Infoblox LOM (Lights Out Management) is an implementation of the remote management and monitoring of Infoblox appliances that are LOM ready, such as the Trinzic 2010 appliances.
The LOM feature is useful when you want to monitor your platforms remotely or consolidate your data centers. When you monitor your systems remotely, you can avoid issues such as overheating of a problematic system by remotely powering down the system. To conserve energy, you can also power up and down any systems based on service requirements.
You can enable LOM for the entire Grid and override the Grid settings for specific members. You can also configure LOM on independent appliances and HA pairs.

LOM is disabled by default. Before you can configure LOM and remotely manage the appliance, ensure that the IPMI (Intelligent Platform Management Interface) port on your appliance is properly connected to the network. Consider the following security measures before you enable the IPMI interface for LOM:

• Use an authentication method other than the RAKP (Remote Authenticated Key-Exchange Protocol) for the IPMI interface. Any implementation that uses the RAKP can become vulnerable.

• Secure the network to which the IPMI interface is connected. Infoblox recommends that you use a separate and secure network for all IPMI traffic.

• Use strong passwords for all IPMI users. At least 10 random characters are recommended. Attacks are only effective against weak passwords.

• IPMI is disabled by default. DO NOT enable IPMI on the appliances if it is not being used.

By default, IPMI uses UDP port 623. You can then enable LOM and add LOM users through the Infoblox GUI. When you add LOM users, you can assign them specific roles so they can perform only certain functions. When you add a LOM user, you can configure the user to be an "operator" or a "user" depending on the functions you want the user to perform. An operator can access an appliance remotely and perform the following functions:

• Access the serial console

• Reset the appliance

• Power up and down the appliance

• Monitor system status, such as CPU usage and system temperature

A user role can only monitor system status. Users with this role cannot perform any other functions remotely.
After you set up and configure your appliance, perform the following tasks through Grid Manager to enable LOM and set up LOM users:

1. Enable LOM for the Grid or members that support IPMI, as described in Enabling LOM below.

2. Add LOM users based on your organizational needs, as described in Adding LOM User Accounts below.

3. Configure the IPMI network interface on the appliance, as described in Configuring the IPMI Network Interface, see Configuring SNMP.

4. After you have configured LOM and set up the IPMI interface, install a utility such as IPMItool on your Linux management system. For information about IPMItool, visit the IPMItool web site at http://ipmitool.sourceforge.net. For the most commonly used commands and examples, see IPMI Commands and Examples below.

You can also do the following from Grid Manager after you configure LOM:

• Enable and disable LOM for the Grid or members, as described in Enabling LOM below.

• Modify LOM settings, as described in Modifying LOM Settings below.

• View LOM users, as described in Modifying LOM Settings below.

Enabling LOM

Before you can add LOM users and manage Infoblox appliances remotely, you must enable LOM. When LOM is configured for the entire Grid, all members inherit the Grid settings. You can also override the Grid settings for specific members. For an HA pair, you can configure LOM on the node that supports IPMI.
To enable and disable LOM:

1. Grid: From the Grid tab, select the Grid Manager tab, expand the Toolbar and click Grid Properties -> Edit.
   Independent appliance: From the System tab, select the System Manager tab, expand the Toolbar and click System Properties -> Edit.
   Member: From the Grid tab, select the Grid Manager tab -> Members tab -> Grid_member checkbox, and then click the Edit icon.
   To override an inherited property, click Override next to it and complete the appropriate fields.

2. In the LOM tab, complete the following:

   • Enable Lights Out Management: LOM is disabled by default. Select this checkbox to enable LOM. When LOM is enabled or disabled for the Grid, all members inherit the same setting.

3. Save the configuration.

Adding LOM User Accounts

You can add up to eight LOM user accounts. Admins must use the configured user name and password to remotely log in to the appliance.
Note that when you add LOM user accounts at the Grid level, all members inherit them. You can configure user accounts specific to a member by overriding the Grid accounts. When you click Override to modify the inherited Grid accounts, the appliance creates copies of the Grid level user accounts and saves them at the member level. These are new accounts at the member level and do not affect the Grid accounts or any accounts configured on other Grid members. You can also reset member accounts to the Grid accounts by clicking Inherit. When you do that however, all changes you previously made to the member accounts are lost.
To add a LOM user account:

1. Grid: From the Grid tab, select the Grid Manager tab, expand the Toolbar and click Grid Properties -> Edit.
   Independent appliance: From the System tab, select the System Manager tab, expand the Toolbar and click System Properties -> Edit.
   Member: From the Grid tab, select the Grid Manager tab -> Members tab -> Grid_member checkbox, and then click the Edit icon.
   To override an inherited property, click Override next to it and complete the appropriate fields.

2. In the LOM tab, complete the following:

   • User Accounts: Click the Add icon and complete the following:

     • Name: Enter the name of the LOM user account.

     • Password: Enter the password for the LOM user account. Note that while the maximum length allowed for the password is 15 characters and the minimum length is 4 characters. If you are running NIOS on the IB-4000 or the ND-4000 platform, you must enter a minimum password length of 8 characters. Otherwise, an error message is displayed.

     • Confirm Password: Enter the password again. 

     • Role: From the drop-down list, select the role for the LOM user account. Operator allows users to perform all supported LOM related functions. User allows admins to only monitor system sensors such as temperature and CPU usage.

   • Disable: Select this to deactivate the user account but keep a user profile.

   • Click Add to add the new user account.

3. Save the configuration.

Configuring the IPMI Network Interface

You must configure the IPMI network interface before you can access the appliance remotely. To configure the IPMI network interface:

1. Independent appliance: From the System tab, select the System Manager tab, expand the Toolbar and click System Properties -> Edit.
   Member: From the Grid tab, select the Grid Manager tab -> Members tab -> Grid_member checkbox, and then click the Edit icon.

2. In the LOM tab, complete the following in the Network Configuration table:

   • Address: Enter the IPMI interface address here.

   • Subnet Mask: Enter the subnet mask for the IPMI interface.

   • Gateway: Enter the gateway address for the IPMI interface.

3. Save the configuration.

Modifying LOM Settings

To modify LOM settings:

1. Grid: From the Grid tab, select the Grid Manager tab, expand the Toolbar and click Grid Properties -> Edit.
   Independent appliance: From the System tab, select the System Manager tab, expand the Toolbar and click System Properties -> Edit.
   Member: From the Grid tab, select the Grid Manager tab -> Members tab -> Grid_member checkbox, and then click the Edit icon.
   To override an inherited property, click Override next to it and complete the appropriate fields.

2. Modify the following:

   • Enable Lights Out Management: LOM is disabled by default. Select this checkbox to enable LOM. When you enable or disable this for the Grid, all members inherit the same setting.

   • Network Configuration: Click the fields in the table to modify the IPv4 address, subnet mask, and gateway address for the IPMI interface. For an HA pair, the appliance displays information only for the nodes that support IPMI. Enter the information for the following fields: Address, Subnet Mask, and Gateway. The Node and LAN Address fields are read-only, and you cannot modify them. The LAN address is the IPMI interface address.

   • User Accounts: Click the Add icon to add new LOM users. You can also select an existing LOM user and click the Edit icon to modify the user settings, as described in Adding LOM User Accounts above.

3. Save the configuration.

Viewing LOM Users

To view information about LOM users:

1. Grid: From the Grid tab, select the Grid Manager tab, expand the Toolbar and click Grid Properties -> Edit.
   Independent appliance: From the System tab, select the System Manager tab, expand the Toolbar and click System Properties -> Edit.
   Member: From the Grid tab, select the Grid Manager tab -> Members tab -> Grid_member checkbox, and then click the Edit icon.
   To override an inherited property, click Override next to it and complete the appropriate fields.

2. In the LOM tab, Grid Manager displays the following information for each LOM user:

   • Name: The name of the LOM user.

   • Role: The user role to which the LOM user was assigned. This can be Operator or User.

   • Disabled: Indicates whether the LOM user account is disabled or not. When a LOM user account is disabled, the user cannot access the appliance remotely.

IPMI Commands and Examples

This section describes some of the most commonly used IPMITool commands and examples. For more information about the IPMI commands and usage, visit the IPMItool web site a http://ipmitool.sourceforge.net.
To use IPMI commands, complete the following:

1. Ensure that you have properly enabled and configured LOM and the IPMI network interface.

2. Install IPMITool on a Linux management system. For information, visit the IPMItool web site at http://ipmitool.sourceforge.net.
   Access IMPITool and enter an IPMI command to perform a specific task. The appliance displays the corresponding output.
   Following are some of the most commonly used IPMI commands and their sample outputs. Note that command outputs vary by appliances. The following sample commands were performed on a Trinzic 1415 appliance. All sample commands in this section use the following syntax:
   ipmitool -H <LOMIPAddress> -U  username -P password -L [OPERATOR/USER] -I lanplus <supported commands>

Command to be Used with Caution

power reset variant

Caution: Using this command has the same effect as pulling the power cord off the appliance.

Checking Power Status with User Role

Command:
ipmitool -H 10.37.2.70 -U user -P infoblox -L USER -I lanplus power status
Command output:
Chassis Power is on

Checking Various Sensors [Temperature, Voltage, FANS, Physical Security, Power supply, OEM] with User Role

Command:
ipmitool -H 10.37.2.70 -U user -P infoblox -L USER -I lanplus sensor
Command output:
System Temp | 23.000 | degrees C | ok | -9.000 | -7.000 | -5.000 | 75.000 | 77.000 | 79.000
CPU Temp | 0x0 | discrete | 0x0000| na | na | na | na | na | na
FAN 1 | 10390.000 | RPM | ok | 215.000 | 400.000 | 585.000 | 29260.000 | 29815.000 |
30370.000
FAN 2 | na | RPM | na | na | na | na | na | na | na
FAN 3 | 9835.000 | RPM | ok | 215.000 | 400.000 | 585.000 | 29260.000 | 29815.000 |
30370.000
FAN 4 | 11870.000 | RPM | ok | 215.000 | 400.000 | 585.000 | 29260.000 | 29815.000 |
30370.000
FAN 5 | 10390.000 | RPM | ok | 215.000 | 400.000 | 585.000 | 29260.000 | 29815.000 |
30370.000
CPU Vcore | 0.832 | Volts | ok | 0.640 | 0.664 | 0.688 | 1.344 | 1.408 | 1.472
+3.3VCC | 3.264 | Volts | ok | 2.816 | 2.880 | 2.944 | 3.584 | 3.648 | 3.712
+12 V | 11.978 | Volts | ok | 10.494 | 10.600 | 10.706 | 13.091 | 13.197 | 13.303
CPU DIMM | 1.528 | Volts | ok | 1.152 | 1.216 | 1.280 | 1.760 | 1.776 | 1.792
+5 V | 5.088 | Volts | ok | 4.096 | 4.320 | 4.576 | 5.344 | 5.600 | 5.632
-12 V | -12.486 | Volts | ok | -13.844 | -13.650 | -13.456 | -10.934 | -10.740 | -10.546
VBAT | 3.120 | Volts | ok | 2.816 | 2.880 | 2.944 | 3.584 | 3.648 | 3.712
+3.3VSB | 3.264 | Volts | ok | 2.816 | 2.880 | 2.944 | 3.584 | 3.648 | 3.712
AVCC | 3.264 | Volts | ok | 2.816 | 2.880 | 2.944 | 3.584 | 3.648 | 3.712
Chassis Intru | 0x0 | discrete | 0x0000| na | na | na | na | na | na PS Status | 0x1 | discrete | 0x01ff| na | na | na | na | na | na

Printing System Event Log with User Role

Command:
ipmitool -H 10.37.2.70 -U user -P infoblox -L USER -I lanplus sel list
Command output: The appliance displays all event log entries (if any)

Getting FRU Information with User Role

Command:
ipmitool -H 10.37.2.70 -U user -P infoblox -L USER -I lanplus fru
Command output:
FRU Device Description : Builtin FRU Device (ID 0) Board Mfg Date : Sun Dec 31 15:00:00 1995
Board Mfg : Supermicro Board Serial : Product Serial :

Powering Off the Appliance with Operator Role

Command:
ipmitool -H 10.37.2.70 -U operator -P infoblox -L OPERATOR -I lanplus power off
Command output:
Chassis Power Control: Down/Off

Powering On the Appliance with Operator Role

Command:
ipmitool -H 10.37.2.70 -U operator -P infoblox -L OPERATOR -I lanplus power on
Command output:
Chassis Power Control: Up/On

Activating the Serial Console Port using Operator role

Command:

ipmitool -H 10.37.2.70 -U operator -P infoblox -L OPERATOR -I lanplus sol activate

Command output:

[SOL Session operational. Use ~? for help] login: admin password: Infoblox NIOS Release 6.4.0-163715 (64bit) Copyright (c) 1999-2012 Infoblox Inc. All Rights Reserved. type 'help' for more information Infoblox >