Integrated Dell Remote Access Controller 9 User's Guide December 2020 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2020 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents Chapter 1: Overview of iDRAC......................................................................................................16 Benefits of using iDRAC................................................................................................................................................... 16 Key features........................................................................................................................................................................
Resetting default iDRAC password remotely........................................................................................................47 Changing the default login password........................................................................................................................... 47 Changing the default login password using web interface................................................................................47 Changing the default login password using RACADM................
Rollback firmware using RACADM.......................................................................................................................... 86 Rollback firmware using Lifecycle Controller........................................................................................................87 Rollback firmware using Lifecycle Controller-Remote Services...................................................................... 87 Recovering iDRAC.......................................................
Enabling or disabling OS to iDRAC Pass-through using iDRAC settings utility.......................................... 106 Obtaining certificates..................................................................................................................................................... 107 SSL server certificates............................................................................................................................................. 107 Generating a new certificate signing request.
Communicating with iDRAC using IPMI over LAN...................................................................................................134 Configuring IPMI over LAN using web interface................................................................................................134 Configuring IPMI over LAN using iDRAC settings utility.................................................................................. 134 Configuring IPMI over LAN using RACADM.........................................
Enabling or disabling smart card login using RACADM.....................................................................................169 Enabling or disabling smart card login using iDRAC settings utility............................................................... 170 Configuring Smart Card Login...................................................................................................................................... 170 Configuring iDRAC smart card login for Active Directory users.........
Actions on a selected Server........................................................................................................................................ 190 iDRAC Group Firmware Update.................................................................................................................................... 191 Chapter 13: Managing logs......................................................................................................... 192 Viewing System Event Log....................
Monitoring SFP Transceiver devices using web interface..............................................................................207 Monitoring SFP Transceiver devices using RACADM...................................................................................... 207 Telemetry Streaming......................................................................................................................................................207 Serial Data Capture..............................................
Switching the controller mode...............................................................................................................................254 12 Gbps SAS HBA adapter operations................................................................................................................. 256 Monitoring predictive failure analysis on drives.................................................................................................257 Controller operations in non-RAID mode or HBA mode.
Installing iDRAC Service Module................................................................................................................................. 286 Installing iDRAC Service Module from iDRAC Express and Basic................................................................. 286 Installing iDRAC Service Module from iDRAC Enterprise.....................................................................287 Supported operating systems for iDRAC Service Module.......................................
Formatting a partition............................................................................................................................................... 314 Viewing available partitions..................................................................................................................................... 314 Modifying a partition.................................................................................................................................................
Resetting iDRAC using iDRAC web interface.....................................................................................................336 Resetting iDRAC using RACADM.......................................................................................................................... 336 Erasing system and user data...................................................................................................................................... 336 Resetting iDRAC to factory default settings.
Managing rack density...................................................................................................................................................362 Installing new electronic license.................................................................................................................................. 362 Applying IO Identity configuration settings for multiple network cards in single host system reboot ......
1 Overview of iDRAC The Integrated Dell Remote Access Controller (iDRAC) is designed to make you more productive as a system administrator and improve the overall availability of Dell EMC servers. iDRAC alerts you to system issues, helps you to perform remote management, and reduces the need for physical access to the system. iDRAC technology is part of a larger data center solution that increases availability of business critical applications and workloads.
Key features The key features of iDRAC include: NOTE: Some features are available only with iDRAC Enterprise or Datacenter license. For information on the features available for a license, see iDRAC licenses on page 24. Inventory and Monitoring ● Telemetry data streaming. ● View managed server health. ● Inventory and monitor network adapters and storage subsystem (PERC and direct attached storage) without any operating system agents. ● View and export system inventory.
■ Prepare the PCIe SSD to be removed. ■ Securely erase the data. ○ Set the backplane mode (unified or split mode). ○ Blink or unblink component LEDs. ○ Apply the device settings immediately, at next system reboot, at a scheduled time, or as a pending operation to be applied as a batch as part of the single job. Update ● ● ● ● ● ● Manage iDRAC licenses. Update BIOS and device firmware for devices supported by Lifecycle Controller.
● Two-factor authentication using the Smart–Card logon feature. The two-factor authentication is based on the physical smart card and the smart card PIN. ● Single Sign-On and Public Key Authentication. ● Role-based authorization, to configure specific privileges for each user. ● SNMPv3 authentication for user accounts stored locally in the iDRAC. It is recommended to use this, but it is disabled by default. ● User ID and password configuration. ● Default login password modification.
○ Provision to POST a new custom MRD (Metric Report Definition) using any of the available 193 Metric Definitions and set desired Report Interval (referred as Recurrence Interval in MRD) ○ A single MRD can have a maximum of 68 Metric Definitions (Metric IDs) ○ Provision to create up to 24 new custom MRDs which in turn will have 24 new Metric Reports.
● ● ● ● ● ● ● ● Added support for 24x NVMe backplane for PowerEdge C6525 Added support for new Matrox video driver Added support for Starlord (ConnectX-6 Dx 100GbE) to iDRAC Added FQDD related changes for BOSS-S2/PERC 11/HBA 11 Added support for storage devices (like M.2 and U.
Firmware version 4.10.10.10 Following features are added in this release: Features supported with Default license ● BIOS recovery and Root of Trust (RoT) Features supported with Enterprise license ● Secure Enterprise Key Management (SEKM) — Added support for Vormetric Data Security Manager. Features supported with Datacenter license ● BIOS live scanning — Only for AMD systems. Firmware version 4.00.00.00 This release includes all the features from the previous releases.
○ Enable and disable boot order cotrol to SCP and RACADM ○ New schemas to Redfish APIs ○ Option to change boot source state in SCP ○ Automation for Command/attribute auto completion in RACADM ● Alerts and Monitoring ○ Custom Sender Email Address for email alerts in SMTP configuration ○ Cloud based email server in SMTP ○ SMARTlogs in SupportAssist log collection for hard drives and PCIe SSD devices ○ Include Part Number of failed component in alert messages ● Security ○ Multiple IP filtering ranges using RAC
iDRAC licenses iDRAC features are available based on the type of the license. Depending on the system model, iDRAC Basic or iDRAC Express license is installed by default. iDRAC Enterprise license, iDRAC Datacenter license, and iDRAC Secure Enterprise Key Manager (SEKM) license are available as an upgrade and can be purchased anytime. Only licensed features are available in the interfaces that enable you to configure or use iDRAC. For more information, see Licensed features in iDRAC9.
Methods for acquiring licenses Use any of the following methods to acquire the licenses: ● Dell Digital Locker — Dell Digital Locker allows you to view and manage your products, software, and licensing information in one location. A link to the Dell Digital Locker is available in DRAC web interface- go to Configuration > Licenses. NOTE: To know more about Dell Digital Locker, refer to FAQ on the website.
For one-to-many license deployment, you can use Dell License Manager. For more information, see Dell License Manager User's Guide available at https://www.dell.com/esmmanuals. Following are the user privilege requirements for different license operation: ● Licence View and Export: Login privilege. ● License Import and Delete: Login + Configure iDRAC + Server Control privilege. Managing licenses using iDRAC web interface To manage the licenses using the iDRAC web interface, go to Configuration > Licenses.
Table 2.
Table 2.
Table 2.
Table 2.
Table 2.
Table 2. Licensed features in iDRAC9 (continued) Feature iDRAC iDRAC9 9 Basic Express Add BIOS configuration to N/A iDRAC GUI Yes iDRAC9 Express for Blades iDRAC9 Enterprise iDRAC9 Datacenter N/A Yes Yes [1] Requires iSM or OMSA agent on target server. Interfaces and protocols to access iDRAC The following table lists the interfaces to access iDRAC. NOTE: Using more than one interface at the same time may generate unexpected results. Table 3.
Table 3. Interfaces and protocols to access iDRAC (continued) Interface or Protocol Description ● View alerts, iDRAC IP or MAC address, user programmable strings. ● Set DHCP ● Configure iDRAC static IP settings. For blade servers, the LCD is on the chassis front panel and is shared between all the blades. To reset iDRAC without rebooting the server, press and hold the System Identification button 16 seconds. for NOTE: LCD panel is only available with rack or tower systems that support front bezel.
Table 3. Interfaces and protocols to access iDRAC (continued) Interface or Protocol Description ● Lifecycle Controller page on Dell EMC knowledge base site — www.dell.com/support/article/ sln311809/ ● MOFs and Profiles — http://downloads.dell.com/wsman. ● DMTF website — dmtf.org/standards/profiles SSH Use SSH to run RACADM commands. The SSH service is enabled by default on iDRAC. The SSH service can be disabled in iDRAC. iDRAC only supports SSH version 2 with the RSA host key algorithm.
Table 4. Ports iDRAC listens for connections (continued) Port number Type Configurabl e port Function Maximum Encryption Level NOTE: Port 5901 opens when VNC feature is enabled. The following table lists the ports that iDRAC uses as a client: Table 5.
● The Dell OpenManage Baseboard Management Controller Management Utilities User’s Guide has information about the IPMI interface. ● The Release Notes provides last-minute updates to the system or documentation or advanced technical reference material intended for experienced users or technicians. The following system documents are available to provide more information: ● The safety instructions that came with your system provide important safety and regulatory information.
6. Click MANUALS AND DOCUMENTS.
2 Logging in to iDRAC You can log in to iDRAC as an iDRAC user, a Microsoft Active Directory user, or a Lightweight Directory Access Protocol (LDAP) user. You can also log in using OpenID Connect and Single Sign-On or Smart Card. To improve security, each system is shipped with a unique password for iDRAC, which is available on the system information tag. This unique password improves security of iDRAC and your server. The default user name is root.
• • • • • • • • Multiple iDRAC sessions Secure default password Changing the default login password Enabling or disabling default password warning message Password Strength Policy IP Blocking Enabling or disabling OS to iDRAC Pass-through using web interface Enabling or disabling alerts using RACADM Force Change of Password (FCP) The 'Force Change of Password' feature prompts you to change the factory default password of the device. The feature can be enabled as part of factory configuration.
NOTE: RSA feature can be configured and enabled for LDAP user, but the RSA does not support if the LDAP is configured on Microsoft active directory. Hence LDAP user login fails. RSA is supported only for OpenLDAP. To log in to iDRAC as local user, Active Directory user, or LDAP user: 1. Open a supported web browser. 2. In the Address field, type https://[iDRAC-IP-address] and press Enter.
Logging in to iDRAC as an Active Directory user using a smart card Before you log in as an Active Directory user using smart card, ensure that you: ● ● ● ● Upload a Trusted Certificate Authority (CA) certificate (CA-signed Active Directory certificate) to iDRAC. Configure the DNS server. Enable Active Directory login. Enable smart card login. To log in to iDRAC as an Active Directory user using smart card: 1. Log in to iDRAC using the link https://[IP address].
If iDRAC network LAN is disabled (LAN Enabled = No), SSO is not available. If the server is removed from the chassis, iDRAC IP address is changed, or there is a problem in iDRAC network connection, the option to Launch iDRAC is grayed-out in the CMC web interface. For more information, see the Chassis Management Controller User's Guide available at https://www.dell.com/cmcmanuals. Accessing iDRAC using remote RACADM You can use remote RACADM to access iDRAC using RACADM utility.
NOTE: ● To receive 6 digit code, it is mandatory to configure 'Custom Sender Address' and have valid SMTP configuration. ● The 2FA code expires after 10 minutes or is invalidated if it is already consumed before expiry. ● If a user attempts to login from another location with a different IP-Address while a pending 2FA challenge for the original IP-Address is still outstanding, the same token will be sent for login attempt from the new IP address. ● The feature is supported with iDRAC Enterprise license.
If a wrong passcode is entered, the RSA AM server challenges the user to provide the "Next Token." This may happen even though the user may have entered the correct passcode. This entry proves that the user owns the right Token that generates the right passcode. You get the Next Token from RSA SecurID Token app by clicking on Options. Check Next Token, and the next passcode is available. Time is critical in this step. Otherwise, iDRAC may fail the verification of the next token.
Logging in: ssh username@ or ssh username@ where IP_address is the IP address of the iDRAC. Sending RACADM commands: ssh username@ racadm getversion ssh username@ racadm getsel Multiple iDRAC sessions The following table provides the number of iDRAC sessions that are possible using the various interfaces. Table 7.
● ● ● ● ● iDRAC Setting utility (System Setup) Local RACADM OpenManage Mobile Server management USB port USB-NIC Resetting default password using the iDRAC Settings utility You can access the iDRAC settings utility using the System Setup of your server. Using the iDRAC reset to defaults all feature, you can reset the iDRAC login credentials to default. WARNING: Resetting iDRAC to default all, resets the iDRAC to the factory defaults. To reset iDRAC using iDRAC Settings utility: 1. 2. 3. 4. 5.
1. Connect the devices to the system. 2. Use a supported browser to access the iDRAC interface using the iDRAC IP. 3. Follow the instructions in Changing the default login password using web interface on page 47. Resetting default iDRAC password remotely If you do not have physical access to the system, you can reset the default password remotely. Remote — Provisioned system If you have an operating system installed on the system, use a remote desktop client to log in to the server.
Changing the default login password using RACADM To change the password, run the following RACADM command: racadm set iDRAC.Users..Password where, is a value from 1 to 16 (indicates the user account) and is the new user defined password. NOTE: The index for the default account is 2. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals.
IP Blocking You can use IP blocking to dynamically determine when excessive login failures occur from an IP address and block or prevent the IP address from logging into the iDRAC9 for a preselected time span. IP blocking includes: ● The number of allowable login failures. ● The timeframe in seconds when these failures must occur. ● The amount of time, in seconds, when the IP address is prevented from establishing a session after the total allowable number of failures is exceeded.
● LOM — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the LOM or NDC. ● USB NIC — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the internal USB bus. NOTE: If you set the pass-through mode to LOM, ensure that: ● OS and iDRAC are on the same subnet ● NIC selection in Network Settings is set to LOM 4. If the server is connected in shared LOM mode, then the OS IP Address field is disabled.
3 Setting up managed system If you need to run local RACADM or enable Last Crash Screen capture, install the following from the Dell Systems Management Tools and Documentation DVD: ● Local RACADM ● Server Administrator For more information about Server Administrator, see OpenManage Server Administrator User's Guide available at https:// www.dell.com/openmanagemanuals.
Setting up iDRAC IP using iDRAC settings utility To set up the iDRAC IP address: 1. Turn on the managed system. 2. Press during Power-on Self-test (POST). 3. In the System Setup Main Menu page, click iDRAC Settings. The iDRAC Settings page is displayed. 4. Click Network. The Network page is displayed. 5. Specify the following settings: ● ● ● ● ● ● Network Settings Common Settings IPv4 Settings IPv6 Settings IPMI Settings VLAN Settings 6. Click Back, click Finish, and then click Yes.
● Chassis (Dedicated): Enables the remote access device to use the dedicated network interface available on the Remote Access Controller (RAC). This interface is not shared with the host operating system and routes the management traffic to a separate physical network, enabling it to be separated from the application traffic. This option implies that iDRAC's dedicated network port routes its traffic separately from the server's LOM or NIC ports.
● Hyphen (-) Configuring the IPv4 settings To configure the IPv4 settings: 1. Select Enabled option under Enable IPv4. NOTE: In the 14th generation of the PowerEdge servers, DHCP is enabled by default. 2. Select Enabled option under Enable DHCP, so that DHCP can automatically assign the IP address, gateway, and subnet mask to iDRAC. Else, select Disabled and enter the values for: ● Static IP Address ● Static Gateway ● Static Subnet Mask 3.
NOTE: On blade servers that are set as Chassis (Dedicated), the VLAN settings are read-only and can be changed only using CMC. If the server is set in shared mode, you can configure VLAN settings in shared mode in iDRAC. 1. Under Enable VLAN ID, select Enabled. 2. In the VLAN ID box, enter a valid number from 1 to 4094. 3. In the Priority box, enter a number from 0 to 7 to set the priority of the VLAN ID. NOTE: After enabling VLAN, the iDRAC IP is not accessible for some time.
2.
To enable provisioning server using iDRAC Settings utility: 1. Turn on the managed system. 2. During POST, press F2, and go to iDRAC Settings > Remote Enablement. The iDRAC Settings Remote Enablement page is displayed. 3. Enable auto-discovery, enter the provisioning server IP address, and click Back. NOTE: Specifying the provisioning server IP is optional. If it is not set, it is discovered using DHCP or DNS settings (step 7). 4. Click Network. The iDRAC Settings Network page is displayed. 5. Enable NIC.
-u (Username): username that has access to network share. This is a mandatory field for CIFS. -p (Password): user password that has access to network share. This is a mandatory field for CIFS. -d (ShutdownType): either 0 for graceful or 1 for forced (default setting: 0). This is an optional field. -t (Timetowait): time to wait for the host to shutdown (default setting: 300). This is an optional field. -e (EndHostPowerState): either 0 for OFF or 1 for ON (default setting 1). This is an optional field.
5. The DHCP server matches the vendor class to the vendor option in the dhcpd.conf file and sends the SCP file location and, if specified the SCP file name to the iDRAC. 6. The iDRAC processes the SCP file and configures all the attributes listed in the file. DHCP options DHCPv4 allows many globally defined parameters to be passed to the DHCP clients. Each parameter is known as a DHCP option. Each option is identified with an option tag, which is a 1-byte value.
5. In the Display name: field, type iDRAC. 6. In the Description: field, type Vendor Class. 7. Click in the ASCII: section and type iDRAC. 8. Click OK and then Close. 9. On the DHCP window, right-click IPv4 and select Set Predefined Options. 10. From the Option class drop-down menu, select iDRAC (created in step 4) and click Add. 11. In the Option Type dialog box, enter the following information: ● ● ● ● Name — iDRAC Data Type — String Code — 060 Description — Dell vendor class identifier 12.
2. Set the option 43 and use the name vendor class identifier for option 60. option myname code 43 = text; subnet 192.168.0.0 netmask 255.255.0.0 { #default gateway option routers 192.168.0.1; option subnet-mask 255.255.255.0; option nis-domain "domain.org"; option domain-name "domain.org"; option domain-name-servers 192.168.1.1; option time-offset -18000; # Eastern Standard Time option vendor-class-identifier "iDRAC"; set vendor-string = option vendor-class-identifier; option myname "-f system_config.
NOTE: After editing the dhcpd.conf file, make sure to restart the dhcpd service to apply the changes. Prerequisites before enabling Auto Config Before enabling the Auto config feature, make sure that following are already set: ● Supported network share (NFS, CIFS, HTTP and HTTPS) is available on the same subnet as the iDRAC and DHCP server. Test the network share to ensure that it can be accessed and that the firewall and user permissions are set correctly.
You can generate the hash password with and without Salt using SHA256. You must have Server Control privileges to include and export hash passwords. If access to all accounts is lost, use iDRAC Settings Utility or local RACADM and perform reset iDRAC to default task. If the password of the iDRAC user account is set with the SHA256 password hash only and not the other hashes (SHA1v3Key or MD5v3Key or IPMIKey), then authentication through SNMP v3 and IPMI is not available.
NOTE: If you wish to clear a previously salted password, then ensure that the password-salt is explicitly set to an empty string i.e. set iDRAC.Users.4.SHA256Password ca74e5fe75654735d3b8d04a7bdf5dcdd06f1c6c2a215171a24e5a9dcb28e7a2 set iDRAC.Users.4.SHA256PasswordSalt 4. After setting the password, the normal plain text password authentication works except that SNMP v3 and IPMI authentication fails for the iDRAC user accounts that had passwords updated with hash.
Optimizing system performance and power consumption The power required to cool a server can contribute a significant amount to the overall system power. Thermal control is the active management of system cooling through fan speed and system power management to make sure that the system is reliable while minimizing system power consumption, airflow, and system acoustic output. You can adjust the thermal control settings and optimize against the system performance and performance-per-Watt requirements.
● Fan Speed Offset — Selecting this option allows additional cooling to the server. In case hardware is added (example, new PCIe cards), it may require additional cooling. A fan speed offset causes fan speeds to increase (by the offset % value) over baseline fan speeds calculated by the Thermal Control algorithm. Possible values are: ○ ○ ○ ○ ○ Low Fan Speed — Drives fan speeds to a moderate fan speed. Medium Fan Speed — Drives fan speeds close to medium.
Modifying thermal settings using RACADM To modify the thermal settings, use the objects in the system.thermalsettings group with the set sub command as provided in the following table. Table 10. Thermal Settings Object Description Usage AirExhaustTemp Allows you to set the maximum air exhaust temperature limit.
Table 10. Thermal Settings (continued) Object Description Usage Example To set the limit to the default value: racadm set system.thermalsetti ngs.AirExhaustTemp 255 FanSpeedHighOffsetVal ● Getting this variable reads the fan speed offset value in %PWM for High Fan Speed Offset setting. ● This value depends on the system. ● Use FanSpeedOffset object to set this value using index value 1. Values from 0-100 racadm get system.
Table 10. Thermal Settings (continued) Object Description Usage Example fan speed increasing to full speed. racadm set system.thermalsetti ngs FanSpeedOffset 3 FanSpeedMediumOffsetV al ● Getting this variable reads the fan speed offset value in %PWM for Medium Fan Speed Offset setting. ● This value depends on the system. ● Use FanSpeedOffset object to set this value using index value 2 Values from 0-100 racadm get system.thermalsetti ngs FanSpeedMediumOffse tVal This returns a value such as “47”.
Table 10. Thermal Settings (continued) Object Description Usage Example MFSMinimumLimit Read Minimum limit for MFS Values from 0 to MFSMaximumLimit To display the lowest value that can be set using MinimumFanSpeed option. Default is 255 (means None) racadm get system.thermalsetti ngs.MFSMinimumLimit MinimumFanSpeed ThermalProfile ● Allows configuring the Minimum Fan speed that is required for the system to operate.
● Minimum Fan Speed The settings are persistent, which means that once they are set and applied, they do not automatically change to the default setting during system reboot, power cycling, iDRAC, or BIOS updates. A few Dell servers may or may not support some or all of these custom user cooling options. If the options are not supported, they are not displayed or you cannot provide a custom value. 3. Click Back, click Finish, and then click Yes. The thermal settings are configured.
● Blade servers — The management station must be on the same network as CMC and OME Modular. For more information on isolating CMC network from the managed system’s network, see the Chassis Management Controller User's Guide available at https://www.dell.com/cmcmanuals. ● Rack and tower servers — Set the iDRAC NIC to Dedicated or LOM1 and make sure that the management station is on the same network as iDRAC.
Configuring Internet Explorer to enable Active Directory SSO To configure the browser settings for Internet Explorer: 1. In Internet Explorer, navigate to Local Intranet and click Sites. 2. Select the following options only: ● Include all local (intranet) sites not listed on other zones. ● Include all sites that bypass the proxy server. 3. Click Advanced. 4. Add all relative domain names that will be used for iDRAC instances that is part of the SSO configuration (for example, myhost.example.com.) 5.
Configuring web browsers to use virtual console To use Virtual Console on your management station: 1. Make sure that a supported version of the browser (Internet Explorer (Windows), or Mozilla Firefox (Windows or Linux), Google Chrome, Safari) is installed. For more information about the supported browser versions, see the Release Notes available at https://www.dell.com/ idracmanuals. 2. To use Internet Explorer, set IE to Run As Administrator. 3.
2. Modify the IPv6 address as follows : https://2607:f2b1:f083:147::1eb.ipv6:literal.net/restgui to https://2607-f2b1f083-147--1eb.ipv6-literal.net/restgui Configuring the web browser to use Java plug-in Install a Java Runtime Environment (JRE) if you are using Firefox or IE and want to use the Java Viewer. NOTE: Install a 32-bit or 64-bit JRE version on a 64-bit operating system or a 32-bit JRE version on a 32-bit operating system.
● Before installing the ActiveX control, Internet Explorer may display a security warning. To complete the ActiveX control installation procedure, accept the ActiveX control when Internet Explorer prompts you with a security warning. ● If you get the error Unknown Publisher while launching Virtual Console, it may be caused because of the change to the code-signing certificate path. To resolve this error, you must download an addition key.
5. Click Close and then click OK. The Java Control Panel window closes. Importing CA certificate to ActiveX trusted certificate store You must use the OpenSSL command line tool to create the certificate Hash using Secure Hash Algorithm (SHA). It is recommended to use OpenSSL tool 1.0.x and later since it uses SHA by default. The CA certificate must be in Base64 encoded PEM format. This is one-time process to import each CA certificate.
CAUTION: The PSU firmware update may take several minutes depending on the system configuration and PSU model. To avoid damaging the PSU, do not interrupt the update process or power on the system during PSU firmware update. You must upload the required firmware to iDRAC. After the upload is complete, the current version of the firmware installed on the device and the version being applied is displayed. If the firmware being uploaded is not valid, an error message is displayed.
The following table provides information on whether a system restart is required when firmware is updated for a particular component: NOTE: When multiple firmware updates are applied through out-of-band methods, the updates are ordered in the most efficient possible manner to reduce unnecessary system restart. Table 12.
Table 13.
6. To display the Job Queue page, click Job Queue. Use this page to view and manage the staged firmware updates or click OK to refresh the current page and view the status of the firmware update. NOTE: If you navigate away from the page without saving the updates, an error message is displayed and all the uploaded content is lost. NOTE: You will not be able to proceed further, if the session gets expired after uploading the firmware file. This issue can be only resolved by RACADM reset.
Scheduling automatic firmware update using RACADM To schedule automatic firmware update, use the following commands: ● To enable automatic firmware update: racadm set lifecycleController.lcattributes.AutoUpdate.Enable 1 ● To view the status of automatic firmware update: racadm get lifecycleController.lcattributes.
● To perform all applicable updates from an FTP update repository using Catalog.xml as a catalog file: racadm update –f “Catalog.xml” –t FTP –e 192.168.1.20/Repository/Catalog Updating firmware using CMC web interface You can update iDRAC firmware for blade servers using the CMC Web interface. To update iDRAC firmware using the CMC Web interface: 1. Log in to CMC Web interface. 2. Go to iDRAC Settings > Settings > CMC. The Deploy iDRAC page is displayed. 3.
the location on the TFTP server where firmimg.d9 is stored. ● Using update command: racadm -r -u -p update —f FTP server: ● Using fwupdate command: racadm -r -u -p fwupdate –f –d path the location on the FTP server where firmimg.d9 is stored.
4. Under Current CMC Setting, make sure that Chassis Management at Server Mode option displays Manage and Monitor. You can set this in CMC. Viewing and managing staged updates You can view and delete the scheduled jobs including configuration and update jobs. This is a licensed feature. All jobs queued to run during the next reboot can be deleted. Viewing and managing staged updates using iDRAC web interface To view the list of scheduled jobs using iDRAC web interface, go to Maintenance > Job Queue.
● ● ● ● CMC RACADM CLI (not supported on MX platforms) iDRAC RACADM CLI Lifecycle Controller GUI Lifecycle Controller-Remote Services Rollback firmware using iDRAC web interface To roll back device firmware: 1. In the iDRAC Web interface, go to Maintenance > System Update > Rollback. The Rollback page displays the devices for which you can rollback the firmware. You can view the device name, associated devices, currently installed firmware version, and the available firmware rollback version. 2.
Rollback firmware using Lifecycle Controller For information, see Lifecycle Controller User's Guide available at https://www.dell.com/idracmanuals . Rollback firmware using Lifecycle Controller-Remote Services For information, see Lifecycle Controller Remote Services Quick Start Guide available at https://www.dell.com/idracmanuals. Recovering iDRAC iDRAC supports two operating system images to make sure a bootable iDRAC.
NOTE: SCP applies the full configuration in a single job with minimal number of reboots. However, in a few system configurations some attributes change the operation mode of a device or may create subdevices with new attributes. When this occurs, SCP may be unable to apply all settings during a single job. Review the ConfigResult entries for the job to resolve any pending configuration settings. SCP allows you to perform OS deployment (OSD) using a single xml/json file across multiple systems.
4. Select the components that you need to back up the configuration for. 5. Select the Export type, following are the options: ● Basic ● Replacement Export ● Clone Export 6. Select an Export file format. 7. Select Additional export items. 8. Click Export. Secure Boot Configuration from BIOS Settings or F2 UEFI Secure Boot is a technology that eliminates a major security void that may occur during a handoff between the UEFI firmware and UEFI operating system (OS).
Table 14. Acceptable file formats (continued) Policy Component Acceptable File Formats EFI image (system BIOS will calculate and import image digest) Acceptable File Extensions 2. .der 3. .crt 4. .efi Max records allowed The Secure Boot Settings feature can be accessed by clicking System Security under System BIOS Settings. To go to System BIOS Settings, press F2 when the company logo is displayed during POST. ● By default, Secure Boot is Disabled and the Secure Boot policy is set to Standard.
4 Configuring iDRAC iDRAC enables you to configure iDRAC properties, set up users, and set up alerts to perform remote management tasks. Before you configure iDRAC, make sure that the iDRAC network settings and a supported browser is configured, and the required licenses are updated. For more information about the licensable feature in iDRAC, see iDRAC licenses on page 24.
• • Configuring multiple iDRACs using RACADM Disabling access to modify iDRAC configuration settings on host system Viewing iDRAC information You can view the basic properties of iDRAC. Viewing iDRAC information using web interface In the iDRAC Web interface, go to iDRAC Settings > Overview to view the following information related to iDRAC. For information about the properties, see iDRAC Online Help.
Viewing iDRAC information using RACADM To view iDRAC information using RACADM, see getsysinfo or get sub-command details provided in the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals . Modifying network settings After configuring the iDRAC network settings using the iDRAC Settings utility, you can also modify the settings through the iDRAC Web interface, RACADM, Lifecycle Controller, Dell Deployment Toolkit, and Server Administrator (after booting to the operating system).
Configuring IP filtering In addition to user authentication, use the following options to provide additional security while accessing iDRAC: ● IP filtering limits the IP address range of the clients accessing iDRAC. It compares the IP address of an incoming login to the specified range and allows iDRAC access only from a management station whose IP address is within the range. All other login requests are denied.
Bitwise AND of the quantities ^ Bitwise exclusive-OR Examples for IP Filtering The following RACADM commands block all IP addresses except 192.168.0.57: racadm set iDRAC.IPBlocking.RangeEnable 1 racadm set iDRAC.IPBlocking.RangeAddr 192.168.0.57 racadm set iDRAC.IPBlocking.RangeMask 255.255.255.255 To restrict logins to a set of four adjacent IP addresses (for example, 192.168.0.212 through 192.168.0.215), select all but the lowest two bits in the mask: racadm set iDRAC.IPBlocking.
● racadm set idraC.webServer.customCipherString ALL:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSAAES256-GCM-SHA384 ● racadm set idraC.webServer.customCipherString ALL:-DHE-RSA-CAMELLIA256-SHA ● racadm set idraC.webServer.customCipherString ALL:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSAAES256-SHA256:+AES256-GCM-SHA384:-DHE-RSA-CAMELLIA256-SHA For more information about these objects, see iDRAC RACADM Command Line Interface Reference Guide available at dell.com/ idracmanuals.
Disabling FIPS mode To disable FIPS mode, you must reset iDRAC to the factory-default settings. Configuring services You can configure and enable the following services on iDRAC: Local Configuration Disable access to iDRAC configuration (from the host system) using Local RACADM and iDRAC Settings utility. Web Server Enable access to iDRAC web interface. If you disable the web interface, remote RACADM also gets disabled. Use local RACADM to re-enable the web server and remote RACADM.
While using Vormetric Data Security Manager as KMS, ensure that the Common Name (CN) field in iDRAC SSL certificate matches with the host name added to Vormetric Data Security Manager. Otherwise, the certificate may not import successfully. NOTE: ● Rekey option will be disabled when racadm sekm getstatus reports as Failed. ● SEKM only supports Common name, User ID, or Organization Unit for User Name field under Client certificate.
access to keyboard, video and mouse of the host server to perform the necessary remediation. Before launching the VNC client, you must enable the VNC server and configure the VNC server settings in iDRAC such as password, VNC port number, SSL encryption, and the time out value. You can configure these settings using iDRAC Web interface or RACADM. NOTE: VNC feature is licensed and is available in the iDRAC Enterprise license.
To establish connection with the iDRAC VNC server over the SSL encrypted channel, connect the VNC viewer to the localhost (link local IP address) and the local port number (127.0.0.1:). Setting up VNC viewer without SSL encryption In general, all Remote Frame Buffer (RFB) compliant VNC Viewers connect to the VNC server using the iDRAC IP address and port number that is configured for the VNC server.
Configuring LCD setting using RACADM To configure the server LCD front panel display, use the objects in the System.LCD group. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. Configuring LCD setting using iDRAC settings utility To configure the server LCD front panel display: 1. In the iDRAC Settings utility, go to Front Panel Security. The iDRAC Settings.Front Panel Security page is displayed. 2. Enable or disable the power button. 3.
Configuring time zone and NTP using iDRAC web interface To configure time zone and NTP using iDRAC web interface: 1. Go to iDRAC Settings > Settings > Time zone and NTP Settings. The Time zone and NTP page is displayed. 2. To configure the time zone, from the Time Zone drop-down menu, select the required time zone, and then click Apply. 3. To configure NTP, enable NTP, enter the NTP server addresses, and then click Apply. For information about the fields, see iDRAC Online Help.
For more information about the options, see the iDRAC Online Help. Setting first boot device using RACADM ● To set the first boot device, use the iDRAC.ServerBoot.FirstBootDevice object. ● To enable boot once for a device, use the iDRAC.ServerBoot.BootOnce object. For more information about these objects, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals.
● ● ● ● Host operating system and iDRAC are in the same subnet and same VLAN. Host operating system IP address is configured. A card that supports OS to iDRAC Pass-through capability is installed. You have the Configure privilege. When you enable this feature: ● In shared mode, the host operating system's IP address is used. ● In dedicated mode, you must provide a valid IP address of the host operating system. If more than one LOM is active, enter the first LOM’s IP address.
For Linux operating systems, configure the USB NIC as DHCP on the host operating system before enabling USB NIC. For vSphere, you must install the VIB file before enabling USB NIC. NOTE: To configure USB NIC as DHCP in Linux operating system or XenServer, refer to the operating system or hypervisor documentation. Installing VIB file For vSphere operating systems, before enabling the USB NIC, you must install the VIB file. To install the VIB file: 1.
The default value is 169.254.1.1. It is recommended to use the default IP address. However, if this IP address conflicts with an IP address of other interfaces of the host system or the local network, you must change it. Do not enter 169.254.0.3 and 169.254.0.4 IPs. These IPs are reserved for the USB NIC port on the front panel when an A/A cable is used. NOTE: If IPv6 is preferred, the default address is fde1:53ba:e9a0:de11::1. If needed, this address can be modified in the idrac.OS-BMC.UsbNicULA setting.
Obtaining certificates The following table lists the types of certificates based on the login type. Table 16. Types of certificate based on login type Login Type Certificate Type How to Obtain Single Sign-on using Active Directory Trusted CA certificate Generate a CSR and get it signed from a Certificate Authority SHA-2 certificates are also supported.
certificate, use either iDRAC Web interface or RACADM interface to generate a Certificate Signing Request (CSR) with your company’s information. Then, submit the generated CSR to a CA such as VeriSign or Thawte. The CA can be a root CA or an intermediate CA. After you receive the CA-signed SSL certificate, upload this to iDRAC. For each iDRAC to be trusted by the management station, that iDRAC’s SSL certificate must be placed in the management station’s certificate store.
Automatic Certificate Enrollment In iDRAC, Automatic certificate enrollment feature enables you for automatic installation and renewal of certificates used by the web server. When this feature is enabled, the existing web server certificate is replaced by a new certificate. NOTE: ● Automatic certificate enrollment is a licensed feature and requires Datacenter license. ● Valid NDES (Network Device Enrollment Service) setup is required for issuing the server certificate.
The new certificate is uploaded iDRAC. A message is displayed asking you to reset iDRAC. 4. Run the racadm racreset command to reset iDRAC. iDRAC resets and the new certificate is applied. The iDRAC is not available for a few minutes during the reset. NOTE: You must reset iDRAC to apply the new certificate. Until iDRAC is reset, the existing certificate is active. Viewing server certificate You can view the SSL server certificate that is currently being used in iDRAC.
Downloading custom signing certificate To download the custom signing certificate using iDRAC Web interface: 1. Go to iDRAC Settings > Connectivity > SSL. The SSL page is displayed. 2. Under Custom SSL Certificate Signing Certificate, select Download Custom SSL Certificate Signing Certificate and click Next. A pop-up message is displayed that allows you to save the custom signing certificate to a location of your choice.
1. Query the target iDRAC that contains the required configuration using the following command:. racadm get -f .xml -t xml -c iDRAC.Embedded.1 The command requests the iDRAC configuration and generates the configuration file. NOTE: Redirecting the iDRAC configuration to a file using get -f is only supported with the local and remote RACADM interfaces. NOTE: The generated configuration file does not contain user passwords.
5 Delegated Authorization using OAuth 2.0 The Delegated Authorization feature allows a user or console to access iDRAC API using OAuth 2.0 JSON Web Tokens (JWT) that the user or console first obtains from an Authorization Server. Once an OAuth JWT has been retrieved, the user or console may use it to invoke iDRAC API. This circumvents the need for specifying username and password to access the API. NOTE: This feature is only available for DataCenter license.
6 Viewing iDRAC and managed system information You can view iDRAC and managed system health and properties, hardware and firmware inventory, sensor health, storage devices, network devices, and view and terminate user sessions. For blade servers, you can also view the Flex Address or Remote-Assigned Address (applicable only for MX platforms) .
Viewing system inventory You can view information about the hardware and firmware components installed on the managed system. To do this, in iDRAC web interface, go to System > Inventories. For information about the displayed properties, see the iDRAC Online Help.
Viewing sensor information The following sensors help to monitor the health of the managed system: ● Batteries — Provides information about the batteries on the system board CMOS and storage RAID On Motherboard (ROMB). NOTE: The Storage ROMB battery settings are available only if the system has a ROMB with a battery. ● Fan (available only for rack and tower servers) — Provides information about the system fans — fan redundancy and fans list that display fan speed and threshold values.
Table 17.
express traffic for all PCI Express segments emanating from the package. This is measure of I/O bandwidth utilization for the system. ● System Level CUPS Index — The CUPS index is calculated by aggregating CPU, Memory, and I/O index considering a predefined load factor of each system resource. The load factor depends on the nature of the workload on the system. CUPS Index represents the measurement of the compute headroom available on the server.
NOTE: ● This feature requires Datacenter license. ● To read the configurations of Idle Server Configuration parameters, you need Login privilege and to modify the parameters you need iDRAC Configure privilege. To view or modify the parameters, navigate to Configuration > System Settings. Idle server detection is reported based on following parameters: ● Idle Server Threshold (%) - This is set to 20% by default and can be configured from 0 to 50%. The reset operation sets the threshold to 20%.
○ Board Power Supply Status ● Telemetry — All GPU telemetry reports data NOTE: GPU properties will not be listed for Embedded GPU cards and the Status is marked as Unknown. GPU has to be in ready state before the command fetches the data. GPUStatus field in Inventory shows the availability of the GPU and whether GPU device is responding or not. If the GPU status is ready, GPUStatus shows OK, otherwise the status shows Unavailable.
To check the system for Fresh Air compliance: 1. In the iDRAC Web interface, go to System > Overview > Cooling > Temperature overview. The Temperature overview page is displayed. 2. See the Fresh Air section that indicates whether the server is fresh air compliant or not. Viewing historical temperature data You can monitor the percentage of time the system has operated at ambient temperature that is greater than the normally supported fresh air temperature threshold.
For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. Configuring warning threshold for inlet temperature You can modify the minimum and maximum warning threshold values for the system board inlet temperature sensor. If reset to default action is performed, the temperature thresholds are set to the default values. You must have Configure user privilege to set the warning threshold values for the inlet temperature sensor.
4. Click the icon to display more details. Similarly, you can view the host OS network interface information associated with a network device from the Hardware > Network Devices page. Click View Host OS Network Interfaces. NOTE: For the ESXi host OS in the iDRAC Service Module v2.3.
Terminating iDRAC sessions using web interface The users who do not have administrative privileges must have Configure iDRAC privilege to terminate iDRAC sessions using iDRAC Web interface. To view and terminate the iDRAC sessions: 1. In the iDRAC Web interface, go to iDRAC Settings > users > Sessions. The Sessions page displays the session ID, username, IP address, and session type. For more information about these properties, see the iDRAC Online Help. 2.
7 Setting up iDRAC communication You can communicate with iDRAC using any of the following modes: ● ● ● ● ● ● ● iDRAC Web Interface Serial connection using DB9 cable (RAC serial or IPMI serial) — For rack and tower servers only IPMI Serial Over LAN IPMI Over LAN Remote RACADM Local RACADM Remote Services NOTE: To ensure that Local RACADM import or export commands work properly, ensure that the USB mass-storage host is enabled in the operating system.
• • • • • • Enabling or disabling remote RACADM Disabling local RACADM Enabling IPMI on managed system Configuring Linux for serial console during boot in RHEL 6 Configuring serial terminal in RHEL 7 Supported SSH cryptography schemes Communicating with iDRAC through serial connection using DB9 cable You can use any of the following communication methods to perform systems management tasks through serial connection to rack and tower servers: ● RAC Serial ● IPMI Serial — Direct Connect Basic mode and Direc
NOTE: This is applicable only for iDRAC on rack and tower servers. Enabling RAC serial connection using web interface To enable RAC serial connection: 1. In the iDRAC Web interface, go to iDRAC Settings > Network > Serial. The Serial page is displayed. 2. Under RAC Serial, select Enabled and specify the values for the attributes. 3. Click Apply. The RAC serial settings are configured.
n=1 — Basic Mode Enabling serial connection IPMI serial settings using RACADM 1. Change the IPMI serial-connection mode to the appropriate setting using the command. racadm set iDRAC.Serial.Enable 0 2. Set the IPMI Serial baud rate using the command. racadm set iDRAC.IPMISerial.BaudRate Parameter Allowed values (in bps) 9600, 19200, 57600, and 115200. 3. Enable the IPMI serial hardware flow control using the command. racadm set iDRAC.IPMISerial.FlowContro 1 4.
5. Click Apply. The terminal mode settings are configured. 6. Make sure that the serial MUX (external serial connector) is set correctly to the remote access device in the BIOS Setup program to configure BIOS for serial connection. Configuring additional settings for IPMI serial terminal mode using RACADM To configure the Terminal Mode settings, use the set command with the objects in the idrac.ipmiserial group. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.
● Serial Communication — On With Console Redirection ● Serial Port Address — COM2. NOTE: You can set the serial communication field to On with serial redirection via com1 if serial device2 in the serial port address field is also set to com1. ● External serial connector — Serial device 2 ● Failsafe Baud Rate — 115200 ● Remote Terminal Type — VT100/VT220 ● Redirection After Boot — Enabled 5. Click Back and then click Finish. 6. Click Yes to save the changes. 7. Press to exit System Setup.
Parameter Privilege level = 4 Administrator NOTE: To activate IPMI SOL, you must have the minimum privilege defined in IMPI SOL. For more information, see the IPMI 2.0 specification. 3. Update the IPMI SOL baud rate using the command. racadm set iDRAC.IPMISol.BaudRate NOTE: To redirect the serial console over LAN, make sure that the SOL baud rate is identical to the managed system’s baud rate. Parameter Allowed values (in bps) 9600, 19200, 57600, and 115200. 4.
SOL using IPMI protocol The IPMI-based SOL utility and IPMItool use RMCP+ delivered using UDP datagrams to port 623. The RMCP+ provides improved authentication, data integrity checks, encryption, and the ability to carry multiple types of payloads while using IPMI 2.0. For more information, see http://ipmitool.sourceforge.net/manpage.html. The RMCP+ uses a 40-character hexadecimal string (characters 0-9, a-f, and A-F) encryption key for authentication. The default value is a string of 40 zeros.
3. Enable SSH using iDRAC Web interface or RACADM. SSH (port 22) client <−−> WAN connection <−−> iDRAC The IPMI-based SOL that uses SSH protocol eliminates the need for an additional utility because the serial to network translation happens within iDRAC. The SSH console that you use must be able to interpret and respond to the data arriving from the serial port of the managed system. The serial port usually attaches to a shell that emulates an ANSI- or VT100/ VT220–terminal.
The default (and maximum) size of the history buffer is 8192 characters. You can set this number to a smaller value using the command: racadm set iDRAC.Serial.HistorySize 4. Quit the SOL session to close an active SOL session. Disconnecting SOL session in iDRAC command line console The commands to disconnect a SOL session are based on the utility. You can exit the utility only when a SOL session is completely terminated.
NOTE: This setting determines the IPMI commands that are executed using IPMI over LAN interface. For more information, see the IPMI 2.0 specifications at intel.com. 2. Update the IPMI channel privileges. racadm set iDRAC.IPMILan.PrivLimit Parameter Privilege level = 2 User = 3 Operator = 4 Administrator 3. Set the IPMI LAN channel encryption key ,if required. racadm set iDRAC.IPMILan.
Enabling IPMI on managed system On a managed system, use the Dell Open Manage Server Administrator to enable or disable IPMI. For more information, see the OpenManage Server Administrator User's Guide available at https://www.dell.com/openmanagemanuals. NOTE: From iDRAC v2.30.30.30 or later, IPMI supports IPv6 address protocol for Linux-based operating systems. Configuring Linux for serial console during boot in RHEL 6 The following steps are specific to the Linux GRand Unified Bootloader (GRUB).
NOTE: If the boot loader or operating system provides serial redirection such as GRUB or Linux, then the BIOS Redirection After Boot setting must be disabled. This is to avoid potential race condition of multiple components accessing the serial port. Enabling login to the virtual console after boot In the file /etc/inittab, add a new line to configure agetty on the COM2 serial port: co:2345:respawn:/sbin/agetty -h -L 57600 ttyS1 ansi The following example shows a sample file with the new line.
NOTE: Use the Break Key Sequence (~B) to execute the Linux Magic SysRq key commands on serial console using IPMI Tool. vc/1 vc/2 vc/3 vc/4 vc/5 vc/6 vc/7 vc/8 vc/9 vc/10 vc/11 tty1 tty2 tty3 tty4 tty5 tty6 tty7 tty8 tty9 tty10 tty11 ttyS1 Configuring serial terminal in RHEL 7 To configure serial terminal in RHEL 7: 1.
To configure GRUB to use serial console, comment out the splash image and add the serial and terminal options to grub.conf : [root@localhost ~]# cat /boot/grub/grub.conf # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/hda2 # initrd /initrd-version.
Table 19. SSH cryptography schemes (continued) Scheme Type Algorithms diffie-hellman-group14-sha1 Encryption chacha20-poly1305@openssh.com aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com MAC hmac-sha1 hmac-ripemd160 umac-64@openssh.com Compression None NOTE: If you enable OpenSSH 7.0 or later, DSA public key support is disabled. To ensure better security for iDRAC, Dell recommends not enabling DSA public key support.
Generating public keys for Linux To use the ssh-keygen application to create the basic key, open a terminal window and at the shell prompt, enter ssh-keygen –t rsa –b 2048 –C testing where: ● -t is rsa. ● –b specifies the bit encryption size between 2048 and 4096. ● –C allows modifying the public key comment and is optional. NOTE: The options are case-sensitive. Follow the instructions. After the command executes, upload the public file.
Viewing SSH keys You can view the keys that are uploaded to iDRAC. Viewing SSH keys using web interface To view the SSH keys: 1. In Web interface, go to iDRAC Settings > Users. The Local Users page is displayed. 2. In the User ID column, click a user ID number. The Users Main Menu page is displayed. 3. Under SSH Key Configurations, select View/Remove SSH Key(s) and click Next. The View/Remove SSH Key(s) page is displayed with the key details.
8 Configuring user accounts and privileges You can setup user accounts with specific privileges (role-based authority) to manage your system using iDRAC and maintain system security. By default iDRAC is configured with a local administrator account. The default iDRAC user name and password are provided with the system badge. As an administrator, you can setup user accounts to allow other users to access iDRAC. For more information see the documentation for the server.
Table 21. iDRAC user privileges (continued) Current Generation Prior Generation Description System Control Control and configure system Allows power cycling the host system. Access Virtual Console Access Virtual Console Redirection (for blade servers) Enables the user to run Virtual Console. Access Virtual Console (for rack and tower servers) Access Virtual Media Access Virtual Media Enables the user to run and use Virtual Media.
Configuring local users You can configure up to 16 local users in iDRAC with specific access permissions. Before you create an iDRAC user, verify if any current users exist. You can set user names, passwords, and roles with the privileges for these users. The user names and passwords can be changed using any of the iDRAC secured interfaces (that is, web interface, RACADM or WSMan). You can also enable or disable SNMPv3 authentication for each user.
and view or edit the myfile.cfg file, which includes all iDRAC configuration parameters. To enable SNMP v3 authentication for a user, use SNMPv3AuthenticationType, SNMPv3Enable, SNMPv3PrivacyType objects. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. If you use the Server Configuration Profile file to configure users, use the AuthenticationProtocol, ProtocolEnable, and PrivacyProtocol attributes to enable SNMPv3 authentication.
Configuring Active Directory users If your company uses the Microsoft Active Directory software, you can configure the software to provide access to iDRAC, allowing you to add and control iDRAC user privileges to your existing users in your directory service. This is a licensed feature. You can configure user authentication through Active Directory to log in to the iDRAC. You can also provide role-based authority, which enables an administrator to configure specific privileges for each user.
10. Locate and right-click the root CA certificate, select All Tasks, and click Export.... 11. In the Certificate Export Wizard, click Next, and select No do not export the private key. 12. Click Next and select Base-64 encoded X.509 (.cer) as the format. 13. Click Next and save the certificate to a directory on your system. 14. Upload the certificate you saved in step 13 to iDRAC. Importing iDRAC firmware SSL certificate iDRAC SSL certificate is the identical certificate used for iDRAC Web server.
Figure 1. Configuration of iDRAC with active directory standard schema In Active Directory, a standard group object is used as a role group. A user who has iDRAC access is a member of the role group. To give this user access to a specific iDRAC, the role group name and its domain name need to be configured on the specific iDRAC. The role and the privilege level are defined on each iDRAC and not in the Active Directory. You can configure up to 15 role groups in each iDRAC.
Configuring Standard schema Active Directory Before configuring the standard schema Active Directory, ensure that: ● ● ● ● You have the iDRAC enterprise license. The configuration is performed on a server that is used as the Domain Controller. The dat, time and time zone on the server are correct. The iDRAC network settings are configured, or in iDRAC web interface go to iDRAC Settings > Connectivity > Network > Common Settings to configure the network settings.
racadm set address of racadm set address of racadm set address of racadm set address of racadm set address of racadm set address of iDRAC.ActiveDirectory.DomainController1 iDRAC.ActiveDirectory.DomainController2 iDRAC.ActiveDirectory.DomainController3 iDRAC.ActiveDirectory.GlobalCatalog1 iDRAC.
Extended schema Active Directory overview Using the extended schema solution requires the Active Directory schema extension. Best practices for extended schema The extended schema uses Dell association objects to join iDRAC and permission. This allows you to use iDRAC based on the overall permissions granted. The default Access Control List (ACL) of Dell Association objects allows Self and Domain Administrators to manage the permissions and scope of iDRAC objects.
Figure 2. Typical setup for active directory objects You can create as many or as few association objects as required. However, you must create at least one Association Object, and you must have one iDRAC Device Object for each iDRAC device on the network that you want to integrate with Active Directory for Authentication and Authorization with iDRAC. The Association Object allows for as many or as few users and/or groups as well as iDRAC Device Objects.
The figure shows two Association Objects—A01 and A02. User1 is associated to iDRAC2 through both association objects. Extended Schema Authentication accumulates privileges to allow the user the maximum set of privileges possible considering the assigned privileges of the different privilege objects associated to the same user. In this example, User1 has both Priv1 and Priv2 privileges on iDRAC2. User1 has Priv1 privileges on iDRAC1 only. User2 has Priv1 privileges on both iDRAC1 and iDRAC2.
Classes and attributes Table 25. Class definitions for classes added to the active directory schema Class Name Assigned Object Identification Number (OID) delliDRACDevice 1.2.840.113556.1.8000.1280.1.7.1.1 delliDRACAssociation 1.2.840.113556.1.8000.1280.1.7.1.2 dellRAC4Privileges 1.2.840.113556.1.8000.1280.1.1.1.3 dellPrivileges 1.2.840.113556.1.8000.1280.1.1.1.4 dellProduct 1.2.840.113556.1.8000.1280.1.1.1.5 Table 26. DelliDRACdevice class OID 1.2.840.113556.1.8000.1280.1.7.1.
Table 28. dellRAC4Privileges class (continued) OID 1.2.840.113556.1.8000.1280.1.1.1.3 dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 29. dellPrivileges class OID 1.2.840.113556.1.8000.1280.1.1.1.4 Description Used as a container Class for the Dell Privileges (Authorization Rights). Class Type Structural Class SuperClasses User Attributes dellRAC4Privileges Table 30. dellProduct class OID 1.2.840.
Table 31. List of attributes added to the active directory schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued TRUE if the user has Card Configuration rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsUserConfigAdmin 1.2.840.113556.1.8000.1280.1.1.2.5 TRUE if the user has User Configuration rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) delIsLogClearAdmin 1.2.840.113556.1.8000.1280.1.1.2.
Installing Dell extension to the Active Directory users and computers snap-in When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers Snap-in so the administrator can manage iDRAC devices, users and user groups, iDRAC associations, and iDRAC privileges.
5. Provide access privileges to the authenticated users for accessing the created association objects. Providing user access privileges for association objects To provide access privileges to the authenticated users for accessing the created association objects: 1. Go to Administrative Tools > ADSI Edit. The ADSI Edit window is displayed. 2. In the right-pane, navigate to the created association object, right-click and select Properties. 3. In the Security tab, click Add. 4.
The Active Directory Configuration and Management Step 1 of 4 page is displayed. 2. Optionally, enable certificate validation and upload the CA-signed digital certificate used during initiation of SSL connections when communicating with the Active Directory (AD) server. 3. Click Next. The Active Directory Configuration and Management Step 2 of 4 page is displayed. 4. Specify the location information about Active Directory (AD) servers and user accounts.
2. If DHCP is enabled on iDRAC and you want to use the DNS provided by the DHCP server, enter the following command: racadm set iDRAC.IPv4.DNSFromDHCP 1 3. If DHCP is disabled in iDRAC or you want to manually input your DNS IP address, enter the following command: racadm set iDRAC.IPv4.DNSFromDHCP 0 racadm set iDRAC.IPv4.DNSFromDHCP.DNS1 racadm set iDRAC.IPv4.DNSFromDHCP.DNS2 4.
Configuring generic LDAP directory service using iDRAC webbased interface To configure the generic LDAP directory service using Web interface: NOTE: For information about the various fields, see the iDRAC Online Help. 1. In the iDRAC Web interface, go to iDRAC Settings > Users > Directory Services > Generic LDAP Directory Service, click Edit. The Generic LDAP Configuration and Management Step 1 of 3 page displays the current generic LDAP settings. 2.
NOTE: When testing LDAP settings with Enable Certificate Validation checked, iDRAC requires that the LDAP server be identified by the FQDN and not an IP address. If the LDAP server is identified by an IP address, certificate validation fails because iDRAC is not able to communicate with the LDAP server. NOTE: When generic LDAP is enabled, iDRAC first tries to login the user as a directory user. If it fails, local user lookup is enabled. The test results and the test log are displayed.
9 System Configuration Lockdown mode System Configuration Lockdown mode helps in preventing unintended changes after a system is provisioned. Lockdown mode is applicable to both configuration and firmware updates. When the system is locked down, any attempt to change the system configuration is blocked. If any attempts are made to change the critical system settings, an error message is displayed. Enabling System lockdown mode blocks the firmware update of third party I/O cards using the vendor tools.
Table 32. Items affected by Lockdown mode Disabled Remains functional ○ DTK-RAIDCFG ○ F2/Ctrl+R ● All Vendor tools that have direct access to the device ● NVMe ○ DTK-RAIDCFG ○ F2/Ctrl+R ● BOSS-S1 ○ Marvell CLI ○ F2/Ctrl+R ● ISM/OMSA settings (OS BMC enable, watchdog ping, OS name, OS version) NOTE: When lockdown mode is enabled, OpenID Connect login option is not displayed in iDRAC login page.
10 Configuring iDRAC for Single Sign-On or smart card login This section provides information to configure iDRAC for Smart Card login (for local users and Active Directory users), and Single Sign-On (SSO) login (for Active Directory users.) SSO and smart card login are licensed features. iDRAC supports Kerberos based Active Directory authentication to support Smart Card and SSO logins. For information on Kerberos, see the Microsoft website.
Creating Active Directory objects and providing privileges Logging in to Active Directory Standard schema based SSO Perform the following steps for Active Directory Standard schema based SSO login: 1. Create a User Group. 2. Create a User for Standard schema. NOTE: Use the existing AD User Group & AD User. Logging in to Active Directory Extended schema based SSO Perform the following steps for Active Directory Extended schema based SSO login: 1.
NOTE: Log-off and Log-in from the Management Station Active Directory user after changing the above setting. Generating Kerberos keytab file To support the SSO and smart card login authentication, iDRAC supports the configuration to enable itself as a kerberized service on a Windows Kerberos network. The Kerberos configuration on iDRAC involves the same steps as configuring a non– Windows Server Kerberos service as a security principal in Windows Server Active Directory.
Configuring iDRAC SSO login for Active Directory users using RACADM To enable SSO, complete the steps to configure Active Directory, and run the following command: racadm set iDRAC.ActiveDirectory.SSOEnable 1 Management Station Settings Perform the following steps after configuring SSO login for Active Directory users: 1. Set the DNS Server IP in Network properties and mention the preferred DNS Server IP. 2. Go to My Computer and add the *domain.tld domain. 3.
Enabling or disabling smart card login using iDRAC settings utility To enable or disable the Smart Card logon feature: 1. In the iDRAC Settings utility, go to Smart Card. The iDRAC Settings Smart Card page is displayed. 2. Select Enabled to enable smart card logon. Else, select Disabled. For more information about the options, see iDRAC Settings Utility Online Help. 3. Click Back, click Finish, and then click Yes. The smart card logon feature is enabled or disabled based on the selection.
Uploading smart card user certificate using RACADM To upload smart card user certificate, use the usercertupload object. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. Requesting Certificate for smart card enrollment Follow these steps to request certificate for smart card enrollment: 1. 2. 3. 4. 5. 6. 7. Connect the smart card in the client system and install the required drivers & software. Verify the driver status in the Device Manager.
11 Configuring iDRAC to send alerts You can set alerts and actions for certain events that occur on the managed system. An event occurs when the status of a system component is greater than the pre-defined condition. If an event matches an event filter and you have configured this filter to generate an alert (e-mail, SNMP trap, IPMI alert, remote system logs, Redfish event, or WS events), then an alert is sent to one or more configured destinations.
1. Go to Quick Alert Configuration under Alert Configuration page. 2. Under Quick Alert Configuration section: ● Select the alert category. ● Select the issue severity notification. ● Select the location where you would like to receive these notifications. 3. Click Apply to save the setting. NOTE: You must select at least one category, one severity, and one destination type to apply the configuration. All the alerts that are configured are displayed in total under Alerts Configuration Summary.
● Work Notes 3. Select one or more of the following severity levels: ● Informational ● Warning ● Critical 4. Click Apply. The Alert Results section displays the results based on the selected category and severity. Filtering alerts using RACADM To filter the alerts, use the eventfilters command. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals.
Setting alert recurrence events using RACADM To set the alert recurrence event using RACADM, use the eventfilters command. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. Setting alert recurrence events using iDRAC web interface To set the alert recurrence value: 1. In iDRAC Web interface, go to Configuration > System Settings > Alert Recurrence. 2.
Configuring IP alert destinations You can configure the IPv6 or IPv4 addresses to receive the IPMI alerts or SNMP traps. For information about the iDRAC MIBs required to monitor the servers using SNMP, see the Dell EMC OpenManage SNMP Reference Guide available at https://www.dell.com/openmanagemanuals. Configuring IP alert destinations using web interface To configure alert destination settings using Web interface: 1. In iDRAC Web interface, go to Configuration > System Settings > SNMP and E-mail Settings.
3. Configure the SNMP community name string: racadm set idrac.ipmilan.communityname Parameter Description The SNMP Community Name. 4. To configure SNMP destination: ● Set the SNMP trap destination for SNMPv3: racadm set idrac.SNMP.Alert..DestAddr ● Set SNMPv3 users for trap destinations: racadm set idrac.SNMP.Alert..SNMPv3Username ● Enable SNMPv3 for a user: racadm set idrac.users..SNMPv3Enable Enabled 5.
5.
Parameter Description index Sender Email index. email-address Sender email address that sends the platform event alerts. 4. To configure a custom message: racadm set iDRAC.EmailAlert.CustomMsg.[index] [custom-message] Parameter Description index Email destination index. Allowed values are 1 through 4. custom-message Custom message 5. To test the configured email alert, if required: racadm testemail -i [index] Parameter Description index Email destination index to be tested.
specification, see the DSP0226 (DMTF WS Management Specification), Section 10 Notifications (Eventing) document for the complete information on the WS Eventing protocol. The Lifecycle Controller related jobs are described in the DCIM Job Control Profile document.
Table 33.
Table 33.
Table 33.
12 iDRAC 9 Group Manager Group Manager enables user to have multiple console experience and offers simplified basic iDRAC management. iDRAC Group Manager feature is available for Dell's 14th generation servers to offer simplified basic management of iDRACs and associated servers on the local network using the iDRAC GUI. Group Manager allows 1XMany console experience without involving a separate application.
Once the group manager feature is enabled, that iDRAC allows you the option to create or join an iDRAC local group. More than one iDRAC group can be setup in the local network but an individual iDRAC can only be a member of one group at a time. To change group (join a new group) the iDRAC must first leave its current group and then join the new group. The iDRAC from where the group was created gets chosen as the primary controller of the group by default.
Group Manager uses mDNS to discover other iDRACs on the network and sends encrypted packets for normal inventorying, monitoring and management of the group using the link local IP address. Using IPv6 link local networking means that the Group Manager ports and packets will never leave the local network or be accessible to external networks.
Change User Password Use this section to change the password information for the user. You can see the Users detail with the User Name, Role and Domain information for individual user. A group job would be created to change the user password on all the servers in that group. The status of group job can be found at GroupManager > Jobs page. If user already exists then the password can be updated.
● ● ● ● ● ● ● ● ● ● ● ● ● ● Model iDRAC Firmware Version Last Status Update Express Service Code iDRAC Connectivity Power State Operating System Service Tag Node ID iDRAC DNS Name BIOS Version CPU Details System Memory(MB) Location Details NOTE: In case, you are using Internet Explorer, disable the Enhanced Security settings to successfully download the csv file.
Table 39. Jobs View Option Description Status Shows the job's status and the state of the ongoing job. Job Displays the Job's name. ID Displays the Job's ID. Start Time Displays the start time. End Time Displays the end time. Actions ● Cancel — A scheduled job can be cancelled, before it moves to running state. A running job can be stopped by using the stop button. ● Rerun — Allows the user to rerun the job in case the job is in failure state.
Group Information Panel Group Information panel in the top right of group manager summary view shows a consolidated group summary. Current group configuration can be edited from the Group Settings page accessible by clicking Group Settings button. It shows how many systems are there in the group. It also provides the information about the Primary and the Secondary controller of the Group. Group Settings Group settings page provides a listing of selected group attributes. Table 40.
Table 42. Actions on a selected Server (continued) Option Description Virtual Console Launches Virtual Console with single sign on a new browser window. NOTE: Disable Popup blocker from the browser to use this functionality. Group Manager Single Sign On All iDRACs in the group trust each other based on the shared passcode secret and shared group name.
13 Managing logs iDRAC provides Lifecycle log that contains events related to system, storage devices, network devices, firmware updates, configuration changes, license messages, and so on. However, the system events are also available as a separate log called System Event Log (SEL). The lifecycle log is accessible through iDRAC Web interface, RACADM, and WSMan interface. When the size of the lifecycle log reaches 800 KB, the logs are compressed and archived.
Viewing System Event Log using iDRAC settings utility You can view the total number of records in the System Event Log (SEL) using the iDRAC Settings Utility and clear the logs. To do this: 1. In the iDRAC Settings Utility, go to System Event Log. The iDRAC Settings.System Event Log displays the Total Number of Records. 2. To clear the records, select Yes. Else, select No. 3. To view the system events, click Display System Event Log. 4. Click Back, click Finish, and then click Yes.
1. In the Lifecycle Log page, under the Log Filter section, do any or all of the following: ● ● ● ● Select the Log Type from the drop-down list. Select the severity level from the Severity drop-down list. Enter a keyword. Specify the date range. 2. Click Apply. The filtered log entries are displayed in Log Results. Adding comments to Lifecycle logs To add comments to the Lifecycle logs: 1. In the Lifecycle Log page, click the + icon for the required log entry. The Message ID details are displayed. 2.
NOTE: You cannot delete a work note. To add a work note: 1. In the iDRAC Web interface, go to Dashboard > Notes > add note. The Work Notes page is displayed. 2. Under Work Notes, enter the text in the blank text box. NOTE: It is recommended not to use too many special characters. 3. Click Save. The work note is added to the log. For more information, see the iDRAC Online Help. Configuring remote system logging You can send lifecycle logs to a remote system.
14 Monitoring and managing power in iDRAC You can use iDRAC to monitor and manage the power requirements of the managed system. This helps to protect the system from power outages by appropriately distributing and regulating the power consumption on the system. The key features are: ● Power Monitoring — View the power status, history of power measurements, the current averages, peaks, and so on for the managed system.
○ Provides the statistics for CPU, memory, IO utilization, and the system level CUPS index. If the host system is powered off, then the graph displays the power off line below 0 percent. ○ You can reset the peak utilization for a particular sensor. Click Reset Historical Peak. You must have Configure privilege to reset the peak value. ● Performance Metrics section: ○ Displays status and present reading ○ Displays or specifies the warning threshold utilization limit.
Executing power control operations using web interface To perform power control operations: 1. In iDRAC web interface, go to Configuration > Power Management > Power Control. The Power Control options are displayed. 2. Select the required power operation: ● ● ● ● ● ● Power On System Power Off System NMI (Non-Masking Interrupt) Graceful Shutdown Reset System (warm boot) Power Cycle System (cold boot) 3. Click Apply. For more information, see the iDRAC Online Help.
When setting the power cap threshold in BTU/hr, the conversion to Watts is rounded off to the nearest integer. When the power cap threshold are read from the system, the Watts to BTU/hr conversion is also rounded off. Because of the rounding off, the actual values may slightly differ. Configuring power cap policy using web interface To view and configure the power policies: 1. In iDRAC Web interface, go to Configuration > Power Management > Power Cap Policy.
Configuring power supply options using web interface To configure the power supply options: 1. In iDRAC Web interface, go to Configuration > Power Management > Power Configuration. 2. Under Power Redundancy Policy, select the required options. For more information, see iDRAC Online Help. 3. Click Apply. The power supply options are configured. Configuring power supply options using RACADM To configure the power supply options, use the following objects with the get/set command: ● ● ● ● System.Power.
● Intelligent and adaptive closed loop control algorithm optimizes fan response to maintain component temperatures. It also conserves fan power, airflow consumption, and acoustics. ● Using fan zone mapping, cooling can be initiated for the components when it requires. Thus, it results maximum performance without compromising the efficiency of power utilization.
15 iDRAC Direct Updates iDRAC provides out of band ability to update the firmware of various components of a PowerEdge server. iDRAC direct update helps in eliminating staged jobs during updates. iDRAC used to have staged updates to initiate firmware update of the components. From this release, Direct updates have been applied to PSU and Backplane. With the use of Direct Updates and Backplane can have quicker updates.
16 Inventorying, monitoring, and configuring network devices You can inventory, monitor, and configure the following network devices: ● ● ● ● ● Network Interface Cards (NICs) Converged Network Adapters (CNAs) LAN On Motherboards (LOMs) Network Daughter Cards (NDCs) Mezzanine cards (only for blade servers) Before you disable NPAR or an individual partition on CNA devices, ensure that you clear all I/O identity attributes (Example: IP address, virtual addresses, initiator, and storage targets) and partition
Additional properties may be displayed when using RACADM or WSMan in addition to the properties displayed in the iDRAC web interface. Connection View Manually checking and troubleshooting the servers’ networking connections is unmanageable in a datacenter environment. iDRAC9 streamlines the job with iDRAC Connection View.
To enable or disable the iDrac Discovery LLDP, navigate to iDRAC Settings > Connectivity > Network > Common Settings > iDrac Discovery LLDP. By default, the Enabled option is selected. LLDP packet originated from idrac can be viewed from switch using the command: show lldp neighbors. Refresh Connection View Use Refresh Connection View to get the latest information of Switch Connection ID and Switch Port Connection ID.
Manufacturer Type QLogic ● QL41162 PCIe 10GE 2P ● QL41112 PCIe 10GE 2P ● QL41262 PCIe 25GE 2P Inventorying and monitoring FC HBA devices You can remotely monitor the health and view the inventory of the Fibre Channel Host Bus Adapters (FC HBA) devices in the managed system. The Emulex and QLogic FC HBAs are supported.
● Serial Number ● Device Identifier / Type Info ● Cable length (in meter) Monitoring SFP Transceiver devices using web interface To view theSFP Transceiver device information using Web interface, go to System > Overview > Network Devices and click on particular device. For more information about the displayed properties, see iDRAC Online Help. The page name also displays the slot number where the transceiver device is available under Port statistics.
NOTE: ● StorageDiskSMARTDATA is only supported on SSD drives with SAS/SATA bus protocol and behind the BOSS controller. ● StorageSensor data is reported only for the drives in Ready / Online / Non-RAID mode and not behind the BOSS controller. ● NVMeSMARTData is only supported for SSD (PCIeSSD / NVMe Express) drives with PCIe bus protocol (not behind SWRAID). ● GPGPUStatistics data is only available in specific GPGPU models that support ECC memory capability.
You can enable or disable a serial data capture using RACADM, Redfish, iDRAC interfaces. When this attribute is enabled, iDRAC will capture serial traffic received on Host Serial Device2 irrespective of serial Mux mode settings. To enable / disable Serial Data Capture using iDRAC GUI, go to Maintainance > Diagnostics > Serial Data Logs page, and check the box to enable or disable. NOTE: ● This attribute is persistent over iDRAC reboot. ● Firmware reset to default will disable this feature.
Table 43.
Table 43.
Table 44. Virtual/Remote-Assigned Address and Persistence Policy behavior (continued) Remote assigned Address Feature State in OME Modular Mode set in iDRAC IO Identity Feature State in iDRAC SCP Persistence Policy Clear Persistence Policy — Virtual Address Remote-Assigned Address disabled RemoteAssigned Address Mode Disabled Configured using the path provided in Lifecycle Controller Lifecycle Controller configuration persists for that cycle No persistence supported.
Table 45.
SSD Wear Threshold iDRAC provides you the ability to configure thresholds of Remaining Rated Write Endurance for all SSD's and Available Spare of NVMe PCIe SSDs. When SSD Remaining Rated Write Endurance and NVMe PCIe SSD Available Spare values are less than the threshold, then iDRAC logs this event in the LC log and depending on the alert type selection, iDRAC also performs Email alert, SNMP Trap, IPMI Alert, Logging in Remote Syslog, WS Eventing and OS log.
● Enable I/O Identity Optimization. Events are logged to the Lifecycle Controller log when: ● I/O Identity Optimization is enabled or disabled. ● Persistence policy is changed. ● Virtual address, initiator and target values are set based on the policy. A single log entry is logged for the configured devices and the values that are set for those devices when the policy is applied. Event actions are enabled for SNMP, email, or WS-eventing notifications. Logs are also included in the remote syslogs.
iSCSI initiator and storage target default values The following tables provide the list of default values for iSCSI initiator and storage targets when the persistence policies are cleared. Table 47. iSCSI initiator —default values iSCSI Initiator Default Values in IPv4 mode Default Values in IPv6 mode IscsiInitiatorIpAddr 0.0.0.0 :: IscsiInitiatorIpv4Addr 0.0.0.0 0.0.0.0 IscsiInitiatorIpv6Addr :: :: IscsiInitiatorSubnet 0.0.0.0 0.0.0.
Table 48. ISCSI storage target attributes — default values (continued) iSCSI Storage Target Attributes Default Values in IPv4 mode Default Values in IPv6 mode FirstTgtChapPwd Value Cleared Value Cleared FirstTgtIpVer Ipv4 ConnectSecondTgt Disabled Disabled SecondTgtIpAddress 0.0.0.
17 Managing storage devices Starting with iDRAC 3.15.15.15 release, iDRAC supports Boot Optimized Storage Solution (BOSS) controller in the 14 th generation of PowerEdge servers. BOSS controllers are designed specifically for booting the operating system of the server. These controllers support limited RAID features and the configuration is staged. Starting with iDRAC 4.30.30.30 release, iDRAC supports PERC 11, HBA 11, and BOOS 1.5 for AMD systems. NOTE: BOSS controllers support only RAID level1.
In addition to managing the physical disks contained in the enclosure, you can monitor the status of the fans, power supply, and temperature probes in an enclosure. You can hot-plug enclosures. Hot-plugging is defined as adding of a component to a system while the operating system is still running. The physical devices connected to the controller must have the latest firmware. For the latest supported firmware, contact your service provider.
What is RAID RAID is a technology for managing the storage of data on the physical disks that reside or are attached to the system. A key aspect of RAID is the ability to span physical disks so that the combined storage capacity of multiple physical disks can be treated as a single, extended disk space. Another key aspect of RAID is the ability to maintain redundant data which can be used to restore data in the event of a disk failure.
Organizing data storage for availability and performance RAID provides different methods or RAID levels for organizing the disk storage. Some RAID levels maintain redundant data so that you can restore data after a disk failure. Different RAID levels also entail an increase or decrease in the I/O (read and write) performance of a system. Maintaining redundant data requires the use of additional physical disks. The possibility of a disk failure increases with an increase in the number of disks.
RAID 0 characteristics: ● ● ● ● Groups n disks as one large virtual disk with a capacity of (smallest disk size) *n disks. Data is stored to the disks alternately. No redundant data is stored. When a disk fails, the large virtual disk fails with no means of rebuilding the data. Better read and write performance. RAID level 1 - mirroring RAID 1 is the simplest form of maintaining redundant data. In RAID 1, data is mirrored or duplicated on one or more physical disks.
● Redundancy for protection of data. ● RAID 1 is more expensive in terms of disk space since twice the number of disks are used than required to store the data without redundancy. RAID level 5 or striping with distributed parity RAID 5 provides data redundancy by using data striping in combination with parity information. Rather than dedicating a physical disk to parity, the parity information is striped across all physical disks in the disk group.
RAID 6 characteristics: ● ● ● ● ● ● Groups n disks as one large virtual disk with a capacity of (n-2) disks. Redundant information (parity) is alternately stored on all disks. The virtual disk remains functional with up to two disk failures. The data is reconstructed from the surviving disks. Better read performance, but slower write performance. Increased redundancy for protection of data. Two disks per span are required for parity. RAID 6 is more expensive in terms of disk space.
RAID 50 characteristics: ● Groups n*s disks as one large virtual disk with a capacity of s*(n-1) disks, where s is the number of spans and n is the number of disks within each span. ● Redundant information (parity) is alternately stored on all disks of each RAID 5 span. ● Better read performance, but slower write performance. ● Requires as much parity information as standard RAID 5. ● Data is striped across all spans. RAID 50 is more expensive in terms of disk space.
RAID 60 characteristics: ● Groups n*s disks as one large virtual disk with a capacity of s*(n-2) disks, where s is the number of spans and n is the number of disks within each span. ● Redundant information (parity) is alternately stored on all disks of each RAID 6 span. ● Better read performance, but slower write performance. ● Increased redundancy provides greater data protection than a RAID 50. ● Requires proportionally as much parity information as RAID 6. ● Two disks per span are required for parity.
RAID 10 characteristics: ● ● ● ● ● Groups n disks as one large virtual disk with a capacity of (n/2) disks, where n is an even integer. Mirror images of the data are striped across sets of physical disks. This level provides redundancy through mirroring. When a disk fails, the virtual disk still works. The data is read from the surviving mirrored disk. Improved read performance and write performance. Redundancy for protection of data.
Table 50. RAID level performance comparison (continued) RAID Level Data Redundancy Read Performance Write Performance Rebuild Performance Minimum Disks Required Suggested Uses RAID 50 Good Very Good Fair Fair N + 2 (N = at least 4) Medium sized transactional or data intensive uses. RAID 6 Excellent Sequential reads: good. Transactional reads: Very good Fair, unless using writeback cache Poor N + 2 (N = at least two disks) Critical information.
iDRAC supports HBA330 MMZ, HBA330 MX adapters. iDRAC supports HBA355i front and HBA355i Adapter for AMD platforms. Supported enclosures iDRAC supports MD1400 and MD1420 enclosures. NOTE: Redundant Array of Inexpensive Disks (RBODS) that are connected to HBA controllers are not supported. NOTE: PERC H480 with version 10.1 or greater, firmware supports up to 4 enclosures per port.
Table 51.
Table 51.
Table 51.
Table 52.
Table 52. Supported features of storage controllers for MX platforms (continued) Features PERC 11 PERC 10 PERC 9 H755 MX H745P MX H730P MX Switch Controller Mode Not applicable Not applicable Staged T10PI Support for Virtual Disks Not applicable Not applicable Not applicable NOTE: H745P MX supports eHBA mode with PERC 10.2 and higher. Table 53.
NOTE: Physical disks in system with multiple backplanes may be listed under a different backplane. Use the blink function to identify the disks. Monitoring storage devices using web interface To view the storage device information using web interface: ● Go to Storage > Overview > Summary to view the summary of the storage components and the recently logged events. This page is automatically refreshed every 30 seconds. ● Go to Storage > Overview > Controllers to view the RAID controller information.
Managing physical disks You can perform the following for physical disks: ● ● ● ● ● ● ● ● View physical disk properties. Assign or unassign physical disk as a global hot-spare. Convert to RAID capable disk. Convert to non-RAID disk. Blink or unblink the LED. Rebuild physical disk Cancel rebuild physical disk Cryptographic erase Assigning or unassigning physical disk as global hot spare A global hot spare is an unused backup disk that is part of the disk group. Hot spares remain in standby mode.
3. Click Physical Disk Configuration. All the physical disks associated to the controller are displayed. 4. To assign as a global hotspare, from the drop-down menus in the Action column, select Assign Global Hotspare for one or more physical disks. 5. To unassign a hot spare, from the drop-down menus in the Action column, select Unassign Hotspare for one or more physical disks. 6. Click Apply Now. Depending on your requirement, you can also choose to apply At Next Reboot or At Scheduled Time.
Erasing physical disks The System Erase feature allows you to erase the contents of the physical drives. This feature is accessible using RACADM or the LC GUI. Physical drives on the server are grouped into two categories. ● Secure erase drives— Includes drives that provide cryptographic erase such as ISE and SED SAS and SATA drives, and PCIe SSDs. ● Overwrite erase drives— Includes all drives that do not support cryptographic erase. NOTE: System erase only applies to drives within the server.
NOTE: ● Erasing SED/ISE can be performed either as a real time or as a staged operation. ● After the drive is erased, it may still be displayed as active within the OS due to data caching. If this occurs, reboot the OS and the erased drive will no longer be displayed or report any data. ● Cryptographic erase feature is supported for SED/ISEs for PowerEdge servers. Erasing SED/ISE device data using web interface To erase the data on the supported device: 1.
For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. Rebuild Physical Disk Rebuild Physical Disk is the ability to reconstruct the contents of a failed disk. This is true only when auto rebuild option is set to false. If there is a redundant virtual disk, the rebuild operation can reconstruct the contents of a failed physical disk. A rebuild can take place during normal operation, but it degrades performance.
NOTE: If you create a virtual disk in Add to Pending Operation mode and a job is not created, and then if you delete the Virtual disk, then the create pending operation for the virtual disk is cleared. NOTE: RAID 6 and 60 are not supported in PERC H330. NOTE: BOSS controller allows you to create virtual disk only of size equal to the full size of the M.2 physical storage media. Ensure that you set the virtual disk size to zero when using the Server Configuration Profile to create a BOSS virtual disk.
Based on the selected Apply Operation Mode, the settings are applied. NOTE: You can use alphanumeric characters, spaces, dashes, and underscores in the disk name. Any other special characters that you enter are removed and replaced by space while creating the virtual disk. Creating virtual disks using RACADM Use the racadm storage createvd command. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals.
unassigned when the last virtual disk associated with the controller is deleted. When deleting the last virtual disk of a disk group, all assigned dedicated hot spares automatically become global hot spares. If you delete all the VDs for a global hotspare, then the global hotspare gets automatically deleted. You must have the Login and Server Control privilege to perform delete virtual disks. When this operation is allowed, you can delete a boot virtual drive.
Full or slow initialization The full initialization (also called slow initialize) operation initializes all physical disks included in the virtual disk. It updates the metadata on the physical disks and erases all existing data and file systems. You can perform a full initialization after creating the virtual disk. In comparison with the fast initialize operation, you may want to use the full initialize if you have trouble with a physical disk or suspect that it has bad disk blocks.
Edit Disk capacity Online Capacity Expansion (OCE) allows you to increase the storage capacity of selected RAID levels while the system remains online. The controller redistributes the data on the array(called Reconfiguration), placing new space available at the end of each RAID array.
Table 55.
● Delete ● Edit Cache Policy — You can change the cache policy for the following options: ○ Read Policy — Following values are available for selection: Adaptive Read Ahead — Indicates that for the given volume, the control uses the Read-Ahead cache policy if the two most recent disks accesses occurred in sequential sectors. If the read requests are random, the controller returns to No Read Ahead mode. ■ No Read Ahead — Indicates that for the given volume, no read ahead policy is used.
● To check consistency of virtual disks (not supported on RAID0): racadm storage ccheck: To cancel the consistency check: racadm storage cancelcheck: ● To encrypt virtual disks: racadm storage encryptvd: ● To assign or unassign dedicated hot spares: racadm storage hotspare: -assign
Table 56. RAID Configuration Features (continued) Feature RACADM Command Description and of a similar size and type to replace the source. Virtual Disk as boot device Unlock Foreign Configuration racadm storage setbootvd: -vd racadm storage unlock: key -passwd A virtual disk can be configured as a boot device using this feature.
Patrol read mode considerations Patrol read identifies disk errors to avoid disk failures, data loss, or corruption. It runs automatically once a week on SAS and SATA HDDs. The Patrol Read does not run on a physical disk in the following circumstances: ● The physical disk is an SSD. ● The physical disk is not included in a virtual disk or assigned as a hot spare.
mean that the check consistency is stopped or paused. At 100%, the check consistency is the highest priority for the controller. The check consistency time is minimized and is the setting with the most impact to system performance. Create or change security keys When configuring the controller properties, you can create or change the security keys. The controller uses the encryption key to lock or unlock access to SED. You can create only one encryption key for each encryption-capable controller.
NOTE: Patrol read mode operations such as Start and Stop are not supported if there are no virtual disks available in the controller. Though you can invoke the operations successfully using the iDRAC interfaces, the operations will fail when the associated job is started. ● To specify the Check Consistency Mode, use Storage.Controller.CheckConsistencyMode object. ● To enable or disable the Copyback Mode, use Storage.Controller.CopybackMode object. ● To enable or disable the Load Balance Mode, use Storage.
This task is not supported on PERC hardware controllers running in HBA mode. NOTE: It is not recommended to remove an external enclosure cable while the operating system is running on the system. Removing the cable could result in a foreign configuration when the connection is re-established. You can manage foreign configurations in the following cases: ● All the physical disks in a configuration are removed and re-inserted. ● Some of the physical disks in a configuration are removed and re-inserted.
The Controller Configuration page is displayed. 2. From the Controller drop-down menu, select the controller for which you want to clear the foreign configuration. NOTE: To clear foreign configuration on BOSS controllers, click "Reset Configuration". 3. Click Clear Configuration. 4. Click Apply Based on the selected operation mode, the virtual disks residing on the physical disk is erased.
● It only supports creation of RAID0, RAID1, and RAID10 VDs. ● Enhanced HBA is not supported on PERC 11. Enhanced HBA mode provides the following features: ● ● ● ● ● Create virtual disks with RAID level 0, 1, or 10. Present non-RAID disks to host. Configure a default cache policy for virtual disks as write-back with read ahead. Configure virtual disks and non-RAID disks as valid boot devices.
Switching the controller mode using the iDRAC web interface To switch the controller mode, perform the following steps: 1. In the iDRAC web interface, click Storage > Overview > Controllers. 2. On the Controllers page, click Action > Edit. The Current Value column displays the current setting of the controller. 3. From the drop-down menu, select the controller mode you want to switch to, and click At Next Reboot. Reboot the system for the change to take effect.
NOTE: Detection of failed drives behind SAS HBA controllers is not supported. Monitoring predictive failure analysis on drives Storage management supports Self Monitoring Analysis and Reporting Technology (SMART) on physical disks that are SMARTenabled. SMART performs predictive failure analysis on each disk and sends alerts if a disk failure is predicted. The controllers check physical disks for failure predictions and, if found, pass this information to iDRAC. iDRAC immediately logs an alert.
The status of the controller is affected by the preserved cache. The controller status is displayed as degraded if the controller has preserved cache. Discard the preserved cache is possible only if all of the following conditions are met: ● The controller does not have any foreign configuration. ● The controller does not have any offline or missing virtual disks. ● Cables to any virtual disk are not disconnected.
Inventorying and monitoring PCIe SSDs using web interface To inventory and monitor PCIe SSD devices, in the iDRAC web interface, go to Storage > Overview > Physical Disks. The Properties page is displayed. For PCIe SSDs, the Name column displays PCIe SSD. Expand to view the properties. Inventorying and monitoring PCIe SSDs using RACADM Use the racadm storage get controllers: command to inventory and monitor PCIe SSDs.
1. In the iDRAC Web interface, go to Storage > Overview > Physical Disks. The Setup Physical Disk page is displayed. 2. From the Controller drop-down menu, select the extender to view the associated PCIe SSDs. 3. From the drop-down menus, select Prepare to Remove for one or more PCIe SSDs. If you have selected Prepare to Remove and you want to view the other options in the drop-down menu, then select Action and then click the drop-down menu to view the other options.
Erasing PCIe SSD device data using web interface To erase the data on the PCIe SSD device: 1. In the iDRAC Web interface, go to Storage > Overview > Physical Disks. The Physical Disk page is displayed. 2. From the Controller drop-down menu, select the controller to view the associated PCIe SSDs. 3. From the drop-down menus, select Cryptographic Erase for one or more PCIe SSDs.
● Asset Name Configuring backplane mode The Dell 14 th generation PowerEdge servers supports a new internal storage topology, where two storage controllers (PERCs) can be connected to a set of internal drives through a single expander. This configuration is used for high performance mode with no failover or High Availability (HA) functionality. The expander splits the internal drive array between the two storage controllers.
1. In the iDRAC web interface, go to Configuration > Storage Configuration > Enclosures Configuration. 2. From the Controller menu, select the controller to configure its associated enclosures. 3. From the Action drop-down menu, select Edit Enclosure Mode. The Edit Enclosure Mode page is displayed. 4. In the Current Value column, select the required enclosure mode for the backplane or enclosure.
6. Run the following command to create a job: racadm jobqueue create -s TIME_NOW --realtime A job ID is returned. 7. Run the following command to query the job status: racadm jobqueue view -i JID_xxxxxxxx where, JID_xxxxxxxx is the job ID from step 6. The status is displayed as Pending. Continue to query the job ID until you view the Completed status (this process may take up to three minutes). 8.
In the Storage > Enclosures > Properties page, the Physical Disks Overview section displays the following: ● ● ● ● Slot Empty — If a slot is empty. PCIe Capable — If there are no PCIe capable slots, this column is not displayed. Bus Protocol — If it is a universal backplane with PCIe SSD installed in one of the slots, this column displays PCIe. Hotspare — This column is not applicable for PCIe SSD. NOTE: Hot swapping is supported for universal slots.
Choosing operation mode to apply settings While creating and managing virtual disks, setting up physical disks, controllers, and enclosures or resetting controllers, before you apply the various settings, you must select the operation mode. That is, specify when you want to apply the settings: ● ● ● ● Immediately During the next system reboot At a scheduled time As a pending operation to be applied as a batch as part of a single job.
Configuration jobs are created only on controller. In case of PCIe SSD, job is created on PCIe SSD disk and not on the PCIe Extender. Viewing, applying, or deleting pending operations using web interface 1. In the iDRAC web interface, go to Storage > Overview > Pending Operations. The Pending Operations page is displayed. 2. From the Component drop-down menu, select the controller for which you want to view, commit, or delete the pending operations.
If you have selected Apply Now, At Next Reboot, or At Scheduled Time and then clicked Apply, first the pending operation is created for the selected storage configuration operation. ● If the pending operation is successful and there are no prior existing pending operations, then the job is created. If the job is created successfully, a message indicating that the job ID is created for the selected device is displayed. Click Job Queue to view the progress of the job in the Job Queue page.
Blinking or unblinking component LEDs You can locate a physical disk, virtual disk drive and PCIe SSDs within an enclosure by blinking one of the Light Emitting Diodes (LEDs) on the disk. You must have Login privilege to blink or unblink an LED. The controller must be real-time configuration capable. The real-time support of this feature is available only in PERC 9.1 firmware and later. NOTE: Blink or unblink is not supported for servers without backplane.
18 BIOS Settings You can view multiple attributes, which are being used for a specific server under the BIOS Settings. You can modify different parameters of each attribute from this BIOS configuration setting. Once you select one attribute, it shows different parameters which are related to that specific attribute. You can modify multiple parameters of an attribute and apply changes before modifying a different attribute.
Delete All Pending Values Delete All pending Values button is enabled only when there are pending values based on the recent configuration changes. In case, user decides not to apply the configuration changes, user can click Delete All Pending Values button to terminate all the modifications. In case, the request fails to remove the BIOS attributes, it throws an error with corresponding HTTP Response Status code mapped to SMIL API error or Job Creation error.
BIOS Recovery and Hardware Root of Trust (RoT) For PowerEdge server, it is mandatory to recover from corrupted or damaged BIOS image either due to malicious attack or power surges or any other unforeseeable events. An alternate reserve of BIOS image would be necessary to recover BIOS in order to bring the PowerEdge server back to functional mode from unbootable mode. This alternative/recovery BIOS is stored in a 2nd SPI (mux'ed with primary BIOS SPI).
19 Configuring and using virtual console iDRAC has added an enhanced HTML5 option in vConsole which allows vKVM (virtual Keyboard, Video, and Mouse) over standard VNC client. You can use the virtual console to manage a remote system using the keyboard, video, and mouse on your management station to control the corresponding devices on a managed server. This is a licensed feature for rack and tower servers. It is available by default in blade servers.
Table 57. Keyboard Macros Supported by ActiveX and Java plug-ins (continued) MAC Client Win Client Linux Client PrtScrn - - Alt-PrtScrn - - Pause - - NOTE: For keyboard macros supported in HTML plug-in, see the section HTML5 based virtual console. NOTE: The number of active virtual-console sessions displayed in the web interface is only for active web-interface sessions. This number does not include sessions from other interfaces such as SSH and RACADM.
Maximum virtual console resolutions based on monitor display ratio: ● 16:10 monitor: 1920x1200 will be the max resolution ● 16:9 monitor: 1920x1080 will be the max resolution When a physical monitor is not connected to either VGA port on the server, the OS installed will dictate the available resolutions for virtual console.
● You have administrator privileges. ● Web browser is configured to use HTML5, eHTML5, Java, or ActiveX plug-ins. ● Minimum network bandwidth of one MB/sec is available. NOTE: If the embedded video controller is disabled in BIOS and if you launch the Virtual Console, the Virtual Console Viewer is blank. While launching Virtual Console using 32-bit or 64-bit IE browsers, use HTML5/eHTML5, or use the required plug-in (Java or ActiveX) that is available in the respective browser.
Disabling warning messages while launching virtual console or virtual media using Java or ActiveX plug-in You can disable the warning messages while launching the Virtual Console or Virtual Media using Java plug-in. NOTE: You need Java 8 or later to use this feature and to launch iDRAC Virtual Console over an IPv6 network. 1. Initially, when you launch Virtual Console or Virtual Media using Java plug-in, the prompt to verify the publisher is displayed. Click Yes.
● From iDRAC Home page, click the Start the Virtual Console link available in the Console Preview session ● From iDRAC Virtual Console page, click Start the Virtual Console link. ● From iDRAC login page, type https///console. This method is called as Direct Launch.
■ - Tab - Ctrl+Enter - SysRq - Alt+SysRq - Win-P Aspect Ratio — The eHTML5 virtual console video image automatically adjusts the size to make the image visible. The following configuration options are displayed as a drop-down list: - Maintain Don’t Maintain Click Apply to apply the selected settings on the server. ■ Touch Mode — The eHTML5 virtual console supports the Touch Mode feature.
Supported Browsers The eHTML5 virtual console is supported on the following browsers: ● ● ● ● Internet Explorer 11 Chrome 78/79 Firefox 70/71 Safari 13.1 NOTE: It is recommended to have Mac OS version 10.10.2 (or onward) installed in the system. For more details on supported browsers and versions, see the iDRAC Release Notes available at https://www.dell.com/ idracmanuals.
■ Alt+ESC ■ Ctrl+ESC ■ Alt+Space ■ Alt+Enter ■ Alt+Hyphen ■ Alt+F1 ■ Alt+F2 ■ Alt+F3 ■ Alt+F4 ■ Alt+F5 ■ Alt+F6 ■ Alt+F7 ■ Alt+F8 ■ Alt+F9 ■ Alt+F10 ■ Alt+F11 ■ Alt+F12 ■ PrntScrn ■ Alt+PrntScrn ■ F1 ■ Pause ■ Tab ■ Ctrl+Enter ■ SysRq ■ Alt+SysRq ■ Win-P ○ Aspect Ratio — The HTML5 virtual console video image automatically adjusts the size to make the image visible.
● Keyboard — The difference between physical and virtual keyboard is that virtual keyboard changes its layout according to the browser language. ● Touch Mode — The HTML5 virtual console supports the Touch Mode feature. The following configuration options are displayed as a drop-down list: ○ Direct ○ Relative Click Apply to apply the selected settings on the server. ● Mouse Acceleration — Select the mouse acceleration based on the operating system.
GNOME desktop. For correct mouse synchronization in the iDRAC Virtual Console, this feature must be disabled. To disable Predictable Pointer Acceleration, in the mouse section of the /etc/X11/xorg.conf file, add: Option "AccelerationScheme" "lightweight". If synchronization problems continue, do the following additional change in the /.gconf/desktop/gnome/ peripherals/mouse/%gconf.xml file: Change the values for motion_threshold and motion_acceleration to -1.
○ Next track key ○ Previous track key ○ Stop Media key ○ Play/Pause media key ○ Start mail key ○ Select media key ○ Start Application 1 key ○ Start Application 2 key ● All the individual keys (not a combination of different keys, but a single key stroke) are always sent to the managed system. This includes all the Function keys, Shift, Alt, Ctrl key and Menu keys. Some of these keys affect both management station and managed system.
4. Run break sequence ~B. 5. Use the SysRq magic key to enable the SysRq function. For example, the following command displays the memory information on the console: echo m > /proc/sysrq-trigger displays Using SSH or external serial connector directly connecting through serial cable 1. For SSH sessions, after logging in using the iDRAC username and password, at the /admin> prompt, run the command console com2. The localhost.localdomain prompt appears. 2.
20 Using iDRAC Service Module The iDRAC Service Module is a software application that is recommended to be installed on the server (it is not installed by default). It complements iDRAC with monitoring information from the operating system. It complements iDRAC by providing additional data to work with iDRAC interfaces such as the Web interface, Redfish, RACADM, and WSMan.
NOTE: The installer will be available to the host operating system for 30 minutes. If you do not start the installation within 30 minutes, you must restart the Service Module installation. Installing iDRAC Service Module from iDRAC Enterprise 1. On the SupportAssist Registration wizard, click Next. 2. On the iDRAC Service Module Setup page, click Install Service Module. 3. Click Launch Virtual Console and click Continue on the security warning dialog box. 4.
iDRAC. By default, this monitoring feature is enabled. It is not disabled if OpenManage Server Administrator is installed on the host OS. In iSM version 2.0 or later, the operating system information feature is amended with the OS network interface monitoring. When iDRAC Service Module version 2.0 or later is used with iDRAC 2.00.00.00, it starts monitoring the operating system network interfaces. You can view this information using iDRAC web interface, RACADM, or WSMan.
AttributeName WSMAN-Class Privilege License Read Privileges:Login Password DCIM_iDRACCardS Write Privileges: tring ConfigUsers, Login DCIM_iDRACCardI nteger Write Privileges: ConfigUsers, Login Supported Operation Users.1#UserName to Users.16#UserNam e Basic Users.1#Password Enum, Get, Invoke to Users.16#Password Basic Users.1#Password Enum, Get, Invoke to Users.
For simplicity, iSM provides a shortcut in the Program Menu of the Windows operating system. When you select the Remote iDRAC Hard Reset option, you are prompted for a confirmation to reset the iDRAC. After you confirm, the iDRAC is reset and the result of the operation is displayed. NOTE: The following warning message appears in the Event Viewer under the Application Logs category. This warning does not require any further action.
Command usage This section provides the command usages for Windows, Linux, and ESXi operating systems.
iDRAC access via Host OS By using this feature, you can configure and monitor the hardware parameters through iDRAC Web interface, WSMan, and RedFish interfaces using the host IP address without configuring the iDRAC IP address. You can use the default iDRAC credentials if the iDRAC server is not configured or continue to use the same iDRAC credentials if the iDRAC server was configured earlier.
You can install this feature by using the setup.sh file that is available with the web-pack. This feature is disabled on a default or typical iSM installation. To get the status of this feature, use the following command: Enable-iDRACAccessHostRoute get-status To install, enable, and configure this feature, use the following command: .
○ Reboot ○ Power Off System ○ Power Cycle System This option is disabled if OpenManage Server Administrator is installed on the system. Using iDRAC Service Module from RACADM To use the iDRAC Service Module from RACADM, use the objects in the ServiceModule group. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals.
21 Using USB port for server management On the 14th generation servers, a dedicated micro USB port is available to configure iDRAC. You can perform the following functions using the micro USB port: ● Connect to the system using the USB network interface to access system management tools such as iDRAC web interface and RACADM. ● Configure a server by using SCP files that are stored on a USB drive.
2. Ensure that the USB port is enabled. For more information, see Configuring USB management port settings on page 296. 3. Wait for the laptop to acquire IP address 169.254.0.4. It may take several seconds for the IP addresses to be acquired. iDRAC acquires the IP address 169.254.0.3. 4. Start using iDRAC network interfaces such as the web interface, RACADM, Redfish or WSMan. For example, to access the iDRAC web interface, open a supported browser, and type the address 169.254.0.3 and press enter. 5.
● Enabled only when server has default credential settings ● Enabled only for compressed configuration files ● Enabled For information about the fields, see the iDRAC Online Help. NOTE: iDRAC9 allows you to password protect the compressed file after you select Enabled only for compressed configuration files to compress the file before importing. You can enter a password to secure the file by using Password for Zip file option. 4. Click Apply to apply the settings.
○ ShutdownType – Graceful, Forced, No Reboot. ○ TimeToWait (in secs) – 300 minimum and 3600 maximum. ○ EndHostPowerState – on/off. Example of control.
8. If the USB device is left inserted on the server, the result of the import operation is recorded in the results.xml file in the USB device. LCD messages If the LCD panel is available, it displays the following messages in a sequence: 1. Importing – When the server configuration profile is being copied from the USB device. 2. Applying — When the job is in-progress. 3. Completed — When the job has completed successfully. 4. Completed with errors — When the job has completed with errors. 5.
22 Using Quick Sync 2 With Dell OpenManage Mobile running on an Android or iOS mobile device, you can easily access server directly or through OpenManage Essentials or OpenManage Enterprise (OME) console. It allows you to review server details and inventory, view LC and System Event logs, get automatic notifications on mobile device from an OME console, assign IP address and modify iDRAC password, configure key BIOS attributes, and take remediation actions as needed.
You must have Server Control privilege to configure the settings. A server reboot is not required for the settings to take effect. once configured, you can activate the Quick Sync 2 button on the Left Control Panel. Make sure the Quick Sync light turns on. Then, access the Quick Sync Information via a mobile device. An entry is logged to the Lifecycle Controller log when the configuration is modified. Configuring iDRAC Quick Sync 2 settings using web interface To configure iDRAC Quick Sync 2: 1.
23 Managing virtual media iDRAC provides virtual media with HTML5 based client with local ISO and IMG file, remote ISO and IMG file support. Virtual media allows the managed server to access media devices on the management station or ISO CD/DVD images on a network share as if they were devices on the managed server. You need iDRAC Configure privilege to modify the configuration.
Topics: • • • • • Supported drives and devices Configuring virtual media Accessing virtual media Setting boot order through BIOS Enabling boot once for virtual media Supported drives and devices The following table lists the drives supported through virtual media. Table 60.
Attached media state and system response The following table describes the system response based on the Attached Media setting. Table 61. Attached media state and system response Attached Media State System Response Detach Cannot map an image to the system. Attach Media is mapped even when Client View is closed. Auto-attach Media is mapped when Client View is opened and unmapped when Client View is closed.
1. In the iDRAC web Interface, go to Configuration > Virtual Media. 2. Click Connect Virtual Media. Alternatively, you can also launch the Virtual Media by following these steps: 1. Go to Configuration > Virtual Console. 2. Click Launch Virtual Console. The following message is displayed: Virtual Console has been disabled. Do you want to continue using Virtual Media redirection? 3. Click OK. The Virtual Media window is displayed. 4. From the Virtual Media menu, click Map CD/DVD or Map Removable Disk.
To mount the drivers: 1. On the iDRAC web interface, go to Configuration > Virtual Media. 2. Click Mount Drivers. 3. Select the OS from the pop-up window and click Mount Drivers. NOTE: The Expose duration is 18 hours by default. To unmount the drivers post completion of the mount: 1. Go to Configuration > Virtual Media. 2. Click Unmount Drivers. 3. Click OK on the pop-up window. NOTE: The Mount Drivers option may not be displayed if the driver pack is not available on the system.
The correct file type for CD/DVD is ISO and for removable disk it is IMG. If the image is created in the default path (Desktop), when you select Map Removable Disk, the created image is available for selection in the drop-down menu. If image is created in a different location, when you select Map Removable Disk, the created image is not available for selection in the drop-down menu. Click Browse to specify the image. NOTE: ● Read only option will be grayed out in ehtml5 based JAVA removable media.
2. Press to enter the System Setup page. 3. Go to System BIOS Settings > Boot Settings > BIOS Boot Settings > Boot Sequence. In the pop-up window, the virtual optical drives and virtual floppy drives are listed with the standard boot devices. 4. Make sure that the virtual drive is enabled and listed as the first device with bootable media. If required, follow the on-screen instructions to modify the boot order. 5. Click OK, navigate back to System BIOS Settings page, and click Finish. 6.
24 Managing vFlash SD card NOTE: vFlash is supported on AMD platform servers. The vFlash SD card is a Secure Digital (SD) card that can be ordered and installed from the factory. You can use a card with a maximum of 16 GB capacity. After you insert the card, you must enable vFlash functionality to create and manage partitions. vFlash is a licensed feature. NOTE: There is no limitation of the size of SD card, you can open and replace the factory installed SD card with a higher capacity SD card.
Viewing vFlash SD card properties using web interface To view the vFlash SD card properties, in the iDRAC Web interface, go to Configuration > System Settings > Hardware Settings > vFlash. The Card Properties page is displayed. For information about the displayed properties, see the iDRAC Online Help. Viewing vFlash SD card properties using RACADM To view the vFlash SD card properties using RACADM, use the get command with the following objects: ● ● ● ● ● iDRAC.vflashsd.AvailableSize iDRAC.vflashsd.
Enabling or disabling vFlash functionality using iDRAC settings utility To enable or disable the vFlash functionality: 1. In the iDRAC Settings utility, go to Media and USB Port Settings. The iDRAC Settings . Media and USB Port Settings page is displayed. 2. In the vFlash Media section, select Enabled to enable vFlash functionality or select Disabled to disable the vFlash functionality. 3. Click Back, click Finish, and then click Yes. The vFlash functionality is enabled or disabled based on the selection.
3. To get the last status of all the vflash partitions, use the command:racadm vflashpartition status -a 4. To get the last status of a particular partition, use command:racadm vflashpartition status -i (index) NOTE: If iDRAC is reset, the status of the last partition operation is lost. Managing vFlash partitions You can perform the following using the iDRAC Web interface or RACADM: NOTE: An administrator can perform all operations on the vFlash partitions.
Creating an empty partition using RACADM To create an empty partition: 1. Log in to the system using SSH or Serial console. 2. Enter the command: racadm vflashpartition create -i 1 -o drive1 -t empty -e HDD -f fat16 -s [n] where [n] is the partition size. By default, an empty partition is created as read-write. If the share is not configured using Username / Password, you need to specify the parameters as -u anonymous -p anonymous .
Creating a partition from an image file using RACADM To create a partition from an image file using RACADM: 1. Log in to the system using SSH or Serial console. 2. Enter the command racadm vflashpartition create –i 1 –o drive1 –e HDD –t image –l //myserver/ sharedfolder/foo.iso –u root –p mypassword By default, the created partition is read-only. This command is case sensitive for the image file name extension. If the file name extension is in upper case, for example FOO.ISO instead of FOO.
Viewing available partitions using RACADM To view the available partitions and their properties using RACADM: 1. Open a SSH or Serial console to the system and log in. 2. Enter the following commands: ● To list all existing partitions and its properties: racadm vflashpartition list ● To get the status of operation on partition 1: racadm vflashpartition status -i 1 ● To get the status of all existing partitions: racadm vflashpartition status -a NOTE: The -a option is valid only with the status action.
● Using set command to specify the Emulation type: racadm set iDRAC.vflashpartition..EmulationType Attaching or detaching partitions When you attach one or more partitions, they are visible to the operating system and BIOS as USB mass storage devices. When you attach multiple partitions, based on the assigned index, they are listed in an ascending order in the operating system and the BIOS boot order menu.
● The vFlash partition label is different from the volume name of the file system on the emulated USB device. You can change the volume name of the emulated USB device from the operating system. However, it does not change the partition label name stored in iDRAC. Deleting existing partitions Before deleting existing partition(s), make sure that: ● ● ● ● The vFlash functionality is enabled. The card is not write-protected. The partition is not attached.
NOTE: If only the folder location is specified, then the partition label is used as the file name, along with the extension .iso for CD and Hard Disk type partitions, and .img for Floppy and Hard Disk type partitions. Booting to a partition You can set an attached vFlash partition as the boot device for the next boot operation. Before booting a partition, make sure that: ● The vFlash partition contains a bootable image (in the .img or .iso format) to boot from the device.
25 Using SMCLP NOTE: SMCLP is only supported in iDRAC versions earlier than 4.00.00.00. The Server Management Command Line Protocol (SMCLP) specification enables CLI-based systems management. It defines a protocol for management commands transmitted over standard character oriented streams. This protocol accesses a Common Information Model Object Manager (CIMOM) using a human-oriented command set.
● yx2x blade, rack, and tower servers use admin->. where, y is an alpha-numeric character such as M (for blade servers), R (for rack servers), and T (for tower servers) and x is a number. This indicates the generation of Dell PowerEdge servers. NOTE: Scripts using -$ can use these for yx1x systems, but starting with yx2x systems one script with admin-> can be used for blade, rack, and tower servers.
Table 63.
Table 63.
Table 63. SMCLP targets (continued) Target admin1/system1/sp1/rolesvc3/Role1-3 admin1/system1/sp1/rolesvc3/Role1-3/ privilege1 Definitions CLP role CLP role privilege Navigating the map address space Objects that can be managed with SM-CLP are represented by targets arranged in a hierarchical space called the Manageability Access Point (MAP) address space. An address path specifies the path from the root of the address space to an object in the address space.
clpxml format is an XML document containing a response XML element. The DMTF has specified the clpcsv and clpxml formats and their specifications can be found on the DMTF website at dmtf.org.
MaxNumberOfRecords = 512 CurrentNumberOfRecords = 5 Name = IPMI SEL EnabledState = 2 OperationalState = 2 HealthState = 2 Caption = IPMI SEL Description = IPMI SEL ElementName = IPMI SEL Commands: cd show help exit version ● To view the SEL record: show/system1/logs1/log1 The following output is displayed: /system1/logs1/log1/record4 Properties: LogCreationClassName= CIM_RecordLog CreationClassName= CIM_LogRecord LogName= IPMI SEL RecordID= 1 MessageTimeStamp= 20050620100512.
cd logs1/log1 show ● To display current target: type cd . ● To move up one level: type cd ..
26 Deploying operating systems You can use any of the following utilities to deploy operating systems to managed systems: ● Remote File Share ● Console Topics: • • • Deploying operating system using remote file share Deploying operating system using virtual media Deploying embedded operating system on SD card Deploying operating system using remote file share Before you deploy the operating system using Remote File Share (RFS), make sure that: ● Configure User and Access Virtual Media privileges for iDRA
Virtual Media is detached or redirected for the selected virtual drive. The connection status for RFS is available in iDRAC log. Once connected, an RFS-mounted virtual drive does not disconnect even if you log out from iDRAC. The RFS connection is closed if iDRAC is reset or the network connection is dropped. The Web interface and command-line options are also available in CMCOME Modular and iDRAC to close the RFS connection. The RFS connection from CMC always overrides an existing RFS mount in iDRAC.
NOTE: The characters allowed in user names and passwords for network shares are determined by the network-share type. iDRAC supports valid characters for network share credentials as defined by the share type, except <, >, and , (comma). 4. Click Apply and then click Connect. After the connection is established, the Connection Status displays Connected. NOTE: Even if you have configured remote file sharing, the Web interface does not display user credential information due to security reasons.
● Virtual Media is in Attached state for the virtual drives to appear in the boot sequence. ● If Virtual Media is in Auto Attached mode, the Virtual Media application must be launched before booting the system. ● Network share contains drivers and operating system bootable image file, in an industry standard format such as .img or .iso. To deploy an operating system using Virtual Media: 1.
27 Troubleshooting managed system using iDRAC You can diagnose and troubleshoot a remote managed system using: ● ● ● ● ● ● ● ● ● Diagnostic console Post code Boot and crash capture videos Last system crash screen System event logs Lifecycle logs Front panel status Trouble indicators System health Topics: • • • • • • • • • • • • Using diagnostic console Viewing post codes Viewing boot and crash capture videos Viewing logs Viewing last system crash screen Viewing System status Hardware trouble indicators V
● Click Reset iDRAC to Default Settings to reset the iDRAC to the default settings. After you click Reset iDRAC to Default Settings,Reset iDRAC to factory default window is displayed. This action reset the iDRAC to the factory defaults. Chose any of the following options: a. Preserve user and network settings. b. Discard all settings and reset users to the shipping value (root/shipping value). c. Discard all settings and reset username and password. 2. A warning message is displayed.
For more information about the options, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. Viewing post codes Post codes are progress indicators from the system BIOS, indicating various stages of the boot sequence from power-on-reset, and allows you to diagnose any faults related to system boot-up. The Post Codes page displays the last system post code prior to booting the operating system. To view the Post Codes, go to Maintenance > Troubleshooting > Post Code.
Viewing logs You can view System Event Logs (SELs) and Lifecycle logs. For more information, see Viewing System Event Log and Viewing Lifecycle log. Viewing last system crash screen The last crash screen feature captures a screenshot of the most recent system crash, saves, and displays it in iDRAC. This is a licensed feature. To view the last crash screen: 1. Make sure that the last system crash screen feature is enabled. 2.
Viewing system front panel LED status To view the current system ID LED status, in iDRAC web interface, go to System > Overview > Front Panel. The Front Panel section displays the current front panel status: ● ● ● ● Solid blue — No errors present on the managed system. Blinking blue — Identify mode is enabled (regardless of managed system error presence). Solid amber — Managed system is in failsafe mode. Blinking amber — Errors present on managed system.
Checking server status screen for error messages When a flashing amber LED is blinking, and a particular server has an error, the main Server Status Screen on the LCD highlights the affected server in orange. Use the LCD navigation buttons to highlight the affected server, then click the center button. Error and warning messages will be displayed on the second line. For the list of error messages displayed on the LCD panel, see the server’s Owner’s Manual.
● diag — Embedded Diagnostics ● drvpack — Embedded OS Driver Pack ● lcdata — Clear the Lifecycle Controller Data ● idrac — iDRAC reset to default ● ● ● ● ● overwritepd — Overwrite hard drives that do not support Instant Secure Erase (ISE) percnvcache — Reset controller cache vflash — Reset vFLASH secureerasepd — Erase Hard Drives, SSDs, and NVMes that support ISE allapps — Clears all OS applications NOTE: If SEKM is enabled on the server, then disable SEKM using the racadm sekm disable command before using
28 SupportAssist Integration in iDRAC SupportAssist allows you to create SupportAssist collections and utilize other SupportAssist features to monitor your system and datacenter. iDRAC provides an application interfaces for gathering platform information that enables support services to resolve platform and system problems.
enter the Dispatch information during the SupportAssist registration process to enable auto dispatch workflow. If onsite support is required along with dispatch parts then select Parts Dispatch with Onsite Support. NOTE: Auto dispatch is enabled in systems with iDRAC Service Module (iSM) v3.4.0 for Windows. Future iSM releases will support auto dispatch for additional operating systems. Dispatch Address Enter an address and the preferred contact hours.
Generating SupportAssist Collection For generating the OS and Application logs: ● iDRAC Service Module must be installed and running in Host Operating System. ● OS Collector, which comes factory installed in iDRAC, if removed must be installed in iDRAC.
NOTE: If Save to Network is selected, and no default location is available, the provided network details will be saved as default location for future collections. If default location already exist, then the collection will use the details specified once only. If Save to Network option is selected, the user provided network details is saved as defaults (if no prior network share location have been saved) for any future collections. 7. Click Collect to proceed with Collection generation. 8.
29 Frequently asked questions This section lists the frequently asked questions for the following: ● ● ● ● ● ● ● ● ● ● ● ● ● System Event Log Network security Active Directory Single Sign On Smart card login Virtual console Virtual media vFlash SD card SNMP authentication Storage devices iDRAC Service Module RACADM Miscellaneous Topics: • • • • • • • • • • • • • • • • • System Event Log Custom sender email configuration for iDRAC alerts Network security Telemetry streaming Active Directory Single Sign-On
Custom sender email configuration for iDRAC alerts Alert generated email is not from Custom sender email set on Cloud based email service. You need to register your cloud email through this process : Support.google.com. Network security While accessing the iDRAC Web interface, a security warning is displayed stating that the SSL certificate issued by the Certificate Authority (CA) is not trusted.
Active Directory Active Directory login failed. How to resolve this? To diagnose the problem, on the Active Directory Configuration and Management page, click Test Settings. Review the test results and fix the problem. Change the configuration and run the test until the test user passes the authorization step. In general, check the following: ● While logging in, make sure that you use the correct user domain name and not the NetBIOS name.
If you are using extended schema, the Global Catalog Address is not used. How does standard schema query work? iDRAC connects to the configured domain controller address(es) first. If the user and role groups are in that domain, the privileges are saved. If Global Controller Address(es) is configured, iDRAC continues to query the Global Catalog. If additional privileges are retrieved from the Global Catalog, these privileges are accumulated. Does iDRAC always use LDAP over SSL? Yes.
6. Click OK. You can now log in to iDRAC using SSO. Perform the following additional settings for Extended Schema: 1. In the Local Group Policy Editor window, navigate to Local Computer Settings > Windows Settings > Security Settings > Local Policies > Security Options . 2. Right-click Network Security: Restrict NTLM: Outgoing NTLM traffic to remote server and select Properties. 3. Select Allow all, click OK, and close the Local Group Policy Editor window. 4. Go to Start and run cmd.
Does switching off the local video also switch off the local keyboard and mouse? No. Does turning off the local console turn off the video on the remote console session? No, turning the local video on or off is independent of the remote console session. What privileges are required for an iDRAC user to turn on or turn off the local server video? Any user with iDRAC configuration privileges can turn on or turn off the local console.
It is recommended to have a 5 MBPS connection for good performance. A 1 MBPS connection is required for minimal performance. What is the minimum system requirements for the management station to run Virtual Console? The management station requires an Intel Pentium III 500 MHz processor with at least 256 MB of RAM. Why does Virtual Console Viewer window sometimes displays No Signal message? You may see this message because the iDRAC Virtual Console plug-in is not receiving the remote server desktop video.
5. Press Print Screen+Ctrl+Alt. NOTE: The SysRq feature is currently not supported with Internet Explorer and Java. Why is the "Link Interrupted" message displayed at the bottom of the Virtual Console? When using the shared network port during a server reboot, iDRAC is disconnected while BIOS is resetting the network card. This duration is longer on 10 Gb cards, and is also exceptionally long if the connected network switch has Spanning Tree Protocol (STP) enabled.
● A USB key image How to make the USB key a bootable device? You can also boot with a Windows 98 startup disk and copy system files from the startup disk to the USB key. For example, from the DOS prompt, type the following command: sys a: x: /s where, x: is the USB key that is required to be set as a bootable device. The Virtual Media is attached and connected to the remote floppy.
It resets the remote and local USB devices connected to the server. How to maximize Virtual Media performance? To maximize Virtual Media performance, launch the Virtual Media with the Virtual Console disabled or do one of the following: ● Change the performance slider to Maximum Speed. ● Disable encryption for both Virtual Media and Virtual Console. NOTE: In this case, the data transfer between managed server and iDRAC for Virtual Media and Virtual Console will not be secured.
1. Go to Storage > Overview > Enclosures 2. Select the enclosure. 3. Under Advanced Properties, ensure that the value for Redundant Path is set to Present, then IOM restoration is confirmed. GPU (Accelerators) Accelerators section under CPU/Accelerators in iDRAC GUI is grayed out. Few pages in GUI may not show expected response when respective attribute is disabled in Redfish.
Table 64. Example of a routing order Destination Gateway Genmask Flags Metric Ref Use Iface default 10.94.148.1 0.0.0.0 UG 1024 0 0 em1 10.94.148.0 0.0.0.0 255.255.255.0 U 0 0 0 em1 link-local 0.0.0.0 255.255.255.0 U 0 0 0 em1 link-local 0.0.0.0 255.255.255.0 U 0 0 0 enp0s20u12u3 In the example enp0s20u12u3 is the USB NIC interface. The link-local destination mask is repeated and the USB NIC is not the first one in the order.
To see the list of Linux-dependent packages, see the Linux Dependencies section in the iDRAC Service Module User's Guide available at https://www.dell.com/idracmanuals.
Permanently setting the default password to calvin If your system shipped with a unique default iDRAC password but you want to set calvin as the default password, you must use the jumpers available on the system board. CAUTION: Changing the jumper settings permanently changes the default password to calvin. You cannot revert to the unique password even if you reset iDRAC to factory settings. For information about the jumper location and the procedure, see the documentation for your server at https://www.
Use the command: racadm getsysinfo For example: $ racadm getniccfg -m server-1 DHCP Enabled = 1 IP Address = 192.168.0.1 Subnet Mask = 255.255.255.0 Gateway = 192.168.0.1 ● Using LCD: On the main menu, highlight the server, press the check button, select the required server, and press the check button. How to find an iDRAC IP address for a blade server ? NOTE: The OME-Modular web interface option is applicable only for MX platforms. ● Using OME-Modular web interface: Go to Devices > Compute.
● From iDRAC web interface: Go to iDRAC Settings > Management Module. The Managment Module page displays the OME Modular IP address. How to find iDRAC IP address for rack and tower server? ● From Local RACADM: Use the command racadm getsysinfo. ● From LCD: On the physical server, use the LCD panel navigation buttons to view the iDRAC IP address. Go to Setup View > View > iDRAC IP > IPv4 or IPv6 > IP.
How to change the name of the slot for the system in a chassis? NOTE: Not applicable for MX platforms. 1. Log in to CMC web interface and go to Chassis > Servers > Setup. 2. Enter the new name for the slot in the row for your server and click Apply. iDRAC on blade server is not responding during boot. Remove and reinsert the server. Check CMC (not for MX platforms), and OME Modular (Applicable for MX platforms) web interface to see if iDRAC is displayed as an upgradable component.
Figure 5. Configuring iDRAC interface to DHCP mode in Ubuntu Model, Manufacturer and other properties are not listing for Embedded Network Adapters in Redfish FRU details for embedded devices will not be displayed. There will not be any FRU object for devices which are embedded on Motherboard. Hence dependent property will not be there.
30 Use case scenarios This section helps you in navigating to specific sections in the guide to perform typical use case scenarios.
● In iDRAC Web interface, go to Overview > Summary to view the system information and access various links on this page to asses system health. For example, you can check the health of the chassis fan. ● You can also configure the chassis locator LED and based on the color, assess the system health. ● If iDRAC Service Module is installed, the operating system host information is displayed. Setting up alerts and configuring email alerts To set up alerts and configure email alerts: 1. Enable alerts. 2.
● Configuring local users ● Configuring active directory users ● Configuring generic LDAP users Launching servers remote console and mounting a USB drive To launch the remote console and mount a USB drive: 1. Connect a USB flash drive (with the required image) to the management station. 2. Use the following method to launch virtual console through the iDRAC Web Interface: ● Go to Dashboard > Virtual Console and click Launch Virtual Console. The Virtual Console Viewer is displayed. 3.
4. Edit the I/O Identity optimization settings in the SCP file. 5. Import the SCP file to iDRAC.