIPTION
Uses GET requests to check the status of the restore process.
.PARAMETER hostname
The appliance to end the request to.
.INPUTS
None, does not accept piping
.OUTPUTS
The Uri of the restore task in string form.
.EXAMPLE
$reacquiredUri = recover-restoredID $hostname
#>
$idUri = "/rest/restores/"
$fullIdUri = $hostname + $idUri
try
{
$rawIdResp = setup-request -uri $fullIdUri -method "GET" -contentType "application/json" -accept
"application/json" -authValue "foo"
$idResponse = $rawIdResp | convertFrom-Json
}
catch [Net.WebException]
{
$_.Exception.message
return
}
return $idResponse.members[0].uri
}
function setup-request ([string]$uri,[string]$method,[string]$accept,[string]$contentType =
"",[string]$authValue="0", [object]$body = $null)
{
<#
.DESCRIPTION
A function to handle the more generic web requests to avoid repeated code in every function.
.PARAMETER uri
The full address to send the request to (required)
.PARAMETER method
The type of request, namely POST and GET (required)
428 Backup and restore script examples
.PARAMETER accept
The type of response the request accepts (required)
.PARAMETER contentType
The type of the request body
.PARAMETER authValue
The session ID used to authenticate the request
.PARAMETER body
The message to put in the request body
.INPUTS
None
.OUTPUTS
The response from the appliance, typically in Json form.
.EXAMPLE
$responseBody = setup-request -uri https://10.10.10.10/rest/doThis -method "GET" -accept "application/json"
#>
try
{
[net.httpsWebRequest]$request = [net.webRequest]::create($uri)
$request.method = $method
$request.accept = $accept
$request.Headers.Add("Accept-Language: en-US")
if ($contentType -ne "")
{
$request.ContentType = $contentType
}
if ($authValue -ne "0")
{
$request.Headers.Item("auth") = $authValue
}
$request.Headers.Add("X-API-Version: $global:scriptApiVersion")
if ($body -ne $null)
{
#write-host $body
$requestBodyStream = New-Object IO.StreamWriter $request.getRequestStream()
$requestBodyStream.WriteLine($body)
$requestBodyStream.flush()
$requestBodyStream.close()
}
# attempt to connect to the Appliance and get a response
[net.httpsWebResponse]$response = $request.getResponse()
# response stored in a stream
$responseStream = $response.getResponseStream()
$sr = New-Object IO.StreamReader ($responseStream)
#the stream, which contains a json object is read into the storage variable
$rawResponseContent = $sr.readtoend()
$response.close()
return $rawResponseContent
}
catch [Net.WebException]
{
try
{
$errorResponse = $error[0].Exception.InnerException.Response.getResponseStream()
$sr = New-Object IO.StreamReader ($errorResponse)
$rawErrorStream = $sr.readtoend()
$error[0].Exception.InnerException.Response.close()
$errorObject = $rawErrorStream | convertFrom-Json
Write-Host "errorCode returned:" $errorObject.errorCode
Write-Host "when requesting a $method on $uri`r`n"
Write-Host $errorObject.message ";" $errorObject.recommendedActions
}
catch [System.Exception]
{
Write-Host $error[1].Exception.Message
}
throw
return
}
}
##### Begin main #####
#this checks to see if the user wants to just check a status of an existing restore
if ($args.count -eq 2)
{
foreach ($item in $args)
A.2 Sample restore script 429
{
if ($item -eq "-status")
{
[void]$foreach.movenext()
$hostname = $foreach.current
# Correct some common errors in hostname
$hostname = $hostname.Trim().ToLower()
if (!$hostname.StartsWith("https://"))
{
if ($hostname.StartsWith("http://"))
{
$hostname = $hostname.Replace("http","https")
} else {
$hostname = "https://" + $hostname
}
}
}
else
{
Write-Host "Invalid arguments."
return
}
}
$reacquiredUri = recover-restoreID -hostname $hostname
if ($reacquiredUri -eq $null)
{
Write-Host "Error occurred when fetching active restore ID. No restore found."
return
}
restore-status -recoveredUri $reacquiredUri -hostname $hostname
return
}
elseif ($args.count -eq 0)
{
$loginVals = query-user
if ($loginVals -eq $null)
{
Write-Host "Error passing user login vals from function query-host, closing program."
return
}
#determines the active Api version
$global:scriptApiVersion = getApiVersion $global:scriptApiVersion $loginVals.hostname
if ($global:scriptApiVersion -eq $null)
{
Write-Host "Could not determine appliance Api version"
return
}
$authinfo = login-appliance $loginVals.userName $loginvals.password $loginVals.hostname
$loginVals.authLoginDomain
if ($authinfo -eq $null)
{
Write-Host "Error getting authorized session from appliance, closing program."
return
}
$uploadResponse = uploadTo-appliance $loginVals.backupPath $authinfo.sessionID $loginVals.hostname
$loginVals.backupFile
if ($uploadResponse -eq $null)
{
Write-Host "Error attempting to upload, closing program."
return
}
$restoreResponse = start-restore $authinfo.sessionID $loginVals.hostname $uploadResponse
if ($restoreResponse -eq $null)
{
Write-Host "Error obtaining response from Restore request, closing program."
return
}
restore-status -hostname $loginVals.hostname -restoreResponse $restoreResponse -authinfo $authinfo.sessionID
return
}
else
{
Write-Host "Usage: restore.ps1"
Write-Host "or"
Write-Host "restore.ps1 -status https://{ipaddress}"
return
}
430 Backup and restore script examples
B Authentication directory service
This appendix provides additional information to help you correctly apply search context fields
for adding an authentication directory service to the HPE OneView appliance.
B.1 Microsoft Active Directory configurations
B.1.1 Users and groups in same OU
The following table provides the general mapping for the Search context fields in the Add
Directory screen for a Microsoft Active Directory configuration in which the users and groups
are organized under the same organizational unit, OU. For information on the Add Directory
screen, see the online help.
Search context
Field 1
Field 2
Field 3
CN
CN=Organizational_Unit
DC=domain,DC=domain
In this example, the domain is example.com, and users and groups are located under the Users
container, the default organizational unit.
The entries for the Search context fields that would authenticate the user named server_admin
are:
Search context
Field 1
Field 2
Field 3
CN
CN=Users
DC=example,DC=com
B.1.2 Users and groups in different OUs, under same parent
The following table provides the general mapping for the Search context fields in the Add
Directory screen for a Microsoft Active Directory configuration in which the users and groups
B.1 Microsoft Active Directory configurations 431
are in separate OUs, but those OUs are both under another parent OU. For information on the
Add Directory screen, see the online help.
Search context
Field 1
Field 2
Field 3
CN
OU=Organizational_Unit
DC=domain,DC=domain
In this example, there is a parent OU named Accounts with two children, Users and Groups.
The domain is example.com.
The entries for the Search context fields that would authenticate a user in the Users OU are:
Search context
Field 1
Field 2
Field 3
CN
OU=Accounts
DC=example,DC=com
B.1.3 Users and groups in different OUs, under different parents
The following table provides the general mapping for the Search context fields in the Add
Directory screen for a Microsoft Active Directory configuration in which the user and group
accounts are in separate OUs (shown as OU1 and OU2). For information on the Add Directory
screen, see the online help.
Search context
Field 1
Field 2
Field 3
CN
OU=child_OU,OU=parent_OU + DC=domain,DC=domain
...
In this example, there are two separate OUs, User Accounts and Group Accounts in the
domain example.com.
432 Authentication directory service
Specifying the OU takes the form:
OU=child_OU,OU=parent_OU
In the example, there are four different accounts that can be specified:
OU=Admin Users,OU=User Accounts,DC=example.DC=com
OU=Finance Users,OU=User Accounts,DC=example.DC=com
OU=Admin,OU=Group Accounts,DC=example.DC=com
OU=Others,OU=Group Accounts,DC=example.DC=com
You can combine search contexts, up to 10, by using the + character in Field 2. This construct
is known as multiple Relative Distinguished Names (RDNs).
For this example, the entries for the Search context fields to authenticate these users and groups
are:
Search context
Field 1
Field 2
Field 3
CN
OU=Admin Users,OU=User
DC=example,DC=com
Accounts + OU=Finance
Users,OU=User Accounts +
OU=Admin,OU=Group Accounts +
OU=Others,OU=Group Accounts
B.1.4 Built-in groups
Microsoft Active Directory features built-in groups, in which certain groups are automatically
located in predefined containers. These built-in groups include:
•
Domain Users
•
Domain Admins
•
Enterprise Admins
The Microsoft Active Directory Domain Users group contains all users that were created in the
domain. In this example, all the user accounts under Users are included in Domain Users:
B.1 Microsoft Active Directory configurations 433
However, user accounts in the Domain Users group will not be authenticated. You must specify
the organizational unit or units.
For more information on built-in groups and their behavior, see the Microsoft documentation.
B.2 OpenLDAP directory configuration
The following table provides the general mapping for the Search context fields in the Add
Directory screen for an OpenLDAP configuration in which the users and groups are organized
under different organizational units, OUs. For information on the Add Directory screen, see the
online help.
Search context
Field 1
Field 2
Field 3
CN
OU=Organizational_Unit
DC=domain,DC=domain
In this example, user accounts are located under the People OU and groups are located under
the Groups OU:
434 Authentication directory service
For this example, the entries for the Search context fields to authenticate users, but not groups,
are:
Search context
Field 1
Field 2
Field 3
CN
OU=People
DC=example,DC=com
NOTE: The Groups OU is not valid for Search context field 2. By default, all groups are only
searched under the Groups OU. For OpenLDAP, groups must always be created under the
Groups OU.
B.3 Validate the directory server configuration
For information on these requirements, see Add Directory screen details and Add Directory
Server screen details in the online help.
In addition, there must be valid search contexts so that the group or groups can be identified and
accessed.
Use the following procedure to verify a proper directory server configuration.
Prerequisites
•
Minimum required privileges: Infrastructure administrator.
•
The server that hosts the authentication directory service must:
◦
Communicate through SSL.
◦
Agree on the SSL port for LDAP.
◦
Be accessible through a fully qualified domain name or IP address.
◦
Have an available SSL certificate, based on an RSA algorithm.
Validating the directory server configuration
1.
Determine if there is a connection to the directory server with the ping command:
ping directory_server_host_name
2.
Verify that the public key for the directory server certificate is based on an RSA algorithm.
If the directory server is actually a number of DNS servers that are running as a round robin
DNS server, each server has a unique certificate. Use the nslookup to list the servers and
choose one.
B.3 Validate the directory server configuration 435
Connect to a server using the openssl s_client command. Specify the host name and
port.
Copy the server certificate to the Certificate field of the Add Directory Server screen.
Verify that the certificate specifies the public key as RSA (n bits). The default option for
Microsoft Active Directory is RSA 2048 bits.
3.
Ensure that the certificate’s timestamp is older than the appliance time.
This can be a concern if the appliance and the directory are synchronized to different time
servers or if they are running in different time zones.
4.
Validate the search contexts by running ldapsearch command from the appliance console.
Search context CN
CN=Users
DC=example,DC=com
Username: server_admin
For this example, the ldapsearch command, using TLS/SSL, would resemble the following:
LDAPTLS_CACERT=location_of_certificate
ldapsearch -LLL
–Z -H ldaps://host_name:port
-b "base-DN"
-D "bind-DN"
–W [cn/uid/ssAMAccountName/userPrincipalName]
For this example, ldapsearch, not using TLS/SSL, would resemble the following:
ldapsearch -LLL
-H ldap://IP_address:389
-b "cn=users,dc=example,dc=com"
-D "cn=server_admin,cn=users,dc=example,dc=com"
–W CN
B.4 LDAP schema object classes
The following illustrates groups, by directory type, created with object classes. Such LDAP groups
need to be added to HPE OneView and assigned roles. See the online help for information on
assigning roles.
Active Directory
Under Active Directory, a group can be created with any of these LDAP schema object classes:
•
groupofNames
•
groups
•
groupofUniqueNames
View group members by examining the properties of the group name as in this example:
436 Authentication directory service
OpenLDAP
Under OpenLDAP, a group can be created with either of these LDAP Schema object classes:
•
groupofUniqueNames
•
groupofNames
A group created with the objectClass as groupOfUniqueNames has its members under
uniqueMember as in this example.
A group created with the objectClass as groupOfNames or groups has its members under
member as shown here.
B.4 LDAP schema object classes 437
438 Authentication directory service
C Smart Update Tools installation with HPE Insight Control
server provisioning
See the Smart Update Tools User Guide at www.hpe.com/info/sut-docs for installation
instructions.Smart Update Tools (SUT) can be installed along with HPE Insight Control server
provisioning on ProLiant servers.
SUT is installed in Auto Deploy mode. In Auto Stage mode, SUT stages the components on the
host server in a temporary location. After SUT is installed, any further action requires the OS
administrator to run commands from the command line.
To change the deploy mode for SUT to On Demand, Manual or scripted mode, which allows
you to control all requests as command-line arguments on the server, see the Smart Update
Tools User Guide at www.hpe.com/info/sut-docs.
To perform scaled deployments across all servers in your data center, see the Smart Update
Tools User Guide at www.hpe.com/info/sut-docs.
NOTE: When you set SUT to run in automatic mode, SUT runs in the background on the host
server. HPE OneView and SUT communicate via the HPE iLO REST interface. The firmware
install state displayed in HPE OneView is always kept up to date.
439
440
D Maintenance console
•
“About the Maintenance console” (page 441)
•
“Access the Maintenance console” (page 443)
•
“Log in to the Maintenance console” (page 445)
•
“About the Maintenance console password” (page 445)
•
“About the factory reset operation” (page 446)
•
“Maintenance console main menu screen details” (page 447)
•
“Maintenance console Details screen details” (page 447)
•
“Maintenance console appliance states” (page 449)
•
“View the appliance details” (page 450)
•
“Reset the Maintenance console password” (page 450)
•
“Reset the administrator password with the Maintenance console” (page 451)
•
“Restart the Synergy Composer using the Maintenance console” (page 452)
•
“Shut down the Synergy Composer using the Maintenance console” (page 452)
•
“Create a support dump file from the Maintenance console” (page 453)
•
“Perform a factory reset using the Maintenance console ” (page 454)
•
“Configure appliance networking from the Maintenance console” (page 454)
•
“Recovering an HPE Synergy Composer” (page 455)
•
“Activate the Synergy Composer manually when it is not highly available” (page 455)
D.1 About the Maintenance console
The Maintenance console, shown in Figure 23 (page 442), provides a limited set of administrative
commands for an appliance.
The Maintenance console is an important tool for troubleshooting appliance issues when HPE
OneView is not available. The Maintenance console is always available from the front panel
console or from an SSH session if maintenance IPs are configured.
For information on accessing the Maintenance console, see Access the Maintenance console.
D.1 About the Maintenance console 441
Figure 23 Example of the Maintenance console main menu
In the upper left of most Maintenance console screens, the local appliance is identified by its
location (enclosure identifier and appliance bay number) or its host name.
The Maintenance console displays an icon and a message about the state of the appliance,
which can indicate one of following actions is occurring:
•
Normal operation
•
Appliance is offline
•
Appliance is being updated
•
Appliance is synchronizing with the other appliance in the cluster
•
Appliance is starting up, shutting down, restarting, or temporarily unavailable
•
Appliance is being restored from a backup file
•
Appliance is being reset to factory default settings
Commands
The body of the main menu contains commands that can be used:
•
To view the appliance details.
•
To restart the local appliance.
•
To shut down the appliance.
•
To activate an offline appliance.
•
To reset the administrator password.
•
To perform a factory reset of the appliance.
•
To launch a service console, which an authorized support representative can use to diagnose
or repair a problem.
442 Maintenance console
•
To create a support dump or to download an existing support dump to a USB storage device
(connected to the appliance USB port).
•
To log out of the Maintenance console.
Be sure to log out before removing a console (monitor, keyboard, and mouse). Otherwise,
you might be leaving the Maintenance console ready to perform a command like Shutdown
the next time a console is attached and the Enter key is pressed.
NOTE: The commands displayed by the Maintenance console depend on the current state of
the appliance and how the Maintenance console was accessed.
Navigation
•
Use the tab and arrow keys to navigate within the Maintenance console screen.
•
Commands are displayed with corresponding hot keys. These keys are shown within brackets
in Figure 23 (page 442). Pressing a hot key selects the command.
•
You can use the Enter key to invoke a selection. That is, after you make a selection, pressing
Enter runs the command.
See also
•
Access the Maintenance console
•
Log in to the Maintenance console
•
View the appliance details
•
Restart the appliance using the Maintenance console
•
Shut down the appliance using the Maintenance console
•
Reset the administrator password with the Maintenance console
•
Perform a factory reset of the appliance using the Maintenance console
D.2 Access the Maintenance console
Access the Maintenance console through the appliance console or through an SSH connection.
NOTE: Use the credentials for the local Infrastructure administrator credentials when prompted.
You can reset the administrator password from the Maintenance console.
Access the Maintenance console from an SSH connection
NOTE: Hewlett Packard Enterprise recommends the use of these tools for accessing the
Maintenance console through an SSH connection:
•
PuTTY
•
MTPuTTY
Accessing the Maintenance console using SSH
1.
2.
3.
4.
Invoke one of the recommended tools on your local computer.
Access the appliance by specifying its fully qualified domain name or its IP address.
Enter the user name maintenance at the login prompt.
Log into the Maintenance console.
D.2 Access the Maintenance console 443
Accessing the Maintenance console from an HPE Synergy Frame Link Module
1.
Connect a keyboard, video, and mouse using the monitor port and USB ports located:
•
On the front panel of the frame (illustration on left)
•
On a HPE Synergy Frame Link Module at the rear of the frame (illustration on right)
On connection, the HPE Synergy Frame Link Module GUI is displayed.
2.
3.
Click the monitor icon located at the top right of the screen.
Choose either of the HPE Synergy Composers from the Appliances submenu.
A blank text window opens.
4.
5.
6.
Press Enter.
Enter the user name maintenance at the login prompt.
See Log into the Maintenance console.
Accessing the Maintenance console through a notebook or laptop
Prerequisites
•
You have physical access to the frame
•
You have configured the notebook computer Ethernet port for DHCP and enabled
auto-negotiation
•
1.
2.
A CAT5 cable
Connect the CAT5 cable to the Ethernet port on the notebook computer.
Connect the CAT5 cable to the notebook port on the front of the frame, on the front panel
module (see illustration)
444 Maintenance console
3.
On the notebook computer, launch a VNC client application to connect to the Synergy
console.
If prompted by the VNC client, enter the IP address (including port 5900) of the Synergy
frame to use for the connection: 192.168.10.1.
4.
The Synergy console is now available using the VNC client connection.
More information
“About the Maintenance console” (page 441)
D.3 Log in to the Maintenance console
When you access the Maintenance console, you are presented with either a login screen or the
Maintenance console main menu:
•
Access through the appliance console, the Maintenance console main menu is presented
immediately.
After you enter your first command and before it runs, the login screen is presented.
Two exceptions are the Reset password and Launch service console, which require a
challenge/response authorization. For information on resetting the password, see “Reset
the administrator password with the Maintenance console” (page 451).
•
Access through SSH presents the login screen immediately.
To log in, enter the user name and password of a local Infrastructure administrator account on
this appliance.
NOTE: You cannot log in using an Infrastructure administrator account that is authenticated
by an authentication directory service.
The Maintenance console login remains valid for one hour. After one hour of inactivity, you must
reenter the password. The Maintenance console session closes after 24 hours of inactivity.
More information
“About the Maintenance console” (page 441)
“Access the Maintenance console” (page 443)
“Maintenance console main menu screen details” (page 447)
D.4 About the Maintenance console password
The Maintenance console has no initial password. To set it, see “Reset the Maintenance console
password” (page 450).
Maintenance console passwords must meet the following minimum requirements:
•
Fourteen (14) characters long
•
One uppercase alpha character
•
One lowercase alpha character
•
One numeric character
•
One special character
Backup operations do not back up the Maintenance console password. Ensure that you can
remember or retrieve the Maintenance console password in some other way.
IMPORTANT: You can only reset the password by resetting the appliance to its original factory
settings, which reverts the Maintenance console password to its initial setting, none.
D.3 Log in to the Maintenance console 445
Considerations for an appliance cluster
•
The active appliance and the standby appliance can have different Maintenance console
passwords.
•
The Maintenance console passwords are not synchronized between the active appliance
and the standby appliance.
More information
“About the Maintenance console” (page 441)
“Reset the Maintenance console password” (page 450)
“About the factory reset operation” (page 446)
“About the high availability appliance cluster” (page 260)
D.5 About the factory reset operation
A factory reset restores the appliance to the original factory settings, but does not change the
installed firmware version.
CAUTION: By default, the factory reset operation erases appliance data, including logs, network
settings, and managed device settings in HPE OneView. You have the option of explicitly
preserving network settings and logs.
Preserving network settings is the safest option when trying to recover an appliance from an
error because the appliance remains accessible from the network.
Ensure that you have a recent backup file before performing this operation.
The factory reset operation can be performed from the UI or from the Maintenance console.
Use the factory reset operation for either of these reasons:
•
To decommission the appliance so that you can migrate the hardware or
If you intend to decommission the appliance, perform the factory reset without preserving
the network settings and logs. If the HPE Synergy appliance is not highly available, you must
reset the frame link module from the front panel display module to regain access to HPE
OneView. Performing a factory reset operation on the frame link module disrupts running
work loads.
•
To return the appliance to a known state for reuse (for example, to restore the appliance
from a backup file).
If you plan to restore an appliance from a backup file or to apply a fresh, new configuration,
ensure that you preserve the network settings and logs.
If the appliance is highly available (the View details command on the Maintenance console
show both active and standby operational), the factory reset operation will fail. Remove the
standby appliance first using the HPE OneView GUI.
More information
Reset the Synergy Composer to the original factory settings
Perform a factory reset operation using the Maintenance console
About backing up the Synergy Composer
446 Maintenance console
D.6 Maintenance console main menu screen details
References to the local appliance indicate the appliance that runs the Maintenance console with
which you are interacting.
Screen component Description
Title
Identifies the HPE OneView Maintenance console.
Appliance identifier
For an appliance cluster, this text identifies the local appliance by its enclosure and appliance
bay number.
This text identifies a standalone appliance by its host name.
Is located directly beneath the Title
Icon
Indicates the general state of the appliance. The icon is located in the upper right of the console
screen.
State text
Displays one to three lines of additional text to elaborate on the state indicated by the icon.
Example states include:
Restoring from backup
Starting
Active
Standby / Synchronizing
Notification banner
Notifies or warns of a situation regarding the appliance or appliance cluster.
The Notification banner spans the width of the Maintenance console.
The Notification banner is not displayed when no notification is pending.
Commands
Lists the available commands that are appropriate to the state of the appliance. Examples
include:
View details
Restart
Shut down
Reset password
Support dump
Factory reset
Launch service console
See also
•
“About the Maintenance console” (page 441)
•
“Access the Maintenance console” (page 443)
•
“Log in to the Maintenance console” (page 445)
•
“View the appliance details” (page 450)
•
“Create a support dump file from the Maintenance console” (page 453)
•
“Restart the Synergy Composer using the Maintenance console” (page 452)
•
“Shut down the Synergy Composer using the Maintenance console” (page 452)
•
“Reset the administrator password with the Maintenance console” (page 451)
D.7 Maintenance console Details screen details
The View Details command displays this screen.
References to the local appliance indicate the appliance that runs the Maintenance console with
which you are interacting.
D.6 Maintenance console main menu screen details 447
Peer appliance refers to the other appliance, regardless of its role, in an appliance cluster.
Screen component Description
Title
Identifies the HPE OneView Maintenance console.
Appliance identifier
For an appliance cluster, this text identifies the local appliance by its enclosure and appliance
bay number.
This text identifies a standalone appliance by its host name.
Located directly beneath the Title
Icon
Indicates the general status of the appliance in the upper right.
State text
Displays one to three lines of additional text to elaborate on the icon state. State text examples
include:
Restoring from backup
Starting
Active
Standby / Synchronizing
Notification banner
Notifies or warns of a situation regarding the appliance or appliance cluster.
The Notification banner spans the width of the Maintenance console.
The Notification banner is hidden when no notification is pending.
Host name
Displays the host name of the appliance.
IP address
Displays the IP address of the appliance.
Model
The model number of the appliance running HPE OneView.
Firmware
The version number of the firmware running on the HPE OneView appliance and the date the
firmware was last updated.
Appliances
For an appliance cluster, the following items are displayed first for the local appliance and
then for the peer appliance.
For a standalone appliance, the following items are only displayed once.
448 Maintenance console
Identifier
Identifies the individual appliance by its enclosure and appliance bay.
State
Icon and text indicating the state of the appliance from the perspective of
the local appliance. For example, the state for a peer appliance could be
Not connected, but that could not apply to a local appliance.
IP address
The Maintenance IP address associated with the individual appliance. The
maintenance IP address is used to connect to the Maintenance console,
but not with the UI.
Serial number
The serial number of the appliance hardware.
D.8 Maintenance console appliance states
The Maintenance console displays an icon and a message in the upper right corner about the
state of the appliance. The state might depend on the situation, especially for a highly available
appliance cluster, and an action might also be required.
State
Situation
Action
Active
The local appliance is the active
appliance of the appliance cluster and is
running normally.
Active
Not an appliance cluster.
Contact your authorized support
representative to replace the failed disk
The disk of the active appliance has
failed.
Contact your authorized support
representative to replace the failed disk
Disk has failed
The standby appliance assumes control
as the single appliance.
The disk of the standby appliance has
failed.
Contact your authorized support
representative to replace the failed disk
The active appliance continues operating
as a single appliance.
Active
The local appliance is running normally.
Standby is synchronizing
The peer appliance is being
synchronized. It cannot be activated if a
failure occurs before the synchronization
completes.
Active
The local appliance is running normally
but cannot reach the peer appliance.
Standby is unreachable
Unsynchronized changes
The peer appliance cannot become the
active appliance in case of a failure.
Standby
The local appliance is the standby
appliance in the appliance cluster and is
running normally.
Standby
The disk on the local appliance failed.
Disk has failed
Contact your authorized support
The local appliance can no longer serve representative to replace the failed disk
as the standby appliance in the appliance
cluster.
The disk on the peer appliance failed.
The local appliance is currently the
standby appliance, but it will be activated
automatically.
Standby
Synchronizing
See the alerts listed in the Activity screen
for more details and a resolution.
Contact your authorized support
representative to replace the failed disk
The local appliance is the standby
appliance and it is being synchronized.
It cannot be activated if a failure occurs
before synchronization completes.
Offline
Manual action required
Offline
Unrecoverable error
The local appliance cannot be activated For information on resolving this issue,
automatically because it cannot confirm see “Synergy Composer is offline, manual
that the peer appliance is not running.
action is required” (page 357)
The appliance failed with an
unrecoverable error.
For information on resolving this issue,
see “Oops” (page 84).
D.8 Maintenance console appliance states 449
State
Situation
Offline
The local appliance cannot be activated For information on resolving this issue,
because it lacks a complete copy of the see “Synergy Composer is offline, manual
appliance data.
action is required” (page 357)
Unusable (incomplete data)
Resetting
Action
The appliance is being reset to factory
default settings.
In an appliance cluster, this operation
occurs before the standby appliance
becomes the active appliance.
Restarting
The appliance is restarting and will be
available shortly.
Restoring from backup
The appliance will be restarted after the
restoration completes.
Starting
The local appliance is starting up and will
be available shortly.
Starting
Recovering from failure
The peer appliance experienced a failure For information on determining the cause
and the local appliance is becoming
of the failure, see “Unexpected appliance
active.
shutdown” (page 341).
Shutting down
The local appliance is shutting down.
Temporarily unavailable
The local appliance is in a transition, and
its state will change.
Updating
The local appliance is undergoing a
firmware update.
D.9 View the appliance details
Use this procedure to display appliance details such as state, host name, IP address, model,
firmware, and, for an appliance cluster, the state of the peer appliance. For more information,
see “Maintenance console Details screen details” (page 447)
Viewing the appliance details
1.
2.
Access the Maintenance console’s main menu.
Select View details.
The Maintenance console details screen is displayed.
See also
•
“Maintenance console Details screen details” (page 447)
•
“Access the Maintenance console” (page 443)
•
“Log in to the Maintenance console” (page 445)
D.10 Reset the Maintenance console password
Prerequisites
•
Create a new password that fulfills the password requirements.
•
If the current Maintenance console password is forgotten:
1. Perform a backup.
2. Back up all user data.
3. Ensure that all users are logged off and that tasks are not running.
4. Perform a factory reset on the appliance.
The maintenance console password is not enabled after a factory reset.
450 Maintenance console
Resetting the Maintenance console password
1.
2.
3.
4.
5.
6.
Access the console.
Log in with the user name maintenance and password (if set) at the login prompt.
Access the Maintenance console main menu.
Select Reset maintenance console password.
Enter the current password and the new password twice, once for verification.
Select OK.
D.11 Reset the administrator password with the Maintenance console
If you lose or forget the local administrator password, use the following procedure to reset it.
This operation provides a unique request code that you use when contacting your authorized
support representative.
IMPORTANT: The request code is valid only while you are on the Password reset screen
of the Maintenance console. If you return to the main menu or end the Maintenance console
session, the request code will be invalid. You will need to start this procedure over again to
acquire a new request code.
You will need to contact your authorized support representative, who will send an authorization
code (also known as a response code) after verifying your information.
IMPORTANT:
You must enter the authorization code within one hour or it becomes invalid.
NOTE:
•
This capability is not available if you accessed the Maintenance console through SSH. If the
password for another local Infrastructure administrator is known, use the User interface (UI)
to reset the administrator password.
•
This operation resets the password for a local administrator account on the appliance. It
does not apply to administrator accounts authenticated by a directory service.
In an appliance cluster, this operation resets the password for the administrator account
on both appliances.
•
This operation allows you to set a single-use password for the local administrator
account.
Use that single-use password the next time you log in to the UI with this account. You will
be prompted to set a new password.
For information on how to contact Hewlett Packard Enterprise, see Accessing Hewlett Packard
Enterprise Support.
Prerequisites
•
You have access to the console of a standalone appliance or, for an appliance cluster, the
console of either cluster member.
Resetting the administrator password with the Maintenance console
1.
2.
3.
Access the console.
Access the Maintenance console main menu.
Select Reset password.
The Maintenance console displays a request code.
D.11 Reset the administrator password with the Maintenance console 451
4.
Telephone your authorized support representative and provide that person with the following
information:
•
The name of the person requesting the password to be reset.
•
The name of the company that owns the appliance.
•
The request code from the Maintenance console.
The authorized support representative verifies the information and then sends a message
to the authorized email address on file. This message contains the authorization code. An
ISO image, which is also the authorization code, is attached to the message.
5. Type the authorization code into the response field.
6. Determine a single-use administrator password.
7. When prompted, enter and re-enter the new password.
8. Select OK to set the single-use password.
9. Log into the UI with this account, using the single-use password.
10. Set a new password for this account in the screen provided.
11. Verify by logging out, then logging into this account with the new password.
More information
•
“About the Maintenance console” (page 441)
•
“Access the Maintenance console” (page 443)
•
“Log in to the Maintenance console” (page 445)
•
Accessing Hewlett Packard Enterprise Support
D.12 Restart the Synergy Composer using the Maintenance console
This procedure describes how to use the Maintenance console to shut down and then restart
the appliance.
This action affects only the local appliance of an appliance cluster.
If the local appliance is the active appliance of an appliance cluster, restarting it (the local
appliance) stops the services that were running on it. Until the peer appliance restarts those
services, high availability is temporarily suspended.
Prerequisites
•
Ensure that all users are logged out and all ongoing work is completed.
Restarting the appliance using the Maintenance console
1.
2.
Access the Maintenance console main menu.
Select Restart.
Confirm that you want to restart the appliance.
3. Verify by observing the restart.
See also
•
“Access the Maintenance console” (page 443)
•
“Log in to the Maintenance console” (page 445)
•
“Maintenance console main menu screen details” (page 447)
•
“Shut down the Synergy Composer using the Maintenance console” (page 452)
D.13 Shut down the Synergy Composer using the Maintenance console
This procedure describes how to use the Maintenance console to perform a graceful shutdown
of the appliance.
This action shuts down only the local appliance of an appliance cluster.
452 Maintenance console
Prerequisites
•
Ensure that all users are logged out and all ongoing work is completed.
Shutting down the appliance using the Maintenance console
1.
2.
Access the Maintenance console main menu.
Select Shut down in the main menu.
Confirm that you want to shut down the appliance.
3. Verify by observing the shutdown.
See also
•
“Access the Maintenance console” (page 443)
•
“Log in to the Maintenance console” (page 445)
•
“Maintenance console main menu screen details” (page 447)
•
“Restart the Synergy Composer using the Maintenance console” (page 452)
D.14 Create a support dump file from the Maintenance console
This procedure describes how to use the Maintenance console to create a support dump file
from the local appliance (the appliance on which the Maintenance console runs) and store it on
a USB drive.
If the local appliance is the active appliance in an appliance cluster and if the standby appliance
is reachable, the support dump will contain the data for both cluster members. Otherwise, a
support dump is created with data for the local appliance only.
CAUTION: Creating the support dump file overwrites any existing backup file on the appliance.
If possible, refrain from creating a support dump if you have not copied the backup file to an
external location for safekeeping. Use the User interface to download the backup file.
The support dump file is encrypted by default.
Prerequisites
•
Minimum required privileges: Infrastructure administrator
•
Use a USB 2.0 or 3.0 device drive, formatted as an NTFS or FAT32 file system and with
only one partition. If necessary, use a computer to format the USB drive.
The USB drive must have enough free space (typically 1 GB to 4 GB) to store the support
dump file.
Creating a support dump file from the Maintenance console
1.
Ensure that the USB drive is installed in the USB port of the local appliance.
IMPORTANT: Do not remove the USB drive until the operation is complete and the
Maintenance console advises that it is safe to remove the drive.
2.
3.
Use the appliance console to access the Maintenance console main menu.
Select Support dump.
A new set of commands appears.
4.
Do one of the following:
•
Select Create support dump to create a new support dump and copy it to the USB
drive.
•
Select Download existing support dump to copy a support dump from the appliance
to the USB drive.
D.14 Create a support dump file from the Maintenance console 453
5.
Wait until the support dump file is copied. There will be a message on the screen stating
that the support dump was successfully completed and that it is safe to remove the USB
drive.
See also
•
“About the support dump file” (page 334)
•
“About the Maintenance console” (page 441)
•
“Access the Maintenance console” (page 443)
•
“Log in to the Maintenance console” (page 445)
•
Accessing Hewlett Packard Enterprise Support.
D.15 Perform a factory reset using the Maintenance console
Prerequisites
•
Ensure that all users are logged out and all ongoing work is completed.
•
Back up all user files.
•
Create a support dump file and save it to an external location for safekeeping.
Performing a factory reset using the Maintenance console
1.
2.
3.
Access the Maintenance console main menu.
Select Factory reset in the main menu.
In the subsequent dialog box, do one of the following:
a. Enter Y to continue the factory reset operation.
CAUTION: This option erases the network settings and logs.
Use this option to decommission an appliance.
b.
Enter P to continue with the factory reset operation, but preserve the network settings
and logs.
Use this option if you want to restore an appliance from a backup file or if you want to
apply a new configuration.
c. Enter N to cancel the factory reset operation and return to the main menu.
Confirm that you want to perform the factory reset in the subsequent dialog boxes.
4.
5.
In the next dialog box, do one of the following:
a. Enter Y to continue the factory reset operation.
b. Enter N to cancel the factory reset operation and return to the main menu.
Verify by observing the operation.
More information
“About the factory reset operation” (page 446)
D.16 Configure appliance networking from the Maintenance console
If you encounter a situation where the appliance network is down and you cannot use the HPE
OneView user interface to reconfigure it, you can configure the appliance network from the
maintenance console.
454 Maintenance console
Prerequisites
•
You have physical access to the console of a standalone appliance or, for an appliance
cluster, the console of either cluster member.
Configuring appliance networking from the Maintenance console
1.
2.
Log in to the HPE OneView Maintenance console.
Select Configure network settings.
The menu option is available only when the appliance is not part of a cluster.
When the appliance is part of a cluster, select Settings→Networking in the HPE OneView
GUI to configure the network .
If the cluster is not healthy, use the Maintenance console to check the appliance state and
to perform the recommended recovery procedures.
3.
Select to configure either IPv4 network settings only, or IPv4 and IPv6 (dual mode) network
settings.
Enter the IP address, subnet mask or CIDR, and gateway address.
Select Y to apply the network configuration.
Confirm that the Maintenance console displays the message that network settings were
successfully configured.
4.
5.
6.
D.17 Activate the Synergy Composer manually when it is not highly
available
If the Synergy Composer cannot be activated automatically, you can manually activate it.
Prerequisites
•
The highly available appliance cannot confirm if the peer appliance is running.
•
The Maintenance console state is “Offline, Manual action required”.
•
The troubleshooting steps in “Synergy Composer is offline, manual action is required” (page
357) have been followed.
Activating the Synergy Composer manually when it is not highly available
1.
In the Maintenance console of the appliance that will be the active appliance in a cluster,
select Activate.
CAUTION: Run this operation on only one appliance of the highly available cluster. Running
it on both appliances leads to unrecoverable data loss when the original failure causing
the loss of high availability is repaired.
2.
If you are only activating one appliance, enter Y to confirm. Otherwise, enter N to cancel.
More information
“Active and standby appliances are not connected” (page 356)
D.18 Recovering an HPE Synergy Composer
An HPE Synergy Composer contains proprietary information required to interact with components
itsframe link topology. The information is stored in both appliances in an appliance cluster and
their backup file. If an abnormal error occurs such that both Synergy Composers must be replaced
or factory reset at the same time, the information must be restored on the replacement appliance
before the Synergy Composer can manage the frame link topology. Restoring the backup file is
the recommended way to recover a Synergy Composer and to continue to manage a frame link
topology. The alternative disrupts the production environment as it requires a factory reset of the
Frame Link Modules and retriggers the hardware discovery process. The following steps offer
ways to restore the backup to a replacement Synergy Composer.
D.17 Activate the Synergy Composer manually when it is not highly available 455
Recovering or replacing an HPE Synergy Composer usually requires its backup file to be restored
for it to resume management of the HPE Synergy system. However, if only one of the appliances
in a highly available cluster is replaced, the backup does not need to be restored. The failed
appliance can be removed as the standby appliance and the replacement Synergy Composer
will automatically be detected and added to the appliance cluster. Use the maintenance console
to configure networking, enabling access to the HPE OneView GUI to perform the restore
operation.
1. If you plan to restore from a backup file, select from the following procedures:
a. If the Infrastructure administrator is able to access the HPE OneView GUI:
1) Use the standard restore from backup procedure from the GUI (you can perform
this procedure remotely).
b. If the Infrastructure administrator is unable to access the HPE OneView GUI, but can
access to the Maintenance console:
1) Factory reset the appliance from the Maintenance console and be sure to select
the option to Preserve appliance network settings.
2) After the reset, use the standard restore from backup procedure from the HPE
OneView GUI (you can run this procedure remotely since network settings were
preserved).
c. If the Infrastructure administrator is unable to access the Maintenance console:
1) Reimage the appliance while in the data center with a preloaded USB flash drive.
2) Connect a keyboard, video, and mouse to the front panel, and get serial
(Maintenance console) access to the Composer.
3) Use the Maintenance console to configure networking on the appliance.
4) Use the HPE OneView GUI to restore the backup (remotely).
2.
3.
4.
If you replace a single Composer in a non-HA environment:
a. Reimage the appliance while in the data center with a preloaded USB flash drive.
b. Connect a keyboard, video, and mouse to the front panel, and get serial (Maintenance
console) access to the Composer.
c. Use the Maintenance console to configure networking on the appliance.
d. Use the HPE OneView GUI to restore the backup (remotely).
If appliance networking was configured incorrectly, and you are no longer able to access
the appliance remotely:
a. Connect a keyboard, video, and mouse to the front panel, and get serial (Maintenance
console) access to the Composer.
b. Use the Maintenance console to configure networking on the appliance.
If an appliance update fails on the standby appliance, then manual intervention is required
to complete the update. Select from the following options to finish updating the standby
appliance:
•
Reimage the appliance while in the data center with a preloaded USB flash drive.
•
In the data center, configure a temporary IP address on the factory-fresh Composer
which allows an HPE OneView Infrastructure administrator to retry the update operation
on the standby appliance.
456 Maintenance console
Index
A
accessing
updates, 405
Accessing help sidebar, 87
Actions menu, 77
active appliance
determining of a Synergy frame, 260
activity
about, 285
managing, 285
monitoring health, 281
states, 288
statuses, 289
troubleshoot, 338
types, 286
viewing activity filter sidebar, 78
Activity control icon, 87
Activity sidebar, 78
addresses
managing, 267
administrator password
resetting, 244, 451
aggregation switch see data center switch
alert, 286
active, 288
auto-cleanup, 287
cleared, 288
locked, 288
appliance
availability, 262
backup and restore features, 31
backup script, 409
crash recovery, automated features, 264
crash recovery, data protection, 264
crash recovery, manual, 264
creating support dump file, 334–335
describing icons, 86
downloads from, 75
logging out, 89
online help, 107
performing factory reset, 265, 446
relationship to other resources, 40
resetting to original factory settings, 265, 446
restart behavior, 264
restore script, 420
restoring, 253
restoring from backup file, 256
searching, 94
status screens, 84
troubleshoot, 340
unexpected shutdown, automated recovery features,
264
unexpected shutdown, data protection, 264
unexpected shutdown, manual recovery, 264
updating, 259
appliance bay, 198
appliance network
troubleshoot, 359
audit log, 68, 271
downloading, 271
policy for, 70
audit tracking, 78
authentication, 66
authentication settings
about, 241
authorization, 67
availability
virtual appliance, 33
B
back up policy, 249
backup and restore
features, 31
backup file, 247
considerations for high availability, 248, 259
creating, 249
downloading, 249
restoring appliance from, 253, 256
troubleshooting, 345, 352
backup script, 249, 409
best practice
firmware, 216
best practices
browser, 80
firmware, 216
health monitoring, 282–283
restoring an appliance from a backup file, 255
bootable images, 36
BPDU (Bridge Protocol Data Units), 186
browser, 80
best practices, 80
supported features and settings, 80
browsers
supported, 81
buttons, 82
C
certificate, 70
displaying settings, 72
TLS, 270
changes
tracking, 78
Collapse list item icon, 86
configurations
enclosure, 181
logical interconnect group, 181
configured enclosure, 200–201
configuring email notification of alerts, 290
connection
relationship to other resources, 41
consistency checking, 190
console access, 74
contacting Hewlett Packard Enterprise, 405
457
copyright, 1
crashes
appliance, automated recovery features, 264
appliance, data protection, 264
appliance, manual recovery, 264
credentials, 68
customer self repair, 407
D
Dashboard, 281
add a panel, 294
customizing, 294
delete a panel, 294
interpret charts, 292
learning, 291
move a panel, 294
queries, 294
screen details, 291
Dashboard charts, 292
data center
about, 223
configuring rack placement, 223
monitoring, 281–282
monitoring temperature, 297
relationship to other resources, 42
visualizing temperature, 297
data center switch
matching VLAN IDs to uplink set VLAN IDs, 170
port configuration for uplink sets, 170
spanning tree edge, 170
trunk ports, 170
DELETE, 99
Delete icon, 86
deployment server delete
about, 226
details pane, 77
Device Control Channel (DCC) protocol, 186
directory server
troubleshooting, 397–398
directory service
configuring, 235
troubleshooting, 395–396
discover
frame, 200
documentation
download and serve HTML UI help files, 108
download and serve REST API documentation, 108
enabling off-appliance browsing, 108
online help, 107
providing feedback on, 407
domain, 159
relationship to other resources, 43
downlink, 174
downlinks, 171
drive enclosure
about, 228
Drive Enclosures
relationship to other resources, 44
458 Index
E
Edit icon, 86, 179
EFuse, 201
email
notification of alerts, 290
email notifications
managing, 290
enclosure
about, 196
about HPE Synergy 12000 Frame, 196
about HPE Synergy Composer, 200
about management appliance, 198
adding, 202
manage, 202
managing, 195
not manageable, 367
relationship to other resources, 44
troubleshooting, 367
unsupported firmware, 215
enclosure configurations
valid, 181
enclosure group
about, 204–205
creating, 207
OS deployment, 205
relationship to other resources, 45
enclosure type
relationship to other resources, 45
End-User License agreement
viewing, 84
environmental management, 30
Ethernet
uplink set, 175
Ethernet network
about, 168
Smart Link, 169
VLAN range, 168
EULA
how to view, 77
Expand list item icon, 86
Expand menu icon, 86
F
fabric
about, 159
managing, 159
factory reset
performing, 265, 446
troubleshooting login failure after, 355
FCF, 172
FCoE
FIP snooping, 172
uplink set, 175
features, 28
Fibre Channel
fabric attach, 168
uplink set, 175
Virtual Connect modules, 168
Fibre Channel network
about, 168
Fibre Channel over Ethernet (FCoE)
downlink from enclosure interconnect to server, 169
Fibre Channel over Ethernet network
about, 169
filter
syntax examples, 96
filters sidebar, 82
FIP snooping, 172
firmware, 213
activating, logical interconnect, 190
appliance shutdown during update, 264
best practice, 216
best practices, 216
bundle, 213
compliance checking, 27
management, 27, 213
repository, 27
SPP, custom, 216
troubleshoot, 370
unsupported, 215
updating logical interconnect, 185
firmware activation, 210
firmware bundle
installing, 218
firmware repository, 213
firmware update
troubleshoot, 371, 376
frame
about HPE Synergy 12000 Frame, 196
about HPE Synergy Frame Link Module, 196
frame link module, 196, 201
active, 196
frame link topology, 201
full access role, 236
G
GET, 99
group
compliance checking, 28
groups
managing, 235
H
hardening, 63
hardware
inventory management features, 31
health icon, 86
health monitoring, 31, 282
see also activity
and SCMB, 29
best practices, 282–283
REST APIs, 283
State-Change Message Bus, 283
health status, 96
help
enable off-appliance browsing, 108
REST API help, 107
searching, 92
UI help, 107
Help control icon, 87
Help sidebar, 83
expanding and collapsing, 87
help topics
searching, 92
high availability, 260
activate standby appliance, 261
removing the standby appliance, 261
HP SUM
troubleshoot, 371
HPE Insight Control
integration with HPE OneView, 34
HPE Insight Control server provisioning
integration with HPE OneView, 35
HPE OneView
availability features, 33
backup and restore features, 31
change management features, 28
configuration, automated, 29
device detection, 25
enclosures, automatic configuration, 25
environmental management features, 30
firmware baseline compliance checking, 27
firmware management features, 27
group compliance checking, 28
groups, overview, 23
hardware inventory, 31
hardware provisioning, 23
health monitoring features, 31
integration with HPE Insight Control, 34
integration with HPE Insight Control server provisioning,
35
integration with Microsoft System Center, 35
integration with other software, 25, 36
integration with VMware vCenter, 35
monitoring from other platforms, 29
networking features, 26
online help, 107
operating system deployment, 25
overview, 22
port-level statistics, 30
power and cooling management features, 30
provisioning features, 23
resource utilization monitoring, 30
REST APIs, 34
SCMB, 36
server profile template, overview, 24
server profile, overview, 24
SNMP trap configuration, 29
storage provisioning, 25
templates, overview, 23
user interface, 33
HPE Synergy 12000 Frame
HPE Synergy Frame Link Module , 196
HPE Synergy Composer, 196, 200
HPE Synergy frame
missing, 367
HPE Synergy Frame Link Module, 196
459
HPE Synergy Image Streamer
OS deployment network, 205
OS deployment settings, 206
HPE Synergy Interconnect Link Module, 209
HPE Synergy management appliance, 198
I
icon description, 86
icons
informational, 87
severity, 86
status, 86
user control, 86
ID pool, 268
ID pools
managing, 267
iLO management processor
accessing using HPE OneView, 136
configuration by HPE OneView, 139
HPE OneView user roles, 34
integration with HPE OneView, 34, 136
licensing, 300
Image Streamer
management network, 169
Image Streamer management network
about, 169
image streamer primary cluster
about, 225
integration
open, 36
other software, 34
interconnect
about, 171
licensing, 162
managed, 171
managing, 171
module in Unmanaged state, troubleshooting, 380–381
monitored, 171
relationship to other resources, 46
troubleshoot, 371
unsupported firmware, 215
unsupported hardware, 172
interconnect bay sets
about, 180
interconnect link topology, 201
about growing, 209
interconnect modification failure
troubleshooting, 371
internal networks
logical interconnect, 176
L
labels
add, 89
manage, 89
remove, 89
search, 89
viewing, 91
Labels view, 87
460 Index
LACP, 170
LAG, 170
license
about, 161
delivery, 163
reporting, 163
troubleshoot, 372
Link Aggregation Control Protocol see LACP
Link Aggregation Group see LAG
Link Layer Discovery Protocol
about, 185
LINK Port, 197
LINK ports, 201
LLDP tagging
about, 185
log files, 334
log in
using REST APIs, 100
log out, 89
using REST APIs, 100
logical enclosure
about, 208
about growing, 209
adding, 210
creating, 210
creating a support dump file, 211
deleting, 208
inconsistent, 208
relationship to other resources, 47
unsupported firmware, 215
logical interconnect
about, 174
activating firmware, 190
adding, 178
consistency checking, 190
internal networks, about, 176
managing, 173
naming convention, 178
relationship to other resources, 48
stacking health, defined, 177
stacking link, enclosure, 177
troubleshoot, 376
update, 190
updating firmware, 185
logical interconnect group
about, 178, 180–181, 204
about copying, 183
about growing, 183
about resizing, 183
about shrinking, 183
configurations, 181
create, 180
creating, 191
relationship to other resources, 50
Logical Interconnect Groups
user interface, 179
logical interconnect groups
multiple, 179
login
troubleshooting, 355
loop protection, 186
M
MAC address binding
FCoE, 128
main menu, 77, 79
Maintenance console
details, 448
factory reset, 454
Maintenance console password
resetting, 450
manage
enclosure, 202
managed enclosure, 201
management network
Image Streamer, 169
Map icon, 87
Map view, 77, 87
master pane, 77
Metric Streaming Message Bus
.NET C# example, 318
connect to the MSMB, 314
Java example, 320
JSON structure of message, 315
MSMB, 313
Python example, 321
Python example amqplib, 323
Python example pika, 322
re-create the AMQP client certificate, 324
set up a queue, 315
metric units of measure, 81
MGMT Port, 197
Microsoft System Center
integration with HPE OneView, 35
migrate
server profile, 145
monitor port, 196
monitored enclosure, 200
monitored server hardware, 138
monitoring
features, 29
resource, 30
multiple selection, 91
N
network
about Ethernet, 168
about Fibre Channel, 168
about Fibre Channel over Ethernet, 169
managing, 165
relationship to other resources, 51
tagged, 168
troubleshoot, 378
tunnel, 169
untagged, 169
network configuration, 159
network disruption, 186
network resources
managing, 165
network set
about, 166
relationship to other resources, 51
networking
overview, 26
networks
creating, 166
provisioning, 166
networks, about, 166
notification
alerts
configuring, 290
notifications area
viewing, 88
NTP server
troubleshooting, 361
O
OneView Forum
how to access, 77
open integration, 36
open source code
how to view written offer, 77
orchestrated activation
about firmware activation, 210
OS deployment
enclosure group, 205
OS deployment network
external, 205
internal, 205
OS deployment servers
relationship to other resources, 52
os deployment servers
about, 225
OS deployment settings
changing, 206
P
parallel activation
about firmware activation, 210
password
resetting administrator, 244, 451
resetting Maintenance console, 450
Per VLAN Spanning Tree Bridge Protocol Data Units
(PVST BPDU), 186
Pin icon, 86
ports
required, 74
POST, 99
power
managing, 221
power delivery device
about, 221
relationship to other resources, 52
PowerShell library, 105
ProLiant server
Altair build, 439
provisioning
461
features, 23
storage, 25
public key
troubleshooting, 395
PUT, 99
PVST BPDU (Per VLAN Spanning Tree Protocol Data
Units), 186
Python library, 105
Q
Quality of Service (QoS), 187
queries
Dashboard, 294
R
rack
about, 223
adding a rack mount server, 125
managing, 223
relationship to other resources, 53
redundancy mode
about, 180–181
remote support, 406
Remove icon, 179
requirements
data center switch port, 170
resetting administrator password, 244, 451
resetting Maintenance console password, 450
resource
manage using REST API, 99
querying with REST API, 103
relationships, 87
templates, 23
view by health status, 96
view using labels, 91
resource categories, 267
resource model, 39
resources
organize, 89
search using labels, 89
REST API
online help, 107
PowerShell library, 105
Python library, 105
using, 99
version, 100
REST API documentation
enabling off-appliance browsing , 108
online help, 107
restart
troubleshooting, 353–354
restore script, 420
restoring from backup file, 253
high availability considerations, 254
role, 67
S
SAN manager, 227
about, 231
462 Index
relationship to other resources, 54
SAN managers
troubleshooting, 392
SAN volume
attaching to server profile, 152
SANs
about, 233
relationship to other resources, 54
scope, 267
screen component
icons, 94
screen description, 77
logical interconnect group, 179
script
backup appliance, 409
restore appliance, 420
search, 92, 94, 96
Search icon, 86
security
and DoS attacks, 32
appliance, 32
audit log policy, 70
audit logging, 33
best practices, 65
certificate, 33, 70
data download restrictions, 64
directory service support, 33
management LAN, 32
overview of features, 32
passwords, 68
separation of data and management, 32
SSO (single sign-on), 32
UI features, 33, 64
selection
multiple resources, 91
server hardware
about, 137
about monitored, 138
launching remote console, 139
managing, 135
prerequisites for bringing under management, 137
relationship to other resources, 55
troubleshoot, 379
server hardware type
about, 138
relationship to other resources, 56
server profile
about, 142
affinity, 146
assigning to an empty bay, 146
attaching SAN volume, 152
best practice configurations, 143
editing, 144
launching remote console, 139
local storage, 149
managing, 135, 141
migrating, 145
moving, 145
OS deployment, 147
overview, 24
relationship to other resources, 56
remove and replace, 146
storage target, 152
troubleshoot, 382
unsupported firmware, 215
updating, 153
updating firmware, 219
server profile template
about, 156
creating, 156
editing, 156
managing, 155
overview, 24
relationship to other resources, 57
updating firmware, 219
Service Pack for ProLiant see SPP
services access, 75
Session control icon, 87
session security, 66
settings
managin, 264
remote support, 294
shutdown
troubleshooting, 353
Smart Link
about, 169
Smart Search box
clearing, 96
refresh, 96
Smart Search filtering syntax, 96
Smart Search toolbar, 94
Smart Update Manager see SUM
Smart Update Tools, 28, 216 see SUT
Altair build, 439
Snapshot
about, 230
SNMP settings, 187
Sort icon, 86
specialized access role, 236
SPP, 27, 213, 216
installing, 218
SSL certificate settings, 72
SSL protocol, 70
stacking health, 177
stacking link
enclosure, 177
logical interconnect, 177
stacking links, 171, 174
standby appliance
determining of a Synergy frame, 260
removing, 261
State-Change Message Bus
.NET C# example, 306
connect to the SCMB, 303
Java example, 309
JSON structure of message, 305
Python code example, 310
Python example amqplib, 312
Python example pika, 311
re-create the AMQP client certificate, 313
SCMB, 303
set up a queue, 304
status icon, 86
status screens
appliance, 84
storage
managing, 227
provisioning, 25
troubleshoot, 388
storage arrays
about, 229
storage pool, 227
about, 230
relationship to other resources, 58
storage system, 227
about, 229
relationship to other resources, 58
storage target
editing, server profile, 152
SUM, 213
support
Hewlett Packard Enterprise, 405
support dump file, 211
creating, 334–335
SUT, 439
troubleshooting inconsistent firmware, 387
troubleshooting profiles, 385
switch, data center see data center switch
Synergy frame
appliance bay, 198
configure, 201
discover, 200
Synergy Image Streamer
overview, 36
synergy image streamer
about, 225
T
tagged network
about, 168
tagging, network see VLAN ID
task, 31, 286–287
see also activity
appliance, 288
background, 288
completed, 289
interrupted, 289
number initiated during current session, 78
pending, 289
running, 289
user, 288
temperature
managing, 221
thermal hot spots, 297
TLS certificates
managing, 270
top-of-rack switch see data center switch
463
ToR switch see data center switch
troubleshoot
creating network, 378
enclosures, 367
firmware, 370
firmware update, 371, 376
HP SUM, 371
interconnect, 371
license, 372
locales, 376
logical interconnect, 376
login failure, 355
messages from REST API calls returned in wrong
language, 376
network, 378
powering off a server, 380
powering on a server, 380
reports, 378
scopes, 379
server profile, 382
storage, 388
user accounts, 393
troubleshooting
NTP synchronization, 361
tunnel network
about, 169
U
UI help
enable off-appliance browsing, 108
zip file, 108
unmanaged device
about, 138
relationship to other resources, 59
unsupported hardware
about, 137
untagged network
about, 169
updates
accessing, 405
uplink, 174
uplink set, 174
adding, 188
Ethernet networks, 175
FCoE networks, 175
Fibre Channel networks, 175
image streamer, 176
matching VLAN IDs to switch port VLAN IDs, 170
multiple uplinks from same interconnect to same switch,
170
native network in, 170
relationship to data center switches, 170
relationship to logical interconnect, 174
relationship to logical interconnect group, 175
relationship to other resources, 60
VLAN tags, 170
uplinks, 171
URI format, 99
US units of measure, 81
464 Index
user
adding a local user with full access, 235
adding a local user with role-based access, 235
adding a user with full access, authenticated by
directory membership, 235
adding a user with role-based access, authenticated
by directory membership, 235
user account
troubleshoot, 393
user accounts, 67, 235
user interface
logical interconnect group, 179
navigating, 79
navigating screens, 77
screen topography, 77
user password
managing, 243
user role, 236
action privileges, 237
users
managing, 235
utilization
graphs, 281, 299
iLO Advanced license requirement, 300
meters, 299
overview, 299
panel, 299
setting US or metric units of measure, 81
V
View details icon, 86
view selector, 77
Virtual Connect
Fibre Channel modules, 168
VLAN ID
matching uplink set to data center switch ports, 170
pool, 166
reserved, 166
VLAN pools
about, 159
VLANs
reserved, 159
VMware vCenter
integration with HPE OneView, 35
volume, 227
about, 230
relationship to other resources, 60
volume template, 227
about, 231
relationship to other resources, 61
W
web browser
supported features and settings, 80
website
PowerShell code sample library, 105
Python code sample library, 105
websites, 406
customer self repair, 407
written offer
viewing, 84
Z
zone sets
about, 232
465