HP Integrated Lights-Out 2 (iLO) - Management Network
My past experience was unfortunately with Dell servers. I could never convince my old employer that HP servers were better. I guess they didn't care or didn't mind that I needed to drive to the data center to reboot a frozen server in the middle of the night. At my new job with uptime being so important the obvious choice for servers was HP. Compared to Dell...well there is no comparison. Dell is always a generation behind on their management programs. I had limited experience with HP servers at some of my old clients and I could see that this is the way to go.
There are several versions of the iLO software and every HP Proliant DL server comes with the basic version. The basic version gives you virtual power switch control. You have a couple of options whether you want to just press the power button or press and hold for several seconds. The basic version is what I am using for now. My main concern is rebooting a frozen server at 3:00am without having to drive to the data center ;). The advanced version gives you full KVM access even to the boot screen. I haven't recommended to management the advanced version yet, but I can see that having it would be very useful.
The way I set up my server environment was with a separate private "iLO network". The network is totally closed with no access to the Internet. I have a separate server which I use for monitoring my production servers. (See my blog "My Latest Project" for a description of the hardware setup.) First I setup all of my production servers with an iLO "private" 192.168.0.0/24 network address. You do this when the server boots, press F8 when you see the iLO prompt. There are several options in this menu. You need to turn off "get a DHCP address" and manually input your private IP address. I chose a simple sequential numbering scheme starting with 192.168.0.3 for my servers (.1 and .2 are for my two firewalls). 192.168.0.9 is my last IP address which is for the monitoring server. I actually probably can never access this server when it crashes with iLO since my only access is from this same server.
Here is my monitoring server NIC setup.
NIC 1 - front-end IP address
NIC 2 - back-end 172.16.0.0/24 address
NIC 3 - iLO network 192.168.0.9
NIC 4 - iLO management 192.168.0.8
From this server I can see all of my other servers with the iLO web interface. As long as this server is up and running I will be able to reboot and control my production servers.
The NICs of my other production web/sql servers are setup in a similar way except they only have the front-end, back-end and iLO management NICs. These servers can't actually communicate over the iLO network they only listen for commands from the monitoring server. Within my production setup (photo of my firewall/switch setup here) I don't include my iLO switch. Since the production network can't have any downtime I bought a pair of high-end switches. But the uptime of the iLO network is not as critical so I just used a cheap workgroup switch. If it fails then no big deal. I will just go buy another one and pop it in during business hours. I think the risk of this switch failing and one of the servers failing at the same time is very low.
That's it...the iLO network is setup. I put some favorites in my web browser so I could quickly access each server without having to remember the IP address. Also for an cool effect use different color Ethernet cables for each network. I personally try to use a different color for each one; one for the front-end, one for the back-end and a different one for the iLO network. Makes it easier when it is time to move on and the new sys admin is trying to figure out how the system works...but we don't care about him/her now do we???? :)
Labels: Management
posted by Brad Foutz @ 9:47 AM
3 Comments
3 Comments:
Hi Brad,
Thank you for the information on the iLO. I have HP server, but I have never use it. How do you connect to the servers from your management server? By browser? Each ilo on each server is a webserver? Another question is on each of your server, you have front end and back end nic. What is the front end for and what is the back end for. Sorry for stupid questions. I in the learning process. Thank you.
Thanks for you comment. iLO 2 has a web interface so after setting up the IP address on each box I created a favorite on the management server to access each server. The front end and back end are basically in reference to the security context. The front end is the public facing network. Anonymous web, SMTP and FTP traffic from unknown sources will be coming into this network (through a firewall hopefully) you want to make sure that you reduce your hackable area as much as possible. This is the reason for the back end network. The servers in the back end do not need to be exposed to the internet. Why would you want to put a SQL server in the same Internet facing network if you don't need to? A SQL or application server in the back end will be much more difficult to compromise if it is not directly accessible from the Internet. My project blog entry goes into the network a little also. Hardware Project
Wow, Brad. Do you and I live in an alternate reality? My previous job also used Dell's religiously. Both being from Dell backgrounds, and now use HP's. Both having Cisco Pix backgrounds, but are forced to use Fireboxes. Is there anything else??
My new position uses nothing but HP's, and, while I like them, I still have alot to learn.
I want to start using iLO, but I haven't the time, nor the knowledge yet. This is a good post!
Post a Comment
Subscribe to Post Comments [Atom]
<< Home