Skip to main content

Activate or unlock the system

Being shipped or encountering tamper events, the server would be in System Lockdown Mode for security. Before operation, the server needs to be activated or unlocked to be able to boot up and go fully functional. Complete the steps in this topic to activate or unlock the system.

If the security LED of the server is blinking, the server is in System Lockdown Mode. Activate or unlock the system for operation. See Front operator panel LEDs and Rear operator panel LEDs to locate the security LED.

System Lockdown Mode Control

To distinguish whether the system needs to be activated or unlocked, see System Lockdown Mode Control status on the home page of Lenovo XClarity Controller web interface. System Lockdown Mode Control status would be one of the following:
  • ThinkShield Portal: The system can be activated through ThinkShield Key Vault Portal. See Activate the system to activate the system.

  • XClarity Controller: The system can be unlocked through Lenovo XClarity Controller. See Unlock the system to unlock the system.

Important
  • When System Lockdown Mode Control status is XClarity Controller, if XClarity Controller is reset to defaults, the default credentials can be used to login to XClarity Controller and unlock the system. It is important to use security controls such as an UEFI PAP to prevent unauthorized users from executing an XClarity Controller reset to defaults. For the highest level of security, it is recommended to set System Lockdown Mode Control to ThinkShield Portal.

  • Once the System Lockdown Mode Control status is changed to ThinkShield Portal, it cannot be changed back to XClarity Controller.

  • To set System Lockdown Mode Control to ThinkShield Portal, use Lenovo XClarity Essentials UpdateXpress. See Upgrading lockdown control mode section in Lenovo XClarity Essentials UpdateXpress User Guide for the details.

Activate the system

Complete the following steps to activate the system through ThinkShield Key Vault Portal.

Have a Lenovo ID with proper permission

Before activating a system for the first time, make sure to have a Lenovo ID with proper permission to log in to the ThinkShield Key Vault Portal web interface or ThinkShield mobile app.
Note
The role of Lenovo ID should be Organization Admin, Maintenance User or Edge User to activate the system.

Activation methods

There are different methods to activate the system through ThinkShield Key Vault Portal. Depending on the environment of the server, decide the most suitable way to activate the system.

  • Mobile App activation

    For Mobile App activation method, you will need an Android or iOS based smart phone with cellular data connection. Follow one of the following procedures to complete Mobile App activation:

    Connection with the USB cable that came with the smart phone

    1. Connect the power cable to your ThinkEdge SE360 V2.

    2. Download the ThinkShield Edge Mobile Management App from Google Play Store or Apple App Store to your Android or iOS based smart phone (search term: “ThinkShield Edge”).

    3. Log-in to the ThinkShield Edge Mobile Management App using your Organization registered ID.

    4. When App instructs to do so, connect USB cable with USB mobile phone charging cable to the ThinkEdge SE360 V2.

      Note
      When the smart phone prompts for the USB connection purpose, choose data transfer.
    5. Follow the “Activate Device” on-screen instructions to complete secure activation of the system.

    6. When activated successfully, ThinkShield Edge Mobile Management App will provide “Device Activated” screen.

      Note
      For the detailed steps, see ThinkShield Edge Mobile Management Application User Guide in ThinkEdge Security.

    Connection with Bluetooth

    Note
    SE360 V2 comes with two Bluetooth buttons with LED, one on the front and one on the rear of the node. To locate the Bluetooth buttons, see Front operator panel LEDs and Rear operator panel LEDs.
    1. Connect the power cable to your ThinkEdge SE360 V2.

    2. Download the ThinkShield Edge Mobile Management App from Google Play Store or Apple App Store to your Android or iOS based smart phone (search term: “ThinkShield Edge”).

    3. Make sure to turn on Bluetooth on your smart phone.

    4. Press one of the Bluetooth buttons to enable Bluetooth.

      Note
      After the Bluetooth button is pressed, if SE360 V2 does not pair with any Bluetooth devices within 10 minutes, Bluetooth will be disabled automatically. If necessary, press the Bluetooth button again to enable Bluetooth.
    5. Log-in to the ThinkShield Edge Mobile Management App using your Organization registered ID.

    6. Follow the “Activate Device” on-screen instructions to complete secure activation of the system.

      Note
      For the detailed steps, see ThinkShield Edge Mobile Management Application User Guide in ThinkEdge Security.
    7. When activated successfully, ThinkShield Edge Mobile Management App will provide “Device Activated” screen.

    8. After the system is activated successfully, disable the Bluetooth buttons.

      1. Go to Lenovo XClarity Controller web interface, and click BMC Configuration > Security.

      2. Click Bluetooth Button on Panel to disable the Bluetooth buttons.

  • Portal automatic activation

    Note
    To activate the system through ThinkShield Key Vault Portal web interface for the first time, the system should be claimed by your organization. Machine Type, Serial Number, and Activation Code are required to claim a device. For more information of claiming the device, see ThinkEdge Security.
    1. Connect the power cable to your ThinkEdge SE360 V2.

    2. Connect the XClarity Controller Management Ethernet port to a network that has access to the internet.
      Note
      Outbound TCP port 443 (HTTPS) must be open for activation to occur.
    3. Log in to the ThinkShield Key Vault Portal with your Organization registered ID.

    4. If the server is not claimed by your organization, claim the server. Add the device by clicking the Claim device button in Device Manager. Enter machine type, serial number, and secure activation code in the corresponding fields.

    5. From the Device Manager, select the server you plan to activate and click activate. The status of the server will change to Ready.

    6. Server will be activated within 15 minutes and power on automatically. After successful activation, the status of the server will change to Active on the ThinkShield Key Vault Portal.

    Note
    • If the server activation is not initiated within 2 hours after the power cable plug in, perform a disconnect then re-connect of the power cable to your ThinkEdge SE360 V2.
    • For the detailed steps, see ThinkShield Key Vault Portal Web Application User Guide in ThinkEdge Security.

Unlock the system

Important
  • When System Lockdown Mode Control status is XClarity Controller, if XClarity Controller is reset to defaults, the default credentials can be used to login to XClarity Controller and unlock the system. It is important to use security controls such as an UEFI PAP to prevent unauthorized users from executing an XClarity Controller reset to defaults. For the highest level of security, it is recommended to set System Lockdown Mode Control to ThinkShield Portal. See System Lockdown Mode Control for the details.

Complete the following steps to unlock the system in Lenovo XClarity Controller web interface

Note
To unlock the system, the role of XCC user should be one of the following:
  • Administrator
  • Administrator+
  1. Log in to Lenovo XClarity Controller web interface, and go to BMC Configuration > Security > System Lockdown Mode.

  2. Press Active button, and then press Apply button. When the status of System Lockdown Mode switches to Inactive, the system is unlocked.