Skip to main content

Device management considerations

Before you attempt to discover and manage devices using XClarity Orchestrator, review the following considerations.

General considerations

Ensure that XClarity Orchestrator supports the devices that you want to manage. For information about supported devices, see Supported hardware and software – XClarity Orchestrator.

Ensure that the minimum required firmware is installed on each system that you want to manage. For information about firmware requirements, see Supported hardware and software – XClarity Orchestrator.

Certain ports must be available to communicate with devices. Ensure that all required ports are available before you attempt to manage servers. For information about ports, see Port availability – XClarity Orchestrator.

XClarity Orchestrator can automatically discover devices in your environment by probing for manageable devices that are on the same IP subnet as XClarity Orchestrator using a service discovery protocol. To discover devices that are in other subnets, you can manually specify IP addresses, host names, range of IP addresses, or subnets.

After the devices are managed by XClarity Orchestrator, XClarity Orchestrator polls each managed storage device periodically to collect information, such as inventory, vital product data, and status.

If the XClarity Orchestrator loses communication with a device (for example, due to power loss or network failure or if the switch is offline) while collecting inventory during the management process, the management completes successfully; however, some inventory information might be incomplete. Either wait for the device to come online and for XClarity Orchestrator to poll the device for inventory or manually collect inventory on the device from the resource-manager web interface by selecting the device and clicking All Actions > Inventory > Refresh inventory.

Devices can be managed by only one resource manager (XClarity Orchestrator, XClarity Management Hub, or XClarity Administrator) at a time. If a device is managed by one resource manager, and you want to manage it using another resource manager, you must first unmanage the device from the original resource manager.

If you change the IP address of a device after the device is managed by XClarity Orchestrator recognizes the new IP address and continue to manage the server. however, XClarity Orchestrator does not recognize the IP address change for some servers. If XClarity Orchestrator shows that the server is offline after the IP address was changed, manage the server again using the Force Management option.

If you remove, replace, or configure any adapters in a device, restart the device at least once to update the inventory information.

To discover a device that is on a different subnet from the resource manager, ensure that one of the following conditions are met:

  • Ensure multicast SLP forwarding is enabled on the rack switches and routers in your environment. See the documentation that was provided with your specific switch or router to determine whether multicast SLP forwarding is enabled and to find procedures to enable it if it is disabled.
  • If SLP is disabled on the device or on the network, you can use DNS discovery method instead by manually adding a service record (SRV record) to your domain name server (DNS). For example:
    lxco.company.com  service = 0 0 443 server1.company.com

    Then, enable DNS discovery on the baseboard management console from the management web interface, by clicking BMC Configuration > Network, clicking the DNS tab.

Encapsulation considerations

You can choose to enable encapsulation on the chassis and servers during the device management process. When the global encapsulation setting is enabled and the device supports encapsulation, the resource manager communicates with the device during the management process to change the device encapsulation mode to encapsulationLite and to change the firewall rules on the device to limit incoming requests to those from only the resource manager (Lenovo XClarity Management Hub or Lenovo XClarity Administrator.

Note
When the management network interface is configured to use the Dynamic Host Configuration Protocol (DHCP), managing devices with encapsulation enabled can take a long time.

The global encapsulation setting is disabled by default. When disabled, the device encapsulation mode is set to normal and the firewall rules are not changed during the device management process.

Attention
If the encapsulation mode is encapsulationLite on managed devices, the following situations might cause communication and authentication issues between the resource manager and managed devices, rendering the managed devices unreachable. Because the devices are configured to ignore TCP requests from other sources, it is not possible to access those devices through a network interface. In most cases, these devices do not respond to ping, SSH or TELNET requests.
  • Network changes on the hypervisor in which the resource manager runs
  • Virtual Local Area Networks (VLANs) or VLAN tags changes
  • Permanent changes to device IP addresses while encapsulation is enabled
  • Force-unmanagement of a device while encapsulation is enabled
  • Loss of the resource manager virtual machine
  • Loss of TCP communication between the virtual machine and the managed devices
  • Other network issues that prevent the resource manager from communicating directly with managed devices while encapsulation mode is enabled

If a permanent problem occurs, complete one of the following actions to recover access to the previously managed devices. For more information, see Encapsulation management, Recovering management with a CMM after a management server failure, and Recovering management with a CMM after a management server failure in the Lenovo XClarity Administrator online documentation.

  • To recover the access to a managed IMM where encapsulation mode is active, the default settings must be loaded from local console through UEFI graphical user interface.
  • Use the USB-to-Ethernet bridge to gain in-band access to the management controller, and run the following command:
    encaps lite -off
  • To recover access to a managed CMM where encapsulation mode is active, the default settings must be loaded using the rear reset button or by running the following command if the console can still be reached:
    accesscontrol -off -T mm[p]

Server considerations

Ensure that CIM over HTTPS is enabled on the device. Log in to the management web interface for the server using the RECOVERY_ID user account. Click BMC Configuration > Security, and then click CIM Over HTTPS tab, and ensure that Enable CIM Over HTTPS is selected.

When performing management actions on a server, ensure that the server is either powered off or powered on to the BIOS/UEFI Setup or to a running operating system (see Performing power actions on managed servers.) If the server is powered on without an operating system, the management controller continuously resets the server in an attempt to find an operating system.

Ensure that all UEFI_Ethernet_* and UEFI_Slot_* settings are enabled in the server UEFI Settings. To verify the settings, restart the server, and when the prompt <F1> Setup is displayed, press F1 to start the Setup utility. Navigate to System Settings > Devices and I/O Ports > Enable / Disable Adapter Option ROM Support, and then locate the Enable / Disable UEFI Option ROMs section to verify that the settings are enabled. If supported, you can also use the Remote Console feature in the baseboard management interface to review and modify the settings remotely.

If the device's server certificate is signed by an external certificate authority, ensure that the certificate authority certificate and any intermediate certificates are imported into the XClarity Orchestrator trust store (see Installing a trusted, externally-signed XClarity Orchestrator server certificate).

ThinkEdge Client devices
ThinkEdge Client devices do not have baseboard management controllers and, therefore, are not discoverable using service discovery protocols. You must install a UDC agent on ThinkEdge Client devices before the devices can be securely discovered and managed by the assigned Lenovo XClarity Management Hubresource manager. For more information, see Managing ThinkEdge Client devices.
ThinkSystem SR635 and SR655 servers
Ensure that an operating system is installed, and that the server was booted to the OS, mounted bootable media, or efishell at least once so that XClarity Orchestrator can collect inventory for those servers.

Ensure that IPMI over LAN is enabled. IPMI over LAN is disabled by default on these servers and must be manually enabled before the servers can be managed. To enable IPMI over LAN from ThinkSystem System Manager web interface, click Settings > IPMI Configuration. You might need to restart the server to activate the change.

ThinkServer servers
The hostname of the server must be configured using a valid hostname or IP address to automatically discover these servers.

The network configuration must allow SLP traffic between XClarity Orchestrator and the server.

Unicast SLP is required.

To automatically discover ThinkServer servers, multicast SLP is required. In addition, SLP must be enabled on the ThinkServer System Manager (TSM).

If ThinkServer servers are on a different network than XClarity Orchestrator, ensure that the network is configured to allow inbound UDP through port 162 so that XClarity Orchestrator can receive events for those devices.

System x3950 X6 servers
These servers must be managed as two 4U enclosures, each with its own baseboard management controller.

For more information managing servers, see Managing servers and Managing ThinkEdge Client devices.

Storage considerations

Ensure that the following requirements are met before discovering and managing rack storage devices (other than ThinkSystem DE series).

  • The network configuration must allow SLP traffic between the resource manager and the rack storage device.
  • Unicast SLP is required.
  • Multicast SLP is required if you want XClarity Orchestrator to discover the Lenovo Storage devices automatically. In addition, SLP must be enabled on the rack storage device.

For more information managing storage devices, see Managing storage devices.

Switch considerations

Managing rack switches using XClarity Orchestrator is not currently supported.

Chassis considerations

When you manage a chassis, all devices in the chassis are also managed. You cannot discover and managed components in the chassis independent of the chassis.

Ensure that the number of simultaneous active sessions for LDAP users setting in the CMM is set to 0 (zero) for the chassis. You can verify this setting from the CMM web interface by clicking BMC Configuration > User Accounts, click Global Login Settings, and then click the General tab.

Ensure that there are at least three TCP command-mode sessions set for out-of-band communication with the CMM. For information about setting the number of sessions, see tcpcmdmode command in the CMM online documentation.

Consider implementing either IPv4 or IPv6 addresses for all CMMs and Flex System switches that are managed by XClarity Orchestrator. If you implement IPv4 for some CMMs and Flex switches and IPv6 for others, some events might not be received in the audit log (or as audit traps).

To discover a chassis that is on a different subnet from the resource manager, ensure that one of the following conditions are met:

  • Ensure multicast SLP forwarding is enabled on the rack switches and routers in your environment. See the documentation that was provided with your specific switch or router to determine whether multicast SLP forwarding is enabled and to find procedures to enable it if it is disabled.
  • If SLP is disabled on the device or on the network, you can use DNS discovery method instead by manually adding a service record (SRV record) to your domain name server (DNS). For example:
    lxco.company.com  service = 0 0 443 cmm1.company.com

    Then, enable DNS discovery on the baseboard management console from the management web interface, by clicking BMC Configuration > Network , clicking the DNS tab.

For more information managing chassis, see Managing chassis.

Multiple management-tool considerations

Extra care must be taken when using multiple management tools to manage your devices to prevent unforeseen conflicts. For example, submitting power-state changes using another tool might conflict with configuration or update jobs that are running in XClarity Orchestrator.

ThinkSystem, ThinkServer and System x devices
If you intend to use another management software to monitor your managed devices, create a new local user with the correct SNMP or IPMI settings from the baseboard management controller interface. Ensure that you grant SNMP or IPMI privileges, depending on your needs.
Flex System devices
If you intend to use another management software to monitor your managed devices, and if that management software uses SNMPv3 or IPMI communication, you must prepare your environment by performing the following steps for each managed CMM.
  1. Log in to the management controller web interface for the chassis using the RECOVERY_ID user name and password.
  2. If the security policy is set to Secure, change the user authentication method.
    1. Click BMC Configuration > User Accounts.
    2. Click the Accounts tab.
    3. Click Global login settings.
    4. Click the General tab.
    5. Select External first, then local authentication for the user authentication method.
    6. Click OK.
  3. Create a new local user with the correct SNMP or IPMI settings from the management controller web interface.
  4. If the security policy is set to Secure, log out and then log in to the management controller web interface using the new user name and password. When prompted, change the password for the new user.