Aller au contenu principal

Configure XCC settings

The following XCC settings are critical for establishing secure communication to the nodes:

  • IPv6 must be Enabled in Ethernet Configuration

  • Ethernet Over USB must be Enabled

  • REST Over HTTPS must be Enabled

  • Security Mode must be set to “Compatibility”

  • IPMI over KCS Access must be Enabled

  • TLS Version Support must be set to “TLS 1.2 and Higher”

To check/configure the above XCC settings, open the XCC browser interface on each node in the Azure Local instance and configure the required settings. Follow these steps:

  1. Log in to the XCC browser interface, expand BMC Configuration in the left navigation pane, and then select Network.

  2. In the Ethernet Configuration area, click to Enable IPV6 on the right side of the user interface, and then click Apply. The IPv4 settings on the left side of the user interface can be configured according to your needs.
    Important

    Important Note for Lenovo ThinkAgile MX Premier Solutions

    Before deploying a Lenovo ThinkAgile MX Premier Solution, ensure that IPV6 is Enabled in the Ethernet Configuration section of the XCC browser interface (navigate to BMC Configuration > Network). Other BMC Network settings should not be changed. Simply ensure that IPV6 is Enabled and Apply the setting if necessary.

    Figure 1. Enable IPv6 configuration

  3. While still on the Network pane, scroll down to the Ethernet Over USB section and ensure that Ethernet over USB is set to Enabled. Ensure that the “Use IPv4 link-local address for Ethernet Over USB” option is selected in the drop-down list.
    Figure 2. Enable Ethernet over USB

  4. While still on the Network pane, scroll down to the Service Enablement and Port Assignment settings to ensure that REST Over HTTPS is Enabled. This is the default setting but should be verified.
    Figure 3. Enable REST Over HTTPS

  5. In the left navigation pane, select Security.

  6. In the Security Mode area on the right, ensure that Compatibility is selected and Compliant is checked.

  7. In the IPMI over KCS access section, ensure that IPMI over KCS access is Enabled.
    Figure 4. Security mode configuration

  8. While still on the Security pane, scroll down to the bottom of the list of settings to ensure that TLS Version Support is set to “TLS 1.2 and higher”. This is the default setting but should be verified.
    Figure 5. TLS Version Support

  • Proxy Configuration
    If using a proxy, certain interfaces might need to be excluded, including the IBM NDIS interface.