Tech Sales Certification

System Management
Study Guide

1 Tech Sales Certification - System Management Study Guide

 Table of Contents
XClarity 3

XClarity Administrator 33

XClarity Controller 46

IMM 73 77

CMM 86

2 Tech Sales Certification - System Management Study Guide

 XClarity Administrator
Planning and Implementation

3 Tech Sales Certification - System Management Study Guide

 Introduction
Lenovo XClarity is a new software solution for centrally managing large pools of Lenovo data center hardware.
Designed to simplify and speed foundational infrastructure management tasks, XClarity helps administrators implement
a modern, software-driven approach to data center management.

Figure 1-1 shows a broad overview of the capabilities of Lenovo XClarity Administrator.

Lenovo XClarity focus

Lenovo XClarity is focused on the following key systems management functions:
• Automatic network-based discovery of end points
• Visualizing asset and status information of managed end points
• Monitoring with real-time alerting, event management, and call home services
• Taking basic action on managed end points, such as powering systems on or off
• Managing firmware through user-defined compliance policies
• Managing configuration settings through templates that are called configuration patterns
• Installing operating systems and hypervisors to bare metal servers
XClarity is available as a virtual appliance, which makes it easy to deploy as needed locally or remotely to managed
end points. It provides extensive Windows PowerShell support for scripting and extensive REST APIs to enable
scalable web services. REST APIs enable organizations that are investing in cloud orchestration and management to
extend those investments to view and control Lenovo data center hardware from external automation or service
management tools. XClarity also provides immediately available Integrators for key management tools, such as
Microsoft System Center and VMware vCenter, with which administrators can centrally manage software and physical
infrastructures.

Lenovo XClarity is available in two editions: Lenovo XClarity Administrator and the Lenovo XClarity Pro bundle.
XClarity Administrator is the foundational element in the XClarity solution and can be used by itself to simplify hardware
management across multiple systems. XClarity Pro includes Administrator and XClarity Integrators for Microsoft
System Center and VMware vCenter, which enables managing Lenovo hardware from those external tools and
provides advanced automation in clustered environments.

4 Tech Sales Certification - System Management Study Guide

Table 1-1 lists the differences between the editions.

Table 1-1 Comparing Lenovo XClarity editions

5 Tech Sales Certification - System Management Study Guide

 For customers who use older System x hardware management tools, Table 1-2 lists the differences between these
older tools and XClarity. Table 1-2 Comparing Lenovo XClarity Administrator with other management products

Table 1-2 Comparing Lenovo XClarity Administrator with other management products

6 Tech Sales Certification - System Management Study Guide

This book
This guide is based on best practices that were learned from real-world usage in production environments by subject
matter experts across the globe, and available technical documentation. Use this guide to help you prepare and plan
setting up and configuring Lenovo XClarity Administrator, and to make full use of XClarity Administrator functionality to
discover and manage physical endpoints.L

Planning and Licensing

Before you install and implement Lenovo XClarity Administrator, we recommend reviewing the
recommendations in this chapter, which can help you plan for installation and day-to-day management.
This chapter includes the following topics:
2.1, “Hardware and software requirements”
2.2, “Port requirements”
2.3, “Management considerations”
2.4, “Network considerations”
2.5, “Managed server limitations”
2.6, “High availability considerations”
2.7, “Licensing”

Hardware and software requirements

Before you install Lenovo XClarity Administrator and manage any rack servers or Flex System chassis, you must en-
sure that the hardware and software in your environment is supported by Lenovo XClarity
Administrator.
This section includes the following topics:
• 2.1.1, “Virtual appliance prerequisites”
• 2.1.2, “Supported hardware” on page 7
• 2.1.4, “Supported firmware” on page 14
• 2.1.5, “Supported web browsers” on page 16
• 2.1.1 Virtual appliance prerequisites
The XClarity Administrator appliance runs in a virtual machine (VM). Ensure that you meet the prerequisites that are
described in this section before you attempt to install Lenovo XClarity Administrator.

NTP server prerequisites

Ensure that there is a Network Time Protocol (NTP) server in your network that can be used
as the NTP server for Lenovo XClarity Administrator. An NTP server is required to ensure
synchronization between the XClarity Administrator and all managed endpoints.

Configuring the NTP server: Consider using the host on which XClarity Administrator is installed as NTP
server when you are deciding where to configure the server. If you decide as such, ensure that the host is
accessible over the management network (typically the Eth0 interface).

Host prerequisites
The XClarity Administrator appliance runs as a VM on the host system. The following Hypervisors are supported for
installing the XClarity Administrator appliance:
• VMware ESXi 5.1 update 1 or Version 5.5 or later
• Microsoft Windows Server 2012 or higher with Hyper-V installed

The host system that is running the XClarity Administrator appliance VM has the following
minimum requirements:
• Two 4-core Intel Xeon processors.
• 6 GB of memory
• A minimum of 64 GB of storage for use by XClarity Administrator

7 Tech Sales Certification - System Management Study Guide

 Installing XClarity Administrator on a Flex System compute node: XClarity Administrator can be installed on
a Flex System compute node; however, considerations must be made when firmware updates are
deployed.

When firmware updates are applied via XClarity Administrator, the managed system must be restarted.
Therefore, if XClarity Administrator is hosted on a managed Flex System compute node, you cannot use
XClarity Administrator to apply firmware updates to all servers in that entire chassis (specifically, this
managed compute node). Restarting this managed compute node or host system also restarts XClarity
Administrator, which makes XClarity Administrator unavailable to complete the updates on the Managed
compute node or host system. Therefore, you must clear this Flex node when updates are made on the
Flex Chassis.

Supported hardware
Lenovo XClarity Administrator supports several System x servers and Flex System compute nodes and other devices.

Requirements for IMMv2 Advanced FoD key on System x rack servers: Operating System Deployment and
Remote Control features of Lenovo XClarity Administrator require that the IMMv2 Advanced Feature on
Demand (FoD) key is installed on System x servers.

However, XClarity Administrator still can manage the server if the IMMv2 Advanced FoD key is not
enabled. In the case of Remote Control, if the FoD key is not detected on a server, the remote-control
session displays the “Missing activation key” message for the server when the list of available servers is
shown.

At the time of this writing the latest version of XClarity Administrator was v1.0.3 build 2, the following tables Table 2-1
and Table 2-3 on page 8 list the System x servers and Flex System endpoints that can be managed by XClarity
Administrator. For the latest information about supported systems, see the support site for Lenovo XClarity
Administrator at the following
URL: http://pic.dhe.ibm.com/infocenter/flexsys/information/topic/com.lenovo.lxca.doc/plan_supportedhw.html

Support with limitations: Some endpoints are supported with limitations, as listed in
Table 2-1 and Table 2-3 on page 8. For more information about these limitations, see 2.1.3,
“Restrictions on supported hardware” on page 10.

Table 2-1 Lenovo System x Rack Servers: Supported servers

8 Tech Sales Certification - System Management Study Guide

 Table 2-3 lists the supported NeXtScale Nodes.

Table 2-2 NeXtScale supported Servers

Table 2-3 lists the Flex Chassis and components and the level of support for Lenovo XClarity
Administrator. For more information about limitations, see 2.1.3, “Restrictions on supported
hardware” on page 10.

Table 2-3 Flex Systems: Supported compute nodes, chassis, and switches

9 Tech Sales Certification - System Management Study Guide

10 Tech Sales Certification - System Management Study Guide
 Restrictions on supported hardware
As listed in Table 2-1 on page 7 and Table 2-3 on page 8, some endpoints are supported with limitations. The
limitations are described next.

Processor and memory usage data

For servers that are supported with limitations, some functions are not available under the Power and Thermal
sections in the System Summary Status and Health section.

As an example of the difference between supported systems and systems with limited support for XClarity
Administrator, the CPU Subsystem-Level Utilization history for an x3550 M5 (a supported system) is shown in
Figure 2-1.

Figure 2-1 Example of CPU Subsystem-Level Utilization for a supported system (x3650 M5)

11 Tech Sales Certification - System Management Study Guide

 Notes: Consider the following points:
• CPU subsystem-level utilization represents the percentage of the total CPU bandwidth that is in use as
measured by performance counters that are built in to the CPU. (It might differ slightly from the CPU
utilization that is reported by the operating system.)
• Figure 2-1 shows one data point per 30-second interval. This display might differ from
the actual management module interface display.

The Memory Subsystem-Level Utilization history for the same server is similar to the graph that is shown in Figure 2-2
on page 11.

Historical memory data: Under some circumstances, historical memory usage is not available. At the time
of this writing, this issue is a known defect and currently being investigated.

Figure 2-2 Memory Subsystem-Level Utilization history for a supported system (x3550 M5)

Note: Consider the following points:

• CPU subsystem-level utilization represents the percentage of the total CPU bandwidth that is in use as
measured by performance counters that are built in to the CPU. (It might differ slightly from the CPU
utilization that is reported by the operating system.)
• Figure 2-1 shows one data point per 30-second interval. This display might differ from
the actual management module interface display.

Figure 2-3 shows a server with limited support.

Figure 2-3 CPU and Memory Utilization data not supported

12 Tech Sales Certification - System Management Study Guide

 Configuring network ports through configuration patterns
Configuring network ports through configuration patterns is the ability configure the Flex
Network Switches internal ports via configuration patterns for the I/O adapters, as shown in
Figure 2-4 on page 12.

Figure 2-4 Option to Apply settings to Chassis switch internal ports, where applicable

At the time of this writing, the switch-related settings can apply only to the following types of
switches:
• Flex System Fabric CN4093 10Gb Converged Scalable Switch
• Flex System Fabric EN4093R 10Gb Scalable Switch
• Flex System Fabric SI4093 System Interconnect Module
• Flex System Fabric SI4091 System Interconnect Module
Power Systems compute nodes
Flex System compute nodes with POWER processors are not supported; however, these
systems still are displayed in the chassis views and you can view the properties and status for
these compute nodes.

Chassis Management Module

For full support, chassis require one or two Chassis Management Module II (CMM2) units installed (part number
00FJ669).

Chassis that feature CMMs are supported with limitations. The following functions are not
available:
• Aggregated event and audit logs from I/O Modules
• Network configuration (configuring the Flex Network Switches internal ports via configuration patterns for the I/O
adapters, as shown in Figure 2-4)
13 Tech Sales Certification - System Management Study Guide
 Incompatibility with CMM and CMM2: A CMM and a Lenovo CMM2 cannot be installed in the same chassis
at the same time. The firmware on a CMM cannot be upgraded to change it to a Lenovo CMM2 because
they contain different hardware.

Flex System I/O Modules

Flex I/O modules with firmware that is signed by IBM are supported, but with limitations as listed in Table 2-3 on page
8. Therefore, the following functions are not available:

• Aggregated event and audit logs

• Network configuration (configuring the Flex Network Switches internal ports via configuration patterns for the I/O
adapters, as shown in Figure 2-4 on page 12)

At the time of this writing, the switch-related settings apply only the following types of switches:
– Flex System Fabric CN4093 10Gb Converged Scalable Switch
– Flex System Fabric EN4093R 10Gb Scalable Switch
– Flex System Fabric SI4093 System Interconnect Module
– Flex System Fabric SI4091 System Interconnect Module
Lenovo Flex switches are supported with Lenovo CMMs only.

If a switch is in stacked or protected mode, you cannot update its firmware by using XClarity Administrator.

For more information about IO adapter support, see this Lenovo XClarity Supported Devices website:
https://ibm.com/support/entry/portal/docdisplay?lndocid=LNVO-XCLACOM

V7000 Storage Node

Limited support is provided for Flex System V7000 Storage Nodes, including displaying status and detailed information,
powering on and off, virtually reseating the canisters, and launching the management module, as shown in Figure 2-5.

Figure 2-5 Supported actions performed on Storage Node v7000

Table 2-1 on page 7 lists the Rack Server Models and the level of support for Lenovo XClarity Administrator.

14 Tech Sales Certification - System Management Study Guide

 Supported firmware
Before Lenovo XClarity Administrator is used to manage your endpoints, ensure that the firmware on each endpoint is
at the minimum required level, as listed in Table 2-4.
Table 2-4 Minimum Firmware Requirements

15 Tech Sales Certification - System Management Study Guide

If your firmware is not at a supported level, use the following tools and methods to update the firmware to the
supported level so that the endpoint can be discovered and managed:
• Chassis
Use the CMM web interface to update firmware on the CMM.
For more information about firmware for Flex System chassis and devices, see this PureSystems Center
website:
https://ibm.com/software/brandcatalog/puresystems/centre/
• Servers
Use the following ToolsCenter™ update tools to update firmware on System x servers:
– Lenovo Bootable Media Creator™ website:
http://ibm.com/support/entry/portal/docdisplay?lndocid=LNVO-BOMC
– Lenovo UpdateXpress website:
http://ibm.com/support/entry/portal/docdisplay?lndocid=LNVO-XPRESS
For more information about firmware for server and devices, see this Fix Central website:
http://ibm.com/support/fixcentral/
• Flex switches
Use the CMM web interface or CMM command-line interface (CLI) to update with the switch.
Supported web browsers
Ensure that you can access Lenovo XClarity Administrator by using one of the following supported browsers:
• Chrome (all versions)
• Firefox ESR 31.x
• Microsoft Internet Explorer 9, 10, or 11
• Safari (IOS7 or later and OS X)

Using the latest versions: Browser support is tied to tested web browsers. If you have a
newer browser version than the versions that are listed here, the browser might not be
supported. However, this lack of support does not mean that the browser does not work.
We recommend the use of the documented supported web browsers.

Port requirements
There are several ports that must be available, depending on how firewalls are implemented in your environment. If
these ports are blocked or used by another process, some Lenovo XClarity Administrator functions might not work.

Review the following to determine which ports need to be opened based on your environment:
• Access to the Lenovo XClarity Administrator server
If the Lenovo XClarity Administrator server and all managed endpoints are behind a firewall and you intend
to access those devices from a browser that is outside of the firewall, you must ensure that the Lenovo
XClarity Administrator ports are open. If SNMP and SMTP are used for event management, you might also
need to ensure that the ports that are used by the Lenovo XClarity Administrator server for event forwarding
are open.

The Lenovo XClarity Administrator server listens on (and responds through) the ports that are listed in Table 2-5.

16 Tech Sales Certification - System Management Study Guide

 Optionally, the ports that are listed in Table 2-6 must be open for event forwarding from the Lenovo XClarity
Administrator server to other event management tools.

• Access between Lenovo XClarity Administrator and managed endpoints

If the managed endpoints, such as compute nodes or rack servers, are behind a firewall and you intend to manage
those devices from a Lenovo XClarity Administrator server that is outside of that firewall, you must ensure that all
ports that are involved with communications between Lenovo XClarity Administrator and the IMM on each managed
endpoint are open. These ports are listed in Table 2-7.

If you intend to install operating systems on managed endpoints through the Lenovo XClarity Administrator server,
make sure that you review the list of ports in Table 2-8 on page 18. Table 2-7 Ports that must be open between
Lenovo XClarity Administrator and managed endpoints

17 Tech Sales Certification - System Management Study Guide

 • Access between Lenovo XClarity Administrator and data network for OS deployment. To install operating systems on
managed endpoints, ensure that the ports that are listed in Table 2-8 are open to the network that is used as the data
network (or operating system deployment network).
Table 2-8 Ports that must be available to deploy operating Systems

For more information about ports that must be available for deployed operating systems, see the following Information
Center page:
http://pic.dhe.ibm.com/infocenter/flexsys/information/topic/com.lenovo.lxca.doc/operating_system_firewall_rules_for_de-
ployment.html

If you are deploying Microsoft Windows, the ports that are listed in Table 2-9 must be available for Windows profiles.

18 Tech Sales Certification - System Management Study Guide

 Table 2-9 Ports that must be available

Management considerations
There are several alternatives to choose from when managing endpoints. Depending on the endpoints that are
managed, you might need multiple management solutions that are running at the same time.

Lenovo XClarity Administrator provides hardware management for System x rack servers and Flex System devices,
including the CMM, compute nodes, and Flex switches.

Consider the following factors regarding chassis management by XClarity Administrator:

• A specific chassis or rack server can be managed by only one instance of XClarity Administrator.
• If a chassis is managed by XClarity Administrator, you cannot use the following management alternatives for the
same chassis:
– Flex System Manager management node
– IBM Fabric Manager

However, you can use the following other management solutions:

– Microsoft System Center
– VMware vCenter

Note: Lenovo offers Lenovo XClarity Integrator for Microsoft System Center and the Lenovo XClarity
Integrator for VMware vCenter to enable more System x and Flex monitoring and management from within
the Microsoft and VMware Interfaces.

For more information about these solutions, see the following websites:
Lenovo XClarity Integrator for VMware vCenter:
http://ibm.com/support/entry/portal/docdisplay?lndocid=LNVO-VMWARE
Lenovo XClarity Integrator for Microsoft System Center:
http://ibm.com/support/entry/portal/docdisplay?lndocid=LNVO-MANAGE

• The Flex System compute nodes with POWER processors and Flex System V7000 Storage Node cannot be
managed by XClarity Administrator.

These devices appear in the graphical interface for XClarity Administrator and you can view device properties and
status. You also can power on and off a storage node, virtually reseat the canisters, and start the management module.
However, you must use other management alternatives to take any actions on the devices, such as updating or
configuring the devices. Consider the following points:
– Use a Hardware Management Console to manage POWER-based compute nodes.
You can use the Power Systems Hardware Management Console to manage these devices even if you also
are managing that chassis by using XClarity Administrator.
– Use the web interface or the CLI that is provided with the Flex System V7000 Storage Node to manage that
device.

19 Tech Sales Certification - System Management Study Guide

 • XClarity Administrator does not manage Flex switches that are installed in managed chassis. They appear in the
graphical interface for XClarity Administrator, but you must use the Flex switches interfaces (web or CLI) to manage
the Flex switches.

Transitioning from Flex System Manager to XClarity Administrator

If you are planning to manage a chassis with Lenovo XClarity Administrator and that chassis is managed by a Flex
System Manager, review the considerations that are described in this section to successfully transition the chassis to
XClarity Administrator management.

Depending on your configuration, transitioning from management by Flex System Manager to management by
XClarity Administrator might be disruptive to your running workloads. Therefore, consider performing the transition
during a maintenance window to minimize downtime with running workloads.

Complete the following steps to ensure that XClarity Administrator can manage a chassis that
was managed by Flex System Manager:

1. Prepare the chassis to be removed from management by Flex System Manager. Optionally, complete the following
steps to prepare the chassis to be removed from management by the Flex System Manager:
a. If you use IBM Fabric Manager (FM), which is part of the Flex System Manager, to virtualize addresses,
modify Fabric Manager to use push mode to distribute virtual addresses through the CMM. If you are using
Fabric Manager in pull mode and Flex System Manager is powered off, the virtual addresses are unavail
able after the next restart of the compute node.

Differences between IBM FM to XClarity Administrator: Fabric Manager supports the concept of a standby
node. If there is a hardware failure, Fabric Manager assigns the virtual address of the failed compute node
to the standby node so that it can automatically take over the workload from the failed node.

XClarity Administrator does not support the concept of a standby node. With XClarity Administrator, if a
server fails after you deploy a server pattern, you can recover the server by unassigning the profile from
the failed server and then reassigning that profile to a standby server.

If virtual addresses are changed, you also must adjust infrastructure services, as described in the following examples:
• If the worldwide port name (WWPN) is changed for a compute node, you also must adjust SAN zoning and LUN
mapping.
• If the MAC address for a port is changed, you must adjust the MAC-to-IP address binding in the DHCP server or ‘
clustering software.
• IBM FM can configure a virtual start target WWN. If you do not migrate properly, you can lose the ability to start your
operating system.
b. Remove the chassis from management by using the Flex System Manager.
c. Manage the chassis from XClarity Administrator. For more information about managing a chassis, see
Chapter 6, “Discovery, inventory, and other systems information” on page 121
d. Remove any agents that were installed on devices that are managed by the Flex System Manager. The
XClarity Administrator implements an agentless management approach. Therefore, you do not need to
install agents on managed compute nodes. Although the installed agents have no effect on XClarity
Administrator management functions, you can choose to remove those agents and reclaim the space on the
compute node.

Transitioning from IBM FM to XClarity Administrator

As of this writing, the recommended option to assist with the transition from IBM FM to XClarity Administrator is to use
the assistance of Lenovo Enterprise Solution Services, as listed in Table 2-10 on page 21.
Table 2-10 Contact details for Lenovo Enterprise Solution Services

20 Tech Sales Certification - System Management Study Guide

 Transitioning from IBM Systems Director to XClarity Administrator
When the transition is made from IBM Systems Director to XClarity Administrator, the following tasks must be
completed:
• Confirm the systems that are transitioned are supported by XClarity Administrator. For more information, see
2.1.2, “Supported hardware” on page 7.
• It is not generally recommended to manage a system using both IBM Systems Director and XClarity Administrator,
therefore you should remove the system from being managed by IBM Systems Director before managing the System
from XClarity Administrator. This process requires removing the operating system-managed endpoint and the Server
managed endpoint for the specific server to be transitioned.
• Uninstall any IBM Systems Director Agents that might be installed (that is, IBM Systems Director Common Agent or
IBM Systems Director Platform Agent), unless you use the Lenovo XClarity Integrator for Microsoft System Center
and require these agents for Hardware Alerts from the IBM Legacy systems. The XClarity Administrator implements
an agentless management approach. Therefore, you do not need to install agents on managed compute nodes.
Although the installed agents have no effect on XClarity Administrator management functions, you can choose to
remove those agents and reclaim the space on the compute node.

Using management software other than XClarity Administrator

You can use management software other than Lenovo XClarity Administrator (such as IBM Endpoint Manager or
Microsoft Systems Center Operations Manager) to monitor endpoints in your data center that are managed by
XClarity Administrator.

If you intend to use management software other than XClarity Administrator to monitor your managed endpoints and
if that management software uses SNMPv3 communication, you must prepare your environment by completing the
following steps before you manage the chassis by using the XClarity Administrator. If the chassis are already
managed by XClarity Administrator, you must first unmanage the chassis (for more information, see 6.5, “Unmanaging
a system” on page 155):
1. Create a user account on the CMM.
2. Configure the SNMPv3 properties for the user account, including passwords, authorization privileges, encryption,
and trap address.
3. Configure the user account to provision the SNMP user account to the IMM.
4. Enable node account management on the CMM.
5. Repeat steps 1 - 3 for up to 12 SNMP user accounts that are supported by CMM.
6. For each new SNMP user account, log on and change the first-time password.

SNMPv3 passwords: The password for the SNMPv3 user accounts expires after 90 days. You must
change the password before they expire to avoid account disruption. To change the password, you must
first unmanage the chassis from XClarity Administrator, change the passwords, and then manage the
chassis again.

To avoid having to change the password for the SNMP user accounts on the first logon and again every 90 days, you
can set the security policy and the global login setting on the CMM to “Legacy” (this practice is not recommended). You
can change these settings before or after you manage the chassis.

Network considerations
When the Lenovo XClarity Administrator installation is planned, consider the network topology that is implemented in
your environment and how the XClarity Administrator fits into that topology.

21 Tech Sales Certification - System Management Study Guide

 Use of DHCP: Configure the rack servers and chassis components in ways that minimize IP address
changes. Consider the use of static IP addresses instead of Dynamic Host Configuration Protocol (DHCP).
If DHCP is used, ensure that IP address changes are minimized to avoid any issues, such as an IP
address potential changes when the DHCP lease expires.

Network types
Most environments implement the following types of networks. Based on your requirements, you might implement only
one of these networks or you might implement all three:
• Management network
The management network often is reserved for communications between XClarity Administrator and the
management processors for managed endpoints. For example, the management network might be configured
to include XClarity Administrator, the CMMs for each managed chassis, and the Integrated Management
Modules (IMMs) of each server that is managed by XClarity Administrator.
• Data network
The data network often is used for communications between the operating systems that are installed on the
servers and the company intranet, the Internet, or both.
• Operating system deployment network
In some cases, an operating system deployment network is set up to separate out the communications that
are required to deploy operating systems on servers. If implemented, this network often includes XClarity
Administrator and all server hosts.
Instead of implementing a separate operating system deployment network, you might choose to combine this
functionality in the management network or the data network.

XClarity Administrator network interfaces

Lenovo XClarity Administrator has two separate network interfaces (Eth0 and Eth1) that can be defined for your
environment, depending on the network topology that you implement.

Consider the following points when one network interface (Eth0) is present:
• The interface must be configured to support the discovery and management of hardware. It must communicate with
the CMM in each managed chassis, with the IMM of each managed compute node and rack server, and with the Flex
switches in each managed chassis.
• If you intend to acquire firmware updates from the Fix Central website (electronic fix-distribution
website at https://ibm.com/support/fixcentral/), this interface must also have connectivity to the Internet (typically
through a firewall). Otherwise, you must manually import firmware updates into the management-sever updates
repository.
• If you intend to deploy operating system images to managed servers, the network interface must have IP network
connectivity to the server network interface that is used to access the host operating system and must be configured
with an IPv4 address.
Consider the following points when two network interfaces (Eth0 and Eth1) are present:
• The Eth0 interface often is connected to the management network and is used to discover and manage hardware. It
must communicate with the CMM of each managed chassis, with the IMM of each managed server, and with the Flex
switches that are installed in each managed chassis.

If you intend to acquire firmware updates from the Fix Central website (see https://ibm.com/support/fixcentral/), the
Eth0 interface must also have connectivity to the Internet (often through a firewall). Otherwise, you must import firm-
ware updates into the management server updates repository.
• The Eth1 interface often is connected to the data network (an internal data network, a public data network, or both)
and used to manage host operating systems.
• The network interface that you chose to use to deploy operating system images to the managed servers must have
IP-network connectivity to the server network interface that is used to access the host operating system and must be
configured with an IPv4 address.
• If you implemented a separate network for deploying operating systems, you can configure Eth1 to connect to that
network instead of the data network. However, if the operating system deployment network does not have access to
the data network, you must define another I/O interface on that server so that the server host has access to the
data network when you install the operating system on a server.

22 Tech Sales Certification - System Management Study Guide

 Use of DHCP: If the network interface for the management network is configured to use DHCP, the
management-interface IP address might change when the DHCP lease expires. If the IP address changes,
you must unmanage the chassis and rack servers and then remanage them.

To avoid this issue, change the management interface to a static IP address or ensure that the DHCP
server configuration is set so that the DHCP address is based on a MAC address or that the DHCP lease
does not expire.

Network configurations
Table 2-11 lists possible configurations for the XClarity Administrator network interfaces that are based on the type of
network topology that was implemented in your environment. Use this table to determine how to define Eth0 and Eth1.
Table 2-11 Role of Eth0 and Eth1 based on network topology

23 Tech Sales Certification - System Management Study Guide

 Single data and management network
In this network topology, management communications, data communications, and operating systems deployment
occur over the same network. This topology is referred to as a converged network.

When you install XClarity Administrator, define network settings by using the following considerations:
• Eth0 must be configured to support the discovery and management of hardware. It must communicate with the CMM
of each managed chassis, with the IMM of each managed server, and with the Flex switches that is installed in each
managed chassis.
• Optionally, if you intend to acquire firmware updates from the Fix Central website
(http://ibm.com/support/fixcentral), Eth0 must also have connectivity to the Internet (typically through a firewall).
Otherwise, you must import firmware updates into the firmware-updates repository.
• Optionally, if you intend to deploy operating system images to managed servers, Eth0 must have IP network
connectivity to the server network interface that is used to access the host operating system and it must be configured
with an IPv4 address.
• You can set up the XClarity Administrator host on any system that meets the requirements for the XClarity
Administrator, including a managed server (compute node or rack server) only when you implement a single data and
management network topology or a virtually separate data and management network topology; however, you cannot
use the XClarity Administrator to apply firmware updates to that managed server.

Even then, only some of the firmware is applied with immediate activation. The XClarity Administrator forces the target
server to restart, which also restarts the XClarity Administrator. When applied with deferred activation, only some
firmware is applied when the XClarity Administrator host is restarted.

You can also configure Eth1 to connect to the same network from XClarity Administrator to support redundancy.

Figure 2-6 shows an example implementation for a Single Data and Management network or converged network
topology.

Physically separate data and management network

In this network topology, the management network and the data network are physically separate networks and the
operating system deployment network is configured as part of the management network or the data network.

When you install XClarity Administrator, define network settings by using the followingconsiderations:•
• Eth0 is configured to support the discovery and management of hardware. It must communicate with the CMM of each
managed chassis, with the IMM of each managed server, and with the Flex switches that are installed in each
managed chassis. If you intend to acquire firmware updates from Fix Central website
(http://ibm.com/support/fixcentral) this interface must also have connectivity to the Internet (typically through a
firewall). Otherwise, you must import firmware updates into the management server updates repository.
• Eth1 often is configured to communicate with an internal data network, a public data network, or both.

24 Tech Sales Certification - System Management Study Guide

• Eth1 often is configured to communicate with an internal data network, a public data network, or both.
• If you intend to deploy operating system images to managed servers, the Eth0 interface or the Eth1 interface must
have IP network connectivity to the server network interface that is used to access the host operating system and it
must be configured with an IPv4 address.

Note: If you implement a separate operating system deployment network, Eth1 might be configured to
connect to that network instead of the data network. If the operating system deployment network does not
have access to the data network, you must define an extra I/O interface on that server when you install the
operating system so that the server host has access to the data network.

Figure 2-7 shows an example implementation of separate management and data networks in which the operating
system deployment network is configured as part of the data network.

Figure 2-7 Operating system network as part of the data network

Figure 2-8 shows another example implementation of separate management and data networks in which the
operating system deployment network is configured as part of the management network. In this implementation,
XClarity Administrator does not need connectivity to the data network.

Note: If the operating system deployment network does not have access to the data network, configure an
extra interface on the servers to provide connectivity from the host operating system on the server to the
data network, if needed.

25 Tech Sales Certification - System Management Study Guide

 Figure 2-8 Operating system network as part of the management network

Virtually separate data and management network

In this topology, the data network and management network are virtually separate. Packets from the data network
and from the management network are sent over the same physical connection. VLAN tagging is used on all man-
agement-network data packets to keep the traffic between the two networks separated.

Note: If the XClarity Administrator is installed on a host that is running on a managed compute node in a
chassis, you cannot use the XClarity Administrator to apply firmware updates to that entire chassis
because it also update the managed compute node. When firmware updates are applied, the host system
must be restarted.

When you install the XClarity Administrator, define network settings by using the following
considerations:
• Eth0 is configured to support the discovery and management of hardware. It must communicate with the CMM of
each managed chassis, with the IMM of each managed server, and with the Flex switches that are installed in each
managed chassis. If you intend to acquire firmware updates from Fix Central website, this interface must also have
connectivity to the Internet (often through a firewall). Otherwise, you must import firmware updates into the manage-
ment server updates repository.
• Eth1 often is configured to communicate with an internal data network, a public data network, or both.
• If you intend to deploy operating system images to managed servers, the Eth0 interface or the Eth1 interface must
have IP network connectivity to the server network interface that is used to access the host operating system and it
must be configured with an IPv4 address.

Note: If you implement a separate operating system deployment network, Eth1 might be configured to
connect to that network instead of the data network. If the operating system deployment network does not
have access to the data network, you must define an extra I/O interface on that server when you install the
operating system so that the server host has access to the data network.

26 Tech Sales Certification - System Management Study Guide

You can set up the XClarity Administrator host on any system that meets the requirements for the XClarity
Administrator, including a managed server (compute node or rack server) only when you implement a single data and
management network topology or a virtually separate data and management network topology.

However, you cannot use the XClarity Administrator to apply firmware updates to that managed server. Even then,
only some of the firmware is applied with immediate activation. The XClarity Administrator forces the target server to
restart, which also restarts the XClarity Administrator. When applied with deferred activation, only some firmware is
applied when the XClarity Administrator host is restarted.

Figure 2-9 shows an example implementation of virtually separate management and data networks in which the
operating system deployment network is configured as part of the data network. In this example, the XClarity
Administrator is installed on a managed compute node.

Figure 2-9 Operating system network as part of the data network

Management-only network
In this topology, XClarity Administrator has access to the management network only. It does not have access to the data
network. However, XClarity Administrator must have access to the operating system deployment network if you intend
to deploy operating system images from XClarity Administrator to managed servers.

When you install XClarity Administrator and define network settings, Eth0 must be configured to support the discovery
and management of hardware. It must communicate with the CMM of each managed chassis, with the IMM of each
managed server, and with the Flex switches that are installed in each managed chassis.

If you intend to acquire firmware updates from Fix Central, Eth0 must also have connectivity to the Internet (often
through a firewall). Otherwise, you must import firmware updates into the management server updates repository.

If you intend to deploy operating system images to managed servers, Eth0 must have IP network connectivity to the
server network interface that is used to access the host operating system and it must be configured with an IPv4
address.

You also can configure Eth1 to connect to the same network from XClarity Administrator to
support redundancy.

27 Tech Sales Certification - System Management Study Guide

 Figure 2-10 shows an example implementation for a management-only network in which operating system deployment
from XClarity Administrator is not supported.

Figure 2-11 shows an example implementation of a management-only network with support for operating system de-
ployment.

Managed server limitations

At the time of this writing Lenovo XClarity Administrator supports up to 20 chassis with compute nodes and a similar
number of rack servers.

For more information about minimum requirements of the host system, see 2.1.1, “Virtual appliance prerequisites” on
page 6.

28 Tech Sales Certification - System Management Study Guide

 High availability considerations
To set up high availability (HA) for XClarity Administrator, you should use the high availability features that are part of
the host operating system (that is, VMware ESX/ESXi or Microsoft Hyper-V).

VMware ESX or ESXi

In a VMware HA environment, multiple hosts are configured as a cluster. Shared storage is used to make the disk im-
age of a VM available to the hosts in the cluster. The VM runs on only one host at a time. When there is an issue with
the VM, another instance of that VM is started on a backup host.

VMware HA requires the following components:

• A minimum of two hosts on which ESX or ESXi is installed. These hosts become part of the VMware cluster.
• A third host on which VMware vCenter is installed.

VMware ESX and vCenter compatibility: Ensure that you install a version of VMware vCenter that is
compatible with the versions of ESX or ESXi that are installed on the hosts to be used in the cluster to
avoid any version support issues.

VMware vCenter can be installed on one of the hosts that is used in the cluster. However,if that host is powered off or
not usable, you also lose access to the VMware vCenter interface.

• Shared storage (data stores) that can be accessed by all hosts in the cluster. You can use any type of shared storage
that is supported by VMware. The data store is used by VMware to determine whether a VM should fail over to a
different host (heart-beating).

For more information about setting up a VMware HA cluster (VMware 5.0), see the page “Create a vSphere HA
Cluster” in the vSphere 5 Documentation Center:
https://pubs.vmware.com/vsphere-50/index.jsp#com.vmware.vsphere.avail.doc_50/GUIDB53060B9-
2704-4EE2-B97A-AE6FEBCE3356.html

Complete the following steps to set up an HA environment:

1. Set up shared storage that is to be accessible from all hosts in the cluster.
2. Install ESXi on two servers, each with static IP addresses. Ensure that VMware vCenter is configured on a separate
server
3. Start VMware vCenter.
4. Configure the other two hosts to work with VMware vCenter.
a. Create the cluster.
b. Add the hosts to the cluster.
c. Add both data stores to the hosts in the cluster.

Note: You need the second data store for the heartbeat.

5. Deploy XClarity Administrator to the cluster.

Microsoft Hyper-V
To implement High Availability (HA) for XClarity Administrator in a Microsoft Hyper-V environment, use the HA
functionality that is provided for the Hyper-V environment.

More information is available from Microsoft to configure HA at the following Technet

URL: https://technet.microsoft.com/en-us/library/cc754482.aspx

Complete the following steps to set up a high-availability environment:

1. Set up the domain controller:
a. Perform the initial DHCP setup.
b. Set up DNS.
c. Set up Active Directory - Domain Services (AD-DS)
d. Complete the DHCP setup.

29 Tech Sales Certification - System Management Study Guide

 2. Set up the first host:
a. Install Microsoft Windows 2012 R2.
b. Join the AD-DS domain.
c. Add the following features:
• Hyper-V
• Failover clustering
3. Set up the second host:
a. Install Microsoft Windows 2012 R2
b. Join the AD-DS domain.
c. Add the following features:
• Hyper-V
• Failover clustering
4. Configure the shared storage (such as iSCSI) on the domain controller and both hosts.
5. Configure failover clustering.
6. Add the XClarity Administrator image.

Licensing
Lenovo XClarity Administrator is a licensed product and is available in the following editions:
• XClarity Administrator (Stand-alone option)
• XClarity Pro (bundled with the XClarity Integrators for VMware vCenter and Microsoft System Center)

Both editions are available with a 1, 3, or 5-year software subscription and support. The editions also are available on a
per-server or per-chassis basis.

If you have a fully populated chassis with 14 nodes, the per-chassis licensing is more cost-effective; however, you might
want to purchase per-server licensing for Flex System compute nodes if, for example, the chassis was not fully
populated with nodes.

The one-time charge for the product includes the license, software subscription, and support. It is delivered as a
software virtual appliance for VMware or Microsoft Hyper-V via the Passport Advantage online licensing.

Many clients might have a service and support agreement running with IBM Flex System Manager, IBM Systems
Director Standard Edition, or IBM Fabric Manager (Stand-alone). If you have such an agreement in place, you are
entitled to XClarity Pro at no extra cost for the remainder of the current service and support agreement. This is all
administered via IBM Passport Advantage online licensing program.

Licensing example
If you have two years remaining of a 3-year IBM Flex System Manager Service and support agreement, you can
transition free of cost to XClarity Pro for the remaining two years. XClarity Administrator and the XClarity Integrator
licenses show up under the Flex System Manager entitlement

When it is time to renew this agreement, you renew the service and support agreement for XClarity Pro. The entitlement
then is under XClarity Pro and not under IBM Flex System Manager.

Part numbers
The part numbers for geographical regions are listed in Table 2-13, Table 2-14 on page 34, and Table 2-15 on page 35.
XClarity Pro includes XClarity Integrator for Microsoft System Center and XClarity Integrator for VMware vCenter.

30 Tech Sales Certification - System Management Study Guide

 Table 2-12 Part numbers: Per managed server (North America, Asia Pacific, and Japan)

Table 2-13 Part numbers: Per Managed Server (EMEA and Latin America)

Table 2-14 Part numbers: Per managed chassis (North America, Asia Pacific, and Japan)

31 Tech Sales Certification - System Management Study Guide

 Table 2-15 Part numbers: Per managed chassis (EMEA and Latin America)

32 Tech Sales Certification - System Management Study Guide

 Lenovo XClarity
Administrator Product

33 Tech Sales Certification - System Management Study Guide

 Product Guide
Lenovo XClarity™ Administrator is a centralized resource management solution that is aimed at reducing complexity,
speeding response, and enhancing the availability of Lenovo® server systems and solutions.

Lenovo XClarity Administrator provides agent-free hardware management for our servers, storage, network
switches and HX Series appliances.

The Lenovo XClarity Administrator interface is shown in Figure 1.

Figure 1. Lenovo XClarity Administrator dashboard

? Did You Know

Lenovo XClarity offers a mobile app for Android and iOS devices. The app enables you to securely monitor
physical systems, get real-time status alerts and notifications, and take action on common system level
tasks. The app can also connect directly via an enabled USB port to a ThinkSystem server and provide
virtual LCD capability.

Features
The administration dashboard is an HTML 5-based web interface that allows fast location of resources so tasks can be
run quickly. Because Lenovo XClarity Administrator does not include any agent software that is installed on the
managed endpoints, there are no CPU cycles spent on agent execution and no memory is used, which means that up
to 1GB of RAM and 1 - 2% CPU usage is saved, compared to a typical managed system where an agent is required.

34 Tech Sales Certification - System Management Study Guide

Lenovo XClarity Administrator delivers Lenovo resources faster. With a simplified administration dashboard, the
following functions can be easily achieved:
• Discovery
• Inventory
• Monitoring
• Firmware updates
• Firmware compliance
• Configuration management
• Deployment of operating systems and hypervisors to bare metal servers

Fast time to value is realized through automatic discovery of existing or new Lenovo System x rack servers
and Flex System infrastructure. Inventory of the discovered endpoints is gathered, so the managed hardware inventory
and its status can be viewed-at-a-glance.

A centralized view of events and alerts that are generated from managed endpoints is available. When an issue is
detected by a managed endpoint, an event is passed to Lenovo XClarity Administrator. Alerts and events are visible via
the XClarity Administrator Dashboard, the Status bar, and the Alerts and Events detail for the specific system.

Supported endpoints include:

• ThinkSystem servers and compute nodes
• Flex System Compute Nodes
• System x Servers
• ThinkServer Servers
• Converged HX Servers
• NeXtScale servers
• RackSwitch switches
• ThinkSystem storage
• Lenovo storage

Firmware management
Firmware management is simplified by assigning Firmware-compliance policies to supported managed endpoints to
ensure that firmware on those endpoints remains compliant. You can also create and edit firmware-compliance policies
when validated firmware levels do not match the suggested predefined policies. Additionally you can also apply and
activate firmware that is later than the currently installed firmware on a single managed endpoint or group of endpoints
without using compliance policies.

Configuration management
Configuration management uses pattern-based configurations to quickly provision and re-provision a
single server or multiple servers and compute nodes, all with a single set of configuration settings. Address
pools can be configured to assist with deployments. Category patterns are used to create configuration
patterns, which can be deployed to server profiles.

OS Provisioning
OS Provisioning enables bare metal deployment. VMware ESXi, Windows Server, SUSE Linux Enterprise Server
(SLES) and Red Hat Linux images can be imported and held in a repository for images. Up to 28 OS images can be
deployed concurrently.

Security
If you must be compliant with NIST SP 800-131A or FIPS 140-2, Lenovo XClarity Administrator can help you meet that
compliance. Lenovo XClarity Administrator supports self-signed SSL certificates (issued by an internal certificate
authority) or external SSL certificates (private or commercial CA). Lenovo XClarity includes an audit log that provides a
historical record of user actions, such as logging on, creating users, or changing user passwords.

Integration
Lenovo XClarity can be integrated into external, higher level management, automation, and orchestration platforms
through open REST application programming interfaces (APIs). This means Lenovo XClarity can easily integrate with
your existing management infrastructure.

35 Tech Sales Certification - System Management Study Guide

Lenovo XClarity Integrators
Lenovo XClarity integrates with leading management applications in the areas of infrastructure management,
orchestration and automation, and IT service management.

Available integrators include the following:

Lenovo XClarity Integrator for VMware vCenter (free download, support requires XClarity Pro license)
https://datacentersupport.lenovo.com/documents/LNVO-VMWARE

Lenovo XClarity Integrator for VMware vRealize Orchestrator (free download)

https://datacentersupport.lenovo.com/documents/LNVO-VMRO

Lenovo XClarity Integrator for VMware vRealize Automation (free download)

https://marketplace.vmware.com/vsx/solutions/xclarity-integrator-for-vrealize-automation

Lenovo XClarity Integrator for VMware vRealize Log Insight (free download)
https://marketplace.vmware.com/vsx/solutions/lenovo-networking-content-pack-for-vmwarevrealize-log-insight

Lenovo XClarity Integrator for Microsoft System Center (free download, support requires XClarityPro license)
https://datacentersupport.lenovo.com/documents/LNVO-MANAGE

Ordering information for those integrators requiring a license is described in the Download and ordering information
section.
Support for Lenovo XClarity Integrators for VMware vCenter and Microsoft System Center is included in Lenovo XClarity
Pro offering which is described in the next section.

Note: The Lenovo XClarity Integrator for Zenoss is now withdrawn from marketing

Lenovo XClarity Pro

Lenovo XClarity Pro provides the following entitlement:
• Lenovo XClarity Administrator Configuration Pattern feature entitlement
• Lenovo XClarity Administrator OS deployment feature entitlement
• Lenovo XClarity Administrator Service & Support
• Lenovo XClarity Integrator for Microsoft System Center Support
• Lenovo XClarity Integrator for VMware vCenter Support.
• Lenovo XClarity Administrator is now available for download from the following
URL: http://shop.lenovo.com/us/en/systems/software/systems-management/xclarity/

This download provides Lenovo XClarity Administrator base functionality plus a 90-day trial evaluation Licenses for
XClarity Administrator features Configuration Patterns and Operating System Deployment.

Note: Service and Support is only available with an XClarity Pro purchase.

The following table compares XClarity and XClarity Pro.

Table 1. Comparing Lenovo XClarity Administrator and Lenovo XClarity Pro

36 Tech Sales Certification - System Management Study Guide

Lenovo XClarity mobile app
The Lenovo XClarity mobile app provides management functions on Android and iOS devices:
• View the status summary of all hardware.
• Monitor the detailed status of each device.
• Monitor the inventory of each device.
• Monitor audit events, hardware and management events, alerts, and jobs.
• Perform power actions on a device.
• Take action on common system level tasks to minimize the risk of disruptions and downtime
• Forward emails to share inventory, alert and event information.
• On ThinkSystem servers: Perform initial configuration of servers, retrieve diagnostic information (virtual LCD) and
perform actions, Initiate Lenovo XClarity Administrator management from a mobile device.

Support requirements are as follows:

• Supports Android 4.4 and later, and iOS 8/9.
• Requires Lenovo XClarity Administrator v1.0.2 or later.

The following figure shows the Inventory screen of the mobile app.
Figure 2. Lenovo XClarity mobile app

The mobile app is available for download from these app stores:
• Google Play
• Apple iTunes
• Lenovo Store (China)
• Baidu Store (China)

Management tasks
By using Lenovo XClarity, users can perform the following tasks that are described in this section.

User Management
Lenovo XClarity Administrator provides a centralized authentication server to create and manage all user accounts
and to manage and authenticate user credentials. The authentication server is created automatically when the
management server first starts. The User accounts, which are used to log on and manage the Lenovo XClarity
Administrator, are also used for all chassis and servers that are managed by the Lenovo XClarity Administrator. When
you create a user account, you control the level of access, such as whether the account has read/write authority or
read-only authority, by using predefined role groups.

37 Tech Sales Certification - System Management Study Guide

The following figure shows the Lenovo XClarity Administration interface for Security that comprises User Management,
roles, and other security settings.

Figure 3. User management interface

Hardware monitoring
Lenovo XClarity Administrator provides a centralized view of events and alerts that are generated from managed
endpoints, such as chassis, servers, and Flex System switches. When an issue is detected by the Chassis
Management Module (CMM) or device that is installed in the chassis, an event is passed to the Lenovo XClarity
Administrator. That event is displayed in the alerts list that is available within the user interface. A status bar also is
available that provides overall status information on the main XClarity Administrator interface. An example list of alerts
is shown in the following figure.

Figure 4. Alerts and actions

38 Tech Sales Certification - System Management Study Guide

Hardware management
There are various management tasks for each supported endpoint, including viewing status and properties, configuring
system information and network settings, starting the CMM/IMM web interface, and remote control for the System x or
Flex system node. The interface with a single System x Server selected and the power actions is shown in the following
figure.

Figure 5. Hardware Management

Configuration management
Configuration patterns provide a way to ensure that you have consistent configurations applied to managed servers.
Server patterns are used to provision or pre-provision a managed server by configuring local storage, I/O adapters, boot
setting, firmware, ports, IMM, and UEFI settings. Server patterns also integrate support for virtualizing I/O addresses so
you can virtualize Flex System fabric connections or repurpose servers without disruption to the fabric.

Operating system deployment

Lenovo XClarity Administrator can be used to manage the OS images repository and deploy operating system images
to managed servers. To deploy an operating system image from Lenovo XClarity, at least one of the network interfaces
(Eth0 or Eth1) must have IP network connectivity to the server network interface that is used to access the host operat-
ing system. It also must be configured with an IPv4 address. Additionally the Feature on Demand (FoD) key for remote
presence is required on Converged, NeXtScale, and System x servers if not included as standard.

Firmware updates
Within Lenovo XClarity, you can manage the firmware updates repository and apply and activate firmware
updates for all managed endpoints. Compliance policies can be started to flag managed endpoints that do
not comply with the defined firmware rules. Refreshing the repository and downloading updates requires
an Internet connection. If Lenovo XClarity has no Internet connection, you can manually import updates to
the repository. The firmware apply and activate interface is shown in the following figure.

Figure 6. Firmware updates

39 Tech Sales Certification - System Management Study Guide

Task automation using scripts
Lenovo XClarity Administrator can run the provided cmdlets in a Microsoft PowerShell session to automate certain
management functions.
The cmdlets use Lenovo XClarity REST APIs and can automate the following functions:
• Logging in to Lenovo XClarity Administrator
• Managing user accounts
• Managing a chassis
• Deploying an operating system image to one or more compute nodes or rack servers
• Configuring compute nodes and rack servers through the use of configuration patterns

With the latest release of XClarity Administrator there is now a PyLXCA toolkit which provides a Pythonbased
library of commands and APIs to automate provisioning and resource management from an OpenStack environment,
such as Ansible or Puppet.

The PyLXCA toolkit provides an interface to Lenovo XClarity Administrator REST APIs to automate functions such as:
• Logging in to Lenovo XClarity Administrator
• Managing and unmanaging chassis, servers, storage systems, and top-of-rack switches (endpoints)
• Viewing inventory data for endpoints and components
• Deploying an operating-system image to one or more servers
• Configuring servers through the use of Configuration Patterns
• Applying firmware updates to endpoints

Download and ordering information

Lenovo XClarity Administrator is now available to download from Lenovo at the following link:
http://shop.lenovo.com/us/en/systems/software/systems-management/xclarity/

The free download also includes a 90-day evaluation license for Configuration Patterns and Operating System
Deployment to allow you to evaluate these licensed components.

Note: The free downloads do not include any entitlement for technical support.

Lenovo XClarity Integrators for Microsoft System Center (MSSC) are also available to download for free from the
following link (does not include any entitlement for technical support):
https://datacentersupport.lenovo.com/documents/lnvo-manage

Lenovo XClarity integrator for VMware vCenter is also available to download for free from the following link (does not
include any entitlement for technical support):
https://datacentersupport.lenovo.com/documents/lnvo-vmware

To gain entitlement for technical support, purchase a license for Lenovo XClarity Pro to add these features and
support:
• Lenovo XClarity Administrator Configuration Patterns
• Lenovo XClarity Administrator Operating System (OS) Deployment
• Technical support for Lenovo XClarity Administrator
• Technical support for Lenovo XClarity Integrators for MSSC
• Technical support for Lenovo XClarity Integrators for VMware vCenter

Lenovo XClarity Pro editions are available with a 1-year, 3-year, or 5-year software subscription and support. Lenovo
XClarity Pro is available on a per-managed-server basis or per-managed-chassis basis. The per chassis licenses offer
a more cost effective way of purchasing licenses for the Flex System environment.

When you purchase XClarity Pro, the order is fulfilled via electronic software delivery (ESD) using the Lenovo Key
Management System (LKMS). The order is placed onto LKMS using an email address for the end user who has
ordered the code. This email address is where the Activation Code is sent in PDF format and the email address also
allows login to the system for administration and to manage the LKMS inventory. The Activation code is redeemed on
LKMS and the electronic proof of entitlement is sent along with a welcome letter and explanation of how to obtain the
code from the ESD portal. The ESD portal is also known as Flexnet.

40 Tech Sales Certification - System Management Study Guide

 The part numbers for geographical regions are listed in the following tables.

Lenovo XClarity Pro includes Lenovo XClarity Integrator for Microsoft System Center and Lenovo XClarity
Integrator for VMware vCenter.

Lenovo XClarity Pro - Per Server

Table 2. Lenovo XClarity Pro part numbers: Per managed server

Lenovo XClarity Pro - Flex System chassis

Table 3. Lenovo XClarity Pro part numbers: Per managed chassis

Supported Host Systems

The Lenovo XClarity management appliance runs in a virtual machine on the host system.

The following Hypervisors are supported for installing Lenovo XClarity:

• Nutanix Acropolis Hypervisor (AHV)
• Microsoft Windows Server 2016 with Hyper-V installed
• Microsoft Windows Server 2012 R2 with Hyper-V installed
• Microsoft Windows Server 2012 with Hyper-V installed
• Red Hat Enterprise Linux 7.x with Kernel-based Virtual Machine (KVM) v1.2.17 installed
• VMware ESXi 6.5
• VMware ESXi 6.0 U1 and U2
• VMware ESXi 5.5 U1 and U2
• VMware ESXi 5.1 U1, U2, and U3

For VMware, the virtual machine is available as an OVF template. For Hyper-V and Nutanix AHV, the virtual machine is
a virtual-disk image (VHD). For KVM, the virtual machine is available as qcow2 format.

41 Tech Sales Certification - System Management Study Guide

The host system that is running the Lenovo XClarity virtual machine has the following minimum
requirements:
• Two virtual microprocessors.
• 8 GB of memory
• A minimum of 64 GB of storage for use by Lenovo XClarity virtual appliance.

Supported Managed Endpoints

XClarity Administrator supports the following endpoints:
• ThinkSystem servers and compute nodes
• Flex System Compute Nodes
• System x Servers
• ThinkServer Servers
• Converged HX Servers
• NeXtScale servers
• RackSwitch switches
• ThinkSystem storage
• Lenovo storage

For details about support, including any limitations, see the following support pages:
• Flex System
• ThinkSystem, Converged HX Series, NeXtScale, and System x
• RackSwitch
• Storage
•ThinkServer

Related links
For more information, see the following resources:

Lenovo XClarity website:

http://www.lenovo.com/xclarity

Free XClarity Administrator download (includes 90-day trial license for Configuration Patterns and OS Deployment)
http://www.lenovo.com/xclarity

Lenovo XClarity demonstration website:

http://lenovoxclarity.com/demo

Lenovo XClarity Online Product Information Center (InfoCenter):

http://flexsystem.lenovofiles.com/help/topic/com.lenovo.lxca.doc/aug_product_page.html

Lenovo XClarity product publications:

http://flexsystem.lenovofiles.com/help/topic/com.lenovo.lxca.doc/printable_doc.html

• Lenovo XClarity Administrator Planning and Installation Guide

• Lenovo XClarity Administrator User’s Guide
• Lenovo XClarity Administrator PowerShell User’s Reference
• Lenovo XClarity Administrator Problem Determination Guide
• Lenovo XClarity Administrator REST API Guide
• Lenovo XClarity Administrator Performance white paper

Lenovo XClarity discussion forum

https://forums.lenovo.com/t5/Lenovo-XClarity/bd-p/xc01_eg

Lenovo Xclarity Administrator performance, tips and techniques

https://download.lenovo.com/servers_pdf/lenovo_xclarity_performance_v1.3.0.pdf

Lenovo XClarity support page

https://datacentersupport.lenovo.com/documents/LNVO-XCLARIT

42 Tech Sales Certification - System Management Study Guide

 Lenovo XClarity Administrator updates page
https://datacentersupport.lenovo.com/documents/LNVO-LXCAUPD

Lenovo Key Management System

https://fod.lenovo.com/lkms

Lenovo Key Management System user guide, Using Lenovo Features on Demand
https://lenovopress.com/redp4895

Lenovo ESD Download and License Center

https://lenovoesd.flexnetoperations.com/control/lnvo/login

Lenovo Software Warranty Lookup

https://datacentersupport.lenovo.com/systemxwarrantylookup

Related product families

Product families related to this document are the following:
• Lenovo XClarity

43 Tech Sales Certification - System Management Study Guide

Notices
Lenovo may not offer the products, services, or features discussed in this document in all countries. Consult your
local Lenovo representative for information on the products and services currently available in your area. Any
reference to a Lenovo product, program, or service is not intended to state or imply that only that Lenovo product,
program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any
Lenovo intellectual property right may be used instead. However, it is the user’s responsibility to evaluate and verify
the operation of any other product, program, or service. Lenovo may have patents or pending patent applications
covering subject matter described in this document. The furnishing of this document does not give you any license
to these patents. You can send license inquiries, in writing, to:

Lenovo (United States), Inc.

1009 Think Place - Building One
Morrisville, NC 27560
U.S.A.
Attention: Lenovo Director of Licensing

LENOVO PROVIDES THIS PUBLICATION ”AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR
IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of
express or implied warranties in certain transactions, therefore, this statement may not apply to you.

This information could include technical inaccuracies or typographical errors. Changes are periodically made to the
information herein; these changes will be incorporated in new editions of the publication. Lenovo may make
improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time
without notice.

The products described in this document are not intended for use in implantation or other life support applications
where malfunction may result in injury or death to persons. The information contained in this document does not
affect or change Lenovo product specifications or warranties. Nothing in this document shall operate as an express
or implied license or indemnity under the intellectual property rights of Lenovo or third parties. All information
contained in this document was obtained in specific environments and is presented as an illustration. The result
obtained in other operating environments may vary. Lenovo may use or distribute any of the information you supply
in any way it believes appropriate without incurring any obligation to you.

Any references in this publication to non-Lenovo Web sites are provided for convenience only and do not in any
manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials
for this Lenovo product, and use of those Web sites is at your own risk. Any performance data contained herein was
determined in a controlled environment. Therefore, the result obtained in other operating environments may vary
significantly. Some measurements may have been made on development-level systems and there is no guarantee
that these measurements will be the same on generally available systems. Furthermore, some measurements may
have been estimated through extrapolation. Actual results may vary. Users of this document should verify the
applicable data for their specific environment.

© Copyright Lenovo 2017. All rights reserved.

This document, TIPS1200, was created or updated on September 2, 2017.

Send us your comments in one of the following ways:
• Use the online Contact us review form found at:
http://lenovopress.com/TIPS1200
• Send your comments in an e-mail to:
[email protected]

This document is available online at http://lenovopress.com/TIPS1200.

44 Tech Sales Certification - System Management Study Guide

 Trademarks
Lenovo, the Lenovo logo, and For Those Who Do are trademarks or registered trademarks of Lenovo in the
United States, other countries, or both. A current list of Lenovo trademarks is available on the Web at
http://www3.lenovo.com/us/en/legal/copytrade/.

The following terms are trademarks of Lenovo in the United States, other countries, or both:
• Flex System
• Lenovo XClarity
• Lenovo®
• NeXtScale
• RackSwitch
• System x®
• ThinkServer®
• ThinkSystem

The following terms are trademarks of other companies:

Linux® is a trademark of Linus Torvalds in the United States, other countries, or both.

Hyper-V®, Microsoft®, PowerShell, Windows Server®, and Windows® are trademarks of Microsoft
Corporation in the United States, other countries, or both.

Other company, product, or service names may be trademarks or service marks of others.

45 Tech Sales Certification - System Management Study Guide

 XClarity Controller

46 Tech Sales Certification - System Management Study Guide

 Introduction
The Lenovo XClarity Controller (XCC) is the next generation management controller for Lenovo ThinkSystem
servers. It is the follow-on to the Integrated Management Module II (IMM2) service processor that consolidates the
service processor functionality, Super I/O, video controller, and remote presence capabilities into a single chip on the
server system board. It provides features such as the following:
• Choice of a dedicated or shared Ethernet connection for systems management
• Support for HTML5
• Support for access via XClarity Mobile
• XClarity Provisioning Manager
• Remote configuration using XClarity Essentials or XClarity Controller CLI.
• Capability for applications and tools to access the XClarity Controller either locally or remotely
• Enhanced remote-presence capabilities.
• REST API (Redfish schema) support for additional web-related services and software applications.

Note: The XClarity Controller currently supports Redfish Scalable Platforms Management API Specification 1.0.2 and
schema 2016.2

Notes:
• A dedicated systems-management network port may not be available on some ThinkSystem servers; for these
servers access to the XClarity Controller is only available through a network port that is shared with the server
operating system.
• For Flex servers, the Chassis Management Module (CMM) is the primary management module for systems-
management functions. Access to the XClarity Controller is available through the network port on the CMM.

This document explains how to use the functions of the XClarity Controller in a ThinkSystem server. The XClarity
Controller works with the XClarity Provisioning Manager and UEFI to provide systems-management capability for
ThinkSystem servers.

To check for firmware updates, complete the following steps.

Note: The first time you access the Support Portal, you must choose the product category, product family, and model
numbers for your server. The next time you access the Support Portal, the products you selected initially are
preloaded by the website, and only the links for your products are displayed. To change or add to your product list,
click the Manage my product lists link. Changes are made periodically to the website. Procedures for locating
firmware and documentation might vary slightly from what is described in this document.
1. Go to http://datacentersupport.lenovo.com.
2. Under Support, select Data Center.
3. When the content is loaded, select Servers.
4. Under Select Series, first select the particular server hardware series, then under Select SubSeries, select the
particular server product subseries, and finally, under Select Machine Type select the particular machine type.

XClarity Controller Standard, Advanced, and Enterprise Level features

With the XClarity Controller, Standard, Advanced, and Enterprise levels of XClarity Controller functionality are offered.
See the documentation for your server for more information about the level of XClarity Controller installed in your
server. All levels provide the following:
• Around-the-clock remote access and management of your server
• Remote management independent of the status of the managed server
• Remote control of hardware and operating systems

Note: Some features might not apply to Flex system servers.

The following is a list of XClarity Controller standard level features:

47 Tech Sales Certification - System Management Study Guide

 XClarity Controller Standard Level features
The following is a list of XClarity Controller Standard Level features:
Industry Standard Management Interfaces
• IPMI 2.0 Interface
• Redfish
• CIM-XML
• DCMI 1.5
• SNMPv3

Other Management Interfaces

• Web
• Legacy CLI
• Front Panel USB - virtual operator panel via mobile device

Power / Reset Control

• Power On
• Hard/Soft Shutdown
• Scheduled Power Control
• System Reset
• Boot Order Control

Event Logs
• IPMI SEL
• Human Readable Log
• Audit Log

Environmental Monitoring
• Agent Free Monitoring
• Sensor Monitoring
• Fan Control

LED Control
• Chipset Errors (Caterr, IERR, etc...)
• System Health Indication
• OOB Performance Monitoring for I/O adapters
• Inventory Display and Export

RAS
• Virtual NMI
• Automatic Firmware Recovery
• Automated promotion of backup firmware
• POST Watchdog
• OS Loader Watchdog
• Blue Screen Capture (OS Failure)
• Embedded Diagnostic Tools

Network Configuration
• IPv4
• IPv6
• IP Address, Subnet Mask, Gateway
• IP Address Assignment Modes
• Host name
• Programmable MAC address
• Dual MAC Selection (if supported by server hardware)
• Network Port Reassignments
• VLAN Tagging

48 Tech Sales Certification - System Management Study Guide

 Network Protocols
• DHCP
• DNS
• DDNS
• HTTP/HTTPS
• SNMPv3
• SSL
• SSH
• SMTP
• LDAP client
• NTP
• SLP
• SSDP

Alerts
• PET Traps
• CIM Indication
• SNMP TRAPs
• E-mail

Serial Redirection
• IPMI SOL
• Serial port configuration

Security
• XClarity Controller Core Root of Trust for Measurement (CRTM)
• Digitally signed firmware updates
• Role Based Access Control (RBAC)
• Local User Accounts
• LDAP/AD User Accounts
• Secure Rollback of Firmware
• Chassis intrusion detection (only available on some server models)
• XCC remote assertion of UEFI TPM Physical Presence
• Audit logging of configuration changes and server actions
• Public-key (PK) Authentication
• System Retire/Repurpose

Power Management
• Real time Power Meter

License Management
• Activation Key Validation and Repository

Deployment & Configuration

• Remote Configuration
• Deployment & Configuration Tools and Driver Packs using the embedded XClarity Provisioning Manager
• Configuration Backup and Restore

Firmware Updates
• Agent Free Update
• Remote Update

XClarity Controller Advanced Level features

The following is a list of XClarity Controller Advanced Level features:
All of the XClarity Controller Standard Level features plus:

Alerts
• Syslog

49 Tech Sales Certification - System Management Study Guide

 Remote Presence
• Remote KVM

Serial Redirection
• Serial Redirection via SSH

Security
• Security Key Lifecycle Manager (SKLM)
• IP address blocking

Power Management
• Real time Power Graphics
• Historical Power Counters
• Temperature Graphics

Deployment & Configuration

• Remote OS Deployment using the embedded XClarity Provisioning Manager with the XClarity Controller Remote
KVM feature

XClarity Controller Enterprise Level features

The following is a list of XClarity Controller Enterprise Level features:

All of the XClarity Controller Standard and Advanced Level features plus:
RAS
• Boot Capture

Remote Presence
• Mounting of local client ISO/IMG files
• Quality/Bandwidth Control
• Virtual Console Collaboration (six users)
• Virtual Console Chat
• Virtual Media mounting of remote ISO/IMG files via HTTPS, SFTP, CIFS, and NFS

Power Management
• Power Capping
• OOB Performance Monitoring - System Performance metrics

Deployment & Configuration

• Remote Deployment using Lenovo XClarity Administrator

Upgrading XClarity Controller

If your server came with the Standard or Advanced level of the XClarity Controller firmware functionality, you might be
able to upgrade the XClarity Controller functionality in your server. For more information about available upgrade levels
and how to order, see Chapter 7 “License Management” on page 71.

Web browser and operating-system requirements

Use the information in this topic to view the list of supported browsers, cipher suites and operating systems for your
server.
The XClarity Controller web interface requires one of the following web browsers:
• Chrome 48.0 or above (55.0 or above for remote console)
• Firefox ESR 38.6.0 or above
• Microsoft Internet Explorer 11 (above 11.0.9600.16384 for remote console)
• Microsoft Edge
• Safari 9.0.2 or above (iOS 7 or later and OS X)

Note: Support for the remote console feature is not available through the browser on mobile device operating systems.

50 Tech Sales Certification - System Management Study Guide

 The browsers listed above match those currently supported by the XClarity Controller firmware. The XClarity Controller
firmware may be enhanced periodically to include support for other browsers.

Depending upon the version of the firmware in the XClarity Controller, web browser support can vary from the brows-
ers listed in this section. To see the list of supported browsers for the firmware that is currently on the XClarity Control-
ler, click the Supported Browsers menu list from the XClarity Controller login page.

For increased security, only high strength ciphers are now supported when using HTTPS. When using HTTPS, the
combination of your client operating system and browser must support one of the following cipher suites:
• ECDHE-ECDSA-AES256-GCM-SHA384
• ECDHE-ECDSA-AES256-SHA384
• ECDHE-ECDSA-AES256-SHA
• ECDHE-ECDSA-AES128-GCM-SHA256
• ECDHE-ECDSA-AES128-SHA256
• ECDHE-ECDSA-AES128-SHA
• ECDHE-RSA-AES256-GCM-SHA384
• ECDHE-RSA-AES256-SHA384
• ECDHE-RSA-AES128-GCM-SHA256
• ECDHE-RSA-AES128-SHA256

Your internet browser’s cache stores information about web pages that you visit so that they will load more quickly in
the future. After a flash update of the XClarity Controller firmware, your browser may continue to use information from
its cache instead of retrieving it from the XClarity Controller. After updating the XClarity Controller firmware, it is
recommended that you clear the browser cache to ensure that web pages served by the XClarity Controller are
displayed correctly.

Multiple language support

Use the information in this topic to view the list of languages supported by the XClarity Controller.

By default, the chosen language for the XClarity Controller web interface is English. The interface is capable of display-
ing multiple languages. These include the following:
• French
• German
• Italian
• Japanese
• Korean
• Portuguese (Brazil)
• Simplified Chinese
• Spanish (international)
• Traditional Chinese

To choose the language of your preference, click the arrow beside the currently selected language. A drop- down menu
will appear to let you choose your preferred language.

Text strings that are generated by the XClarity Controller firmware are displayed in the language dictated by the brows-
er. If the browser specifies a language other than one of the translated languages listed above, the text is displayed
in English. In addition, any text string that is displayed by the XClarity Controller firmware, but is not generated by the
XClarity Controller (for example messages generated by UEFI, PCIe adapters, etc…) are displayed in English.

The input of language-specific text other than English, such as the Trespass message is currently not supported. Only
text typed in English is supported.

51 Tech Sales Certification - System Management Study Guide

 Notices used in this document
Use this information to understand the notices that are used in this document.

The following notices are used in the documentation:

• Note: These notices provide important tips, guidance, or advice.
• Important: These notices provide information or advice that might help you avoid inconvenient or problem situations.
• Attention: These notices indicate potential damage to programs, devices, or data. An attention notice is placed just
before the instruction or situation in which damage might occur.

Opening and Using the XClarity Controller Web Interface

This topic describes the login procedures and the actions that you can perform from the XClarity Controller web
interface.

The XClarity Controller combines service processor functions, a video controller, and remote presence function in a
single chip. To access the XClarity Controller remotely by using the XClarity Controller web interface, you must first log
in. This chapter describes the login procedures and the actions that you can perform from the XClarity Controller web
interface.

Accessing the XClarity Controller web interface

The information in this topic explains how to access the XClarity Controller web interface.

The XClarity Controller supports static and Dynamic Host Configuration Protocol (DHCP) IPv4 addressing. The default
static IPv4 address assigned to the XClarity Controller is 192.168.70.125. The XClarity Controller is initially configured
to attempt to obtain an address from a DHCP server, and if it cannot, it uses the static IPv4 address.

The XClarity Controller also supports IPv6, but it does not have a fixed static IPv6 IP address by default. For initial ac-
cess to the XClarity Controller in an IPv6 environment, you can either use the IPv4 IP address or the IPv6 link-local ad-
dress. The XClarity Controller generates a unique link-local IPv6 address, using the IEEE 802 MAC address by insert-
ing two octets, with hexadecimal values of 0xFF and 0xFE in the middle of the 48- bit MAC as described in RFC4291
and flipping the 7th bit of the MAC address. For example if the MAC address is 08-94-ef-2f-28-af, the link-local address
would be as follows:
fe80::0a94:efff:fe2f:28af

When you access the XClarity Controller, the following IPv6 conditions are set as default:
• Automatic IPv6 address configuration is enabled.
• IPv6 static IP address configuration is disabled.
• DHCPv6 is enabled.
• Stateless auto-configuration is enabled.

The XClarity Controller provides the choice of using a dedicated systems-management network connection (if appli-
cable) or one that is shared with the server. The default connection for rack-mounted and tower servers is to use the
dedicated systems-management network connector.

The dedicated systems-management network connection on most servers is provided using a separate 1Gbit network
interface controller. However, on some systems the dedicated systems-management network connection may be
provided using the Network Controller Sideband Interface (NCSI) to one of the network ports of a multi-port network
interface controller. In this case, the dedicated systems-management network connection is limited to the 10/100 speed
of the sideband interface. For information and any limitations on the implementation of the management port on your
system, see your system documentation.

Note: A dedicated systems-management network port might not be available on your server. If your hardware does not
have a dedicated network port, the shared setting is the only XClarity Controller setting available.

52 Tech Sales Certification - System Management Study Guide

 Setting up the XClarity Controller network connection through the XClarity Provisioning Manager
Use the information in this topic to set up an XClarity Controller network connection through the XClarity Provisioning
Manager.

After you start the server, you can use the XClarity Provisioning Manager to configure the XClarity Controller network
connection. The server with the XClarity Controller must be connected to a DHCP server, or the server network must
be configured to use the XClarity Controller static IP address. To set up the XClarity Controller network connection
through the Setup utility, complete the following steps:
Step 1. Turn on the server. The ThinkSystem welcome screen is displayed.

Note: It may take up to 40 seconds after the server is connected to AC power for the power-control button to
become active.

Step 2. When the prompt <F1> System Setup is displayed, press F1. If you have set both a power-on password and
an administrator password, you must type the administrator password to access the XClarity Provisioning
Manager.
Step 3. From the XClarity Provisioning Manager main menu, select UEFI Setup.
Step 4. On the next screen, select BMC Settings.
Step 5. There are three XClarity Controller network connection choices in the DHCP Control field:
• Static IP
• DHCP Enabled
• DHCP with Fallback

53 Tech Sales Certification - System Management Study Guide

 Step 6. Select one of the network connection choices.
Step 7. If you choose to use a static IP address, you must specify the IP address, the subnet mask, and the default
gateway.
Step 8. You can also use the Lenovo XClarity Controller Manager to select a dedicated network connection (if your
server has a dedicated network port) or a shared XClarity Controller network connection.
Notes:
• A dedicated systems-management network port might not be available on your server. If your hardware does not
have a dedicated network port, the shared setting is the only XClarity Controller setting available. On the Network
Configuration screen, select Dedicated (if applicable) or Shared in the Network Interface Port field.
• To find the locations of the Ethernet connectors on your server that are used by the XClarity Controller, see the docu
mentation that came with your server.
Step 9. Click Save.
Step 10. Exit from the XClarity Provisioning Manager.

Notes:
• You must wait approximately 1 minute for changes to take effect before the server firmware is functional again.
• You can also configure the XClarity Controller network connection through the XClarity Controller web interface or
command-line interface (CLI). In the XClarity Controller web interface, network connections can be configured by
clicking BMC Configuration from the left navigation panel , and then selecting Network. In the XClarity Controller CLI,
network connections are configured using several commands that depend on the configuration of your installation.

Logging in to the XClarity Controller

Use the information in this topic to access the XClarity Controller through the XClarity Controller web interface.

Important: The XClarity Controller is set initially with a user name of USERID and password of PASSW0RD (with a
zero, not the letter O). This default user setting has Supervisor access. Change this user name and password during
your initial configuration for enhanced security.

Note: In a Flex System, the XClarity Controller user accounts can be managed by a Flex System Chassis Manage-
ment Module (CMM) and might be different than the USERID/PASSW0RD combination described above.

To access the XClarity Controller through the XClarity Controller web interface, complete the following steps:
Step 1. Open a web browser. In the address or URL field, type the IP address or host name of the XClarity Controller
to which you want to connect.
Step 2. Select the desired language from the language drop-down list.

The Login window is shown in the following illustration.

Step 3. Type your user name and password in the XClarity Controller Login window. If you are using the XClarity
Controller for the first time, you can obtain your user name and password from your system administrator. All
login attempts are documented in the event log. Depending on how your system administrator configured the
user ID, you might need to enter a new password after logging in.
Step 4. Click Log In to start the session. The browser opens the XClarity Controller home page, as shown in the
following illustration. The home page displays information about the system that the XClarity Controller
manages plus icons indicating how many critical errors and how many warnings are currently present in the
system.

54 Tech Sales Certification - System Management Study Guide

 The home page is essentially divided into two sections. The first section is the left navigation panel, which is a set of
topics that allow you to perform the following actions:
• Monitor the server status
• Configure the server
• Configure the XClarity Controller or BMC
• Update the firmware

The second section is the graphical information provided to the right of the navigation panel. The modular format gives
you a quick view of the server status and some quick actions that can be performed.

Description of XClarity Controller functions on web interface

The following is a table that describes the XClarity Controller functions in the left navigation panel.

Note: When navigating the web interface, you can also click the question mark icon for online help.

Table 1. XClarity Controller functions

Three column table containing descriptions of the actions that you can perform from the XClarity Controller web
interface.

55 Tech Sales Certification - System Management Study Guide

 Table 1. XClarity Controller functions (continued)

56 Tech Sales Certification - System Management Study Guide

 Table 1. XClarity Controller functions (continued)

Configuring the XClarity Controller

Use the information in this chapter to understand the options available for XClarity Controller configurations.

When configuring the XClarity Controller, the following key options are available:
• Backup and Restore
• License
• Network
• Security
• User/LDAP

Configuring user accounts/LDAP

Use the information in this topic to understand how user accounts are managed.

Click User/LDAP under BMC Configuration to create, modify, and view user accounts, and to configure LDAP
settings.

The Local User tab shows the user accounts that are configured in the XClarity Controller, and which are currently
logged in to the XClarity Controller.

The LDAP tab shows the LDAP configuration for accessing user accounts that are kept on an LDAP server.

User authentication method

Use the information in this topic to understand the modes that the XClarity Controller can use to authenticate login
attempts.
Click Allow logons from to select how user login attempts are authenticated. You can select one of the following au-
thentication methods:
• Local only: Users are authenticated by a search of the local user account configured in the XClarity Controller. If
there is no match of the user ID and password, access is denied.
• LDAP only: The XClarity Controller attempts to authenticate the user with credentials kept on an LDAP server. The
local user accounts in the XClarity Controller are not searched with this authentication method.
• Local first, then LDAP: Local authentication is attempted first. If local authentication fails; then, LDAP authentication
is attempted.
• LDAP first, then local user: LDAP authentication is attempted first. If LDAP authentication fails; then, local
authentication is attempted.

57 Tech Sales Certification - System Management Study Guide

 Notes:
• Only locally administered accounts are shared with the IPMI and SNMP interfaces. These interfaces do not support
LDAP authentication.
• IPMI and SNMP users can login using the locally administered accounts when the Allow logons from field is set to
LDAP only.

Creating a new user account

Use the information in this topic to create a new local user.

Create user
Click Create to create a new user account.

Complete the following fields: User name, Password, Confirm Password, and Authority Level. For further details on the
authority level, see the following section.

User authority level

The following user authority levels are available:

Supervisor
The Supervisor user authority level has no restrictions.

Read only
The Read only user authority level has read-only access and cannot perform actions such as file transfers, power and
restart actions, or remote presence functions.

Custom
The Custom user authority level allows a more customized profile for user authority with settings for the actions that the
user is allowed to perform.

Select one or more of the following Custom user authority levels:

Adapter Configuration - Networking & Security

A user can modify configuration parameters on the Security, Network, and Serial Port pages.

User Account Management

A user can add, modify, or delete users, and change the global login settings.

Remote Console Access

A user can access the remote console.

Remote Console and Remote Disk Access

A user can access the remote console and the virtual media feature.

Remote Server Power/Restart

A user can perform power-on and restart functions for the server.

Adapter Configuration - Basic

A user can modify configuration parameters on the Server Properties and Events pages.

Ability to Clear Event Logs

A user can clear the event logs. Anyone can look at the event logs; but, this authority level is required to clear
the logs.

Adapter Configuration - Advanced (Firmware Update, Restart BMC, Restore Configuration)

A user has no restrictions when configuring the XClarity Controller. In addition, the user is said to have
administrative access to the XClarity Controller. Administrative access includes the following advanced
functions: firmware updates, PXE network boot, restoring XClarity Controller factory defaults, modifying and
restoring XClarity Controller settings from a configuration file, and restarting and resetting the XClarity
Controller.
58 Tech Sales Certification - System Management Study Guide
 When a user sets the authority level of an XClarity Controller login ID, the resulting IPMI privilege level of the
corresponding IPMI User ID is set according to the following priorities:
• If a user sets the XClarity Controller login ID authority level to Supervisor, the IPMI privilege level is set to
Administrator.
• If a user sets the XClarity Controller login ID authority level to Read Only, the IPMI privilege level is set to User.
• If a user sets the XClarity Controller login ID authority level to any of the following types of access, the IPMI privilege
level is set to Administrator:
– User Account Management Access
– Remote Console Access
– Remote Console and Remote Disk Access
– Adapter Configuration - Networking & Security
– Adapter Configuration - Advanced
• If a user sets the XClarity Controller login ID authority level to Remote Server Power/Restart Access or Ability to Clear
Event Logs, the IPMI privilege level is set to Operator.
• If a user sets the XClarity Controller login ID authority level to Adapter Configuration - Basic, the IPMI privilege level is
set to User.

SNMPv3 Settings
To enable SNMPv3 access for a user, select the check box next to the SNMPv3 Settings. The following user access
options are explained:

Access type
Only GET operations are supported. The XClarity Controller does not support SNMPv3 SET operations. SNMP3 can
only perform query operations.

Address for traps

Specify the trap destination for the user. This can be an IP address or hostname. Using traps, the SNMP agent notifies
the management station about events, (for example, when a processor temperature exceeds the limit).

Authentication protocol
Only HMAC-SHA is supported as the authentication protocol. This algorithm is used by the SNMPv3 security model for
authentication.

Privacy protocol
The data transfer between the SNMP client and the agent can be protected using encryption. The supported methods
are CBC-DES and AES.

SSH Key
The XClarity Controller supports SSH Public Key Authentication. To add a SSH key to the local user account, select the
check box next to the SSH Key. The following two options are provided:

Select key file

Select the SSH key file to be imported into the XClarity Controller from your server.

Enter key into a text field

Paste or type the data from your SSH key into the text field.

Note: Some of Lenovo’s tools may create a temporary user account for accessing the XClarity Controller when the tool
is run on the server operating system. This temporary account is not viewable and does not use any of the 12 local
user account positions. The account is created with a random user name (for example, “20luN4SB”) and password.
The account can only be used to access the XClarity Controller on the internal Ethernet over USB interface, and only
for the CIM-XML and SFTP interfaces. The creation and removal of this temporary account is recorded in the audit log
as well as any actions performed by the tool with these credentials.

59 Tech Sales Certification - System Management Study Guide

 Deleting a user account
Use the information in this topic to create a new local user.

To delete a local user account, click the trash can icon on the row of the account that you wish to remove. If you are
authorized, you can remove your own account or the account of other users, even if they are currently logged in, un-
less it is the only account remaining with User Account Management privileges. Sessions that are already in progress
when user accounts are deleted will not be automatically terminated.

Configuring global login settings

Use the information in this topic to configure login and password policy settings that apply to all users.

Web inactivity session timeout

Use the information in this topic to set the web inactivity session timeout option.

In the Web inactivity session timeout field, you can specify how long, in minutes, the XClarity Controller waits before
it disconnects an inactive web session. The maximum wait time is 1,440 minutes. If set to 0, the web session never
expires.

The XClarity Controller firmware supports up to six simultaneous web sessions. To free up sessions for use by others,
it is recommended that you log out of the web session when you are finished rather than relying on the inactivity time-
out to automatically close your session.

Note: If you leave the browser open on an XClarity Controller web page that automatically refreshes, your web session
will not automatically close due to inactivity.

Account security policy settings

Use this information to understand and select the account security policy setting for your server.
The following information is a description of the fields for the security settings.

Force to change password on first access

After setting up a new user with a default password, selection of this check box will force that user to change their
password the first time that the user logs in. The default value for this field is to have the check box enabled.

Force default account password must be changed on next login

A manufacturing option is provided to reset the default USERID profile after the first successful login. When this check
box is enabled, the default password must be changed before the account can be used. The new password is subject
to all active password enforcement rules. The default value for this field is to have the check box disabled.

Password expiration period (days)

This field contains the maximum password age that is permitted before the password must be changed. A value of 0 to
365 days is supported. The default value for this field is 90 days.

Password expiration warning period (days)

This field contains the number of days a user is warned before their password expires. If it is set to 0, no warnings are
sent. A value of 0 to 365 days is supported. The default value for this field is 5 days.

Minimum password length

This field contains the minimum length of the password. 8 to 20 characters are supported for this field. The default
value for this field is 10.

Minimum password reuse cycle

This field contains the number of previous passwords that cannot be reused. Up to ten previous passwords can be
compared. Select 0 to allow the reuse of all previous passwords. A value of 0 to 10 is supported. The default value for
this field is 5.

Minimum password change interval (hours)

This field contains how long a user must wait between password changes. A value of 0 to 240 hours is supported. The
default value for this field is 24 hours.

60 Tech Sales Certification - System Management Study Guide

 Maximum number of login failures (times)
This field contains the number of failed login attempts that are allowed before the user is locked out for a period of
time. A value of 0 to 10 is supported. The default value for this field is five login failures.

Lockout period after maximum login failures (minutes)

This field specifies how long (in minutes), the XClarity Controller subsystem will disable remote login attempts after
the maximum number of login failures has been reached. A value of 0 to 2,880 minutes is supported. The default
value for this field is 60 minutes.

Configuring LDAP
Use the information in this topic to view or change XClarity Controller LDAP settings.

Click the LDAP tab to view or modify XClarity Controller LDAP settings.

The XClarity Controller can remotely authenticate a user’s access through a central LDAP server instead of, or in
addition to the local user accounts that are stored in the XClarity Controller itself. Privileges can be designated for
each user account using the IBMRBSPermissions string. You can also use the LDAP server to assign users to groups
and perform group authentication, in addition to the normal user (password check) authentication. For example, an
XClarity Controller can be associated with one or more groups, the user will pass group authentication only if the user
belongs to at least one group that is associated with the XClarity Controller.

To configure an LDAP server, complete the following steps:

1. Under LDAP Server Information, the following options are available from the item list:
• Use LDAP server for Authentication only (with local authorization): This selection directs the XClarity
Controller to use the credentials only to authenticate to the LDAP server and to retrieve group membership
information. The group names and privileges can be configured in the Active Directory Settings section.
• Use LDAP server for Authentication and Authorization: This selection directs the XClarity Controller to use
the credentials both to authenticate to the LDAP server and to identify a user’s permission.

Note: The LDAP servers to be used for authentication can either be configured manually or discovered
dynamically via DNS SRV records.

• Use Pre-Configured Servers: You can configure up to four LDAP servers by entering each server’s IP
address or host name if DNS is enabled. The port number for each server is optional. If this field is left
blank, the default value of 389 is used for non-secured LDAP connections. For secured connections, the
default port value is 636. You must configure at least one LDAP server.
• Use DNS to Find Servers: You can choose to discover the LDAP server(s) dynamically. The mechanisms
described in RFC2782 (A DNS RR for specifying the location of services) are used to locate the LDAP
server(s). This is known as DNS SRV. You need to specify a fully qualified domain name (FQDN) to be used
as the domain name in the DNS SRV request.

If you wish to enable secure LDAP, click the Enable Secure LDAP check box. In order to support secure
LDAP, a valid SSL certificate must be in place and at least one SSL client trusted certificate must be
imported into the XClarity Controller. Your LDAP server must support Transport Layer Security (TLS) version
1.2 to be compatible with the XClarity Controller secure LDAP client. For more information about certificate
handling, see “SSL certificate handling” on page 32.

2. Fill in information under Additional Parameters. Below are explanations of the parameters.
Binding method
Before you can search or query the LDAP server, you must send a bind request. This field controls how this
initial bind to the LDAP server is performed. The following bind methods are available:
• No Credentials Required
Use this method to bind without a Distinguished Name (DN) or password. This method is strongly
discouraged because most servers are configured to not allow search requests on specific user records.
• Use Configured Credentials
Use this method to bind with the configured client DN and password.

61 Tech Sales Certification - System Management Study Guide

 • Use Login Credentials
Use this method to bind with the credentials that are supplied during the login process. The user ID can
be provided through a DN, a partial DN, a fully qualified domain name, or through a user ID that matches
the UID Search Attribute that is configured on the XClarity Controller. If the credentials that are presented
resemble a partial DN (e.g. cn=joe), this partial DN will be prepended to the configured Root DN in an
attempt to create a DN that matches the user’s record. If the bind attempt fails, a final attempt will be made
to bind by prepending cn= to the login credential, and prepending the resulting string to the configured Root
DN.

If the initial bind is successful, a search is performed to find an entry on the LDAP server that belongs to the user who
is logging in. If necessary, a second attempt to bind is made, this time with the DN that is retrieved from the user’s
LDAP record and the password that was entered during the login process. If the second attempt to bind fails, the user
is denied access. The second bind is performed only when the No Credentials Required or Use Configured Creden-
tials binding methods are used.

Root Distinguished Name (DN)

This is the distinguished name (DN) of the root entry of the directory tree on the LDAP server (for example, dn=my-
company,dc=com). This DN is used as the base object for all search requests.

UID Search Attribute

When the binding method is set to No Credentials Required or Use Configured Credentials, the initial bind to the LDAP
server is followed by a search request that retrieves specific information about the user, including the user’s DN, login
permissions, and group membership. This search request must specify the attribute name that represents the user IDs
on that server. This attribute name is configured in this field. On Active Directory servers, the attribute name is usually
sAMAccountName. On Novell eDirectory and OpenLDAP servers, the attribute name is uid. If this field is left blank, the
default is uid.

Group Filter
The Group Filter field is used for group authentication. Group authentication is attempted after the user’s credentials
are successfully verified. If group authentication fails, the user’s attempt to log on is denied. When the group filter is
configured, it is used to specify to which groups the XClarity Controller belongs. This means that to succeed the user
must belong to at least one of the groups that are configured for group authentication. If the Group Filter field is left
blank, group authentication automatically succeeds. If the group filter is configured, an attempt is made to match at
least one group in the list to a group that the user belongs. If there is no match, the user fails authentication and is
denied access. If there is at least one match, group authentication is successful.
The comparisons are case sensitive. The filter is limited to 511 characters and can consist of one or more group
names. The colon (:) character must be used to delimit multiple group names. Leading and trailing spaces are ignored,
but any other space is treated as part of the group name.

Note: The wildcard character (*) is no longer treated as a wildcard. The wildcard concept has been discontinued to
prevent security exposures. A group name can be specified as a full DN or by using only the cn portion. For example,
a group with a DN of cn=adminGroup, dc=mycompany, dc=com can be specified using the actual DN or with admin-
Group.

Nested group membership is supported only in Active Directory environments. For example, if a user is a member of
GroupA and GroupB, and GroupA is also a member of GroupC, the user is said to be a member of GroupC also.
Nested searches stop if 128 groups have been searched. Groups in one level are searched before groups in a lower
level. Loops are not detected.

Group Search Attribute

In an Active Directory or Novell eDirectory environment, the Group Search Attribute field specifies the attribute name
that is used to identify the groups to which a user belongs. In an Active Directory environment, the attribute name is
memberOf. In an eDirectory environment, the attribute name is groupMembership. In an OpenLDAP server environ-
ment, users are usually assigned to groups whose objectClass equals PosixGroup. In that context, this field specifies
the attribute name that is used to identify the members of a particular PosixGroup. This attribute name is memberUid.
If this field is left blank, the attribute name in the filter defaults to memberOf.

62 Tech Sales Certification - System Management Study Guide

 Login Permission Attribute
When a user is authenticated through an LDAP server successfully, the login permissions for the user must be re-
trieved. To retrieve the login permissions, the search filter that is sent to the server must specify the attribute name that
is associated with login permissions. The Login Permission Attribute field specifies the attribute name. If this field is
left blank, the user is assigned a default of read-only permissions, assuming that the user passes the user and group
authentication.
The attribute value that is returned by the LDAP server searches for the keyword string IBMRBSPermissions=. This
keyword string must be immediately followed by a bit string that is entered as 12 consecutive 0s or 1s. Each bit rep-
resents a set of functions. The bits are numbered according to their positions. The left-most bit is bit position 0, and the
right-most bit is bit position 11. A value of 1 at a bit position enables the function that is associated with that bit position.
A value of 0 at a bit position disables the function that is associated with that bit position.
The string IBMRBSPermissions=010000000000 is a valid example. The IBMRBSPermissions= keyword is used to
allow it to be placed anywhere in this field. This enables the LDAP administrator to reuse an existing attribute; there-
fore, preventing an extension to the LDAP schema. This also enables the attribute to be used for its original purpose.
You can add the keyword string anywhere in this field. The attribute that you use can allow for a free-formatted string.
When the attribute is retrieved successfully, the value that is returned by the LDAP server is interpreted according to
the information in the following table.

Table 2. Permission bits (continued)

63 Tech Sales Certification - System Management Study Guide

 Note that priority is given to login permissions retrieved directly from the user record. If the user does not have the
login permission attribute in its record, an attempt will be made to retrieve the permissions from the group(s) that the
user belongs to, and, if configured, that match the group filter. In this case the user will be assigned the inclusive OR of
all the bits for all of the groups. Similarly, the Read Only Access bit will only be set if all the other bits are zero. More-
over, note that if the Deny Always bit is set for any of the groups, the user will be refused access. The Deny Always bit
always has precedence over every other bit.

Note: If you give a user the ability to modify basic, networking, and/or security related adapter configuration parame-
ters, you should consider giving this same user the ability to restart the XClarity Controller (bit position 10). Otherwise,
without this ability, a user might be able to change parameters (for example, IP address of the adapter), but will not be
able to have them take effect.

3. Choose whether or not to Enable enhanced role-based security for Active Directory Users under Active Directory
Settings (if Use LDAP server for Authentication and Authorization mode is used), or configure the Groups for Local
Authorization (if Use LDAP server for Authentication only (with local authorization) mode is used).
• Enable enhanced role-based security for Active Directory Users
If enhanced role-based security setting is enabled, a free-formatted server name must be configured to
act as the target name for this particular XClarity Controller. The target name can be associated with one
or more roles on the Active Directory server through a Role Based Security (RBS) Snap-In. This is
accomplished by creating managed targets, giving them specific names, and then associating them to the
appropriate roles. If a name is configured in this field, it provides the ability to define specific roles for users
and XClarity Controllers (targets) who are members of the same role. When a user logs in to the XClarity
Controller and is authenticated via Active Directory, the roles that the user is a member of are retrieved from
the directory. The permissions that are assigned to the user are extracted from the roles that also have as a
member a target that matches the server name that is configured here, or a target that matches any XClarity
Controller. Multiple XClarity Controllers can share the same target name. This could be used to group multiple
XClarity Controllers together and assign them to the same role (or roles) by using a single managed target.
Conversely each XClarity Controller can be given a unique name.

• Groups for Local Authorization

Group Names are configured to provide local authorization specifications for groups of users. Each group
name can be assigned permissions (Roles) that are the same as described in the table above. The LDAP
server associates users with a group name. When the user logs in he is assigned the permissions that are
associated with the group to which the user belongs. Additional groups can be configured by clicking the “+”
icon or deleted by clicking the “x” icon.

Configuring network protocols

Use the information in this topic to view or establish network settings for the XClarity Controller.

Configuring the Ethernet settings

Use the information in this topic to view or change how the XClarity Controller communicates by way of an Ethernet
connection.

The XClarity Controller uses two network controllers. One network controller is connected to the dedicated manage-
ment port and the other network controller is connected to the shared port. Each of the network controllers is assigned
its own burned in MAC address. If DHCP is being used to assign an IP address to the XClarity Controller, when a user
switches between network ports or when a failover from the dedicated network port to the shared network port occurs,
a different IP address may be assigned to the XClarity Controller by the DHCP server. It is recommended that when us-
ing DHCP, users should use the host name to access the XClarity Controller rather than relying on an IP address. Even
if the XClarity Controller network ports are not changed, the DHCP server could possibly assign a different IP address
to the XClarity Controller when the DHCP lease expires, or when the XClarity Controller reboots. If a user needs to
access the XClarity Controller using an IP address that will not change, the XClarity Controller should be configured for
a static IP address rather than DHCP.

Click Network under BMC Configuration to modify XClarity Controller Ethernet settings.

64 Tech Sales Certification - System Management Study Guide

 Configuring the XClarity Controller Host Name
The default XClarity Controller host name is generated using a combination of the string “XCC -“ followed by the server
machine type and server serial number (for example. “XCC-7X03-1234567890”). You can change the XClarity Control-
ler host name by entering up to a maximum of 63 characters in this field. The host name must not include a period (.)
and can contain only alpha, numeric, hyphen and underscore characters.

Configuring IPv4 network settings

To use an IPv4 Ethernet connection, complete the following steps:
1. Enable the IPv4 option.
Note: Disabling the Ethernet interface prevents access to the XClarity Controller from the external network.
2. From the Method field, select one of the following options:
• Obtain IP from DHCP: The XClarity Controller will obtain its IPv4 address from a DHCP server.
• Use static IP address: The XClarity Controller will use the user specified value for its IPv4 address.
• First DHCP, then static IP address: The XClarity Controller will attempt to obtain its IPv4 address from a
DHCP server, but if that attempt fails, the XClarity Controller will use user specified value for its IPv4 address.
3. In the Static address field, type the IP address that you want to assign to the XClarity Controller.
Note: The IP address must contain four integers from 0 to 255 with no spaces and separated by periods. This
field will not be configurable if the method is set to Obtain IP from DHCP.
4.In the Network mask field, type the subnet mask that is used by the XClarity Controller.
Note: The subnet mask must contain four integers from 0 to 255 with no spaces or consecutive periods and
separated by periods. The default setting is 255.255.255.0. This field will not be configurable if the method is
set to Obtain IP from DHCP.
5. In the Default Gateway field, type your network gateway router.
Note: The gateway address must contain four integers from 0 to 255 with no spaces or consecutive periods
and separated by periods. This field will not be configurable if the method is set to Obtain IP from DHCP.

Configuring advanced Ethernet settings

Click the Advanced Ethernet tab to set additional Ethernet settings.
Note: In a Flex System, the VLAN settings are managed by a Flex System CMM and cannot be modified on
the XClarity Controller.

To enable Virtual LAN (VLAN) tagging select the Enable VLAN check box. When VLAN is enabled and a VLAN ID is
configured, the XClarity Controller only accepts packets with the specified VLAN IDs. The VLAN IDs can be configured
with numeric values between 1 and 4094.

From the MAC selection list choose one of the following selections:
• Use burned in MAC address
The Burned-in MAC address option is a unique physical address that is assigned to this XClarity Controller by the
manufacturer. The address is a read-only field.
• Use custom MAC address
If a value is specified, the locally administered address overrides the burned-in MAC address. The locally administered
address must be a hexadecimal value from 000000000000 through FFFFFFFFFFFF. This value must be in the form xx:xx
:xx:xx:xx:xx where x is a hexadecimal number from 0 to 9 or “a” through “f ”. The XClarity Controller does not support
the use of a multicast address. The first byte of a multicast address is an odd number (the least significant bit is set to 1);
therefore, the first byte must be an even number.

In the Maximum transmission unit field, specify the maximum transmission unit of a packet (in bytes) for your network interface.
The maximum transmission unit range is from 60 to 1500. The default value for this field is 1500.

65 Tech Sales Certification - System Management Study Guide

 To use an IPv6 Ethernet connection, complete the following steps:
Configuring IPv6 network settings
1. Enable the IPv6 option.
2. Assign an IPv6 address to the interface using one of the following assignment methods:
• Use stateless address autoconfiguration
• Use stateful address configuration (DHCPv6)
• Use statically assigned IP address
Notes: When the Use statically assigned IP addres is chosen, you will be asked to type the following
information:
–IPv6 Address
–Prefix length
–Gateway

Configuring DNS
Use the information in this topic to view or change XClarity Controller Domain Name System (DNS) settings.
Note: In a Flex System, DNS settings cannot be modified on the XClarity Controller. DNS settings are managed by the
CMM.

Click Network under BMC Configuration to view or modify XClarity Controller DNS settings.

If you click the Use additional DNS address servers check box, specify the IP addresses of up to three Domain Name
System servers on your network. Each IP address must contain integers from 0 to 255, separated by periods. These
DNS server addresses are added to the top of the search list, so a host name lookup is done on these servers before
one that is automatically assigned by a DHCP server.

Configuring DDNS
Use the information in this topic to enable or disable Dynamic Domain Name System (DDNS) protocol on the XClarity
Controller.

Click Network under BMC Configuration to view or modify XClarity Controller DDNS settings.

Click the Enable DDNS check box, to enable DDNS. When DDNS is enabled, the XClarity Controller notifies a domain
name server to change in real time, the active domain name server configuration of the XClarity Controller configured
host names, addresses or other information that is stored in the domain name server.

Choose an option from the item list to decide how you want the domain name of the XClarity Controller to be selected.

• Use custom domain name: You can specify the domain name to which the XClarity Controller belongs.
• Use domain name obtained from the DHCP server: The domain name to which the XClarity Controller belongs is
specified by the DHCP server.

Configuring Ethernet over USB

Use the information in this topic to control the Ethernet over USB interface used for in-band communication between
the server and the XClarity Controller.

Click Network under BMC Configuration to view or modify the XClarity Controller Ethernet over USB settings.

The Ethernet over USB is used for in-band communications to the XClarity Controller. Click the check box to enable or
disable the Ethernet over USB interface.

Important: If you disable the Ethernet over USB, you cannot perform an in-band update of the XClarity Controller firm-
ware or server firmware using the Linux or Windows flash utilities.

66 Tech Sales Certification - System Management Study Guide

 Select the method that The XClarity Controller uses to assign addresses to the endpoints of the Ethernet over USB
interface.
• Use IPv6 link-local address for Ethernet over USB:This method uses IPv6 addresses based off the MAC address that
have been allocated to the endpoints of the Ethernet over USB interface. Normally, the IPv6 link local address is
generated using the MAC address (RFC 4862) but Windows 2008 and newer 2016 operating systems do not support
a static link local IPv6 address on the host end of the interface. Instead the default Windows behavior regenerates
random link local addresses while running. If the XClarity Controller Ethernet over USB interface is configured to use
the IPv6 link local address mode, various functions that make use of this interface will not work because the XClarity
Controller does not know what address Windows has assigned to the interface. If the server is running Windows use
one of the other Ethernet over USB address configuration methods, or disable the default Windows behavior by using
this command: netsh interface ipv6 set global randomizeidentifiers=disabled
• Use IPv4 link-local address for Ethernet over USB:An IP address in the 169.254.0.0/16 range is assigned to the
XClarity Controller and server side of the network.
• Configure IPv4 setting for Ethernet over USB:With this method, it specifies the IP addresses and network mask that
are assigned to the XClarity Controller and the server side of the Ethernet over USB interface.

Mapping of external Ethernet port numbers to Ethernet over USB port numbers is controlled by clicking the Enable
external Ethernet to Ethernet over USB port forwarding checkbox and completing the mapping information for ports you
wish to have forwarded from the management network interface to the server.

Configuring SNMPv3
Use the information in this topic to configure SNMP agents.

Complete the following steps to configure the XClarity Controller SNMPv3 alert settings.
1. Click Network under BMC Configuration.
2. Check the corresponding check box to enable the SNMPv3 agent or SNMP Traps.
3. If enabling the SNMP Traps, select the following event types you wish to be alerted:
• Critical
• Attention
• System
4. If enabling the SNMPv3 agent, complete the following fields:
a. In the BMC Contact field, enter the name of the contact person.
b. In the Location field, enter the site (geographical coordinates).

Enabling or Disabling IPMI Network Access

Use the information in this topic to control IPMI network access to the XClarity Controller.

Click Network under BMC Configuration to view or modify XClarity Controller IPMI settings. Complete the following
fields to view or modify IPMI settings:

IPMI over LAN Access

Click the switch to enable or disable IPMI network access to the XClarity Controller.

Important: If you are not using any tools or applications that access the XClarity Controller through the network using
the IPMI protocol, it is highly recommended that you disable IPMI network access for improved security.

Configuring Network Settings with IPMI commands

Use the information in this topic to configure the network settings using IPMI commands.

Because each BMC network setting is configured using separate IPMI requests and in no particular order, the BMC
does not have the complete view of all of the network settings until the BMC is restarted to apply the pending network
changes. The request to change a network setting may succeed at the time that the request is made, but later be deter-
mined to be invalid when additional changes are requested. If the pending network settings are incompatible when the
BMC is restarted, the new settings will not be applied. After restarting the BMC, you should attempt to access the BMC
using the new settings to ensure that they have been applied as expected.

67 Tech Sales Certification - System Management Study Guide

 Service Enablement and Port Assignment
Use the information in this topic to view or change the port numbers used by some services on the XClarity Controller.

Click Network under BMC Configuration to view or modify XClarity Controller port assignments. Complete the following
fields to view or modify port assignments:

Web
The port number is 80. This field is not user-configurable.

Web over HTTPS

In this field specify the port number for Web Over HTTPS. The default value is 443.

REST over HTTPS

The port number will automatically change to the one specified in the Web over HTTPS field. This field is not user-con-
figurable.

CIM over HTTP

In this field specify the port number for CIM over HTTP. The default value is 5989.

Remote Presence
In this field specify the port number for Remote Presence. The default value is 3900.

IPMI over LAN

The port number is 623. This field is not user-configurable.

SLP
In this field specify the port number that is used for the SLP. The port number is 427. This field is not user-configurable.

SSDP
The port number is 1900. This field is not user-configurable.

SSH
In this field specify the port number that is configured to access the command line interface through the SSH protocol.
The default value is 22.

SNMP Agent
In this field specify the port number for the SNMP agent that runs on the XClarity Controller. The default value is 161.
Valid port number values are from 1 to 65535.

SNMP Traps
In this field specify the port number that is used for SNMP traps. The default value is 162. Valid port number values are
from 1 to 65535.

Configuring Block List and Time Restriction

Use the information in this topic to view or change the settings that block access from IP addresses or MAC addresses
to the XClarity Controller.

Click Network under BMC Configuration to view or modify XClarity Controller access control settings.

To use access control, complete the following fields:

List of Blocked IP address
Users can enter up to three IPv4 addresses or ranges and three IPv6 addresses or ranges separated by
commas, which are not allowed to access the XClarity Controller. Refer to the IPv4 examples below:
• The single IPv4 address. For example: 192.168.1.1
• The supernet IPv4 address. For example: 192.168.1.0/24
• The IPv4 range. For example: 192.168.1.1-192.168.1.5

68 Tech Sales Certification - System Management Study Guide

 List of Blocked MAC address
Users can enter up to three MAC addresses separated by commas, which are not allowed to access the
XClarity Controller. For example: 11:22:33:44:55:66.

Restricted Access Interval

You can specify the time interval during which the XClarity Controller cannot be accessed. The begin date
and time must not be later than the end time.

Configuring Front Panel USB Port to Management

Use the information in this topic to configure the XClarity Controller Front Panel USB Port to Management.

On some servers the front panel USB port can be switched to attach either to the server or to the XClarity Controller.
Connection to the XClarity Controller is primarily intended for use with a mobile device running the Lenovo XClarity
Mobile app. When a USB cable is connected between the mobile device and the server’s front panel, an Ethernet over
USB connection will be established between the mobile app running on the device and the XClarity Controller.

Click Network under BMC Configuration to view or modify XClarity Controller front panel USB port to management
settings.

There are four types of settings that you can choose from:
Host Only Mode
The front panel USB port is always connected only to the server.

BMC Only Mode

The front panel USB port is always connected only to the XClarity Controller.

Shared Mode: owned by BMC

The front panel USB port is shared by both the server and the XClarity Controller, but the port is switched to the
XClarity Controller.

Shared Mode: owned by Host

The front panel USB port is shared by both the server and the XClarity Controller, but the port is switched to the host.

For additional information about the Mobile app, see the following site:
http://sysmgt.lenovofiles.com/help/topic/com.lenovo.lxca.doc/lxca_usemobileapp.html

Notes:
• If the front panel USB port is configured for Shared Mode, the port is connected to the XClarity Controller when there
is no power, and is connected to the server when there is power. When there is power, the control of the front panel
USB port can be switched back and forth between the server and the XClarity Controller. In shared mode, the port can
also be switched between the host and the XClarity Controller by pressing and holding the front panel Identification
button (for compute nodes it may be the USB management button) for more than 3 seconds.

• When configured in Shared Mode and the USB port is currently connected to the server, the XClarity Controller can
support a request to switch the front panel USB port back to the XClarity Controller. When this request is executed,
the front panel USB port will remain connected to the XClarity Controller until there is no USB activity to the XClarity
Controller for the period specified by the inactivity timeout.

Configuring security settings

Use the information in this topic to configure security protocols.

Note: The default minimum TLS version setting is TLS 1.2, but you can configure the XClarity Controller to use other
TLS versions if needed by your browser or management applications. For more information, see “tls command” on
page 154.

Click Security under BMC Configuration to access and configure security properties, status, and settings for your
XClarity Controller.

69 Tech Sales Certification - System Management Study Guide

 SSL overview
This topic is an overview of the SSL security protocol.

SSL is a security protocol that provides communication privacy. SSL enables client/server applications to communi-
cate in a way that prevents eavesdropping, tampering, and message forgery. You can configure the XClarity Controller
to use SSL support for different types of connections, such as secure web server (HTTPS), secure LDAP connection
(LDAPS), CIM over HTTPS, and SSH server, and to manage the certificates that are required for SSL.

SSL certificate handling

This topic provides information about the administration of certificates that can be used with the SSL security protocol.

You can use SSL with a self-signed certificate or with a certificate that is signed by a third-party certificate authority.
Using a self-signed certificate is the simplest method for using SSL; but, it does create a small security risk. The risk
arises because the SSL client has no way of validating the identity of the SSL server for the first connection that is
attempted between the client and server. For example, it is possible that a third party might impersonate the XClari-
ty Controller web server and intercept data that is flowing between the actual XClarity Controller web server and the
user’s web browser. If, at the time of the initial connection between the browser and the XClarity Controller, the self-
signed certificate is imported into the certificate store of the browser, all future communications will be secure for that
browser (assuming that the initial connection was not compromised by an attack).

For more complete security, you can use a certificate that is signed by a certificate authority (CA). To obtain a signed
certificate, you will need to select Generate Certificate Signing Request (CSR). Select Download Certificate Signing
Request (CSR) and send the Certificate-Signing Request (CSR) to a CA to obtain a signed certificate. When the signed
certificate is received, select Import Signed Certificate to import it into the XClarity Controller.

The function of the CA is to verify the identity of the XClarity Controller. A certificate contains digital signatures for the
CA and the XClarity Controller. If a well-known CA issues the certificate or if the certificate of the CA has already been
imported into the web browser, the browser can validate the certificate and positively identify the XClarity Controller
web server.

The XClarity Controller requires a certificate for use with HTTPS Server, CIM over HTTPS, and the secure LDAP client.
In addition the secure LDAP client also requires one or more trusted certificates to be imported. The trusted certificate
is used by the secure LDAP client to positively identify the LDAP server. The trusted certificate is the certificate of the
CA that signed the certificate of the LDAP server. If the LDAP server uses self-signed certificates, the trusted certificate
can be the certificate of the LDAP server itself. Additional trusted certificates must be imported if more than one LDAP
server is used in your configuration.

SSL certificate management

This topic provides information about some of the actions that can be selected for certificate management with the SSL
security protocol.

Click Security under BMC Configuration to configure the SSL certificate management.

When managing XClarity Controller certificates, you are presented with the following actions:
Download Signed Certificate
Use this link to download a copy of the currently installed certificate. The certificate can be downloaded in either PEM
or DER format. The contents of the certificate can be viewed using a third-party tool such as OpenSSL (www.openssl.
org). An example of the command line for viewing the contents of the certificate using OpenSSL would look something
like the following:
openssl x509 -in cert.der -inform DER -text

Download Certificate Signing Request (CSR)

Use this link to download a copy of the certificate signing request. The CSR can be downloaded in either PEM or DER
format.

70 Tech Sales Certification - System Management Study Guide

 Generate Signed Certificate
Generate a self-signed certificate. After the operation is completed, SSL may be enabled using the new certificate.
Note: When performing the Generate Signed Certificate action, a Generate self-signed certificate for HTTPS window
opens. You will be prompted to complete the required and optional fields. You must complete the required fields. Once
you have entered your information, click Generate to complete the task.

Generate Certificate Signing Request (CSR)

Generate a certificate signing request (CSR). After the operation is completed, the CSR file may be downloaded and
sent to a certificate authority (CA) for signing.
Note: When performing the Generate Certificate Signing Request (CSR) action, a Generate Certificate Signing Re-
quest for HTTPS window opens. You will be prompted to complete the required and optional fields. You must complete
the required fields. Once you have entered your information, click Generate to complete the task.

Import a Signed Certificate

Use this to import a signed certificate. To obtain a signed certificate, a certificate signing request (CSR) must first be
generated and sent to a certificate authority (CA).

Configuring the Secure Shell server

Use the information in this topic to understand and enable the SSH security protocol.

Click Network under BMC Configuration to configure the Secure Shell server.

To use the SSH protocol, a key needs to be generated first to enable the SSH server.
Notes:
• No certificate management is required to use this option.
• The XClarity Controller will initially create a SSH server key. If you wish to generate a new SSH server key, click Net
work under BMC Configuration; then, click Regenerate key.
• After you complete the action, you must restart the XClarity Controller for your changes to take effect.

IPMI over Keyboard Controller Style (KCS) Access

Use the information in this topic to control IPMI over Keyboard Controller Style (KCS) access to the XClarity Controller.

The XClarity Controller provides an IPMI interface via the KCS channel that does not require authentication.

Click Security under BMC Configuration to enable to disable IPMI over KCS access.

Note: After you change the settings, you must restart the XClarity Controller for your changes to take effect.
Important: If you are not running any tools or applications on the server that access the XClarity Controller through the
IPMI protocol, it is highly recommended that you disable the IPMI KCS access for improved security. XClarity Essen-
tials does use the IPMI over KCS interface to the XClarity Controller. If you disabled the IPMI over KCS interface,
re-enable it prior to running XClarity Essentials on the server. Then disable the interface after you have finished.

Prevent System Firmware Down-Level

Use the information in this topic to prevent system firmware from being changed to older firmware levels.

This feature allows you to decide whether or not to allow the system firmware to return to an older firmware level.

Click Network under BMC Configuration to prevent system firmware down-level

To enable of disable this feature, click Network under BMC Configuration. Any changes that are made will take effect
immediately without the XClarity Controller requiring a restart.

Assert Physical Presence

Use the information in this topic to assert and de-assert Physical Presence from the XClarity Controller web page with-
out being physically present at the server.

This feature is only available if the Physical Presence Policy is enabled through UEFI. Once enabled, you can access
the physical presence feature by clicking Security under BMC Configuration.

71 Tech Sales Certification - System Management Study Guide

 Configuring the Security Key Lifecycle Manager (SKLM)
This topic provides information about the Security Key Lifecycle Manager (SKLM) software product that is used for
creating and managing security keys.

The Security Key Lifecycle Manager (SKLM) is a software product for creating and managing security keys. The
SKLM for ThinkSystem Self Encrypting Drives (SED) - Features on Demand (FoD) option is a ThinkSystem FoD
option that enables centralized management of encryption keys. The encryption keys are used to gain access to data
stored on SEDs in a ThinkSystem server.

A centralized SKLM (key repository) server provides the encryption keys to unlock the SEDs in the ThinkSystem
server. The FoD option requires that a FoD Activation key be installed in the XClarity Controller FoD key repository.
The Activation key for the FoD option is a unique identifier comprised of the machine type and serial number. To use
the storage key/drive access functionality, the FoD key ThinkSystem TKLM Activation for Secure Drive Encryption
(Type 32796 or 801C) must be installed in the XClarity Controller FoD key repository. See Chapter 7 “License
Management” on page 71for information pertaining to installing an activation key.

The SKLM FoD option is limited to ThinkSystem XClarity Controller-based servers. To increase security, the XClarity
Controller can be placed in a separate management network. The XClarity Controller uses the network to retrieve
encryption keys from the SKLM server; therefore, the SKLM server must be accessible to the XClarity Controller
through this network. The XClarity Controller provides the communication channel between the SKLM server and the
requesting ThinkSystem server. The XClarity Controller firmware attempts to connect with each configured SKLM
server, stopping when a successful connection is established.

The XClarity Controller establishes communication with the SKLM server if the following conditions are met:
• A valid FoD activation key is installed in the XClarity Controller.
• One or more SKLM server host name/IP addresses are configured in the XClarity Controller.
• Two certificates (client and server) for communication with the SKLM server are installed in the XClarity Controller.

Note: Configure at least two (a primary and a secondary) SKLM servers for your device. If the primary SKLM server
does not respond to the connection attempt from the XClarity Controller; connection attempts are initiated with the
additional SKLM servers until a successful connection is established.

A Transport Layer Security (TLS) connection must be established between the XClarity Controller and the SKLM serv-
er. The XClarity Controller authenticates the SKLM server by comparing the server certificate submitted by the SKLM
server, with the SKLM server certificate previously imported into the XClarity Controller’s trust store. The SKLM server
authenticates each XClarity Controller that communicates with it and checks to verify that the XClarity Controller is
permitted to access the SKLM server. This authentication is accomplished by comparing the client certificate that the
XClarity Controller submits, with a list of trusted certificates that are stored on the SKLM server.

At least one SKLM server (key repository server) will be connected, and the device group is considered optional.
The SKLM server certificate will need to be imported, while the client certificate needs to be specified. By default, the
HTTPS certificate is used. If you wish to replace it, you can generate a new one.

Configuring the key repository servers

Use the information in this topic to create the host name or IP address and associated port information for the SKLM
server.

The Key Repository Servers section consists of the following fields:

Host Name or IP address

Type the host name (if DNS is enabled and configured) or the IP address of the SKLM server in this field. Up to four
servers can be added.

Port
Type the port number for the SKLM server in this field. If this field is left blank, the default value of 5695 is used. Valid
port number values are 1 to 65535.

72 Tech Sales Certification - System Management Study Guide

 Configuring the device group
This topic contains information about the Device Group section .

A device group allows users to manage the self-encrypting drive (SED) keys on multiple servers as a group. A device
group with the same name must also be created on the SKLM server.

The Device Group section contains the following field:

Device Group
A device group allows users to manage the keys for SEDs on multiple servers as a group. A device group with the
same name must also be created on the SKLM server. The default value for this field is IBM_SYSTEM_X_SED.

Establishing certificate management

This topic provides information about client and server certificate management.

Client and server certificates are used to authenticate the communication between the SKLM server and the XClarity
Controller located in the ThinkSystem server. Client and server certificate management are discussed in this section.

Client Certificate Management

This topic provides information about client certificate management.
Client certificates are classified as one of the following:
• An XClarity Controller self-assigned certificate.
• A certificate generated from an XClarity Controller certificate signing request (CSR) and signed (externally) by a third
party CA.

A client certificate is required for communication with the SKLM server. The client certificate contains digital signatures
for the CA and the XClarity Controller.

Notes:
• Certificates are preserved across firmware updates.
• If a client certificate is not created for communication with the SKLM server, the XClarity Controller HTTPS server
certificate is used.
• The function of the CA is to verify the identity of the XClarity Controller.

To create a client certificate, click the plus icon () and select one of the following items:
• Generate a New Key and a Self-Signed Certificate
• Generate a New Key and a Certificate Signing Request (CSR)

The Generate a New Key and a Self-Signed Certificate action item generates a new encryption key and a self-signed
certificate. In the Generate New Key and Self-Signed Certificate window, type or select the information in the required
fields and any optional fields that apply to your configuration, (see the following table). Click OK to generate your en-
cryption key and certificate. A progress window displays while the self- signed certificate is being generated. A confir-
mation window is displayed when the certificate is successfully installed.

Note: The new encryption key and certificate replace any existing key and certificate.

Table 3. Generate a New Key and a Self-Signed Certificate

Two column table with headers documenting the required and optional fields for the Generate a new key and a self-
signed certificate action. The bottom row spans across both columns.

73 Tech Sales Certification - System Management Study Guide

 Table 3. Generate a New Key and a Self-Signed Certificate (continued)

After the client certificate has been generated you can download the certificate to storage on your XClarity Controller
by selecting the Download Certificate action item.

The Generate a New Key and a Certificate Signing Request (CSR) action item generates a new encryption key and
a CSR. In the Generate a New Key and a Certificate Signing Request window, type or select the information in the
required fields and any optional fields that apply to your configuration, (see the following table). Click OK to generate
your new encryption key and CSR.

A progress window displays while the CSR is being generated and a confirmation window is displayed upon success-
ful completion. After generation of the CSR, you must send the CSR to a CA for digital signing. Select the Download
Certificate Signing Request (CSR) action item and click OK to save the CSR to your server. You can then submit the
CSR to your CA for signing.

Table 4. Generate a New Key and a Certificate Signing Request

Two column table with headers documenting the required and optional fields for the Generate a new key and certifi-
cate signing request action. The bottom row spans across both columns.

Table 4. Generate a New Key and a Certificate Signing Request (continued)

The CSR is digitally signed by the CA using the user’s certificate processing tool, such as the OpenSSL or Certutil
command line tool. All client certificates that are signed using the user’s certificate processing tool have the same
base certificate. This base certificate must also be imported to the SKLM server so that all servers digitally signed by
the user are accepted by the SKLM server.

After the certificate has been signed by the CA you must import it into the BMC. Select the Import a Signed Certificate
action item and select the file to upload as the client certificate; then, click OK. A progress window displays while the
CA-signed certificate is being uploaded. A Certificate Upload window is displayed if the upload process is successful.
A Certificate Upload Error window is displayed if the upload process is not successful.

74 Tech Sales Certification - System Management Study Guide

 Notes:
• For increased security, use a certificate that is digitally signed by a CA.
• The certificate that is imported into the XClarity Controller must correspond to the CSR that was previously
generated.

After a CA-signed certificate is imported into the BMC, select the Download Certificate action item. When you select
this action item, the CA-signed certificate is downloaded from the XClarity Controller to store on your system.

Server certificate management

This topic provides information about server certificate management.

The server certificate is generated in the SKLM server and must be imported into the XClarity Controller before the
secure drive access functionality will work. To import the certificate that authenticates the SKLM server to the BMC,
click Import a Certificate from the Server Certificate Status section of the Drive Access page. A progress indicator is
displayed as the file is transferred to storage on the XClarity Controller.

After the server certificate is successfully transferred to the XClarity Controller, the Server Certificate Status area dis-
plays the following content: A server certificate is installed.

If you want to remove a trusted certificate, click the corresponding Remove button.

Backing up and Restoring the BMC configuration

The information in this topic describes how to restore or modify the BMC configuration.

Select Backup and Restore under BMC Configuration to perform the following actions:
• View management controller configuration summary
• Backup or restore the management controller configuration
• View backup or restore status
• Reset the management controller configuration to its factory default settings
• Access the management controller initial setup wizard

Backing up the BMC configuration

The information in this topic describes how to back up the BMC configuration.

Select Backup and Restore under BMC Configuration. At the very top is the Backup BMC configuration section.

If a backup was previously made, you will see the details in the Last backup field.

To backup the current BMC configuration, follow the steps shown below:
1. Specify the password for the BMC backup file.
2. Select if you wish to encrypt the whole file or only sensitive data.
3. Begin the backup process by clicking Start Backup. During the process, you are not allowed to perform any restore/
reset actions.
4. When the process is completed, a button will appear to let you download the and save the file.

Restoring the BMC configuration

The information in this topic describes how to restore the BMC configuration.

Select Backup and Restore under BMC Configuration. Located below Backup BMC Configuration is the Restore BMC
from Configuration File section.

To restore the BMC to a previously saved configuration, follow the steps shown below:
1. Browse to select the backup file and input the password when prompted.
2. Verify the file by clicking View content to view the details.
3. After verifying the content, click Start Restore.

75 Tech Sales Certification - System Management Study Guide

 Resetting the BMC to Factory Default
The information in this topic describes how to reset the BMC to the factory default settings.
Select Backup and Restore under BMC Configuration. Located below Restore BMC from Configuration File is the
Reset BMC to factory default section.

To reset the BMC to factory defaults, follow the steps shown below:
1. Click Start to Reset BMC to Factory Defaults.

Notes:
• Only users with Supervisor user authority level can perform this action.
• The Ethernet connection is temporarily disconnected. You must log in the XClarity Controller web interface again
after the reset operation is completed.
• Once you click Start to Reset BMC to Factory Defaults, all previous configuration changes will be lost. If you wish to
enable LDAP when restoring the BMC configuration, you will need to first import a trusted security certificate before
doing so.
• After the process is completed, the XClarity Controller will be restarted. If this is a local server, your TCP/IP
connection will be lost and you may need to reconfigure the network interface to restore connectivity.

Restarting the XClarity Controller

The information in this topic explains how to restart your XClarity Controller.

For details on how to restart the XClarity Controller, see “Power actions” on page 54

76 Tech Sales Certification - System Management Study Guide

 IMM and IMM2 Support on
Lenovo Servers -
Reference and Information

77 Tech Sales Certification - System Management Study Guide

 Reference Information
This document lists which Lenovo System x, NeXtScale, Flex System, and BladeCenter servers support the Integrated
Management Module II (IMM2) service processor and the older Integrated Management Module (IMM) service
processor.

The IMM and IMM2 consolidate service processor functionality previously provided by the combination of the
Baseboard Management Controller (BMC) and the Remote Supervisor Adapter II in System x and BladeCenter
products.

Integrated Management Module II

Integrated Management Module II (IMM2) is the second-generation management module integrated on System x
servers. IMM2 offers three levels of functionality: Basic, Standard, and Advanced.

Upgrading to Standard or Advanced will be performed using a software license key using Lenovo Features on Demand
(FoD).

IMM2 Basic has the following features:

• Industry-standard interfaces and protocols
• Intelligent Platform Management Interface (IPMI) Version 2.0
• Common Information Model (CIM)
• Advanced Predictive Failure Analysis (PFA) support
• Continuous health monitoring
• Choice of a dedicated or shared Ethernet connection
• Supports secure SSH text console access with optional encryption capabilities using AES cyphers
• Domain Name System (DNS) server support
• Dynamic Host Configuration Protocol (DHCP) support
• Embedded Dynamic System Analysis (DSA)
• LAN over USB for in-band communications to the IMM
• Serial over LAN
• Server console serial redirection
• Remote firmware updating
• Remote configuration through Advanced Settings Utility (ASU)

Note: IMM2 Basic does not include web browser or remote presence capabilities.

IMM2 Standard (as standard in some servers or as enabled using the Features on Demand software license key in
other servers) has the following features:
• Secure web server user interface
• Remote power control
• Access to server vital product data (VPD)
• Advanced Predictive Failure Analysis (PFA) support
• Power Management
• Automatic notification and alerts
• Continuous health monitoring and control
• Choice of a dedicated or shared Ethernet connection
• Domain Name System (DNS) server support
• Dynamic Host Configuration Protocol (DHCP) support
• E-mail alerts
• Syslog logging support
• Embedded Dynamic System Analysis (DSA)
• Enhanced user authority levels
• LAN over USB for in-band communications to the IMM
• Event logs that are time stamped, saved on the IMM, and that can be attached to e-mail alerts
• Support for Industry-standard interfaces and protocols: IPMI V2.0, CIM, and SNMP
• OS watchdogs
• Serial over LAN

78 Tech Sales Certification - System Management Study Guide

 • Server console serial redirection
• User authentication using a secure connection to a Lightweight Directory Access Protocol (LDAP) server

IMM2 Advanced (as enabled using the Features on Demand software license key) has the following features:
• Remote presence, including remote control of server via a Java or ActiveX client
• Supports up to four concurrent remote users
• Operating system failure screen capture and display through the web interface
• Video recorder and playback function
• Virtual media allowing the attachment of a diskette drive, CD/DVD drive, USB flash drive, or disk image to a server.

For servers with an SD Media adapter installed, you can configure volumes on those SD Cards for use by the IMM.

Note: For servers where only IMM2 Basic is installed (for example, x3100 M4, x3250 M4, nx360 M4), the use of IMM2
Advanced requires IMM2 Standard also be purchased and enabled.

The following table lists the IMM2 upgrades.

Note: The IMM2 Advanced upgrade requires the IMM2 Standard upgrade.

Table 1. IMM2 upgrade optoins

Integrated Management Module

In older System x servers, the Integrated Management Module (IMM) consolidates the service processor functionality,
Super I/O, video controller, and remote presence capabilities in a single chip on the server system board. The IMM
consolidates service processor functionality previously provided in the BMC and the Remote Supervisor Adapter II in
System x and BladeCenter products.

Lenovo offers two levels of IMM, Standard and Premium. If the server has IMM Standard functionality, it can be
upgraded to IMM Premium by purchasing and installing a Virtual Media Key (either part number 46C7526 or 46C7527,
depending on the server) on the server system board. This key is a physical component (Figure 1). However, no new
firmware is required. IMM Premium provides Remote Presence and Virtual Media capabilities. Figure 1 shows where
the Virtual Media Key is installed in one of the supported servers (x3620 M3).

Figure 1. Installing the Virtual Media Key in the System x3620 M3

79 Tech Sales Certification - System Management Study Guide

 IMM Standard has the following features:
• Access to server vital product data (VPD)

IMM and IMM2 Support on Lenovo Servers 2

• Advanced Predictive Failure Analysis (PFA) support
• Automatic notification and alerts
• Continuous health monitoring and control
• Choice of a dedicated or shared Ethernet connection
• Domain Name System (DNS) server support
• Dynamic Host Configuration Protocol (DHCP) support
• E-mail alerts
• Embedded Dynamic System Analysis (DSA)
• Enhanced user authority levels
• LAN over USB for in-band communications to the IMM
• Event logs that are time stamped, saved on the IMM, and that can be attached to e-mail alerts
• Support for Industry-standard interfaces and protocols: IPMI V2.0, CIM, and SNMP
• OS watchdogs
• Remote configuration through Advanced Settings Utility (ASU)
• Remote firmware updating
• Remote power control
• Secure web server user interface
• Serial over LAN
• Server console serial redirection
• User authentication using a secure connection to a Lightweight Directory Access Protocol (LDAP) server

IMM Premium (as enabled using the Virtual Media Key) adds the following features in addition to the features of IMM
Standard:
• Remote presence, including remote control of server
• Operating system failure screen capture and display through the web interface
• Virtual media allowing the attachment of a diskette drive, CD/DVD drive, USB flash drive, or disk image to a server

The following table lists the available Virtual Media Keys and their part numbers. Table 3 lists the key used in each
System x server. Note that three different part numbers exist. The parts are keyed to prevent insertion into the wrong
system.

Withdrawn: All three part numbers in the table are withdrawn from marketing.

Table 2. Virtual Media Key part numbers

System x server support

System x servers include either the Integrated Management Module II (newer systems) or the Integrated Management
Module (older systems).

Integrated Management Module II support

The following table lists the IMM2 service processors that are standard and optional for each System x server. The
values in the table have the following meanings:
• Standard: This level of functionality of IMM2 comes standard with the server.
• Upgrade: This level of functionality of IMM2 can be purchased as an option and enabled via Features on Demand
using the indicated part number.
• No: The server does not support this level of the IMM2 service processor.

80 Tech Sales Certification - System Management Study Guide

 Table 3. System x servers with IMM2

* For systems with only IMM2 Basic standard, the IMM2 Advanced upgrade requires IMM2 Standard (90Y3900) also
be purchased and enabled.

Integrated Management Module support

The following table lists the IMM offerings that are standard and optional for each System x server. The values in the
table have the following meanings:
• Standard: This IMM comes standard with the server.
• Upgrade: This IMM functionality can be purchased as an option via the Virtual Media Key (VMK) explained using the
indicated part number.
• No: The server does not support this version of the IMM service processor.

Table 4. System x servers with IMM

* The x3755 M3 includes an Aspeed AST-2050 Baseboard Management Controller (BMC). This BMC is different from
the BMCs in earlier servers and includes the IMM Premium feature set.

81 Tech Sales Certification - System Management Study Guide

 Flex System compute node support
Flex System compute nodes include the Integrated Management Module II and all have IMM2 Advanced enabled.

Table 5. Flex System compute nodes with IMM2

BladeCenter server support

The BladeCenter Management Module (MM) and Advanced Management Module (AMM) are the central points of
management for the BladeCenter chassis. As such, when the AMM is not responsive, the ability to perform normal
management on the chassis is significantly compromised. The AMM is Version 2 of the MM. The main differences are
that the AMM is USB based (instead of PS/2) and also has a feature to save service data. The service data collects
most of the useful information that is required to support the AMM.

Each BladeCenter chassis, with the exception of the BladeCenter S, supports a redundant pair of management
modules. The two management modules used in a chassis must be identical.

The MM/AMM is used to monitor, manage, configure, report logs, and update firmware from BladeCenter chassis
blades and I/O modules. Although the IMM is now included in some blade servers, the AMM remains the management
module for systems-management functions for BladeCenter and blade servers. There is no external network access
to the IMM on blade servers. The AMM must be used for remote management of blade servers. The IMM replaces the
functionality of the BMC and the Concurrent Keyboard, Video, and Mouse (cKVM) option card in past blade server
products:
• The Advanced Management Module for BladeCenter S, BladeCenter E, BladeCenter H, and BladeCenter HT is part
#25R5778.
• The Advanced Management Module for BladeCenter T is part # 32R0835.
• The original MMs have been withdrawn but were only supported in BladeCenter E (BC-E, part # 48P7055) and
BladeCenter T (BC-T, part # 90P3741).

All BladeCenter chassis models with the original MM installed can be upgraded to an AMM. In fact, most current
servers require that the chassis have AMMs installed.

The following table lists the service processors that are standard and optional in each BladeCenter chassis.

Table 6. Management models standard in each BladeCenter chassis

82 Tech Sales Certification - System Management Study Guide

 The following table lists the service processors that are standard for each of the currently available BladeCenter serv-
ers. For older servers, see the Lenovo Press document, Service Processors Supported in System x Servers , available
from: http://lenovopress.com/tips0146

Table 7. Service processors in BladeCenter servers

Useful links
These web pages provide addition information about the service processors in System x and BladeCenter servers:
Lenovo Press paper Using System x Features on Demand
http://lenovopress.com/redp4895

IBM Features on Demand web site

https://fod.lenovo.com/lkms

ServerProven
http://www.lenovo.com/us/en/serverproven/xseries/upgrades/smmatrix.shtml

IMM2 User’s Guide

http://publib.boulder.ibm.com/infocenter/systemx/documentation/topic/com.lenovo.sysx.imm2.doc/printable_doc.html

IMM User’s Guide

http://ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5079770

MM and AMM User’s Guide

http://ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5073887

MM and AMM Command Line Reference Guide

http://ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-54667

Lenovo Press document Service Processors Supported in System x Servers, covering Netfinity and xSeries as well as
the first generation of System x servers
http://lenovopress.com/tips0146

Related product families

Product families related to this document are the following:
• Blade Servers
• 1-Socket Rack Servers
• System Utilities
• 1-Socket Tower Servers
• 2-Socket Rack Servers
• 2-Socket Tower Servers
• 4-Socket Rack Servers
• 8-Socket Rack Servers

83 Tech Sales Certification - System Management Study Guide

 Notices
Lenovo may not offer the products, services, or features discussed in this document in all countries. Consult your local
Lenovo representative for information on the products and services currently available in your area. Any reference to a
Lenovo product, program, or service is not intended to state or imply that only that Lenovo product, program, or service
may be used. Any functionally equivalent product, program, or service that does not infringe any Lenovo intellectual
property right may be used instead. However, it is the user’s responsibility to evaluate and verify the operation of any
other product, program, or service. Lenovo may have patents or pending patent applications covering subject matter
described in this document. The furnishing of this document does not give you any license to these patents. You can
send license inquiries, in writing, to:

Lenovo (United States), Inc.

1009 Think Place - Building One
Morrisville, NC 27560
U.S.A.
Attention: Lenovo Director of Licensing

LENOVO PROVIDES THIS PUBLICATION ”AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR
IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MER-
CHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of express
or implied warranties in certain transactions, therefore, this statement may not apply to you.

This information could include technical inaccuracies or typographical errors. Changes are periodically made to the
information herein; these changes will be incorporated in new editions of the publication. Lenovo may make
improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without
notice.

The products described in this document are not intended for use in implantation or other life support applications
where malfunction may result in injury or death to persons. The information contained in this document does not affect
or change Lenovo product specifications or warranties. Nothing in this document shall operate as an express or
implied license or indemnity under the intellectual property rights of Lenovo or third parties. All information contained
in this document was obtained in specific environments and is presented as an illustration. The result obtained in other
operating environments may vary. Lenovo may use or distribute any of the information you supply in any way it believes
appropriate without incurring any obligation to you.

Any references in this publication to non-Lenovo Web sites are provided for convenience only and do not in any man-
ner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this
Lenovo product, and use of those Web sites is at your own risk. Any performance data contained herein was deter-
mined in a controlled environment. Therefore, the result obtained in other operating environments may vary signifi-
cantly. Some measurements may have been made on developmentlevel systems and there is no guarantee that these
measurements will be the same on generally available systems. Furthermore, some measurements may have been
estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for
their specific environment.

© Copyright Lenovo 2017. All rights reserved.

This document, TIPS0849, was created or updated on December 4, 2016.

Send us your comments in one of the following ways:

• Use the online Contact us review form found at:
http://lenovopress.com/TIPS0849
• Send your comments in an e-mail to:
[email protected]

This document is available online at http://lenovopress.com/TIPS0849.

84 Tech Sales Certification - System Management Study Guide

 Trademarks
Lenovo, the Lenovo logo, and For Those Who Do are trademarks or registered trademarks of Lenovo in the United
States, other countries, or both. A current list of Lenovo trademarks is available on the Web at
http://www3.lenovo.com/us/en/legal/copytrade/.

The following terms are trademarks of Lenovo in the United States, other countries, or both:
Advanced Settings Utility
BladeCenter®
Dynamic System Analysis
Flex System
Lenovo®
NeXtScale
Netfinity®
System x®
X5
iDataPlex®
xSeries®

The following terms are trademarks of other companies:

Access® and ActiveX® are trademarks of Microsoft Corporation in the United States, other countries, or both.

Other company, product, or service names may be trademarks or service marks of others.

85 Tech Sales Certification - System Management Study Guide

 Lenovo Flex System Products
and Technology

86 Tech Sales Certification - System Management Study Guide

Introduction
During the last 100 years, information technology moved from a specialized tool to a pervasive influence on nearly
every aspect of life. From tabulating machines that counted with mechanical switches or vacuum tubes to the first
programmable computers, innovators were part of this growth. The goal was always to help customers solve problems.

IT is a constant part of business and of general life. The expertise of these innovators in delivering IT solutions helped
the planet become more efficient. As organizational leaders seek to extract more real value from their data, business
processes, and other key investments, IT is moving to the strategic center of business.

To meet these business demands, new categories of systems emerged. These systems combine the flexibility of
general-purpose systems, the elasticity of cloud computing, and the simplicity of an appliance that is tuned to the
workload. These systems represent the collective knowledge of thousands of deployments, established guidelines,
innovative thinking, IT leadership, and distilled expertise.

These offerings are designed to deliver value in the following ways:

• Built-in expertise helps you to address complex business and operational tasks automatically.
• Integration by design helps you to tune systems for optimal performance and efficiency.
• Simplified experience, from design to purchase to maintenance, creates efficiencies quickly.

These systems are optimized for performance and virtualized for efficiency. These systems offer a no-compromise de-
sign with system-level upgradeability. The capability is built for cloud, which contains “built-in” flexibility and simplicity.

Lenovo Flex System combined with Lenovo XClarity Administrator is an converged infrastructure system with built-in
expertise that deeply integrates with the complex IT elements of an infrastructure.

Converged Systems for your infrastructure

To meet today’s complex and ever-changing business demands, you need a solid foundation of server, storage,
networking, and software resources. Furthermore, it must be simple to deploy and quickly and automatically adapt to
changing conditions. You also need access to (and the ability to use) broad expertise and proven guidelines in
systems management, applications, hardware maintenance, and more.

Lenovo and its business partners can deliver comprehensive infrastructure solutions that combine servers, storage,
networking, virtualization, and management in a single structure. Our solutions are delivered with built-in expertise that
enables organizations to manage and flexibly deploy integrated patterns of virtual and hardware resources through
unified management.

Flex System overview

Flex System is a full system of hardware that forms the underlying strategic basis of a Lenovo Converged Systems
blade offerings. Flex System optionally can include Lenovo XClarity Administrator, an advanced management solution
that operates within a virtual machine.

This section introduces the major components of the Flex System infrastructure.

Lenovo XClarity Administrator

Lenovo XClarity Administrator is a centralized resource management solution that is aimed at reducing complexity,
speeding response, and enhancing availability of Lenovo server systems and solutions. It provides agent-free
hardware management for Flex System compute nodes and components, including the Chassis Management Module
(CMM) and Flex System I/O modules. System x rack servers, Tower Server, ThinkServer, NeXtScale, storage systems
together with Top of Rack switching can also be managed.

Lenovo XClarity Administrator is a virtual appliance that is quickly imported into a virtualized environment, which gives
easy deployment and portability. It can be up and running incredibly quickly, discovering a Lenovo IT environment and
managing systems, without the need for any agents to be installed.

87 Tech Sales Certification - System Management Study Guide

 Figure 1-1 shows the Lenovo XClarity Administrator interface, in which both Flex System
components and rack servers are being managed and can be seen on the dashboard.

Figure 1-1 XClarity Administrator Dashboard

Flex System Enterprise Chassis

The Flex System Enterprise Chassis is the foundation of the Flex System offering, which features 14 standard (half-
width) Flex System form factor compute node bays in a 10U chassis that delivers high-performance connectivity for
your integrated compute, networking, and management resources.

The chassis is designed to support multiple generations of technology and offers independently scalable resource
pools for higher usage and lower cost per workload.

With the ability to handle up 14 standard width nodes that deliver independent two-socket Intel Xeon E5 servers (or
even accommodate an eight-socket single Intel Xeon E7 node), the Enterprise Chassis provides flexibility and tremen-
dous compute capacity in its 10U package.

Additionally, the rear of the chassis accommodates four high-speed I/O bays that can accommodate up to 40 GbE
high-speed networking, 16 Gb Fibre Channel, or 56 Gb InfiniBand. With interconnecting compute nodes, networking,
and storage that uses a high-performance and scalable mid-plane, the Enterprise Chassis can support the latest
high-speed networking technologies.

The ground-up design of the Enterprise Chassis reaches new levels of energy efficiency through innovations in power,
cooling, and air flow. By using simpler controls and futuristic designs, the Enterprise Chassis can break free of “one
size fits all” energy schemes.

The ability to support the workload demands of tomorrow’s workloads is built in with a new I/O architecture, which
provides choice and flexibility in fabric and speed. With the ability to use Ethernet, InfiniBand, Fibre Channel (FC),
Fibre Channel over Ethernet (FCoE), and iSCSI, the Enterprise Chassis is uniquely positioned to meet the growing
and future I/O needs of large and small businesses.

88 Tech Sales Certification - System Management Study Guide

 The Flex System Enterprise Chassis is shown in Figure 1-2.

Figure 1-2 The Flex System Enterprise Chassis

Flex System Carrier-Grade Chassis

A second chassis is available as a ruggedized chassis for Central Office environments.

The chassis is the same width and depth as the Enterprise Chassis and identical in its node, I/O module, CMM, and
Fan modules. At 11U, the Carrier-Grade Chassis is 1U higher than the Enterprise to allow for extra airflow. This added
1U air ducting allows for elevated temperature operation at ASHRAE 4 levels and for temporary elevated temperature
excursions to up to 55 °C.

This Carrier-Grade Chassis is designed to NEBS level 3 and ETSI certification levels. It is designed for operation
within earthquake zone 4 areas. The chassis supports -48 V DC power operation, as required for many Central Office
Telco environments.

89 Tech Sales Certification - System Management Study Guide

 The Flex System Carrier-Grade Chassis is shown in Figure 1-3.

Figure 1-3 Flex System Carrier-Grade Chassis

Compute nodes
Lenovo offers compute nodes that vary in architecture, dimension, and capabilities.

Optimized for efficiency, density, performance, reliability, and security, the portfolio comprises Intel Xeon
processor-based nodes that are designed to make full use of the capabilities of these processors, all of which can be
mixed within the same Enterprise Chassis.

Intel based nodes compute nodes are available in the following models that range from the two-socket to the
eight-socket Intel processor family:
• Intel Xeon E5-2600 v3 and E5-2600 v4 product families
• Intel Xeon E5-4600 v2 product family
• Intel Xeon E7-8800 v3, E7-4800 v3, and E7-2800 v2 product families

Up to 14 two-socket Intel Xeon E5-2600 servers can be deployed in a single enterprise chassis where high-density
cloud, virtual desktop, or server virtualization is wanted.

90 Tech Sales Certification - System Management Study Guide

 The x240 M5 Compute Node is shown in Figure 1-4. It is one from the extensive range of Intel processor-based
nodes that can be installed within the Flex System Chassis.

Figure 1-4 Flex System x240 M5 Compute Node

The nodes are complemented with leadership I/O capabilities of up to 16 channels of high-speed I/O lanes per
standard wide node bay and 32 lanes per full wide node bay. Various I/O adapters and matching I/O Modules are
available.

Expansion nodes
Expansion nodes can be attached to the x240 M5, which allow expansion of the node capabilities with locally attached
storage or more PCIe adapters.

The Storage Expansion Node provides locally attached disk expansion. Hot plug SAS and SATA disk are supported as
well as SSDs.

With the attachment of the PCIe Expansion Node, the node can have up to four PCIe adapters attached. High-
performance GPUs can also be installed within the PCIe Expansion Node which gives Virtual Desktop acceleration or
high-performance compute capabilities.

Storage
Flex System can be connected to various external storage systems from Lenovo as well as many other storage
vendors. The Lenovo Storwize V3700 storage enclosure is one such disk system that supports attachment to Flex
System.

There are various storage solutions that are available from third-party vendors. These vendors publish support
statements for end-to-end connectivity between their storage and the Flex System Chassis components.

I/O modules
By using the range of available modules and switches to support key network protocols, you can configure Flex
System to fit in your infrastructure. However, you can do so without sacrificing the ability to be ready for the future. The
networking resources in Flex System are standards-based, flexible, and fully integrated into the system. This
combination gives you no-compromise networking for your solution. Network resources are virtualized and managed
by workload. These capabilities are automated and optimized to make your network more reliable and simpler to
manage.

Flex System gives you the following key networking capabilities:

• Supports the networking infrastructure that you have today, including Ethernet, FC, FCoE, and InfiniBand.
• Offers industry-leading performance with 1 Gb, 10 Gb, and 40 Gb Ethernet; 8 Gb and 16 Gb Fibre Channel; QDR,
and FDR InfiniBand.
• Provides pay-as-you-grow scalability so you can add ports and bandwidth, when needed.

91 Tech Sales Certification - System Management Study Guide

Networking in data centers is undergoing a transition from a discrete traditional model to a
more flexible, optimized model. The network architecture in Flex System was designed to address the key challenges
that customers are facing today in their data centers. The key focus areas of the network architecture on this platform
are unified network management, optimized and automated network virtualization, and simplified network
infrastructure. Providing innovation, leadership, and choice in the I/O module portfolio uniquely positions Flex System
to provide meaningful solutions to address customer needs.

The Flex System Fabric EN4093R 10Gb Scalable Switch is shown in Figure 1-5.

Figure 1-5 Flex System Fabric EN4093R 10Gb Scalable Switch

This book
This book describes the Flex System products that are available from Lenovo, including all of the chassis and
chassis options, the full range of Intel nodes, expansion nodes and associated options. We also describe converged
system offerings that are available from Lenovo.

We cover the configuration tools that are used to configure (and price) a Lenovo Flex System and Lenovo
Converged System for Infrastructure. This book contains machine type model numbers, option part numbers, and
feature codes.

We cover the technology and features of the chassis, compute nodes, management features, connectivity, and
options, starting with a description of the systems management features of the Flex System product portfolio.

Systems management
Lenovo XClarity Administrator is designed to help you get the most out of your Flex System installation. By using this
highly capable management tool, you also can automate repetitive tasks. The management interface can significantly
reduce the number of manual navigational steps for typical management tasks. Benefit from simplified system setup
procedures, by using configuration patterns and built-in expertise to consolidate monitoring for physical and
virtual resources.

Chassis types: The management architecture of the Flex System Enterprise Chassis is identical to the
Flex System Carrier-Grade Chassis. Where the term Enterprise Chassis is used, it applies equally to both
chassis.
This chapter includes the following topics:
2.1, “Management network” on page 10
2.2, “Chassis Management Module” on page 12
2.3, “Security” on page 16
2.4, “Compute node management” on page 17
2.5, “Lenovo XClarity Administrator” on page 19

Management network
In the Flex System chassis, there are separate management and data networks. The management network is a private
and secure Gigabit Ethernet network. It is used to complete management-related functions throughout the chassis,
including management tasks that are related to the compute nodes, switches, storage, and the chassis.
92 Tech Sales Certification - System Management Study Guide
 The internal management network is shown in Figure 2-1 as the blue lines. It connects the Chassis Management
Module (CMM) to the compute nodes and the switches in the I/O bays. The management networks in multiple chassis
deployments can be connected through the external ports of the CMMs in each chassis, via a GbE top-of-rack switch.

Figure 2-1 Flex System management network with internal Lenovo XClarity Administrator

The data network is shown in Figure 2-1 as yellow lines. One of the key functions that the data network supports is
the discovery of operating systems running on the various network endpoints by Lenovo XClarity Administrator.

Lenovo XClarity Administrator is downloaded as a Virtual Machine image and can be installed onto a virtual machine
running either inside the chassis or outside. Depending on internet connections, the management system can be
installed and up and running, discovering manageable Lenovo systems in less than 30 minutes, offering impressive
time to value.

Lenovo XClarity Administrator not only manages Flex System chassis based products, it can also manage a mixed
environment of many differing Lenovo systems.

Systems that can be managed by Lenovo XClarity Administrator include:

• Flex System endpoints
• System x servers
• ThinkServer servers
• NeXtScale servers
• Converged HX Series appliances
• Lenovo DX storage solutions
• Lenovo S Series storage systems
• Lenovo RackSwitch switches

Lenovo XClarity Administrator can discover chassis in your environment by probing for manageable systems that are
on the same IP subnet as Lenovo XClarity Administrator by using a specified IP address or range of IP addresses or
by importing information from a spreadsheet.

Figure 2-1 on page 10 shows Lenovo XClarity Administrator deployed within a Flex System environment. Here, the
VM that contains Lenovo XClarity Administrator is installed within the Chassis on a node that is running a supported
hypervisor. In this example, there is a single network (management and data). All communications between Lenovo
XClarity Administrator and the network occurs over one (eth0) network interface on the host:

93 Tech Sales Certification - System Management Study Guide

 An alternative configuration might be where the virtual machine that contains Lenovo XClarity Administrator is
installed on a System x server, which is located outside the chassis. This configuration is shown Figure 2-2. Also
shown in this example is the alternative network configuration of two separate networks, in which eth0 is the blue
management network and eth1 is the data network.

Figure 2-2 Flex System Management network with external Lenovo XClarity Administrator

The Lenovo XClarity management network requires one or two network connections.

When only one network interface is present, the following conditions must be met:
• The interface must be configured to support the discovery and management of hardware.
It must communicate with the CMM in each managed chassis, the Integrated Management Module2 (IMM2) of each
managed compute node and rack server, and the Flex switches in each managed chassis.
• If you intend to acquire firmware updates from Lenovo’s electronic fix-distribution website, this interface must also
have connectivity to the Internet (typically through a firewall).
Otherwise, you must manually import firmware updates into the management-sever updates repository.
• If you intend to deploy operating system images to managed servers, the network interface must have IP network
connectivity to the server network interface that is used to access the host operating system and must be configured
with an IPv4 address.

When two network interfaces are (Eth0 and Eth1) present (as shown in Figure 2-2 on page 11), the following conditions
must be met:
• The Eth0 interface often is connected to the management network and used to discover and manage hardware. It
must communicate with the CMM of each managed chassis, the IMM2 of each managed server, and the Flex
switches that are installed in each managed chassis.
• If you intend to acquire firmware updates from the Fix Central website, the Eth0 interface must also have connectivity
to the Internet (typically through a firewall). Otherwise, you must import firmware updates into the management server
updates repository.
• If you intend to deploy operating system images to managed servers, the network interface must have IP network
connectivity to the server network interface that is used to access the host operating system and must be configured
with an IPv4 address.

94 Tech Sales Certification - System Management Study Guide

 When two network interfaces are (Eth0 and Eth1) present (as shown in Figure 2-2 on page 11), the following
conditions must be met:
• The Eth0 interface often is connected to the management network and used to discover and manage hardware. It
must communicate with the CMM of each managed chassis, the IMM2 of each managed server, and the Flex
switches that are installed in each managed chassis.
• If you intend to acquire firmware updates from the Fix Central website, the Eth0 interface
must also have connectivity to the Internet (typically through a firewall). Otherwise, you
must import firmware updates into the management server updates repository.
• The Eth1 interface often is connected to the data network (an internal data network, a
public data network, or both) and used to manage host operating systems.
• The network interface that you chose to use to deploy operating system images to the
managed servers must have IP-network connectivity to the server network interface that is
used to access the host operating system. It also must be configured with an IPv4 address.
• If you implemented a separate network for deploying operating systems, you can configure
Eth1 to connect to that network instead of the data network. However, if the operating system
deployment network does not have access to the data network, you must define another I/O
interface on that server when you install the operating system on a server so that the server host
has access to the data network.

For more information about the Lenovo XClarity Administrator features and functions, see
2.5, “Lenovo XClarity Administrator” on page 19.

Chassis Management Module

The CMM provides single-chassis management and is used to communicate with the management controller in each
compute node. It provides system monitoring, event recording, and alerts. It also manages the chassis, its devices,
and the compute nodes. The chassis supports up to two CMMs. If one CMM fails, the second CMM can detect its
inactivity, self-activate, and take control of the system without any disruption. The CMM is central to the
management of the chassis and is required in the Enterprise Chassis

CMM2 is the Chassis Management Module that is currently available from Lenovo. The original CMM is now
withdrawn from marketing.

Table 2-1 CMM2

a. Models: 8721-ALx, 8721-DLx, 8721-B1x, 8721-B2x, 8721-E3x, 8721-E4x and 8721-E5x

The next section describes the usage models of the CMM and its features.

For more information about the CMM see 3.6, “Chassis Management Module” on page 62.

95 Tech Sales Certification - System Management Study Guide

 Overview
The CMM is a hot-swap module that provides basic system management functions for all devices that are installed in
the Enterprise Chassis. A chassis includes at least one CMM and supports CMM redundancy.

Mixing of CMM versions: If two CMMs are installed in a Flex System chassis, they should
be of the same type. If a primary CMM2 is installed, the secondary must be a CMM2

The CMM is shown in Figure 2-3.

Figure 2-3 Chassis Management Module

Through an embedded firmware stack, the CMM implements functions to monitor, control, and
provide external user interfaces to manage all chassis resources. You can use the CMM to perform the following func-
tions:
• Define login IDs and passwords.
• Configure security settings, such as data encryption and user account security. The CMM
contains an LDAP client that can be configured to provide user authentication through one or
more LDAP servers. The LDAP server (or servers) to be used for authentication can be
discovered dynamically or manually pre-configured.
• Select recipients for alert notification of specific events.
• Monitor the status of the compute nodes and other components.
• Find chassis component information.
• Discover other chassis in the network and enable access to them.
• Control the chassis, compute nodes, and other components.
• Access the I/O modules to configure them.
• Change the start sequence in a compute node.
• Set the date and time.
• Use a remote console for the compute nodes.
• Enable multi-chassis monitoring.
• Set power policies and view power consumption history for chassis components.

Interfaces
The CMM supports a web-based graphical user interface (GUI) that provides a way to perform chassis management
functions within a supported web browser. You can also perform management functions through the CMM
command-line interface (CLI). The web-based and CLI interfaces are accessible through the single RJ45 Ethernet con-
nector on the CMM, or from any system that is connected to the same network.

96 Tech Sales Certification - System Management Study Guide

The CMM has the following default IPv4 settings:
• IP address: 192.168.70.100
• Subnet: 255.255.255.0
• User ID: USERID (all capital letters)
• Password: PASSW0RD (all capital letters, with a zero instead of the letter O)

The CMM does not have a fixed static IPv6 IP address by default. Initial access to the CMM in an IPv6 environment
can be done by using the IPv4 IP address or the IPv6 link-local address. The IPv6 link-local address is automatically
generated based on the MAC address of the CMM. By default, the CMM is configured to respond to DHCP first before
it uses its static IPv4address. If you do not want this operation to occur, connect locally to the CMM and change
the default IP settings. For example, you can connect locally by using a notebook. The web-based GUI brings together
all of the functionality that is needed to manage the chassis elements in an easy-to-use fashion consistently across all
System x IMM2 based platforms.

The CMM login window is shown in Figure 2-4.

Figure 2-4 CMM login window

97 Tech Sales Certification - System Management Study Guide

 An example of the CMM home page after login is shown in Figure 2-5.

Figure 2-5 Initial view of CMM after login

Security
Today’s world of computing demands tighter security standards and native integration with computing platforms. For
example, the push towards virtualization increased the need for more security. This increase comes as more
mission-critical workloads are consolidated on to fewer and more powerful servers. The Flex System Enterprise Chassis
takes a new approach to security with a ground-up chassis management design to meet new security standards.
The following security enhancements and features are provided in the chassis:
• Single sign-on (central user management)
• End-to-end audit logs
• Secure boot: Tivoli Provisioning Manager and CRTM
• Intel TXT technology (Intel Xeon based compute nodes)
• Signed firmware updates to ensure authenticity
• Secure communications
• Certificate authority and management
• Chassis and compute node detection and provisioning
• Role-based access control
• Security policy management
• Same management protocols that are supported on BladeCenter AMM for compatibility with earlier versions
• Insecure protocols are disabled by default in CMM, with Locks settings to prevent user from inadvertently or
maliciously enabling them
• Supports up to 84 local CMM user accounts
• Supports up to 32 simultaneous sessions
• CMM supports LDAP authentication

The Enterprise Chassis ships Secure and supports the following security policy settings:
Secure: Default setting to ensure a secure chassis infrastructure and includes the following features:
– Strong password policies with automatic validation and verification checks
– Updated passwords that replace the manufacturing default passwords after the initial setup
– Only secure communication protocols, such as Secure Shell (SSH) and Secure Sockets Layer (SSL)

98 Tech Sales Certification - System Management Study Guide

 Legacy: Flexibility in chassis security, which includes the following features:
– Weak password policies with minimal controls
– Manufacturing default passwords that do not have to be changed
– Decrypted communication protocols, such as Telnet, SNMPv1, TCP Command Mode,
FTP Server, and TFTP Server
Trusted Platform Module (TPM):
– CMM2: Trusted Platform Module v2.0

The centralized security policy makes Enterprise Chassis easy to configure. All components
run with the same security policy that is provided by the CMM. This consistency ensures that
all I/O modules run with a hardened attack surface.

The CMM and Lenovo XClarity Administrator each have their own independent security
policies that control, audit, and enforce the security settings. The security settings include the
network settings and protocols, password and firmware update controls, and trusted
computing properties.

Compute node management

Each node in the Enterprise Chassis has a management controller that communicates upstream through the CMM-
enabled 1 GbE private management network that enables management capability.

The management controllers for the various Enterprise Chassis components have the following default IPv4
addresses:
• CMM: 192.168.70.100
• Compute nodes: 192.168.70.101-114 (corresponding to the slots 1 - 14 in the chassis)
• I/O Modules: 192.168.70.120-123 (sequentially corresponding to chassis bay numbering)

In addition to the IPv4 address, all I/O modules support link-local IPv6 addresses and configurable external IPv6 ad-
dresses.

Integrated Management Module II

The IMM2 is integrated into the Intel Nodes within the chassis. The IMM2 incorporates a web-based user interface that
provides a common appearance and design across all System x and Flex System products.

In addition to the interface, the following other major enhancements from the previous IMMv1are included:
• Faster processor and more memory
• IMM2 manageable “northbound” from outside the chassis, which enables consistent management and scripting with
System x rack servers

Remote presence:
– Increased color depth and resolution for more detailed server video
– Active X client in addition to Java client
– Increased memory capacity (~50 MB) provides convenience for remote software installations
• No IMM2 reset is required on configuration changes because they become effective immediately without restart
• Hardware management of non-volatile storage
• Faster Ethernet over USB
• 1 Gb Ethernet management capability
• Improved system power-on and boot time
• More detailed information for UEFI detected events enables easier problem determination and fault isolation
• User interface meets accessibility standards (CI-162 compliant)
• Separate audit and event logs
• “Trusted” IMM with significant security enhancements (CRTM/TPM, signed updates, authentication policies, and so
on)
• Simplified update and flashing mechanism
• Syslog alerting mechanism provides an alternative to email and SNMP traps
• Support for Features on Demand (FoD) enablement of server functions, option card features, and System x solutions
and applications
• First Failure Data Capture: One button web press starts data collection and download
99 Tech Sales Certification - System Management Study Guide
 For more information about IMM2 as implemented in Flex System compute nodes, see Chapter 5, “Compute nodes” on
page 213.

For more information, see Integrated Management Module II User’s Guide available from:
https://download.lenovo.com/servers_pdf/nn1jz_book.pdf

I/O modules
The I/O modules include the following base functions:
• Initialization
• Configuration
• Diagnostic tests (power-on and concurrent)
• Status Reporting

The following set of protocols and software features also are supported on the I/O modules:
• A configuration method over the Ethernet management port.
• A scriptable SSH CLI, a web server with SSL support, Simple Network Management Protocol v3 (SNMPv3) Agent with
alerts, and a sFTP client.
• Server ports that are used for Telnet, HTTP, SNMPv1 agents, TFTP, FTP, and other insecure protocols are DISABLED
by default.
• LDAP authentication protocol support for user authentication.
• For Ethernet I/O modules, 802.1x enabled with policy enforcement point (PEP) capability to allow support of TNC
(Trusted Network Connect).
• The ability to capture and apply a switch configuration file and the ability to capture a first failure data capture (FFDC)
data file.
• Ability to transfer files by using URL update methods (HTTP, HTTPS, FTP, TFTP, and sFTP).
• Various methods for firmware updates, including FTP, sFTP, and TFTP. In addition, firmware updates by using a URL
that includes protocol support for HTTP, HTTPs, FTP, sFTP, and TFTP.
• SLP discovery and SNMPv3.
• Ability to detect firmware and hardware hangs and to pull a “crash-failure memory dump” file to an FTP (sFTP) server.
• Selectable primary and backup firmware banks as the current operational firmware.
• Ability to send events, SNMP traps, and event logs to the CMM, including security audit logs.
• IPv4 and IPv6 on by default.
• The CMM management port supports IPv4 and IPv6 (IPV6 support includes the use of link local addresses. Port
mirroring capabilities:
– Port mirroring of CMM ports to internal and external ports.
– For security reasons, the ability to mirror the CMM traffic is hidden and is available to development and
service personnel only.
• Management virtual local area network (VLAN) for Ethernet switches: A configurable management 802.1q tagged
VLAN in the standard VLAN range of 1 - 4094. It includes the CMM’s internal management ports and the I/O modules
internal ports that are connected to the nodes.

100 Tech Sales Certification - System Management Study Guide

Lenovo XClarity Administrator
Lenovo XClarity Administrator is centralized resource management solution that is aimed at reducing complexity,
speeding response, and enhancing availability of Lenovo server systems and solutions. Lenovo XClarity Administrator
provides agent-free hardware management for System x rack servers and Flex System compute nodes and
components, including the CMM and Flex System I/O modules. It is an ideal management platform for the Lenovo Flex
System.

Lenovo XClarity Administrator is a virtual appliance that is quickly imported into a virtualized environment, which gives
easy deployment and portability. This virtualized appliance design is a key advantage because there is no need to
dedicate a node bay. The VM can be hosted on a physical server located either inside or outside of the Chassis.

Managed endpoints do not need special software agents or drivers to be installed or maintained to be managed by
Lenovo XClarity Administrator. Being agentless also means that Lenovo XClarity Administrator removes operating
system dependency and is one less component to certify in the workload stack, which results in management simplicity.

Because Lenovo XClarity Administrator is a virtual appliance, it can use VMware High Availability and Hyper-V
clustering for failover capability.

The administration dashboard based on HTML 5 allows fast location of resources so tasks can be run quickly. Because
Lenovo XClarity Administrator does not have any agent software that is installed on the managed endpoints, there are
no CPU cycles that are spent on agent execution and no memory used. Therefore, up to 1 GB of RAM and 1 - 2% CPU
usage is saved, compared to a typical managed system in which an agent is required.

With a simplified administration dashboard, the following functions are easily achieved:
• Discovery
• Inventory
• Monitoring
• Firmware updates
• Firmware compliance
• Configuration management
• Deployment of operating systems and hypervisors to bare metal servers

Fast time to value is realized through automatic discovery of existing or new Lenovo System x rack servers and Flex
System infrastructure. Inventory of the discovered endpoints is gathered, so an at-a-glance view of the managed
hardware inventory and its status is possible.

A centralized view of events and alerts that are generated from managed endpoints, such as Flex System chassis,
System x servers, and Flex System switches, is available. When an issue is detected by a managed endpoint, an event
is passed to Lenovo XClarity Administrator. Alerts and events are visible via the XClarity Administrator Dashboard, the
Status bar, and via the Alerts and Events detail for the specific system.

Firmware management is simplified by assigning compliance policies to managed endpoints. The compliance policy can
be created and XClarity Administrator monitors changes to the hardware inventory and flags any previous non-compliant
systems.

Configuration management uses pattern-based configurations to quickly provision and reprovision a single server or mul-
tiple servers and compute nodes, all with a single set of configuration settings. Address pools can be configured to assist
with deployments. Category patterns are used to create configuration patterns that can be deployed to server profiles.

Provisioning enables firmware management, configuration, and bare metal deployment. VMware ESXi, Windows Server,
and Red Hat Linux images can be imported and held in a repository for images. Up to 28 OS images can be deployed
concurrently.

If you must be compliant to NIST SP 800-131A or FIPS 140-2, Lenovo XClarity Administrator can help you achieve a
fully compliant environment. Lenovo XClarity Administrator supports self-signed SSL certificates (which are issued by an
internal certificate authority) or external SSL certificates (private or commercial CA). Lenovo XClarity includes an audit
log that provides a historical record of user actions, such as logging on, new users, or changing user passwords.

If you must be compliant to NIST SP 800-131A or FIPS 140-2, Lenovo XClarity Administrator can help you achieve a

101 Tech Sales Certification - System Management Study Guide

 fully compliant environment. Lenovo XClarity Administrator supports self-signed SSL certificates (which are issued by
an internal certificate authority) or external SSL certificates (private or commercial CA). Lenovo XClarity includes an
audit log that provides a historical record of user actions, such as logging on, new users, or changing user passwords.

Lenovo XClarity can be integrated into external, higher-level management, automation, and orchestration platforms
through open REST application programming interfaces (APIs). This ability means Lenovo XClarity can easily
integrate with your management infrastructure.

Lenovo XClarity Administrator management tasks

By using Lenovo XClarity, you can perform the following main tasks:
• User management
Lenovo XClarity Administrator provides a centralized authentication server to create and manage all user
accounts and to manage and authenticate user credentials. The authentication server is created automatically
when the management server first starts.

The User accounts that are used to log on and manage the Lenovo XClarity Administrator are also used for all
chassis and servers that are managed by the Lenovo XClarity Administrator. When you create a user account,
you control the level of access (such as whether the account has read/write authority or read-only authority)
by using predefined role groups.

• Hardware monitoring
Lenovo XClarity Administrator provides a centralized view of events and alerts that are generated from
managed endpoints, such as chassis, servers, and Flex System switches. When an issue is detected by the
CMM or device that is installed in the chassis, an event is passed to the Lenovo XClarity Administrator. That
event is displayed in the alerts list that is available within the user interface. A status bar also is available that
provides overall status information about the main XClarity Administrator interface.

• Hardware management
There are various management tasks for each supported endpoint, including viewing status and properties,
configuring system information and network settings, starting the CMM/IMM web interface, and remotely
controlling the System x or Flex system node.

• Configuration management
Configuration patterns provide a way to ensure that you have a consistent configuration that is applied to
managed servers. Server patterns are used to provision or pre-provision a managed server by configuring
local storage, I/O adapters, boot setting, firmware, ports, IMM, and UEFI settings. Server patterns also
integrate support for virtualizing I/O addresses, so you can virtualize Flex System fabric connections or
repurpose servers without disruption to the fabric.

• Operating system deployment

Lenovo XClarity Administrator can be used to manage the operating system images repository and deploy
operating system images to managed servers. To deploy an operating system image from Lenovo XClarity, at
least one of the network interfaces (Eth0 or Eth1) must have IP network connectivity to the server network
interface that is used to access the host operating system and must be configured with an IPv4 address.
• Firmware updates
Within Lenovo XClarity, you can manage the firmware updates repository and apply and activate firmware
updates for all managed endpoints. Compliance policies can be instigated to flag managed endpoints that do
not comply with the firmware rules that are defined. Refreshing the repository and downloading updates
requires an Internet connection. If Lenovo XClarity has no Internet connection, you can manually import
updates to the repository.
• Task automation that uses scripts
Lenovo XClarity Administrator can run provided cmdlets in a Microsoft PowerShell session to automate certain
management functions. The cmdlets use Lenovo XClarity REST APIs and can automate the following
functions:
– Logging in to Lenovo XClarity Administrator
– Managing user accounts
– Managing a chassis
– Deploying an operating system image to one or more compute nodes or rack servers
– Configuring compute nodes and rack servers by using configuration patterns
102 Tech Sales Certification - System Management Study Guide
Lenovo XClarity Administrator licensing
Lenovo XClarity Administrator is available in two distinct editions:
• Lenovo XClarity Administrator
• Lenovo XClarity Pro

The differences between each version of Lenovo XClarity is shown in Table 2-2.

Table 2-2 XClarity

Administrator editions

As can be seen in Table 2-2 on page 21, Lenovo XClarity Administrator is available for
download and operation at no charge, however in this form it has no service or support as
standard and comes with a limited time 90 day evaluation of bare metal deployment and
configuration patterns.

Lenovo XClarity Administrator can be downloaded at no charge from the following website:
http://shop.lenovo.com/us/en/systems/software/systems-management/xclarity/

XClarity Pro is available with 1-year, 3-year, or 5-years software subscription and support and
comes with full function, including configuration patterns and bare metal deployment.

Lenovo XClarity Pro is available either on a per managed server or per managed chassis basis. The Per managed
chassis offers advantageous licensing cost model, because the entire chassis can be licensed for management which
includes all the nodes that are installed within. In addition the XClarity Pro includes support and service for XClarity
Integrators.

The one-time charge for the product includes the license, software subscription, and support.
It is delivered as proof of entitlement via the Lenovo Electronic Software Delivery (ESD) process.

This provides electronic proof of entitlement (ePOE) and the client receives this ePOE via an
e-mail, to the e-mail address that was entered at the time of order. The ePOE contains
customer name, contact, customer number and order reference number. It also details the
software subscription and support part number, description and coverage dates. Its vital that
the correct client e-mail address is entered at the time of placing an order with Lenovo.

The client also receives an ESD welcome letter via e-mail, that is issued approximately 2-3 days after the proof of
entitlement is sent. This contains instructions on how to log in to the ESD portal and gain access to the software via
four secure download options.

For assistance with ePOE for Lenovo XClarity Pro, refer to the following website:
https://lenovoesd.flexnetoperations.com/control/lnvo/manualsupport

The part numbers for both per managed chassis and per managed server, are shown in Table 2-3 and Table 2-4
below.
Table 2-3 Lenovo XClarity Pro per managed chassis

103 Tech Sales Certification - System Management Study Guide

 Note: Managed Chassis licensing is often a more cost effective way to license Flex System deployments.

Table 2-4 Lenovo XClarity Pro per managed server

Lenovo XClarity host requirements

The Lenovo XClarity management appliance runs in a virtual machine on the host system.

The host system that is running the Lenovo XClarity virtual machine features the following minimum hardware
requirements:
• Two virtual microprocessors
• 6 GB of memory
• A minimum of 64 GB of storage for use by Lenovo XClarity

The following Hypervisors are supported for installing Lenovo XClarity:

• Microsoft Windows Server 2016 with Hyper-V installed
• Microsoft Windows Server 2012 R2 with Hyper-V installed
• Microsoft Windows Server 2012 with Hyper-V installed
• VMware ESXi 6.0 U1 and U2
• VMware ESXi 5.5 U1 and U2
• VMware ESXi 5.1 U1, U2, and U3

For VMware, the virtual machine is available as an OVF template. For Hyper-V, the virtual machine is a virtual disk
image.

NUMA and Hyper-V: For Hyper-V environments that run on Linux guests with a 2.6 kernel base and that
use large amounts of memory for the virtual appliance, you must disable the use of non-uniform memory
access (NUMA) on the Hyper-V Settings Panel from Hyper-V Manager. Changing this setting requires you
to restart the Hyper-V service, which also restarts all running virtual machines. If this setting is not disabled,
Lenovo XClarity Administrator virtual appliance might experience problems during initial startup.

Supported managed endpoints

Table 2-5 on page 25 lists the Flex System compute nodes, System x servers, and other devices that can be managed
by Lenovo XClarity.

Where support with some limited functions is listed in Table 2-5 on page 25, the following functions are restricted:
• Servers and compute nodes: Servers with IBM signed firmware are supported as listed
Table 2-5 on page 25; however, the following functions are not available:
– Processor and memory usage data
– RAID-link configuration (configuration management by using patterns)

I/O Modules: I/O modules with IBM signed firmware are supported as listed in Table 2-5 on page 25; however, the fol-
lowing functions are not available:
– Aggregated event and audit logs
– Network configuration (port configuration via configuration management by using patterns)

104 Tech Sales Certification - System Management Study Guide

 • Chassis Management Module: For full function, the Flex System Enterprise Chassis requires one or two Chassis
Management Module 2 (CMM2) installed (part number 00FJ669). The CMM2 features Lenovo signed firmware. A
chassis that contains a first-generation CMM with IBM signed firmware is supported; however, the following functions
are not available:
– Aggregated event and audit logs from I/O Modules
– Network configuration (port configuration via configuration management that uses patterns)
• V7000 Storage Node: Lenovo XClarity provides Support with some functions that are limited for Flex System V7000
Storage Nodes, including displaying status and detailed information, powering on and off, virtually reseating the
canisters, and starting the management module.

CMM: It is not possible for a CMM that is signed by IBM and a CMM2 that is signed by Lenovo to be
installed within a chassis at the same time. The firmware on a CMM cannot be upgraded to make a CMM2
because they contain different hardware.

There are minimum levels of firmware that is required for each managed endpoint. During installation and discovery,
Lenovo XClarity prompts the user where firmware can be updated to allow management of CMM, nodes, I/O Modules.
All endpoints in a Flex System chassis must be at the same software level.

Table 2-5 Supported compute nodes, chassis, and I/O modules

105 Tech Sales Certification - System Management Study Guide

 a. Not manageable from within Lenovo XClarity Administrator, but is recognized as present within the chassis map.
b. For Lenovo XClarity Administrator v1.0.1, downlink ports cannot be configured using Configuration Patterns, they
must be configured using the management interface for the Flex switch.
c. Centralized user management is not supported, Audit events are not forwarded to Lenovo XClarity Administrator,
downlink ports on these endpoints cannot be configured using Configuration Patterns, they must be configured
using the management interface for the Flex switch.

For more information about support, see the following Flex System Information Center website:
http://publib.boulder.ibm.com/infocenter/flexsys/information/index.jsp?topic=/com.lenovo.lxca.doc/plan_supportedhw.
html

Chassis and infrastructure configuration

There are two available Flex System chassis: the Enterprise Chassis and the Carrier-Grade Chassis.

The Lenovo Flex System Enterprise Chassis (machine type 8721) is a 10U next-generation
server platform with integrated chassis management. It is a compact, high-density,
high-performance, rack-mount, scalable platform system.

The Carrier-Grade Chassis (machine type 7385) is also available for use in harsher Telecommunications environments
where NEBS Level 3 or ETSI certification is required. This chassis is based on the Flex System Enterprise Chassis,
and incorporates extra cooling capability for elevated temperature operation. The Carrier-Grade chassis is 11U in
height.

Both chassis support up to 14 standard compute nodes. The compute nodes share common resources, such as power,
cooling, management, and I/O resources within a single chassis.

This chapter includes the following topics:

3.1, “Enterprise Chassis” on page 28
3.2, “Carrier-Grade Chassis” on page 33
3.3, “Fan modules” on page 42
3.4, “Cooling” on page 47
3.5, “Power supplies” on page 53
3.6, “Chassis Management Module” on page 62
3.7, “Other chassis components” on page 65
3.8, “Infrastructure planning” on page 69
3.9, “42U 1100mm Enterprise V2 Dynamic Rack” on page 81
3.10, “Rear Door Heat eXchanger V2 Type 1756” on page 86

Enterprise Chassis
The Enterprise Chassis is shown in Figure 3-1 as seen from the front. The front of the chassis includes 14 horizontal
bays with removable dividers with which nodes and expansion nodes can be installed within the chassis. Nodes can be
Compute or Expansion type. The nodes can be installed when the chassis is powered.

106 Tech Sales Certification - System Management Study Guide

 Figure 3-1 Lenovo Flex System Enterprise Chassis

The chassis uses a die-cast mechanical bezel for rigidity so that the chassis can be shipped with nodes installed. This
chassis construction features tight tolerances between nodes, shelves, and the chassis bezel. These tolerances ensure
accurate location and mating of connectors to the midplane.

The Enterprise Chassis supports the following major components:

• A total of 14 standard (half-wide) node bays. Also supported are seven, two-bay or three, four-bay nodes with the
shelves removed. A single eight-bay node is also supported.
• 2500 W or 2500 W -48 V DC power modules
• Up to six power modules to provide N+N or N+1 redundant power
• A total of 10 fan modules (eight 80 mm fan modules and two 40 mm fan modules)
• Four physical I/O modules
• An I/O architectural design that can provide the following features:
– Up to eight lanes of I/O to an I/O adapter. Each lane capable of up to 16 Gbps.
– A maximum of 16 lanes of I/O to a half-wide node with two adapters.
– Various networking solutions that include Ethernet, Fibre Channel, FCoE, Fabric Extender, and InfiniBand.
• Two Chassis Management Modules (CMMs). The CMM provides single-chassis management support.

More Console Breakout Cables can be ordered, if required. The Console Breakout Cable connects to the front of a
node and allows Keyboard, Video, USB, and Serial connections to be attached locally to that node. For more informa-
tion about alternative methods, see 3.8.5, “Console planning” on page 77. The CMM includes built-in console redirec-
tion via the CMM Ethernet port.

The ordering part number and feature code for the breakout cable are listed in Table 3-1.

Table 3-1 Ordering part number and feature code

The component parts of the chassis with the shuttle removed are shown in Figure 3-2. The shuttle forms the rear of
the chassis where the I/O Modules, power supplies, fan modules, and CMMs are installed. The Shuttle is removed only
to gain access to the midplane or fan distribution cards in the rare event of a service action.

107 Tech Sales Certification - System Management Study Guide

 Figure 3-2 Enterprise Chassis component parts

Within the chassis, a personality card holds vital product data (VPD) and other information that is relevant to the
particular chassis. This card can be replaced only under service action and is not normally accessible. The personality
card is attached to the midplane, as shown in Figure 3-34 on page 67.

Models
The components that comprise each model of the Enterprise Chassis are listed in Table 3-2.

Table 3-2 Enterprise Chassis model configurations

108 Tech Sales Certification - System Management Study Guide

 a. Model B1x includes two Flex System EN4023 10Gb Scalable Switches, 94Y5212 and two Flex System EN4023
10Gb Scalable Switch (FoD 3) upgrades, 47C9993. The FoD 3 upgrade enables FCoE on all active ports of the
switches.
b. Model B2x includes two Flex System EN4023 10Gb Scalable Switches, 94Y5212 and two Lenovo Flex System
FC5022 24-port 16Gb SAN Scalable Switch, 00Y3324.
c. Models E3U and E4U include two Flex System Fabric SI4093 System Interconnect Modules, 00FM518 or two Flex
System Fabric CN4093 10Gb Converged Scalable Switches, 00FM510, respectively.

Comprehensive information of previously released chassis models some of which contained the CMM, together with
compatibility of Flex System Nodes and options can be found in the Flex Systems Interoperability Guide (FSIG). This is
an excellent resource to assist with upgradeability of existing systems that are already in production. The FSIG can be
found at the following website: http://www.lenovopress.com/fsig

Front of the chassis

The bay numbers and air apertures on the front of the Enterprise Chassis are shown in Figure 3-3.

Figure 3-3 Front view of the Enterprise Chassis

The chassis includes the following features on the front:

• The front information panel on the lower left of the chassis
• Bays 1 - 14 that support nodes
• Lower airflow inlet apertures that provide air cooling for switches, CMMs, and power supplies
• Upper airflow inlet apertures that provide cooling for power supplies

109 Tech Sales Certification - System Management Study Guide

 For efficient cooling, each bay in the front or rear of the chassis must contain a device or filler.

The Enterprise Chassis provides several LEDs on the front information panel that can be used to obtain the status of
the chassis. The Identify, Check log, and Fault LED are also on the rear of the chassis for ease of use.

Rear of the chassis

The rear view of the chassis is shown in Figure 3-4.

Figure 3-4 Rear view of Enterprise Chassis

110 Tech Sales Certification - System Management Study Guide

 The following components can be installed into the rear of the chassis:
• Up to two CMMs.
• Up to six power supply modules (2500 W AC or 2500 W -48 V DC). Installed power supplies must
all be of the same type.
• Up to six fan modules that consist of four 80 mm fan modules and two 40 mm fan modules. The
two 40 mm fan modules are included within the chassis as standard. More 80 mm fan modules
can be installed for a total of 10 modules.
• Up to four I/O modules.

Specifications
The specifications of the Enterprise Chassis MT 8721 are listed in Table 3-3.

Table 3-3 Enterprise Chassis specifications

111 Tech Sales Certification - System Management Study Guide

 For data center planning, the AC operating range is 200 - 240 V AC. Operation at 110 V AC is not supported.

The Flex System Enterprise Chassis is rated to a maximum operating temperature of 40 °C. 3.2

Carrier-Grade Chassis
The Flex System Carrier-Grade Chassis is based on the leading-edge design of the Flex System Enterprise Chassis.
It has an extra 1U air inlet to provide more cooling for operation at elevated temperatures so is 11U high in total.

The Carrier-Grade chassis and supported nodes, I/O Modules, and options were tested to NEBS Level 3 and ETSI
standards for operation in the harsher conditions that are found in remote Central Office Telecommunications
environments. The Carrier-Grade chassis is rated to a maximum operating temperature of 45 °C and temporary
excursions to 55 °C for up to four days of operation are permitted.

112 Tech Sales Certification - System Management Study Guide

 Figure 3-5 shows the Flex System Carrier-Grade chassis with 14 x240 M5 nodes installed.

The Carrier-Grade chassis is designed and tested for operation in harsh environments, such as Central Offices (COs)
that are commonly found in the Telecommunications industry.

A CO generally is used to house the equipment that is needed for the processing and routing of telephone and data
traffic. COs also are commonly known as telephone exchanges, telephone switching centers, or wire centers. They
often are a windowless building that is built of concrete or brick, in some cases raised above the ground level to
prevent flooding. The buildings often are designed with a resilience to earthquake damage. The ability to withstand
extreme climatic conditions (such as tornados, earthquakes, and flooding) is often designed into the buildings
construction.

High security also is wanted to prevent unauthorized access and protect the security of data that is being switched.
Equipment and systems that are housed within the CO are often resilient to loss of power, building air conditioning, and
outbreak of fire. The demand for packet-switching is increasing, so the need for more compute servers and
higher-bandwidth connections to provide enhanced services to Telecommunications provider clients is driving an
adoption of computing systems for these environments. The Carrier-Grade Chassis is designed to operate in such
environments.

The chassis is ASHRAE 4 compliant. This compliance allows normal operation of the chassis to a maximum operating
temperature of 45° C with temporary elevated temperature excursions of up to 55° C for 96 hours. This ability can be
advantageous for COs that in remote areas. If the air conditioning systems fail on a Friday, the chassis can be
operated at temperatures above 45° C during a weekend and repairs can be made on the following Monday morning to
return the temperature to normal.

The chassis is designed to operate in Earthquake Zone 4 areas.

The testing that takes place as part of Network Equipment-Building System (NEBS) and ETSI European
Telecommunications Standards Institute (ETSI) compliance includes items, such as temperature, humidity, vibration,
electromagnetic compatibility, electromagnetic interference, ESD range, and flame spread.

113 Tech Sales Certification - System Management Study Guide

 The following ETSI standards are supported:
• EN 300 386, Electromagnetic compatibility and Radio spectrum Matters (ERM), Telecommunication network
equipment, and Electromagnetic Compatibility (EMC) requirements
• EN 300 132-2, Equipment Engineering (EE), Power supply interface at the input to telecommunications equipment,
and Part 2: Operated by direct current (DC)
• EN 300 132-3, Equipment Engineering (EE), Power supply interface at the input to telecommunications equipment,
Part 3: Operated by rectified current source, and alternating current (AC) source or DC source up to 400 V
ETSI 300 019, Environmental conditions, and environmental tests for telecommunications equipment
• EN 300 753, Acoustic noise

The Carrier-Grade chassis supports the following major components:

• A total of 14 standard (half-wide) node bays.
-48 V DC power modules.
• Up to six power modules to provide N+N or N+1 redundant power.
• Ten fan modules (eight 80 mm fan modules and two 40 mm fan modules).
• Four physical I/O modules.
• An I/O architectural design that can provide the following features:
– Up to eight lanes of I/O to an I/O adapter. Each lane capable of up to 16 Gbps.
– A maximum of 16 lanes of I/O to a half-wide node with two adapters.
– Various networking solutions that include Ethernet, Fibre Channel, and FCoE
• Two Chassis Management Module 2s (CMM2). The CMM2 provides single-chassis management support.
• ESD wrist strap attachment points front and rear.

The components of the Carrier-Grade chassis are shown in Figure 3-6 and often are identical to the Enterprise
Chassis.

114 Tech Sales Certification - System Management Study Guide

 Figure 3-6 Flex System Carrier-Grade component parts

Models
The components of the standard model are listed in Table 3-4.

Table 3-4 Models of the Carrier-Grade Chassis

Front of the chassis

The bay numbers and air apertures on the front of the Carrier-Grade Chassis are shown in Figure 3-3.

The chassis includes the following features on the front:

• The front information panel on the lower left of the chassis
• Bays 1 - 14 that are for supported compute nodes
• Lower airflow inlet apertures (same as the Enterprise Chassis) and a 1U extra airflow inlet to
provide air cooling for switches, CMMs, and power supplies
• Upper airflow inlet apertures that provide cooling for power supplies

As with the Enterprise Chassis, the Carrier-Grade Chassis provides several LEDs on the front
information panel that can be used to obtain the status of the chassis. The Identify, Check log,
and Fault LED also are on the rear of the chassis for ease of use.

Rear of the chassis

The rear view of the chassis is shown in Figure 3-4 on page 32. The only difference between
this chassis and the Enterprise Chassis is the extra 1U at the base of the Carrier-Grade
Chassis.

115 Tech Sales Certification - System Management Study Guide

 Figure 3-8 Rear view of Enterprise Chassis

The following components can be installed into the rear of the chassis:
• Up to two CMMs.
• Up to six 2500 W -48 V DC power supply modules.
• Up to six fan modules that consist of four 80 mm fan modules and two 40 mm fan modules. The two 40 mm fan
modules are included within the chassis as standard. More 80 mm fan modules can be installed for a total of 10
modules.
• Up to four I/O modules.
• Unique to the Carrier-Grade Chassis are two earth ground studs and the ESD wrist strap attachment point can be
seen in the lower 1U section of the chassis.

The Chassis has the same rack mounting rail kit as the Flex System Enterprise Chassis, which can be installed
quickly into four post racks with circular or square holes.

116 Tech Sales Certification - System Management Study Guide

 Specifications
The specifications of the Carrier-Grade Chassis are listed in Table 3-5.

Table 3-5 Enterprise Chassis specifications

117 Tech Sales Certification - System Management Study Guide

 Table 3-6 lists the compute node components that are supported when they are installed in the Carrier-Grade Chassis
and meet the NEBS and ETSI requirements.

Table 3-6 NEBS and ETSI supported compute node components

Air filters
To support NEBS and ETSI compliance, the Carrier-Grade Chassis includes two airborne contaminate filters that are
fitted to the front of the chassis. The main filter assembly covers the compute nodes and a secondary filter assembly
covers the 1U air-inlet at the bottom of the chassis.

Figure 3-9 shows the main filter assembly.

118 Tech Sales Certification - System Management Study Guide

 Figure 3-10 shows the secondary filter assembly that is behind the 1U bezel at the bottom of the chassis.

Figure 3-10 1U bezel and air filter retainer

Each filter assembly includes 6 mm polyurethane filter media that must be removed, inspected, and replaced regularly.
The filter media pieces are consumable parts and are not covered under the terms of the warranty. Lenovo recom-
mends the service intervals that are listed in Table 3-7.

Table 3-7 Suggested inspection and replacement intervals

Table 3-8 lists the part number to order replacement filter media. The part number includes the following components:
• Four of the main filter media
• Four of the secondary 1U filter media

Table 3-8 Flex System Enterprise Chassis airborne contaminant filter ordering information

Fan modules
The Enterprise Chassis and Carrier-Grade Chassis support up to 10 hot pluggable fan modules that consist of two 40
mm fan modules and eight 80 mm fan modules.

A chassis can operate with a minimum of six hot-swap fan modules that are installed, which consist of four 80 mm fan
modules and two 40 mm fan modules.

The fan modules plug into the chassis and connect to the fan distribution cards. More 80 mm fan modules can be
added as required to support chassis cooling requirements.

119 Tech Sales Certification - System Management Study Guide

 The fan bays in the back of the Enterprise Chassis are shown in Figure 3-11.

Figure 3-11 Fan bays (Enterprise Chassis shown)

For more information about how to populate the fan modules, see 3.4, “Cooling” on page 47.

A 40 mm fan module is shown in Figure 3-12.

The two 40 mm fan modules in fan bays 5 and 10 distribute airflow to the I/O modules and CMMs. These modules ship
preinstalled in the chassis. Each 40 mm fan module contains two 40 mm counter rotating fan pairs, side-by-side.

The 80 mm fan modules distribute airflow to the compute nodes through the chassis from front to rear. Each 80 mm fan
module contains two 80 mm fan modules, back-to-back within the module, which are counter-rotating.

Both fan modules have an EMC mesh screen on the rear internal face of the module. This design also provides a
laminar flow through the screen. Laminar flow is a smooth flow of air, which is sometimes referred to as streamline flow.
This flow reduces turbulence of the exhaust air and improves the efficiency of the overall fan assembly.

120 Tech Sales Certification - System Management Study Guide

 The following factors combine to form a highly efficient fan design that provides the best cooling for lowest energy input:
• Design of the entire fan assembly
• Fan blade design
• Distance between and size of the fan modules
• EMC mesh screen
An 80 mm fan module is shown in Figure 3-13.

A total of 4 - 8 80 mm individual fan modules can be installed.

Both fan modules have two LED indicators that consist of a green power-on indicator and an amber fault indicator. The
power indicator lights when the fan module has power and flashes when the module is in the power save state.

Fan quantities: When the modules are ordered as an option, they are supplied as a pair. If you order the
modules as a feature code, they are supplied as single units.

The specifications of the 80 mm fan module pair option are listed in Table 3-9.

Table 3-9 80 mm fan modules

Fan module population

The fan modules are populated depending on the nodes that are installed. To support the base configuration and up to
four nodes, a chassis ships with four 80 mm fan modules and two 40 mm fan modules preinstalled.

When you install more nodes, install the nodes, fan modules, and power supplies from the bottom upwards.

The minimum configuration of 80 mm fan modules is four, which provides cooling for a maximum of four nodes. This
base configuration is shown in Figure 3-14.

121 Tech Sales Certification - System Management Study Guide

 Figure 3-14 Four 80 mm fan modules allow a maximum of four nodes installed

Installing six 80 mm fan modules allows another four nodes to be supported within the chassis. Therefore, the
maximum is eight, as shown in Figure 3-15.

Figure 3-15 Six 80 mm fan modules allow for a maximum of eight nodes

To cool more than eight nodes, all fan modules must be installed, as shown in Figure 3-16.

Figure 3-16 Eight 80 mm fan modules support for 9 - 14 nodes

If there are insufficient fan modules for the number of nodes that are installed, the nodes might be throttled.

122 Tech Sales Certification - System Management Study Guide

Fan logic module

There are two fan logic modules included within the chassis, as shown in Figure 3-17.

Fan logic modules are multiplexers for the internal I2C bus, which is used for communication between hardware
components within the chassis. Each fan pack is accessed through a dedicated I2C bus, which is switched by the Fan
Mux card from each CMM.

The fan logic module switches the I2C bus to each individual fan pack. This module can be used by the CMM to
determine multiple parameters, such as fan RPM. There is a fan logic module for the left and right sides of the chassis.
The left fan logic module accesses the left fan modules, and the right fan logic module accesses the right fan modules.
Fan presence indication for each fan pack is read by the fan logic module. Power and fault LEDs are also controlled by
the fan logic module.

A fan logic module and its LEDs are shown in Figure 3-18.

As shown in Figure 3-18, there are two LEDs on the fan logic module. The power-on LED is green when the fan logic
module is powered. The amber fault LED flashes to indicate a faulty fan logic module. Fan logic modules are hot
swappable.

For more information about airflow and cooling, see 3.4, “Cooling”.

123 Tech Sales Certification - System Management Study Guide

 Cooling
This section describes the chassis cooling system. The flow of air within the chassis follows a front-to-back cooling
path. Cool air is drawn in at the front of the chassis and warm air is exhausted to the rear. Air is drawn in through the
front node bays and the front airflow inlet apertures at the top and bottom of the chassis. There are two cooling zones
for the nodes: left zone and right zone.

The cooling process can be scaled up as required, based on which node bays are populated. For more information
about the number of fan modules that are required for nodes, see 3.3.1, “Fan module population” on page 45.

When a node is removed from a bay, an airflow damper closes in the midplane. Therefore, no air is drawn in through
an unpopulated bay. When a node is inserted into a bay, the damper is opened by the node insertion, which allows for
cooling of the node in that bay.

The Carrier-Grade Chassis has an extra 1U cooling aperture at the base of the chassis.

The upper and lower cooling apertures for the Enterprise Chassis and Carrier-Grade Chassis are shown in Figure
3-19.

Various fan modules are included in the chassis to assist with efficient cooling. Fan modules consist of 40 mm and 80
mm types and are contained within hot pluggable fan modules. The power supplies also have two integrated,
independently powered 40 mm fan modules.

The cooling path for the nodes begins when air is drawn in from the front of the chassis. The airflow intensity is
controlled by the 80 mm fan modules in the rear. Air passes from the front of the chassis, through the node, through
openings in the Midplane, and then into a plenum chamber. Each plenum is isolated from the other, which provides
separate left and right cooling zones. The 80 mm fan packs on each zone then move the warm air from the plenum
to the rear of the chassis.

In a two-bay wide node, the air flow within the node is not segregated because it spans both airflow zones.

124 Tech Sales Certification - System Management Study Guide

A chassis is shown in Figure 3-20 with the outer casing removed for clarity to show airflow path through the chassis.
There is no airflow through the chassis midplane where a node is not installed. The air damper is opened only when a
node is inserted in that bay.

Figure 3-21 Airflow path power supplies

125 Tech Sales Certification - System Management Study Guide

The airflow from the lower inlet aperture to the 40 mm fan modules is shown in Figure 3-22. This airflow provides
cooling for the switch modules and CMM that are installed in the rear of the chassis. In the Carrier-Grade Chassis, this
configuration is augmented by the extra airflow from the front inlets, as indicated by the green arrows that are shown in
Figure 3-22.

The 40 mm fan module on the right side cools the right switches; the left 40 mm fan module cools the left pair of
switches. Each 40 mm fan module features a pair of counter-rotating fans for redundancy.

Cool air flows in from the lower inlet apertures at the front of the chassis. It is drawn into the lower openings in the
CMM and I/O Modules where it provides cooling for these components. It passes through and is drawn out the top of
the CMM and I/O modules. The warm air is expelled to the rear of the chassis by the 40 mm fan assembly. This expul-
sion is indicated by the red airflow arrows that are shown in Figure 3-22.

The removal of the 40 mm fan pack exposes an opening in the bay that leads to the 80 mm fan packs. A back flow
damper within the fan bay then closes. The backflow damper prevents hot air from reentering the system from the rear
of the chassis. The 80 mm fan packs cool the switch modules and the CMM while the fan pack is being replaced.

In the Carrier-Grade Chassis, there are extra airflow inlet apertures at the front of the system that allow air to be drawn
into the chassis and cool the I/O modules and CMMs. This aperture routes the air through the base of the chassis.
Figure 3-23 on page 52 shows the outlets that are under the I/O modules and CMMs. As shown in Figure 3-23 on
page 52, the chassis is viewed from the rear with the shuttle removed, which shows the midplane. It also shows the
air dampers in their closed positions that are within the midplane.

126 Tech Sales Certification - System Management Study Guide

 Figure 3-23 Outlets inside the rear of the Carrier-Grade Chassis with shuttle removed

Chassis cooling is implemented as a function of the following components:

• Node configurations
• Power Monitor circuits
• Component temperatures
• Ambient temperature

The x240 M5 Node has an ambient temperature sensor. When installed within a Flex System Enterprise Chassis the
ambient temperature is monitored by the IMM2 in the node and a number of thresholds inbuilt that can initially alert and
then in extreme temperature events, shut the node down:
• Warning (Upper non-critical Threshold) 43° C
• Soft Shutdown (Upper critical Threshold) 46° C
• Hard Shutdown (Upper non-recoverable Threshold) 50° C

When a NEBS/ETSI supported node is installed in the Carrier-Grade Chassis, these warnings and shutdowns are
elevated, to allow operation within the extended temperature envelope of the
Carrier-Grade chassis.

The carefully designed cooling subsystem of the chassis results in lower airflow volume, which is measured in cubic feet
per minute (CFM) and lower cooling energy that is spent at a chassis level. This system also maximizes the temperature
difference across the chassis (which is often known as the Delta T) for more efficient room integration. Monitored
Chassis level airflow usage is displayed to enable airflow planning and monitoring for hot air recirculation.

Five Acoustic Optimization states can be selected. Use the one that best balances performance requirements with the
noise level of the fans.

Chassis level CFM usage is available to you for planning purposes. In addition, ambient health awareness can detect
potential hot air recirculation to the chassis.

127 Tech Sales Certification - System Management Study Guide

 Power supplies
Power supplies (or power modules) are available with 2500 W rating. Power supplies are hot pluggable and are
installed into the rear of the chassis. The following power supply options are available:
• 2500 W AC
• 2500 W -48 V DC

The standard chassis models ship either with two or six 2500 W modules, or with two 2500 W -48 V DC power
supplies, depending on the model chosen. The Carrier-Grade chassis ships with two 2500 W -48 V DC power
supplies.

For more information about populating the 2500 W power supplies, see 3.5.1, “Power supply selection” on page 56,
which also provides planning information for the nodes that are being installed.

A maximum of six power supplies can be installed within the Enterprise Chassis.

Support of power supplies: Mixing of different power supply types is not supported in the same chassis.

The 2500 W AC supplies are 2500 watts output rated at 200 - 208 VAC (nominal), and 2750 W at 220 - 240 V AC
(nominal). The power supply has an oversubscription rating of up to 3538 W output at 200 V AC. The power supply
operating range is 200 - 240 VAC.

The power supplies also contain two dual independently powered 40 mm cooling fans that are not powered by the
power supply that is installed inside. Instead, they draw power from the chassis midplane. The fans are variable
speed and controlled by the chassis fan logic.

The 2500 W -48 V DC power supply operates over a typical telecommunications range of -60 V to -48 V DC.

DC power systems in data centers1 include the following advantages:

• 10% better energy efficiency (not including the reduced need for cooling in the IT room)
• 15% lower investment costs
• 25% less space required
• 20% lower installation costs
• Computer equipment can connect directly to back up batteries
• DC powered data centers require fewer conversions for incoming electricity and require 25 -
40% less square footage than their AC counterparts2

1 For more information, see this website:

http://www.mena.abb.com/cawp/chabb122/487aa5156d33f637c1257a0c0035cad6.aspx

2 For more information, see this website:

https://www.greentechmedia.com/articles/read/a-hidden-benefit-of-dc-power-real-estate/

128 Tech Sales Certification - System Management Study Guide

 The ordering information for the Enterprise Chassis power supplies is listed in Table 3-10.

Table 3-10 Power supply module option part numbers

For power supply population, Table 3-12 on page 57 lists the supported compute nodes that are based on type and
number of power supplies that are installed in the chassis and the power policy enabled (N+N or N+1).

The 2500 W AC power supplies are 80 PLUS Platinum certified. The 80 PLUS certification is a performance
specification for power supplies that are used within servers and computers. The standard has several ratings, such
as Bronze, Silver, Gold, and Platinum. To meet the 80 PLUS Platinum standard, the power supply must have a power
factor (PF) of 0.95 or greater t 50% rated load and efficiency equal to or greater than the following values:
• 90% at 20% of rated load
• 94% at 50% of rated load
• 91% at 100% of rated load

For more information about 80 PLUS certification, see this website:

http://www.plugloadsolutions.com

The efficiency of the 2500 W Enterprise Chassis power supplies at various percentage loads at different input voltages
is listed in Table 3-11.

Table 3-11 2500 W AC power supply efficiency at different loads for 200 - 208 VAC and 220 - 240 VAC

The location of the power supplies within the enterprise chassis where two power supplies are installed into bay 4 and
bay 1 is shown in Figure 3-24. Four power supply bays are shown with fillers that must be removed to install power
supplies into the bays.

Similar to the fan bay fillers, there are blue touch point and finger hold apertures (circular) that are below the blue touch
points to make the filler removal process easy and intuitive.

129 Tech Sales Certification - System Management Study Guide

 Figure 3-24 Power supply locations (Enterprise Chassis shown)

With 2500 W power supplies installed (AC or DC), the chassis allows power configurations to be N+N redundancy with
most node types. Table 3-12 on page 57 shows the support matrix.Alternatively, a chassis can operate in N+1, where
N can equal 3, 4, or 5.

All power supplies are combined into a single 12.2 V DC power domain within the chassis. This combination
distributes power to each of the compute nodes, I/O modules, and ancillary components through the Enterprise
Chassis midplane.

The midplane is a highly reliable design with no active components. Each power supply is designed to provide fault
isolation and is hot swappable.

Power monitoring of the DC and AC signals allows the CMM to accurately monitor the power supplies.

The integral power supply fans are not dependent upon the power supply being functional because they operate and
are powered independently from the chassis midplane.

Power supplies are added as required to meet the load requirements of the Enterprise Chassis configuration. There is
no need to over provision a chassis and power supplies can be added as the nodes are installed. For more
information about power-supply unit planning, see Table 3-12 on page 57.

The rear view of an AC power supply and highlighted LEDs are shown in Figure 3-25. There is a handle for removal
and insertion of the power supply and a removal latch that is operated by thumb, so the PSU can easily be unlatched
and removed with one hand.

130 Tech Sales Certification - System Management Study Guide

 Figure 3-25 2500 W AC power supply
The rear of the AC power supply has a C20 inlet socket for connection to power cables. You can use a C19-C20 power
cable, which can connect to a suitable DPI rack PDU.

The Power Supply options that are listed in Table 3-10 on page 54 ship with a 2.5 m intra-rack power cable (C19 to
C20).

The rear LEDs indicate the following conditions:

• AC Power: When lit green, the AC power is being supplied to the PSU inlet.
• DC Power: When lit green, the DC power is being supplied to the chassis midplane.
• Fault: When lit amber, there is a fault with the PSU.

Before you remove any power supplies, ensure that the remaining power supplies have sufficient capacity to power the
Enterprise Chassis. Power usage information can be found in the CMM web interface.

DC and AC power supplies are available. For more information about all of the power supplies, see the following
sections:
• 3.5.1, “Power supply selection” on page 56
• 3.8.2, “AC power planning” on page 69
• 3.8.3, “DC power planning” on page 74

Power supply selection

As the number of nodes in a chassis is expanded, more power supplies can be added as required. This chassis design
allows cost effective scaling of power configurations. If there is not enough DC power available to meet the load de-
mand, the CMM automatically powers down devices to reduce the load demand.

Table 3-12 on page 57 shows the number of compute nodes that can be installed based on the following factors:
• Model of compute node that is installed
• Power policy that is enabled (N+N or N+1)
• Number of power supplies that are installed (4, 5, or 6)
• The thermal design power (TDP) rating of the processors
• No throttling

For power policies, N+N means a fully redundant configuration where there are duplicate power supplies for each
supply that is needed for full operation. N+1 means there is only one redundant power supply and all other supplies are
needed for full operation.

Support of power supplies: Mixing of different power supply types is not supported in the same chassis.

131 Tech Sales Certification - System Management Study Guide

 In Table 3-12 on page 57, the colors of the cells have the following meanings:
Supported by no limitations as to the number of compute nodes that can be installed
Supported but with limitations on the number of compute nodes that can be installed.

A full complement of any compute nodes at all TDP ratings are supported if all six power
supplies are installed and an N+1 power policy is selected.

Table 3-12 Specific number of compute nodes supported based on installed power supplies

132 Tech Sales Certification - System Management Study Guide

 The following assumptions are made:
• All Compute Nodes are fully configured.
• The figures given above are based on no throttling.

Tip: For more information about exact configuration support, see the Power Configurator
that is available at this website:
https://support.lenovo.com/us/en/documents/LNVO-PWRCONF

2100W power supply part number 47C7633, is withdrawn from marketing. Information on the compute node support
when using the 2100W power supplies can be found in the product guide for the Flex System Enterprise Chassis, at
the following location:
https://lenovopress.com/tips0863-flex-system-enterprise-chassis

133 Tech Sales Certification - System Management Study Guide

 Power policies
The following power management policies can be selected to dictate how the chassis is protected if there is a power
module or supply failure. The following policies are configured by using the CMM graphical interface:
• AC Power source redundancy
Power is allocated under the assumption that nodes cannot be throttled if a power supply fault occurs. This
configuration is an N+N configuration.

• AC Power source redundancy with compute node throttling allowed

Power is allocated under the assumption that nodes can be throttled if a power supply fault occurs. This
configuration is an N+N configuration.

• Power Module Redundancy

Maximum input power is limited to one less than the number of power modules when more than one power
module is present. One power module can fail without affecting compute note operation. Multiple power node
failures can cause the chassis to power off. Some compute nodes might not be able to power on if doing so
exceeds the power policy limit.

• Power Module Redundancy with compute node throttling allowed

This mode can be described as oversubscription mode. Operation in this mode assumes that a node’s load can
be reduced (or throttled) to the continuous load rating within a specified time. This process occurs following a
loss of one or more power supplies. The Power Supplies can exceed their continuous rating of 2500 W for short
periods. This mode is for an N+1 configuration.

• Basic Power Management

This policy allows the total output power of all power supplies to be used. When operating in this mode, there is
no power redundancy. If a power supply fails or an AC feed to one or more supplies is lost, the entire chassis
might shut down. There is no power throttling.

The chassis is run by using one of the following power capping policies:
• No Power Capping
Maximum input power is determined by the active power redundancy policy.

• Static Capping
This policy sets an overall chassis limit on the maximum input power. In a situation where powering on a
component can cause the limit to be exceeded, the component is prevented from powering on.

Required power supplies for N+N and N+1

A total of six power supplies can be installed. Therefore, in an N+N configuration, two-, four-, or six-power supply
options are available. For N+1, the total number can be 2 - 6.

Depending on the node type, refer to Table 3-13 on page 60.

For example, if eight x240 M5 nodes with 135W processors are required to be installed with N+1 redundancy, a
minimum of three power supplies are required for support, according to Table 3-13 on page 60.

Table 3-13 and Table on page 60 show the highest TDP rating of processors for each node type. In some
configurations, the power supplies cannot power the quantity of nodes, which is highlighted in the tables as “NS” (not
sufficient).

It is impossible to physically install more than seven full-wide compute nodes in a chassis, as shown in Figure 3-13 on
page 44.

In Table 3-13 and Table on page 60, assume that the same type of node is being configured and that throttling is
enabled. Refer to the power configurator for mixed configurations of different node types within a chassis.

134 Tech Sales Certification - System Management Study Guide

 Table 3-13 Number of 2500 W power supplies required for each node type

a. Number of power supplies is based on x86 compute nodes with processors of the highest TDP
rating.
b. Not supported. The number of nodes exceeds the capacity of the power supplies.

Tip: For more information about the exact configuration, see the Power configurator that is available at this
website:
https://support.lenovo.com/us/en/documents/LNVO-PWRCONF

Power supplies selected for an N+N configuration

A total of eight x240 M5 nodes with 135W processors are shown in Figure 3-26 operating in an N+N power
configuration, as detailed in Table 3-13 on page 60. Here, four power supplies are installed within bays 1, 2, 4 and 5
in the rear of the enterprise chassis.

135 Tech Sales Certification - System Management Study Guide

 The full six 2500 W power supplies are shown installed with a full compliment of 14 x240 M5 135W processor based
nodes, in Figure 3-27. This configuration is a supported N+N configuration, according to Table 3-13 on page 60.

Power supplies selected for an N+1 configuration

When eight x240 M5 135W processor-based nodes are installed, as listed in Table 3-13 on page 60, N+1 resiliency is
supported, as shown in Figure 3-28.

Figure 3-28 Eight x240 M5 135W processor based nodes with three power supplies in N+1 configuration

When 14 x240 M5 nodes with 145W processors are required with N+1 power configuration, then five power supplies
are required to achieve this, as shown in Table 3-13 on page 60.

136 Tech Sales Certification - System Management Study Guide

 The redundancy configuration of N+1 where in this case N=4, with 14 nodes is shown in
Figure 3-29.

Chassis Management Module

The CMM provides single chassis management and the networking path for remote keyboard, video, mouse (KVM)
capability for compute nodes within the chassis.

The chassis can accommodate one or two CMMs. The first is installed in CMM Bay 1 and the second in CMM bay 2.
Installing two provides CMM redundancy.

The ordering information for the second CMM is listed in Table 3-14.

Table 3-14 CMM ordering information

a. The first feature code is for the primary CMM and the second feature code is for the second redundant CMM.

CMM1 information: This section describes the CMM included with chassis currently
shipping, CMM2. For information about the older CMM (68Y7030), consult the Lenovo Flex
System Interoperability Guide (FSIG), available from:
http://www.lenovopress.com/fsig

137 Tech Sales Certification - System Management Study Guide

 The location of the CMM bays on the back of the Enterprise Chassis is shown in Figure 3-30. The bay locations for
CMM are identical on the Carrier-Grade Chassis.

Figure 3-30 CMM Bay 1 and Bay 2 (Enterprise Chassis shown)

The CMM provides the following functions:

• Power control
• Fan management
• Chassis and compute node initialization
• Switch management
• Diagnostics
• Resource discovery and inventory management
• Resource alerts and monitoring management
• Chassis and compute node power management
• Network management

The CMM includes the following connectors:

• USB connection: Can be used for insertion of a USB media key for tasks, such as firmware updates.
• 10/100/1000 Mbps RJ45 Ethernet connection: For connection to a management network.
The CMM can be managed through this Ethernet port.
• Serial port (mini-USB): For local serial (CLI) access to the CMM. For connectivity, use the cable kit that is listed in
Table 3-15.

138 Tech Sales Certification - System Management Study Guide

 The CMM includes the following LEDs that provide status information:
• Power-on LED
• Activity LED
• Error LED
• Ethernet port link and port activity LEDs

The CMM connectors and LEDs are shown in Figure 3-31.

The CMM also incorporates a reset button, which features the following functions (depending upon how long the button
is pressed):
• When pressed for less than 5 seconds, the CMM restarts.
• When pressed for more than 5 seconds, the CMM configuration is reset to manufacturing
defaults and then restarts.

For more information about how the CMM integrates into the Systems Management
architecture, see 2.2, “Chassis Management Module” on page 12.

Other chassis components

This section describes the following chassis components that are common to the Enterprise
Chassis and the Carrier-Grade Chassis:
3.7.1, “Front information panel”
3.7.2, “Midplane” on page 66
3.7.3, “Compute node shelves” on page 67
3.7.4, “Hot plug and hot swap components” on page 68

Front information panel

The front information panel is shown in Figure 3-32.

139 Tech Sales Certification - System Management Study Guide

 The following items are shown on the front information panel:
• White Backlit Lenovo Logo: When lit, this logo indicates that the chassis is powered.
• Identify LED: The system administrator can remotely light this blue LED to aid in visually locating the chassis. When
this LED is lit or flashing, it indicates the location of the chassis or that the CMM detected a condition in the chassis
that requires attention.
• Check Error Log LED: When lit (amber), this LED indicates that a noncritical event occurred. This event might be an
incorrect I/O module that is inserted into a bay, or a power requirement that exceeds the capacity of the installed
power modules.
• Fault LED: When lit (amber), this LED indicates that a critical system hardware error occurred. This error can be an
error in a power module or a system error in a node.

The LEDs that are on the rear of the chassis are shown in Figure 3-33.

Figure 3-33 Chassis LEDs on the rear of the Enterprise Chassis shown

Midplane
The midplane is the circuit board that connects to the compute nodes from the front of the chassis. It also connects to
I/O modules, fan modules, and power supplies from the rear of the chassis. The midplane is within the chassis and can
be accessed by removing the Shuttle assembly. Removing the midplane is rare and necessary only in case of service
action.

The midplane is passive, which means that there are no electronic components on it. The midplane includes apertures
through which air can pass. When no node is installed in a standard node bay, the Air Damper is closed for that bay,
which provides highly efficient scale up cooling.

The midplane also includes reliable industry standard connectors on both sides for power supplies, fan distribution
cards, switches, I/O modules, and nodes. The chassis design allows for highly accurate placement and connector
matings from the nodes, I/O modules, and Power supplies to the midplane, as shown in Figure 3-34 on page 67.

140 Tech Sales Certification - System Management Study Guide

 Figure 3-34 Connectors on the midplane

The midplane uses a single power domain within the design. This overall solution is cost-effective and optimizes the
design for a preferred 10U Height.

Within the midplane, there are five separate power and ground planes for distribution of the main 12.2-Volt power
domain through the chassis.

The midplane also distributes I2C management signals and some 3.3v for powering management circuits. The power
supplies source their fan power from the midplane.

Figure 3-34 shows the connectors on both sides of the midplane.

Compute node shelves

A shelf is required for standard (half-wide) bays. The chassis ships with these shelves in place. To allow for
installation of the full-wide or larger nodes, shelves must be removed from the chassis. Remove the shelves by sliding
the two blue tabs on the shelf towards the center and then sliding the shelf out of the chassis.

141 Tech Sales Certification - System Management Study Guide

 The removal of a shelf from Enterprise Chassis is shown in Figure 3-35.

Hot plug and hot swap components

The chassis follows the standard color coding scheme that is used by Lenovo for touch points and hot swap
components.

Touch points are blue and found on the following locations:

• Fillers that cover empty fan and power supply bays
• Handle of nodes
• Other removable items that cannot be hot-swapped

Hot Swap components have orange touch points. Orange tabs are found on fan modules, fan logic modules, power
supplies, and I/O Module handles. The orange designates that the items are hot swap and can be removed and
replaced while the chassis is powered. The components that are hot swap and those components that are hot plug are
listed in Table 3-16.

Table 3-16 Hot plug and hot swap components

a. Node must be powered off in standby before removal.

b. I/O Module might require reconfiguration, and removal is disruptive to any communications that are taking place.

Nodes can be plugged into the chassis while the chassis is powered. The node can then be powered on. Power the
node off before removal.

142 Tech Sales Certification - System Management Study Guide

 Infrastructure planning
This section describes the key infrastructure planning areas of power, uninterruptible power supply (UPS), cooling,
and console management that must be considered when you deploy the Flex System Enterprise Chassis.

For more information about planning your Flex System power infrastructure, see Flex System Enterprise Chassis
Power Guide, which is available at this website:
http://ibm.com/support/entry/portal/docdisplay?lndocid=LNVO-POWINF

The following topics are included in this section:

3.8.1, “Supported power cords”
3.8.2, “AC power planning”
3.8.3, “DC power planning” on page 74
3.8.4, “UPS planning” on page 76
3.8.5, “Console planning” on page 77
3.8.6, “Planning for heat load” on page 78
3.8.7, “Chassis-rack cabinet compatibility” on page 79

Supported power cords

The Enterprise Chassis supports the power cords that are listed in Table 3-17. One power cord (feature 6292) is
shipped with each AC power supply option or standard with the server (one per standard power supply).

Table 3-17 Supported power cords

AC power planning
The Enterprise Chassis can have a maximum of six power supplies installed; therefore, you must consider how to
provide the best power optimized source. N+N and N+1 configurations are supported for maximum flexibility in power
redundancy. A configuration of balanced 3-phase power input into a single or group of chassis is possible. Consider-
ation also must be given to the nodes that are being installed within the chassis to ensure that sufficient power
supplies are installed to deliver the required redundancy. For more information, see 3.5.1, “Power supply selection” on
page 56.

Each AC power supply in the chassis has a 16 A C20 3-pin socket and can be fed by a C19 power cable from a
suitable supply. (The DC power supplies have different unique connectors, as described in 3.8.3, “DC power planning”
on page 74).

The chassis power system is designed for efficiency by using data center power that consists of 3-phase, 60 A Delta
200 VAC (North America), or 3-phase 32 A wye 380-415 VAC (international). The chassis can also be fed from single
phase 200 - 240 VAC supplies, if required.

The power is scaled as required; therefore, as more nodes are added, the power and cooling increases. For power
planning, Table 3-12 on page 57 shows the number of power supplies that are needed for N+N or N+1, which is node
type dependent.

This section describes single phase and 3-phase example configurations for North America and worldwide, starting
with 3-phase. It is assumed that you have power budget in your configuration to deliver N+N or N+1 regarding your
particular node configuration.

143 Tech Sales Certification - System Management Study Guide

 Power cabling: 32 A at 380 - 415 V 3-phase (International)
A one 3-phase, 32 A wye PDU worldwide (WW) that provides power feeds for two chassis is shown in Figure 3-36. In
this case, an appropriate 3-phase power cable is selected for the Ultra-Dense Enterprise PDU+. This cable then splits
the phases and supplies one phase to each of the three power supplies within each chassis. One 3-phase 32A wye
PDU can power two fully populated chassis within a rack. A second PDU can be added for power redundancy
from an alternative power source if the chassis is configured for N+N and meets the requirements, as shown in Table
3-12 on page 57.

Also shown in Figure 3-36 is a typical configuration for a 32 A 3-phase wye supply at 380 - 415 VAC (often termed
“WW” or “International”) for N+N. Ensure that the node deployment meets the requirements that are shown in Table
3-12 on page 57.

The maximum number of Enterprise Chassis that can be installed with a 42U rack is four. Therefore, the chassis re-
quires a total of four 32 A, 3-phase wye feeds to provide for a redundant N+N configuration.

144 Tech Sales Certification - System Management Study Guide

 Power cabling: 60 A at 208 V 3-phase (North America)
In North America, the chassis requires four 60 A 3-phase delta supplies at 200 - 208 VAC. A configuration that is
optimized for 3-phase configuration is shown in Figure 3-37.

145 Tech Sales Certification - System Management Study Guide

 Power cabling: Single Phase 63 A (International)
An example of an International 63 A single phase supply feed is shown in Figure 3-38. This example uses the switched
and monitored PDU+ with an appropriate power cord. Each 2500 W PSU can draw up to 13.85 A from its supply.
Therefore, a single chassis can be fed from a 63 A single phase supply, which leaves 18.45 A available capacity. This
capacity can feed a single PSU on a second chassis power supply (13.85 A). It also can be available for the PDU to
supply further items in the rack, such as servers or storage devices.

Power cabling: 60 A 200 VAC single phase supply (North America)

In North America, UL derating means that a 60 A PDU supplies only 48 A. At 200 VAC, the 2500 W power supplies in
the Enterprise Chassis draw a maximum of 13.85 A. Therefore, a single phase 60 A supply can power a fully con-
figured chassis. Another 6.8 A is available from the PDU to power other items within the chassis, such as servers or
storage, as shown in Figure 3-39.

146 Tech Sales Certification - System Management Study Guide

 For extensive information about planning your Flex System power infrastructure, see Flex System data center
planning guide and the Flex System PDU planning guide which are available at this Lenovo Enterprise Systems Data
Center Planning Portal here:
https://support.lenovo.com/us/en/documents/lnvo-powinf

DC power planning
The Flex System Enterprise Chassis type 8721-DLx ships with two -48 V DC power supply modules included as
standard, as does the Carrier-Grade chassis model 7385-DCx. Four more -48 V DC power supplies can be added into
a chassis, for a total of six 2500 W -48 V supplies.

The DC power supply can also be ordered as an option for a chassis and as an “upgrade” for the AC chassis types,
however power supply types cannot be mixed within the same chassis. The part number and feature code for the DC
power supply are listed in Table 3-18.

Table 3-18 -48 V DC power supply module

The power supply is designed to operate at -48 V DC with a rated current of 56 A. It has a 2500 W rating.

Input connectors are provided on the rear of this power supply for the -48 V and Return (RTN) line. There also are
protective earth connections.

The -48 V and Return connections are presented in the form of a single Amphenol connector type 618470001. The
protective earth connections are made with two M6 studs.

The lower rear view of the power supply with the Amphenol connector on the left side and the two earth studs on the
right side is shown in Figure 3-40.

A 2 m DC power cable is supplied with each power supply for connection into the datacenter. This cable that is
attached to the power supply for illustration purposes only is shown in Figure 3-41. The power supply normally is
installed within a Flex System chassis before connection. The other end of the cable has two tin-covered copper
power lugs for attachment to the data center’s -48 V power bus bar and connections.

147 Tech Sales Certification - System Management Study Guide

 This -48 V DC power supply is 2500 W. For more information about power planning, see Table 3-12 on page 57, Table
3-13 on page 60, and Table on page 60. The DC power systems in data centers include the following advantages3:
• 10% better energy efficiency (not including the reduced need for cooling in the IT room)
• 15% lower investment costs
• 25% less space required
• 20% lower installation costs

For more information, see this website:

http://www.mena.abb.com/cawp/chabb122/487aa5156d33f637c1257a0c0035cad6.aspx

• Computer equipment can connect directly to back up batteries

• DC powered data centers or COs require fewer conversions for incoming electricity and require 25 - 40% less square
footage than their AC counterparts4

UPS planning
The chassis can be powered by using single or multiple UPS units (dependent on load), which provide protection if
there is a power failure or interruption. With typical chassis deployments, the 8 kVA or 11 kVA units can provide suffi-
cient capacity and runtimes, with the possibility of extending runtimes with extended battery modules.

Single-phase or 3-phase UPS units that are available from Lenovo can be used to supply power to a chassis.

The 11,000 VA UPS that is shown in Figure 3-42 is ideal for powering an entire chassis in most if not all configurations
and features 4x IEC320 C19 outlets and a hard-wired outlet.

A diagram showing how each power feed can be connected to one of the four 20 A outlets on the rear of the UPS is
shown in Figure 3-43 on page 77. This UPS requires hard wiring to a suitable supply by a qualified electrician. In N+N
and N+1 where N=3 environments, a single UPS might be sufficient to provide redundancy for the entire chassis load
because it has 3x C19 outlets available. Having two UPS units means that a single point of failure (a UPS) can
be eliminated.

This UPS is also available as a 3-Phase variant, with 380-415V input.

148 Tech Sales Certification - System Management Study Guide

 To ensure the UPS that is selected can run the chassis under load, the power configurator (or the CMM interface on
a running chassis) can be used to establish chassis power draw for planning purposes and a suitable UPS then is
configured.

Figure 3-43 Two UPS 11000 VA Rack single-phase (200/208/220/230/240 VAC)

For more information, including an overview of all the UPS offerings available from Lenovo, see the document UPS
Technical Reference Guide, which is available at this website:
https://support.lenovo.com/documents/LNVO-POWINF

Console planning
The Enterprise Chassis is a “lights out” system and can be managed remotely with ease. However, the following
methods can be used to access an individual nodes console:
• Each node can be individually connected to by physically plugging in a console breakout cable to the front of the
node. (One console breakout cable is supplied with each chassis and additional ones can be ordered). This cable
presents a 15-pin video connector, twoUSB sockets, and a serial cable out the front. Connecting a portable screen
and USB keyboard and mouse near the front of the chassis enables quick connection into the console breakout cable
and access directly into the node. This configuration is often called crash cart management capability.
• Connect a Serial Conversion Option (SCO), Virtual Media Conversion Option (VCO2), or
USB Conversion Option (UCO) that is connected to the Flex System console Breakout Cable, attached to each node
via a local console cable, to a Global or Local Console Switch. Although supported, this method is not particularly
elegant because there are a significant number of cables to be routed from the front of a chassis.
• Connection to XClarity Administrator that is managing the chassis by browser, allows remote presence to each node
within the chassis.
• Connection remotely into the Ethernet management port of the CMM by using a browser allows remote presence to
each node within the chassis.
• Connect remotely to each IMM2 on a node and start a remote console session to that node through the IMM2. This
would be via a network connection to the CMM, via the internal management network that is described in 2.1,
“Management network” on page 10.

The ordering part number and feature code are listed in Table 3-19 on page 78.

Table 3-19 Ordering part number and feature code

149 Tech Sales Certification - System Management Study Guide

 Planning for heat load
The Enterprise Chassis is designed to operate in ASHRAE class A3 operating environments, which means
temperatures up to 40 °C (104 °F) for altitudes up to 3,000 m (10,000 ft).

The Carrier-Grade Chassis is designed to operate in ASHRAE class A4 operating environments, which means
temperatures of up to 45 °C (104 °F) for altitudes up to 3,000 m (10,000 ft).

The airflow requirements for the Enterprise Chassis and the Carrier-Grade Chassis are from
270 CFM (cubic feet per minute) to a maximum of 1020 CFM.

The Enterprise Chassis includes the following environmental specifications:

• Humidity, non-condensing: 8% - 85% relative humidity
• Maximum elevation: 3050 m (10.006 ft)
• Maximum rate of temperature change: 5 °C/hr (41 °F/hr)
• Heat Output (approximate): Maximum configuration: potentially 12.9 kW

The Carrier-Grade Chassis includes the following environmental specifications:

• Humidity, non-condensing: 5% - 85% relative humidity
• Maximum elevation: 3960 m (13,000 ft)
• Maximum rate of temperature change: 5 °C/hr (41 °F/hr)
• Heat Output (approximate): Maximum configuration: potentially 12.9 kW

The 12.9 kW heat output figure is a potential maximum only, where the most power-hungry configuration is chosen and
all power envelopes are maximum. For a more realistic figure, use the Power Configurator tool to establish specific
power requirements for a configuration, which is available from the Lenovo Enterprise Systems Data Center Planning
Portal:
https://support.lenovo.com/us/en/documents/LNVO-PWRCONF

Data center operation at environmental temperatures above 35 °C often can be operated in a free air cooling
environment where outside air is filtered and then used to ventilate the data center. This configuration is the definition
of ASHRAE class A3 (and the A4 class, which raises the upper limit to 45 °C). A conventional data center does not
normally run with computer room air conditioning (CRAC) units up to 40 °C because the risk of failures of CRAC or
power to the CRACs failing gives limited time for shutdowns before over-temperature events occur.

The Flex System Enterprise Chassis is suitable for operation in an ASHRAE class A3 environment that is installed in
operating and non-operating mode. However, the Carrier-Grade chassis can operate at higher temperatures than the
Enterprise Chassis. The Carrier-Grade chassis is ASHRAE 4 class, so can operate up to 45 °C. It can also withstand
short-term temperature excursions to 55 °C for 96 hours.

For more information about ASHRAE 2011 thermal guidelines, data center classes, and white papers, see the following
American Society of Heating, Refrigerating, and Air-Conditioning Engineers (ASHRAE) website:
http://www.ashrae.org

The chassis can be installed within Lenovo or non Lenovo racks. However, the 42U 1100 mm Enterprise V2 Dynamic
Rack offers for North America a convenient footprint size of a single standard floor tile width and two floor tiles deep.

If installed within a non Lenovo rack, the vertical rails must have clearances to EIA-310-D. There must be sufficient
room in front of the vertical front rack-mounted rail to provide minimum bezel clearance of 70 mm (2.76 inches) depth.
The rack must be sufficient to support the weight of the chassis, cables, power supplies, and other items that are
installed within. There must be sufficient room behind the rear of the rear rack rails to provide for cable management
and routing. Ensure the stability of any non Lenovo rack by using stabilization feet or baying kits so that it does not
become unstable when it is fully populated.

Finally, ensure that sufficient airflow is available to the chassis. Racks with glass fronts do not normally allow sufficient
airflow into the chassis, unless they are specialized racks that are designed for forced air cooling.

For more information about airflow in CFM to assist with planning, see the Power
Configurator tool that is available at this website:
https://support.lenovo.com/documents/LNVO-PWRCONF
150 Tech Sales Certification - System Management Study Guide
 Chassis-rack cabinet compatibility
Lenovo offers an extensive range of industry-standard, EIA-compatible rack enclosures and expansion units. The
flexible rack solutions help you consolidate servers and save space, while allowing easy access to crucial components
and cable management.

The Flex System Enterprise Chassis that is supported in each rack cabinet is listed in Table 3-20. Not all of the racks
that are shown are available from Lenovo, but they are included because a client can have one of these racks already
on site.

Carrier-Grade Chassis: None of the racks that are listed in Table 3-20 are NEBS compliant; therefore,
none are supported by the Carrier-Grade Chassis.

Table 3-20 Supported chassis in each rack cabinet

a. This rack cabinet is optimized for Flex System Enterprise Chassis, including dedicated front-to-back cable
raceways. For more information, see 3.9, “42U 1100mm Enterprise V2 Dynamic Rack” on page 81.
b. This rack cabinet is optimized for Flex System Enterprise Chassis, including dedicated front-to-back cable
raceways, and includes a unique PureFlex door. This rack is no longer sold by Lenovo.
c. This rack cabinet is optimized for Flex System Enterprise Chassis, including dedicated front-to-back cable
raceways, and includes the original square blue design of unique PureFlex Logod Door, which was shipped Q2
- Q4, 2012. This rack is no longer sold by Lenovo.

151 Tech Sales Certification - System Management Study Guide

 d. This Office Enablement kit was designed for the BladeCenter S Chassis. The Flex System Enterprise Chassis can
be installed within the 11U office enablement kit with 1U of space remaining; however, the acoustic footprint of a
configuration is unlikely to be acceptable for office use. We recommend that an evaluation be performed before
deployment in an office environment.

Racks that have glass-fronted doors do not allow sufficient airflow for the Enterprise Chassis, such as the older
Netfinity racks. In some cases with the Netfinity racks, the chassis depth is such that the Enterprise Chassis cannot be
accommodated within the dimensions of the rack.

42U 1100mm Enterprise V2 Dynamic Rack

The 42U 1100mm Enterprise V2 Dynamic Rack is an industry-standard 19-inch (measured between mounting flanges)
rack that supports the Enterprise Chassis, BladeCenter, System x servers, and options. It is available in primary or
expansion form. The expansion rack is designed for baying and has no side panels. It ships with a baying kit. After it is
attached to the side of a primary rack, the side panel that is removed from the primary rack is attached to
the side of the expansion rack.

The available configurations are listed in Table 3-21.

This 42U rack conforms to the EIA-310-D industry standard for a 19-inch, type A rack cabinet.
The external rack dimensions are listed in Table 3-22.

Table 3-22 Dimensions of 42U 1100mm Enterprise V2 Dynamic Rack, 9363-4PX

The rack features outriggers (stabilizers) that allow for movement and transportation while populated. These stabilizers
are removed after the rack is installed. The rack that is shown in Figure 3-44 on page 82 is the 9363-4PX rack, with
the Lenovo logo on the door and the outriggers removed.

152 Tech Sales Certification - System Management Study Guide

 The 42U 1100mm Enterprise V2 Dynamic Rack includes the following features:
• A perforated front door that allows for improved air flow
• Square EIA Rail mount points
• Six side-wall compartments that support 1U-high PDUs and switches without taking up valuable rack space
• Cable management rings that are included to help cable management
• Easy to install and remove side panels, which are a standard feature
• A front door that can be hinged on either side, which provides flexibility to open in either direction
• Front and rear doors and side panels that include locks and keys to help secure servers
• Heavy-duty casters with the use of outriggers (stabilizers) come with the 42U Dynamic racks for added stability, which
allows movement of the rack while loaded
• Tool-less 0U PDU rear channel mounting, which reduces installation time and increases
accessibility
• 1U PDU that can be mounted to present power outlets to the rear of the chassis in side pocket openings
• Removable top and bottom cable access panels in front and rear

Lenovo is a leading vendor with specific ship-loadable designs. These kinds of racks are called dynamic racks. The
42U 1100mm Enterprise V2 Dynamic Rack and 42U 1100mm Enterprise V2 Dynamic Expansion Rack are dynamic
racks.

A dynamic rack features extra heavy-duty construction and sturdy packaging that can be reused for shipping a ful-
ly loaded rack. They also have outrigger casters for secure movement and tilt stability. Dynamic racks also include
a heavy-duty shipping pallet that includes a ramp for easy “on and off” maneuvering. Dynamic racks undergo more
shock and vibration testing, and all System x racks are of welded rather than the less robust bolted construction.
The rear view of the 42U 1100 mm Flex System Dynamic Rack is shown in Figure 3-45.
Figure 3-45 42U 1100 mm Flex System Dynamic
Rack rear view, with doors and sides panels removed

The 42U 1100mm Enterprise V2 Dynamic Rack rack

also provides more space than previous
rack designs for front cables that exit the front of a
chassis or other rack-mounted device.

There are four cable raceways on each rack, with two

on each side. The raceways allow cables to be routed
from the front of the rack, through the raceway, and
out to the rear of the rack.

153 Tech Sales Certification - System Management Study Guide

 The cable raceway is shown in Figure 3-46.

A cable raceway when viewed inside the rack looking down is shown in Figure 3-47. Cables can enter the side bays
of the rack from the raceway or pass from one side bay to the other, passing vertically through the raceway. These
openings are at the front and rear of each raceway.

Figure 3-47 Cable Raceway at front of rack as viewed from above

The 1U rack PDUs can also be accommodated in the side bays. In these bays, the PDU is mounted vertically in the
rear of the side bay and presents its outlets to the rear of the rack. Four 0U PDUs can also be vertically mounted in the
rear of the rack.

Rear vertical aperture that is blocked by a PDU: When a PDU is installed in a rear side
pocket bay, it is not possible to use the cable raceway vertical apertures at the rear.

154 Tech Sales Certification - System Management Study Guide

 The rack width is 600 mm (which is a standard width of a floor tile in many locations) to complement current raised
floor data center designs. Dimensions of the rack base are shown in Figure 3-48.

The rack features square mounting holes that are common in the industry onto which the Enterprise Chassis and other
server and storage products can be mounted.

For implementations where the front anti-tip plate is not required, an air baffle/air recirculation prevention plate is
supplied with the rack. You might not want to use the plate when an airflow tile must be positioned directly in front of
the rack.

As shown in Figure 3-49, this air baffle can be installed to the lower front of the rack. It helps prevent warm air from
the rear of the rack from circulating underneath the rack to the front, which improves the cooling efficiency of the entire
rack solution.

155 Tech Sales Certification - System Management Study Guide

 Rear Door Heat eXchanger V2 Type 1756
The Rear Door Heat eXchanger V2 is designed to attach to the rear of the following racks:
• 9363-4PX/A1RC 42U 1100mm Enterprise V2 Dynamic Rack
• 9363-4EX/A1RD 42U 1100mm Enterprise V2 Dynamic Expansion Rack

It provides effective cooling for the warm air exhausts of equipment that is mounted within the rack. The heat exchang-
er has no moving parts to fail and no power is required.

The rear door heat exchanger can be used to improve cooling and reduce cooling costs in a high-density Enterprise
Chassis environment.

The physical design of the door is slightly different from that of the soon to be withdrawn Rear Door Heat eXchanger
(32R0712) that was marketed by Lenovo for attachment to Enterprise Racks. The Rear Door Heat eXchanger V2 has a
wider rear aperture and slightly different heat profile, as shown in Figure 3-50.

Attaching a Rear Door Heat eXchanger to the rear of a rack allows up to 100,000 BTU/hr or
30 kw of heat to be removed at a rack level.

As the warm air passes through the heat exchanger, it is cooled with water and exits the rear
of the rack cabinet into the data center. The door is designed to provide an overall air
temperature drop of up to 25 °C, as measured between air that enters the exchanger and
exits the rear.

The internal workings of the Rear Door Heat eXchanger V2 are shown in Figure 3-51.

156 Tech Sales Certification - System Management Study Guide

 The supply inlet hose provides an inlet for chilled, conditioned water. A return hose delivers warmed water back to the
water pump or chiller in the cool loop. It must meet the water supply requirements for secondary loops. For more infor-
mation, see Table 3-23.

Table 3-23 Rear Door Heat eXchanger V2 Type 1756

The percentage heat that is removed from a 30 kW heat load as a function of water temperature and water flow rate is
shown in Figure 3-52. With 18° at 10 (gpm), 90% of 30 kW heat is removed by the door.

Figure 3-52 Heat removal by Rear Door Heat eXchanger V2 at 30 KW of heat

For efficient cooling, water pressure and water temperature must be delivered in accordance with the specifications
that are listed in Table 3-24. The temperature must be maintained above the dew point to prevent condensation from
forming

157 Tech Sales Certification - System Management Study Guide

 Table 3-24 1756 RDHX specifications

The installation and planning guide provides lists of suppliers that can provide coolant distribution unit solutions,
flexible hose assemblies, and water treatment that meet the suggested water quality requirements.

It takes three people to install the Rear Door Heat eXchanger. The exchanger requires a non-conductive step ladder
to be used for attachment of the upper hinge assembly. Consult the Installation and Maintenance Guide before
proceeding: https://support.lenovo.com/docs/UM103398

158 Tech Sales Certification - System Management Study Guide