2014 LENOVO. All rights reserved.
ThinkServer System Manager
 Introduction
– What‘s new in this offering
 Architecture and
Management Interfaces
 System Status Monitoring
and Error Reporting
– Value proposition
 Network Connections
 Sensor Coverage
– Positioning and product
support
 Management Interfaces
– Web Server
 Configuring Platform Event
Filters
– Virtual Console
 Configuring TSM
– Features summary
– Virtual Media
 Network Configuration
– TMM vs TSM
– IPMI
 Security Features
– Support for 3rd party
management consoles
– DCMI
 User Authentication
– PowerShell CLI
– SMASH
 Inventory and FRU
Reporting
– Serial Console Redirection
 Updating
– SNMP
 Power Management
 Capabilities
 What to Sell
 Additional resources
2
2014 LENOVO. All rights reserved.
2014 LENOVO. All rights reserved.
Introducing ThinkServer System Manager
 New …
– Completely redesigned systems management
subsystem for fifth-generation ThinkServer
systems
– Browser-based GUI
– Comprehensive system level monitoring and
alerting
– Power monitoring and management controls
supporting Lenovo Energy Manager
– HTML5 – suitable for mobile devices and tablets
– Advanced authentication and security features
– Easy to navigate user interface to quickly view
system conditions
– Dedicated or shared network port
– PowerShell CLI provides increased flexibility
and scripting capabilities
 … and Improved
– Sensor coverage
– FRU inventory coverage and reporting
4
 Includes
2014 LENOVO. All rights reserved.
 ThinkServer System Manager Premium adds
remote access with Virtual Console and Virtual
Media, and activates ThinkServer Energy
Manager license
Proven Value of Server Management with TSM
 Fully featured management solution built
on open industry standards
 Reduce TCO by increasing server
administrators‘ productivity –
– Remotely perform most functions that
otherwise require a visit to the server
 Increase overall server availability
 Operates independently of server
– Operational regardless of system‘s state
(e.g. server is powered off, or an operating
system is not installed or is not functioning)
5
2014 LENOVO. All rights reserved.
TSM Positioning and Product Support
 As part of any server systems management
infrastructure, and for:
– Remote branches
– Limited access datacenters
– Customers where single remote control capability
is required
Small
Business
Remote
Offices
Medium
Business
Enterprise /
Datacenter
 Addresses key system management
concerns:
– Low cost support to heterogeneous environments
– Full remote management capability
– Supports remote deployment, dynamic allocation
 Available in all Lenovo 5th generation
ThinkServer racks and towers
6
2014 LENOVO. All rights reserved.
2014 LENOVO. All rights reserved.
TSM Features Summary

Access
–

Monitoring and Alerting
–
Access to critical server settings
– IPMI 2.0
–
Continuous health monitoring and control
– DCMI 1.0
–
System Watchdog Timers – POST, OS
heartbeat
–
Automatic out-of-band notification and alerts
Industry-standard interfaces and protocols
– SMASH-CLP
– WS-MAN
– Configurable PEF / PET Traps (IPMI Style)
– SNMP v3 (Gets only)
–
Secure HTML5 Web Browser GUI
–
Serial Port Redirection
–
– Server console redirection via Telnet, SSH

Networking Protocol Support
–
–
–
8
ARP, DHCP, DNS, HTTP, HTTPS, ICMP,
LDAP, LDAPS, SMTP, SNMP (Traps),
SNMP v3 (Gets only), SNTP, SSL, SSH,
VLAN, NTP, SLP, Telnet,
IP address, Host name, Subnet mask,
Gateway
Network Port Reassignments
2014 LENOVO. All rights reserved.
–
Enterprise class security access protocols
such as SSL, SSH, RMCP+
–
User authentication and role based privileges
supported through local accounts or secure
connection to LDAP or Active Directory
–
Firmware Firewall
Remote platform firmware updating with BIOS
and TSM recovery to last known good image
– SMTP (eMail)

Boot sequence manipulation (via IPMI)
– CIM indications

Configurable via Web, PowerShell CLI, IPMI, WSMan, SMASH-CLI
Event logs
– IPMI System Event Log (SEL) – Time
stamped events; Human Readable via the
Web Interface and BIOS
PowerShell CLI
Security

– SNMP Traps
– IPMI Serial over LAN
–


Save and Restore configuration to a file

Remote Presence (with TSM Premium)
– Extended SEL log for additional related
information from SEL
–
Remote Keyboard, Video, Mouse (KVM)
–
Remote Media: CD-ROMs (USB, SATA);
DVD-ROMs (USB, SATA); USB mass
storage devices; ISO images; IMG images
(create from local folders)
– Audit log for administrative events

FRU monitoring available thru Web I/F, IPMI,
PowerShell CLI, WS-MAN, SMASH-CLI

Remote power control (on / off / power cycle /
shutdown / reset)

ThinkServer Energy Manager enablement (with
TSM Premium)
–
Captures power data, provides closed-loop
controls to limit maximum power consumed
TMM vs. TSM
9
Capability
ThinkServer Management Module
ThinkServer System Manager
Supported Systems
3rd
and
generation ThinkServer Except TS130,
TS140, RS140
5th generation ThinkServer
Supported Standards
IPMI version 2.0
DCMI 1.0 (2P racks only)
SMASH-CLI (limited support)
WS-MAN (limited support)
IPMI version 2.0
DCMI 1.0 (supported on all systems)
SMASH-CLI (comprehensive support)
WS-MAN (comprehensive support)
SNMP v3 (Gets)
Secure Web Interface
Yes
Yes (mobile device optimized)
Embedded Command Line Interface
SMASH-CLI (limited support)
SMASH-CLI (comprehensive support)
PowerShell
Sensor Coverage
Limited
Comprehensive
Alert Mechanisms
SNMP Traps
SMTP (eMail)
CIM indications
SNMP Traps
SMTP (eMail)
CIM indications
Event Logs
System Event Log (SEL)
System Event Log (SEL)
Extended SEL log for additional related information from SEL
Audit log for administrative events
Power Control
Yes
Yes
Predictive Failure Analysis (PFA) support
No
Yes
Remote Presence (KVM)
w/ TMM Premium
w/ TSM Premium
Remote Media
w/ TMM Premium
w/ TSM Premium
Directory Integration (LDAP)
Yes
Yes
Active Directory Integration
No
Yes
Local User Accounts
16
9
Prevention Against Hammer Attacks
Yes
No
2014 LENOVO. All rights reserved.
4th
2014 LENOVO. All rights reserved.
What to Sell
 Lenovo ThinkServer System Manager
– Standard on all 5th generation servers
– Complete remote access to manage, monitor,
troubleshoot and repair from anywhere for
maximum uptime
– Provides secure alerts and status
 Lenovo ThinkServer System Manager
Premium
–
–
–
–
Optional upgrade enabled by hardware key
Installs on motherboard
Enables remote control and virtual media
Activates ThinkServer Energy Manager
functionality
– Option P/N 4XF0G45867
11
2014 LENOVO. All rights reserved.
 Products tested and certified to work in
conjunction with the TSM
– Microsoft PowerShell
– Lenovo Management plug-in for VMware
vCenter
– Lenovo Management Pack for Microsoft System
Center Operations Manager (SCOM)
– ThinkServer Energy Manager
– Activated on 5th generation servers with TSM
Premium
– Available for upgrade to 5th and selected 4th
generation ThinkServer systems, and third party
servers with Node License Packs
2014 LENOVO. All rights reserved.
Resources to Help You
 Technical Systems Overview
 ―Lenovo ThinkServer System Manager
Overview‖ (whitepaper)
 ―Using the PowerShell CLI‖ (whitepaper)
 Solution Center TSM Demo
 Lenovo Web Content
 TSM Datasheet
 End-user documentation
– ThinkServer System Manager User Guide
– ThinkServer System Manager Command Line Interface User Guide
– ThinkServer Deployment Manager User Guide
13
2014 LENOVO. All rights reserved.
2014 LENOVO. All rights reserved.
Hardware Architecture
 Management performed by autonomous
embedded microprocessor referred to as
Baseboard Management Controller (BMC)
 The BMC manages the interface between
system management software and platform
hardware
 A variety of controllers, sensors, connectors,
and storage components are interconnected
to monitor and control the server hardware
 The BMC monitors the sensors and can send
alerts via the network if any parameters do
not stay within preset limits, indicating a
potential failure of the system
15
2014 LENOVO. All rights reserved.
Notes:
1. Only Mezzanine-0 Port 0 can be used for Shared Mode
2. 10 Mb/s maximum TSM bandwidth on 1 GbE Mezzanine cards
3. 100 Mb/s maximum TSM bandwidth on 10 GbE Mezzanine cards
4. Intel Mezzanine cards can lose connectivity for up to 5 seconds on
power state changes (S5, S0)
Management Interfaces / Protocol Support
16
Interface
In-Band
Out-of-Band
HTTP/HTTPS
Browser I/F
N/A
• external LAN connection
IPMI 2.0
KCS I/F on TSM
for OS IPMI driver
• RMCP+ or RMCP over external LAN
connection
DCMI 1.0
KCS I/F on TSM
for OS IPMI driver
• RMCP+ or RMCP over external LAN
connection
PowerShell CLI
N/A
• WS-Man over external LAN connection
WS-MAN
N/A
• SOAP/HTTP over external LAN
connection
SMASH-CLI
N/A
• SSH/Telnet over external LAN
connection
Serial Console
Redirection
N/A
• IPMI Serial over LAN (SOL)
• SSH/Telnet over LAN
• external serial COM port (BIOS based)
SNMP Traps (IPMI)
N/A
• external LAN connection
SNMPv3 (GETs)
N/A
• external LAN connection
2014 LENOVO. All rights reserved.
Administrators and management software communicate
with the TSM over several physical interfaces using several
management protocols.
Management Interfaces / Protocol Support (Detail)
Out-of-Band
Interface
In-Band
LAN
17
Serial Port
HTTP/HTTPS Browser I/F
• N/A
• external LAN connection
• N/A
IPMI 2.0
• KCS I/F on TSM
for OS IPMI driver
• RMCP+ or RMCP over external LAN connection
• ―IPMI over Serial‖ over external Serial Port
DCMI 1.0
• KCS I/F on TSM
for OS IPMI driver
• RMCP+ or RMCP over external LAN connection
• ―IPMI over Serial‖ over external Serial Port
PowerShell CLI
• N/A
• WS-Man over external LAN connection
• N/A
WS-MAN
• N/A
• SOAP/HTTP over external LAN connection
• N/A
SMASH-CLI
• N/A
• SSH/Telnet over external LAN connection
• SSH/Telnet over external Serial Port
Serial Console Redirection
• N/A
• IPMI Serial over LAN (SOL)
• SSH/Telnet over external LAN connection (Issue
CMD from SMASH-CLI to initiate console redirection)
• Terminal redirection over external serial COM
port (TSM not involved. This is directly to
BIOS).
SNMP Traps (IPMI)
• N/A
• external LAN connection
• N/A
SNMPv3 (GETs)
• N/A
• external LAN connection
• N/A
2014 LENOVO. All rights reserved.
2014 LENOVO. All rights reserved.
TSM Supports Shared or Dedicated Network Connectivity
 Shared – uses common network port on Mezzanine-0 with two different MAC addresses – one for
Mezzanine card and one for TSM
– Any Ethernet Mezzanine card is supported
– Mezzanine port-0 is used (not customizable)
– Simplifies switch configuration and minimizes network ports
– Virtual LANs supported to provide some separation between in-band network and TMM
– 10 Mb/s maximum TSM bandwidth on 1 GbE Mezzanine cards
– 100 Mb/s maximum TSM bandwidth on 10 GbE Mezzanine cards
– Intel Mezzanine cards can lose connectivity for up to 5 seconds on power state changes (S5, S0)
 Dedicated – uses separate network port
– Provides complete physical separation
between Mezz-0 and TSM
– 1 Gb/s maximum TSM bandwidth
Dedicated
19
2014 LENOVO. All rights reserved.
Shared / OS Available
Shared vs. Dedicated Management LAN
Management Network
Production Network
Production
Network
Shared Management Port:
• Shares management traffic with
production network
Production
Network
Management Network
Production Network
20
2014 LENOVO. All rights reserved.
Mgmt
Network
Dedicated Management Port:
• Isolates management traffic from
production network
2014 LENOVO. All rights reserved.
TSM Web Interface
 TSM provides an integrated web server
exposing many of the manageability
features of the ThinkServer
 Provides overall system status at a
glance
 Allows configuration of the management
subsystem in a mobile friendly GUI
 From the web interface, users can:
– Configure the TSM network interface and
protocol settings
– Administer user access and permissions
– Configure alerts
– View system health and status
– View the System Event Log
– Remotely control power to the server
– Initiate remote console and media sessions
22
2014 LENOVO. All rights reserved.
2014 LENOVO. All rights reserved.
Remote Virtual Console
 Remote Virtual Console is available with
the optional TSM Premium upgrade key
 Enables viewing the server console from
a remote computer, using the remote
computer‘s mouse and keyboard to
interact with and control the server
 Server keyboard, video, and mouse
(KVM) redirected over the LAN –
available remotely from the embedded
web server with Java JNLP
24
2014 LENOVO. All rights reserved.
The "Console Launcher" tab has a button to launch the Virtual
Console. In addition to the "Launch Console" button, the tab also
presents a screenshot of the server.
Virtual Console Features
 Maximum number of concurrent KVM viewer
sessions is 3
 Remote Video
– Resolutions up to 1920 x 1200 x 32bpp @ 60Hz
– Video bandwidth can be selected to reduce network loading
 Remote Keyboard / Mouse
–
–
–
–
Keyboard Macros
International Keyboard support
Absolute, Relative - Mouse Modes
Single Cursor Mode Selection
 Record video or screen captures from remote display
 Server Power Control
– Reset, Immediate Shutdown, Orderly Shutdown, Power On,
Power Cycle available via the Remote KVM applet window
 KVM transmissions can be encrypted
 Local Monitor can be turned on / off in the virtual
console
 Virtual Media can be managed from Virtual Console
Remote console showing ThinkServer Deployment Manager
25
2014 LENOVO. All rights reserved.
Video Recording Limits
Auto Video Recording (Post Event)
Pre-Event Video Recording (only for Crash /
Reset Event)
20 seconds video allowed if TSM Local
Storage(RAM)
Time Limits
Default-10sec, but can be configurable up to 60sec.
300 seconds recording allowed if Remote
Storage(NFS Path)
Video File Count
26
2 (After 2 files no more recording allowed)
2014 LENOVO. All rights reserved.
1 if local storage / 3 if remote storage. (Once Max
file count reached, will delete old video file to store
new.)
2014 LENOVO. All rights reserved.
Remote Media
 Remote Media is provided with Virtual
Console – available with the optional TSM
Premium upgrade key
 Enables logically mounting a local computer
disk drive on the server – available remotely
from the embedded web server with Java
JNLP
 A mounted disk can be used to restart the
server or to install software on the server
 Devices that can be virtualized include: CDROMs (USB, SATA), DVD-ROMs (USB,
SATA), USB mass storage devices, ISO
images, disk raw data files (e.g. ghost, dd),
IMG images (create from local folders)
28
2014 LENOVO. All rights reserved.
Configuring remote images for use with Remote Media
 Files used by Remote Media can be
redirected from a NFS or CIFS
network file share
 The 'Remote Images Settings' dialog
allows enabling or disabling remote
images redirection and configuring
the network location where the image
files are available
29
2014 LENOVO. All rights reserved.
2014 LENOVO. All rights reserved.
IPMI Interfaces
 What is IPMI
– A standardized message-based hardwarelevel interface specification for out-of-band
management
 Lenovo fully implements the IPMI 2.0
standard, and adds additional capability
with published OEM commands
IPMI over LAN
 IPMI commands are supported over the
following interfaces
– IPMI Over LAN
– Allows remote management of a server by
sending industry standard IPMI command line
commands to the TMM over the LAN
– IPMI In-band interface (KCS)
– Uses Operating System IPMI driver
31
2014 LENOVO. All rights reserved.
IPMI over in-band
KCS I/F
IPMI Lenovo OEM Commands
32
Lenovo OEM Commands
Set LED Status Command
Get Fan LED Status Command
Get Active Thermal Profile Command
Set Thermal Profile Command
Manage Thermal Configuration File
Command
NetFn
0x3A
0x3A
0x3A
0x3A
0x3A
Command
0x01
0x02
0x03
0x04
0x05
Get DIMM CLTT Configuration Command
Set DIMM CLTT Configuration Command
Get Thermal Profile Name Command
Get Thermal Profile List Command
Get Inventory Data Command
Get Recovery Image Boot Info Command
Set Recovery Image Boot Info Command
Get Internal Sensor Reading Command
Get Platform ID Command
Get CPU and DIMM temperature
Get Thermal Inventory Info Command
Get iKVM Key status
iKVM software Key Create
0x3A
0x3A
0x3A
0x3A
0x3A
0x3A
0x3A
0x3A
0x3A
0x3A
0x3A
0x3A
0x3A
0x06
0x07
0x08
0x09
0x0a
0x0b
0x0c
0x0e
0x0f
0x11
0x12
0x13
0x14
2014 LENOVO. All rights reserved.
Lenovo OEM Commands
NetFn
Command
Media Service Control
0x3A
0x15
Set Power logging Configuration
0x3a
0x17
Get Power log Info
0x3a
0x18
Get Power Log Data
0x3a
0x19
Set PSU Redundancy Mode
0x3a
0x1a
Get PSU Redundancy Mode
0x3a
0x1b
Set WEB Directory
0x3A
0x22
Set Fan Duty Cycle Command
0x3A
0x30
Get Fan Duty Cycle Command
0x3A
0x31
Set Fan Mode Command
0x3A
0x32
Get Fan Mode Command
0x3A
0x33
Initialize SD partitions
0x3A
0x34
Check SD partition status
0x3A
0x35
Remount Sd partitions
0x3A
0x36
Set GPIO Status
0x3A
0x37
Get GPIO Status
0x3A
0x38
Set Mezz Interface Control
0x3A
0x3a
Get Mezz Interface Control
0x3A
0x3b
2014 LENOVO. All rights reserved.
Data Center Manageability Interface (DCMI)
 DCMI is a industry specification that defines a simplified, reliable, interoperable
management interface
 Addresses the unique requirements of server platform management within Internet
Portal Data Centers (IPDC) and other High Density Data Centers where large
numbers (into the ten's of thousands) of servers are deployed
 Based on IPMI 2.0 standard commands and extensions deliver the majority of
capabilities required by high density data centers
– Platform identification
– Sensor status and logging
– Simplified power management
 DCMI is used by ThinkServer Energy Manager to interface with TSM and power
management functions (Intel Node Power Manager)
34
2014 LENOVO. All rights reserved.
2014 LENOVO. All rights reserved.
PowerShell CLI
 Windows PowerShell is a task-based commandline shell and scripting language that helps IT
administrators automate server management
– Leverage common tools for script development and
advanced automation tasks
Invoke-TMMCLI [-CommandName]
<COMMAND_NAME>
[COMMAND_PARAMETERS] [-CommandArgs]
@ {[COMMAND_ARGUMENTS]}
– Abstracts complexities of the underlying APIs used
to communicate with the TSM
 The ThinkServer System Manager Command Line
Interface (TSMCLI) is a PowerShell module
 The CLI communicates with the BMC using HTTP
or HTTPS
 Provides direct access to management functions
as an alternative to the web-based user interface
and also as a way to script tasks for execution in
multiple servers
 Many features and functions available thru IPMI
and the Web I/F are supported by the CLI
36
2014 LENOVO. All rights reserved.
<COMMAND_NAME> is the TSMCLI command which will be
executed. Examples: "get-help", "get-users", "setnicsettings".
[COMMAND_PARAMETERS] are items that specify
additional information such as the name of the ThinkServer
to address, authentication method and credentials, etc.
[COMMAND_ARGUMENTS] specifies additional arguments
specific to each TSMCLI command.
PowerShell CLI Supported Operations Summary
 Configure Date and Time / NTP Servers
 Configure Front Panel Operator Buttons
 User Management
 Monitor / Manage Sensors
 SSL Certificates Management
 Read FRU inventory
 Server Power Control
 Manage Virtual Media
 Configure / Recover TSM Configuration
 Manage Event Logs
 Firmware Management and Update for
supported devices
 Configure and Manage Event Notifications
 Configure / Manage Network Configuration
 Configure Network Services
37
2014 LENOVO. ALL RIGHTS RESERVED.
PowerShell CLI Supported Operations Detail



38
Date and Time:

Server Power Control:

Network Configuration:
–
Get current time
–
Power up
–
IPv4 settings (manual and DHCP)
–
Set current time
–
Power down immediately
–
IPv6 settings (manual and DHCP)
–
Configure NTP
–
Power down gracefully (ACPI)
–
DNS server
User Management:
–
Power cycle
–
Default gateway
–
Reset
–
VLAN
–
Configure IP Blacklist
–
Configure Port Blacklist
–
Add user
–
Modify user
–
Delete user
–
Back up configuration
–
Configure user privileges
–
Restore configuration
–
Configure AD authentication
–
Reset to default configuration
–
Configure HTTP port
–
Configure LDAP/LDAPS authentication
–
Configure HTTPS port
–
Configure PAM order
Firmware Management for devices that
support it, such as BMC, BIOS, TDM,
Windows Drivers, Linux Drivers...):
–
Configure SSH port
–
Configure WebUI session timeout
–
Configure KVM ports
–
Configure Telnet ports
SSL Certificates:
–
Get SSL certificate
–
Upload SSL certificate
2014 LENOVO. ALL RIGHTS RESERVED.


TSM Configuration:
–
Get firmware version
–
Update firmware

Network Services:
PowerShell CLI Supported Operations Detail (cont.)

Panels and Buttons:
–

Configure power button (enable/disable)
Sensors:
Sensors (cont):

Log Management:
–
Fan fault
–
Read SEL
–
Fan speed
–
Clear SEL
–
Power supply voltage
–
I/O subsystems
–
Read audit log
–
Power supply temperature
–
HBA
–
Configure audit log (Enable/Disable)
–
Power supply consumption
–
Chassis intrusion
–
Power supply data reporting
–
–
CPU
Removal/insertion of all externally
accessible and enabled storage
–
BMC software health status
–
BMC hardware health status
–
–
39

Memory
System temperature
–
Inlet temperature
–
Devices temperature (for the devices that have
this information exposed through the BMC)
–
Devices voltage (for the devices that have this
information exposed through the BMC)
–
Devices status (for the devices that have this
information exposed through the BMC)
–
Devices presence (for the devices that have this
information exposed through the BMC)
2014 LENOVO. ALL RIGHTS RESERVED.

Read FRU inventory

Serial Ports:
–

Configure Serial over LAN
Remote Media:
–
Get remote media information
–
Mount / unmount remote media (CD/DVD,
USB, HD)

Notifications:
–
List event filters
–
Get event filter
–
Create event filter
–
Delete event filter
–
Modify event filter
–
Configure e-mail settings
–
Configure SNMP settings
2014 LENOVO. All rights reserved.
SMASH Interfaces
 Systems Management Architecture for Server Hardware (SMASH) is a suite of
specifications to facilitate the management of a data center, independent of vendor,
topology, or operating system
– Defines a common architectural model (CIM), standard protocols, and profiles
 The SMASH initiative includes two methods of interaction:
– Server Management Command Line Protocol (CLP)
– A command line syntax allowing an operator or a script to execute common system tasks over a textbased transport protocol
– SMASH CLP interface is accessed with a CLI to the TSM using Telnet or SSH over LAN
– WS-Management (WS-MAN)
– A Web services interface for system management
– WS-MAN is a programmatic interface used by management consoles over LAN
41
2014 LENOVO. All rights reserved.
SMASH Profiles Supported
No
Profile
Required
No
Profile
1
Base Server Profile
Y
19
Sensors Profile
2
Boot Control Profile
Y
20
Shared Device MGMT Profile
3
Service Processor Profile
Y
21
Simple Identity MGMT Profile
Y
4
CLP Service Profile
Y
22
SM CLP Admin Domain Profile
Y
5
CPU Profile
Y
23
SMASH Collections Profile
Y
6
Device Tray Profile
24
Software Inventory Profile
7
DHCP Client Profile
Y
25
Software Update Profile
8
DNS Client Profile
Y
26
SSH Service Profile
Y
9
Ethernet Port Profile
Y
27
System Memory Profile
Y
10
Fan Profile
Y
28
Telnet Service Profile
11
IP Interface Profile
Y
29
Text Console Redirection Profile
Y
12
Modular System Profile
30
Watchdog Profile
Y
13
Pass-through Module Profile
31
KVM Redirection Profile
Y
14
Physical Asset Profile
Y
32
PCI Device Profile
Y
15
Power State MGMT Profile
Y
33
OS Status Profile
Y
16
Power Supply Profile
Y
34
Indicator LED Profile
Y
17
Record Log Profile
Y
35
Indications Profile
Y
18
Role Based Authorization Profile
Y
36
SMI-S Host Hardware Raid Controller
Profile
Y
TSM supports all required and optional SMASH Profiles
42
Required
2014 LENOVO. All rights reserved.
Y
2014 LENOVO. All rights reserved.
Serial Console Redirection
 Provides a mechanism to redirect a text
serial console
 Methods
– IPMI Serial over LAN (SOL) over server
management LAN
– Telnet/SSH session over LAN – SMASHCLI command to start console redirection
– Serial Console Redirection direct server
serial port connection (TSM not involved)
IPMI Serial over LAN (SOL)
Telnet / SSH session
 Provides software, or user at remote
console, means of remote text based
KVM
– Serial text-based interfaces (e.g. BIOS
setup, RAID configuration)
– Operating system command-line interfaces
(e.g. DOS, Linux consoles)
– Serial text-based applications
Serial Port Console Redirection
44
2014 LENOVO. All rights reserved.
Configuring IPMI SOL
 Configure the serial output so TSM
can be remotely viewed over the LAN
1. Configure Serial Port settings in BIOS
a. Configure COM port settings (Baud, etc.)
b. Enable ―Console Redirection‖
2. Configure TSM IPMI SOL Settings –
Match COM port settings.
3. Configure TSM accounts to allow
access on LAN
4. Start IPMI SOL Session
45
2014 LENOVO. All rights reserved.
Configuring Serial Console Redirection
 Configure the serial output of the
server so console can be remotely
viewed over serial connection (TSM
is not involved)
1. Use serial console application
2. Connect (null-modem) serial cable to
ThinkServer serial port (COM1)
3. Configure console redirection in BIOS
a. Enable ―Console Redirection/SOL‖
b. Enable ―Redirection After BIOS POST‖
c. Configure COM port settings (Baud, etc.)
4. Configure terminal client COM port
settings – match settings on server
5. Terminal app will display all text based
output as shown on local server monitor
46
2014 LENOVO. All rights reserved.
2014 LENOVO. All rights reserved.
SNMP
 The TSM supports SNMP v3 using both IPv4
and IPv6
– IPMI SNMP traps (alerts)
– SNMP get IPMI command (Status information)
 An SNMP Management Information Base file
(MIB) is provided to enable integration into
SNMP based management applications
– one for GETS
– one for TRAPS
 One default SNMP Community is supported
(community1)
 SNMP is enabled for local user accounts in
user management tab
– Supports SHA, MD5 authentication
– Supports DES, AES encryption
48
2014 LENOVO. All rights reserved.
2014 LENOVO. All rights reserved.
Monitoring System Status
 Using a comprehensive network of sensors and watchdog timers, TSM monitors:
– System operational status including power state
– Environmental information including temperatures, voltages, fan speed readings, bus errors, etc.
– Manual or system driven recovery actions – local or remote system resets and power on/off
operations
 Logs record abnormal or ‗out-of-range‘ conditions, and important system events for
later examination and alerting — without operating system intervention
 System status sensor data is accessible via (Web, IPMI,
SMASH-CLI, WS-Man, PowerShell CLI
 Sensor definitions can be discovered using the IPMI Sensor
Data Records (SDRs) and sensor device commands
 System Status LED provides quick visual identification of
error conditions
50
2014 LENOVO. All rights reserved.
Error Reporting with Remote Alerts
 The TSM can notify users or management
applications when a system fault or important
state change occurs
 Events are categorized as:
– Critical – system failure
– Warning – possible pending issue
– Information – general status
 Platform Event Filters (PEF) provide a
mechanism to configure specific actions to be
performed on certain events. Specific actions
include:
– Power Actions – Do Nothing, Power Down,
Power Reset, Power Cycle
– Trigger remote alert via Platform Events Trap
(PET) or email
51
2014 LENOVO. All rights reserved.
 Remote notification can occur via the following
methods:
– SNMP Traps via Ethernet only
– SNMP MIB provides specific information about the
alert
– Email
– Address is configurable for each local user and
each Alert LAN Destination can have one local user
assigned
– Reports TSM host name, sensor name, sensor
type, failure description
– CIM events sent to clients that have registered
to receive indications
Email Alert Contents
 Email address is configurable for
each local user and each Alert LAN
Destination can have one local user
assigned
 Reports
– TSM host name
– Sensor name
– Sensor type
– Severity
– Failure description
 Similar information to that recorded in
the SEL
52
2014 LENOVO. All rights reserved.
Event Logs
 System Event Log (SEL)
– Records events related to the sensors available
in the TSM
– SEL is accessible in web server and can be
filtered and sorted
– Accommodates over 3000 unique entries – alert
can be configured when log full or past a certain
threshold
 Extended SEL
– Provides correlated data to IPMI SEL events –
additional information not saved in IPMI SEL
 Audit Log
– Records events related to actions performed by
the users including logging on, password
changes, etc.
– Audit log can be disabled, so that no new events
are registered to this log
53
2014 LENOVO. All rights reserved.
System Status LEDs
LED
Location
Color
Possible states and Indicated
Conditions
System Fault
Front Panel
Amber
On – Fault
Off – System Status OK
Unit Identification*
Front Panel
Motherboard
Blue
On – Attention
Off – No action
BMC heart beat
Motherboard
Green
On – Fault
Off – Fault
Blink – Health Status OK
FAN
Motherboard
Amber
On – Fan Fault
Off – OK
PSU Fault
Power Supply (rear panel)
Amber
On – PSU Fault
Off – OK
* Controlled by front panel ID button and IPMI command
54
2014 LENOVO. All rights reserved.
2014 LENOVO. All rights reserved.
Sensor Definitions (Supported with PEFs)
Sensor Type
Sensor Name
Temperature
Ambient Temp
Exhaust Temp
Voltage
System 3.3V
System 5V
System 12V
AUX 1.2V
AUX 1.26V
AUX 1.5V
AUX 3.3V
PCH 1.05V
PCH 1.5V
CPU Core
CPU1 VR
CPU2 VR
DIMM AB 0.6v
DIMM AB VR
DIMM CD 0.6v
DIMM CD VR
DIMM EF 0.6v
DIMM EF VR
DIMM GH 0.6v
DIMM GH VR
System Power
CPU Power
DIMM Power
PSU1 Power
PSU2 Power
Power
56
2014 LENOVO. All rights reserved.
CPU1 DTS
CPU2 DTS
Sensor Type
Sensor Name
Fans Speed
Fan (1), Fan (2), … Fan (n)
Physical Security
Chassis Intrusion
Processor
Power Supply Status
CPU Fault
CPU Usage
PSU Overload
PSU Fault
PSU Redundancy Lost
System Power State
Host Power (Power on / Power up)
Memory
DIMM Fault
Drive Slots (General)
HDD (Drive added, removed, offline, PFA)
System Firmware Progress
BIOS
Event Logging Disabled
SEL Full
Watchdog Timer
Watchdog Trip
Viewing Sensors from the Web Interface
 Sensors are organized into the following
categories:
–
–
–
–
–
Temperature
Voltage
Fan
Power Supply
Others
 Click corresponding tab to view sensors in
that category
– Sensors presented in a table with the current
readings
– Green = OK
– Orange = Warning
– Red = Critical
– Grey = Additional sensor data not available (via
link)
57
2014 LENOVO. All rights reserved.
Web Interface – Detailed Sensor Information
 Clicking a sensor name opens another
dialog with detailed sensor information
– Current reading
– Sensor Thresholds
– Chart representing events logged in the
SEL for this sensor
 Sensor thresholds
–
–
–
–
–
–
58
Lower Non-Recoverable
Lower Critical
Lower Non-Critical
Upper Non-Critical
Upper Critical
Upper Non-Recoverable
2014 LENOVO. All rights reserved.
2014 LENOVO. All rights reserved.
Configuring Platform Event Filters (PEFs)
 PEF Management provides mechanism
to configure specific actions to be
performed on particular event messages
 Actions include reboot, power cycle,
power off, and trigger an alert (Platform
Events Trap [PET] and/or e-mail)
 To configure a PEF, specify:
1.
2.
3.
60
Add a ―LAN Destination‖
Add an ―Alert Policy‖ using the previously
created ―LAN Destination‖ and associate
with a specific policy number
Add an ―Event Filter‖ using the same
policy number previously used in the step
above
2014 LENOVO. All rights reserved.
The Event Filter tab displays a table with event filters
currently in use. Filters can be managed from this tab.
Configuring PEFs – LAN Destinations
 Two types of LAN destinations –
SNMP Trap or Email Alert
– SNMP Trap sends alert message to an
IPv4 or IPv6 address
– Email alert provide static subject and
message fields
 Configuring LAN Destinations
– The LAN Destination tab displays all
existing LAN destinations
– Alert Policies requires at least one LAN
Destination, but can have many
61
2014 LENOVO. All rights reserved.
Configuring PEFs – Alert Policies
 Alert Policies define
– When to send the alert defined by ―Policy
Set‖
– Where to send the alert selected from predefined list of ―LAN Destinations‖
– Additional information to send in
selectable ―Alert String‖
 Configuring Alert Policies
– Alert policies have a ―Policy Number‖ that
will be associated with the event filter
– Multiple alert policies with the same Policy
Number can be triggered by the same
event filter
62
2014 LENOVO. All rights reserved.
The Alert Policy tab displays all existing Alert policies
Configuring PEFs – Event Filters
 Configuring an Event Filter – Specify:
– The severity of the event that will trigger
the alert – ―Event Filter Configuration‖
– Monitor, Information, Normal, Non-Critical,
Critical, Non-Recoverable, Unspecified
– Which sensor to monitor – ―Sensor
Configuration‖
– What action to take when the event is
triggered – ―Filter Action‖
– Which Alert Policy to associate with this filter
– multiple policies can be selected
– What Power Action to take (Do Nothing,
Power Down, Power Reset, Power Cycle)
– IPMI Generator ID, and Event Data
Configuration exposed for detailed event
creation
63
2014 LENOVO. All rights reserved.
Configuring Email Alerts
 Email notifications can be sent to
users when:
– Status of the system changes or a critical
error happens
– Local user in case of a forgotten
password
 Configure SMTP servers
– Sender address – email address to
appear in ―from‖ field of email
– Machine name – TSM host name
– Primary and secondary destination SMTP
server IPv4 address and port number
(default is 25)
– SMTP server authentication if required
64
2014 LENOVO. All rights reserved.
2014 LENOVO. All rights reserved.
ThinkServer Configuration
Interface
66
BIOS
TSM
RAID Controllers
UEFI Interface (BIOS Pre-boot)
Yes
Yes
Yes
TSM Web Interface
No
Yes
No
PowerShell CLI
No
Yes
No
IPMI
No
Yes
No
CIM Interfaces (SMASH CLI, WS-Man)
No
No
No
SNMP
No
No
No
2014 LENOVO. All rights reserved.
TSM Configuration Support
Configuration Item
67
Web
PowerShell
IPMI
WS-Man
SMASH-CLI
Server Power Button
Yes
Yes
Yes
Yes
Yes
Local User accounts and privileges
Yes
Yes
Yes
Yes
Only Account settings
allowed not Privilege.
Active Directory / LDAP configuration and accounts
Yes
No
Yes
No
No
Network settings for each interface
Yes
Yes
Yes
Yes
No
Virtual console and virtual media enablement and
configuration
Yes
Virtual media only Yes
Service Enablement allowed, but not
Only Service
other configurations or media redirection Enablement allowed
Notification settings – SNMP traps, SMTP
Configurations
Yes
Yes
Yes
Yes
No
NTP client configuration
Yes
No
Yes
No (Date and time can be set)
No (Date and time can
be set)
Security certificates management
Yes
No
Yes
No
No
Services Management
Yes
Only Enable /
Disabled allowed
Yes
Only Enable/Disabled allowed
Only Enable/Disabled
allowed
Session timeouts
Yes
No
Yes
No
No
Firewall
Yes
No
Yes
No
No
Platform Event Filters
Yes
Yes
Yes
Yes
No
IPMI Serial Over LAN (SOL)
Yes
No
Yes
No
Yes
Thermal and power capping profiles
Via DCMI No
Yes
No
No
2014 LENOVO. All rights reserved.
TSM Configuration Backup and Restore
 Backup and Restore
– All TSM settings can be preserved to a local
file
– Settings can be restored by importing a
previously saved configuration file
– Restore operations require the TSM to be
rebooted (but not the server)
 All TSM settings are saved if firmware
upgrade is performed
 A TSM factory reset resets all settings to
default values
68
2014 LENOVO. All rights reserved.
2014 LENOVO. All rights reserved.
Network Configuration
 TSM network port selectable
– Shared with OS / multiple MAC addresses
– Dedicated
 Addressing
– IPv4 or IPv6 supported (IPV6 can be
disabled)
– IP address obtained from DHCP server or
assigned statically
 Supports VLAN
– VLAN ID (2-4094)
– Priority (1-7)
70
2014 LENOVO. All rights reserved.
DNS Settings
 DNS enables a DNS server to translate host
names into IP addresses
 TSM Host Name supports manual or automatic
configuration (assigned MAC address)
 Multicast DNS (mDNS) support
– provides a zero configuration host name resolution
service
 DDNS support methods for host name
registration
– Nsupdate (Direct Dynamic DNS)
– Supports TSIG authentication if required – a TSIG private
file will be needed
– DHCP Client FQDN to register through DHCP server
– Hostname
– None
71
2014 LENOVO. All rights reserved.
Link Speed
 Configures network link speed and
duplex mode
 'Auto Negotiation' enables link speed
and duplex mode to be set
automatically to achieve the best
possible performance
 Link can only be configured when
TSM NIC is in Dedicated mode
72
2014 LENOVO. All rights reserved.
Service Management
Default Non-Secure
Port
Default Secure Port
Max Sessions
Port Configurable?
Session Timeout
Configurable?
Web (HTTP / HTTPS)
80
443
20
Yes
Yes (5 – 30 min)
Telnet
23
N/A
N/A
Yes
Yes (1 – 30 min)
SSH
N/A
22
N/A
Yes
Yes (1 – 30 min)
SNMP Agent
161
N/A
N/A
Yes
No
SNMP Traps
162
N/A
N/A
No
No
Remote KVM
7578
7582
4
No
Yes (5 – 30 min)
Remote Media (HDD)
5123
5127
3
No
No
Remote Media (CD/DVD)
5120
5124
1
No
No
Network Time Protocol
123
N/A
N/A
No
No
SLP
427
N/A
N/A
No
No
SMTP (email alerts)
25
N/A
N/A
Yes
No
DHCP Client
68
N/A
N/A
No
No
DNS Client
53
N/A
N/A
No
No
LDAP / LDAPS
389
636
N/A
Yes
No
Active Directory
389
636
N/A
Yes
No
WS-Man
5988
5989
N/A
No
No
SMASH-CLI
N/A
N/A
3
No
Yes (1 – 30 min)
Service
73
2014 LENOVO. All rights reserved.
2014 LENOVO. All rights reserved.
TSM Security Features
 User authentication through LDAP / Active
Directory, or 9 local hardware-stored user
accounts and passwords
 Role-based authorization
– Enables administrators to configure specific
privileges for each user
– Public Key Authentication: Allows for the use of a
private key to authenticate over SSH instead of
the typical user name/password authentication
 Interface Security
– Session time-out: Provides automatic session
time-out for inactivity (Web, Telnet, SSH, KVM)
– Firewall configurable to block network traffic
based on IP address or network port
 Configurable Network Service ports
– Allows customization of ports used by TSM
services
 Security settings configurable through the
Web interface, PowerShell CLI, and IPMI
75
2014 LENOVO. All rights reserved.
 Encryption secured with 256-bit Secure
Sockets Layer (SSL)
– Secure Web-server (HTTPS)
– Secure LDAP (LDAPS)
– Supports Virtual Console and Virtual Media
encryption
 The TSM supports terminal connections to
clients using SSH version 2.0
– SSH uses user ID and password pairs stored in
local user accounts or AD/LDAP server
– Supports the following encryption algorithms:
– 3DES, Blowfish, RC4, AES
 VLAN support
– Enables management traffic to be located in a
private ―management VLAN‖ in both dedicated and
shared network modes
– VLAN groups can be used to limit network access
to devices subscribed to the VLAN group
Firewall
 Used to define rules to prevent
network traffic to or from specific IP
addresses and ports
– Block specific IP address or range of IP
addresses
– Block all TCP or UDP communication
through specific port or range of port
numbers
76
2014 LENOVO. All rights reserved.
Certificates
 SSL and SSH require a valid
certificates and corresponding private
encryption keys.
 The following methods for generating
or importing the private key and
required certificate are supported
– Generate and install a self-signed X.509
certificate
– Import a signed DER encoded X.509
certificate
 Certificates are saved across
firmware updates when flashing to a
newer code level
– Information not guaranteed to be saved if
flashing to an older code level
77
2014 LENOVO. All rights reserved.
2014 LENOVO. All rights reserved.
TSM Authentication
 TSM supports three methods of authentication
– Local authentication – user account and privileges
info stored in TSM non-volatile storage
– Active Directory – user authenticated via remote
A.D. server
– LDAP – user authenticated via remote LDAP server
 Multiple methods can be used – order of
authentication can be specified. By default, the
TMM tries to authenticate user credentials in the
following order:
– Locally
– LDAP (if enabled)
– Active Directory (if enabled)
 Authentication is required on all interfaces except
for SNMPv1 and in-band KCS interface
 Forgotten passwords mechanism is available for
local users that have a valid email address
registered in TSM
79
2014 LENOVO. All rights reserved.
 Up to 5 Active Directory and LDAP groups
supported
 No modifications to the directory schema
 LDAPS supported (TLS, SSL) – Certificate
management in LDAP settings
Privilege Levels
Feature
Administrator
Operator
User
Dashboard
Can view, configure, control all settings
Can view all information
Can view System Summary, Latest Event Logs,
Sensors, Launch Console (if privilege granted)
Backup and Restore
Factory Reset
Firewall
Firmware Update
FRU Inventory
Logging - Event Log
Logging - SEL Record Details
Logging - Audit Log
Networking – NIC, DNS, Link
NTP Settings
PEF Management
Power Management - Power Status
Power Management - Power Button
Sensor Monitoring
Serial Over LAN
Can perform
Can perform
Can view and configure
Can perform
Can view
Can view and clear log
Can view
Can view log. Can enable/disable log
Can view and configure
Can view and configure
Can view and configure
Can perform
Can perform
Can view sensors and sensor detail
Can view and configure
Can view and configure services and manage
active sessions
Can view and configure
Can view and configure
Can view and configure
Can view and configure
View console screenshot and launch console
if privilege granted.
Can view and configure
Can view and configure
Services Management
SMTP Settings
SSL Certificate Settings
Users - Local Users, Active Directory, LDAP
Users - Authentication Order
Virtual Console - Console Launcher
Virtual Console - Settings
Virtual Console - Remote Images
80
2014 LENOVO. All rights reserved.
Can view settings
Can view
Can view log
Can view log
Can view log
Can view
Can view
Can view
Can view
Can view
Can view log
Can view log
Can view log
Can view sensors
Can view
Can view sensors
Can view services
Can view services
Can view
Can view
Can view
Can view
View console screenshot and launch console
if privilege granted.
Can view
Can view
Can view
Can view
View console screenshot and launch console
if privilege granted.
Can view
Can view
Access Credentials Supported by Authentication Method
User Interface
Local Accounts
LDAP
Active Directory
Web Interface
Yes
Yes
Yes
WS-MAN
Yes
Yes
Yes
SMASH-CLI
Yes
Yes
Yes
IPMI
Yes
No
No
IPMI SOL
Yes
No
No
SNMPv3
Yes
No
No
81
2014 LENOVO. All rights reserved.
Default User Profiles
User
ID
User Name
Default
Password
anonymous
1
82
lenovo
2014 LENOVO. All rights reserved.
len0vO
Default Status
User Role
KVM
Virtual Media
SNMP (Gets)
Enabled (Hidden)
Administrator
Enabled
Enabled
Disabled
Enabled
Administrator
Enabled
Enabled
Disabled
Additional Local User Account Controls
 Configure local user account access
via SNMP
– Select authentication mode and method
of encryption
 Can use SSH certificate for logging in
without a password
83
2014 LENOVO. All rights reserved.
2014 LENOVO. All rights reserved.
FRU Monitoring and Component Tracking
 The TSM provides a detailed record of
components currently installed in the system
 FRU data available from Web I/F, IPMI,
PowerShell CLI, WS-Man, SMASH-CLI
 FRU data is refreshed at every reboot or
TSM reset
 FRUs tracked include:
–
–
–
–
–
–
–
–
–
85
AnyRAID adapters
HDD / SSD Drives
Riser Card
PSUs
AnyFabric Mezzanine cards
Mid Plane cards
Back Plane cards
DIMMs
CPUs
2014 LENOVO. All rights reserved.
 The FRU Inventory dialog lists all the existing
FRUs and provides detailed information about
them, such as:
– Chassis: type, serial number, part number, and
others.
– Board: manufacturer, product name, serial number,
part number, and others.
– Product: manufacturer, part number, version, and
others.
 Use the dropdown list at the top of the page to
select a specific FRU and obtain product details
2014 LENOVO. All rights reserved.
Firmware Update Support
 Supports update for TSM, BIOS, ThinkServer
Deployment Manager, AnyRAID Mid-plane cards,
Mezzanine Card, PSU‘s
 Firmware update packages can be uploaded from
local computer, or networked location (CIFS, NFS,
and TFTP shares supported)
– Packages can be signed
 After update bundles transferred to TSM, only
applicable updates will be enabled
 Automatic Rollback of BIOS and TSM firmware to last
known good recovery image if firmware image is
corrupted
– An IPMI OEM command is available to force boot from the
recovery image instead of the primary image
– Version downgrade is not supported
 Methods of update
– Web
– PowerShell CLI
– Flash Utilities (OS application)
Firmware Update via Web Interface
87
2014 LENOVO. All rights reserved.
Firmware Recovery – Layout of EMMC
 Partition 1
–
Backup of BMC image. BMC uses data in this partition to recover from
corrupted primary image.
 Partition 2
–
Used primarily for host access. Stores images for local media. Host
accesses these images as virtual disks and devices.
–
TDM image – TDM can recover or upgrade from this image.
–
Windows driver image / Linux driver image – Required drivers OS
installation can be found here without network.
–
Diagnostic image – Diagnostics
–
Temporary image – Used in the process of maintaining the images. If a
sudden power loss happens while updating images, temporary image is
used for recovery in next power on.
TDM
 Partition 3
–
This partition is mainly accessed as BMC external storage.
–
Extended SEL Log
–
Debug Logs – Stores debug information including IPMI request and
response logging. This logging can be switched dynamically via OEM IPMI
command.
–
Configurations that need to be preserved even during reset to defaults.
–
Backup images of BIOS, TDM, and CPLD. These devices can be recovered
using these images.
 Partition 4
–
88
Reserved for future use
2014 LENOVO. All rights reserved.
TDM
2014 LENOVO. All rights reserved.
Power / Reset Control
 Power Management Controls allows
monitoring and manipulating the power status
of ThinkServer
– Power On – Power on the server immediately
– Power Off Gracefully – The TSM attempts to shut
down the operating system and then turns off the
server
– Power Off Immediately – Turns the server off
without shutting down the operating system
– Reset – The TSM restarts the server by rebooting
the system without powering off
– Power Cycle – The TSM restarts the server by
powering down the server without shutting down
the operating system, and then reboots the
system
 Power Management Server Power Button
enables / disables the front panel power
switch on the server
90
2014 LENOVO. All rights reserved.
 TSM Premium enables ThinkServer
Energy Manager support
 Licenses features of integrated Intel
Node Manager 3.0 accessible
through standard DCMI interface
– Monitors and reports system level power,
temperature, and utilization metrics
– Enforces cap power policies by adjusting
processor frequency scaling and dynamic
voltage adjustment
91
2014 LENOVO. All rights reserved.
 Data from various sensors captured to
compute the system level power consumed.
 Power capping policies sent from Energy
Manager are dynamically accepted and
enforced by Node Manager closed-loop
controls.