Wednesday 13 April 2011

HP ProLiant MicroServer Remote Access Card

We just installed the HP ProLiant MicroServer Remote Access Card (RAC).

image

The piece of paper that comes with the RAC makes the process of installing the card a fairly straightforward one.

However, the document does not contain the default username and password that the RAC uses out of the box.

Thanks to SBS MVP Merv Porter (Bing Search) for ferreting out the following link:

Out of the box the default username and password is:

  • Username: admin
  • Password: password

Once we had logged in we saw the following Web based console:

image

As noted in the screenshot above the firmware level is version 1.2.

The update is also available on the ProLiant MicroServer’s product support page.

Since our firmware was up to date we went right to the Security section to generate an SSL certificate CSR for the URL that will be used to connect to the RAC via the Internet.

Once we have completed all of the needed configuration on the RAC we will then have remote based out-of-band management for the MicroServer meaning full BIOS and RAID controller management along with the ability to power cycle the machine:

image

Once the system had finished booting we had our console session:

image

We install out-of-band management in all of our client’s servers whether that client is up the block or half way around the world. Having direct access to the server’s console, BIOS, firmware, and more enables us to manage the box right down to doing a full bare metal restore if ever there was a need.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

30 comments:

Scott said...

Do you have any security concerns with allowing access to the RAC from the internet or do you use the firewall to restrict access to only certain IPs?

Philip Elder Cluster MVP said...

Scott,

We have Intel RMM, DRAC (Adv), iLO Adv, and now RAC remote management cards connected directly to the Internet.

They all have third party SSL certificates installed as a first step.

The second step is that we use the same principles for the admin account name and pass phrase that we use for our Windows domain setups.

Between the two above methods we may add IP restrictions within the management module depending on the client's wishes but for the most part that is the exception to the rule.

Philip

Drew ][ said...

Are you able to actually power on the server it has been turned off with the RAC?
Cheers

Philip Elder Cluster MVP said...

Drew,

Yes. The RAC is the equivalent to the iLO with Advanced Pack.

So full KVM and USB redirection to the MicroServer's console along with the ability to reset and power cycle the box.

Thanks for the comments.

Philip

Drew ][ said...

Brilliant thanks :). Just wanted to make sure it support full power on from a powered off server and not just power cycle. Right now to find one at a decent price ....

Thanks
Drew

Anonymous said...

Scott,

Is it possible to turn on (cold boot) the server sending WOL magic packet in combination with the remote access card?
Or do I need both the RAC and a HP specific tool to do that?
What I really want is to wake up the server without any special tool and use only WOL message.

Many thanks
Mostafa

Philip Elder Cluster MVP said...

Mostafa,

Not that I can see. The RAC is a KVM and remote power cycle device via Web interface only.

Philip

Jason said...

I was told that the RAC for the Microserver sis little more than turn the machine on and off, so it is good to see that this is not in fact true. With no documentation or reviews on the web, the RAC card has been a mystery until now.

Can you confirm whether this card makes the use of the PCIe x1 slot impossible? This would not be ideal for me, as I would have liked to have a second NIC in mine, as well as a hardware RAID controller.

Philip Elder Cluster MVP said...

Jason,

Yes, the RAC does use both the PCI-e 1x and the slot behind it for the RAC feature as well as the RAC Video which also shows up in Device Manager.

As far as the second NIC is concerned, the CPU in the box makes an okay engine for the tasks we set before it such as file serving and being a domain controller.

For virtualization, not so much. Besides the CPU limitations we can only have 8GB of RAM.

On the *NIX or *BSD platform though this little box would do quite well in many roles.

Thanks for the comments,

Philip

brendan said...

please dont be fooled by the SSL capabilities...

even though you sign into the Web GUI using SSL, the Java components for the vKVM are delivered and executed in the clear (over HTTP, not HTTPS/SSL). the JNLP file that initiates the Java client can be read with Notepad (since its really just an XML file), and shows that the .jar files are requested over port 80. The entire vKVM session is Java over HTTP. your console sessions can be sniffed easily.

Philip Elder Cluster MVP said...

Brendan,

That is a good point. With the Intel RMM we can set the KVM session to be encrypted as well.

Philip

Adam Doran said...

Do you know whether the RAC offers ssh and virtual serial port like a full blown iLO? Thanks

Philip Elder Cluster MVP said...

Adam,

It does not. It has full KVM capabilities (in our testing sent via HTTPS) but nothing beyond that.

Philip

Philip Elder Cluster MVP said...

Adam,

It does not. It has full KVM capabilities (in our testing sent via HTTPS) but nothing beyond that.

Philip

Anonymous said...

Is the PSU fan still running when you power off the server with the RAC???

Cheers, Matthew

Chris Jones said...

Did you ever get a green screen in the vKVM with just "OUT OF RANGE" in it?
I get that for any video output of the microserver, including the BIOS.

Also, did you figure out what the VGA port on the RAC is for? It doesn't seem to output anything.

Philip Elder Cluster MVP said...

A.,

The fans all go off when the MicroServer is powered down. We have not seen this type of behaviour on it at all.

Chris,

OUT OF RANGE is due to the actual console's resolution being too high. We see this with pretty much all servers that have out-of-band management installed, the video drivers installed, and then the server's video card picking up on the 22" LCD's resolution it is connected to for setup.

We always make sure to set 1024x768x16bpp _before_ we shut it down for the trip to the client site.

There is a device in device manager for it iirc. However we have not found a driver that works.

Thanks for the comments folks,

Philip

Dan SJK said...

video driver for the graphics built in is available at

http://upload.aspeedtech.com/HPMicroServer/

it works with WinXP and WHS2011 at least ...

Anonymous said...

I am having a weird problem with my HP N40L micro server and the HP Remote Access Card (RAC):
When I power the server off using the RAC it would not turn on neither remotely or directly from the power button. First I thought that the PSU is out so I ordered a new one, installed it, and everything was good until I decided to power off the server using the RAC…

Also, can’t get the RAC send test emails to my gmail account using the SMTP server IP from pinging the smtp.gmail.com. Did anyone get that figured out?

I am running WHS 2011 with original BIOS and updated RAC firmware. Any advice will be appreciated.

Anonymous said...

All I get while trying to connect to vKVM is java error "Connection failed"

Not really helpful...

Seb

Anonymous said...

Error is abviously due to security:

https://bugzilla.redhat.com/show_bug.cgi?id=684505

Seb

jtang1013 said...

How did you turn off the machine using RAC? Apart from Virtual KVM and vMedia, I couldn't find the function in RAC. Can you please point me the diretion?

Anonymous said...

You could either use SSH and the CLI to send a stop to power down or the web interface with power cycle through the RAC . It works well as long as teh Firmware has not chrashed

Anonymous said...

Just wondering whether this remote access card can be used on other servers, even any workstations? my Microserver is broken and I try to use this card on other workstations.

Thanks.

Anonymous said...

Philip,
Thanks for the article.
Is there any way to use KVM RAC with video card installed to get both remote management and HTPC capabilities?
I tried RAC with Asus ATI Radeon HD6450 card. While I got webaccess to RAC, I could not run KVM - OUT OF RANGE error.

Many Thanks!
German M.

Philip Elder Cluster MVP said...

German,

You would need to get into the habit of changing the resolution after logging in and then backing it off just before logging out.

That's the only way I know of.

Maybe a PowerShell script for log on and log off?

P.

Anonymous said...

Philip,
Thanks a lot for the prompt response!

Just want to clarify. Are you saying that the reason for "OUT OF RANGE" green screen is the high resolution set by ASUS video card in pci-e X16 slot rather than this video card capturing (stealing) video output from RAC?

Many Thanks!
German M.

ITBikeGuy said...

Philip,

I've just inherited a G7 microserver w/ a RAC installed. I've updated the firmware to v 1.4 and would like to install an SSL certificate in place of the expired HP one. I read your post and you briefly touch on installing this, but I was hoping for some instructions in greater detail and can't seem to find any. I would like to use an inexpensive cert such as the Geotrust Rapid SSL, without the intermediate certificate, if possible. Also, I would like to use an IP address with a port number (format example 192.168.1.1:8888, but with a dedicated public IP address)rather than have to make a DNS entry. Do you have any advise on how get this to work?

Thanks,

Paul

ITBikeGuy said...

Philip,

I've just inherited a G7 microserver w/ a RAC installed. I've updated the firmware to v 1.4 and would like to install an SSL certificate in place of the expired HP one. I read your post and you briefly touch on installing this, but I was hoping for some instructions in greater detail and can't seem to find any. I would like to use an inexpensive cert such as the Geotrust Rapid SSL, without the intermediate certificate, if possible. Also, I would like to use an IP address with a port number (format example 192.168.1.1:8888, but with a dedicated public IP address)rather than have to make a DNS entry. Do you have any advise on how get this to work?

Thanks,

Paul

Philip Elder Cluster MVP said...

Paul,

SSL by default requires DNS A to be in place as the Common Name will be the URL.

I don't remember whether the RAC can import an existing?

If it can you could run the CSR in IIS, complete the request there, and finally export with Private Key.

Philip