cmcugtp[2].fm Page 1 Friday, September 25, 2009 1:30 PM Dell™ Chassis Management Controller Firmware Version 2.
cmcugtp[2].fm Page 2 Friday, September 25, 2009 1:30 PM Notes and Cautions NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates a potential for property damage, personal injury, or death. ____________________ Information in this document is subject to change without notice. © 2009 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Contents 1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . What’s New For This Release . . . . . . . . . . . . . . 17 . . . . . . . . . . . . . . 18 Security Features . . . . . . . . . . . . . . . . . . . . 20 Chassis Overview . . . . . . . . . . . . . . . . . . . . 21 CMC Management Features . Hardware Specifications TCP/IP Ports . . . . . . . . . . . . . . . . 21 . . . . . . . . . . . . . . . . . . . . 21 Supported Remote Access Connections Supported Platforms . . . . . . .
Installing Remote Access Software on a Management Station . . . . . . . . . Installing RACADM on a Linux Management Station . . . . . . . . . . 30 . . . . . . . . . . . . 30 Uninstalling RACADM From a Linux Management Station . . . . . . . . . . . . . 31 . . . . . . . . . . . . . . 31 . . . . . . . . . . . . . . . . . . . . ® Phishing Filter . . . . . . . . . . . . . Microsoft 32 Certificate Revocation List (CRL) Fetching . . . . . 33 . . . . . . . . 33 Configuring a Web Browser .
Understanding the Redundant CMC Environment . . . . . . . . . . . . . About the Standby CMC . . . . . . . . . . 49 . . . . . . . . . . . . . . 49 Primary CMC Election Process . Obtaining Health Status of Redundant CMC . . . . . 3 . . . . . . . . . . 50 . . . . . . . . . . . . . 50 Configuring CMC to Use Command Line Consoles . . . . . . . . . . . . . . . . . . . . . 51 . . . . . 51 Using a Serial, Telnet, or SSH Console . . . . . . . . . 52 Using a Telnet Console With the CMC . . . . . .
4 Using the RACADM Command Line Interface . . . . . . . . . . . . . . . . . . . . . 65 . . . . . . . . . 65 Logging in to the CMC . . . . . . . . . . . . . . . 66 Starting a Text Console . . . . . . . . . . . . . . . 66 . . . . . . . . . . . . . . . . . . . . . 66 Using a Serial, Telnet, or SSH Console Using RACADM . RACADM Subcommands . . . . . . . . . . . . . . Accessing RACADM Remotely . . . . . . . . . . . Enabling and Disabling the RACADM Remote Capability . . . . . . . . . . .
Logging in Using Public Key Authentication . . . . . . . . . . . . . . . . . . . Enabling a CMC User With Permissions Disabling a CMC User . . . . . . 86 . . . . . . . . . . . . . . . 87 Configuring SNMP and E-mail Alerting . . . . . . . . . Configuring Multiple CMCs in Multiple Chassis 87 . . . . . . . . . 89 . . . . . . . . . . . . . . . . . . . 90 Modifying the CMC IP Address . . . . . . . . . . . Using RACADM to Configure Properties on iDRAC . . . . . . . . . . . . . . . . .
Editing Slot Names . . . . . . . . . . . . . . . . Setting the First Boot Device for Servers . . . . . . . . . . . . . . . . . . . . . . 106 Viewing the Health Status of an Individual Server . . . . . . . . . . . . . . . . . 107 Viewing the Health Status of IOMs . . . . . . . . Viewing the iKVM Status . . . . . . 114 116 Viewing the Health Status of the PSUs . . . . . . . . . . . . . . . . . . . . . Viewing Status of the Temperature Sensors . . . . . . . . . . . . . . . 119 . . . . . . . .
Configuring and Managing Microsoft Active Directory Certificates . . . . . . . . . . . . . . . . . . 141 Configuring Active Directory (Standard Schema and Extended Schema) . . . . . . . . . . 142 Uploading an Active Directory Certificate Authority-Signed Certificate . . . . . . 146 Viewing an Active Directory Certificate Authority-Signed Certificate . . . . . . 146 . . . . . . . . . . . 147 . . . . . . . . . . . .
FlexAddress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 . . . . . . . . . . . . . 182 Viewing FlexAddress Status Configuring FlexAddress Chassis-Level Fabric and Slot FlexAddress Configuration . . . . . . . . . . . . 182 Server-Level Slot FlexAddress Configuration . . . . . . . . . . . . . . . . . . . 183 . . . . . . . . . . . . . . . . . . 184 Remote File Sharing Frequently Asked Questions . . . . . . . . . . . . . . 186 . . . . . . . . . . . . . . .
7 Using the CMC With Microsoft Active Directory . . . . . . . . . . . Active Directory Schema Extensions . 207 . . . . . . . . . 207 . . . . . . . . . . . . . 207 . . . . . . . . . . . . . . 208 Extended Schema Versus Standard Schema. . . . . Extended Schema Overview. . . . . . . . Active Directory Schema Extensions . . . . . . . Active Directory Object Overview 209 . . . . . . . . . 209 Configuring Extended Schema Active Directory to Access Your CMC . . . . . . . . . . .
Configuring Settings . Prerequisites . . . . . . . . . . . . . . . . . 238 . . . . . . . . . . . . . . . . . . . 238 Configuring Active Directory Configuring the CMC . . . . . . . . . . . 238 . . . . . . . . . . . . . . . 239 . . . . . . . 239 . . . . . . . . . . . . . 240 Uploading the Kerberos Keytab File Enabling Single Sign-On Configuring the Browser For Single Sign-On Login . . . . . . . . . . . . . . . 240 Logging into the CMC Using Single Sign-On . . . . . . . . . . . . . . . . . .
Redundancy Policies . . . . . . . . . . . . . . . . . . 258 AC Redundancy . . . . . . . . . . . . . . . . . . . 258 Power Supply Redundancy . No Redundancy . . . . . . . . . . . . . 258 . . . . . . . . . . . . . . . . . . 259 Power Conservation and Power Budget Changes . Power Supply and Redundancy Policy Changes in System Event Log . . . . . . . . 262 . . . . . . . . . . 263 . . . . . . . . . . . 263 Redundancy Status and Overall Power Health . . . . . . . . . .
Server Identification Video . . . . . . . . . . . . . . . 288 . . . . . . . . . . . . . . . . . . . . . . . 288 Plug and Play . . . . . . . . . . . . . . . . . . . FLASH Upgradable . . . . . . . . . . . . . . . . Physical Connection Interfaces . . . . . . . . . . . . iKVM Connection Precedences . . . . . . . . . 289 . . . . . . . . . . . . . . . . . . . . . 290 Navigation Basics. . . . . . . . . . . . . . . . . 290 Configuring OSCAR . . . . . . . . . . . . . . . . 291 . . . . . . . . .
10 I/O Fabric Management . Fabric Management . . . . . . . . . . . . 316 . . . . . . . . . . . . . . . . . . . Invalid Configurations . 317 . . . . . . . . . . . Invalid IOM-Mezzanine Card (MC) Configuration . . . . . . . . . . . . . . . . . . . . 318 . . . . . . . . . . 318 . . . . . . . . . . . . . . . . 318 . . . . . . . . . . . . . . . . . 319 Invalid IOM-IOM Configuration . Fresh Power-up Scenario Monitoring IOM Health 317 . . . . . . . . . . . . . . . . .
Power Supply Troubleshooting Viewing Chassis Summaries . . . . . . . . . . . . 338 . . . . . . . . . . . . . 341 Viewing Chassis and Component Health Status . . . . . . . . . . . Viewing the Event Logs . . . . . . . . . . . 345 . . . . . . . . . . . . . . . . 346 . . . . . . . . . . . . 347 . . . . . . . . . . . . . . 349 Viewing the Hardware Log Viewing the CMC Log . . . . . . . . . . . 350 . . . . . . . . . . . . 352 . . . . . . . . . . . . . . . .
1 Overview The Dell™ Chassis Management Controller (CMC) is a hot-pluggable systems management hardware and software solution designed to provide remote management capabilities and power control functions for Dell PowerEdge™ M1000e chassis systems. You can configure the CMC to send e-mail alerts or SNMP trap alerts for warnings or errors related to temperatures, hardware misconfigurations, power outages, and fan speeds.
• Two-Factor Authentication using Smart Card — Provides added security — a smart card plus a PIN to authenticate a user instead of just a password. • Public Key Authentication (PKA) over SSH — Improves SSH scripting automation by removing the need to embed or prompt for user ID/password. • Power management enhancements — Flexible power supply redundant modes: 1+1, 2+1, and 3+1. Additional fault-tolerant AC redundant modes: 1+1, 2+2, and 3+3.
• Firmware updates for various components - CMC, servers, iKVM, and I/O module infrastructure devices • Dell OpenManage™ software integration — Enables you to launch the CMC Web interface from Dell OpenManage Server Administrator or IT Assistant • CMC alert — Alerts you to potential managed node issues through an e-mail message or SNMP trap • Remote power management — Provides remote power management functions, such as shutdown and reset on any chassis component, from a management console • Power u
• Network time protocol (NTP) support • Enhanced server summary, power reporting, and power control pages • Forced CMC failover, and virtual "reseat" of servers Security Features The CMC provides the following security features: • User authentication through Active Directory (optional), or hardware-stored user IDs and passwords • Role-based authority, which enables an administrator to configure specific privileges for each user • User ID and password configuration through the Web interface • We
Chassis Overview Figure 1-1 shows the facing edge of a CMC (inset) and the locations of the CMC slots in the chassis. Figure 1-1. Dell M1000e Chassis and CMC Hardware Specifications TCP/IP Ports You must provide port information when opening firewalls for remote access to a CMC. Table 1-1 identifies the ports on which the CMC listens for server connections. Table 1-2 identifies the ports that the CMC uses as clients.
Table 1-1. CMC Server Listening Ports Port Number Function 22* SSH 23* Telnet 80* HTTP 161 SNMP Agent 443* HTTPS * Configurable port Table 1-2.
Supported Remote Access Connections Table 1-3 lists the connection features. Table 1-3.
Supported Web Browsers For the latest information on supported Web browsers, see the Dell Systems Software Support Matrix located on the Dell Support website at support.dell.com/manuals. To view localized versions of the CMC Web interface: 1 Open the Windows Control Panel. 2 Double-click the Regional Options icon. 3 Select the required locale from the Your locale (location) drop-down menu. Supported Management Console Applications The CMC supports integration with Dell OpenManage IT Assistant.
The data available through WS-Management is a subset of data provided by the CMC instrumentation interface mapped to the following DMTF profiles version 1.0.
There are additional implementation guides, white papers, profile, and code samples available in the Dell Tech Center at www.delltechcenter.com. For more information, also see: • DTMF Web site: www.dmtf.org/standards/profiles/ • WS-MAN release notes or Read Me file. • www.wbemsolutions.com/ws_management.html • DMTF WS-Management Specifications: www.dmtf.
The following system documents are also available to provide more information about the system in which your CMC is installed: • The safety instructions that came with your system provide important safety and regulatory information. For additional regulatory information, see the Regulatory Compliance home page at www.dell.com/regulatory_compliance. Warranty information may be included within this document or as a separate document.
Overview
2 Installing and Setting Up the CMC This section provides information about how to install your CMC hardware, establish access to the CMC, configure your management environment to use the CMC, and guides you through the next steps for configuring the CMC: • Set up initial access to the CMC • Access the CMC through a network • Add and configure CMC users • Update the CMC firmware Additionally, you can find information about installing and setting up redundant CMC environments at "Understanding the
Installing Remote Access Software on a Management Station You can access the CMC from a management station using remote access software, such as the Telnet, Secure Shell (SSH), or serial console utilities provided on your operating system or using the Web interface. If you want to use remote RACADM from your management station, you will need to install it using the Dell Systems Management Tools and Documentation DVD. Your system includes the Dell Systems Management Tools and Documentation DVD.
4 Navigate to the SYSMGMT/ManagementStation/linux/rac directory. To install the RAC software, enter the following command: rpm -ivh *.rpm 5 For help with the RACADM command, type racadm help after issuing the previous commands. For more information about RACADM, see "Using the RACADM Command Line Interface.
Also, be aware that some browser features can interfere with connectivity or performance, especially if the management network does not have a route to the Internet. If your management station is running a Windows operating system, there are Internet Explorer settings that can interfere with connectivity even when you are using a command line interface to access the management network.
Microsoft® Phishing Filter If the Microsoft Phishing Filter is enabled in Internet Explorer 7 on your management system and your CMC does not have Internet access, you may experience delays of several seconds when accessing the CMC, whether you are using the browser or another interface such as remote RACADM. Follow these steps to disable the phishing filter: 1 Start Internet Explorer. 2 Click Tools→Phishing Filter, and then click Phishing Filter Settings. 3 Check the Disable Phishing Filter check box.
Allow Animations in Internet Explorer When transferring files to and from the Web interface, a file transfer icon spins to show transfer activity. For Internet Explorer, this requires that the browser be configured to play animations, which is the default setting. Follow these steps to configure Internet Explorer to play animations: 1 Start Internet Explorer. 2 Click Tools→Internet Options, then click Advanced. 3 Scroll to the Multimedia section and check Play animations in web pages.
network. The basic connection type uses more ports on the management network and provides greater redundancy. The daisy-chain connection type uses fewer ports on the management network but introduces dependencies between CMCs, reducing the redundancy of the system. Basic CMC Network Connection For the highest degree of redundancy, connect each CMC to your management network. If a chassis has just one CMC, make one connection on the management network.
Figure 2-1.
Follow these steps to daisy-chain up to four chassis: 1 Connect the GB1 port of the primary CMC in the first chassis to the management network. 2 Connect the GB1 port of the primary CMC in the second chassis to the STK port of the primary CMC in the first chassis. 3 If you have a third chassis, connect the GB1 port of its primary CMC to the STK port of the primary CMC in the second chassis. 4 If you have a fourth chassis, connect the GB1 port of its primary CMC to the STK port of the third chassis.
Configuring Networking Using the LCD Configuration Wizard NOTE: The option to configure the CMC using the LCD Configuration Wizard is available only until the CMC is deployed or the default password is changed. If the password is not changed, the LCD can continue to be used to reconfigure the CMC causing a possible security risk. The LCD is located on the bottom left corner on the front of the chassis. Figure 2-2 illustrates the LCD panel. Figure 2-2.
The LCD screen displays menus, icons, pictures, and messages. A status indicator LED on the LCD panel provides an indication of the overall health of the chassis and its components. • Solid blue indicates good health. • Blinking amber indicates that at least one component has a fault condition. • Blinking blue is an ID signal, used to identify one chassis in a group of chassis.
4 Press the center button to continue to the CMC Network Settings screen. 5 Select your network speed (10Mbps, 100Mbps, Auto (1 Gbps)) using the down arrow button. NOTE: The Network Speed setting must match your network configuration for effective network throughput. Setting the Network Speed lower than the speed of your network configuration increases bandwidth consumption and slows network communication. Determine whether your network supports the above network speeds and set it accordingly.
8 Select the mode in which you want the CMC to obtain the NIC IP addresses: Dynamic Host Configuration Protocol (DHCP) The CMC retrieves IP configuration (IP address, mask, and gateway) automatically from a DHCP server on your network. The CMC will be assigned a unique IP address allotted over your network. If you have selected the DHCP option, press the center button. The Configure iDRAC? screen appears; go to step 10.
Set the DNS IP Address using the right or left arrow keys to move between positions, and the up and down arrow keys to select a number for each position. When you have finished setting the DNS IP address, press the center button to continue. 10 Indicate whether you want to configure iDRAC: – No: Skip to step 13. – Yes: Press the center button to proceed. 11 Select the Internet Protocol (IPv4, IPv6, or both) that you want to use for the blades.
the installed servers, highlight the No icon and press the center button and continue to step c. c On the next iDRAC Configuration screen, to apply all iDRAC network settings to newly installed servers, highlight the Accept/Yes icon and press the center button; when a new server is inserted into the chassis, the LCD will prompt the user on whether to automatically deploy the server using the previously configured network settings/policies.
Accessing the CMC Through a Network After you have configured the CMC network settings, you can remotely access the CMC using any of the following interfaces: • Web interface • Telnet console • SSH • Remote RACADM Telnet is enabled via one of the other interfaces; telnet is not as secure as the other interfaces so it is disabled by default. Table 2-1 describes each CMC network interface. Table 2-1.
You can access the CMC and iDRAC Web interfaces through the CMC NIC using a supported Web browser; you can also launch them from the Dell Server Administrator or Dell OpenManage IT Assistant. For a list of supported Web browsers, see the Supported Browsers section in the Dell Systems Software Support Matrix on the Dell Support website at support.dell.com/manuals. To access the CMC using a supported Web browser, see "Accessing the CMC Web Interface.
NOTE: During updates of CMC firmware, some or all of the fan units in the chassis will spin at 100%. This is normal. NOTE: The firmware update, by default, retains the current CMC settings. During the update process, you have the option to reset the CMC configuration settings back to the factory default settings. NOTE: If you have redundant CMCs installed in the chassis, it is important to update both to the same firmware version.
Configuring CMC Properties You can configure CMC properties such as power budgeting, network settings, users, and SNMP and e-mail alerts using the Web interface or RACADM. For more information about using the Web interface, see "Accessing the CMC Web Interface." For more information about using RACADM, see "Using the RACADM Command Line Interface." CAUTION: Using more than one CMC configuration tool at the same time may generate unexpected results.
For instructions on adding and configuring public key users for the CMC using RACADM, see "Using RACADM to Configure Public Key Authentication over SSH." For instructions on adding and configuring users using the Web interface, see "Adding and Configuring CMC Users." For instructions on using Active Directory with your CMC, see "Using the CMC With Microsoft Active Directory." Adding SNMP and E-mail Alerts You can configure the CMC to generate SNMP and/or e-mail alerts when certain chassis events occur.
Understanding the Redundant CMC Environment You can install a standby CMC that takes over if your primary CMC fails. Failovers can occur when you: • Run the RACADM cmcchangeover command. (See the cmcchangeover command section in the Dell Chassis Management Controller Administrator Reference Guide.) • Run the RACADM racreset command on the active CMC. (See the racreset command section in the Dell Chassis Management Controller Administrator Reference Guide.) • Reset the active CMC from Web interface.
Primary CMC Election Process There is no difference between the two CMC slots; that is, slot does not dictate precedence. Instead, the CMC that is installed or booted first assumes the role of the active CMC. If AC power is applied with two CMCs installed, the CMC installed in CMC chassis slot 1 (the left) normally assumes the active role. The active CMC is indicated by the blue LED.
3 Configuring CMC to Use Command Line Consoles This section provides information about the CMC command line console (or serial/Telnet/Secure Shell console) features, and explains how to set up your system so you can perform systems management actions through the console. For information on using the RACADM commands in CMC through the command line console, see "Using the RACADM Command Line Interface.
Using a Serial, Telnet, or SSH Console When you connect to the CMC command line, you can enter these commands: Table 3-1. CMC Command Line Commands Command Description racadm RACADM commands begin with the keyword racadm and are followed by a subcommand, such as getconfig, serveraction, or getsensorinfo. See "Using the RACADM Command Line Interface" for details on using RACADM. connect Connects to the serial console of a server or I/O module.
When an error occurs during the login procedure, the SSH client issues an error message. The message text is dependent on the client and is not controlled by the CMC. Review the RACLog messages to determine the cause of the failure. NOTE: OpenSSH should be run from a VT100 or ANSI terminal emulator on Windows. Running OpenSSH at the Windows command prompt does not provide full functionality (that is, some keys do not respond and no graphics are displayed).
The CMC SSH implementation supports multiple cryptography schemes, as shown in Table 3-2. Table 3-2.
Configuring Linux Minicom Minicom is a serial port access utility for Linux. The following steps are valid for configuring Minicom version 2.0. Other Minicom versions may differ slightly but require the same basic settings. Use the information in "Required Minicom Settings" to configure other versions of Minicom. Configuring Minicom Version 2.0 NOTE: For best results, set the cfgSerialConsoleColumns property to match the number of columns. Be aware that the prompt consumes two characters.
11 Select Save setup as config_name and press . 12 Select Exit From Minicom and press . 13 At the command shell prompt, type minicom . 14 Press , , to exit Minicom. Ensure that the Minicom window displays a login prompt. When the login prompt appears, your connection is successful. You are now ready to login and access the CMC command line interface. Required Minicom Settings Use Table 3-3 to configure any version of Minicom. Table 3-3.
While in a serial/Telnet/SSH console, the CMC supports the connect command to establish a serial connection to server or IOM modules. The server serial console contains both the BIOS boot and setup screens, as well as the operating system serial console. For I/O modules, the switch serial console is available. CAUTION: When executed from the CMC serial console, the connect -b option stays connected until the CMC resets. This connection is a potential security risk.
To connect to a managed server serial console, use the command connect server-n, where -n is the slot number of the server; you can also use the racadm connect server-n command. When you connect to a server using the -b option, binary communication is assumed and the escape character is disabled. If the iDRAC is not available, you will see a No route to host error message. The connect server-n command enables the user to access the server's serial port.
5 Enable Redirection After Boot (default value is disabled). This option enables BIOS console redirection across subsequent reboots. 6 Save the changes and exit. 7 The managed server reboots. Configuring Windows for serial console redirection There is no configuration necessary for servers running the Microsoft® Windows Server® versions, starting with Windows Server 2003. Windows will receive information from the BIOS, and enable the Special Administration Console (SAC) console one COM1.
/, e.g. # root (hd0,0) # kernel /boot/vmlinuz-version ro root= /dev/sdal # initrd /boot/initrd-version.img # #boot=/dev/sda default=0 timeout=10 #splashimage=(hd0,2)/grub/splash.xpm.gz serial --unit=1 --speed=57600 terminal --timeout=10 serial title Red Hat Linux Advanced Server (2.4.9-e.3smp) root (hd0,0) kernel /boot/vmlinuz-2.4.9-e.3smp ro root= /dev/sda1 hda=ide-scsi console=ttyS0 console= ttyS1,57600 initrd /boot/initrd-2.4.9-e.3smp.img title Red Hat Linux Advanced Server-up (2.4.9-e.
Configuring Linux for Server Serial Console Redirection After Boot Edit the file /etc/inittab, as follows: • Add a new line to configure agetty on the COM2 serial port: co:2345:respawn:/sbin/agetty -h -L 57600 ttyS1 ansi The following example shows the file with the new line. # # inittab This file describes how the INIT process # should set up the system in a certain # run-level. # # Author: Miquel van Smoorenburg # Modified for RHS Linux by Marc Ewing and # Donnie Barnes # # Default runlevel.
l4:4:wait:/etc/rc.d/rc 4 l5:5:wait:/etc/rc.d/rc 5 l6:6:wait:/etc/rc.d/rc 6 # Things to run in every runlevel. ud::once:/sbin/update # Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -t3 -r now # When our UPS tells us power has failed, assume we have a few # minutes of power left. Schedule a shutdown for 2 minutes from now. # This does, of course, assume you have power installed and your # UPS is connected and working correctly.
Edit the file /etc/securetty, as follows: • Add a new line, with the name of the serial tty for COM2: ttyS1 The following example shows a sample file with the new line.
Configuring CMC to Use Command Line Consoles
Using the RACADM Command Line Interface 4 RACADM provides a set of commands that allow you to configure and manage the CMC through a text-based interface. RACADM can be accessed using a Telnet/SSH or serial connection, using the Dell CMC console on the iKVM, or remotely using the RACADM command line interface installed on a management station.
Logging in to the CMC After you have configured your management station terminal emulator software and managed node BIOS, perform the following steps to log into the CMC: 1 Connect to the CMC using your management station terminal emulation software. 2 Type your CMC user name and password, and then press . You are logged into the CMC. Starting a Text Console You can log in to the CMC using Telnet or SSH through a network, serial port, or a Dell CMC console through the iKVM.
RACADM Subcommands Table 4-1 provides a brief list of common subcommands used in RACADM. For a complete list of RACADM subcommands, including syntax and valid entries, see the RACADM Subcommands chapter of the Dell Chassis Management Controller Administrator Reference Guide. NOTE: The connect command is available as both—RACADM command and built-in CMC command. The exit, quit, and logout commands are built-in CMC commands, not RACADM commands. None of these commands can be used with remote RACADM.
RACADM Subcommands (continued) Table 4-1. Command Description deploy Deploys a server by specifying required properties. feature Displays active features and feature deactivation. featurecard Displays feature card status information. fwupdate Performs system component firmware updates, and displays firmware update status. getassettag Displays the asset tag for the chassis. getchassisname Displays the name of the chassis. getconfig Displays the current CMC configuration properties.
Table 4-1. RACADM Subcommands (continued) Command Description getsvctag Displays service tags. getsysinfo Displays general CMC and system information. gettracelog Displays the CMCtrace log. If used with the -i option, the command displays the number of entries in the CMC trace log. getversion Displays the current software version, model information, and whether or not the device can be updated. ifconfig Displays the current CMC IP configuration.
RACADM Subcommands (continued) Table 4-1. Command Description setslotname Sets the name of a slot in the chassis. setsysinfo Sets the name and location of the chassis. sshpkauth Enables you to upload up to 6 different SSH public keys, delete existing keys, and view keys already in the CMC. sslcertdownload Downloads a certificate authority-signed certificate. sslcertupload Uploads a certificate authority-signed certificate or server certificate to the CMC.
Accessing RACADM Remotely Table 4-2 lists the options for the remote RACADM subcommands. Table 4-2. Remote RACADM Subcommand Options Option Description -r Specifies the controller’s remote IP address. -r : Use if the CMC port number is not the default port (443) -i Instructs RACADM to interactively query the user for user name and password. -u Specifies the user name that is used to authenticate the command transaction.
If the HTTPS port number of the CMC has been changed to a custom port other than the default port (443), the following syntax must be used: racadm -r : -u -p racadm -i -r : Enabling and Disabling the RACADM Remote Capability NOTE: Dell recommends that you run these commands at the chassis. The RACADM remote capability on the CMC is enabled by default.
NOTE: The RACADM remote capability is supported only on management stations through a supported browser. For more information, see the Supported Browsers section in the Dell Systems Software Support Matrix on the Dell Support website at support.dell.com/manuals. NOTE: When using the RACADM remote capability, you must have write permissions on the folders where you are using the RACADM subcommands involving file operations.
Using RACADM to Configure the CMC NOTE: In order to configure CMC the first time. You must be logged in as user root to execute RACADM commands on a remote system. Another user can be created that will give him or her the permission to configure the CMC. The CMC Web interface is the quickest way to configure the CMC (see "Using the CMC Web Interface").
Viewing Current IPv4 Network Settings To view a summary of NIC, DHCP, network speed, and duplex settings, type: racadm getniccfg or racadm getconfig -g cfgCurrentLanNetworking Viewing Current IPv6 Network Settings To view a summary of the network settings, type: racadm getconfig -g cfgIpv6LanNetworking To view IPv4 and IPv6 addressing information for the chassis type: racadm getsysinfo By default, the CMC requests and obtains a CMC IP address from the Dynamic Host Configuration Protocol (DHCP) server auto
To view IP address and DHCP, MAC address, and DNS information for the chassis, type: racadm getsysinfo Configuring the Network LAN Settings NOTE: To perform the following steps, you must have Chassis Configuration Administrator privilege. NOTE: The LAN settings, such as community string and SMTP server IP address, affect both the CMC and the external settings of the chassis.
racadm config -g cfgLanNetworking -o cfgNicNetmask By default, for IPv6, the CMC requests and obtains a CMC IP address from the IPv6 Autoconfiguration mechanism automatically.
To disable the DHCP for DNS address feature for IPv6 and specify static preferred and alternate DNS server addresses, type: racadm config -g cfgIPv6LanNetworking -o cfgIPv6DNSServersFromDHCP6 0 Setting Static DNS IP addresses NOTE: These settings are not valid unless the DCHP for DNS address feature is disabled.
• DNS Domain Name. The default DNS domain name is a single blank character. To set a DNS domain name, type: racadm config -g cfgLanNetworking -o cfgDNSDomainName where is a string of up to 254 alphanumeric characters and hyphens. For example: p45, a-tz-1, r-id-001.
Setting the SMTP Server IP Address You can enable the CMC to send e-mail alerts using Simple Mail Transfer Protocol (SMTP) to a specified IP address. To enable this feature, type: racadm config -g cfgRemoteHosts -o cfgRhostsFwUpdateIpAddr where is the IP address of the network SMTP server.
CAUTION: Use caution when using the racresetcfg command, because it will reset all configuration parameters to the original defaults. Any previous changes are lost. NOTE: Users can be enabled and disabled over time, and disabling a user does not delete the user from the database.
3 Set the user privileges. For information about user privileges, see Table 5-18, Table 5-19, and Table 3-1 in the database property chapter of the Dell Chassis Management Controller Administrator Reference Guide. 4 Enable the user. Example The following example describes how to add a new user named "John" with a "123456" password and LOGIN privilege to the CMC.
Using RACADM to Configure Public Key Authentication over SSH Before You Begin You can configure up to 6 public keys that can be used with the service username over SSH interface. Before adding or deleting public keys, be sure to use the view command to see what keys are already set up so a key is not accidentally overwritten or deleted. The service username is a special user account that can be used when accessing the CMC through SSH.
Generating Public Keys for Windows Before adding an account, a public key is required from the system that will access the CMC over SSH. There are two ways to generate the public/private key pair: using PuTTY Key Generator application for clients running Windows or ssh-keygen CLI for clients running Linux. This section describes simple instructions to generate a public/private key pair for both applications. For additional or advanced usage of these tools, see the application Help.
–b option specifies the bit encryption size between 768 and 4096. –C option allows modifying the public key comment and is optional. the passphrase is optional. Follow the instructions. After the command completes, use the public file to pass to the RACADM for uploading the file. Viewing the Public Keys To view public keys that you have added to the CMC, type: racadm sshpkauth –I svcacct –k all –v To view just one key at a time, replace all with a number from 1 – 6.
Logging in Using Public Key Authentication After the public keys are uploaded, you should be able to log into the CMC over SSH without having to enter a password. You also have the option of sending a single RACADM command as a command line argument to the SSH application. The command line options behave like remote RACADM since the session ends after the command is completed. For example: Logging in: ssh service@ Or ssh service@ where IP_address is the IP address of the CMC.
Disabling a CMC User Using RACADM, you can only disable CMC users manually and on an individual basis. You cannot delete users by using a configuration file. The following example illustrates the command syntax that can be used to delete a CMC user: racadm config -g cfgUserAdmin -i 2 cfgUserAdminPrivilege 0x0 Configuring SNMP and E-mail Alerting You can configure the CMC to send SNMP event traps and/or e-mail alerts when certain events occur on the chassis.
1 Use RACADM to query the target CMC that contains the desired configuration. NOTE: The generated configuration file is myfile.cfg. You can rename the file. NOTE: The .cfg file does not contain user passwords. When the .cfg file is uploaded to the new CMC, you must re-add all passwords. Open a Telnet/SSH text console to the CMC, log in, and type: racadm getconfig -f myfile.cfg NOTE: Redirecting the CMC configuration to a file using getconfig -f is only supported with the remote RACADM interface.
Creating a CMC Configuration File The CMC configuration file, .cfg, is used with the racadm config -f .cfg command to create a simple text file. The command allows you to build a configuration file (similar to an .ini file) and configure the CMC from this file. You may use any file name, and the file does not require a .cfg extension (although it is referred to by that designation in this subsection).
• Use the racresetcfg subcommand to configure both CMCs with identical properties. Use the racresetcfg subcommand to reset the CMC to original defaults, and then run the racadm config -f .cfg command. Ensure that the .cfg file includes all desired objects, users, indexes, and other parameters. See the database property chapter of the Dell Chassis Management Controller Administrator Reference Guide for a complete list of objects and groups.
The following example displays a group name, object, and the object’s property value: [cfgLanNetworking] -{group name} cfgNicIpAddress=143.154.133.121 {object name} {object value} • All parameters are specified as "object=value" pairs with no white space between the object, =, or value. White spaces that are included after the value are ignored. A white space inside a value string remains unmodified. Any character to the right of the = (for example, a second =, a #, [, ], and so on) is taken as-is.
• The line for an indexed group cannot be deleted from a .cfg file. If you do delete the line with a text editor, RACADM will stop when it parses the configuration file and alert you of the error. You must remove an indexed object manually using the following command: racadm config -g -o -i "" NOTE: A NULL string (identified by two " characters) directs the CMC to delete the index for the specified group.
cfgNicGateway=10.35.10.1 This file will be updated as follows: # # Object Group "cfgLanNetworking" # [cfgLanNetworking] cfgNicIpAddress=10.35.9.143 # comment, the rest of this line is ignored cfgNicGateway=10.35.9.1 The command racadm config -f .cfg parses the file and identifies any errors by line number. A correct file will update the proper entries. Additionally, you can use the same getconfig command from the previous example to confirm the update.
For more information on the property default values and ranges, see the Integrated Dell Remote Access Controller 6 (iDRAC6) Enterprise for Blade Servers User Guide. If the firmware on the blade server does not support a feature, configuring a property related to that feature displays an error. For example, using RACADM to enable remote syslog on an unsupported iDRAC displays an error message.
Troubleshooting Table 4-3 lists common problems related to remote RACADM. Table 4-3. Using the Serial and RACADM Commands: Frequently Asked Questions Question Answer After performing a CMC reset (using the RACADM racreset subcommand), I enter a command and the following message is displayed: You must wait until the CMC completes the reset before issuing another command.
Table 4-3. Using the Serial and RACADM Commands: Frequently Asked Questions (continued) Question Answer While I was using remote RACADM, If you type a double quotation mark (") in the the prompt changed to a ">" and I command, the CLI will change to the ">" cannot get the "$" prompt to return. prompt and queue all commands. To return to the "$" prompt, type –d.
Using the CMC Web Interface 5 The CMC provides a Web interface that enables you to configure the CMC properties and users, perform remote management tasks, and troubleshoot a remote (managed) system for problems. For everyday chassis management, use the CMC Web interface. This chapter provides information about how to perform common chassis management tasks using the CMC Web interface.
To access the CMC Web interface over IPv6: 1 Open a supported Web browser window. For the latest information on supported Web browsers, see the Dell Systems Software Support Matrix located on the Dell Support website at support.dell.com. 2 Type the following URL in the Address field, and then press : https://[] NOTE: While using IPv6, you must enclose the in square brackets ([ ]).
You can log in as either a CMC user or as a Microsoft® Active Directory® user. To log in: 1 In the Username field, type your user name: • CMC user name: • Active Directory user name: \, / or @. NOTE: This field is case sensitive. 2 In the Password field, type your CMC user password or Active Directory user password. NOTE: This field is case-sensitive. 3 Click OK or press .
Setting the Date and Time on the CMC You can set the date and time manually, or you can synchronize the date and time with a Network Time Protocol (NTP) server. 1 Log in to the CMC Web interface. The Component Health page displays. 2 Click the Setup tab. The General Chassis Settings page displays. 3 Click the Date/Time sub-tab. The Date/Time page displays. 4 To synchronize the date and time with a Network Time Protocol (NTP) server, check Enable NTP and specify up to three NTP servers.
Figure 5-1. Example of Chassis Graphics in the Web Interface The Component Health page provides an overall health status for the chassis, primary and stand-by CMCs, sever modules, IO Modules (IOMs), fans, iKVM, power supplies (PSUs), and temperature sensors. The Chassis Summary page provides a text-based overview of the chassis, primary and stand-by CMCs, iKVM, and IOMs. For instructions on viewing chassis and components summaries, see "Viewing Chassis Summaries" on page 341.
Viewing Server Model Name and Service Tag The Model Name and Service Tag of each server can be obtained instantly using the following steps: • Expanding Servers in the System tree. All the servers (1-16) appear in the expanded Servers list. A slot without a server will have its name grayed out. • Use the cursor to hover over the slot name or slot number of a server, a tool tip is prompted with the servers' model name and service tag number (if available).
Table 5-1. All Servers Status Information Item Description Slot Displays the location of the server. The slot number is a sequential number that identifies the server by its location within the chassis. Name Indicates the name of the server, which by default is identified by its slot name (SLOT-01 to SLOT-16). NOTE: You can change the server name from the default. For instructions, see "Editing Slot Names". Model Health Displays the server's model name.
Table 5-1. All Servers Status Information (continued) Item Description Launch iDRAC GUI Left click the icon to launch the iDRAC management console for a server in a new browser window or tab.
• Names may contain a maximum of 15 printable ASCII characters (ASCII codes 32 through 126), excluding the double quote (", ASCII 34). If using the RACADM command to change the slot name using any special characters, (~!@#$%^&*), the name string must be enclosed in double quotes for the environment to pass them correctly to the CMC. • Slot names must be unique within the chassis. No two slots may have the same name. • Strings are not case-sensitive.
To edit a slot name: 1 Log in to the CMC Web interface. 2 Select Servers in the Chassis menu in the system tree. 3 Click the Setup tab - the Slot Names subtab. The Slot Names page displays. 4 Type the updated or new name for a slot in the Slot Name field. Repeat this action for each slot you want to rename. 5 Click Apply. 6 To restore the default slot name (SLOT-01 to SLOT-16, based on the server's slot position) to the server, press Restore Default Value.
Table 5-2. Boot Devices (continued) Boot Device Description Virtual CD/DVD Boot from a virtual CD/DVD drive or CD/DVD ISO image. The optical drive or ISO image file is located on another computer or disk available on the management network and is attached using the iDRAC GUI console viewer. iSCSI Boot from an Internet Small Computer System Interface (iSCSI) device. Local SD Card Boot from the local SD (Secure Digital) card - for the M610/M710/M805/M905 systems only.
To view health status for individual servers using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed. The center section of Chassis Graphics depicts the front view of the chassis and contains the health status for individual servers. Server health status is indicated by the color of the server subgraphic: • Green - server is present, powered on and communicating with the CMC; there is no indication of an adverse condition.
Table 5-3. Individual Server Status - Properties Item Description Slot Indicates the slot occupied by the server on the chassis. Slot numbers are sequential IDs, from 1 through 16 (there are 16 slots available on the chassis), that help identify the location of the server in the chassis. Slot Name Indicates the name of the slot where the server resides. Present Indicates whether the server is present in the slot (Yes or No).
Individual Server Status - Properties (continued) Table 5-3. Item Description iDRAC Firmware Indicates the iDRAC version currently installed on the server. CPLD Version Displays the version number of Complex Programmable Logic Device (CPLD) of the server. BIOS version Indicates the BIOS version on the server. Operating System Indicates the operating system on the server. Table 5-4.
Table 5-5. Individual Server Status - iDRAC Network Settings Item Description LAN Enabled Indicates if the LAN channel is Enabled (Yes) or disabled (No). Table 5-6. Individual Server Status - IPv4 iDRAC Network Settings Item Description Enabled Indicates if the IPv4 protocol is used on the LAN (Yes). If the server does not support IPv6, the IPv4 protocol is always enabled and this setting is not displayed.
Individual Server Status - IPv6 iDRAC Network Settings (continued) Table 5-7. Item Description Link Local Address IPv6 address assigned to the CMC based upon the MAC address of the CMC. Gateway Displays the IPv6 gateway for the iDRAC network interface. IPv6 Address Displays an IPv6 address for the iDRAC network interface. There may be up to 16 of these addresses. The prefix length, if nonzero, is given after a forward slash ("/"). Table 5-8.
Viewing the Health Status of IOMs The health status for the IOMs can be viewed in two ways: from the Chassis Graphics section on the Chassis Status page or the I/O Modules Status page. The Chassis Graphics page provides a graphical overview of the IOMs installed in the chassis. To view health status of the IOMs using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed.
Viewing the Health Status of the Fans NOTE: During updates of CMC or iDRAC firmware on a server, some or all of the fan units in the chassis spin at 100%. This is normal. The health status of the fans can be viewed in two ways: from the Chassis Graphics section on the Chassis Status page or the Fans Status page. The Chassis Graphics page provides a graphical overview of all fans installed in the chassis. To view health status for all fans using Chassis Graphics: 1 Log in to the CMC Web interface.
To view the health status of the fan units: 1 Log in to the CMC Web interface. 2 Select Fans in the system tree. The Fans Status page displays. Table 5-9 provides descriptions of the information provided on the Fans Status page. Table 5-9. Fans Health Status Information Item Description Name Displays the fan name in the format FAN-n, where n is the fan number. Present Indicates whether the fan unit is present (Yes or No).
Viewing the iKVM Status The local access KVM module for your Dell M1000e server chassis is called the Avocent® Integrated KVM Switch Module, or iKVM. The health status of the iKVM associated with the chassis can be viewed on the Chassis Graphics page. To view health status for the iKVM using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed. The right section of Chassis Graphics depicts the rear view of the chassis and contains the health status of the iKVM.
Viewing the Health Status of the PSUs The health status of the PSUs associated with the chassis can be viewed in two ways: from the Chassis Graphics section on the Chassis Status page or the Power Supply Status page. The Chassis Graphics page provides a graphical overview of all PSUs installed in the chassis. To view health status for all PSUs using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed.
The Power Supply Status page displays the status and readings of the PSUs associated with the chassis. For more information about CMC power management, see "Power Management." To view the health status of the PSUs: 1 Log in to the CMC Web interface. 2 Select Power Supplies in the system tree. The Power Supply Status page displays. Table 5-10 and Table 5-11 provide descriptions of the information provided on the Power Supply Status page. Table 5-10.
Table 5-11. System Power Status Item Description Overall Power Health Indicates the health status (OK, Non-Critical, Critical, Non-Recoverable, Other, Unknown) of the power management for the entire chassis. System Power Status Displays the power status (On, Off, Powering On, Powering Off) of the chassis. Redundancy Indicates the power supply redundancy status. Values include: No: Power Supplies are not redundant. Yes: Full Redundancy in effect.
Table 5-12 provides descriptions of the information provided on the Temperature Sensors Information page. Table 5-12. Temperature Sensors Health Status Information Item Description ID Displays the numeric ID of the temperature probe. Name Displays the name of each temperature probe on the chassis, servers, IOMs, and iKVM. Examples: Ambient Temp, Server 1 Temp, I/O Module 1, iKVM Temp. Present Indicates whether the sensor is present (Yes) or absent (No) in the chassis.
Viewing World Wide Name/Media Access Control (WWN/MAC) IDs The WWN/MAC Summary page allows you to view the WWN configuration and MAC address of a slot in the chassis. Fabric Configuration The Fabric Configuration section displays the type of Input/Output fabric that is installed for Fabric A, Fabric B, and Fabric C. A green check mark indicates that the fabric is enabled for FlexAddress.
Configuring CMC Network Properties NOTE: Network configuration changes can result in the loss of connectivity on current network login. Setting Up Initial Access to the CMC Before you begin configuring the CMC, you must first configure the CMC network settings to allow the CMC to be managed remotely. This initial configuration assigns the TCP/IP networking parameters that enable access to the CMC. NOTE: You must have Chassis Configuration Administrator privilege to set up CMC network settings.
3 Configure the CMC network settings described in Table 5-13 through Table 5-15. 4 Click Apply Changes. To configure IP range and IP blocking settings, click the Advanced Settings button (see "Configuring CMC Network Security Settings"). To refresh the contents of the Network Configuration page, click Refresh. To print the contents of the Network Configuration page, click Print. Table 5-13.
Table 5-13. Network Settings (continued) Setting Description Register CMC on DNS This property registers the CMC name on the DNS Server. Default: Unchecked (disabled) by default NOTE: Some DNS Servers will only register names of 31 characters or fewer. Make sure the designated name is within the DNS required limit. DNS CMC Name Displays the CMC name only when Register CMC on DNS is selected.
Table 5-13. Network Settings (continued) Setting Description Network Speed Set the network speed to 100 Mbps or 10 Mbps to match your network environment. NOTE: The Network Speed setting must match your network configuration for effective network throughput. Setting the Network Speed lower than the speed of your network configuration increases bandwidth consumption and slows network communication. Determine whether your network supports the above network speeds and set it accordingly.
Table 5-14. IPv4 Settings Setting Description Enable IPv4 Allow the CMC to use the IPv4 protocol to communicate on the network. Clearing this box does not prevent IPv6 networking from occurring. Default: Checked (enabled) DHCP Enable Enables the CMC to request and obtain an IP address from the IPv4 Dynamic Host Configuration Protocol (DHCP) server automatically.
Table 5-14. IPv4 Settings (continued) Setting Description Use DHCP to Obtain DNS Server Addresses Obtains the primary and secondary DNS server addresses from the DHCP server instead of the static settings. Default: Checked (enabled) by default NOTE: If Use DHCP (For NIC IP Address) is enabled, then enable the Use DHCP to Obtain DNS Server Addresses property. If this option is checked, the CMC retrieves its DNS IP address automatically from a DHCP server on your network.
Table 5-15. IPv6 Settings Setting Description Enable IPv6 Allows the CMC to use the IPv6 protocol to communicate on the network. Unchecking this box does not prevent IPv4 networking from occurring. Default: Checked (enabled) AutoConfiguration Enable Allows the CMC to use the IPv6 protocol to obtain IPv6 related address and gateway settings from an IPv6 router configured to provide this information. The CMC will then have a unique IPv6 address on your network.
Table 5-15. IPv6 Settings (continued) Setting Description Static Preferred DNS Server Specifies the static IPv6 address for the preferred DNS Server. The entry for Static Preferred DNS Server is considered only when Use DHCP to Obtain DNS Server Addresses is disabled or unchecked. There is an entry for this Server in both IPv4 and IPv6 configuration areas. Static Alternate DNS Specifies the static IPv6 Address for the alternate DNS Server Server.
Table 5-16. Network Security Page Settings (continued) Settings Description IP Range Mask Defines a specific range of IP addresses that can access the CMC, a process called IP range checking. IP range checking allows access to the CMC only from clients or management stations whose IP addresses are within the user-specified range. All other logins are denied. For example: IP range mask: 255.255.255.0 (11111111.11111111.11111111.00000000) IP range address:192.168.0.255 (11000000.10101000.00000000.
Configuring VLAN VLANs are used to allow multiple virtual LANs to co-exist on the same physical network cable and to segregate the network traffic for security or load management purposes. When you enable the VLAN functionality, each network packet is assigned a VLAN tag. 1 Log in to the Web interface. 2 Click the Network/Security tab→VLAN subtab. The VLAN Tag Settings page displays. VLAN tags are chassis properties. They remain with the chassis even when a component is removed.
Adding and Configuring CMC Users To manage your system with the CMC and maintain system security, create unique users with specific administrative permissions (or role-based authority). For additional security, you can also configure alerts that are e-mailed to specific users when a specific system event occurs. User Types There are two types of users: CMC users and iDRAC users. CMC users are also known as "chassis users." Since iDRAC resides on the server, iDRAC users are also known as "server users.
Table 5-18. User Types Privilege Description CMC Login User Users who have the CMC Login User privilege can log in to CMC. A user with only the login privilege can view all of the CMC data but cannot add or modify data or execute commands. It is possible for a user to have other privileges without the login privilege. This feature is useful when a user is temporarily disallowed to login. When that user’s login privilege is restored, the user retains all the other privileges previously granted.
Table 5-18. User Types (continued) Privilege Description Chassis Control Administrator (Power Commands) CMC users with the Chassis Power Administrator privilege can perform all power-related operations: Server Administrator The Server Administrator privilege is a blanket privilege granting a CMC user all rights to perform any operation on any servers present in the chassis. • Control chassis power operations, including power on, power off, and power cycle.
Table 5-18. User Types (continued) Privilege Description Server Administrator (continued) Server Configuration Administrator: • Set IP address • Set gateway • Set subnet mask • Set first boot device User Configuration Administrator: • Set iDRAC root password • iDRAC reset Server Control Administrator: • Power on • Power off • Power cycle • Graceful shutdown • Server Reboot Test Alert User CMC users who have the Test Alert User privilege can send test alert messages.
The CMC user groups provide a series of user groups that have pre-assigned user privileges. The privileges are listed and described in Table 5-18. The following table lists the user groups and the pre-defined user privileges. NOTE: If you select Administrator, Power User, or Guest User, and then add or remove a privilege from the pre-defined set, the CMC Group automatically changes to Custom. Table 5-19.
Table 5-19. CMC Group Privileges (continued) User Group Privileges Granted Custom Select any combination of the following permissions: • CMC Login User • Chassis Configuration Administrator • User Configuration Administrator • Clear Logs Administrator • Chassis Control Administrator (Power Commands) • Super User • Server Administrator • Test Alert User • Debug Command Administrator • Fabric A Administrator • Fabric B Administrator • Fabric C Administrator None No assigned permissions. Table 5-20.
Table 5-20.
Users can be logged in through Web interface, Telnet serial, SSH, and iKVM sessions. A maximum of 22 active sessions (Web interface, Telnet serial, SSH, and iKVM, in any combination) can be divided among users. NOTE: For added security, Dell strongly recommends that you change the default password of the root (User 1) account. The root account is the default administrative account that ships with the CMC.
Table 5-21. General User Settings (continued) Property Description User Name Sets or displays the unique CMC user name associated with the user. The user name can contain up to 16 characters. CMC user names cannot include forward slash (/) or period (.) characters. NOTE: If you change the user name, the new name does not appear in the user interface until your next login. Any user logging in after you apply the new user name will be able to see the change immediately.
Configuring and Managing Microsoft Active Directory Certificates NOTE: To configure Active Directory settings for the CMC, you must have Chassis Configuration Administrator privilege. NOTE: For more information about Active Directory configuration and how to configure Active Directory with Standard Schema or Extended Schema, see "Using the CMC With Microsoft Active Directory" on page 207. You can use the Microsoft Active Directory service to configure your software to provide access to the CMC.
Table 5-22. Active Directory Main Menu Page Options (continued) Field Description View Certificate Displays the certificate authority-signed server certificate for Active Directory that has been uploaded to the CMC. NOTE: By default, CMC does not have a certificate authority-issued server certificate for Active Directory. You must upload a current, certificate authority-signed server certificate. Upload Kerberos Keytab Uploads a Kerberos Keytab for Active Directory to the CMC.
Table 5-23. Active Directory Common Settings Properties Setting Description Root Domain Name Specifies the domain name used by Active Directory. The root domain name is the fully qualified root domain name for the forest. NOTE: The root domain name must be a valid domain name using the x.y naming convention, where x is a 1–256 character ASCII string with no spaces between characters, and y is a valid domain type such as com, edu, gov, int, mil, net, or org.
6 Select an Active Directory schema under the Active Directory Schema Selection heading. See Table 5-24. 7 If you selected Extended Schema, type the following required information in the Extended Schema Settings section, and then proceed directly to step 9. If you selected Standard Schema, proceed to step 8. • CMC Device Name – The name that uniquely identifies the CMC card in Active Directory. The CMC name must be the same as the common name of the new CMC object you created in your Domain Controller.
Table 5-24. Active Directory Schema Options (continued) Setting Description Use Extended Schema Uses Extended Schema with Active Directory, which uses Dell-defined Active Directory objects. Before configuring CMC to use the Active Directory Extended Schema option, you must first configure the Active Directory software: 1 Extend the Active Directory schema. 2 Extend the Active Directory Users and Computers Snap-in. 3 Add CMC users and their privileges to Active Directory.
To refresh the contents of the Active Directory Configuration and Management page, click Refresh. To print the contents of the Active Directory Configuration and Management page, click Print. To configure the Role Groups for Active Directory, click the individual Role Group (1–5). See Table 5-19 and Table 5-18. NOTE: To save the settings on the Active Directory Configuration and Management page, you have to click Apply before proceeding to the Custom Role Group page.
Table 5-16. Active Directory CA Certificate Information Field Description Serial Number Certificate serial number. Subject Information Certificate attributes entered by the subject. Issuer Information Certificate attributes returned by the issuer. Valid From Certificate issue date. Valid To Certificate expiration date. 3 To refresh the contents of the View Active Directory CA Certificate page, click Refresh. To print the contents of the View Active Directory CA Certificate page, click Print.
SSL allows an SSL-enabled system to perform the following tasks: • Authenticate itself to an SSL-enabled client • Allow the client to authenticate itself to the server • Allow both systems to establish an encrypted connection This encryption process provides a high level of data protection. The CMC employs the 128-bit SSL encryption standard, the most secure form of encryption generally available for Internet browsers in North America.
Accessing the SSL Main Menu NOTE: To configure SSL settings for the CMC, you must have Chassis Configuration Administrator privilege. NOTE: Any server certificate you upload must be current (not expired) and signed by a certificate authority. 1 Log in to the Web interface. 2 Click the Network/Security tab, and then click the SSL sub-tab. The SSL Main Menu page appears. Use the SSL Main Menu page options to generate a CSR to send to a certificate authority. The CSR information is stored on the CMC firmware.
Table 5-17. SSL Main Menu Options (continued) Field Description Upload Webserver key and Certificate Select this option and click Next to open the Webserver Key and Certificate Upload page, where you can upload an existing Web server key and server certificate that your company holds title to and uses to control access to the CMC. NOTE: Only X.509, Base64 encoded certificates are accepted by the CMC. Binary DER-encoded certificates are not accepted.
To generate a CSR: 1 From the SSL Main Menu page, select Generate a New Certificate Signing Request (CSR), and then click Next. The Generate Certificate Signing Request (CSR) page displays. 2 Type a value for each CSR attribute value. Table 5-18 describes the Generate Certificate Signing Request (CSR) page options. 3 Click Generate. A File Download dialog box appears. 4 Save the csr.txt file to your management station or shared network. (You may also open the file at this time and save it later.
Table 5-18. Generate Certificate Signing Request (CSR) Page Options (continued) Field Description Locality The city or other location of your organization (examples: Atlanta, Hong Kong). Valid: Alphanumeric characters (A–Z, a–z, 0–9) and spaces. Not Valid: Non-alphanumeric characters not noted above (such as, but not limited to, @ # $ % & *). State The state, province, or territory where the entity that is applying for a certification is located (examples: Texas, New South Wales, Andhra Pradesh).
Viewing a Server Certificate From the SSL Main Menu page, select View Server Certificate, and then click Next. The View Server Certificate page displays. Table 5-19 describes the fields and associated descriptions listed in the Certificate window. Table 5-19.
3 Click the Network/Security tab. 4 Click the Sessions sub-tab. The Sessions page appears. Table 5-20. Sessions Properties Property Description Session ID Displays the sequentially generated ID number for each instance of a login. Username Displays the user's login name (local user or Active Directory user). Examples of Active Directory user names are name@domain.com, domain.com/name, domain.com\name. IP Address Displays the user’s IP address.
NOTE: In an event of a Web server reset, wait at least one minute for the services to become available again. A Web server reset usually happens as a result of any of the following events: the network configuration or network security properties are changed through the CMC Web user interface or RACADM; the Web Server port configuration is changed through the Web user interface or RACADM; the CMC is reset; a new SSL server certificate is uploaded.
Table 5-21. CMC Serial Console Settings (continued) Setting Description Idle Timeout Indicates the number of seconds before an idle serial session is automatically disconnected. A change to the Timeout setting takes effect at the next login; it does not affect the current session. Timeout Range: 0 or 60 to 10800 seconds. To disable the Timeout feature, enter 0. Default: 1800 seconds Baud Rate Indicates the data speed on the external serial port on the CMC.
Table 5-21. CMC Serial Console Settings (continued) Setting Description History Size Buffer Indicates the maximum size of the serial history buffer, which holds the last characters written to the Serial Console. Default: 8192 characters Login Command Specifies the serial command that is automatically executed when a user logs into the CMC Serial Console interface. Example: connect server-1 Default: [Null] Table 5-22.
Table 5-22. Web Server Settings (continued) Setting Description Idle Timeout Indicates the number of seconds before an idle Web user interface session is automatically disconnected. A change to the Timeout setting takes effect at the next login; it does not affect the current session. Timeout range: 60 to 10800 seconds. Default: 1800 seconds HTTP Port Number Indicates the default port used by the CMC that listens for a server connection.
Table 5-23. SSH Settings Setting Description Enabled Enables the SSH on the CMC. Default: Checked (enabled) Max Sessions The maximum number of simultaneous SSH sessions allowed for the chassis. A change to this property takes effect at the next login; it does not affect current Active Sessions (including your own).
Table 5-24. Telnet Settings Setting Description Enabled Enables Telnet console interface on the CMC. Default: Unchecked (disabled) Max Sessions Indicates the maximum number of simultaneous Telnet sessions allowed for the chassis. A change to this property takes effect at the next login; it does not affect current Active Sessions (including your own).
Table 5-25. Remote RACADM Settings Setting Description Enabled Enables the remote RACADM utility access to the CMC. Default: Checked (enabled) Max Sessions Indicates the maximum number of simultaneous RACADM sessions allowed for the chassis. A change to this property takes effect at the next login; it does not affect current Active Sessions (including your own).
Table 5-27. Remote Syslog Configuration Setting Description Enabled Enables the transmission and remote capture of the System Log on the specified server(s). Legal Values: Checked (enabled), unchecked (disabled) Default: unchecked (disabled) Syslog Server 1 The first of three possible servers to host a copy of the syslog. Specified as a hostname, an IPv6 address, or an IPv4 address. Syslog Server 2 The second of three possible servers to host a copy of the syslog.
Managing Firmware Updates This section describes how to use the Web interface to update firmware. The following components can be updated using the GUI or RACADM commands: • CMC - primary and standby. • iKVM • iDRAC • IOM infrastructure devices When you update firmware, follow the recommended process to prevent a loss of service if the update fails. See "Installing or Updating the CMC Firmware" for guidelines to follow before using the instructions in this section.
Updating Firmware NOTE: To update firmware on the CMC, you must have Chassis Configuration Administrator privilege. NOTE: The firmware update retains the current CMC and iKVM settings. NOTE: If a Web user interface session is used to update system component firmware, the Idle Timeout setting must be set high enough to accommodate the file transfer time. In some cases, the firmware file transfer time may be as high as 30 minutes. To set the Idle Timeout value, see "Configuring Services.
NOTE: When transferring files to and from the CMC, the file transfer icon spins during the transfer. If your icon is not animated, make sure that your browser is configured to allow animations. See "Allow Animations in Internet Explorer" on page 34 for instructions. NOTE: If you experience problems downloading files from the CMC using Internet Explorer, enable the Do not save encrypted pages to disk option. See "Downloading Files From CMC With Internet Explorer" on page 33 for instructions.
After the CMC resets, the new firmware is displayed on the Updatable Components page. NOTE: After the firmware update, clear the Web browser cache. See your Web browser’s online help for instructions on how to clear the browser cache. Updating the iKVM Firmware NOTE: The iKVM resets and becomes temporarily unavailable after the firmware has been uploaded successfully. 1 Log back in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Update tab. The Updatable Components page appears.
Updating the IOM Infrastructure Device Firmware By performing this update, the firmware for a component of the IOM device is updated, but not the firmware of the IOM device itself; the component is the interface circuitry between the IOM device and the CMC. The update image for the component resides in the CMC file system, and the component displays as an updatable device on the CMC Web GUI only if the current revision on the component and the component image on the CMC do not match.
When the update is complete, the new firmware is displayed on the Updatable Components page and the updated system will no longer be present on that page. Updating the Server iDRAC Firmware NOTE: The iDRAC (on a Server) will reset and become temporarily unavailable after firmware updates have been uploaded successfully. NOTE: The iDRAC firmware must be at version 1.4 or greater for servers with iDRAC, or 2.0 or greater for servers with iDRAC6 Enterprise. 1 Log back in to the CMC Web interface.
Recovering iDRAC Firmware Using the CMC iDRAC firmware is typically updated using iDRAC facilities such as the iDRAC Web interface, the SM-CLP command line interface, or operating system specific update packages downloaded from support.dell.com. See the iDRAC Firmware User’s Guide for instructions for updating the iDRAC firmware. Early generations of servers can have corrupted firmware recovered using the newly-updated iDRAC firmware process.
Managing iDRAC The CMC provides the Deploy iDRAC page to allow the user to configure installed and newly inserted server's iDRAC network configuration settings. A user can configure one or more installed iDRAC devices from this page. The user can also configure the default iDRAC network configuration settings and root password for severs that will be installed later; these default settings are the iDRAC QuickDeploy settings.
Table 5-28. QuickDeploy Settings Setting Description QuickDeploy Enabled Enables/disables the QuickDeploy feature that automatically applies the iDRAC settings configured on this page to newly inserted servers; the auto configuration must be confirmed locally on the LCD panel. NOTE: This includes the root user password if the Set iDRAC Root Password on Server Insertion box is checked.
Table 5-28. QuickDeploy Settings (continued) Setting Description Starting iDRAC IPv4 Address (Slot 1) Specifies the static IP address of the iDRAC of the server in slot 1 of the enclosure. The IP address of each subsequent iDRAC is incremented by 1 for each slot from slot 1's static IP address. In the case where the IP address plus the slot number is greater than the subnet mask, an error message is displayed. NOTE: The subnet mask and the gateway are not incremented like the IP address.
5 To save the selections click the Save QuickDeploy Settings button. If you made changes to the iDRAC network setting, click the Apply iDRAC Network Settings button to deploy the settings to the iDRAC. 6 To update the table to the last saved QuickDeploy settings, and restore the iDRAC Network settings to the current values for each installed server, click Refresh. NOTE: Clicking the Refresh button deletes all iDRAC QuickDeploy and iDRAC Network configuration settings that have not been saved.
iDRAC Network Settings The iDRAC Network Settings section of the Deploy iDRAC page contains a table listing all installed server’s iDRAC IPv4 and IPv6 network configuration settings. Using this table you can configure the iDRAC network configurations settings for each installed server. The initial values displayed for each of the fields are the current values read from the iDRAC. Changing a field and clicking Apply iDRAC Network Settings saves the changed field to the iDRAC.
Table 5-29. iDRAC Network Settings (continued) Setting Description Change Root Password Enables (when checked) the ability to change the password of the iDRAC root user. The iDRAC Root Password and Confirm iDRAC Root Password fields must be provided for this operation to be successful. DHCP If selected DHCP is used to acquire the iDRAC IP address, subnet mask and default gateway, otherwise the values defined in the iDRAC network configuration fields are used.
6 To deploy the setting to iDRAC, click Apply iDRAC Network Settings button. If you made changes to the QuickDeploy settings, they will also be saved. 7 To restore the iDRAC Network settings to the current values for each installed blade, and update the QuickDeploy table to the last saved QuickDeploy settings click Refresh. NOTE: Clicking Refresh button deletes all iDRAC QuickDeploy and iDRAC Network configuration settings that have not been saved.
A user may be able to launch iDRAC GUI without having to login a second time, as this feature utilizes single sign-on. Single sign-on policies are described below. • A CMC user who has server administrative privilege, will automatically be logged into iDRAC using single sign-on. Once on the iDRAC site, this user is automatically granted Administrator privileges. This is true even if the same user does not have an account on iDRAC, or if the account does not have the Administrator’s privileges.
FlexAddress This section describes the FlexAddress® Web interface screens. FlexAddress is an optional upgrade that allows server modules to replace the factory-assigned WWN/MAC ID with a WWN/MAC ID provided by the chassis. NOTE: You must purchase and install the FlexAddress upgrade to have access to the configuration screens. If the upgrade has not been purchased and installed, the following text will be displayed on the Web interface: Optional feature not installed.
Use the following steps to view whether FlexAddress is active for the chassis: 1 Log in to the Web interface (see "Accessing the CMC Web Interface"). 2 Click Chassis in the system tree. 3 Click the Setup tab. The General Setup page appears. The FlexAddress entry will have a value of Active or Not Active; a value of active means that the feature is installed on the chassis. A value of not active means that the feature is not installed and not in use on the chassis.
Viewing Server FlexAddress Status FlexAddress status information can also be displayed for each individual server. The server level information displays a FlexAddress status overview for that blade. Use the following steps to view FlexAddress server information: 1 Log in to the Web interface (see "Accessing the CMC Web Interface" on page 97). 2 Expand Servers in the system tree. All of the servers (1–16) appear in the expanded Servers list. 3 Click the server you want to view.
Health OK Indicates that FlexAddress is present and providing status to the CMC. In the event of a communication failure between the CMC and FlexAddress, the CMC cannot obtain or display health status for FlexAddress. Informational Displays information about FlexAddress when no change in health status (OK, Warning, Severe) has occurred. Warning Indicates that only warning alerts have been issued, and corrective action must be taken.
Configuring FlexAddress If you purchase FlexAddress with your chassis, it will be installed and active when you power up your system. If you purchase FlexAddress separately, you must install the SD feature card using the instructions in the Chassis Management Controller (CMC) Secure Digital (SD) Card Technical Specification document. See support.dell.com for this document. The server must be off before you begin configuration. You can enable or disable FlexAddress on a per fabric basis.
5 Click the check box for each fabric you want to enable FlexAddress on. To disable a fabric, click the check box to clear the selection. NOTE: If no fabrics are selected, FlexAddress will not be enabled for the selected slots. The Select Slots for Chassis-Assigned WWN/MACs page displays an Enabled check box for each slot in the chassis (1 - 16). 6 Click the Enabled check box for each slot you want to enable FlexAddress on. If you want to select all slots, use the Select/Deselect All check box.
Remote File Sharing The Remote Virtual Media File Share option maps a file from a share drive on the network to one or more blades through the CMC to deploy or update an operating system. When connected, the remote file is accessible as if it is on the local system. Two types of media are supported: floppy drives and CD/DVD drives. 1 Log in to the Web interface (see "Accessing the CMC Web Interface"). 2 Click Servers in the system tree. 3 Click the Setup tab, and the Remote File Sharing sub-tab.
Table 5-30. Remote File Sharing Settings (continued) Setting Description Name Indicates the name of the slot. Slots are named depending on their position in the chassis. Model Displays the model name of the server. Power State Displays the power status of the server: N/A – The CMC has not yet determined the power state of the server. Off – Either the server is off or the chassis is off. On – Both the chassis and the server are on. Powering On – Temporary state between Off and On.
Frequently Asked Questions Table 5-31 lists frequently asked questions and answers. Table 5-31. Managing and Recovering a Remote System: Frequently Asked Questions Question Answer When accessing the CMC Web interface, I get a security warning stating the host name of the SSL certificate does not match the host name of the CMC. The CMC includes a default CMC server certificate to ensure network security for the Web interface and remote RACADM features.
Table 5-31. Managing and Recovering a Remote System: Frequently Asked Questions (continued) Question Answer Why are the remote RACADM and Web-based services unavailable after a property change? It may take a minute for the remote RACADM services and the Web interface to become available after the CMC Web server resets.
Table 5-31. Managing and Recovering a Remote System: Frequently Asked Questions (continued) Question Answer The following message is displayed for unknown reasons: As part of discovery, IT Assistant attempts to verify the device’s get and set community names. In IT Assistant, you have the get community name = public and the set community name = private. By default, the community name for the CMC agent is public.
6 Using FlexAddress The FlexAddress feature is an optional upgrade that allows server modules to replace the factory assigned World Wide Name and Media Access Control (WWN/MAC) network IDs with WWN/MAC IDs provided by the chassis. Every server module is assigned unique WWN and/or MAC IDs as part of the manufacturing process.
Activating FlexAddress FlexAddress is delivered on a Secure Digital (SD) card that must be inserted into the CMC to activate the feature. To activate the FlexAddress feature, software updates may be required; if you are not activating FlexAddress these updates are not required. The updates, which are listed in the table below, include server module BIOS, I/O mezzanine BIOS or firmware, and CMC firmware. You must apply these updates before you enable FlexAddress.
To ensure proper deployment of the FlexAddress feature, update the BIOS and the firmware in the following order: 1 Update all mezzanine card firmware and BIOS. 2 Update server module BIOS. 3 Update iDRAC firmware on the server module. 4 Update all CMC firmware in the chassis; if redundant CMCs are present, ensure both are updated. 5 Insert the SD card into the passive module for a redundant CMC module system or into the single CMC module for a non-redundant system.
The following table lists the status messages returned by the command. Table 6-1. Status Messages Returned by featurecard -s Command Status Message Actions No feature card inserted. Check the CMC to verify that the SD card was properly inserted. In a redundant CMC configuration, make sure the CMC with the SD feature card installed is the active CMC and not the standby CMC. The feature card inserted is valid and No action required.
If there are no active features on the chassis, the command will return a message: racadm feature -s No features active on the chassis. For further information on the RACADM commands, see the feature and featurecard command sections of the Dell Chassis Management Controller Administrator Reference Guide. Deactivating FlexAddress The FlexAddress feature can be deactivated and the SD card returned to a pre-installation state using a RACADM command. There is no deactivation function within the Web interface.
Configuring FlexAddress Using the CLI NOTE: You must enable both—the slot and fabric— for the chassis-assigned MAC address to be pushed to the iDRAC. NOTE: You can also view FlexAddress status using the graphical user interface. For more information, see "FlexAddress." You can use the command line interface to enable or disable FlexAddress on a per fabric basis. Additionally, you can enable/disable the feature on a per slot basis.
Additional FlexAddress Configuration for Linux When changing from a server-assigned MAC ID to chassis-assigned MAC ID on Linux-based operating systems, additional configuration steps may be required: • SUSE Linux Enterprise Server 9 and 10: You may need to run YAST (Yet another Setup Tool) on your Linux system to configure your network devices and then restart the network services.
Configuring FlexAddress Using the GUI Wake-On-LAN with FlexAddress When the FlexAddress feature is deployed for the first time on a given server module, it requires a power-down and power-up sequence for FlexAddress to take effect. FlexAddress on Ethernet devices is programmed by the server module BIOS. For the server module BIOS to program the address, it needs to be operational which requires the server module to be powered up.
3 What happens if the feature card is removed and a non-FlexAddress card is installed? No activation or modifications to the card should occur. The card will be ignored by CMC.
6 Does the SD card have a write protection lock on it? Yes it does. Before installing the SD card into the CMC module, verify the write protection latch is in the unlock position. The FlexAddress feature cannot be activated if the SD card is write protected. In this situation, the $racadm feature -s command will return this message: No features active on the chassis.
10 In a chassis with redundant CMCs, if you are replacing a CMC unit with one that has firmware prior to 1.10, the following procedure must be used to ensure the current FlexAddress feature and configuration will NOT be removed. a Ensure the active CMC firmware is always version 1.10 or later. b Remove the standby CMC and insert the new CMC in its place. c From the Active CMC, upgrade the standby CMC firmware to 1.10 or later. NOTE: If you do not update the standby CMC firmware to 1.
Command Messages The following table lists the RACADM commands and output for common FlexAddress situations. Table 6-2. Situation FlexAddress Commands and Output Command SD card in the active $racadm featurecard -s CMC module is bound to another service tag.
Table 6-2.
FlexAddress DELL SOFTWARE LICENSE AGREEMENT This is a legal agreement between you, the user, and Dell Products L.P. or Dell Global B.V. ("Dell"). This agreement covers all software that is distributed with the Dell product, for which there is no separate license agreement between you and the manufacturer or owner of the software (collectively the "Software"). This agreement is not for the sale of Software or any other intellectual property.
The Software is protected by United States copyright laws and international treaties. You may make one copy of the Software solely for backup or archival purposes or transfer it to a single hard disk provided you keep the original solely for backup or archival purposes.
AND ALL ACCOMPANYING WRITTEN MATERIALS. This limited warranty gives you specific legal rights; you may have others, which vary from jurisdiction to jurisdiction. IN NO EVENT SHALL DELL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, OR OTHER PECUNIARY LOSS) ARISING OUT OF USE OR INABILITY TO USE THE SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
documentation with only those rights set forth herein. Contractor/manufacturer is Dell Products, L.P., One Dell Way, Round Rock, Texas 78682. GENERAL This license is effective until terminated. It will terminate upon the conditions set forth above or if you fail to comply with any of its terms. Upon termination, you agree that the Software and accompanying materials, and all copies thereof, will be destroyed. This agreement is governed by the laws of the State of Texas.
Using FlexAddress
Using the CMC With Microsoft Active Directory 7 A directory service maintains a common database of all information needed for controlling network users, computers, printers, and so on. If your company uses the Microsoft® Active Directory® service software, you can configure the software to provide access to the CMC. This allows you to add and control CMC user privileges to your existing users in your Active Directory software.
Extended Schema Overview There are two ways to enable Extended Schema Active Directory: • Using the CMC Web interface. For instructions, see "Configuring the CMC With Extended Schema Active Directory and the Web Interface" on page 223. • Using the RACADM CLI tool. For instructions, see "Configuring the CMC With Extended Schema Active Directory and RACADM" on page 226. Active Directory Schema Extensions The Active Directory data is a distributed database of Attributes and Classes.
Overview of the RAC Schema Extensions Dell provides a group of properties that you can configure. The Dell extended schema include Association, Device, and Privilege properties. The Association property links together users or groups with a specific set of privileges to one or more RAC devices. This model provides an Administrator maximum flexibility over the different combinations of users, RAC privileges, and RAC devices on the network without adding too much complexity.
Figure 7-1. Typical Setup for Active Directory Objects Association Object User(s) Group(s) Privilege Object RAC Device Object(s) RAC Privilege Object The Association Object allows for as many or as few users and/or groups as well as RAC Device Objects. However, the Association Object only includes one Privilege Object per Association Object. The Association Object connects the "Users" who have "Privileges" on the RACs (CMCs).
Figure 7-2. Setting Up Active Directory Objects in a Single Domain AO1 Group1 User1 User2 AO2 Priv1 User3 Priv2 RAC1 RAC2 To configure the objects for the single domain scenario: 1 Create two Association Objects. 2 Create two RAC Device Objects, RAC1 and RAC2, to represent the two CMCs. 3 Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (administrator) and Priv2 has login privilege. 4 Group user1 and user2 into Group1.
Domain1, and user2 and user 3 are in Domain2. In this scenario, configure user1 and user 2 with administrator privileges to both CMCs and configure user3 with login privileges to the RAC2 card. Figure 7-3. Setting Up Active Directory Objects in Multiple Domains Domain1 Domain2 AO1 Group1 User1 User2 AO2 Priv1 User3 Priv2 RAC1 RAC2 To configure the objects for the multiple domain scenario: 1 Ensure that the domain forest function is in Native or Windows 2003 mode.
5 Group user1 and user2 into Group1. The group scope of Group1 must be Universal. 6 Add Group1 as Members in Association Object 1 (A01), Priv1 as Privilege Objects in A01, and RAC1, RAC2 as RAC Devices in A01. 7 Add User3 as Members in Association Object 2 (A02), Priv2 as Privilege Objects in A02, and RAC2 as RAC Devices in A02.
The LDIF files and Dell Schema Extender are located on your Dell Systems Management Tools and Documentation DVD in the following respective directories: • :\SYSMGMT\ManagementStation\support\ OMActiveDirectory_Tools\\LDIF Files • :\SYSMGMT\ManagementStation\support\ OMActiveDirectory_ Tools\\Schema Extender To use the LDIF files, see the instructions in the readme included in the LDIF_Files directory.
Table 7-1. Class Definitions for Classes Added to the Active Directory Schema Class Name Assigned Object Identification Number (OID) dellRacDevice 1.2.840.113556.1.8000.1280.1.1.1.1 dellAssociationObject 1.2.840.113556.1.8000.1280.1.1.1.2 dellRACPrivileges 1.2.840.113556.1.8000.1280.1.1.1.3 dellPrivileges 1.2.840.113556.1.8000.1280.1.1.1.4 dellProduct 1.2.840.113556.1.8000.1280.1.1.1.5 Table 7-2. dellRacDevice Class OID 1.2.840.113556.1.8000.1280.1.1.1.
Table 7-4. dellRAC4Privileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.3 Description Defines Authorization Rights (privileges) for the CMC device. Class Type Auxiliary Class SuperClasses None Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsTestAlertUser dellIsDebugCommandAdmin dellPermissionMask1 dellPermissionMask2 Table 7-5. dellPrivileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.
Table 7-7. List of Attributes Added to the Active Directory Schema Assigned OID/Syntax Object Identifier Single Valued Attribute: dellPrivilegeMember Description: List of dellPrivilege objects that belong to this attribute. OID: 1.2.840.113556.1.8000.1280.1.1.2.1 FALSE Distinguished Name: (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) Attribute: dellProductMembers Description: List of dellRacDevices objects that belong to this role.
Table 7-7. List of Attributes Added to the Active Directory Schema (continued) Assigned OID/Syntax Object Identifier Single Valued Attribute: dellIsUserConfigAdmin Description: TRUE if the user has User Configuration Administrator rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.5 TRUE Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Attribute: delIsLogClearAdmin Description: TRUE if the user has Clear Logs Administrator rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.
Table 7-7. List of Attributes Added to the Active Directory Schema (continued) Assigned OID/Syntax Object Identifier Single Valued Attribute: dellRacType Description: This attribute is the Current Rac Type for the dellRacDevice object and the backward link to the dellAssociationObjectMembers forward link. OID: 1.2.840.113556.1.8000.1280.1.1.2.13 TRUE Case Ignore String(LDAPTYPE_CASEIGNORESTRING 1.2.840.113556.1.4.
For more information about the Active Directory User’s and Computers Snap-In, see your Microsoft documentation. Installing the Administrator Pack You must install the Administrator Pack on each system that is managing the Active Directory CMC Objects. If you do not install the Administrator Pack, you cannot view the Dell RAC Object in the container.
Creating a RAC Device Object 1 In the MMC Console Root window, right-click a container. 2 Select New→Dell RAC Object. The New Object window appears. 3 Type a name for the new object. The name must be identical to the CMC Name that you will type in step 8a of "Configuring the CMC With Extended Schema Active Directory and the Web Interface." 4 Select RAC Device Object. 5 Click OK. Creating a Privilege Object NOTE: A Privilege Object must be created in the same domain as the related Association Object.
For example, if you select Universal, the association objects are only available when the Active Directory Domain is functioning in Native Mode or above. 1 In the Console Root (MMC) window, right-click a container. 2 Select New→Dell RAC Object. This opens the New Object window. 3 Type a name for the new object. 4 Select Association Object. 5 Select the scope for the Association Object. 6 Click OK.
Click the Products tab to add one or more RAC devices to the association. The associated devices specify the RAC devices connected to the network that are available for the defined users or user groups. Multiple RAC devices can be added to an Association Object. Adding RAC Devices or RAC Device Groups To add RAC devices or RAC device groups: 1 Select the Products tab and click Add. 2 Type the RAC device or RAC device group name and click OK. 3 In the Properties window, click Apply and click OK.
6 Optional: If you want the directed call to search the domain controller and global catalog, select the Search AD Server to search (Optional) check box, then: a In the Domain Controller text field, type the server where your Active Directory service is installed. b In the Global Catalog text field, type the location of the global catalog on the Active Directory domain controller. The global catalog provides a resource for searching an Active Directory forest. NOTE: Setting the IP address as 0.0.0.
10 Click Go Back To Active Directory Main Menu. 11 Select the Upload AD Certificate radio button, and then click Next. The Certificate Upload page appears. 12 Type the file path of the certificate in the text field, or click Browse to select the certificate file. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension.
Configuring the CMC With Extended Schema Active Directory and RACADM Using the following commands to configure the CMC Active Directory Feature with Extended Schema using the RACADM CLI tool instead of the Web interface.
After you enable the Specify Server option, you can specify an LDAP server and global catalog with IP addresses or fully qualified domain names (FQDNs) of the servers. The FQDNs consist of the host names and the domain names of the servers.
Standard Schema Active Directory Overview Using standard schema for Active Directory integration requires configuration on both Active Directory and the CMC. On the Active Directory side, a standard group object is used as a role group. A user who has CMC access will be a member of the role group. In order to give this user access to a specific CMC card, the role group name and its domain name need to be configured on the specific CMC card.
Table 7-8.
NOTE: The bit mask values are used only when setting Standard Schema with the RACADM. NOTE: For more information about user privileges, see "User Types" on page 132. There are two ways to enable Standard Schema Active Directory: • With the CMC Web interface. See "Configuring the CMC With Standard Schema Active Directory and Web Interface." • With the RACADM CLI tool. See "Configuring the CMC With Standard Schema Active Directory and RACADM.
5 In the Common Settings section: a Select the Enable Active Directory check box. b Type the ROOT Domain Name. The ROOT Domain Name is the fully qualified root domain name for the forest. NOTE: The ROOT domain name must be a valid domain name using the x.y naming convention, where x is a 1–256 character ASCII string with no spaces between characters, and y is a valid domain type such as com, edu, gov, int, mil, net, or org. c Type the Timeout time in seconds. Configuration range: 15–300 seconds.
13 Click Apply to save the Role Group settings. 14 Click Go Back To Active Directory Configuration and Management. 15 Click Go Back To Active Directory Main Menu. 16 Upload your domain forest Root certificate authority-signed certificate into the CMC. a Select the Upload Active Directory CA Certificate check box and then click Next. b In the Certificate Upload page, type the file path of the certificate or browse to the certificate file.
Configuring the CMC With Standard Schema Active Directory and RACADM To configure the CMC Active Directory Feature with Standard Schema using the RACADM CLI, use the following commands: 1 Open a serial/Telnet/SSH text console to the CMC, log in, and type: racadm config -g cfgActiveDirectory -o cfgADEnable 1 racadm config -g cfgActiveDirectory -o cfgADType 2 racadm config -g cfgActiveDirectory -o cfgADRootDomain racadm config -g cfgStandardSchema -i -o cfgSSADRoleGr
2 Specify a DNS server using one of the following options: • If DHCP is enabled on the CMC and you want to use the DNS address obtained automatically by the DHCP server, type the following command: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 1 • If DHCP is disabled on the CMC or you want manually to input your DNS IP address, type the following commands: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1
Table 7-9. Using CMC With Active Directory: Frequently Asked Questions (continued) Question Answer Does using the CMC with Active Directory support multiple domain environments? Yes. The domain forest function level must be in Native mode or Windows 2003 mode. In addition, the groups among Association Object, RAC user objects, and RAC Device Objects (including Association Object) must be universal groups.
Table 7-9. Using CMC With Active Directory: Frequently Asked Questions (continued) Question Answer What can I do if I cannot log into the CMC using Active Directory authentication? How do I troubleshoot the issue? 1 Ensure that you use the correct user domain name during a login and not the NetBIOS name. 2 If you have a local CMC user account, log into the CMC using your local credentials.
Starting with CMC version 2.10, the CMC can use Kerberos to support two additional types of login mechanisms—single sign-on and Smart Card login. For single sign-on login, the CMC uses the client system’s credentials, which are cached by the operating system after you log in using a valid Active Directory® account. NOTE: Selecting a login method does not set policy attributes with respect to other login interfaces, for example, SSH. You must set other policy attributes for other login interfaces as well.
CMC • The CMC must have firmware version 2.10 or later • Each CMC must have an Active Directory account • The CMC must be a part of the Active Directory domain and Kerberos Realm Configuring Settings Prerequisites • The Kerberos realm & Key Distribution Center (KDC) for Active Directory (AD) has been setup (ksetup).
NOTE: The cmcname.domainname.com must be lower case as required by RFC and the REALM name, @REALM_NAME must be uppercase. In addition the CMC supports the DES-CBC-MD5 type of cryptography for Kerberos authentication. This procedure produces a keytab file that you must upload to the CMC. NOTE: The keytab contains an encryption key and must be kept secure. For more information on the ktpass utility, see the Microsoft website at: technet2.microsoft.
Enabling Single Sign-On 1 Navigate to Chassis Management Controller Network Security tab→ Active Directory subtab and select Configure Active Directory. 2 On the Active Directory Configuration and Management page, select: • Single Sign-On — this option enables you to log in to the CMC using the cached credentials obtained when you log in to the Active Directory. NOTE: All command line out-of-band interfaces including secure shell (SSH), Telnet, Serial, and remote RACADM remain unchanged for this option.
4 Click Advanced. The Local Intranet Advance Settings dialog box is displayed. 5 In the Add this site to the zone, type the name of the CMC and the domain it belongs to and click Add. NOTE: You can use a wildcard (*) to specify all devices/users in that domain. Mozilla Firefox 1 In Firefox, type about:config in the Address bar. NOTE: If the browser displays the This might void your warranty warning, click I'll be careful. I promise. 2 In the Filter text box, type negotiate.
3 Click Login. The CMC logs you in, using the Kerberos credentials that were cached by your browser when you logged in using your valid Active Directory account. If the login fails, the browser is redirected to the normal CMC login page. NOTE: If you did not log in to the Active Directory domain and are using a browser other then Internet Explorer, the login fails and the browser only displays a blank page.
Configuring Active Directory 1 Set up Kerberos realm & Key Distribution Center (KDC) for Active Directory, if not already configured (ksetup). NOTE: Ensure a robust NTP and DNS infrastructure to avoid issues with clock drift & reverse lookup. 2 Create Active Directory users for each CMC, configured to use Kerberos DES encryption but not pre-authentication. 3 Register the CMC users to the Key Distribution Center with Ktpass (this also outputs a key to upload to the CMC).
Enabling Smart Card Authentication 1 Navigate to Chassis Management Controller Network Security tab→ Active Directory subtab and select Configure Active Directory. 2 On the Active Directory Configuration and Management page, select: • Smart Card — this option requires inserting a Smart Card into reader and entering the PIN number. NOTE: All command line out-of-band interfaces including secure shell (SSH), Telnet, Serial, and remote RACADM remain unchanged for this option.
https:// For example, cmc-6G2WXF1.cmcad.lab where cmc-6G2WXF1 is the cmc-name cmcad.lab is the domain-name. NOTE: If you change the default HTTPS port number (port 80), access the CMC Web page using : , where cmcname is the CMC host name for the CMC, domain-name is the domain name, and port number is the HTTPS port number. The CMC Single Sign-On page is displayed prompting you to insert the Smart Card.
Incorrect Smart Card PIN Check to see if the Smart Card has been locked out due to too many attempts with an incorrect PIN. In such cases, the issuer of the Smart Card in the organization will be able to help you get a new Smart Card. Unable to Log into CMC as an Active Directory User If you cannot log into the CMC as an Active Directory user, try logging into the CMC without enabling the Smart Card logon.
8 Power Management Overview The Dell™ PowerEdge™ M1000e server enclosure is the most power-efficient modular server in the market. It is designed to include highly-efficient power supplies and fans, has an optimized layout so that air flows more easily through the system, and contains power-optimized components throughout the enclosure.
belongs to a different AC power grid and must be cabled as such for proper AC Redundant mode of operation. The load is shared across all active PSUs. The load on a single PSU never exceeds 50 percent of its capacity. With AC redundancy, the system can tolerate the loss of an entire AC power grid or up to 50 percent of its capacity with failures of individual PSUs. The system continues to supply adequate power to the modular enclosure system.
• 2+2 AC Redundancy Level — at least two PSUs are connected to each AC grid. Figure 8-2. 2+2 Redundancy Level AC Power Grid #1 AC Power Grid #2 Power Supply #1 Power Supply #2 Empty Slot #3 Power Supply #4 Power Supply #5 Empty Slot #6 Chassis DC Power Bus • 3+3 AC Redundancy Level — three PSUs are connected to each power grid. Since three PSUs can power the entire enclosure, this configuration is unaffected by the complete failure of one AC grid without loss of power to the enclosure.
NOTE: In the event of a single PSU failure in this configuration, the two remaining PSUs in the failing grid are marked as Online. In this state, either of the remaining PSUs can fail without interrupting operation of the system. If a PSU fails, the chassis health is marked non-critical. If the smaller grid cannot support the total chassis power allocations, AC redundancy status is reported as No Redundancy and Chassis health is displayed as Critical.
Figure 8-4. Power Supply Redundancy: 3+1 PSU Redundancy Power Supply #1 Power Supply #2 Power Supply #3 Power Supply #4 Empty Slot #5 Empty Slot #6 Chassis DC Power Bus Dual or Single Power Grid: Power Supply Redundancy protects against failure of a single power supply. No Redundancy Mode The no redundancy mode is the factory default setting for 3 PSU configuration and indicates that the chassis does not have any power redundancy configured.
Figure 8-5. No Redundancy AC Power Grid #1 Power Supply #1 Power Supply #2 Power Supply #3 Empty Slot #4 Empty Slot #5 Empty Slot #6 Chassis DC Power Bus Single Power Grid: No protection against grid or power supply failure A PSU failure brings the other PSUs out of Standby mode, as needed, to support the chassis power allocations. If you have 4 PSUs and one fails, the fourth PSU is brought online. A chassis can have a maximum of 6 PSUs online.
Figure 8-6. Chassis With Six-PSU Configuration PSU1 PSU2 PSU3 PSU4 PSU5 PSU6 The CMC maintains a power budget for the enclosure that reserves the necessary wattage for all installed servers and components. The CMC allocates power to the CMC infrastructure and the blade servers in the chassis. The CMC infrastructure consists of components in the chassis, such as fans, I/O modules, and iKVM (if present). The chassis may have up to 16 blade servers that communicate to the chassis through the iDRAC.
The CMC grants the requested power to the blade server, and the allocated wattage is subtracted from the available budget. Once the server is granted a power request, the server's iDRAC software continuously monitors the actual power consumption. Depending on the actual power requirements, the iDRAC power envelope may change over time. iDRAC requests a power step-up only if the servers are fully consuming the allocated power.
if sufficient power is available. The System Input Power Cap can be increased any time up to a maximum value of 7928 watts to allow the power up of additional servers. Changes in the modular enclosure that reduce power allocation are server power off, server, I/O module, or iKVM removal, and transition of the chassis to a powered off state. You can reconfigure the System Input Power Cap when chassis is either ON or OFF.
Dynamic Power Supply Engagement Dynamic Power Supply Engagement (DPSE) mode is disabled by default. DPSE saves power by using the minimum PSUs needed to power the chassis, resulting in increased utilization of online PSUs and thus increasing their efficiency. This results in increased PSU life, reduced heat generation, and power savings by operating power supplies at more efficient power levels.
DPSE can be enabled for all three power supply redundancy configurations explained above—No Redundancy, Power Supply Redundancy, and AC Redundancy. • In a No Redundancy configuration with DPSE, the M1000e can have up to five power supply units in Standby state. In a six PSU configuration, some PSU units will be placed in Standby and stay unutilized to improve power efficiency.
Redundancy Policies Redundancy policy is a configurable set of properties that determine how the CMC manages power to the chassis. The following redundancy policies are configurable with or without dynamic PSU engagement: • AC Redundancy • Power Supply Redundancy • No Redundancy The default redundancy configuration for a chassis depends on how many PSUs it contains, as shown in Table 8-1. Table 8-1.
No Redundancy Power from up to three PSUs is used to power the entire chassis. So in a 6-PSU chassis, a chassis continues to operate at full capacity if any 3 PSUs fail. CAUTION: The No Redundancy mode uses only three PSUs without a backup. Failure of one of the three PSUs being used could cause servers to lose power and data. Power Conservation and Power Budget Changes The CMC performs power conservation when the user-configured maximum power limit is reached.
New Server Engagement Policy When a new server is powered on, the CMC may need to decrease power to lower priority servers to allow more power for the new server if adding the new server exceeds the power available for the chassis. This could happen if the administrator has configured a power limit for the chassis that is below what would be required for full power allocation to the servers, or if insufficient power is available for the worst-case power need of all servers in the chassis.
Table 8-3 describes the firmware response to a PSU power down or removal as it applies to various PSU redundancy configurations. Table 8-3. Chassis Impact from PSU Failure or Removal PSU Configuration Dynamic PSU Firmware Response Engagement AC Redundancy Disabled CMC alerts you of loss of AC Redundancy. Power Supply Redundancy Disabled CMC alerts you of loss of Power Supply Redundancy. No Redundancy Disabled Decrease power to low priority servers, if needed.
Limits • The CMC does not support automated power-down of a lower priority server to allow power up of a higher priority server; however, you can perform user-initiated power-downs. • Changes to the PSU redundancy policy are limited by the number of PSUs in the chassis. The M1000e chassis ships with one of two configurations: three PSUs or six PSUs. You can select any of the three PSU redundancy configuration settings listed in "Redundancy Policies.
Table 8-5. SEL Events for Power Redundancy Status Changes Power Policy Event System Event Log (SEL) Entry Redundancy lost redundancy lost was asserted Redundancy regained redundancy regained was asserted Redundancy Status and Overall Power Health The redundancy status is a factor in determining the overall power health.
Using the Web Interface The PSU health status can be viewed in two ways: from the Chassis Graphics section on the Chassis Status page or the Power Supply Status page. The Chassis Graphics page provides a graphical overview of all PSUs installed in the chassis. To view health status for all PSUs using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed.
Table 8-6. Power Supply Health Status Information Item Description Name Displays the name of the power supply unit: PS-[n], where [n] is the power supply number. Present Indicates whether the PSU is Present or Absent. Health OK Indicates that the PSU is present and communicating with the CMC. In the event of a communication failure between the CMC and the power supply, the CMC cannot obtain or display health status for the PSU.
Using RACADM Open a serial/Telnet/SSH text console to the CMC, log in, and type: racadm getpminfo For more information about getpminfo, including output details, see the Chassis Management Controller Administrator Reference Guide on the Dell Support website at support.dell.com. Viewing Power Consumption Status The CMC provides the actual input power consumption for the entire system on the Power Consumption Status page.
Table 8-8. Real-Time Power Statistics Item Description System Input Power Displays the current cumulative power consumption of all modules in the chassis measured from the input side of the PSUs. The value for system input power is indicated in both watts and BTU/h units. Peak System Power Displays the maximum system level input power consumption since the value was last cleared.
Table 8-8. Real-Time Power Statistics (continued) Item Description Minimum System Displays the date and time recorded when the minimum system Power Start Time power consumption value was last cleared. The timestamp is displayed in the format hh:mm:ss MM/DD/YYYY, where hh is hours (0-24), mm is minutes (00-60), ss is seconds (00-60), MM is the month (1-12), DD is the day (1-31), and YYYY is the year.
Table 8-9. Real-Time Energy Statistics Status Item Description System Energy Consumption Displays the current cumulative energy consumption for all modules in the chassis measured from the input side of the power supplies. The value is displayed in KWh and it is a cumulative value. System Energy Consumption Start Time Displays the date and time recorded when the system energy consumption value was last cleared, and the new measurement cycle began.
Table 8-11. Server Modules Item Description Slot Displays the location of the server module. The Slot is a sequential number (1–16) that identifies the server module by its location within the chassis. Name Displays the server name. The server name can be redefined by the user. Present Displays whether the server is present in the slot (Yes or No). If this field displays Extension of # (where the # will be 1-8), then number that follows it is the main slot of a multi-slot server.
Table 8-12 through Table 8-15 describe the information displayed on the Power Budget Status page. See "Configuring Power Budget and Redundancy" for information about configuring the settings for this information. Using RACADM Open a serial/Telnet/SSH text console to the CMC, log in, and type: racadm getpbinfo For more information about getpbinfo, including output details, see the getpbinfo command section in the Chassis Management Controller Administrator Reference Guide. Table 8-12.
Table 8-12. System Power Policy Configuration (continued) Item Description Redundancy Policy Indicates the current redundancy configuration: AC Redundancy, Power Supply Redundancy, and No Redundancy. AC Redundancy—Power input is load-balanced across all PSUs. Half of them should be cabled to one AC grid and the other half should be cabled to another grid. When the system is running optimally in AC Redundancy mode, power is load-balanced across all active supplies.
Table 8-13. Power Budgeting Item Description System Input Max Power Capacity Maximum input power that the available power supplies can supply to the system (in watts). Input Redundancy Reserve Displays the amount of redundant power (in watts) in reserve that can be utilized in the event of an AC grid or power supply unit (PSU) failure.
Table 8-14. Server Modules Item Description Slot Displays the location of the server module. The Slot is a sequential number (1–16) that identifies the server module by its location within the chassis. Name Displays the server name. The server name can be redefined by the user. Type Displays the type of the server. Priority Indicates the priority level allotted to the server slot in the chassis for power budgeting.
Table 8-15. System Power Supplies Item Description Name Displays the name of the PSU in the format PS-n, where n, is the PSU number. Power State Indicates the power state of the PSU — Initializing, Online, Stand By, In Diagnostics, Failed, Unknown, or Absent (missing). Input Volts Displays the present input voltage of the power supply. Input Current Displays the present input current of the power supply. Output Rated Power Displays the maximum output power rating of the power supply.
Table 8-16. Configurable Power Budget/Redundancy Properties Item Description System Input Power Cap System Input Power Cap is the maximum AC power that the system is allowed to allocate to servers and chassis infrastructure. It can be configured by the user to any value that exceeds the minimum power needed for servers that are powered on and the chassis infrastructure; configuring a value that falls below the minimum power needed for servers and the chassis infrastructure will fail.
Table 8-16. Configurable Power Budget/Redundancy Properties (continued) Item Description Redundancy Policy This option allows you to select one the following options: • No Redundancy: Power from all three power supplies on one AC circuit (grid) is used to power-on the entire chassis, including the chassis, servers, I/O modules, iKVM, the and CMC. NOTE: The No Redundancy mode uses only three power supplies at a time. If 3 PSUs are installed, then there is no backup available.
Table 8-16. Configurable Power Budget/Redundancy Properties (continued) Item Description Enable Dynamic Power Supply Engagement Enables (when checked) dynamic power management. In Dynamic Engagement mode, the power supplies are turned ON (online) or OFF (standby) based on power consumption, optimizing the energy consumption of the entire chassis. For example, your power budget is 5000 watts, your redundancy policy is set to AC redundancy mode, and you have six power supply units.
For example, the following command: racadm config -g cfgChassisPower -o cfgChassisRedundancyPolicy 1 sets the redundancy policy to 1. • To enable or disable dynamic PSU engagement, type: racadm config -g cfgChassisPower -o cfgChassisDynamicPSUEngagementEnable where can be 0 (disable), 1 (enable). The default is 1. For example, the following command: racadm config -g cfgChassisPower -o cfgChassisDynamicPSUEngagementEnable 0 disables dynamic PSU engagement.
4 Select a priority level (1–9, with 1 holding the highest priority) for one, multiple, or all servers. The default value is 1. You can assign the same priority level to multiple servers. 5 Click Apply to save your changes. Using RACADM Open a serial/Telnet/SSH text console to the CMC, log in, and type: racadm config -g cfgServerInfo -o cfgServerPriority -i Where (1–16) refers to the location of the server, and is a value between 1–9.
5 Type a budget value of up to 7928 watts in the System Input Power Cap text field. NOTE: The power budget is limited to a maximum of three PSUs out of a total of six PSUs. If you attempt to set a AC power budget value that exceeds the power capacity of your chassis, the CMC will display a failure message. NOTE: When value changes are specified in watts, the submitted value will exactly reflect what is actually applied.
Server Power Reduction to Maintain Power Budget The CMC reduces power allocations of lower priority servers when additional power is needed to maintain the system power consumption within the user-configured System Input Power Cap. For example, when a new server is engaged, the CMC may decrease power to low priority servers to allow more power for the new server.
5 Select one of the following Power Control Operations by clicking its radio button: • Power On System — Turns on the chassis power (the equivalent of pressing the power button when the chassis power is OFF). This option is disabled if the chassis is already powered ON. NOTE: This action powers on the chassis and other subsystems (iDRAC on the servers, IOMs, and iKVM). Servers will not power on. • Power Off System — Turns off the chassis power.
Using RACADM Open a serial/Telnet/SSH text console to the CMC, log in, and type: racadm chassisaction -m chassis where is powerup, powerdown, powercycle, nongraceshutdown or reset. Executing Power Control Operations on an IOM You can remotely execute a reset or power cycle on an individual IOM. NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. Using the Web Interface 1 Log in to the CMC Web interface. 2 Select I/O Modules.
Using the Web Interface 1 Log in to the CMC Web interface. 2 Expand Servers in the system tree, and then select the server on which you want to execute a power control operation. The Server Status page displays. 3 Click the Power Management tab. The Server Power Management page displays. 4 Power Status displays the power status of the server (one of the following): • N/A - The CMC has not yet determined the power state of the server. • Off - Either the server is off or the chassis is off.
Using RACADM Open a serial/Telnet/SSH text console to the CMC, log in, and type: racadm serveraction -m where specifies the server by its slot number (server-1 through server-16) in the chassis, and indicates the operation you want to execute: powerup, powerdown, powercycle, graceshutdown, or hardreset. Troubleshooting For power supply and power-related issue troubleshooting, see "Troubleshooting and Recovery.
Using the iKVM Module 9 Overview The local access KVM module for your Dell™ M1000e server chassis is called the Avocent® Integrated KVM Switch Module, or iKVM. The iKVM is an analog keyboard, video, and mouse switch that plugs into your chassis. It is an optional, hot-pluggable module to the chassis that provides local keyboard, mouse, and video access to the servers in the chassis, and to the active CMC’s command line.
Server Identification The CMC assigns slots names for all servers in the chassis. Although you can assign names to the servers using the OSCAR interface from a tiered connection, the CMC assigned names take precedence, and any new names you assign to servers using OSCAR will be overwritten. The CMC identifies a slot by assigning it a unique name. To change slot names using the CMC Web interface, see "Editing Slot Names.
iKVM Connection Precedences Only one iKVM connection is available at a time. The iKVM assigns an order of precedence to each type of connection so that when there are multiple connections, only one connection is available while others are disabled. The order of precedence for iKVM connections is as follows: 1 Front panel 2 ACI 3 Rear Panel For example, if you have iKVM connections in the front panel and ACI, the front panel connection remains active while the ACI connection is disabled.
Using OSCAR This section provides an overview of the OSCAR interface. Navigation Basics Table 9-1 describes navigating the OSCAR interface using the keyboard and mouse. Table 9-1. OSCAR Keyboard and Mouse Navigation Key or Key Sequence Result • Any of these key sequences can open OSCAR, depending on your Invoke OSCAR settings.
Table 9-1. OSCAR Keyboard and Mouse Navigation (continued) Key or Key Sequence Result , Toggles back to previous selection if there were no other keystrokes. , +<0> Immediately disconnects a user from a server; no server is selected. Status flag displays Free. (This action only applies to the =<0> on the keyboard and not the keypad.
To access the Setup dialog box: 1 Press to launch the OSCAR interface. The Main dialog box appears. 2 Click Setup. The Setup dialog box appears. Changing the Display Behavior Use the Menu dialog box to change the display order of servers and set a Screen Delay Time for OSCAR. To access the Menu dialog box: 1 Press to launch OSCAR. The Main dialog box appears. 2 Click Setup and then Menu. The Menu dialog box appears.
Controlling the Status Flag The status flag displays on your desktop and shows the name of the selected server or the status of the selected slot. Use the Flag dialog box to configure the flag to display by server, or to change the flag color, opacity, display time, and location on the desktop. Table 9-3.
4 To position the status flag on the desktop: a Click Set Position. The Set Position Flag displays. b Left-click on the title bar and drag it to the desired location on the desktop. c Right-click to return to the Flag dialog box. NOTE: Changes made to the flag position are not saved until you click OK in the Flag dialog box. 5 Click OK to save settings. To exit without saving changes, click . Managing Servers With iKVM The iKVM is an analog switch matrix supporting up to 16 servers.
Viewing and Selecting Servers Use the OSCAR Main dialog box to view, configure, and manage servers through the iKVM. You can view your servers by name or by slot. The slot number is the chassis slot number the server occupies. The Slot column indicates the slot number in which a server is installed. NOTE: The Dell CMC command line occupies Slot 17. Selecting this slot displays the CMC command line, where you can execute RACADM commands or connect to the serial console of server or I/O modules.
Selecting Servers Use the Main dialog box to select servers. When you select a server, the iKVM reconfigures the keyboard and mouse to the proper settings for that server. • To select servers: Double-click the server name or the slot number. or If the display order of your server list is by slot (that is, the Slot button is depressed), type the slot number and press .
To configure OSCAR for soft switching: 1 Press to launch the OSCAR interface. The Main dialog box appears. 2 Click Setup and then Menu. The Menu dialog box appears. 3 Select Name or Slot for the Display/Sort Key. 4 Type the desired delay time in seconds in the Screen Delay Time field. 5 Click OK. To soft switch to a server: • To select a server, press .
Preemption Warning Normally, a user connected to a server console through the iKVM and another user connected to the same server console through the iDRAC GUI console redirection feature both have access to the console and are able to type simultaneously. To prevent this scenario, the remote user, before starting the iDRAC GUI console redirection, can disable the local console in the iDRAC Web interface.
Setting or Changing the Password 1 Single-click and press or double-click in the New field. 2 Type the new password in the New field and then press . Passwords are case sensitive and require 5–12 characters. They must include at least one letter and one number. Legal characters are: A–Z, a–z, 0–9, space, and hyphen. 3 In the Repeat field, type the password again, and then press . 4 Click OK if you only want to change your password, and then close the dialog box.
Logging In 1 Press to launch OSCAR. The Password dialog box appears. 2 Type your password and then click OK. The Main dialog box appears. Setting Automatic Logout You can set OSCAR to automatically log out of a server after a period of inactivity. 1 In the Main dialog box, click Setup and then Security. 2 In the Inactivity Time field, enter the length of time you want to stay connected to a server before it automatically disconnects you. 3 Click OK.
3 Select Energy if your monitor is ENERGY STAR compliant; otherwise select Screen. CAUTION: Monitor damage may result from the use of Energy mode with monitors not compliant with Energy Star. 4 Optional: To activate the screen saver test, click Test. The Screen Saver Test dialog box displays. Click OK to start the test. The test takes 10 seconds. When it concludes, you are returned to the Security dialog box. NOTE: Enabling screen saver mode disconnects the user from a server; no server is selected.
To reset a lost or forgotten password using RACADM, open a serial/Telnet/SSH text console to the CMC, log in, and type: racadm racresetcfg -m kvm NOTE: Using the racresetcfg command resets the Front Panel Enable and Dell CMC Console Enable settings, if they are different from the default values. For more information about the racresetcfg subcommand, see the racresetcfg section in the Dell Chassis Management Controller Administrator Reference Guide.
To add servers to the scan list: 1 Press . The Main dialog box appears. 2 Click Setup and then Scan. The Scan dialog box appears, listing of all servers in the chassis. 3 Select the box next to the servers you wish to scan. or Double-click the server name or slot. or Press and the number of the server you wish to scan. You can select up to 16 servers.
To cancel scan mode: 1 If OSCAR is open and the Main dialog box is displayed, select a server in the list. or If OSCAR is not open, move the mouse or press any key on the keyboard. Scanning stops at the currently selected server. or Press . The Main dialog box appears; select a server in the list. 2 Click the Commands button. The Commands dialog box appears. 3 Clear the Scan Enable box.
3 Enable mouse and/or keyboard for the servers that are to receive the broadcast commands by selecting the boxes. or Press the up or down arrow keys to move the cursor to a target server. Then press to select the keyboard box and/or to select the mouse box. Repeat for additional servers. 4 Click OK to save the settings and return to the Setup dialog box. Click or press to return to the Main dialog box. 5 Click Commands. The Commands dialog box appears.
To enable or disable access to the iKVM from the front panel using the Web interface: 1 Log in to the CMC Web interface. 2 Select iKVM in the system tree. The iKVM Status page displays. 3 Click the Setup tab. The iKVM Configuration page displays. 4 To enable, select the Front Panel USB/Video Enabled check box. To disable, clear the Front Panel USB/Video Enabled check box. 5 Click Apply to save the setting.
• Green - iKVM is present, powered on and communicating with the CMC; there is no indication of an adverse condition. • Amber - iKVM is present, but may or may not be powered on, or may or may not be communicating with the CMC; an adverse condition may exist. • Gray - iKVM is present and not powered on. It is not communicating with the CMC and there is no indication of an adverse condition. 3 Use the cursor to hover over the iKVM subgraphic and a corresponding text hint or screen tip is displayed.
iKVM Status Information (continued) Table 9-5. Item Description Front Panel Connected Indicates whether the monitor is connected to the front panel VGA connector (Yes or No). This information is provided to the CMC so it can determine whether a local user has frontpanel access to the chassis. Rear Panel Connected Indicates whether the monitor is connected to the rear panel VGA connector (Yes or No).
6 Click Begin Firmware Update. A dialog box prompts you to confirm the action. 7 Click Yes to continue. The Firmware Update Progress section provides firmware update status information. A status indicator displays on the page while the image file uploads. File transfer time can vary greatly based on connection speed. When the internal update process begins, the page automatically refreshes and the Firmware update timer displays.
Troubleshooting NOTE: If you have an active console redirection session and a lower resolution monitor is connected to the iKVM, the server console resolution may reset if the server is selected on the local console. If the server is running a Linux operating system, an X11 console may not be viewable on the local monitor. Pressing at the iKVM will switch Linux to a text console. Table 9-6.
Table 9-6. Troubleshooting iKVM (continued) Problem Likely Cause and Solution The message "User has been disabled as another appliance is currently tiered" appears on the monitor connected to the rear panel. A network cable is connected to the iKVM ACI port connector and to a secondary KVM appliance. The iKVM’s amber LED is blinking. There are three possible causes: Only one connection is allowed at a time. The ACI tiering connection has precedence over the rear panel monitor connection.
Table 9-6. Troubleshooting iKVM (continued) Problem Likely Cause and Solution My iKVM is tiered through the ACI port to an external KVM switch, but all of the entries for the ACI connections are unavailable. The front panel connection is enabled and has a monitor connected. Because the front panel has precedence over all other iKVM connections, the ACI and rear panel connectors are disabled. All of the states are showing a yellow dot in the OSCAR interface.
Table 9-6. Troubleshooting iKVM (continued) Problem Likely Cause and Solution In the OSCAR menu, the Dell CMC connection is displaying a red X, and I cannot connect to the CMC. There are two possible causes: The Dell CMC console has been disabled. In this case, you can enable it using either the CMC Web interface or RACADM. To enable the Dell CMC console using the Web interface: 1 Log in to the CMC Web interface. 2 Select iKVM in the system tree. 3 Click the Setup tab.
Using the iKVM Module
I/O Fabric Management 10 The chassis can hold up to six I/O modules (IOMs), each of which can be pass-through or switch modules. The IOMs are classified into three groups: A, B, and C. Each group has two slots: Slot 1 and Slot 2. The slots are designated with letters, from left to right, across the back of the chassis: A1 | B1 | C1 | C2 | B2 | A2. Each server has slots for two mezzanine cards (MCs) to connect to the IOMs. The MC and the corresponding IOM must have the same fabric.
Fabric Management Fabric management helps avoid electrical, configuration, or connectivity related problems due to installation of an IOM or MC that has an incompatible fabric type from the chassis' established fabric type. Invalid hardware configurations could cause electric or functional problems to the chassis or its components. Fabric management will prevent invalid configurations from powering on. Figure 10-1 shows the location of IOMs in the chassis.
For example: • An Ethernet MC connected to a Fibre Channel IOM is an invalid configuration. However, an Ethernet MC connected to both an Ethernet switch and an Ethernet pass-through IOM installed in the same IOM group is a valid connection. • A Fibre Channel pass-through IOM and a fibre channel switch IOM in slots B1 and B2 is a valid configuration if the first MCs on all of the servers are also fibre channel. In this case, the CMC will power-on the IOMs and the servers.
Invalid IOM-Mezzanine Card (MC) Configuration The mismatched IOM will be held in the power-off state. The CMC adds an entry to the CMC and hardware logs noting the invalid configuration and specifying the IOM name. The CMC will also cause the error LED on the offending IOM to blink. If the CMC is configured to send alerts, it sends e-mail and/or SNMP alerts for this event. For information about the CMC and hardware logs, see "Viewing the Event Logs.
Monitoring IOM Health The health status for the IOMs can be viewed in two ways: from the Chassis Graphics section on the Chassis Status page or the I/O Modules Status page. The Chassis Graphics page provides a graphical overview of the IOMs installed in the chassis. To view health status of the IOMs using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed.
4 Click the Status sub-tab. The I/O Modules Status page displays.Table 10-1 provides descriptions of the information provided on the I/O Modules Status page. Table 10-1. I/O Modules Status Information Item Description Slot Indicates the location of the I/O module in the chassis by group number (A, B, or C) and slot number (1 or 2). Slot names: A1, A2, B1, B2, C1, or C2. Present Indicates whether the IOM is present (Yes or No).
Table 10-1. I/O Modules Status Information (continued) Item Description Fabric Indicates the type of fabric for the IOM: Gigabit Ethernet, 10GE XAUI, 10GE KR, 10GE XAUI KR, FC 4 Gbps, FC 8 Gbps, SAS 3 Gbps, SAS 6 Gbps, Infiniband SDR, Infiniband DDR, Infiniband QDR, PCIe Bypass Generation 1, PCIe Bypass Generation 2. NOTE: Knowing the fabric types of the IOMs in your chassis is critical in preventing IOM mismatches within the same group. For information about I/O fabric, see "I/O Fabric Management.
Viewing the Health Status of an Individual IOM The I/O Module Status page (separate from the I/O Modules Status page) provides an overview of an individual IOM. To view the health status of an individual IOM: 1 Log in to the CMC Web interface. 2 Expand I/O Modules in the system tree. All of the IOMs (1–6) appear in the expanded I/O Modules list. 3 Click the IOM you want to view in the I/O Modules list in the system tree. 4 Click the Status sub-tab. The I/O Modules Status page displays.
Table 10-2. I/O Module Health Status Information (continued) Item Description Warning Indicates that warning alerts have been issued, and corrective action must be taken. If corrective actions are not taken, it could lead to critical or severe failures that can affect the integrity of the IOM. Examples of conditions causing Warnings: IOM fabric mismatch with the server's mezzanine card fabric; invalid IOM configuration, where the newly installed IOM does not match the existing IOM on the same group.
Table 10-2. I/O Module Health Status Information (continued) Item Description MAC Address Displays the MAC address for the IOM. The MAC address is a unique address assigned to a device by the hardware vendor as a means for identification. NOTE: Pass-throughs do not have MAC addresses. Only switches have MAC addresses. Role Displays the I/O module stacking membership when modules are linked together: • Member - the module is part of a stack set • Master - the module is a primary access point.
NOTE: Only IOMs that are powered on can be configured. NOTE: The IP address set on the IOMs from the CMC is not saved to the switch's permanent startup configuration. To save the IP address configuration permanently, you must enter the connect switch-n command, or racadm connect switch -n RACADM command, or use a direct interface to the IOM GUI to save this address to the startup configuration file. Table 10-3.
Troubleshooting IOM Network Settings The following list contains troubleshooting items for IOM network settings: • The CMC can read the IP address setting too quickly after a configuration change; it will display 0.0.0.0 after clicking Apply. You must hit the refresh button in order to see if the IP address is set correctly on the switch. • If an error is made in setting the IP/mask/gateway, the switch will not set the IP address and will return a 0.0.0.0 in all fields.
11 Troubleshooting and Recovery Overview This section explains how to perform tasks related to recovering and troubleshooting problems on the remote system using the CMC Web interface.
Using the Web Interface To enable blinking for one, multiple, or all component LEDs: 1 Log in to the CMC Web interface. 2 Click Chassis in the system tree. 3 Click the Troubleshooting tab. 4 Click the Identify sub-tab. The Identify page displays, featuring a list of all components on the chassis. 5 To enable blinking for a component LED, check the box beside the device name and then click Blink. 6 To disable blinking for a component LED, check the box beside the device name and then click UnBlink.
You can configure the CMC to generate event traps. Table 11-1 provides an overview of the events that trigger SNMP and e-mail alerts. For information on e-mail alerts, see "Configuring E-mail Alerts." NOTE: Starting with CMC version 2.10, SNMP is now IPv6 enabled. You can include an IPv6 address or fully qualified domain name (FQDN) in the destination for an event alert. Table 11-1. Chassis Events That Can Generate SNMP Event Description Fan Probe Failure A fan is running too slow or not at all.
Table 11-1. Chassis Events That Can Generate SNMP Event Description IOM Absent An expected IOM is not present. IOM Failure The IOM is not functioning. (continued) Firmware Version Mismatch There is a firmware mismatch for the chassis or server firmware. Chassis Power Threshold Error Power consumption within the chassis reached the System Input Power Cap. You can add and configure SNMP alerts using the Web interface or RACADM.
7 Type the SNMP Community String to which the destination management station belongs. NOTE: The community string on the Chassis Event Alert Destinations page differs from the community string on the Chassis→Network/Security→ Services page. The SNMP traps community string is the community that the CMC uses for outbound traps destined to management stations.
To obtain the mask value, use a scientific calculator in hex mode and add the second values of the individual masks (1, 2, 4, etc.) using the key. For example, to enable trap alerts for Battery Probe Warning (0x2), Power Supply Failure (0x1000), and KVM failure (0x80000), key 2 1000 200000 and press the <=> key. The resulting hex value is 208002, and the mask value for the RACADM command is 0x208002. Table 11-2.
4 Enable traps alerting by typing: racadm config -g cfgTraps -o cfgTrapsEnable 1 -i where is a value 1–4. The index number is used by the CMC to distinguish up to four configurable destinations for traps alerts. Destinations may be specified as appropriately formatted numeric Addresses (IPv6 or IPv4), or Fully-qualified domain names (FQDNs).
Configuring E-mail Alerts When the CMC detects a chassis event, such as an environmental warning or a component failure, it can be configured to send an e-mail alert to one or more e-mail addresses. Table 11-1 provides an overview of the events that trigger e-mail and SNMP alerts. For information on SNMP alerts, see "Configuring SNMP Alerts." You can add and configure e-mail alerts using the Web interface or RACADM.
b Enter the desired originator e-mail for the alert, or leave it blank to use the default e-mail originator. The default is cmc@[IP_address] where [IP_address] is the IP address of the CMC. If you choose to enter a value, the syntax of the e-mail name is emailname[@domain], and an e-mail domain can be optionally specified. If @domain is not specified and there is an active CMC network domain, then the e-mail address of emailname@cmc.domain is used as the source e-mail.
3 Specify the events for which you want the CMC to generate by typing: racadm config -g cfgAlerting -o cfgAlertingFilterMask where is a hexadecimal value between 0x0 and 0x017fffdf and must be expressed with the leading 0x characters. Table 11-2 provides filter masks for each event type. For instructions on calclulating the hex value for the filter mask you want to enable, see step 3 on "Using RACADM.
where host.domain is a full-qualified domain name. You can configure up to four destination e-mail addresses to receive e-mail alerts. To add more e-mail addresses, repeat steps 2–6. NOTE: The commands in steps 2–6 will overwrite any existing settings configured for the index you specify (1–4). To determine whether an index has previously configured values, type: racadm getconfig -g cfgEmailAlert -i .
Executing a Power Control Operation For instructions on powering on, powering off, resetting, or power-cycling the system using the CMC Web interface or RACADM, see "Executing Power Control Operations on the Chassis," "Executing Power Control Operations on an IOM," and "Executing Power Control Operations on a Server.
• Problem: Dynamic Power Supply Engagement is enabled, but none of the power supplies display in the Standby state. – • • Problem: Inserted a new server into the enclosure with six power supplies, but the server won't power on. – Resolution A: Check the system input power cap setting - it might be configured too low to allow any additional servers to be powered up.
• Problem: A subset of servers lost power after an AC Grid failure, even when the chassis was operating in the AC Redundancy configuration with six power supplies. – • Problem: The least priority servers lost power after a PSU failure. – • Resolution: This is expected behavior if the enclosure power policy was configured to No Redundancy.
Viewing Chassis Summaries The CMC provides rollup overviews of the chassis, primary and standby CMCs, iKVM, fans, temperature sensors, and I/O modules (IOMs). Using the Web Interface To view summaries of the chassis, CMCs, iKVM, and IOMs: 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Summary tab. The Chassis Summary page displays. Table 11-3, Table 11-4, Table 11-5, and Table 11-6 describe the information provided. Table 11-3.
Table 11-4. CMC Summary Item Description Primary CMC Information Name Displays the name of the CMC. For example, Primary CMC or Standby CMC. Description Provides a brief description of the purpose of the CMC. Date/Time Indicates the date and time set on the active or primary CMC. Active CMC Location Indicates the slot location of the active or primary CMC. Redundancy Mode Displays if the standby CMC is present in the chassis.
Table 11-4. CMC Summary (continued) Item Description Standby CMC Information Present Displays (Yes, No) whether a second (standby) CMC is installed. Standby Firmware Version Displays the CMC firmware version installed on the standby CMC. Table 11-5. iKVM Summary Item Description Present Indicates whether the iKVM module is present (Yes or No). Name Displays the name of the iKVM. The name identifies the iKVM on the network. Manufacturer Displays the iKVM model or manufacturer.
Table 11-6. IOM Summary Item Description Location Indicates the slot occupied by the IOMs. Six slots are identified by group name (A, B, or C) and slot number (1 or 2). Slot names: A-1, A-2, B-1, B-2, C-1, or C-2. Present Indicates whether the IOM is present (Yes or No). Name Displays the name of the IOM. Fabric Displays the type of fabric. Power Status Indicates the power status of the IOM: On, Off, or N/A (Absent). Service Tag Displays the service tag of the IOM.
Viewing Chassis and Component Health Status Using the Web Interface To view chassis and component health summaries: 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. The Chassis Status page displays. The Chassis Graphics section provides a graphical view of the front and rear of the chassis. This graphical representation provides a visual overview of the components installed within the chassis and its corresponding status.
Table 11-7. Health Status Indicators Item Description OK Indicates that the component is present and communicating with the CMC. Informational Displays information about the component when there is no change in health status. Warning Indicates that only Warning alerts have been issued, and corrective action must be taken.
Viewing the Hardware Log The CMC generates a hardware log of events that occur on the chassis. You can view the hardware log using the Web interface and remote RACADM. NOTE: To clear the hardware log, you must have Clear Logs Administrator privilege. NOTE: You can configure the CMC to send e-mail or SNMP traps when specific events occur. For information on configuring CMC to send alerts, see "Configuring SNMP Alerts" and "Configuring E-mail Alerts.
To save a copy of the hardware log to your managed station or network: Click Save Log. A dialog box opens; select a location for a text file of the log. NOTE: Because the log is saved as a text file, the graphical images used to indicate severity in the user interface do not appear. In the text file, severity is indicated with the words OK, Informational, Unknown, Warning, and Severe. The date and time entries appear in ascending order.
Using RACADM 1 Open a serial/Telnet/SSH text console to the CMC and log in. 2 To view the hardware log, type: racadm getsel To clear the hardware log, type: racadm clrsel Viewing the CMC Log The CMC generates a log of chassis-related events. NOTE: To clear the hardware log, you must have Clear Logs Administrator privilege. Using the Web Interface You can view, save a text file version of, and clear the CMC log in the CMC Web interface.
Table 11-9. CMC Log Information Command Result Source Indicates the interface (such as the CMC) that caused the event. Date/Time Indicates the exact date and time the event occurred (for example, Wed May 02 16:26:55 2007). Description Provides a short description of the action, such as a login or a logout, login failure, or clearing the logs. Descriptions are generated by the CMC. Using RACADM 1 Open a serial/Telnet/SSH text console to the CMC and log in.
Table 11-10.
Table 11-10. Firmware Update Error Codes (continued) Error Class Error Value (Hex) Error Value (Decimal) ERR_FWUPD_INIT_CALL 0x1427 5159 ERR_FWUPD_START_UPDATE_CALL 0x1428 5160 ERR_OP_NOT_CANCELABLE 0x1429 5161 BAD_FTP_USERNAME 0x142A 5162 DEVICE_NOT_AVAILABLE 0x142B 5163 Using the Diagnostic Console The Diagnostic Console page enables an advanced user, or a user under the direction of technical support, to diagnose issues related to the chassis hardware using CLI commands.
Table 11-11. Supported Diagnostic Commands Command Result arp Displays the contents of the address resolution protocol (ARP) table. ARP entries may not be added or deleted. ifconfig Displays the contents of the network interface table. netstat Prints the contents of the routing table. ping Verifies that the destination is reachable from the CMC with the current routing-table contents. You must type a destination IP address in the field to the right of this option.
3 Click the Troubleshooting tab. 4 Click the Reset Components sub-tab. The Reset Components page displays. The CMC Summary section of the Reset Components page displays the following information: Table 11-12. CMC Summary Attribute Description Health OK The CMC is present and communicating with its components. Informational Displays information about the CMC when no change in health status (OK, Warning, Severe) has occurred. Warning Warning alerts have been issued, and corrective action must be taken.
5 The Virtual Reseat Server section of the Reset Components page displays the following information: Table 11-13. Virtual Reseat Server Attribute Description Slot Displays the slot occupied by the server in the chassis. Slot names are sequential IDs, from 1 to 16, to help identify the location of the server in the chassis. Name Displays the name of the server in each slot. Present Displays whether the server is present in the slot (Yes or No).
Table 11-13. Virtual Reseat Server Attribute Description iDRAC Status Displays the status of the server iDRAC embedded management controller: • N/A - Server is not present, or the chassis is not powered on. • Ready - iDRAC is ready and operating normally. • Corrupted - iDRAC firmware is corrupted. Use the iDRAC firmware update utility to repair the firmware. • Failed - Unable to communicate with iDRAC. Use the Virtual Reseat check box to clear the error.
Troubleshooting Network Time Protocol (NTP) Errors After configuring the CMC to synchronize its clock with a remote time server over the network, it may take 2-3 minutes before a change in the date and time occurs. If after this time there is still no change, it may be necessary to troubleshoot a problem. The CMC may not be able to synchronize its clock for a number of reasons: • There could be a problem with the NTP Server 1, NTP Server 2, and NTP Server 3 settings.
If an ‘*’ is not displayed against one of the configured servers, something may not be set up properly. The output of the above command also contains detailed NTP statistics that may be useful in debugging why the server does not synchronize. If you attempt to configure an NTP server that is Windows based, it may help to increase the MaxDist parameter for ntpd.
Interpreting LED Colors and Blinking Patterns The LEDs on the chassis provide information by color and blinking/not blinking: • Steadily glowing, green LEDs indicate that the component is powered on. If the green LED is blinking, it indicates a critical but routine event, such as a firmware upload, during which the unit is not operational. It does not indicate a fault. • A blinking amber LED on a module indicates a fault on that module.
Table 11-14.
Table 11-14.
Observing the LEDs to Isolate the Problem Facing the front of the CMC as it is installed in the chassis, you will see two LEDs on the left side of the card. Top LED — The top green LED indicates power. If it is NOT on: 1 Verify that you have AC present to at least one power supply. 2 Verify that the CMC card is seated properly. You can release/pull on the ejector handle, remove the CMC, reinstall the CMC making sure the board is inserted all the way and the latch closes correctly.
and then press . Sample prompts: recover1[self test] CMC 1 self test failure recover2[Bad FW images] CMC2 has corrupted images • If the prompt indicates a self test failure, there are no serviceable components on the CMC. The CMC is bad and must returned to Dell. • If the prompt indicates Bad FW Images, then follow the steps in "Recovering the Firmware Image" to fix the problem. Recovering the Firmware Image The CMC enters recover mode when a normal CMC OS boot is not possible.
Troubleshooting Network Problems The internal CMC trace log allows you to debug CMC alerting and networking. You can access the trace log using the CMC Web interface (see "Using the Diagnostic Console") or RACADM (see "Using the RACADM Command Line Interface" and the gettracelog command section in the Dell Chassis Management Controller Administrator Reference Guide. The trace log tracks the following information: • DHCP — Traces packets sent to and received from a DHCP server.
1 Press in the CMC release latch on the handle and rotate the handle away from the module front panel. Slide the CMC module out of the enclosure. NOTE: Electrostatic discharge (ESD) events can harm electronic components inside your equipment. Under certain conditions, ESD may build up on your body or an object, and then discharge into another object, such as your CMC.
3 Slide the CMC module into the enclosure. Reattach any cables that were disconnected. 4 Initiate a changeover to make the module active using the GUI interface to perform the following steps: a Navigate to the Chassis page, click the Power Management tab - Control sub tab. b Select the Reset CMC (warm boot) button. c Click Apply. 5 The CMC automatically fails over to the redundant module, and that module now becomes active.
Glossary Active Directory Active Directory is a centralized and standardized system that automates network management of user data, security, and distributed resources, and enables interoperation with other directories. Active Directory is designed especially for distributed networking environments. ARP Address resolution protocol, a method for finding a host’s Ethernet address from its Internet address.
CA A certificate authority (CA) is a business entity that is recognized in the IT industry for meeting high standards of reliable screening, identification, and other important security criteria. Examples of CAs include Thawte and VeriSign. After the CA receives your CSR, they review and verify the information the CSR contains.
extended schema A solution used with Active Directory to determine user access to the CMC; uses Dell-defined Active Directory objects. FQDN Fully qualified domain name, a domain name that specifies a module’s absolute position in the DNS tree hierarchy. Microsoft® Active Directory® only supports an FQDN of 64 bytes or fewer. FSMO Flexible single master operation, a Microsoft Active Directory domain controller task that guarantees atomicity of an extension operation. GB1 The uplink port on the chassis.
iKVM Avocent® Integrated KVM Switch Module, an optional, hot-pluggable module to the chassis providing local access to keyboard, mouse, and video to any of the 16 servers in the chassis, as well as the additional Dell CMC Console option that connects to the chassis’ active CMC. IOMINF I/O module infrastructure device. IP Internet Protocol. IP is the network layer for TCP/IP. IP provides packet routing, fragmentation, and reassembly.
management station A system that remotely accesses the CMC. Mbps Megabits per second, which is a data transfer rate. MC Mezzanine card Microsoft Active Directory A centralized, standardized system that automates network management of user data, security, and distributed resources, and enables interoperation with other directories. Active Directory is designed especially for distributed networking environments.
RAM Random-access memory. RAM is general-purpose readable and writable memory on systems. RAM disk A memory-resident program which emulates a hard drive. ROM Read-only memory, from which data may be read, but to which data cannot be written. RPM Red Hat Package Manager, a package-management system for the Red Hat Enterprise Linux operating system. RPM manages the installation of software packages. It is similar to an installation program.
standard schema A solution used with Active Directory to determine user access to the CMC; uses Active Directory group objects only. STK The staking port on the chassis TCP/IP Transmission control protocol/Internet protocol, representing the set of standard Ethernet protocols that includes the network layer and transport layer protocols. TFTP Trivial file transfer protocol, a simple file transfer protocol used for downloading boot code to diskless devices or systems.
VNC Virtual network computing VT-100 Video Terminal 100, which is used by the most common terminal emulation programs. WAN Wide area network WWN World Wide Name, a unique value that represents Fibre Channel node in the physical layer.
Index A ACI, 289 Active Directory, 207 adding CMC users, 220 configuring access to the CMC, 213 configuring and managing certificates, 141 extending schemas, 213 objects, 209 schema extensions, 208 using with standard schema, 228 adding SNMP alerts, 328 alerts troubleshooting, 366 Analog Console Interface, 287 C Certificate Signing Request (CSR) about, 148 generating a new certificate, 149 certificates Active Directory, 141 SSL and digital, 147 uploading a server certificate, 152 viewing a server certifica
firmware downloading, 45 managing, 163 updating, CMC, 164 updating, iKVM, 166 updating, IOM infrastructure device, 167 updating, Server iDRAC, 168 FlexAddress, 189 activating, 190 activation verification, 191 configuring using CLI, 194 deactivating, 193 license agreement, 202 Linux configuration, 195 troubleshooting, 196 viewing status using CLI, 195 Wake-On-LAN, 196 frequently asked questions managing and recovering a remote system, 186 using the CMC with Active Directory, 234 H I I/O fabric, 315 iDRAC r
N network properties configuring manually, 74 configuring using racadm, 74 Red Hat Enterprise Linux configuring for serial console redirection, 59 redundant environment, 49 remote access connection (RAC), 23 O OSCAR, 287 remote RACADM configuring, 44 P S parsing rules, 90 Secure Sockets Layer (SSL) about, 147 password disabling, 364 reset jumper location, 365 power budgeting configuring, 45 power conservation, 259 proxy server, 32 R RAC see Remote Access Connection, 23 security using SSL and digit
SNMP alerts adding and configuring, 328 specifications hardware, 21 standard schema using with Active Directory, 228 T telnet console using, 52 W web browser configuring, 31 supported browsers, 24 web interface accessing, 97 configuring email alerts, 334 WS-Management, 24 378 Index