Friday, November 03, 2006

iLO Management - Tips & Tricks

What is iLO?
iLO stands for Integrated Lights Out Remote Management. A lot of ProLiant customers don't even know they have this on their server. iLO is an onboard management ASIC providing complete out of band remote managment of the server. Almost all HP ProLiant servers from Generation 2 systems onwards have included the iLO management port as standard.

What does it do?
How would you like complete secure remote management and control of your server? iLO provides this; there is nothing and I mean nothing that cannot be done remotely bar physically touching the server of course. For example - you can power the server down and watch it reboot, jump in and configure the BIOS should you need to; watch the OS load up (note iLO doesn't require an OS to be already installed) and then mount your local desktop USB or DVD to the remote server (it appears as a USB connected device on the remote server). You can even have the server boot from an ISO image on the network should you so wish. This is but a sample of the power and control iLO gives you over your server. Best of all it is all out of band management so it is very secure and you are not using valuable data NIC bandwidth.

Integrated Lights-Out (iLO) virtualizes ProLiant system resources over a network so you are always in control as if you are at-the-server. iLO Standard provides basic remote management features standard with ProLiant servers. The optional iLO Advanced provides key-activated features that enable remote access to system console with full keyboard and mouse control during any server state. iLO Advanced also allows administrators to maintain system firmware or run diagnostics on remote servers from an image on a workstation floppy or CD drive or network web server. These "do-it-yourself" capabilities enable industry leading remote management of ProLiant servers anywhere, anytime from a secure, standard Web browser, command line or script. You get a free 60 day trial license of the advanced pack with every iLO on every server. Customers can register for evaluation licenses for all ProLiant Essentials products online at www.hp.com/go/tryessentials.

Benefits of using iLO.

  • Reduces travel and operational costs:
    iLO users avoid travel costs for administrative, maintenance and remedial activities on systems in remote locations or datacenters. The virtualized system resources allow administrators to perform many system tasks of from any network access point without leaving the office or relying on local assistance.
  • Automates system support functions:
    iLO scripting automates key tasks such as unattended ROM updates for multiple systems simultaneously. iLO integrates with other tools such as HP Systems Insight Manager for seamless execution of administrative tasks.
  • Increases availability:
    iLO Advanced Pack shortens the time to complete administrative, maintenance and remedial tasks by enabling instant remote control of key system resources over a network.
  • Ensures reliable, efficient access and data security:
    iLO provides full remote control over the Internet or LAN without increasing the vulnerability of valuable IT assets to unauthorized access and malicious activity. Industry standard data encryption and directory services based user access provide a reliable, secure remote management infrastructure.

How do I enable iLO?
There are 2 simple ways to get up and running.

1. If the server is powered off
Power the server on and watch it boot - you will see a prompt to hit F8 which will allow you to configure iLO. Every server cotaining iLO ships with a sticker or tag containing iLO default specific information i.e. username and password, DNS name etc. Once you have logged on you can configure iLO with a fixed IP address and configure security parameters for access control.
2. If the server is already power on and running
iLO needs to be plugged onto your ETHernet network and uses TCP/IP (it will request an IP addrss from your DHCP server by default). Every server containing iLO will include a sticker or a tag containing the default DNS name for that specific iLO. You can then check your DHCP server and see what IP address was allocated to the iLO. Open a browser and http to that address. Use the username and password from the tag to gain access.

TIP -Once you have enabled iLO you should remove the tag and change the logon credentials for security purposes. iLO can also integrate with your directory for security logon credentials. If you have lost the tag or sticker with the default logon credentials please contact HP suppport and they will giude you through the process to reset iLO security.

How do I optimise iLO performance?
There are now 2 versions of iLO. iLO 2 arrived this year with the launch of our new cClass Blade servers, G5 Intel Xeon and G2 AMD Opteron based servers. The remote console performance of iLO 2 is amazing and is the equivalent of KVM over IP console switch performance. For iLO 1 users the biggest single request to HP has been to improve the graphical remote console performance which we have done but unfortunately not alot of people know about nor have applied these updates. Bear in mind that iLO technology launched almost 10 years ago with the RiLOE PCI board. The primary purpose being to give administrators complete OS independent, out of band management and remote control of their servers. It was not built for 24x7 management.

Improve Remote Console Performance
There are a number of ways for improving remote console performance some of which are dependent on the OS running on the host server. For Windows 2000 or 2003 servers the simplest and most effective way is by enabling Terminal Services functionality through iLO. This allows iLO to accept Microsoft Remote Desktop Connections on the iLO management port instead of doing this through your data NIC.


Other tips to improve the graphical remote console on Windows servers include...

Server display properties

  • Plain Background (no wallpaper pattern)
  • Smaller display resolutions (800x600 or 1024x768 pixels)
  • 256 color mode or 24 bits per pixel color setting (iLO only)

Server mouse properties (iLO only)

  • Select None for mouse pointer Scheme.
  • Uncheck Enable pointer shadow.
  • Select Motion or Pointer Options and set the pointer Speed slider to the middle position.
  • Disable pointer Acceleration to None (on Windows NT or Windows 2000).
  • Uncheck Advanced Pointer Precision (on Windows Server 2003).

I strongly urge you to download and read the iLO Best Practices Guide v4 published Oct'06 from hp.com. It is full of advice on how to maximise your iLO performance and productivity with step by step guides and details.

Recent features added to iLO which is available by simply upgrading your iLO firmware

  • Schema-free Active Directory Integration
  • Two-factor authentication
  • USB flash drive virtual media
  • Power Regulator for ProLiant reporting
  • Intelligent iLO Advanced activation keys
  • Terminal Services Pass Through
  • enhanced remote console mouse

iLO Version 1.88 available for download -
http://h18004.www1.hp.com/support/files/lights-out/us/locate/69_5867.html - Index
http://h18004.www1.hp.com/support/files/lights-out/us/download/25497.html

14 comments:

Anonymous said...

Really very good document from u...I need some clarification...we Have a one HP Proliant-ML350-G4p.In that machine how to configure iLO? Because whenever the system boot ,Pressed F8 we are not getting iLO configuration menu.so please find and let me know how to approach on our machine..

James Henry said...

Thanks for your comment - sorry for the delay, I am just back from vacation. In answer ti your question I need to know if you are configuring iLO through a browser or directly at the server. If you are doing this from a browser remotely then you need to ensure you click inside the browser window to activate the window before pressing F8. See page 15 of the config document - http://bizsupport.austin.hp.com/bc/docs/support/SupportManual/c00209014/c00209014.pdf

Let me know if this doesn't work and include your iLO firmware version.

Regards
James

Unknown said...

Hello
Is it possible that a local mouse won't work anymore when ILO is enabled?
I have found a hint like this in an HP support forum thread. If this is true, I'm experiencing the same problem.
Plugged a mouse into several ProLiant servers and it won't move. Tried the same with the mouse cable of a HP Rackmount (touchpad mouse) and it won't work either...
Any ideas?

James Henry said...

Hi Claudio, iLO does not disable local KVM on the server; this hasn't been the case ever with iLO. The 1st generation RiLOE cards did do this however and you were required to plug the KVM into the actual RiLOE card itself. I suggest you log a call with hp support on this.

Anonymous said...

Hi,
I need some help. I've faced a problem that iLO COnfiguration disappeared after press F8 on the BIOS while the system's booting up. It's come up with Array Configuration. Is there any one helping me? I'm quite new HP user.

Thank in advance.

Astin
astin1471@gmail.com

James Henry said...

Hi Astin,
the first place you should always start are the HP Technical Forums, they provide a great information resource and almost always you will get an answer here. I did a search for your issue and found a relevant solution you should try. Check out
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=952295

Matt Jurcich said...

Great post! I love the ILO too.

Wondering what the best way to secure an ILO for access over the internet.. a low-end VPN router or are there other better solutions?

Thanks.

-m
http://www.invisik.com

Unknown said...

I have an HP server running Windows 2003 Server. If the server is ever powered down, or if there is a power outage, the restart is interrupted by the requirement to enter an ILO password. I want to disable this, but when I log into the ILO system settings, it tells me that the ILO password has been entered and is locked, but it does not describe how to change it, remove the password, or otherwise configure the server to not require that password on a reboot.

Any help will be appreciated.
dennis@asnap.com
972.930.0525

thank you.

Mansoor Aziz Ahmed said...

Hi.

I have recently deployed MS Dynamics at my business site and i want to set up the server so i can access it remotely.

I have a Proliant ML350 G4. I have a static IP on my internet connection. Right now the internet is connected to a the network hub in my office and the server and all other terminals are connected to the hub.

What i understand from reading about iLO is that i should connect the internet to the iLO port while the other port connects to the Hub and that will give me remote access via the Static IP i have. is that correct? If not can you please guide me?

Thanks

Unknown said...

Hi,
I was wondering is there a way to setup multiple ilos at once?? i would like to change passwords, and in some instances set static ip's. can you offer a suggestion?

James Henry said...

Hi Andy, iLO has a neat scripting utility. I believe it's called LOCFG which allows you script/config multiple iLO's. It's been a while since I used it myself but you'll find more info on this at www.hp.com/go/ilo

Anonymous said...

Hi,

Is there any way to configure iLO without rebooting the system or asking the user to restart the whole system?
Thanks.

Anonymous said...

I am a rookie as far as the server is concerned. We have a ML350 G5 server. I have searched on the internet about the front panel LEDS and none of the documentation I have found is anyway close to our front panel. Wish I could attach a jpeg so you can see what our server looks like.

James Henry said...

The quickkspec is the best place to check this http://h18000.www1.hp.com/products/quickspecs/12475_na/12475_na.HTML