Dell IDRAC6 manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Dell IDRAC6. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Dell IDRAC6 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Dell IDRAC6 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation Dell IDRAC6 devrait contenir:
- informations sur les caractéristiques techniques du dispositif Dell IDRAC6
- nom du fabricant et année de fabrication Dell IDRAC6
- instructions d'utilisation, de réglage et d’entretien de l'équipement Dell IDRAC6
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Dell IDRAC6 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Dell IDRAC6 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Dell en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Dell IDRAC6, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Dell IDRAC6, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Dell IDRAC6. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    Integrated Dell Remote Access Controller 6 (iDRAC6) V ersion 1.5 User Guide[...]

  • Page 2

    Notes and Cautions NOTE: A NOTE indicates important information that helps you make b etter use of your computer . CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. ___________________ Information in this publication is subject to change without notice. © 2010 Dell Inc. All rights reserved.[...]

  • Page 3

    Contents 3 Contents 1 iDRAC6 Overview . . . . . . . . . . . . . . . . . . . 19 iDRAC6 Express Management Features . . . . . . . . . 19 iDRAC6 Enterprise and vFlash Media . . . . . . . . . . 21 Supported Platforms . . . . . . . . . . . . . . . . . . . 25 Supported Operating Sy stems . . . . . . . . . . . . . . 25 Supported W eb Browsers . . . . . . [...]

  • Page 4

    4 Contents Configuring iDRAC6 . . . . . . . . . . . . . . . . . 36 Installing the Software on the Managed Sy stem . . . . 37 Installing the Software on the Management Station . . . . . . . . . . . . . . . . . . . 37 Installing and Removing RACADM on a Linux Management Station . . . . . . . . . . 37 Installing RACADM . . . . . . . . . . . . . . . . [...]

  • Page 5

    Contents 5 Logging Out . . . . . . . . . . . . . . . . . . . . . 48 Using Multiple Browser T abs and Windows . . . . 48 Configuring the iDRAC6 NIC . . . . . . . . . . . . . . . 49 Configuring the Network and IPMI LAN Settings . . . . . . . . . . . . . . . . . 49 Configuring IP Filter in g and IP Blocking . . . . . . 55 Configuring Pl atform Events [...]

  • Page 6

    6 Contents Remote File Share . . . . . . . . . . . . . . . . . . . . 82 Internal Dual SD Module . . . . . . . . . . . . . . . . . 84 Viewing Inte rnal Dual SD Modu le Status Using GUI . . . . . . . . . . . . . . . . . . 85 5 Advanced iDRAC6 Configuration . . . . . . 87 Before Y ou Begin . . . . . . . . . . . . . . . . . . . . . 87 Configuring iDRAC[...]

  • Page 7

    Contents 7 Configuring Serial and T erminal Modes . . . . . . . . 106 Configuring IPMI and iDRAC6 Serial . . . . . . . . 106 Configuring T erminal Mode . . . . . . . . . . . . . 108 Configuring the iDRA C6 Network Settings . . . . . . . 109 Accessing the iDRA C6 Through a Network . . . . . . . 109 Using RACADM Remotely . . . . . . . . . . . . . . .[...]

  • Page 8

    8 Contents Uploading, Viewing, and Dele ting SSH Key s Using the iDRAC6 W eb-Based Interface . . . . . . . . . . . . . . . 136 Uploading, Viewing, and Dele ting SSH Key s Using RACADM . . . . . . . . . . . . 138 Using the RACADM Utility to Configure iDRAC6 Users . . . . . . . . . . . . . . . . . . . . . . 139 Before Y ou Begin . . . . . . . . . . .[...]

  • Page 9

    Contents 9 Configuring Extended Schema Active Directory to Access Y our iDRAC6 . . . . . . . . . . . . 152 Extending the Active Directory Schema . . . . . . 153 Installing Dell Extension to Microsoft Active Directory Users and Computers Snap-In . . . . . . . . . . . . . . . . . 159 Adding iDRAC Users and Privileges to Microsoft Active Directory . .[...]

  • Page 10

    10 Contents 8 Configuring iDRAC6 for Single Sign-On or Smart Card Login . . . . . . . . 187 About Kerberos Authentication . . . . . . . . . . . . 187 Prerequisites for Active Directory SSO and Smart Card Authentication . . . . . . . . . . 188 Using Microsoft Active Directory SSO . . . . . . . . 191 Configuring iDRAC6 to Use SSO . . . . . . . . . 19[...]

  • Page 11

    Contents 11 Internet Explorer Browser Configurations for ActiveX based V irtual Console and Virtual Media Applications . . . . . . . . . . . . . 207 Supported Screen Resolutions and Refresh Rates . . . . . . . . . . . . . . . . . 208 Configuring V irtual Console in the iDRAC6 W eb Interface . . . . . . . . . . . . . . . 208 Opening a Virtual Consol[...]

  • Page 12

    12 Contents 12 Deploying Y our Operating Sy stem Using VMCLI . . . . . . . . . . . . . . . 239 Before Y ou Begin . . . . . . . . . . . . . . . . . . . . 239 Remote Sy stem Requirements . . . . . . . . . . 239 Network Requirements . . . . . . . . . . . . . . 239 Creating a Bootable Image File . . . . . . . . . . . . 240 Creating an Image File for Li[...]

  • Page 13

    Contents 13 14 Configuring and Using V irtual Media . . . . . . . . . . . . . . . . . . . . 255 Overview . . . . . . . . . . . . . . . . . . . . . . . . . 255 Windows-Based Management Station . . . . . . 256 Linux-Based Management Station . . . . . . . . . 257 Configuring Virtual Media . . . . . . . . . . . . . . . . 257 Running Virtual Media . . .[...]

  • Page 14

    14 Contents Managing vFlash Partitions Using iDRAC6 W eb Interface . . . . . . . . . . . . . . . . . 274 Creating an Empty Partition . . . . . . . . . . . . 274 Creating a Partition Using an Image File . . . . . 276 Formatting a Partition . . . . . . . . . . . . . . . 278 Viewing A vailable Partitions . . . . . . . . . . . 279 Modifying a Partition[...]

  • Page 15

    Contents 15 Using the W eb-Based Interface . . . . . . . . . . 291 Using RACADM . . . . . . . . . . . . . . . . . . . 292 Viewing Power Budget . . . . . . . . . . . . . . . . . 293 Using the W eb Interface . . . . . . . . . . . . . . 293 Using RACADM . . . . . . . . . . . . . . . . . . . 293 Power Budget Threshold . . . . . . . . . . . . . . . . 29[...]

  • Page 16

    16 Contents LAN User Configuration . . . . . . . . . . . . . . 311 Reset to Default . . . . . . . . . . . . . . . . . . 311 Sy stem Event Log Menu . . . . . . . . . . . . . 314 Exiting the iDRAC6 Configuration Utility . . . . . 314 18 Monitoring and Alert Management . . . . 315 Configuring the Managed Sy stem to Capture the Last Crash Screen . . . [...]

  • Page 17

    Contents 17 Selecting Power Control Actions from the iDRAC6 CLI . . . . . . . . . . . . . . . . 326 Viewing Sy stem Information . . . . . . . . . . . . . . . 326 Main Sy stem Chassis . . . . . . . . . . . . . . . . 327 Remote Access Controller . . . . . . . . . . . . . 328 Using the Sy stem Event Log (SEL) . . . . . . . . . . . . 330 Using the Comm[...]

  • Page 18

    18 Contents Chassis Intrusion Probes . . . . . . . . . . . . . . . 341 Power Supplies Probes . . . . . . . . . . . . . . . . 342 Removable Flash Media Probes . . . . . . . . . . . . 342 Power Monitoring Probes . . . . . . . . . . . . . . . 342 T emperature Probe . . . . . . . . . . . . . . . . . . . 342 V oltage Probes . . . . . . . . . . . . . . .[...]

  • Page 19

    iDRAC6 Overview 19 1 iDRAC6 Overview Integrated Dell Remote Access Co ntroller6 (iDRAC6) is a systems ma n ag em e nt ha rd wa re an d so ft wa re so lu t io n th at p ro v id es rem o t e management capabilities , crashed system r ecovery , and power control functions for the Dell P owerEdge systems. The iDR AC6 use s an integrated Syst em-on-Chip[...]

  • Page 20

    20 iDRAC6 Overview • P rovides support for Microsoft Ac tive Dir ectory authentication — Centralizes iDRA C6 user IDs and pass words in Active Directory using an extended schema or a standard schema • P rovides a generic solution to support Lightweight Directory Access P rotocol (LDA P)-based authentication — This feature does not require a[...]

  • Page 21

    iDRAC6 Overview 21 •S M - C L P s u p p o r t — A d d s Server Manageme nt-Com mand Line Protocol (SM-CLP) support, which provides standards for systems management CLI implementations. • F irmwar e rollback and recovery — Allows you to boot from (or rollback to) the firmware image of your choice. F o r more inf ormation about iDR AC6 Expr e[...]

  • Page 22

    22 iDRAC6 Overview Connectivity Shared/F ailover Network Modes IPv4 VLAN T ag ging IPv6 Dynamic DNS Dedicated NIC Securit y and Authentic ation Role-based Authority Loca l Us er s SSL Encryption Active Directory Generic LD AP Support Tw o - f a c t o r Authentication 1 Single sign-on PK Authentication (for SSH) Remote Management and R emediation Re[...]

  • Page 23

    iDRAC6 Overview 23 Serial-over-LAN (with proxy) Serial-over-LAN (no proxy) P ower Capping Last Crash Sc reen Capture Boot Captur e Vir tu a l M ed i a 3 Virtual Console 3 Virtual Console Sharing 3 Remote Virtu al Console Launch vFlash Monitoring Sensor Monitoring and Alerting 2 Real-time P ower Monitoring Real-time P ower Graphing Historical P ower[...]

  • Page 24

    24 iDRAC6 Overview The iDRA C6 provides the fo llowing security featur es: • Single Sign-on, T w o-F actor Authentication, and Public K ey Authentication • User authentication through Active Dir ectory (optional), LD AP authentication (optional) or hard war e-stored user IDs and passwords • Role-based authorization, which enabl es an administ[...]

  • Page 25

    iDRAC6 Overview 25 • Configurable IP ports (where applicable) NOTE: T elnet does not support SSL encryption. • SSH, which uses an encrypted tr ansport layer for higher security • Login failure limits per IP address, wi th login blocking from the IP address when the limit is exceeded • Ability to limit the IP address rang e for clients conne[...]

  • Page 26

    26 iDRAC6 Overview Supported Remote Access Connections T able 1-2 lists the connection features. iDRAC6 Port s T able 1-3 lists the ports iDR AC6 li stens on for connections. T able 1-4 identif ies the ports t hat the iDRAC6 us es as a client. Thi s information is required when opening fir ewalls for remote access to an iDRA C6. T able 1-2. Support[...]

  • Page 27

    iDRAC6 Overview 27 Other Documents Y ou May Need In addition to this guide, the foll owing documents available on the Dell Support website at support.dell.com/manu als provide additional informati on about the setup and operation of the iDR A C6 in your system. On the Manuals page, click Software  Systems Management . Cli ck on the appropriat[...]

  • Page 28

    28 iDRAC6 Overview •T h e Dell OpenManage Management Stat ion Software Installation Guide contains instructions to help you install Dell OpenMana ge management station software that includes B aseboard Management Utility , DR AC T ools, and Active Directory Snap-In. • See the Dell OpenManage IT Assistant Us er ’s Guide for infor mation about [...]

  • Page 29

    iDRAC6 Overview 29 • Documentation for any components you purch ased separately pr ovides information to configure and install these options. • Updates are sometimes included with the system to describe changes to the system, software, and/or documentation. NOTE: Alway s read the updates first because they often supersede information in other d[...]

  • Page 30

    30 iDRAC6 Overview[...]

  • Page 31

    Getting Started With the iDRAC6 31 2 Getting Started With the iDRAC6 The iDRA C6 enables you to remotely monitor , troubleshoot, and repair a Dell system even when the system is down. The iDRAC6 offers features like Virtual Console, V irtual Media, Smart Car d authentication, and Single Sign- On (SSO). The management station is the system from whic[...]

  • Page 32

    32 Getting Started With the iDRAC6[...]

  • Page 33

    Basic Instal lation of the iDRAC6 33 3 Basic Installation of the iDRAC6 This section provide s information ab out h ow to install and set up your iD RAC 6 h ard w are a nd s of t wa re . Before Y ou Begin Ensure that you have the following it ems that were in cluded with your system, prior to installing a nd configuring th e iDRA C6 softwar e: • [...]

  • Page 34

    34 Basic Installation of the iDRAC6 Configuring Y our Sy stem to Use an iDRAC6 T o configure your system to use an iDR AC6, use the iDR A C6 Configuration Utility . T o run the iDRA C6 Configuration Utility : 1 T ur n on or restart your system. 2 P ress <C trl><E> when prompted during POST . If your operating system begins to load befor[...]

  • Page 35

    Basic Instal lation of the iDRAC6 35 • Shared with F ailover LOM2 — Select this option to share the network interface with the host operating system. The remote access device network interface is fully functional when the host operating system is configured for NIC teaming. The r emote access device receives data through NIC 1 and NIC 2, but tr[...]

  • Page 36

    36 Basic Installation of the iDRAC6 Software Installation and Configuration Overview This section provides a high-l evel overvi ew of the iDR AC6 softwar e installation and configuration process. F or more information on the iDR A C6 softwar e components, se e "Installing the Softwar e on the Manage d System" on page 37. Installing iDRAC6[...]

  • Page 37

    Basic Instal lation of the iDRAC6 37 Installing the Software on the Managed Sy stem Installing softwar e on the managed sy stem is optional. W ithout the managed system software , you cannot use the R ACADM locally , and the iDR A C6 cannot capture the last crash scr een. T o install the manag ed system software, install the software on the managed[...]

  • Page 38

    38 Basic Installation of the iDRAC6 NOTE: When you run Set up on the Dell Sy stems Management T ools and Documentation DVD, the RACADM utility for al l supported operating sy stems is installed on your management station. Installing RACADM 1 Log on as root to the system where you want to install the management station components. 2 If necessary , m[...]

  • Page 39

    Basic Instal lation of the iDRAC6 39 Updating the iDRAC6 Firmware Use one of the followi ng methods to update your iDRAC6 firmwar e. • W eb-based Interface (see "Updating the iDRA C6 F irmware Using the W eb-Ba sed Interface" on page 40) • R ACADM CLI (see "Updating the iDRA C6 F irmware Using RA CADM" on page 40) • Dell U[...]

  • Page 40

    40 Basic Installation of the iDRAC6 Updating the iDRAC6 Firmware Using the W eb-Based Interface F or detailed information, see "Updating the iDR AC6 F irmwar e/System Services Recovery Image" on page 7 7. Updating the iDRAC6 Firmware Using RACADM Y ou can update the iDRA C6 firmwar e using the CLI-based RA CADM tool. If you have installed[...]

  • Page 41

    Basic Instal lation of the iDRAC6 41 usb 5-2: device descriptor not accepting address 2, error -71 These errors ar e cos metic in natur e and sho uld be ignor ed. These messages are caused due to reset of the USB devices during the firmwar e update process and are harmless. Configuring a Supported W eb Browser The following sections provide instru [...]

  • Page 42

    42 Basic Installation of the iDRAC6 Viewing Localized Versions of the Web-Based Interface Windows The iDRA C6 W eb-based interface is supported on the following W indows operating system langua ges: •E n g l i s h •F r e n c h •G e r m a n •S p a n i s h •J a p a n e s e • Simplified Chinese T o view a localized version of the iDR AC6 W[...]

  • Page 43

    Basic Instal lation of the iDRAC6 43 LANG=zh_CN.UTF-8 LC_CTYPE="zh_CN.UTF-8" LC_NUMERIC="zh_CN.UTF-8" LC_TIME="zh_CN.UTF-8" LC_COLLATE="zh_CN.UTF-8" LC_MONETARY="zh_CN.UTF-8" LC_MESSAGES="zh_CN.UTF-8" LC_PAPER="zh_CN.UTF-8" LC_NAME="zh_CN.UTF-8" LC_ADDRESS="zh_CN.U[...]

  • Page 44

    44 Basic Installation of the iDRAC6[...]

  • Page 45

    Configuring the iDRAC6 Using the W eb Interface 45 4 Configuring the iDRAC6 Using the W eb Interface The iDRA C6 provides a W e b interface that enables you to configur e the iDRA C6 properties and users, perform r emote management tasks, and troubleshoot a remote (managed) system for problems. F or everyday systems management, use the iDRA C6 W eb[...]

  • Page 46

    46 Configuring the iDRAC6 Using the Web Interfa ce Accessing the W eb Interface T o access the iDRA C6 W eb interface, perform the following steps: 1 Open a supported W eb browser window . T o access the W e b interface using an IPv4 address, go to step 2. T o access the W e b interface using an IPv6 address, go to step 3. 2 Access the W eb interfa[...]

  • Page 47

    Configuring the iDRAC6 Using the W eb Interface 47 Logging In Y ou can log in as either a n iDRA C6 user or as a M icrosoft Active Directory user . The default user name and password for an iDR A C6 user ar e root and calvin , respect ively . Y ou must have been granted Log in t o iD R AC privilege by the administrator to log in to iDRAC6. T o log [...]

  • Page 48

    48 Configuring the iDRAC6 Using the Web Interfa ce Logging Out 1 In the upper -right corner of the main window , click Log o u t to close the session. 2 Close the browser window . NOTE: The Logout button does not appear until you log in. NOTE: Closing the browser without gracefully logging out may cause the session to remain open until it times out[...]

  • Page 49

    Configuring the iDRAC6 Using the W eb Interface 49 Configuring the iDRAC6 NIC This section assumes that the iDRA C6 has already been configured and is accessible on the network. See "Con fi guring iDRAC6" on page 36 for help with the initial iDRA C6 network configuration. Configuring the Network and IPMI LAN Settings NOTE: Y ou must have [...]

  • Page 50

    50 Configuring the iDRAC6 Using the Web Interfa ce 4 Click the appropriate button to continue. See T able 4-8. T able 4-2. Network Settings Setting Description NIC Select ion Configures the curr ent mode out of the four possible modes: • Dedicated • Share d (LOM1) • Shar ed with F ailover LOM2 • Share d with F ailover All LOMs NOTE: The Ded[...]

  • Page 51

    Configuring the iDRAC6 Using the W eb Interface 51 Aut o Negotiation If set to On , displays the Network Speed and Mode by communicating with the near est router or hub. If set to Off , allows you to set the Network Speed and Duplex Mode manually . If NIC Selection is not set to Dedicated , Au to Negotiation setting will always be enabled ( On) . N[...]

  • Page 52

    52 Configuring the iDRAC6 Using the Web Interfa ce DNS Domain Name The default DNS Domain Name is blank. When the Aut o Config Domain Name checkbox is selected, this option is disabled . T able 4-4. IPv4 Settings Setting Description Enable IPv4 If NIC is enabled, this selects IPv4 protocol support and sets the other fields in this section to be ena[...]

  • Page 53

    Configuring the iDRAC6 Using the W eb Interface 53 T able 4-5. IPv6 Settings Setting Description Enable IPv6 If the checkbox is selected, IPv6 is enabled. If the checkbox is not selected, IPv6 is disabled. The default is disabled. Autoconfiguration Enable Check this box to allow the iDR A C6 to obtain the IPv6 addr ess for the iDRA C6 NIC from the [...]

  • Page 54

    54 Configuring the iDRAC6 Using the Web Interfa ce P referred DNS Server Configures the stat ic IPv6 address for the pr eferr ed DNS server . T o change this setting, you must first uncheck U se DHCP to obtain DNS Server Addresses . Alternate DNS Server Configures the stat ic IPv6 addre ss for the alternate DNS server . T o change this setting, you[...]

  • Page 55

    Configuring the iDRAC6 Using the W eb Interface 55 Configuring IP Filtering and IP Blocking NOTE: Y ou must have Configure iDRAC permission to perform the following steps. 1 Click Remote Access  Network/Security and then click the Network tab to open the Network page. 2 Click Advanced Settings to configure the network security settings. T able 4[...]

  • Page 56

    56 Configuring the iDRAC6 Using the Web Interfa ce T able 4-9. Network Security Page Settings Settings Description IP Range En abled Enables the IP Range checking feature , which defines a range of IP addr esses that can access the iDR A C. The default is off . IP Range Address Determines the acceptable IP address bit pattern, depending on the 1&ap[...]

  • Page 57

    Configuring the iDRAC6 Using the W eb Interface 57 Configuring Platform Events Platform event configuration provid es a mechanism for configuring th e iDRA C6 to perform selected actions on certain ev ent messages. The acti ons include no action, reboot system, power cycle system, power off system, and generate an alert (Platform Ev ent T rap [PET][...]

  • Page 58

    58 Configuring the iDRAC6 Using the Web Interfa ce When a platform event occurs (for example, a battery warning assert), a system event i s generated and r ecor ded in the S ystem Event Log (SEL). If this event matches a plat form event filter (PEF) that is enabled and you hav e c onf ig ured the fil ter to gen er ate an a le rt (PE T or e- ma il) [...]

  • Page 59

    Configuring the iDRAC6 Using the W eb Interface 59 Configuring Platform Event Filters (PEF) NOTE: Configure platform event filters befo re you configure the platform event traps or e-mail alert settings. 1 Log in to the remote system using a supported W eb browser . See "Accessing the W eb Interface" on page 46. 2 Click System  Aler[...]

  • Page 60

    60 Configuring the iDRAC6 Using the Web Interfa ce 4 In the IPv4 Destination List or the IPv6 Destination List , do the follo wing for the Destination Number to configure the IPv4 or IPv6 SN MP alert destination: a Select or clear the State checkbox. A selected ch eckbox indicates that the IP address is enabled to rece ive the alerts. A clear check[...]

  • Page 61

    Configuring the iDRAC6 Using the W eb Interface 61 3 Click System  Alerts  Email Alert Settings . 4 In the Destination Email Addresses table, do the following to configure a destination address for the Email Alert Number : a Select or clear the State checkbox. A selected chec kbox indicates that the email address is enabled to re ceive the al[...]

  • Page 62

    62 Configuring the iDRAC6 Using the Web Interfa ce Under IPMI LAN Settings in the Encryption K ey field, type the encryption key a nd click Apply . NOTE: The encryption key must consist of an even number of hexadecimal characters with a maximum of 40 characters. 3 Configure IPMI Serial over LAN (SOL). a In the System tree, click Rem ot e Ac ce s s [...]

  • Page 63

    Configuring the iDRAC6 Using the W eb Interface 63 f Ensur e that the serial MUX is set correctly in the managed system’s BIOS Setup program. • Restart your system. • During POST , pr ess <F2> to enter the BIOS Setup program. • Navigate to Serial Communication . •I n t h e Serial Connection menu, ensure that External Serial Connecto[...]

  • Page 64

    64 Configuring the iDRAC6 Using the Web Interfa ce Securing iDRAC6 Communi cations Using SSL and Digital Certificates This section provides info rmation about the following data security features that are incorporated in your iDR A C: • Secure Sock ets Layer (SSL) • Certificate Signing Request (CSR) • Accessing SSL through the W eb-based Inte[...]

  • Page 65

    Configuring the iDRAC6 Using the W eb Interface 65 Certificate Signing Request (CSR) A CSR is a digital request to a CA f or a se cure server certificate. Secur e server certificates allow clients of the server to trust the identity of the server the y have connected to and to negotiate an encrypted session with the server . A Certificate A uthorit[...]

  • Page 66

    66 Configuring the iDRAC6 Using the Web Interfa ce Generating a Certificate Sign ing Request NOTE: Each new CSR overwrites any previous CSR data stored on the firmw are. Before iDRAC can accept your signed CSR, the CSR in the firmware should match the certificate returned from the CA. 1 On the SSL page, select Generate Certificate Signing R equest [...]

  • Page 67

    Configuring the iDRAC6 Using the W eb Interface 67 T able 4-13. Generate Certificate Signing Request (CSR) Attributes Field Description Common Name The exact name being certified (usually the iDR AC’s domain name, for example, www .xyzcompany .com ). Alphanumeric characters, hyphens, underscores, space s, and periods are valid. Organization Name [...]

  • Page 68

    68 Configuring the iDRAC6 Using the Web Interfa ce Uploading a Server Certificate 1 On the SSL page, select Upload Server Certificate and click Next . The Upload Server Certificate page is displa yed. 2 In the Fi l e Pa t h field, type the path of the certifica te in the Va l u e field or click Browse to navigate to the certificate file. NOTE: The [...]

  • Page 69

    Configuring the iDRAC6 Using the W eb Interface 69 Viewing a Server Certificate 1 On the SSL page, select V iew Ser ver Certificate and click Next . The V iew Ser ver Certificate page displays the server certific ate that you uploaded to the iDRAC. T able 4-16 describ es the fields and associated desc riptions listed in the Certifica te table. 2 Cl[...]

  • Page 70

    70 Configuring the iDRAC6 Using the Web Interfa ce Configuring and Managing Active Directory The page enable s you to conf igur e an d manage Active Directory settings. NOTE: Y ou must have Configure iDRAC permission to use or configure Active Directory . NOTE: Before configuring or using the Active Directory feature, ensure that your Active Direct[...]

  • Page 71

    Configuring the iDRAC6 Using the W eb Interface 71 User Domain Name This value holds up to 40 User Domain entries. If configur ed, the list of user domain names will appear in the login page as a pull-down menu for the login user to choose from. If not configured, Active Dir ectory users are s t i ll ab l e t o l o g i n b y e n t e r i n g t h e u[...]

  • Page 72

    72 Configuring the iDRAC6 Using the Web Interfa ce Active Directory CA Certificate Certif icate The certificate of the Certificate A uthority that signs all the domain controllers’ Security Sock et Layer (SSL ) server certificate. Extended Schema Settings iDRA C Name : Specifies t he name that uniquely identifies the iDR AC in Act ive Directory .[...]

  • Page 73

    Configuring the iDRAC6 Using the W eb Interface 73 Configuring and Managing Generic LDAP iDRA C6 provides a generic solution to support Lightweight Directory Access P rotocol (LD AP)-based authentication . This feature does not r equir e any schema extension on your dir ectory se rvices. F or information on configuring generic LDAP Dir ectory Servi[...]

  • Page 74

    74 Configuring the iDRAC6 Using the Web Interfa ce • A utomated System Recovery (ASR) Agent — see T able 4-26 for ASR Agent settings. 3 Click Apply . 4 Click the appropriate button to continue. See T able 4-27. T able 4-20. Local Configuration Setting Description Disable the iDR AC Local Configuration using option ROM Disables local configurati[...]

  • Page 75

    Configuring the iDRAC6 Using the W eb Interface 75 HTTP Port Number The port on which the iDRA C6 listens for a browser connection. The default is 80 . HTTPS Po rt Number The port on which the iDRA C6 listens for a secur e browser connection. The default is 443 . T able 4-22. SSH Settings Setting Description Enabled Enables or disable SSH. When che[...]

  • Page 76

    76 Configuring the iDRAC6 Using the Web Interfa ce T imeout The T elnet idle timeout in seconds. Timeout range is 60 to 10800 seconds. Enter 0 seconds to disable the Timeout feature. The default is 1800 . Po r t N u m b e r The port on which the iDR AC6 listens for a T elnet connection. The default is 23 . T able 4-24. Remote RACADM Settings Settin[...]

  • Page 77

    Configuring the iDRAC6 Using the W eb Interface 77 Updating the iDRAC6 Firm ware/Sy stem Services Recovery Image NOTE: If the iDRAC6 firmware becomes co rrupted, as could occur if the iDRAC6 firmware update progress is interrupted before it completes, you can recover the iDRAC6 using the iDRAC6 Web interface. NOTE: The firmware update, by default, [...]

  • Page 78

    78 Configuring the iDRAC6 Using the Web Interfa ce The following message will be displayed until the process is complete: File upload in progress... 5 On the Status (page 2 of 3) page, you will see the results of the validation performed on the image file you uploaded. • If the image file uploaded successfully and passed all verification checks, [...]

  • Page 79

    Configuring the iDRAC6 Using the W eb Interface 79 iDRAC6 Firmware Rollback iDRA C6 has the provision to maintain two simultaneous firmware images. Y ou can choose to boot from (or rollback to) the firmware image of your choice. 1 Open the iDRA C6 W eb-based interface and log in to the remote system. Click System  Remote Access , and then click [...]

  • Page 80

    80 Configuring the iDRAC6 Using the Web Interfa ce The Remote Syslog entries are User Datagram P rotocol (UDP) packets sent to the Remote Syslog server ’s syslog po rt. If network failur es occur , iDRA C6 does not send the same log agai n. The re mote logging happens real - time as and when the logs ar e r ecor ded in iDR A C6 ’ s R AC log and[...]

  • Page 81

    Configuring the iDRAC6 Using the W eb Interface 81 racadm config –g cfgRemoteHosts –o cfgRhostsSyslogServer2 < servername2 >; default is blank racadm config –g cfgRemoteHosts –o cfgRhostsSyslogServer3 < servername3 >; default is blank racadm config –g cfgRemoteHosts –o cfgRhostsSyslogPort < portnumber >; default is 514[...]

  • Page 82

    82 Configuring the iDRAC6 Using the Web Interfa ce Remote File Share iDRA C6 Remote F ile Share (RF S) featur e allows you to specify an ISO or IMG image file located on a network shar e and make it avail able to the managed server ’s operating system as a virtual drive by mounti ng it as a CD/DVD or Floppy using a Network F ile System (NFS) or C[...]

  • Page 83

    Configuring the iDRAC6 Using the W eb Interface 83 T o enable remote file sharing throug h the iDR AC6 W eb interf ace, do the follo wing: 1 Open a supported W eb browser window . 2 Log in to iDRA C6 W eb interface. 3 Select the System  Rem ot e F il e S ha r e tab. The Rem ot e Fil e S h ar e screen is displayed. T able 4-30 lists the r emot[...]

  • Page 84

    84 Configuring the iDRAC6 Using the Web Interfa ce • –l <image_location> ; image location on the network share; use double quotes around the location • –s ; display current status NOTE: The maximum number of characters supported for User Name and Password is 40 and for Image File Path it is 511. All characters including alphanumeric a[...]

  • Page 85

    Configuring the iDRAC6 Using the W eb Interface 85 Using iDRA C you can view the status, health, and availability o f IDSDM. The SD car d r edundancy status and fa ilur e events ar e log ged to SEL, displayed on LCD, and PET alerts are generated if alerts are enabled. Viewing Internal Dual SD Module Status Using GUI 1 Log in to the iDRA C W eb GUI.[...]

  • Page 86

    86 Configuring the iDRAC6 Using the Web Interfa ce T able 4-32. SD Card States SD Card State Description SD1 and SD2 Boot The controller is powering up. Active The car d receives all SD writes and is used for SD reads. Standby The card is the secondary card. It is r eceiving a copy of the all the SD r eads. F ailed An error is re ported during a SD[...]

  • Page 87

    Advanced iDRAC6 Configuration 87 5 Advanced iDRAC6 Configuration This section provide s information ab out advanced iDRAC6 configuration and is recommended for users with advanced knowledge of systems management and who want to cust omize the iDRAC6 environment to suit their specific needs. Before Y ou Begin Y ou should have completed the basi c in[...]

  • Page 88

    88 Advanced iDRAC6 Configuration failsafe baud rate....115200 remote terminal type....vt100/vt220 redirection after boot....Enabled Then, select Save Changes . 5 P ress <Esc> to e xit the System Setup program and complete the System Setup program configuration. Configuring the iDRAC6 Settin gs to Enable SSH/T elnet Next, configur e the iDR AC[...]

  • Page 89

    Advanced iDRAC6 Configuration 89 console com2 The console -h com2 command displays the contents of the serial history buffer before waiting for input from the k eyboard or new characters from the serial port. The default (and maximum) size of the history buffer is 8192 characters. Y ou can set this number to a sm aller value using the command: raca[...]

  • Page 90

    90 Advanced iDRAC6 Configuration NOTE: When you configure the client VT10 0 emulation window , set the window or application that is displaying the redirected Virtual Console to 25 rows x 80 columns to ensure proper text display; otherwise, some text screens may be garbled. 1 Enable Te l n e t in Windows Component Services . 2 Connect to the iDRA C[...]

  • Page 91

    Advanced iDRAC6 Configuration 91 Using the Secure Shell (SSH) It is critical that your system’s de vices and device mana geme nt are secur e. Embedded connected devices ar e the co r e of many business processes. If these devices are compromised, your business ma y be at risk, which requir es new security demands for co mmand line interf ace (CLI[...]

  • Page 92

    92 Advanced iDRAC6 Configuration NOTE: SSHv1 is not supported. Configuring Linux for Serial Console During Boot The following steps are specific to th e Linux GRand Unifie d Bootloader (GRUB). Similar changes would be necessary if you use a differ ent boot loader . NOTE: When you configure the client VT100 emulation window , set the window or appli[...]

  • Page 93

    Advanced iDRAC6 Configuration 93 2 Append two options to the kernel line: kernel ............. console=ttyS1,115200n8r console=tty1 3 If the /etc/grub.conf contains a splashimage directive, comment it out. T able 5-2 provides a sample /etc/grub.conf file that shows the changes described in this procedure. T able 5-2. Sample File: /etc/grub.conf # g[...]

  • Page 94

    94 Advanced iDRAC6 Configuration When you edit th e /etc/grub.co nf file, use the following guidelines: 1 Disable GRUB's graphical interface and use the text-based interface; ot he r wi se , t he G RU B s cre e n w il l n o t b e d is pl a ye d i n RAC Vi rt ua l Co ns ol e. T o disable the graphical interface, comment out the line starting wi[...]

  • Page 95

    Advanced iDRAC6 Configuration 95 T able 5-3 shows a sample file with the new line. T able 5-3. Sample File: /etc/innitab # # inittab This file describes how the INIT process should set up # the system in a certain run-level. # # Author: Miquel van Smoorenburg # Modified for RHS Linux by Marc Ewing and Donnie Barnes # # Default runlevel. The runleve[...]

  • Page 96

    96 Advanced iDRAC6 Configuration # Things to run in every runlevel. ud::once:/sbin/update # Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -t3 -r now # When our UPS tells us power has failed, assume we have a few # minutes of power left. Schedule a shutdown for 2 minutes from now. # This does, of course, assume you have power installed and your[...]

  • Page 97

    Advanced iDRAC6 Configuration 97 Edit the file /etc/securetty as follows: Add a new line wi th the name of th e serial tty for COM2: ttyS1 T able 5-4 shows a sample file with the new line. Configuring iDRAC6 fo r Serial Connection Y ou can use any of the following interf aces for connecting to the iDRAC6 via serial connection: •i D R A C 6 C L I [...]

  • Page 98

    98 Advanced iDRAC6 Configuration T o set up your system to use any of these interfaces, perform the following steps. 1 Configure the BIOS to enable serial connection: a T ur n on or restart your system. b Pr ess <F2> immediately after you see the following message: <F2> = System Setup c Scroll down and select Serial Communication by pre[...]

  • Page 99

    Advanced iDRAC6 Configuration 99 When you are connected serially with the previous settings, you should see a login prompt. Enter the iDR AC6 username and pass word (default values are root , calvin , r espectively). F rom this interface, you can e xecute such featur es as RA CADM. F or example, to print out the System Event Log, enter the followin[...]

  • Page 100

    100 Advanced iDRAC6 Configuration 4 Click Apply Changes . F or more information about Direct Connect Basic and Direct Connect T ermin al modes, see " Configuring Serial and T erminal Modes" on page 106. Direct Connect Basic mode will enable you to use such tools as ipmish directly through the serial connection. F or example, to print the [...]

  • Page 101

    Advanced iDRAC6 Configuration 101 Switching Between R AC Serial Interface Communication Mode a nd Serial Console iDRA C6 supports Escape key sequences that allow switching between R AC Serial Interface communica tion and Serial Console. T o set your system to allo w th is behavior , do the following: 1 T urn on or restart your system. 2 P ress <[...]

  • Page 102

    102 Advanced iDRAC6 Configuration T o switch to RA C Serial Interface Communication Mode when in Serial Console Mode, us e the following key s equence: <Esc> +<Shift> <9> The key sequence above directs you either to the " iDRA C Log in " prompt (if the R AC i s set to " RAC S e r i a l " mode) or to the " [...]

  • Page 103

    Advanced iDRAC6 Configuration 103 Configuring the Management Station T erminal Emulation Software iDRA C6 supports a serial or T elnet te xt console from a management station running one of the following types of terminal emulation softwar e: • Linux Minicom in an Xterm • Hilgraeve’s HyperT erminal Private Edition (version 6.3) • Linux T el[...]

  • Page 104

    104 Advanced iDRAC6 Configuration 7 P ress <e> and set the Bps/P ar/Bits option to 57600 8N1 . 8 Pre s s < f > a n d s e t Hardware Flow Control to Ye s and set Software Flow Control to No . 9 To e x i t t h e Serial P ort Setup menu, press <Enter>. 10 Select Modem and Dialing and press <Enter>. 11 In the Modem Dialing and P[...]

  • Page 105

    Advanced iDRAC6 Configuration 105 Configuring HyperT erminal for Serial Console HyperT erminal is the Microsoft W i ndows se rial port access utility . T o set the size of your Virtual Console scr e en appropriately , use H ilgraeve’s HyperT erminal Private Edition version 6.3. CAUTION: All versions of the Microsoft Windows operating sy stem incl[...]

  • Page 106

    106 Advanced iDRAC6 Configuration Configuring Serial and T erminal Modes Configuring IPMI and iDRAC6 Serial 1 Expand th e System tree and click Remote Access . 2 Click the Network/Security tab and then click Serial . 3 Configure the IPMI serial settings. See T able 5-8 for description of th e IPMI serial settings. 4 Configure the iDR AC6 serial set[...]

  • Page 107

    Advanced iDRAC6 Configuration 107 Flow Control • None — Ha rdwar e Flow Contro l Off • RTS/ CTS — H ard wa re F lo w Co nt ro l O n Channel P rivilege Lev el Li m it • Administrat or •O p e r a t o r •U s e r T able 5-9. iDRAC6 Serial Settings Setting Description Enabled Enables or disables the iDRA C6 serial console. Checked= Enabled[...]

  • Page 108

    108 Advanced iDRAC6 Configuration Configuring T erminal Mode 1 Expand th e System tree and click Remote Access . 2 Click the Network/Security tab and then click Serial . 3 In the Serial page, click T erminal Mode Settings . 4 Configure the terminal mode settings. See T able 5-11 for description of the terminal mode settings. 5 Click Apply Changes .[...]

  • Page 109

    Advanced iDRAC6 Configuration 109 Configuring the iDRAC6 Network Settings CAUTION: Changing your iDRAC6 Network setti ngs may disconnect your current network connection. Configur e the iDR A C6 ne twork settings using one of the following tools: • W eb-based Interface — See "Configu ring the iDRA C6 NIC" on page 49 • R ACADM CLI —[...]

  • Page 110

    110 Advanced iDRAC6 Configuration T able 5-13 describes each iDR A C6 interface. T able 5-13. iDRAC6 Interfaces Interface Description W eb-based interface P rovides remote access to the iDR AC6 using a graphical user interface. The W eb-based interface is built into the iDRA C6 firmware and is acce ssed through the NIC interface from a supported W [...]

  • Page 111

    Advanced iDRAC6 Configuration 111 NOTE: The iDRAC6 default user name is root and the default password is calvin . Y ou can access the iDRA C6 W eb-ba sed interface through the iDR AC6 NIC by using a supported W eb browser , or through Server Administrator or IT Assistant. T o acce ss the iDRA C6 remote access interfa ce using Server Administrato r [...]

  • Page 112

    112 Advanced iDRAC6 Configuration NOTE: If the sy stem from where you are accessing the remote sy stem does not have an iDRAC6 certificate in its default cer tificate store, a message is displayed when you type a RACADM command . For more in formation about iDRAC6 certificates, see "Securing iDRAC6 Co mmunications Using SSL and Digital Certifi[...]

  • Page 113

    Advanced iDRAC6 Configuration 113 RACADM Synopsis racadm -r <iDRAC6 IP Address> -u <username> -p <password> <subcommand> <subcommand options> racadm -i -r <iDRAC6 IP Address> <subcommand> <subcommand options> Fo r e x a m p l e : racadm -r 192.168.0.120 -u root -p calvin getsysinfo racadm -i -r 192.16[...]

  • Page 114

    114 Advanced iDRAC6 Configuration Enabling and Disabling the RACADM Remote Capability NOTE: It is recommended that you run t hese commands on your local sy stem. The RACADM remote capability is enabled by default. If disabled, type the following RACADM command to enable: racadm config -g cfgRacTuning -o cfgRacTuneRemoteRacadmEnable 1 T o disable th[...]

  • Page 115

    Advanced iDRAC6 Configuration 115 T able 5-15. RACADM Subcommands Command Description help Lists iDRA C6 subcommands. help <subcommand> Lists usage statement for the specified subcommand. arp Displays the contents of the AR P table. ARP table entries may not be added or deleted. clearasrscreen Clears the last ASR (crash) screen (last blue scr[...]

  • Page 116

    116 Advanced iDRAC6 Configuration getracl og Displays the iDR AC6 log. clrsel Clears the System Event Log entries. gettracelog Displays the iDRA C6 trace log. If used w ith -i , the command displays the number of entries in the iDR A C6 trace log. sslcsrgen Generates and downloads the SSL CSR. sslcertupload Uploads a CA certificate or server certif[...]

  • Page 117

    Advanced iDRAC6 Configuration 117 Frequently Asked Que stions About RACADM Error M essages After performing an iDRAC6 reset (u sing the racadm ra creset command), I issue a command and th e follow ing message is displayed: ERROR: Unable to connect to RAC at specified IP address What does this message mea n? Y ou must wait until the iDRA C6 complete[...]

  • Page 118

    118 Advanced iDRAC6 Configuration Configuring Multiple iDRAC6 Controllers Using RA CADM, you can configure one or more iDR AC6 controllers with identical properties. Whe n you query a specific iDR AC6 controller using it s group ID and object ID, R ACADM creates the racadm.cfg configuration file from the retrieved information. By e xpo rting the fi[...]

  • Page 119

    Advanced iDRAC6 Configuration 119 • Display all configuration properties in a gr oup (specified by group name and inde x) • Display all configuration properties for a us er by user name The config subcommand loads the inform ation into the other iDRAC6. Use config to synchronize the user and pa ssword da tabase with Ser ver Administrator . The [...]

  • Page 120

    120 Advanced iDRAC6 Configuration error is found in the .cfg file. The user must corr ect all errors befor e any configuration can take place. The - c option may b e used i n the config subcommand, which verifies syntax only and does not perform a write operation to the iDR AC6. Use the following guidel ines when you create a .cfg file: • If the [...]

  • Page 121

    Advanced iDRAC6 Configuration 121 Parsing Rules • All lines that start with '#' are treated as comments. A comment line must start in column one. A '#' char acter in any other column is treated as a '#' character . Some modem parameters may include # characters in its string. An escape character is not requir ed. Y o[...]

  • Page 122

    122 Advanced iDRAC6 Configuration • All parameters are specified as "objec t=value" pairs with no white space between the object, =, or value. White spaces that are included after the value a re i gnor ed. A wh ite spac e inside a value string remains unmodified. Any character to the right of the '=' is taken as is (for exampl[...]

  • Page 123

    Advanced iDRAC6 Configuration 123 cfgNicGateway=10.35.10.1 This file will be updated as follows: # # Object Group " cfgLanNetworking " # [cfgLanNetworking] cfgNicIpAddress=10.35.9.143 # comment, the rest of this line is ignored cfgNicGateway=10.35.9.1 The command racadm config -f myfile.cfg parses the file and identifies any errors by lin[...]

  • Page 124

    124 Advanced iDRAC6 Configuration The following is a n example of how th e command may be used to configure desired LAN network pr operties. racadm config -g cfgLanNetworking -o cfgNicEnable 1 racadm config -g cfgLanNetworking -o cfgNicIpAddress 192.168.0.120 racadm config -g cfgLanNetworking -o cfgNicNetmask 255.255.255.0 racadm config -g cfgLanNe[...]

  • Page 125

    Advanced iDRAC6 Configuration 125 iDRAC6 Modes The iDRA C6 can be configur ed in one of four modes: •D e d i c a t e d •S h a r e d • Shared with F ailover LOM2 • Shared with F a ilover All LOMs T able 5-16 provides a description of each mode. Frequently Asked Ques tions about Network Security When accessing the iDRA C6 W eb-based interface[...]

  • Page 126

    126 Advanced iDRAC6 Configuration ( if certificate issued to IP ) of the iDRAC6 (for example, 192.168.0.120) or the r egister ed DNS iDR A C6 name ( if certificate issued to iD R AC registered name ). T o ensure that the CSR matches the registered DNS iDR A C6 name: 1 In the System tree, click Remote Access . 2 Click the Network/Security tab and th[...]

  • Page 127

    Advanced iDRAC6 Configuration 127 When accessing the iDRA C6 W eb-based interface, I get a security warning stating the SSL cer tificate was i ssued by a certificate author ity (CA) that is not trusted. iDRA C6 includes a default iDR AC6 se rver cert ificate to ensure network security for the W eb-based interf ace an d remote R ACADM featur es. Thi[...]

  • Page 128

    128 Advanced iDRAC6 Configuration[...]

  • Page 129

    Adding and Config uring iDRAC6 Users 129 6 Adding and Configuring iDRAC6 Users T o manage your system with th e iDRA C6 and maintain syste m security , create unique users with sp ecific ad ministrative permissions (or role-based authority ). F o r additional security , you can also configure alert s that are e-ma iled to specific users w hen a spe[...]

  • Page 130

    130 Adding and Configuring iDRAC6 Users • The username, password, and access permiss ions for a new or existing iDRA C user . T a ble 6-3 describes General User Settings . • The user ’s IPMI privileges. T able 6-4 describes the IPMI User P rivileges for configuring the user ’s LAN privilege s. • The iDR AC user privileges. T able 6-5 des [...]

  • Page 131

    Adding and Config uring iDRAC6 Users 131 T able 6-2. Smart Card Configuration Options Option Descriptio n Upload User Ce rtificate Enables the user to upload the user certificate to iDR AC6 and import it to the user profile. V i ew User Certif icate Displays the user certificate page that has been uploaded to the iDR AC. Upload T rusted CA Certific[...]

  • Page 132

    132 Adding and Configuring iDRAC6 Users New P assword Enter a P assword with up to 20 characters. The charact ers will not be displayed and ar e masked. The following characters are supported: •0 - 9 •A - Z •a - z • Special characters: +&? > -} | . !( ' ,_ [ " @ #) * ; $ ] / § %= < : { I Confirm New P assword Retype t[...]

  • Page 133

    Adding and Config uring iDRAC6 Users 133 Configure iDRA C Enables the user to configur e the iDRA C. Configure Users Enables the user to allow specific users to access the system. CAUTION: This privilege is normally reserved for users who are members of the Admi nistrator role on iDRAC. However , users in the ‘Operator’ role can be assigned thi[...]

  • Page 134

    134 Adding and Configuring iDRAC6 Users Public Key Authentication over SSH iDR AC6 supports the Public K ey A uth entication (PK A) over SSH. This authentication method improves SSH sc ripting autom ation by removing t he need to embed or prompt for a user ID/passwor d. Before Y ou Begin Y ou can configure up to 4 public keys per us er that can be [...]

  • Page 135

    Adding and Config uring iDRAC6 Users 135 Generating Public Key s for Windows Before adding an account, a public key is r equir ed from the system that will access the iDRA C6 over SSH. There ar e two common ways to generate the public/private key pair : using PuTTY Key Generator application for clients running W indows or ssh-keygen CLI for clients[...]

  • Page 136

    136 Adding and Configuring iDRAC6 Users CAUTION: Key s generated from the Linux management station using ssh-keygen are in non - 4716 format. Convert the key s into the 4716 format using ssh- keygen -e -f /root/.ssh/id_rsa.pub > std_rsa.pub. Do not change the permissions of the key file. The above conversion should be done using default permissi[...]

  • Page 137

    Adding and Config uring iDRAC6 Users 137 CAUTION: The capability to upload, vi ew , and/ or delete SSH key s is based on the ’Configure Users’ user priv ilege. This privilege allows user(s) to configure another user's SSH key . Y ou should grant this pr ivilege carefully. For more infor mation on user privileges, see "Adding and Confi[...]

  • Page 138

    138 Adding and Configuring iDRAC6 Users Uploading, Viewing, and Deleting SSH Key s Using RACADM Upload The uplo ad mode allo ws you to upload a keyfile or to copy the key te xt on the command line. Y ou canno t upload and copy a key at the same time. Local RA CADM a nd Remote RA CADM: racadm sshpkauth -i <2 to 16> -k <1 to 4> -f <fil[...]

  • Page 139

    Adding and Config uring iDRAC6 Users 139 Using the RACADM Utility to Configure iDRAC6 Users NOTE: Y ou must be logged in as user root to execute RACADM commands on a remote Linux sy stem. Single or multiple i DRA C6 users can be configur ed using the R ACADM command line that is installed with the i DRAC6 a ge nts on the managed system. T o configu[...]

  • Page 140

    140 Adding and Configuring iDRAC6 Users NOTE: Y ou can also type racadm getconfig -f <myfile.cfg> and view or edit the myfile.cfg file, which includes all iD RAC6 configuration parameters. Several parameters and ob ject IDs ar e displayed wi th their curr ent values. T wo objects of interest ar e: # cfgUserAdminIndex=XX cfgUserAdminUserName= [...]

  • Page 141

    Adding and Config uring iDRAC6 Users 141 racadm config -g cfgUserAdmin -o cfgUserAdminPassword -i 2 123456 racadm config -g cfgUserAdmin -i 2 -o cfgUserAdminPrivilege 0x00000001 racadm config -g cfgUserAdmin -i 2 -o cfgUserAdminIpmiLanPrivilege 4 racadm config -g cfgUserAdmin -i 2 -o cfgUserAdminIpmiSerialPrivilege 4 racadm config -g cfgUserAdmin -[...]

  • Page 142

    142 Adding and Configuring iDRAC6 Users NOTE: For a list of valid bit mask values for specific user privileges, see the iDRAC6 Administrator Reference Guide available on the Dell Support website at support.dell.com/manuals . The default privilege value is 0, which indicates the user has no privileges enabled. racadm config -g cfgUserAdmin -o cfgUse[...]

  • Page 143

    Using the iDRAC6 Directory Service 143 7 Using the iDRAC6 Directory Service A dir ectory service maintains a common database for stori ng information about users, computers, printers, etc. on a network. If your company uses either the Microsof t Active Directory or the LDAP Dir ectory Service software, you can configur e the softwa r e to provide a[...]

  • Page 144

    144 Using the iDRAC6 Directory Service Y ou can use Active Direct ory to log in to the iDR AC6 using one of the following methods: • W eb-based interface • Remote R ACADM • Serial or T eln et console The login syntax is the same for all three methods: < username@domain > or < domain><username > or < domain>/<userna[...]

  • Page 145

    Using the iDRAC6 Directory Service 145 Prerequisites for Enabling Microsoft Active Directory Authentication for iDRAC6 T o use the Active Directory authentica tion featur e of the iDR AC6, you must have already deployed an Active Dire ctory infrastruct ure. See the Mi crosoft website for information on how to set up an Active Dir ectory infrastruct[...]

  • Page 146

    146 Using the iDRAC6 Directory Service d Click Next and clic k Fi n i s h . Exporting the Domain Controller Root CA Certificate to the iDRAC6 NOTE: If your sy stem is runnin g Windows 200 0 or if you are using a standalone CA, the following steps may vary. 1 Locate the domain controller that is running the Microsoft Enterprise CA service. 2 Click S[...]

  • Page 147

    Using the iDRAC6 Directory Service 147 Directory W ith Standard Schema Using the iDRA C6 W eb-Based Interface" on page 170. Importing the iDRAC6 Firmware SSL Certificate NOTE: If the Active Directory Server is set to authenticate the cl ient during an SSL session initialization phase, you need to upl oad the iDRAC6 Server certificate to the Ac[...]

  • Page 148

    148 Using the iDRAC6 Directory Service Supported Active Directory Authentication Mechanisms Y ou can use Active Direct ory to define user acce ss on the iDR A C6 through two methods: you can use the extended schema solution, which Dell has customized to add Dell-def ined Active Dir ectory objects. Or , you can use the standard schema solution, whic[...]

  • Page 149

    Using the iDRAC6 Directory Service 149 Identifiers (OIDs) so that when comp anies add extensions to the schema, they can be guaranteed to be unique an d not to conflict with each other . T o extend the schema in Microsoft's Ac tive Dir ectory , Dell r eceived unique OIDs, unique name extensions, and uni quely link ed attribute IDs for the attr[...]

  • Page 150

    150 Using the iDRAC6 Directory Service F igur e 7-1 illustrates that th e Associ ation Object provides the connection that is needed for all of the A uthentication and A uthorization. Figure 7-1. T ypical Setup for Active Directory Objects Y ou can create as many or as few associatio n objects as requir ed. Howe ver , you must crea te at least one [...]

  • Page 151

    Using the iDRAC6 Directory Service 151 Accumulating Privileges Using Extended Schema The Extended Schema Authenticati on mechanism supports P rivilege Accumulation from different privilege ob jects associated with the same user through diffe rent Association Objec ts. In other words, Extended Schema Authenticat ion accumulates privileges to allow t[...]

  • Page 152

    152 Using the iDRAC6 Directory Service F or example, P riv1 has these privileg es: Login, Virtual Media, and C lear Logs and P riv2 has these privileges: Login to iDRA C, Configur e iDR AC, and T est Alerts. As a result, User1 now has the pr ivilege set: Login to iDR AC, Virtual Media, Clea r Logs, Configur e iDR AC, an d T est Alerts, which is the[...]

  • Page 153

    Using the iDRAC6 Directory Service 153 Extending the Active Directory Schema Important: The schema extension for this product is different from the pr evious generations of Dell Remote Management products. Y ou must extend the new schema and install the new Active Directory Users and Computers Microsoft Management Console (MMC) Snap-in on your dire[...]

  • Page 154

    154 Using the iDRAC6 Directory Service NOTE: The Remote_Management folder is for extending the Schema on older remote access products like DRAC 4 and DRAC 5, and the Remote_Management_Advanced folder is for extending the Schema on iDRAC6. T o use the LDIF files, s ee the instructio ns in the r eadme included in t he LDIF_F iles directo ry . T o us [...]

  • Page 155

    Using the iDRAC6 Directory Service 155 T able 7-3. dellRacDevice Class OID 1.2.840.11355 6.1.8000.1280.1.7.1.1 Description Represents the Dell iDRA C device. The iDR AC device must be configured as delliDR A CDevice in Active Directory . This configuration enables the iDR AC to send Lightweight Directory Access P rotocol (LD AP) queries to Active D[...]

  • Page 156

    156 Using the iDRAC6 Directory Service Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsV irtualMediaUser dellIsT estAlertUser dellIsDebugCommandAdmin T able 7-6. dellPrivileges Class OID 1.2.840.1 13556.1.800 0.1280.1.1.1 .4 De s cr ip t io n Used as a [...]

  • Page 157

    Using the iDRAC6 Directory Service 157 T able 7-8. List of Attributes A dded to the Active Directory Schema Attribute Name/Descrip tion Assigned OID/Syntax Ob ject Identifier Single V alued dellP rivilegeMember List of dellPrivilege Objects that belong to this Attribute. 1.2.840.113556.1.8000.1280.1.1.2.1 Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1[...]

  • Page 158

    158 Using the iDRAC6 Directory Service dellIsV irtualMed iaUser TRUE if the user has Virtual Media rights on the device . 1.2.840.113556.1.8000.1280.1.1.2.9 Boolean (LDAPTY PE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) TRUE dellIsT e stAlertUser TRUE if the u ser has T est Alert User rights on the device. 1.2.840.113556.1.8000.1280.1.1.2.10 Boolean (LDA[...]

  • Page 159

    Using the iDRAC6 Directory Service 159 Installing Dell Extension to Micr osoft Active Directory Users and Computers Snap-In When you extend the schema in Active Directory , you must also extend the Active Directory Users and Computer s Snap-in so the administrator can manage iDRAC devices, Users and User Groups, iDRA C Association s, and iDRA C P r[...]

  • Page 160

    160 Using the iDRAC6 Directory Service 3 Click Add/Remove Snap-in . 4 Select the Active Directory Users and Computers Snap-in and click Add . 5 Click Close and click OK . Adding iDRAC Users and Privileges to Microsoft Active Directory Using the Dell-e xtended Acti ve Dire ctory Users and Computers Snap-in, you can add iDRAC users and privileges by [...]

  • Page 161

    Using the iDRAC6 Directory Service 161 5 Click OK . 6 Right-click the privilege object that you created, and select P roperties . 7 Click the Remote Management P rivileges tab and select the pri vileges that you want the user to have. Creating an Association Object NOTE: The iDRAC Association Obj ect is derived from Gr oup and its scope is set to D[...]

  • Page 162

    162 Using the iDRAC6 Directory Service Click the P roducts tab to add one iDR AC device connected to the netw ork that is available for the defined users or user groups. M ultiple iDR AC devices can be added to an Association Object. Adding iDRAC Devices T o add iDRAC devices: 1 Select the Pr o d u c t s tab and click Add. 2 T ype the iDR AC device[...]

  • Page 163

    Using the iDRAC6 Directory Service 163 9 Click Next . The Active Directory Con figuration and Management Step 2 of 4 page is displaye d. 10 Select Enable Active Directory . CAUTION: In this release, the Smart Card based T w o Factor Authentication (TFA) feature is not supported if the Acti ve directory is configu red for Extended schema. The Single[...]

  • Page 164

    164 Using the iDRAC6 Directory Service NOTE: The FQDN or IP address that you specify in the Domain Controll er Server Address field should match the Subject or Subject Alternative Name field of your domain controller certificat e if you have certificate validation enabled. 15 Click Next . The Active Directory Configur ation and Management Step 3 of[...]

  • Page 165

    Using the iDRAC6 Directory Service 165 racadm config -g cf gActiveDire ctory -o cfgADRacNam e <RAC comm on name> racadm config -g cfgActiveDirectory -o cfgADRacDomain < fully qualified rac domain name > racadm config -g cfgActiveDirectory -o cfgADDomainController1 < fully qualified domain name or IP Address of the domain controller &[...]

  • Page 166

    166 Using the iDRAC6 Directory Service racadm config -g cfgActiveDirectory -o cfgADDcSRVLookupDomainName <domain name to use on the DNS lookup> If you want to disable the certificate validation during SSL handshake, type the following RAC A D M command: racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 0 In this case, you do no[...]

  • Page 167

    Using the iDRAC6 Directory Service 167 4 If DHCP is disabled on the iDRA C or you want to manu ally input your DNS IP address, type following RAC A D M commands: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 <primary DNS IP address> racadm config -g cfgLanNetworking -o cfgDNSSe[...]

  • Page 168

    168 Using the iDRAC6 Directory Service Standard Schema Active Directory Overview As shown in F igure 7-3, usin g standar d schema for Active Dir ectory integration requires configuration on both Active Directory and iDR AC6. Figure 7-3. Configuration of iDRAC with Microsoft Active Dir ectory and Standard Schema On the Active Directory side, a stand[...]

  • Page 169

    Using the iDRAC6 Directory Service 169 NOTE: The Bit Mask values are used only when setting Standard Schema using RACADM. Single Domain V ersus Multiple Domain Scenarios If all the login users and role groups, and the nested groups, are in the same domain, then only the domain controlle rs’ addres ses must be configur ed on iDR AC6. In this singl[...]

  • Page 170

    170 Using the iDRAC6 Directory Service Configuring Standard Schema Microsoft Active Directory to Access iDRAC6 Y ou must perform the follo wing steps to configure Active Directory befor e an Active Directory user c an access iDRA C6: 1 On an Active Directory server (domain controller), open the Active Directory Users and Computers Snap-in. 2 Create[...]

  • Page 171

    Using the iDRAC6 Directory Service 171 The certificate information for the valid Active Directory CA certificate is displayed. 8 Under U pl o a d Ke r b e ro s Ke y t a b , type the path of the k eytab file or browse to locate the file. Click Upload . The Kerberos ke ytab is uploaded into the iDR AC6. 9 Click Next . The Active Directory Configurati[...]

  • Page 172

    172 Using the iDRAC6 Directory Service Standard Schema , these are the addr esses of the domain controllers where the user accounts and th e role groups are located. NOTE: The FQDN or IP address that you speci fy in this field should match the Subject or Subject Alternative Name fi eld of your domain controller certificate if you have certificate v[...]

  • Page 173

    Using the iDRAC6 Directory Service 173 The Active Directory Configurati on and Management Step 4b of 4 page is displayed. 21 Specify the Rol e Group Name . The Rol e Group Name identifies the role group in Active Directory associated with the iDRA C. 22 Specify the Rol e Group Domain , which is the domain of the Role Gr oup. 23 Specify the Role Gro[...]

  • Page 174

    174 Using the iDRAC6 Directory Service Configuring Microsoft Ac tive Directory With S tandard Schema Using RACADM Use the following commands to configur e the iDR AC Active Dir ectory F e ature with Standar d Schema usin g the R ACADM CLI instead of the W e b-based interface. 1 Open a command prompt and type the following RAC A D M commands: racadm[...]

  • Page 175

    Using the iDRAC6 Directory Service 175 NOTE: At least one of the 3 addresses is required to be configured. iDRAC6 attempts to connect to each of the configured addresses one-by-one until it makes a successful connection. With Standard Schema, these are the addresses of the domain controllers where the user accounts and the role groups are located. [...]

  • Page 176

    176 Using the iDRAC6 Directory Service racadm config -g cfgActiveDirectory -o cfgADGcSRVLookupEnable=1 racadm config -g cfgActiveDirectory -o cfgADGcRootDomain If you want to disable the certificate validation during SSL handshake, type the following RAC A D M command: racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 0 In this case,[...]

  • Page 177

    Using the iDRAC6 Directory Service 177 4 If DHCP is disabled on the iDRA C6 or you want ma nually to input your DNS IP address, type the following RAC AD M commands: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 < primary DNS IP address > racadm config -g cfgLanNetworking -o cf[...]

  • Page 178

    178 Using the iDRAC6 Directory Service Generic LDAP Directory Service iDR AC6 provides a generic solution to support Lightweight Directory Access P rotocol (LD AP)-bas ed authentication. This feat ur e does not r equir e any schema extension on yo ur directory services. T o make the iDR AC6 LD AP implemen tation generic, the commonality between dif[...]

  • Page 179

    Using the iDRAC6 Directory Service 179 The Generic LD AP Configuration and Mana gement Step 1 of 3 page is displayed. Use this page to configure the digital certificate used during initiation of SSL connections when communicating with a generic LDAP server . These communications use LDAP over SSL (LDAPS). If you enable certificate validation, uploa[...]

  • Page 180

    180 Using the iDRAC6 Directory Service 8 Enter the followinf information: • Select Enable Generic LD AP . NOTE: In this release, nested group is not supported. The firmware searches for the direct member of the group to match the user DN. Also, only single domain is supported. Cros s domain is not supported. • Select the Use Distinguish ed Name[...]

  • Page 181

    Using the iDRAC6 Directory Service 181 •I n t h e Search F i lter field, enter a valid LDAP search filter . Use the filter if the user attribute cannot uniquely identify the login user within the chosen Base DN. If not specified, the value defaults to objectClass=* , which searches for all objects in the tree. This additional search fil ter confi[...]

  • Page 182

    182 Using the iDRAC6 Directory Service 17 Enter the user name and password of a dir ectory user that is chosen to test the LD AP settings. The format depends on what Attribute of User L ogin is used and the user name entered mu st match the value of the chosen attribute. The test results and the test log are displayed. Y ou h a ve c o mp l et e d t[...]

  • Page 183

    Using the iDRAC6 Directory Service 183 NOTE: Configure iDRAC6 to use a Domain Na me Server , which resolves the LDAP server hostname that iDRAC6 is configured to use in the LDAP server address. The hostname must match the " CN " or " Subject " in the LDAP server's certificate. Frequently Asked Questions about Active Directo[...]

  • Page 184

    184 Using the iDRAC6 Directory Service 2 The domain controller addresses configured in iDRA C6 do not match the Subject or Subject Alternative Name of the directory server certificate. If you are using an IP addr ess, please r ead the following question and answer . If you are using FQDN, please make sur e you are using the FQDN of the domain contr[...]

  • Page 185

    Using the iDRAC6 Directory Service 185 If Global Controller Addr ess(es) is configured, iDR A C6 continues to query the Global Catalo g. If additional priv ileges are r etrieved from the Global Catalog, thes e privileges will be accumul ated. Does iDRA C6 always use LD AP over SSL? Y es. All the transportation is ov er secure port 636 and/or 3269. [...]

  • Page 186

    186 Using the iDRAC6 Directory Service c Ensure that you have uploaded the right Active Directory root CA certificate to the iDRAC6 if you enabled certificate validation. Ensure that the iDRA C6 time is within the valid period of the CA certificate. d If you are using the Extended Schema, ensure that the iDR AC 6 Name and iDR AC6 Domai n Name match[...]

  • Page 187

    Configuring iDRAC6 for Sin gle Sign-On or Smart Card Login 8 Configuring iDRAC6 for Single Sign- On or Smart Card Login This section provides in formation to configure iDR AC6 for Smart Car d login for local users and Active Dir ectory user s, and Single Sign-On (SSO) login for Active Directory users. iDRA C6 supports Kerberos based Active Director[...]

  • Page 188

    188 Configuring iDRAC6 for Single Sign-On or Smart Card Login Prerequisites for Active Directory SSO and Smart Card Authentication The pre-r equisites for both Active Dir ectory SSO and Smart Car d authentication are: • Configure the iDR AC6 for Active Dir ectory login. F or more information, see "Using the iDRA C6 Dir ectory Service" o[...]

  • Page 189

    Configuring iDRAC6 for Single Sign-On or Smart Card Login 189 Since the iDR A C6 is a device with a non- W indows operatin g system, run the ktpass utility—part of Microsoft W ind ows—on the domain controller (Active Directory server) where you want to map the iDR A C6 to a user account in Active Directory . F or e xample, use the following ktp[...]

  • Page 190

    190 Configuring iDRAC6 for Single Sign-On or Smart Card Login Browser Settings to Enable Active Directory SSO T o configure the browser settings for Internet Expl orer : 1 Open Internet Explorer W eb browser 2 Select T ools  Internet Options  Security  Loc a l I n t ra n e t . 3 Click Sites . 4 Select the following options only : •[...]

  • Page 191

    Configuring iDRAC6 for Single Sign-On or Smart Card Login 191 Using Microsoft Active Directory SSO The SSO featur e enables yo u to log into the iDR AC6 dire ctly after logging into your workstation wi thout entering your doma in user authenticati on credentials, such as user name and pa sswor d. T o log into the iDRAC6 using this feature, you shou[...]

  • Page 192

    192 Configuring iDRAC6 for Single Sign-On or Smart Card Login 7 Click Next until the last page is displayed. If Active Directory is configured to use standard schema, then Active Directory Configurati on and Management Step 4a of 4 page is displayed. If Active Directory is configured to use extended schema, then Active Directory Configur ation and [...]

  • Page 193

    Configuring iDRAC6 for Single Sign-On or Smart Card Login 193 • Y ou are configured in the iDRA C6 for Active Directory login. • The iDR AC6 is enabled for K erberos Active Directory authentication. Configuring Smart Card Authentication The iDR AC6 supports t he T wo F actor A uthentication (TF A) feature by enabling Smart Card L ogon . The tra[...]

  • Page 194

    194 Configuring iDRAC6 for Single Sign-On or Smart Card Login NOTE: T o log into the iDRAC6, the user name that you configure in the iDRAC6 should have the same case as the User Princip al Name (UPN) in the Smart Card certificate. F or example, in case the Sm art Card ce rtificate has been issued to the user , "sampleuser@domain.com," the[...]

  • Page 195

    Configuring iDRAC6 for Single Sign-On or Smart Card Login 195 T able 8-1. Smart Card Settings Setting Description Configure Smart Car d Log on • Disabled — Disables Smart Card logon. Subseq uent logins from the graphical use r interface (GUI) display the r egular login page. All command line out-of-band interfac es including secur e shell (SSH)[...]

  • Page 196

    196 Configuring iDRAC6 for Single Sign-On or Smart Card Login Logging Into the iDRAC6 Using the Smart Card The iDRA C6 W eb interfa ce displays the Sm art Card logon pa ge for all user s who are configured to use the Sm art Card. NOTE: Ensure that the iDRAC6 local user and/ or Active Directory configuration is complete before enabling the Smart Car[...]

  • Page 197

    Configuring iDRAC6 for Single Sign-On or Smart Card Login 197 https://< IP address> :< port number > where IP address is the IP address for the iDR AC6 and port number is the HTTPS port number . The iDR AC6 Login page is displayed prompting you to insert the Smart Card. 2 Insert the Smart Card into the r eader and click Log i n . The iD[...]

  • Page 198

    198 Configuring iDRAC6 for Single Sign-On or Smart Card Login 4 Enter the user ’s Active Directory pass word to authenticate the user and click OK . Y ou are logged into the iDRA C6 with your credentials as set in Active Directory . NOTE: If the Smart Card user is present in Active Directory , an Active Directory password is required along with t[...]

  • Page 199

    Configuring iDRAC6 for Single Sign-On or Smart Card Login 199 Unable to Log into iDRAC6 as an Active Directory Us er • If you cannot log into the iDRAC6 as an Active Directory user , try to log into the iDRA C6 without enabling the Smart Card logon. If you have enabled the CRL check, try the Active Dir ectory logon without enabling the CRL check.[...]

  • Page 200

    200 Configuring iDRAC6 for Single Sign-On or Smart Card Login Access  P roperties  iDR AC Information page, and the domai n controller time by right clicking on the time in the bottom right hand corner of the screen. The timezone offset is displayed in th e pop up display . F or US Central Standard Time (CST), this is –6 ). Use the follo[...]

  • Page 201

    Configuring iDRAC6 for Single Sign-On or Smart Card Login 201 SSO login fails with AD users on W i ndows 7 and Windows Server 2008 R2. What should I do to resolve this? Y ou must enable the encryption types for W indows 7 and W indows Server 2008 R2. T o enable the encryption types: 1 Log in as administrator or as a user with adminstrative privileg[...]

  • Page 202

    202 Configuring iDRAC6 for Single Sign-On or Smart Card Login 13 Close the Reg is t ry Ed it o r window . Y ou can now log in to iDR A C using SSO . If you have enabled SSO for iDRA C and you are using Internet Explorer to log in to iDR A C, SSO fails and you ar e prompt ed to enter your user name and password. How do I resolve this? Ensure that th[...]

  • Page 203

    Using GUI Virtual Console 203 9 Using GUI V irtual Console This section provides information about using the iDRA C6 Virtual Console feature. Overview The iDR A C6 V irtual Co nsole featur e ena b les you to access the local console remot ely in either graphic or te xt mode. Using V irtual Console, you can control one or more iDR A C6-enabled syste[...]

  • Page 204

    204 Using GUI Virtual Console The following rules apply to a V irtual Console session: • A maximum of four simultaneous Virtual Console sessions are supported. All sessions view the same managed server console simultaneously . • F rom 1.5 release version onwar ds, multiple sessions to multiple r emote servers is possible from the same clie nt, [...]

  • Page 205

    Using GUI Virtual Console 205 2 If you are using F ir efox or want to use the Java Viewer with Internet Explorer , install a Java Runtime En vironment (JRE). If you use the Internet Explorer browser , an ActiveX control is pr ovided for the console viewer . Y ou can also use the Java consol e viewer with F ir efox if you install a JRE and configure[...]

  • Page 206

    206 Using GUI Virtual Console Clear Y our Browser’ s Cache If you encounter issues when operatin g the Virtual Console, (out of range errors, synchronization issues, and so on ) clear the browser’s cache to remove or delete any o ld versions of t he viewer that may be stor ed on t he system and try again. NOTE: Y ou must have administrator priv[...]

  • Page 207

    Using GUI Virtual Console 207 Internet Explor er Browser Configur ations for ActiveX based V irtual Console and V irtua l Media Appli cations This section provide s information ab out the Internet Explorer browser settings requir ed to launch and run ActiveX based V irtual Console and Virtual Media applications. NOTE: Clear the browser’ s cache a[...]

  • Page 208

    208 Using GUI Virtual Console 2 Ensure that the Enable P rotected Mode option is not selected for T rusted Sites zone. Alternatively , you can ad d the iDR AC addr ess to sites in the Intranet zone. By default, protected mode is turned off for sites in Intranet Zone and T rusted Sites zone. 3 Click Sites . 4 In the Add this website to the zone fiel[...]

  • Page 209

    Using GUI Virtual Console 209 T able 9-2. Virtual Consol e Configuration Properties Property Description Enabled Click to enable or disable Virtual Console . If this option is check ed, it indicate s that V irtual Console is enabled. The default option is enabled . NOTE: Checking or clearing the Enabled option once after the Virtual Conso le is lau[...]

  • Page 210

    210 Using GUI Virtual Console NOTE: For information about using V irt ual Media with V irtual Console, see "Configuring and Using Virtual Media" on page 255. The buttons in Ta b l e 9 - 3 are available on the Configuration page. Opening a V irtual Console Se ssion When you open a Virtual Console session, the Dell Virtual Console Viewer Ap[...]

  • Page 211

    Using GUI Virtual Console 211 If you want to reconfigure any of the property values displayed, see "Configuring Virtual Console in the iDRA C6 W eb Interface" on page 208. NOTE: For information about using V irtual Media with Virtual Console, see "Configuring and Using Virtual Media" on page 255. The buttons in Ta b l e 9 - 5 ar[...]

  • Page 212

    212 Using GUI Virtual Console 3 If a Virtual Console session is available, click Launch V irtual Console . NOTE: Multiple message boxes may appear after yo u launch the application. T o prevent unauthorized access to the application, navigate through these message boxes within th ree mi nutes. Otherwise, you will be prompted to relaunch the applica[...]

  • Page 213

    Using GUI Virtual Console 213 Using iDRAC6 Vi rtual Console (Video V iewer) The iDRA C6 V irtual Console (Video Viewer) provides a user interface between the management station and th e managed server , allowing you to see the managed server ’s desktop and control its mo use and keyboar d functions from your mana gement station. When yo u connect[...]

  • Page 214

    214 Using GUI Virtual Console The iDRA C6 V irtual Console provides various control adju stments such as mouse synchronizatio n, snapshots, keyboard macros, and access to V irtual Media. F or more information about these functions, click Sy stem  Console/Media  and click Help on the Vi r t u a l C o n s o l e a n d Vi r t u a l M e d i a GUI [...]

  • Page 215

    Using GUI Virtual Console 215 Fi l e C a p t u r e t o Fi l e Captures the curr ent r emote system scr een to a .bmp file on W indows or a .png file on Linux. A dialog box is displayed that allows you to save the file to a specified location. NOTE: .bmp file format on Windows or .png file format on Linux are applicable only for the Native plug - in[...]

  • Page 216

    216 Using GUI Virtual Console Macros • Alt+Ctrl+D el •A l t + T a b • Alt+Esc • Ctrl+Esc •A l t + S p a c e • Alt+Enter •A l t + H y p h e n •A l t + F 4 • P rtScrn • Alt+P rtScrn •F 1 •P a u s e •T a b • Ctrl+Enter •S y s R q •A l t + L S h i f t + R S h i f t +Esc •C t r l + A l t + B a c k s p a ce • Alt+F? (W[...]

  • Page 217

    Using GUI Virtual Console 217 T ools Session Options The Sessions Options window provides additional session viewer control adjustments. This window has the General and Mouse tabs. Y ou can control the Keyboard pass through mode from the General tab. Select P ass all keystrok es to target to pass your management station's keyst rokes to the r [...]

  • Page 218

    218 Using GUI Virtual Console Disabling or Enabli ng Local Server V ideo Y ou can configure the iDR AC6 to disallow iDR A C6 Virtual Console connections using the iDRA C6 W eb interface. If you want to ensure that you have ex clusi ve access to th e managed server console, you must disabl e the local console and r econf igur e the Max Sessions to 1[...]

  • Page 219

    Using GUI Virtual Console 219 3 T o disable (tur n off) local video on the server , uncheck the Loc a l Se rv e r Vi d e o E n a b l e d checkbox on the Configura tion page, and then click Apply . The default value is OFF . NOTE: If the local server video is turned ON, it will take 15 seconds to turn OFF . 4 T o enable (turn on) local video on the [...]

  • Page 220

    220 Using GUI Virtual Console General Error Scenarios T able 9-8 lists general error scenarios, the reasons for those errors, and the iDR AC6 behavi or . T able 9-8. Error Scenarios Error Scenarios Reason Behavior Login failed Y ou have entered either an invalid user name or an incorrect password. Same behavior when https://<IP> is specified [...]

  • Page 221

    Using GUI Virtual Console 221 Frequently Asked Questi ons on V irtual Console T able 9-9 lists fr equently asked questions and answers. T able 9-9. Using Virtu al Cons ole: Frequently Asked Questions Question Answer Virtual Console fails to log out when the out–of–band We b G U I i s l o g g e d o u t . The Vi rtual Console and V irtual Media s[...]

  • Page 222

    222 Using GUI Virtual Console How can I get the current status of the local server video? The status is displayed on the Vi r t u a l C o n s o l e Configuration page of the iDRA C6 W eb interface. The RA CADM CLI command racadm getconfig –g cfgRacTuning displays the status in the object cfgRacT u neLoc alSer verV ideo . I cannot see the bottom o[...]

  • Page 223

    Using GUI Virtual Console 223 Why can't I use a keyboar d or mouse while installing a Microsoft operating system remotely by using iDR A C6 Virtual Console? When you remotely install a supported Microsoft operating system on a system with Virtua l Console enabled in the BIOS, you re ceive an EMS Connection Message that requir es that you selec[...]

  • Page 224

    224 Using GUI Virtual Console What are the minimum system requir ements for my management station to run Vir tu al C on s ol e? The manageme nt station r equires a n Intel P entium III 500 MHz processor with at least 256 MB of RAM. Why do I see a No Sign al message within the iDR AC 6 Vir tu al C on s ol e Vi de o Vie we r? Y ou may see this messag[...]

  • Page 225

    Using the WS-MAN Interface 225 10 Using the WS-MAN Interface W eb Se rvices for Management (W S–MAN) is a Simple Object Access P rotocol (SOAP)–based protocol used for systems managem ent. WS–MAN provides an interoperable protocol fo r devic es to share and e x change data across networks. iDRA C6 uses WS–MAN to convey Distributed Managemen[...]

  • Page 226

    226 Using the WS-MAN Interface 3 Physical Asset: Defines CIM classes for r epr esenting the ph ysical aspect of the mana ged elements. iDR A C6 uses this profile to r eprese n t the host server ’s FRU informatio n. 4 SM CLP Ad min Domai n Defines CIM classes for r epr esenting CLP’s configuration. iDR AC 6 uses this profile for its own implem e[...]

  • Page 227

    Using the WS-MAN Interface 227 16 SMASH Collection Defines CIM classes for representing CLP’s c onfigurat ion. iDRA C6 uses this profi le for its own im plementa tion of CLP . 17 Pr o f i l e R e g i s t r a t i o n Defines CIM classes for advertising the prof ile implementations. iDR AC6 uses this profile to ad vertise it s own i mplemen ted pro[...]

  • Page 228

    228 Using the WS-MAN Interface Dell Extensions 1 Dell Active Dir ectory Client V ersion 2.0.0 Defines CIM and Dell extension classes fo r configur ing iDRA C6 Active Di rectory client and the loc al privileges for Active D irectory groups. 2 Dell V irtual Media Defines CIM and Dell extension classes fo r configur ing iDRA C6 Virtual Media. Extends [...]

  • Page 229

    Using the WS-MAN Interface 229 The iDRA C6 WS–MAN implementation uses SSL on port 443 for transport security , and supports basic and di gest authentication. W eb services interfaces can be utilized by leveraging client infrastructure such as W indows W inRM and P owershell CLI, open sour ce utiliti es like WSMANCLI, and application programming e[...]

  • Page 230

    230 Using the WS-MAN Interface There ar e additional implementation gui des, white papers, profile, and code samples availa ble in the Dell En terprise T echnolo gy Center at www .delltechcenter .com . F or mor e information, see the following: •D M T F W e b s i t e : www .dmtf.org/standards/profiles/ • W S –M A N re l e as e no t es o r re [...]

  • Page 231

    Using the iDRAC6 SM-CLP Command Line Interface 231 11 Using the iDRAC6 SM-CLP Command Line Interface This section provide s information ab out the Distributed Management T ask F o rce (DMTF) Server Management-C ommand Line P rotocol (SM-CLP) that is incorporate d in the iDRA C6. NOTE: This section assumes that you are familiar with the Sy stems Man[...]

  • Page 232

    232 Using the iDRAC6 SM-CLP Command Line Interface SM-CLP Features The SM-CLP promotes th e concept of verbs and targets to provide system managem ent c apabil itie s through the CLI. The verb indicates the operation to perform, and the target determines the entity (or object) that runs the operation. Below is an e xample o f the SM-CLP command lin[...]

  • Page 233

    Using the iDRAC6 SM-CLP Command Line Interface 233 T able 11-2. SM-CLP T argets T arget Definitions admin1 admin domain admin1/profiles1 Register ed profiles in iDR AC6 admin1/hdwr1 Hard ware admin1/system1 Managed system tar get admin1/system1/redundancyset1 P ower supply admin1/system1/redundancyset1/ pwrsupply* Managed system power supply admin1[...]

  • Page 234

    234 Using the iDRAC6 SM-CLP Command Line Interface admin1/system1/usbredirectsap1 /remotesap1 Virtual Media destination USB red i rec t i on S A P admin1/system1/sp1 Service P rocessor admin1/system1/sp1/timesvc1 Service P rocessor time service admin1/system1/sp1/capabilitie s1 Service processor capabilities SMASH collection admin1/system1/sp1/capa[...]

  • Page 235

    Using the iDRAC6 SM-CLP Command Line Interface 235 admin1/system1/sp1/capabilitie s/metriccap1 Metric service capabilities admin1/system1/sp1/capabilitie s1/elecap1 Multi-factor Authenticat ion capabilities admin1/system1/sp1/capabilitie s1/lanendptcap1 LAN (Ethernet port) endpoint capabilities admin1/system1/sp1/logs1 Service P rocessor logs colle[...]

  • Page 236

    236 Using the iDRAC6 SM-CLP Command Line Interface admin1/system1/sp1/ipcfgsvc1 I P interface configuration service admin1/system1/sp1/ipendpt1 IP inte rface protocol endpoint admin1/system1/sp1/ ipendpt1/gateway1 IP interface gateway admin1/system1/sp1/ ipendpt1/dhcpendpt1 DHCP client protocol endpoint admin1/system1/sp1/ ipendpt1/dnsendpt1 DNS cl[...]

  • Page 237

    Using the iDRAC6 SM-CLP Command Line Interface 237 admin1/system1/sp1/acctsvc1 MF A account management service admin1/system1/sp1/acctsvc2 IPMI account management service admin1/system1/sp1/acctsvc3 CLP account management service admin1/system1/sp1/group1-5 Active Dir ectory group admin1/system1/sp1/ group1-5/identity1 Active Directory identity adm[...]

  • Page 238

    238 Using the iDRAC6 SM-CLP Command Line Interface admin1/system1/sp1/metricsvc1 Me tric service /admin1/system1/sp1/metricsvc1 /cumbmd1 Cumulative base metric definition /admin1/system1/sp1/metricsvc1 /cumbmd1/cumbmv1 Cumulative base metric value /admin1/system1/sp1/metricsvc1 /cumwattamd1 Cumulative wa tt aggr egation metric definition /admin1/sy[...]

  • Page 239

    Deploying Y our Operating Sy stem Using VMCLI 239 12 Deploying Y our Operating Sy stem Using VMCLI The Virtual Media Command Line Interface (VMCLI) utility is a command-line interface that provides Virtual Media featur es from the management station to the iDRA C6 in the remote system. Using VMCLI and scripted methods, you can deploy you r operatin[...]

  • Page 240

    240 Deploying Y our Operatin g Sy stem Using VMCLI Creating a Bootable Image File Before you deploy your image file to the remote systems, ensure that a supported system can boot from the file . T o test the image file, transfer the image file to a test system using th e iDRA C6 W eb user interface and then reboot the sy stem. The following section[...]

  • Page 241

    Deploying Y our Operating Sy stem Using VMCLI 241 When you create the imag e file, do the foll owing: • F ollow standard network-based installation procedur es • Mark the deployment image as rea d o nl y to ensure that each tar get system boots and e xecutes the same deployment procedur e 4 P erform one of the following procedures: •I n t e g[...]

  • Page 242

    242 Deploying Y our Operatin g Sy stem Using VMCLI •< iso9660-img > is the path to an ISO9660 image of the operating system installation CD or D VD •- f { < floppy-device >} is the path to the device containing the operating system installation CD , DVD, or Floppy • < floppy-image > is the path to a valid floppy image The vm[...]

  • Page 243

    Deploying Y our Operating Sy stem Using VMCLI 243 If your operating system supports admi nistrator privileges or an operating system-specific privil ege or group membership, admini strator privileg es are also re quired to run the VMCLI command. The client system’s administrato r controls user gr oups and privileges, thereby controlling the users[...]

  • Page 244

    244 Deploying Y our Operatin g Sy stem Using VMCLI The VMCLI comman d format is as follows: VMCLI [parameter] [operating_system_shell_options] C o m m a n d - l i n e s y n t a x i s c a s e - sensitive. See "V MCLI P arameters" on page 244 for more information. If the r emote system accepts the commands and the iDR AC6 authorizes the con[...]

  • Page 245

    Deploying Y our Operating Sy stem Using VMCLI 245 iDRAC6 User Password -p <iDRAC-user-password> This parameter provides the passwor d for the specified iDRA C6 user . If iDRA C6 authentication fails, an error message displays and the command terminates. Floppy/Disk Device or Image File -f {<floppy-device> or <floppy-image>} and/or[...]

  • Page 246

    246 Deploying Y our Operatin g Sy stem Using VMCLI 2 Get the name for the kernel image by typing the following command at the command line: uname -r 3 Go to the /boot directory and delete the k ernel image file, whose name you determined in Step 2: mkinitrd /boot/initrd-’uname -r’.img ‘uname -r’ 4 Reboot the server . 5 Run the following com[...]

  • Page 247

    Deploying Y our Operating Sy stem Using VMCLI 247 Specify at least one medi a type (floppy or CD/DVD drive) with the command, unless only switch options ar e provided. Otherwise, an error message is displayed and the command terminates and generates an error . V ersion Display -v This parameter is used to display th e VMCLI utility version. If no o[...]

  • Page 248

    248 Deploying Y our Operatin g Sy stem Using VMCLI • Background ex ecution — By default, the VMCLI util ity runs in the foreground. Use the operating system's command shell features to cause the utility to run in the background. F or example, under a Linux operating system, the ampersand character (&) following the command causes the p[...]

  • Page 249

    Configuring Intelligent Platform Management Interface 249 13 Configuring Intelligent Platform Management Interface This section provides information abo ut configuring and using the iDRA C6 IPMI interface. The interface includes the fol lowing: • IPMI over LAN • IPMI over Serial •S e r i a l o v e r L A N The iDRA C6 is fully IPMI 2.0 compli [...]

  • Page 250

    250 Configuring Intelligent Platform Management Interface Open a command prompt, type th e following command, and press <Enter>: racadm config -g cfgIpmiLan -o cfgIpmiLanEnable 1 NOTE: This setting determines the IPMI commands that can be executed from the IPMI over LAN interface. For more inform ation, see the IPMI 2.0 specifications. a Upda[...]

  • Page 251

    Configuring Intelligent Platform Management Interface 251 racadm config -g cfgIpmiSol -o cfgIpmiSolEnable 1 a Update the IPMI SOL minimum privilege level. NOTE: The IPMI SOL minimum privilege level determines the minimum privilege required to activat e IPMI SOL. For more info rmation, see the IPMI 2.0 specification. At the command prompt, type the [...]

  • Page 252

    252 Configuring Intelligent Platform Management Interface NOTE: SOL can be enabled or disabled for each individual user . At the command prompt, type the following command and press <Enter>: racadm config -g cfgUserAdmin -o cfgUserAdminSolEnable -i <id> 2 wher e <id> is the user ’s unique ID. 4 Configure IPMI Serial. a Change th[...]

  • Page 253

    Configuring Intelligent Platform Management Interface 253 d Set the IPMI serial channel minimum privilege level. At the command prompt, type the following command and press <Enter>: racadm config -g cfgIpmiSerial -o cfgIpmiSerialChanPrivLimit <level> where <level> is one of the following: • 2 (User) • 3 (Operator) • 4 (Admin[...]

  • Page 254

    254 Configuring Intelligent Platform Management Interface Using the IPMI Remote Access Serial Interface In the IPMI serial interface, the following modes ar e available: • IPMI terminal mo de — Supports ASCII commands that are submitted from a serial terminal. The command set has a limited number of commands (including p ower control) and suppo[...]

  • Page 255

    Configuring and Using Virtual Media 255 14 Configuring and Using V irtual Media Overview The Vi r t u a l M e d i a feature, accessed through the Virtual Console viewer , provides the managed server access to media connected to a remote system on the network. F igur e 14-1 shows the overall architecture of V irtual Med ia . Figure 14-1. Overall Arc[...]

  • Page 256

    256 Configuring and Using Virtual Media Using V irtual Media , administrators can remo tely boot their managed servers, inst all applicatio ns, update driver s, or even i nstall new op erating systems remotely from the virtual CD/D VD and diskette drives. NOTE: Virtual media re quires a minimum available network bandwidth of 128 Kbps. V irtual medi[...]

  • Page 257

    Configuring and Using Virtual Media 257 Linux-Based Mana gement Station T o run the Virtual Media feature on a management station running the Linux operating system , in stall a supported version of F ire fox. A 32-bit Java R untime Environment (J RE) is requir ed to run the Virt ual Console plugin. Y ou can download a JRE from java.sun.com . CAUTI[...]

  • Page 258

    258 Configuring and Using Virtual Media V irtual Media Encryption Enabled Select or deselect the checkbox to enable or disable encryption on Vi r t u a l M e d i a connections. Selected enables encryption; deselected disables encryption. Floppy Emulation Indicates whether the Vi r t u a l M e d i a appears as a floppy drive or as a USB key to the s[...]

  • Page 259

    Configuring and Using Virtual Media 259 Running Vi rtual Media CAUTION: Do not issue a racreset command when running a Virtual Media session. Otherwise, undesirable results may occur , including loss of data. NOTE: The Console V iewer window applicati on must remain active while you access the Virtual Med ia. NOTE: Perform the following steps to en[...]

  • Page 260

    260 Configuring and Using Virtual Media 3 Select System  Console/Media  Vi r t u a l C o n s o l e and V irtual Media. 4 The Vi r t u a l C o n s o l e and V irtual Media page is displayed. If you want to change the values of an y of the displayed a ttributes, see "Configu ring Virtual Media" on page 257. NOTE: The Floppy Imag[...]

  • Page 261

    Configuring and Using Virtual Media 261 Disconnecting Virtual Media 1 Click T ools  Launch V irtual Media . 2 Uncheck the box next to the media you want to discon nect. The media is disconnected and the Status window is up dated. 3 Click Exit to terminate the V irtual Media Sess ion wizard. NOTE: Whenever a Virtual Med ia session is in itiated o[...]

  • Page 262

    262 Configuring and Using Virtual Media Installing Operating Sy stems Using V irtual Media This section describes a manual, intera ctive method to install the operating system on your management station that may take several hours to complete. A scripted operating system installation procedure using V irtual Media may take less than 15 minutes to c[...]

  • Page 263

    Configuring and Using Virtual Media 263 T o use the Boot Once F eatur e, do the followi ng: 1 Log in to the iDRA C6 through the W eb interface and click System  Console/Media  Configuration . 2 Select the Enable Boot Once option under Vi r t u a l M e d i a . 3 P ower up the server and enter the BIOS Boot Manager . 4 Change the boot sequence [...]

  • Page 264

    264 Configuring and Using Virtual Media Frequently Asked Questions about V irtual Media T able 14-4 lists frequently ask ed questions and answers. T able 14-4. Using Virtual Media: Frequently Asked Questions Question Answer Sometimes, I notice my V irtual Media client connection drop. Why? When a network timeou t occurs, the iDR A C6 firmware drops[...]

  • Page 265

    Configuring and Using Virtual Media 265 An installation of the W indows operating system through Virtual Media seems to tak e too long. Why? If you are installi ng the W indows operating syst em using t he Dell Systems Management T ools and Documentat ion DVD and a slow network connection, the installation procedur e may requir e an extended amoun [...]

  • Page 266

    266 Configuring and Using Virtual Media I cannot locate my V irtual Floppy/Virtual CD devic e on a system running Red Hat Enterprise Linux or the SUSE Linux operating system. My Virtual Media is attached and I am connected to my remote floppy . What should I do? Some Linux versions do not automount the V irt ual Floppy Drive and the Virtual CD driv[...]

  • Page 267

    Configuring and Using Virtual Media 267 I cannot locate my Virtual Floppy/Virtual CD device on a system running Red Hat Enterprise Linux or the SUSE Linux operating system. My Virtual Media is attached and I am connected to my remote floppy . What should I do? (Answer Continued) T o mount the Virtual CD drive, locate the device node that Linux assi[...]

  • Page 268

    268 Configuring and Using Virtual Media Why are all my USB devices detached after I c onnect aU S Bd e v i c e ? Virtual Media devices and vFlash devices are connected as a composite USB device to the Host USB BUS, and they share a common USB port. Whenever any Virtual Media or vFlash USB device is connected to or disconnected from the host USB BUS[...]

  • Page 269

    Configuring vFlash SD Card and Managing vFlash Partitions 269 15 Configuring vFlash SD Card and Managing vFlash Partitions The vFlash SD card is a Secur e Digital (SD) car d that plugs into the optional iDRA C6 Enterprise car d slot at the ba ck of your system. It provides storage space and behaves like a common USB Flash Key device. It is the stor[...]

  • Page 270

    270 Configuring vFlash SD Card and Managing vFlash Partitions If you are an administrator , you can perform all operations on the vFlash partitions. If not, you must have Acce ss Virtual Media pr iv ilege to cr eate, delete, format, attach, de tach, or copy the contents for the partition. Configuring vFlash or Standard SD Card Using iDRAC6 W eb Int[...]

  • Page 271

    Configuring vFlash SD Card and Managing vFlash Partitions 271 4 Click Apply to enable or disable the vFlash partition managemen t on the card. If any vFlash p artition is attached, you cannot d isable vFlash and an err or message is displayed. NOTE: If vFlash is disabled, only the SD Card Properties subtab is displayed. 5 Click Initialize . All exi[...]

  • Page 272

    272 Configuring vFlash SD Card and Managing vFlash Partitions If you click any opti on on the vFlash pages when an application such as WSMAN provider , iDRA C6 Configuration Utility , or RA CADM is using vFlash, or if you naviga te to some other page in the GUI, iDR A C6 may display the follo wing message vFlash is currently in use by another proce[...]

  • Page 273

    Configuring vFlash SD Card and Managing vFlash Partitions 273 Enabling or Disabling the vFlash or Standard SD Card Open a telnet/SSH/Serial console to the server , log in, and enter the following commands: • T o enable vFlash or standard SD card: racadm config -g cfgvFlashsd -o cfgvflashSDEnable 1 • T o disable vFlash or standard SD card: racad[...]

  • Page 274

    274 Configuring vFlash SD Card and Managing vFlash Partitions F or more informatio n about vflashsd , see the iDRA C6 Administrator Refer ence Guid e available on the Dell Support website at support.dell.com/ manuals . NOTE: The racadm vmkey reset command is deprecated from 1.5 release onwards. The functionality of this command is now covered by vf[...]

  • Page 275

    Configuring vFlash SD Card and Managing vFlash Partitions 275 Before cr eating an empty pa rtition, ensur e the following: • The car d is initialized. • The car d is not write-protected. • An initialize operation is not alr eady being performed on the card . T o create an empty vFl ash partition: 1 On the iDR AC6 W eb interface, select System[...]

  • Page 276

    276 Configuring vFlash SD Card and Managing vFlash Partitions Creating a Partition Using an Image File Y ou can create a new partition on the vF lash or sta ndard SD card using an image file (availabl e in the .img or .iso format.) Y ou can create a partition of type Floppy , Har d Disk, or CD. NOTE: Y ou must have Access Virtual Medi a privileges [...]

  • Page 277

    Configuring vFlash SD Card and Managing vFlash Partitions 277 Before creating a partition from an image file, ensure the following: • The car d is initialized. • The car d is not write-protected. • An initialize operation is not alr eady being performed on the card . NOTE: When creating partition from an image file, ensure that the image type[...]

  • Page 278

    278 Configuring vFlash SD Card and Managing vFlash Partitions Formatting a Partition Y ou can format an existing partition on the vFlash SD card based on the type of file system. The supported file system types are EXT2, EX T3, F A T16, and F A T32. The standard SD car d with limi ted vFlash featur es supports only the FAT 3 2 f o r m a t . Y ou ca[...]

  • Page 279

    Configuring vFlash SD Card and Managing vFlash Partitions 279 T o format vFlash partition: 1 On the iDR AC6 W eb interface, select System  vFlash tab  Fo r m a t subtab. The F ormat P artition page is displayed. 2 Enter the information mentioned in T able 1 5-4. 3 Click Apply . A warning message indicating that all the data on the parti[...]

  • Page 280

    280 Configuring vFlash SD Card and Managing vFlash Partitions T able 15-5. Viewing Av ailable Partitions Field Description Index P artitions are index ed from 1 to 16. The partition index is unique for a particular partition. It is specified when the partition is created. Label Identifies the partition. It is specified when the partition is created[...]

  • Page 281

    Configuring vFlash SD Card and Managing vFlash Partitions 281 Modifying a Partition Ensur e that the car d is enab led to modify the partition. Y ou can change a read-only partition to read-wr ite or vice-versa. T o do this: 1 On the iDR AC6 W eb interface, select System  vFlash tab  Manage subtab. The Manage P artitions page is display[...]

  • Page 282

    282 Configuring vFlash SD Card and Managing vFlash Partitions T o attach or detach partitions: 1 On the iDRA C6 W eb interface, select System  vFlash tab  Manage subtab. The Manage P artitions page is displa yed. 2 In the Attached column, select the checkbox for th e partition(s) that you want to attach or clear the checkbox for the par[...]

  • Page 283

    Configuring vFlash SD Card and Managing vFlash Partitions 283 T o dele te existi ng partition(s): 1 On the iDR AC6 W eb interface, select System  vFlash tab  Manage subtab. The Manage P artitions page is displayed. 2 In the Delete column, click the delete icon for the partition(s) that you want to delete and click Apply . The partition([...]

  • Page 284

    284 Configuring vFlash SD Card and Managing vFlash Partitions Booting to a Partition Y ou can set an attached vFla sh partition as the boot device for the ne xt boot operation. The vFla sh partition must contain a bootable image (in the .img or .iso format) to set it as a boot device. En sure that the car d is enabled to set a partition as a boot d[...]

  • Page 285

    Configuring vFlash SD Card and Managing vFlash Partitions 285 Options only valid with the create act ion: Options only valid with the status ac tion: -o <label> Label that is shown wh en the part ition is mounted on the operating system. <label> must be a string up to six alphanumeric characters and must not contain spaces. -e <type&[...]

  • Page 286

    286 Configuring vFlash SD Card and Managing vFlash Partitions Creating a Partition • T o create a 20MB empty partition: racadm vflashpartition create -i 1 -o drive1 -t empty -e HDD -f fat16 -s 20 • T o create a partition using an image file on a remote system: racadm vflashpartition create –i 1 –o drive1 –e HDD –t image –l //myserver/[...]

  • Page 287

    Configuring vFlash SD Card and Managing vFlash Partitions 287 Booting to a Partition • T o list the available devi ces in the boot list: racadm getconfig –g cfgServerInfo –o cfgServerFirstBootDevice If it is a vFlash SD card, the label na mes of the attached partitions appears in the boot list. If it is a standard SD card and if the partition[...]

  • Page 288

    288 Configuring vFlash SD Card and Managing vFlash Partitions F or more informatio n about the RA CADM subcommands and the iDR AC6 property database group and object defi nitions, see the iDRA C6 Administrato r Reference Guide available on the Dell Support website at support.dell.com/ manuals . Frequently Asked Questions When is the vFlash or stand[...]

  • Page 289

    Power Monitoring and M anagement 289 16 Power Monitoring and Management Dell P owerEdge systems incorporate many new and enhanced power management features. The entire platfo rm, from hardwar e to firmware to systems management software, has been designed with a focus on power efficiency , power monitori ng, and power ma nagement. The base hardwar [...]

  • Page 290

    290 Power Monitoring and Management Power Inventory , Power Budgeting, and Capping F rom a usage perspective, you may have a limited amount of cooling at the rack level. W ith a user -defined power cap, you can allocate power as needed to meet your performa nce r equir ements. The iDRA C6 monitors power consum pt ion and dynamically throttles proce[...]

  • Page 291

    Power Monitoring and M anagement 291 V iewing the Health Status of the Power Supply Units The Po w e r S u p p l i e s page displays the status an d rating of the power supply units installed in the server . Using the W eb- Based Interface T o view the health status of the power supply units: 1 Log in to the iDRA C6 W eb-based interface. 2 Select P[...]

  • Page 292

    292 Power Monitoring and Management • Severe indicates at least one failure alert has been issued. F ailure status indicates a power failure on the server , and corrective action must be taken immediately . – Loc a ti o n displays the name of the power supply un it: PS-n, where n is the power suppl y number . – Ty p e displays the type of pow[...]

  • Page 293

    Power Monitoring and M anagement 293 Viewing Power Budget The server provides power budget status overviews of the power subsystem on the P ower Budget Information page. Using the W eb Interface NOTE: T o perform power managemen t actions, you must have Administrative privilege. 1 Log in to the iDRA C6 W eb-based interface. 2 Click the Po w e r tab[...]

  • Page 294

    294 Power Monitoring and Management Power Budget Threshold Power Budget Threshold, if enabled, allo ws a power c apping limi t to be set f or the system. System perfor mance will be dynamically adjusted to maintain power consumption near the specified threshold. Actual power consumption may be less for light workloads and may momentarily e x ceed t[...]

  • Page 295

    Power Monitoring and M anagement 295 Using RACADM racadm config -g cfgServerPower -o cfgServerPowerCapWatts < power cap value in Watts > racadm config -g cfgServerPower -o cfgServerPowerCapBTUhr < power cap value in BTU/hr > racadm config -g cfgServerPower -o cfgServerPowerCapPercent <power cap value in % > racadm config -g cfgSer[...]

  • Page 296

    296 Power Monitoring and Management • W arning Threshold : Displays the accept able power consumption (in W atts and BTU/hr) r ecommended for system operation. P ower consumption that exceeds this va lue r esults in warning events. • Fa i l u r e T h r e s h o l d : Displays the highest acceptable power consumption (in W atts and BTU/hr ) requi[...]

  • Page 297

    Power Monitoring and M anagement 297 Power Consumption data is not maintained across sy stem resets and so will reset back to zero on those occasions. The pow er values displayed are cumulative averages over the respective time interval (previous minute, ho ur , day and week). Since the Start to Finish time intervals here may differ from those of t[...]

  • Page 298

    298 Power Monitoring and Management Using RACADM Open a T elnet/SSH text console to the iDR A C, log in, and ty pe: racadm getconfig -g cfgServerPower F or more informatio n about cfgSer verP ower , including output details, see cfgSer verP ower in the iDRA C6 Administrator Reference Guide available on the Dell Support website at support.dell.c om/[...]

  • Page 299

    Power Monitoring and M anagement 299 – P ower Cycle System (cold boot) powers off and then reboots the system. This option is dis abled if the system is already powered OFF . 4 Click Apply . A dialog box is d isplayed requesting confirmation. 5 Click OK to perform the power management action you selected (for example, cause the system to r eset).[...]

  • Page 300

    300 Power Monitoring and Management[...]

  • Page 301

    Using the iDRAC6 Configuration Utility 301 17 Using the iDRAC6 Configuration Utility Overview The iDRA C6 Configuration Utility is a pre-boot configur ation environment that allows you to vie w and set pa rameters for the iDR AC6 and for the managed server . Specificall y , you can: • View the firmwar e r evision numbers for the iDR AC6 and P rim[...]

  • Page 302

    302 Using the iDRAC6 C onfiguration Utility Starting the iDRAC6 Configuration Utility 1 T ur n on or restart the server by pressing the po wer button on the front of the server . 2 When you see the P ress <Ctrl-E> for Remote Access Setup within 5 sec..... message, immediately press <Ctrl><E> . NOTE: If your operating sy stem begin[...]

  • Page 303

    Using the iDRAC6 Configuration Utility 303 The following sections describe the iDR A C6 Configuratio n Utility menu items. iDRAC6 LAN Use <Left Arrow>, <Right Arrow>, an d the spacebar to select between On and Off . The iDR AC6 LA N is enabled in the def a ult configuration. The LAN must be enabled to permit the use of iDR A C6 faciliti[...]

  • Page 304

    304 Using the iDRAC6 C onfiguration Utility LAN Parameters P ress <Enter> to display the LAN P a ram eters submenu. When you have finished configuring the LAN paramete rs, press <Esc> to return to the previous menu. T able 17-1. LAN Parameters Item Description Common Settings NIC Selection P ress <Right Arrow>, <Left Arrow >[...]

  • Page 305

    Using the iDRAC6 Configuration Utility 305 Domain Name If Domain Name from DHCP is set to Off , press <Enter> to edit the Current Domain Name te xt field. Pr ess <Enter> when you have finished editing. Pr ess <Esc> to r eturn to the previous menu. The domain name must be a valid DNS domain, for example mycompany.com . Host Name St[...]

  • Page 306

    306 Using the iDRAC6 C onfiguration Utility Default Gateway If the IP Address Source is set to DHCP , this field displays the IP address of the default gateway obtained from DHCP . If the IP Address Source is set to Static , enter the IP addr ess of the default gateway . The default is 192.168.0.1 . DNS Servers from DHCP Select On to retrieve DNS s[...]

  • Page 307

    Using the iDRAC6 Configuration Utility 307 Virtual Media Configuration Virtual Media P ress <Enter> to select Detached, Attached , or A uto-Attached . When you select Attached , the V irtual Media devices ar e attached to the USB bus, making them available fo r use during Vi r t u a l C o n s o l e sessions. If you select Detached, users cann[...]

  • Page 308

    308 Using the iDRAC6 C onfiguration Utility vFlash P ress <Enter> to select Enabled or Disabled . • Enabled - vFlash is available for partition management. • Disabled - vFlash is not availab le for partition management . CAUTION: vFlash cannot be disabled if one or more partitions are in-use or is attached. Initialize vFlash Choose this o[...]

  • Page 309

    Using the iDRAC6 Configuration Utility 309 • W rite P rotected - Displays whether the vFlash SD car d is write-protected or not. • Health - Displays the overall health of the vFlas h SD card. This can be: –O K – W arning –C r i t i c a l P ress <Esc> to e xit. Smart Card Logon P ress <Enter> to select Enabled or Disabled . Thi[...]

  • Page 310

    310 Using the iDRAC6 C onfiguration Utility Collect Sy stem Inventory on Restart Select Enabled to allow the collection of inventory during boot. See the Dell Lifecycle Controlle r User Guide available on the Dell Support W ebsite at support.dell.com/ manuals for more information. NOTE: Modifying this option restarts the server after you have sa ve[...]

  • Page 311

    Using the iDRAC6 Configuration Utility 311 LAN User Configuration The LAN user is the iDRA C6 ad ministrator account, which is root by default. P r ess <Enter> to di splay the LAN User Configuration submenu. When you have finished configuring the LAN us er , press <Esc> to r eturn to the previous menu. Reset to Default Use the Reset to [...]

  • Page 312

    312 Using the iDRAC6 C onfiguration Utility T able 17-3. LAN User Configuration Item Description Auto-Discovery The auto-discovery feature enables automated discovery of unprovisioned systems on the ne twork; further , it secur ely establishes initial cr edentials so that these discover ed systems can be managed. This featur e enables i DR AC6 to l[...]

  • Page 313

    Using the iDRAC6 Configuration Utility 313 • F ailed to restor e settings to default values - Timeout. • Not able to send Reset command. Please try later - iDR AC is busy . Auto–Discovery (continued...) Before adding your Dell system to the network and using the auto–discovery feature, ensur e that: • Dynamic H ost Configuration P rotocol[...]

  • Page 314

    314 Using the iDRAC6 C onfiguration Utility Sy stem Event Log Menu The System Event Log Menu allows you to view System Event Log (SEL) messages and to clear the log message s. P ress <Enter> to display the System Event Log Menu . The system count s the log en tries and then displays the to t al nu m be r of rec ord s an d th e m o st rec e nt[...]

  • Page 315

    Monitoring and Alert Management 315 18 Monitoring and Alert Management This section e xplains how to monitor th e iDR AC6 and provides procedur es to configure your syst em and the iDR AC6 to r eceive alerts. Configuring the Managed Sy stem to Capture the Last Crash Screen Before the iDR A C6 can captur e the last crash screen, you must configure t[...]

  • Page 316

    316 Monitoring and Alert Management Disabling the Windows Automatic Reboot Option T o ensure that the iDR AC6 W eb-based interface last crash screen feature works properly , disable the Automatic R eboot option on managed systems running the Microsoft W i ndows Server 2008 and W indows Server 2003 operating syste ms. Disabling the Automatic Reb oot[...]

  • Page 317

    Monitoring and Alert Management 317 • T emperature W arning Assert F ilter • T emperature Critical Assert Filter • Intrusion Critical Assert F ilter • Redundancy Degraded F ilter • Redundancy L ost F ilter • P rocessor W arning Assert F ilter • P rocessor Critica l Assert F ilter • P rocessor AbsentCritical Assert F ilter • P ower[...]

  • Page 318

    318 Monitoring and Alert Management Configuring PEF Using the Web-Based Interface F or detailed information, see "Configuri ng Platform Event F ilters (PEF)" on page 59. Configuring PEF Using the RACADM CLI 1 Enable PEF . Open a command prompt, type the following command, and press <Enter>: racadm config -g cfgIpmiPef -o cfgIpmiPefE[...]

  • Page 319

    Monitoring and Alert Management 319 Configuring PET Configuring PET Using the Web User Interface F o r detailed information, see "Configu ring Plat form Event T raps (PET)" on page 59. Configuring PET Using the RACADM CLI 1 Enable your global alerts. Open a command prompt, type the following command, and press <Enter>: racadm config[...]

  • Page 320

    320 Monitoring and Alert Management 3 Configure your PET policy . At the command prompt, type the following command and press <Enter>: iPv4:racadm config -g cfgIpmiPet -o cfgIpmiPetAlertDestIPAddr -i 1 <IPv4_address> iPv6:racadm config -g cfgIpmiPetIpv6 -o cfgIpmiPetIPv6AlertDestIPAddr -i 1 <IPv6_address> wher e 1 is the PET desti[...]

  • Page 321

    Monitoring and Alert Management 321 where 1 and 1 are the e-mail destination inde x and the enable/disable selection, respectively . The e-mail destination index can be a value from 1 through 4. The enable/disable s election can be set to 1 (En abled) or 0 (Disabled). F or e xample, to enable e-mail with inde x 4, type the following command: racadm[...]

  • Page 322

    322 Monitoring and Alert Management T esting the RAC SNMP T rap Alert Feature The R AC SNMP trap aler ting feat ure allows SNMP trap li stener configurations to receiv e traps for system events that occur on the manag ed syste m. The following exa mple show s how a user can test the SNMP trap alert feature of the RA C. racadm testtrap -i 2 Before y[...]

  • Page 323

    Monitoring and Alert Management 323 T o access/configure the iDR AC6 SNMP agent community name using the W eb-based interface, go to Remote Access  Network/Security  Services and click SNMP Agent . T o prevent SNMP authentication err o rs from being generated, you must enter community names that will be accept ed by the agent. Since the iDRA [...]

  • Page 324

    324 Monitoring and Alert Management[...]

  • Page 325

    Recovering and T roubleshooting the Managed Sy stem 325 19 Recovering and T roubleshooting the Managed Sy stem This section explains how to perform t asks related to recovering and troubleshooting a crashed remote system using the iDRA C6 W eb-based interface. • "F irst Steps to T roubleshoot a Remote System" on page 325 • "Manag[...]

  • Page 326

    326 Recovering and T roubleshooting the Managed Sy stem Managing Power on a Remote Sy stem The iDRA C6 enables you to remotely perform several power management actions on the managed system so you can recover after a system crash or other system event. Selecting Power Control Actions fr om the iDRAC6 W eb-Based Interface T o perform power managemen[...]

  • Page 327

    Recovering and T roubleshooting the Managed Sy stem 327 The System Details page displays information about the following system components: • Main System Chassis • Remote Access Controller T o access the System Details page, expand the System tree and click P roperties  System Details tab. Main Sy stem Chassis NOTE: T o receive Host Name [...]

  • Page 328

    328 Recovering and T roubleshooting the Managed Sy stem Remote Access Controller T able 19-3. Embedded NIC MAC Addresses Field Description NIC 1 Displays the Media Access Control (MAC) addr ess(es) of the embedded Network Interface Controller (NIC) 1. MAC addresses uniquely identify each node in a network at the Media Access Control layer . Interne[...]

  • Page 329

    Recovering and T roubleshooting the Managed Sy stem 329 T able 19-5. IPv4 Information Field Description IPv4 Enabled Y es or No IP Address The 32-bit addr ess that identifies the Network Inte rface Card (NIC) to a host. The value is in the dot separated format, such as 143.166.154.127. Subnet Mask The Subnet Mask identifies the parts of the IP Addr[...]

  • Page 330

    330 Recovering and T roubleshooting the Managed Sy stem Using the Sy stem Event Log (SEL) The SEL page displays system-critical ev e nts that occur on the manage d system. T o view the System Event L og: 1 In the System tree, click System . 2 Click the Log s tab and then click System Event Log . The System Event Log page displays the event severity[...]

  • Page 331

    Recovering and T roubleshooting the Managed Sy stem 331 Using the Command Line to V iew Sy stem Log racadm getsel -i The getsel -i com mand displays the numbe r of entries in the SEL. racadm getsel < options > NOTE: If no arguments are specified, the entire log is displayed. NOTE: For more information on the options you can use, see getsel su[...]

  • Page 332

    332 Recovering and T roubleshooting the Managed Sy stem Using the POST Boot Logs NOTE: All logs are cleared afte r you reboot the iDRAC6. The Boot Capture page provides access to r eco r dings of up to the last thr ee available boot cycles. They ar e arranged in the order of latest to oldest. If the server has experienced no boot cycles then No Rec[...]

  • Page 333

    Recovering and T roubleshooting the Managed Sy stem 333 V iewing the Last Sy stem Crash Screen NOTE: The last crash screen feature requires the managed sy stem with the Auto Recovery feature configured in Server Administrator . In addition, ensure that the Automated Sy stem Recovery feature is enabled using th e iDRAC6. Navigate to the Services pag[...]

  • Page 334

    334 Recovering and T roubleshooting the Managed Sy stem[...]

  • Page 335

    Recovering and T roubleshooting the iDRAC6 335 20 Recovering and T roubleshooting the iDRAC6 This section explains ho w to perf orm tasks relate d to recovering a nd troubleshooting a crashed iD RA C6. Y ou can use one of the following to ols to troubleshoot your iDRA C6: •R A C L o g • Diagnostics Console •I d e n t i f y S e r v e r •T r [...]

  • Page 336

    336 Recovering and T roubleshooting the iDRAC6 Using the iDRAC Log Page Buttons The iDRA C Lo g page provides the butto ns listed in T able 20-2. T able 20-1. iDRAC Log Page Information Field Description Date/ T ime The date and time (for example, Dec 19 16:55:47 ). When the iDR AC6 initially starts and is unable to communicate with the managed sys[...]

  • Page 337

    Recovering and T roubleshooting the iDRAC6 337 Using the Command Line Use the getraclog command to view the iDR AC6 log entries . racadm getraclog [options] racadm getraclog -i The getraclog -i command disp lays the number of entries in the iDRA C6 log. NOTE: For more information, see getraclog in the iDRAC6 Administrator Reference Guide available [...]

  • Page 338

    338 Recovering and T roubleshooting the iDRAC6 Using Identify Server The Identify page allows you to enable th e system identification feature. T o identify the server : 1 Click System  Remote Access  T roubleshooting  Identify . 2 On the Identify screen, select the Identify Server checkbox to enable blinking of the LCD and the rear ide[...]

  • Page 339

    Recovering and T roubleshooting the iDRAC6 339 If you entered 0 seco nds, follow t hese steps to disable it: 1 Click System  Remote Access  T roubleshooting  Identify . 2 On the Identify screen, deselect the Identify Server optio n. Click Apply . Using the T race Log The internal iDRAC6 T race Log is used by administrators to debug iDR [...]

  • Page 340

    340 Recovering and T roubleshooting the iDRAC6 Using the coredump The racadm coredump command displays detailed information related to any recent critical issues that have occurr ed with the R AC. The cor edump information can be used to di agnose these critical issue s. If available, the cor edump informati on is persistent acro ss R A C power cyc[...]

  • Page 341

    Sensors 341 21 Sensors Hardwar e sensors or probes help you to monitor the systems on your network in a more efficient way by enabling you to take appropriate actions to prevent disasters, such as system instability or damage. Y ou can use the iDR AC6 to monitor har dware sensors for batteries, fan probes, chassis intrusion, power supp lies, power [...]

  • Page 342

    342 Sensors Power Supplies Probes The power supplies probes provides information on: • Status of the power supplies • P ower supply redundancy , that is, the ability of the redundant power supply to r eplace the primary power supply if the primary power supply fails . NOTE: If there is only one power supply in the sy stem, the Power Supply Redu[...]

  • Page 343

    Sensors 343 V oltage Probes The following are typical voltage probes. Y our system may have these and/or others present. • CP U [n] VCORE • System Board 0.9V PG • System Board 1.5V ESB2 PG • System Board 1.5V PG • System Board 1.8V PG • System Board 3.3V PG • System Boar d 5V PG • System Board Backplane PG • System Boar d CPU VTT [...]

  • Page 344

    344 Sensors[...]

  • Page 345

    Configuring Security Features 345 22 Configuring Security Features The iDRA C6 provides the fo llowing security features: • Advanced Security options for the iDRA C6 administrator : • The Virtual C onsole disable option allows the local system user to disable Virtual Console using the iDR AC6 V irtual Console feature. • The local configura ti[...]

  • Page 346

    346 Configuring Security Features Security Options for the iDRAC6 Administrator Disabling the iDR AC6 Local Configur ation Administrators can d is a b l e l o c al c on f i g uration through the iDRAC6 graphical user interface (GUI) by selecting R emote Access  Network/Security  Ser vices . When the Disable the iDR AC Local Configuration usin[...]

  • Page 347

    Configuring Security Features 347 CAUTION: These features severely limit the ability of the local user to configure the iDRAC6 from the local sy ste m, including performing a reset to default of the configuration. It is recommended that you use these features with discretion. Disable only one interface at a time to help avoid losing login privilege[...]

  • Page 348

    348 Configuring Security Features IP address to another device on the network, the resulting conflict may disable the out-of-band connectivity of the DR A C, r equiring administrators to reset the firmware to its defaul t settings through a serial connection. Disabling iDRAC6 Virtual Console Administrators can selectively disable the iDR AC6 r emot[...]

  • Page 349

    Configuring Security Features 349 Securing iDRAC6 Communi cations Using SSL and Digital Certificates This subsection provides informatio n about the following data security featur es that ar e incorpor ated in your iDR A C6: • "Secure Sockets L ayer (SSL)" on page 349 • "Certificate Signing Request (CSR)" on page 349 • &qu[...]

  • Page 350

    350 Configuring Security Features viewed or changed by others. T o ensur e security for your DR AC, it is strongly recommended that you generate a CS R, submit the CSR to a CA, and upload the certificate r eturned from the CA. A CA is a business entity that is recognized in the IT industry for meeting high standa rds of reliable screening, identifi[...]

  • Page 351

    Configuring Security Features 351 Generating a Certificate Signing Request NOTE: Each CSR overwrites any previous CS R on the firmware. Before iDRAC can accept your signed CSR, the CSR in t he firmware must matc h the certificate returned from the CA. 1 On the SSL Main Menu , select Generate Certificate Signing R equest (CSR) and clic k Next . 2 On[...]

  • Page 352

    352 Configuring Security Features Viewing a Server Certificate 1 In the SSL Main Menu page, select V iew Ser ver Certificate and click Next . T able 22-5 d escribes the fields and asso ciated descriptions listed in the Certificate window . 2 Click the appropriate V iew Ser ver Certificate page button to contin ue. Loc al i ty The city or other loca[...]

  • Page 353

    Configuring Security Features 353 Using the Secure Shell (SSH) F o r information about usin g SSH, see "Using the Secur e Shell (SSH)" on page 91. Configuring Services NOTE: T o modify these se ttings, you must have Configure iDRAC permission. Additionally , the remote RACADM comm and-line utility can only be enabled if the user is logged[...]

  • Page 354

    354 Configuring Security Features 5 Click the appropriate Services page button to continue. See T able 22-13. T able 22-6. Local Configuration Settings Setting Description Disable the iDRA C local configuration using option ROM Disables local configuration of the iDR A C using option ROM. The option ROM prompts you to enter the setup module by pres[...]

  • Page 355

    Configuring Security Features 355 T able 22-8. SSH Settings Setting Description Enabled Enables or disable SSH. When checked, the checkbox indicates that SSH is enabled. T imeout The secure shell idle timeout, in seconds. The T imeout range is 60 to 1920 seconds. Enter 0 seconds to disable the Timeout featur e. The default is 300 . Po r t N u m b e[...]

  • Page 356

    356 Configuring Security Features T able 22-11. SNMP Agent Settings Setting Description Enabled Enables or disables the SNMP agent. Check ed=Enabled; Unchecked=Disabled. Community Name The name of the community that contains the IP addr ess for the SNMP Alert destination. The Community Name can be up to 31 non-bla nk characters in length. The defau[...]

  • Page 357

    Configuring Security Features 357 Enabling Additional iDRAC6 Security Options T o prevent unauthorized access to your remote system, the iDRA C6 provides the following featur es: • IP address filtering (IPRange) — Define s a specific range of IP addresses that can access the iDRA C6. • IP address blocking — Limits the number of failed login[...]

  • Page 358

    358 Configuring Security Features See the iDR A C6 Administrator Refer ence Guide available on the Dell Support website at support.dell.com/ manuals for a complete list of cf gRacT uning properties. Enabling IP Filtering Below is an e xample command for IP filtering setup. See "Using RA CADM Remotely" on pa ge 111 for more information abo[...]

  • Page 359

    Configuring Security Features 359 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.255 T o restrict logins to a small set of four adjacent IP addresses (for example, 192.168.0.212 th rough 192.1 68. 0.215), select all but the lowest two bits in the mask, as shown below : racadm config -g cfgRacTuning -o cfgRacTuneIpRangeEnable 1 r[...]

  • Page 360

    360 Configuring Security Features As login failures accumulat e from a specific IP addr ess, they are aged by an internal counter . When the user logs in successfully , the failure history is cleared and the internal counter is r eset. NOTE: When login attempts are refused from the client IP address, some SSH clients may display the following messa[...]

  • Page 361

    Configuring Security Features 361 Enabling IP Blocking The following example prevents a client IP address from establishing a session for five minutes if that client has failed its five login attempts i n a one-minute period of time. racadm config -g cfgRacTuning -o cfgRacTuneIpRangeEnable 1 racadm config -g cfgRacTuning -o cfgRacTuneIpBlkFailCount[...]

  • Page 362

    362 Configuring Security Features T able 22-16. Network Security Page Settings Settings Description IP Range En abled Enables the IP Range checking fe atur e, which defin es a specific range of IP addresses that can access the iDRA C6. IP Range Address Determines the acceptable IP addr ess bit pattern, depending on the 1's in the subnet mask. [...]

  • Page 363

    Index 363 Index A accessing SSL with web interface, 6 4 Active Directory adding iDR AC6 users, 1 6 0 configure, 3 1 configuring access to iDRA C6, 1 5 2 managing certificate s, 7 0 objects, 1 4 9 schema extensions, 1 4 8 using with extended schema, 1 4 8 using with iDRA C6, 1 4 3 using with standard schema, 1 6 8 ASR configuring with web interface,[...]

  • Page 364

    364 Index Configuring a VFlash Media Card for Use W ith iDR AC6, 2 69 configuring and mana ging power , 290 Configuring Generic LDAP Directory Service Using RAC A DM , 1 8 2 Configuring Generic LDAP Directory Service Using the iDR AC6 W eb-Based Interface, 178 Configuring iDR AC Direct Connect Basic Mode and Direct Connect T erminal Mode, 9 9 confi[...]

  • Page 365

    Index 365 configuring, 3 2 0 configuring using RA CADM C L I , 320 configuring using web interface, 3 2 0 configuring with web interface, 6 0 Empty P artition, 274 exporting Smart Car d certificate, 193 extended schema Active Directory overview , 1 4 8 F fan probe, 341 file system types, 278 Fi r e f o x tab behavior , 4 8 firmware downloading, 3 9[...]

  • Page 366

    366 Index preserve configuration, 7 9 iDR AC6 LAN, 303 iDR AC6 ports, 2 6 iDR AC6 serial configuring, 1 0 6 iDR AC6 services configuring, 7 3 iDR AC6 user enabling permissions, 1 4 1 Image F ile, 276 installing and configuring iDR AC6 softwar e, 36 installing Dell extensions Active Dir ectory Users and Computers snap-in, 1 5 9 integrated System-on-[...]

  • Page 367

    Index 367 N Network Interface Card Settings, 50 network properties configuring, 1 2 3 configuring manually , 1 2 3 Network Security P age Settings, 56 NIC mode dedicated, 3 4 shared, 3 4 shared w ith F ailover All LOMs, 3 5 NIC modes shar ed with failover LOM2, 3 4 O operating system installing (manual method), 2 6 2 P password-level security manag[...]

  • Page 368

    368 Index remote access connections supported, 2 6 remot e power managemen t, 20 remote system managing power , 3 2 6 troubleshooting, 3 2 5 role-based au thority , 20, 129 S screen r esolutions, support, 208 SD Card P roperties, 270 Secure Shell (SSH) u s i n g , 91, 353 secure sock ets layer , 64 Secure Sock ets Layer (SSL) a b o u t , 349 import[...]

  • Page 369

    Index 369 configuring iDRA C service, 7 3 temperature sensor , 342 terminal mode configuring, 1 0 6 , 1 0 8 testing your config urations, 177 troubleshooting a remote system, 32 5 troubleshooting tools, 335 T w o-factor-authentication TF A, 1 9 3 U Unified Server Configurator , 27, 309-310 System Services, 3 0 9 - 3 1 0 system services, 2 7 updatin[...]

  • Page 370

    370 Index VMCLI utility , 239 a b o u t , 239 deploying the operating system, 2 4 1 includes vm6deploy script, 2 4 1 operating system shell options, 2 4 7 parameters, 2 4 4 r e t u r n c o d e s , 248 syntax, 2 4 4 using, 2 4 2 voltage probe, 343 W web browser configuring, 4 1 supported, 2 5 web interface accessing, 4 6 for configuring iDR A C6, 4 [...]