Using bulk import tools – HP Integrated Lights-Out 2 User Manual
Page 161
to an after-hours application might allow administrators outside the corporate network to reset the
server, which is contrary to most security policies.
In the example, security policy dictates general use is restricted to clients within the corporate
subnet, and server reset capability is additionally restricted to after hours.
Alternatively, the directory administrator could create a role that grants the login right and restrict
it to the corporate network, then create another role that grants only the server reset right and
restrict it to after-hours operation. This configuration is easier to manage but more dangerous
because on-going administration might create another role that grants users from addresses outside
the corporate network the login right, which could unintentionally grant the LOM administrators in
the server Reset role the ability to reset the server from anywhere, provided they satisfy the time
constraints of that role.
The previous configuration meets corporate security policy. However, adding another role that
grants the login right can inadvertently grant server reset privileges from outside the corporate
subnet after hours. A more manageable solution would be to restrict the Reset role, as well as the
General Use role.
Using bulk import tools
Adding and configuring large numbers of LOM objects is time consuming. HP provides several
utilities to assist in these tasks.
•
HP Lights-Out Migration utility
The HP Lights-Out Migration utility, HPLOMIG.EXE, imports and configures multiple LOM
devices. HPLOMIG.EXE includes a GUI that provides a step-by-step approach to implementing
or upgrading large numbers of management processors. HP recommends using this GUI
method when upgrading numerous management processors. For more information, see
“HPLOMIG directory migration utility” (page 162)
•
HP Lights-Out Migration Command utility
The HP Lights-Out Migration Command utility, HPQLOMGC.EXE, offers a command-line
approach to migration, rather than a GUI-based approach. This utility works in conjunction
Directory-enabled remote management
161