Servers are shipped in the configuration that matches the installed hardware and their intended application, so usually initial BIOS configuration is unnecessary. However the server may undergo a BIOS configuration reset that disables a serial console, the user may need to configure power management to automatically turn the server on when it is powered up by a UPS device, user may need to install an operating system over PXE, or perform some other changes that reflect installed or upgraded hardware.
If the serial console is enabled, all configuration can be done from it, otherwise the user has to attach a VGA monitor and PS/2 keyboard to the connectors on the rear panel of the server. It is recommended to switch the serial console screen size to 80x25, so it will match the VGA screen size — otherwise it will show user interface without the last line, that usually contains the list of valid keys for any particular configuration screen.
Turn on the computer and wait for the BIOS startup screen, similar to one on the Fig. 12. Press F2 and wait for the BIOS setup utility to start. Initially it will show the main menu and Main configuration screen:
Fig. 29: BIOS setup — Main screen
Main setup screen allows to edit current date, time (usually configured as UTC regardless of the actual location of the server), floppy drives' configuration (should be disabled unless you have connected a floppy drive to perform firmware update), IDE hard drives' configuration and other options. RAM is shown as visible in the “real” x86 CPU mode that BIOS uses before booting the operating system.
Advanced setup screen includes OS hints for the BIOS, hardware options and various submenus, among them PCI Configuration and Console Redirection.
Fig. 30: BIOS setup — Advanced screen
Console Redirection setup screen configures serial console parameters. This is the screen that should be used from a VGA + keyboard console if serial console became unusable or disabled. “Com Port Address” on MS-9161 motherboard can be only set to “Disabled” and “On-board COM A” what means the port connected to the external DB-9 connector, that through the cables is connected to the white RJ-45 jack in the front niche. Even though server has a second serial port with a connector on the motherboard, it can not be used as a BIOS console. “Continue C.R. after POST” may be enabled for some bootloaders that can't use the serial port on their own, and need BIOS to do that for them. GRUB bootloader has its own serial port handling, so this option is disabled.
The rest of the parameters correspond to the serial port and terminal settings, values on Fig. 31 correspond to the default configuration:
Fig. 31: BIOS setup — Console parameters
Settings on this screen are enabled on boot — make sure that before they are saved and the server is rebooted they match the configuration of the port on the monitoring computer and terminal software. If you are changing some of those parameters while logged in from the serial console, make sure that corresponding parameters on the monitoring computer are enabled after the configuration is saved yet before the server boots, or at least before the terminal software is connected to the server again.
PCI Configuration screen (that can be entered from the Advanced setup screen), includes submenus for PCI (32-bit) and PCIX (64-bit) slots, and also Onboard LAN Device configuration:
Fig. 32: BIOS setup — PCI configuration
Onboard LAN Device configuration screen allows to enable or disable onboard network interfaces, and enable or disable Option ROM Scan for those devices. In the following configuration, usually set by default, Option ROM Scan is disabled, so network interfaces' boot ROM, responsible for PXE network boot, does not get activated, making it impossible for the server to automatically boot from the network:
Fig. 33: BIOS setup — Option ROM scan is disabled for network interfaces
To enable network interfaces as possible boot devices, first enable Option ROM Scan for them.
Fig. 34: BIOS setup — Option ROM scan is enabled for network interfaces
Save the configuration and reboot the server using the Exit screen or F10 key. Then enter the Boot screen, where two additional boot devices will be shown in the list (see below).
Security setup screen allows to enable console passwords for booting or configuration change. It is not recommended to enable boot password on the servers because that will prevent automated rebooting of the server. Servers are not designed to be placed in insecure locations, and they are usually turned on for most of their lifetime. It is possible to enable boot password on a server before it is transported or placed into storage, however this can't be used as a reliable security measure without a tamperproof case, that servers of this type lack. Configuration password does not cause any harm, however on a server it does not serve any useful purpose because physical access to hardware or ability to reboot a server defeat all security measures already.
Forgotten boot or configuration password can be reset by shortening the CMOS configuration reset jumper pins while the server is turned off. This however also disables the serial console, so the next boot-up after that procedure should be performed with VGA + keyboard console, that can be used to restore the BIOS configuration to the desired state.
Fig. 35: BIOS setup — Security screen
Power setup screen includes options related to power-saving modes and automatic power-up.
Fig. 36: BIOS setup — Power screen
Boot setup screen contains options that determine the order in which devices are probed for boot-up. The first device to contain media with a bootloader is used for booting. Please note that hard drives and floppies not intended for boot-up may contain a bootloader-like program that prints a message, then hangs, so users should not rely on valid but unbootable devices being skipped. Fig. 37 shows a typical list of devices (“Hard Drive” entry contains all hard drives that also can be prioritized in this list). Usually it's a good idea to install identical bootloaders on all hard drives.
Fig. 37: BIOS setup — Boot screen, PXE is disabled
Fig. 38 shows the same list after Option ROM Scan was enabled in Onboard LAN Device screen (Fig. 34). Two additional devices are network adapters. To boot the server over the network, move the adapter corresponding to the network segment with DHCP and TFTP servers above other entries.
Fig. 38: BIOS setup — Boot screen, PXE is enabled
Exit screen allows to save or discard changes, reset the configuration (to the state without serial console) and/or restart the server.
Fig. 39: BIOS setup — Exit screen
When any of the actions is chosen on this screen, additional confirmation dialog box appears. If the action involves “Exit”, the server reboots, and boots up with updated configuration. BIOS setup does not provide means for powering off the server.
Fig. 40: BIOS setup — Exit confirmation
To reset BIOS configuration stored in CMOS, while the server is off, remove the jumper from JBAT1 pins 1-2, and shorten pins 2-3, then return the jumper in its original position. JBAT1 jumper pins are located on the motherboard near the battery, and marked “JBAT1”.
Be aware that after configuration reset serial console is disabled, so you will need VGA + keyboard console to configure BIOS after this operation. Record all settings that you may need to keep, before performing BIOS reset.
Do not change the position of JBAT1 jumper while the server is on.
When PXE is enabled, a server can be booted from the network — both network parameters and boot image are downloaded over the network, without any local storage involved. PXE can be used to boot diskless computers, to install an OS over the network, to copy a preconfigured disk image or “clone” a disk, or to run an easily reconfigured environment on a large number of servers, with OS and executables being supplied by some servers, and local storage used for local data or temporary cache.
To boot a server (or many servers) with PXE, the system administrator has to configure DHCP and TFTP servers. DHCP server should provide network parameters and the location of boot image file on a TFTP server. TFTP server should provide the boot image that a computer that is booting over PXE will download and run.
In a Linux, FreeBSD or other Unix-like environment a common set of software used for PXE boot-up is ISC DHCP server and tftp-hpa TFTP server.
To provide the boot image name, change the dhcpd.conf file entry for the server that is being booted by DHCP, to include a boot image:
group {
server-name "serverbox-1";
option domain-name "example.com"
option domain-name-servers serverbox-1.example.com;
host serverbox-2 {
hardware ethernet 00:0C:76:AD:4C:16;
fixed-address 192.168.10.10;
filename "/debian-installer/amd64/pxelinux.0";
}
}
The boot image, and other associated files that it may request, should be placed under TFTP server's root directory, so filename option matches the full pathname with root assumed to be TFTP server's root directory (usually /tftpboot). In this example, Debian Etch netboot bootloader image pxelinux.0 is placed under the /tftpboot/debian-installer/amd64 directory, what corresponds to the netboot directory layout provided on the Debian FTP site. Permissions on those files should be world-readable, and writable only by root or other administrator user.
Usually more files in the same directory hierarchy contain the bootloader's configuration, archives, filesystem images, etc. — they are downloaded from the same TFTP server by the original boot image. In the case of Debian installer, pxelinux.cfg/default file contains the options used for booting, so if the server is booted over the serial console, it should be edited to configure matching serial port parameters and other necessary kernel options:
SERIAL 0 19200 0
DISPLAY debian-installer/amd64/boot-screens/boot.txt
F1 debian-installer/amd64/boot-screens/f1.txt
DEFAULT install
LABEL install
kernel debian-installer/amd64/linux
append vga=normal initrd=debian-installer/amd64/initrd.gz ↵
→ ramdisk_size=13746 root=/dev/ram rw nomce console=ttyS2,19200n8 --
PROMPT 1
TIMEOUT 0
“append” line is a single text line, it is split in two to fit this page. Some lines with additional boot options and help text files are omitted for brevity — use the actual configuration file in the distribution as a template for editing.
Once the configuration files and boot images are installed, and services are running, configure PXE as the default boot device in BIOS setup. After rebooting, network will be auto-configured with DHCP, and boot image will be downloaded over TFTP and booted on the system:
Fig. 41: PXE Debian Linux installer boot prompt
Please note that this particular installer is capable of running on a serial console, however it does not automatically configure a serial console login or any remote login service on the installed system, so by default this will produce a server that can not be administered remotely. To prevent that, after installation manually edit, or replace with a pre-made copy, GRUB /boot/grub/menu.lst file and INIT /etc/inittab files in corresponding filesystems (not the ramdisk root filesystem used by the installer itself).
Please note that even though this example is used for installation and involves interaction with the user, many other PXE-bootable images are made for unattended installation or booting of multiple computers in large setups. DHCP and TFTP are not designed to be secure on a physically insecure network, so PXE booting should never be enabled on the network where a malicious user can install a computer with his own DHCP and TFTP servers. Also files available by TFTP should not contain any sensitive information such as keys and passwords, or TFTP should be only available within a physically secure network.
One possible solution for a secure setup with PXE involves the use of a separate network segment, connected to the interfaces with PXE enabled, while all services are available on another interface, with PXE disabled. Placing servers and all other clients on different subnets, or implementing various kinds of packet filtering on network switches may also be used for this purpose, however physical separation of interfaces is the simplest and therefore most reliable way to achieve this goal.
Similar security precautions may be necessary for various kinds of network-attached storage, that is commonly used in a combination with PXE on diskless servers.
LCD screen on the front panel is a 16x2 characters panel, connected to the parallel port in a 8-bit (A.K.A. “Winamp”) configuration, supported by various software. Servers shipped with Linux and FreeBSD run LCDd from lcdproc package to provide other software a common way to display system identification, resources usage, hardware monitoring information, alerts and messages from the remote system administrator.
Fig. 42: Front panel LCD
Among other packages provided for this LCD, is showsensors utility that displays hardware sensors information (CPU and motherboard components' temperatures, voltages, fan speed, etc.) taken from lm_sensors package. Additionally, various monitoring utilities, loggers, desktop applets, etc. use lm_sensors and other operating systems' sensors-reading utilities to display and record sensors' data or recognize emergency situations. Screenshots on Fig. 24 - 25 include two temperature monitoring applets on the top panel, among other system monitoring utilities.
Temperature data, collected from some sensors may be slightly nonlinear and/or shifted by some offset value due to particular positioning of sensors and lack of hardware calibration. Various BIOS versions may introduce their own configuration changes that affect reported temperatures, and those values may change after BIOS re-flashing to a different version. lm_sensors configuration files provided with the systems, or on the server manufacturer's web and FTP sites, are set for the average known offset values, however users should be aware that CPU temperatures shown by all monitoring utilities, are approximate.