Dell Chassis Management Controller Version 3.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2008 - 2019 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Overview.................................................................................................................................... 13 What is new in this release..................................................................................................................................................14 Key Features.........................................................................................................................................................................
Setting Chassis Physical Location and Chassis Name Using Web Interface......................................................... 32 Setting Chassis Physical Location and Chassis Name Using RACADM................................................................. 33 Setting Date and Time on CMC........................................................................................................................................ 33 Setting Date and Time on CMC Using CMC Web Interface.............................
Downloading CMC Firmware............................................................................................................................................. 45 Viewing Currently Installed Firmware Versions............................................................................................................... 46 Viewing Currently Installed Firmware Versions Using CMC Web Interface..........................................................
Viewing Front Panel Properties......................................................................................................................................... 68 Viewing KVM Information and Health Status.................................................................................................................. 68 Viewing LCD Information and Health................................................................................................................................
Editing Chassis Configuration Profiles........................................................................................................................ 84 Deleting Chassis Configuration Profiles......................................................................................................................84 Configuring Multiple CMCs Using RACADM...................................................................................................................
Exporting Boot Identity Profiles................................................................................................................................. 103 Deleting Boot Identity Profiles....................................................................................................................................103 Managing Virtual MAC Address Pool........................................................................................................................ 103 Creating MAC Pool....
Configuring CMC SSO Or Smart Card Login For Active Directory Users Using RACADM............................... 132 11 Configuring CMC to Use Command Line Consoles....................................................................... 133 CMC Command Line Console Features..........................................................................................................................133 CMC Command Line Interface Commands................................................................................
Power Budgeting For Hardware Modules...................................................................................................................... 157 Server Slot Power Priority Settings.................................................................................................................................157 Assigning Priority Levels To Servers...............................................................................................................................
Enabling or Disabling RAID Controller Using CMC Web Interface...............................................................................174 Enabling or Disabling RAID Controller Using RACADM................................................................................................. 175 Enabling or disabling fault tolerance of external RAID controller using RACADM.....................................................175 Viewing Physical Disk Properties Using the CMC Web Interface.....................
17 Troubleshooting and Recovery.................................................................................................. 189 Resetting Forgotten Administrative Password.............................................................................................................. 189 Gathering Configuration Information, Chassis Status, and Logs Using RACDUMP................................................. 190 Supported Interfaces.......................................................................
1 Overview The Dell Chassis Management Controller (CMC) for Dell EMC PowerEdge VRTX is a Systems Management hardware and software solution for managing the PowerEdge VRTX chassis. The CMC has its own microprocessor and memory and is powered by the modular chassis into which it is plugged.
• • • • • • Managing Licenses Viewing Localized Versions of the CMC Web Interface Supported Management Console Applications How to use this Guide Other Documents You May Need Accessing documents from the Dell EMC support site What is new in this release This release of CMC for Dell EMC PowerEdge VRTX supports: • • • • Enabling forced password change to comply with SB-327 Regulations of California, USA. Regenerating SSH self-signed-key using CLI command. Updating OpenSSH open-source package to version 7.
Security Features The CMC provides the following security features: • • • • Password-level security management — Prevents unauthorized access to a remote system. Centralized user authentication through: • Active Directory using Standard Schema or an Extended Schema (optional). • Hardware-stored user IDs and passwords. Role-based authority — Enables an administrator to configure specific privileges for each user. User ID and password configuration through the web interface.
Figure 2. CMC back panel Table 2. CMC back panel — parts Item Indicator, Button, or Connector 1 PCIe expansion card slots low-profile (5) 2 PCIe expansion card slots full height (3) 3 CMC GB Ethernet port (CMC-2) 4 CMC GB Ethernet port (CMC-1) 5 Serial Connector 6 Blower modules (4) 7 I/O module ports 8 PSU 4 9 PSU 3 10 PSU 1 11 PSU 2 A Front Panel view of the chassis is given here with a table that lists the parts and devices available in the CMC.
Figure 3. Front-Panel Features And Indicators—3.5 Inch Hard Disk Drive Chassis Table 3. Front panel — features and indicators Item Indicator, Button, or Connector Description 1 USB connectors (2) Allows a keyboard and mouse to be connected to the system. 2 LCD panel Provides system information and status, and error messages to indicate when the system is operating correctly or when the system needs attention. 3 LCD menu scroll buttons (4) Moves the cursor in one-step increments.
Minimum CMC Version The following table lists the minimum CMC version required to enable the listed server modules. Table 4. Minimum CMC Version for server modules Servers Minimum version of CMC PowerEdge M520 CMC 1.36 PowerEdge M620 CMC 1.36 PowerEdge M820 CMC 1.36 PowerEdge M630 CMC 2.00 PowerEdge M830 CMC 2.00 PowerEdge M640 CMC 3.00 The following table lists the minimum CMC version required to enable the listed I/O moduless. Table 5.
Supported web browsers The following web browsers are supported for Dell PowerEdge VRTX: • • • • • • • • Microsoft Internet Explorer 11 Microsoft EDGE Safari version 10.1.2 Safari version 11.1.2 Mozilla Firefox 61 Mozilla Firefox 62 Google Chrome 68 Google Chrome 69 NOTE: By default, TLS 1.1 and TLS 1.2 are supported in this release. However, to enable TLS 1.0 use the following racadm command: $ racadm config -g cfgRacTuning -o cfgRacTuneTLSProtocolVersionEnable TLSv1.
• Replace — Replace the license to extend an evaluation license, change a license type such as an evaluation license with a purchased license, or extend an expired license. An evaluation license may be replaced with an upgraded evaluation license or with a purchased license. A purchased license may be replaced with an updated license or with an upgraded license. For more information about license, click Dell Software License Management Portal .
Feature Express Enterprise Notes RACADM (SSH, Local, and Remote) Yes Yes CMC Setup Backup No Yes CMC Setup Restore Yes Yes WS-MAN Yes Yes SNMP Yes Yes Telnet Yes Yes SSH Yes Yes Web-based Interface Yes Yes Email Alerts Yes Yes LCD Deployment Yes Yes Extended iDRAC Management Yes Yes Remote Syslog No Yes Directory Services No* Yes iDRAC Single Sign-On No Yes Two-Factor Authentication No Yes PK Authentication No Yes Remote File Share Yes Yes Slot Resource
Feature Express Enterprise Virtual Adapter to Slot UnMapping Yes Yes Server cloning No Yes One-to-many Server Firware Update No Yes One-to-many configuration for iDRAC No Yes Boot Identity No Yes Chassis Profile No Yes Quick Deploy No Yes Notes Viewing Localized Versions of the CMC Web Interface To view localized versions of the CMC web interface, read through your web browser's documentations.
• • • The Dell Update Packages User's Guide provides information about obtaining and using Dell Update Packages as part of your system update strategy. The Dell Shared PowerEdge RAID Controller (PERC) 8 User's Guide provides information about deploying the Shared PERC 8 card and managing the storage subsystem. This document is available online at dell.com/storagecontrollermanuals.
2 Installing and Setting Up CMC This section provides information about how to install your CMC hardware, establish access to CMC, configure your management environment to use CMC, and guides you through the tasks for configuring a CMC: • • • • Set up initial access to CMC. Access CMC through a network. Add and configure CMC users. Update CMC firmware. For more information about installing and setting up redundant CMC environments, see Understanding Redundant CMC Environment.
6. Using the LCD panel, navigate to the IP Summary and click on the Check button to select. Use the IP address for the CMC in the management system browser (IE, Chrome, or Mozilla). To set up DHCP for CMC, use LCD panel to, click Main Menu > Settings > Network Settings. 7. Connect to the CMC IP address by using a web browser by typing the default username (root) and password (calvin). 8. Provide each iDRAC with an IP address in the CMC web interface, and enable the LAN and IPMI interface.
Uninstalling RACADM From a Linux Management Station 1. Log in as root to the system where you want to uninstall the management station features. 2. Run the following rpm query command to determine which version of the DRAC tools is installed: rpm -qa | grep mgmtst-racadm 3. Verify the package version to be uninstalled and uninstall the feature by using the rpm -e rpm -qa | grep mgmtst-racadm command.
Microsoft Phishing Filter If the Microsoft Phishing Filter is enabled in Internet Explorer on your management system, and your CMC does not have Internet access, accessing CMC may be delayed by a few seconds. This delay can happen if you are using the browser or another interface such as remote RACADM. To disable the phishing filter: 1. Start Internet Explorer. 2. Click Tools > Phishing Filter, and then click Phishing Filter Settings. 3. Select the Disable Phishing Filter option and click OK.
It is recommended to isolate chassis management from the data network. Due to the potential of traffic on the data network, the management interfaces on the internal management network can be saturated by traffic intended for servers. This results in CMC and iDRAC communication delays. These delays may cause unpredictable chassis behavior, such as CMC displaying iDRAC as offline even when it is up and running, which in turn causes other unwanted behavior.
NOTE: To skip the CMC configuration navigate to the ‘X’ icon and then press the center button. 3. If you are asked to select an appropriate network speed, select a network speed (Auto (1Gb), 10Mb, or 100Mb) using appropriate buttons. For effective network throughput, the network speed setting must match your network configuration. Setting the network speed lower than the speed of your network configuration increases bandwidth consumption and slows down the network communication.
Network mode Description Static If you select Static, manually enter the IP address, gateway, and subnet mask by following the instructions on the LCD screen. If you have selected the Static option, press the center button, and then do the following: a. The following message asks you whether or not you want to automatically increment by using the IP of Slot–1. IPs will auto-increment by slot number. Click the center button. The following message asks you to enter the slot–1 IP number.
NOTE: Using more than one interface at the same time may generate unexpected results. Table 10. CMC Interfaces Interface Description Web interface Provides remote access to CMC using a graphical user interface. The Web interface is built into the CMC firmware and is accessed through the NIC interface from a supported web browser on the management station. For a list of supported Web browsers, see the “Supported Browsers” section in the Dell System Software Support Matrix at dell.com/support/manuals.
Interface Description Web services interfaces can be utilized by leveraging client infrastructure, such as Windows WinRM and Powershell CLI, open source utilities like WSManCLI, and application programming environments like Microsoft .NET. WinRM tool sets a default response timeout of 60 seconds for all WSMan commands it sends out. WinRM does not allow varying this timeout interval. Using “winrm set winrm/config @{MaxTimeoutms ="80000"}” does not change the timeout due to a bug in the WinRM tool.
Setting Chassis Physical Location and Chassis Name Using RACADM To set the chassis name, location, date, and time by using the command line interface, see the setsysinfo and setchassisname commands. For more information, see the Chassis Management Controller for PowerEdge VRTX RACADM Command Line Reference Guide. Setting Date and Time on CMC You can manually set the date and time, or you can synchronize the date and time with a Network Time Protocol (NTP) server.
Configuring LED Blinking Using RACADM Open a serial/Telnet/SSH text console to CMC, log in, and type: racadm setled -m [-l ], where specifies the module whose LED you want to configure. Configuration options: • • • server-n where n = 1-4 switch-1 cmc-active and specifies whether or not the LED should blink.
The Log in Security page is displayed. 3. To enable the user blocking or IP blocking feature, in the Login Lockout Policy section, select Lockout by User Name or Lockout by IP Address (IPV4) . The options to set the other login lockout policy attributes are activated. 4. Enter the required values for login lockout policy attributes in the activated fields — Lockout Fail Count, Lockout Fail Window , and Lockout Penalty Time. For more information, see the CMC Online Help. 5.
About Standby CMC The standby CMC is identical to and is maintained as a mirror of the active CMC. The active and standby CMCs must both be installed with the same firmware revision. If the firmware revisions differ, the system reports as “redundancy degraded”. The standby CMC assumes the same settings and properties of the active CMC. You must maintain the same firmware version on both the CMCs, but you do not have to duplicate configuration settings on the standby CMC.
1. In the left pane, click Chassis Overview > Front Panel > Setup. 2. On the Front Panel Configuration page, under the Power Button Configuration section, select the Disable Chassis Power Button option, and then click Apply. The chassis power button is disabled. Configuring LCD 1. In the left pane, clickChassis Overview > Front Panel > Setup . 2.
3 Logging in to CMC You can log in to CMC as a CMC local user, as a Microsoft Active Directory user, or as an LDAP user. The default user name and password is root and calvin respectively. You can also log in using Single Sign-On or a Smart Card. NOTE: CMC does not support the following special characters as user name or password from chassis profile using XML: " , ! , #, $, %, ^, &, *, (, ), -, _, +, =, ?, {, }, +, &, >, |, .
NOTE: • For added security, it is strongly recommended that you change the default password of the root account during initial set up. • When Certificate Validation is enabled, FQDN of the system should be provided. If certificate validation is enabled and IP address is provided for the Domain Controller, then the login is not successful. CMC does not support extended ASCII characters, such as ß, å, é, ü, or other characters used primarily in non-English languages.
You are logged in to CMC with your Active Directory credentials. Logging in to CMC Using Single Sign-on When Single Sign-On (SSO) is enabled, you can log in to CMC without providing your domain user authentication credentials, such as user name and password. To use this feature, you must have an Enterprise License. NOTE: You cannot use the IP address to log in to the SSO. Kerberos validates your credentials against the Fully Qualified Domain Name (FQDN).
You can use remote RACADM commands in scripts to configure multiple CMCs. You cannot run the scripts directly on the CMC web interface, because CMC does not support it. For more information about RACADM, see the Chassis Management Controller for PowerEdge VRTX RACADM Command Line Reference Guide. For more information about configuring multiple CMCs, see Configuring Multiple CMCs Using RACADM. Logging in to CMC Using Public Key Authentication You can log in to the CMC over SSH without typing a password.
Changing Default Login Password Using Web Interface When you log in to the CMC web interface, if the Default Password Warning page is displayed, you can change the password. To do this: 1. Select the Change Default Password option. 2. In the New Password field, type the new password. The maximum characters for the password are 20. The characters are masked. The following characters are supported: • • • • 0-9 A-Z a-z Special characters: +, &, ?, >, -, }, |, .
Forcing password change using web interface You can change the default password when you are accessing the CMC interface for the first time. The feature is applicable in environments that are network accessible and require authentication of username and password. You can configure and reset the Forced Password Change feature anytime. It is mandatory to change your password to log in and access the CMC web interface. The username is "root", by default. 1. Enter the New Password.
Conversion of External Shared PERC 8 card High Availability to Non-High Availability Mode using RACADM Dell PowerEdge VRTX chassis must have 2 External Shared PERC 8 cards in PCI slot 5 and PCI slot 6 must be in HA mode. Workflow 1. Power down chassis. Disconnect all SAS cables from External Shared PERC 8 cards to MD12x0 enclosures. 2. Power Up chassis. 3. Login to CMC Racadm and run the following command when the servers are in powered off state: racadm raid set controllers:RAID.ChassisSlot.
4 Updating Firmware You can update firmware for: • • • • CMC Chassis infrastructure VRTX Expander or Storage Backplane Expander Firmware of Inegrated or external enclosures Physical Disks (HDD) per enclosure NOTE: You can update the HDD firmware only if required.
Viewing Currently Installed Firmware Versions You can view the currently installed firmware versions using the CMC web interface or RACADM.
CMC. When both CMCs are updated, you can use the cmcchangeover command to restore the CMCs to their previous roles. CMC firmware revision 2.x updates both the primary CMC and the redundant CMC without running the cmcchangeover command. During the final phases of the firmware update process in CMC, the browser session and connection with CMC is lost temporarily as the CMC is not connected to the network. CMC generates the chassis overall health as critical owing to the temporary network loss.
If the processes are not followed in order, system behavior becomes random and parts of the system may become unstable. The CMC logs IOV or RAID controller messages. Only shared storage VA mappings for PERC 1 and PERC 2 are visible in the older version of CMC. All external shared storage VA mappings do not exist in the previous version of the CMC. If an External Shared PERC 8 card is inserted after the rollback, the CMC treats it as a non-shared adapter.
Updating Chassis Infrastructure Firmware Using CMC Web Interface 1. Go to any of the following pages: • • Chassis Overview > Update. Chassis Overview > Chassis Controller > Update. 2. On the Firmware Update page, in the Chassis Infrastructure Firmware section, in the Update Targets column, select the option, and then click Apply Chassis Infrastructure Firmware. 3. On the Firmware Update page, click Browse, and then select the appropriate chassis infrastructure firmware. 4.
The Firmware Update Progress section provides firmware update status information. A progress bar indicates the status of the upload process. File transfer time varies on the basis of connection speed. When the internal update process begins, the page automatically refreshes and the firmware update timer is displayed. NOTE: Additional instructions to follow: • Do not click the Refresh icon or navigate to another page during the file transfer. • To cancel the process, click Cancel File Transfer and Update.
• Enables you to update all the components on all the blade servers with minimal clicks. • All the updates are packaged in a directory. This avoids individual upload of each component’s firmware. • Faster and consistent method of updating the server components • Enables you to maintain a standard image with the required updates versions of the server components that can be used to update multiple servers in a single operation.
For more information about the Lifecycle Controller and supported server components, and device firmware management, see: • • Lifecycle Controller-Remote Services Quick Start Guide. delltechcenter.com/page/Lifecycle+Controller. The Server Component Update page enables you to update various firmware components on the server. To use the features and functions on this page, you must have: • • For CMC: The Server Administrator privilege. For iDRAC: The Configure iDRAC privilege and Log in to iDRAC privilege.
2. On the Server Component Update page, in the Component/Device Update Filter section, select one or more of the following: • • • • • • • BIOS iDRAC Lifecycle Controller 32-Bit Diagnostics OS Driver Pack Network I/F Controller RAID Controller The Component/Device Update Filter section is displayed only for the Update by File mode of firmware update. The Firmware Inventory section displays only the associated components or devices across all servers present in the chassis.
b. On the System Setup Main Menu page, click iDRAC Settings > Collect System Inventory on Restart, select Enabled, go back to the System Setup Main Menu page, and then click Finish to save the settings. • Options to perform the various Lifecycle Controller operations such as Update, Rollback, Reinstall, and Job Deletion are available. Only one type of operation can be performed at a time.
Configuring Network Share Using CMC Web Interface To configure or edit the Network Share location or credentials: 1. In the CMC web interface, in the system tree, go to Server Overview and then click Network Share. The Edit Network Share page is displayed. NOTE: When you have same folder for chassis, server, and boot identity profile, you may see performance issues if there is more than 100 profiles. 2.
process using the server console. If there are several components or devices that need to be updated on a server, you can consolidate all the updates into one scheduled operation thus minimizing the number of reboots required. Sometimes, when an operation is in the process of being submitted for scheduling through another session or context, another operation is attempted. In this case, a confirmation message is displayed indicating the situation and the operation must not be submitted.
It is recommended to clear the job queue before initializing a server component firmware update. A list of all jobs on the servers is available on the Lifecycle Controller Jobs page. This page enables deletion of single or multiple jobs or purging of all jobs on the server. BIOS updates are specific to the model of the server. Sometimes, even though a single Network Interface Controller (NIC) device is selected for firmware update on a server, the update may get applied to all the NIC devices on the server.
This method provides a quick and easy way to build a custom repository for connected systems that you own using the Dell Repository Manager and the chassis inventory file exported using the CMC Web interface. DRM enables you to create a fully customized repository that only includes the update packages for the specific system configuration. You can also build repositories that contain updates for only out-of-date devices, or a baseline repository that contains updates for all the devices.
Supported Firmware Versions for Server Component Update The following section provides the Server Component Update for CMC. The following table lists the supported firmware versions for server components in a scenario where the existing CMC Firmware version is 3.1 and the server components are updated from N-1 version to N version. NOTE: Server components firmware update from N-1 version to N version is successful when the CMC firmware is at version 2.
Platform Server Component Previous Component Version (N-1 Version) Updated Component Version (N Version) BIOS 1.3.7 1.4.8 Deleting Scheduled Server Component Firmware Jobs NOTE: To use this feature, you must have an Enterprise License. You can delete jobs scheduled for the selected components and/or devices across one or more servers. Deleting Scheduled Server Component Firmware Jobs Using the Web Interface To delete scheduled server component firmware jobs: 1.
5 Viewing Chassis Information and Monitoring Chassis and Component Health You can view information and monitor the health of the following: • • • • • • • • • • Active and standby CMCs All severs and individual servers IO Module Fans Power Supply Units (PSUs) Temperature sensors Hard disk drives LCD assembly Storage controllers PCIe devices NOTE: The health of external components impacts the overall health of the storage component with existing storage health and integrated storage components in VRTX.
To view the chassis health, click Chassis Overview. The system displays the overall health status of the chassis, active and standby CMCs, server modules, IO Module (IOM), fans, blowers, power supply units (PSUs), LCD assembly, storage controller, and PCIe devices. Detailed information about each component is displayed when you click that component. In addition, the latest events in the CMC Hardware Log are also displayed. For more information, see the Online Help.
Icon Description A server is present, but reporting a critical error. A server is not present. Table 15. Server Icon States in 14th generation systems Icon Description A server is present, turned on, and is operating normally. A server is present, but turned off. A server is present, but reporting a noncritical error. A server is present, but reporting a critical error. A server is not present.
Selected Component Information Information for the selected component is displayed in three independent sections: • • • Health and Performance, and Properties — Displays the active, critical, and non-critical events as displayed by the hardware logs and the performance data that vary with time. Properties — Displays the component properties that do not vary with time, or that change only infrequently.
Component Disk Slot Health and Performance Properties • • Health State Properties • • Slot 3 : DVD Enabled Slot 4 : DVD Enabled • • • • • • Model Serial Number Power Status Firmware Version Size Type Quick Links • • • • Physical Disk Status Physical Disk Setup View Controller for this Physical Disk View Virtual Disks for this Physical Disk Power Supply Units Power Status Capacity • • • Power Supply Status Power Consumption System Budget PCIe Devices • • Installed Assigned • • • • • • • •
Viewing Server Model Name and Service Tag You can view the model name and service tag of each server instantly using the following steps: 1. In the left pane, under Server Overview tree node, all the servers (SLOT-01 to SLOT-04) appear in the servers list. If a server is not present in a slot, the corresponding image in the graphic is grayed out. When a full height server occupies slot 1 and slot 3, slot 3 will show the slot name as Extension of 1. 2.
The I/O Module Status page provides an overview of IOM associated with the chassis. For more information, see the Online Help. NOTE: After updating or power cycling the IOM/IOA, make sure that the operating system of the IOM/IOA is also booted correctly. Else, the IOM status is displayed as "Offline". Viewing Information and Health Status of Fans CMC controls the speed of the chassis fan by increasing or decreasing the fan speed on the basis of system events.
To set the offset feature, go to Chassis Overview > Fans > Setup. On the Advanced Fan Configurations page, in the Fan Configuration table, from the Value drop-down menu corresponding to Fan Offset, select an option appropriately. For more information about the Fan Offset feature, see the Online Help.
Viewing Information and Health Status of Temperature Sensors To view the health status of the temperature sensors: In the left pane, click Chassis Overview > Temperature Sensors. The Temperature Sensors Status page displays the status and readings of the temperature probes on the entire chassis (chassis and servers). For more information, see Online Help. NOTE: The temperature probes value cannot be edited. Any change beyond the threshold generates an alert that causes the fan speed to vary.
6 Configuring CMC Chassis Management Controller enables you to configure properties, set up users, and alerts to perform remote management tasks. Before you begin configuring the CMC, you must first configure the CMC network settings to allow CMC to be managed remotely. This initial configuration assigns the TCP/IP networking parameters that enable access to the CMC. For more information, see Setting Up Initial Access to CMC. You can configure CMC using Web interface or RACADM.
solicitations are sent. In such cases, there may be a period when IPv6 connectivity is limited, until router advertisements are gratuitously sent by the IPv6 routers. NOTE: Changing the CMC network settings may disconnect your current network connection. NOTE: You must have Chassis Configuration Administrator privilege to set up CMC network settings. Viewing and Modifying CMC Network LAN Settings Using CMC Web Interface To view and modify the CMC LAN network settings using CMC Web interface: 1.
By default, for IPv4, the CMC requests and automatically obtains a CMC IP address from the Dynamic Host Configuration Protocol (DHCP) server. You can disable the DHCP feature and specify static CMC IP address, gateway, and subnet mask.
Configuring IPv4 and IPv6 DNS Settings • CMC Registration — To register the CMC on the DNS server, type: racadm config -g cfgLanNetworking -o cfgDNSRegisterRac 1 NOTE: Some DNS servers only register names of 31 characters or fewer. Make sure the designated name is within the DNS required limit. • NOTE: The following settings are valid only if you have registered the CMC on the DNS server by setting cfgDNSRegisterRac to 1. CMC Name — By default, the CMC name on the DNS server is cmc-.
Configuring CMC Network and Login Security Settings The IP address blocking and User blocking features in CMC allow you to prevent security issues due to password guessing attempts. This feature enables you to block a range of IP addresses and users who can access CMC. By deafult, the IP address blocking feature is enabled in CMC. You can set the IP range attributes using CMC web interface or RACADM.
Configuring Virtual LAN Tag Properties for CMC Virtual LANfunctionality enables multiple VLANs to coexist on the same physical network cable and to segregate the network traffic for security or load management purposes. When you enable the VLAN functionality, each network packet is assigned a VLAN tag. Configuring Virtual LAN Tag Properties for CMC Using RACADM 1.
The VLAN Tag Settings page is displayed. VLAN tags are chassis properties. They remain with the chassis even when a component is removed. 2. In the CMC section, enable VLAN for CMC, set the priority and assign the ID. For more information about the fields, see the Online Help. 3. Click Apply. The VLAN tag settings are saved. You can also access this page from the Chassis Overview > Servers > Setup > VLAN.
. Disabling FIPS Mode To disable FIPS mode, reset CMC to the default factory settings. Configuring Services You can configure and enable the following services on CMC: • • • • • • • CMC serial console — Enable access to CMC using the serial console. Web Server — Enable access to CMC web interface. Disabling the web server also disables Remote RACADM. SSH — Enable access to CMC through firmware RACADM. Telnet — Enable access to CMC through firmware RACADM RACADM — Enable access to CMC using RACADM.
• cfgRacTuneRemoteRacadmEnable For more information about these objects, see the Chassis Management Controller for PowerEdge VRTX RACADM Command Line Reference Guide available at dell.com/support/manuals. If the firmware on the server does not support a feature, configuring a property related to that feature displays an error. For example, using RACADM to enable remote syslog on an unsupported iDRAC displays an error message.
4. Type the group name in the Group Name field, and then click Apply. NOTE: The same rules that apply for a domain name apply to the group name. When the chassis group is created, the GUI automatically switches to the Chassis Group page. The left pane indicates the group by the group name and the lead chassis, and the unpopulated member chassis appear in the left pane. Adding Members To Chassis Group After the Chassis Group is set up, to add members to the group: 1.
2. In the left pane, click Chassis Overview > Setup > Group Administration. 3. Select None, and then click Apply. Accessing the Web page of a Member Chassis or Server You can access the web page of the member chassis, remote console of the server, or the web page of the iDRAC server from the lead chassis group page. If the member device has the same login credentials as the lead chassis, you can use the same credentials to access the member device.
1. In the left pane, select the Group. 2. On the Chassis Group Health page, click Save Inventory Report. The File Download dialog box is displayed asking you to open or save the file. 3. Click Save and specify the path and file name for the server module inventory report. NOTE: The chassis group leader and chassis group member chassis, and the server module in the associated chassis, must be turned on to get the most accurate server module inventory report.
Chassis Group Inventory and Firmware Version The Chassis Group Firmware Version page displays the group inventory and firmware versions of the servers and the server components in the chassis. This page also enables you to organize the inventory information and filter the firmware versions view.
• • • Import chassis profiles (XML files) to the network share from a local management station. Export chassis profiles (XML files) from the network share to a local management station. Apply, edit, delete, or export a copy of the profiles stored on the network share. Saving Chassis Configuration You can save the current chassis configuration to an XML file on a network share or local management station.
Viewing Stored Chassis Configuration Profiles To view the chassis configuration profiles stored on the network share, go to the Chassis Configuration Profiles page. In the Chassis Configuration Profiles > Stored Profiles section, select the profile and click View in the View Profile column. The View Settings page is displayed. For more information on the displayed settings, see the CMC Online Help.
NOTE: Some configuration files contain unique CMC information (such as the static IP address) that must be modified before you export the file to other CMCs. 1. Use RACADM to query the target CMC that contains the desired configuration. NOTE: The generated configuration file is myfile.cfg. You can rename the file. The .cfg file does not contain user passwords. When the .cfg file is uploaded to the new CMC, you must re-add all passwords. 2. At the command prompt, type: racadm getconfig -f myfile.
• Use the racresetcfg subcommand to configure both the CMCs with identical properties. Use the racresetcfg subcommand to reset the CMC to original defaults, and then run the racadm config -f .cfg command. Make sure that the .cfg file includes all desired objects, users, indexes, and other parameters. For a complete list of objects and groups, see the Chassis Management Controller for PowerEdge VRTX RACADM Command Line Reference Guide.
To view the contents of an indexed group, run the following command: racadm getconfig -g -i • For indexed groups the object anchor must be the first object after the [ ] pair. The following are examples of the current indexed groups: [cfgUserAdmin] cfgUserAdminUserName= • When using remote RACADM to capture the configuration groups into a file, if a key property within a group is not set, the configuration group is not saved as part of the configuration file.
Use RACADM get command for export operation and set command for import operation.You can export chassis profiles (XML files) from CMC to the network share or to a local management station and import chassis profiles (XML files) from the network share or from a local management station. NOTE: By default, the export is done as clone type. You can use the –—clone to get the clone type profile in XML file.
1. To export the chassis configuration profiles as clone.xml file, type the following: racadm –r xx.xx.xx.xx –u USERNAMECMC –p PASSWORDCMC set –f clone.xml –t xml Parsing Rules You can manually edit properties of an exported XML file of chassis configuration profiles. An XML file contains the following properties: • • • System Configuration, which is the parent node. component, which is the primary child node. Attributes, which contains name and value. You can edit these fields.
7 Configuring Servers You can configure the following settings of a server: • • • • • • • Slot Names iDRAC Network Settings DRAC Virtual LAN Tag Settings First Boot Device Server FlexAddress Remote File Share BIOS Settings Using Server Clone Topics: • • • • • • • Configuring Slot Names Configuring iDRAC Network Settings Configuring iDRAC Virtual LAN Tag Settings Setting First Boot Device Configuring Server FlexAddress Configuring Remote File Share Configuring Profile Settings Using Server Configuration R
information about the OMSA agent, see the Dell OpenManage Server Administrator User's Guide available at dell.com/support/ manuals. 4. To use the iDRAC DNS name as slot name, select the Use iDRAC DNS Name for Slot Name option. This option replaces the static slot names with the respective iDRAC DNS names, if it is available. If iDRAC DNS names are not available, the default or edited slot names are displayed.
Setting Description Enable iDRAC IPv4 DHCP Enables or disables DHCP for each iDRAC present in the chassis. If this option is enabled, the fields QuickDeploy IP, QuickDeploy Subnet Mask, and QuickDeploy Gateway are disabled, and cannot be modified since DHCP is used to automatically assign these settings for each iDRAC. To select this option, you must select the Enable iDRAC IPv4 option. Quick Deploy IP address is provided with two options — 2 and 4.
NOTE: Changes that are made to QuickDeploy fields are immediate, but changes that are made to one or more iDRAC server network configuration settings may require a couple of minutes to propagate from CMC to iDRAC. Clicking Refresh early may display only partially correct data for one or more iDRAC servers.
• • • cfgRemoteHosts cfgSerial cfgSessionManagement For more information about the property default values and ranges, see the Chassis Management Controller for PowerEdge VRTX RACADM Command Line Reference Guide available at dell.com/support/manuals. Configuring iDRAC Virtual LAN Tag Settings Virtual LAN (VLAN) tags enable multiple VLANs to coexist on the same physical network cable and to segregate the network traffic for security or load management purposes.
Setting First Boot Device You can specify the CMC first boot device for each server. This may not be the actual first boot device for the server, or may not even represent a device present in that server. It represents a device sent by CMC to the server and used as its first boot device of that server. This device can be set as the default first-boot device or an one-time device so that you can boot an image to perform tasks such as running diagnostics or reinstalling an operating system.
1. In the left pane, click Server Overview, and then click the server for which you want to set the first boot device. 2. Go to Setup > First Boot Device. The First Boot Device page is displayed. 3. From the First Boot Device drop-down menu, select the boot device you want to use for each server. 4. If you want the server to boot from the selected device every time it boots, clear the Boot Once option for the server.
Configuring Profile Settings Using Server Configuration Replication The server configurations replicating feature allows you to apply all profile settings from a specified server to one or more servers. Profile settings that can be replicated are those profile settings which can be modified and are intended to be replicated across servers. The following three profile groups for servers are displayed and can be replicated: • • • BIOS — This group includes only the BIOS settings of a server.
the chassis. To configure the Network Share, click Edit in the Stored Profiles section. For more information about configuring the network share, see Configuring Network Share Using CMC Web Interface. 4. In the Profile Name and Description fields, type the profile name and description (optional), and then click Save Profile. NOTE: When saving a Server Profile, the standard ASCII extended character set is supported. However, the following special characters are not supported: ), “, ., *, >, <, \, /, :, |, #,
2. Click Save or Open to export the profile to the required location. NOTE: If the source profile is on the SD card, a message is displayed indicating that if the profile is exported, then the description is lost. Press OK to continue exporting the profile. A message is displayed prompting you to select the destination of the file: • Local or Network Share if the source file is on an SD card.
• • 12th generation servers — After restarting the server, when the company logo is displayed, select F2. On the iDRAC Settings page, in the left pane, click Lifecycle Controller, and then click CSIOR to enable the changes. 13th generation servers —After restarting the server, when prompted, press F10 to access Dell Lifecycle Controller. Go to the Hardware Inventory page by clicking Hardware Configuration > Hardware Inventory. On the Hardware Inventory page, click Collect System Inventory on Restart.
• A slot that does not have any profile assigned to it is indicated by the term “No Profile Selected” that appears in the select box. • To remove a profile assignment from one or more slots, select the slots and click Remove Assignment A message is displayed warning you that removing a profile from the slot or slots removes the configuration settings in the profile from any server (s) inserted in the slot (s) when Quick Deploy Profiles feature is enabled. Click OK to remove the profile assignments.
2. Click Save Identity. The Save Identity section is displayed. NOTE: Boot identity is saved only if the Network Share option is enabled and accessible, the details are displayed in the Stored Profiles section. If the Network Share is not connected, configure the network share for the chassis. To configure the network share, click Edit in the Stored Profiles section. For more information, see Configuring Network Share Using CMC Web Interface. 3.
NOTE: This option is enabled only if any of the servers are selected and boot identity profiles are applied to the selected servers. 2. Click Clear Identity. 3. Click OK to clear the boot identity profile from the selected server. The clear operation disables the IO Identity and persistence policy of the server. On completion of the clear operation, the server is powered off.
NOTE: The virtual MAC Addresses are managed in the vmacdb.xml file in the network share. A hidden lock file (.vmacdb.lock) is added and removed from the network share to serialize boot identity operations from multiple chassis. Creating MAC Pool You can create MAC pool in the network by using the Manage Virtual MAC Address Pool option available in the CMC web interface. NOTE: The Create MAC Pool section is displayed only if the MAC address database (vmacdb.xml) is not available in the network share.
To remove MAC addresses from the network share: 1. Go to the Server Profiles page. In the Boot Identity Profiles > Manage Virtual MAC Address Pool section, select the active MAC address(es) that you want to deactivate. 2. Click Deactivate MAC Address(es). Launching iDRAC using Single Sign-On CMC provides limited management of individual chassis components, such as servers.
• The browser on host system allows pop-up windows (pop-up blocking is disabled). Remote Console can also be launched from the iDRAC Web interface. For more details, see the iDRAC User’s Guide available at dell.com/ support/manuals. Launching Remote Console from Chassis Health Page To launch a remote console from the CMC Web interface: 1. In the left pane, click Chassis Overview, and then click Properties. 2. On the Chassis Health page, click the specified server in the chassis graphic. 3.
8 Configuring CMC To Send Alerts You can set alerts and actions for certain events that occur on the chassis. An event is generated when a device or service’s status has changed or an error condition is detected. If an event matches an event filter and you have configured this filter to generate an alert message (email alert or SNMP trap), then an alert is sent to one or more configured destinations such as email address, IP address, or an external server. To configure CMC to send alerts: 1. 2. 3. 4.
The Monitored Alerts section displays the results based on the selected category and severity. For information about the field descriptions on the this page, see the Online Help. 4. Click Apply. Setting Event Alerts Using RACADM To set an event alert, run the eventfilters command. For more information, see the Chassis Management Controller for PowerEdge VRTX RACADM Command Line Reference Guide available at dell.com/support//manuals.
c) Configure using subcategory as a parameter. For example, all configurations under the licensing subcategory in the audit category are assigned poweroff as action and all notifications are enabled: racadm eventfilters set -c cmc.alert.audit.lic -n all d) Configure using subcategory and severity as parameters. For example, all Information events under the licensing subcategory in the audit category are assigned poweroff as action and all notifications are disabled: racadm eventfilters set -c cmc.alert.
1. In the left pane, click Chassis Overview > Alerts > E-mail Alert Settings. 2. Specify the SMTP email server settings and the email addresses to receive the alerts. For information about the field descriptions, see the Online Help. 3. Click Apply to save the settings. 4. Click Send under Test E-mail to send a test email to the specified email alert destination. Configuring EMail Alert Settings Using RACADM To send a test email to an email alert destination using RACADM: 1.
9 Configuring User Accounts and Privileges You can set up user accounts with specific privileges (role-based authority) to manage your system with CMC and maintain system security. By default, CMC is configured with a local administrator account. The default user name is rootand the password is calvin. As an administrator, you can set up user accounts to allow other users to access the CMC.
Privilege Description NOTE: CMC users with the Chassis Configuration Administrator privilege can configure power settings. However, the Chassis Control Administrator privilege is required to perform chassis power operations, including power on, power off, and power cycle. User Configuration Administrator User can: Clear Logs Administrator User can clear the hardware log and CMC log.
Privilege Description Test Alert User User can send test alert messages. Debug Command Administrator User can execute system diagnostic commands. Fabric A Administrator User can set and configure the Fabric A IOM. Fabric B Administrator User can set and configure the Fabric B, which corresponds to the first mezzanine card in the servers and is connected to the fabric B circuitry in the shared PCIe subsystem in the main board.
Privilege Set Administrator Permissions Power User Permissions Guest User Permissions Chassis Control Administrator (Power commands) Yes Yes No Server Administrator Yes Yes No Test Alert User Yes Yes No Debug Command Administrator Yes No No Fabric A Administrator Yes Yes No Modifying Root User Administrator Account Settings For added security, it is strongly recommended that you change the default password of the root (User 1) account.
NOTE: Users can be enabled and disabled over time, and disabling a user does not delete the user from the database. To verify if a user exists, open a Telnet/SSH text console to the CMC, log in, and then type the following command once for each index of 1–16: racadm getconfig -g cfgUserAdmin -i NOTE: You can also type racadm getconfig -f and view or edit the myfile.cfg file, which includes all the CMC configuration parameters.
To delete a CMC user, the command syntax is: racadm config -g cfgUserAdmin -o cfgUserAdminUserName -i "" racadm config -g cfgUserAdmin -i 2 -o cfgUserAdminPrivilege 0x0 A null string of double quotation marks ("") instructs CMC to remove the user configuration at the specified index, and then reset the user configuration to the factory default values. Enabling CMC User With Permissions To enable a user with specific administrative permissions (role-based authority): 1.
Table 23.
4. Click Apply to save the settings. NOTE: You must apply the settings before continuing. If you do not apply the settings, the settings are lost when you navigate to the next page. 5. In the Standard Schema Role Groups section, click a Role Group. The Configure Role Group page is displayed. 6. Specify the group name, domain, and privileges for a role group. 7. Click Apply to save the role group settings and then click Go Back To Configuration page. 8.
racadm config -g cfgActiveDirectory -o cfgADGlobalCatalog3 NOTE: The Global Catalog server is only required for standard schema when the user accounts and role groups are in different domains. In multiple domain case, only the Universal Group can be used.
NOTE: The RAC privilege object applies to CMC. You can create as many or as few association objects as required. However, you must create at least one Association Object, and you must have one RAC device object for each RAC (CMC) on the network that you want to integrate with Active Directory. The Association Object allows as many or as few users and/or groups as well as RAC Device Objects. However, the Association Object only includes one Privilege Object per Association Object.
To use the LDIF files, see the instructions in the Release Notes included in the LDIF_Files directory. You can copy and run the Schema Extender or LDIF files from any location. Using Dell Schema Extender CAUTION: The Dell Schema Extender uses the SchemaExtenderOem.ini file. To make sure that the Dell Schema Extender utility functions properly, do not modify the name of this file. 1. In the Welcome screen, click Next. 2. Read and understand the warning and click Next. 3.
OID 1.2.840.113556.1.8000.1280.1.1.1.3 Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsTestAlertUser dellIsDebugCommandAdmin dellPermissionMask1 dellPermissionMask2 Table 28. dellPrivileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.4 Description Used as a container Class for the Dell Privileges (Authorization Rights). Class Type Structural Class SuperClasses User Attributes dellRAC4Privileges Table 29.
Assigned OID/Syntax Object Identifier Single Valued OID: 1.2.840.113556.1.8000.1280.1.1.2.3 Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Attribute: dellIsUserConfigAdmin TRUE Description: TRUE if the user has User Configuration Administrator rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.5 Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Attribute: delIsLogClearAdmin TRUE Description: TRUE if the user has Clear Logs Administrator rights on the device. OID: 1.2.840.
Assigned OID/Syntax Object Identifier Single Valued OID: 1.2.840.113556.1.8000.1280.1.6.2.2 Integer (LDAPTYPE_INTEGER) Installing Dell Extension to the Active Directory Users and Computers Snap-In When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers Snap-in so the administrator can manage RAC (CMC) devices, users and user groups, RAC associations, and RAC privileges.
4. Select the scope for the Association Object and click OK. Adding Objects To Association Object Using the Association Object Properties window, you can associate users or user groups, privilege objects, and RAC devices or RAC device groups. If your system is running on Microsoft Windows 2000 operating system or later version, use Universal Groups to span domains with your user or RAC objects. You can add groups of Users and RAC devices. Adding Users Or User Groups To add users or user groups: 1.
6. If you have enabled certificate validation, you must upload the domain forest root certificate authority-signed certificate to CMC. In the Manage Certificates section, type the file path of the certificate or browse to the certificate file. Click Upload to upload the file to CMC. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension.
Using the following RACADM command may be optional: racadm sslcertdownload -t 0x1 -f < RAC SSL certificate > Configuring Generic LDAP Users CMC provides a generic solution to support Lightweight Directory Access Protocol (LDAP)-based authentication. This feature does not require any schema extension on your directory services. A CMC administrator can now integrate the LDAP server user logins with CMC. This integration requires configuration on both LDAP server and CMC.
• • Common Settings Server to use with LDAP: • • Static server — Specify the FQDN or IP address and the LDAP port number. DNS server — Specify the DNS server to retrieve a list of LDAP servers by searching for their SRV record within the DNS. The following DNS query is performed for SRV records: _[Service Name]._tcp.[Search Domain] where is the root level domain to use within the query and is the service name to use within the query. For example: _ldap._tcp.dell.
10 Configuring CMC For Single Sign-On Or Smart Card Login This section provides information to configure CMC for Smart Card login and Single Sign-On (SSO) login for Active Directory users. SSO uses Kerberos as an authentication method allowing users, who have signed in as an automatic- or single sign-on to subsequent applications such as Exchange.
CMC • • Each CMC must have an Active Directory account. CMC must be a part of the Active Directory domain and Kerberos Realm. Prerequisites For Single Sign-On Or Smart Card Login The pre-requisites to configure SSO or Smart Card logins are: • • • • • • Set up the kerberos realm and Key Distribution Center (KDC) for Active Directory (ksetup). A robust NTP and DNS infrastructure to avoid issues with clock drift and reverse lookup.
Internet Explorer To configure Internet Explorer for Single Sign-On: 1. In the Internet Explorer, select Tools > Internet Options. 2. On the Security tab, under Select a zone to view or change security settings, select Local Intranet. 3. Click Sites. The Local Intranet dialog box is displayed. 4. Click Advanced . The Local Intranet Advance Settings dialog box is displayed. 5. In the Add this site to the zone, type the name of CMC and the domain it belongs to and click Add.
A command success indicates that CMC is able to acquire Kerberos credentials and access the user's Active Directory account. If the command is not successful, resolve the error and run the command again. For more information, see the Chassis Management Controller for PowerEdge VRTX RACADM Command Line Reference Guide on dell.com/support/manuals.
11 Configuring CMC to Use Command Line Consoles This section provides information about the CMC command line console (or serial/Telnet/Secure Shell console) features, and explains how to set up the system so that you can perform systems management actions through the console. For information about using the RACADM commands in CMC through the command line console, see the Chassis Management Controller for PowerEdge VRTX RACADM Command Line Reference Guide.
In the command line interface, you can manage session timeouts using the racadm command, racadm getconfig -g cfgSessionManagement. For more information, see the Chassis Management Controller Version for Dell PowerEdge VRTX Command Line Reference Guide. Using SSH With CMC SSH is a command line session that includes the same capabilities as a Telnet session, but with session negotiation and encryption to improve security. CMC supports SSH version 2 with password authentication.
Configure Public Key Authentication Over SSH You can configure up to six public keys that can be used with the service username over an SSH interface. Before adding or deleting public keys, make sure to use the view command to see what keys are already set up, so that a key is not accidentally overwritten or deleted. The service username is a special user account that can be used when accessing the CMC through SSH.
Generating Public Keys for Systems Running Linux The ssh-keygen application for Linux clients is a command line tool with no graphical user interface. Open a terminal window and at the shell prompt type: ssh-keygen –t rsa –b 1024 –C testing where, –t must be dsa or rsa. –b specifies the bit encryption size between 768 and 4096. –c allows modifying the public key comment and is optional. The is optional.
• • Linux Minicom. Hilgraeve’s HyperTerminal Private Edition (version 6.3). Complete the tasks in the following subsections to configure the required type of terminal software. Configuring Linux Minicom Minicom is a serial port access utility for Linux. The following steps are valid for configuring Minicom version 2.0. Other Minicom versions may differ slightly, but require the same basic settings.
For servers, serial console redirection can be accomplished using: • CMC command line interface (CLI) or the RACADM connect command. For more information about running the RACADM commands, see the Chassis Management Controller for PowerEdge VRTX RACADM Command Line Reference Guide. iDRAC Web interface serial console redirection feature. iDRAC Serial Over LAN (SOL) functionality.
3. Go to Serial Communication , and then press . In the dialog box, the serial communication list displays the following options: • • • off on without console redirection on with console redirection via COM1 To navigate between these options, press the appropriate arrow keys. NOTE: Make sure that the On with console redirection via COM1 option is selected. 4. Enable Redirection After Boot (default value is disabled). This option enables BIOS console redirection across subsequent reboots. 5.
/dev/sda1 hda=ide-scsi console=ttyS0 console= ttyS1,57600 initrd /boot/initrd-2.4.9-e.3smp.img title Red Hat Linux Advanced Server-up (2.4.9-e.3) root (hd0,00) kernel /boot/vmlinuz-2.4.9-e.3 ro root=/dev/sda1 initrd /boot/initrd-2.4.9-e.3.img When you edit the /etc/grub.conf file, follow these guidelines: • • Disable GRUB's graphical interface and use the text-based interface. Else, the GRUB screen is not displayed in console redirection.
installed and your # UPS is connected and working correctly. pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down" # If power was restored before the shutdown kicked in, cancel it.
12 Using FlexAddress and FlexAdress Plus This section provides information about FlexAddress, FlexAddress Plus, and configuring. NOTE: An Enterprise License must be installed on the CMC to use the Flexaddress feature.
. NOTE: Lock the SD card prior to inserting in the USB Memory Card Reader to prevent accidentally modifying any contents. Unlock the SD card before inserting into CMC. About FlexAddress Plus The FlexAddress Plus is a new feature added to the feature card version 2.0. It is an upgrade from FlexAddress feature card version 1.0. FlexAddress Plus contains more MAC addresses than the FlexAddress feature.
The command returns the following status message: Feature Name = FlexAddress Date/time Activated = 05 Oct 2013 - 11:50:49 Feature installed from SD-card serial number = CN0H871T1374036T00MXA00 Feature Name = FlexAddressPlus Date/time Activated = 05 Oct 2013 - 11:50:49 Feature installed from SD-card serial number = CN0H871T1374036T00MXA00 Feature Name = ExtendedStorage Current Status = redundant, active Date/time Activated = 05 Oct 2013 - 11:50:58 Feature installed from SD-card serial number = CN0H871T137403
Configuring FlexAddress for Chassis-Level Fabric and Slots Using CMC Web Interface If a server is present in the slot, turn it off before enabling the FlexAddress feature on that slot. To enable or disable fabric and slots to use the FlexAddress feature using the CMC Web interface: 1. In the left pane, click Server Overview > Setup > FlexAddress.. 2.
Viewing World Wide Name or Media Access Control Addresses The WWN/MAC Summary page allows you to view the World Wide Name (WWN) configuration and Media Access Control (MAC) address of a slot in the chassis. Fabric Configuration The Fabric Configuration section displays the type of Input/Output fabric that is installed for Fabric A. A green check mark indicates that the fabric is enabled for FlexAddress.
Viewing Basic WWN or MAC Address Information Using Web Interface To view WWN/MAC Address information for each server slot or all servers in a chassis, in the basic mode: 1. Click Server Overview > Properties > WWN/MAC The WWN/MAC Summary page displays the WWN/MAC Address Information. Alternatively, click Server Overview > Slot > Setup > FlexAddress to view the WWN/MAC Address information for a specific server slot. The FlexAddress page is displayed. 2.
Viewing WWN or MAC Address Information Using RACADM To view WWN/MAC address information for all servers or specific servers using RACADM, use the getflexaddr and getmacaddress subcommands. To display Flexaddress for the entire chassis, use the following RACADM command: racadm getflexaddr To display Flexaddress status for a particular slot, use the following RACADM command: racadm getflexaddr [-i ] where is a value from 1 to 4.
Table 36. FlexAddress Commands and Output Situation Command Output SD card in the active CMC module is bound to another service tag. $racadm featurecard -s The feature card inserted is valid and contains the following feature(s) FlexAddress: bound to another chassis, svctag = SD card SN = SD card in the active CMC module that is $racadm featurecard -s bound to the same service tag.
intellectual property rights in and to Software is owned by the manufacturer or owner of the Software. All rights not expressly granted under this agreement are reserved by the manufacturer or owner of the Software. By opening or breaking the seal on the Software packet(s), installing or downloading the Software, or using the Software that has been preloaded or is embedded in your product, you agree to be bound by the terms of this agreement.
Contractor/manufacturer is Dell Products, L.P., One Dell Way, Round Rock, Texas 78682. GENERAL This license is effective until terminated. It terminates upon the conditions set forth above or if you fail to comply with any of its terms. Upon termination, you agree that the Software and accompanying materials, and all copies thereof, is destroyed. This agreement is governed by the laws of the State of Texas. Each provision of this agreement is severable.
13 Managing Fabrics The chassis supports a fabric type, which is Fabric A. Fabric A is used by the single I/O Module, and is always connected to the on-board Ethernet adapters of the servers. The chassis has only one I/O module (IOM), where the IOM is a pass-through or switch module. The I/O Module is classified as group A. Chassis IOM uses a discrete data path called Fabric, and it is named A. The Fabric A supports only Ethernet.
Configuring Network Settings for IOM Using CMC Web Interface To configure the network settings for I/O Module: 1. In the left pane, click Chassis Overview, click I/O Module Overview, and then click Setup. Alternatively, to configure the network settings of the only available I/O module that is A, click A Gigabit Ethernet, and then click Setup. On the Configure I/O Module Network Settings page, type appropriate data, and then click Apply. 2.
14 Managing and Monitoring Power The PowerEdge VRTX chassis is the most power-efficient modular server enclosure. It is designed to include highly efficient power supplies and fans, has an optimized layout for the air to flow more easily through the system, and contains power-optimized components throughout the enclosure.
Redundancy Policies Redundancy policy is a configurable set of properties that determine how CMC manages power to the chassis. The following redundancy policies are configurable with or without dynamic PSU engagement: • • Grid redundancy Power supply redundancy Grid Redundancy Policy The purpose of the Grid redundancy policy is to enable a modular enclosure system to operate in a mode in which it can tolerate AC power failures.
To operate remaining PSUs at their maximum efficiency, use the following power redundancy modes: • • • PSU Redundancy mode with DPSE provides power efficiency. At least two supplies are online, with one PSU required to power the configuration, and one to provide redundancy in case of a PSU failure. PSU Redundancy mode offers protection against the failure of any one PSU, but offers no protection in the event of an AC grid loss.
Power Budgeting For Hardware Modules CMC offers a power budgeting service that allows you to configure power budget, redundancy, and dynamic power for the chassis. The power management service enables optimization of power consumption and reallocation of power to different modules on the basis of demand. CMC maintains a power budget for the enclosure that reserves the necessary wattage for all installed servers and components. CMC allocates power to the CMC infrastructure and the servers in the chassis.
According to the default server slot priority setting, power is equally apportioned to all slots. Changing the slot priorities allows administrators to prioritize the servers that are given preference for power allocations. If the more critical server modules are left at their default slot priority of 1, and the less critical server modules are changed to lower priority value of 2 or higher, the priority 1 server modules is powered on first.
Viewing Power Consumption Status Using CMC Web Interface In the left pane, click Chassis Overview > Power > Power Monitoring. The Power Monitoring page displays the power health, system power status, real-time power statistics, and real-time energy statistics. For more information, see the Online Help. NOTE: You can also view the power redundancy status under Power Supplies.
wait for eight-and-a-half minutes to determine if redundancy exists. Ensure that the redundancy state is healthy before initiating any failover owing to the health changes. NOTE: CMC does not perform a pre-check of these conditions when you change the redundancy policy to or from Grid redundancy. So, configuring the redundancy policy may immediately result in redundancy lost or a regained condition.
Table 39. Chassis Impact from PSU Failure or Removal PSU Configuration Dynamic PSU Engagement Firmware Response Grid Redundancy Disabled CMC alerts you about loss of Grid redundancy. Power Supply Redundancy Disabled CMC alerts you about loss of power supply redundancy. Grid Redundancy Enabled CMC alerts you about loss of Grid Redundancy. PSUs in standby mode (if any) are turned on to compensate for power budget lost from the PSU failure or removal.
• • Server Based Power Management Disable AC Power Recovery Power Conservation and Power Budget CMC conserves power when the user-configured maximum power limit is reached. When the demand for power exceeds the user configured System Input Power Cap, CMC reduces power to servers in reverse-priority order to free power for higher priority servers and other modules in the chassis.
External Power Management CMC power management is optionally controlled by the OpenManage Power Center (OMPC). For more information, see the OMPC User’s Guide.
To enable and set the redundancy policy: 1. Open a serial/Telnet/SSH text console to CMC and log in. 2. Set properties as needed: • To select a redundancy policy, type: racadm config -g cfgChassisPower -o cfgChassisRedundancyPolicy where is 1 (Grid Redundancy), and 2 (Power Supply Redundancy). The default value is 2.
• To determine the power remote logging interval, enter the following command: racadm getconfig -g cfgRemoteHosts -o cfgRhostsSyslogPowerLoggingInterval • The power remote logging feature is dependent on previously configured remote syslog hosts having been . Logging to one or more remote syslog hosts must be enabled, otherwise power consumption is logged. This can be done either through the web GUI or the RACADM CLI. For more information, see the remote syslog configuration instructions.
Executing Power Control Operations on the Chassis Using RACADM Open a serial/Telnet/SSH text console to CMC, log in, and type: racadm chassisaction -m chassis where is powerup, powerdown, powercycle, nongraceshutdown, or reset. Executing Power Control Operations on a Server You can remotely perform power management actions for multiple servers at a time or an individual server in the chassis. NOTE: The modular blade servers are in throttle state during CMC reboot or failover.
Executing Power Control Operations on the IOM Using RACADM To execute power control operations on the IOM using RACADM, open a serial/Telnet/SSH text console to CMC, log in, and type: racadm chassisaction -m switch where indicates the operation you want to execute: power cycle.
15 Managing Chassis Storage On the Dell PowerEdge VRTX, you can perform the following operations: • • • • • • • • View the status of physical disks drives and storage controllers. View the properties of controllers, physical disk drives, virtual disks, and enclosures. Set up controllers, physical disk drives, and virtual disks. Assign virtual adapters. Troubleshoot controller, physical disk drives, and virtual disks. Update storage components.
1. In the left pane, click Chassis Overview > Storage > Properties > Storage Overview. 2. On the Storage Overview page, you can: • • • • View the graphic summary of the physical disk drives installed in the chassis and their status. View the summary of all the storage components with links to their respective pages. View the used capacity and total capacity of the storage. View controller information.
• • One Shared PERC detected • One expanders detected • Shared PERC and expanders correctly cabled View the status of each attribute that indicates if the fault-tolerant criteria is fulfilled. NOTE: If the attribute in a fault-tolerant environment is not matching the criterion, then an Update Now option is displayed for that attribute. NOTE: A Learn How option is displayed against some of the attributes. For more information about the attribute, click Learn How. 3.
NOTE: Consider a VA assigned to server in the lower slot (3 or 4). When a half height server (slot 3 or 4) is replaced with a full height server, the full height server does not access the VA assigned to lower slots. Inserting a half height server again, provides access to the VA. Map or un-map a PERC Virtual Controller to blade: • • • Each External Shared PERC 8 card has four virtual adapters (VA).
1. Turn off the server modules. 2. Click Server Overview > Power > Control > Power Off Server. 3. Modify the security key on one or both of the existing non-fault-tolerant controllers so that the keys match. 4. Power cycle the chassis. 5. Verify if the controllers have matching keys. Viewing Controller Properties Using CMC Web Interface To view the controller properties: 1. In the left pane, click Chassis Overview > Controller. 2.
Configuring Storage Controller Settings Using CMC Web Interface Make sure at least one storage controller is installed in the chassis. Toconfigure the storage controller settings: 1. In the CMC Web interface, go to Chassis Overview > Storage > Controllers > Setup. 2. On the Controller Setup page, from the Controller drop-down menu, select the controller.
To change the operational mode using the RACADM CLI: • • • Run the racadm raid enableperc:RAID.ChassisIntegrated.2-1 command to enable the Integrated 2 shared PERC 8 and Fault Tolerant mode, if second integrated shared PERC8 is disabled. Run the racadm raid enableperc:RAID.ChassisSlot.6-1 command to enable external Shared PERC8 in slot 6. Run the racadm raid disableperc:RAID.ChassisIntegrated.2-1 command to disable Second Integrated shared PERC8 and Fault Tolerant mode.
• On the Controller Troubleshooting page, from the Actions drop-down menu for External Shared PERC 8 card in slot 5 or slot 6, select one of the following, and then click Apply. • • • • • • Disable RAID Controller — Disables the RAID controller. Enable RAID Controller — Enables the RAID controller. If the PERC is already disabled, then Enable Raid Controller option is available in the drop-down menu.
Viewing Physical Disk Properties Using the CMC Web Interface Make sure that physical disks are installed on the chassis. To view the properties of physical disk drives: 1. In the left pane, go to Chassis Overview > Storage > Physical Disks. The Properties page is displayed. 2. To view properties of all the physical disk drives, under the Physical Disks section, click the .
For more information about using RACADM commands, see the Chassis Management Controller for PowerEdge VRTX RACADM Command Line Reference Guide. Recovering Physical Disks To recover a physical disks: 1. In the CMC Web Interface, go to Chassis Overview > Storage > Physical Disks > Setup. 2.
Managing Encryption Keys An encryption or security key, created on a controller, is used to lock or unlock access to secure virtual disks created on SEDs. You can create only one encryption key for an encryption-capable controller. You can create encryption keys by entering an encryption key identifier and passphrase, on the Controller Setup page. CMC also allows you to modify encryption key passphrases and delete encryption keys.
A confirmation message is displayed. 3. Click OK to proceed. After you delete the encryption key, all the SEDs that are not part of the virtual disks are secure-erased. For more information, see the Online Help. Deleting Encryption Key Using RACADM To delete an encryption key by running a RACADM command, use the following syntax: racadm raid deletesecuritykey:RAID.ChassisIntegrated.1-1 For more information, see the Chassis Management Controller PowerEdge VRTX RACADM Command Line Reference Guide.
The key ID used in unlocking is used only to identify the drives with matching the key ID. After the matching drives are found, the passphrase is used for unlocking the drives. Unlocking Foreign Configuration Using CMC Web Interface To unlock the foreign configuration: 1. In the left pane, click Chassis Overview > Storage > Controllers > Setup. 2. Navigate to the Setup page. 3. Click Click here to Unlock. The Physical Disks page is displayed. 4. Select the physical disks that you want to unlock. 5.
Applying Virtual Adapter Access Policy To Virtual Disks Make sure that physical disk drives are installed and the virtual disks are created. To apply the virtual adapter access policy: 1. In the left pane, click Chassis Overview > Storage > Virtual Disks > Assign. 2. On the Assign Virtual Disks page, under the Access Policy for Virtual Adapters section, from the Virtual Adapter drop-down menu, select Full Access to each physical disk drive. 3. Click Apply.
Viewing EMM Status and Attributes Using Web Interface To view the status and attributes of the EMM: Click Chassis Overview → Storage → Enclosures → Properties. The Enclosures page provides the EMM status and attributes of the enclosures in the chassis. Expand the integrated enclosure or external enclosures to view the status and attributes of the EMM. For more information, see the CMC Online Help.
Setting Asset Tag and Asset Name of the Enclosure Using Web Interface To set the asset tag and asset name of the enclosure, click Chassis Overview → Storage → Enclosures → Setup. Type the Asset Tag and Asset Name in the appropriate fields, and then click Apply. For more information, see the CMC Online Help. Setting Asset Tag and Asset Name of the Enclosure Using RACADM To set asset tag of the enclosure, use racadm raid set enclosures: Enclosure.External.0-0:RAID.ChassisSlot.5-1 –p AssetTag command.
Click Chassis Overview → Storage → Enclosures → Setup. Select the enclosure from the Enclosure drop-down menu, then enter the appropriate values for minimum and maximum for warning threshold temperatures of temp sensor 2 and 3. Type the Asset tag and Asset name in the appropriate fields, and then click Apply. For more information, see the CMC Online Help.
16 Managing PCIe Slots By default, all slots are unmapped. You can do the following: • • View the status of all PCIe Slots in the chassis. Assign or remove an assigned PCIe slot from the servers. Consider the following before assigning a PCIe slot to a server: • • • An empty PCIe slot cannot be assigned to a server that is turned on. A PCIe slot with an adapter assigned to a server cannot be assigned to another server if the currently-assigned server (source) is turned on.
Assigning PCIe Slots To Servers Using CMC Web Interface To assign PCIe slots to the servers: • In the left pane, click Chassis Overview > PCIe Overview > Setup > Mapping: PCIe Slots to Server Slots. On the Mapping: PCIe Slots to Server Slots page, in the Action column, from the Action drop-down menu, select the appropriate server name, and then click Apply. Note the following: • • • • • • • Without a license, the maximum number of PCIe slots that maybe mapped to a half-height server is two.
• • Preparing multiple cards for configuration by server BIOS Initializing all cards prior to blade node power-on All these processes require few seconds to complete which causes a delay in initialization of the PCIe cards. The PCIe Ride-through feature in CMC VRTX reduces this process cycle time. The PCIe Ride-through feature enables the following: • • The Server nodes are turned on quickly, thus turning on the PCIe cards quickly.
Configuring PCIe Ride-through Properties Status Using RACADM You can configure the PCIe power ride-through properties, by running the following commands: • • • • To disable the Ride-through feature, run the command, racadm setpciecfg ridethru –d To enable the Ride-through feature, run the command, racadm setpciecfg ridethru –e To reset the Ride-through timeout property, run the command, racadm setpciecfg ridethru –t To set the acceptable timeout range, run the command, racadm setpciecfg help ride
17 Troubleshooting and Recovery This section explains how to perform tasks related to recovering and troubleshooting problems on the remote system using the CMC web interface. • • • • • • • • • • • • • Viewing chassis information. Viewing the event logs. Gathering configuration information, error status, and error logs. Using the diagnostic console. Managing power on a remote system. Managing Lifecycle Controller jobs on a remote system. Reset components.
NOTE: Make sure that the CMC module is in a passive state before you begin. While the J_PWORD jumper is installed, the default administrator account and password is enabled and set to the following default values: username: root password: calvin The administrator account is reset regardless of whether the account has been removed, or the password was changed.
Supported Interfaces • • • CLI RACADM Remote RACADM Telnet RACADM racdump includes the following subsystems and aggregates the following RACADM commands. For more information about racdump, see the RACADM Command Line Reference Guide for CMC in PowerEdge VRTX. Table 43.
• to support the total power allocations for the chassis to maintain Grid redundancy. (For full Grid Redundancy operation, make sure that a full PSU configuration of four power supplies is available.) • Resolution B: Check if all power supplies are properly connected to the two AC grids; power supplies in side 1 must be connected to one AC grid, those in side 2 must be connected to the other AC grid, and both AC grids must be working. Grid Redundancy is lost when one of the AC grids is not functioning.
Viewing Hardware Log CMC generates a hardware log of events that occur on the chassis. You can view the hardware log using the web interface and remote RACADM. NOTE: To clear the hardware log, you must have Clear Logs Administrator privilege. NOTE: You can configure CMC to send email or SNMP traps when specific events occur. For information on configuring CMC to send alerts, see Configuring CMC To Send Alerts.
Viewing Chassis Logs Using RACADM To view the chassis log information using RACADM, open a serial, Telnet, SSH text console to CMC, log in, and enter the following: racadm chassislog view This command displays the latest 25 chassis log entries. To display the options available to view chassislogs, run the following command: racadm chassislog help view Viewing Chassis Logs Using the Web Interface You can view, save, and clear the chassis log. You can filter the logs based on the log type and filter.
NOTE: • CMC does not reset upon restoring configuration, however CMC services may take some time to effectively impose any changed or new configuration. After successful completion, all current sessions are closed. • Flexaddress information, server profiles, and extended storage are not saved or restored with the Chassis Configuration.
Interpreting LED Colors and Blinking Patterns The LEDs on the chassis provide the following status of a component: • • • Steadily glowing green LEDs indicate that the component is turned on. If the green LED is blinking, it indicates a critical but routine event, during which the unit is not operational. It does not indicate a fault. A blinking amber LED on a module indicates a fault on that module. Blue, blinking LEDs are configurable by the user and used for identification.
Component Blower PSU Enclosure LED Color, Blinking Pattern Status Blue, dark No fault Green, glowing steadily Fan working Green, blinking Not used Green, dark Turned off Amber, glowing steadily Fan type not recognized, update the CMC firmware Amber, blinking Fan fault; tachometer out of range Amber, dark Not used (Oval) Green, glowing steadily AC OK (Oval) Green, blinking Not used (Oval) Green, dark AC Not OK Amber, glowing steadily Not used Amber, blinking Fault Amber, dark N
• • • DHCP — Traces packets sent to and received from a DHCP server. DDNS — Traces dynamic DNS update requests and responses. Configuration changes to the network interfaces. The trace log may also contain CMC firmware-specific error codes that are related to the integrated CMC firmware, not the managed system’s operating system. Troubleshooting Controller To troubleshoot a controller: 1. In the left pane, click Chassis Overview > Storage > Controllers > Troubleshooting. 2.
18 Using LCD Panel Interface You can use the LCD panel on the chassis to perform configuration and diagnostics, and to obtain status information about the chassis and its contents. The following figure illustrates the LCD panel. The LCD screen displays menus, icons, pictures, and messages. Figure 4. LCD Display 1. LCD screen 2. Selection ("check") button 3.
Icon Normal Icon Highlighted Icon Name and Description Skip/Next — Highlight and press the center button to skip any changes and go to the next screen. No — Highlight and press the center button to answer "No" to a question and go to the next screen. Component Identify — Blinks the blue LED on a component. NOTE: There is a blinking blue rectangle around this icon when Component Identify is enabled.
IP Summary Menu The IP Summary screen displays the IP information about the CMC (IPv4 and IPv6), and each server that is installed on the chassis. Use the up and down arrow buttons to scroll through the list. Use the left and right arrow buttons to scroll selected messages that are longer than the screen. Use the up and down arrow buttons to select the Back icon and press the center button to return to the Enclosure menu.
Front Panel LCD Messages This section contains two subsections that list error and status information that is displayed on the front panel LCD. Error messages on the LCD have a format that is similar to the System Event Log (SEL) viewed from the CLI or Web interface. The tables in the error section list the error and warning messages that are displayed on the various LCD screens and the possible cause of the message. Text enclosed in angled brackets (< >) indicates that the text may vary.
Table 49. PSU Status Item Description Name/Location Example: PSU1, PSU2, and so on. Error Messages If there are no errors, No Errors is displayed. Else, error messages are listed where critical ones are first listed, and then the warning-related. Status Offline, Online, or Standby — Indicates the power status of a PSU. Maximum Wattage Maximum Wattage that PSU can supply to the system. Table 50.
Table 54. SPERC Status Item Description SPERC: Displays the SPERC name in the format SPERC n, where 'n' is the SPERC number. Example: SPERC 1, SPERC 2, and so on. Error Messages If there are no errors, No Errors is displayed. Else, error messages are listed where critical ones are first listed, and then the warning-related. Working Status On or Off — Indicates whether the SPERC is functioning. Name: Name of the shared PERC.
Item Description NOTE: You can set this table through the CMC CLI or CMC Web interface. Model Number Displays if iDRAC finished booting. Service Tag Displays if iDRAC finished booting. BIOS Version Server BIOS firmware version. iDRAC DNS Name Displays the DNS name of the iDRAC server. Last POST Code Displays the last server BIOS POST code messages string. iDRAC Firmware Version Displays if iDRAC finished booting. NOTE: iDRAC version 1.01 is displayed as 1.1. There is no iDRAC version 1.10.
19 Frequently Asked Questions This section lists the frequently asked questions about the following: • • • • • RACADM Managing and Recovering a Remote System Active Directory FlexAddress and FlexAddressPlus IOM Topics: • • • • • RACADM Managing and Recovering a Remote System Active Directory FlexAddress and FlexAddressPlus IOM RACADM After performing a CMC reset (using the RACADM racreset subcommand), when a command is entered, the following message is displayed: racadm Transport: ERROR: (R
The CMC web server is reset after the following occurrences: • • • • • Changing the network configuration or network security properties using the CMC web user interface. The cfgRacTuneHttpsPort property is changed (including when a config -f changes it). racresetcfg is used or a chassis configuration backup is restored. CMC is reset. A new SSL server certificate is uploaded. My DNS server doesn’t register my CMC? Some DNS servers only register names with a maximum of 31 characters.
The Dell-extended Active Directory Users and Computers Snap-In checks the mode and limits users in order to create objects across domains, if in a mixed mode. Does using CMC with Active Directory support multiple domain environments? Yes. The domain forest function level must be in Native mode or Windows 2003 mode. In addition, the groups among Association Object, RAC user objects, and RAC Device Objects (including Association Object) must be universal groups.
A feature card in the active CMC is active and installed in the chassis. The second card is ignored by CMC. Does the SD card have a write-protection lock on it? Yes it does. Before installing the SD card into the CMC module, verify the write protection latch is in the unlock position. The FlexAddress feature cannot be activated if the SD card is write protected. In this situation, the $racadm feature -s command returns this message: No features active on the chassis.
