Universal Management Gateway 2000 Appliance
Release Notes
Version 1.0.3.5
March 5, 2012
This document outlines: 1 Update Instructions
2 Appliance Firmware Version Information 3 Features and Enhancements
4 Known Issues / Restrictions 5 Service Processor Support
===================================================================================
1 Update Instructions
=================================================================================== Please refer to your installer/user guide for detailed instructions on updating the Universal Management Gateway 2000 appliance.
In order to have features listed in this release available through DSView™ 4 management software, DSView™ 4 software version 4.0.0.76 or later and the Universal Management Gateway appliance plug-in version 1.0.3.5 are required.
Support for Trellis™ management software is not included in this version and will be provided in a future update.
===================================================================================
2 Appliance Firmware Version Information
=================================================================================== Product Version Universal Management Gateway 2000 appliance 1.0.3.5
===================================================================================
3 Features and Enhancements
=================================================================================== Firmware Version 1.0.3.5 is an update to the initial release of the Universal Management Gateway 2000 appliance software.
Please refer to your installer/user guide for a detailed list of features supported by the Universal Management Gateway appliance.
Issue
Description
7415
Inconsistent display of Target Status in the DSView™ software and the web user interface
8108
With LDAP pointing at root AD server, unable to login into Universal Management Gateway appliance as a user on child AD server
8133
Target Access Rights are not implemented
8184 Appliance authentication leveraging DSView™ software credentials is not supported 8192
Targets rights are not applied for Outlets and Power Distribution Unit (PDU) targets
8275
Service Processor (SP) Session: Target Sessions Table does not display any session information
8294
Target Groups do not appear in the Target Access List for Users & User Groups
8557
There is an occasional user interface (UI) hang-‐up with an endless spinning cursor at the VGA console. 8558
PDU-‐level operations should not be presented for metered-‐only PDUs
8562
Factory Default caused Service Processor service issue
8612
Cannot Create User After Web UI Firmware Upgrade
8694
SP M1000E Sensor information not updated after Refresh button is selected 8728
Monitor authentication services and restart if stopped
===================================================================================
4 Known Issues / Restrictions
=================================================================================== This release contains the following known issues.
1. Only temperature sensors connected to Power Distribution Units (PDUs) are supported. Other sensor types such as Dry-Contact, airflow and humidity are not supported.
2. VGA Console:
a. The VGA console does not support the Universal Management Gateway appliance firmware upgrade feature. You can, however, use the firmware upgrade feature via the Universal Management Gateway Command Line Interface (CLI) console by logging in as an admin user and selecting Update Firmware from the menu.
3. DirectCommand:
a. Service Processor (SP) browser session functionality is achieved through TCP port forwarding to client systems through an SSH tunnel. Web interfaces of some SPs may behave abnormally through the DirectCommand framework due to the client interacting with non-native SP ports and IP addresses.
b. If the same client PC is used to simultaneously launch DirectCommand from the Universal Management Gateway web UI and the DSView™ 4 software, there will be a conflict between the two DirectCommand applets for the two sessions. This will cause an error message to be displayed when the DirectCommand session is started. To avoid this issue, always exit the DirectCommand applet when switching between the Universal Management Gateway web UI and the DSView™ software.
c. AutoLogin fails on Internet Explorer® 9 and Firefox® 10.
d. AutoLogin may fail to login to blades discovered through a chassis such as HP BladeSystem. 4. The Clear Log operation will clear the logs and prevent future data collection and is not suggested for
use at this time.
Issue Area
Description
Work-‐Around
2932
Service Processor
Target
Excessive time to load the system
page
None. May be seen with large
numbers of SP Targets (70+)
4011
Architecture
Still able to access the serial port
even when it's already been
disabled
Target Access permissions can be
used to restrict access
5016
Architecture
Get Selected button displayed in
Target Access tab in User Groups
page
None at this time
7070
Service Processor
Target
SPM text boxes on the UI need to
be bigger and consistent
None at this time
7164
Web UI
Logging as admin/admin found that
Administration field is lost after the
Universal Management Gateway
appliance is rebooted
This issue is seen when logging
into the web UI immediately after
booting the appliance.
Work-‐around is to log out and
back in again.
7277
PDU Target
PDU informational requests timing
out
None at this time
7480
Service Processor
Target
M610 DirectCommand AutoLogin
launched from web UI very slow
None at this time
7912
Web UI
The Target Landing page shows SP
Target Status as 'Idle' even if the
server is Off.
Server power status can be viewed
from the System Tab after
selecting a Target in the Target
pane.
7958
Other
We should manually create
snmptrapd_mss.conf on appliance
in order to receive SNMP traps for
engine; it is not convenient for
users.
None at this time
8009
CLI
Add Emergency Password Unlock
entry into Universal Management
Gateway appliance local console
None at this time
8038
Serial Targets
Serial Target Access Rights -‐ Session
Access, Kill Multi Session, Multi
Session Notification should not be
configurable.
None. This feature is not fully
supported at present.
8065
Service Processor
Target
The default name of new detected
SP is different with the IP of the SP.
None at this time
8250
Local port UI
Factory Defaults -‐ Retaining
Specified Range of Network SPs
Settings must be manually reset
8296
Service Processor
Target
On Administration Discovery page ,
clicking
Search range start
or
Search range stop
will cause UI to
hang
This issue occurs if a discovery
range is not selected when the
Start / Stop
button is selected.
Work-‐around is to select a
discovery range first then select
the button.
8424
User Authentication
Administrator can change the Role
of appliance-‐admin and of
power-‐user groups
It's possible to lose Admin access if
the role of the Appliance-‐Admin
group is set to something other
than Admin.
8479
User Authentication
Couldn't get SID from pamh
This error may be seen when
logging in when the appliance is
still starting up. Work-‐around is to
retry.
8513
Local port UI
Service Processor Calling Function
Errors
Error messages may be displayed
when viewing SP Alerts if the SP is
busy or does not support Alert
configuration
8573
User Authentication
LDAP authentication server given as
domain name instead of IP address
then the functionality is found to be
broken
Numeric IP address should be
supplied
8629
Service Processor
Target
Web UI & DSView software
DirectCommand AutoLogin fails on
Internet Explorer 8 running on
Win7/Win2008 (64-‐bit O/S)
None at this time
8666
Local port UI
Authentication -‐ Adding DSVIEW
Server does not work
DSView™ software Authentication requires that the appliance be enrolled from the DSView™ software. It's not currently possible to push the enrollment up from the appliance via the web UI.
8729
CLI
Emergency Password Unlock Does
not work on putty
Use the serial console via
Alt+F2
on the VGA Console
8792
Web UI
DirectCommand Session failure for
IPMI 2.0
None at this time
8812
Local port UI
When time zone setting is changed,
the screen size on the local UI
changes
None at this time
8825
Web UI
Unable to launch Sol, Telnet and
SSH session for IPMI 2.0
None at this time
8839
PDU Target
Admin-‐ Power Distribution screen
crashes Adobe® Flash Player
None at this time
8841
Platform
Firmware upload should not allow
downgrade
"Downgrade" should be
performed by selecting a previous
firmware image on startup
8877
Service Processor
Target
Directcommand_Only SP cannot be
added thru web UI or DSView
software
None at this time
8915 Authentication Targets and Target Groups listed in the Target Access page do not match the currently defined Targets and Target Group
This issue occurs once the Target Access page is first displayed when editing either a User or User Group. Changing the user
permissions of a new Target or Target Group subsequently requires the appliance to be rebooted.
===================================================================================
5 Service Processor Support
===================================================================================
Tested Service Processors
SP Firmware Version
Cisco UCS 1.3(2d)
Dell® 10G iDRAC 1.53 (Build 3)
Dell DRAC 4 1.75 (Build 06.03)
Dell DRAC 5 1.20 (07.03.02)
Dell DRAC/MC 1.4
Dell 10G iDRAC 1.53 (Build 3)
Dell iDRAC M600 1. 50 (Build 13)
Dell iDRAC M605 1.52 (Build 2)
Dell iDRAC M610 2.2 (Build 33)
Dell iDRAC M710 2.10 (Build 33)
Dell iDRAC M805 1.52 (Build 2)
Dell iDRAC6 R210 1.30 (Build 24)
Dell iDRAC6 R410 1.13.01
Dell M1000E Chassis 2.11
FSC iRMC 2.20G
FSC iRMC S2 3.95A (Base: V1.01A52)
3.44A
HP BladeSystem OA: 3.00 Mar 19 2010
Device: 1.81 Jan 15 2010
HP iLo 1.91
HP iLo 2 1.22
1.77 1.81
HP ILO3 1.26
IBM BladeCenter AMM Firmware 54
IBM x3550 M2 (IMM) YUOO73M
IBM x3650 M2 (IMM) YUOO73M
IPMI 1.5 N/A
IPMI 2.0 N/A
SUN® ALOM Unknown
SUN ELOM 3.2
SUN ILOM 2.0.2.6
Dell DRAC3, DRAC4 and DRAC5
1. If a Java Applet in the web browser running on a Linux client does not have privileges to listen on port 443 of the local IP address (127.*.*.*), the DRAC3 DirectCommand functions will not be functional. Please ensure that the listen privilege is available for port 443.
2. When the maximum number of sessions in DRAC4 or DRAC5 has been reached, a new AutoLogin or vKVM DirectCommand session will fail. The failure can be recovered by resetting the SP via Telnet or SSH. The command for SP reset is: racadm racreset.
3. If DirectCommand launches for DRAC5 servers are unsuccessful, ensure that the JRE is set to allow temporary file storage and that previous temporary files are deleted through the Java Control Panel. 4. The DRAC5 does not support use of the forward slash in login passwords. Avoid use of the forward slash
in the password definition.
Dell DRAC/MC Chassis and Blades
1. The vKVM/VM operations for the DRAC/MC blades initiated through a DirectCommand browser session will function properly only if the client can directly communicate with the native SP web interface.
2. Sometimes, the AutoLogin DirectCommand operation to DRAC-MC servers does not complete and either displays the Internet Explorer cannot display the webpage message for the Internet Explorer 7 browser, or displays a blank page for the Firefox 3 browser. The AutoLogin DirectCommand operation has been observed to complete if the page is refreshed.
3. FRU information is not available for the Drac MC.
Dell M1000e CMC
1. The M1000e native web interface cannot be opened using the Firefox 3 browser, which also affects the browser link within the Universal Management Gateway appliance when using the Firefox 3 browser. Instead, the AutoLogin DirectCommand option can be used or Internet Explorer 7 can be used as the browser.
2. M1000e AutoLogin DirectCommand sessions are not automatically restarted upon session timeout. Click the AutoLogin DirectCommand link again to restart the session.
3. The M1000e "Single Sign-in" functionality cannot be supported when logged in using the Browser DirectCommand login. Use the AutoLogin DirectCommand for this functionality.
4. When connecting to an iDRAC blade using the M1000e "Single Sign-in" feature, the blade’s vKVM connection is only functional if the default vKVM ports are configured in the blade. If the vKVM ports are redefined, then vKVM is only supported through a DirectCommand session to the blade.
5. The iDRAC blade can be accessed using the M1000e "Single Sign-in" feature when the blade is selected from the M1000e server status page that shows links to all blades, and not from a link on an individual blade status page.
6. Occasionally, connections to an iDRAC blade using the M1000e "Single Sign-in" feature or to an iDRAC blade managed within the M1000e chassis will not complete. Clear the browser cache and re-launch the session if this situation occurs.
7. The CMC web interface login selection within the iDRAC blade web interface is not accessible through the Universal Management Gateway appliance. Instead, the M1000e AutoLogin DirectCommand option should be used to access the CMC web interface.
8. The login process for the M1000e may take up to 20 seconds after proper username and credentials are presented and therefore it may take several seconds to access some features in the Universal Management Gateway appliance web interface (e.g., displaying power information may take 15-20 seconds for an M1000e chassis).
9. The Dell M1000e CMC chassis requires that all servers within the chassis must first be turned off successfully before the chassis can be turned off. Please follow this sequence when controlling the CMC power through the Universal Management Gateway appliance to avoid inconsistent behavior in power states and/or error messages.
Dell iDRAC Blades
1. Occasionally, AutoLogin DirectCommand attempts to connect to an iDRAC blade are rejected, and a DirectCommand Applet Error is presented that contains an error string from the blade, such as “Failure_Session_Creation.” Workarounds include retrying the AutoLogin DirectCommand operation after a few minutes, retrying blade login through the chassis Single Sign-in feature, or resetting the blade. 2. Sometimes after a session expires, the iDRAC blade logout selection is not processed. If this occurs,
close the browser window or tab.
3. The login session associated with an iDRAC blade vKVM session is not automatically terminated and must be allowed to time out.
4. Some anomalies have been seen with the Dell M610 and M710 blades when it is either directly managed or managed through the Universal Management Gateway appliance. These anomalies include:
a. The default root/calvin uid/password does not always allow access, yet another user-defined username does seem to work (M610 only).
b. Virtual Media does not connect (M610 only)
c. Virtual Media disconnect when launched under the Internet Explorer browser causes vKVM abort. (M610 and M710).
d. Single Sign-on through the M1000e chassis to the blade fails to complete. (M610 only). Please check the Dell web site for release note updates.
Dell iDRAC6 Monolithics and Blades
1. Errors may occur when attempting to add a Dell iDRAC to a Universal Management Gateway appliance if the SP is already managed by another Universal Management Gateway appliance.
Fujitsu Technology Solutions (FTS) iRMC S2
1. If AutoLogin DirectCommand operations for iRMC2 servers present an additional login prompt or are otherwise unsuccessful, ensure that the JRE is set to disallow temporary file storage and that previous temporary files are deleted through the Java Control Panel.
2. iRMC S2 SPs that use login passwords containing the ampersand character cannot be discovered or managed by the Universal Management Gateway appliance. The SP can be discovered and managed when the login passwords do not contain the ampersand character.
3. The Remote Storage applet provided by iRMC2 servers is only accessible through the Universal Management Gateway appliance using the Native IP feature. If there are problems connecting to the Remote Storage applet, a tech note is available upon request.
HP iLo, iLo2
1. The iLO2 vKVM runs with ActiveX in an Internet Explorer browser and with a Java applet in other browsers such as Firefox 3. The vKVM with ActiveX integrates Virtual Media, while vKVM with a Java applet does not. Multi-session operation is not supported for vKVM DirectCommand operations in the Internet Explorer browser.
2. The iLO 2 does not support use of the single or double quotation marks in login passwords. Avoid use of quotation marks in password definition.
HP BladeSystem and blades
1. The HP Integrity blade product line is not supported as these blades use a different management interface than the Proliant blades
2. The vKVM/VM operations for the HP blades initiated through a DirectCommand browser or AutoLogin session will function properly only if the client can directly communicate with the native SP web interface. 3. In limited testing with the HP BladeSystem OA version 1.81, it was noted that blade power, sensor and SoL
operations are not functional when the blade is managed through the OA. These operations are functional when the iLO blade is discovered and managed separately from the BladeSystem.
4. The HP BladeSystem "Single Sign-in" functionality cannot be supported when logged in using the Browser DirectCommand login. Use AutoLogin DirectCommand for this functionality.
IBM RSA-II
1. When a vKVM session is connected on an RSA-II server, a second login with the same userid will cause the original vKVM session to be disconnected. This includes a second login through the Universal Management Gateway appliance which will use the same userid. This behavior is by design in the RSA-II servers.
2. Intermittent load failures of the vKVM and VM applets on RSA-II servers are seen when the JRE is allowed to keep temporary files on the computer. When using these vKVM and VM applications on RSA-II servers, Avocent recommends setting the JRE to disallow temporary file storage through the Java Control Panel. 3. vKVM operation to RSA-II servers launched through a DirectCommand browser login session may not be
successful. Avocent recommends using the DirectCommand AutoLogin operation.
4. vKVM operation to RSA-II servers is incompatible with JRE-6u13. Avocent recommends using JRE-6u11 or JRE-6u14 or later for these applications.
5. When managing RSA-II servers through a Universal Management Gateway appliance using the DSView 3 software, DirectCommand sessions sometimes cannot be successfully launched when using JRE versions above 6u7 without disabling “the next-generation Java Plug-in” setting through the Java Control Panel. If these issues continue to occur while disabling “the next-generation Java Plug-in,” Avocent recommends downgrading the JRE to 6u7.
6. The native web interface for the IBM 3950 RSA-II server will not allow login if the password contains special characters unless the SP firmware is upgraded to A3EP40A or later. Please upgrade the SP firmware to use special characters passwords with DirectCommand functionality.
IBM BladeCenter and Blades
1. The IBM BladeCenter native web interface provides access to vKVM and vMedia functions for its blades. DirectCommand operations for blades should be initiated through the BladeCenter interface.
2. AutoLogin and vKVM DirectCommand operations for the IBM BladeCenter fail by presenting a login prompt when the BladeCenter is automatically discovered and/or managed. To establish AutoLogin DirectCommand functionality, please delete the BladeCenter from the Universal Management Gateway appliance web interface and then manually add it back into the appliance.
IBM IMM Monolithics
1. The vKVM DirectCommand sessions for IMM-based monolithic servers do not successfully launch on some IE7 and IE8 installations. To correct this issue from the IE browser menu, select Tools, then Internet Options, then select the Security tab and click the Custom Level button. Scroll down to the Downloads settings group and click the Enable radio button for the “Automatic prompting for file downloads” setting.
2. IMM-based monolithic servers purchased with the “IMM Standard” option do not support vKVM. The Universal Management Gateway appliance cannot detect the “IMM Standard” configuration prior to web interface login, so the user is not notified until after the vKVM login attempt.
3. Occasionally, AutoLogin and vKVM DirectCommand sessions for IMM-based monolithic servers do not successfully launch when switching the session launch between the DSView 3 software and the Universal Management Gateway appliance web interface. Clear the browser cache and re-launch the session if this situation occurs.
4. The IMM Monolithic servers do not support use of the special characters ':', '&', '\' and '<' in login passwords. Avoid use of these characters in the password definition.
5. If you use the Universal Management Gateway appliance discovery feature to manage any type of IBM IMM server, the IMM needs to be configured so that its 'lockout period 5 login failures' is 1 minute. On the IMM Web UI, this is under System -IMM Control-Login Profiles- Global Login Settings.
IPMI 1.5 / IPMI 2.0
1. IPMI 1.5 or IPMI 2.0 servers have no native management web interface by default, but these servers can be integrated with a web interface. In this case, a user-defined SP profile can be created for the IPMI SP with the appropriate web port and web scheme to enable the DirectCommand “Browser session” option in the Universal Management Gateway appliance web interface.
Sun ALOM, ELOM, ILOM
1. ILOM servers must have their http service running to be properly discovered using the autodiscovery mechanism. If the http server is not running, the server can still be manually added.
2. ALOM servers have no native management web interface by default, but these servers can be integrated with a web interface. In this case, a user-defined SP profile can be created for the ALOM SP with the appropriate web port and web scheme to enable the DirectCommand “Browser session” option in the Universal Management Gateway appliance web interface.
3. The ELOM native web interface vKVM operation may conflict with other network services commonly run on server machines. If conflicts occur, we suggest performing these operations on a workstation computer instead of a server computer.
4. The ILOM KVM/VM applet requires the username and password to be entered manually.
5. ELOM and ALOM SPs that use login passwords containing special characters cannot be discovered or managed by the Universal Management Gateway appliance. These SPs can be discovered and managed when the login passwords do not contain special characters.
Emerson and Emerson Network Power are trademarks or registered trademarks of Emerson Electric Co. Avocent, DSView and Trellis are trademarks or registered trademarks of Avocent Corporation. Internet Explorer is a registered trademark of Microsoft Corporation. Firefox is a registered trademark of The Mozilla Foundation. HP is a trademark of Hewlett-Packard Development Company, L.P., Dell is a registered trademark of Dell Corporation. All other marks are the property of their respective owners. This document may contain confidential and/or proprietary information of Avocent Corporation, and its receipt or possession does not convey any right to reproduce, disclose its contents, or to manufacture or sell anything that it may describe. Reproduction, disclosure, or use without specific authorization from Avocent Corporation is strictly prohibited. ©2012 Avocent Corporation. All rights reserved.
