Before providing technical details about the HPE Redfish Host Interface, it is important to clearly define the terms "out-of-band" and "in-band" and management.
"Out-of-band" or "remote" management refers to the access of the BMC of a server from an Operating System (OS) located somewhere on the network. If the OS is located in the same server as the target BMC, then, the communication path goes physically out of the server through a physical network adapter and reaches the BMC in its external network interface (i.e. iLO dedicated network interface).
The following example opens an out-of-band Redfish session using ilOrest and cURL (Basic authentication).
ilorest login ilo_ip -u ilo-user -p password
ilorest get FirmwareVersion --select Manager. --json
{
"FirmwareVersion": "iLO 6 v1.67"
}
ilorest logoutBy definition, "in-band" or "local" management refers to the access of the BMC of a server from the OS sitting in the same server, through an internal communication path.
HPE iLO implements the standard Redfish Host Interface specification for in-band management. This host interface is also known as Virtual NIC or vNIC within HPE documents.
The HPE Virtual NIC communication path between the OS and iLO is the DMTF standard alternative to the legacy HPE Channel Interface (CHIF).
- The CHIF communication path between HPE ProLiant and Synergy Gen12 operating
systems and associated iLO 7 has been removed. The virtual NIC is the only in-band communication path implemented in iLO 7 based servers (Gen12) and later. Refer to this paragraph for more information. - When using in-band management through the HPE virtual NIC, authentication is enforced even if you logged in as a privileged user in the server operating system. Read the transitioning to iLO 7 documentation section for more detail.
The following example opens an in-band Redfish session using iLOrest via CHIF on an iLO 6 based server in Production SecurityState, and logged as privileged user root. The second tabulation forces the opening of a Redfish session via the Virtual NIC.
ssh root@fdz365g11-1
ilorest login
Discovering data...Done
ilorest get SecurityState --select HpeSecurityService.
SecurityState=Production
ilorest logout
exit- Generic Redfish clients like cURL, PowerShell, Postman don't have the ability to open an in-band Redfish session via CHIF.
- Python scripts can create in-band Redfish sessions via CHIF (iLO 5 and iLO 6 only), using the
blobstore://.base URL as mentioned in the quick start example of the HPE Python ilorest library.
The status of the iLO Virtual NIC can be retrieved from the standard HostInterface subsystem or from the Hpe OEM extension of the Manager subsystem . The following example retrieves these properties from those two locations, using iLOrest and cURL.
1. GET /redfish/v1/Managers/1/HostInterfaces/1/?$select=Status/State, InterfaceEnabled
or
2. GET /redfish/v1/Managers/1/?$select=Oem/Hpe/VirtualNICEnabledThe Virtual NIC may be enabled/disabled in HPE iLO either though the iLO Web GUI or by a Redfish request. An iLO reset is required for this change to fully take effect.
1. Standard URI
PATCH /redfish/v1/Managers/1/HostInterfaces/1
2. Oem/Hpe URI
PATCH /redfish/v1/Managers/1Search for string "Virtual NIC" in the iLO User Guide to enable and configure the Virtual NIC in the server operating system.
The easiest and safest procedure to gather the entire set of vNIC configuration details is to start with a GET request of the HostInterfaceCollection collection, and then follow the links.
Use the ilorest list command to make sure Links and other reserved properties are part of the response.
The following example uses iLOrest and cURL to identify the vNIC's URI via the HostInterfaceCollection collection .
ilorest login ilo-ip -u ilo-user -p password
ilorest list Members --select HostInterfaceCollection. --json
{
"Members": [
{
"@odata.id": "/redfish/v1/Managers/1/HostInterfaces/1/"
}
]
}The following example retrieves the State and the vNIC's Ethernet URI using the HostInterface URI found in previous example.
ilorest list InterfaceEnabled ManagerEthernetInterface --select HostInterface. --json
{
"InterfaceEnabled": true,
"ManagerEthernetInterface": {
"@odata.id": "/redfish/v1/Managers/1/EthernetInterfaces/3/"
}
}The following example retrieves the vNIC Ethernet properties using the URI found in previous example.
ilorest get --select EthernetInterface. --filter Id=3 --json
{
"Description": "Configuration of this Manager USB Ethernet Interface available for access from Host
.",
"IPv4Addresses": [
{
"Address": "16.1.15.1",
"AddressOrigin": "DHCP",
"SubnetMask": "255.255.255.252"
}
],
"IPv4StaticAddresses": [],
"IPv6AddressPolicyTable": [],
"IPv6Addresses": [],
"IPv6StaticAddresses": [],
"IPv6StaticDefaultGateways": [],
"Id": "3",
"InterfaceEnabled": true,
"LinkStatus": "LinkUp",
"MACAddress": "0A:CA:FE:F0:0D:04",
"Name": "Manager Virtual Network Interface",
"NameServers": [],
"Oem": {
"Hpe": {
"ConfigurationSettings": "Current",
"InterfaceType": "HostInterface",
"NICSupportsIPv6": false
}
},
"PermanentMACAddress": "0A:CA:FE:F0:0D:04",
"StaticNameServers": [],
"Status": {
"Health": "OK",
"State": "Enabled"
}
}The iLO Virtual NIC configuration can be retrieved with a GET request from the EthernetInterfaceCollection resource type:
GET /redfish/v1/Managers/1/EthernetInterfaces/?$filter=Name eq 'Manager Virtual Network Interface'When enabled in both the server operating system and in iLO, software running in the host may access the iLO Web GUI or Redfish API via this communication path. By default, the iLO vNIC IP address is 16.1.15.1/30, and the OS vNIC IP address is 16.1.15.2/30.
Secure Shell (SSH) communications are also possible via vNIC when SSH.ProtocolEnabled property is set to true in the ManagerNetworkProtocol subsystem .
When vNIC is enabled, iLO becomes a DHCP server on the vNIC interface. Make sure that the corresponding interface in the host is configured as a DHCP client.
Redfish clients authentication (basic or session based) is always required to access iLO resources via vNIC, regardless the type of user (privileged or standard) sending the Redfish requests and the security state of the iLO.
Read the transitioning to iLO 7 paragraph for information about the authentication of host applications like the Agentless Management Service (AMS), iLOrest, iSUT or SUM.