Integrated Dell Remote Access Controller 9 User's Guide December 2020 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2020 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents Chapter 1: Overview of iDRAC......................................................................................................16 Benefits of using iDRAC................................................................................................................................................... 16 Key features........................................................................................................................................................................
Resetting default iDRAC password remotely....................................................................................................... 46 Changing the default login password........................................................................................................................... 46 Changing the default login password using web interface............................................................................... 46 Changing the default login password using RACADM................
Rollback firmware using RACADM.......................................................................................................................... 85 Rollback firmware using Lifecycle Controller....................................................................................................... 85 Rollback firmware using Lifecycle Controller-Remote Services...................................................................... 85 Recovering iDRAC.......................................................
Enabling or disabling OS to iDRAC Pass-through using iDRAC settings utility.......................................... 105 Obtaining certificates..................................................................................................................................................... 105 SSL server certificates.............................................................................................................................................106 Generating a new certificate signing request..
Communicating with iDRAC using IPMI over LAN...................................................................................................133 Configuring IPMI over LAN using web interface................................................................................................133 Configuring IPMI over LAN using iDRAC settings utility.................................................................................. 133 Configuring IPMI over LAN using RACADM.........................................
Enabling or disabling smart card login using RACADM.....................................................................................168 Enabling or disabling smart card login using iDRAC settings utility...............................................................168 Configuring Smart Card Login......................................................................................................................................169 Configuring iDRAC smart card login for Active Directory users...........
Actions on a selected Server........................................................................................................................................ 189 iDRAC Group Firmware Update................................................................................................................................... 190 Chapter 13: Managing logs..........................................................................................................191 Viewing System Event Log.....................
Monitoring SFP Transceiver devices using web interface..............................................................................206 Monitoring SFP Transceiver devices using RACADM......................................................................................206 Telemetry Streaming......................................................................................................................................................206 Serial Data Capture...............................................
Switching the controller mode...............................................................................................................................253 12 Gbps SAS HBA adapter operations................................................................................................................. 254 Monitoring predictive failure analysis on drives.................................................................................................255 Controller operations in non-RAID mode or HBA mode.
Installing iDRAC Service Module................................................................................................................................. 285 Installing iDRAC Service Module from iDRAC Express and Basic................................................................. 285 Installing iDRAC Service Module from iDRAC Enterprise.................................................................... 286 Supported operating systems for iDRAC Service Module.......................................
Formatting a partition............................................................................................................................................... 313 Viewing available partitions..................................................................................................................................... 313 Modifying a partition.................................................................................................................................................
Reset to Custom Defaults (RTD)................................................................................................................................335 Resetting iDRAC using iDRAC web interface.....................................................................................................335 Resetting iDRAC using RACADM..........................................................................................................................335 Erasing system and user data......................
Installing bare metal OS using attached virtual media and remote file share.................................................. 362 Managing rack density...................................................................................................................................................362 Installing new electronic license..................................................................................................................................
1 Overview of iDRAC The Integrated Dell Remote Access Controller (iDRAC) is designed to make you more productive as a system administrator and improve the overall availability of Dell EMC servers. iDRAC alerts you to system issues, helps you to perform remote management, and reduces the need for physical access to the system. iDRAC technology is part of a larger data center solution that increases availability of business critical applications and workloads.
Key features The key features of iDRAC include: NOTE: Some features are available only with iDRAC Enterprise or Datacenter license. For information on the features available for a license, see iDRAC licenses on page 23. Inventory and Monitoring ● Telemetry data streaming. ● View managed server health. ● Inventory and monitor network adapters and storage subsystem (PERC and direct attached storage) without any operating system agents. ● View and export system inventory.
○ Set the backplane mode (unified or split mode). ○ Blink or unblink component LEDs. ○ Apply the device settings immediately, at next system reboot, at a scheduled time, or as a pending operation to be applied as a batch as part of the single job. Update ● Manage iDRAC licenses. ● Update BIOS and device firmware for devices supported by Lifecycle Controller. ● Update or rollback iDRAC firmware and Lifecycle Controller firmware using a single firmware image. ● Manage staged updates.
● SNMPv3 authentication for user accounts stored locally in the iDRAC. It is recommended to use this, but it is disabled by default. ● User ID and password configuration. ● Default login password modification. ● Set user passwords and BIOS passwords using one-way hash format for improved security. ● FIPS 140-2 Level 1 capability. ● Session time-out configuration (in seconds). ● Configurable IP ports (for HTTP, HTTPS, SSH, Virtual Console, and Virtual Media).
○ Automatic Certificate Enrollment Enhancements (requires iDRAC Datacenter License) ○ Integrate RSA SecurID Client into iDRAC for 2FA (requires iDRAC Datacenter License) ○ Compliance with STIG requirement – “network device must authenticate NTP” ○ Removal of Telnet and TLS 1.0 from web server ● Platform feature support ○ BOSS 1.5 updates ○ Infiniband support In 4.40.00.
Firmware version 4.20.20.20 Following features were added in this release: Power Supply Unit (PSU) ● Support for 1100W ~48W DC PSU. ● Removed 4S PSU restriction. NICs ● Support (4x 10/25 SFP28) OCP 3.0 Dell part # JTK7F - Broadcom. ● Support (4x10/25) MX Mezz, Dell part # DCWFP - Broadcom and MX 25G Quad port on MX platform. ● Support for adding Broadcom 10GbE NIC card support to R340. Accelerators and CPU's ● Support for 2 new GPU cards to the Precision 7920 Rack (Navi10DT/W5700, Navi14DT/W5500).
Features supported with Enterprise license ● Secure Enterprise Key Management (SEKM) — Added support for Vormetric Data Security Manager. Features supported with Datacenter license ● BIOS live scanning — Only for AMD systems. Firmware version 4.00.00.00 This release includes all the features from the previous releases. Following are the new features that are added in this release: NOTE: For information about supported systems, refer to the respective version of Release Notes available at https:// www.
○ Multiple IP filtering ranges using RACADM commands only ○ iDRAC user password maximum length extended to 40 characters ○ SSH Public Keys through SCP ○ Customizable Security banner to SSH login ○ Force Change Password (FCP) for login ● Storage and Storage Controllers ○ Enable PERC to switch to SEKM encryption mode How to use this guide The contents of this user's guide enable you to perform various tasks using: ● iDRAC web interface — Only the task-related information is provided here.
● Perpetual—The license is bound to the Service Tag and is permanent.
From the left pane, click the Products or Order History tab to view the list of your products. Subscription-based products are listed under Billing accounts tab. To download the license key from your Dell Digital Locker account: 1. Sign in to your Dell Digital Locker account. 2. From the left pane, click Products. 3. Click the product that you want to view. 4. Click the product name. 5. On theProduct management page, click Get Key. 6. Follow the instructions on the screen to obtain the license key.
Licensed features in iDRAC9 The following table lists iDRAC9 features that are enabled based on the license purchased: Table 2. Licensed features in iDRAC9 Feature iDRAC iDRAC9 9 Basic Express iDRAC9 Express for Blades iDRAC9 Enterprise iDRAC9 Datacenter iDRAC RESTful API and Redfish Yes Yes Yes Yes Yes IPMI 2.0 Yes Yes Yes Yes Yes DCMI 1.
Table 2.
Table 2. Licensed features in iDRAC9 (continued) Feature iDRAC iDRAC9 9 Basic Express iDRAC9 Express for Blades iDRAC9 Enterprise iDRAC9 Datacenter Virtual Flash partitions No No Yes Yes No NOTE: vFlash is not available in iDRAC9 for PowerEdge Rx5xx/Cx5xx.
Table 2.
Table 2.
Table 2.
Table 3. Interfaces and protocols to access iDRAC (continued) Interface or Protocol Description Lifecycle Controller (F10) Use Lifecycle Controller to perform iDRAC configurations. To access Lifecycle Controller, press during boot and go to System Setup > Advanced Hardware Configuration > iDRAC Settings. For more information, see Lifecycle Controller User’s Guide available at dell.com/ idracmanuals. iDRAC Web Interface Use the iDRAC web interface to manage iDRAC and monitor the managed system.
Table 3. Interfaces and protocols to access iDRAC (continued) Interface or Protocol Description ● You do not have to specify the iDRAC IP, user name, or password to run the firmware RACADM commands. After you enter the RACADM prompt, you can directly run the commands without the racadm prefix. iDRAC RESTful API and The Redfish Scalable Platforms Management API is a standard defined by the Distributed Redfish Management Task Force (DMTF).
iDRAC port information The following table lists the ports that are required to remotely access iDRAC through firewall. These are the default ports iDRAC listens to for connections. Optionally, you can modify most of the ports. To modify ports, see Configuring services on page 96. Table 4.
Table 5. Ports iDRAC uses as client (continued) Port number Type Function Configurable port Maximum Encryption Level NOTE: When node initiated discovery or Group Manager is enabled, iDRAC uses mDNS to communicate through port 5353. However, when both are disabled, port 5353 is blocked by iDRAC's internal firewall and appears as open|filtered port in the port scans.
Accessing documents from Dell support site You can access the required documents in one of the following ways: ● Using the following links: ○ For all Enterprise Systems Management and OpenManage Connections documents — https://www.dell.com/ esmmanuals ○ For OpenManage documents — https://www.dell.com/openmanagemanuals ○ For iDRAC and Lifecycle Controller documents — https://www.dell.com/idracmanuals ○ For Serviceability Tools documents — https://www.dell.
2 Logging in to iDRAC You can log in to iDRAC as an iDRAC user, a Microsoft Active Directory user, or a Lightweight Directory Access Protocol (LDAP) user. You can also log in using OpenID Connect and Single Sign-On or Smart Card. To improve security, each system is shipped with a unique password for iDRAC, which is available on the system information tag. This unique password improves security of iDRAC and your server. The default user name is root.
• • • • • • • Secure default password Changing the default login password Enabling or disabling default password warning message Password Strength Policy IP Blocking Enabling or disabling OS to iDRAC Pass-through using web interface Enabling or disabling alerts using RACADM Force Change of Password (FCP) The 'Force Change of Password' feature prompts you to change the factory default password of the device. The feature can be enabled as part of factory configuration.
NOTE: RSA feature can be configured and enabled for LDAP user, but the RSA does not support if the LDAP is configured on Microsoft active directory. Hence LDAP user login fails. RSA is supported only for OpenLDAP. To log in to iDRAC as local user, Active Directory user, or LDAP user: 1. Open a supported web browser. 2. In the Address field, type https://[iDRAC-IP-address] and press Enter.
Logging in to iDRAC as an Active Directory user using a smart card Before you log in as an Active Directory user using smart card, ensure that you: ● Upload a Trusted Certificate Authority (CA) certificate (CA-signed Active Directory certificate) to iDRAC. ● Configure the DNS server. ● Enable Active Directory login. ● Enable smart card login. To log in to iDRAC as an Active Directory user using smart card: 1. Log in to iDRAC using the link https://[IP address].
If the server is removed from the chassis, iDRAC IP address is changed, or there is a problem in iDRAC network connection, the option to Launch iDRAC is grayed-out in the CMC web interface. For more information, see the Chassis Management Controller User's Guide available at https://www.dell.com/cmcmanuals. Accessing iDRAC using remote RACADM You can use remote RACADM to access iDRAC using RACADM utility. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals.
● The 2FA code expires after 10 minutes or is invalidated if it is already consumed before expiry. ● If a user attempts to login from another location with a different IP-Address while a pending 2FA challenge for the original IP-Address is still outstanding, the same token will be sent for login attempt from the new IP address. ● The feature is supported with iDRAC Enterprise license.
You get the Next Token from RSA SecurID Token app by clicking on Options. Check Next Token, and the next passcode is available. Time is critical in this step. Otherwise, iDRAC may fail the verification of the next token. If the iDRAC user login session times out, it requires another attempt to log in If a wrong passcode is entered, the RSA AM server will challenge the user to provide the "Next Token." This challenge happens even though the user may have later entered the correct passcode.
where IP_address is the IP address of the iDRAC. Sending RACADM commands: ssh username@ racadm getversion ssh username@ racadm getsel Multiple iDRAC sessions The following table provides the number of iDRAC sessions that are possible using the various interfaces. Table 7. Multiple iDRAC sessions Interface Number of Sessions iDRAC Web Interface 8 Remote RACADM 4 Firmware RACADM SSH - 4 Serial - 1 iDRAC allows multiple sessions for the same user.
Resetting default password using the iDRAC Settings utility You can access the iDRAC settings utility using the System Setup of your server. Using the iDRAC reset to defaults all feature, you can reset the iDRAC login credentials to default. WARNING: Resetting iDRAC to default all, resets the iDRAC to the factory defaults. To reset iDRAC using iDRAC Settings utility: 1. 2. 3. 4. 5. Reboot the server and press . In the System Setup page, click iDRAC Settings.
Resetting default iDRAC password remotely If you do not have physical access to the system, you can reset the default password remotely. Remote — Provisioned system If you have an operating system installed on the system, use a remote desktop client to log in to the server. After you log into the server, use any of the local interfaces such as RACADM or web interface to change the password.
NOTE: For information on recommended characters for user names and passwords, see Recommended characters in user names and passwords on page 143. Changing the default login password using iDRAC settings utility To change the default login password using iDRAC settings utility: 1. In the iDRAC Settings utility, go to User Configuration. The iDRAC Settings User Configuration page is displayed. 2. In the Change Password field, enter the new password.
As consecutive login failures accumulate from a specific IP address, they are tracked by an internal counter. When the user logs in successfully, the failure history is cleared and the internal counter is reset. NOTE: When consecutive login attempts are refused from the client IP address, some SSH clients may display the following message: ssh exchange identification: Connection closed by remote host . NOTE: IP blocking feature supports upto 5 IP ranges. You can see / set these only via RACADM. Table 8.
NOTE: If the VLAN is enabled on the iDRAC, the LOM-Passthrough will only function in shared LOM mode with VLAN tagging configured on the host. NOTE: ● When Pass-through mode is set to LOM, it is not possible to launch iDRAC from host OS after cold boot. ● We have purposefully removed the LOM Pass-through using Dedicated mode feature. 5. If you select USB NIC as the pass-through configuration, enter the IP address of the USB NIC. The default value is 169.254.1.1.
3 Setting up managed system If you need to run local RACADM or enable Last Crash Screen capture, install the following from the Dell Systems Management Tools and Documentation DVD: ● Local RACADM ● Server Administrator For more information about Server Administrator, see OpenManage Server Administrator User's Guide available at https:// www.dell.com/openmanagemanuals.
Setting up iDRAC IP using iDRAC settings utility To set up the iDRAC IP address: 1. Turn on the managed system. 2. Press during Power-on Self-test (POST). 3. In the System Setup Main Menu page, click iDRAC Settings. The iDRAC Settings page is displayed. 4. Click Network. The Network page is displayed. 5. Specify the following settings: ● ● ● ● ● ● Network Settings Common Settings IPv4 Settings IPv6 Settings IPMI Settings VLAN Settings 6. Click Back, click Finish, and then click Yes.
● Chassis (Dedicated): Enables the remote access device to use the dedicated network interface available on the Remote Access Controller (RAC). This interface is not shared with the host operating system and routes the management traffic to a separate physical network, enabling it to be separated from the application traffic. This option implies that iDRAC's dedicated network port routes its traffic separately from the server's LOM or NIC ports.
Configuring the IPv4 settings To configure the IPv4 settings: 1. Select Enabled option under Enable IPv4. NOTE: In the 14th generation of the PowerEdge servers, DHCP is enabled by default. 2. Select Enabled option under Enable DHCP, so that DHCP can automatically assign the IP address, gateway, and subnet mask to iDRAC. Else, select Disabled and enter the values for: ● Static IP Address ● Static Gateway ● Static Subnet Mask 3.
2. In the VLAN ID box, enter a valid number from 1 to 4094. 3. In the Priority box, enter a number from 0 to 7 to set the priority of the VLAN ID. NOTE: After enabling VLAN, the iDRAC IP is not accessible for some time. Setting up iDRAC IP using the CMC web interface To set up the iDRAC IP address using the Chassis Management Controller (CMC) Web interface: NOTE: You must have Chassis Configuration Administrator privilege to set up iDRAC network settings from CMC.
2.
To enable provisioning server using iDRAC Settings utility: 1. Turn on the managed system. 2. During POST, press F2, and go to iDRAC Settings > Remote Enablement. The iDRAC Settings Remote Enablement page is displayed. 3. Enable auto-discovery, enter the provisioning server IP address, and click Back. NOTE: Specifying the provisioning server IP is optional. If it is not set, it is discovered using DHCP or DNS settings (step 7). 4. Click Network. The iDRAC Settings Network page is displayed. 5. Enable NIC.
-u (Username): username that has access to network share. This is a mandatory field for CIFS. -p (Password): user password that has access to network share. This is a mandatory field for CIFS. -d (ShutdownType): either 0 for graceful or 1 for forced (default setting: 0). This is an optional field. -t (Timetowait): time to wait for the host to shutdown (default setting: 300). This is an optional field. -e (EndHostPowerState): either 0 for OFF or 1 for ON (default setting 1). This is an optional field.
5. The DHCP server matches the vendor class to the vendor option in the dhcpd.conf file and sends the SCP file location and, if specified the SCP file name to the iDRAC. 6. The iDRAC processes the SCP file and configures all the attributes listed in the file. DHCP options DHCPv4 allows many globally defined parameters to be passed to the DHCP clients. Each parameter is known as a DHCP option. Each option is identified with an option tag, which is a 1-byte value.
5. In the Display name: field, type iDRAC. 6. In the Description: field, type Vendor Class. 7. Click in the ASCII: section and type iDRAC. 8. Click OK and then Close. 9. On the DHCP window, right-click IPv4 and select Set Predefined Options. 10. From the Option class drop-down menu, select iDRAC (created in step 4) and click Add. 11. In the Option Type dialog box, enter the following information: ● ● ● ● Name — iDRAC Data Type — String Code — 060 Description — Dell vendor class identifier 12.
2. Set the option 43 and use the name vendor class identifier for option 60. option myname code 43 = text; subnet 192.168.0.0 netmask 255.255.0.0 { #default gateway option routers 192.168.0.1; option subnet-mask 255.255.255.0; option nis-domain "domain.org"; option domain-name "domain.org"; option domain-name-servers 192.168.1.1; option time-offset -18000; # Eastern Standard Time option vendor-class-identifier "iDRAC"; set vendor-string = option vendor-class-identifier; option myname "-f system_config.
Prerequisites before enabling Auto Config Before enabling the Auto config feature, make sure that following are already set: ● Supported network share (NFS, CIFS, HTTP and HTTPS) is available on the same subnet as the iDRAC and DHCP server. Test the network share to ensure that it can be accessed and that the firewall and user permissions are set correctly. ● Server configuration profile is exported to the network share.
If the password of the iDRAC user account is set with the SHA256 password hash only and not the other hashes (SHA1v3Key or MD5v3Key or IPMIKey), then authentication through SNMP v3 and IPMI is not available. Hash password using RACADM To set hash passwords, use the following objects with the set command: ● iDRAC.Users.SHA256Password ● iDRAC.Users.SHA256PasswordSalt NOTE: SHA256Password and SHA256PasswordSalt fields are reserved for XML import and do not set them using command line tools.
NOTE: If you wish to clear a previously salted password, then ensure that the password-salt is explicitly set to an empty string i.e. set iDRAC.Users.4.SHA256Password ca74e5fe75654735d3b8d04a7bdf5dcdd06f1c6c2a215171a24e5a9dcb28e7a2 set iDRAC.Users.4.SHA256PasswordSalt 4. After setting the password, the normal plain text password authentication works except that SNMP v3 and IPMI authentication fails for the iDRAC user accounts that had passwords updated with hash.
Optimizing system performance and power consumption The power required to cool a server can contribute a significant amount to the overall system power. Thermal control is the active management of system cooling through fan speed and system power management to make sure that the system is reliable while minimizing system power consumption, airflow, and system acoustic output. You can adjust the thermal control settings and optimize against the system performance and performance-per-Watt requirements.
○ ○ ○ ○ ○ Low Fan Speed — Drives fan speeds to a moderate fan speed. Medium Fan Speed — Drives fan speeds close to medium. High Fan Speed — Drives fan speeds close to full speed. Max Fan Speed — Drives fan speeds to full speed. Off — Fan speed offset is set to off. This is the default value. When set to off, the percentage does not display. The default fan speed is applied with no offset. Conversely, the maximum setting will result in all fans running at maximum speed.
Table 10. Thermal Settings Object Description Usage Example AirExhaustTemp Allows you to set the maximum air exhaust temperature limit. To check the existing setting Set to any of the following values (based on the system): on the system: ● 0 — Indicates 40°C racadm get ● 1 — Indicates 45°C system.thermalsetti ● 2 — Indicates 50°C ngs.
Table 10. Thermal Settings (continued) Object Description Usage FanSpeedHighOffsetVal ● Getting this variable reads the fan speed offset value in %PWM for High Fan Speed Offset setting. ● This value depends on the system. ● Use FanSpeedOffset object to set this value using index value 1. Values from 0-100 Example racadm get system.thermalsetti ngs FanSpeedHighOffsetV al A numerical value, for example 66, is returned.
Table 10. Thermal Settings (continued) Object Description Usage FanSpeedMediumOffsetV al ● Getting this variable reads the fan speed offset value in %PWM for Medium Fan Speed Offset setting. ● This value depends on the system. ● Use FanSpeedOffset object to set this value using index value 2 Values from 0-100 Example racadm get system.thermalsetti ngs FanSpeedMediumOffse tVal This returns a value such as “47”.
Table 10. Thermal Settings (continued) Object Description Usage Example MinimumFanSpeed ● Allows configuring the Minimum Fan speed that is required for the system to operate. ● It defines the baseline (floor) value for fan speed and system allows fans to go lower than this defined fan speed value. ● This value is %PWM value for fan speed. Values from MFSMinimumLimit to MFSMaximumLimit When get command reports 255, it means user configured offset is not applied.
Modifying PCIe airflow settings using iDRAC web interface Use the PCIe airflow settings when increased thermal margin is desired for custom high powered PCIe cards. NOTE: PCIe airflow settings is not available on MX platforms. To modify the PCIe airflow settings: 1. In the iDRAC Web interface, go to Configuration > System Settings > Hardware Settings > Cooling Configuration. The PCIe Airflow Settings page is displayed below the fan settings section. 2.
Configuring supported web browsers NOTE: For information about the supported browsers and their versions, see the Release Notes available at https:// www.dell.com/idracmanuals. Most features of iDRAC web interface can be accessed using these browsers with default settings. For certain feature to work, you must change a few settings. These settings include disabling pop-up blockers, enabling Java, ActiveX, or HTML5 plug-in support and so on.
● Include all sites that bypass the proxy server. 3. Click Advanced. 4. Add all relative domain names that will be used for iDRAC instances that is part of the SSO configuration (for example, myhost.example.com.) 5. Click Close and click OK twice. Disabling Internet Explorer Enhanced Security Configuration To ensure that you can download log files and other local elements using the web interface, it is recommended to disable Internet Explorer Enhanced Security Configuration from Windows features.
3. Configure the Web browser to use ActiveX, Java, or HTML5 plug-in. ActiveX viewer is supported only with Internet Explorer. HTML5 or a Java viewer is supported on any browser. NOTE: You need Java 8 or later to use this feature and to launch iDRAC Virtual Console over an IPv6 network. 4. Import the root certificates on the managed system to avoid the pop-ups that prompt you to verify the certificates. 5. Install the compat-libstdc++-33-3.2.3-61 related package. NOTE: On Windows, the compat-libstdc++-33-3.
NOTE: Install a 32-bit or 64-bit JRE version on a 64-bit operating system or a 32-bit JRE version on a 32-bit operating system. To configure IE to use Java plug-in: ● Disable automatic prompting for file downloads in Internet Explorer. ● Disable Enhanced Security Mode in Internet Explorer. Configuring IE to use ActiveX plug-in You must configure the IE browser settings before you start and run ActiveX based Virtual Console and Virtual Media applications.
Additional settings for Windows Vista or newer Microsoft operating systems The Internet Explorer browsers in Windows Vista or newer operating systems have an additional security feature called Protected Mode. To launch and run ActiveX applications in Internet Explorer browsers with Protected Mode: 1. Run IE as an administrator. 2. Go to Tools > Internet Options > Security > Trusted Sites. 3. Make sure that the Enable Protected Mode option is not selected for Trusted Sites zone.
1. Open the OpenSSL command prompt. 2. Run a 8 byte hash on the CA certificate that is currently in-use on the management station using the command: openssl x509 -in (name of CA cert) -noout -hash An output file is generated. For example, if the CA certificate file name is cacert.pem, the command is: openssl x509 –in cacert.pem –noout –hash The output similar to “431db322” is generated. 3. Rename the CA file to the output file name and include a “.0" extension. For example, 431db322.0. 4.
After the firmware is updated, the System Inventory page displays the updated firmware version and logs are recorded. The supported firmware image file types are: ● .exe — Windows-based Dell Update Package (DUP). You must have Control and Configure Privilege to use this image file type. ● .d9 — Contains both iDRAC and Lifecycle Controller firmware For files with .exe extension, you must have the System Control privilege. The Remote Firmware Update licensed feature and Lifecycle Controller must be enabled.
Table 12. Firmware update — supported components (continued) Component Name Firmware Rollback Supported? (Yes or No) Out-of-band — System Restart Required? In-band — System Restart Required? Lifecycle Controller GUI — Restart Required? BIOS Yes Yes Yes Yes RAID Controller Yes Yes Yes Yes BOSS Yes Yes Yes Yes NVDIMM No Yes Yes Yes Backplanes Yes Yes Yes Yes NOTE: For active backplanes, system restart is required. For passive backplanes, direct update supported only from 4.00.00.
Table 13. Firmware update — supported components for MX platforms (continued) Component Name Firmware Rollback Supported? (Yes or No) Out-of-band — System Restart Required? In-band — System Restart Required? Lifecycle Controller GUI — Restart Required? NVMe PCIe SSD drives Yes No No No SAS/SATA hard drives No Yes Yes No OS Collector No No No No * Indicates that though a system restart is not required, iDRAC must be restarted to apply the updates.
Scheduling automatic firmware updates You can create a periodic recurring schedule for iDRAC to check for new firmware updates. At the scheduled date and time, iDRAC connects to the specified destination, checks for new updates, and applies or stages all applicable updates. A log file is created on the remote server, which contains information about server access and staged firmware updates.
● To schedule the start time and frequency of the firmware update: racadm AutoUpdateScheduler create -u username –p password –l [-f catalogfilename -pu -pp -po -pt ] time < hh:mm> [-dom < 1 – 28,L,’*’> -wom <1-4,L,’*’> -dow ] -rp <1-366> a For example, ○ To automatically update firmware using a CIFS share: racadm AutoUpdateScheduler create -u admin -p pwd -l //1.2.3.4/CIFS-share –f cat.
2. Go to iDRAC Settings > Settings > CMC. The Deploy iDRAC page is displayed. 3. Click Launch iDRAC Web interface and perform iDRAC Firmware Update. Updating firmware using DUP Before you update firmware using Dell Update Package (DUP), make sure to: ● Install and enable the IPMI and managed system drivers.
the location on the FTP server where firmimg.d9 is stored. ● Using update command: racadm -r -u -p update —f For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. Updating firmware using Lifecycle Controller Remote Services For information to update the firmware using Lifecycle Controller–Remote Services, see Lifecycle Controller Remote Services Quick Start Guide available at https://www.dell.
Viewing and managing staged updates using iDRAC web interface To view the list of scheduled jobs using iDRAC web interface, go to Maintenance > Job Queue. The Job Queue page displays the status of jobs in the Lifecycle Controller job queue. For information about the displayed fields, see the iDRAC Online Help. To delete job(s), select the job(s) and click Delete. The page is refreshed and the selected job is removed from the Lifecycle Controller job queue.
The Rollback page displays the devices for which you can rollback the firmware. You can view the device name, associated devices, currently installed firmware version, and the available firmware rollback version. 2. Select one or more devices for which you want to rollback the firmware. 3. Based on the selected devices, click Install and Reboot or Install Next Reboot. If only iDRAC is selected, then click Install.
Recovering iDRAC iDRAC supports two operating system images to make sure a bootable iDRAC. In the event of an unforeseen catastrophic error and you lose both boot paths: ● iDRAC bootloader detects that there is no bootable image. ● System Health and Identify LED is flashed at ~1/2 second rate. (LED is located on the back of a rack and tower servers and on the front of a blade server.) ● Bootloader is now polling the SD card slot.
2. 3. 4. 5. 6. SCP file contains all the suppressed attributes that are needed to perform OSD. Edit / update the OSD attributes and then perform import operation. These OSD attributes are then validated by SCP orchestrator. SCP orchestrator performs the configuration and repository updates specified in SCP file. After configuration and updates are done, host OS shutdowns. NOTE: Only CIFS and NFS share is supported for hosting OS media. 7.
Secure Boot Configuration from BIOS Settings or F2 UEFI Secure Boot is a technology that eliminates a major security void that may occur during a handoff between the UEFI firmware and UEFI operating system (OS). In UEFI Secure Boot, each component in the chain is validated and authorized against a specific certificate before it is allowed to load or run. Secure Boot removes the threat and provides software identity checking at every step of the boot—Platform firmware, Option Cards, and OS BootLoader.
● To support a new driver or firmware on a server, the respective certificate must be enrolled into the DB of Secure Boot certificate store. Therefore, Secure Boot Policy must be configured to Custom. When the Secure Boot Policy is configured as Custom, it inherits the standard certificates and image digests loaded in the system by default, which you can modify. Secure Boot Policy configured as Custom allows you to perform operations such as View, Export, Import, Delete, Delete All, Reset, and Reset All.
4 Configuring iDRAC iDRAC enables you to configure iDRAC properties, set up users, and set up alerts to perform remote management tasks. Before you configure iDRAC, make sure that the iDRAC network settings and a supported browser is configured, and the required licenses are updated. For more information about the licensable feature in iDRAC, see iDRAC licenses on page 23.
• Disabling access to modify iDRAC configuration settings on host system Viewing iDRAC information You can view the basic properties of iDRAC. Viewing iDRAC information using web interface In the iDRAC Web interface, go to iDRAC Settings > Overview to view the following information related to iDRAC. For information about the properties, see iDRAC Online Help.
Viewing iDRAC information using RACADM To view iDRAC information using RACADM, see getsysinfo or get sub-command details provided in the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals . Modifying network settings After configuring the iDRAC network settings using the iDRAC Settings utility, you can also modify the settings through the iDRAC Web interface, RACADM, Lifecycle Controller, Dell Deployment Toolkit, and Server Administrator (after booting to the operating system).
Configuring IP filtering In addition to user authentication, use the following options to provide additional security while accessing iDRAC: ● IP filtering limits the IP address range of the clients accessing iDRAC. It compares the IP address of an incoming login to the specified range and allows iDRAC access only from a management station whose IP address is within the range. All other login requests are denied.
Bitwise AND of the quantities ^ Bitwise exclusive-OR Examples for IP Filtering The following RACADM commands block all IP addresses except 192.168.0.57: racadm set iDRAC.IPBlocking.RangeEnable 1 racadm set iDRAC.IPBlocking.RangeAddr 192.168.0.57 racadm set iDRAC.IPBlocking.RangeMask 255.255.255.255 To restrict logins to a set of four adjacent IP addresses (for example, 192.168.0.212 through 192.168.0.215), select all but the lowest two bits in the mask: racadm set iDRAC.IPBlocking.
● racadm set idraC.webServer.customCipherString ALL:-DHE-RSA-CAMELLIA256-SHA ● racadm set idraC.webServer.customCipherString ALL:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSAAES256-SHA256:+AES256-GCM-SHA384:-DHE-RSA-CAMELLIA256-SHA For more information about these objects, see iDRAC RACADM Command Line Interface Reference Guide available at dell.com/ idracmanuals. FIPS mode FIPS is a computer security standard that United States government agencies and contractors must use. Starting from version iDRAC 2.40.40.
Configuring services You can configure and enable the following services on iDRAC: Local Configuration Disable access to iDRAC configuration (from the host system) using Local RACADM and iDRAC Settings utility. Web Server Enable access to iDRAC web interface. If you disable the web interface, remote RACADM also gets disabled. Use local RACADM to re-enable the web server and remote RACADM.
● If you are using a third party CA to sign the iDRAC CSR, ensure that the third party CA supports the value UID for User Name field in Client certificate. If it is not supported, use Common Name as the value for User Name field. ● If you are using Username and Password fields, ensure that KMS server supports those attributes.
If a VNC session is active, you can only launch the Virtual Media using Launch Virtual Console and not the Virtual Console Viewer. If video encryption is disabled, the VNC client starts RFB handshake directly, and a SSL handshake is not required. During VNC client handshake (RFB or SSL), if another VNC session is active or if a Virtual Console session is open, the new VNC client session is rejected. After completion of the initial handshake, VNC server disables Virtual Console and allows only Virtual Media.
The format is For example, if the iDRAC IP address is 192.168.0.120 and VNC port number is 5901, then enter 192.168.0.120:5901. Configuring front panel display You can configure the front panel LCD and LED display for the managed system.
3. Specify the following: ● Access to the front panel ● LCD message string ● System power units, ambient temperature units, and error display 4. Enable or disable the virtual console indication. For information about the options, see the iDRAC Settings Utility Online Help. 5. Click Back, click Finish, and then click Yes. Configuring system ID LED setting To identify a server, enable or disable System ID LED blinking on the managed system.
For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. NOTE: iDRAC syncs the time with the host (local time). Hence it is recommended to configure both iDRAC and host with the same time zone so that the time sync is proper. If you want to change a time zone, you need to change it on both host and iDRAC and then the host needs to reboot. Setting first boot device You can set the first boot device for the next boot only or for all subsequent reboots.
2. In the Virtual Console Viewer, from the Next Boot menu, set the required device as the first boot device. Enabling last crash screen To troubleshoot the cause of a crash on the managed system, you can capture the system crash image using iDRAC. NOTE: For information about Server Administrator, see the OpenManage Installation Guide available at https:// www.dell.com/openmanagemanuals. The host system should have Windows Operating system to use this feature.
NOTE: Do not use 169.254.0.3 and 169.254.0.4 IP addresses. These IP addresses are reserved for the USB NIC port on the front panel when an A/A cable is used. NOTE: iDRAC may not be accessible from the host server using LOM-Passthrough when NIC teaming is enabled. Then, iDRAC can be accessed from the host server OS using the iDRAC USB NIC or through the external network, via the iDRAC dedicated NIC.
Reboot Required: true VIBs Installed: Dell_bootbank_iDRAC_USB_NIC_1.0.0-799733X03 VIBs Removed: VIBs Skipped: 3. Reboot the server. 4. At the ESXi prompt, run the command: esxcfg-vmknic –l. The output displays the usb0 entry. Enabling or disabling OS to iDRAC Pass-through using web interface To enable OS to iDRAC Pass-through using Web interface: 1. Go to iDRAC Settings > Connectivity > Network > OS to iDRAC Pass-through. The OS to iDRAC Pass-through page is displayed. 2. Change the State to Enabled. 3.
Enabling or disabling OS to iDRAC Pass-through using iDRAC settings utility To enable or disable OS to iDRAC Pass-through using iDRAC Settings Utility: 1. In the iDRAC Settings utility, go to Communications Permissions. The iDRAC Settings.Communications Permissions page is displayed. 2. Select any of the following options to enable OS to iDRAC pass-through: ● LOM — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the LOM or NDC.
Table 16. Types of certificate based on login type (continued) Login Type Certificate Type How to Obtain Active Directory user login Trusted CA certificate This certificate is issued by a CA. SHA-2 certificates are also supported. Local User login SSL Certificate Generate a CSR and get it signed from a trusted CA NOTE: iDRAC ships with a default self-signed SSL server certificate. The iDRAC Web server, Virtual Media, and Virtual Console use this certificate. SHA-2 certificates are also supported.
Generating a new certificate signing request A CSR is a digital request to a Certificate Authority (CA) for a SSL server certificate. SSL server certificates allow clients of the server to trust the identity of the server and to negotiate an encrypted session with the server. After the CA receives a CSR, they review and verify the information the CSR contains.
Uploading server certificate After generating a CSR, you can upload the signed SSL server certificate to the iDRAC firmware. iDRAC must be reset to apply the certificate. iDRAC accepts only X509, Base 64 encoded Web server certificates. SHA-2 certificates are also supported. CAUTION: During reset, iDRAC is not available for a few minutes. Uploading server certificate using web interface To upload the SSL server certificate: 1.
Uploading custom signing certificate using web interface To upload the custom signing certificate using iDRAC web interface: 1. Go to iDRAC Settings > Connectivity > SSL. The SSL page is displayed. 2. Under Custom SSL Certificate Signing Certificate, click Upload Signing Certificate. The Upload Custom SSL Certificate Signing Certificate page is displayed. 3. Click Choose File and select the custom SSL certificate signing certificate file.
3. A pop-up message is displayed asking you to reset iDRAC immediately or at a later time. Click Reset iDRAC or Reset iDRAC Later as required. After iDRAC resets, a new self-signed certificate is generated. Deleting custom SSL certificate signing certificate using RACADM To delete the custom SSL certificate signing certificate using RACADM, use the sslcertdelete subcommand. Then, use the racreset command to reset iDRAC. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.
Disabling access to modify iDRAC configuration settings on host system You can disable access to modify the iDRAC configuration settings through Local RACADM or iDRAC Settings utility. However, you can view these configuration settings. To do this: 1. In iDRAC Web interface, go to iDRAC Settings > Services > Local Configurations. 2.
5 Delegated Authorization using OAuth 2.0 The Delegated Authorization feature allows a user or console to access iDRAC API using OAuth 2.0 JSON Web Tokens (JWT) that the user or console first obtains from an Authorization Server. Once an OAuth JWT has been retrieved, the user or console may use it to invoke iDRAC API. This circumvents the need for specifying username and password to access the API. NOTE: This feature is only available for DataCenter license.
6 Viewing iDRAC and managed system information You can view iDRAC and managed system health and properties, hardware and firmware inventory, sensor health, storage devices, network devices, and view and terminate user sessions. For blade servers, you can also view the Flex Address or Remote-Assigned Address (applicable only for MX platforms) .
Viewing system inventory You can view information about the hardware and firmware components installed on the managed system. To do this, in iDRAC web interface, go to System > Inventories. For information about the displayed properties, see the iDRAC Online Help.
Viewing sensor information The following sensors help to monitor the health of the managed system: ● Batteries — Provides information about the batteries on the system board CMOS and storage RAID On Motherboard (ROMB). NOTE: The Storage ROMB battery settings are available only if the system has a ROMB with a battery. ● Fan (available only for rack and tower servers) — Provides information about the system fans — fan redundancy and fans list that display fan speed and threshold values.
Table 17.
● System Level CUPS Index — The CUPS index is calculated by aggregating CPU, Memory, and I/O index considering a predefined load factor of each system resource. The load factor depends on the nature of the workload on the system. CUPS Index represents the measurement of the compute headroom available on the server. If the system has a large CUPS Index, then there is limited headroom to place more workload on that system. As the resource consumption decreases, the system’s CUPS index decreases.
● To read the configurations of Idle Server Configuration parameters, you need Login privilege and to modify the parameters you need iDRAC Configure privilege. To view or modify the parameters, navigate to Configuration > System Settings. Idle server detection is reported based on following parameters: ● Idle Server Threshold (%) - This is set to 20% by default and can be configured from 0 to 50%. The reset operation sets the threshold to 20%.
GPU has to be in ready state before the command fetches the data. GPUStatus field in Inventory shows the availability of the GPU and whether GPU device is responding or not. If the GPU status is ready, GPUStatus shows OK, otherwise the status shows Unavailable. The GPU offers multiple health parameters which can be pulled through the SMBPB interface of the NVIDIA controllers. This feature is limited only to NVIDIA cards.
Viewing historical temperature data You can monitor the percentage of time the system has operated at ambient temperature that is greater than the normally supported fresh air temperature threshold. The system board temperature sensor reading is collected over a period of time to monitor the temperature. The data collection starts when the system is first powered on after it is shipped from the factory. The data is collected and displayed for the duration when the system is powered on.
Configuring warning threshold for inlet temperature You can modify the minimum and maximum warning threshold values for the system board inlet temperature sensor. If reset to default action is performed, the temperature thresholds are set to the default values. You must have Configure user privilege to set the warning threshold values for the inlet temperature sensor. Configuring warning threshold for inlet temperature using web interface To configure warning threshold for inlet temperature: 1.
NOTE: For the ESXi host OS in the iDRAC Service Module v2.3.0 or later, the Description column in the Additional Details list is displayed in the following format: // Viewing network interfaces available on host OS using RACADM Use the gethostnetworkinterfaces command to view the network interfaces available on the host operating systems using RACADM. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.
The Sessions page displays the session ID, username, IP address, and session type. For more information about these properties, see the iDRAC Online Help. 2. To terminate the session, under the Terminate column, click the Trashcan icon for a session. Terminating iDRAC sessions using RACADM You must have administrator privileges to terminate iDRAC sessions using RACADM. To view the current user sessions, use the getssninfo command. To terminate a user session, use the closessn command.
7 Setting up iDRAC communication You can communicate with iDRAC using any of the following modes: ● iDRAC Web Interface ● Serial connection using DB9 cable (RAC serial or IPMI serial) — For rack and tower servers only ● IPMI Serial Over LAN ● IPMI Over LAN ● Remote RACADM ● Local RACADM ● Remote Services NOTE: To ensure that Local RACADM import or export commands work properly, ensure that the USB mass-storage host is enabled in the operating system.
• • • • • • Enabling or disabling remote RACADM Disabling local RACADM Enabling IPMI on managed system Configuring Linux for serial console during boot in RHEL 6 Configuring serial terminal in RHEL 7 Supported SSH cryptography schemes Communicating with iDRAC through serial connection using DB9 cable You can use any of the following communication methods to perform systems management tasks through serial connection to rack and tower servers: ● RAC Serial ● IPMI Serial — Direct Connect Basic mode and Direc
NOTE: This is applicable only for iDRAC on rack and tower servers. Enabling RAC serial connection using web interface To enable RAC serial connection: 1. In the iDRAC Web interface, go to iDRAC Settings > Network > Serial. The Serial page is displayed. 2. Under RAC Serial, select Enabled and specify the values for the attributes. 3. Click Apply. The RAC serial settings are configured.
n=1 — Basic Mode Enabling serial connection IPMI serial settings using RACADM 1. Change the IPMI serial-connection mode to the appropriate setting using the command. racadm set iDRAC.Serial.Enable 0 2. Set the IPMI Serial baud rate using the command. racadm set iDRAC.IPMISerial.BaudRate Parameter Allowed values (in bps) 9600, 19200, 57600, and 115200. 3. Enable the IPMI serial hardware flow control using the command. racadm set iDRAC.IPMISerial.FlowContro 1 4.
5. Click Apply. The terminal mode settings are configured. 6. Make sure that the serial MUX (external serial connector) is set correctly to the remote access device in the BIOS Setup program to configure BIOS for serial connection. Configuring additional settings for IPMI serial terminal mode using RACADM To configure the Terminal Mode settings, use the set command with the objects in the idrac.ipmiserial group. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.
● Serial Communication — On With Console Redirection ● Serial Port Address — COM2. NOTE: You can set the serial communication field to On with serial redirection via com1 if serial device2 in the serial port address field is also set to com1. ● External serial connector — Serial device 2 ● Failsafe Baud Rate — 115200 ● Remote Terminal Type — VT100/VT220 ● Redirection After Boot — Enabled 5. Click Back and then click Finish. 6. Click Yes to save the changes. 7. Press to exit System Setup.
NOTE: To activate IPMI SOL, you must have the minimum privilege defined in IMPI SOL. For more information, see the IPMI 2.0 specification. 3. Update the IPMI SOL baud rate using the command. racadm set iDRAC.IPMISol.BaudRate NOTE: To redirect the serial console over LAN, make sure that the SOL baud rate is identical to the managed system’s baud rate. Parameter Allowed values (in bps) 9600, 19200, 57600, and 115200. 4. Enable SOL for each user using the command. racadm set iDRAC.
The RMCP+ uses a 40-character hexadecimal string (characters 0-9, a-f, and A-F) encryption key for authentication. The default value is a string of 40 zeros. An RMCP+ connection to iDRAC must be encrypted using the encryption key (Key Generator Key). You can configure the encryption key using the iDRAC web interface or iDRAC Settings utility. To start SOL session using IPMItool from a management station: NOTE: If required, you can change the default SOL time-out at iDRAC Settings > Services. 1.
from the serial port of the managed system. The serial port usually attaches to a shell that emulates an ANSI- or VT100/ VT220–terminal. The serial console is automatically redirected to the SSH. Using SOL from PuTTY on Windows NOTE: If required, you can change the default SSH time-out at iDRAC Settings > Services. To start IPMI SOL from PuTTY on a Windows management station: 1. Run the following command to connect to iDRAC putty.
Disconnecting SOL session in iDRAC command line console The commands to disconnect a SOL session are based on the utility. You can exit the utility only when a SOL session is completely terminated. To disconnect a SOL session, terminate the SOL session from the iDRAC command line console. ● To quit SOL redirection, press Enter, Esc, T. The SOL session closes. If a SOL session is not terminated completely in the utility, other SOL sessions may not be available.
Parameter Privilege level = 2 User = 3 Operator = 4 Administrator 3. Set the IPMI LAN channel encryption key ,if required. racadm set iDRAC.IPMILan.EncryptionKey Parameter Description 20-character encryption key in a valid hexadecimal format. NOTE: The iDRAC IPMI supports the RMCP+ protocol. For more information, see the IPMI 2.0 specifications at intel.com.
Configuring Linux for serial console during boot in RHEL 6 The following steps are specific to the Linux GRand Unified Bootloader (GRUB). Similar changes are required if a different boot loader is used. NOTE: When you configure the client VT100 emulation window, set the window or application that is displaying the redirected Virtual Console to 25 rows x 80 columns to make sure the correct text displays. Else, some text screens may be garbled. Edit the /etc/grub.conf file as follows: 1.
co:2345:respawn:/sbin/agetty -h -L 57600 ttyS1 ansi The following example shows a sample file with the new line. #inittab This file describes how the INIT process should set up #the system in a certain run-level. #Author:Miquel van Smoorenburg #Modified for RHS Linux by Marc Ewing and Donnie Barnes #Default runlevel.
vc/10 vc/11 tty1 tty2 tty3 tty4 tty5 tty6 tty7 tty8 tty9 tty10 tty11 ttyS1 Configuring serial terminal in RHEL 7 To configure serial terminal in RHEL 7: 1.
To configure GRUB to use serial console, comment out the splash image and add the serial and terminal options to grub.conf : [root@localhost ~]# cat /boot/grub/grub.conf # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/hda2 # initrd /initrd-version.
Table 19. SSH cryptography schemes (continued) Scheme Type Algorithms diffie-hellman-group14-sha1 Encryption chacha20-poly1305@openssh.com aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com MAC hmac-sha1 hmac-ripemd160 umac-64@openssh.com Compression None NOTE: If you enable OpenSSH 7.0 or later, DSA public key support is disabled. To ensure better security for iDRAC, Dell recommends not enabling DSA public key support.
Generating public keys for Linux To use the ssh-keygen application to create the basic key, open a terminal window and at the shell prompt, enter ssh-keygen –t rsa –b 2048 –C testing where: ● -t is rsa. ● –b specifies the bit encryption size between 2048 and 4096. ● –C allows modifying the public key comment and is optional. NOTE: The options are case-sensitive. Follow the instructions. After the command executes, upload the public file.
Viewing SSH keys You can view the keys that are uploaded to iDRAC. Viewing SSH keys using web interface To view the SSH keys: 1. In Web interface, go to iDRAC Settings > Users. The Local Users page is displayed. 2. In the User ID column, click a user ID number. The Users Main Menu page is displayed. 3. Under SSH Key Configurations, select View/Remove SSH Key(s) and click Next. The View/Remove SSH Key(s) page is displayed with the key details.
8 Configuring user accounts and privileges You can setup user accounts with specific privileges (role-based authority) to manage your system using iDRAC and maintain system security. By default iDRAC is configured with a local administrator account. The default iDRAC user name and password are provided with the system badge. As an administrator, you can setup user accounts to allow other users to access iDRAC. For more information see the documentation for the server.
Table 21. iDRAC user privileges (continued) Current Generation Prior Generation Description System Control Control and configure system Allows power cycling the host system. Access Virtual Console Access Virtual Console Redirection (for blade servers) Enables the user to run Virtual Console. Access Virtual Console (for rack and tower servers) Access Virtual Media Access Virtual Media Enables the user to run and use Virtual Media.
Configuring local users You can configure up to 16 local users in iDRAC with specific access permissions. Before you create an iDRAC user, verify if any current users exist. You can set user names, passwords, and roles with the privileges for these users. The user names and passwords can be changed using any of the iDRAC secured interfaces (that is, web interface, RACADM or WSMan). You can also enable or disable SNMPv3 authentication for each user.
and view or edit the myfile.cfg file, which includes all iDRAC configuration parameters. To enable SNMP v3 authentication for a user, use SNMPv3AuthenticationType, SNMPv3Enable, SNMPv3PrivacyType objects. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. If you use the Server Configuration Profile file to configure users, use the AuthenticationProtocol, ProtocolEnable, and PrivacyProtocol attributes to enable SNMPv3 authentication.
Configuring Active Directory users If your company uses the Microsoft Active Directory software, you can configure the software to provide access to iDRAC, allowing you to add and control iDRAC user privileges to your existing users in your directory service. This is a licensed feature. You can configure user authentication through Active Directory to log in to the iDRAC. You can also provide role-based authority, which enables an administrator to configure specific privileges for each user.
10. Locate and right-click the root CA certificate, select All Tasks, and click Export.... 11. In the Certificate Export Wizard, click Next, and select No do not export the private key. 12. Click Next and select Base-64 encoded X.509 (.cer) as the format. 13. Click Next and save the certificate to a directory on your system. 14. Upload the certificate you saved in step 13 to iDRAC. Importing iDRAC firmware SSL certificate iDRAC SSL certificate is the identical certificate used for iDRAC Web server.
Figure 1. Configuration of iDRAC with active directory standard schema In Active Directory, a standard group object is used as a role group. A user who has iDRAC access is a member of the role group. To give this user access to a specific iDRAC, the role group name and its domain name need to be configured on the specific iDRAC. The role and the privilege level are defined on each iDRAC and not in the Active Directory. You can configure up to 15 role groups in each iDRAC.
Configuring Standard schema Active Directory Before configuring the standard schema Active Directory, ensure that: ● You have the iDRAC enterprise license. ● The configuration is performed on a server that is used as the Domain Controller. ● The dat, time and time zone on the server are correct. ● The iDRAC network settings are configured, or in iDRAC web interface go to iDRAC Settings > Connectivity > Network > Common Settings to configure the network settings.
address of racadm set address of racadm set address of racadm set address of racadm set address of racadm set address of the domain controller> iDRAC.ActiveDirectory.DomainController2 iDRAC.ActiveDirectory.DomainController3 iDRAC.ActiveDirectory.GlobalCatalog1 iDRAC.ActiveDirectory.
Best practices for extended schema The extended schema uses Dell association objects to join iDRAC and permission. This allows you to use iDRAC based on the overall permissions granted. The default Access Control List (ACL) of Dell Association objects allows Self and Domain Administrators to manage the permissions and scope of iDRAC objects. By default, the Dell Association objects do not inherit all permissions from the parent Active Directory objects.
Figure 2. Typical setup for active directory objects You can create as many or as few association objects as required. However, you must create at least one Association Object, and you must have one iDRAC Device Object for each iDRAC device on the network that you want to integrate with Active Directory for Authentication and Authorization with iDRAC. The Association Object allows for as many or as few users and/or groups as well as iDRAC Device Objects.
The figure shows two Association Objects—A01 and A02. User1 is associated to iDRAC2 through both association objects. Extended Schema Authentication accumulates privileges to allow the user the maximum set of privileges possible considering the assigned privileges of the different privilege objects associated to the same user. In this example, User1 has both Priv1 and Priv2 privileges on iDRAC2. User1 has Priv1 privileges on iDRAC1 only. User2 has Priv1 privileges on both iDRAC1 and iDRAC2.
Classes and attributes Table 25. Class definitions for classes added to the active directory schema Class Name Assigned Object Identification Number (OID) delliDRACDevice 1.2.840.113556.1.8000.1280.1.7.1.1 delliDRACAssociation 1.2.840.113556.1.8000.1280.1.7.1.2 dellRAC4Privileges 1.2.840.113556.1.8000.1280.1.1.1.3 dellPrivileges 1.2.840.113556.1.8000.1280.1.1.1.4 dellProduct 1.2.840.113556.1.8000.1280.1.1.1.5 Table 26. DelliDRACdevice class OID 1.2.840.113556.1.8000.1280.1.7.1.
Table 28. dellRAC4Privileges class (continued) OID 1.2.840.113556.1.8000.1280.1.1.1.3 dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 29. dellPrivileges class OID 1.2.840.113556.1.8000.1280.1.1.1.4 Description Used as a container Class for the Dell Privileges (Authorization Rights). Class Type Structural Class SuperClasses User Attributes dellRAC4Privileges Table 30. dellProduct class OID 1.2.840.
Table 31. List of attributes added to the active directory schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued TRUE if the user has Card Configuration rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsUserConfigAdmin 1.2.840.113556.1.8000.1280.1.1.2.5 TRUE if the user has User Configuration rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) delIsLogClearAdmin 1.2.840.113556.1.8000.1280.1.1.2.
Installing Dell extension to the Active Directory users and computers snap-in When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers Snap-in so the administrator can manage iDRAC devices, users and user groups, iDRAC associations, and iDRAC privileges.
Providing user access privileges for association objects To provide access privileges to the authenticated users for accessing the created association objects: 1. Go to Administrative Tools > ADSI Edit. The ADSI Edit window is displayed. 2. In the right-pane, navigate to the created association object, right-click and select Properties. 3. In the Security tab, click Add. 4. Type Authenticated Users, click Check Names, and click OK. The authenticated users is added to the list of Groups and user names. 5.
3. Click Next. The Active Directory Configuration and Management Step 2 of 4 page is displayed. 4. Specify the location information about Active Directory (AD) servers and user accounts. Also, specify the time iDRAC must wait for responses from AD during login process. NOTE: ● If certificate validation is enabled, specify the Domain Controller Server addresses and the FQDN.
3. If DHCP is disabled in iDRAC or you want to manually input your DNS IP address, enter the following command: racadm set iDRAC.IPv4.DNSFromDHCP 0 racadm set iDRAC.IPv4.DNSFromDHCP.DNS1 racadm set iDRAC.IPv4.DNSFromDHCP.DNS2 4. If you want to configure a list of user domains so that you only need to enter the user name during log in to iDRAC web interface, use the following command: racadm set iDRAC.UserDomain..
Configuring generic LDAP directory service using iDRAC webbased interface To configure the generic LDAP directory service using Web interface: NOTE: For information about the various fields, see the iDRAC Online Help. 1. In the iDRAC Web interface, go to iDRAC Settings > Users > Directory Services > Generic LDAP Directory Service, click Edit. The Generic LDAP Configuration and Management Step 1 of 3 page displays the current generic LDAP settings. 2.
NOTE: When testing LDAP settings with Enable Certificate Validation checked, iDRAC requires that the LDAP server be identified by the FQDN and not an IP address. If the LDAP server is identified by an IP address, certificate validation fails because iDRAC is not able to communicate with the LDAP server. NOTE: When generic LDAP is enabled, iDRAC first tries to login the user as a directory user. If it fails, local user lookup is enabled. The test results and the test log are displayed.
9 System Configuration Lockdown mode System Configuration Lockdown mode helps in preventing unintended changes after a system is provisioned. Lockdown mode is applicable to both configuration and firmware updates. When the system is locked down, any attempt to change the system configuration is blocked. If any attempts are made to change the critical system settings, an error message is displayed. Enabling System lockdown mode blocks the firmware update of third party I/O cards using the vendor tools.
Table 32. Items affected by Lockdown mode Disabled Remains functional ● All Vendor tools that have direct access to the device ● NVMe ○ DTK-RAIDCFG ○ F2/Ctrl+R ● BOSS-S1 ○ Marvell CLI ○ F2/Ctrl+R ● ISM/OMSA settings (OS BMC enable, watchdog ping, OS name, OS version) NOTE: When lockdown mode is enabled, OpenID Connect login option is not displayed in iDRAC login page.
10 Configuring iDRAC for Single Sign-On or smart card login This section provides information to configure iDRAC for Smart Card login (for local users and Active Directory users), and Single Sign-On (SSO) login (for Active Directory users.) SSO and smart card login are licensed features. iDRAC supports Kerberos based Active Directory authentication to support Smart Card and SSO logins. For information on Kerberos, see the Microsoft website.
Creating Active Directory objects and providing privileges Logging in to Active Directory Standard schema based SSO Perform the following steps for Active Directory Standard schema based SSO login: 1. Create a User Group. 2. Create a User for Standard schema. NOTE: Use the existing AD User Group & AD User. Logging in to Active Directory Extended schema based SSO Perform the following steps for Active Directory Extended schema based SSO login: 1.
Generating Kerberos keytab file To support the SSO and smart card login authentication, iDRAC supports the configuration to enable itself as a kerberized service on a Windows Kerberos network. The Kerberos configuration on iDRAC involves the same steps as configuring a non– Windows Server Kerberos service as a security principal in Windows Server Active Directory.
Management Station Settings Perform the following steps after configuring SSO login for Active Directory users: 1. Set the DNS Server IP in Network properties and mention the preferred DNS Server IP. 2. Go to My Computer and add the *domain.tld domain. 3. Add the Active Directory User to Administrator by navigating to: My Computer > Manage > Local User and Groups > Groups > Administrator and add the Active Directory User. 4. Logoff the system and login using the Active Directory User credential. 5.
Configuring Smart Card Login NOTE: For Active Directory Smart Card Configuration, iDRAC must be configured either with Standard or Extended Schema SSO Login. Configuring iDRAC smart card login for Active Directory users Before configuring iDRAC Smart Card login for Active Directory users, make sure that you have completed the required prerequisites. To configure iDRAC for smart card login: 1.
6. Click Advanced Certificate Request. 7. Click Request a certificate for a smart card on behalf of another user by using the smart card certificate enrollment station. 8. Select user to enroll by clicking Select User button. 9. Click Enroll and enter the smart card credential. 10. Enter the smart card PIN and click on Submit. Uploading trusted CA certificate for smart card Before you upload the CA certificate, make sure that you have a CA-signed certificate.
11 Configuring iDRAC to send alerts You can set alerts and actions for certain events that occur on the managed system. An event occurs when the status of a system component is greater than the pre-defined condition. If an event matches an event filter and you have configured this filter to generate an alert (e-mail, SNMP trap, IPMI alert, remote system logs, Redfish event, or WS events), then an alert is sent to one or more configured destinations.
2. Under Quick Alert Configuration section: ● Select the alert category. ● Select the issue severity notification. ● Select the location where you would like to receive these notifications. 3. Click Apply to save the setting. NOTE: You must select at least one category, one severity, and one destination type to apply the configuration. All the alerts that are configured are displayed in total under Alerts Configuration Summary.
● Informational ● Warning ● Critical 4. Click Apply. The Alert Results section displays the results based on the selected category and severity. Filtering alerts using RACADM To filter the alerts, use the eventfilters command. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals.
Setting alert recurrence events using iDRAC web interface To set the alert recurrence value: 1. In iDRAC Web interface, go to Configuration > System Settings > Alert Recurrence. 2. In the Recurrence column, enter the alert frequency value for the required category, alert, and severity type(s). For more information, see the iDRAC Online help. 3. Click Apply. The alert recurrence settings are saved.
Configuring IP alert destinations using web interface To configure alert destination settings using Web interface: 1. In iDRAC Web interface, go to Configuration > System Settings > SNMP and E-mail Settings. 2. Select the State option to enable an alert destination (IPv4 address, IPv6 address, or Fully Qualified Domain Name (FQDN)) to receive the traps. You can specify up to eight destination addresses. For more information about the options, see the iDRAC Online Help. 3.
● Set the SNMP trap destination for SNMPv3: racadm set idrac.SNMP.Alert..DestAddr ● Set SNMPv3 users for trap destinations: racadm set idrac.SNMP.Alert..SNMPv3Username ● Enable SNMPv3 for a user: racadm set idrac.users..SNMPv3Enable Enabled 5. To test the trap, if required: racadm testtrap -i For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals.
○ No Encryption — port 25 (default) ○ SSL — Port 465 ● Connection Encryption — When you do not have an email server in your premises, you can use cloud based email servers or SMTP Relays. To configure cloud email server, you can set this feature to any of the following values from the drop down: ○ None — No encryption on the connection to the SMTP server. It is the default value. ○ SSL — Runs SMTP protocol over SSL NOTE: ○ This feature is not configurable via Group Manager.
Parameter Description custom-message Custom message 5. To test the configured email alert, if required: racadm testemail -i [index] Parameter Description index Email destination index to be tested. Allowed values are 1 through 4. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. Configuring SMTP email server address settings You must configure the SMTP server address for email alerts to be sent to specified destinations.
Monitoring chassis events On the PowerEdge FX2/FX2s chassis, you can enable the Chassis Management and Monitoring setting in iDRAC to perform chassis management and monitoring tasks such as monitoring chassis components, configuring alerts, using iDRAC RACADM to pass CMC RACADM commands, and updating the chassis management firmware. This setting allows you to manage the servers in the chassis even if the CMC is not on the network. You can set the value to Disabled to forward the chassis events.
Table 33.
Table 33.
Table 33.
12 iDRAC 9 Group Manager Group Manager enables user to have multiple console experience and offers simplified basic iDRAC management. iDRAC Group Manager feature is available for Dell's 14th generation servers to offer simplified basic management of iDRACs and associated servers on the local network using the iDRAC GUI. Group Manager allows 1XMany console experience without involving a separate application.
Once the group manager feature is enabled, that iDRAC allows you the option to create or join an iDRAC local group. More than one iDRAC group can be setup in the local network but an individual iDRAC can only be a member of one group at a time. To change group (join a new group) the iDRAC must first leave its current group and then join the new group. The iDRAC from where the group was created gets chosen as the primary controller of the group by default.
Group Manager uses mDNS to discover other iDRACs on the network and sends encrypted packets for normal inventorying, monitoring and management of the group using the link local IP address. Using IPv6 link local networking means that the Group Manager ports and packets will never leave the local network or be accessible to external networks.
Change User Password Use this section to change the password information for the user. You can see the Users detail with the User Name, Role and Domain information for individual user. A group job would be created to change the user password on all the servers in that group. The status of group job can be found at GroupManager > Jobs page. If user already exists then the password can be updated.
● ● ● ● ● ● ● ● ● ● ● ● ● ● Model iDRAC Firmware Version Last Status Update Express Service Code iDRAC Connectivity Power State Operating System Service Tag Node ID iDRAC DNS Name BIOS Version CPU Details System Memory(MB) Location Details NOTE: In case, you are using Internet Explorer, disable the Enhanced Security settings to successfully download the csv file.
Table 39. Jobs View Option Description Status Shows the job's status and the state of the ongoing job. Job Displays the Job's name. ID Displays the Job's ID. Start Time Displays the start time. End Time Displays the end time. Actions ● Cancel — A scheduled job can be cancelled, before it moves to running state. A running job can be stopped by using the stop button. ● Rerun — Allows the user to rerun the job in case the job is in failure state.
Group Information Panel Group Information panel in the top right of group manager summary view shows a consolidated group summary. Current group configuration can be edited from the Group Settings page accessible by clicking Group Settings button. It shows how many systems are there in the group. It also provides the information about the Primary and the Secondary controller of the Group. Group Settings Group settings page provides a listing of selected group attributes. Table 40.
Table 42. Actions on a selected Server (continued) Option Description Virtual Console Launches Virtual Console with single sign on a new browser window. NOTE: Disable Popup blocker from the browser to use this functionality. Group Manager Single Sign On All iDRACs in the group trust each other based on the shared passcode secret and shared group name.
13 Managing logs iDRAC provides Lifecycle log that contains events related to system, storage devices, network devices, firmware updates, configuration changes, license messages, and so on. However, the system events are also available as a separate log called System Event Log (SEL). The lifecycle log is accessible through iDRAC Web interface, RACADM, and WSMan interface. When the size of the lifecycle log reaches 800 KB, the logs are compressed and archived.
Viewing System Event Log using iDRAC settings utility You can view the total number of records in the System Event Log (SEL) using the iDRAC Settings Utility and clear the logs. To do this: 1. In the iDRAC Settings Utility, go to System Event Log. The iDRAC Settings.System Event Log displays the Total Number of Records. 2. To clear the records, select Yes. Else, select No. 3. To view the system events, click Display System Event Log. 4. Click Back, click Finish, and then click Yes.
● ● ● ● Select the Log Type from the drop-down list. Select the severity level from the Severity drop-down list. Enter a keyword. Specify the date range. 2. Click Apply. The filtered log entries are displayed in Log Results. Adding comments to Lifecycle logs To add comments to the Lifecycle logs: 1. In the Lifecycle Log page, click the + icon for the required log entry. The Message ID details are displayed. 2. Enter the comments for the log entry in the Comment box.
1. In the iDRAC Web interface, go to Dashboard > Notes > add note. The Work Notes page is displayed. 2. Under Work Notes, enter the text in the blank text box. NOTE: It is recommended not to use too many special characters. 3. Click Save. The work note is added to the log. For more information, see the iDRAC Online Help. Configuring remote system logging You can send lifecycle logs to a remote system. Before doing this, make sure that: ● There is network connectivity between iDRAC and the remote system.
14 Monitoring and managing power in iDRAC You can use iDRAC to monitor and manage the power requirements of the managed system. This helps to protect the system from power outages by appropriately distributing and regulating the power consumption on the system. The key features are: ● Power Monitoring — View the power status, history of power measurements, the current averages, peaks, and so on for the managed system.
○ You can reset the peak utilization for a particular sensor. Click Reset Historical Peak. You must have Configure privilege to reset the peak value. ● Performance Metrics section: ○ Displays status and present reading ○ Displays or specifies the warning threshold utilization limit. You must have server configure privilege to set the threshold values. For information about the displayed properties, see the iDRAC Online Help.
Executing power control operations using web interface To perform power control operations: 1. In iDRAC web interface, go to Configuration > Power Management > Power Control. The Power Control options are displayed. 2. Select the required power operation: ● ● ● ● ● ● Power On System Power Off System NMI (Non-Masking Interrupt) Graceful Shutdown Reset System (warm boot) Power Cycle System (cold boot) 3. Click Apply. For more information, see the iDRAC Online Help.
When setting the power cap threshold in BTU/hr, the conversion to Watts is rounded off to the nearest integer. When the power cap threshold are read from the system, the Watts to BTU/hr conversion is also rounded off. Because of the rounding off, the actual values may slightly differ. Configuring power cap policy using web interface To view and configure the power policies: 1. In iDRAC Web interface, go to Configuration > Power Management > Power Cap Policy.
Configuring power supply options using web interface To configure the power supply options: 1. In iDRAC Web interface, go to Configuration > Power Management > Power Configuration. 2. Under Power Redundancy Policy, select the required options. For more information, see iDRAC Online Help. 3. Click Apply. The power supply options are configured. Configuring power supply options using RACADM To ● ● ● ● configure the power supply options, use the following objects with the get/set command: System.Power.
● Using fan zone mapping, cooling can be initiated for the components when it requires. Thus, it results maximum performance without compromising the efficiency of power utilization. ● Accurate representation of slot by slot PCIe airflow in terms of LFM metric (Linear Feet per Minute - an accepted industry standard on how PCIe card airflow requirement is specified). Display of this metric in various iDRAC interfaces allows user to: 1. know the maximum LFM capability of each slot within the server. 2.
15 iDRAC Direct Updates iDRAC provides out of band ability to update the firmware of various components of a PowerEdge server. iDRAC direct update helps in eliminating staged jobs during updates. iDRAC used to have staged updates to initiate firmware update of the components. From this release, Direct updates have been applied to PSU and Backplane. With the use of Direct Updates and Backplane can have quicker updates.
16 Inventorying, monitoring, and configuring network devices You can inventory, monitor, and configure the following network devices: ● Network Interface Cards (NICs) ● Converged Network Adapters (CNAs) ● LAN On Motherboards (LOMs) ● Network Daughter Cards (NDCs) ● Mezzanine cards (only for blade servers) Before you disable NPAR or an individual partition on CNA devices, ensure that you clear all I/O identity attributes (Example: IP address, virtual addresses, initiator, and storage targets) and partition-l
Connection View Manually checking and troubleshooting the servers’ networking connections is unmanageable in a datacenter environment. iDRAC9 streamlines the job with iDRAC Connection View. This feature allows you to remotely check and troubleshoot network connections from the same centralized GUI that you are using for deploying, updating, monitoring, and maintaining the servers.
Refresh Connection View Use Refresh Connection View to get the latest information of Switch Connection ID and Switch Port Connection ID. NOTE: If iDRAC has switch connection and switch port connection information for server network port or iDRAC network port and due to some reason, the switch connection and switch port connection information is not refreshed for 5min, then the switch connection and switch port connection information is shown as stale (last known good data) data for all user interfaces.
Inventorying and monitoring FC HBA devices You can remotely monitor the health and view the inventory of the Fibre Channel Host Bus Adapters (FC HBA) devices in the managed system. The Emulex and QLogic FC HBAs are supported. For each FC HBA device, you can view the following information for the ports: ● Link Status and Information ● Port Properties ● Receive and Transmit Statistics NOTE: Emulex FC8 HBAs are not supported.
Monitoring SFP Transceiver devices using web interface To view theSFP Transceiver device information using Web interface, go to System > Overview > Network Devices and click on particular device. For more information about the displayed properties, see iDRAC Online Help. The page name also displays the slot number where the transceiver device is available under Port statistics.
● StorageSensor data is reported only for the drives in Ready / Online / Non-RAID mode and not behind the BOSS controller. ● NVMeSMARTData is only supported for SSD (PCIeSSD / NVMe Express) drives with PCIe bus protocol (not behind SWRAID). ● GPGPUStatistics data is only available in specific GPGPU models that support ECC memory capability. ● PSUMetrics is not available on modular platforms. ● Fan Power and PCIe Power Metrics may be displayed as 0 for some platforms.
NOTE: ● This attribute is persistent over iDRAC reboot. ● Firmware reset to default will disable this feature. ● While Serial Data capture is enabled, the buffer keeps getting appended with recent data. If user disables Serial capture and enables it again, iDRAC starts appending from last update. The System serial data capture starts when user enables the serial data capture flag from any of the interfaces.
Table 43.
Table 43. Supported cards for I/O Identity Optimization (continued) Manufacturer Type ● ● ● ● ● ● ● ● LPe31000-M6-SP PCIe FC16 LPe31002-M6-D DP PCIe FC16 LPe32000-M2-D SP PCIe FC32 LPe32002-M2-D DP PCIe FC32 LPe31002-D Fab C Mezz FC16 (for MX platforms ) LPe32002-D Fab C Mezz FC32 (for MX platforms ) LPe35002-M2 FC32 2-Port LPe35000-M2 FC32 1-Port Supported NIC firmware versions for IO Identity Optimization In 14th generation Dell PowerEdge servers, the required NIC firmware is available by default.
Table 44.
Enabling or disabling IO Identity Optimization Normally, after the system boots, the devices are configured and then after a reboot the devices are initialized. You can enable the I/O Identity Optimization feature to achieve boot optimization. If it is enabled, it sets the virtual address, initiator, and storage target attributes after the device is reset and before it is initialized, thus eliminating a second BIOS restart.
Configuring SSD Wear Threshold alert features using web interface To configure Remaining Rated Write Endurance and Available Spare Alert Threshold using web interface: 1. In the iDRAC Web interface, go to Configuration > System Settings > Hardware Settings > SSD Wear Thresholds. The SSD Wear Thresholds page is displayed. 2. Remaining Rated Write Endurance — You can set the value between 1-99%. The default value is 10%.
Default values for persistence policy Table 46.
Table 47. iSCSI initiator —default values (continued) iSCSI Initiator Default Values in IPv4 mode Default Values in IPv6 mode IscsiInitiatorIpv4Addr 0.0.0.0 0.0.0.0 IscsiInitiatorIpv6Addr :: :: IscsiInitiatorSubnet 0.0.0.0 0.0.0.0 IscsiInitiatorSubnetPrefix 0 0 IscsiInitiatorGateway 0.0.0.0 :: IscsiInitiatorIpv4Gateway 0.0.0.0 0.0.0.0 IscsiInitiatorIpv6Gateway :: :: IscsiInitiatorPrimDns 0.0.0.0 :: IscsiInitiatorIpv4PrimDns 0.0.0.0 0.0.0.
Table 48.
17 Managing storage devices Starting with iDRAC 3.15.15.15 release, iDRAC supports Boot Optimized Storage Solution (BOSS) controller in the 14 th generation of PowerEdge servers. BOSS controllers are designed specifically for booting the operating system of the server. These controllers support limited RAID features and the configuration is staged. Starting with iDRAC 4.30.30.30 release, iDRAC supports PERC 11, HBA 11, and BOOS 1.5 for AMD systems. NOTE: BOSS controllers support only RAID level1.
In addition to managing the physical disks contained in the enclosure, you can monitor the status of the fans, power supply, and temperature probes in an enclosure. You can hot-plug enclosures. Hot-plugging is defined as adding of a component to a system while the operating system is still running. The physical devices connected to the controller must have the latest firmware. For the latest supported firmware, contact your service provider.
What is RAID RAID is a technology for managing the storage of data on the physical disks that reside or are attached to the system. A key aspect of RAID is the ability to span physical disks so that the combined storage capacity of multiple physical disks can be treated as a single, extended disk space. Another key aspect of RAID is the ability to maintain redundant data which can be used to restore data in the event of a disk failure.
Organizing data storage for availability and performance RAID provides different methods or RAID levels for organizing the disk storage. Some RAID levels maintain redundant data so that you can restore data after a disk failure. Different RAID levels also entail an increase or decrease in the I/O (read and write) performance of a system. Maintaining redundant data requires the use of additional physical disks. The possibility of a disk failure increases with an increase in the number of disks.
RAID 0 characteristics: ● ● ● ● Groups n disks as one large virtual disk with a capacity of (smallest disk size) *n disks. Data is stored to the disks alternately. No redundant data is stored. When a disk fails, the large virtual disk fails with no means of rebuilding the data. Better read and write performance. RAID level 1 - mirroring RAID 1 is the simplest form of maintaining redundant data. In RAID 1, data is mirrored or duplicated on one or more physical disks.
● Redundancy for protection of data. ● RAID 1 is more expensive in terms of disk space since twice the number of disks are used than required to store the data without redundancy. RAID level 5 or striping with distributed parity RAID 5 provides data redundancy by using data striping in combination with parity information. Rather than dedicating a physical disk to parity, the parity information is striped across all physical disks in the disk group.
RAID 6 characteristics: ● ● ● ● ● ● Groups n disks as one large virtual disk with a capacity of (n-2) disks. Redundant information (parity) is alternately stored on all disks. The virtual disk remains functional with up to two disk failures. The data is reconstructed from the surviving disks. Better read performance, but slower write performance. Increased redundancy for protection of data. Two disks per span are required for parity. RAID 6 is more expensive in terms of disk space.
RAID 50 characteristics: ● Groups n*s disks as one large virtual disk with a capacity of s*(n-1) disks, where s is the number of spans and n is the number of disks within each span. ● Redundant information (parity) is alternately stored on all disks of each RAID 5 span. ● Better read performance, but slower write performance. ● Requires as much parity information as standard RAID 5. ● Data is striped across all spans. RAID 50 is more expensive in terms of disk space.
RAID 60 characteristics: ● Groups n*s disks as one large virtual disk with a capacity of s*(n-2) disks, where s is the number of spans and n is the number of disks within each span. ● Redundant information (parity) is alternately stored on all disks of each RAID 6 span. ● Better read performance, but slower write performance. ● Increased redundancy provides greater data protection than a RAID 50. ● Requires proportionally as much parity information as RAID 6. ● Two disks per span are required for parity.
RAID 10 characteristics: ● ● ● ● ● Groups n disks as one large virtual disk with a capacity of (n/2) disks, where n is an even integer. Mirror images of the data are striped across sets of physical disks. This level provides redundancy through mirroring. When a disk fails, the virtual disk still works. The data is read from the surviving mirrored disk. Improved read performance and write performance. Redundancy for protection of data.
Table 50. RAID level performance comparison (continued) RAID Level Data Redundancy Read Performance Write Performance Rebuild Performance Minimum Disks Required Suggested Uses RAID 50 Good Very Good Fair Fair N + 2 (N = at least 4) Medium sized transactional or data intensive uses. RAID 6 Excellent Sequential reads: good. Transactional reads: Very good Fair, unless using writeback cache Poor N + 2 (N = at least two disks) Critical information.
iDRAC supports HBA355i front and HBA355i Adapter for AMD platforms. Supported enclosures iDRAC supports MD1400 and MD1420 enclosures. NOTE: Redundant Array of Inexpensive Disks (RBODS) that are connected to HBA controllers are not supported. NOTE: PERC H480 with version 10.1 or greater, firmware supports up to 4 enclosures per port. Summary of supported features for storage devices The following tables provide the features supported by the storage devices through iDRAC. Table 51.
Table 51.
Table 51.
Table 51.
Table 52.
Table 52. Supported features of storage controllers for MX platforms (continued) Features PERC 11 PERC 10 PERC 9 H755 MX H745P MX H730P MX Switch Controller Mode Not applicable Not applicable Staged T10PI Support for Virtual Disks Not applicable Not applicable Not applicable NOTE: H745P MX supports eHBA mode with PERC 10.2 and higher. Table 53.
Monitoring storage devices using web interface To view the storage device information using web interface: ● Go to Storage > Overview > Summary to view the summary of the storage components and the recently logged events. This page is automatically refreshed every 30 seconds. ● Go to Storage > Overview > Controllers to view the RAID controller information. The Controllers page is displayed. ● Go to Storage > Overview > Physical Disks to view physical disk information. The Physical Disks page is displayed.
● ● ● ● ● ● Convert to RAID capable disk. Convert to non-RAID disk. Blink or unblink the LED. Rebuild physical disk Cancel rebuild physical disk Cryptographic erase Assigning or unassigning physical disk as global hot spare A global hot spare is an unused backup disk that is part of the disk group. Hot spares remain in standby mode.
6. Click Apply Now. Depending on your requirement, you can also choose to apply At Next Reboot or At Scheduled Time. Based on the selected operation mode, the settings are applied. Assigning or unassigning global hot spare using RACADM Use the storage command and specify the type as global hot spare. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals.
● Secure erase drives— Includes drives that provide cryptographic erase such as ISE and SED SAS and SATA drives, and PCIe SSDs. ● Overwrite erase drives— Includes all drives that do not support cryptographic erase. NOTE: System erase only applies to drives within the server. iDRAC is not able to erase drives in an external enclosure such as a JBOD.
Erasing SED/ISE device data using web interface To erase the data on the supported device: 1. In the iDRAC Web interface, go to Storage > Overview > Physical Disks. The Physical Disk page is displayed. 2. From the Controller drop-down menu, select the controller to view the associated devices. 3. From the drop-down menus, select Cryptographic Erase for one or more SED/ISEs.
Cancel Rebuild can be used to cancel a rebuild that is in progress. If you cancel a rebuild, the virtual disk remains in a degraded state. The failure of an additional physical disk can cause the virtual disk to fail and may result in data loss. It is recommended to perform a rebuild on the failed physical disk at the earliest. In case, you cancel the rebuild of a physical disk that is assigned as a hot spare, reinitiate the rebuild on the same physical disk in order to restore the data.
Considerations before creating virtual disks Before creating virtual disks, consider the following: ● Virtual disk names not stored on controller—The names of the virtual disks that you create are not stored on the controller. This means that if you reboot using a different operating system, the new operating system may rename the virtual disk using its own naming conventions.
NOTE: Disk slicing or configuring partial VDs is not supported using RACADM on the drives managed by S140 controller. Editing virtual disk cache policies You can change the read, write, or disk cache policy of a virtual disk. NOTE: Some of the controllers do not support all read or write policies. Therefore, when a policy is applied, an error message is displayed.
Checking virtual disk consistency This operation verifies the accuracy of the redundant (parity) information. This task only applies to redundant virtual disks. When necessary, the check consistency task rebuilds the redundant data. If the virtual drive has a degraded status, running a check consistency may be able to return the virtual drive to ready status. You can perform a consistency check using the web interface or RACADM. You can also cancel the check consistency operation.
NOTE: Full initialize is supported only in real-time. Only few controllers support full initialization. Encrypting virtual disks When encryption is disabled on a controller (that is, the security key is deleted), manually enable encryption for virtual disks created using SED drives. If the virtual disk is created after encryption is enabled on a controller, the virtual disk is automatically encrypted.
is not giving maximum VD size possible as the final VD size (percentage turns out to be less than 100%). User does not see difference in this entered VD size and final VD size after reconfiguration, if maximum possible VD size is entered by user. Raid Level Migration RAID Level Migration (RLM) refers to changing a virtual disk´s RAID level. iDRAC9 provides an option to increase the VD size using RLM.
● OCE/RLM is restricted to the scenario where the disk group contains only one VD. ● OCE is not supported on RAID50 and RAID60. RLM is not supported on RAID10,RAID50 and RAID60. ● If the controller already contains the maximum number of virtual disks, you cannot perform a RAID level migration or capacity expansion on any virtual disk. ● The controller changes the write cache policy of all virtual disks undergoing a RLM/OCE to Write-Through until RLM/OCE is complete.
Disabled — Indicates that the disk’s write cache is disabled. This decreases performance and the probability of data loss. Edit Disk Capacity — You can add the physical disks to the selected virtual disk in this window. This window also shows the current capacity and new capacity of the virtual disk after adding the physical disks. RAID Level Migration — Displays the Disk Name, Current RAID Level, and size of the virtual disk. Allows you to select a New RAID Level.
Table 56. RAID Configuration Features Feature Force Online RACADM Command racadm storage forceonline: Description A power failure, corrupted data, or some other reason may lead to a physical disk going offline. You can use this feature to force a physical disk back into an online state when all other options have been exhausted. Once the command is run, the controller places the drive back into online state and restore its membership within the virtual disk.
Configuring controller properties You can configure the following properties for the controller: ● Patrol read mode (auto or manual) ● Start or stop patrol read if patrol read mode is manual ● Patrol read unconfigured areas ● Check consistency mode ● Copyback mode ● Load balance mode ● Check consistency rate ● Rebuild rate ● BGI rate ● Reconstruct rate ● Enhanced auto import foreign configuration ● Create or change security keys ● Encryption mode (Local Key Management and Secure Enterprise key Manager) You
On PERC controllers, background initialization of a redundant virtual disk begins automatically within 0 to 5 minutes after the virtual disk is created. The background initialization of a redundant virtual disk prepares the virtual disk to maintain redundant data and improves write performance. For example, after the background initialization of a RAID 5 virtual disk completes, the parity information has been initialized.
The Setup Controllers page is displayed. 2. In the Controller section, select the controller that you want to configure. 3. Specify the required information for the various properties. The Current Value column displays the existing values for each property. You can modify this value by selecting the option from the Action drop-down menu for each property. For information about the fields, see the iDRAC Online Help. 4. From the Apply Operation Mode, select when you want to apply the settings. 5. Click Apply.
For example, if the foreign configuration contains only one side of a mirror in a RAID 1 virtual disk, then the virtual disk is in a Degraded state and can be imported. If the foreign configuration contains only one physical disk that was originally configured as a RAID 5 using three physical disks, then the RAID 5 virtual disk is in a Failed state and cannot be imported.
Importing foreign configuration using RACADM To import foreign configuration: racadm storage importconfig: For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals. Clearing foreign configuration After moving a physical disk from one controller to another, you may find that the physical disk contains all or some portion of a virtual disk (foreign configuration).
2. From the Actions, select Reset Configuration for one or more controllers. 3. For each controller, from the Apply Operation Mode drop-down menu, select when you want to apply the settings. 4. Click Apply. Based on the selected operation mode, the settings are applied. Resetting controller configuration using RACADM To reset the controller configuration: racadm storage resetconfig: For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals.
Exceptions while switching the controller mode The following list provides the exceptions while setting the controller mode using the iDRAC interfaces such as web interface, RACADM, and WSMan: ● If the PERC controller is in RAID mode, you must clear any virtual disks, hot spares, foreign configurations, controller keys, or preserved cache before changing it to HBA mode. ● You cannot configure other RAID operations while setting the controller mode.
and enabling its ports connected to storage devices. Without an operating system, the driver will not be loaded, and there is no guarantee that iDRAC will be able to display storage devices connected to Dell HBAs. The non-RAID controllers are the HBAs that do not have few RAID capabilities. They do not support virtual disks. 14G iDRAC interface supports 12 Gbps SAS HBA controller, HBA330 (integrated and adapter) controllers, HBA330 MMZ, and HBA330 MX adapters.
NOTE: If an operation is not supported in non-RAID mode, an error message is displayed. You cannot monitor the enclosure temperature probes, fans, and power supplies when the controller is in non-RAID mode. Running RAID configuration jobs on multiple storage controllers While performing operations on more than two storage controllers from any supported iDRAC interface, make sure to: ● Run the jobs on each controller individually.
NOTE: Hot plug capability, prepare to remove, and blink or unblink the device LED is not applicable for HHHL PCIe SSD devices. NOTE: When NVMe devices are controlled behind S140, prepare to remove and cryptographic erase operations are not supported, blink and unblink are supported.
NOTE: Prepare to Remove operation is supported on systems with ESXi 6.0 with iDRAC Service Module version 2.1 or higher. The Prepare to Remove operation can be performed in real-time using iDRAC Service Module. The Prepare to Remove operation stops any background activity and any ongoing I/O activity so that device can be removed safely. It causes the status LEDs on the device to blink.
Erasing PCIe SSD device data NOTE: This operation is not supported when PCIe SSD is configured using the SWRAID controller. Cryptographic Erase permanently erases all data present on the disk. Performing a Cryptographic Erase on an PCIe SSD overwrites all blocks and results in permanent loss of all data on the PCIe SSD. During Cryptographic Erase, the host is unable to access the PCIe SSD. The changes are applied after system reboot.
To create the target job after executing the secureerase command: racadm jobqueue create -s TIME_NOW -e To query the job ID returned: racadm jobqueue view -i For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals.
NOTE: ● Warning messages are displayed when the setting is being changed as there is a possibility of data loss. ● LC Wipe or iDRAC reset operations do not change the expander setting for this mode. ● This operation is supported only in real-time and not staged. ● You can change the backplane configuration multiple times. ● The backplane splitting operation can cause data loss or foreign configuration if the drive association changes from one controller to another controller.
The output is: BackplaneRequestedMode=None 3. Run the following command to set the requested backplane mode to split mode: racadm set storage.enclosure.1.backplanerequestedmode "splitmode" The message is displayed indicating that the command is successful. 4. Run the following command to verify if the backplanerequestedmode attribute is set to split mode: racadm get storage.enclosure.1.backplanerequestedmode The output is: BackplaneRequestedMode=None (Pending=SplitMode) 5.
12. Run the following command and verify that only 0–11 drives are displayed: racadm storage get pdisks For more information about the RACADM commands, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Viewing universal slots Some 14 th generation PowerEdge server backplanes supports both SAS/SATA and PCIe SSD drives in the same slot.
User can change the Asset Tag property of the enclosure to identify enclosures. These fields are checked for invalid values and an error is displayed if an invalid value is entered. These fields are part of the enclosure firmware; the data initially shown are the values saved in the firmware. NOTE: Asset Tag has a character limit of 10 that includes the null character. NOTE: These operations are not supported on internal enclosures.
● Only the Apply Now option is available on the Enclosure Setup page. 3. Click Apply. Based on the operation mode selected, the settings are applied. Choosing operation mode using RACADM To select the operation mode, use the jobqueue command. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. Viewing and applying pending operations You can view and commit all pending operations for the storage controller.
page. You must perform any other storage configuration operation or use RACADM or WSMan to create the required configuration job on the required controller. You cannot view or clear pending operations for PCIe SSDs in the Pending Operations page. Use the racadm command to clear the pending operations for PCIe SSDs. Viewing and applying pending operations using RACADM To apply pending operations, use the jobqueue command.
● If the pending operation is created successfully and if there are existing pending operations, then an information message is displayed: ○ Click OK to remain on the page to perform more storage configuration operations. ○ Click Pending Operations to view the pending operations for the device. ● If the pending operation is not created successfully and if there are existing pending operations, then an error message is displayed.
Blinking or unblinking component LEDs using RACADM To blink or unblink component LEDs, use the following commands: racadm storage blink: racadm storage unblink: For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals.
18 BIOS Settings You can view multiple attributes, which are being used for a specific server under the BIOS Settings. You can modify different parameters of each attribute from this BIOS configuration setting. Once you select one attribute, it shows different parameters which are related to that specific attribute. You can modify multiple parameters of an attribute and apply changes before modifying a different attribute.
Delete All Pending Values Delete All pending Values button is enabled only when there are pending values based on the recent configuration changes. In case, user decides not to apply the configuration changes, user can click Delete All Pending Values button to terminate all the modifications. In case, the request fails to remove the BIOS attributes, it throws an error with corresponding HTTP Response Status code mapped to SMIL API error or Job Creation error.
BIOS Recovery and Hardware Root of Trust (RoT) For PowerEdge server, it is mandatory to recover from corrupted or damaged BIOS image either due to malicious attack or power surges or any other unforeseeable events. An alternate reserve of BIOS image would be necessary to recover BIOS in order to bring the PowerEdge server back to functional mode from unbootable mode. This alternative/recovery BIOS is stored in a 2nd SPI (mux'ed with primary BIOS SPI).
19 Configuring and using virtual console iDRAC has added an enhanced HTML5 option in vConsole which allows vKVM (virtual Keyboard, Video, and Mouse) over standard VNC client. You can use the virtual console to manage a remote system using the keyboard, video, and mouse on your management station to control the corresponding devices on a managed server. This is a licensed feature for rack and tower servers. It is available by default in blade servers.
Table 57. Keyboard Macros Supported by ActiveX and Java plug-ins (continued) MAC Client Win Client Linux Client SysRq - - PrtScrn - - Alt-PrtScrn - - Pause - - NOTE: For keyboard macros supported in HTML plug-in, see the section HTML5 based virtual console. NOTE: The number of active virtual-console sessions displayed in the web interface is only for active web-interface sessions. This number does not include sessions from other interfaces such as SSH and RACADM.
console supports 1920x1200 resolution. If the monitor attached supports lower max resolution (like many KVMs), the virtual console max resolution is limited. Maximum virtual console resolutions based on monitor display ratio: ● 16:10 monitor: 1920x1200 will be the max resolution ● 16:9 monitor: 1920x1080 will be the max resolution When a physical monitor is not connected to either VGA port on the server, the OS installed will dictate the available resolutions for virtual console.
Before launching the Virtual Console, make sure that: ● You have administrator privileges. ● Web browser is configured to use HTML5, eHTML5, Java, or ActiveX plug-ins. ● Minimum network bandwidth of 1 MB/sec is available. NOTE: If the embedded video controller is disabled in BIOS and if you launch the Virtual Console, the Virtual Console Viewer is blank.
Disabling warning messages while launching virtual console or virtual media using Java or ActiveX plug-in You can disable the warning messages while launching the Virtual Console or Virtual Media using Java plug-in. NOTE: You need Java 8 or later to use this feature and to launch iDRAC Virtual Console over an IPv6 network. 1. Initially, when you launch Virtual Console or Virtual Media using Java plug-in, the prompt to verify the publisher is displayed. Click Yes.
● From iDRAC Virtual Console page, click Start the Virtual Console link. ● From iDRAC login page, type https///console. This method is called as Direct Launch. In ● ● ● ● ● ● ● ● ● ● the eHTML5 virtual console, the following menu options are available: Power Boot Chat Keyboard Screen Capture Refresh Full Screen Disconnect Viewer Console Controls Virtual Media The Pass all keystrokes to server option is not supported on eHTML5 virtual console.
■ - SysRq - Alt+SysRq - Win-P Aspect Ratio — The eHTML5 virtual console video image automatically adjusts the size to make the image visible. The following configuration options are displayed as a drop-down list: - Maintain - Don’t Maintain Click Apply to apply the selected settings on the server. ■ Touch Mode — The eHTML5 virtual console supports the Touch Mode feature.
● Safari 13.1 NOTE: It is recommended to have Mac OS version 10.10.2 (or onward) installed in the system. For more details on supported browsers and versions, see the iDRAC Release Notes available at https://www.dell.com/ idracmanuals. HTML5 based virtual console NOTE: While using HTML5 to access virtual console, the language must be consistent across client and target keyboard layout, OS, and browser. For example, all must be in English (US) or any of the supported languages.
■ Alt+F4 ■ Alt+F5 ■ Alt+F6 ■ Alt+F7 ■ Alt+F8 ■ Alt+F9 ■ Alt+F10 ■ Alt+F11 ■ Alt+F12 ■ PrntScrn ■ Alt+PrntScrn ■ F1 ■ Pause ■ Tab ■ Ctrl+Enter ■ SysRq ■ Alt+SysRq ■ Win-P ○ Aspect Ratio — The HTML5 virtual console video image automatically adjusts the size to make the image visible. The following configuration options are displayed as a drop-down list: ■ Maintain ■ Don’t Maintain Click Apply to apply the selected settings on the server.
○ Relative, no acceleration ○ Relative (RHEL, earlier versions of Linux) ○ Linux RHEL 6.x and SUSE Linux Enterprise Server 11 or later Click Apply to apply the selected settings on the server. ● Virtual Media — Click Connect Virtual Media option to start the virtual media session. when the virtual media is connected, you can see the options like Map CD/DVD, Map Removable Disk, and Reset USB. NOTE: For security reasons read/write access is disabled while accessing virtual console in HTML5.
Passing all keystrokes through virtual console for Java or ActiveX plug-in You can enable the Pass all keystrokes to server option and send all keystrokes and key combinations from the management station to the managed system through the Virtual Console Viewer. If it is disabled, it directs all the key combinations to the management station where the Virtual Console session is running.
managed system. However, if Pass All Keys is enabled, then the Start menu is opened only on the managed system and not on the management station. ● When Pass All Keys is disabled, the behavior depends on the key combinations pressed and the special combinations interpreted by the operating system on the management station.
5. Use the magic key to enable the SysRq function. For example, the following command reboots the server: echo b > /proc/sysrq-trigger NOTE: You do not have to run break sequence before using the magic SysRq keys.
20 Using iDRAC Service Module The iDRAC Service Module is a software application that is recommended to be installed on the server (it is not installed by default). It complements iDRAC with monitoring information from the operating system. It complements iDRAC by providing additional data to work with iDRAC interfaces such as the Web interface, Redfish, RACADM, and WSMan.
NOTE: The installer will be available to the host operating system for 30 minutes. If you do not start the installation within 30 minutes, you must restart the Service Module installation. Installing iDRAC Service Module from iDRAC Enterprise 1. On the SupportAssist Registration wizard, click Next. 2. On the iDRAC Service Module Setup page, click Install Service Module. 3. Click Launch Virtual Console and click Continue on the security warning dialog box. 4.
iDRAC. By default, this monitoring feature is enabled. It is not disabled if OpenManage Server Administrator is installed on the host OS. In iSM version 2.0 or later, the operating system information feature is amended with the OS network interface monitoring. When iDRAC Service Module version 2.0 or later is used with iDRAC 2.00.00.00, it starts monitoring the operating system network interfaces. You can view this information using iDRAC web interface, RACADM, or WSMan.
AttributeName WSMAN-Class Privilege License Read Privileges:Login Password DCIM_iDRACCardS Write Privileges: tring ConfigUsers, Login DCIM_iDRACCardI nteger Write Privileges: ConfigUsers, Login Supported Operation Users.1#UserName to Users.16#UserNam e Basic Users.1#Password Enum, Get, Invoke to Users.16#Password Basic Users.1#Password Enum, Get, Invoke to Users.
For simplicity, iSM provides a shortcut in the Program Menu of the Windows operating system. When you select the Remote iDRAC Hard Reset option, you are prompted for a confirmation to reset the iDRAC. After you confirm, the iDRAC is reset and the result of the operation is displayed. NOTE: The following warning message appears in the Event Viewer under the Application Logs category. This warning does not require any further action.
Command usage This section provides the command usages for Windows, Linux, and ESXi operating systems.
iDRAC access via Host OS By using this feature, you can configure and monitor the hardware parameters through iDRAC Web interface, WSMan, and RedFish interfaces using the host IP address without configuring the iDRAC IP address. You can use the default iDRAC credentials if the iDRAC server is not configured or continue to use the same iDRAC credentials if the iDRAC server was configured earlier.
To install, enable, and configure this feature, use the following command: ./Enable-iDRACAccessHostRoute [ ] =0 Disable and are not required. =1 Enable is required and is optional. IP range in format. Example: 10.95.146.
Using iDRAC Service Module from RACADM To use the iDRAC Service Module from RACADM, use the objects in the ServiceModule group. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals.
21 Using USB port for server management On the 14th generation servers, a dedicated micro USB port is available to configure iDRAC. You can perform the following functions using the micro USB port: ● Connect to the system using the USB network interface to access system management tools such as iDRAC web interface and RACADM. ● Configure a server by using SCP files that are stored on a USB drive.
3. Wait for the laptop to acquire IP address 169.254.0.4. It may take several seconds for the IP addresses to be acquired. iDRAC acquires the IP address 169.254.0.3. 4. Start using iDRAC network interfaces such as the web interface, RACADM, Redfish or WSMan. For example, to access the iDRAC web interface, open a supported browser, and type the address 169.254.0.3 and press enter. 5. When iDRAC is using the USB port, the LED blinks indicating activity. The blink frequency is four per second. 6.
For information about the fields, see the iDRAC Online Help. NOTE: iDRAC9 allows you to password protect the compressed file after you select Enabled only for compressed configuration files to compress the file before importing. You can enter a password to secure the file by using Password for Zip file option. 4. Click Apply to apply the settings.
Example of control.
LCD messages If the LCD panel is available, it displays the following messages in a sequence: 1. Importing – When the server configuration profile is being copied from the USB device. 2. Applying — When the job is in-progress. 3. Completed — When the job has completed successfully. 4. Completed with errors — When the job has completed with errors. 5. Failed — When the job has failed. For more details, see the results file on the USB device.
22 Using Quick Sync 2 With Dell OpenManage Mobile running on an Android or iOS mobile device, you can easily access server directly or through OpenManage Essentials or OpenManage Enterprise (OME) console. It allows you to review server details and inventory, view LC and System Event logs, get automatic notifications on mobile device from an OME console, assign IP address and modify iDRAC password, configure key BIOS attributes, and take remediation actions as needed.
You must have Server Control privilege to configure the settings. A server reboot is not required for the settings to take effect. once configured, you can activate the Quick Sync 2 button on the Left Control Panel. Make sure the Quick Sync light turns on. Then, access the Quick Sync Information via a mobile device. An entry is logged to the Lifecycle Controller log when the configuration is modified. Configuring iDRAC Quick Sync 2 settings using web interface To configure iDRAC Quick Sync 2: 1.
23 Managing virtual media iDRAC provides virtual media with HTML5 based client with local ISO and IMG file, remote ISO and IMG file support. Virtual media allows the managed server to access media devices on the management station or ISO CD/DVD images on a network share as if they were devices on the managed server. You need iDRAC Configure privilege to modify the configuration.
• • • • • Supported drives and devices Configuring virtual media Accessing virtual media Setting boot order through BIOS Enabling boot once for virtual media Supported drives and devices The following table lists the drives supported through virtual media. Table 60.
Attached media state and system response The following table describes the system response based on the Attached Media setting. Table 61. Attached media state and system response Attached Media State System Response Detach Cannot map an image to the system. Attach Media is mapped even when Client View is closed. Auto-attach Media is mapped when Client View is opened and unmapped when Client View is closed.
1. In the iDRAC web Interface, go to Configuration > Virtual Media. 2. Click Connect Virtual Media. Alternatively, you can also launch the Virtual Media by following these steps: 1. Go to Configuration > Virtual Console. 2. Click Launch Virtual Console. The following message is displayed: Virtual Console has been disabled. Do you want to continue using Virtual Media redirection? 3. Click OK. The Virtual Media window is displayed. 4. From the Virtual Media menu, click Map CD/DVD or Map Removable Disk.
1. On the iDRAC web interface, go to Configuration > Virtual Media. 2. Click Mount Drivers. 3. Select the OS from the pop-up window and click Mount Drivers. NOTE: The Expose duration is 18 hours by default. To unmount the drivers post completion of the mount: 1. Go to Configuration > Virtual Media. 2. Click Unmount Drivers. 3. Click OK on the pop-up window. NOTE: The Mount Drivers option may not be displayed if the driver pack is not available on the system.
If image is created in a different location, when you select Map Removable Disk, the created image is not available for selection in the drop-down menu. Click Browse to specify the image. NOTE: ● Read only option will be grayed out in ehtml5 based JAVA removable media. ● Floppy emulation is not supported in ehtml5 plugin. 4. Select Read-only to map writable devices as read-only. For CD/DVD devices, this option is enabled by default and you cannot disable it.
5. Click OK, navigate back to System BIOS Settings page, and click Finish. 6. Click Yes to save the changes and exit. The managed system reboots. The managed system attempts to boot from a bootable device based on the boot order. If the virtual device is connected and a bootable media is present, the system boots to the virtual device. Otherwise, the system overlooks the device—similar to a physical device without bootable media.
24 Managing vFlash SD card NOTE: vFlash is supported on AMD platform servers. The vFlash SD card is a Secure Digital (SD) card that can be ordered and installed from the factory. You can use a card with a maximum of 16 GB capacity. After you insert the card, you must enable vFlash functionality to create and manage partitions. vFlash is a licensed feature. NOTE: There is no limitation of the size of SD card, you can open and replace the factory installed SD card with a higher capacity SD card.
Viewing vFlash SD card properties using web interface To view the vFlash SD card properties, in the iDRAC Web interface, go to Configuration > System Settings > Hardware Settings > vFlash. The Card Properties page is displayed. For information about the displayed properties, see the iDRAC Online Help. Viewing vFlash SD card properties using RACADM To ● ● ● ● ● view the vFlash SD card properties using RACADM, use the get command with the following objects: iDRAC.vflashsd.AvailableSize iDRAC.vflashsd.
Enabling or disabling vFlash functionality using iDRAC settings utility To enable or disable the vFlash functionality: 1. In the iDRAC Settings utility, go to Media and USB Port Settings. The iDRAC Settings . Media and USB Port Settings page is displayed. 2. In the vFlash Media section, select Enabled to enable vFlash functionality or select Disabled to disable the vFlash functionality. 3. Click Back, click Finish, and then click Yes. The vFlash functionality is enabled or disabled based on the selection.
4. To get the last status of a particular partition, use command:racadm vflashpartition status -i (index) NOTE: If iDRAC is reset, the status of the last partition operation is lost. Managing vFlash partitions You can perform the following using the iDRAC Web interface or RACADM: NOTE: An administrator can perform all operations on the vFlash partitions. Else, you must have Access Virtual Media privilege to create, delete, format, attach, detach, or copy the contents for the partition.
Creating an empty partition using RACADM To create an empty partition: 1. Log in to the system using SSH or Serial console. 2. Enter the command: racadm vflashpartition create -i 1 -o drive1 -t empty -e HDD -f fat16 -s [n] where [n] is the partition size. By default, an empty partition is created as read-write. If the share is not configured using Username / Password, you need to specify the parameters as -u anonymous -p anonymous .
1. Log in to the system using SSH or Serial console. 2. Enter the command racadm vflashpartition create –i 1 –o drive1 –e HDD –t image –l //myserver/ sharedfolder/foo.iso –u root –p mypassword By default, the created partition is read-only. This command is case sensitive for the image file name extension. If the file name extension is in upper case, for example FOO.ISO instead of FOO.iso, then the command returns a syntax error. NOTE: This feature is not supported in local RACADM.
2. Enter the following commands: ● To list all existing partitions and its properties: racadm vflashpartition list ● To get the status of operation on partition 1: racadm vflashpartition status -i 1 ● To get the status of all existing partitions: racadm vflashpartition status -a NOTE: The -a option is valid only with the status action. Modifying a partition You can change a read-only partition to read-write or vice-versa.
Attaching or detaching partitions When you attach one or more partitions, they are visible to the operating system and BIOS as USB mass storage devices. When you attach multiple partitions, based on the assigned index, they are listed in an ascending order in the operating system and the BIOS boot order menu. If you detach a partition, it is not visible in the operating system and the BIOS boot order menu. When you attach or detach a partition, the USB bus in the managed system is reset.
● ● ● ● The vFlash functionality is enabled. The card is not write-protected. The partition is not attached. An initialize operation is not being performed on the card. Deleting existing partitions using web interface To delete an existing partition: 1. In the iDRAC Web interface, go to Configuration > System Settings > Hardware Settings > vFlash > Manage. The Manage Partitions page is displayed. 2. In the Delete column, click the delete icon for the partition that you want to delete.
● The vFlash partition contains a bootable image (in the .img or .iso format) to boot from the device. ● The vFlash functionality is enabled. ● You have Access Virtual Media privileges. Booting to a partition using web interface To set the vFlash partition as a first boot device, see Booting to a partition using web interface on page 317. NOTE: If the attached vFlash partition(s) are not listed in the First Boot Device drop-down menu, make sure that the BIOS is updated to the latest version.
25 Using SMCLP NOTE: SMCLP is only supported in iDRAC versions earlier than 4.00.00.00. The Server Management Command Line Protocol (SMCLP) specification enables CLI-based systems management. It defines a protocol for management commands transmitted over standard character oriented streams. This protocol accesses a Common Information Model Object Manager (CIMOM) using a human-oriented command set.
where, y is an alpha-numeric character such as M (for blade servers), R (for rack servers), and T (for tower servers) and x is a number. This indicates the generation of Dell PowerEdge servers. NOTE: Scripts using -$ can use these for yx1x systems, but starting with yx2x systems one script with admin-> can be used for blade, rack, and tower servers. iDRAC SMCLP syntax The iDRAC SMCLP uses the concept of verbs and targets to provide systems management capabilities through the CLI.
Table 63.
Table 63.
Table 63. SMCLP targets (continued) Target Definitions admin1/system1/sp1/rolesvc3/Role1-3/ privilege1 CLP role privilege Navigating the map address space Objects that can be managed with SM-CLP are represented by targets arranged in a hierarchical space called the Manageability Access Point (MAP) address space. An address path specifies the path from the root of the address space to an object in the address space. The root target is represented by a slash (/) or a backslash (\).
show -l all -output format=clpxml /admin1/system1/logs1/log1 Usage examples This section provides use case scenarios for SMCLP: ● Server power management on page 323 ● SEL management on page 323 ● Map target navigation on page 324 Server power management The following examples show how to use SMCLP to perform power management operations on a managed system.
EnabledState = 2 OperationalState = 2 HealthState = 2 Caption = IPMI SEL Description = IPMI SEL ElementName = IPMI SEL Commands: cd show help exit version ● To view the SEL record: show/system1/logs1/log1 The following output is displayed: /system1/logs1/log1/record4 Properties: LogCreationClassName= CIM_RecordLog CreationClassName= CIM_LogRecord LogName= IPMI SEL RecordID= 1 MessageTimeStamp= 20050620100512.
type cd . ● To move up one level: type cd ..
26 Deploying operating systems You can use any of the following utilities to deploy operating systems to managed systems: ● Remote File Share ● Console Topics: • • • Deploying operating system using remote file share Deploying operating system using virtual media Deploying embedded operating system on SD card Deploying operating system using remote file share Before you deploy the operating system using Remote File Share (RFS), make sure that: ● Configure User and Access Virtual Media privileges for iDRA
The connection status for RFS is available in iDRAC log. Once connected, an RFS-mounted virtual drive does not disconnect even if you log out from iDRAC. The RFS connection is closed if iDRAC is reset or the network connection is dropped. The Web interface and command-line options are also available in CMCOME Modular and iDRAC to close the RFS connection. The RFS connection from CMC always overrides an existing RFS mount in iDRAC. NOTE: ● CIFS and NFS supports both IPv4 and IPv6 addresses.
NOTE: The characters allowed in user names and passwords for network shares are determined by the network-share type. iDRAC supports valid characters for network share credentials as defined by the share type, except <, >, and , (comma). 4. Click Apply and then click Connect. After the connection is established, the Connection Status displays Connected. NOTE: Even if you have configured remote file sharing, the Web interface does not display user credential information due to security reasons.
● If Virtual Media is in Auto Attached mode, the Virtual Media application must be launched before booting the system. ● Network share contains drivers and operating system bootable image file, in an industry standard format such as .img or .iso. To deploy an operating system using Virtual Media: 1. Do one of the following: ● Insert the operating system installation CD or DVD into the management station CD or DVD drive. ● Attach the operating system image. 2.
27 Troubleshooting managed system using iDRAC You can diagnose and troubleshoot a remote managed system using: ● Diagnostic console ● Post code ● Boot and crash capture videos ● Last system crash screen ● System event logs ● Lifecycle logs ● Front panel status ● Trouble indicators ● System health Topics: • • • • • • • • • • • • • Using diagnostic console Viewing post codes Viewing boot and crash capture videos Viewing logs Viewing last system crash screen Viewing System status Hardware trouble indicators
● Click Reset iDRAC to Default Settings to reset the iDRAC to the default settings. After you click Reset iDRAC to Default Settings,Reset iDRAC to factory default window is displayed. This action reset the iDRAC to the factory defaults. Chose any of the following options: a. Preserve user and network settings. b. Discard all settings and reset users to the shipping value (root/shipping value). c. Discard all settings and reset username and password. 2. A warning message is displayed.
Viewing post codes Post codes are progress indicators from the system BIOS, indicating various stages of the boot sequence from power-on-reset, and allows you to diagnose any faults related to system boot-up. The Post Codes page displays the last system post code prior to booting the operating system. To view the Post Codes, go to Maintenance > Troubleshooting > Post Code. The Post Code page displays the system health indicator, a hexadecimal code, and a description of the code.
Viewing logs You can view System Event Logs (SELs) and Lifecycle logs. For more information, see Viewing System Event Log and Viewing Lifecycle log. Viewing last system crash screen The last crash screen feature captures a screenshot of the most recent system crash, saves, and displays it in iDRAC. This is a licensed feature. To view the last crash screen: 1. Make sure that the last system crash screen feature is enabled. 2.
Viewing system front panel LED status To view the current system ID LED status, in iDRAC web interface, go to System > Overview > Front Panel. The Front Panel section displays the current front panel status: ● Solid blue — No errors present on the managed system. ● Blinking blue — Identify mode is enabled (regardless of managed system error presence). ● Solid amber — Managed system is in failsafe mode. ● Blinking amber — Errors present on managed system.
Checking server status screen for error messages When a flashing amber LED is blinking, and a particular server has an error, the main Server Status Screen on the LCD highlights the affected server in orange. Use the LCD navigation buttons to highlight the affected server, then click the center button. Error and warning messages will be displayed on the second line. For the list of error messages displayed on the LCD panel, see the server’s Owner’s Manual.
For Reset to default operations, use the following commands: ● Upload Custom Defaults file — racadm –r -u -p set -f -t xml --customdefaults ● Save Current Settings as Default settings — racadm –r -u -p set -savecustomdefaults ● Download Custom Default settings — racadm –r -u -p get -f -t xml --customdefaults ● Reset to Custom Defaults — Racadm –r -u -p racrese
NOTE: After you run System Erase, the VDs may still appear. Run CSIOR after System Erase is completed and iDRAC is rebooted. Resetting iDRAC to factory default settings You can reset iDRAC to the factory default settings using the iDRAC Settings utility or the iDRAC Web interface. Resetting iDRAC to factory default settings using iDRAC web interface To reset iDRAC to factory default settings using the iDRAC Web interface: 1. Go to Maintenance > Diagnostics. The Diagnostics Console page is displayed. 2.
28 SupportAssist Integration in iDRAC SupportAssist allows you to create SupportAssist collections and utilize other SupportAssist features to monitor your system and datacenter. iDRAC provides an application interfaces for gathering platform information that enables support services to resolve platform and system problems.
enter the Dispatch information during the SupportAssist registration process to enable auto dispatch workflow. If onsite support is required along with dispatch parts then select Parts Dispatch with Onsite Support. NOTE: Auto dispatch is enabled in systems with iDRAC Service Module (iSM) v3.4.0 for Windows. Future iSM releases will support auto dispatch for additional operating systems. Dispatch Address Enter an address and the preferred contact hours.
Generating SupportAssist Collection For generating the OS and Application logs: ● iDRAC Service Module must be installed and running in Host Operating System. ● OS Collector, which comes factory installed in iDRAC, if removed must be installed in iDRAC.
If Save to Network option is selected, the user provided network details is saved as defaults (if no prior network share location have been saved) for any future collections. 7. Click Collect to proceed with Collection generation. 8. If prompted, accept the End User Level Agreement (EULA) to continue.
29 Frequently asked questions This section lists the frequently asked questions for the following: ● System Event Log ● Network security ● Active Directory ● Single Sign On ● Smart card login ● Virtual console ● Virtual media ● vFlash SD card ● SNMP authentication ● Storage devices ● iDRAC Service Module ● RACADM ● Miscellaneous Topics: • • • • • • • • • • • • • • • • • System Event Log Custom sender email configuration for iDRAC alerts Network security Telemetry streaming Active Directory Single Sign-On
Custom sender email configuration for iDRAC alerts Alert generated email is not from Custom sender email set on Cloud based email service. You need to register your cloud email through this process : Support.google.com. Network security While accessing the iDRAC Web interface, a security warning is displayed stating that the SSL certificate issued by the Certificate Authority (CA) is not trusted.
To diagnose the problem, on the Active Directory Configuration and Management page, click Test Settings. Review the test results and fix the problem. Change the configuration and run the test until the test user passes the authorization step. In general, check the following: ● While logging in, make sure that you use the correct user domain name and not the NetBIOS name. If you have a local iDRAC user account, log into iDRAC using the local credentials.
If Global Controller Address(es) is configured, iDRAC continues to query the Global Catalog. If additional privileges are retrieved from the Global Catalog, these privileges are accumulated. Does iDRAC always use LDAP over SSL? Yes. All the transportation is over secure port 636 and/or 3269. During test setting, iDRAC does a LDAP CONNECT only to isolate the problem, but it does not do an LDAP BIND on an insecure connection.
3. 4. 5. 6. 7. 8. 9. 10. 11. 12. Select Allow all, click OK, and close the Local Group Policy Editor window. Go to Start and run cmd. The command prompt window is displayed. Run the command gpupdate /force. The group policies are updated. Close the command prompt window. Go to Start and run regedit. The Registry Editor window is displayed. Navigate to HKEY_LOCAL_MACHINE > System > CurrentControlSet > Control > LSA . In the right-pane, right-click and select New > DWORD (32-bit) Value.
What privileges are required for an iDRAC user to turn on or turn off the local server video? Any user with iDRAC configuration privileges can turn on or turn off the local console. How to get the current status of the local server video? The status is displayed on the Virtual Console page. To display the status of the object iDRAC.VirtualConsole.AttachState, use the following command: racadm get idrac.virtualconsole.
You may see this message because the iDRAC Virtual Console plug-in is not receiving the remote server desktop video. Generally, this behavior may occur when the remote server is turned off. Occasionally, the message may be displayed due to a remote server desktop video reception malfunction. Why does Virtual Console Viewer window sometimes display an Out of Range message? You may see this message because a parameter necessary to capture video is beyond the range for which the iDRAC can capture the video.
Protocol (STP) enabled. In this case, it is recommended to enable "portfast" for the switch port connected to the server. In most cases, the Virtual Console restores itself. Launching Virtual Console with Java plug-in fails after the iDRAC firmware was updated. Delete the Java cache and then launch the virtual console. To enable console redirection using the web server port (443) racadm>>set iDRAC.VirtualConsole.
where, x: is the USB key that is required to be set as a bootable device. The Virtual Media is attached and connected to the remote floppy. But, cannot locate the Virtual Floppy/Virtual CD device on a system running Red Hat Enterprise Linux or the SUSE Linux operating system. How to resolve this? Some Linux versions do not auto-mount the virtual floppy drive and the virtual CD drive in the same method. To mount the virtual floppy drive, locate the device node that Linux assigns to the virtual floppy drive.
NOTE: In this case, the data transfer between managed server and iDRAC for Virtual Media and Virtual Console will not be secured. ● If you are using any Windows server operating systems, stop the Windows service named Windows Event Collector. To do this, go to Start > Administrative Tools > Services. Right-click Windows Event Collector and click Stop.
GPU (Accelerators) Accelerators section under CPU/Accelerators in iDRAC GUI is grayed out. Few pages in GUI may not show expected response when respective attribute is disabled in Redfish. iDRAC Service Module iSM details are missing / not updated correctly in iDRAC GUI page of some PowerEdge servers When a user adds SUB NIC under teaming, the configuration is invalid. This causes iSM to not to communicate with iDRAC properly.
Table 64. Example of a routing order (continued) Destination Gateway Genmask Flags Metric Ref Use Iface link-local 0.0.0.0 255.255.255.0 U 0 0 0 em1 link-local 0.0.0.0 255.255.255.0 U 0 0 0 enp0s20u12u3 In the example enp0s20u12u3 is the USB NIC interface. The link-local destination mask is repeated and the USB NIC is not the first one in the order. This results in the connectivity issue between iDRAC Service Module and iDRAC over the OS to iDRAC Pass-through.
Under Processor Settings, set NPS to 4 and CCX to auto Minimum 1 DIMM per channel IOmmu=passthrough on Linux OS RACADM After performing an iDRAC reset (using the racadm racreset command), if any command is issued, the following message is displayed. What does this indicate? ERROR: Unable to connect to RAC at specified IP address The message indicates that you must wait until the iDRAC completes the reset before issuing another command. When using RACADM commands and subcommands, some errors are not clear.
For information about the jumper location and the procedure, see the documentation for your server at https://www.dell.com/ support. Miscellaneous Upgrade fails when upgrading to the latest version. NOTE: 3.30.30.30 is the minimum iDRAC version required to upgrade to 4.00.00.00 / 4.10.10.10 of later build . After an iDRAC reset, iDRAC GUI may not display all the values.
How to find an iDRAC IP address for a blade server ? NOTE: The OME-Modular web interface option is applicable only for MX platforms. ● Using OME-Modular web interface: Go to Devices > Compute. Select the computer sled and iDRAC IP is displayed as Management IP. ● Using OMM Application: see the Dell EMC OpenManage Mobile User's Guide available at https://www.dell.
On the physical server, use the LCD panel navigation buttons to view the iDRAC IP address. Go to Setup View > View > iDRAC IP > IPv4 or IPv6 > IP. ● From OpenManage Server Administrator: In the Server Administrator web interface, go to Modular Enclosure > System/Server Module > Main System Chassis/ Main System > Remote Access. iDRAC network connection is not working. For blade servers: ● Ensure that the LAN cable is connected to CMC.
iDRAC on blade server is not responding during boot. Remove and reinsert the server. Check CMC (not for MX platforms), and OME Modular (Applicable for MX platforms) web interface to see if iDRAC is displayed as an upgradable component. If it does, follow the instructions in Updating firmware using CMC web interface on page 81 update the firmware. NOTE: Update feature not applicable for MX platforms. If the problem persists, contact technical support.
Figure 5. Configuring iDRAC interface to DHCP mode in Ubuntu Model, Manufacturer and other properties are not listing for Embedded Network Adapters in Redfish FRU details for embedded devices will not be displayed. There will not be any FRU object for devices which are embedded on Motherboard. Hence dependent property will not be there.
30 Use case scenarios This section helps you in navigating to specific sections in the guide to perform typical use case scenarios.
● In iDRAC Web interface, go to Overview > Summary to view the system information and access various links on this page to asses system health. For example, you can check the health of the chassis fan. ● You can also configure the chassis locator LED and based on the color, assess the system health. ● If iDRAC Service Module is installed, the operating system host information is displayed. Setting up alerts and configuring email alerts To set up alerts and configure email alerts: 1. Enable alerts. 2.
● Configuring active directory users ● Configuring generic LDAP users Launching servers remote console and mounting a USB drive To launch the remote console and mount a USB drive: 1. Connect a USB flash drive (with the required image) to the management station. 2. Use the following method to launch virtual console through the iDRAC Web Interface: ● Go to Dashboard > Virtual Console and click Launch Virtual Console. The Virtual Console Viewer is displayed. 3.
5. Import the SCP file to iDRAC.
