This HPE iLO Redfish API documentation is deprecated. See the HPE iLO Redfish documentation for the latest documentation.

NAV Navbar
Logo
cURL python

Introduction

The iLO RESTful API for HPE iLO 5 is a programming interface enabling state-of-the-art server management. This document contains helpful information about how to interact with the iLO RESTful API. The iLO RESTful API uses the basic HTTP operations (GET, PUT, POST, DELETE, and PATCH) to submit or return a JSON formatted resource to or from a URI on iLO 5.

With modern scripting languages, you can easily write simple REST clients for RESTful APIs. Most languages, like Python, can transform JSON into internal-data structures, like dictionaries, allowing for easy access to data. This enables you to write custom code directly to the iLO RESTful API, instead of using intermediate tools such as HPE’s HPQLOCFG or CONREP.

Redfish Conformance

iLO 5’s Redfish conformance details are available in this document in the Managing Hewlett Packard Enterprise Servers Using the RESTful API.

Key benefits of the iLO RESTful API

The iLO RESTful API is becoming the main management interface for Hewlett Packard Enterprise servers with iLO 5. Its feature set will become larger than the existing iLO XML API (RIBCL) and IPMI interfaces. Using the iLO RESTful API, you can take full inventory of the server, control power and reset, configure BIOS and iLO settings, fetch event logs, as well as many other functions.

The iLO RESTful API follows the trend of the Internet in moving to a common pattern for new software interfaces. Many web services in a variety of industries use REST APIs because they are easy to implement, easy to consume, and offer scalability advantages over previous technologies.

HPE OneView, OpenStack, and many other server management APIs are now REST APIs. Most Hewlett Packard Enterprise Management software offerings, as well as the entire Software Defined Infrastructure, are built upon REST APIs.

The iLO RESTful API has the additional advantage of consistency across all present and projected server architectures. The same data model works for traditional rack-mount servers, blades, as well as newer types of systems. This advantage comes because the data model is designed to self-describe the service’s capabilities to the client and has room for flexibility designed in from the start

Changelog

The HPE iLO 5 Redfish service implements the DMTF Redfish specification version 1.6.0 and the schemas implemented by iLO 5 adhere to the DMTF Redfish schema bundle 8010_2021.4.

For a better understanding of the conformance to the DMTF Redfish, read the Redfish versioning paragraph of this article.

iLO 5 2.95 new features and changes

New URIs

HTTP Methods - Additions and Deprecations

Deprecated URIs

Redfish actions - additions and deprecations

Schema Updates

iLO 5 2.90 new features and changes

New URIs

HTTP Methods - Additions and Deprecations

Deprecated URIs

Redfish actions - additions and deprecations

Schema Updates

iLO 5 2.81 new features and changes

New URIs

HTTP Methods - Additions and Deprecations

Deprecated URIs

Redfish actions - additions and deprecations

Schema Updates

iLO 5 2.78 new features and changes

New URIs

HTTP Methods - Additions and Deprecations

Deprecated URIs

Miscellenuous Information

Schema Updates

iLO 5 2.72 new features and changes

New URIs

Miscellaneous Changes

iLO 5 v2.72 supports enabling and disabling of HTTP and HTTPS ports separately using Redfish APIs. Ensure you enable both HTTP and HTTPS, if you want to downgrade the firmware below iLO 5 v2.72, else the web server will not start.

HTTP methods - additions and deprecations

Deprecated URIs

NOTE: From iLO 5 2.72 release, HPE Insight Online direct connectis deprecated. HPE now supports only Insight Remote Support central connect. If you are using HPE Insight Online direct connect, HPE recommends to unregister Insight Online direct connect and register with Insight Remote Support central connect. For more information, see the HPE embedded remote support section of the HPE iLO 5 2.72 User Guide.

#HpeRemoteSupport.v2_6_0.HpeRemoteSupport - ConnectModel (the Remote Support connect model type) will not support the value of DirectConnect. - DataCollectionFrequencyInDays (the frequency of data collection in days. This is applicable only when the server is registered using Direct Connect.) will not apply as HPE Insight Online direct connectis deprecated in this release. - DirectConnectRegistrationIsCompleted (Step 2 of Direct Connect Registration completion status) will not apply as HPE recommends to unregister HPE Insight Online direct connect and HPE Insight Online direct connectis deprecated in this release. - HpeRemoteSupport.CompleteDirectConnectRegistration: There are no parameters for this action, but this action is not applicable when HPE Insight Online direct connectis deprecated in this release. - HpeRemoteSupport.RegisterDeviceToRemoteSupport: This action includes ConnectionType (string)as a parameter. But, ConnectionType (string) will not support the value DirectConnect.

Redfish actions - additions and deprecations

Schema updates

Before iLO 5 v2.72:

    "Oem": {
            "Hpe": {
              "Links": {
                "PCIDevices": {
                  "@odata.id": "/redfish/v1/Systems/1/PCIDevices/"
                },
              },
            }
          },

From iLO 5 v2.72 onwards:

      "Oem": {
            "Hpe": {
              "Links": {
                "PCIDevices": [
                  {
                    "@odata.id": "/redfish/v1/Systems/1/PCIDevices/"
                  }
                ]
              },
            }
          },

iLO 5 2.70 new features and changes

New URIs

HTTP methods - additions and deprecations

No changes have been made to HTTP methods in this release.

Deprecated URIs

No URIs deprecated for this release.

Redfish actions - additions and deprecations

No changes have been made to supported Redfish actions in this release.

Schema updates

iLO 5 2.65 new features and changes

New URIs

#Port.v1_5_0.Port - The HPE iLO 5 Redfish service implements the Port schema in this release as the NetworkPort schema will be deprecated in favor of the Port schema. The NetworkPort URIs will work as expected for all future releases from iLO 5 v2.65.

The following resource instances are added in this schema:

#Port.v1_5_0.Port includes the following properties:

#PortCollection.PortCollection - A Collection of NetworkPort resource instances.

The following resource instances are added in this schema:

#SerialInterfaceCollection.SerialInterfaceCollection

The following resource instance is added in this schema:

#SerialInterface.v1_1_7.SerialInterface

The following resource instance is added in this schema:

HTTP methods - additions and deprecations

No changes have been made to HTTP methods for this release.

Deprecated URIs

Redfish actions - additions and deprecations

No changes have been made to supported Redfish actions for this release.

Schema updates

iLO 5 2.60 new features and changes

New URIs

HTTP methods - additions and deprecations

Deprecated URIs

No URIs deprecated for this release.

Redfish actions - additions and deprecations

Schema updates

iLO 5 2.55 new features and changes

New URIs

No changes have been made to new URIs for this release.

HTTP methods - additions and deprecations

Deprecated URIs

No URIs deprecated for this release.

Schema updates

RDE support changes

Added Redfish Device Enablement (RDE) support for the following URIs and HTTP methods:

iLO 5 2.42 new features and changes

New URIs

HTTP methods - additions and deprecations

No changes have been made to HTTP methods for this release.

Deprecated URIs

No URIs deprecated for this release.

Redfish actions - additions and deprecations

Schema updates

The schema versions listed below correspond to iLO’s schemas which are not aligned to DMTF’s standard Redfish schemas versioning.

iLO 5 2.33 new features and changes

New URIs

HTTP methods - additions and deprecations

Deprecated URIs

Redfish actions - additions and deprecations

Schema updates

The schema versions listed below correspond to iLO’s schemas which are not aligned to DMTF’s standard Redfish schemas versioning.

RDE support changes

Added Redfish Device Enablement (RDE) support for the following URIs and HTTP methods:

BIOS Redfish changes (GEN 10 to GEN 10 Plus)

New URIs

Migrated URIs

iLO 5 2.30 new features and changes

iLO 5 2.10 new features and changes

Redfish features and fixes

HPE OEM features

iLO 5 1.40 new features and changes

iLO 5 1.40 adds support for several Redfish features:

Additionally, it includes support for new iLO 5 1.40 features:

Redfish 1.6 and OpenAPI

iLO 5 version 1.40 and later is conformant with the new Redfish 1.6 requirement to fix certain resource URIs in the data model.

Several resource URIs have been changed to conform to Redfish 1.6. A properly written Redfish client which traverses the data model and finds the URIs dynamically should not be affected, but clients which make assumptions about URIs may require modifications.

Trailing slashes on URIs

iLO 5 versions prior to 1.40 would return an HTTP 308 Redirect back to clients who requested URIs without a trailing slash. Clients must follow 308 Redirect to the alternate URI (the same URI path with a trailing slash.) In order to conform to Redfish 1.6, iLO 5 1.40 changes the behavior and aliases the same resources at both URIs. Requesting a URI with or without a trailing slash will return similar results with the exception that URIs in the returned data will be different. GETs of URIs with trailing slash will return links (@odata.id) with trailing slashes, and GETs of URIs without trailing slashes will return links without trailing slashes.

Version Behavior
1.10-1.3x GET /redfish/v1/Systems redirects (308) to /redfish/v1/Systems/
1.40-later GET /redfish/v1/Systems returns result similar to GET /redfish/v1/Systems/

Changed URIs

The following URIs have changed in iLO 5 1.40 and later to conform to Redfish 1.6:

Old URI in iLO 5 1.10-1.3x New URI Required by Redfish 1.6
/redfish/v1/Chassis/{chassisId}/Drives/{interface}/{driveId} /redfish/v1/Chassis/{systemId}/Drives/{driveId}
/redfish/v1/Systems/{systemId}/Storage/{interface}/{storageId} /redfish/v1/Systems/{systemId}/Storage/{storageId}
/redfish/v1/Systems/{systemId}/Storage/{interface}/{storageId}/Volumes/{volumeId} /redfish/v1/Systems/{systemId}/Storage/{storageId}/Volumes/{volumeId}
/redfish/v1/Systems/{systemId}/NetworkInterfaces/{nId}/NetworkDeviceFunctions/{ndfId} /redfish/v1/Chassis/{chassisId}/NetworkAdapters/{nId}/NetworkDeviceFunctions/{ndfId}
/redfish/v1/Systems/{systemId}/NetworkInterfaces/{nicId}/NetworkPorts/{nportId} /redfish/v1/Chassis/{chassisId}/NetworkAdapters/{Id}/NetworkPorts/{nportId}
/redfish/v1/Schemas/{Id}/ /redfish/v1/JsonSchemas/{Id}
/redfish/v1/Schemas/ /redfish/v1/JsonSchemas
/redfish/v1/Managers/{managerId}/NetworkService/ /redfish/v1/Managers/{managerId}/NetworkProtocol

New ?only Query Parameter

Starting in iLO 5 1.40, appending ?only to GETs on single-member collections returns the one and only member instead. This is a convenient and efficient way to get to important data faster.

GET /redfish/v1/Systems?only returns the one and only ComputerSystem resource instead of the collection that includes it.

This works for collections that have only one member. Otherwise the GET returns the collection as if the query parameter was omitted.

Getting Started

Tips for Using the RESTful API

The RESTful API for HPE iLO is available on ProLiant Gen10 servers running iLO 5 1.10 or later with the iLO Standard license, although some features in the data might not be available without an Advanced license.

To access the RESTful API, you need an HTTPS-capable client, such as a web browser with the Postman REST Client plugin extension or cURL (a popular command line HTTP utility).

RESTful Interface Tool and Python Examples

Although not a requirement, you can use the RESTful Interface Tool with the RESTful API. This command line tool provides a level of abstraction and convenience above direct access to the RESTful API. For details see: http://www.hpe.com/info/restfulapi.

**Python: See ex1_functionname() in the Python example code. This means look for the specified function name in the python example code.

Also, Hewlett Packard Enterprise published example Python code that implements a number of common operations in a RESTful API client. This code can be downloaded at https://github.com/HewlettPackard/python-ilorest-library. In some cases the examples in this document may refer to examples in the Python code with this notation:

If you prefer not to implement a client in Python, this serves as a good pseudocode implementing the logic required to perform an operation.

Example REST API operation with cURL

> curl https://{iLO}/redfish/v1/ -i --insecure -L
  • -i returns HTTP response headers
  • –insecure bypasses TLS/SSL certification verification
  • -L follows HTTP redirect

The above command returns JSON like this:


{
    "@odata.context": "/redfish/v1/$metadata#ServiceRoot",
    "@odata.etag": "W/\"B869D8CC\"",
    "@odata.id": "/redfish/v1/",
    "@odata.type": "#ServiceRoot.v1_1_0.ServiceRoot",
    "AccountService": {
        "@odata.id": "/redfish/v1/AccountService/"
    },
    "Chassis": {
        "@odata.id": "/redfish/v1/Chassis/"
    },
    "EventService": {
        "@odata.id": "/redfish/v1/EventService/"
    },
    "Id": "v1",
    "JsonSchemas": {
        "@odata.id": "/redfish/v1/Schemas/"
    },
    "Links": {
        "Sessions": {
            "@odata.id": "/redfish/v1/SessionService/Sessions/"
        }
    },
    "Managers": {
        "@odata.id": "/redfish/v1/Managers/"
    },
    "Name": "HPE RESTful Root Service",
    "Oem": {
        "Hpe": {
            "@odata.type": "#HpeiLOServiceExt.v2_0_0.HpeiLOServiceExt",
            "Links": {
                "ResourceDirectory": {
                    "@odata.id": "/redfish/v1/ResourceDirectory/"
                }
            },
            "Manager": [
                {
                    "DefaultLanguage": "en",
                    "FQDN": "edited",
                    "HostName": "ILO",
                    "Languages": [
                        {
                            "Language": "en",
                            "TranslationName": "English",
                            "Version": "1.10"
                        }
                    ],
                    "ManagerFirmwareVersion": "1.10",
                    "ManagerType": "iLO 5"
                }
            ],
            "Moniker": {
                "ADVLIC": "iLO Advanced",
                "BMC": "iLO",
                "BSYS": "BladeSystem",
                "CLASS": "Baseboard Management Controller",
                "IPROV": "Intelligent Provisioning",
                "PRODABR": "iLO",
                "PRODFAM": "Integrated Lights-Out",
                "PRODGEN": "iLO 5",
                "PRODNAM": "Integrated Lights-Out 5",
                "PRODTAG": "HPE iLO 5",
                "STDLIC": "iLO Standard",
                "SUMGR": "Smart Update Manager",
                "SYSFAM": "ProLiant",
                "VENDABR": "HPE",
                "VENDNAM": "Hewlett Packard Enterprise",
                "WWW": "www.hpe.com",
                "WWWAHSV": "www.hpe.com/servers/ahsv",
                "WWWBMC": "www.hpe.com/info/ilo",
                "WWWDOC": "www.hpe.com/support/ilo-docs",
                "WWWERS": "www.hpe.com/services/getconnected",
                "WWWGLIS": "reserved for liconf URI",
                "WWWIOL": "www.hpe.com/info/insightonline",
                "WWWLIC": "www.hpe.com/info/ilo/licensing",
                "WWWPASS": "www.hpe.com/support/hpesc",
                "WWWPRV": "www.hpe.com/info/privacy",
                "WWWSUP": "www.hpe.com/support/ilo5",
                "WWWSWLIC": "www.hpe.com/software/SWLicensing"
            },
            "Sessions": {
                "CertCommonName": "edited",
                "CertificateLoginEnabled": false,
                "KerberosEnabled": false,
                "LDAPAuthLicenced": true,
                "LDAPEnabled": false,
                "LocalLoginEnabled": true,
                "LoginFailureDelay": 0,
                "LoginHint": {
                    "Hint": "POST to /Sessions to login using the following JSON object:",
                    "HintPOSTData": {
                        "Password": "password",
                        "UserName": "username"
                    }
                },
                "SecurityOverride": false,
                "ServerName": "edited"
            },
            "Time": "2017-04-03T05:05:01Z"
        }
    },
    "RedfishVersion": "1.0.0",
    "Registries": {
        "@odata.id": "/redfish/v1/Registries/"
    },
    "SessionService": {
        "@odata.id": "/redfish/v1/SessionService/"
    },
    "Systems": {
        "@odata.id": "/redfish/v1/Systems/"
    },
    "UUID": "edited",
    "UpdateService": {
        "@odata.id": "/redfish/v1/UpdateService/"
    }
}

Let’s perform our first GET operation using the RESTful API. We will do an HTTP GET on the iLO HTTPS port, typically port 443 (although it could be different if you have previously configured iLO to use another port). Your client should be prepared to handle the HTTPS certificate challenge. The interface is not available over open HTTP (port 80), so you must use HTTPS.

Our GET operation will be against a resource at /redfish/v1/ (with a trailing slash):

It is best to perform this initial GET with a tool like the CURL or the Postman REST Client mentioned above. Later you will want to do this with your own scripting code, but for now it’s useful to see the HTTP header information exchanged using a browser.

CURL is a command line utility available for many Operating Systems that enables easy access to the RESTful API. CURL is available at https://curl.se. Note that all the CURL examples will use a flag –insecure. This causes CURL to bypass validation of the HTTPS certificate. In real use iLO should be configured to use a user-supplied certificate and this option is not necessary. Notice also that we use the –L option to force CURL to follow HTTP redirect responses. If iLO changes URI locations for various items, it can indicate to the client where the new location is and automatically follow the new link.

In JSON, there is no strong ordering of property names, so iLO may return JSON properties in any order. Likewise, iLO cannot assume the order of properties in any submitted JSON. This is why the best scripting data structure for a RESTful client is a dictionary: a simple set of unordered key/value pairs. This lack of ordering is also the reason you see embedded structure within objects (objects within objects). This allows us to keep related data together that is more logically organized, aesthetically pleasing to view, and helps avoid property name conflicts or ridiculously long property names. It also allows us to use identical blocks of JSON in many places in the data model, like status.

HTTP Resource Operations

Operation HTTP Command Description
Create POST resource URI (payload = resource data) Creates a new resource or invokes a custom action. A synchronous POST returns the newly created resource.
Read GET resource URI Returns the requested resource representation.
Update PATCH or PUT resource URI (payload = update data) Updates an existing resource. You can only PATCH properties that are marked readonly = false in the schema.
Delete DELETE resource URI Deletes the specified resource.

HTTP Status Return Codes

Return Status Description
2xx Successful operation.
308 The resource has moved
4xx Client-side error with message returned
5xx iLO error with error message returned

Navigating the Data Model

The Redfish API is designed to be implemented on many different models of servers and other IT infrastructure devices for years to come. These devices may be quite different from one another. For this reason, the Redfish API does not specify the URIs to various resources. For example, a client cannot assume the BIOS version information is always at a particular URI.

This is more complex for the client, but is necessary to make sure the data model can change to accommodate various future server architectures without requiring specification changes. As an example, if the BIOS version is at /redfish/v1/Systems/1, and a client assumed it is always there, the client would then break when the interface is implemented on a different type of architecture with many compute nodes, each with its own BIOS version, or on other vendor implementations.

Redfish 1.6 (iLO 5 1.40 or later) URI Templates

As of Redfish 1.6, a number of resource types have URI template specifications to be compatible with OpenAPI 3.0. Please see the Redfish 1.6 CSDL schema for details on URI templates for specific types.

A client must still perform GET operations on a Redfish API service in order to discover what resources are available. For instance, just because a Chassis has a template of /redfish/v1/Chassis/{ChassisId} means that a client must still GET /redfish/v1/Chassis in order to find the valid values of {ChassisId}.

Iterating Collections

curl https://{iLO}/redfish/v1/systems/ -i --insecure -u username:password -L
import sys
import redfish

# When running remotely connect using the iLO address, iLO account name, 
# and password to send https requests
iLO_host = "https://{iLO}"
login_account = "admin"
login_password = "password"

## Create a REDFISH object
REDFISH_OBJ = redfish.RedfishClient(base_url=iLO_host,username=login_account, \
                          password=login_password, default_prefix='/redfish/v1')

# Login into the server and create a session
REDFISH_OBJ.login(auth="session")

# Do a GET on a given path
response = REDFISH_OBJ.get("/redfish/v1/systems/", None)

# Print out the response
sys.stdout.write("%s\n" % response)

# Logout of the current session
REDFISH_OBJ.logout()

JSON response example:

{
    "@odata.id": "/redfish/v1/systems/",
    "@odata.context": "/redfish/v1/$metadata/",
    "@odata.type": "#ComputerSystemCollection.ComputerSystemCollection",
    "Members@odata.count": 1,
    "Members": [
        {
            "@odata.id": "/redfish/v1/systems/1/"
        }
    ]
}

Many operations will require you to locate the resource you wish to use. Most of these resources are members of “collections” (arrays of similar items). The method to find collections members is consistent for compute nodes, chassis, management processors, and many other resources in the data model.

Find a Compute Node

curl https://{host}/redfish/v1/systems/{item}/ -i --insecure -u username:password -L
import sys
import redfish

# When running remotely connect using the iLO address, iLO account name, 
# and password to send https requests
iLO_host = "https://{iLO}"
login_account = "admin"
login_password = "password"

## Create a REDFISH object
REDFISH_OBJ = redfish.RedfishClient(base_url=iLO_host,username=login_account, \
                          password=login_password, default_prefix='/redfish/v1')

# Login into the server and create a session
REDFISH_OBJ.login(auth="session")

# Do a GET on a given path
response = REDFISH_OBJ.get("/redfish/v1/systems/{item}/", None)

# Print out the response
sys.stdout.write("%s\n" % response)

# Logout of the current session
REDFISH_OBJ.logout()

JSON response example:

{
    "@odata.context": "/redfish/v1/$metadata#Systems/Members/$entity",
    "@odata.id": "/redfish/v1/Systems/1/",
    "@odata.type": "#ComputerSystem.1.0.1.ComputerSystem",
    ...

    ...
    "SerialNumber": "Kappa",
    "Status": {
        "Health": "Warning",
        "State": "Enabled"
    },
    "SystemType": "Physical",
    "UUID": "00000000-0000-614B-7070-610000000000"
}

A Compute node represents a logical computer system with attributes such as processors, memory, BIOS, power state, firmware version, etc. To find a compute node GET /redfish/v1/systems and iterate the “Members” array in the returned JSON. Each member has a link to a compute node.

Find a compute node by iterating the systems collection at /redfish/v1/systems/.

You can then GET the compute node, PATCH values, or perform Actions.

Find a Chassis

curl https://{host}/redfish/v1/chassis/{item}/ -i --insecure -u username:password -L
import sys
import redfish

# When running remotely connect using the iLO address, iLO account name, 
# and password to send https requests
iLO_host = "https://{iLO}"
login_account = "admin"
login_password = "password"

## Create a REDFISH object
REDFISH_OBJ = redfish.RedfishClient(base_url=iLO_host,username=login_account, \
                          password=login_password, default_prefix='/redfish/v1')

# Login into the server and create a session
REDFISH_OBJ.login(auth="session")

# Do a GET on a given path
response = REDFISH_OBJ.get("/redfish/v1/chassis/{item}/", None)

# Print out the response
sys.stdout.write("%s\n" % response)

# Logout of the current session
REDFISH_OBJ.logout()

JSON response example:

{
    "@odata.context": "/redfish/v1/$metadata#Chassis/Members/$entity",
    "@odata.id": "/redfish/v1/Chassis/1/",
    "@odata.type": "#Chassis.1.0.0.Chassis",
    "ChassisType": "RackMount",
    ...

    ...
    "Status": {
        "Health": "Warning",
        "State": "Enabled"
    },
    "Thermal": {
        "@odata.id": "/redfish/v1/Chassis/1/Thermal/"
    }
}

A Chassis represents a physical or virtual container of compute resources with attributes such as FRU information, power supplies, temperature, etc. To find a chassis GET /redfish/v1/chassis and iterate the “Members” array in the returned JSON. Each member has a link to a chassis.

Find a chassis by iterating the chassis collection at /redfish/v1/chassis/.

You can then GET the chassis, PATCH values, or perform Actions.

Find the iLO 5 Management Processor

curl https://{host}/redfish/v1/managers/{item}/ -i --insecure -u username:password -L
import sys
import redfish

# When running remotely connect using the iLO address, iLO account name, 
# and password to send https requests
iLO_host = "https://{iLO}"
login_account = "admin"
login_password = "password"

## Create a REDFISH object
REDFISH_OBJ = redfish.RedfishClient(base_url=iLO_host,username=login_account, \
                          password=login_password, default_prefix='/redfish/v1')

# Login into the server and create a session
REDFISH_OBJ.login(auth="session")

# Do a GET on a given path
response = REDFISH_OBJ.get("/redfish/v1/managers/{item}/", None)

# Print out the response
sys.stdout.write("%s\n" % response)

# Logout of the current session
REDFISH_OBJ.logout()

JSON response example:

{
    "@odata.context": "/redfish/v1/$metadata#Managers/Members/$entity",
    "@odata.id": "/redfish/v1/Managers/1/",
    "@odata.type": "#Manager.1.0.0.Manager",
    ...

    ...
    "Status": {
        "State": "Enabled"
    },
    "UUID": null,
    "VirtualMedia": {
        "@odata.id": "/redfish/v1/Managers/1/VirtualMedia/"
    }
}

A Manager represents a management processor (or “BMC”) that manages chassis and compute resources. For HPE Gen10 Servers, the manager is iLO 5. Managers contain attributes such as networking state and configuration, management services, security configuration, etc. To find a manager GET /redfish/v1/managers and iterate the “Members” array in the returned JSON. Each member has a link to a chassis.

Find a manager by iterating the manager collection at /redfish/v1/managers/.

You can then GET the manager, PATCH values, or perform Actions.

Authentication and Sessions

The following shows the error displayed on GET /redfish/v1/systems/ when no authentication is attempted:

401 Forbidden
{
  "error": {
    "@Message.ExtendedInfo": [
      {
        "MessageId": "Base.1.0.NoValidSession"
      }
    ],
    "code": "iLO.0.10.ExtendedInfo",
    "message": "See @Message.ExtendedInfo for more information."
  }
}

If you perform an HTTP operation on any other resource other than the root /redfish/v1/ resource, you will receive an HTTP 401 (Forbidden) error indicating that you don’t have the authentication needed to access the resource.

Basic Authentication

curl https://{iLO}/redfish/v1/systems/ -i --insecure -u username:password -L
import sys
import redfish

# When running remotely connect using the iLO address, iLO account name, 
# and password to send https requests
iLO_host = "https://{iLO}"
login_account = "admin"
login_password = "password"

## Create a REDFISH object
REDFISH_OBJ = redfish.RedfishClient(base_url=iLO_host,username=login_account, \
                          password=login_password, default_prefix='/redfish/v1')

# Login into the server and create a session
REDFISH_OBJ.login(auth="basic")

# Logout of the current session
REDFISH_OBJ.logout()

The RESTful API allows you to use HTTP Basic Authentication using a valid iLO user name and password.

Creating and Using Sessions

curl -H "Content-Type: application/json" -H "OData-Version: 4.0" -X POST --data "@data.json" https://{iLO}/redfish/v1/SessionService/Sessions/ --insecure
import redfish

# When running remotely connect using the iLO address, iLO account name, 
# and password to send https requests
iLO_host = "https://{iLO}"
login_account = "admin"
login_password = "password"

## Create a REDFISH object
REDFISH_OBJ = redfish.RedfishClient(base_url=iLO_host,username=login_account, \
                          password=login_password, default_prefix='/redfish/v1')

# Login into the server and create a session
REDFISH_OBJ.login(auth="session")

Contents of data.json

    {
        "UserName": "<your username>", 
        "Password": "<your password>"
    }

Successful headers from iLO:

Cache-Control: no-cache
Connection: keep-alive
Content-length: 163
Content-type: application/json; charset=utf-8
Date: Tue, 14 Jun 2016 22:23:39 GMT
ETag: W/"C84E3EA9"
Link: </redfish/v1/SessionService/Sessions/{item}/>; rel=self
Location: https://{iLO}/redfish/v1/SessionService/Sessions/{item}/
OData-Version: 4.0
Server: HPE-iLO-Server/1.30
X-Auth-Token: c3c5f437f94bc24428fe930bbf50904f
X-Frame-Options: sameorigin
X_HP-CHRP-Service-Version: 1.0.3

Successful response from iLO:

{
  "error": {
    "@Message.ExtendedInfo": [
      {
        "MessageID": "Base.0.10.Created"
      }
    ],
    "code": "iLO.0.10.ExtendedInfo",
    "message": "See @Message.ExtendedInfo for more information."
  }
}

For more complex multi-resource operations, you should log in and establish a session. To log in, iLO has a session manager object at the documented URI /redfish/v1/sessions/. To create a session POST a JSON object to the Session manager:

If the session is created successfully, you receive an HTTP 201 (Created) response from iLO. There will also be two important HTTP response headers.

Using a Session

To use a session, simply include the X-Auth-Token header supplied by the login response in all REST requests.

Log Out of a Session

curl -X "DELETE" https://{iLO}/redfish/v1/SessionService/Sessions/{item}/ -u admin:password --insecure
import redfish

# When running remotely connect using the iLO address, iLO account name, 
# and password to send https requests
iLO_host = "https://{iLO}"
login_account = "admin"
login_password = "password"

## Create a REDFISH object
REDFISH_OBJ = redfish.RedfishClient(base_url=iLO_host,username=login_account, \
                          password=login_password, default_prefix='/redfish/v1')

# Login into the server and create a session
REDFISH_OBJ.login(auth="session")

# Logout of the current session
REDFISH_OBJ.logout()

iLO supports a limited number of simultaneous sessions. If you do not log out of a session it will expire automatically after a time of inactivity. However, it is good practice to log out when finished with a session.

To log out perform an HTTP DELETE to the URI that was returned in the “Location” header when you created the session.

Performing Actions

Example of a system resource advertising an available action:

  {
    "Actions": {
        "#ComputerSystem.Reset": {
            "ResetType@Redfish.AllowableValues": [
                "On",
                "ForceOff",
                "ForceRestart",
                "Nmi",
                "PushPowerButton"
            ],
            "target": "/redfish/v1/Systems/1/Actions/ComputerSystem.Reset"
        }
    }
  }

This action may be invoked by performing:

curl --header "Content-Type: application/json" --request POST --data '{"ResetType": "ForceRestart"}' https://{iLO}/redfish/v1/Systems/1/Actions/ComputerSystem.Reset -u username:password --insecure

REST resources usually support HTTP GET to read the current state, and some support modification and removal with HTTP POST, PUT, PATCH, or DELETE.

There are some resources that support other types of operations not easily mapped to HTTP operations. For this reason the Redfish specification defines “Actions”. Actions are HTTP POST operations with a specifically formatted JSON request including the operation to perform and any parameters. For instance, it is not enough to simply tell a server to reset, but it is also necessary to specify the type of reset: cold boot, warm boot, PCI reset, etc. Actions are often used when the operation causes iLO 5 not just to update a value, but to change system state.

In Redfish, the available actions that can be invoked are identified by a “target” property in the resource’s “Actions” object definitions. The parameters identify the supported values with the annotation @Redfish.AllowableValues.

Actions on HPE-specific Extensions

Actions on HPE-specific extensions are invoked in the same way. Find the target URI for the action and POST a JSON request with parameters.

curl --header "Content-Type: application/json" --request POST --data '{"PushType": "PressAndHold"}' https://{iLO}//redfish/v1/Systems/1/Actions/Oem/Hpe/HpeComputerSystemExt.PowerButton/ -u username:password --insecure

The embedded extensions may also have Actions not specified by the Redfish standard. They are invoked in a similar way. The POST URI may include indicate the HPE specific nature of the action.

The older pre-Redfish form of the Action invocation requires you to specify "Target": "/Oem/Hp" as one of the properties in the body of the request.

It is recommended that you use the Redfish version of the action invocation.

Adapting from iLO 4

This section is a guide to help client code adapt from the iLO 4 RESTful API to the iLO 5 RESTful API.

Introduction

The iLO 5 RESTful API is fully conformant with Redfish. Any remaining support for the pre-Redfish iLO RESTful API has been removed and is replaced by the Redfish equivalents. HPE continues to extend the Redfish data model to enable value for the customer.

iLO 5 has the following additions not implemented in iLO 4:

Chunked Transfer Encoding

Unlike iLO 4, iLO 5 responds to all HTTP operations using Chunked Transfer Encoding. This enables features like $expand that require very large responses.

URI Remapping from /rest to /redfish

For iLO 5 all accesses of the /rest/v1/x URI pattern result in HTTP 308 redirect to /redfish/v1/x/. Additionally, access of /redfish/v1/x redirects to /redfish/v1/x/.

OData-Version HTTP Header Requirements

iLO 5 assumes all requests are to Redfish REST resources are Redfish requests. Unlike iLO 4, the service does not behave differently based upon the presence or absence of the OData-Version header.

This is a change from iLO 4 where the presence of the OData-Version header caused iLO 4 to remove pre-Redfish properties from GET responses.

The only required header for a GET operation is the authorization (X-Auth-Token or Authorization) header, except for the root resource at /redfish/v1/ which requires no headers.

Oem/Hp Sections Renamed to Oem/Hpe

As part of the transition from HP to HPE, and due to the Redfish requirement that the Oem section name reflect an owned IANA name, all Oem section names are changed from Hp to Hpe.

iLO 4 example:

{
  "Oem": {
    "Hp": {
      "@odata.type": "#HpiLOServiceExt.1.0.0.HpiLOServiceExt"
    }
  }
}

iLO 5 example:

{
  "Oem": {
    "Hpe": {
      "@odata.type": "#HpeiLOServiceExt.v2_0_0.HpeiLOServiceExt"
    }
  }
}

Schema Type Changes

To preserve OData conformance, Redfish transitioned the format of @odata.type properties, and iLO 5 follows this change. The type.<major>.<minor>.<errata>.type format has changed to type.v<major>_<minor>_<errata>.type. Also, the type name cannot be parsed programmatically and should be considered opaque. To determine the version of a resource, do not split the type/version by the ‘.’ delimiter.

For example:

iLO @odata.type Format
iLO 4 "@odata.type": "ComputerSystem.1.0.0.ComputerSystem"
iLO 5 "@odata.type": "ComputerSystem.v1_1_0.ComputerSystem"

Status Block Changes

The pre-Redfish property HealthRollUp is removed in iLO 5 and HealthRollup is retained.

iLO 4 example:

{
    "Status": {
          "State": "Starting",
          "Health": "OK",
          "HealthRollup": "OK",
          "HealthRollUp": "OK"
      }
}

iLO 5 example:

{
    "Status": {
          "State": "Starting",
          "Health": "OK",
          "HealthRollup": "OK"
      }
}

Error and Response Changes

HTTP Operation responses in iLO 5 are Redfish conformant and pre-Redfish properties are removed.

iLO 4 example (without the Redfish conformant OData-Version header):

{
  "Messages": [
    {
      "MessageID": "Base.0.10.MalformedJSON"
    }
  ],
  "Type": "ExtendedError.1.0.0",
  "error": {
    "@Message.ExtendedInfo": [
      {
        "MessageID": "Base.0.10.MalformedJSON"
      }
    ],
    "code": "iLO.0.10.ExtendedInfo",
    "message": "See @Message.ExtendedInfo for more information."
  }
}

iLO 5 Redfish example:

{
  "error": {
    "@Message.ExtendedInfo": [
      {
        "MessageId": "Base.0.10.MalformedJSON"
      }
    ],
    "code": "iLO.0.10.ExtendedInfo",
    "message": "See @Message.ExtendedInfo for more information."
  }
}

POST Actions

In Redfish, an “Actions” property informs the client which actions are supported on a resource and how to invoke them.

Advertising Available Actions

iLO 4 contained a pre-Redfish form of this with "AvailableActions". This is now removed and replaced in iLO 5 with Redfish "Actions".

iLO 4 example of advertised action:

{
    "AvailableActions": [
        {
           "Action": "Reset",
           "Capabilities": [
           {
               "AllowableValues": [
                   "On",
                   "ForceOff",
                   "ForceRestart",
                   "Nmi",
                   "PushPowerButton"
               ],
               "PropertyName": "ResetType"
               }
           ]
        }
    ]
}

iLO 5 example of advertised action:

{
    "Actions": {
        "#ComputerSystem.Reset": {
            "target": "/redfish/v1/Systems/1/Actions/ComputerSystem.Reset",
            "ResetType@Redfish.AllowableValues": [
                "On",
                "ForceOff",
                "GracefulRestart",
                "ForceRestart",
                "Nmi",
                "GracefulRestart",
                "ForceOn",
                "PushPowerButton"
            ]
        }
    }
}

Invoking Actions

iLO 4 action invoke example: POST /rest/v1/Systems/1

{
   "Action": "Reset",
   "ResetType": "On"
}

iLO 5 action invoke example: POST /redfish/v1/Systems/1/Actions/ComputerSystem.Reset

{
    "ResetType": "On"
}

Note that the URI of the POST matches the "target" property in "Actions".

OData query options

Redfish is an OData-derived protocol and data model with resources linking to other resources using @odata.id:

{"@odata.id": "/redfish/v1/link_to_some_other_resource"}

The iLO 5 Redfish implementation offers several OData services aiming at facilitating the the consumption of data by Redfish clients.

As an example, the OData "$expand" query option causes the OData service to automatically replace a link with the results of an internal GET of the indicated URI. This is essential to allow the API to scale for clients. An example use case is to expand an event log to return the log entries inline with the collection and reduce the number of GETs required by the client.

Examples of client requests to expand (in the general OData case) looks like:

OData query options supported by iLO 5 are presented below along with use case examples.

iLO 5 $expand

Using the rules above, iLO 5 supports $expand in this way:

$expand is applicable to HTTP GET only.

$expand=., $expand=*, and $expand=($levels=n) result in the same behavior: * Expands all links in both root and Oem/Hpe sections not inside the Links sections. * Levels is always interpreted as 1, regardless of n. This is to avoid the potential for expanding recursively for interlinked resources. * The Links section is never expanded. This is to avoid expanding the Chassis and Manager related links on GET operations to System.

NOTES:

iLO 5 $expand example

See the example in the right pane.

GET /redfish/v1/Chassis (a collection without $expand query option)

{
  "@odata.context": "/redfish/v1/$metadata#Chassis",
  "@odata.etag": "W/\"C2E4D1CC\"",
  "@odata.id": "/redfish/v1/Chassis/",
  "@odata.type": "#ChassisCollection.ChassisCollection",
  "Description": "Computer System Chassis View",
  "MemberType": "#Chassis.v1_2_0.Chassis",
  "Members": [
    {
      "@odata.id": "/redfish/v1/Chassis/1/"
    }
  ],
  "Members@odata.count": 1,
  "Name": "Computer System Chassis"
}

GET /redfish/v1/Chassis?$expand=. (a collection with $expand abbreviated for clarity)

{
  "@odata.context": "/redfish/v1/$metadata#Chassis",
  "@odata.etag": "W/\"C2E4D1CC\"",
  "@odata.id": "/redfish/v1/Chassis/",
  "@odata.type": "#ChassisCollection.ChassisCollection",
  "Description": "Computer System Chassis View",
  "MemberType": "#Chassis.v1_2_0.Chassis",
  "Members": [
    {
      "@odata.context": "/redfish/v1/$metadata#Chassis/Members/$entity",
      "@odata.etag": "W/\"5D370742\"",
      "@odata.id": "/redfish/v1/Chassis/1/",
      "@odata.type": "#Chassis.v1_2_0.Chassis",
      "ChassisType": "RackMount",
      "Id": "1",
      "Manufacturer": "HPE",
      "Model": "ProLiant ML350 Gen10",
      "Name": "Computer System Chassis",
      "SKU": "SKU NUMBER",
      "SerialNumber": "SERIAL NUMBER",
      "Status": {
        "Health": "OK",
        "State": "Starting"
      }
    }
  ],
  "Members@odata.count": 1,
  "Name": "Computer System Chassis"
}

iLO 5 only query option

iLO 5 1.40 and later supports the only query parameter documented in the Redfish API specification. This query parameter is ignored except on collections with only one member. Examples include the ComputerSystemCollection, ChassisCollection, and ManagerCollection.

iLO 5 only example

GET /redfish/v1/Chassis?only (JSON output is abbreviated)

{
    "@odata.context": "/redfish/v1/$metadata#Chassis.Chassis",
    "@odata.etag": "W/\"E85F6E4B\"",
    "@odata.id": "/redfish/v1/Chassis/1/",
    "@odata.type": "#Chassis.v1_6_0.Chassis",
    "Id": "1",
    "ChassisType": "RackMount",
}

iLO 5 $filter query option

The odata.org official site defines the $filter query as the following:

The $filter system query option allows clients to filter a collection of resources that are addressed by a request URL. The expression specified with $filter is evaluated for each resource in the collection, and only items where the expression evaluates to true are included in the response.

Six logical operators (Equals, Not Equals, Greater Than…) can be applied to the $filter query. They are defined in the OData specifications.

iLO 5 $filter examples

See the examples in the right pane.

Retrieve “iLO Dedicated Network Interface” properties (output abbreviated): GET /redfish/v1/Managers/1/EthernetInterfaces?$filter=Name eq 'Manager Dedicated Network Interface'

{
    "@odata.context": "/redfish/v1/$metadata#EthernetInterfaceCollection.EthernetInterfaceCollection",
    "@odata.etag": "W/\"2D50600F\"",
    "@odata.id": "/redfish/v1/Managers/1/EthernetInterfaces",
    "@odata.type": "#EthernetInterfaceCollection.EthernetInterfaceCollection",
    "Description": "Configuration of Manager Network Interfaces",
    "Name": "Manager Network Interfaces",
    "Members": [
        {
            "@odata.context": "/redfish/v1/$metadata#EthernetInterface.EthernetInterface",
            "@odata.id": "/redfish/v1/Managers/1/EthernetInterfaces/1",
            "@odata.type": "#EthernetInterface.v1_4_1.EthernetInterface",
            "Id": "1",
            "AutoNeg": true,
            "DHCPv4": {
                "DHCPEnabled": false,
                "UseDNSServers": false,
                "UseDomainName": false,
                "UseGateway": false,
                "UseNTPServers": false,
                "UseStaticRoutes": false
            },
            ....
            "VLAN": {
                "VLANEnable": false,
                "VLANId": null
            }
        }
    ],
    "Members@odata.count": 1
}

Filter IML entries by key (output abbreviated): GET /redfish/v1/Systems/1/LogServices/IML/Entries?$filter=Oem.Hpe.Severity eq 'Repaired'

{
    "@odata.context": "/redfish/v1/$metadata#LogEntryCollection.LogEntryCollection",
    "@odata.etag": "W/\"C97C370E\"",
    "@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries",
    "@odata.type": "#LogEntryCollection.LogEntryCollection",
    "Description": "Integrated Management Logs view",
    "Name": "Integrated Management Logs view",
    "Members": [
        {
            "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
            "@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries/3",
            "@odata.type": "#LogEntry.v1_11_0.LogEntry",
            "Id": "3",
            "Created": "2022-05-17T12:30:50Z",
            "EntryType": "Oem",
            "Message": "HPE Ethernet 1Gb 4-port 331i Adapter - NIC Connectivity status changed to OK for adapter in slot 0, port 1",
            "Name": "Integrated Management Log",
            "Oem": {
                "Hpe": {
                    "@odata.context": "/redfish/v1/$metadata#HpeLogEntry.HpeLogEntry",
                    "@odata.type": "#HpeLogEntry.v2_4_0.HpeLogEntry",
                    "Categories": [
                        "Hardware"
                    ],
                    "Class": 17,
                    "ClassDescription": "Network",
                    "Code": 10,
                    "Count": 1,
                    "EventNumber": 57,
                    "LearnMoreLink": "http://www.hpe.com/support/class0x0011code0x000a-gen10",
                    "RecommendedAction": "If the connection is lost, then check the physical connection from the server to its destination device such as interconnect ,blade, switch etc, including any cables. Refer to the NIC issues flowchart in the Troubleshooting Guide for more information.",
                    "Repaired": true,
                    "Severity": "Repaired",
                    "Updated": "2022-05-17T12:30:50Z"
                }
            },
            "OemRecordFormat": "Hpe-IML",
            "Severity": "OK"
        },
        ....
        {
            "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
            "@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries/28",
            "@odata.type": "#LogEntry.v1_11_0.LogEntry",
            "Id": "28",
            "Created": "2022-05-23T06:36:51Z",
            "EntryType": "Oem",
            "Message": "HPE Ethernet 1Gb 4-port 331i Adapter - NIC Connectivity status changed to OK for adapter in slot 0, port 1",
            "Name": "Integrated Management Log",
            "Oem": {
                "Hpe": {
                    "@odata.context": "/redfish/v1/$metadata#HpeLogEntry.HpeLogEntry",
                    "@odata.type": "#HpeLogEntry.v2_4_0.HpeLogEntry",
                    "Categories": [
                        "Hardware"
                    ],
                    "Class": 17,
                    "ClassDescription": "Network",
                    "Code": 10,
                    "Count": 1,
                    "EventNumber": 82,
                    "LearnMoreLink": "http://www.hpe.com/support/class0x0011code0x000a-gen10",
                    "RecommendedAction": "If the connection is lost, then check the physical connection from the server to its destination device such as interconnect ,blade, switch etc, including any cables. Refer to the NIC issues flowchart in the Troubleshooting Guide for more information.",
                    "Repaired": true,
                    "Severity": "Repaired",
                    "Updated": "2022-05-23T06:36:51Z"
                }
            },
            "OemRecordFormat": "Hpe-IML",
            "Severity": "OK"
        }
    ],
    "Members@odata.count": 25
}

Filter IML entries by date (output abbreviated): GET /redfish/v1/Systems/1/LogServices/IML/Entries?$filter=Created gt '2022-03-05T07:49:50Z'

{
    "@odata.context": "/redfish/v1/$metadata#LogEntryCollection.LogEntryCollection",
    "@odata.etag": "W/\"C8B694E6\"",
    "@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries",
    "@odata.type": "#LogEntryCollection.LogEntryCollection",
    "Description": "Integrated Management Logs view",
    "Name": "Integrated Management Logs view",
    "Members": [
        {
            "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
            "@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries/1",
            "@odata.type": "#LogEntry.v1_11_0.LogEntry",
            "Id": "1",
            "Created": "2022-05-13T14:41:40Z",
            "EntryType": "Oem",
            "Message": "IML Cleared (iLO user: demopaq)",
            "Name": "Integrated Management Log",
            "Oem": {
                "Hpe": {
                    "@odata.context": "/redfish/v1/$metadata#HpeLogEntry.HpeLogEntry",
                    "@odata.type": "#HpeLogEntry.v2_4_0.HpeLogEntry",
                    "Categories": [
                        "Maintenance",
                        "Administration"
                    ],
                    "Class": 33,
                    "ClassDescription": "Maintenance",
                    "Code": 1,
                    "Count": 1,
                    "EventNumber": 55,
                    "Severity": "Informational",
                    "Updated": "2022-05-13T14:41:40Z"
                }
            },
            "OemRecordFormat": "Hpe-IML",
            "Severity": "OK"
        },
        ....
    ],
    "Members@odata.count": 28
}

iLO 5 $count query option

The $count system query option allows clients to request a count of the matching resources included with the resources in the response.

iLO 5 $count example

Retrieve the total number of Security log entries: GET /redfish/v1/systems/1/logservices/SL/Entries?$count=true

{
    "@odata.context": "/redfish/v1/$metadata#LogEntryCollection.LogEntryCollection",
    "@odata.etag": "W/\"75983E8D\"",
    "@odata.type": "#LogEntryCollection.LogEntryCollection",
    "Description": "Security Logs view",
    "Name": "Security Logs",
    "Members": [],
    "Members@odata.count": 31
}

iLO 5 $top and $skip query options

The $top system query option requests the number of items in the queried collection to be included in the result. The $skip query option requests the number of items in the queried collection that are to be skipped and not included in the result.

iLO 5 $top and $skip examples

Retrieve the top ten IML log entries (output abbreviated): GET /redfish/v1/Systems/1/LogServices/IML/Entries?$top=10

{
    "@odata.context": "/redfish/v1/$metadata#LogEntryCollection.LogEntryCollection",
    "@odata.etag": "W/\"FFCD0D20\"",
    "@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries",
    "@odata.type": "#LogEntryCollection.LogEntryCollection",
    "Description": "Integrated Management Logs view",
    "Name": "Integrated Management Logs view",
    "Members": [
        {
            "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
            "@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries/1",
            "@odata.type": "#LogEntry.v1_11_0.LogEntry",
            "Id": "1",
            "Created": "2022-05-13T14:41:40Z",
            "EntryType": "Oem",
            "Message": "IML Cleared (iLO user: demopaq)",
            "Name": "Integrated Management Log",
            "Oem": {
                "Hpe": {
                    "@odata.context": "/redfish/v1/$metadata#HpeLogEntry.HpeLogEntry",
                    "@odata.type": "#HpeLogEntry.v2_4_0.HpeLogEntry",
                    "Categories": [
                        "Maintenance",
                        "Administration"
                    ],
                    "Class": 33,
                    "ClassDescription": "Maintenance",
                    "Code": 1,
                    "Count": 1,
                    "EventNumber": 55,
                    "Severity": "Informational",
                    "Updated": "2022-05-13T14:41:40Z"
                }
            },
            "OemRecordFormat": "Hpe-IML",
            "Severity": "OK"
        },
        ....
  ],
    "Members@odata.count": 10
}

Skip 21 entries: last 10 entries when Members@odata.count is 28 (Output abbreviated): GET /redfish/v1/Systems/1/LogServices/IML/Entries?$skip=18

{
    "@odata.context": "/redfish/v1/$metadata#LogEntryCollection.LogEntryCollection",
    "@odata.etag": "W/\"2B9C6986\"",
    "@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries",
    "@odata.type": "#LogEntryCollection.LogEntryCollection",
    "Description": "Integrated Management Logs view",
    "Name": "Integrated Management Logs view",
    "Members": [
        {
            "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
            "@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries/19",
            "@odata.type": "#LogEntry.v1_11_0.LogEntry",
            "Id": "19",
            "Created": "2022-05-18T14:55:37Z",
            "EntryType": "Oem",
            "Message": "HPE Ethernet 1Gb 4-port 331i Adapter - NIC Connectivity status changed to OK for adapter in slot 0, port 1",
            "Name": "Integrated Management Log",
            "Oem": {
                "Hpe": {
                    "@odata.context": "/redfish/v1/$metadata#HpeLogEntry.HpeLogEntry",
                    "@odata.type": "#HpeLogEntry.v2_4_0.HpeLogEntry",
                    "Categories": [
                        "Hardware"
                    ],
                    ...
                    "Severity": "Repaired",
                    "Updated": "2022-05-18T14:55:37Z"
                }
            },
            "OemRecordFormat": "Hpe-IML",
            "Severity": "OK"
        },
        ...
  ],
    "Members@odata.count": 10
}

iLO 5 Data Model Changes

ServiceRoot (/redfish/v1/)

Time

The pre-Redfish REST API on iLO 4 had a Time property representing the current iLO time. Redfish did not include this, so iLO 5 adds it back in the Oem/Hpe section. This is a Redfish conformant time property (ISO 8601).

iLO 4 example of Time:

{
  "@odata.context": "/redfish/v1/$metadata#ServiceRoot",
  "@odata.id": "/redfish/v1/",
  "@odata.type": "#ServiceRoot.v1_0_0.ServiceRoot",
  "Time": "ISO 8601 time (iLO's current time)"
}

iLO 5 example of Time:

{
  "@odata.context": "/redfish/v1/$metadata#ServiceRoot",
  "@odata.id": "/redfish/v1/",
  "@odata.type": "#ServiceRoot.v1_0_0.ServiceRoot",
  "Oem": {
    "Hpe": {
      "@odata.type": "#HpeiLOServiceExt.v2_0_0.HpeiLOServiceExt",
      "Time": "ISO 8601 time (iLO's current time)"
    }
  }
}

RedfishVersion

ServiceVersion has been removed and replaced with RedfishVersion for Redfish conformance.

ComputerSystem (/redfish/v1/systems/{item})

Boot Source Override

iLO 5 implements a more complete Redfish Boot Source Override capability

{
  "Boot": {
    "BootSourceOverrideEnabled": "Disabled",
    "BootSourceOverrideMode": "UEFI",
    "BootSourceOverrideTarget": "None",
    "BootSourceOverrideTarget@Redfish.AllowableValues": [
      "None",
      "Pxe",
      "Floppy",
      "Cd",
      "Usb",
      "Hdd",
      "BiosSetup",
      "Utilities",
      "Diags",
      "UefiTarget",
      "SDCard",
      "UefiHttp"
    ],
    "UefiTargetBootSourceOverride": "None",
    "UefiTargetBootSourceOverride@Redfish.AllowableValues": [
      "None",
      "PciRoot(0x0)/Pci(0x1,0x0)/Pci(0x0,0x0)/Scsi(0x0,0x0)/HD(2,GPT,383D95E0-472A-48F1-8445-2A436025C81C,0x96800,0x31800)/\\EFI\\Microsoft\\Boot\\bootmgfw.efi",
      "UsbClass(0xFFFF,0xFFFF,0xFF,0xFF,0xFF)",
      "PciRoot(0x0)/Pci(0x1,0x0)/Pci(0x0,0x0)/Scsi(0x0,0x0)",
      "PciRoot(0x0)/Pci(0x2,0x0)/Pci(0x0,0x0)/Pci(0x9,0x0)/Pci(0x0,0x0)/MAC(9457A50822E0,0x0)/IPv4(0.0.0.0)",
      "PciRoot(0x1)/Pci(0x2,0x0)/Pci(0x0,0x0)/Pci(0x9,0x0)/Pci(0x0,0x0)/MAC(9457A5086560,0x0)/IPv4(0.0.0.0)",
      "PciRoot(0x0)/Pci(0x3,0x2)/Pci(0x0,0x0)/MAC(3464A99332A0,0x0)/IPv4(0.0.0.0)",
      "PciRoot(0x0)/Pci(0x2,0x0)/Pci(0x0,0x0)/Pci(0x9,0x0)/Pci(0x0,0x0)/MAC(9457A50822E0,0x0)/IPv6(0000:0000:0000:0000:0000:0000:0000:0000)",
      "PciRoot(0x1)/Pci(0x2,0x0)/Pci(0x0,0x0)/Pci(0x9,0x0)/Pci(0x0,0x0)/MAC(9457A5086560,0x0)/IPv6(0000:0000:0000:0000:0000:0000:0000:0000)",
      "PciRoot(0x0)/Pci(0x3,0x2)/Pci(0x0,0x0)/MAC(3464A99332A0,0x0)/IPv6(0000:0000:0000:0000:0000:0000:0000:0000)"
    ]
  }
}

TrustedModules (TPM)

The existing HPE-specific TrustedModules (TPM) sub-object is replaced with the new Redfish-defined version.

iLO 4 example

{
  "Oem": {
    "Hp": {
      "@odata.type": "#HpComputerSystemExt.1.1.2.HpComputerSystemExt",
      "TrustedModules": [
        {
          "Status": "NotPresent"
        }
      ]
    }
  }
}

iLO 5 example

{
  "TrustedModules": [
    {
      "FirmwareVersion": "3.1",
      "ModuleType": "TPM2_0",
      "Status": {
        "Health": "OK",
        "State": "Enabled"
      }
    }
  ]
}

The link to the SecureBoot resource is added as defined in Redfish in place of the existing HPE-specific link. See SecureBoot section for more details.

iLO 4 example SecureBoot link

{
  "Oem": {
    "Hp": {
      "@odata.type": "#HpComputerSystemExt.1.1.2.HpComputerSystemExt",
      "SecureBoot": {
        "@odata.id": "/redfish/v1/Systems/1/SecureBoot/"
      }
    }
  }
}

iLO 5 example SecureBoot link

{
  "SecureBoot": {
    "@odata.id": "/redfish/v1/Systems/1/SecureBoot/"
  }
}

Bios

The link to the Bios resource is added as defined in Redfish in place of the existing HPE-specific OEM link. See UEFI BIOS section for more details.

iLO 4 example Bios link

{
  "Oem": {
    "Hp": {
      "@odata.type": "#HpComputerSystemExt.1.1.2.HpComputerSystemExt",
      "BIOS": {
          "@odata.id": "/redfish/v1/systems/1/bios/"
      }
    }
  }
}

iLO 5 example Bios link

{
  "Bios": {
    "@odata.id": "/redfish/v1/Systems/1/Bios"
  }
}

Other

The following properties have been removed in iLO 5 for Redfish conformance: * Version * VirtualSerialNumber * HostCorrelation - See replacement HostOS described below. * BIOSPostCode * Power (replaced by PowerState) * Processors is now a link to the Processors collection instead of a summary description of the CPUs. * Memory (replaced by MemorySummary)

If the server has a running operating system and HPE Agentless Management Service is installed and running, a new "HostOS" object is included in ComputerSystem with information about the OS:

/Oem/Hpe/HostOS:

UEFI BIOS Standard Redfish Support

iLO5 supports Redfish standard BIOS Attributes and BIOS Attribute Registry resources that replace the HPE proprietary versions used in iLO4. The following is a summary of all BIOS resources changes in Gen10 / iLO5:

Resource Type iLO 4 / Gen9 iLO 5 / Gen10
BIOS current settings HpBios.1.2.0 #Bios.v1_0_0.Bios
BIOS pending settings HpBios.1.2.0 #Bios.v1_0_0.Bios
BIOS Attribute Registry HpBiosAttributeRegistrySchema.1.2.1 #AttributeRegistry.v1_0_0.AttributeRegistry
BIOS PCI Mappings HpBiosMapping.1.2.0 #HpeBiosMapping.v2_0_0.HpeBiosMapping
UEFI Boot Order HpServerBootSettings.1.3.1 #HpeServerBootSettings.v2_0_0.HpeServerBootSettings
Base Config (BIOS defaults) HpBaseConfigs.0.10.0 #HpeBaseConfigs.v2_0_0.HpeBaseConfigs
UEFI iSCSI Software Initiator HpiSCSISoftwareInitiator.1.1.0 #HpeiSCSISoftwareInitiator.v2_0_0.HpeiSCSISoftwareInitiator
BIOS Extensions Schema None #HpeBiosExt.v2_0_0.HpeBiosExt

BIOS Current/Pending Settings Resources

BIOS Attribute Access

Redfish moves the system-specific BIOS attributes from the top level of the resource into an Attributes sub-object:

iLO 4 BIOS Settings Example:

{
    "AdminEmail": "",
    "AdminName": "",
    "AdminPhone": ""
}

iLO 5 BIOS Settings Example:

{
  "Attributes": {
    "AdminEmail": "",
    "AdminName": "",
    "AdminPhone": ""
  }
}
Reset Bios Settings (NEW)

UEFI BIOS Supports a new POST Action to reset settings.

iLO 5 Reset BIOS Settings Action

{
  "Actions": {
    "#Bios.ResetBios": {
      "target": "/redfish/v1/Systems/1/Bios/Settings/Actions/Bios.ResetBios/"
    }
  }
}

POST /redfish/v1/Systems/1/Bios/Settings/Actions/Bios.ResetBios/ no body

Change BIOS Password (NEW)

UEFI BIOS Supports a new Redfish POST Action to change the BIOS password.

iLO 5 Set/Change BIOS Setup Password Actions

{
  "Actions": {
    "#Bios.ChangePassword": {
      "target": "/redfish/v1/Systems/1/Bios/Settings/Actions/Bios.ChangePassword/"
    }
  }
}

POST /redfish/v1/Systems/1/Bios/Settings/Actions/Bios.ChangePassword/

{
  "PasswordName": "Administrator | User",
  "OldPassword" : "OldPasswordText",
  "NewPassword" : "NewPasswordText"
}
Settings Result Report

The result of applying new settings is Redfish conformant in iLO 5.

iLO 4 example:

{
    "SettingsResult": {
        "ETag": "92EB7D02",
        "Messages": [
            {
                "MessageArgs": [
                    "test"
                ],
                "MessageID": "Base.1.0:PropertyUnknown"
            },
            {
                "MessageArgs": [],
                "MessageID": "Base.1.0:Success"
            }
        ],
        "Time": "2012-03-07T14:44.30-05:00"
    }
}

iLO 5 example:

{
    "@Redfish.Settings": {
        "@odata.type": "#Settings.v1_0_0.Settings",
        "ETag": "92EB7D02",
        "Messages": [
            {
            "MessageId": "Base.1.0.PropertyUnknown",
            "RelatedProperties": [
              "#/Attributes/ProcTurboMode"
             ]
            },
            {
                "MessageId": "Base.1.0.Success"
            }
        ],
        "SettingsObject": {
          "@odata.id": "/redfish/v1/Systems/1/Bios/Settings"
        },
        "Time": "2012-03-07T14:44.30-05:00"
    }
}
Changes to BIOS Attribute Enum Values

Attribute names/enum values cannot start with digits, per OData requirements.

iLO 4 example:

{
"AsrTimeoutMinutes": "10",
"SerialConsoleBaudRate": "115200",
}

iLO 5 example:

{
"AsrTimeoutMinutes": "TimeOut10",
"SerialConsoleBaudRate": "Baud115200",
}

With a Redfish conformant BIOS resource structure, some HPE-specific links are moved into an HPE specific section.

iLO 4 example:

{
    "links": {
        "BaseConfigs": {
          "href": "/rest/v1/systems/1/bios/BaseConfigs"
        },
        "Boot": {
          "href": "/rest/v1/systems/1/bios/Boot"
        },
        "Mappings": {
          "href": "/rest/v1/systems/1/bios/Mappings"
        },
        "Settings": {
          "href": "/rest/v1/systems/1/bios/Settings"
        },
        "iScsi": {
          "href": "/rest/v1/systems/1/bios/iScsi"
        },
        "self": {
          "href": "/rest/v1/systems/1/bios"
        }
    }
}

iLO 5 example of HPE-specific links:

{
  "Links": {
    "Oem": {
      "Hpe": {
        "@odata.type": "#HpeBiosExt.v2_0.0.HpeBiosExt",
        "BaseConfigs": {
          "@odata.id": "/redfish/v1/Systems/1/BIOS/BaseConfigs"
        },
        "Boot": {
          "@odata.id": "/redfish/v1/Systems/1/BIOS/Boot"
        },
        "Mappings": {
          "@odata.id": "/redfish/v1/Systems/1/BIOS/Mappings"
        },
        "iScsi": {
          "@odata.id": "/redfish/v1/Systems/1/BIOS/iScsi"
        }
      }
    }
  }
}

Bios Attribute Registry

All BIOS attribute registry resources have switched from HP OEM type (HpBiosAttributeRegistrySchema.1.2.1) to Redfish standard object (AttributeRegistry.v1_0_0).

Other BIOS HPE OEM Resources

Existing BIOS HPE OEM Resources

All the remaining HPE OEM resources remain similar to iLO 4, except for following:

The impacted resources are:

New BIOS HPE OEM Resources

The following new HPE BIOS OEM resources are added in iLO5:

BIOS Password Authentication HTTP Header

iLO4 requires a special HTTP header when BIOS Admin password is programmed to be included in all PUT/PATCH requests on BIOS resources. This header is removed from iLO5. Instead, all access to BIOS resources requires ConfigureBios iLO privilege.

Header iLO 4 / Gen9 iLO 5 / Gen10
X-HPRESTFULAPI-AuthToken A string consisting of the uppercase SHA256 hex digest of the administrator password. In Python this is hashlib.sha256(bios_password.encode()).hexdigest().upper(). None - Access to BIOS resources require iLO account with the ConfigureBios Privilege.

Software/Firmware Inventory and Update

Gen9 FirmwareInventory (/redfish/v1/systems/{item}/firmwareinventory) is removed and replaced with the new Redfish firmware inventory /redfish/v1/UpdateService/FirmwareInventory and /redfish/v1/UpdateService/SoftwareInventory.

Gen9 HpiLOFirmwareUpdate (/redfish/v1/managers/{item}/updateservice) is also removed in favor of the new Redfish update service /redfish/v1/UpdateService.

A Redfish conformant UpdateService has been added at /redfish/v1/UpdateService. This includes the following:

Additionally, the UpdateService is extended with:

SecureBoot (/redfish/v1/systems/{item}/secureboot)

The HpSecureBoot status and configuration resource has been replaced with the Redfish conformant version. The SecureBoot properties change from iLO 4 2.30+ to iLO 5 as follows:

iLO 4 SecureBoot settings example:

{
  "@odata.context": "/redfish/v1/$metadata#Systems/Members/1/SecureBoot$entity",
  "@odata.id": "/redfish/v1/Systems/1/SecureBoot/",
  "@odata.type": "#HpSecureBoot.1.0.0.HpSecureBoot",
  "Id": "SecureBoot",
  "Name": "SecureBoot",
  "ResetAllKeys": false,
  "ResetToDefaultKeys": false,
  "SecureBootCurrentState": false,
  "SecureBootEnable": false
}

iLO 5 SecureBoot settings example:

{
  "@odata.context": "/redfish/v1/$metadata#Systems/1/SecureBoot",
  "@odata.id": "/redfish/v1/Systems/1/SecureBoot",
  "@odata.type": "#SecureBoot.v1_0_0.SecureBoot",
  "Actions": {
    "#SecureBoot.ResetKeys": {
      "ResetKeysType@Redfish.AllowableValues": [
        "ResetAllKeysToDefault",
        "DeleteAllKeys",
        "DeletePK"
      ],
      "target": "/redfish/v1/Systems/1/SecureBoot/Actions/SecureBoot.ResetKeys"
    }
  },
  "Id": "SecureBoot",
  "Name": "UEFI Secure Boot",
  "SecureBootCurrentBoot": "Disabled",
  "SecureBootEnable": false,
  "SecureBootMode": "UserMode"
}

An action exists to reset keys. The ResetKeysType value can be the following:

iLO 5 Reset Secure Boot Keys

POST /redfish/v1/Systems/1/SecureBoot/Actions/SecureBoot.ResetKeys/

{
  "ResetKeysType": "DeleteAllKeys"
}

Memory and NVDIMM Support

iLO 5 replaces iLO 4’s HpMemory DIMM information with the Redfish conformant Memory schema.

Host Correlation Removed

iLO 4 had a pre-Redfish property in the ComputerSystem resource called HostCorrelation designed to enable easy discovery of host MAC and IP addresses. This was not included in the Redfish standard, and is removed in iLO 5 for conformance reasons.

iLO 4 HostCorrelation:

{
  "HostCorrelation": {
    "HostMACAddress": [
      "14:58:d0:d3:10:ca",
      "14:58:d0:d3:10:cb"
    ],
    "HostName": "some-host-name",
    "IPAddress": [
      "ip-address available if AMS is installed and running",
      ""
    ]
  }
}

iLO 5 HostOS:

iLO 5 replaces HostCorrelation with Oem/Hpe/HostOS which is available if Agentless Management Service is running.

iLO 5 HostOS:

{
  "Oem": {
    "Hpe": {
      "HostOS": {
        "OsName": "Windows Server 2012 R2, x64 Standard Edition",
        "OsVersion": "6.3",
        "OsSysDescription": "",
        "OsType": 38
      }
    }
  }
}

Managers (/redfish/v1/Managers/{item}/) (iLO 5)

The following properties have been replaced for Redfish conformance:

iLO 4 iLO 5 replacement
/Firmware FirmwareVersion
/CommandShell/Enabled /CommandShell/ServiceEnabled
/GraphicalConsole/Enabled /GraphicalConsole/ServiceEnabled
/SerialConsole/Enabled /SerialConsole/ServiceEnabled

All of the replacement properties are also implemented in iLO 4 2.30 and later.

iLO 5 Security State

iLO 5 features a new security state setting readable and settable via the REST API.

{
    "Oem": {
        "Hpe": {
            "SecurityState": "HighSecurity"
        }
    }
}

The possible values include:

You may PATCH these settings, but iLO 5 enforces strict limitations on how security states can transition. Any unsupported transition results in an error.

Allowed Transitions:
Transition Notes
Production <–> HighSecurity You may transition freely between Production mode and High Security mode, subject to authentication and privileges.
FIPS <–> SuiteB You may transition freely between Production mode and High Security mode, subject to authentication and privileges.
Production or HighSecurity –> FIPS You may transition into FIPS mode. Transitions out of FIPS mode are complex and beyond the scope of the RESTful API.
Impact on Local iLO RESTful API Access (via HPREST utility and Channel Interface)

iLO 4 allowed anonymous access to the iLO RESTful API over the local channel interface (CHIF) except in the case where the Data Center Lock mode was engaged.

iLO 5 limits access to the local interface in HighSecurity, FIPS, and SuiteB modes to authorized users only. In Production mode, anonymous access remains identical to iLO 4.

When performing local BIOS configuration changes, the following conditions apply:

Local REST Access No BIOS Password BIOS Password Set
Production Mode No authorization required Requires BIOS Configuration Privilege
High Security Mode Requires BIOS Configuration Privilege Requires BIOS Configuration Privilege
Remote REST Access No BIOS Password BIOS Password Set
Production Mode Requires BIOS Configuration Privilege Requires BIOS Configuration Privilege
High Security Mode Requires BIOS Configuration Privilege Requires BIOS Configuration Privilege

Notice that iLO is not validating against the BIOS setup password, but is using the presence of the BIOS password to require BIOS Configuration Privilege.

iLO Ethernet Interfaces (/redfish/v1/managers/{item}/EthernetInterfaces/{item}/)

The following properties have been removed for Redfish conformance:

iLO 4 iLO 5 replacement
/FactoryMacAddress /PermanentMACAddress
/MacAddress /MACAddress
/LinkTechnology Removed (assume Ethernet)
/Autosense /AutoNeg

All of the above replacement properties were added in iLO 4 2.30.

VLAN Configuration

VLAN Configuration for iLO’s Shared Network Interface has changed in iLO 5 to become Redfish conformant.

iLO 4 iLO 5 replacement
/VLANEnable /VLAN/VLANEnable
/VLANId /VLAN/VLANId

iLO Network Protocols (/redfish/v1/managers/{item}/NetworkService/)

The following properties have been removed for Redfish conformance:

iLO 4 iLO 5 replacement
/SessionTimeoutMinutes Removed
/{protocol}/Enabled /{protocol}/ProtocolEnabled
/Oem/Hp/HPSystemManagementHomepageAddress /Oem/Hpe/SystemManagementHomepage

ProtocolEnabled was added in iLO 4 2.30 and Enabled is now removed. HPSystemManagementHomepageAddress was changed as part of the Hewlett Packard Enterprise transition.

Chassis (/redfish/v1/chassis/{item}/)

iLO 5 supports the Redfish PhysicalSecurity status to report the status of the hood sensor. This is only present when a hood sensor is installed on the server:

Example:

{
  "PhysicalSecurity": {
    "IntrusionSensor": "HardwareIntrusion"
  }
}

“Version” has been removed from Chassis to be Redfish conformant.

Power (/redfish/v1/chassis/{item}/power/)

The following properties have been removed for Redfish conformance:

iLO 4 iLO 5 replacement
/PowerConsumedWatts /PowerControl/PowerConsumedWatts
/PowerRequestedWatts /PowerControl/PowerRequestedWatts
/PowerAvailableWatts /PowerControl/PowerAvailableWatts
/PowerAllocatedWatts /PowerControl/PowerAllocatedWatts
/PowerCapacityWatts /PowerControl/PowerCapacityWatts
/PowerMetrics /PowerControl/PowerMetrics
/PowerLimit /PowerControl/PowerLimit
/PowerSupplies[]/CorrelatableID no replacement

Thermal (/redfish/v1/chassis/{item}/thermal)

The existing CurrentReading property for each fan array entry is replaced with the Redfish errata change:

Redfish adds a pair of properties Reading and ReadingUnits. Both are GET-only operation properties. ReadingUnits are returned from a GET operation as Percent and Reading is a number between 0 and 100.

Additionally, a few other properties from the pre-Redfish schema are removed to conform with Redfish.

iLO 4 iLO 5 replacement
/Fans[]/FanName /Fans[]/Name (changed in Redfish Thermal.v1_1_0)
/Fans[]/CurrentReading /Fans[]/Reading*
/Fans[]/CurrentReading /Fans[]/ReadingUnits* (= “Percent”)
/Fans[]/ReadingRPM Removed from old schema - never implemented
/Fans[]/Units /Fans[]/ReadingUnits (= “Percent”)
/Fans[]/Context /Fans[]/PhysicalContext
/Temperatures[]/Context /Temperatures[]/PhysicalContext
/Temperatures[]/CurrentReading /Temperatures[]/ReadingCelsius
/Temperatures[]/Number /Temperatures[]/SensorNumber*
/Temperatures[]/Units Removed - Redfish always read in Celsius (see ReadingCelsius)
/Temperatures[]/LowerThresholdNonCritical /Temperatures[]/UpperThresholdCritical
/Temperatures[]/LowerThresholdCritical /Temperatures[]/UpperThresholdFatal

* These are newly added for iLO 5 as Redfish conformant replacements for the removed properties. The others were added in iLO 4 2.30 and above as Redfish replacements.

NOTE: The threshold property changes fix a issue with incorrectly labeled thresholds in previous releases of iLO.

On-Service JSON Schema

The on-service schema collection remains at /redfish/v1/schema/ and does not change to the Redfish example of /redfish/v1/JsonSchema. Because URIs are opaque, this is left where it is without violating the spec and preserving compatibility.

The existing collection of SchemaFileCollection and SchemaFile resources are now Redfish conformant using JsonSchemaFileCollection and JsonSchemaFile.

iLO 4 iLO 5
/redfish/v1/schemas: “@odata.type”: “#SchemaFileCollection.SchemaFileCollection” /redfish/v1/schemas: “@odata.type”: “#JsonSchemaFileCollection.JsonSchemaFileCollection”
/redfish/v1/schemas/{item}: “@odata.type”: “#SchemaFile.1.0.0.SchemaFile" /redfish/v1/schemas/{item}: “@odata.type”: “#JsonSchemaFile.v1_0_0.JsonSchemaFile"

The main difference in the SchemaFile and JsonSchemaFile is the change from using extref as a pointer to using the Uri property:

iLO 4 example:

{
    "Uri": {
        "extref": "/redfish/v1/registrystore/en/BiosAttributeRegistryP89.v1_0_0.json"
    }
}

iLO 5 example:

{
   "Uri": "/redfish/v1/registrystore/en/BiosAttributeRegistryP89.v1_0_0.json"
}

On-Service Message Registries

Message Registries available in the service conform to Redfish.

The HpCommon registry is renamed to HpeCommon and changed to version 2.0.0.

The iLO registry version is also changed to 2.0.0. The base remains at 1.0.0 because that is a Redfish standard registry.

iLO 4 iLO 5
“Type”: “MessageRegistry.0.10.0” “@odata.type”: “#MessageRegistry.1.0.0.MessageRegistry”
Version RegistryVersion
none OwningEntity (== Hewlett Packard Enterprise)

The collection of Message Registries is changed to:

iLO 4 @odata.type iLO 5 @odata.type
#SchemaFileCollection.SchemaFileCollection" "#MessageRegistryFileCollection.MessageRegistryFileCollection"

The collection items pointing to the registries change type:

iLO 4 @odata.type iLO 5 @odata.type
"#SchemaFile.1.0.0.SchemaFile" "#MessageRegistryFile.1.0.0.MessageRegistryFile"

The only difference between SchemaFile/JsonSchemaFile and MessageRegistryFile is the property substitution Schema for Registry.

Integrated Management Log (IML)

/redfish/v1/Systems/{item}/LogServices/IML/Entries/{item}/

The Integrated Management Log (IML) RESTful API in iLO 5 is significantly enhanced. Each log entry is Redfish conformant with the LogEntry Schema and has been enhanced with features of the IML using an Oem/Hpe extension.

Compared to iLO 4, the following items are new or changed:

Property Change Notes
Oem/Hpe/RecommendedAction Added This is a text string with recommended actions to resolve a condition indicated by this event.
Oem/Hpe/Categories (array of strings) Added Categorizes this log entry into one or more defined categories (see below).
Oem/Hpe/LearnMoreLink Added A URI with the location of more information for this class and code of event.
Oem/Hpe/Count Added Replaces the “Number” property in iLO 4 which was not Redfish conformant and was hidden when the resource was requested in Redfish mode.
Oem/Hpe/Repaired Added This boolean flag indicates whether the event has been repaired.
OemRecordFormat Changed The Oem Record Format has been changed from “Hp-IML” to “Hpe-IML”.
Oem/Hpe/EventNumber Added Replaces the “RecordId” property in iLO 4 which was not Redfish conformant and was hidden when the resource was requested in Redfish mode.

Event Categories

An event can indicate that it is in one or more of the following categories:

Categories
Security
Hardware Failure
Firmware Failure
Maintenance
Administration
Power
Cooling
Invalid User Input
Other
Configuration

iLO 4 example:

{
  "@odata.context": "/redfish/v1/$metadata#Systems/Members/1/LogServices/IML/Entries/Members/$entity",
  "@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries/1/",
  "@odata.type": "#LogEntry.1.0.0.LogEntry",
  "Created": "2016-01-12T21:38:00Z",
  "EntryType": "Oem",
  "Id": "1",
  "Message": "IML Cleared (iLO 4 user:[NONE])",
  "Name": "Integrated Management Log",
  "Oem": {
    "Hp": {
      "@odata.type": "#HpLogEntry.1.0.0.HpLogEntry",
      "Class": 33,
      "Code": 1,
      "EventNumber": 28,
      "Updated": "2016-01-12T21:38:00Z"
    }
  },
  "OemRecordFormat": "Hp-IML",
  "Severity": "OK"
}

iLO 5 example:

{
  "@odata.context": "/redfish/v1/$metadata#Systems/Members/1/LogServices/IML/Entries/Members/$entity",
  "@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries/1/",
  "@odata.type": "#LogEntry.v1_0_0.LogEntry",
  "Created": "2034-01-01T23:20:04Z",
  "EntryType": "Oem",
  "Id": "1",
  "Message": "System Overheating (Temperature Sensor 0x07, Location Power Supply, Temperature 48)",
  "Name": "Integrated Management Log",
  "Oem": {
    "Hpe": {
      "@odata.type": "#HpeLogEntry.v2_0_0.HpeLogEntry",
      "Categories": [
        "Hardware Failure"
      ],
      "Class": 2,
      "Code": 1,
      "EventNumber": 197,
      "LearnMoreLink": "http://www.hpe.com/support/class0x02code0x01/",
      "RecommendedAction": "Replace DIMM at slot no. 0x07, socket ",
      "Repaired": false,
      "Updated": "2034-01-01T23:20:04Z"
    }
  },
  "OemRecordFormat": "Hpe-IML",
  "Severity": "Warning"
}

EventService (/redfish/v1/EventService/)

The following properties are removed for Redfish conformance:

Event Destinations

The following properties are removed for Redfish conformance:

Detail of All Property Changes

Property Replacements and Removals

Chassis Renames and Removals

@odata.type: #Chassis.v1_2_0.Chassis

Property Replacement Note
/Version none /Version is not Redfish conformant.

ComputerSystem Renames and Removals

@odata.type: #ComputerSystem.v1_2_0.ComputerSystem

Property Replacement
/BIOSPOSTCode none1
/Bios/Current /BiosVersion
/Boot/BootSourceOverrideSupported /Boot/BootSourceOverrideTarget@Redfish.AllowableValues2
/Boot/UefiTargetBootSourceOverrideSupported /Boot/UefiTargetBootSourceOverride@Redfish.AllowableValues3
/HostCorrelation none4
/Memory/Status /MemorySummary/Status
/Memory/TotalSystemMemoryGB /MemorySummary/TotalSystemMemoryGiB
/Power /PowerState5
/Processors/Count /ProcessorSummary/Count
/Processors/ProcessorFamily /ProcessorSummary/Model
/Processors/Status /ProcessorSummary/Status
/Version none6
/VirtualSerialNumber none7

1/BIOSPOSTCode is not Redfish conformant. 2/Boot/BootSourceOverrideSupported is not Redfish conformant. 3/Boot/UefiTargetBootSourceOverrideSupported is not Redfish conformant. 4/HostCorrelation is not Redfish conformant. 5/Power is not Redfish conformant. 6/Version is not Redfish conformant. 7/VirtualSerialNumber is not Redfish conformant.

EthernetInterface Renames and Removals

@odata.type: #EthernetInterface.v1_0_0.EthernetInterface

Property Replacement Note
/Autosense /AutoNeg /Autosense is not Redfish conformant.
/FactoryMacAddress /PermanentMACAddress /FactoryMacAddress is not Redfish conformant.
/LinkTechnology none /LinkTechnology is not Redfish conformant. Ethernet is assumed.
/MacAddress /MACAddress /MacAddress is not Redfish conformant.

Event Renames and Removals

@odata.type: #Event.v1_0_0.Event

Property Replacement Note
/Events[]/EventID /Events[]/EventId
/Events[]/MessageID /Events[]/MessageId /Events[]/MessageID is not Redfish conformant.

EventDestination Renames and Removals

@odata.type: #EventDestination.v1_0_0.EventDestination

Property Replacement Note
/TTLCount none /TTLCount is not Redfish conformant.
/TTLUnits none /TTLUnits is not Redfish conformant.

EventService Renames and Removals

@odata.type: #EventService.v1_0_1.EventService

Property Replacement Note
/DeliveryRetryIntervalInSeconds /Oem/Hpe/DeliveryRetryIntervalSeconds /DeliveryRetryIntervalInSeconds is not Redfish conformant. This has been moved into the EventDestination OEM section as /Oem/Hpe/DeliveryRetryIntervalInSeconds in the HpeEventDestination schema.
/SubscriptionRemovalAction none /SubscriptionRemovalAction is not Redfish conformant.
/SubscriptionRemovalTimeIntervalInMinutes none /SubscriptionRemovalTimeIntervalInMinutes is not Redfish conformant.

ExtendedInfo Renames and Removals

@odata.type: #ExtendedInfo.1.0.0.ExtendedInfo

Property Replacement Note
/Messages /@Message.ExtendedInfo /Messages is not Redfish conformant.
/error/@Message.ExtendedInfo[]/MessageID /error/@Message.ExtendedInfo[]/MessageId /error/@Message.ExtendedInfo[]/MessageID is not Redfish conformant.

HpeBaseNetworkAdapter Renames and Removals

@odata.type: #HpeBaseNetworkAdapter.v2_0_0.HpeBaseNetworkAdapter

Property Replacement Note
/PhysicalPorts[]/links/EthernetNetworkAdapter none

HpeComputerSystemExt Renames and Removals

@odata.type: #HpeComputerSystemExt.v2_1_0.HpeComputerSystemExt

Property Replacement Note
/Actions/#HpComputerSystemExt.PowerButton /Actions/#HpeComputerSystemExt.PowerButton HPE Branding Transition
/Actions/#HpComputerSystemExt.ServerSigRecompute /Actions/#HpeComputerSystemExt.ServerSigRecompute HPE Branding Transition
/Actions/#HpComputerSystemExt.SystemReset /Actions/#HpeComputerSystemExt.SystemReset HPE Branding Transition
/TrustedModules ComputerSystem#/TrustedModules This has been formally approved in the Redfish standard and moved from the Oem/Hpe section into the main ComputerSystem object.

HpeESKM Renames and Removals

@odata.type: #HpeESKM.v2_0_0.HpeESKM

Property Replacement Note
/Actions/#HpESKM.ClearESKMLog /Actions/#HpeESKM.ClearESKMLog HPE Branding Transition
/Actions/#HpESKM.TestESKMConnections /Actions/#HpeESKM.TestESKMConnections HPE Branding Transition

HpeHttpsCert Renames and Removals

@odata.type: #HpeHttpsCert.v2_0_0.HpeHttpsCert

Property Replacement Note
/Actions/#HpHttpsCert.GenerateCSR /Actions/#HpeHttpsCert.GenerateCSR HPE Branding Transition
/Actions/#HpHttpsCert.ImportCertificate /Actions/#HpeHttpsCert.ImportCertificate HPE Branding Transition

HpeiLO Renames and Removals

@odata.type: #HpeiLO.v2_0_0.HpeiLO

Property Replacement Note
/Actions/#HpiLO.ClearRestApiState /Actions/#HpeiLO.ClearRestApiState HPE Branding Transition
/Actions/#HpiLO.ResetToFactoryDefaults /Actions/#HpeiLO.ResetToFactoryDefaults HPE Branding Transition
/Actions/#HpiLO.iLOFunctionality /Actions/#HpeiLO.iLOFunctionality HPE Branding Transition

HpeiLOActiveHealthSystem Renames and Removals

@odata.type: #HpeiLOActiveHealthSystem.v2_0_0.HpeiLOActiveHealthSystem

Property Replacement Note
/Actions/#HpiLOActiveHealthSystem.ClearLog /Actions/#HpeiLOActiveHealthSystem.ClearLog HPE Branding Transition

HpeiLOEmbeddedMedia Renames and Removals

@odata.type: #HpeiLOEmbeddedMedia.v2_0_0.HpeiLOEmbeddedMedia

Property Replacement Note
/SDCard/HpCertified /SDCard/HpeCertified HPE Branding Transition

HpeiLOManagerNetworkService Renames and Removals

@odata.type: #HpeiLOManagerNetworkService.v2_0_0.HpeiLOManagerNetworkService

Property Replacement Note
/Actions/#HpiLOManagerNetworkService.SendTestAlertMail /Actions/#HpeiLOManagerNetworkService.SendTestAlertMail HPE Branding Transition
/Actions/#HpiLOManagerNetworkService.SendTestSyslog /Actions/#HpeiLOManagerNetworkService.SendTestSyslog HPE Branding Transition
/HPSystemManagementHomepageAddress /SystemManagementHomepage HPE Branding Transition

HpeiLOSSO Renames and Removals

@odata.type: #HpeiLOSSO.v2_0_0.HpeiLOSSO

Property Replacement Note
/Actions/#HpiLOSSO.DeleteAllSSORecords /Actions/#HpeiLOSSO.DeleteAllSSORecords HPE Branding Transition
/Actions/#HpiLOSSO.DeleteSSORecordbyNumber /Actions/#HpeiLOSSO.DeleteSSORecordbyNumber HPE Branding Transition
/Actions/#HpiLOSSO.ImportCertificate /Actions/#HpeiLOSSO.ImportCertificate HPE Branding Transition
/Actions/#HpiLOSSO.ImportDNSName /Actions/#HpeiLOSSO.ImportDNSName HPE Branding Transition

HpeiLOSnmpService Renames and Removals

@odata.type: #HpeiLOSnmpService.v2_0_0.HpeiLOSnmpService

Property Replacement Note
/Actions/#SnmpService.SendSNMPTestAlert /Actions/#HpeiLOSnmpService.SendSNMPTestAlert

HpeiLOVirtualMedia Renames and Removals

@odata.type: #HpeiLOVirtualMedia.v2_0_0.HpeiLOVirtualMedia

Property Replacement Note
/Actions/#HpiLOVirtualMedia.1.1.0.EjectVirtualMedia /Actions/#HpeiLOVirtualMedia.EjectVirtualMedia HPE Branding Transition
/Actions/#HpiLOVirtualMedia.1.1.0.InsertVirtualMedia /Actions/#HpeiLOVirtualMedia.InsertVirtualMedia HPE Branding Transition

LogEntry Renames and Removals

@odata.type: #LogEntry.v1_0_0.LogEntry

Property Replacement Note
/Number none /Number is not Redfish conformant.
/RecordId /EventNumber /RecordId is not Redfish conformant.

Manager Renames and Removals

@odata.type: #Manager.v1_1_0.Manager

Property Replacement Note
/CommandShell/Enabled /CommandShell/ServiceEnabled /CommandShell/Enabled is not Redfish conformant.
/Firmware /FirmwareVersion /Firmware is not Redfish conformant.
/GraphicalConsole/Enabled /GraphicalConsole/ServiceEnabled /GraphicalConsole/Enabled is not Redfish conformant.
/SerialConsole/Enabled /SerialConsole/ServiceEnabled /SerialConsole/Enabled is not Redfish conformant.

ManagerNetworkProtocol Renames and Removals

@odata.type: #ManagerNetworkProtocol.v1_0_0.ManagerNetworkProtocol

Property Replacement Note
/HTTP/Enabled /HTTP/ProtocolEnabled /HTTP/Enabled is not Redfish conformant.
/HTTPS/Enabled /HTTPS/ProtocolEnabled /HTTPS/Enabled is not Redfish conformant.
/IPMI/Enabled /IPMI/ProtocolEnabled /IPMI/Enabled is not Redfish conformant.
/KVMIP/Enabled /KVMIP/ProtocolEnabled /KVMIP/Enabled is not Redfish conformant.
/SNMP/Enabled /SNMP/ProtocolEnabled /SNMP/Enabled is not Redfish conformant.
/SSDP/Enabled /SSDP/ProtocolEnabled /SSDP/Enabled is not Redfish conformant.
/SSH/Enabled /SSH/ProtocolEnabled /SSH/Enabled is not Redfish conformant.
/SessionTimeoutMinutes none /SessionTimeoutMinutes is not Redfish conformant.
/VirtualMedia/Enabled /VirtualMedia/ProtocolEnabled /VirtualMedia/Enabled is not Redfish conformant.

Power Renames and Removals

@odata.type: #Power.v1_0_1.Power

Property Replacement Note
/PowerAllocatedWatts /PowerControl/PowerAllocatedWatts /PowerAllocatedWatts is not Redfish conformant.
/PowerAvailableWatts /PowerControl/PowerAvailableWatts /PowerAvailableWatts is not Redfish conformant.
/PowerCapacityWatts /PowerControl/PowerCapacityWatts /PowerCapacityWatts is not Redfish conformant.
/PowerConsumedWatts /PowerControl/PowerConsumedWatts /PowerConsumedWatts is not Redfish conformant.
/PowerLimit /PowerControl/PowerLimit /PowerLimit is not Redfish conformant.
/PowerMetrics /PowerControl/PowerMetrics /PowerMetrics is not Redfish conformant.
/PowerRequestedWatts /PowerControl/PowerRequestedWatts /PowerRequestedWatts is not Redfish conformant.
/PowerSupplies[]/CorrelatableID none /PowerSupplies[]/CorrelatableID is not Redfish conformant.

ServiceRoot Renames and Removals

@odata.type: #ServiceRoot.v1_1_0.ServiceRoot

Property Replacement Note
/Time HpeiLOServiceExt#/Time /Time is not Redfish conformant. A replacement to this is defined in the Oem section of Manager (HpeiLOServiceExt).

Thermal Renames and Removals

@odata.type: #Thermal.v1_1_0.Thermal

Property Replacement Note
/Fans[]/Context /Fans[]/PhysicalContext /Fans[]/Context is not Redfish conformant.
/Fans[]/CurrentReading /Fans[]/Reading /Fans[]/CurrentReading is not Redfish conformant.
/Fans[]/FanName /Fans[]/Name
/Fans[]/ReadingRPM /Fans[]/Reading
/Fans[]/Units /Fans[]/ReadingRPM /Fans[]/Units is not Redfish conformant.
/Temperatures[]/Context /Temperatures[]/PhysicalContext /Temperatures[]/Context is not Redfish conformant.
/Temperatures[]/CurrentReading /Temperatures[]/ReadingCelsius /Temperatures[]/CurrentReading is not Redfish conformant.
/Temperatures[]/Number /Temperatures[]/SensorNumber /Temperatures[]/Number is not Redfish conformant.
/Temperatures[]/Units /Temperatures[]/ReadingCelsius /Temperatures[]/Units is not Redfish conformant.

Property Additions to existing Types

Chassis Additions

@odata.type: #Chassis.v1_2_0.Chassis

Property Note
/Links/Drives An array of references to the drives contained in this chassis.
/PhysicalSecurity A Redfish standard Physical Security object if supported and installed on the chassis.

ComputerSystem Additions

@odata.type: #ComputerSystem.v1_2_0.ComputerSystem

Property Note
/Boot/BootSourceOverrideMode none
/Boot/BootSourceOverrideTarget@Redfish.AllowableValues none
/Boot/UefiTargetBootSourceOverride@Redfish.AllowableValues none
/SecureBoot A reference to the UEFI SecureBoot resource associated with this system.
/Storage A reference to the collection of storage devices associated with this system.
/TrustedModules This object describes the array of Trusted Modules in the system.

Event Additions

@odata.type: #Event.v1_0_0.Event

Property Note
/Events[]/EventId This is a unique instance identifier of an event.

HpeAdvancedMemoryProtection Additions

@odata.type: #HpeAdvancedMemoryProtection.v2_0_0.HpeAdvancedMemoryProtection

Property Note
/MemoryList An array of memory boards containing socket and CPU correlation information.

HpeBaseNetworkAdapter Additions

@odata.type: #HpeBaseNetworkAdapter.v2_0_0.HpeBaseNetworkAdapter

Property Note
/FcPorts Information about the Fiber Channel Ports in the server.

HpeComputerSystemExt Additions

@odata.type: #HpeComputerSystemExt.v2_1_0.HpeComputerSystemExt

Property Note
/AggregateHealthStatus The Aggregate Health Status of the System.
/HostOS none
/Links/USBPorts A reference to the USB Port Connectors associated with this system.
/PCAPartNumber The PCA part number.
/PCASerialNumber The PCA serial number.
/PostDiscoveryCompleteTimeStamp Displays the last known POST Discovery Complete time.
/PostDiscoveryMode The mode which the system operates during the discovery section of POST.
/SMBIOS A reference to the SMBIOS records associated with this system.
/SmartStorageConfig An array of references to SmartStorage elements associated with this system.
/ProcessorJitterControl Allows the user to set the Processor Jitter Control mode and Frequency at run time.
/CurrentPowerOnTimeSeconds Shows the amount of time (in seconds) that has passed since the server was last powered on.
/PowerOnMinutes Retrieves the virtual clock value, in minutes, since the server was first powered on.

HpeLogEntry Additions

@odata.type: #HpeLogEntry.v2_0_0.HpeLogEntry

Property Note
/Categories The log entry categories.
/Count The occurrence count of the log entry.
/LearnMoreLink The HPSC link for troubleshooting information.
/RecommendedAction The recommended action for the event.

HpePowerMetricsExt Additions

@odata.type: #HpePowerMetricsExt.v2_0_0.HpePowerMetricsExt

Property Note
/BbuPowerSupply Battery Backup Unit Power Supply action determines what occurs when a server is running on battery power.
/HasPowerMetering Indicates if the system has power metering.
/MinimumSafelyAchievableCap Minimum Safely Achievable Cap is the lowest cap value that is safe for a group power manager to apply to a particular server. It can either be identical to or slightly greater than the 0 percent cap value calculated during ROM power burn.
/HighEfficiencyMode The redundant power supply mode that is used when redundant power supplies are configured.

HpeSecurityService Additions

@odata.type: #HpeSecurityService.v2_0_0.HpeSecurityService

Property Note
/SecurityState The operational security level of this Manager.
/LoginSecurityBanner Allows you to configure the security banner displayed on the iLO login screen.
/CurrentCipher Displays the current cipher in use.

HpeServerChassis Additions

@odata.type: #HpeServerChassis.v2_0_0.HpeServerChassis

Property Note
/Links/BladeEnclosure The URI for this blade enclosure resource.
/SystemMaintenanceSwitches Describes the maintenance switch positions

HpeServerFan Additions

@odata.type: #HpeServerFan.v2_0_0.HpeServerFan

Property Note
/HotPluggable Indicates if the fan can be replaced while the server is running.
/Redundant Indicates if the fan is in a redundant configuration.

HpeServerPciDevice Additions

@odata.type: #HpeServerPciDevice.v2_0_0.HpeServerPciDevice

Property Note
/LocationString Text representation of the UEFI device location.

HpeSmartStorageArrayController Additions

@odata.type: #HpeSmartStorageArrayController.v2_0_0.HpeSmartStorageArrayController

Property Note
/ControllerPartNumber Smart Array Controller Part Number

HpeSmartStorageDiskDrive Additions

@odata.type: #HpeSmartStorageDiskDrive.v2_0_0.HpeSmartStorageDiskDrive

Property Note
/LegacyBootPriority This indicates that the array controller should provide legacy boot support.

HpeSmartStorageLogicalDrive Additions

@odata.type: #HpeSmartStorageLogicalDrive.v2_0_0.HpeSmartStorageLogicalDrive

Property Note
/InterfaceType The connection interface of the logical drive.
/MediaType Type of the disk this logical drive is associated with.

HpeiLO Additions

@odata.type: #HpeiLO.v2_0_0.HpeiLO

Property Note
/ConfigurationSettings State of the currently displayed configuration settings.
/IdleConnectionTimeoutMinutes This setting specifies how long a user can be inactive before an iLO web interface ends automatically.
/Links/Thumbnail A link to static images in Manager.
/RIBCLEnabled This property enables or disables RIBCL for the management processor. The management processor requires reset when this field is modified.
/WebGuiEnabled This property enables or disables WEB GUI access for the management processor. The management processor requires reset when this field is modified.
/PersistentMouseKeyboardEnabled This property enables or disables the persistent keyboard and mouse feature.

HpeiLOEmbeddedMedia Additions

@odata.type: #HpeiLOEmbeddedMedia.v2_0_0.HpeiLOEmbeddedMedia

Property Note
/SDCard/HpeCertified True if this is an HPE-certified SD card.

HpeiLOManagerNetworkService Additions

@odata.type: #HpeiLOManagerNetworkService.v2_0_0.HpeiLOManagerNetworkService

Property Note
/SystemManagementHomepage The IP address or FQDN of the System Management Homepage (SMH) server.

HpeiLOResourceDirectory Additions

@odata.type: #HpeiLOResourceDirectory.v2_0_0.HpeiLOResourceDirectory

Property Note
/Instances[]/HttpMethods This property lists the set of methods supported by the resource.

HpeiLOServiceExt Additions

@odata.type: #HpeiLOServiceExt.v2_0_0.HpeiLOServiceExt

Property Note
/Time The current Redfish service time. This is a replacement for the ServiceRoot Time removed in Redfish.

Manager Additions

@odata.type: #Manager.v1_1_0.Manager

Property Note
/Links/ManagerInChassis This property is a reference to the chassis that this manager is located within.

ServiceRoot Additions

@odata.type: #ServiceRoot.v1_1_0.ServiceRoot

Property Note
/UpdateService The URI to this UpdateService resource.

Thermal Additions

@odata.type: #Thermal.v1_1_0.Thermal

Property Note
/Fans[]/Name The name of the fan sensor.
/Fans[]/Reading The current speed of the fan.
/Temperatures[]/SensorNumber A numerical identifier to represent the temperature sensor.

Managing iLO 5 Users

iLO 5 supports both local user authentication as well as directory authentication.

iLO 5 1.40 adds:

All user account modifications require the client to be authenticated with the “Administer User Accounts” privilege (UserConfigPriv in the Redfish ManagerAccount)

Local User Administration

iLO 5 has a local user database enabling consistent user management for all interfaces including the Web interface (GUI) as well as the Redfish API. The iLO 5 local user accounts are managed in the AccountService (/redfish/v1/AccountService). An Accounts collection in the AccountService enables clients to create, modify, or remove local user accounts.

GET /redfish/v1/AccountService/Accounts/

{
    "@odata.context": "/redfish/v1/$metadata#ManagerAccountCollection.ManagerAccountCollection",
    "@odata.etag": "W/\"21C260DB\"",
    "@odata.id": "/redfish/v1/AccountService/Accounts/",
    "@odata.type": "#ManagerAccountCollection.ManagerAccountCollection",
    "Description": "iLO User Accounts",
    "Name": "Accounts",
    "Members": [
        {
            "@odata.id": "/redfish/v1/AccountService/Accounts/1/"
        }
    ],
    "Members@odata.count": 1
}

A local user account consists of a user name, password, and a set of privileges. The RoleId describes one of three defined Redfish roles based upon assigned privileges. The Oem/Hpe/LoginName property is a description of the account.

NOTE: Due to a terminology mismatch between the Redfish standard and historical iLO products, the Properties for UserName and LoginName are reversed in Redfish vs. the iLO 5 Web interface:

Redfish Property GUI Term Description Example
UserName Login Name The user identity string used with a password to log into iLO 5 jsmith
Oem/Hpe/LoginName User Name The descriptive name of the user Jane Smith - Director of IT

GET /redfish/v1/AccountService/Accounts/1/

{
    "@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount",
    "@odata.etag": "W/\"D9DF9F68\"",
    "@odata.id": "/redfish/v1/AccountService/Accounts/1/",
    "@odata.type": "#ManagerAccount.v1_1_3.ManagerAccount",
    "Id": "1",
    "Description": "iLO User Account",
    "Links": {
        "Role": {
            "@odata.id": "/redfish/v1/AccountService/Roles/Administrator/"
        }
    },
    "Name": "User Account",
    "Oem": {
        "Hpe": {
            "@odata.context": "/redfish/v1/$metadata#HpeiLOAccount.HpeiLOAccount",
            "@odata.type": "#HpeiLOAccount.v2_2_0.HpeiLOAccount",
            "LoginName": "Jane Smith - Director of IT",
            "Privileges": {
                "HostBIOSConfigPriv": true,
                "HostNICConfigPriv": true,
                "HostStorageConfigPriv": true,
                "LoginPriv": true,
                "RemoteConsolePriv": true,
                "SystemRecoveryConfigPriv": true,
                "UserConfigPriv": true,
                "VirtualMediaPriv": true,
                "VirtualPowerAndResetPriv": true,
                "iLOConfigPriv": true
            },
            "ServiceAccount": false
        }
    },
    "Password": null,
    "RoleId": "Administrator",
    "UserName": "jsmith"
}

Note that Password is always shown as null even though its PATCHable with a new password

Roles and Privileges

iLO 5 uses a set of privileges assigned to each user account to grant and restrict access to features. iLO 5’s privileges are:

Redfish iLO Web Interface (GUI)
LoginPriv Login
RemoteConsolePriv Remote Console
VirtualPowerAndResetPriv Virtual Power and Reset
VirtualMediaPriv Virtual Media
HostBIOSConfigPriv Host BIOS
iLOConfigPriv Configure iLO Settings
UserConfigPriv Administer User Accounts
HostNICConfigPriv Host NIC
HostStorageConfigPriv Host Storage
SystemRecoveryConfigPriv Recovery Set

Roles

In iLO 5 1.40 and later, you can use RoleId to create users with specific starting privileges.

On a GET of the local user account, RoleId is synthesized based upon the enabled privileges. iLO 5 does not store a separate RoleId value. For this reason, modifications to raw privileges may or may not result in a changed RoleId based upon iLO’s mapping

If the PATCH includes both RoleID and individual privileges, the privileges corresponding to the RoleId are assigned to the local user account first, and then the explicit privileges are assigned.

PATCH /redfish/v1/AccountService/Accounts/{accountId}

{
    "RoleId": "Administrator",
    "Oem": {
        "Hpe": {
            "Privileges": {
                "SystemRecoveryConfigPriv": true
            }
        }
    }
}

will set all iLO 5 privileges as long as the account performing the operation already has sufficient privilege to grant these privileges.

Privileges granted on Local Account Creation by RoleId

RoleId Privileges
Administrator HostBIOSConfigPriv, HostNICConfigPriv, HostStorageConfigPriv, LoginPriv, RemoteConsolePriv, UserConfigPriv, VirtualMediaPriv, VirtualPowerAndResetPriv, iLOConfigPriv
Operator HostBIOSConfigPriv, HostNICConfigPriv, HostStorageConfigPriv, LoginPriv, RemoteConsolePriv, VirtualMediaPriv, VirtualPowerAndResetPriv
ReadOnly LoginPriv

RoleId shown on an existing Local User Account by Privilege

The RoleId reported is the smallest superset of assigned privileges.

Privileges RoleId
LoginPriv only ReadOnly
iLOConfigPriv or UserConfigPriv or SystemRecoveryConfigPriv and anything else Administrator
any other combination Operator

Creating a new Local User Account

The simplest possible new local user account create operation is to POST to the Accounts collection, as shown in the example in the right pane.

PATCH /redfish/v1/AccountService/Accounts/{accountId}

{
    "UserName": "jsmith",
    "Password": "passwordexample"
}

The next example in the right pane creates a user account jsmith with the default ReadOnly RoleId and only the iLO 5 Login privilege. Notice that Oem/Hpe/LoginName defaults to the provided UserName unless it is specifically specified.

NOTE: Each local user account must have a unique UserName.

GET /redfish/v1/AccountService/Accounts/{accountId}

{
    "@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount",
    "@odata.etag": "W/\"B103601C\"",
    "@odata.id": "/redfish/v1/AccountService/Accounts/12/",
    "@odata.type": "#ManagerAccount.v1_1_3.ManagerAccount",
    "Id": "12",
    "Description": "iLO User Account",
    "Links": {
        "Role": {
            "@odata.id": "/redfish/v1/AccountService/Roles/ReadOnly/"
        }
    },
    "Name": "User Account",
    "Oem": {
        "Hpe": {
            "@odata.context": "/redfish/v1/$metadata#HpeiLOAccount.HpeiLOAccount",
            "@odata.type": "#HpeiLOAccount.v2_2_0.HpeiLOAccount",
            "LoginName": "jsmith",
            "Privileges": {
                "HostBIOSConfigPriv": false,
                "HostNICConfigPriv": false,
                "HostStorageConfigPriv": false,
                "LoginPriv": true,
                "RemoteConsolePriv": false,
                "SystemRecoveryConfigPriv": false,
                "UserConfigPriv": false,
                "VirtualMediaPriv": false,
                "VirtualPowerAndResetPriv": false,
                "iLOConfigPriv": false
            },
            "ServiceAccount": false
        }
    },
    "Password": null,
    "RoleId": "ReadOnly",
    "UserName": "jsmith"
}

Creating a new Account using a RoleId

In iLO 5 1.40 and later, you may specify a RoleId with a new user account, as shown in the right pane.

POST /redfish/v1/AccountService/Accounts/

{
    "UserName": "jsmith",
    "Password": "passwordexample",
    "RoleId": "Operator"
}

This results in: GET /redfish/v1/AccountService/Accounts/{accountId}

{
    "@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount",
    "@odata.etag": "W/\"6C16FDE3\"",
    "@odata.id": "/redfish/v1/AccountService/Accounts/14/",
    "@odata.type": "#ManagerAccount.v1_1_3.ManagerAccount",
    "Id": "14",
    "Description": "iLO User Account",
    "Links": {
        "Role": {
            "@odata.id": "/redfish/v1/AccountService/Roles/Operator/"
        }
    },
    "Name": "User Account",
    "Oem": {
        "Hpe": {
            "@odata.context": "/redfish/v1/$metadata#HpeiLOAccount.HpeiLOAccount",
            "@odata.type": "#HpeiLOAccount.v2_2_0.HpeiLOAccount",
            "LoginName": "jsmith",
            "Privileges": {
                "HostBIOSConfigPriv": true,
                "HostNICConfigPriv": true,
                "HostStorageConfigPriv": true,
                "LoginPriv": true,
                "RemoteConsolePriv": true,
                "SystemRecoveryConfigPriv": false,
                "UserConfigPriv": false,
                "VirtualMediaPriv": true,
                "VirtualPowerAndResetPriv": true,
                "iLOConfigPriv": false
            },
            "ServiceAccount": false
        }
    },
    "Password": null,
    "RoleId": "Operator",
    "UserName": "jsmith"
}

Creating a new Account with specific Privileges

You may also create a local user with specific privileges, as shown in the right pane.

POST /redfish/v1/AccountService/Accounts/

{
    "UserName": "jsmith",
    "Password": "passwordexample",
    "Oem": {
        "Hpe": {
            "LoginName": "Director of IT",
            "Privileges": {
                "LoginPriv": true,
                "VirtualMediaPriv": true,
                "VirtualPowerAndResetPriv": true
            }
        }
    }
}

This results in the following new local user account: GET /redfish/v1/AccountService/Accounts/{accountId}

{
    "@odata.context": "/redfish/v1/$metadata#ManagerAccount.ManagerAccount",
    "@odata.etag": "W/\"E8037663\"",
    "@odata.id": "/redfish/v1/AccountService/Accounts/15/",
    "@odata.type": "#ManagerAccount.v1_1_3.ManagerAccount",
    "Id": "15",
    "Description": "iLO User Account",
    "Links": {
        "Role": {
            "@odata.id": "/redfish/v1/AccountService/Roles/Operator/"
        }
    },
    "Name": "User Account",
    "Oem": {
        "Hpe": {
            "@odata.context": "/redfish/v1/$metadata#HpeiLOAccount.HpeiLOAccount",
            "@odata.type": "#HpeiLOAccount.v2_2_0.HpeiLOAccount",
            "LoginName": "Director of IT",
            "Privileges": {
                "HostBIOSConfigPriv": false,
                "HostNICConfigPriv": false,
                "HostStorageConfigPriv": false,
                "LoginPriv": true,
                "RemoteConsolePriv": false,
                "SystemRecoveryConfigPriv": false,
                "UserConfigPriv": false,
                "VirtualMediaPriv": true,
                "VirtualPowerAndResetPriv": true,
                "iLOConfigPriv": false
            },
            "ServiceAccount": false
        }
    },
    "Password": null,
    "RoleId": "Operator",
    "UserName": "jsmith"
}

Modifying a Local User Account

The following properties are modifiable on an existing local user account: * UserName * Password - this is always returned as null, but you may PATCH it with a value to change the password * RoleId - PATCHing RoleId on an existing local user account will reset it’s existing privileges with those mapped to the RoleId. * Oem/Hpe/LoginName * Oem/Hpe/Privileges/* - any of the privileges may be modified with true or false

Adding and Removing Privileges

Local user account privileges may be modified with a PATCH to the URI of the desired ManagerAccount resource, as shown in the example in the right pane.

PATCH /redfish/v1/AccountService/Accounts/{accountId}/

{
    "Oem": {
        "Hpe": {
            "Privileges": {
                "VirtualMediaPriv": true,
                "VirtualPowerAndResetPriv": true
            }
        }
    }
}

Changing Roles

See the example in the right pane.

PATCH /redfish/v1/AccountService/Accounts/{accountId}/

{
    "RoleId": "Operator"
}

results in HTTPS status 200:

{
    "error": {
        "code": "iLO.0.10.ExtendedInfo",
        "message": "See @Message.ExtendedInfo for more information.",
        "@Message.ExtendedInfo": [
            {
                "MessageId": "Base.1.0.AccountModified"
            }
        ]
    }
}

Changing Password

Local user account passwords may be modified with a PATCH to the URI of the desired ManagerAccount resource, as shown in the example in the right pane.

PATCH /redfish/v1/AccountService/Accounts/{accountId}/

{
    "Password": "newpassword"
}

Removing a Local User Account

A local user account can be removed with a DELETE to the URI of desired ManagerAccount resource, as shown in the example in the right pane.

DELETE /redfish/v1/AccountService/Accounts/{accountId}/

Directory Authentication

Enabling or Disabling Local User Accounts

See the examples in the right pane for more information.

PATCH /redfish/v1/AccountService/

{
    "LocalAccountAuth": "Disabled"
}

or json { "LocalAccountAuth": "Enabled" }

Note: Disabling local user accounts is not allowed if both Directory Authentication and Kerberos Authentication are disabled.

Configuring Active Directory Authentication

See the examples in the right pane for examples of configuring active directory authentication.

PATCH /redfish/v1/AccountService/

Example 1 (Using default Active Directory server port 636):

{
    "LDAP": {
        "ServiceEnabled": true,
        "ServiceAddresses": [
            "<Active Directory Server host name>"
        ]
    }
}

Example 2 (Using explicit/custom Active Directory server port):

{
    "LDAP": {
        "ServiceEnabled": true,
        "ServiceAddresses": [
            "<Active Directory Server host name>:4646"
        ]
    }
}

Configuring LDAP Authentication

See the examples in the right pane for examples of configuring LDAP authentication.

PATCH /redfish/v1/AccountService/

Example 1 (Using default OpenLDAP server port 636):

{
    "LDAP": {
        "AccountProviderType": "LDAPService",
        "ServiceEnabled": true,
        "ServiceAddresses": [
            "<LDAP Server host name>"
        ]
    }
}

Example 2 (Using explicit/custom OpenLDAP server port):

{
    "LDAP": {
        "AccountProviderType": "LDAPService",
        "ServiceEnabled": true,
        "ServiceAddresses": [
            "<LDAP Server host name>:4646"
        ]
    }
}

Disable Active Directory and LDAP Authentication (Generic LDAP)

See the example in the right pane for more information.

PATCH /redfish/v1/AccountService/

{
    "LDAP": {
        "AccountProviderType": "ActiveDirectoryService",
        "ServiceEnabled": false,
    }
}

Enable and Configure HPE Extended Schema Authentication (for Active Directory only)

See the example in the right pane for more information.

PATCH /redfish/v1/AccountService/

{
    "LDAP": {
        "ServiceEnabled": true,
        "ServiceAddresses": [
            "<Active Directory Server host name>"
        ],
        "Authentication": {
            "Username": "CN=testdevice,CN=Users,DC=ilotest2,DC=com"
        }
    },
    "Oem": {
        "Hpe": {
            "DirectorySettings": {
                "LdapAuthenticationMode": "ExtendedSchema"
            }
        }
    }
}

Add User Search Contexts

See the examples in the right pane for more information.

PATCH /redfish/v1/AccountService/

Sample Payload-1 (Add two new User Search Contexts, with no existing User Search Context present):

{
    "LDAP": {
        "LDAPService": {
            "SearchSettings": {
                "BaseDistinguishedNames": [
                    "CN=Users,DC=domain,DC=com",
                    "DC=domain,DC=com"
                ]
            }
        }
    }
}

Sample Payload-2 (Add a new User Search Context, with two existing User Search Contexts present):

{
    "LDAP": {
        "LDAPService": {
            "SearchSettings": {
                "BaseDistinguishedNames": [
                    "CN=Users,DC=domain,DC=com",
                    "DC=domain,DC=com",
                    "DC=testdomain,DC=com"
                ]
            }
        }
    }
}

Delete User Search Contexts

See the examples in the right pane for more information.

PATCH /redfish/v1/AccountService/

Sample Payload-1 (To delete one/multiple User Search Contexts):

Assume you have three existing User Search Contexts, e.g. “CN=Users,DC=domain,DC=com”, “DC=domain,DC=com” and “DC=testdomain,DC=com”. To delete one, exclude it from the payload and keep the ones to be retained.

{
    "LDAP": {
        "LDAPService": {
            "SearchSettings": {
                "BaseDistinguishedNames": [
                    "CN=Users,DC=domain,DC=com",
                    "DC=domain,DC=com"
                ]
            }
        }
    }
}

Sample Payload-2 (To delete all User Search Contexts):

{
    "LDAP": {
        "LDAPService": {
            "SearchSettings": {
                "BaseDistinguishedNames": [
                    ""
                ]
            }
        }
    }
}

Import LDAP Server CA Certificate

See the example in the right pane for more information.

POST /redfish/v1/AccountService/ExternalAccountProviders/LDAP/Certificates/

{
    "CertificateString": "-----BEGIN CERTIFICATE-----
MIIEHTCCAwWgAwIBAgIQe8LmWgF5edKw01/avJg69DANBgkqhkiG9w0BAQsFADCB
…………………………………………………………………………………………………………………………………
…………………………………………………………………………………………………………………………………
Ow==
-----END CERTIFICATE-----"
}

View LDAP Server CA Certificate Status

See the example in the right pane for more information. GET /redfish/v1/AccountService/

The property Oem/Hpe/DirectorySettings/LdapCaCertificateLoaded indicates the status of the certificate.

View LDAP Server CA Certificate Details

GET /redfish/v1/AccountService/ExternalAccountProviders/LDAP/Certificates/{certId}/

NOTE: The LDAP provider supports a single certificate

{
    "@odata.context": "/redfish/v1/$metadata#Certificate.Certificate",
    "@odata.etag": "W/\"A1110A63\"",
    "@odata.id": "/redfish/v1/AccountService/ExternalAccountProviders/LDAP/Certificates/1/",
    "@odata.type": "#Certificate.v0_9_0.Certificate",
    "Id": "1",
    "Issuer": "/C=US/O=Hewlett Packard Enterprise Company/OU=Infrastructure Services/CN=Hewlett Packard Enterprise Private Root CA",
    "Name": "LDAP Certificate",
    "SerialNumber": "7BC2E65A017979D2B0D35FDABC983AF4",
    "Subject": "/C=US/O=Hewlett Packard Enterprise Company/OU=Infrastructure Services/CN=Hewlett Packard Enterprise Private Root CA",
    "ValidNotAfter": "2025-03-16T23:59:59Z",
    "ValidNotBefore": "2015-03-17T00:00:00Z"
}

Add new Directory Groups (No Existing Groups)

See the example in the right pane for more information.

PATCH /redfish/v1/AccountService/

Sample Payload: “Administrator” and “Operator” are predefined Redfish RoleIds. “LDAP” can also be used instead of “ActiveDirectory”.

{
    "ActiveDirectory": {
        "RemoteRoleMapping": [
            {
                "LocalRole": "Administrator",
                "RemoteGroup": "TestGroup1"
            },
            {
                "LocalRole": "Operator",
                "RemoteGroup": "TestGroup2"
            }
        ]
    }
}

View Directory Groups

See the example in the right pane for more information.

GET /redfish/v1/AccountService/

See the properties under RemoteRoleMapping created by the Add operation (fragment of the response):

{
    "RemoteRoleMapping": [
        {
            "LocalRole": "dirgroup4c6c827762dd20dc530c52ef",
            "RemoteGroup": "TestGroup1"
        },
        {
            "LocalRole": "dirgroupeb9a3afc9cd9d126249c3aed",
            "RemoteGroup": "TestGroup2"
        }
    ]
}

Add New Directory Groups to Existing Groups

See the example in the right pane for more information.

PATCH /redfish/v1/AccountService/

Assume two directory groups (TestGroup1 and TestGroup2 as in the steps above) are present. Use the LocalRole and RemoteGroup values for the existing directory groups from the step above in the payload. Add an additional group “TestGroup3” with “ReadOnly” Redfish Role. “LDAP” can also be used instead of “ActiveDirectory”.

{
    "ActiveDirectory": {
        "RemoteRoleMapping": [
            {
                "LocalRole": "dirgroup4c6c827762dd20dc530c52ef",
                "RemoteGroup": "TestGroup1"
            },
            {
                "LocalRole": "dirgroupeb9a3afc9cd9d126249c3aed",
                "RemoteGroup": "TestGroup2"
            },
            {
                "LocalRole": "ReadOnly",
                "RemoteGroup": "TestGroup3"
            }
        ]
    }
}

Delete Directory Groups

See the example in the right pane for more information.

PATCH /redfish/v1/AccountService/

Sample Payload-1 (To delete one/multiple Directory Groups): Assume you have three existing directory groups, e.g. “TestGroup1”, “TestGroup2” and “TestGroup3”. To delete “TestGroup3”, exclude it from the payload and keep the ones to be retained. “LDAP” can also be used instead of “ActiveDirectory”.

{
    "ActiveDirectory": {
        "RemoteRoleMapping": [
            {
                "LocalRole": "dirgroup4c6c827762dd20dc530c52ef",
                "RemoteGroup": "TestGroup1"
            },
            {
                "LocalRole": "dirgroupeb9a3afc9cd9d126249c3aed",
                "RemoteGroup": "TestGroup2"
            }
        ]
    }
}

Sample Payload-2 (To delete all Directory Groups): “LDAP” can also be used instead of “ActiveDirectory”.

{
    "ActiveDirectory": {
        "RemoteRoleMapping": [
            {}
        ]
    }
}

View Directory Group Privileges

See the example in the right pane for more information.

GET /redfish/v1/AccountService/Roles/

{
    "@odata.context": "/redfish/v1/$metadata#RoleCollection.RoleCollection",
    "@odata.etag": "W/\"08A22FCA\"",
    "@odata.id": "/redfish/v1/AccountService/Roles/",
    "@odata.type": "#RoleCollection.RoleCollection",
    "Description": "iLO Roles Collection",
    "Name": "Roles",
    "Members": [
        {
            "@odata.id": "/redfish/v1/AccountService/Roles/Administrator/"
        },
        {
            "@odata.id": "/redfish/v1/AccountService/Roles/Operator/"
        },
        {
            "@odata.id": "/redfish/v1/AccountService/Roles/ReadOnly/"
        },
        {
            "@odata.id": "/redfish/v1/AccountService/Roles/dirgroup4c6c827762dd20dc530c52ef/"
        },
        {
            "@odata.id": "/redfish/v1/AccountService/Roles/dirgroupeb9a3afc9cd9d126249c3aed/"
        }
    ],
    "Members@odata.count": 5
}

GET /redfish/v1/AccountService/Roles/{directoryGroupId}/

{
    "@odata.context": "/redfish/v1/$metadata#Role.Role",
    "@odata.etag": "W/\"D17157B3\"",
    "@odata.id": "/redfish/v1/AccountService/Roles/dirgroup4c6c827762dd20dc530c52ef/",
    "@odata.type": "#Role.v1_2_1.Role",
    "Id": "dirgroup4c6c827762dd20dc530c52ef",
    "AssignedPrivileges": [
        "Login",
        "ConfigureSelf",
        "ConfigureManager",
        "ConfigureUsers"
    ],
    "Description": "iLO Directory Group Role",
    "IsPredefined": false,
    "Name": "Group Role",
    "Oem": {
        "Hpe": {
            "@odata.context": "/redfish/v1/$metadata#HpeDirectoryGroup.HpeDirectoryGroup",
            "@odata.type": "#HpeDirectoryGroup.v1_0_0.HpeDirectoryGroup",
            "GroupDn": "TestGroup1",
            "GroupSid": ""
        }
    },
    "OemPrivileges": [
        "RemoteConsolePriv",
        "VirtualMediaPriv",
        "VirtualPowerAndResetPriv",
        "HostBIOSConfigPriv",
        "HostNICConfigPriv",
        "HostStorageConfigPriv"
    ],
    "RoleId": "dirgroup4c6c827762dd20dc530c52ef"
}

Modify Directory Group Privileges

See the examples in the right pane for more information.

PATCH /redfish/v1/AccountService/Roles/{directoryGroupId}/

Sample Payload-1 (Update AssignedPrivileges): Add/Remove the privileges in the AssignedPrivileges[] array.

{
    "AssignedPrivileges": [
        "Login",
        "ConfigureSelf",
        "ConfigureUsers"
    ]
}

Sample Payload-2 (Update OemPrivileges): Add/Remove the privileges in the OemPrivileges[] array.

{
    "OemPrivileges": [
        "RemoteConsolePriv",
        "VirtualPowerAndResetPriv",
        "HostNICConfigPriv",
        "HostStorageConfigPriv"
    ]
}

Enable, Configure, Disable Kerberos Authentication

See the examples in the right pane for more information.

PATCH /redfish/v1/AccountService/

Disable

{
    "ActiveDirectory": {
        "ServiceEnabled": false
    }
}

Enable Sample Payload-1 (Using default KDC server port 88):

Where “TESTKDCREALM.COM” is the Kerberos Realm.

{
    "ActiveDirectory": {
        "ServiceEnabled": true,
        "ServiceAddresses": [
            "testkdc.hpe.com@TESTKDCREALM.COM"
        ]
    }
}

Enable Sample Payload-2 (Using explicit/custom KDC server port):

{
    "ActiveDirectory": {
        "ServiceEnabled": true,
        "ServiceAddresses": [
            "testkdc.hpe.com:8888@TESTKDCREALM.COM"
        ]
    }
}

Import Kerberos Keytab File

See the example in the right pane for more information.

POST /redfish/v1/AccountService/Actions/Oem/Hpe/HpeiLOAccountService.ImportKerberosKeytab/

{
    "ImportUri": "http://<URI of keytab file>"
}

Start Directory Test

See the examples in the right pane for more information.

POST on /redfish/v1/AccountService/DirectoryTest/Actions/HpeDirectoryTest.StartTest/

Sample Payload-1 (No parameters):

{
}

Sample Payload-2 (with Test User Name and password):

{
    "TestUserName": "TestUser1",
    "TestUserPassword": "TestPassword1"
}

Sample Payload-3 (with all parameters):

{
    "TestUserName": "TestUser1",
    "TestUserPassword": "TestPassword1",
    "DirectoryAdminDn": "CN=Administrator,CN=Users,DC=ilotest2,DC=com",
    "DirectoryAdminPassword": "AdminPassword"
}

Stop Directory Test

See the example in the right pane for more information.

POST /redfish/v1/AccountService/DirectoryTest/Actions/HpeDirectoryTest.StopTest/

(empty payload)

{
}

View Directory Test Result

See the example in the right pane for more information.

GET /redfish/v1/AccountService/DirectoryTest/

{
    "@odata.context": "/redfish/v1/$metadata#HpeDirectoryTest.HpeDirectoryTest",
    "@odata.etag": "W/\"6B3F28F1\"",
    "@odata.id": "/redfish/v1/AccountService/DirectoryTest/",
    "@odata.type": "#HpeDirectoryTest.v1_0_0.HpeDirectoryTest",
    "Id": "DirectoryTest",
    "Actions": {
        "#HpeDirectoryTest.StartTest": {
            "target": "/redfish/v1/AccountService/DirectoryTest/Actions/HpeDirectoryTest.StartTest/"
        },
        "#HpeDirectoryTest.StopTest": {
            "target": "/redfish/v1/AccountService/DirectoryTest/Actions/HpeDirectoryTest.StopTest/"
        }
    },
    "OverallStatus": "NotRun",
    "TestResults": [
        {
            "Notes": "",
            "Status": "NotRun",
            "TestName": "Directory Server DNS Name"
        },
        {
            "Notes": "",
            "Status": "NotRun",
            "TestName": "Ping Directory Server"
        },
        {
            "Notes": "",
            "Status": "NotRun",
            "TestName": "Connect to Directory Server"
        },
        {
            "Notes": "",
            "Status": "NotRun",
            "TestName": "Connect using SSL"
        },
        {
            "Notes": "",
            "Status": "NotRun",
            "TestName": "Bind to Directory Server"
        },
        {
            "Notes": "",
            "Status": "NotRun",
            "TestName": "Directory Administrator login"
        },
        {
            "Notes": "",
            "Status": "NotRun",
            "TestName": "User Authentication"
        },
        {
            "Notes": "",
            "Status": "NotRun",
            "TestName": "User Authorization"
        },
        {
            "Notes": "",
            "Status": "NotRun",
            "TestName": "Directory User Contexts"
        },
        {
            "Notes": "",
            "Status": "NotRun",
            "TestName": "LOM Object exists"
        }
    ]
}

Implementation of Two Factor Authentication (TFA) in Redfish

Two Factor Authentication is a security feature that enhances security while logging in and creating a user session. TFA uses a One Time Password (OTP) token along with the username and password credentials. When a Microsoft Active Directory user logs in, the user needs to provide the 6 digit token (OTP) received over email.

Two Factor Authentication (TFA) is applicable for Microsoft Active Directory users when enabled.

Pre-requisites for using Two Factor Authentication

Enabling SMTP For Two Factor Authentication

SMTPForTFAEnabled indicates SMTP for Two Factor Authentication (TFA). Perfom GET on /redfish/v1/AccountService. The supported values are Enabled and Disabled.

NOTE: To enable SMTPForTFAEnabled, AlertMailSenderDomain and AlertMailSMTPServer should be set correctly.

GET /redfish/v1/AccountService

{
    "SNMPService": {
        "@odata.id": "/redfish/v1/Managers/1/SnmpService"
    },
    "RemoteSyslogEnabled": false,
    "RemoteSyslogPort": 514,
    "RemoteSyslogServer": "stuv",
    "SMTPForTFAEnabled": false,
    "SNMPTrapPort": 162,
    "SerialOverLanLogging": false,
    "VirtualMediaEncryptionEnabled": true,
    "WebProxyConfiguration": {
        "ProxyPassword": null,
        "ProxyPort": null
    }
}

To enable SMTPForTFAEnabled, perform PATCH on /redfish/v1/Managers/1/NetworkProtocol. The supported values are true and false.

PATCH /redfish/v1/Managers/1/NetworkProtocol

PATCH Payload

{
    "Oem": {
        "Hpe": {
            "SMTPForTFAEnabled": "true"
        }
    }
}
{
    "error":{
        "code": "iLO.0.10ExtendedInfo",
        "message": "See @Message.ExtendedInfo for more information",
        "@Message.ExtendedInfo": {
            "MessageId": "Base.1.4.Success"
        }
    }
}

Enabling Two Factor Authentication

TwoFactorAuth indicates if Two Factor Authentication (TFA) is enabled or not. Perform GET on /redfish/v1/AccountService. The supported values are Enabled and Disabled.

NOTE: Attempting to authenticate using Basic-Auth when TFA is enabled will result in a 401 Unauthorized No Valid Session response if the user account used is a Microsoft Active Directory user.

GET /redfish/v1/AccountService

{
"DirectorTest" : {
    "@odata.id": "/redfish/v1/AccountService/DirectoryTest"
},
"EnforcePasswordComplexity": false,
"KerberosSettings": {
    "KDCServerPort": 88,
    "KerberosRealm": "ILOQA.COM"
},
"MinPasswordLength": 8,
"TwoFactorAuth": "Enabled"
}

To enable or disable TwoFactorAuth, perform PATCH on /redfish/v1/AccountService. The supported values are Enabled and Disabled.

PATCH /redfish/v1/AccountService

PATCH Payload

{
    "Oem": {
        "Hpe": {
            "TwoFactorAuth": "Enabled"
        }
    }
}

{
    "error":{
        "code": "iLO.0.10ExtendedInfo",
        "message": "See @Message.ExtendedInfo for more information",
        "@Message.ExtendedInfo": {
            "MessageId": "Base.1.4.Success"
        }
    }
}

NOTE : Both TwoFactorAuth and SMTPForTFAEnabled should be enabled and true respectively to enable Two Factor Authentication.

Creating a User Session

When Two Factor Authentication is enabled and the Microsoft Active Directory user credentials are entered, a OneTimePasscodeSent response message appears and an One Time Password (OTP) will be sent to the configured Microsoft Active Directory user email id.

To obtain the One Time Password (OTP) perform POST on /redfish/v1/Sessions

POST /redfish/v1/Sessions

POST Payload

{
    "UserName": "jason",
    "Password": "words123"
}

{
    "error":{
        "code": "iLO.0.10ExtendedInfo",
        "message": "See @Message.ExtendedInfo for more information",
        "@Message.ExtendedInfo": [
            {
                "MessageArgs": [
                    "configured mail"
                ],
                "MessageId": "Base.1.17.OneTimePasscodeSent"
            }
        ]
    }
}

This OTP is entered in the POST payload as a Token along with the Microsoft Active Directory user credentials. The Token is 6 digit positive non-zero integer value.

POST /redfish/v1/Sessions

POST Payload

{
    "UserName": "jason",
    "Password": "words123",
    "Token": "123456"
}
{
    "@odata.context": "/redfish/v1/$metadata#Session.Session",
    "@odata.etag": "W/_\"3F61854C",
    "@odata.id": "/redfish/v1/SessionService/Sessions/fewe0000648857f74474c42",
    "@oata.type": "Session.v1_0_0.Session",
    "Id": "jason0000648857f74474c42" 
}

Managing Time in iLO 5

iLO 5 obtains the date and time from one of several sources and is not manually configurable.

The configurable iLO 5 Time/Date related configuration properties are:

iLO 5 Date and Time

iLO 5 current date and time is available in the main Manager resource at /redfish/v1/Managers/{id}

GET /redfish/v1/Managers/{id}

    "DateTime": "2019-01-06T17:11:53Z",
    "DateTimeLocalOffset": "-06:00",

Date/Time Service Resource

A link exists in /redfish/v1/Managers/{id} to the iLO 5 Date/Time Service. See Oem/Hpe/Links/DateTimeService. This points to a DateTime resource at /redfish/v1/Managers/{id}/DateTime.

Time Zone Management

Time Zone configuration is performed with a PATCH to the DateTime resource at /redfish/v1/Managers/{id}/DateTime.

The available time zones are available in the TimeZoneList property. Take note of the Index value of the time zone you wish iLO 5 to be configured with. Then PATCH the TimeZone.Index property:

PATCH /redfish/v1/Managers/{id}/DateTime

{
    "TimeZone": {
        "Index": 4
    }
}

If the operation is successful, iLO 5 will respond with HTTP 200 OK and ResetRequired. An iLO 5 reset is required for date and time operations to be applied. After a successful PATCH the ConfigurationSettings property will contain SomePendingReset indicating that some settings have changed but will not take effect until iLO 5 is reset.

If the time zone is configured to be managed by DHCP, iLO 5 will respond with HTTP 400 and SNTPConfigurationManagedByDHCPAndIsReadOnly (see Using DHCP Supplied Time Settings).

Configuring Network Time Protocol (NTP)

The currently configured Network Time Protocol (NTP) servers are available in the DateTime resource at /redfish/v1/Managers/{id}/DateTime.

GET /redfish/v1/Managers/{id}/DateTime

{
    "NTPServers": [
        "<NTP server 1>",
        "<NTP server 2>"
    ]
}

If NTP is not being managed by DHCP, you may PATCH server addresses into the StaticNTPServers array.

PATCH /redfish/v1/Managers/{id}/DateTime

{
    "StaticNTPServers": [
        "<NTP server 1>",
        "<NTP server 2>"        
    ]
}

or to set one address

{
    "StaticNTPServers": [
        "<NTP server 1>"
    ]
}

If the operation is successful, iLO 5 will respond with HTTP 200 OK and ResetRequired. An iLO 5 reset is required for date and time operations to be applied. After a successful PATCH the ConfigurationSettings property will contain SomePendingReset indicating that some settings have changed but will not take effect until iLO 5 is reset.

If the time zone is configured to be managed by DHCP, iLO 5 will respond with HTTP 400 and SNTPConfigurationManagedByDHCPAndIsReadOnly (see Using DHCP Supplied Time Settings).

Example Use Cases

NOTE: The examples in this section use a pseudo-code syntax for clarity. JSON pointer syntax is used to indicate specific properties.

Reading BIOS Current Settings

To GET the current BIOS configuration:

curl https://{iLO}/redfish/v1/systems/1/bios/settings/ -i --insecure -u username:password -L
# Make sure the DMTF redfish library is not loaded before loading
# the HPE python-ilorest-library:
# pip uninstall redfish
# pip install python-ilorest-library
import sys
import json
from redfish import RedfishClient

# When running remotely, connect using the iLO address, iLO account name,
# and password to send https requests.
SYSTEM_URL = "https://{BMC}"
LOGIN_ACCOUNT = "username"
LOGIN_PASSWORD = "password"
ca_cert_data = {}

# Create a REST object
REDFISHOBJ = RedfishClient(base_url=SYSTEM_URL, username=LOGIN_ACCOUNT,              password=LOGIN_PASSWORD, ca_cert_data=ca_cert_data)

# Login 
REDFISHOBJ.login()

# Get the resource you need.
response = REDFISHOBJ.get("/redfish/v1/systems/1/bios/")
print('Response: '+json.dumps(response.dict, indent=4, sort_keys=True))

Response

{
  "@Redfish.Settings": {
    "@odata.type": "#Settings.v1_0_0.Settings",
    "ETag": "5DFD7F66",
    "Messages": [
      {
        "MessageId": "Base.1.0.Success"
      }
    ],
    "SettingsObject": {
      "@odata.id": "/redfish/v1/systems/1/bios/settings/"
    },
    "Time": "2001-05-07T20:28:28+00:00"
  },
  "@odata.context": "/redfish/v1/$metadata#Bios.Bios",
  "@odata.etag": "W/\"D230AB047BF85050500CD97692925EA4\"",
  "@odata.id": "/redfish/v1/systems/1/bios/",
  "@odata.type": "#Bios.v1_0_0.Bios",
  "Actions": {
    "#Bios.ChangePassword": {
      "target": "/redfish/v1/systems/1/bios/settings/Actions/Bios.ChangePasswords/"
    },
    "#Bios.ResetBios": {
      "target": "/redfish/v1/systems/1/bios/settings/Actions/Bios.ResetBios/"
    }
  },
  "AttributeRegistry": "BiosAttributeRegistryU32.v1_1_20",
  "Attributes": {
    "AcpiHpet": "Enabled",
    "AcpiRootBridgePxm": "Enabled",
    ...
    ...

    "XptPrefetcher": "Enabled",
    "iSCSIPolicy": "SoftwareInitiator"
  },
  "Id": "bios",
  "Name": "BIOS Current Settings",
  "Oem": {
    "Hpe": {
      "@odata.type": "#HpeBiosExt.v2_0_0.HpeBiosExt",
      "Links": {
        "BaseConfigs": {
          "@odata.id": "/redfish/v1/systems/1/bios/baseconfigs/"
        },
        "Boot": {
          "@odata.id": "/redfish/v1/systems/1/bios/boot/"
        },
        "Mappings": {
          "@odata.id": "/redfish/v1/systems/1/bios/mappings/"
        },
        "TlsConfig": {
          "@odata.id": "/redfish/v1/systems/1/bios/tlsconfig/"
        },
        "iScsi": {
          "@odata.id": "/redfish/v1/systems/1/bios/iscsi/"
        }
      },
      "SettingsObject": {
        "UnmodifiedETag": "W/\"7F8B308F162455555532A6400C9EEBC3\""
      }
    }
  }
}

The iLO RESTful API enables UEFI BIOS configuration. The link to the BIOS configuration is from the computer system object.

Changing Pending Settings and understanding “@Redfish.Settings”.

The current configuration object for BIOS is read-only. This object contains a link to a Settings resource that you can perform a PATCH operation on. This is the “pending settings.” If you GET the Settings resource, the returned information shows that you can perform PATCH operations. You can change properties and then perform a PATCH patch operation using the Settings URI. Changes to pending settings do not take effect until the server is reset. Before the server is reset, the current and pending settings are independently available. After the server is reset, the pending settings are applied and you can view any errors in the “@Redfish.Settings” property on the main object.

There are benefits to handling BIOS settings in this way:

Updating the BIOS settings example

curl -H "Content-Type: application/json" -X PATCH --data "@data.json" https://{iLO}/redfish/v1/Systems/1/bios/settings/ -u username:password --insecure

Contents of data.json

{“Attributes”:{“AdminName”: “NewName”}}

For a full Redfish example click here: change_bios_setting.py

The minimum required session ID privileges is Configure.

  1. Iterate through /redfish/v1/Systems and choose a member ComputerSystem. Result = {ilo-ip-address}/redfish/v1/Systems/1/BIOS
  2. Find a link in the Oem/Hp/links called Bios and note the BiosURI.
  3. GET BiosObj from BiosURI and note that it only allows GET (this is the current settings).
  4. Find a link in BiosObj called Settings and note this URI.
  5. Obtain the BIOS settings using the URI from step 4.
    • GET {ilo-ip-address}/redfish/v1/Systems/1/BIOS/Settings
  6. Create a new JSON object with the AdminName property changed to {"Attributes":{"AdminName":"Joe Smith"}}.
  7. Update the BIOS settings. You only need to send the updated AdminName property in the request body.
    • PATCH {ilo-ip-address}/redfish/v1/Systems/1/BIOS/Settings
  8. Obtain the BIOS settings to verify you made the change to the AdminName property.
    • GET {ilo-ip-address}/redfish/v1/Systems/1/BIOS/Settings When the server is reset, the BIOS settings are validated and adopted.

Reading BIOS Defaults example

The BIOS current configuration object contains a link to a separate read-only object, BaseConfigs, which lists the BIOS default settings. To get the BIOS BaseConfigs resource:

curl https://{iLO}/redfish/v1/systems/1/bios/BaseConfigs/ -i --insecure -u username:password -L
import sys
from redfish import AuthMethod, redfish_logger, redfish_client

# When running remotely, connect using the iLO address, iLO account name,
# and password to send https requests.
iLO_host = "https://16.84.27.67"
login_account = "admin"
login_password = "password"

## Create a REDFISH object
REDFISH_OBJ = redfish_client(base_url=iLO_host,username=login_account, \
                          password=login_password, default_prefix="/redfish/v1")

# Login into the server and create a session
REDFISH_OBJ.login(auth="session")

# Do a GET on a given path
response = REDFISH_OBJ.get("/redfish/v1/systems/1/bios/BaseConfigs/", None)

# Print out the response
sys.stdout.write("%s\n" % response)

# Logout of the current session
REDFISH_OBJ.logout()

The results looks something like this:

Response

{
    "@odata.context": "/redfish/v1/$metadata#HpeBaseConfigs.HpeBaseConfigs",
    "@odata.etag": "W/\"1BAB2532EC201D1D1DFED6F112252823\"",
    "@odata.id": "/redfish/v1/systems/1/bios/baseconfigs/",
    "@odata.type": "#HpeBaseConfigs.v2_0_0.HpeBaseConfigs",
    "BaseConfigs": [
        {
            "default": {
                "AcpiHpet": "Enabled",
                "AcpiRootBridgePxm": "Enabled",
                "AcpiSlit": "Enabled",
                 ...
         ...
                "XptPrefetcher": "Auto",
                "iSCSIPolicy": "SoftwareInitiator"
            }
        }
    ],
    "Capabilities": {
        "BaseConfig": true,
        "BaseConfigs": false
    },
    "Id": "baseconfigs",
    "Name": "BIOS Default Settings"
}

Notice that BaseConfigs contains an array of default sets (or base configuration sets). Each base config set contains a list of BIOS properties and their default values. The default base config set contains the BIOS manufacturing defaults. It is possible for BaseConfigs to contain other sets, like default.user for user custom defaults.

BIOS resources and attribute registry overview

The BIOS resources are formatted differently than most other resources. BIOS resources do conform to a schema type as all objects do. However, BIOS settings vary widely across server types and BIOS revisions, so it is extremely difficult to publish a standard schema defining all the possible BIOS setting properties. Furthermore, it is not possible to communicate some of the advanced settings such as inter-setting dependencies, and menu structure in json-schema. Therefore, BIOS uses an Attribute Registry.

Attribute registry

The BIOS Current Configuration resource has a property called AttributeRegistry. This property indicates the name and version of a registry file that defines the properties in the BIOS configuration. It also includes information about interdependencies between settings.

Due to their size, BIOS Attribute Registries are compressed JSON resources (gzip), so the returned HTTP headers indicate a content-encoding of gzip. The REST client will need to decompress the resource. This is done automatically in many web clients (like the Postman plugin).

BIOS attribute registry structure

The BIOS attribute registries contains three top-level arrays:

BIOS attributes

Each BIOS attribute in the attribute registry includes:

Example to reset all BIOS and boot order settings to factory defaults

  1. Iterate through /redfish/v1/Systems/ and choose a member ComputerSystem. Find the BIOS settings resource by following the Bios property link.
    • BiosSettingsURI = {ilo-ip-address}/redfish/v1/Systems/1/BIOS/Settings/
  2. Obtain the BIOS and boot order pending settings.
    • GET @ {ilo-ip-address}/redfish/v1/Systems/1/BIOS/Settings/
  3. Create a new JSON object with the RestoreManufacturingDefaults property and change the value to Yes. Be sure to include the top level JSON Attributes property.
    • JSON = {“Attributes”:{“RestoreManufacturingDefaults”:“Yes”}}
  4. Make a PATCH request with the new JSON to the BiosSettingsUri. You only need to send the updated RestoreManufacturingDefaults property in the request body.
    • PATCH {"Attributes":{"RestoreManufacturingDefaults":"Yes"}} @ {ilo-ip-address}/redfish/v1/Systems/1/BIOS/Settings/

Reverting BIOS UEFI settings to default example

curl -H "Content-Type: application/json" -X POST --data "@data.json" https://{iLO}/redfish/v1/Systems/1/bios/settings/ -u username:password --insecure

Contents of data.json

{“Attributes”:{“BaseConfig”: “default”}}

For a full Redfish example click here: bios_revert_default.py

The BIOS Settings resource supports a special feature that allows you to revert BIOS settings to default for the selected resource. This is accomplished by performing the PATCH or PUT operation on a special property in the BIOS settings object: {“BaseConfig”: “default”}. This can be combined with other property sets to first set default values and then set specific settings all in one operation.

NOTE: The BaseConfig property might not already exist in the BIOS or BIOS Settings resources. To determine if the BIOS resource supports reverting the settings to default, GET the BIOS BaseConfigs resource, and view the Capabilities property.

  1. Iterate through /redfish/v1/Systems/ and choose a member ComputerSystem. Find the BIOS settings resource by following the Bios property link.
    • BiosSettingsURI = {ilo-ip-address}/redfish/v1/Systems/1/BIOS/Settings/
  2. Obtain the BIOS pending settings.
    • GET @ {ilo-ip-address}/redfish/v1/Systems/1/BIOS/Settings/
  3. Create a new JSON object with the BaseConfig property and change the value to default. Be sure to include the top level JSON Attributes property.
    • JSON = {“Attributes”:{“BaseConfig”:“default”}}
  4. Make a PUT request with the new JSON to the BiosSettingsUri. You only need to send the updated BaseConfig property in the request body.
    • PUT {"Attributes":{"BaseConfig":"default"}} @ {ilo-ip-address}/redfish/v1/Systems/1/BIOS/Settings/

When the sever is reset, the BIOS UEFI settings are reverted to default.

NOTE:

Enabling BIOS UEFI Secure Boot example

curl -H "Content-Type: application/json" -X PATCH --data "@data.json" https://{iLO}/redfish/v1/Systems/1/SecureBoot/ -u username:password --insecure

Contents of data.json

{“SecureBootEnable”:true}

For a full Redfish example click here: enable_secure_boot.py

The minimum required session ID privileges is Configure.

  1. Iterate through /redfish/v1/Systems/ and choose a member ComputerSystem. Find a child resource of type HpSecureBoot that allows PATCH operations (there might be more than one, but for this exercise, choose the first one).
    • {ilo-ip-address}/redfish/v1/Systems/1/SecureBoot/
  2. Obtain the secure boot settings.
    • GET {ilo-ip-address}/redfish/v1/Systems/1/SecureBoot/
  3. Create a new JSON object with the SecureBootEnable property changed to {"SecureBootEnable":true}.
  4. Update the secure boot settings. Send the updated SecureBootEnable property in the request body.
    • PATCH {ilo-ip-address}/redfish/v1/Systems/1/SecureBoot/

When the sever is reset, the boot settings are validated and adopted.

Example iSCSI Software Initiator configuration

Existing example resource:

{
    "iSCSISources": [
        {
             "iSCSIAttemptInstance": 1,
             ...
        },
        {
             "iSCSIAttemptInstance": 2,
             ...
        },
        {
             "iSCSIAttemptInstance": 0,
             ...
        },
        {
             "iSCSIAttemptInstance": 0,
             ...
        }
    ],
    ...
}
{
    "iSCSISources": [
        {},
        {
            "iSCSIConnectRetry": 2
        },
        {
            "iSCSIAttemptInstance": 3,
            "iSCSIAttemptName": "Name",
            "iSCSINicSource": "NicBootX"
            ...
        },
        {}
    ]
}

The iSCSI Software Initiator allows you to configure an iSCSI target device to be used as a boot source. The BIOS current configuration object contains a link to a separate resource of type HpeiSCSISoftwareInitiator. The BIOS current configuration resource and the iSCSI Software Initiator current configuration resources are read-only. To change iSCSI settings, you need to follow another link to the Settings resource, which allows PUT and PATCH operations.

The iSCSI target configurations are represented in an iSCSISources property, that is an array of objects, each containing the settings for a single target. The size of the array represents the total number of iSCSI boot sources that can be configured at the same time. Many mutable properties exist, including iSCSIAttemptInstance, which can be set to a unique integer in the range [1, N], where N is the boot sources array size. By default, this instance number is 0 for all objects, indicating that the object should be ignored when configuring iSCSI.

Each object also contains two read-only properties—StructuredBootString and UEFIDevicePath, which are only populated after the target has been successfully configured as a boot source. More information about each property is available in the corresponding schema. The iSCSI initiator name is represented by the iSCSIInitiatorName property.

An additional read-only property, iSCSINicSources, is only shown in the iSCSI current configuration resource. This property is an array of strings representing the possible NIC instances that can be used as targets for iSCSI boot configuration. To confirm which NIC device each string corresponds to, it is recommended to cross-reference two other resources:

Changing the iSCSISources and iSCSIInitiatorName settings can be done through PATCH operations, very similar to how HpeBios settings are changed. However, whereas all BIOS settings are located in a single flat object, iSCSI settings are nested into arrays and sub-objects. When doing a PATCH operation, use empty objects ({}) in place of those boot source objects that you do not want to alter.

The following example covers a situation where you have configured two iSCSI boot sources, and you would like to edit some existing settings, and add a third source.

  1. Iterate through /redfish/v1/Systems and choose a member ComputerSystem. Find a child resource of type HpiSCSISoftwareInitiator that allows PATCH operations.
    • {ilo-address}/redfish/v1/Systems/1/BIOS/iSCSI/Settings/
  2. Inspect the existing iSCSIBootSources array. You need to inspect the iSCSIBootAttemptInstance property of each object to find the boot sources you are prefer to change.

  3. Create a new JSON object with the iSCSIBootSources property.

    • Use an empty object in the position of instance 1 to indicate that it should not be modified. Use an object in the position of instance 2 containing the properties that should be modified—all omitted properties will remain unmodified.
    • To add a new boot source, find any position of instance 0 and replace it with an object containing all the new settings, and most importantly, a new unique value of iSCSIBootAttemptInstance.
  4. Change the iSCSI software initiator settings.

    • PATCH {ilo-address}/redfish/v1/Systems/1/BIOS/iSCSI/Settings/

Changing Boot Settings

UEFI boot structured name string

This UEFI boot structured name string is unique and represents each UEFI boot option in the system. Software can identify and manipulate devices using the string’s fixed format as defined in this specification. Software can assume that the string unique for each boot device in the UEFI BootOrder.

The UEFI boot structured name string is divided into sections separated by ‘.’ characters, using the following format:

....

UEFI boot structured name string examples

Table 1 Examples

Name Description
HD.Emb.4.2 The second instance of a hard drive in embedded SA controller bay 4
NIC.Slot.7.2.IPv4 Port 2 of a NIC in PCIe slot 7, which is enabled for PXE IPv4
NIC.FlexLOM.1.1.IPv6 Port 1 of an embedded NIC FlexLOM, which is enabled for PXE IPv6
PCI.Slot.6.1 PCIe card in slot 6
HD.FrontUSB.2.2 Second partition of a flash drive in front USB port 2

Table 2 Examples of currently supported Structured Boot Strings

Device Type Location Instance Sub instance Qualifier Structure Boot String Examples
Smart Array Hard Drive Embedded Bay number Incremental by LUN HD.Emb.1.1
Slot Slot number Incremental by LUN HD.Slot.1.1
Smart Array Controller Embedded Controller Instance 1 RAID.Emb.1.1
Slot Slot number 1 RAID.Slot.1.1
Dynamic Smart Array Controller (Software RAID) Embedded 1 1 Storage.Emb.1.1
Slot Controller Instance 1 Storage.Slot.1.1
SATA Hard Drive Embedded SATA port # 1 HD.Emb.1.1
SATA Controller Embedded Controller Instance 1 SATA.Emb.1.1
All other storage controllers (FC, SAS, etc…) Embedded 1 1 Storage.Emb.1.1
Slot Slot # 1 Storage.Slot.1.1
Network Adapter LOM NIC number, 1 for 1st NIC, 2 for 2nd NIC Port number IPv4 or IPv6 or iSCSI or FCoE NIC.LOM.1.2.IPv4, NIC.LOM.1.2.IPv6
FlexibleLOM FlexibleLOM number, 1 for 1st FlexLOM, 2 for 2nd FlexLOM Port Number IPv4 or IPv6 or iSCSI or FCoE NIC.FlexLOM.2.1.IPv4, NIC.FlexLOM.2.1.IPv6
Slot Slot Number Port number IPv4 or IPv6 or iSCSI or FCoE NIC.Slot.3.2.Ipv4
Fiber Channel Adapter Slot Slot number Port number IPv4 or IPv6 or iSCSI or FCoE PCI.Slot.3.1
OS Boot entry (such as Embedded HD.Slot.1.2 “Windows Boot Manager”) Slot Embedded Incremental HD.Emb.1.2, HD.Slot.1.2
USB Key Front USB USB Port # Incremental by LUN HD.FrontUSB.1.1
Rear USB USB Port # Incremental by LUN HD.RearUSB.1.1
Internal USB USB Port # HD.InternalUSB.1.1
iLO virtual media HD.Virtual.1.1
ISO image iLO virtual media CD.Virtual.2.1
Virtual Install Disk (VID) Embedded store USB Port # HD.VirtualUSB.1.1
Embedded User Partition Embedded store USB Port # HD.VirtualUSB.2.1
USB CD/DVD Front USB USB Port # CD.FrontUSB.1.1
Rear USB USB Port # CD.RearUSB.1.1
Internal USB USB Port # xxxxxxxx
SD card SD slot USB Port # HD.SD.1.1
Floppy Front USB, Rear USB USB Port # FD.FrontUSB.1.1, FD.RearUSB.1.1
Embedded UEFI Shell Embedded 1 1 Shell.Emb.1.1
UEFI applications (embedded in the ROM firmware) (Diag, System Utility, etc..) Embedded 1 Incremental App.Emb.1.1, App.Emb.1.2, App.Emb.1.3
File URL Different URL Increased by 1 1 File.URL.1.1
HPE RAM Disk Device RAM Memory 1 Port Number RAMDisk.Emb.1.1
Special USB device class with Device Path: UsbClass(0xFFFF, 0xFFFF, 0xFF, 0xFF, 0xFF) Any USB device in the system 1 Generic.USB.1.1
Empty slot, no device Slot Slot number 1 PCI.Slot.2.1
Unknown device Embedded Slot Unknown location Slot number or 1 Incremental Unknown.Slot.1.1, Unknown.Unknown.1.1
NVMe Slot Slot number NVMe drive number (The number is based on bus enumeration sequence). NVMe.Slot.1.1
NVMe Embedded Bay number 1 (Each drive bay has 1 NVMe drive.) NVMe.Emb.1.1

Change UEFI boot order example

For more information click on the python tab.

For a full Redfish example click here: change_boot_order.py

The BIOS current configuration object contains a link to a separate read-only resource of type HpeServerBootSettings that lists the UEFI Boot Order current configuration. This is the system boot order when the system is configured in the UEFI Boot Mode. The UEFI Boot Order current configuration resource contains a BootSources property, which is an array of UEFI boot sources. Each object in that array has a unique StructuredBootString, among other properties that identify that boot source.

The UEFI boot order list itself is represented in a separate PersistentBootConfigOrder property that is an ordered array of boot sources, each referenced by its StructuredBootString. In addition, a DesiredBootDevices property lists a separate ordered list of desired boot sources that might not be listed in the BootSources property. This is useful for configuring boot from a specific SCSI or FC LUN or iSCSI target that might have not been configured (and discovered by BIOS) yet.

As with the BIOS current configuration resource, the UEFI Boot Order current configuration resource is read only (as evident by the allow header, which do not list PATCH as an allowed operation). To change the UEFI Boot Order, you need to follow the link to a separate Settings resource that you can perform a PATCH operation on that contains the pending UEFI Boot Order settings, and update that PersistentBootConfigOrder and/or the DesiredBootDevices properties in that Settings resource. The settings remain pending until next reboot, and the results are reflected back in the @Redfish.Settings property in the UEFI Boot Order current configuration resource.

Prerequisites: Minimum required session ID privileges: Configure

  1. Iterate through /redfish/v1/Systems/ and choose a member ComputerSystem. Find a child resource of type HpeServerBootSettings that allows PATCH operations (there might be more than one, but for this exercise, hoose the first one).
    • {ilo-ip-address}/redfish/v1/Systems/1/BIOS/Boot/Settings/
  2. Obtain the UEFI boot order.
    • GET {ilo-ip-address}/redfish/v1/Systems/1/BIOS/Boot/Settings/
  3. Create a new JSON object with the PersistentBootConfigOrder property and change the boot order.
  4. Change the UEFI boot order. You only need to send the updated PersistentBootConfigOrder property in the request body.
    • PATCH {ilo-ip-address}/redfish/v1/Systems/1/BIOS/Boot/Settings/

When the sever is reset, the new boot order is validated and used.

Reset a Server

Server power control is a system-node-level entity, not a chassis-level control. For example, you can turn on one node in a multi-node chassis. You control power by performing an HTTP operation on a computer system node object.

Some operations in the interface are not truly RESTful GET, PUT, POST, DELETE, or PATCH. They are called custom actions and are performed with an HTTP POST containing a specific request payload. Typically, actions are defined when the action you want to perform is not adequately represented by the properties available in the type. For example, a power button is not readable, so you cannot GET the status of the power button. In this case, pressing the power button is an action.

Actions are POST operations with an Action property that names the action to perform and zero or more parameter properties.

Reset a server example

curl --header "Content-Type: application/json" --request POST --data '{"ResetType": "ForceRestart"}' https://{iLO}/redfish/v1/Systems/1/Actions/ComputerSystem.Reset -u username:password --insecure

Prerequisites

Minimum required session ID privileges: Configure

  1. Iterate through /redfish/v1/Systems collection and choose a member ComputerSystem that allows POST operations.
    • {ilo-ip-address}/redfish/v1/Systems/1
  2. Get the “Actions” -> “#ComputerSystem.Reset” -> “target” Uri.
  3. Construct an Action object to submit to iLO.
    • {"ResetType":"ForceRestart"}
  4. Reset the server by posting the body to the target Uri.
    • POST {ilo-ip-address}/redfish/v1/Systems/1/Actions/ComputerSystem.Reset/

The server resets and reboots.

Download Active Health System Data

For more information click on the python tab.

For a full Redfish example click here: get_ahs_data.py

Active Health System (AHS) data may be accessed by first discovering the resource of type HpiLOActiveHealthSystem. This is typically at https://{iLO}/redfish/v1/managers/{item}/activehealthsystem/. Refer to the section on Iterating Collections for details on how to navigate the data model.

  1. Iterate the Managers collection at https://{iLO}/redfish/v1/managers/. For traditional iLO-based server architectures there is a single manager representing iLO 5 itself.

  2. Find the Link property referring to the HpiLOActiveHealthSystem and follow that link.

  3. GET the HpiLOActiveHealthSystem resource and look for the URI indicated by Links.AHSLocation.extref.

  4. Perform a GET to this URI with the following query parameters to define the download time range and embed customer case information:

If successful, the response is an HTTP 200 level status code and a binary download which can be saved to a file.

Finding the iLO mac address

For more information click on the python tab.

For a full Redfish example click here: find_ilo_mac_address.py

Before you search for the iLO mac address, you must create an instance of a RestObject or RedfishObject. The class constructor takes the iLO hostname/IP address, iLO login username, and password as arguments. The class also initializes a login session, gets systems resources, and message registries.

Adding an iLO user account

For more information click on the python tab.

For a full Redfish example click here: add_user_account.py

Before you add an iLO user account, you must create an instance of a RestObject or RedfishObject. The class constructor takes the iLO hostname/IP address, iLO login username, and password as arguments. The class also initializes a login session, gets systems resources, and message registries.

Setting a license key

curl -H "Content-Type: application/json" -X POST --data "@data.json" https://{iLO}/redfish/v1/Managers/1/LicenseService/ -u username:password --insecure

Contents of data.json

{“LicenseKey”: “xxxxx-xxxxx-xxxxx-xxxxx-xxxxx”}

For a full Redfish example click here: set_license_key.py

Before you set a license key, you must create an instance of a RestObject or RedfishObject. The class constructor takes the iLO hostname/IP address, iLO login username, and password as arguments. The class also initializes a login session, gets systems resources, and message registries.

Changing an iLO user account

For more information click on the python tab.

For full Redfish examples click here: modify_user_account.py, remove_account.py

Before you change an iLO user account, you must create an instance of a RestObject or RedfishObject. The class constructor takes the iLO hostname/IP address, iLO login username, and password as arguments. The class also initializes a login session, gets systems resources, and message registries.

iLO 5 Software/Firmware Update Service

The Redfish standard schema package DSP8010 version 2016.2 introduced the “UpdateService” schema, enabling firmware and software inventory, and simple firmware updates. The iLO 5 Update Service is conformant with the “UpdateService” schema, but significantly expands the capabilities to include a component repository, an update queue, and install sets.

Concepts and Terms

Term Definition
Inventory The installed or running versions of software or firmware.
Target The object of a firmware or software update (e.g. BIOS, iLO, Network Adapter, software package).
Update The process of applying updated firmware or software to applicable targets.
Update Agent The software or firmware agent that applies an update to one or more targets. Update Agents include Smart Update Manager (SUM), UEFI BIOS, and iLO 5. Different types of updates might be supported by specific update agents.
Activate The process of making updated firmware of software active (for example, a BIOS update is activated when the server reboots).
Component A package containing one or more software or firmware update images (also known as a “Smart Component”). Components are typically delivered with the Support Pack for ProLiant (SPP) in EXE, RPM, or ZIP files.
Component Signature File (.compsig) A file containing information about a component, including a digital signature. This enables iLO to verify the integrity and authenticity of a variety of component formats. The .compsig files are also available with the SPP and must be uploaded with the component. SUM automatically uploads the right .compsig file with components.
iLO Repository A persistent storage location on the server that can hold software or firmware update components.
Update Task Queue An iLO managed queue of update operations. iLO might not be the actual update agent. Other update agents include Smart Update Manager (SUM) and the UEFI BIOS.
Install Set A pre-defined sequence of update tasks managed using the iLO REST API that can be added to the Update Task Queue with an “Invoke” action.
Maintenance Window A defined time window that may be used with an Update Task create or Install Set Invoke commands to associate a time with the operation.

Redfish Update Service Operations

The Update Service is available as a link (UpdateService) from the Redfish root resource (/redfish/v1/). The Update Service complies with the Redfish UpdateService schema.

Firmware and Software Inventory

The firmware and software inventory is maintained in two separate collections (FirmwareInventory and SoftwareInventory). These collections support the iLO 5 $expand operation, allowing a client to fetch the entire collection with one GET operation.

Each member item conforms to the Redfish SoftwareInventory schema.

Item (generic) at /redfish/v1/UpdateService/FirmwareInventory/{item}

HTTP Allow: GET

Adapting from iLO 4 HpSwFwInventory to iLO 5 Redfish Inventory

The following attributes of items in the iLO 4 inventory have been replaced in the iLO 5 Redfish conformant inventory:

SimpleUpdate Action

The SimpleUpdate action with the "ImageURI" parameter causes iLO to fetch an image from a web server and flash it directly. Only certain types of images may be supplied, including iLO firmware binaries and UEFI firmware binaries. Smart Components are not supported. The list of supported binaries is the same as those that can be updated through iLO’s Web user interface.

Smart Components may be uploaded to the iLO Repository and a task created to cause UEFI or SUM to perform the update.

POST /redfish/v1/UpdateService/Actions/UpdateService.SimpleUpdate/

{
    "ImageURI": "<uri to binary image for iLO to flash>"
}

HttpPushUri

The HttpPushUri property indicates the URI to POST a firmware component that iLO can flash. Only certain types of images may be supplied including iLO firmware binaries and UEFI firmware binaries. Smart Components are not supported. The list of supported binaries is the same as those that can be updated through iLO’s Web user interface.

The POST must be of Content-Type: “multipart/form-data”

-----------------------------64062213329524
Content-Disposition: form-data; name="sessionKey"

<value of X-Auth-Token here>

-----------------------------64062213329524
Content-Disposition: form-data; name="<component-filename>"; filename="<component-filename>"
Content-Type: application/octet-stream

<binary image>

iLO validates the uploaded binary image and flashes any applicable targets immediately. If the update is for iLO itself, iLO automatically resets at the end of the flash process and activates the new firmware upon restart.

Software and Firmware Management Flow

Evaluating Current Software and Firmware Inventory to iLO Repository Components

This is the general pseudocode to correlate applicable updates in the iLO Repository to updatable items from the inventory.

  1. Use the FirmwareInventory and SoftwareInventory data to evaluate the current software and firmware running on the server.
for component in /redfish/v1/updateservice/componentrepository:
    for inventory_item in /redfish/v1/updateservice/firmwareinventory:

        # if "DeviceClass" is populated in the inventory item
        if DeviceClass in inventory_item:
            # if present and not matching, move along
            if component.DeviceClass != inventory_item.DeviceClass:
                continue

        # if we made this this far, either inventory item doesn't have DeviceClass or they match
        for target in component.Targets:
            if target in item.Oem.Hpe.Targets:
                return inventory_item, component  # return correlated
  1. Upload new components to the iLO Repository
  2. Optionally create or modify Install Sets to bundle multiple components in the iLO Repository into an ordered list of update operations.
  3. Optionally create Maintenance Windows to specify pre-determined time ranges for udpate tasks to be executed.
  4. Create tasks individually or Invoke an Install Set to populate the task list. Use either a time range for each task or specify a Maintenance Window to automatically associate the timed window with the created tasks.
  5. Monitor update operations and handle any errors
  6. Optionally remove any completed Tasks, Maintenance Windows, Install Sets, or components that are no longer required.

Software and Firmware Management Operations

iLO Repository

The iLO Repository is a persistent storage location for update components including Smart Component files (.EXE, .RPM, etc.), as well as raw binary files (.BIN). Additions to the repository require a digital signature for iLO to verify the integrity and authenticity of the component. For raw .BIN files, this information is contained within the file. For Smart Components, the information is in a separate Component Signature file (.compsig) that must be supplied when adding a component.

The Repository is available in the REST API as a child of the Update Service.

  1. GET root (/redfish/v1/).
  2. GET the destination of the UpdateService link.
  3. GET the destination of the Oem/Hpe/ComponentRepository link.

Additions to the repository are made via the UpdateService actions. Removals are made by DELETE on repository collection members.

Upload Components

See details on the HttpPushUri in the Update Service resource first. The upload process can alternatively be used to add components to the iLO Repository. As with update, the POST must be a multipart/form-data.

The following HTTP headers must be supplied:

    # build the HTTP headers
    # 'Content-Type': 'multipart/form-data',
    headers = {'Accept': 'application/json',
               'Expect':'',
               'OData-Version': '4.0',
               'X-Auth-Token': sessionkey,
               'Cookie': 'sessionKey=' + sessionkey}

The HTTP POST body:

-----------------------------64062213329524
Content-Disposition: form-data; name="sessionKey"

<value of X-Auth-Token here>

-----------------------------64062213329524
Content-Disposition: form-data; name="parameters"
Content-Type: application/json

{
  "UploadCurrentEtag": "<client-defined-string>",
}

-----------------------------64062213329524
Content-Disposition: form-data; name="compsig"; filename="compsig-filename"
Content-Type: application/octet-stream

<binary content of component signature file>

-----------------------------64062213329524
Content-Disposition: form-data; name="file"; filename="component-filename"
Content-Type: application/octet-stream

<binary content of component file>

The new ‘compsig’ part enables the client to push the component signature file with the payload.

The ‘parameters’ part enables clients to add parameters to the upload like execution parameters.

‘parameters’ part in multi-part POST

The following parameters may be specified in a JSON object as part of the upload. All parameters are optional and the ‘Parameters’ multi-part may be optional.

Parameter Name JSON type Description
UpdateRepository boolean If true, adds the component to the repository. This is ignored and assumed true for components flashable by UEFI or SUT/SUM.
UploadCurrentEtag string client-selected-etag-string-reported back in ‘UploadCurrentEtag’
UpdateTarget boolean If true, iLO immediately flashes the binary. This is ignored and assumed false for components flashable by UEFI or SUT/SUM.
Section integer Section number for huge uploads (see below) starting at 0.

NOTE: The two free-form parameters, ‘ExecutionParameters’ and ‘Configuration’ (used by SUM to communicate to the components) are not supplied here, but can be PATCHed later once the components are in the Repository.

iLO self-flash Example:

{
    "UploadCurrentEtag": "<client-defined-string>",
    "UpdateRepository": true,
    "UpdateTarget": true
}

Smart Component Example:

{
    "UploadCurrentEtag": "<client-defined-string>"
}

Waiting for Uploads to Complete

After uploading the component, iLO must verify and write the contents to the repository. The client may track this progress by polling on Oem/Hpe/State property in the UpdateService. Values are:

State Detail
Uploading iLO is processing the upload - Clients likely won’t see this State because this state occurs during the upload POST.
Verifying iLO is verifying the integrity and authenticity of the upload.
Writing iLO is writing the upload to the repository.
Updating iLO is updating one or more targets applicable to the upload.
Complete The operation is complete without errors.
Error The operation encountered errors.

The client should wait for Complete before progressing.

Inventory Components in iLO Repository

The iLO Repository is a collection that supports the $expand operation. Perform a GET operation on the collection and its members to inventory the repository.

Available data for each member includes:

Property PATCHable? Detail
Name No Component Name
Filename No Unique file name
Version No Version as a string
SizeBytes No Size in Bytes
Criticality Yes Recommended, optional, critical.
Created No Time the component was added to the repository.
Locked No True if the component is referenced by a task or install set.
ComponentUri No URI of the component binary.
Activates No A hint of when a component activates (for example, after reboot).
Configuration Yes For Smart Update Manager use only.
ExecutionParameters Yes The command line passed to the component when launched.

Remove Components

Perform a DELETE operation on the repository collection member to remove it from the repository.

Free Space

The free and total space of the iLO Repository in bytes is available as part of the Repository Collection.

{
    "@odata.context": "/redfish/v1/$metadata#ComponentRepository",
    "@odata.etag": "W/\"FF1B13FE\"",
    "@odata.id": "/redfish/v1/UpdateService/ComponentRepository/",
    "@odata.type": "#HpeComponentCollection.HpeComponentCollection",
    "Description": "Component Collection",
    "Members@odata.count": 0,
    "Name": "Component Collection",
    "Oem": {
        "Hpe": {
            "@odata.type": "#HpeComponentRepositoryInformation.v2_0_0.HpeComponentRepositoryInformation",
            "ComponentCount": 0,
            "FreeSizeBytes": 1073102848,
            "TotalSizeBytes": 1073168384
        }
    }
}

Correlating Components with Current Software and Firmware Version Inventory

There is not a one-to-one correspondence between installed firmware or software and update components. For example, a component might carry firmware for several network controllers.

This algorithm shows how to correlate current version inventory with available components:

for component in componentrepository:
    for inventory_item in inventory:

        # if "DeviceClass" is populated in the inventory item
        if DeviceClass in inventory_item:
            # if present and not matching, move along
            if component.DeviceClass != inventory_item.DeviceClass:
                continue

        # if we made this this far, either inventory item doesn't have DeviceClass or they match
        for target in component.Targets:
            if target in item.Oem.Hpe.Targets:
                return inventory_item, component  # return correlated

Tasks

Update Agents and Strong Queue Order

Different updates must be performed in different ways:

The UpdateableBy property indicates which “update agent” may perform the update.

For an update to be applied to a running operating system, SUM or SUT must run on the OS. SUM/SUT checks for pending tasks that include RuntimeAgent in the UpdateableBy property.

For an update to be applied during UEFI POST, UEFI checks for pending tasks that include Uefi in the UpdateableBy property.

For an update to be applied any time by iLO, iLO checks for pending tasks that include Bmc in the UpdateableBy property. Note that items that are updateable by iLO are never marked as updatable by any other agent.

Because of the strong ordering of the task queue, updaters do not bypass another pending item or exception item to find something to update. This can result in task queue stalls. For example, if the top of the queue is marked as Uefi update, and the second item is marked RuntimeAgent, SUM/SUT won’t process their item until the system has rebooted, and UEFI has processed its top item.

Updaters process the queue in order, looking at the task state:

Task State Updater Behavior
Pending Mark as InProgress and begin task.
InProgress Do nothing and stop processing the queue - a task item is in progress by another updater (assuming this task is not yours).
Expired Do nothing and stop processing the queue - the task item has expired, and because of strong queue ordering, all following tasks are not processed.
Exception Do nothing and stop processing the queue - the task item has failed, and because of strong queue ordering, all following tasks are not processed.
Complete Iterate to next task and examine its State.
Canceled Iterate to next task and examine its State.

Creating Update Tasks

Create a new Task resource to schedule Update tasks. POST a new task object to the tasks collection pointed to by UpdateService Oem/Hpe/UpdateTaskQueue:

Example that enables an component to be updated by either SUM or UEFI:

{
    "Name": "Unique Client supplied friendly name of this task item.",
    "UpdatableBy": [
        "Uefi",
        "RuntimeAgent"
    ],
    "Command": "ApplyUpdate",
    "Component": "<component-name>",
    "TPMOverride": true
}

Example that enables an binary component to be updated by iLO:

{
    "Name": "Unique Client supplied friendly name of this task item.",
    "UpdatableBy": [
        "Bmc"
    ],
    "Command": "ApplyUpdate",
    "Component": "<component-name>"
}

This creates a new task in the Pending state at the end of the queue. If it assigned to the Bmc and is at the top of the queue, iLO starts operating on it immediately. Otherwise, the new task is operated on as soon as an updater runs and finds the new task.

Creating Scheduled Tasks

Starting with iLO 5 1.30 a client may specify a time window for a task. Time is always relative to iLO’s clock. Two options exist for creating scheduled tasks: explicit time ranges or Maintenance Windows.

Explicit Time Range: Include StartAfter and Expire in Task Create POST

StartAfter and Expire are two times that can be included in the task create POST operation. You may specify either or both. Each must be formatted as an ISO 8601 time string.

Tasks in the Pending state will not begin execution until iLO time is after StartAfter. If for some reason an update does not start and remains in a Pending state until after the Expire time, it will never be executed and the State will be Expired. This can happen for instance if a task is to be executed by UEFI and no reboot happens during the time window.

Maintenance Window

See the section on Maintenance Windows later for more details on the use of Maintenance Windows.

If a client creates a Maintenance Window, this window may be specified (by Id) in the creation of a task.

Example that uses a Maintenance Window

{
    "Name": "Unique Client supplied friendly name of this task item.",
    "UpdatableBy": [
        "Bmc"
    ],
    "Command": "ApplyUpdate",
    "Component": "<component-name>",
    "MaintenanceWindow": "<maintenance-window-id>"
}

Creating Wait Tasks

Wait tasks can be used to insert time between two other tasks. The UpdatableBy property should contain only one update agent chosen based upon the updater that needs the time.

Example that causes UEFI to Wait for 30 seconds:

{
    "Name": "Pause 30 seconds",
    "UpdatableBy": [
        "Uefi"
    ],
    "Command": "Wait",
    "WaitTimeSeconds": 30
}

WaitTimeSeconds can be in the range 0-3600 seconds.s

Retiring and Removing Tasks

The REST client that creates an update task is expected to DELETE the task upon completion after the final status/log information is obtained.

Tasks are removed by performing a DELETE operation on the task collection member. The entire queue can be cleared by deleting all tasks. InProgress tasks should not be deleted even though the REST API will allow it. This might be useful if the task list is stalled and needs to be cleared.

iLO automatically removes completed tasks (State is Complete) after 24 hours, but tasks in any other state are not removed.

Handling Exceptions

If a task cannot complete it will report a State value of Exception. Tasks in this state do not automatically clear and require attention to clear. You may remove the task and re-add it later if there is a condition corrected that improves its chances of executing to completion.

Stalls in the Task Queue

Tasks can be added to the task queue that cannot execute to completion. In this case, the task queue might stall waiting for attention or the appropriate updater to execute. Examples may include the following:

Maintenance Windows

(New for iLO 5 1.30)

Tasks can be created and Install Sets invoked with either an explicit time range (specifying StartAfter and Expire times) or by referring by Id to a Maintenance Window.

The Maintenance Window collection is pointed to by UpdateService Oem/Hpe/MaintenanceWindows:

A special feature of Maintenance Windows is that any task associated with a Maintenance Window may be rescheduled by PATCHing the Maintenance Window instead of modifying multiple tasks.

Creating Maintenance Windows

POST a new object to the Maintenance Window collection:

{
    "Name": "unique name of the Maintenance Window.",
    "StartAfter": "ISO 8601 Redfish-style time string of earliest execution - null for no start time specified",
    "Expire": "ISO 8601 Redfish-style time string after which we will automatically change state to Expired - null for no expire time"
}

Any of these properties may be PATCHed to modify an existing Maintenance Window.

Referring to Maintenance Windows

Each Maintenance Window has an Id string property. Use this value with the MaintenanceWindow property when creating a task or invoking an install set.

Removing Maintenance Windows

Maintenance Windows are removed by performing a DELETE operation on the Maintenance Window member.

Maintenance Windows will eventually be outdated with times in the past and should be removed.

Install Sets

Create a new install set resource to create Install Sets. POST a new install set object to the install set collection pointed to by UpdateService Oem/Hpe/InstallSets:

Creating Install Sets

POST a new install set object to the install set collection:

{
    "Name": "unique name of the install set.",
    "IsRecovery": false,
    "Sequence": [
        {
            "Name": "Client supplied friendly name of this task item.",
            "UpdatableBy": [
                "Uefi",
                "RuntimeAgent"
            ],
            "Command": "ApplyUpdate",
            "Filename": "Name of the file as it appears in the repository."
        }
    ]
}

Invoking Install Sets

Install Sets are invoked by performing the Invoke action on the install set member item. The Invoke action has no parameters.

Invoking an install set causes iLO to append the task queue with new tasks, each corresponding to the items in the Sequence array.

POST /redfish/v1/updateservice/installsets/{id}/Actions/HpeComponentInstallSet.Invoke
Content-Type: application/json
{
    "ClearTaskQueue": true,
}

Scheduled Install Sets

Starting with iLO 5 1.30 a client may specify a time window for an Install Set. Time is always relative to iLO’s clock. Two options exist for creating scheduled tasks: explicit time ranges or Maintenance Windows.

Explicit Time Range: Include StartAfter and Expire in Invoke

StartAfter and Expire are two times that can be included in Invoke Action. You may specify either or both. Each must be formatted as an ISO 8601 time string.

Each task in the Install Set will be created with this explicit time range. Tasks in the Pending state will not begin execution until iLO time is after StartAfter. If for some reason an update does not start and remains in a Pending state until after the Expire time, it will never be executed and the State will be Expired. This can happen for instance if a task is to be executed by UEFI and no reboot happens during the time window.

POST /redfish/v1/updateservice/installsets/{id}/Actions/HpeComponentInstallSet.Invoke
Content-Type: application/json
{
    "ClearTaskQueue": true,
    "StartAfter": "ISO 8601 Redfish-style time string of earliest execution - null for no start time specified",
    "Expire": "ISO 8601 Redfish-style time string after which we will automatically change state to Expired - null for no expire time"
}
Install sets and Maintenance Windows

If a client creates a Maintenance Window, this window may be specified (by Id) in the Install Set Invoke.

POST /redfish/v1/updateservice/installsets/{id}/Actions/HpeComponentInstallSet.Invoke
Content-Type: application/json
{
    "ClearTaskQueue": true,
    "MaintenanceWindow": "<maintenance-windows-Id>"
}

Removing Install Sets

Install Sets are removed by performing a DELETE operation on the install set member.

Using Install Sets for Rollback and Baseline Management

iLO does not maintain a specific “rollback” architecture. Instead, a client might maintain alternate versions of the same deliverable in the iLO Repository, and maintain multiple (up to 8) install sets in the InstallSets collection.

Firmware Recovery Install Set

SystemRecoveryConfigPriv

One of the install sets on the system might be marked with a property "IsRecovery": true. If true, the install set is reserved to hold only critical firmware recovery components.

‘Administrate Recovery Set’ iLO user privilege is required to modify or remove this install set.“. This is called SystemRecoveryConfigPriv in the REST API’s Account privileges. This privilege enables users to alter or remove this recovery install set.

The recovery install set should only be modified with care and hold a minimal set of firmware updates needed to make the server bootable. These firmware image file must be directly flashable by iLO. The order is important because the install set is the order of update.

Firmware Verification

Firmware Verification, available with the iLO Advanced Premium Security Edition, enables you to run an on-demand verification scan or implement scheduled scans.

To respond to detected issues, choose between logging the results, or logging the results and initiating a repair action that uses a recovery install set.

Depending on the scan results, information is logged in the Active Health System Log and the Integrated Management Log.

The following firmware items are verified:

When a firmware verification scan is in progress, you cannot install firmware updates or upload firmware to the iLO Repository.

Configuring Firmware Verification

Available with iLO Advanced Premium Security Edition

Firmware Verification scan options:

If a problem is detected for a supported firmware item, iLO checks for the affected firmware type in a protected install set. By default, this set is the System recovery set. If a firmware image is available, iLO flashes that firmware image to complete the repair.

GET /redfish/v1/UpdateService/

{
    "Oem": {
        "Hpe": {
            "FirmwareIntegrity": {
                "EnableBackgroundScan": true,
                "LastScanResult": "OK",
                "LastScanTime": "2017-05-31T19:14:54Z",
                "OnIntegrityFailure": "LogAndRepairAutomatically",
                "ScanEveryDays": 14
            }
        }
    }
}

Initiating a Firmware Verification Scan

Available with iLO Advanced Premium Security Edition

You may manually start a firmware verification scan by invoking the action "StartFirmwareIntegrityCheck”. You must have the iLO Advanced Premium Security Edition license to use this feature.

POST /redfish/v1/UpdateService/Actions/Oem/Hpe/HpeiLOUpdateServiceExt.StartFirmwareIntegrityCheck

BIOS Defaults and Passwords

Actions are POST operations to perform a specific request, such as a system reset or a password change. Actions are completely different from actions in iLO 4. The Bios resource has 2 actions:

Reset BIOS Settings

UEFI BIOS Supports a new POST action to reset settings.

"Actions": {
  "#Bios.ResetBios": {
    "target": "/redfish/v1/Systems/1/Bios/Settings/Actions/Bios.ResetBios"
  }
}

The body of the POST should contain

{
  "ResetType" : "default"      
}

or

{  
  "ResetType" : "default.user"
} 

Change BIOS password

UEFI BIOS supports a new POST action to change the BIOS password.

"Actions": {
  "#Bios.ChangePassword": {
    "target": "/redfish/v1/Systems/1/Bios/Settings/Actions/Bios.ChangePassword"
  }
}

The body of the action should contain:

{
  "PasswordName": "Administrator | User",
  "OldPassword" : "OldPasswordText",
  "NewPassword" : "NewPasswordText"
}

The target link is where the body of the action should be posted.

iSCSI Software Initiator Configuration

Introduction

The iSCSI Software Initiator allows you to configure an iSCSI target device to be used as a boot source. The BIOS current configuration object contains a link to a separate resource of type HpeiSCSISoftwareInitiator. The BIOS current configuration resource and the iSCSI Software Initiator current configuration resources are read-only. To change iSCSI settings, you need to follow another link to the Settings resource, which allows PUT and PATCH operations.

The iSCSI target configurations are represented in an iSCSISources property, that is an array of objects, each containing the settings for a single target. The size of the array represents the total number of iSCSI boot sources that can be configured at the same time. Many mutable properties exist, including iSCSIAttemptInstance, which can be set to a unique integer in the range [1, N], where N is the boot sources array size. By default, this instance number is 0 for all objects, indicating that the object should be ignored when configuring iSCSI.

Each object also contains two read-only properties—StructuredBootString and UEFIDevicePath, which are only populated after the target has been successfully configured as a boot source. More information about each property is available in the corresponding schema. The iSCSI initiator name is represented by the iSCSIInitiatorName property.

An additional read-only property, iSCSINicSources, is only shown in the iSCSI current configuration resource. This property is an array of strings representing the possible NIC instances that can be used as targets for iSCSI boot configuration. To confirm which NIC device each string corresponds to, it is recommended to cross-reference two other resources.

Changing the iSCSISources and iSCSIInitiatorName settings can be done through PATCH operations, very similar to how HpeBios settings are changed. However, whereas all BIOS settings are located in a single flat object, iSCSI settings are nested into arrays and sub-objects. When doing a PATCH operation, use empty objects ({}) in place of those boot source objects that you do not want to alter.

The following example covers a situation where you have configured two iSCSI boot sources, and you would like to edit some existing settings, and add a third source.

  1. Iterate through /redfish/v1/Systems and choose a member ComputerSystem. Find a child resource of type HpeiSCSISoftwareInitiator that allows PATCH operations.
    • {ilo-address}/redfish/v1/Systems/1/BIOS/iSCSI/Settings
  2. Inspect the existing iSCSISources array. You need to inspect the iSCSIAttemptInstance property of each object to find the boot sources you are prefer to change.

  3. Create a new JSON object with the iSCSISources property.

    • Use an empty object in the position of instance 1 to indicate that it should not be modified. Use an object in the position of instance 2 containing the properties that should be modified—all omitted properties remain unmodified.
    • To add a new boot source, find any position of instance 0 and replace it with an object containing all the new settings, and most importantly, a new unique value of iSCSIAttemptInstance.
  4. Change the iSCSI software initiator settings.

    • PATCH {ilo-address}/redfish/v1/Systems/1/BIOS/iSCSI/Settings

HTTPS Boot TLS Configuration

TLS Certificates Resource has three resources within the RESTful API tree: - Current Settings Resource (read-only) : redfish/v1/systems/1/bios/tlsconfig/ - Contains current TLS certificates resource configuration data present in the system - Pending Settings Resource (read/write) : redfish/v1/systems/1/bios/tlsconfig/settings/ - Writable resource used to configure TLS certificates settings - Modifiable properties: - "Ciphers" - Set the desired supported ciphers - "HostnameCheck" - Enable/Disable host name checking - "ProtocolVersion" - Set the desired protocol version - "VerifyMode" - Set the verification method (PEER/NONE) - "NewCertificates" - An array of the certificates to be installed - "DeleteCertificates" - An array of the fingerprints of the certificates to be deleted - Read Only properties that gets modified internally: - "Certificates" - An array of all the installed certificates - "TlsCaCertificateCount" - The number of the installed certificates

Installing Certificates

The certificates are X509 keys. In PEM format, the certificates are encoded in a series of strings with new line characters between them:

This an example of a certificate in a PEM format:

—–BEGIN CERTIFICATE—– MIIEHTCCAwWgAwIBAgIQe8LmWgF5edKw01/avJg69DANBgkqhkiG9w0BAQsFADCB kTELMAkGA1UEBhMCVVMxKzApBgNVBAoTIkhld2xldHQgUGFja2FyZCBFbnRlcnBy aXNlIENvbXBhbnkxIDAeBgNVBAsTF0luZnJhc3RydWN0dXJlIFNlcnZpY2VzMTMw

It should be modified to add the new line characters:

—–BEGIN CERTIFICATE—–\r\nMIIGxDCCBaygAwIBAgIQUkL9757013wOQ2heZMCLizANBgkqhkiG9w0BAQsFADCB\r\nkTELMAkGA1UEBhMCVVMxKzApBgNVBAo TIkhld2xldHQgUGFja2FyZCBFbnRlcnBy\r\naXNlIENvbXBhbnkxIDAeBgNVBAsTF0luZnJhc3RydWN0dXJlIFNlcnZpY2VzMTMw\r\n

Notice the “\r\n” added at the beginning of the certificate and at end of each line in the certificate body. Finally, the certificate needs to be PUT (only a PUT would work) through the API (Postman,..), as many as needed to be installed. See the examples in the right pane for more information:

PUT /redfish/v1/Systems/{item}/bios/tlsconfig/settings/

{
  "NewCertificates": [
    {
      "X509Certificate":"-----BEGIN CERTIFICATE-----\r\nMIIGxDCCBaygAwIBAgIQUkL9757013wOQ2heZMCLizANBg......"
    }
  ]
}

Once installed, it will look like this after rebooting:

{
  "@odata.context": "/redfish/v1/$metadata#HpeTlsConfig.HpeTlsConfig",
  "@odata.etag": "W/\"DAE5B73CD430CFCFCF7E180C05FE6C9E\"",
  "@odata.id": "/redfish/v1/systems/1/bios/tlsconfig/settings/",
  "@odata.type": "#HpeTlsConfig.v1_0_0.HpeTlsConfig",
  "Certificates": [
    {
        "FingerPrint": "54:8C:8B:45:55:30:47:8D:43:8D:44:BF:33:E0:C5:A5:44:1E:E9:5E:B2:0A:AC:A6:CA:59:B6:D9:7B:FC:83:A9",
        "Issuer": "C=US, O=Whatever, OU=Infrastructure Services, CN=Whatever Private Root CA",
        "SerialNumber": "5242FDEF9EF4D77CE43685E64C08B8B",
        "Subject": "O=Whatever, CN=John Smith, OU=XXX-WEB-H, OU=Computer Name - Smith.John, OU=Employment Status - Employees, OU=SmartCard, emailAddress=John.Smith@whatever.com",
        "ValidNotAfter": "07/11/2017  23:59",
        "ValidNotBefore": "07/11/2016  00:00"
    }
  ],
  "Ciphers": "AES128-SHA:AES256-SHA:AES128-SHA256:AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384",
  "DeleteCertificates": [],
  "HostnameCheck": "Enabled",
  "Id": "settings",
  "Name": "TLS Pending Settings",
  "NewCertificates": [],
  "ProtocolVersion": "AUTO",
  "TlsCaCertificateCount": 1,
  "VerifyMode": "NONE"
}

Deleting Certificates

When a certificate is installed, a new field is created with the Fingerprint of that certificate (SHA256). To remove a certificate, PUT the fingerprint to remove

PUT /redfish/v1/Systems/1/bios/tlsconfig/settings/

{
  "DeleteCertificates": [
    {
      "FingerPrint": "54:8C:8B:45:55:30:47:8D:43:8D:44:BF:33:E0:C5:A5:44:1E:E9:5E:B2:0A:AC:A6:CA:59:B6:D9:7B:FC:83:A9"
    }
  ]
}

You can delete more than one certificate at a time.

Resetting the resource to its default settings

See the example in the right pane for more information.

PUT /redfish/v1/Systems/1/bios/tlsconfig/settings/

{
  "BaseConfig": "Default"
}

The default resource would look like:

{
  "@odata.context": "/redfish/v1/$metadata#HpeTlsConfig.HpeTlsConfig",
  "@odata.etag": "W/\"F5B8B30487AB151515845B0C2CC520E0\"",
  "@odata.id": "/redfish/v1/systems/1/bios/tlsconfig/settings/",
  "@odata.type": "#HpeTlsConfig.v1_0_0.HpeTlsConfig",
  "Certificates": [],
  "Ciphers": "AES128-SHA:AES256-SHA:AES128-SHA256:AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384",
  "DeleteCertificates": [],
  "HostnameCheck": "Disabled",
  "Id": "settings",
  "Name": "TLS Current Settings",
  "NewCertificates": [],
  "ProtocolVersion": "AUTO",
  "TlsCaCertificateCount": 0,
  "VerifyMode": "PEER"
}

Examples of other changes

PATCH /redfish/v1/Systems/1/bios/tlsconfig/settings/

{
  "Ciphers": "AES128-SHA:AES256-SHA"
}

PATCH /redfish/v1/Systems/1/bios/tlsconfig/settings/

{
  "VerifyMode": "PEER"
}    

PATCH /redfish/v1/Systems/1/bios/tlsconfig/settings/

{
  "HostnameCheck": "Enabled"
}    

PATCH /redfish/v1/Systems/1/bios/tlsconfig/settings/

{
  "ProtocolVersion": "1.1"
}    

SSL certificates

SSL protocol is a standard for encrypting data so that it cannot be viewed or modified while in transit on the network. This protocol uses a key to encrypt and decrypt the data. Generally, the longer the key, the better the encryption.

A certificate is a small data file that connects an SSL key to a server. The certificate contains the server name and the server public key. Only the server has the corresponding private key, and this is how it is authenticated.

A certificate must be signed to be valid. If it is signed by a Certificate Authority (CA), and that CA is trusted, all certificates signed by the CA are also trusted. A self-signed certificate is one in which the owner of the certificate acts as its own CA. By default, iLO creates a self-signed certificate for use in SSL connections. This certificate enables iLO to work without additional configuration steps.

IMPORTANT: Using a self-signed certificate is less secure than importing a trusted certificate. Hewlett Packard Enterprise recommends importing a trusted certificate to protect the security of the iLO processor.

Manually obtaining and importing an SSL certificate

iLO allows you to create a Certificate Signing Request that you can send to a Certificate Authority to obtain a trusted SSL certificate to import into iLO.

An SSL certificate works only with the keys generated with its corresponding CSR. If iLO is reset to the factory default settings, or another CSR is generated before the certificate that corresponds to the previous CSR is imported, the certificate does not work. In that case, a new CSR must be generated and used to obtain a new certificate from a CA.

Obtain a trusted certificate from a Certificate Authority (CA)

Prerequisites:

Enter the following details when you create a CSR: * City or Locality (L)—The city or locality where the company or organization that owns this iLO subsystem is located. * Common Name (CN)—The FQDN of this iLO subsystem. * Country ©—The two-character country code that identifies the country where the company or organization that owns this iLO subsystem is located. Enter the two-letter abbreviation in capital letters. * Organization Name (O)—The name of the company or organization that owns this iLO subsystem. * Organizational Unit (OU)—(Optional) The unit within the company or organization that owns this iLO subsystem. * State (ST)—The state where the company or organization that owns this iLO subsystem is located.

POST /redfish/v1/managers/{item}/securityservice/httpscert/HpeHttpsCert.GenerateCSR

{
    "City": "<City>",
    "CommonName": "<CommonName>",
    "Country": "<Country>",
    "IncludeIP": <true or false>,
    "OrgName": "<OrgName>",
    "OrgUnit": "<OrgUnit>",
    "State": "<State>"
}

Importing a trusted certificate

Prerequisites:

POST /redfish/v1/managers/{item}/securityservice/httpscert/HpeHttpsCert.ImportCertificate

{
    "Certificate": "<text>"
}

Sideloading certificate with private key

Note : Only 384-bit ECDSA key is allowed in CNSA security state and up to 2048-bit RSA key is allowed in other security states.

To sideload a certificate along with the private key, perform a POST request with the combined certificate and private key string in Certificate.

POST /redfish/v1/managers/{item}/securityservice/httpscert/HpeHttpsCert.ImportCertificate

{
    "Certificate": "<text>"
}

Automatic Certificate Enrollment

From iLO5 2.60 onwards, iLO supports obtaining and renewing SSL certificate automatically using the Simple Certificate Enrollment Protocol (SCEP). Currently, iLO supports these features on the Microsoft Network Device Enrollment Service (NDES).

By default the feature is disabled. To enable automatic certificate enrollment for iLO, you must first configure the following services on the certificate enrollment server: - Configure the Certificate Authority (CA). CA is the server that runs the Certificate Services and issues certificates. - Configure NDES. NDES is the Certificate Enrollment Server.

NOTE: This feature is not supported when iLO is in CNSA security state.

Enabling Automatic Certificate Enrollment

Prerequisites:

NOTE: If Enrollment Service is enabled, removal and manual import of certificate is not allowed.

To enable Automatic Certificate Enrollment, perform PATCH on /redfish/v1/Managers/1/SecurityService/AutomaticCertificateEnrollment

PATCH /redfish/v1/Managers/1/SecurityService/AutomaticCertificateEnrollment

PATCH Payload:

{
    "AutomaticCertificateEnrollmentSettings" : {
        "ServiceEnabled" : true,
        "ServerUrl" : "<CertificateServerURL>",
        "ChallengePassword" : "<ChallengePassword>"
    }
}

Updating certificate enrollment settings

Prerequisites:

NOTE: Updating the settings does not initiate certificate enrollment. To start the enrollment, first disable the service and enable it again.

To view the automatic certificate enrollment settings, perform GET on

GET /redfish/v1/Managers/1/SecurityService/AutomaticCertificateEnrollment

{
    "@odata.context": "/redfish/v1/$metadata#HpeAutomaticCertEnrollment.HpeAutomaticCertEnrollment",
    "@odata.etag": "W/\"<ETAG>\"",
    "@odata.id": "/redfish/v1/Managers/1/SecurityService/AutomaticCertificateEnrollment/",
    "@odata.type": "#HpeAutomaticCertEnrollment.v1_0_0.HpeAutomaticCertEnrollment",
    "Id": "AutomaticCertificateEnrollment",
    "Actions": {
        "#HpeAutomaticCertEnrollment.ImportCACertificate": {
            "Certificate@Redfish.AllowableValues": [
                "Certificate"
            ],
            "target": "/redfish/v1/Managers/1/SecurityService/AutomaticCertificateEnrollment/Actions/HpeAutomaticCertEnrollment.ImportCACertificate/"
        }
    },
    "AutomaticCertificateEnrollmentSettings": {
        "CACertificateName": "Unavailable",
        "CertificateEnrollmentStatus": "Disabled",
        "ChallengePassword": null,
        "ServerUrl": "",
        "ServiceEnabled": false
    },
    "HttpsCertCSRSubjectValue": {
        "City": "<City>",
        "CommonName": "<CommonName>",
        "Country": "<Country>",
        "IncludeIP": false,
        "OrgName": "<OrgName>",
        "OrgUnit": "<OrgUnit>",
        "State": "<State>"
    }
}

Modifying Webserver CSR subject contents

To modify the webserver CSR subject contents, perform PATCH on /redfish/v1/Managers/1/SecurityService/AutomaticCertificateEnrollment

PATCH /redfish/v1/Managers/1/SecurityService/AutomaticCertificateEnrollment

PATCH Payload:

{
    "HttpsCertCSRSubjectValue": {
        "City": "<City>",
        "CommonName": "<CommonName>",
        "Country": "<Country>",
        "IncludeIP": false,
        "OrgName": "<OrgName>",
        "OrgUnit": "<OrgUnit>",
        "State": "<State>"
    }
}

Renewing automatically managed SSL certificate

When the certificate enrollment service is enabled and the certificate is about to expire (that is 30 days from the expiry date), iLO initiates certificate renewal automatically. As soon as iLO initiates certificate renewal, the certificate enrollment status will change to InProgress.

Certificate enrollment status will change to Success when the renewal is successful. For information on renewal status, see the Security Logs. You must reset iLO manually after successful renewal. The newly trusted certificate will be in use only after iLO reset.

Certificate enrollment status will change to Failed if the renewal fails. For more information on cause of failure and recommended actions, see the Security Logs.

Viewing webserver certificate

Webserver certificate whether self-signed, manually imported or issued automatically can be viewed by performing GET on redfish/v1/managers/1/securityservice/httpscert/

GET redfish/v1/managers/1/securityservice/httpscert/

{
    "@odata.context": "/redfish/v1/$metadata#HpeHttpsCert.HpeHttpsCert",
    "@odata.etag": "W/\"<ETAG>\"",
    "@odata.id": "/redfish/v1/Managers/1/SecurityService/HttpsCert/",
    "@odata.type": "#HpeHttpsCert.v2_0_0.HpeHttpsCert",
    "Id": "HttpsCert",
    "Actions": {
        "#HpeHttpsCert.GenerateCSR": {
            "target": "/redfish/v1/Managers/1/SecurityService/HttpsCert/Actions/HpeHttpsCert.GenerateCSR/"
        },
        "#HpeHttpsCert.ImportCertificate": {
            "target": "/redfish/v1/Managers/1/SecurityService/HttpsCert/Actions/HpeHttpsCert.ImportCertificate/"
        }
    },
    "CertificateSigningRequest": null,
    "X509CertificateInformation": {
        "Issuer": "CN = <CommonName>, O = <OrgName>, OU = <OrgUnit>, L = <Region>, ST = <State>, C = <Country>",
        "SerialNumber": "<SerialNumber>",
        "Subject": "CN = <CommonName>, O = <OrgName>, OU = <OrgUnit>, L = <Region>, ST = <State>, C = <Country>",
        "ValidNotAfter": "2037-05-26T10:07:53Z",
        "ValidNotBefore": "2022-05-27T10:07:53Z"
    }
}

Disabling enrollment service

Disabling enrollment service does not remove the certificate generated using the service. To remove the certificate, see Removing an SSL certificate.

When the service is disabled, iLO does not initiate renewal of the certificate automatically.

Prerequisites:

To disable Automatic Certificate Enrollment, perform PATCH on /redfish/v1/Managers/1/SecurityService/AutomaticCertificateEnrollment

PATCH /redfish/v1/Managers/1/SecurityService/AutomaticCertificateEnrollment

PATCH Payload:

{
    "AutomaticCertificateEnrollmentSettings" : {
        "ServiceEnabled" : false
    }
}

Removing an SSL certificate

Use this feature to remove an SSL certificate and regenerate the iLO self-signed certificate.

NOTE: If Certificate Enrollment Service is enabled, removal and manual import of certificate is not allowed.

You might want to remove a certificate for the following reasons: - The certificate expired. - The certificate contains invalid information. - There are security concerns related to the certificate. - An experienced support organization recommended that you remove the certificate.

Prerequisites:

DELETE /redfish/v1/managers/{item}/securityservice/httpscert/

Security Service

The HpeSecurityService resource type contains security links and properties mentioned in the Resource definition section of this document. This section provides technical detail concerning several server management identities, including the Server Identity (DevID).

DevID is a standard (based on IEEE 802.1AR) way to uniquely identify a server across networks. DevID is uniquely bound to a server that enables a server to prove its identity in various industry standards and protocols that authenticate, provision, and authorize communicating devices. iLO supports factory provisioned server identity (iLO IDevID) and user defined server identity (iLO LDevID). iLO also stores the system certificates (System IDevID and System IAK).

Following are the different server management identities described in this section:

iLO IDevID

iLO can be provisioned with server identity in the factory. This factory provisioned server identity is called iLO IDevID. HPE servers can be securely on boarded into a customer network using the IDevID for 802.1X authentication. iLO IDevID has life time validity and is immutable.

To instruct the HPE factory to provision a server with an IDevID, include either SKU P41905-B21 (if you do not have a TPM2.0 module) or P42104-B21 (if you have a TPM2.0 module) in your order.

iLO does not allow you to update or delete IDevID since it is immutable. You can view the iLO IDevID certificate using the RESTful API GET command toward /redfish/v1/Managers/{@managerId}/SecurityService/iLOIDevID/Certificates/{@certId}

iLO LDevID

IDevID can be supplemented by a user defined server identity, called iLO LDevID. iLO LDevID is unique in the administrative domain, in which the server is used. HPE servers can be securely on boarded into a customer network using the LDevID for 802.1X authentication. iLO LDevID can be used on servers that do not have iLO IDevID. LDevID helps in facilitating the enrollment (authentication and authorization of credentials) by local network administrators. iLO allows to import, view, and delete LDevID outside the factory.

Importing an LDevID certificate

NOTE: LDevID certificate import requires the system in the FIPS security state. You can retrieve this state with a GET request toward the HpeSecurityService URI.

Follow these steps in sequence to import an LDevID certificate:

A successful response body contains the CSR as well as a link to the destination of the signed certificate in the CertificateCollection object.

iLO LDevID CSR generation: POST /redfish/v1/CertificateService/Actions/CertificateService.GenerateCSR

{
    "CertificateCollection": {
              "@odata.id": "/redfish/v1/Managers/1/SecurityService/iLOLDevID/Certificates/"
    }
}

NOTE: Replace non ASCII characters like CRLF or CR with literally “\n” in the CertificateString property.

Import signed LDevID certificate: POST /redfish/v1/Managers/{@managerId}/SecurityService/iLOLDevID/Certificates/


{
    "CertificateType": "PEM",
    "CertificateString": "-----BEGIN CERTIFICATE-----\n<Contents of the trusted certificate>\n-----END CERTIFICATE-----\n"
}

Before importing, iLO validates the input certificate with the following parameters:

NOTE: iLO supports import of LDevID certificates up to 16 KB size.

Viewing the imported LDevID certificate

To view the imported LDevID certificate, use the following RESTful API GET command toward /redfish/v1/Managers/{@managerId}/SecurityService/iLOLDevID/Certificates/{@certId}

Deleting the imported LDevID certificate

To delete the imported LDevID certificate, use the following RESTful API DELETE command toward /redfish/v1/Managers/{@managerId}/SecurityService/iLOLDevID/Certificates/{@certId}

Updating an LDevID certificate

You cannot update a LDevID certificate. To replace a certificate, you must delete the existing LDevID certificate and generate a new certificate. See Importing an LDevID certificate.

NOTE: In case LDevID certificate is lost due to secure erase, you can restore it using the Backup and Restore feature or replace it.

System IDevID certificate

iLO can be provisioned with the server host identity, available for use by the operating system. This factory provisioned system identity is called System IDevID, whose corresponding private key is stored in TPM. System IDevID follows the TCG proposal for TPM2.0 implementation of an IDevID. You have to order a specific server SKU (P42104-B21) for obtaining System IDevID.

iLO does not allow you to update or delete the certificate. You can only view the certificate using the RESTful API GET command toward /redfish/v1/Managers/{@managerId}/SecurityService/SystemIDevID/Certificates/{@certId}

System IAK certificate

iLO can be provisioned with the System Initial Attestation Key (IAK) certificate in the factory. This is similar to System IDevID but used for TPM-based attestation. The corresponding private key is stored in TPM. System IAK follows the TCG proposal for TPM2.0 implementation of an IDevID. You have to order a specific server SKU (P42104-B21) for obtaining System IAK certificate.

iLO does not allow you to update or delete the certificate. You can only view the certificate using the RESTful API GET command toward /redfish/v1/Managers/{@managerId}/SecurityService/SystemIAK/Certificates/{@certId}

NOTE: iLO IDevID, iLO LDevID, System IDevID, and System IAK are preserved across iLO security state transitions, reset to factory defaults.

Platform certificate

iLO can be provisioned with the platform certificate which is an attribute certificate that functions as a signed manifest for the hardware chassis or configuration used to detect supply chain tampering. This certificate is TCG compliant. You have to order a specific server SKU (P42104-B21) for obtaining Platform certificate.

iLO does not allow you to update or delete the platform certificate. You can only view the certificate using the RESTful API GET command toward /redfish/v1/Managers/{@managerId}/SecurityService/PlatformCert/Certificates/{@certId}

Enabling/disabling specific TLS versions

From iLO 5 2.72 version, the HpeSecurityService resource type includes a new property called TLSVersion. This section details the TLSversion property which displays the status (Enabled / Disabled) of different TLS versions supported and how they can be modified in different security states.

HPE iLO Standard, that comes with every HPE ProLiant Gen10 or later server, gives customers the ability to configure servers in one of three security states (Production, High Security, and FIPS). With an iLO Advanced license, customers have a fourth security state available to them that needs the highest-level encryption capabilities of CNSA.

iLO features the following security states:

  1. Production
  2. High Security
  3. FIPS (Federal Information Processing Standards)
  4. CNSA (Commercial National Security Algorithm)

NOTE: - TLS versions 1.0 and 1.1 can be enabled or disabled only in Production mode but they are disabled in higher security modes such as High Security, FIPS, and CNSA. - Tools that do not support TLS 1.2 will not be able to connect to iLO when TLS 1.0 and 1.1 are disabled.

For more information on iLO security states, see the iLO encryption settings of the HPE iLO 5 User Guide

Viewing status of TLS versions enabled/disabled

To view the enabled/disabled status of TLS versions, perform GET on /redfish/v1/Managers/1/SecurityService/

GET /redfish/v1/Managers/1/SecurityService/

{
....
    "TLSVersion": {
        "TLS1_0": "Disabled",
        "TLS1_1": "Enabled",
        "TLS1_2": "Enabled"
    }
...
}

Modifying the enable/disable status of specific TLS versions

Note: - In iLO 5 v2.72, TLSVersion properties are not PATCHable through Redfish. Performing the PATCH operation using the values Enabled or Disabled results in the iLO returning iLO.2.15.PropertyValueBadParam. - This is fixed in iLO 5 v2.78.

Enabling/disabling the TLS versions triggers an event and creates an alert for that event. The message arguments include TLS version being modified, its Status, and the user who requested for the change for the alert.

To enable or disable TLS 1.0 or TLS 1.1 versions or both at the same time in the production state, perform PATCH on /redfish/v1/Managers/1/SecurityService/

PATCH /redfish/v1/Managers/1/SecurityService/

PATCH Payload:

{
    "TLSVersion": {
       "TLS1_0": "Disabled",
       "TLS1_1": "Enabled"
    }
}

iLO automatically resets after enabling or disabling TLS versions and iLO 5 will respond with HTTP 200 OK after PATCH.

Performing PATCH on TLS versions creates an entry in the Security Log. See Security Logs

Examples of entries (Description) in the Security Log after performing PATCH on TLS versions:

Managing the iLO Redfish Host Interface (“Virtual NIC”)

iLO 5 1.40 adds a virtual network interface to access iLO’s HTTPS resources (including the Redfish API and the Web GUI) to the host. This interface is disabled by default in Gen10 servers but may be enabled by default in future servers.

When accessing iLO 5 through the virtual network interface, authentication is enforced.

Enabling the Virtual NIC

The Virtual NIC (also known as the Redfish Host API) is disabled by default but may be enabled either though the Web GUI or by a Redfish operation. An iLO reset is required for this change to take effect.

PATCH /redfish/v1/Managers/{managerId}/

{
    "Oem": {
        "Hpe": {
            "VirtualNICEnabled": true
        }
    }
}

Using the Virtual NIC

When enabled, software running on the server operating system may access the iLO 5 Web GUI or Redfish API using IP address 16.1.15.1. Normal authentication is required.

NOTE: The Virtual NIC does NOT act as a passthrough to traffic on the iLO 5 network connection. It is a separate network connection into iLO’s resources.

Disabling the Virtual NIC

The Virtual NIC may be disabled either though the Web GUI or by a Redfish operation. An iLO reset is required for this change to take effect.

PATCH /redfish/v1/Managers/{managerId}/

{
    "Oem": {
        "Hpe": {
            "VirtualNICEnabled": false
        }
    }
}

Secure Erase

The secure erase process resets iLO and deletes all licenses stored there, resets BIOS settings, and deletes all AHS and warranty data stored on the system. The secure erase process also erases supported non-volatile storage data and deletes any deployment settings profiles. iLO reboots multiple times after the process is initiated.

NOTE: Securely erasing the server can take up to a day to complete.

Secure erase erases supported non-volatile storage data and returns the server to the manufacturing default state. The feature complies with specification NIST SP 800-88 Revision 1, Guidelines for Media Sanitization. For more information about NIST SP 800-88, see https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-88r1.pdf. Section 2.5 of the specification describes the level of sanitization. The appendix recommends minimum sanitization levels for media. Secure erase implements the NIST SP 800-88 Revision 1 Sanitization Recommendations for Purging user data and returns the server and supported components to the default state. This feature automates many of the tasks you follow in the Statement of Volatility document for a server. To view what was erased successfully, see View secure erase report. The process can take up to a day to fully erase and reset all user data. When you activate secure erase, iLO 5 does not allow firmware update or reset operations. DO NOT perform any iLO 5 configuration changes until this process is completed.

Secure erase access methods

You can initiate the secure erase process from the following products:

Prerequisites

Process flow

  1. User initiates secure erase.
  2. Upon reboot, BIOS erases configuration, system time, TPM configuration and user data (drives and persistent memory). The system powers off after completion.
  3. iLO 5 then erases key NVRAM and NAND data, and then automatically resets.

Initiating secure erase through Redfish

To initiate secure erase, perform a POST on /redfish/v1/Systems/<index>/Actions/Oem/Hpe/HpeComputerSystemExt.SecureSystemErase/.

The payload for this POST includes two properties:

Property Type Description
SystemRomAndiLOErase Boolean Reset the system BIOS settings and iLO to manufacturing defaults. It also erases the Active Health System (AHS) user data in the NAND.
UserDataErase Boolean Erase all the user data on the system including TPMs, persistent memory devices, storage controller configurations, RAID settings, and data from the hard drives attached to the system. USB and other removable media will be excluded.

NOTE: The POST operation payload requires both the SystemRomAndiLOErase and UserDataErase parameters to be set to true to initiate the secure erase process.

NOTE: Once you initiate this process, it cannot be undone.

POST /redfish/v1/Systems/1/Actions/Oem/Hpe/HpeComputerSystemExt.SecureSystemErase/

{
    "SystemROMAndiLOErase" : true ,
    "UserDataErase": true
}

This returns a response indicating that a server system reset is required.

returns

{
    "error": {
        "code": "iLO.0.10.ExtendedInfo",
        "message": "See @Message.ExtendedInfo for more information.",
        "@Message.ExtendedInfo": [
            {
                "MessageId": "iLO.2.7.SystemResetRequired"
            }
        ],
    }
}

The client must then initiate a server reset using the Reset action in the ComputerSystem resource.

POST /redfish/v1/Systems/{id}/Actions/ComputerSystem.Reset

{
    "ResetType": "ForceRestart"
}

At this point the UEFI BIOS will begin erasing configuration information.

Monitor status of secure erase

Once the secure erase is initiated, perform GET on /redfish/v1/Systems/1/. This resource includes an object Oem.Hpe which contains the status value properties for the secure erase previously initiated. This includes the following properties:

Property Type Description
UserDataEraseStatus Status (Enum) Reports the overall user data erase status
UserDataEraseComponentStatus.{ComponentName} Status (Enum) Indicates the erase status of the individual components
ElapsedEraseTimeInMinutes Integer Reports the time elapsed since the erase started
EstimatedEraseTimeInMinutes Integer Reports the approximate time (in minutes) for the overall erase process

The Status enum takes the following values - Idle, Initiated, InProgress, CompletedWithSuccess, CompletedWithErrors, Failed.

View secure erase report

The client must then initiate a server reset using the Reset action in the ComputerSystem resource.

To view the secure erase report for each of the individual drives or disks installed, perform GET on /redfish/v1/systems/1/Oem/Hpe/EraseReport/{reportId}.

> curl https://{iLO}/redfish/v1/sytems/1/Oem/Hpe/EraseReport/2 -i --insecure -L
{
    "ResetType"        : "ForceRestart",
    "DeviceType"       : "NVMeDrive",
    "DeviceIdentifier" : "NVMe M.2 Drive Slot 1 Bay 1",
    "SerialNumber"     : "<serialNumber>",
    "EraseStatus"      : "CompletedWithSuccess",
    "EraseType"        : "PURGE",
    "StartTime"        : "2019-05-30T08:40:13Z",
    "EndTime"          : "2019-05-30T08:40:13Z"
}

Impacts to the server after secure erase completes

The server will need to be re-provisioned to be used after this operation.

Troubleshooting

In some situations the secure erase function may return an HTTP 500 Internal Server Error.

HTTP 500 Internal Server Error

{
    "error": {
        "code": "iLO.0.10.ExtendedInfo",
        "message": "See @Message.ExtendedInfo for more information.",
        "@Message.ExtendedInfo": [
            {
                "MessageId": "Base.1.0.InternalError"
            }
        ],
    }
}

In the event of this error:

  1. Check if the installed BIOS firmware supports secure erase. Note: This feature is supported only on Gen10 servers and above that have been updated with SPP version 2019.03.0 or later.
  2. If the system is already updated with the correct BIOS firmware version, then reboot the server. Once the system booted, execute the secure erase again using POST action URI.

For more troubleshooting tips and secure erase FAQ, please refer “Intelligent Provisioning User Guide for HPE ProLiant Gen10 Servers and HPE Synergy” https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=sd00001085en_us

iLO Backup and Restore

The Backup and Restore service allows you to create and download a binary file containing the configuration of the iLO. In addition, you can restore the iLO configuration on a system with the same hardware configuration as the system that was backed up. This feature is not meant to duplicate a configuration and apply it to a different iLO system.

In general, it is not expected that you will need to perform an iLO restore operation. However, there are cases in which having a backup of the configuration eases and expedites the return to a normal operating environment.

As with any computer system, backing up your data is a recommended practice to minimize the impact from failures. Hewlett Packard Enterprise recommends performing a backup each time that you update the iLO firmware.

You might want to restore the iLO configuration in the following situations:

Battery failure or removal

Various configuration parameters are stored in the battery-powered SRAM. Although rare, the battery can fail. In some situations, battery removal and replacement might be required. To avoid the loss of configuration information, restore the iLO configuration from a backup file after the battery is replaced.

Reset to factory defaults

In some cases, you might need to reset iLO to the factory default settings to erase settings external to iLO. Resetting iLO to the factory default settings erases the iLO configuration. To recover the iLO configuration quickly, restore the configuration from a backup file after the reset to the factory default settings is complete.

Accidental or incorrect configuration change

In some cases, the iLO configuration might be changed incorrectly, causing important settings to be lost. This situation might occur if iLO is set to the factory default settings or user accounts are deleted. To recover the original configuration, restore the configuration from a backup file.

System board replacement

If a system board replacement is required to address a hardware issue, you can use this feature to transfer the iLO configuration from the original system board to the new system board.

Lost license key

If a license key is accidentally replaced, or you reset iLO to the factory default settings, and you are not sure which key to install, you can restore the license key and other configuration settings from a backup file.

What information is restored?

The iLO configuration includes many categories such as Power, Network, Security, the User Database, and License Keys. Most configuration information is stored in the battery-powered SRAM memory device, and it can be backed up and restored.

Information that is not restored

Some information is not suitable to be restored. The information that cannot be restored is not part of the iLO configuration, but instead is related to the iLO or server system state.

The following information is not backed up or restored:

Backing up the iLO 5 configuration

To find the information about the BackupRestoreService, perform GET /redfish/v1/Managers/1/BackupRestoreService

GET /redfish/v1/Managers/1/BackupRestoreService

{
    "@odata.context": "/redfish/v1/$metadata#HpeiLOBackupRestoreService.HpeiLOBackupRestoreService",
    "@odata.etag": "W/\"D863AC37\"",
    "@odata.id": "/redfish/v1/Managers/1/BackupRestoreService",
    "@odata.type": "#HpeiLOBackupRestoreService.v2_2_0.HpeiLOBackupRestoreService",
    "Id": "BackupRestoreService",
    "BackupFileLocation": "/bkupdata/HPE_MXQ32200VV_20020928_0712.bak",
    "BackupFiles": {
        "@odata.id": "/redfish/v1/Managers/1/BackupRestoreService/BackupFiles"
    },
    "HttpPushUri": "/cgi-bin/uploadRestoreFile",
    "Name": "Backup Restore Service"
}

GET the backup file based upon the BackupFileLocation URI

GET /bkupdata/HPE_MXQ32200VV_20020928_0712.bak

The GET operation to the BackupFileLocation URI returns HTTP 200 with Content Type: application/octet-stream. This is the binary image of the backup file.

Restoring the iLO 5 configuration

POST /cgi-bin/uploadRestoreFile

The content type of the POST must be Form Data and include the session key.

Enabling Custom Backup and Restore

From iLO 5 v2.72 release, the backup and restore feature introduces a new OEM property called CustomBackupandRestore. Users can enable this property that allows automatically restoring user defined iLO configuration that was earlier used for backup instead of the factory default settings.

/redfish/v1/managers/1/backuprestoreservice (GET, PATCH)

"CustomBackupandRestore": {
            "description": "This property indicates whether a custom backup and restore is enabled.", 
            "etag": true,
            "readonly": false,
            "type": "boolean"
        }

NOTE:

  1. For iLO5 v2.72, only IPMI and SNMP user configurations are covered in this custom backup and auto-restore feature.
  2. An IEL is logged when the PATCH is performed to set the CustomBackupandRestore property to true/false.
  3. When the auto-restore takes place during the iLO boot, there may be a possible delay of up to 120 seconds before some of the iLO functionalities become available after the auto-restore has taken place.
  4. iLO is configured to use the Production or High Security state - custom backup and auto-restore functionality is not supported in FIPS and higher security states.
  5. If iLO is reset to the factory default settings, then the custom backup needs to be configured again.

To modify the value of the CustomBackupandRestore property, send a PATCH request to the Backup and Restore URI.

PATCH /redfish/v1/managers/1/backuprestoreservice

{
    "CustomBackupandRestore": true
}

Storage data models

The following sections describe the storage models supported by iLO - DMTF Redfish Storage Model and HPE OEM Storage Model.

DMTF Redfish Storage Model

HPE ProLiant Gen10 servers (iLO 5 version equal or greater than 2.30) and beyond implement the DMTF standard known as Platform Level Data Model for Redfish Device Enablement (PLDM for RDE). This open standard allows storage controllers to host their own set of Redfish resources and capabilities which are rooted under the iLO /redfish/v1 service root. As a result, responses to Redfish client requests are provided by the controllers through the iLO.

Without the implementation of PLDM for RDE in either the iLO firmware or the storage controller firmware, the iLO responds to Redfish client requests using its own database of storage controller resources and properties, populated during Pre-OS tasks (POST).

For updated information on the Redfish resources, corresponding URIs, and supported HTTP methods towards storage controllers implementing PLDM for RDE, see the Configuration and Redfish sections of the HPE SR Gen10 Plus Controller User Guide.

The array controllers have implemented the DMTF Redfish storage data model for inventory (GET). Starting at iLO 5 firmware version 2.65, the array controllers that have implemented the DMTF PLDM for RDE standard support Redfish write operations (POST, DELETE, and PATCH).

The following table lists the Redfish resources and the corresponding URIs for the GET requests towards storage controllers implementing PLDM for RDE:

Redfish Resource Method URI
Storage GET /redfish/v1/Systems/{item}/Storage/{item}
Controller Collection GET /redfish/v1/Systems/{item}/Storage/{item}/Controllers
Storage Controller GET /redfish/v1/Systems/{item}/Storage/{item}/Controllers/{item}
Port Collection GET /redfish/v1/Systems/{item}/Storage/{item}/Controllers/{item}/Ports
Volume Collection GET /redfish/v1/Systems/{item}/Storage/{item}/Volumes
Volume Capabilities GET /redfish/v1/Systems/{item}/Storage/{item}/Volumes/Capabilities
Volume GET /redfish/v1/Systems/{item}/Storage/{item}/Volumes/{item}
Drive GET /redfish/v1/Systems/{item}/Storage/{item}/Drives/{item}

The following table lists the Redfish resources and corresponding URIs for write requests towards storage controllers implementing PLDM for RDE:

Redfish Resource Method URI
Volume Create POST /redfish/v1/Systems/{item}/Storage/{item}/Volumes
Volume Delete DEL /redfish/v1/Systems/{item}/Storage/{item}/Volumes/{item}

NOTE: The Redfish responses from controllers implementing PLDM for RDE depend on the schema versions that are supported by each device and are likely to vary across each device vendor/family/model. Create and delete volume operations will also likely vary across devices.

For more information on RDE support changes and limitations, see Redfish Device Enablement (RDE) support.

Example GET responses

GET /redfish/v1/Systems/1/Storage/{item}

{
    "@odata.context": "/redfish/v1/$metadata#Storage.Storage",
    "@odata.etag": "W/\"F7D058EE\"",
    "@odata.id": "/redfish/v1/Systems/1/Storage/DA000008/",
    "@odata.type": "#Storage.v1_12_0.Storage",
    "Id": "DA000008",
    "Controllers": {
        "@odata.id": "/redfish/v1/Systems/1/Storage/DA000008/Controllers/"
    },
    "Drives": [
        {
            "@odata.id": "/redfish/v1/Systems/1/Storage/DA000008/Drives/CAE9137A/"
        },
        {
            "@odata.id": "/redfish/v1/Systems/1/Storage/DA000008/Drives/F377244E/"
        },
        {
            "@odata.id": "/redfish/v1/Systems/1/Storage/DA000008/Drives/E55B33A9/"
        },
        {
            "@odata.id": "/redfish/v1/Systems/1/Storage/DA000008/Drives/69483FD4/"
        }
    ],
    "Links": {
        "Enclosures": [
            {
                "@odata.id": "/redfish/v1/Chassis/1/"
            }
        ]
    },
    "Name": "SATA Storage System",
    "Status": {
        "Health": "OK",
        "State": "Enabled"
    },
    "StorageControllers": [
        {
            "@odata.id": "/redfish/v1/Systems/1/Storage/DA000008#/StorageControllers/0/",
            "FirmwareVersion": null,
            "Location": {
                "PartLocation": {
                    "ServiceLabel": "System Board"
                }
            },
            "Manufacturer": "",
            "MemberId": "0",
            "Model": "Embedded SATA Controller #2",
            "Name": "SATA Storage Controller",
            "PartNumber": "",
            "SerialNumber": "<SerialNumber>",
            "Status": {
                "Health": null,
                "State": null
            },
            "SupportedDeviceProtocols": [
                "SATA"
            ]
        }
    ]
}

GET /redfish/v1/Systems/1/Storage/{item}/Drives/{item}

{
    "@odata.context": "/redfish/v1/$metadata#Drive.Drive",
    "@odata.etag": "W/\"98A85B7F\"",
    "@odata.id": "/redfish/v1/Systems/1/Storage/DA000008/Drives/CAE9137A/",
    "@odata.type": "#Drive.v1_7_0.Drive",
    "Id": "CAE9137A",
    "Actions": {
        "#Drive.Reset": {
            "ResetValue@Redfish.AllowableValues": [
                "ForceOff",
                "ForceOn",
                "PowerCycle"
            ],
            "target": "/redfish/v1/Systems/1/Storage/DA000008/Drives/CAE9137A/Actions/Drive.Reset/"
        }
    },
    "CapacityBytes": 1000204000000,
    "Identifiers": [],
    "IndicatorLED": "Off",
    "Location": [
        {
            "Info": "SATA Drive Box 3 Bay 4",
            "InfoFormat": "BayNumber"
        }
    ],
    "MediaType": "HDD",
    "Model": "MM1000GFJTE",
    "Name": "Secondary Storage Device",
    "Oem": {
        "Hpe": {
            "@odata.context": "/redfish/v1/$metadata#HpeiLODriveExt.HpeiLODriveExt",
            "@odata.type": "#HpeiLODriveExt.v2_0_1.HpeiLODriveExt",
            "DriveStatus": {},
            "TemperatureStatus": {}
        }
    },
    "PhysicalLocation": {
        "PartLocation": {
            "LocationOrdinalValue": 4,
            "LocationType": "Bay",
            "ServiceLabel": "SATA Drive Box 3 Bay 4"
        }
    },
    "Revision": "HPG5",
    "SerialNumber": "<SerialNumber>",
    "Status": {
        "Health": "OK",
        "State": "Enabled"
    }
}

GET /redfish/v1/Systems/1/Storage/{item}/Volumes/{item}

{
    "@odata.etag": "\"14175561\"",
    "@odata.id": "/redfish/v1/Systems/1/Storage/DE009000/Volumes/238",
    "@odata.type": "#Volume.v1_4_0.Volume",
    "Id": "238",
    "Name": "MR Volume",
    "Status": {
        "State": "Enabled",
        "Health": "OK"
    },
    "BlockSizeBytes": 512,
    "CapacityBytes": 85899345920,
    "DisplayName": "WESERVER",
    "Encrypted": false,
    "EncryptionTypes": [
        "NativeDriveEncryption"
    ],
    "Identifiers": [
        {
            "DurableName": "425380496",
            "DurableNameFormat": "NAA"
        }
    ],
    "Links": {
        "Drives@odata.count": 1,
        "Drives": [
            {
                "@odata.id": "/redfish/v1/Systems/1/Storage/DE009000/Drives/8"
            }
        ],
        "DedicatedSpareDrives@odata.count": 0,
        "DedicatedSpareDrives": []
    },
    "LogicalUnitNumber": 0,
    "Operations": [],
    "OptimumIOSizeBytes": 65536,
    "RAIDType": "RAID0",
    "ReadCachePolicy": "Off",
    "StripSizeBytes": 65536,
    "VolumeUsage": "Data",
    "WriteCachePolicy": "WriteThrough"
}

Creating Volumes

Creating volumes in a storage controller supporting PLDM for RDE in write mode, is performed using a POST request toward /redfish/v1/Systems/1/Storage/{item}/Volumes. The exhaustive list of required and optional parameters of such POST requests can be retrieved with a GET request to /redfish/v1/Systems/1/Storage/{item}/Volumes/Capabilities This URI provides as well the possible values for each capability.

Verify POST requests are allowed to create volumes: HEAD /redfish/v1/Systems/1/Storage/{item}/Volumes

{
  "Allow": "GET, HEAD, POST",
  "Content-Length": "0",
  "Date": "Tue, 05 Jul 2022 12:43:12 GMT",
  "ETag": "W/\"75983E8D\"",
  "Link": "</redfish/v1/SchemaStore/en/StorageCollection.json>; rel=describedby",
  "OData-Version": "4.0",
  "X-Content-Type-Options": "nosniff",
  "X-Frame-Options": "sameorigin",
  "X-XSS-Protection": "1; mode=block"
}

Retrieve optional and required parameters to create a volume: GET /redfish/v1/Systems/1/Storage/{item}/Volumes/Capabilities

{
  "@odata.id": "/redfish/v1/Systems/1/Storage/DE00D000/Volumes/Capabilities",
  "@odata.type": "#Volume.v1_6_2.Volume",
  "Id": "Capabilities",
  "Name": "Capabilities for the volume collection",
  "RAIDType@Redfish.RequiredOnCreate": true,
  "RAIDType@Redfish.AllowableValues": [
    "RAID0",
    "RAID1",
    "RAID10",
    "RAID5",
    "RAID50",
    "RAID6",
    "RAID60",
    "RAID1Triple",
    "RAID10Triple"
  ],
  "CapacityBytes@Redfish.OptionalOnCreate": true,
  "StripSizeBytes@Redfish.OptionalOnCreate": true,
  "IOPerfModeEnabled@Redfish.OptionalOnCreate": true,
  "IOPerfModeEnabled@Redfish.UpdatableAfterCreate": true,
  "MediaSpanCount@Redfish.OptionalOnCreate": true,
  "DisplayName@Redfish.OptionalOnCreate": true,
  "DisplayName@Redfish.UpdatableAfterCreate": true,
  "ReadCachePolicy@Redfish.OptionalOnCreate": true,
  "ReadCachePolicy@Redfish.AllowableValues": [
    "Off",
    "ReadAhead"
  ],
  "ReadCachePolicy@Redfish.UpdatableAfterCreate": true,
  "WriteCachePolicy@Redfish.OptionalOnCreate": true,
  "WriteCachePolicy@Redfish.AllowableValues": [
    "Off"
  ],
  "WriteCachePolicy@Redfish.UpdatableAfterCreate": true,
  "VolumeUsage@Redfish.OptionalOnCreate": true,
  "VolumeUsage@Redfish.AllowableValues": [
    "Data"
  ],
  "InitializeMethod@Redfish.OptionalOnCreate": true,
  "InitializeMethod@Redfish.AllowableValues": [
    "Background",
    "Foreground"
  ],
  "Links@Redfish.RequiredOnCreate": true,
  "Links": {
    "Drives@Redfish.RequiredOnCreate": true,
    "DedicatedSpareDrives@Redfish.OptionalOnCreate": true,
    "DedicatedSpareDrives@Redfish.UpdatableAfterCreate": true
  },
  "@odata.etag": "\"0A1FA1E9\""
}

Volume creation: POST /redfish/v1/Systems/1/Storage/{item}/Volumes

{
    "CapacityBytes": <Number>,
    "StripSizeBytes": <Number>,
    "DisplayName": "string",
    "ReadCachePolicy": "string",
    "RAIDType": "string",
    "WriteCachePolicy": "string",
    "Links": {
        "Drives": [
            {
                "@odata.id": "/redfish/v1/Systems/1/Storage/{item}/Drives/0"
            },
            {
                "@odata.id": "/redfish/v1/Systems/1/Storage/{item}/Drives/4"
            }
        ]
    }
}

The properties to be passed as part of the POST payload are described below:

Property Datatype Description
CapacityBytes Number Size in bytes of this volume.
StripSizeBytes Number The number of blocks (bytes) in a strip in a disk array that uses striped data mapping.
DisplayName String A user-configurable string to name the volume.
ReadCachePolicy String Indicates the read cache policy setting for the Volume.
RAIDType String The RAID type of this volume.
WriteCachePolicy String (enum)
"WriteThrough"/ "UnprotectedWriteBack" / "ProtectedWriteBack"
Indicates the write cache policy setting for the Volume.
Links Collection of @odata.id Links to the physical drives from which to create the Volume.

Deleting Volumes

DELETE /redfish/v1/Systems/1/Storage/{item}/Volumes/{item}

HPE OEM Storage Models

HPE initially developed the SmartStorage Redfish OEM data model for HPE ProLiant DL580 Gen8 server. This model supported inventory (GET) and monitoring (Events) features.

In HPE ProLiant Gen10, the SmartStorageConfig resource was added to support configuration. This OEM model used a proprietary API that only supports the SR line of storage controllers. This OEM storage model is removed starting with HPE Gen11 servers. Customers are encouraged to use the open standard “DMTF Redfish Storage Model” described above.

The following table lists the Redfish resources and corresponding URIs for the GET requests toward the legacy OEM HPE SmartStorage model:

Redfish Resource Method URI
HPE Smart Storage Config GET /redfish/v1/Systems/{item}/smartstorageconfig
HPE Smart Storage GET /redfish/v1/Systems/{item}/SmartStorage
HPE Smart Storage Array Controller Collection GET /redfish/v1/Systems/{item}/SmartStorage/ArrayControllers
HPE Smart Storage Array Controller GET /redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}
HPE Smart Storage Logical Drive Collection GET /redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/LogicalDrives
HPE Smart Storage Storage Enclosure Collection GET /redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/StorageEnclosures
HPE Smart Storage Disk Drive Collection GET /redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/DiskDrives

The following table lists the Redfish resources and corresponding URIs for write requests toward the legacy OEM HPE SmartStorageConfig model

NOTE: The HPE SmartArray configuration process is similar to the way BIOS is configured. PATCH or PUT requests are performed toward a temporary setting zone. Then, upon reboot, the settings are verified and, if valid, they are transferred in the current area. If they are not valid, error messages are posted in the @Redfish.Settings resource of current area.

Redfish Resource Method URI
Logical Drive Create & Delete PUT /redfish/v1/Systems/{item}/smartstorageconfig/settings
Spare Drives PATCH /redfish/v1/Systems/{item}/smartstorageconfig/settings
Spare Rebuild Mode PATCH /redfish/v1/Systems/{item}/smartstorageconfig/settings
Accelerator PATCH /redfish/v1/Systems/{item}/smartstorageconfig/settings
Read Cache Percent PATCH /redfish/v1/Systems/{item}/smartstorageconfig/settings
Rebuild Priority PATCH /redfish/v1/Systems/{item}/smartstorageconfig/settings
Surface Scan Analysis Priority PATCH /redfish/v1/Systems/{item}/smartstorageconfig/settings
Drive Write Cache PATCH /redfish/v1/Systems/{item}/smartstorageconfig/settings
Physical Drive Erase PUT /redfish/v1/Systems/{item}/smartstorageconfig/settings

The SmartStorageConfig resource sub-tree is linked into the ComputerSystem resource:

GET /redfish/v1/systems/{item}/ (output truncated)

...
{
  "Oem": {
    "Hpe": {
      "SmartStorageConfig": {
        "@odata.id": "/redfish/v1/systems/{item}/smartstorageconfig/"
      }
    }
  }
}
...

The /redfish/v1/systems/{item}/smartstorageconfig/ URI is the GET-only current configuration which links to the pending configuration URI.

SmartStorageConfig output example

GET /redfish/v1/systems/{item}/smartstorageconfig/

{
    "@Redfish.Settings": {
        "@odata.type": "#Settings.v1_0_0.Settings",
        "ETag": "",
        "Messages": [
            {
                "MessageId": "Base.1.0.Success"
            }
        ],
        "SettingsObject": {
            "@odata.id": "/redfish/v1/systems/1/smartstorageconfig/settings/"
        },
        "Time": ""
    },
    "@odata.context": "/redfish/v1/$metadata#SmartStorageConfig.SmartStorageConfig",
    "@odata.etag": "W/\"5C73F2701BE5B6B6B665E028E718BAB2\"",
    "@odata.id": "/redfish/v1/systems/1/smartstorageconfig/",
    "@odata.type": "#SmartStorageConfig.v2_0_0.SmartStorageConfig",
    "CurrentParallelSurfaceScanCount": 1,
    "DataGuard": "Strict",
    "DegradedPerformanceOptimization": "Disabled",
    "DriveWriteCache": "Disabled",
    "ElevatorSort": "Enabled",
    "EncryptionConfiguration": "None",
    "EncryptionEULA": null,
    "ExpandPriority": "Medium",
    "FlexibleLatencySchedulerSetting": "Default",
    "Id": "smartstorageconfig",
    "InconsistencyRepairPolicy": "Disabled",
    "Location": "Slot UNKNOWN",
    "LocationFormat": "PCISlot",
    "LogicalDrives": [
        {
            "Accelerator": "ControllerCache",
            "BlockSizeBytes": 512,
            "CapacityBlocks": 1953459632,
            "CapacityGiB": 931,
            "DataDrives": [
                "P1I:3:1"
            ],
            "DriveLocationFormat": "ControllerPort:Box:Bay",
            "LegacyBootPriority": "None",
            "LogicalDriveName": "Logical Drive 0",
            "LogicalDriveNumber": 1,
            "ParityGroupCount": 0,
            "Raid": "Raid0",
            "SpareDrives": [],
            "SpareRebuildMode": null,
            "StripSizeBytes": 262144,
            "StripeSizeBytes": 262144,
            "VolumeUniqueIdentifier": "600508B1001CAC3093F52C735D6DE038"
        }
    ],
    "MonitorAndPerformanceAnalysisDelaySeconds": 60,
    "NoBatteryWriteCache": "Disabled",
    "Oem": {
        "Hpe": {
            "@odata.type": "#HpeBiosExt.v2_0_0.HpeBiosExt",
            "SettingsObject": {
                "UnmodifiedETag": "W/\"1D348072E79A999999DDFE0BCB960774\""
            }
        }
    },
    "PhysicalDrives": [
        {
            "LegacyBootPriority": "None",
            "Location": "P1I:3:1",
            "LocationFormat": "ControllerPort:Box:Bay"
        }
    ],
    "Ports": [
        {
            "OperatingModeAfterReboot": "Mixed",
            "PortIndex": 0
        },
        {
            "OperatingModeAfterReboot": "Mixed",
            "PortIndex": 1
        }
    ],
    "PowerModeAfterReboot": "MaxPerformance",
    "PredictiveSpareRebuild": "Disabled",
    "QueueDepth": "Automatic",
    "ReadCachePercent": 100,
    "RebuildPriority": "RapidLow",
    "SurfaceScanAnalysisDelaySeconds": 3,
    "SurfaceScanAnalysisPriority": "Idle",
    "SurvivalPowerMode": "Enabled",
    "WriteCacheBypassThresholdKiB": 1040
}

Update controller configuration

The controller configuration is accurate after boot, before any online changes are administered using dedicated applications like the HPE Smart Storage Administrator (SSA). A live version of this data is available in both redfish/v1/Systems/{item}/smartstorageconfig/ and /redfish/v1/Systems/1/SmartStorage/.

PATCH /redfish/v1/Systems/{item}/smartstorageconfig/settings/

{
    "DataGuard": "Strict",
    "ExpandPriority": "High",
    "RebuildPriority": "High",
    "ReadCachePercent": 20
}

View logical drive inventory

The logical drive inventory is accurate after boot, before any online changes are administered using dedicated applications like the HPE Smart Storage Administrator (SSA). A live version of this data is available in both redfish/v1/Systems/{item}/smartstorageconfig/ and /redfish/v1/Systems/1/SmartStorage.

GET /redfish/v1/Systems/{item}/smartstorageconfig/

{
   "LocationFormat": "PCISlot",
   "DataGuard": "Strict",
   "Location": "Slot 1",
   "BootVolumePrimary": "600508B1001C406C193B03A644CDF6C2",
   "BootVolumeSecondary": "00000000000000000000000000000000",
   "LogicalDrives": [
        {
            "LogicalDriveNumber": 1,
            "Status": {
                "State": "Enabled",
                "HealthRollup": "OK",
                "Health": "OK"
            },
            "VolumeUniqueIdentifier": "600508B1001C406C193B03A644CDF6C2",
            "LegacyBootPriority": "Primary",
            "CapacityGiB": 558,
            "CapacityBlocks": 1171743324,
            "Raid": "Raid0",
            "StripSizeBytes": 262144,
            "StripeSizeBytes": 524288,
            "Accelerator": "None",
            "LogicalDriveName": "A4119B335001438020C7EA30\u0002\u00012B8F",
            "DriveLocationFormat": "ControllerPort:Box:Bay",
            "DataDrives": [
                "1I:1:1",
                "1I:1:2"
            ],
            "SpareDrives": []
        }
    ]
}

The DataGuard property

The management of HPE Smart Storage devices requires a proper understanding of the DataGuard property part of the SmartStorageConfig sub-tree. The value of this attribute “indicates whether or not data destructive actions are allowed” as explained in the Resource Definitions paragraph.

This property is set in the pending settings area (SmartStorageConfig/Settings) along with the directives to be performed by the Smart Storage device (i.e. Logical Volume Creation, Deletion…). During the next Pre-OS Tasks process, the iLO firmware checks its value and performs, or does not perform, the requested directives.

Read the DataGuard paragraph for the supported values.

Create logical drives

Find below two examples of logical drive creation.

PUT /redfish/v1/Systems/{item}/smartstorageconfig/settings/

{
    "DataGuard": "Disabled",
    "LogicalDrives": [
       {
          "CapacityGiB": 558,
          "Raid": "Raid0",
          "StripSizeBytes": 262144,
          "LogicalDriveName": "MyLD",
          "DataDrives": [
                "1I:1:1",
                "1I:1:2"
          ],
          "SpareDrives": [
                "1I:1:3"
          ],
          "Accelerator": "ControllerCache",
          "LegacyBootPriority": "None"
       }
    ]
}

PUT /redfish/v1/Systems/{item}/smartstorageconfig/settings/

{
    "DataGuard": "Disabled",
    "LogicalDrives": [
       {
          "LogicalDriveName": "MyLD",
          "Raid": "Raid5", 
          "DataDrives": {
             "DataDriveCount": 4,
             "DataDriveMediaType": "HDD",
             "DataDriveInterfaceType": "SAS", 
             "DataDriveMinimumSizeGiB": 1000
          }
       }
    ]
}

DataGuard rules concerning Logical Volume deletion

Delete logical drives

There are two ways to delete logical drives. The first enables you to remove specific logical drives by Volume Unique Identifier. The second can be used to remove all logical drives.

The Actions property is not present by default in the resource but must be added with an HTTPS PUT operation.

NOTE: The Actions property here is under the specific logical drive you wish to delete.

PUT /redfish/v1/Systems/{item}/SmartStorageConfig/Settings/

{
   "LogicalDrives": [
      {
         "Actions": [{"Action": "LogicalDriveDelete"}],
         "VolumeUniqueIdentifier": "600123459AF45456664443"
      }
    ],
    "DataGuard": "Permissive"
}

PATCH /redfish/v1/Systems/{item}/SmartStorageConfig/Settings/

{
    "LogicalDrives": [],
    "DataGuard": "Disabled"
}

A system reboot is required for the Smart Storage firmware to validate and perform any requested changes. The result of the operations will be available in the current configuration resource at /redfish/v1/Systems/{item}/SmartStorageConfig/ (the parent resource of the settings resource.)

Sanitize drives

Physical drive erase:

PATCH /redfish/v1/systems/{item}/smartstorageconfig/settings/

{
    "Actions": [
        {
            "Action": "PhysicalDriveErase",
            "ErasePattern": "SanitizeRestrictedBlockErase",
            "PhysicalDriveList": [
                "1I:1:1",
                "1I:1:2"
            ]
        }
    ],
    "DataGuard": "Disabled"
}

Sanitize is a long running operation and the drive is not available (for RAID config) until sanitize is complete. The status can be checked from the iLO/SmartStorage data.

Redfish Device Enablement (RDE) support

Redfish Device Enablement (RDE) enables a management controller (iLO) to present Redfish-conformant data model of I/O devices in a server, without the need for code specific to each device vendor/family/model. With the changes described below, iLO is enabling these devices to handle their own Redfish data model but it is up to the vendors to make their devices conform to the latest standards of Redfish. The Redfish responses from the device depend on the schema versions that are supported by each device and are likely to vary across each device vendor/family/model.

NOTE: As of iLO 5 2.70 version, iLO returns 400 Bad Request when RDE devices/adapters take a long time to process and respond to POST requests.

iLO support for enabling RDE URIs and corresponding HTTP methods

The following table lists the Redfish URIs enabled by iLO for RDE capable devices. It also lists the iLO firmware version in which the support was added for the URI and HTTP method.

URI GET HEAD PATCH POST DELETE
/redfish/v1/Systems/{@systemsId}/NetworkInterfaces 2.55 - - - -
/redfish/v1/Systems/{@systemsId}/NetworkInterfaces/{@nicId} 2.55 2.55 - - -
/redfish/v1/Systems/{@systemId}/EthernetInterfaces 2.55 - - - -
/redfish/v1/Systems/{@systemId}/EthernetInterfaces/{@nicId} 2.55 2.55 2.72 2.72 -
/redfish/v1/Chassis/{@chassisId}/PCIeDevices 2.55 - - - -
/redfish/v1/Chassis/{@chassisId}/PCIeDevices/{@PCIeDeviceId} 2.55 2.55 - - -
/redfish/v1/Chassis/{@chassisId}/PCIeDevices/{@PCIeDeviceId}/PCIeFunctions 2.55 - - - -
/redfish/v1/Chassis/{@chassisId}/PCIeDevices/{@PCIeDeviceId}/PCIeFunctions/{@PCIeFunctionId} 2.55 2.55 - - -
/redfish/v1/Chassis/{@chassisId}/NetworkAdapters 2.33 - - - -
/redfish/v1/Chassis/{@chassisId}/NetworkAdapters/{@nicId} 2.33 2.33 2.50 2.55 -
/redfish/v1/Chassis/{@chassisId}/NetworkAdapters/{@nicId}/NetworkPorts 2.33 - - - -
/redfish/v1/Chassis/{@chassisId}/NetworkAdapters/{@nicId}/NetworkPorts/{@portId} 2.33 2.33 2.50 2.55 -
/redfish/v1/Chassis/{@chassisId}/NetworkAdapters/{@nicId}/Ports 2.65 - - - -
/redfish/v1/Chassis/{@chassisId}/NetworkAdapters/{@nicId}/Ports/{@portId} 2.65 2.65 2.65 2.65 -
/redfish/v1/Chassis/{@chassisId}/NetworkAdapters/{@nicId}/NetworkDeviceFunctions 2.33 - - - -
/redfish/v1/Chassis/{@chassisId}/NetworkAdapters/{@nicId}/NetworkDeviceFunctions/{@pfId} 2.33 2.33 2.50 2.55 -
/redfish/v1/Systems/{@systemId}/Storage 2.33 - - - -
/redfish/v1/Systems/{@systemId}/Storage/{@storageId} 2.33 2.50 2.50 2.55 -
/redfish/v1/Systems/{@systemId}/Storage/{@storageId}/Drives/{@driveId} 2.33 2.33 2.50 2.55 -
/redfish/v1/Systems/{@systemId}/Storage/{@storageId}/Controllers/ 2.70 - - - -
/redfish/v1/Systems/{@systemId}/Storage/{@storageId}/Controllers/{@controllerId} 2.70 2.70 2.72 - -
/redfish/v1/Systems/{@systemId}/Storage/{@storageId}/Controllers/{@ControllerId}/Ports/{@portId} 2.65 2.65 2.65 - -
/redfish/v1/Systems/{@systemId}/Storage/{@storageId}/Volumes 2.33 - - 2.60 -
/redfish/v1/Systems/{@systemId}/Storage/{@storageId}/Volumes/{@volumeId} 2.33 2.50 2.50 2.50 2.50

RDE capable device schema file locations

The schema files describing RDE capable devices are not stored in iLO nor in the device. However, their location is in the Link response header property of HEAD requests.

These schema files can be obtained using iLOrest tool.

To get the controller schema file of an RDE capable storage controller:

ilorest rawhead /redfish/v1/Systems/1/Storage/DE07C000 2>/dev/null | jq ‘.Link’

http://redfish.dmtf.org/schemas/v1/Storage.v1_10_1.json#/definitions/Storage

To get the volume schema file of an RDE capable logical volumes:

ilorest rawhead /redfish/v1/Systems/1/Storage/DE07C000/Volumes 2>/dev/null | jq -r ‘.Link’

http://redfish.dmtf.org/schemas/swordfish/v1/VolumeCollection.json

To get the network port schema file of an RDE capable network adapter:

ilorest rawhead /redfish/v1/Chassis/1/NetworkAdapters/DE080000/NetworkPorts 2>/dev/null | jq ‘.Link’

http://redfish.dmtf.org/schemas/v1/NetworkPortCollection.json

For more details, refer to the DMTF RDE specification.

Compute node data

Base FRUs

iLO 5 features the ability to display the FRU data on server blade board.

Accessing Base FRUs through Redfish

To access the Redfish Base FRUs resource, perform GET on /redfish/v1/Chassis/1/BaseFrus/. This resource includes a link to the collection of entries /redfish/v1/Chassis/1/BaseFrus/. Individual FRUs can be accessed by performing GET on /redfish/v1/Chassis/1/BaseFrus/{@baseId}/Details.

> curl https://{iLO}/redfish/v1/Chassis/1/BaseFrus/{@baseId}/Details -i --insecure -L
{
  "BladeInfo":{
    "Capabilities":{
      "BBCoordMap":["A"],
      "ChangesRequireReboot": true,
      "CurrentSenseSF":[195],
      "DynamicPower": true,
      "EkeyGroupMatchReq":[],
      "ILOHwReset": true,
      "StaticLowPowerMode": true,
      "TVSMechanicalFuse": true,
      "TempDeadlyDelayTime": 120,
      "UEFISupport": true
    },
    "PortMap":[
      {
        "BBCoord": "A",
        "BBMezzSlot":[
          {
            "LinkInfo":{"LType": "PCIe"},
            "MZ": 1,
            "Sys":[
              {
                "Cpu": 1,
                "Id": "1",
                "Pin":[
                  "0..15"
                ]
              }
            ]
          },
          {
            "LinkInfo":{
              "LType": "PCIe"
            },
            "MZ": 2,
            "Sys":[
              {
                "Cpu": 2,
                "Id": "1",
                "Pin":[
                  "0..15"
                ]
              }
            ]
          },
          {
            "LinkInfo":{"LType": "PCIe"},
            "MZ": 3,
            "Sys":[
              {
                "Cpu": 1,
                "Id": "1",
                "Pin":[
                  "0..15"
                ]
              }
            ]
          }
        ]
      }
    ],
    "Systems":[
      {
        "Components":[
          {
            "Count": 2,
            "DevType": "Processor",
            "Name": "CPU Slots"
          },
          {
            "Count": 32,
            "DevType": "DIMM",
            "Name": "Memory Module Slots"
          }
        ],
        "Id": "1"
      }
    ]
  },
  "IpmiProductInfo":{
    "AssemblyPartNumber": "<AssemblyPartNumber>",
    "BoardRevCode": "X3",
    "ChassisDepth": 572,
    "ChassisHeight": 213,
    "ChassisPartNumber": "<ChassisPartNumber>",
    "ChassisSerialNumber": "<ChassisSerialNumber>",
    "ChassisWidth": 64,
    "ManufacturedFor": "HPE",
    "Manufacturer": "HPE",
    "PCASerialNumber": "<PCASerialNumber>",
    "PCASparePartNumber": "<PCASparePartNumber>",
    "PartNumber": "<PartNumber>",
    "ProductVersion": "10P",
    "SerialNumber": "<SerialNumber>",
    "SlotsConsumedHeight": 1,
    "SlotsConsumedWidth": 1
  },
  "MgmtConfig":[
    {
      "ConnectType": "iLO",
      "CustomerVisible": true,
      "LinkRate": "1Gb",
      "ProtocolType": "Ethernet"
    }
  ],
  "PowerInfo":{
    "FullOn": 22,
    "LowMode": 16,
    "MaxPowerDuringAlert": 22,
    "Vaux": 10
  },
  "Preamble":{
    "CommType":[
      "iLO",
      "RIS"
    ],
    "EEPROMSize": 4096,
    "EfuseResetDuration": 4,
    "FactoryTimeStamp": "2020-08-13T04:08:02+0000",
    "FruSubType":[
      "Blade",
      "IpmiSegment"
    ],
    "FruType": "ServerBlade",
    "GreenFactor":[
      "Low Halogen"
    ],
    "HwCompliance":[],
    "Language": "en-US",
    "LastModified": "2020-07-10",
    "Model": "Synergy 480 Gen10 Plus Compute Module"
  },
  "Type": "HpServerFru.1.0.1"
}

Mezzanine FRUs

The NIC and Mezzanine (Mezz) option FRU information informs Onboard Administrator of the type of interconnects each server requires. Before power is provided to a server blade, Onboard Administrator compares this information with the FRU EEPROMs on installed interconnect modules to check for electronic keying errors.

iLO 5 features the ability to display the FRU data on the cards in the Mezzanine slots.

Accessing MEZZ FRUs through Redfish

To access the Redfish MEZZ FRUs resource, perform GET on /redfish/v1/Chassis/1/MezzFrus/. This resource includes a link to the collection of entries /redfish/v1/Chassis/1/MezzFrus/. Individual FRUs can be accessed by performing GET on /redfish/v1/Chassis/1/MezzFrus/{@mezzId}/Details.

> curl https://{iLO}/redfish/v1/Chassis/1/MezzFrus/{@mezzId}/Details -i --insecure -L
{
  "Type": "HpMezzFru.1.0.1",
  "Preamble":{
    "Model": "Synergy 4820C 10/20/25Gb CNA",
    "LastModified": "2018-03-29",
    "FactoryTimeStamp": "2019-11-29T02:04:57+0000",
    "EEPROMSize": 16384,
    "Language": "en-US",
    "HwCompliance":[
      "PCI"
    ],
    "GreenFactor":[],
    "FruType": "Mezz",
    "FruSubType":[
      "Ethernet",
      "IpmiSegment"
    ],
    "CommType":[
      "DCI",
      "RIS",
      "iLO"
    ]
  },
  "IpmiProductInfo":{
    "Manufacturer": "HPE",
    "ManufacturedFor": "HPE",
    "SerialNumber": "<SerialNumber>",
    "PartNumber": "<PartNumber>",
    "PCASerialNumber": "<PCASerialNumber>",
    "PCASparePartNumber": "<PCASparePartNumber>",
    "AssemblyPartNumber": "<AssemblyPartNumber>",
    "BoardRevCode": "0A"
  },
  "PowerInfo":{
    "FullOn": 13,
    "LowMode": 11,
    "Vaux": 6
  },
  "MezzInfo":{
    "CardType": "C",
    "Capabilities":{
      "EkeyMismatch": "DisableOnReboot",
      "EkeyGroupMatchReq":[],
      "EkeyPortToAirIsOk": true,
      "ScanChainSupport": true,
      "PortSwap": true,
      "LLSupport": false,
      "LinkInfo":{"LType": "PCIe", "LWidth":["16x" ], "LReverse": true},
      "ESwitchSupport": false,
      "CLPSupport": false
    },
    "PortMap":[
      {
        "ConnName": "System",
        "ConnType":[
          "Copper"
        ],
        "SysToPort":[
          {
            "PrName": "Flex10",
            "PrSp": 10,
            "PinSp": 10,
            "Capabilities":[
              {"Pin":["0..15" ], "PrName": "Flex10-1"},
              {"Pin":["0..15" ], "PrName": "Flex10-3"}
            ]
          },
          {
            "PrName": "Flex20",
            "PrSp": 20,
            "PinSp": 10,
            "Capabilities":[
              {"Pin":["0..15" ], "PrName": "Flex20-1:2"},
              {"Pin":["0..15" ], "PrName": "Flex20-3:4"}
            ]
          },
          {
            "PrName": "Flex25",
            "PrSp": 25,
            "PinSp": 25,
            "Capabilities":[
              {"Pin":["0..15" ], "PrName": "Flex25-1"},
              {"Pin":["0..15" ], "PrName": "Flex25-3"}
            ]
          }
        ]
      },
      {
        "ConnName": "Fabric",
        "ConnType":["Copper"],
        "MediaInfo":[
          {"MediaId": 1, "MAC": "94:40:c9:5b:34:76"},
          {"MediaId": 2, "WwpnPrefix": "20:00:"},
          {"MediaId": 3, "WwnnPrefix": "10:00:"}
        ],
        "PortToFabric":[
          {
            "PortId": 1,
            "Personality":[
              {
                "TechType": "Ethernet",
                "SubType":["Ethernet", "iSCSI", "FCoE"],
                "SerdesType": "FF",
                "Capabilities":[
                  {"PrType": "Ethernet", "PrName": "Flex10-1", "PrSp": 10, "PinSp": 10},
                  {"PrType": "Ethernet", "PrName": "Flex20-1:2", "PrSp": 20, "PinSp": 10},
                  {"PrType": "Ethernet", "PrName": "Flex25-1", "PrSp": 25, "PinSp": 25},
                  {"PrType": "iSCSI", "PrName": "Flex10-1", "PrSp": 10, "PinSp": 10},
                  {"PrType": "iSCSI", "PrName": "Flex20-1:2", "PrSp": 20, "PinSp": 10},
                  {"PrType": "iSCSI", "PrName": "Flex25-1", "PrSp": 25, "PinSp": 25},
                  {"PrType": "FCoE", "PrName": "Flex10-1", "PrSp": 10, "PinSp": 10},
                  {"PrType": "FCoE", "PrName": "Flex20-1:2", "PrSp": 20, "PinSp": 10},
                  {"PrType": "FCoE", "PrName": "Flex25-1", "PrSp": 25, "PinSp": 25}
                ]
              }
            ]
          },
          {
            "PortId": 2,
            "Personality":[
              {
                "TechType": "Ethernet",
                "SubType":["Ethernet", "iSCSI", "FCoE"],
                "SerdesType": "FF",
                "Capabilities":[
                  {"PrType": "Ethernet", "PrName": "Flex10-3", "PrSp": 10, "PinSp": 10},
                  {"PrType": "Ethernet", "PrName": "Flex20-3:4", "PrSp": 20, "PinSp": 10},
                  {"PrType": "Ethernet", "PrName": "Flex25-3", "PrSp": 25, "PinSp": 25},
                  {"PrType": "iSCSI", "PrName": "Flex10-3", "PrSp": 10, "PinSp": 10},
                  {"PrType": "iSCSI", "PrName": "Flex20-3:4", "PrSp": 20, "PinSp": 10},
                  {"PrType": "iSCSI", "PrName": "Flex25-3", "PrSp": 25, "PinSp": 25},
                  {"PrType": "FCoE", "PrName": "Flex10-3", "PrSp": 10, "PinSp": 10},
                  {"PrType": "FCoE", "PrName": "Flex20-3:4", "PrSp": 20, "PinSp": 10},
                  {"PrType": "FCoE", "PrName": "Flex25-3", "PrSp": 25, "PinSp": 25}
                ]
              }
            ]
          }
        ],
        "PortToFabricSwap":[
          {
            "PortId": 1,
            "Personality":[
              {"TechType": "Ethernet", "SubType":["Ethernet", "iSCSI", "FCoE" ], "SerdesType": "FF"}
            ]
          },
          {
            "PortId": 2,
            "Personality":[
              {
                "TechType": "Ethernet",
                "SubType":["Ethernet", "iSCSI", "FCoE"],
                "SerdesType": "FF",
                "Capabilities":[
                  {"PrType": "Ethernet", "PrName": "Flex10-3", "PrSp": 10, "PinSp": 10},
                  {"PrType": "Ethernet", "PrName": "Flex20-3:4", "PrSp": 20, "PinSp": 10},
                  {"PrType": "Ethernet", "PrName": "Flex25-3", "PrSp": 25, "PinSp": 25},
                  {"PrType": "iSCSI", "PrName": "Flex10-3", "PrSp": 10, "PinSp": 10},
                  {"PrType": "iSCSI", "PrName": "Flex20-3:4", "PrSp": 20, "PinSp": 10},
                  {"PrType": "iSCSI", "PrName": "Flex25-3", "PrSp": 25, "PinSp": 25},
                  {"PrType": "FCoE", "PrName": "Flex10-3", "PrSp": 10, "PinSp": 10},
                  {"PrType": "FCoE", "PrName": "Flex20-3:4", "PrSp": 20, "PinSp": 10},
                  {"PrType": "FCoE", "PrName": "Flex25-3", "PrSp": 25, "PinSp": 25}
                ]
              }
            ]
          }
        ]
      }
    ]
  }
}

Logging

iLO 5 features a logging service that enables you to view logs of different categories. These logs are of the following types - Security Logs (SL), Integrated Management Logs (IML), iLO Event Logs (IEL), Alert Event Logs, and DPU Logs. All of these logs are part of the #LogServices resource type. The entry point for the SL, IML, and Alert Event logs is at /redfish/v1/systems/{item}/logservices. The entry point for the IEL is at /redfish/v1/managers/{item}/logservices.

Security Logs

The Security Logs provide a record of the security events recorded by the iLO firmware. Examples of the logged events include changes to the security configuration and security compliance issues. Other logged events include hardware intrusion, maintenance, and denial of service. The security logs provide a focused view of all recorded security events. When the security log is full, the new events overwrite the previous event in the log.

Accessing SLs through Redfish

To access the Redfish SL resource, perform GET on /redfish/v1/Systems/1/LogServices/SL/. This resource includes a link to the collection of entries /redfish/v1/Systems/1/LogServices/SL/Entries/ and an action /redfish/v1/Systems/1/LogServices/SL/Actions/LogService.ClearLog to clear the SLs. Individual SLs can be accessed by performing GET on /redfish/v1/Systems/1/LogServices/SL/Entries/{@SlId}.

> curl https://{iLO}/redfish/v1/systems/1/logservices/sl/entries/{SlId} -i --insecure -L
{
    "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
    "@odata.etag": "W/\"89680635\"",
    "@odata.id": "/redfish/v1/Systems/1/LogServices/SL/Entries/3",
    "@odata.type": "#LogEntry.v1_1_0.LogEntry",
    "Id": "3",
    "Created": "2020-01-08T11:15:41Z",
    "EntryType": "Oem",
    "Message": "iLO detected 3 unauthorized login attempts.",
    "Name": "Security Log",
    "Oem": {
        "Hpe": {
            "@odata.context": "/redfish/v1/$metadata#HpeLogEntry.HpeLogEntry",
            "@odata.type": "#HpeLogEntry.v2_3_0.HpeLogEntry",
            "Categories": [
                "Security",
                "Administration"
            ],
            "Class": 56,
            "ClassDescription": "Denial of Service",
            "Code": 2,
            "Count": 1,
            "EventNumber": 3,
            "Severity": "Informational",
            "Updated": "2020-01-08T11:15:41Z",
            "UserAction": "Not Applicable"
        }
    },
    "OemRecordFormat": "Hpe-SL",
    "Severity": "OK"
}

Clearing SLs through Redfish Action

To completely clear all SLs, perform POST on https://{iLOIP}/redfish/v1/systems/1/logservices/sl/Actions/LogService.ClearLog.

NOTE: Cleared SLs will be available in the server AHS logs.

Integrated Management Log

The IML provides a record of historical events that have occurred on the server. Events are generated by the system ROM and by services such as the iLO drivers. Logged events include server-specific information such as health and status information, firmware updates, operating system information, and ROM-based POST codes. Entries in the IML can help you diagnose issues or identify potential issues. Preventative action might help to avoid disruption of service. When the IML is full, new events overwrite the previous event in the log.

Examples of IML event types

Accessing IMLs through Redfish

To access the Redfish IML resource, perform GET on /redfish/v1/Systems/1/LogServices/IML/. This resource includes a link to the collection of entries /redfish/v1/Systems/1/LogServices/IML/Entries/ and an action LogService.ClearLog to clear the IMLs. Individual IMLs can be accessed by performing GET on /redfish/v1/Systems/1/LogServices/IML/Entries/{@ImlId}.

> curl https://{iLO}/redfish/v1/systems/1/logservices/iml/entries/{ImlId} -i --insecure -L
{
    "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
    "@odata.etag": "W/\"C18B58CC\"",
    "@odata.id": "/redfish/v1/Systems/1/LogServices/IML/Entries/1",
    "@odata.type": "#LogEntry.v1_1_0.LogEntry",
    "Id": "1",
    "Created": "0000-00-00T00:00:00Z",
    "EntryType": "Oem",
    "Message": "IML Cleared (iLO user: admin)",
    "Name": "Integrated Management Log",
    "Oem": {
        "Hpe": {
            "@odata.context": "/redfish/v1/$metadata#HpeLogEntry.HpeLogEntry",
            "@odata.type": "#HpeLogEntry.v2_3_0.HpeLogEntry",
            "Categories": [
                "Maintenance",
                "Administration"
            ],
            "Class": 33,
            "ClassDescription": "Maintenance",
            "Code": 1,
            "Count": 1,
            "EventNumber": 51,
            "Severity": "Informational",
            "Updated": "0000-00-00T00:00:00Z"
        }
    },
    "OemRecordFormat": "Hpe-IML",
    "Severity": "OK"
}

Repairing IMLs through Redfish PATCH

To manually mark an IML event as repaired, perform a PATCH on https://{iLOIP}/redfish/v1/systems/1/logservices/iml/entries/{ImlId}. This is only supported on events that are of severity Caution or Critical.

NOTE: When events are manually marked as repaired, SNMP or REST alerts are not notified.

PATCH /redfish/v1/systems/1/logservices/iml/entries/{ImlId}

{
    "Oem" : {
        "Hpe" : {
            "Repaired" : true
        }
    }
}

Clearing IMLs through Redfish Action

To completely clear all IMLs, perform POST on https://{iLOIP}/redfish/v1/systems/1/logservices/iml/Actions/LogService.ClearLog.

NOTE: Cleared IMLs are available in the server AHS logs.

iLO Event Log

The iLO Event Log provides a record of significant events recorded by the iLO firmware. Examples of the logged events include server events such as a server power outage or a server reset. Other logged events include logins, virtual power events, clearing the log, and some configuration changes. iLO provides secure password encryption, tracking all login attempts and maintaining a record of all login failures. The Authentication Failure Logging setting allows you to configure logging criteria for failed authentications. The event log captures the client name for each logged entry to improve auditing capabilities in DHCP environments, and records the account name, computer name, and IP address. When the event log is full, each new event overwrites the oldest event in the log. For a list of the errors that might appear in the event log, see the error messages guide for your server.

Accessing IELs through Redfish

To access the Redfish IEL resource, perform GET on /redfish/v1/Managers/1/LogServices/IEL/. This resource includes a link to the collection of entries /redfish/v1/Managers/1/LogServices/IEL/Entries/ and an action /redfish/v1/Managers/1/LogServices/IEL/Actions/LogService.ClearLog to clear the IELs. Individual IELs can be accessed by performing GET on /redfish/v1/Managers/1/LogServices/IEL/Entries/{@IelId}.

> curl https://{iLO}/redfish/v1/managers/1/logservices/iel/entries/{IelId} -i --insecure -L
{
    "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
    "@odata.etag": "W/\"C1EEC71D\"",
    "@odata.id": "/redfish/v1/Managers/1/LogServices/IEL/Entries/1",
    "@odata.type": "#LogEntry.v1_1_0.LogEntry",
    "Id": "1",
    "Created": "2022-02-25T05:13:01Z",
    "EntryType": "Oem",
    "Message": "Host REST login: System Administrator",
    "Name": "iLO Event Log",
    "Oem": {
        "Hpe": {
            "@odata.context": "/redfish/v1/$metadata#HpeLogEntry.HpeLogEntry",
            "@odata.type": "#HpeLogEntry.v2_3_0.HpeLogEntry",
            "Categories": [
                "Security",
                "Administration"
            ],
            "Class": 35,
            "ClassDescription": "iLO 5",
            "Code": 1131,
            "Count": 11,
            "EventNumber": 256407,
            "Severity": "Informational",
            "Updated": "2022-02-25T05:13:11Z"
        }
    },
    "OemRecordFormat": "Hpe-iLOEventLog",
    "Severity": "OK"
}

Clearing IELs through Redfish Action

To completely clear all IELs, perform POST on https://{iLOIP}/redfish/v1/managers/1/logservices/iel/Actions/LogService.ClearLog.

NOTE: Cleared IELs will still be present in the server AHS logs.

Alert Event Log

The Entries under API - /redfish/v1/Systems/{item}/LogServices/Event/Entries list alerts in iLO. In general, clients can choose to asynchronously receive events by Subscribing to Event. Alerts are specifically those event entries having EventType as Alert, and they can be accessed synchronously by performing GET on /redfish/v1/Systems/{item}/LogServices/Event/Entries (without subscribing).

As of iLO 5 v2.70, these alerts are non-persistent, meaning that after an iLO reset, the count of /Event/Entries resets to 0, and only the new alerts generated after the iLO reset are logged to this collection. iLO can store up to 256 REST alerts (no life cycle events will be stored) in a rolling buffer mechanism. These alerts can also be cleared by performing POST on /redfish/v1/Systems/1/LogServices/Event/Actions/LogService.ClearLog/.

Following information will only be stored/retrieved and presented in JSON format as an API response:

The Properties from EventID to MessageArgs are all under the LogEntry schema, while ServiceEvent is a new OEM property defined with iLO 5 firmware v2.70.

Accessing Alert Event Log through Redfish

To access the Redfish Alert Event Log resource, perform GET on /redfish/v1/Systems/1/LogServices/Event/. This resource includes a link to the collection of entries /redfish/v1/Systems/1/LogServices/Event/Entries and an action /redfish/v1/Systems/1/LogServices/Event/Actions/LogService.ClearLog/ to clear the Alert Event Logs. Individual Alert Event Logs can be accessed by performing GET on /redfish/v1/Systems/1/LogServices/Event/Entries/{@entriesId}.

GET /redfish/v1/Systems/1/LogService/Event/Entries/24

{
    "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
    "@odata.id": "/redfish/v1/Systems/1/LogServices/Event/Entries/24/",
    "@odata.type": "#LogEntry.v1_11_0.LogEntry",
    "Id": "24",
    "Created": "2022-08-01T00:05:59Z",
    "EntryType": "Oem",
    "EventId": "3f4b0657-6612-5c36-d2fa-d747682c8c8b",
    "EventTimestamp": "2022-08-01T00:05:59Z",
    "Links": {
       "OriginOfCondition": {
          "@odata.id": "/redfish/v1/Chassis/2/Thermal#Fans/0/"
        }
    },
    "MessageArgs": [
          "1"
        ],
    "MessageId": "iLOEvents.3.7.FanFailed",
    "Name": "Event",
    "Oem": {
        "Hpe": {
          "@odata.context": "/redfish/v1/$metadata#HpeLogEntry.HpeLogEntry",
          "@odata.type": "#HpeLogEntry.v2_4_0.HpeLogEntry",
          "ServiceEvent": "True"
        }
    },
    "OemRecordFormat": "Hpe-Event",
    "Severity": "Critical"
  }

Clearing Alert Event Log through Redfish Action

To completely clear all Alert Event Logs, perform POST on https://{iLOIP}/redfish/v1/Systems/1/LogServices/Event/Actions/LogService.ClearLog/.

DPU Log

DPU devices maintain a separate resource tree (i.e. /redfish/v1/systems/2) and all sub-resources are listed under it. One of these sub-resources is the DPU Management Logs resource - /redfish/v1/systems/2/LogServices/DPU. The DPU Management logs provide a record of historical events that have occurred on the DPU. Logged events include DPU-specific information such as health and status information, firmware updates, configuration changes etc. Entries in the DPU can help you diagnose issues or identify potential issues. Preventative action might help to avoid disruption of service. When the DPU Log entry collection is full, new events overwrite the previous event in the log.

Accessing DPU Log through Redfish

To access the Redfish DPU Log resource, perform GET on /redfish/v1/Systems/2/LogServices/DPU/. This resource includes a link to the collection of entries /redfish/v1/Systems/2/LogServices/DPU/Entries and an action /redfish/v1/Systems/2/LogServices/DPU/Actions/LogService.ClearLog/ to clear the DPU Logs. Individual DPU Log can be accessed by performing GET on /redfish/v1/Systems/2/LogServices/DPU/Entries/{@entriesId}.

GET /redfish/v1/Systems/2/LogServices/DPU/Entries/1

{
    "@odata.context": "/redfish/v1/$metadata#LogEntry.LogEntry",
    "@odata.etag": "W/\"D92B34AC\"",
    "@odata.id": "/redfish/v1/Systems/2/LogServices/DPU/Entries/1",
    "@odata.type": "#LogEntry.v1_11_0.LogEntry",
    "Id": "1",
    "Created": "2021-06-10T08:08:42Z",
    "EntryType": "Oem",
    "Message": "DPU Log cleared by: Administrator",
    "Name": "DPU Log",
    "Severity": "OK"
}

Clearing DPU Log through Redfish Action

To completely clear all DPU Logs, perform POST on https://{iLOIP}/redfish/v1/Systems/2/LogServices/DPU/Actions/LogService.ClearLog/.

Serial interface

The Redfish serial interface resource lists physical serial interfaces that allow access to iLO. It allows administrators to configure the baud rate and enable or disable serial access to iLO Command line interface using server physical serial port.

Accessing serial interfaces resource through Redfish

To access the Redfish serial interfaces resource, perform GET on /redfish/v1/Managers/1/SerialInterfaces/. This collection resource includes links to the serial interface members /redfish/v1/Managers/1/SerialInterfaces/{serialInterfaceId}.

Viewing serial interface configuration

To view configuration information on a specific member from the serial interfaces collection, perform GET on /redfish/v1/Managers/1/SerialInterfaces/{serialInterfaceId}. This resource provides configurable information on the following:

Property Type Description
InterfaceEnabled Boolean An indication of whether this interface is enabled
BitRate Enum (Bitrate) The receive and transmit rate of data flow, typically in bits per second (bit/s), over the serial connection

The Bitrate enum can take the following values - "9600", "19200", "38400", "57600", "115200"

> curl https://{iLO}/redfish/v1/Managers/1/SerialInterfaces/{serialInterfaceId} -i --insecure -L
{
    "@odata.context": "/redfish/v1/$metadata#SerialInterface.SerialInterface",
    "@odata.etag": "W/\"0CFA12DC\"",
    "@odata.id": "/redfish/v1/Managers/1/SerialInterfaces/1",
    "@odata.type": "#SerialInterface.v1_1_7.SerialInterface",
    "Id": "1",
    "BitRate": "115200",
    "Description" : "Serial Interface",
    "InterfaceEnabled" : true,
    "Name" : "SerialInterface"
}

Configuring serial interface through Redfish PATCH

To modify the serial interface configuration, perform a PATCH on /redfish/v1/Managers/1/SerialInterfaces/{serialInterfaceId}.

PATCH /redfish/v1/Managers/1/SerialInterfaces/{serialInterfaceId}

{
    "InterfaceEnabled" : true,
    "BitRate" : "9600"
}

HPE Persistent Memory Configuration

Configuration of HPE Persistent Memory featuring Intel Optane persistent memory modules (PMM) uses the Redfish MemoryChunk, MemoryDomain, and TaskService to manage goal configurations. Please note that the HPE RESTful Interface tool v2.5.0 provides commands for inventory and configuration of PMMs. The new HPE Persistent Memory Management Utility provides a graphical experience for managing PMMs. Both tools use the iLO RESTful API, but add a layer of abstraction for the user.

Concepts and Terms

Term Definition
Interleave Set A group of Memory Regions that are interleaved together. Represented by a MemoryChunk in Redfish.
Memory Chunk A Memory Chunk is a group of one or more regions. The chunk represents an interleave set. Memory Domains and Chunks will ONLY be reported for Persistent Regions. Volatile Regions will be treated just like DIMMs with no such data reported.
Memory Domain Memory Domains are used to indicate to the client which Memory (DIMMs) can be grouped together in Memory Chunks to form interleave sets or otherwise grouped together. Informational only, not configurable.
Memory Region A region is a portion of a DIMM of a specific size and mode. A DIMM can have one or more regions. Regions can be the same or different mode on a DIMM.
Namespace For PMM, this is a device made available in filesystem (OS) source.

Overview

To create a MemoryChunk and Regions required, POST a MemoryChunk to the MemoryChunkCollection in a specific MemoryDomain. In the POST, list the DIMMs that should be included in MemorySet for the MemoryChunk, based on the InterleavableMemorySets in the MemoryDomain. All DIMMs on the socket related to the MemoryDomain must be configured in a MemoryChunk in order for the configuration to succeed.

To delete a MemoryChunk, DELETE the MemoryChunk from the MemoryChunkCollection. Deleting a MemoryChunk will result in the corresponding memory region being set to volatile memory.

POST will only be supported for persistent Memory Chunks. Remaining capacity will be configured as volatile. Only persistent Memory Chunks will be reported in the system, since volatile interleaving is not reported for standard DIMMs.

Only one Interleaved MemoryChunk is supported, and that Interleaved MemoryChunk must include all DIMMs on that socket. This matches what is specified in the MemoryDomain’s InterleavableMemorySets. If several POST requests are issued to configure multiple Interleaved MemoryChunks on a socket, iLO will reject the POST. iLO ensures all CPU installed PMMs are included in the memory set for a POST that is creating an interleaved Memory Chunk. This also checks for duplicate DIMM entries.

Memory Population Violations

If the memory population rules are violated, then configuration through the iLO RESTful API is not supported. Configuration may fail or have unexpected results.

MemoryChunk POST properties

Note: The values specified by MemoryChunkSizeMiB or MemoryChunkSizePercentage must be the same across all POST requests on a given socket (Memory Domain).

Example MemoryChunk POST

The example below is a POST body for creating a MemoryChunk using the MemoryChunkSizePercentage property. The PMMs on processor 1 in slots 6 and 7 will be interleaved and provisioned to 50% persistent memory (App Direct) mode. The remaining 50% is set to volatile (memory) mode.

POST /redfish/v1/Systems/1/MemoryDomains/PROC1MemoryDomain/MemoryChunks/

{
    "AddressRangeType": "PMEM",
    "Oem": {
       "Hpe": {
          "MemoryChunkSizePercentage": 50
       }    
    },
    "InterleaveSets": [
       {
          "Memory" : { "@odata.id": "/redfish/v1/Systems/1/Memory/proc1dimm6/"}
       },
       {
          "Memory" : { "@odata.id": "/redfish/v1/Systems/1/Memory/proc1dimm7/"}
       }
    ]
}

Configuration Tasks

Since the POST and DELETE modifications to the MemoryChunks are applied on system reboot, iLO will create a Task for each request. The Tasks are managed by the TaskService. On success, the POST and DELETE responses will include information about the corresponding Task. All the staged Tasks will be provided to BIOS on reboot. BIOS will process all the Tasks, in order, to create new Goal Configurations for each impacted PMMs. If Goal Configurations cannot be created, then ALL of the Tasks will fail, and the Task status will report the reason for the failure. PATCH to the MemoryChunk is not supported, so reconfiguration of existing configurations must first DELETE the existing MemoryChunks before creating a new configuration.

Example response to a MemoryChunk POST:

Status: 202 Accepted

{
    "@odata.context": "/redfish/v1/$metadata#Task.Task",
    "@odata.etag": "W/\"D793BCE6\"",
    "@odata.id": "/redfish/v1/TaskService/Tasks/1545/",
    "@odata.type": "#Task.v1_3_0.Task",
    "Id": "1545",
    "Description": "iLO Task",
    "Messages": [
        {}
    ],
    "Name": "Task 1545",
    "Payload": {
        "HttpOperation": "POST",
        "JsonBody": "{\"AddressRangeType\":\"PMEM\",\"InterleaveSets\":[{\"Memory\":{\"@odata.id\":\"/redfish/v1/Systems/1/Memory/proc1dimm6/\"}},{\"Memory\":{\"@odata.id\":\"/redfish/v1/Systems/1/Memory/proc1dimm7/\"}}],\"Oem\":{\"Hpe\":{\"MemoryChunkSizePercentage\":100}}}",
        "TargetUri": "/redfish/v1/Systems/1/MemoryDomains/PROC1MemoryDomain/MemoryChunks/"
    },
    "StartTime": "2019-03-06T16:18:50Z",
    "TaskMonitor": "/redfish/v1/TaskService/TaskMonitors/1545/",
    "TaskState": "New"
}

POST and Task limits

iLO will limit the total number of Tasks to a minimum of 192.

Configuration Sequencing

The intent of configuration will only be inferred from the sequence in which the requests are made. As such, any DELETE requests must precede any POST requests relating to MemoryDomains on the same socket. A DELETE request and a POST request may be performed in the same reboot, as long as they follow this rule.

Example 1: Reconfigure to Change Interleaving

Start: Example configuration is two PMMs, A1 and A2, of 16 GiB each on a single socket on the same memory controller. There are two existing MemoryChunks, MC1 and MC2, for 100% persistent memory non-interleaved.

Goal: Reconfigure these two PMMs to be 100% persistent memory interleaved.

Solution: The client would first issue a DELETE request on MC1 and a separate DELETE request on MC2. This would create two New Tasks in the TaskService. The client would then issue a POST request on the MemoryDomain’s Memory Chunk Collection. The POST body includes DIMMs A1 and A2 in the corresponding InterleaveSets with an Oem.Hpe.MemoryChunkSizePercentage of 100% or a MemoryChunkSizeMiB of 32GiB. This would result in three New Tasks in the TaskService queue to be consumed on reboot. See details steps below:

  1. Delete MC1.

DELETE /redfish/v1/Systems/1/MemoryDomains/PROC1MemoryDomain/MemoryChunks/MC1

  1. Delete MC2.

DELETE /redfish/v1/Systems/1/MemoryDomains/PROC1MemoryDomain/MemoryChunks/MC2

  1. Create new configuration: Option 1 using MemoryChunkSizePercentage

POST /redfish/v1/Systems/1/MemoryDomains/PROC1MemoryDomain/MemoryChunks

   {
       "AddressRangeType": "PMEM",
       "Oem": {
           "Hpe": {
               "MemoryChunkSizePercentage": 100
           }
       },
       "InterleaveSets": [
          {
               "Memory": {
                   "@odata.id": "/redfish/v1/Systems/1/Memory/A1/"
            }
           },
           {
               "Memory": {
                   "@odata.id": "/redfish/v1/Systems/1/Memory/A2/"
               }
           }
       ]
   }
  1. Create new configuration: Option 2 using MemoryChunkSizeMiB

POST /redfish/v1/Systems/1/MemoryDomains/PROC1MemoryDomain/MemoryChunks

   {
       "AddressRangeType": "PMEM",
       "MemoryChunkSizeMiB": 32768,
       "InterleaveSets": [
          {
               "Memory": {
                   "@odata.id": "/redfish/v1/Systems/1/Memory/A1/"
            }
           },
           {
               "Memory": {
                   "@odata.id": "/redfish/v1/Systems/1/Memory/A2/"
               }
           }
       ]
   }
  1. Reboot system to apply changes staged in iLO as Tasks.

Example 2: Reconfigure to change Memory Provisioning on Two-Socket System

Start: Example configuration is two PMMs, A1 and A2, of 16GiB each on a single socket on the same memory controller. There are two existing MemoryChunks, MC1 and MC2, for 100% persistent memory non-interleaved. Also, two PMMs, B1 and B2, of 16GiB each on a single socket (separate than A1 and A2) on the same memory controller with two existing MemoryChunks, MC3 and MC4, for 100% persistent memory non-interleaved.

Goal: Reconfigure these four PMMs to be 50% persistent memory non-interleaved. The remaining 50% is volatile (memory mode).

Solution: The client would first issue separate DELETE requests on MC1, MC2, MC3, and MC4. This would create four New Tasks in the TaskService. The client would then issue a POST request on the Memory Chunk Collection of the MemoryDomain corresponding to A1 with A1 in the corresponding InterleaveSets and an Oem.Hpe.MemoryChunkSizePercentage of 50% or a MemoryChunkSizeMiB of 16GiB. The client would repeat this POST request on the MemoryDomains corresponding to A2, B1, and B2 with each of those respective DIMMs in their own InterleaveSets. This would result in eight New Tasks in the TaskService queue that would be consumed on reboot. See detailed steps below:

  1. Delete MC1.

DELETE /redfish/v1/Systems/1/MemoryDomains/PROC1MemoryDomain/MemoryChunks/MC1

  1. Delete MC2.

DELETE /redfish/v1/Systems/1/MemoryDomains/PROC1MemoryDomain/MemoryChunks/MC2

  1. Delete MC3.

DELETE /redfish/v1/Systems/1/MemoryDomains/PROC2MemoryDomain/MemoryChunks/MC3

  1. Delete MC4.

DELETE /redfish/v1/Systems/1/MemoryDomains/PROC2MemoryDomain/MemoryChunks/MC4

  1. Create new configuration using MemoryChunkSizePercentage for A1.

POST /redfish/v1/Systems/1/MemoryDomains/PROC1MemoryDomain/MemoryChunks

   {
       "AddressRangeType": "PMEM",
       "Oem": {
           "Hpe": {
               "MemoryChunkSizePercentage": 50
           }
       },
       "InterleaveSets": [
            {
               "Memory": {
                   "@odata.id": "/redfish/v1/Systems/1/Memory/A1/"
               }
           }
       ]
   }
  1. Create new configuration using MemoryChunkSizePercentage for A2.

POST /redfish/v1/Systems/1/MemoryDomains/PROC1MemoryDomain/MemoryChunks

   {
       "AddressRangeType": "PMEM",
       "Oem": {
           "Hpe": {
               "MemoryChunkSizePercentage": 50
           }
       },
       "InterleaveSets": [
            {
               "Memory": {
                   "@odata.id": "/redfish/v1/Systems/1/Memory/A2/"
               }
           }
       ]
   }
  1. Create new configuration using MemoryChunkSizePercentage for B1.

POST /redfish/v1/Systems/1/MemoryDomains/PROC2MemoryDomain/MemoryChunks

   {
       "AddressRangeType": "PMEM",
       "Oem": {
           "Hpe": {
               "MemoryChunkSizePercentage": 50
           }
       },
       "InterleaveSets": [
            {
               "Memory": {
                   "@odata.id": "/redfish/v1/Systems/1/Memory/B1/"
               }
           }
       ]
   }
  1. Create new configuration using MemoryChunkSizePercentage for B2.

POST /redfish/v1/Systems/1/MemoryDomains/PROC2MemoryDomain/MemoryChunks

   {
       "AddressRangeType": "PMEM",
       "Oem": {
           "Hpe": {
               "MemoryChunkSizePercentage": 50
           }
       },
       "InterleaveSets": [
            {
               "Memory": {
                   "@odata.id": "/redfish/v1/Systems/1/Memory/B2/"
               }
           }
       ]
   }
  1. Reboot system to apply changes staged in iLO as Tasks.

Managing Apollo Drive Bay Mapping

The HPE Apollo 2000 System with the HPE Apollo r2800 Chassis (including the Storage Expander Backplane) supports 24 SFF HPE SmartDrives. The SFF drive bays can be assigned to specific server nodes.

CAUTION: Changing the drive bay mapping configuration might cause data loss or data corruption. For example, consider a configuration with drive bays two through seven assigned to node 1, with the drives configured as a RAID0 volume. Data corruption might occur if you change the drive bay mapping so that the configured drives are no longer available.

Prerequisites

Getting host port topology details

The HostPortsInfo JSON object displays the node number and SAS controller associated with each server host port. Before you change the drive bay mapping, HPE recommends using the following REST API to view and understand the PortNumber mapping:

GET /redfish/v1/Chassis/1/AccHddService

This action returns the HostPortsInfo JSON object.

{
    "HostPortsInfo": [
        {
            "NodeNumber": 1,
            "PortNumber": 1,
            "SlotNumber": 1
        },
        {
            "NodeNumber": 2,
            "PortNumber": 2,
            "SlotNumber": 1
        },
        {
            "NodeNumber": 3,
            "PortNumber": 3,
            "SlotNumber": 1
        },
        {
            "NodeNumber": 4,
            "PortNumber": 4,
            "SlotNumber": 1
        }
    ]
}

Getting current and pending drive bay mapping

GET /redfish/v1/Chassis/1/AccHddService/zone

This action returns the CurrentZoneConfiguration and PendingZoneConfiguration JSON objects.

The CurrentZoneConfiguration JSON object displays the current drive bay mapping in the chassis.

{
    "CurrentZoneConfiguration": {
        "HostPort": [
            {
                "BayNumber": [ 1, 2, 3, 4, 5, 6 ],
                "PortNumber": 1
            },
            {
                "BayNumber": [ 7, 8, 9, 10, 11, 12 ],
                "PortNumber": 2
            },
            {
                "BayNumber": [ 13, 14, 15, 16, 17, 18 ],
                "PortNumber": 3
            },
            {
                "BayNumber": [ 19, 20, 21, 22, 23, 24 ],
                "PortNumber": 4
            },
            {
                "PortNumber": null
            }
        ]
    }
}

Note: The value PortNumber null indicates that a drive bay is not assigned.

The PendingZoneConfiguration JSON object displays the pending drive bay mapping configuration. This configuration will not be applied until all nodes remain powered off for at least 5 seconds.

{
    "PendingZoneConfiguration": {
        "HostPort": [
            {
                "BayNumber": [ 1, 2, 3, 4 ],
                "PortNumber": 1
            },
            {
                "BayNumber": [ 7, 8, 9, 10 ],
                "PortNumber": 2
            },
            {
                "BayNumber": [ 13, 14, 15, 16 ],
                "PortNumber": 3
            },
            {
                "BayNumber": [ 19, 20, 21, 22 ],
                "PortNumber": 4
            },
            {
                "BayNumber": [ 5, 6, 11, 12, 17, 18, 23, 24 ],
                "PortNumber": null
            }
        ]
    }
}

Note: The value PortNumber null indicates that a drive bay is not assigned.

Configuring drive bay mapping

You can make drive bay mapping configuration changes from any server node. The changes take effect when all server nodes in the Apollo 2000 system chassis are powered off and the Chassis firmware is able to reset the Storage Expander backplane. All nodes must remain powered off for at least 5 seconds after you initiate the configuration change.

The following example shows three drive bays assigned to each node.

POST /redfish/v1/Chassis/1/AccHddService/Zone/Actions/HpeServerAccHddZone.ConfigureZone

{
    "HostPort": [
      {
        "BayNumber": [
          1,
          2,
          3
        ],
        "PortNumber": 1
      },
      {
        "BayNumber": [
          7,
          8,
          9
        ],
        "PortNumber": 2
      },
      {
        "BayNumber": [
          13,
          14,
          15
        ],
        "PortNumber": 3
      },
      {
        "BayNumber": [
          19,
          20,
          21
        ],
        "PortNumber": 4
      }
    ]
}

This action returns a response indicating that all server nodes in the chassis must remain powered off for at least 5 seconds for the changes to take effect.

{
    "error": {
        "code": "iLO.0.10.ExtendedInfo",
        "message": "See @Message.ExtendedInfo for more information.",
        "@Message.ExtendedInfo": [
            {
                "MessageId": "iLO.2.9.ChassisResetRequired"
            }
        ]
    }
}

Setting drive bay mapping to the default configuration

The default configuration divides the 24 SFF drive bays by the number of server host ports in the Apollo 2000 Chassis. In a configuration with four 1U servers, the default drive bay configuration is six drive bays allocated to each of the four server slots. In a configuration with two 2U servers, the default drive bay configuration is 12 drive bays allocated to each of the two server slots.

POST an empty JSON object to URI to set drive bay mapping to the default configuration.

POST /redfish/v1/Chassis/1/AccHddService/Zone/Actions/HpeServerAccHddZone.LoadDefault

{}

This action returns a response indicating that all server nodes in the chassis must remain powered off for at least 5 seconds for the changes to take effect.

{
    "error": {
        "code": "iLO.0.10.ExtendedInfo",
        "message": "See @Message.ExtendedInfo for more information.",
        "@Message.ExtendedInfo": [
            {
                "MessageId": "iLO.2.9.ChassisResetRequired"
            }
        ]
    }
}

Error messages and registries in the iLO RESTful API

HTTP response 400

{
  "error": {
    "@Message.ExtendedInfo": [
      {
        "MessageId": "iLO.0.9.InvalidLicenseKey"
      }
    ],
    "code": "iLO.0.10.ExtendedInfo",
    "message": "See @Message.ExtendedInfo for more information."
  }
}
"InvalidLicenseKey": {
    "Description": "The license key is not valid.",
    "Message": "The license key is not valid.",
    "Severity": "Warning",
    "NumberOfArgs": 0,
    "ParamTypes": [],
    "Resolution": "Retry the operation using a valid license key."
}

Error messages appear in several places in the iLO RESTful API.

All error cases use a basic error JSON structure called ExtendedInfo. The most important property in ExtendedInfo is MessageId, a string containing a lookup key into a message registry.

MessageId helps to keep the iLO service small by keeping much of the explanatory text for an error out of the code. Instead, iLO supplies an ExtendedInfo response, where the MessageId provides enough information so that you can look up more details from another file.

For example, if you POST to the iLO license service to install an iLO license, but you supply an incorrect LicenseKey string, iLO responds with an error similar to the following:

HTTP response 400 is the standard RESTful API response to an error. In the example above, the error is easy to understand, but some errors are not easy to understand. To display a more meaningful error message, parse the string iLO.0.9.InvalidLicenseKey into the following components:

The search returns a result similar to the following:

Many error messages can also return parameters. These parameters may be plugged into the strings in the registry to form detailed messages tailored to the instance of the error message.

RESTful Events and the Event Service

iLO 5 features an event subscription service that enables you to subscribe to receive notifications when the REST data changes or when certain alerts occur. These notifications are in the form of HTTPS POST operations to a URI of your choice.

The event service is located in the data model at /redfish/v1/EventService. This resource includes a link to a collection of subscriptions (called Subscriptions located at /redfish/v1/EventService/Subscriptions).

Subscribing for Events examples

POST /redfish/v1/EventService/Subscriptions/

{
    "Destination": "https://myeventreciever/eventreceiver",
    "EventTypes": [
        "ResourceAdded",
        "ResourceRemoved",
        "ResourceUpdated",
        "StatusChange",
        "Alert"
    ],
    "HttpHeaders": {
        "Header": "HeaderValue"
    },
    "Context": "context string",
    "Oem": {
        "Hpe": {
            "DeliveryRetryIntervalInSeconds": 30,
            "RequestedMaxEventsToQueue": 20,
            "DeliveryRetryAttempts": 5,
            "RetireOldEventInMinutes": 10
        }
    }
}

In order to receive events, you must provide an HTTPS server accessible to iLO’s network with a URI you designate as the target for iLO-initiated HTTPS POST operations.

Construct a JSON object conforming to the type ListenerDestination (see example) and POST this to the collection indicated by the Subscriptions link at /redfish/v1/EventService/Subscriptions. If you receive an HTTP 201 Created response, a new subscription has been added. Note that iLO does not test the destination URI during this phase, so if the indicated URI is not valid, this will not be flagged until events are emitted and the connection to the destination fails.

Example POST payload to create a new subscription

Much of the above content depends entirely upon your needs and setup:

Consult the ListenerDestination schema for more details on each property. The subscription will automatically expire after the TTL information specified and must be renewed.

Simple Network Management Protocol

HPE iLO supports the Simple Network Management Protocol (SNMP). SNMP traps are generated by Redfish events posted in the iLO Integrated Management Logs (IML). iLO SNMP Object Identifiers (OIDs) are defined in the HPE Systems Insight Manager (SIM) MIB update kit. To cross reference an SNMP trap with REST alerts information, see the REST alerts table in the iLO 5 user guide.

SNMP configuration

SNMPv3 configuration can only be performed when the SNMP is enabled. SNMPv1 configuration can only be performed when the SNMP and the SNMPv1 are enabled.

SNMP enablement

SNMP enablement is performed by setting the SNMP/ProtocolEnabled property to true under the Redfish standard ManagerNetworkProtocol URI.

PATCH /redfish/v1/Managers/1/NetworkProtocol

{
    "SNMP": {
        "ProtocolEnabled": true
    }
}

SNMP ports configuration

The SNMP default port number (161) can be modified with a PATCH request of the SNMP/Port property under the Redfish standard ManagerNetworkProtocol URI.

The SNMP default trap port (162) can be modified with a PATCH request of the OEM/Hpe/SNMPTrapPort property under the ManagerNetworkProtocol URI.

PATCH /redfish/v1/Managers/1/NetworkProtocol

"Port": <integer>,
"Oem": {
        "Hpe": {
            "SNMPTrapPort": <integer>
        }
}

SNMPv1 enablement

SNMPv1 is enabled when the SNMPv1Enabled key is set to true, under the redfish/v1/Managers/1/SNMPServices URI. An iLO reset is required when a PATCH request is performed on that property.

PATCH /redfish/v1/Managers/1/SnmpService

{
    "SNMPv1Enabled": true,
    "SNMPv1RequestEnabled" : true,
    "SNMPv1TrapEnabled" : true

}

SNMP settings

General SNMP settings can be set in under the redfish/v1/Managers/1/SNMPServices URI.

PATCH /redfish/v1/Managers/1/SnmpService

{
    "Location": "My Location",
    "Contact": "Contact Name",
    "Role": "My role",
    "RoleDetail": "My role details",
    "ReadCommunities": [
        "communitystring1",
        "communitystring2",
        "communitystring3"
    ]
}

SNMPv3 settings

Specific SNMPv3 settings can be provided under the redfish/v1/Managers/1/SNMPServices URI.

PATCH /redfish/v1/Managers/1/SnmpService

{
    "SNMPv3EngineID": "0x8000000001020304",
    "SNMPv3InformRetryAttempt": 2,
    "SNMPv3InformRetryIntervalSeconds": 15
}

SNMP alerts

SNMP alerts properties can be set under the redfish/v1/Managers/1/SNMPServices URI.

iLO5 2.90 onwards, the following properties have been added:
- SNMPv1RequestsEnabled: Enables iLO to receive external SNMPv1 requests.
- SNMPv1TrapEnabled: Enables iLO to send SNMPv1 traps to the remote management systems configured in the alert destination.
- SNMPv3RequestsEnabled: Enables iLO to receive external SNMPv3 requests.
- SNMPv3TrapEnabled: Enables iLO to send SNMPv3 traps to the remote management systems configured in the alert destination.

NOTE:
- SNMPv1Enabled enables both SNMPv1RequestsEnabled and SNMPv1TrapEnabled.
- AlertsEnabled enables both SNMPv1TrapEnabled and SNMPv3TrapEnabled.
- Enabling either SNMPv1RequestsEnabled or SNMPv1TrapEnabled will enable SNMPv1Enabled.
- Enabling either SNMPv1TrapEnabled or SNMPv3TrapEnabled will enable AlertsEnabled.

PATCH /redfish/v1/Managers/1/SnmpService

{
    "TrapSourceHostname": "Manager",
    "AlertsEnabled": true,
    "SNMPv1Enabled": false,
    "Oem": {
        "Hpe": {
            "SNMPColdStartTrapBroadcast": false
        }
    },
    "PeriodicHSATrapConfig": "Disabled"
}

SNMP alert destinations

NOTE:
- The SNMPv1TrapEnabled option is available when SNMPv1TrapEnabled is enabled in the SNMP Alerts section.
- The SNMPv3TrapEnabled option is available when SNMPv3TrapEnabled is enabled in the SNMP Alerts section and at least one SNMPv3 user is configured.
- The SNMPv3Inform option is available when at least one SNMPv3 user is configured.

Add an SNMP alert destination with a POST request in the HpeSNMPAlertDestinationCollection URI.

POST redfish/v1/Managers/1/SnmpService/SNMPAlertDestinations

{
    "AlertDestination": "192.168.87.41",
    "SNMPAlertProtocol": "SNMPv1Trap",
    "TrapCommunity": "public"
}

SNMPv3 users

NOTE:
SNMPv3 users is available only if the SNMP Protocol is set to SNMPv3TrapEnabled or SNMPv3Inform.

SNMPv3 users can be managed under the HpeSNMPUsersCollection URI.

Add an SNMP user: POST /redfish/v1/Managers/1/SnmpService/SNMPUsers

{
    "SecurityName": "snmpuser",
    "AuthProtocol": "SHA",
    "AuthPassphrase": "myauthpassword",
    "PrivacyProtocol": "AES",
    "PrivacyPassphrase": "myPrivacyPassphrase",
    "UserEngineID": "0x8000000001020304"
}

Delete an SNMP user: DELETE /redfish/v1/Managers/1/SnmpService/SNMPUsers/2

Send test alerts

Test alerts can be sent to alert destinations using a POST request towards HpeiLOSnmpService.SendSNMPTestAlert under the redfish/v1/Managers/1/SNMPServices URI with an empty body.

POST /redfish/v1/Managers/1/SnmpService/Actions/HpeiLOSnmpService.SendSNMPTestAlert/

{}

Using the RESTful Interface Tool

Although not a requirement, you can use the RESTful Interface Tool with the RESTful API. This command line tool provides a level of abstraction and convenience above direct access to the RESTful API. For more information, see: http://www.hpe.com/info/resttool.

Client Best Practices

When developing a client for the RESTful API, be sure to not code based upon assumptions that are not guaranteed. The reason avoiding these assumptions is so important is that implementations may vary across systems and firmware versions, and we want your code to work consistently.

API Architecture

The RESTful API is a hypermedia API by design. This is to avoid building in restrictive assumptions to the data model that will make it difficult to adapt to future hardware implementations. A hypermedia API avoids these assumptions by making the data model discoverable via links between resources.

The client should not interact with a URI as if it will remain static. Only specific top-level URIs (any URI in this sample code) can be assumed as static.

All URIs, with the exception of known top-level URIs, must be discovered dynamically by following the href links in the data model. Clients should not make assumptions about the URIs for the resource members of a collection. For instance, the URI of a collection member will NOT always be /redfish/v1/.../collection/1, or 2.

Traversing the data model

Although the resources in the data model are linked together, because of cross link references between resources, a client may not assume the resource model is a tree. It is a graph instead, so any crawl of the data model should keep track of visited resources to avoid an infinite traversal loop.

A reference to another resource is any property called href (@odata.id in Redfish) no matter where it occurs in a resource.

An external reference to a resource outside the data model is referred to by a property called “extref”. Any resource referred to by extref should not be assumed to follow the conventions of the API.

HTTP POST to Create

When POSTing to create a resource (e.g. create an account or session), a successful response includes a Location HTTP header indicating the resource URI of the newly created resource. The POST may also include a representation of the newly created object in a JSON response body but may not. Do not assume the response body, but test it. It may also be an ExtendedError object.

HTTP Redirect

All clients must correctly handle HTTP redirect (for example, 308, 301, and so on.) iLO 5 will use redirection as a way to alias portions of the data model and to migrate the data model to the Redfish specified URIs (for example, /redfish/…).

Errata

EthernetInterfaces for ComputerSystem

In iLO 5 1.10, the link (@odata.id) to the EthernetInterfacesCollection is in the wrong location in the ComputerSystem resource. It should be a link directly from the root of the resource.

{
  "EthernetInterfaces": {
    "@odata.id": "<link>"
  }
}

In iLO 5 1.10 it is instead in the Hpe OEM sub-object:

{
  "Oem": {
    "Hpe": {
      "EthernetInterfaces": {
        "@odata.id": "<link>"
      }
    }
  }
}

Future iLO 5 firmware will correct this by adding the additional corrected link.

Other Web Resources

Resource Map

URI Type
/redfish/v1/ ServiceRoot
/redfish/v1/AccountService AccountService
/redfish/v1/AccountService/Accounts Collection of ManagerAccount
/redfish/v1/AccountService/Accounts/{item} ManagerAccount
/redfish/v1/AccountService/DirectoryTest HpeDirectoryTest
/redfish/v1/AccountService/ExternalAccountProviders/LDAP/Certificates Collection of Certificate
/redfish/v1/AccountService/ExternalAccountProviders/LDAP/Certificates/{item} Certificate
/redfish/v1/AccountService/Roles Collection of Role
/redfish/v1/AccountService/Roles/{item} Role
/redfish/v1/AccountService/UserCertificateMapping Collection of HpeiLOAccountCertificateMap
/redfish/v1/AccountService/UserCertificateMapping/{item} HpeiLOAccountCertificateMap
/redfish/v1/CertificateService CertificateService
/redfish/v1/CertificateService/CertificateLocations CertificateLocations
/redfish/v1/Chassis Collection of Chassis
/redfish/v1/Chassis/{item} Chassis
/redfish/v1/Chassis/{item}/AccHddService HpeServerAccHddService
/redfish/v1/Chassis/{item}/AccHddService/Zone HpeServerAccHddZone
/redfish/v1/Chassis/{item}/Devices Collection of HpeServerDevice
/redfish/v1/Chassis/{item}/Devices/{item} HpeServerDevice
/redfish/v1/Chassis/{item}/NetworkAdapters Collection of NetworkAdapter
/redfish/v1/Chassis/{item}/NetworkAdapters/{item} NetworkAdapter
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/NetworkDeviceFunctions Collection of NetworkDeviceFunction
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/NetworkDeviceFunctions/{item} NetworkDeviceFunction
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/NetworkDeviceFunctions/{item}/Settings NetworkDeviceFunction
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/NetworkPorts Collection of NetworkPort
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/NetworkPorts/{item} NetworkPort
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/NetworkPorts/{item}/HpeEVB HpeNetworkPortEVB
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/NetworkPorts/{item}/HpeLLDP HpeNetworkPortLLDP
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/NetworkPorts/{item}/Settings NetworkPort
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/Ports Collection of Port
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/Ports/{item} Port
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/Ports/{item}/Settings Port
/redfish/v1/Chassis/{item}/NetworkAdapters/{item}/Settings NetworkAdapter
/redfish/v1/Chassis/{item}/Power Power
/redfish/v1/Chassis/{item}/Power/AccPowerService HpeServerAccPowerService
/redfish/v1/Chassis/{item}/Power/AccPowerService/Calibration HpeServerAccPowerCalibration
/redfish/v1/Chassis/{item}/Power/AccPowerService/NodesInfo HpeServerAccPowerNodesInfo
/redfish/v1/Chassis/{item}/Power/AccPowerService/PowerLimit HpeServerAccPowerLimit
/redfish/v1/Chassis/{item}/Power/AccPowerService/Zone HpeServerAccPowerZone
/redfish/v1/Chassis/{item}/Power/FastPowerMeter HpePowerMeter
/redfish/v1/Chassis/{item}/Power/FederatedGroupCapping HpeiLOFederatedGroupCapping
/redfish/v1/Chassis/{item}/Power/PowerMeter HpePowerMeter
/redfish/v1/Chassis/{item}/Thermal Thermal
/redfish/v1/EventService EventService
/redfish/v1/EventService/CACertificates Collection of HpeCertificate
/redfish/v1/EventService/CACertificates/{item} HpeCertificate
/redfish/v1/EventService/Subscriptions Collection of EventDestination
/redfish/v1/EventService/Subscriptions/{item} EventDestination
/redfish/v1/JsonSchemas Collection of JsonSchemaFile
/redfish/v1/JsonSchemas/{item} JsonSchemaFile
/redfish/v1/Managers Collection of Manager
/redfish/v1/Managers/{item} Manager
/redfish/v1/Managers/{item}/ActiveHealthSystem HpeiLOActiveHealthSystem
/redfish/v1/Managers/{item}/BackupRestoreService HpeiLOBackupRestoreService
/redfish/v1/Managers/{item}/BackupRestoreService/BackupFiles Collection of HpeiLOBackupFile
/redfish/v1/Managers/{item}/BackupRestoreService/BackupFiles/{item} HpeiLOBackupFile
/redfish/v1/Managers/{item}/DateTime HpeiLODateTime
/redfish/v1/Managers/{item}/EmbeddedMedia HpeiLOEmbeddedMedia
/redfish/v1/Managers/{item}/EthernetInterfaces Collection of EthernetInterface
/redfish/v1/Managers/{item}/EthernetInterfaces/{item} EthernetInterface
/redfish/v1/Managers/{item}/FederationGroups Collection of HpeiLOFederationGroup
/redfish/v1/Managers/{item}/FederationGroups/{item} HpeiLOFederationGroup
/redfish/v1/Managers/{item}/FederationPeers Collection of HpeiLOFederationPeers
/redfish/v1/Managers/{item}/FederationPeers/{item} HpeiLOFederationPeers
/redfish/v1/Managers/{item}/HostInterfaces Collection of HostInterface
/redfish/v1/Managers/{item}/HostInterfaces/{item} HostInterface
/redfish/v1/Managers/{item}/LicenseService Collection of HpeiLOLicense
/redfish/v1/Managers/{item}/LicenseService/{item} HpeiLOLicense
/redfish/v1/Managers/{item}/LogServices Collection of LogService
/redfish/v1/Managers/{item}/LogServices/IEL LogService
/redfish/v1/Managers/{item}/LogServices/IEL/Entries Collection of LogEntry
/redfish/v1/Managers/{item}/LogServices/IEL/Entries/{item} LogEntry
/redfish/v1/Managers/{item}/NetworkProtocol ManagerNetworkProtocol
/redfish/v1/Managers/{item}/RemoteSupportService HpeRemoteSupport
/redfish/v1/Managers/{item}/RemoteSupportService/ServiceEventLogs Collection of LogEntry
/redfish/v1/Managers/{item}/RemoteSupportService/ServiceEventLogs/{item} LogEntry
/redfish/v1/Managers/{item}/SecurityService HpeSecurityService
/redfish/v1/Managers/{item}/SecurityService/AutomaticCertificateEnrollment HpeAutomaticCertEnrollment
/redfish/v1/Managers/{item}/SecurityService/CertificateAuthentication HpeCertAuth
/redfish/v1/Managers/{item}/SecurityService/CertificateAuthentication/CACertificates Collection of HpeCertificate
/redfish/v1/Managers/{item}/SecurityService/CertificateAuthentication/CACertificates/{item} HpeCertificate
/redfish/v1/Managers/{item}/SecurityService/ESKM HpeESKM
/redfish/v1/Managers/{item}/SecurityService/HttpsCert HpeHttpsCert
/redfish/v1/Managers/{item}/SecurityService/PlatformCert/Certificates Collection of Certificate
/redfish/v1/Managers/{item}/SecurityService/PlatformCert/Certificates/{item} Certificate
/redfish/v1/Managers/{item}/SecurityService/SSO HpeiLOSSO
/redfish/v1/Managers/{item}/SecurityService/SecurityDashboard HpeiLOSecurityDashboard
/redfish/v1/Managers/{item}/SecurityService/SecurityDashboard/SecurityParams Collection of HpeiLOSecurityParam
/redfish/v1/Managers/{item}/SecurityService/SecurityDashboard/SecurityParams/{item} HpeiLOSecurityParam
/redfish/v1/Managers/{item}/SecurityService/SystemIAK/Certificates Collection of Certificate
/redfish/v1/Managers/{item}/SecurityService/SystemIAK/Certificates/{item} Certificate
/redfish/v1/Managers/{item}/SecurityService/SystemIDevID/Certificates Collection of Certificate
/redfish/v1/Managers/{item}/SecurityService/SystemIDevID/Certificates/{item} Certificate
/redfish/v1/Managers/{item}/SecurityService/iLOIDevID/Certificates Collection of Certificate
/redfish/v1/Managers/{item}/SecurityService/iLOIDevID/Certificates/{item} Certificate
/redfish/v1/Managers/{item}/SecurityService/iLOLDevID/Certificates Collection of Certificate
/redfish/v1/Managers/{item}/SecurityService/iLOLDevID/Certificates/{item} Certificate
/redfish/v1/Managers/{item}/SerialInterfaces Collection of SerialInterface
/redfish/v1/Managers/{item}/SerialInterfaces/{item} SerialInterface
/redfish/v1/Managers/{item}/SnmpService HpeiLOSnmpService
/redfish/v1/Managers/{item}/SnmpService/SNMPAlertDestinations Collection of HpeSNMPAlertDestination
/redfish/v1/Managers/{item}/SnmpService/SNMPAlertDestinations/{item} HpeSNMPAlertDestination
/redfish/v1/Managers/{item}/SnmpService/SNMPUsers Collection of HpeSNMPUser
/redfish/v1/Managers/{item}/SnmpService/SNMPUsers/{item} HpeSNMPUser
/redfish/v1/Managers/{item}/VirtualMedia Collection of VirtualMedia
/redfish/v1/Managers/{item}/VirtualMedia/{item} VirtualMedia
/redfish/v1/Registries Collection of MessageRegistryFile
/redfish/v1/Registries/{item} MessageRegistryFile
/redfish/v1/ResourceDirectory HpeiLOResourceDirectory
/redfish/v1/SessionService SessionService
/redfish/v1/SessionService/Sessions Collection of Session
/redfish/v1/SessionService/Sessions/{item} Session
/redfish/v1/Systems Collection of ComputerSystem
/redfish/v1/Systems/{item} ComputerSystem
/redfish/v1/Systems/{item}/BaseNetworkAdapters Collection of HpeBaseNetworkAdapter
/redfish/v1/Systems/{item}/BaseNetworkAdapters/{item} HpeBaseNetworkAdapter
/redfish/v1/Systems/{item}/Bios Bios
/redfish/v1/Systems/{item}/Bios/Kmsconfig/Baseconfigs HpeBaseConfigs
/redfish/v1/Systems/{item}/Bios/Kmsconfig/Settings HpeKmsConfig
/redfish/v1/Systems/{item}/Bios/Serverconfiglock/Baseconfigs HpeBaseConfigs
/redfish/v1/Systems/{item}/Bios/Serverconfiglock/Settings HpeServerConfigLock
/redfish/v1/Systems/{item}/Bios/Settings Bios
/redfish/v1/Systems/{item}/Bios/baseconfigs HpeBaseConfigs
/redfish/v1/Systems/{item}/Bios/boot HpeServerBootSettings
/redfish/v1/Systems/{item}/Bios/boot/Settings HpeServerBootSettings
/redfish/v1/Systems/{item}/Bios/boot/baseconfigs HpeBaseConfigs
/redfish/v1/Systems/{item}/Bios/hpescalablepmem HpeScalablePmem
/redfish/v1/Systems/{item}/Bios/hpescalablepmem/Settings HpeScalablePmem
/redfish/v1/Systems/{item}/Bios/iscsi HpeiSCSISoftwareInitiator
/redfish/v1/Systems/{item}/Bios/iscsi/Settings HpeiSCSISoftwareInitiator
/redfish/v1/Systems/{item}/Bios/iscsi/baseconfigs HpeBaseConfigs
/redfish/v1/Systems/{item}/Bios/mappings HpeBiosMapping
/redfish/v1/Systems/{item}/Bios/tlsconfig HpeTlsConfig
/redfish/v1/Systems/{item}/Bios/tlsconfig/Settings HpeTlsConfig
/redfish/v1/Systems/{item}/Bios/tlsconfig/baseconfigs HpeBaseConfigs
/redfish/v1/Systems/{item}/BootOptions Collection of BootOption
/redfish/v1/Systems/{item}/BootOptions/{item} BootOption
/redfish/v1/Systems/{item}/EthernetInterfaces Collection of EthernetInterface
/redfish/v1/Systems/{item}/EthernetInterfaces/{item} EthernetInterface
/redfish/v1/Systems/{item}/LogServices Collection of LogService
/redfish/v1/Systems/{item}/LogServices/DPU LogService
/redfish/v1/Systems/{item}/LogServices/DPU/Entries Collection of LogEntry
/redfish/v1/Systems/{item}/LogServices/DPU/Entries/{item} LogEntry
/redfish/v1/Systems/{item}/LogServices/Event LogService
/redfish/v1/Systems/{item}/LogServices/Event/Entries Collection of LogEntry
/redfish/v1/Systems/{item}/LogServices/Event/Entries/{item} LogEntry
/redfish/v1/Systems/{item}/LogServices/IML LogService
/redfish/v1/Systems/{item}/LogServices/IML/Entries Collection of LogEntry
/redfish/v1/Systems/{item}/LogServices/IML/Entries/{item} LogEntry
/redfish/v1/Systems/{item}/LogServices/SL LogService
/redfish/v1/Systems/{item}/LogServices/SL/Entries Collection of LogEntry
/redfish/v1/Systems/{item}/LogServices/SL/Entries/{item} LogEntry
/redfish/v1/Systems/{item}/Memory Collection of Memory
/redfish/v1/Systems/{item}/Memory/{item} Memory
/redfish/v1/Systems/{item}/MemoryDomains Collection of MemoryDomain
/redfish/v1/Systems/{item}/MemoryDomains/{item} MemoryDomain
/redfish/v1/Systems/{item}/MemoryDomains/{item}/MemoryChunks Collection of MemoryChunks
/redfish/v1/Systems/{item}/MemoryDomains/{item}/MemoryChunks/{item} MemoryChunks
/redfish/v1/Systems/{item}/NetworkInterfaces Collection of NetworkInterface
/redfish/v1/Systems/{item}/NetworkInterfaces/{item} NetworkInterface
/redfish/v1/Systems/{item}/NetworkInterfaces/{item}/NetworkDeviceFunctions Collection of NetworkDeviceFunction
/redfish/v1/Systems/{item}/NetworkInterfaces/{item}/NetworkDeviceFunctions/{item} NetworkDeviceFunction
/redfish/v1/Systems/{item}/NetworkInterfaces/{item}/NetworkPorts Collection of NetworkPort
/redfish/v1/Systems/{item}/NetworkInterfaces/{item}/NetworkPorts/{item} NetworkPort
/redfish/v1/Systems/{item}/NetworkInterfaces/{item}/NetworkPorts/{item}/HpeEVB HpeNetworkPortEVB
/redfish/v1/Systems/{item}/NetworkInterfaces/{item}/NetworkPorts/{item}/HpeLLDP HpeNetworkPortLLDP
/redfish/v1/Systems/{item}/NetworkInterfaces/{item}/NetworkPorts/{item}/Settings NetworkPort
/redfish/v1/Systems/{item}/NetworkInterfaces/{item}/Ports Collection of Port
/redfish/v1/Systems/{item}/NetworkInterfaces/{item}/Ports/{item} Port
/redfish/v1/Systems/{item}/NetworkInterfaces/{item}/Ports/{item}/Settings Port
/redfish/v1/Systems/{item}/PCIDevices Collection of HpeServerPciDevice
/redfish/v1/Systems/{item}/PCIDevices/{item} HpeServerPciDevice
/redfish/v1/Systems/{item}/PCISlots Collection of HpeServerPCISlot
/redfish/v1/Systems/{item}/PCISlots/{item} HpeServerPCISlot
/redfish/v1/Systems/{item}/Processors Collection of Processor
/redfish/v1/Systems/{item}/Processors/{item} Processor
/redfish/v1/Systems/{item}/SecureBoot SecureBoot
/redfish/v1/Systems/{item}/SmartStorage HpeSmartStorage
/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers Collection of HpeSmartStorageArrayController
/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item} HpeSmartStorageArrayController
/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/DiskDrives Collection of HpeSmartStorageDiskDrive
/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/DiskDrives/{item} HpeSmartStorageDiskDrive
/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/LogicalDrives Collection of HpeSmartStorageLogicalDrive
/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/LogicalDrives/{item} HpeSmartStorageLogicalDrive
/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/LogicalDrives/{item}/DataDrives Collection of HpeSmartStorageDiskDrive
/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/StorageEnclosures Collection of HpeSmartStorageStorageEnclosure
/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/StorageEnclosures/{item} HpeSmartStorageStorageEnclosure
/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/UnconfiguredDrives Collection of HpeSmartStorageDiskDrive
/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/UnconfiguredDrives/{item} HpeSmartStorageDiskDrive
/redfish/v1/Systems/{item}/SmartStorage/HostBusAdapters Collection of HpeSmartStorageHostBusAdapter
/redfish/v1/Systems/{item}/SmartStorage/HostBusAdapters/{item} HpeSmartStorageHostBusAdapter
/redfish/v1/Systems/{item}/SmartStorage/HostBusAdapters/{item}/DiskDrives Collection of HpeSmartStorageDiskDrive
/redfish/v1/Systems/{item}/SmartStorage/HostBusAdapters/{item}/DiskDrives/{item} HpeSmartStorageDiskDrive
/redfish/v1/Systems/{item}/SmartStorageConfig SmartStorageConfig
/redfish/v1/Systems/{item}/SmartStorageConfig/Settings SmartStorageConfig
/redfish/v1/Systems/{item}/Storage Collection of Storage
/redfish/v1/Systems/{item}/Storage/{item}/Controllers/ Collection of StorageController
/redfish/v1/Systems/{item}/Storage/{item}/Controllers/{item} StorageController
/redfish/v1/Systems/{item}/Storage/{item}/Controllers/{item}/Ports/{item} Port
/redfish/v1/Systems/{item}/Storage/{item}/StorageControllers/{item}/Ports/{item} Port
/redfish/v1/Systems/{item}/USBDevices Collection of HpeUSBDevice
/redfish/v1/Systems/{item}/USBDevices/{item} HpeUSBDevice
/redfish/v1/Systems/{item}/USBPorts Collection of HpeUSBPort
/redfish/v1/Systems/{item}/USBPorts/{item} HpeUSBPort
/redfish/v1/Systems/{item}/WorkloadPerformanceAdvisor Collection of HpeWorkloadPerformanceAdvisor
/redfish/v1/Systems/{item}/WorkloadPerformanceAdvisor/{item} HpeWorkloadPerformanceAdvisor
/redfish/v1/TaskService TaskService
/redfish/v1/TaskService/Tasks Collection of Task
/redfish/v1/TaskService/Tasks/{item} Task
/redfish/v1/TelemetryService TelemetryService
/redfish/v1/TelemetryService/MetricDefinitions Collection of MetricDefinition
/redfish/v1/TelemetryService/MetricDefinitions/{item} MetricDefinition
/redfish/v1/TelemetryService/MetricReportDefinitions Collection of MetricReportDefinition
/redfish/v1/TelemetryService/MetricReportDefinitions/{item} MetricReportDefinition
/redfish/v1/TelemetryService/MetricReports/{item} MetricReport
/redfish/v1/TelemetryService/MetricsReport Collection of MetricReport
/redfish/v1/TelemetryService/Triggers Collection of Triggers
/redfish/v1/TelemetryService/Triggers/{item} Triggers
/redfish/v1/UpdateService UpdateService
/redfish/v1/UpdateService/ComponentRepository Collection of HpeComponent
/redfish/v1/UpdateService/ComponentRepository/{item} HpeComponent
/redfish/v1/UpdateService/FirmwareInventory Collection of SoftwareInventory
/redfish/v1/UpdateService/FirmwareInventory/{item} SoftwareInventory
/redfish/v1/UpdateService/InstallSets Collection of HpeComponentInstallSet
/redfish/v1/UpdateService/InstallSets/{item} HpeComponentInstallSet
/redfish/v1/UpdateService/InvalidImageRepository Collection of HpeInvalidImage
/redfish/v1/UpdateService/InvalidImageRepository/{item} HpeInvalidImage
/redfish/v1/UpdateService/MaintenanceWindows Collection of HpeMaintenanceWindow
/redfish/v1/UpdateService/MaintenanceWindows/{item} HpeMaintenanceWindow
/redfish/v1/UpdateService/SoftwareInventory Collection of SoftwareInventory
/redfish/v1/UpdateService/SoftwareInventory/{item} SoftwareInventory
/redfish/v1/UpdateService/UpdateTaskQueue Collection of HpeComponentUpdateTask
/redfish/v1/UpdateService/UpdateTaskQueue/{item} HpeComponentUpdateTask
/redfish/v1/systems/{item}/bios/Kmsconfig HpeKmsConfig
/redfish/v1/systems/{item}/bios/Serverconfiglock HpeServerConfigLock
redfish/v1/Chassis/{item}/BaseFrus Collection of HpeiLOFrus
redfish/v1/Chassis/{item}/BaseFrus/{item} HpeiLOFrus
redfish/v1/Chassis/{item}/BaseFrus/{item}/Details HpeiLOFrus
redfish/v1/Chassis/{item}/MezzFrus Collection of HpeiLOFrus
redfish/v1/Chassis/{item}/MezzFrus/{item} HpeiLOFrus
redfish/v1/Chassis/{item}/MezzFrus/{item}/Details HpeiLOFrus
redfish/v1/Chassis/{item}/PCIeDevices Collection of PCIeDevice
redfish/v1/Chassis/{item}/PCIeDevices/{item} PCIeDevice
redfish/v1/Chassis/{item}/PCIeDevices/{item}/PCIeFunctions Collection of PCIeFunction
redfish/v1/Chassis/{item}/PCIeDevices/{item}/PCIeFunctions/{item} PCIeFunction
redfish/v1/Chassis/{item}/PCIeSlots PCIeSlots
redfish/v1/Systems/{item}/NetworkInterfaces/{item}/NetworkDeviceFunctions/{item}/Settings NetworkDeviceFunction
redfish/v1/Systems/{item}/SecureEraseReportService HpeSecureEraseReportService
redfish/v1/Systems/{item}/SecureEraseReportService/SecureEraseReportEntries Collection of HpeSecureEraseReport
redfish/v1/Systems/{item}/SecureEraseReportService/SecureEraseReportEntries/{item} HpeSecureEraseReport
redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/LogicalDrives/{item}/ActiveSpareDrives Collection of HpeSmartStorageDiskDrive
redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/LogicalDrives/{item}/StandbySpareDrives Collection of HpeSmartStorageDiskDrive
redfish/v1/Systems/{item}/Storage/{item} Storage
redfish/v1/Systems/{item}/Storage/{item}/Drives/{item} Drive
redfish/v1/Systems/{item}/Storage/{item}/Volumes Collection of Volume
redfish/v1/Systems/{item}/Storage/{item}/Volumes/{item} Volume

Resource Definitions

Each resource in the API has a “type” that defines its properties. See the Redfish specification for @odata.type for details.

This section defines the supported types and lists the typical instances of each. Because this API document is applicable to all HPE servers using iLO 5, you may find variations such as:

Collections

Many resource types in the API are members of “collections.” Collections are groups of similar resources and are typically an array of Member links.

Redfish does not define a generic collection “type” (@odata.type) but all collections are identical in structure. A ComputerSystemCollection is identical in structure to a ChassisCollection although they have slightly different names. Typically, collection types are suffixed with the word collection and are recognizable by the presence of the Members array of links.

Collections may be GET-only that may not be added to or removed from. Examples of GET-only collections are the Systems collection at /redfish/v1/systems/. In a typical systems collection describing physical hardware, it wouldn’t make sense to be able to create or remove members using GET or DELETE.

Other collections may be editable. Examples of these might be the Accounts collection at /redfish/v1/accountservice/accounts. The API supports the addition or removal of user accounts. To add a new member to an editable collection, perform an HTTP POST to the collection resource with a body consisting of the required JSON properties needed to create a new member (this does not necessarily require you to POST every property because many may take a unique service-assigned value or take a default value.)

For more information on collections see the Redfish 1.0 DMTF standard at https://www.dmtf.org/standards/redfish and the example Python code: https://github.com/HewlettPackard/python-ilorest-library.

GET https://{iLO}/redfish/v1/systems/ showing a collection response (JSON)

{
    "@odata.id": "/redfish/v1/systems/",
    "@odata.context": "/redfish/v1/$metadata/",
    "@odata.type": "#ComputerSystemCollection.ComputerSystemCollection",
    "Members@odata.count": 1,
    "Members": [
        {
            "@odata.id": "/redfish/v1/systems/1/"
        }
    ]
}

Properties

Collection Instances:

  • https://{iLO}/redfish/v1/AccountService/Accounts

  • https://{iLO}/redfish/v1/Chassis

  • https://{iLO}/redfish/v1/EventService/EventSubscriptions

  • https://{iLO}/redfish/v1/Managers

  • https://{iLO}/redfish/v1/Managers/{item}/EthernetInterfaces

  • https://{iLO}/redfish/v1/Managers/{item}/FederationGroups

  • https://{iLO}/redfish/v1/Managers/{item}/FederationPeers

  • https://{iLO}/redfish/v1/Managers/{item}/LicenseService

  • https://{iLO}/redfish/v1/Managers/{item}/LogServices

  • https://{iLO}/redfish/v1/Managers/{item}/LogServices/IEL/Entries

  • https://{iLO}/redfish/v1/Managers/{item}/VirtualMedia

  • https://{iLO}/redfish/v1/Registries

  • https://{iLO}/redfish/v1/Schemas

  • https://{iLO}/redfish/v1/SessionService/Sessions

  • https://{iLO}/redfish/v1/Systems

  • https://{iLO}/redfish/v1/Systems/{item}/LogServices

  • https://{iLO}/redfish/v1/Systems/{item}/LogServices/IML/Entries

  • https://{iLO}/redfish/v1/Systems/{item}/Memory

  • https://{iLO}/redfish/v1/Systems/{item}/NetworkAdapters

  • https://{iLO}/redfish/v1/Systems/{item}/PCIDevices

  • https://{iLO}/redfish/v1/Systems/{item}/PCISlots

  • https://{iLO}/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers

  • https://{iLO}/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/DiskDrives

  • https://{iLO}/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/LogicalDrives

  • https://{iLO}/redfish/v1/Systems/{item}/SmartStorage/ArrayControllers/{item}/StorageEnclosures

  • https://{iLO}/redfish/v1/Systems/{item}/SmartStorage/HostBusAdapters

Members@odata.count

JSONPath: /Members@odata.count (read only integer)

The number of members in the collection.

Members[]

JSONPath: /Members (read only array of links)

The Members array consists of links (@odata.id) to the members of the collection.

AccountService.v1_5_0.AccountService

@odata.type: "#AccountService.v1_5_0.AccountService"

The AccountService resource describes the BMC user account management service. It represents the properties for this service and has links to the list of accounts.

Managing User Accounts with the Accounts Collection

JSONPath: /Accounts/@odata.id

The destination of this link is a collection of user accounts (see ManagerAccount).

Resource Instances

Uri HTTP Allow
/redfish/v1/accountservice GET POST PATCH
Link Name Destination type
Accounts Collection of ManagerAccount

AccountLockoutCounterResetAfter

Member of AccountService.v1_5_0.AccountService

Description The interval of time in seconds between the last failed login attempt and reset of the lockout threshold counter. This value must be less than or equal to AccountLockoutDuration. Reset sets the counter to zero.
Type number
Read Only True
Added iLO 5 1.40

AccountLockoutCounterResetEnabled

Member of AccountService.v1_5_0.AccountService

Description The value indicates whether the threshold counter will be reset after AccountLockoutCounterResetAfter expires.
Type boolean
Read Only True

AccountLockoutDuration

Member of AccountService.v1_5_0.AccountService

Description The time in seconds an account is locked out. The value must be greater than or equal to the value of the AccountLockoutCounterResetAfter property. If set to 0, no lockout occurs.
Type number or null
Read Only False
Added iLO 5 1.40

AccountLockoutThreshold

Member of AccountService.v1_5_0.AccountService

Description The number of failed login attempts allowed before a user account is locked for a specified duration. A value of 0 means it is never locked.
Type number or null
Read Only False
Added iLO 5 1.40

Accounts

This property references a resource of type Collection with a MemberType of ManagerAccount. Accounts is a link ("@odata.id": URI) to another resource.

ActiveDirectory

ActiveDirectory.AccountProviderType Member of AccountService.v1_5_0.AccountService

Description This property contains the type of external account provider this resource references.
Type string
Read Only False
Added iLO 5 1.40

The following are the supported values:

Value Description
ActiveDirectoryService An external Active Directory Service.

ActiveDirectory.Authentication ActiveDirectory.Authentication.AuthenticationType Member of AccountService.v1_5_0.AccountService

Description This property contains the type of authentication used to connect to the external account provider.
Type string
Read Only False
Added iLO 5 1.40

The following are the supported values:

Value Description
UsernameAndPassword Username and password combination.

ActiveDirectory.Authentication.Password Member of AccountService.v1_5_0.AccountService

Description This property is used with a PATCH or PUT to write the password for the account service. This property is null on a GET.
Type string or null
Read Only False
Added iLO 5 1.40

ActiveDirectory.Authentication.Username Member of AccountService.v1_5_0.AccountService

Description This property contains the distinguished name for the account service.
Type string or null
Read Only False
Added iLO 5 1.40

ActiveDirectory.RemoteRoleMapping (array) Member of AccountService.v1_5_0.AccountService RemoteRoleMapping is an array containing elements of:

RemoteRoleMapping[{item}].LocalRole Member of AccountService.v1_5_0.AccountService

Description The name of the local role in which to map the remote user or group.
Type string or null
Read Only False

RemoteRoleMapping[{item}].RemoteGroup Member of AccountService.v1_5_0.AccountService

Description This property is the name of the remote group (or in the case of a Redfish Service, remote role) that will be mapped to the local role referenced by this entity.
Type string or null
Read Only False

ActiveDirectory.ServiceAddresses (array) Member of AccountService.v1_5_0.AccountService ServiceAddresses is an array containing elements of:

Type string or null
Read Only True

ActiveDirectory.ServiceEnabled Member of AccountService.v1_5_0.AccountService

Description This indicates whether this service is enabled.
Type boolean or null
Read Only False
Added iLO 5 1.40

AuthFailureLoggingThreshold

Member of AccountService.v1_5_0.AccountService

Description The number of authorization failures allowed before the failure attempt is logged to the manager log.
Type number
Read Only False

LDAP

LDAP.AccountProviderType Member of AccountService.v1_5_0.AccountService

Description This property contains the type of external account provider this resource references.
Type string
Read Only False
Added iLO 5 1.40

The following are the supported values:

Value Description
ActiveDirectoryService An external Active Directory Service.
LDAPService A generic external LDAP Service.

LDAP.Authentication LDAP.Authentication.AuthenticationType Member of AccountService.v1_5_0.AccountService

Description This property contains the type of authentication used to connect to the external account provider.
Type string
Read Only False
Added iLO 5 1.40

The following are the supported values:

Value Description
UsernameAndPassword Username and password combination.

LDAP.Authentication.Password Member of AccountService.v1_5_0.AccountService

Description This property is used with a PATCH or PUT to write the password for the account service. This property is null on a GET.
Type string or null
Read Only False
Added iLO 5 1.40

LDAP.Authentication.Username Member of AccountService.v1_5_0.AccountService

Description This property contains the distinguished name for the account service.
Type string or null
Read Only False
Added iLO 5 1.40

LDAP.Certificates A link to a collection of Certificates used for the external account service. Certificates is a link ("@odata.id": URI) to another resource.

LDAP.LDAPService LDAP.LDAPService.SearchSettings LDAP.LDAPService.SearchSettings.BaseDistinguishedNames (array) Member of AccountService.v1_5_0.AccountService BaseDistinguishedNames is an array containing elements of:

Type string or null
Read Only True

LDAP.RemoteRoleMapping (array) Member of AccountService.v1_5_0.AccountService RemoteRoleMapping is an array containing elements of:

RemoteRoleMapping[{item}].LocalRole Member of AccountService.v1_5_0.AccountService

Description The name of the local role in which to map the remote user or group.
Type string or null
Read Only False

RemoteRoleMapping[{item}].RemoteGroup Member of AccountService.v1_5_0.AccountService

Description This property is the name of the remote group (or in the case of a Redfish Service, remote role) that will be mapped to the local role referenced by this entity.
Type string or null
Read Only False

LDAP.ServiceAddresses (array) Member of AccountService.v1_5_0.AccountService ServiceAddresses is an array containing elements of:

Type string or null
Read Only True

LDAP.ServiceEnabled Member of AccountService.v1_5_0.AccountService

Description This indicates whether this service is enabled.
Type boolean or null
Read Only False
Added iLO 5 1.40

LocalAccountAuth

Member of AccountService.v1_5_0.AccountService

Description Controls when this service will use the accounts defined withing this AccountService as part of authentication.
Type string
Read Only False
Added iLO 5 1.40

The following are the supported values:

Value Description
Enabled Authentication via accounts defined in this AccountService is enabled.
Disabled Authentication via accounts defined in this AccountService is disabled.

MaxPasswordLength

Member of AccountService.v1_5_0.AccountService

Description The maximum password length for this service.
Type number
Read Only True
Added iLO 5 1.40

MinPasswordLength

Member of AccountService.v1_5_0.AccountService

Description The minimum password length for this account service.
Type integer
Read Only True
Added iLO 5 1.40

Oem.Hpe.AuthFailureDelayTimeSeconds

Member of AccountService.v1_5_0.AccountService

Description The time in seconds to delay for each failure after AuthFailuresBeforeDelay authentication attempts have failed. Values of 2, 5, 10, and 30 seconds are valid.
Type integer
Read Only False
Added iLO 5 1.10

The following are the supported values:

Value
2
5
10
30

Oem.Hpe.AuthFailureLoggingThreshold

Member of AccountService.v1_5_0.AccountService

Description This property enables you to view and configure logging criteria for failed authentications. A failed login log entry is recorded after the configured number of attempts. 0 = feature disabled; 1-3 and 5 are allowable values.
Type integer
Read Only False

The following are the supported values:

Value
Null
1
2
3
5

Oem.Hpe.AuthFailuresBeforeDelay

Member of AccountService.v1_5_0.AccountService

Description The number of failed authentication attempts allowed before authentication is delayed by AuthFailureDelayTimeSeconds. Values of 0, 1, 3, and 5 are valid, with 0 indicating delay after every authentication failure.
Type integer
Read Only False
Added iLO 5 1.10

The following are the supported values:

Value
Null
1
3
5

Oem.Hpe.DefaultPassword

Member of AccountService.v1_5_0.AccountService

Description The default password used to log in to the management processor when factory reset is performed.
Type string or null
Read Only False
Added iLO 5 1.17

Oem.Hpe.DefaultUserName

Member of AccountService.v1_5_0.AccountService

Description The default name used to log in to the management processor when factory reset is performed.
Type string or null
Read Only False
Added iLO 5 1.17

Oem.Hpe.DirectorySettings

Oem.Hpe.DirectorySettings.LdapAuthenticationMode Member of AccountService.v1_5_0.AccountService

Description Represents the LDAP authentication mode.
Type string
Read Only False
Added iLO 5 1.40

The following are the supported values:

Value Description
Disabled Directory authentication is disabled.
DefaultSchema Directory Default schema or Schema-free option is selected.
ExtendedSchema HPE Extended schema is selected.

Oem.Hpe.DirectorySettings.LdapCaCertificateLoaded Member of AccountService.v1_5_0.AccountService

Description Represents if the directory server CA certificate is loaded or not.
Type boolean
Read Only True
Added iLO 5 1.40

Oem.Hpe.DirectorySettings.LdapCaCertificates A link to a collection of Certificates. LdapCaCertificates is a link ("@odata.id": URI) to another resource.

Oem.Hpe.DirectorySettings.LdapServerPort Member of AccountService.v1_5_0.AccountService

Description Represents the port number of the directory server.
Type integer
Read Only True
Added iLO 5 1.40

Oem.Hpe.DirectoryTest

The value of this property shall be a reference to a resource of type HpeDirectoryTest. DirectoryTest is a link ("@odata.id": URI) to another resource.

Oem.Hpe.EnforcePasswordComplexity

Member of AccountService.v1_5_0.AccountService

Description Enforce complexity rules when a user password is set or changed. Three of four character classes must be present; ASCII UPPERCASE, LOWERCASE, DIGITS, and Other
Type boolean
Read Only False
Added iLO 5 1.40

Oem.Hpe.KerberosSettings

Oem.Hpe.KerberosSettings.KDCServerPort Member of AccountService.v1_5_0.AccountService

Description Represents the port number of the KDC server.
Type integer
Read Only True
Added iLO 5 1.40

Oem.Hpe.KerberosSettings.KerberosRealm Member of AccountService.v1_5_0.AccountService

Description Represents the Realm of the KDC server.
Type string or null
Read Only False
Added iLO 5 1.40

Oem.Hpe.MinPasswordLength

Member of AccountService.v1_5_0.AccountService

Description This property specifies the minimum number of characters allowed when a user password is set or changed. It must be a value from 0 to 39.
Type integer
Read Only False
Added iLO 5 1.10

Oem.Hpe.TwoFactorAuth

Member of AccountService.v1_5_0.AccountService

Description This property indicates two factor authentication enabled or not
Type string
Read Only False

The following are the supported values:

Value
Enabled
Disabled

Roles

A link to a collection of Roles. Roles is a link ("@odata.id": URI) to another resource.

Actions

HpeiLOAccountService.ImportKerberosKeytab Member of AccountService.v1_5_0.AccountService Import the Kerberos keytab file.

Parameters:

ImportUri (string)

URI of the kerberos keytab file.

Bios.v1_0_0.Bios

@odata.type: "#Bios.v1_0_0.Bios"

Bios contains properties surrounding a BIOS Attribute Registry (where the system-specific BIOS attributes are described) and the Actions needed to perform changes to BIOS settings, which typically require a system reset to apply.

Resource Instances

Uri HTTP Allow
/redfish/v1/systems/{item}/bios GET
/redfish/v1/systems/{item}/bios/settings GET POST PATCH
Link Name Destination type
@Redfish.Settings/SettingsObject Bios
Oem/Hpe/Links/BaseConfigs HpeBaseConfigs
Oem/Hpe/Links/Boot HpeServerBootSettings
Oem/Hpe/Links/Mappings HpeBiosMapping
Oem/Hpe/Links/ScalablePmem HpeScalablePmem
Oem/Hpe/Links/TlsConfig HpeTlsConfig
Oem/Hpe/Links/iScsi HpeiSCSISoftwareInitiator

AttributeRegistry

Member of Bios.v1_0_0.Bios

Description The Resource ID of the Attribute Registry for the BIOS Attributes resource.
Type string or null
Read Only True

Attributes

AcpiHpet (High Precision Event Timer (HPET) ACPI Support) Member of Bios.v1_0_0.Bios

Description Use this option to disable the High Precision Event Timer (HPET) table and device object in ACPI. When disabled, the HPET is not available to an operating system that supports the HPET through the industry standard ACPI name space.
Type Enumeration
Read Only False
Value Description
Enabled Enabled
Disabled Disabled

AcpiRootBridgePxm (Memory Proximity Reporting for I/O) Member of Bios.v1_0_0.Bios

Description When enabled, the System BIOS reports the proximity relationship between I/O devices and system memory to the operating system. Most operating systems can use this information to efficiently assign memory resources for devices, such as network controllers and storage devices. Additionally, certain I/O devices might not be able to take advantage of I/O handling benefits if their OS drivers are not properly optimized to support this feature. See your operating system and I/O device documentation for more details.
Type Enumeration
Read Only False
Value Description
Enabled Enabled
Disabled Disabled

AcpiSlit (ACPI SLIT) Member of Bios.v1_0_0.Bios

Description The ACPI SLIT (System Locality Information Table) defines the relative access times between processors, memory subsystems, and I/O subsystems. Operating systems that support the SLIT can use this information to improve performance by allocating resources and workloads more efficiently.
Type Enumeration
Read Only False
Value Description
Enabled Enabled
Disabled Disabled

AdjSecPrefetch (Adjacent Sector Prefetch) Member of Bios.v1_0_0.Bios

Description Use this option to disable the processor Adjacent Sector Prefetch feature. In some cases, setting this option to disabled can improve performance. Typically, setting this option to enabled provides better performance. Only disable this option after performing application benchmarking to verify improved performance in the environment.
Type Enumeration
Read Only False
Value Description
Enabled Enabled
Disabled Disabled

AdminEmail (Administrator E-mail Address) Member of Bios.v1_0_0.Bios

Description Enter the server administrator’s e-mail address.
Type String
Read Only False

AdminName (Administrator Name) Member of Bios.v1_0_0.Bios

Description Enter the server administrator’s name text.
Type String
Read Only False

AdminOtherInfo (Administrator Other Information) Member of Bios.v1_0_0.Bios

Description Enter the server administrator’s information text.
Type String
Read Only False

AdminPhone (Administrator Phone Number) Member of Bios.v1_0_0.Bios

Description Enter the server administrator’s phone number text.
Type String
Read Only False

AdvCrashDumpMode (Advanced Crash Dump Mode) Member of Bios.v1_0_0.Bios

Description Use this option to enable the Advanced Crash Dump Mode. When enabled, the system will be configured to log additional debug information to the Active Health System logs when an unexpected system crash is experienced. This option should only be enabled when directed by qualified service personnel
Type Enumeration
Read Only False
Value Description
Disabled Disabled
Enabled Enabled

AdvancedMemProtection (Advanced Memory Protection) Member of Bios.v1_0_0.Bios

Description Use this option to configure additional memory protection with ECC (Error Checking and Correcting). Options and support vary per system. Advanced ECC keeps all installed memory available for use while still protecting the system against all single-bit failures and certain multi-bit failures. Online Spare Memory enables a system to automatically map out a group of memory that is detected to be at an increased risk of receiving uncorrected memory errors based on an advanced analysis of corrected memory errors. The mapped out memory is automatically replaced by a spare group of memory without interrupting the system. Mirrored Memory provides the maximum protection against uncorrected memory errors that might otherwise result in a system failure. Fault Tolerant Advanced Double Device Data Correction (ADDDC) enables the system to correct memory errors and continue to operate in cases of multiple DRAM device failures on a DIMM. This provides protection against uncorrectable memory errors beyond what is available with Advanced ECC.
Type Enumeration
Read Only False
Value Description
FastFaultTolerantADDDC Fault Tolerant Memory (ADDDC)
AdvancedEcc Advanced ECC Support
OnlineSpareAdvancedEcc Online Spare with Advanced ECC Support
MirroredAdvancedEcc Mirrored Memory with Advanced ECC Support

AsrStatus (ASR Status) Member of Bios.v1_0_0.Bios

Description Use this option to configure the Automatic Server Recovery option, which enables the system to automatically reboot if the server locks up.
Type Enumeration
Read Only False
Value Description
Enabled Enabled
Disabled Disabled

AsrTimeoutMinutes (ASR Timeout) Member of Bios.v1_0_0.Bios

Description When Automatic Server Recovery is enabled, you can use this option to set the time to wait before rebooting the server in the event of an operating system crash or server lockup.
Type Enumeration
Read Only False
Value Description
Timeout10 10 Minutes
Timeout15 15 Minutes
Timeout20 20 Minutes
Timeout30 30 Minutes
Timeout5 5 Minutes

AssetTagProtection (Asset Tag Protection) Member of Bios.v1_0_0.Bios

Description Use this option to lock Asset Tag information. When set to lock, the Asset Tag is not erased if the default system settings are restored.
Type Enumeration
Read Only False
Value Description
Locked Locked
Unlocked Unlocked

AutoPowerOn (Automatic Power-On) Member of Bios.v1_0_0.Bios

Description Use this option to configure the server power state when AC power is applied to the system. Restore Last Power State returns the system to its previous power state when AC power is restored after an AC power loss. Note: This option is not available on all systems. Always Power On and Always Power Off causes the system to always return to the “on” and “off” state, respectively, whenever power is applied, even if the system is in the “off” state when power is lost.
Type Enumeration
Read Only False
Value Description
AlwaysPowerOn Always Power On
AlwaysPowerOff Always Power Off
RestoreLastState Restore Last Power State

BootMode (Boot Mode) Member of Bios.v1_0_0.Bios

Description Use this option to select the boot mode of the system. Selecting UEFI Mode configures the system to boot Unified Extensible Firmware Interface (UEFI) compatible operating systems. Selecting Legacy BIOS Mode configures the system to boot traditional operating systems in Legacy BIOS compatibility mode. The operating system can only boot in the mode in which it is installed. The following options require booting in UEFI Mode: Secure Boot, IPv6 PXE Boot, boot > 2.2 TB Disks in AHCI SATA Mode, and Smart Array SW RAID.
Type Enumeration
Read Only False
Value Description
Uefi UEFI Mode
LegacyBios Legacy BIOS Mode

BootOrderPolicy (Boot Order Policy) Member of Bios.v1_0_0.Bios

Description Use this option to configure how the system attempts to boot devices per the Boot Order list when no bootable device is found. If configured to ‘Retry Boot Order Indefinitely,’ the system continuously attempts to process the Boot Order list until a bootable device is found. If configured to ‘Attempt Boot Order Once,’ the system attempts to process all items in the Boot Order list once, and if unsuccessful, waits for user input to proceed. If configured for ‘Reset After Failed Boot Attempt,’ the system attempts to process all items in the Boot Order list once, and then reboots the system.
Type Enumeration
Read Only False
Value Description
RetryIndefinitely Retry Boot Order Indefinitely
AttemptOnce Attempt Boot Order Once
ResetAfterFailed Reset After Failed Boot Attempt

ChannelInterleaving (Channel Interleaving) Member of Bios.v1_0_0.Bios

Description You can only configure this option if the Workload Profile is set to Custom. Use this option to modify the level of interleaving for which the memory system is configured. Typically, higher levels of memory interleaving result in maximum performance. However, reducing the level of interleaving can result in power savings.
Type Enumeration
Read Only False
Value Description
Enabled Enabled
Disabled Disabled

CollabPowerControl (Collaborative Power Control) Member of Bios.v1_0_0.Bios

Description For operating systems that support the Processor Clocking Control (PCC) Interface, enabling this option enables the Operating System to request processor frequency changes even if the Power Regulator option on the server are configured for Dynamic Power Savings Mode. For Operating Systems that do not support the PCC Interface, or when the Power Regulator Mode is not configured for Dynamic Power Savings Mode, this option has no effect on system operation.
Type Enumeration
Read Only False
Value Description
Enabled Enabled
Disabled Disabled

ConsistentDevNaming (Consistent Device Naming) Member of Bios.v1_0_0.Bios

Description Use this option to select the level of Consistent Device Naming. On supported operating systems, NIC ports are named based on their location in the system. CDN Support for LOMs Only names Embedded NICs and FlexibleLOMs. Existing NIC connections retain their names until reinstalled under the OS environment.
Type Enumeration
Read Only False
Value Description
LomsAndSlots CDN Support for LOMs and Slots
LomsOnly CDN Support for LOMs Only
Disabled Disabled

CoreBoosting (Core Boosting) Member of Bios.v1_0_0.Bios

Description Use this option to enable the Core Boosting technology to increase processor performance on qualified processors.
Type Enumeration
Read Only False
Value Description
Disabled Disabled
Enabled Enabled

CustomPostMessage (Custom POST Message) Member of Bios.v1_0_0.Bios

Description Enter a message to be displayed on POST screen during system startup. This feature limits POST screen messaging to 62 characters, special characters are also accepted.
Type String
Read Only False

DaylightSavingsTime (Daylight Savings Time) Member of Bios.v1_0_0.Bios

Description This option controls the Daylight Savings Time (DST) adjustment to the displayed local time. If this option is disabled, the displayed local time will not be adjusted for DST. If this option is enabled, the displayed local time will be advanced by one hour.
Type Enumeration
Read Only False
Value Description
Disabled Disabled
Enabled Enabled

DcuIpPrefetcher (DCU IP Prefetcher) Member of Bios.v1_0_0.Bios

Description Use this option to disable the processor DCU IP Prefetcher feature. In some cases, setting this option to disabled can improve performance. In most cases, the default value of enabled provides optimal performance. Only disable this option after performing application benchmarking to verify improved performance in the environment.
Type Enumeration
Read Only False
Value Description
Enabled Enabled
Disabled Disabled

DcuStreamPrefetcher (DCU Stream Prefetcher) Member of Bios.v1_0_0.Bios

Description Use this option to disable the processor DCU Stream Prefetcher feature. In some cases, setting this option to disabled can improve performance. Typically, setting this option to enabled provides better performance. Only disable this option after performing application benchmarking to verify improved performance in your environment.
Type Enumeration
Read Only False
Value Description
Enabled Enabled
Disabled Disabled

Dhcpv4 (DHCPv4) Member of Bios.v1_0_0.Bios

Description When enabled, this option enables obtaining the pre-boot network IPv4 configuration from a DHCP server. Individual settings are not available. When disabled, you must configure static IP address settings individually.
Type Enumeration
Read Only False
Value Description
Enabled Enabled
Disabled Disabled

DirectToUpi (Direct To UPI (D2K)) Member of Bios.v1_0_0.Bios

Description Direct To UPI (D2K)
Type Enumeration
Read Only False
Value Description
Auto Auto
Enabled Enabled
Disabled Disabled

DynamicPowerCapping (Dynamic Power Capping Functionality) Member of Bios.v1_0_0.Bios

Description Use this option to configure when the System BIOS executes power calibration during the boot process. In Auto mode, calibration is run the first time the server is booted, and is then only run again when the server’s hardware configuration changes, configuration settings change, or if the system determines a new calibration is necessary. When disabled, the calibration does not run, and Dynamic Power Capping is not supported. When enabled, the calibration is run on every boot.
Type Enumeration
Read Only False
Value Description
Auto Auto
Enabled Enabled
Disabled Disabled

EmbNicAspm (PCIe Power Management(ASPM)) Member of Bios.v1_0_0.Bios

Description Use this option to configure the PCIe Link Power Management (ASPM) support for the selected device. When configured for L0s Enabled, the selected device’s link enters a standby energy savings state. When configured for L1 Enabled, the selected device’s link enters a lower power standby state at the expense of a longer exit latency. When configured for L1 and L0s Enabled, the selected device’s link enters either power savings mode, depending on link utilization, and provides the highest energy savings.
Type Enumeration
Read Only False
Value Description
Auto Auto
Disabled Disabled
AspmL1Enabled L1 Enabled

EmbNicEnable (PCIe Device Disable) Member of Bios.v1_0_0.Bios

Description Select this option to enable or disable PCI devices.
Type Enumeration
Read Only False
Value Description
Auto Auto
Disabled Disabled

EmbNicLinkSpeed (PCIe Link Speed) Member of Bios.v1_0_0.Bios

Description Use this option to configure the PCIe Link Speed for the selected device. When configured for Auto, the selected device trains at the maximum supported speed of the PCIe link. When configured for PCIe Generation 2 Link Speed, the selected device trains at a maximum of PCIe Generation 2 speed. When configured for PCIe Generation Link 1 speed, the selected device trains at a maximum of PCIe Generation 1 speed.
Type Enumeration
Read Only False
Value Description
Auto Auto
PcieGen1 PCIe Generation 1.0

EmbNicPCIeOptionROM (PCIe Option ROM) Member of Bios.v1_0_0.Bios

Description Use this option to enable or disable Device Option ROM
Type Enumeration
Read Only False
Value Description
Enabled Enabled
Disabled Disabled

EmbSas1Aspm (PCIe Power Management(ASPM)) Member of Bios.v1_0_0.Bios

Description Use this option to configure the PCIe Link Power Management (ASPM) support for the selected device. When configured for L0s Enabled, the selected device’s link enters a standby energy savings state. When configured for L1 Enabled, the selected device’s link enters a lower power standby state at the expense of a longer exit latency. When configured for L1 and L0s Enabled, the selected device’s link enters either power savings mode, depending on link utilization, and provides the highest energy savings.
Type Enumeration
Read Only False
Value Description
Auto Auto
Disabled Disabled
AspmL1Enabled L1 Enabled

EmbSas1Boot (Embedded SAS Controller 1) Member of Bios.v1_0_0.Bios

Description When Boot All Targets is selected, all valid boot targets attached to the storage controller are made available in the UEFI Boot Order list. If Boot No Targets is selected, no boot targets from this storage controller are made available in the UEFI Boot Order list.If Boot Limit to 24 Targets is selected, 24 boot targets attached to the storage controller are made available in the UEFI Boot Order list.
Type Enumeration
Read Only False
Value Description
AllTargets Boot All Targets
TwentyFourTargets Boot Limit to 24 Targets
NoTargets Boot No Targets

EmbSas1Enable (PCIe Device Disable) Member of Bios.v1_0_0.Bios

Description Select this option to enable or disable PCI devices.
Type Enumeration
Read Only False
Value Description
Auto Auto
Disabled Disabled

EmbSas1LinkSpeed (PCIe Link Speed) Member of Bios.v1_0_0.Bios

Description Use this option to configure the PCIe Link Speed for the selected device. When configured for Auto, the selected device trains at the maximum supported speed of the PCIe link. When configured for PCIe Generation 2 Link Speed, the selected device trains at a maximum of PCIe Generation 2 speed. When configured for PCIe Generation Link 1 speed, the selected device trains at a maximum of PCIe Generation 1 speed.
Type Enumeration
Read Only False
Value Description
Auto Auto
PcieGen1 PCIe Generation 1.0
PcieGen2 PCIe Generation 2.0

EmbSas1PcieOptionROM (PCIe Option ROM) Member of Bios.v1_0_0.Bios

Description Use this option to enable or disable Device Option ROM
Type Enumeration
Read Only False
Value Description
Enabled Enabled
Disabled Disabled

EmbSata1Aspm (SATA Power Management(SALP)) Member of Bios.v1_0_0.Bios

Description Use this option to enable or disable Aggressive Link Power Management(SALP).
Type Enumeration
Read Only False
Value Description
Disabled Disabled
Enabled Enabled

EmbSata1Enable (SATA Device Disable) Member of Bios.v1_0_0.Bios

Description Select this option to enable or disable SATA devices.
Type Enumeration
Read Only False
Value Description
Auto Auto
Disabled Disabled

EmbSata1PCIeOptionROM (PCIe Option ROM) Member of Bios.v1_0_0.Bios

Description Use this option to enable or disable Device Option ROM
Type Enumeration
Read Only False
Value Description
Enabled Enabled
Disabled Disabled

EmbSata2Aspm (SATA Power Management(SALP)) Member of Bios.v1_0_0.Bios

Description Use this option to enable or disable Aggressive Link Power Management(SALP).
Type Enumeration
Read Only False
Value Description
Disabled Disabled
Enabled Enabled

EmbSata2Enable (SATA Device Disable) Member of Bios.v1_0_0.Bios

Description Select this option to enable or disable SATA devices.
Type Enumeration
Read Only False
Value Description
Auto Auto
Disabled Disabled

EmbSata2PCIeOptionROM (PCIe Option ROM) Member of Bios.v1_0_0.Bios

Description Use this option to enable or disable Device Option ROM
Type Enumeration
Read Only False
Value Description
Enabled Enabled
Disabled Disabled

EmbVideoConnection (Embedded Video Connection) Member of Bios.v1_0_0.Bios

Description When configured for Auto mode, the external video connection to the embedded video controller is automatically disabled to save power when a monitor is not attached. It is automatically enabled when a monitor is attached, including when the server is operating. When configured for Always Disabled, the external video connection to the embedded video controller is disabled, and a monitor connected to this port does not display except during system boot. This can be used for security reasons. When configured for Always Enabled, the external video connection to the embedded video controller is always enabled. This option is only required if a monitor is attached with a monitor detection that does not function properly (making AUTO mode not work properly). Note: This option does not affect Integrated Remote Console video. Also, if you press F9 or F11 during system boot, the configured video connector behavior is overridden, and the video console remains enabled. This lets you reconfigure the Embedded Video Connection option even if the video is disabled.
Type Enumeration
Read Only False
Value Description
Auto Auto
AlwaysDisabled Always Disabled
AlwaysEnabled Always Enabled

EmbeddedDiagnostics (Embedded Diagnostics) Member of Bios.v1_0_0.Bios

Description Use this option to enable or disable Embedded Diagnostics functionality. If disabled, you cannot launch Embedded Diagnostics. Enable this option to use the Embedded Diagnostics functionality.
Type Enumeration
Read Only False
Value Description
Enabled Enabled
Disabled Disabled

EmbeddedSata (Embedded SATA Configuration) Member of Bios.v1_0_0.Bios

Description Important: Smart Array SW RAID is not supported when Boot Mode is set to Legacy BIOS Mode. Use this option to configure the embedded chipset SATA controller. When selecting the Advanced Host Controller Interface (AHCI) or RAID (if supported), make sure the proper operating system drivers are used for proper operation.
Type Enumeration
Read Only False
Value Description
Ahci SATA AHCI Support
Raid Smart Array SW RAID Support

EmbeddedSerialPort (Embedded Serial Port) Member of Bios.v1_0_0.Bios

Description Select this option to assign the logical COM port address and associated default resources to the selected physical serial port. The operating system can overwrite this setting.
Type Enumeration
Read Only False
Value Description
Com1Irq4 COM 1; IRQ4; I/O: 3F8h-3FFh
Com2Irq3 COM 2; IRQ3; I/O: 2F8h-2FFh
Disabled Disabled

EmbeddedUefiShell (Embedded UEFI Shell) Member of Bios.v1_0_0.Bios

Description Use this option to enable or disable the Embedded UEFI Shell. When enabled, you can launch the Embedded UEFI Shell from the pre-boot environment. When enabled and the Boot Mode is configured for UEFI Mode, you can add the Embedded UEFI Shell to the UEFI Boot Order list by selecting the option entitled ‘Add Embedded UEFI Shell to Boot Order’. When disabled, the Embedded UEFI Shell is not available in the pre-boot environment, and you cannot add it to the UEFI Boot Order list. The Embedded UEFI Shell is a pre-boot command line environment that you can use for scripting and running UEFI applications. It provides CLI-based commands to configure the server, update the System BIOS and other firmware, and obtain system information and error logs.
Type Enumeration
Read Only False
Value Descripti