Integrated Dell Remote Access Controller 6 (iDRAC6) Version 1.
Notes and Cautions NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. ___________________ Information in this publication is subject to change without notice. © 2010 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Contents 1 iDRAC6 Overview . . . . . . . . . . . . . . . . . . . iDRAC6 Express Management Features. . . . . . . . . 19 . . . . . . . . . 21 . . . . . . . . . . . . . . . . . . 25 iDRAC6 Enterprise and vFlash Media . Supported Platforms . . . . . . . . . . . . . . 25 . . . . . . . . . . . . . . . 25 Supported Operating Systems . Supported Web Browsers . . . . . . . . . 26 . . . . . . . . . . . . . . . . . . . . . . 26 Supported Remote Access Connections iDRAC6 Ports .
Configuring iDRAC6 . . . . . . . . . . . . . . . . . . . . . 37 . . . . . . . . . . . . . 37 Installing the Software on the Managed System Installing the Software on the Management Station . . . . . . Installing and Removing RACADM on a Linux Management Station . Installing RACADM . . . . . . . . . 37 . . . . . . . . . . . . . . . . . 38 Uninstalling RACADM . . . . . . . . . . . . . . . . Updating the iDRAC6 Firmware Before You Begin 39 . . . . . . . . . . . . . . . . . . 39 . . . . . . . .
Logging Out . . . . . . . . . . . . . . . . . . . . . Using Multiple Browser Tabs and Windows . Configuring the iDRAC6 NIC . 48 . . . . . . . . . . . . . . 49 Configuring the Network and IPMI LAN Settings . . . . . . . . . . . . . . . . . Configuring IP Filtering and IP Blocking Configuring Platform Events . 48 . . . 49 . . . . . . 55 . . . . . . . . . . . . . . 57 Configuring Platform Event Filters (PEF) . . . . . . 59 Configuring Platform Event Traps (PET) . . . . . . 59 . . . . . .
Remote File Share . . . . . . . . . . . . . . . . . . . . Internal Dual SD Module. . . . . . . . . . . . . . . . . Viewing Internal Dual SD Module Status Using GUI . . . . . . . . . 5 . . . . . . . . . Advanced iDRAC6 Configuration . Before You Begin . . . . . . . . . . . . . . . . . . . . . Configuring iDRAC6 for Viewing Serial Output Remotely Over SSH/Telnet . . . 85 87 87 87 Configuring the iDRAC6 Settings to Enable SSH/Telnet . . . . . . . . . . . . . . . .
Configuring Serial and Terminal Modes Configuring Terminal Mode . . . . . . . . 106 . . . . . . . . . . . . 108 Configuring the iDRAC6 Network Settings 109 . . . . . . . . . . . . . 109 . . . . . . . . . . . . . . . . 111 RACADM Synopsis . . . . . . . . . . . . . . . . . 113 RACADM Options . . . . . . . . . . . . . . . . . . 113 Accessing the iDRAC6 Through a Network . Using RACADM Remotely Enabling and Disabling the RACADM Remote Capability . . . . . . . . . . . RACADM Subcommands . . .
Uploading, Viewing, and Deleting SSH Keys Using the iDRAC6 Web-Based Interface . . . . . . . . . . . . . . . 136 Uploading, Viewing, and Deleting SSH Keys Using RACADM . . . . . . . . . . . . 138 Using the RACADM Utility to Configure iDRAC6 Users. . . . . . . . . . . . . . . Before You Begin . . . . . . . 139 . . . . . . . . . . . . . . . . . 139 Adding an iDRAC6 User . 7 . . . . . . . . . . . . . . . . . . . . . . . . . 141 Enabling an iDRAC6 User With Permissions . . . . . . . . . . . . .
Configuring Extended Schema Active Directory to Access Your iDRAC6 . . . . . . . . . . . . . . . . . . 153 . . . . . . . 159 Extending the Active Directory Schema Installing Dell Extension to Microsoft Active Directory Users and Computers Snap-In . . . . . . . . . . 152 Adding iDRAC Users and Privileges to Microsoft Active Directory . . . . . . 160 Configuring Microsoft Active Directory With Extended Schema Using the iDRAC6 Web-Based Interface . . . . . .
8 Configuring iDRAC6 for Single Sign-On or Smart Card Login . About Kerberos Authentication . . . . . . . 187 . . . . . . . . . . . . 187 Prerequisites for Active Directory SSO and Smart Card Authentication . . . . . . . . . . . . . . . . . . 191 Configuring iDRAC6 to Use SSO . . . . . . . . . 191 Logging Into iDRAC6 Using SSO . . . . . . . . . 192 Using Microsoft Active Directory SSO . . . . . . . 193 . . . . . . . . . 193 Configuring Smart Card Authentication .
Internet Explorer Browser Configurations for ActiveX based Virtual Console and Virtual Media Applications . . . . . . . . . Supported Screen Resolutions and Refresh Rates . . . . . . . . . . . 207 . . . . . . . . . . 208 Configuring Virtual Console in the iDRAC6 Web Interface . . . . . . Virtual Console Preview 208 . . . . . . . . . Opening a Virtual Console Session . . . . . . . . . 210 . . . . . . . . . . . . . . 212 Using iDRAC6 Virtual Console (Video Viewer) . . . . .
Deploying Your Operating System Using VMCLI . . . . Before You Begin . . . . . . . . . . . . 239 . . . . . . . . . . . . . . . . . . . 239 . . . . . . . . . . 239 . . . . . . . . . . . . . 239 Remote System Requirements Network Requirements . Creating a Bootable Image File . . . . . . . . . . . . . . . . 240 . . . . . . . . . . . . 240 . . . . . . . . . . . . . . . 240 Creating an Image File for Linux Systems Creating an Image File for Windows Systems . . . . Preparing for Deployment .
14 Configuring and Using Virtual Media . . . . . . . Overview . . . . . . . . . . . . . . 255 255 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256 . . . . . . . . 257 . . . . . . . . . . . . . . . 257 . . . . . . . . . . . . . . . . . 259 Windows-Based Management Station Linux-Based Management Station . Configuring Virtual Media . Running Virtual Media . . . . . . 259 . . . . . . . . . . . . 261 Supported Virtual Media Configurations .
Managing vFlash Partitions Using iDRAC6 Web Interface . . . . . . . Creating an Empty Partition . . . . . . . . . . . 274 . . . . . . . . . . . 274 Creating a Partition Using an Image File Formatting a Partition . . . . . . 276 . . . . . . . . . . . . . . 278 Viewing Available Partitions Modifying a Partition . . . . . . . . . . . 279 . . . . . . . . . . . . . . . 281 Attaching and Detaching Partition Deleting Existing Partitions . . . . . . . . . 281 . . . . . . . . . . .
Using the Web-Based Interface Using RACADM . . . . . . . . . . . 291 . . . . . . . . . . . . . . . . . . 292 Viewing Power Budget Using RACADM . . . . . . . . . . . . . . . 293 . . . . . . . . . . . . . . . . . . 293 Power Budget Threshold . . . . . . . . . . 294 . . . . . . . . . . . . . . . . . . 295 Viewing Power Monitoring . . . . . . . . . . . . . . 295 . . . . . . . . . . . . . . . . . . 298 Executing Power Control Operations on the Server . . . . . . . . . . . . . . . . . . . . .
LAN User Configuration . Reset to Default . . . . . . . . . . . . . . 311 . . . . . . . . . . . . . . . . . 311 System Event Log Menu . . . . . . . . . . . . . Exiting the iDRAC6 Configuration Utility . . . . . 18 Monitoring and Alert Management . 315 . . . . . . . . . 315 . . . . . . . . . . 316 Disabling the Automatic Reboot Option in Windows 2008 Server . . . . . . . . . . . . . 316 Disabling the Automatic Reboot Option in Windows Server 2003 . . . . . . . . . . . . . 316 . . . . . .
Selecting Power Control Actions from the iDRAC6 CLI . . . . . . . . . . . . . . . . 326 . . . . . . . . . . . . . . 326 . . . . . . . . . . . . . . . 327 Viewing System Information . Main System Chassis . Remote Access Controller . . . . . . . . . . . 330 . . . . . . . . . . . . 331 . . . . . . . . . . . . . . . 332 Using the System Event Log (SEL) . Using the Command Line to View System Log . . . . . . Using the POST Boot Logs . Viewing the Last System Crash Screen . 333 . . . . . . . .
Chassis Intrusion Probes Power Supplies Probes . . . . . . . . . . . . . . . 341 . . . . . . . . . . . . . . . . 342 Removable Flash Media Probes . . . . . . . . . . . . 342 . . . . . . . . . . . . . . . 342 . . . . . . . . . . . . . . . . . . 342 . . . . . . . . . . . . . . . . . . . . 343 Power Monitoring Probes Temperature Probe . Voltage Probes . 22 Configuring Security Features . . . . . . . . Security Options for the iDRAC6 Administrator . . . . 346 . . . . 346 . . . . . . . .
1 iDRAC6 Overview Integrated Dell Remote Access Controller6 (iDRAC6) is a systems management hardware and software solution that provides remote management capabilities, crashed system recovery, and power control functions for the Dell PowerEdge systems. The iDRAC6 uses an integrated System-on-Chip microprocessor for the remote monitor/control system. The iDRAC6 co-exists on the system board with the managed PowerEdge server.
• Provides support for Microsoft Active Directory authentication — Centralizes iDRAC6 user IDs and passwords in Active Directory using an extended schema or a standard schema • Provides a generic solution to support Lightweight Directory Access Protocol (LDAP)-based authentication — This feature does not require any schema extension on your directory services.
• SM-CLP support — Adds Server Management-Command Line Protocol (SM-CLP) support, which provides standards for systems management CLI implementations. • Firmware rollback and recovery — Allows you to boot from (or rollback to) the firmware image of your choice. For more information about iDRAC6 Express, see your Hardware Owner’s Manual at support.dell.com\manuals.
Table 1-1.
Table 1-1.
Table 1-1. iDRAC6 Feature List (continued) Feature BMC iDRAC6 Express iDRAC6 Enterprise iDRAC6 Enterprise with vFlash RAC Log Lifecycle Controller Unified Server Configurator 4 Remote Services (through WS-MAN) Part Replacement 1Two-factor 2Feature 3Virtual ins. authentication requires Internet Explorer. is available only through IPMI and not through a Web GUI.
• Configurable IP ports (where applicable) NOTE: Telnet does not support SSL encryption. • SSH, which uses an encrypted transport layer for higher security • Login failure limits per IP address, with login blocking from the IP address when the limit is exceeded • Ability to limit the IP address range for clients connecting to the iDRAC6 Supported Platforms For the latest supported platforms, see the iDRAC6 Readme file and the Dell Systems Software Support Matrix available at support.dell.
Supported Remote Access Connections Table 1-2 lists the connection features. Table 1-2.
Table 1-4. iDRAC6 Client Ports Port Number Function 25 SMTP 53 DNS 68 DHCP-assigned IP address 69 TFTP 162 SNMP trap 636 LDAPS 3269 LDAPS for global catalog (GC) Other Documents You May Need In addition to this guide, the following documents available on the Dell Support website at support.dell.com/manuals provide additional information about the setup and operation of the iDRAC6 in your system. On the Manuals page, click SoftwareSystems Management.
• The Dell OpenManage Management Station Software Installation Guide contains instructions to help you install Dell OpenManage management station software that includes Baseboard Management Utility, DRAC Tools, and Active Directory Snap-In. • See the Dell OpenManage IT Assistant User’s Guide for information about using IT Assistant. • For installing an iDRAC6, see your Hardware Owner’s Manual.
• Documentation for any components you purchased separately provides information to configure and install these options. • Updates are sometimes included with the system to describe changes to the system, software, and/or documentation. NOTE: Always read the updates first because they often supersede information in other documents.
iDRAC6 Overview
Getting Started With the iDRAC6 2 The iDRAC6 enables you to remotely monitor, troubleshoot, and repair a Dell system even when the system is down. The iDRAC6 offers features like Virtual Console, Virtual Media, Smart Card authentication, and Single SignOn (SSO). The management station is the system from which an administrator remotely manages a Dell system that has an iDRAC6. The systems that are monitored in this way are called managed systems.
Getting Started With the iDRAC6
Basic Installation of the iDRAC6 3 This section provides information about how to install and set up your iDRAC6 hardware and software.
Configuring Your System to Use an iDRAC6 To configure your system to use an iDRAC6, use the iDRAC6 Configuration Utility. To run the iDRAC6 Configuration Utility: 1 Turn on or restart your system. 2 Press when prompted during POST. If your operating system begins to load before you press , allow the system to finish booting, and then restart your system and try again. 3 Configure the LOM. 34 a Use the arrow keys to select LAN Parameters and press . NIC Selection is displayed.
• Shared with Failover LOM2 — Select this option to share the network interface with the host operating system. The remote access device network interface is fully functional when the host operating system is configured for NIC teaming. The remote access device receives data through NIC 1 and NIC 2, but transmits data only through NIC 1. If NIC 1 fails, the remote access device fails over to NIC 2 for all data transmission. The remote access device continues to use NIC 2 for data transmission.
Software Installation and Configuration Overview This section provides a high-level overview of the iDRAC6 software installation and configuration process. For more information on the iDRAC6 software components, see "Installing the Software on the Managed System" on page 37. Installing iDRAC6 Software To install iDRAC6 software: 1 Install the iDRAC6 software on the managed system. See "Installing the Software on the Managed System" on page 37. 2 Install the iDRAC6 software on the management station.
Installing the Software on the Managed System Installing software on the managed system is optional. Without the managed system software, you cannot use the RACADM locally, and the iDRAC6 cannot capture the last crash screen. To install the managed system software, install the software on the managed system using the Dell Systems Management Tools and Documentation DVD.
NOTE: When you run Setup on the Dell Systems Management Tools and Documentation DVD, the RACADM utility for all supported operating systems is installed on your management station. Installing RACADM 1 Log on as root to the system where you want to install the management station components.
Updating the iDRAC6 Firmware Use one of the following methods to update your iDRAC6 firmware.
Updating the iDRAC6 Firmware Using the Web-Based Interface For detailed information, see "Updating the iDRAC6 Firmware/System Services Recovery Image" on page 77. Updating the iDRAC6 Firmware Using RACADM You can update the iDRAC6 firmware using the CLI-based RACADM tool. If you have installed Server Administrator on the managed system, use local RACADM to update the firmware. 1 Download the iDRAC6 firmware image from the Dell Support website at support.dell.com to the managed system.
usb 5-2: device descriptor not accepting address 2, error -71 These errors are cosmetic in nature and should be ignored. These messages are caused due to reset of the USB devices during the firmware update process and are harmless. Configuring a Supported Web Browser The following sections provide instructions for configuring the supported Web browsers.
Viewing Localized Versions of the Web-Based Interface Windows The iDRAC6 Web-based interface is supported on the following Windows operating system languages: • English • French • German • Spanish • Japanese • Simplified Chinese To view a localized version of the iDRAC6 Web-based interface in Internet Explorer: 1 Click the Tools menu and select Internet Options. 2 In the Internet Options window, click Languages. 3 In the Language Preference window, click Add.
LANG=zh_CN.UTF-8 LC_CTYPE="zh_CN.UTF-8" LC_NUMERIC="zh_CN.UTF-8" LC_TIME="zh_CN.UTF-8" LC_COLLATE="zh_CN.UTF-8" LC_MONETARY="zh_CN.UTF-8" LC_MESSAGES="zh_CN.UTF-8" LC_PAPER="zh_CN.UTF-8" LC_NAME="zh_CN.UTF-8" LC_ADDRESS="zh_CN.UTF-8" LC_TELEPHONE="zh_CN.UTF-8" LC_MEASUREMENT="zh_CN.UTF-8" LC_IDENTIFICATION="zh_CN.UTF-8" LC_ALL= 3 If the values include “zh_CN.UTF-8”, no changes are required. If the values do not include “zh_CN.UTF-8”, go to step 4. 4 Navigate to the /etc/sysconfig/i18n file.
Basic Installation of the iDRAC6
4 Configuring the iDRAC6 Using the Web Interface The iDRAC6 provides a Web interface that enables you to configure the iDRAC6 properties and users, perform remote management tasks, and troubleshoot a remote (managed) system for problems. For everyday systems management, use the iDRAC6 Web interface. This chapter provides information about how to perform common systems management tasks with the iDRAC6 Web interface and provides links to related information.
Accessing the Web Interface To access the iDRAC6 Web interface, perform the following steps: 1 Open a supported Web browser window. To access the Web interface using an IPv4 address, go to step 2. To access the Web interface using an IPv6 address, go to step 3. 2 Access the Web interface using an IPv4 address; you must have IPv4 enabled: In the browser Address bar, type: https:// Then, press . 3 Access the Web interface using an IPv6 address; you must have IPv6 enabled.
Logging In You can log in as either an iDRAC6 user or as a Microsoft Active Directory user. The default user name and password for an iDRAC6 user are root and calvin, respectively. You must have been granted Login to iDRAC privilege by the administrator to log in to iDRAC6. To log in, perform the following steps: 1 In the Username field, type one of the following: • Your iDRAC6 user name. The user name for local users is case-sensitive. Examples are root, it_user, or john_doe.
Logging Out 1 In the upper-right corner of the main window, click Logout to close the session. 2 Close the browser window. NOTE: The Logout button does not appear until you log in. NOTE: Closing the browser without gracefully logging out may cause the session to remain open until it times out. It is strongly recommended that you click the logout button to end the session; otherwise, the session may remain active until the session timeout is reached.
Table 4-1. User Privilege Behavior in Supported Browsers Browser Tab Behavior Window Behavior Microsoft Internet Explorer 6 Not applicable New session Microsoft IE7 and IE8 From latest session opened New session Firefox 2 and Firefox 3 From latest session opened From latest session opened Configuring the iDRAC6 NIC This section assumes that the iDRAC6 has already been configured and is accessible on the network.
4 Click the appropriate button to continue. See Table 4-8. Table 4-2. Network Settings Setting Description NIC Selection Configures the current mode out of the four possible modes: • Dedicated • Shared (LOM1) • Shared with Failover LOM2 • Shared with Failover All LOMs NOTE: The Dedicated option is only available for iDRAC Enterprise cards and the Shared with Failover All LOMs option may be available only for few systems.
Table 4-2. Network Settings (continued) Setting Description Auto Negotiation If set to On, displays the Network Speed and Mode by communicating with the nearest router or hub. If set to Off, allows you to set the Network Speed and Duplex Mode manually. If NIC Selection is not set to Dedicated, Auto Negotiation setting will always be enabled (On). NOTE: When the server is off, the embedded LOM ports support a maximum speed of 100Mbps.
Table 4-3. Common Settings (continued) Setting Description DNS Domain Name The default DNS Domain Name is blank. When the Auto Config Domain Name checkbox is selected, this option is disabled. Table 4-4. IPv4 Settings Setting Description Enable IPv4 If NIC is enabled, this selects IPv4 protocol support and sets the other fields in this section to be enabled. DHCP Enable Prompts the iDRAC6 to obtain an IP address for the NIC from the Dynamic Host Configuration Protocol (DHCP) server.
Table 4-5. IPv6 Settings Setting Description Enable IPv6 If the checkbox is selected, IPv6 is enabled. If the checkbox is not selected, IPv6 is disabled. The default is disabled. Autoconfiguration Enable Check this box to allow the iDRAC6 to obtain the IPv6 address for the iDRAC6 NIC from the Dynamic Host Configuration Protocol (DHCPv6) server. Enabling autoconfiguraion also deactivates and flushes out the static values for IP Address 1, Prefix Length, and IP Gateway.
Table 4-5. IPv6 Settings (continued) Setting Description Preferred DNS Server Configures the static IPv6 address for the preferred DNS server. To change this setting, you must first uncheck Use DHCP to obtain DNS Server Addresses. Alternate DNS Server Configures the static IPv6 address for the alternate DNS server. To change this setting, you must first uncheck Use DHCP to obtain DNS Server Addresses. Table 4-6.
Table 4-8. Network Configuration Page Buttons Button Description Print Prints the Network values that appear on the screen. Refresh Reloads the Network page. Advanced Settings Opens the Network Security page, allowing the user to enter IP Range and IP Blocking attributes. Apply Saves any new settings made to the Network page. NOTE: Changes to the NIC IP address settings will close all user sessions and require users to reconnect to the iDRAC6 Web interface using the updated IP address settings.
Table 4-9. Network Security Page Settings Settings Description IP Range Enabled Enables the IP Range checking feature, which defines a range of IP addresses that can access the iDRAC. The default is off. IP Range Address Determines the acceptable IP address bit pattern, depending on the 1's in the subnet mask. This value is bitwise AND’d with the IP Range Subnet Mask to determine the upper portion of the allowed IP address.
Table 4-10. Network Security Page Buttons Button Description Print Prints the Network Security values that appear on the screen. Refresh Reloads the Network Security page. Apply Saves any new settings that you made to the Network Security page. Return to the Returns to the Network page. Network Configuration Page Configuring Platform Events Platform event configuration provides a mechanism for configuring the iDRAC6 to perform selected actions on certain event messages.
Table 4-11.
Configuring Platform Event Filters (PEF) NOTE: Configure platform event filters before you configure the platform event traps or e-mail alert settings. 1 Log in to the remote system using a supported Web browser. See "Accessing the Web Interface" on page 46. 2 Click SystemAlertsPlatform Events. 3 Under Platform Event Filters Configuration, select the Enabled option to Enable Platform Event Filter Alerts.
4 In the IPv4 Destination List or the IPv6 Destination List, do the following for the Destination Number to configure the IPv4 or IPv6 SNMP alert destination: a Select or clear the State checkbox. A selected checkbox indicates that the IP address is enabled to receive the alerts. A clear checkbox indicates that the IP address is disabled for receiving alerts. b In Destination IPv4 Address or Destination IPv6 Address, enter a valid platform event trap destination IP address.
3 Click System Alerts Email Alert Settings. 4 In the Destination Email Addresses table, do the following to configure a destination address for the Email Alert Number: a Select or clear the State checkbox. A selected checkbox indicates that the email address is enabled to receive the alerts. A clear checkbox indicates that the email address is disabled for receiving alert messages. b In the Destination E-mail Address field, type a valid e-mail address.
Under IPMI LAN Settings in the Encryption Key field, type the encryption key and click Apply. NOTE: The encryption key must consist of an even number of hexadecimal characters with a maximum of 40 characters. 3 Configure IPMI Serial over LAN (SOL). a In the System tree, click Remote Access. b Click the Network/Security tab and then click Serial Over LAN. c In the Serial Over LAN page, select Enable Serial Over LAN. d Update the IPMI SOL baud rate.
f Ensure that the serial MUX is set correctly in the managed system’s BIOS Setup program. • Restart your system. • During POST, press to enter the BIOS Setup program. • Navigate to Serial Communication. • In the Serial Connection menu, ensure that External Serial Connector is set to Remote Access Device. • Save and exit the BIOS Setup program. • Restart your system.
Securing iDRAC6 Communications Using SSL and Digital Certificates This section provides information about the following data security features that are incorporated in your iDRAC: • Secure Sockets Layer (SSL) • Certificate Signing Request (CSR) • Accessing SSL through the Web-based Interface • Generating a CSR • Uploading a server certificate • Viewing a server certificate Secure Sockets Layer (SSL) The iDRAC6 includes a Web server that is configured to use the industry-standard SSL security pro
Certificate Signing Request (CSR) A CSR is a digital request to a CA for a secure server certificate. Secure server certificates allow clients of the server to trust the identity of the server they have connected to and to negotiate an encrypted session with the server. A Certificate Authority is a business entity that is recognized in the IT industry for meeting high standards of reliable screening, identification, and other important security criteria. Examples of CAs include Thawte and VeriSign.
Table 4-12. SSL Page Options Field Description Upload Server Certificate This option enables you to upload an existing certificate that your company has title to and uses to control access to the iDRAC6. NOTE: Only X509, Base 64 encoded certificates are accepted by theiDRAC6. DER-encoded certificates are not accepted. Upload a new certificate to replace the default certificate you received with your iDRAC6. View Server Certificate This option allows you to view an existing server certificate.
Table 4-13. Generate Certificate Signing Request (CSR) Attributes Field Description Common Name The exact name being certified (usually the iDRAC’s domain name, for example, www.xyzcompany.com). Alphanumeric characters, hyphens, underscores, spaces, and periods are valid. Organization Name The name associated with this organization (for example, XYZ Corporation). Only alphanumeric characters, hyphens, underscores, periods, and spaces are valid.
Table 4-14. Generate Certificate Signing Request (CSR) Page Buttons Button Description Print Prints the Generate Certificate Signing Request values that appear on the screen. Refresh Reloads the Generate Certificate Signing Request page. Generate Generates a CSR and then prompts the user to save it to a specified directory. Go Back to SSL Main Menu Returns the user to the SSL page. Uploading a Server Certificate 1 On the SSL page, select Upload Server Certificate and click Next.
Viewing a Server Certificate 1 On the SSL page, select View Server Certificate and click Next. The View Server Certificate page displays the server certificate that you uploaded to the iDRAC. Table 4-16 describes the fields and associated descriptions listed in the Certificate table. 2 Click the appropriate button to continue. See Table 4-17. Table 4-16.
Configuring and Managing Active Directory The page enables you to configure and manage Active Directory settings. NOTE: You must have Configure iDRAC permission to use or configure Active Directory. NOTE: Before configuring or using the Active Directory feature, ensure that your Active Directory server is configured to communicate with iDRAC6.
Table 4-18. Active Directory Configuration and Management Page Options (continued) Attribute Description User Domain Name This value holds up to 40 User Domain entries. If configured, the list of user domain names will appear in the login page as a pull-down menu for the login user to choose from. If not configured, Active Directory users are still able to log in by entering the user name in the format of user_name@domain_name, domain_name/user_name, or domain_name\user_name.
Table 4-18. Active Directory Configuration and Management Page Options (continued) Attribute Description Active Directory CA Certificate Certificate The certificate of the Certificate Authority that signs all the domain controllers’ Security Socket Layer (SSL) server certificate. Extended Schema Settings iDRAC Name: Specifies the name that uniquely identifies the iDRAC in Active Directory. This value is NULL by default.
Table 4-19. Active Directory Configuration and Management Page Buttons Button Definition Print Prints the values that are displayed on the Active Directory Configuration and Management page. Refresh Reloads the Active Directory Configuration and Management page. Configure Active Enables you to configure Active Directory. See "Using the Directory iDRAC6 Directory Service" on page 143 for detailed configuration information.
• Automated System Recovery (ASR) Agent — see Table 4-26 for ASR Agent settings. 3 Click Apply. 4 Click the appropriate button to continue. See Table 4-27. Table 4-20. Local Configuration Setting Description Disable the iDRAC Local Configuration using option ROM Disables local configuration of iDRAC using option ROM. Option ROM resides in the BIOS and provides a user interface engine that allows BMC and iDRAC configuration. The option ROM prompts you to enter the setup module by pressing .
Table 4-21. Web Server Settings (continued) Setting Description HTTP Port Number The port on which the iDRAC6 listens for a browser connection. The default is 80. HTTPS Port Number The port on which the iDRAC6 listens for a secure browser connection. The default is 443. Table 4-22. SSH Settings Setting Description Enabled Enables or disable SSH. When checked, SSH is enabled. Max Sessions Maximum number of simultaneous SSH sessions allowed for this system. You cannot edit this field.
Table 4-23. Telnet Settings Setting Description (continued) Timeout The Telnet idle timeout in seconds. Timeout range is 60 to 10800 seconds. Enter 0 seconds to disable the Timeout feature. The default is 1800. Port Number The port on which the iDRAC6 listens for a Telnet connection. The default is 23. Table 4-24. Remote RACADM Settings Setting Description Enabled Enables/disables remote RACADM. When checked, remote RACADM is enabled.
Table 4-27. Services Page Buttons Button Description Print Prints the Services page. Refresh Refreshes the Services page. Apply Applies the Services page settings. Updating the iDRAC6 Firmware/System Services Recovery Image NOTE: If the iDRAC6 firmware becomes corrupted, as could occur if the iDRAC6 firmware update progress is interrupted before it completes, you can recover the iDRAC6 using the iDRAC6 Web interface. NOTE: The firmware update, by default, retains the current iDRAC6 settings.
The following message will be displayed until the process is complete: File upload in progress... 5 On the Status (page 2 of 3) page, you will see the results of the validation performed on the image file you uploaded. • If the image file uploaded successfully and passed all verification checks, the image file name will be displayed. If a firmware image was uploaded, the current and the new firmware versions will be displayed.
iDRAC6 Firmware Rollback iDRAC6 has the provision to maintain two simultaneous firmware images. You can choose to boot from (or rollback to) the firmware image of your choice. 1 Open the iDRAC6 Web-based interface and log in to the remote system. Click System Remote Access, and then click the Update tab. 2 In the Upload/Rollback (Step 1 of 3) page, click Rollback. The current and the rollback firmware versions are displayed on the Status (Step 2 of 3) page.
The Remote Syslog entries are User Datagram Protocol (UDP) packets sent to the Remote Syslog server’s syslog port. If network failures occur, iDRAC6 does not send the same log again. The remote logging happens real-time as and when the logs are recorded in iDRAC6’s RAC log and SEL log. Remote Syslog can be enabled through the remote Web interface: 1 Open a supported Web browser window. 2 Log in to iDRAC6 Web interface. 3 In the system tree, select SystemSetup tabRemote Syslog Settings.
racadm config –g cfgRemoteHosts –o cfgRhostsSyslogServer2 ; default is blank racadm config –g cfgRemoteHosts –o cfgRhostsSyslogServer3 ; default is blank racadm config –g cfgRemoteHosts –o cfgRhostsSyslogPort ; default is 514 First Boot Device This feature allows you to select the first boot device for your system and enable Boot Once.
Remote File Share iDRAC6 Remote File Share (RFS) feature allows you to specify an ISO or IMG image file located on a network share and make it available to the managed server’s operating system as a virtual drive by mounting it as a CD/DVD or Floppy using a Network File System (NFS) or Common Internet File System (CIFS).
To enable remote file sharing through the iDRAC6 Web interface, do the following: 1 Open a supported Web browser window. 2 Log in to iDRAC6 Web interface. 3 Select the SystemRemote File Share tab. The Remote File Share screen is displayed. Table 4-30 lists the remote file share settings. Table 4-30. Remote File Server Settings Attribute Description User Name Username to connect for NFS/CIFS file system. Password Password to connect for NFS/CIFS file system.
• –l ; image location on the network share; use double quotes around the location • –s ; display current status NOTE: The maximum number of characters supported for User Name and Password is 40 and for Image File Path it is 511.
Table 4-31. IDSDM Status IDSDM - Mirror Mode SD1 Card SD2 Card vFlash SD Card Enabled Active Active Inactive Disabled Active Inactive Active Using iDRAC you can view the status, health, and availability of IDSDM. The SD card redundancy status and failure events are logged to SEL, displayed on LCD, and PET alerts are generated if alerts are enabled. Viewing Internal Dual SD Module Status Using GUI 1 Log in to the iDRAC Web GUI. 2 Click Removable Flash Media.
Table 4-32. SD Card States SD Card State SD1 and SD2 Boot vFlash 86 Description The controller is powering up. Active The card receives all SD writes and is used for SD reads. Standby The card is the secondary card. It is receiving a copy of the all the SD reads. Failed An error is reported during a SD card read or write. Absent The SD card is not detected.
Advanced iDRAC6 Configuration 5 This section provides information about advanced iDRAC6 configuration and is recommended for users with advanced knowledge of systems management and who want to customize the iDRAC6 environment to suit their specific needs. Before You Begin You should have completed the basic installation and setup of your iDRAC6 hardware and software. See "Basic Installation of the iDRAC6" on page 33 for more information.
failsafe baud rate....115200 remote terminal type....vt100/vt220 redirection after boot....Enabled Then, select Save Changes. 5 Press to exit the System Setup program and complete the System Setup program configuration. Configuring the iDRAC6 Settings to Enable SSH/Telnet Next, configure the iDRAC6 settings to enable ssh/Telnet, which you can do either through RACADM or the iDRAC6 Web interface.
console com2 The console -h com2 command displays the contents of the serial history buffer before waiting for input from the keyboard or new characters from the serial port. The default (and maximum) size of the history buffer is 8192 characters. You can set this number to a smaller value using the command: racadm config -g cfgSerial -o cfgSerialHistorySize To configure Linux for console direction during boot, see "Configuring Linux for Serial Console During Boot" on page 92.
NOTE: When you configure the client VT100 emulation window, set the window or application that is displaying the redirected Virtual Console to 25 rows x 80 columns to ensure proper text display; otherwise, some text screens may be garbled. 1 Enable Telnet in Windows Component Services. 2 Connect to the iDRAC6 in the management station.
Using the Secure Shell (SSH) It is critical that your system’s devices and device management are secure. Embedded connected devices are the core of many business processes. If these devices are compromised, your business may be at risk, which requires new security demands for command line interface (CLI) device management software. Secure Shell (SSH) is a command line session that includes the same capabilities as a Telnet session, but with improved security.
Table 5-1. Cryptography Schemes Scheme Type Scheme Asymmetric Cryptography Diffie-Hellman DSA/DSS 512-1024 (random) bits per NIST specification Symmetric Cryptography • AES256-CBC • RIJNDAEL256-CBC • AES192-CBC • RIJNDAEL192-CBC • AES128-CBC • RIJNDAEL128-CBC • BLOWFISH-128-CBC • 3DES-192-CBC • ARCFOUR-128 Message Integrity • HMAC-SHA1-160 • HMAC-SHA1-96 • HMAC-MD5-128 • HMAC-MD5-96 Authentication • Password NOTE: SSHv1 is not supported.
2 Append two options to the kernel line: kernel ............. console=ttyS1,115200n8r console=tty1 3 If the /etc/grub.conf contains a splashimage directive, comment it out. Table 5-2 provides a sample /etc/grub.conf file that shows the changes described in this procedure. Table 5-2. Sample File: /etc/grub.conf # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes # to this file # NOTICE: You do not have a /boot partition.
Table 5-2. Sample File: /etc/grub.conf (continued) serial --unit=1 --speed=57600 terminal --timeout=10 serial title Red Hat Linux Advanced Server (2.4.9-e.3smp) root (hd0,0) kernel /boot/vmlinuz-2.4.9-e.3smp ro root= /dev/sda1 hda=ide-scsi console=ttyS0 console= ttyS1,115200n8r initrd /boot/initrd-2.4.9-e.3smp.img title Red Hat Linux Advanced Server-up (2.4.9-e.3) root (hd0,00) kernel /boot/vmlinuz-2.4.9-e.3 ro root=/dev/sda1 s initrd /boot/initrd-2.4.9-e.3.im When you edit the /etc/grub.
Table 5-3 shows a sample file with the new line. Table 5-3. Sample File: /etc/innitab # # inittab This file describes how the INIT process should set up # the system in a certain run-level. # # Author: Miquel van Smoorenburg # Modified for RHS Linux by Marc Ewing and Donnie Barnes # # Default runlevel.
Table 5-3. Sample File: /etc/innitab (continued) # Things to run in every runlevel. ud::once:/sbin/update # Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -t3 -r now # When our UPS tells us power has failed, assume we have a few # minutes of power left. Schedule a shutdown for 2 minutes from now. # This does, of course, assume you have power installed and your # UPS is connected and working correctly.
Edit the file /etc/securetty as follows: Add a new line with the name of the serial tty for COM2: ttyS1 Table 5-4 shows a sample file with the new line. Table 5-4.
To set up your system to use any of these interfaces, perform the following steps. 1 Configure the BIOS to enable serial connection: a Turn on or restart your system. b Press immediately after you see the following message: = System Setup c Scroll down and select Serial Communication by pressing . d Set the Serial Communication screen as follows: external serial connector....remote access device e Select Save Changes.
When you are connected serially with the previous settings, you should see a login prompt. Enter the iDRAC6 username and password (default values are root, calvin, respectively). From this interface, you can execute such features as RACADM.
4 Click Apply Changes. For more information about Direct Connect Basic and Direct Connect Terminal modes, see "Configuring Serial and Terminal Modes" on page 106. Direct Connect Basic mode will enable you to use such tools as ipmish directly through the serial connection.
Switching Between RAC Serial Interface Communication Mode and Serial Console iDRAC6 supports Escape key sequences that allow switching between RAC Serial Interface communication and Serial Console. To set your system to allow this behavior, do the following: 1 Turn on or restart your system. 2 Press immediately after you see the following message: = System Setup 3 Scroll down and select Serial Communication by pressing .
To switch to RAC Serial Interface Communication Mode when in Serial Console Mode, use the following key sequence: + <9> The key sequence above directs you either to the "iDRAC Login" prompt (if the RAC is set to "RAC Serial" mode) or to the "Serial Connection" mode where terminal commands can be issued (if the RAC is set to "IPMI Serial Direct Connect Terminal Mode").
Configuring the Management Station Terminal Emulation Software iDRAC6 supports a serial or Telnet text console from a management station running one of the following types of terminal emulation software: • Linux Minicom in an Xterm • Hilgraeve’s HyperTerminal Private Edition (version 6.3) • Linux Telnet in an Xterm • Microsoft Telnet Perform the steps in the following subsections to configure your type of terminal software. If you are using Microsoft Telnet, configuration is not required.
7 Press and set the Bps/Par/Bits option to 57600 8N1. 8 Press and set Hardware Flow Control to Yes and set Software Flow Control to No. 9 To exit the Serial Port Setup menu, press . 10 Select Modem and Dialing and press . 11 In the Modem Dialing and Parameter Setup menu, press to clear the init, reset, connect, and hangup settings so that they are blank. 12 Press to save each blank value.
Table 5-6. Minicom Settings for Serial Console Emulation (continued) Setting Description Required Setting Terminal emulation ANSI Modem dialing and parameter settings Clear the init, reset, connect, and hangup settings so that they are blank Window size 80 x 25 (to resize, drag the corner of the window) Configuring HyperTerminal for Serial Console HyperTerminal is the Microsoft Windows serial port access utility.
Table 5-7. Management Station COM Port Settings Setting Description Required Setting Bits per second 57600 Data bits 8 Parity None Stop bits 1 Flow control Hardware Configuring Serial and Terminal Modes Configuring IPMI and iDRAC6 Serial 1 Expand the System tree and click Remote Access. 2 Click the Network/Security tab and then click Serial. 3 Configure the IPMI serial settings. See Table 5-8 for description of the IPMI serial settings. 4 Configure the iDRAC6 serial settings.
Table 5-8. IPMI Serial Settings (continued) Setting Description Flow Control • None — Hardware Flow Control Off • RTS/CTS — Hardware Flow Control On Channel Privilege Level Limit • Administrator • Operator • User Table 5-9. iDRAC6 Serial Settings Setting Description Enabled Enables or disables the iDRAC6 serial console. Checked= Enabled; Unchecked=Disabled Timeout The maximum number of seconds of line idle time before the line is disconnected. The range is 60 to 1920 seconds.
Configuring Terminal Mode 1 Expand the System tree and click Remote Access. 2 Click the Network/Security tab and then click Serial. 3 In the Serial page, click Terminal Mode Settings. 4 Configure the terminal mode settings. See Table 5-11 for description of the terminal mode settings. 5 Click Apply Changes. 6 Click the appropriate Terminal Mode Settings page button to continue. See Table 5-12 for description of the terminal mode settings page buttons. Table 5-11.
Table 5-12. Terminal Mode Settings Page Buttons (continued) Button Description Return to Serial Port Configuration Return to the Serial Port Configuration page. Apply Changes Apply the terminal mode settings changes. Configuring the iDRAC6 Network Settings CAUTION: Changing your iDRAC6 Network settings may disconnect your current network connection.
Table 5-13 describes each iDRAC6 interface. Table 5-13. iDRAC6 Interfaces Interface Description Web-based interface Provides remote access to the iDRAC6 using a graphical user interface. The Web-based interface is built into the iDRAC6 firmware and is accessed through the NIC interface from a supported Web browser on the management station. RACADM Provides remote access to the iDRAC6 using a command line interface. RACADM uses the iDRAC6 IP address to execute RACADM commands.
Table 5-13. iDRAC6 Interfaces (continued) Interface Description SSH Interface Provides the same capabilities as the Telnet console using an encrypted transport layer for higher security. IPMI Interface Provides access through the iDRAC6 to the remote system’s basic management features. The interface includes IPMI over LAN, IPMI over Serial, and Serial over LAN. For more information, see the Dell OpenManage Baseboard Management Controller Utilities User’s Guide at support.dell.com\manuals.
NOTE: If the system from where you are accessing the remote system does not have an iDRAC6 certificate in its default certificate store, a message is displayed when you type a RACADM command. For more information about iDRAC6 certificates, see "Securing iDRAC6 Communications Using SSL and Digital Certificates" on page 64. Security Alert: Certificate is invalid - Name on Certificate is invalid or does not match site name Continuing execution.
RACADM Synopsis racadm -r -u -p racadm -i -r For example: racadm -r 192.168.0.120 -u root -p calvin getsysinfo racadm -i -r 192.168.0.
Table 5-14. racadm Command Options (continued) Option Description -S Specifies that RACADM should check for invalid certificate errors. RACADM stops the execution of the command with an error message if it detects an invalid certificate. Enabling and Disabling the RACADM Remote Capability NOTE: It is recommended that you run these commands on your local system. The RACADM remote capability is enabled by default.
Table 5-15. RACADM Subcommands Command Description help Lists iDRAC6 subcommands. help Lists usage statement for the specified subcommand. arp Displays the contents of the ARP table. ARP table entries may not be added or deleted. clearasrscreen Clears the last ASR (crash) screen (last blue screen). clrraclog Clears the iDRAC6 log. A single entry is made to indicate the user and time that the log was cleared. config Configures the iDRAC6.
Table 5-15. RACADM Subcommands (continued) Command Description getraclog Displays the iDRAC6 log. clrsel Clears the System Event Log entries. gettracelog Displays the iDRAC6 trace log. If used with -i, the command displays the number of entries in the iDRAC6 trace log. sslcsrgen Generates and downloads the SSL CSR. sslcertupload Uploads a CA certificate or server certificate to the iDRAC6. sslcertdownload Downloads a CA certificate.
Frequently Asked Questions About RACADM Error Messages After performing an iDRAC6 reset (using the racadm racreset command), I issue a command and the following message is displayed: ERROR: Unable to connect to RAC at specified IP address What does this message mean? You must wait until the iDRAC6 completes the reset before issuing another command. When I use the racadm commands and subcommands, I get errors that I don’t understand.
Configuring Multiple iDRAC6 Controllers Using RACADM, you can configure one or more iDRAC6 controllers with identical properties. When you query a specific iDRAC6 controller using its group ID and object ID, RACADM creates the racadm.cfg configuration file from the retrieved information. By exporting the file to one or more iDRAC6, you can configure your controllers with identical properties in a minimal amount of time.
• Display all configuration properties in a group (specified by group name and index) • Display all configuration properties for a user by user name The config subcommand loads the information into the other iDRAC6. Use config to synchronize the user and password database with Server Administrator. The initial configuration file, racadm.cfg, is named by the user. In the following example, the configuration file is named myfile.cfg.
error is found in the .cfg file. The user must correct all errors before any configuration can take place. The -c option may be used in the config subcommand, which verifies syntax only and does not perform a write operation to the iDRAC6. Use the following guidelines when you create a .cfg file: • If the parser encounters an indexed group, the index of the group is used as the anchor. Any modifications to the objects within the indexed group is also associated with the index value.
Parsing Rules • All lines that start with '#' are treated as comments. A comment line must start in column one. A '#' character in any other column is treated as a '#' character. Some modem parameters may include # characters in its string. An escape character is not required. You may want to generate a .cfg from a racadm getconfig -f .cfg command, and then perform a racadm config -f .cfg command to a different iDRAC6, without adding escape characters.
• All parameters are specified as "object=value" pairs with no white space between the object, =, or value. White spaces that are included after the value are ignored. A white space inside a value string remains unmodified. Any character to the right of the '=' is taken as is (for example, a second '=', or a '#', '[', ']', and so forth). These characters are valid modem chat script characters. See the example in the previous bullet. The racadm getconfig -f .
cfgNicGateway=10.35.10.1 This file will be updated as follows: # # Object Group "cfgLanNetworking" # [cfgLanNetworking] cfgNicIpAddress=10.35.9.143 # comment, the rest of this line is ignored cfgNicGateway=10.35.9.1 The command racadm config -f myfile.cfg parses the file and identifies any errors by line number. A correct file will update the proper entries. Additionally, you can use the same getconfig command from the previous example to confirm the update.
The following is an example of how the command may be used to configure desired LAN network properties. racadm config -g cfgLanNetworking -o cfgNicEnable 1 racadm config -g cfgLanNetworking -o cfgNicIpAddress 192.168.0.120 racadm config -g cfgLanNetworking -o cfgNicNetmask 255.255.255.0 racadm config -g cfgLanNetworking -o cfgNicGateway 192.168.0.
iDRAC6 Modes The iDRAC6 can be configured in one of four modes: • Dedicated • Shared • Shared with Failover LOM2 • Shared with Failover All LOMs Table 5-16 provides a description of each mode. Table 5-16. iDRAC6 NIC Configurations Mode Description Dedicated The iDRAC6 uses its own NIC (RJ-45 connector) and the iDRAC MAC address for network traffic. Shared The iDRAC6 uses LOM1 on the planar. Shared with Failover LOM2 The iDRAC6 uses LOM1 and LOM2 as a team for failover.
(if certificate issued to IP) of the iDRAC6 (for example, 192.168.0.120) or the registered DNS iDRAC6 name (if certificate issued to iDRAC registered name). To ensure that the CSR matches the registered DNS iDRAC6 name: 1 In the System tree, click Remote Access. 2 Click the Network/Security tab and then click Network. 3 In the Common Settings table: a Select the Register iDRAC on DNS check box. b In the DNS iDRAC Name field, enter the iDRAC6 name. 4 Click Apply Changes.
When accessing the iDRAC6 Web-based interface, I get a security warning stating the SSL certificate was issued by a certificate authority (CA) that is not trusted. iDRAC6 includes a default iDRAC6 server certificate to ensure network security for the Web-based interface and remote RACADM features. This certificate was not issued by a trusted CA. To address this security concern, upload a iDRAC6 server certificate issued by a trusted CA (for example, Microsoft Certificate Authority, Thawte or Verisign).
Advanced iDRAC6 Configuration
Adding and Configuring iDRAC6 Users 6 To manage your system with the iDRAC6 and maintain system security, create unique users with specific administrative permissions (or role-based authority). For additional security, you can also configure alerts that are e-mailed to specific users when a specific system event occurs.
• The username, password, and access permissions for a new or existing iDRAC user. Table 6-3 describes General User Settings. • The user’s IPMI privileges. Table 6-4 describes the IPMI User Privileges for configuring the user’s LAN privileges. • The iDRAC user privileges. Table 6-5 describes the iDRAC User Privileges. • The iDRAC Group access permissions. Table 6-6 describes the iDRAC Group Permissions. 4 When completed, click Apply Changes. 5 Click the appropriate button to continue. See Table 6-7.
Table 6-2. Smart Card Configuration Options Option Description Upload User Certificate Enables the user to upload the user certificate to iDRAC6 and import it to the user profile. View User Certificate Displays the user certificate page that has been uploaded to the iDRAC. Upload Trusted CA Certificate Enables you to upload the trusted CA certificate to iDRAC and import it to the user profile. View Trusted CA Certificate Displays the trusted CA certificate that has been uploaded to the iDRAC.
Table 6-3. General User Settings New Password Enter a Password with up to 20 characters. The characters will not be displayed and are masked. The following characters are supported: • 0-9 • A-Z • a-z • Special characters: Confirm New Password + & ? > - } | . ! ( ' , _ [ " @ # ) * ; $ ] / § % = < : { I \ Retype the iDRAC user’s password to confirm. Table 6-4.
Table 6-5. iDRAC User Privileges (continued) Property Description Configure iDRAC Enables the user to configure the iDRAC. Configure Users Enables the user to allow specific users to access the system. CAUTION: This privilege is normally reserved for users who are members of the Administrator role on iDRAC. However, users in the ‘Operator’ role can be assigned this privilege. A user with this privilege can modify any user’s configuration.
Table 6-7. User Configuration Page Buttons Button Action Print Prints the User Configuration values that appear on the screen. Refresh Reloads the User Configuration page. Go Back To Users Page Returns to the Users Page. Apply Changes Saves any new settings made to the user configuration. Public Key Authentication over SSH iDRAC6 supports the Public Key Authentication (PKA) over SSH.
Generating Public Keys for Windows Before adding an account, a public key is required from the system that will access the iDRAC6 over SSH. There are two common ways to generate the public/private key pair: using PuTTY Key Generator application for clients running Windows or ssh-keygen CLI for clients running Linux. The ssh-keygen CLI utility comes by default on all standard installations. This section describes simple instructions to generate a public/private key pair for both applications.
CAUTION: Keys generated from the Linux management station using ssh-keygen are in non-4716 format. Convert the keys into the 4716 format using sshkeygen -e -f /root/.ssh/id_rsa.pub > std_rsa.pub. Do not change the permissions of the key file. The above conversion should be done using default permissions. NOTE: iDRAC6 does not support ssh-agent forward of keys. Logging in Using Public Key Authentication After the public keys are uploaded, you can log into the iDRAC6 over SSH without entering a password.
CAUTION: The capability to upload, view, and/ or delete SSH keys is based on the ’Configure Users’ user privilege. This privilege allows user(s) to configure another user's SSH key. You should grant this privilege carefully. For more information on user privileges, see "Adding and Configuring iDRAC6 Users" on page 129. Table 6-8. SSH Key Configurations Option Description Upload SSH Key(s) Allows the local user to upload a Secure Shell (SSH) public key file.
Uploading, Viewing, and Deleting SSH Keys Using RACADM Upload The upload mode allows you to upload a keyfile or to copy the key text on the command line. You cannot upload and copy a key at the same time.
Using the RACADM Utility to Configure iDRAC6 Users NOTE: You must be logged in as user root to execute RACADM commands on a remote Linux system. Single or multiple iDRAC6 users can be configured using the RACADM command line that is installed with the iDRAC6 agents on the managed system.
NOTE: You can also type racadm getconfig -f and view or edit the myfile.cfg file, which includes all iDRAC6 configuration parameters. Several parameters and object IDs are displayed with their current values. Two objects of interest are: # cfgUserAdminIndex=XX cfgUserAdminUserName= If the cfgUserAdminUserName object has no value, that index number, which is indicated by the cfgUserAdminIndex object, is available for use.
racadm config -g cfgUserAdmin -o cfgUserAdminPassword -i 2 123456 racadm config -g cfgUserAdmin -i 2 -o cfgUserAdminPrivilege 0x00000001 racadm config -g cfgUserAdmin -i 2 -o cfgUserAdminIpmiLanPrivilege 4 racadm config -g cfgUserAdmin -i 2 -o cfgUserAdminIpmiSerialPrivilege 4 racadm config -g cfgUserAdmin -i 2 -o cfgUserAdminSolEnable 1 racadm config -g cfgUserAdmin -i 2 -o cfgUserAdminEnable 1 To verify, use one of the following commands: racadm getconfig -u john racadm getconfig –g cfgUserAdmin –i 2 Rem
NOTE: For a list of valid bit mask values for specific user privileges, see the iDRAC6 Administrator Reference Guide available on the Dell Support website at support.dell.com/manuals. The default privilege value is 0, which indicates the user has no privileges enabled.
7 Using the iDRAC6 Directory Service A directory service maintains a common database for storing information about users, computers, printers, etc. on a network. If your company uses either the Microsoft Active Directory or the LDAP Directory Service software, you can configure the software to provide access to iDRAC6, allowing you to add and control iDRAC6 user privileges to your existing users in your directory service.
Privilege Description Test Alerts Enables the user to send test alerts (e-mail and PET) to a specific user Execute Diagnostic Commands Enables the user to run diagnostic commands You can use Active Directory to log in to the iDRAC6 using one of the following methods: • Web-based interface • Remote RACADM • Serial or Telnet console The login syntax is the same for all three methods: or \ or / where username is an ASCII string of 1–256 bytes.
Prerequisites for Enabling Microsoft Active Directory Authentication for iDRAC6 To use the Active Directory authentication feature of the iDRAC6, you must have already deployed an Active Directory infrastructure. See the Microsoft website for information on how to set up an Active Directory infrastructure, if you do not already have one.
d Click Next and click Finish. Exporting the Domain Controller Root CA Certificate to the iDRAC6 NOTE: If your system is running Windows 2000 or if you are using a standalone CA, the following steps may vary. 1 Locate the domain controller that is running the Microsoft Enterprise CA service. 2 Click StartRun. 3 In the Run field, type mmc and click OK. 4 In the Console 1 (MMC) window, click File (or Console on Windows 2000 systems) and select Add/Remove Snap-in.
Directory With Standard Schema Using the iDRAC6 Web-Based Interface" on page 170. Importing the iDRAC6 Firmware SSL Certificate NOTE: If the Active Directory Server is set to authenticate the client during an SSL session initialization phase, you need to upload the iDRAC6 Server certificate to the Active Directory Domain controller as well. This additional step is not required if the Active Directory does not perform a client authentication during an SSL session’s initialization phase.
Supported Active Directory Authentication Mechanisms You can use Active Directory to define user access on the iDRAC6 through two methods: you can use the extended schema solution, which Dell has customized to add Dell-defined Active Directory objects. Or, you can use the standard schema solution, which uses Active Directory group objects only. See the sections that follow for more information about these solutions.
Identifiers (OIDs) so that when companies add extensions to the schema, they can be guaranteed to be unique and not to conflict with each other. To extend the schema in Microsoft's Active Directory, Dell received unique OIDs, unique name extensions, and uniquely linked attribute IDs for the attributes and classes that are added into the directory service. Dell extension: dell Dell base OID: 1.2.840.113556.1.8000.
Figure 7-1 illustrates that the Association Object provides the connection that is needed for all of the Authentication and Authorization. Figure 7-1. Typical Setup for Active Directory Objects iDRAC Association Object User(s) Group(s) Privilege Object iDRAC Device Object(s) You can create as many or as few association objects as required.
Accumulating Privileges Using Extended Schema The Extended Schema Authentication mechanism supports Privilege Accumulation from different privilege objects associated with the same user through different Association Objects. In other words, Extended Schema Authentication accumulates privileges to allow the user the super set of all assigned privileges corresponding to the different privilege objects associated with the same user.
For example, Priv1 has these privileges: Login, Virtual Media, and Clear Logs and Priv2 has these privileges: Login to iDRAC, Configure iDRAC, and Test Alerts. As a result, User1 now has the privilege set: Login to iDRAC, Virtual Media, Clear Logs, Configure iDRAC, and Test Alerts, which is the combined privilege set of Priv1 and Priv2.
Extending the Active Directory Schema Important: The schema extension for this product is different from the previous generations of Dell Remote Management products. You must extend the new schema and install the new Active Directory Users and Computers Microsoft Management Console (MMC) Snap-in on your directory. The old schema does not work with this product. NOTE: Extending the new schema or installing the new extension to Active Directory User and Computer Snap-in has no impact on previous products.
NOTE: The Remote_Management folder is for extending the Schema on older remote access products like DRAC 4 and DRAC 5, and the Remote_Management_Advanced folder is for extending the Schema on iDRAC6. To use the LDIF files, see the instructions in the readme included in the LDIF_Files directory. To use the Dell Schema Extender to extend the Active Directory Schema, see "Using the Dell Schema Extender" on page 154. You can copy and run the Schema Extender or LDIF files from any location.
Table 7-3. dellRacDevice Class OID 1.2.840.113556.1.8000.1280.1.7.1.1 Description Represents the Dell iDRAC device. The iDRAC device must be configured as delliDRACDevice in Active Directory. This configuration enables the iDRAC to send Lightweight Directory Access Protocol (LDAP) queries to Active Directory. Class Type Structural Class SuperClasses dellProduct Attributes dellSchemaVersion dellRacType Table 7-4. delliDRACAssociationObject Class OID 1.2.840.113556.1.8000.1280.1.7.1.
Table 7-5. dellRAC4Privileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.3 Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 7-6. dellPrivileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.4 Description Used as a container Class for the Dell Privileges (Authorization Rights).
Table 7-8. List of Attributes Added to the Active Directory Schema Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellPrivilegeMember 1.2.840.113556.1.8000.1280.1.1.2.1 FALSE List of dellPrivilege Objects that belong to this Attribute. Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) dellProductMembers 1.2.840.113556.1.8000.1280.1.1.2.2 FALSE List of dellRacDevice and Distinguished Name (LDAPTYPE_DN DelliDRACDevice Objects that 1.3.6.1.4.1.1466.115.
Table 7-8. List of Attributes Added to the Active Directory Schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellIsVirtualMediaUser 1.2.840.113556.1.8000.1280.1.1.2.9 TRUE TRUE if the user has Virtual Media rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsTestAlertUser 1.2.840.113556.1.8000.1280.1.1.2.10 TRUE if the user has Test Alert User rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.
Installing Dell Extension to Microsoft Active Directory Users and Computers Snap-In When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers Snap-in so the administrator can manage iDRAC devices, Users and User Groups, iDRAC Associations, and iDRAC Privileges.
3 Click Add/Remove Snap-in. 4 Select the Active Directory Users and Computers Snap-in and click Add. 5 Click Close and click OK. Adding iDRAC Users and Privileges to Microsoft Active Directory Using the Dell-extended Active Directory Users and Computers Snap-in, you can add iDRAC users and privileges by creating iDRAC, Association, and Privilege objects.
5 Click OK. 6 Right-click the privilege object that you created, and select Properties. 7 Click the Remote Management Privileges tab and select the privileges that you want the user to have. Creating an Association Object NOTE: The iDRAC Association Object is derived from Group and its scope is set to Domain Local. 1 In the Console Root (MMC) window, right-click a container. 2 Select New Dell Remote Management Object Advanced. This opens the New Object window. 3 Type a name for the new object.
Click the Products tab to add one iDRAC device connected to the network that is available for the defined users or user groups. Multiple iDRAC devices can be added to an Association Object. Adding iDRAC Devices To add iDRAC devices: 1 Select the Products tab and click Add. 2 Type the iDRAC device name and click OK. 3 In the Properties window, click Apply and click OK. Configuring Microsoft Active Directory With Extended Schema Using the iDRAC6 Web-Based Interface 1 Open a supported Web browser window.
9 Click Next. The Active Directory Configuration and Management Step 2 of 4 page is displayed. 10 Select Enable Active Directory. CAUTION: In this release, the Smart Card based Two Factor Authentication (TFA) feature is not supported if the Active directory is configured for Extended schema. The Single Sign-On (SSO) feature is supported for both Standard and Extended schema. 11 Click Add to enter the user domain name. 12 Type the user domain name in the prompt and click OK. NOTE: This step is optional.
NOTE: The FQDN or IP address that you specify in the Domain Controller Server Address field should match the Subject or Subject Alternative Name field of your domain controller certificate if you have certificate validation enabled. 15 Click Next. The Active Directory Configuration and Management Step 3 of 4 page is displayed. 16 Under Schema Selection, select Extended Schema. 17 Click Next. The Active Directory Configuration and Management Step 4 of 4 page is displayed.
racadm config -g cfgActiveDirectory -o cfgADRacName racadm config -g cfgActiveDirectory -o cfgADRacDomain racadm config -g cfgActiveDirectory -o cfgADDomainController1 racadm config -g cfgActiveDirectory -o cfgADDomainController2 racadm config -g cfgActiveDirectory -o cfgADDomainController3
racadm config -g cfgActiveDirectory -o cfgADDcSRVLookupDomainName If you want to disable the certificate validation during SSL handshake, type the following RACADM command: racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 0 In this case, you do not have to upload a CA certificate.
4 If DHCP is disabled on the iDRAC or you want to manually input your DNS IP address, type following RACADM commands: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 racadm config -g cfgLanNetworking -o cfgDNSServer2 5 If you want to configure a list of user domains so that you only need to enter the user name during login to the iDRAC6 Web-based interface, type the following command: racadm c
Standard Schema Active Directory Overview As shown in Figure 7-3, using standard schema for Active Directory integration requires configuration on both Active Directory and iDRAC6. Figure 7-3. Configuration of iDRAC with Microsoft Active Directory and Standard Schema Configuration on iDRAC Side Configuration on Active Directory Side Role Group Role Group Name and Domain Name Role Definition User On the Active Directory side, a standard group object is used as a role group.
Table 7-9.
Configuring Standard Schema Microsoft Active Directory to Access iDRAC6 You must perform the following steps to configure Active Directory before an Active Directory user can access iDRAC6: 1 On an Active Directory server (domain controller), open the Active Directory Users and Computers Snap-in. 2 Create a group or select an existing group. Add the Active Directory user as a member of the Active Directory group to access the iDRAC6.
The certificate information for the valid Active Directory CA certificate is displayed. 8 Under Upload Kerberos Keytab, type the path of the keytab file or browse to locate the file. Click Upload. The Kerberos keytab is uploaded into the iDRAC6. 9 Click Next. The Active Directory Configuration and Management Step 2 of 4 page is displayed. 10 Select Enable Active Directory.
Standard Schema, these are the addresses of the domain controllers where the user accounts and the role groups are located. NOTE: The FQDN or IP address that you specify in this field should match the Subject or Subject Alternative Name field of your domain controller certificate if you have certificate validation enabled. 16 Click Next. The Active Directory Configuration and Management Step 3 of 4 page is displayed. 17 Under Schema Selection, select Standard Schema. 18 Click Next.
The Active Directory Configuration and Management Step 4b of 4 page is displayed. 21 Specify the Role Group Name. The Role Group Name identifies the role group in Active Directory associated with the iDRAC. 22 Specify the Role Group Domain, which is the domain of the Role Group. 23 Specify the Role Group Privileges by selecting the Role Group Privilege Level. For example, if you select Administrator, all the privileges are selected for that level of permission.
Configuring Microsoft Active Directory With Standard Schema Using RACADM Use the following commands to configure the iDRAC Active Directory Feature with Standard Schema using the RACADM CLI instead of the Web-based interface.
NOTE: At least one of the 3 addresses is required to be configured. iDRAC6 attempts to connect to each of the configured addresses one-by-one until it makes a successful connection. With Standard Schema, these are the addresses of the domain controllers where the user accounts and the role groups are located.
racadm config -g cfgActiveDirectory -o cfgADGcSRVLookupEnable=1 racadm config -g cfgActiveDirectory -o cfgADGcRootDomain If you want to disable the certificate validation during SSL handshake, type the following RACADM command: racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 0 In this case, no Certificate Authority (CA) certificate needs to be uploaded.
4 If DHCP is disabled on the iDRAC6 or you want manually to input your DNS IP address, type the following RACADM commands: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 racadm config -g cfgLanNetworking -o cfgDNSServer2 5 If you want to configure a list of user domains so that you only need to enter the user name during login to the Web-based interface, type the following command: racadm con
Generic LDAP Directory Service iDRAC6 provides a generic solution to support Lightweight Directory Access Protocol (LDAP)-based authentication. This feature does not require any schema extension on your directory services. To make the iDRAC6 LDAP implementation generic, the commonality between different directory services is utilized to group users and then map the user-group relationship. The directory service specific action is the schema.
The Generic LDAP Configuration and Management Step 1 of 3 page is displayed. Use this page to configure the digital certificate used during initiation of SSL connections when communicating with a generic LDAP server. These communications use LDAP over SSL (LDAPS). If you enable certificate validation, upload the certificate of the Certificate Authority (CA) that issued the certificate used by the LDAP server during initiation of SSL connections.
8 Enter the followinf information: • Select Enable Generic LDAP. NOTE: In this release, nested group is not supported. The firmware searches for the direct member of the group to match the user DN. Also, only single domain is supported. Cross domain is not supported. 180 • Select the Use Distinguished Name to Search Group Membership option to use the Distinguished Name (DN) as group members. iDRAC6 compares the User DN retrieved from the directory to compare with the members of the group.
• In the Search Filter field, enter a valid LDAP search filter. Use the filter if the user attribute cannot uniquely identify the login user within the chosen Base DN. If not specified, the value defaults to objectClass=*, which searches for all objects in the tree. This additional search filter configured by the user applies only to userDN search and not the group membership search. 9 Click Next. The Generic LDAP Configuration and Management Step 3a of 3 page is displayed.
17 Enter the user name and password of a directory user that is chosen to test the LDAP settings. The format depends on what Attribute of User Login is used and the user name entered must match the value of the chosen attribute. The test results and the test log are displayed. You have completed the generic LDAP Directory Service configuration.
NOTE: Configure iDRAC6 to use a Domain Name Server, which resolves the LDAP server hostname that iDRAC6 is configured to use in the LDAP server address. The hostname must match the "CN" or "Subject" in the LDAP server's certificate. Frequently Asked Questions about Active Directory My Active Directory login failed. How can I troubleshoot the problem? iDRAC6 provides a diagnostic tool from the Web-based interface. Log in as a local user with administrator privilege from the Web-based interface.
2 The domain controller addresses configured in iDRAC6 do not match the Subject or Subject Alternative Name of the directory server certificate. If you are using an IP address, please read the following question and answer. If you are using FQDN, please make sure you are using the FQDN of the domain controller, not the domain, for example, servername.example.com instead of example.com. I'm using an IP address for a domain controller address and I failed certificate validation.
If Global Controller Address(es) is configured, iDRAC6 continues to query the Global Catalog. If additional privileges are retrieved from the Global Catalog, these privileges will be accumulated. Does iDRAC6 always use LDAP over SSL? Yes. All the transportation is over secure port 636 and/or 3269. During test setting, iDRAC6 does a LDAP CONNECT only to help isolate the problem, but it does not do an LDAP BIND on an insecure connection.
c Ensure that you have uploaded the right Active Directory root CA certificate to the iDRAC6 if you enabled certificate validation. Ensure that the iDRAC6 time is within the valid period of the CA certificate. d If you are using the Extended Schema, ensure that the iDRAC6 Name and iDRAC6 Domain Name match your Active Directory environment configuration. If you are using the Standard Schema, ensure that the Group Name and Group Domain Name match your Active Directory configuration.
8 Configuring iDRAC6 for Single SignOn or Smart Card Login This section provides information to configure iDRAC6 for Smart Card login for local users and Active Directory users, and Single Sign-On (SSO) login for Active Directory users. iDRAC6 supports Kerberos based Active Directory authentication to support Active Directory Smart Card and SSO logins. About Kerberos Authentication Kerberos is a network authentication protocol that allows systems to communicate securely over a non-secure network.
Prerequisites for Active Directory SSO and Smart Card Authentication The pre-requisites for both Active Directory SSO and Smart Card authentication are: • Configure the iDRAC6 for Active Directory login. For more information, see "Using the iDRAC6 Directory Service" on page 143. • Register the iDRAC6 as a computer in the Active Directory root domain. To do this: a Click Remote Access Network/Security tab Network subtab. b Provide a valid Preferred/Alternate DNS Server IP address.
Since the iDRAC6 is a device with a non-Windows operating system, run the ktpass utility—part of Microsoft Windows—on the domain controller (Active Directory server) where you want to map the iDRAC6 to a user account in Active Directory. For example, use the following ktpass command to create the Kerberos keytab file: C:\>ktpass -princ HOST/dracname.domainname.com@DOMAINNAME.
Browser Settings to Enable Active Directory SSO To configure the browser settings for Internet Explorer: 1 Open Internet Explorer Web browser 2 Select ToolsInternet Options SecurityLocal Intranet. 3 Click Sites. 4 Select the following options only: • Include all local (intranet) sites not listed on other zones. • Include all sites that bypass the proxy server. 5 Click Advanced.
Using Microsoft Active Directory SSO The SSO feature enables you to log into the iDRAC6 directly after logging into your workstation without entering your domain user authentication credentials, such as user name and password. To log into the iDRAC6 using this feature, you should have already logged into your system using a valid Active Directory user account. Also, you should have configured the user account to log into the iDRAC6 using the Active Directory credentials.
7 Click Next until the last page is displayed. If Active Directory is configured to use standard schema, then Active Directory Configuration and Management Step 4a of 4 page is displayed. If Active Directory is configured to use extended schema, then Active Directory Configuration and Management Step 4 of 4 page is displayed. 8 Click Finish to apply the settings.
• You are configured in the iDRAC6 for Active Directory login. • The iDRAC6 is enabled for Kerberos Active Directory authentication. Configuring Smart Card Authentication The iDRAC6 supports the Two Factor Authentication (TFA) feature by enabling Smart Card Logon. The traditional authentication schemes use user name and password to authenticate users. This provides minimal security.
NOTE: To log into the iDRAC6, the user name that you configure in the iDRAC6 should have the same case as the User Principal Name (UPN) in the Smart Card certificate. For example, in case the Smart Card certificate has been issued to the user, "sampleuser@domain.com," the username should be configured as "sampleuser.
Table 8-1. Smart Card Settings Setting Description Configure Smart Card • Disabled — Disables Smart Card logon. Subsequent logins Logon from the graphical user interface (GUI) display the regular login page. All command line out-of-band interfaces including secure shell (SSH), Telnet, Serial, and remote RACADM are set to their default state. • Enabled — Enables Smart Card logon. After applying the changes, logout, insert your Smart Card and then click Login to enter your Smart Card PIN.
Table 8-1. Smart Card Settings (continued) Setting Description Enable CRL check for This check is available only for Smart Card local users. Select Smart Card Logon this option if you want iDRAC6 to check the Certificate Revocation List (CRL) for revocation of the user's Smart Card certificate. The user's iDRAC certificate, which is downloaded from the Certificate Revocation List (CRL) distribution server is checked for revocation in the CRL.
https://: where IP address is the IP address for the iDRAC6 and port number is the HTTPS port number. The iDRAC6 Login page is displayed prompting you to insert the Smart Card. 2 Insert the Smart Card into the reader and click Login. The iDRAC6 prompts you for the Smart Card’s PIN. 3 Enter the Smart Card PIN for local Smart Card users and if the user is not created locally, iDRAC6 will prompt to enter the password for the user’s Active Directory account. .
4 Enter the user’s Active Directory password to authenticate the user and click OK. You are logged into the iDRAC6 with your credentials as set in Active Directory. NOTE: If the Smart Card user is present in Active Directory, an Active Directory password is required along with the SC PIN. In future releases, the Active Directory password may not be required.
Unable to Log into iDRAC6 as an Active Directory User • If you cannot log into the iDRAC6 as an Active Directory user, try to log into the iDRAC6 without enabling the Smart Card logon. If you have enabled the CRL check, try the Active Directory logon without enabling the CRL check. The iDRAC6 trace log should provide important messages in case of CRL failure.
Access PropertiesiDRAC Information page, and the domain controller time by right clicking on the time in the bottom right hand corner of the screen. The timezone offset is displayed in the pop up display. For US Central Standard Time (CST), this is –6 ). Use the following RACADM timezone offset command to synchronize the iDRAC6 time (through Remote or Telnet/SSH RACADM): racadm config -g cfgRacTuning –o cfgRacTuneTimeZoneOffset .
SSO login fails with AD users on Windows 7 and Windows Server 2008 R2. What should I do to resolve this? You must enable the encryption types for Windows 7 and Windows Server 2008 R2. To enable the encryption types: 1 Log in as administrator or as a user with adminstrative privilege. 2 Go to Start and run gpedit.msc. The Local Group Policy Editor window is displayed. 3 Navigate to Local Computer SettingsWindows SettingsSecurity SettingsLocal PoliciesSecurity Options.
13 Close the Registry Editor window. You can now log in to iDRAC using SSO. If you have enabled SSO for iDRAC and you are using Internet Explorer to log in to iDRAC, SSO fails and you are prompted to enter your user name and password. How do I resolve this? Ensure that the iDRAC IP address is listed in the ToolsInternet OptionsSecurityTrusted sites. If it is not listed, SSO fails and you are prompted to enter your user name and password. Click Cancel and proceed.
Using GUI Virtual Console 9 This section provides information about using the iDRAC6 Virtual Console feature. Overview The iDRAC6 Virtual Console feature enables you to access the local console remotely in either graphic or text mode. Using Virtual Console, you can control one or more iDRAC6-enabled systems from one location. You do not have to sit in front of each server to perform all the routine maintenance.
The following rules apply to a Virtual Console session: • A maximum of four simultaneous Virtual Console sessions are supported. All sessions view the same managed server console simultaneously. • From 1.5 release version onwards, multiple sessions to multiple remote servers is possible from the same client, based on the order in which they are opened. If a Virtual Console session using Java plug-in is open, you can open another Virtual Console session using ActiveX plug-in.
2 If you are using Firefox or want to use the Java Viewer with Internet Explorer, install a Java Runtime Environment (JRE). If you use the Internet Explorer browser, an ActiveX control is provided for the console viewer. You can also use the Java console viewer with Firefox if you install a JRE and configure the console viewer in iDRAC6 Web interface before you launch the viewer.
Clear Your Browser’s Cache If you encounter issues when operating the Virtual Console, (out of range errors, synchronization issues, and so on) clear the browser’s cache to remove or delete any old versions of the viewer that may be stored on the system and try again. NOTE: You must have administrator privilege to clear the browser’s cache. To clear older versions of Active-X viewer for IE7, do the following: 1 Close the Video Viewer and Internet Explorer browser.
Internet Explorer Browser Configurations for ActiveX based Virtual Console and Virtual Media Applications This section provides information about the Internet Explorer browser settings required to launch and run ActiveX based Virtual Console and Virtual Media applications. NOTE: Clear the browser’s cache and then perform the browser configuration settings. For more information, see "Clear Your Browser’s Cache" on page 206.
2 Ensure that the Enable Protected Mode option is not selected for Trusted Sites zone. Alternatively, you can add the iDRAC address to sites in the Intranet zone. By default, protected mode is turned off for sites in Intranet Zone and Trusted Sites zone. 3 Click Sites. 4 In the Add this website to the zone field, add the address of your iDRAC and click Add. 5 Click Close and then click OK. 6 Close and restart the browser for the settings to take effect.
Table 9-2. Virtual Console Configuration Properties Property Description Enabled Click to enable or disable Virtual Console. If this option is checked, it indicates that Virtual Console is enabled. The default option is enabled. NOTE: Checking or clearing the Enabled option once after the Virtual Console is launched may disconnect all your existing Virtual Console sessions. Max Sessions Select the maximum number of Virtual Console sessions that are allowed, 1 to 4. The default is 2.
Table 9-2. Virtual Console Configuration Properties (continued) Property Description Plug-in Type The type of plug-in to be configured. • Native (ActiveX for Windows and Java plug-in for Linux) — ActiveX viewer will only work on Internet Explorer. • Java — A Java viewer will be launched. NOTE: For information about using Virtual Media with Virtual Console, see "Configuring and Using Virtual Media" on page 255. The buttons in Table 9-3 are available on the Configuration page. Table 9-3.
If you want to reconfigure any of the property values displayed, see "Configuring Virtual Console in the iDRAC6 Web Interface" on page 208. Table 9-4. Virtual Console Property Description Virtual Console Enabled Yes/No (checked\unchecked) Video Encryption Enabled Yes/No (checked\unchecked) Max Sessions Displays the maximum number of supported Virtual Console sessions. Active Sessions Displays the current number of active Virtual Console sessions.
Table 9-5. Virtual Console and Virtual Media Page Buttons Button Definition Refresh Reloads the Virtual Console and Virtual Media page. Launch Virtual Console Opens a Virtual Console session on the targeted remote system. Print Prints the Virtual Console and Virtual Media page. 3 If a Virtual Console session is available, click Launch Virtual Console. NOTE: Multiple message boxes may appear after you launch the application.
Table 9-6. Virtual Console Preview Options Option Descritpion Launch Click this link to launch the Virtual Console. If only Virtual Media is enabled, then clicking this link directly launches the Virtual Media. This link is not displayed if you do not have Virtual Console privileges or if both Virtual Console and Virtual Media are disabled. Settings Click this link to view or edit the Virtual Console configuration settings on the Console/Media Configuration page.
The iDRAC6 Virtual Console provides various control adjustments such as mouse synchronization, snapshots, keyboard macros, and access to Virtual Media. For more information about these functions, click System Console/Mediaand click Help on the Virtual Console and Virtual Media GUI page. When you start a Virtual Console session and the iDRAC6 Virtual Console is displayed, you may need to synchronize the mouse pointers. Table 9-7 describes the menu options that are available for use in the viewer.
Table 9-7. Viewer Menu Bar Selections (continued) Menu Item Item Description File Capture to File Captures the current remote system screen to a .bmp file on Windows or a .png file on Linux. A dialog box is displayed that allows you to save the file to a specified location. NOTE: .bmp file format on Windows or .png file format on Linux are applicable only for the Native plug-in. Java plug-in supports only the .jpg and .jpeg file formats.
Table 9-7. Viewer Menu Bar Selections (continued) Menu Item Item Description Macros • Alt+Ctrl+Del When you select a macro, or enter the hotkey specified for the macro, the action is executed on the remote system.
Table 9-7. Viewer Menu Bar Selections (continued) Menu Item Item Description Tools Session Options The Sessions Options window provides additional session viewer control adjustments. This window has the General and Mouse tabs. You can control the Keyboard pass through mode from the General tab. Select Pass all keystrokes to target to pass your management station's keystrokes to the remote system. The mouse tab contains two sections: Single Cursor and Mouse Acceleration.
Table 9-7. Viewer Menu Bar Selections (continued) Menu Item Item Description Power Power ON System Powers on the system. Power OFF System Powers off the system. Graceful Shutdown Shuts down the system. NOTE: Ensure that the shutdown option is configured for the operating system before you perform a graceful shutdown using this option. If you use this option without configuring it on the operating system, it reboots the managed system instead of performing a shutdown operation.
3 To disable (turn off) local video on the server, uncheck the Local Server Video Enabled checkbox on the Configuration page, and then click Apply. The default value is OFF. NOTE: If the local server video is turned ON, it will take 15 seconds to turn OFF. 4 To enable (turn on) local video on the server, check the Local Server Video Enabled checkbox on the Configuration page, and then click Apply.
General Error Scenarios Table 9-8 lists general error scenarios, the reasons for those errors, and the iDRAC6 behavior. Table 9-8. Error Scenarios Error Scenarios Reason Behavior Login failed You have entered either an invalid user name or an incorrect password. Same behavior when https:// is specified and login fails. iDRAC6 Enterprise Card not present The iDRAC6 Enterprise The iDRAC6 Virtual Console Card is not present. So viewer is not launched.
Frequently Asked Questions on Virtual Console Table 9-9 lists frequently asked questions and answers. Table 9-9. Using Virtual Console: Frequently Asked Questions Question Answer Virtual Console fails to log out when the out–of–band Web GUI is logged out. The Virtual Console and Virtual Media sessions stays active even if the Web session is logged off. Close the Virtual Media and Virtual Console viewer applications to log out of the corresponding session. Can a new remote console Yes.
Table 9-9. Using Virtual Console: Frequently Asked Questions (continued) Question Answer How can I get the current status of the local server video? The status is displayed on the Virtual Console Configuration page of the iDRAC6 Web interface. I cannot see the bottom of the system screen from the Virtual Console window. Ensure that the management station’s monitor resolution is set to 1280x1024. Try using the scroll bars on the iDRAC6 Virtual Console client, as well. The console window is garbled.
Table 9-9. Using Virtual Console: Frequently Asked Questions (continued) Question Answer Why can't I use a keyboard or mouse while installing a Microsoft operating system remotely by using iDRAC6 Virtual Console? When you remotely install a supported Microsoft operating system on a system with Virtual Console enabled in the BIOS, you receive an EMS Connection Message that requires that you select OK before you can continue. You cannot use the mouse to select OK remotely.
Table 9-9. Using Virtual Console: Frequently Asked Questions (continued) Question Answer What are the minimum The management station requires an Intel Pentium III system requirements for my 500 MHz processor with at least 256 MB of RAM. management station to run Virtual Console? Why do I see a No Signal message within the iDRAC6 Virtual Console Video Viewer? You may see this message because the iDRAC6 Virtual Console plugin is not receiving the remote server desktop video.
Using the WS-MAN Interface 10 Web Services for Management (WS–MAN) is a Simple Object Access Protocol (SOAP)–based protocol used for systems management. WS–MAN provides an interoperable protocol for devices to share and exchange data across networks. iDRAC6 uses WS–MAN to convey Distributed Management Task Force (DMTF) Common Information Model (CIM)–based management information; the CIM information defines the semantics and information types that can be manipulated in a managed system.
Table 10-1. Standard DMTF (continued) 3 Physical Asset: Defines CIM classes for representing the physical aspect of the managed elements. iDRAC6 uses this profile to represent the host server’s FRU information. 4 SM CLP Admin Domain Defines CIM classes for representing CLP’s configuration. iDRAC6 uses this profile for its own implementation of CLP. 5 Power State Management Defines CIM classes for power control operations. iDRAC6 uses this profile for the host server’s power control operations.
Table 10-1. Standard DMTF (continued) 16 SMASH Collection Defines CIM classes for representing CLP’s configuration. iDRAC6 uses this profile for its own implementation of CLP. 17 Profile Registration Defines CIM classes for advertising the profile implementations. iDRAC6 uses this profile to advertise its own implemented profiles, as described in this table. 18 Base Metrics Defines CIM classes for representing metrics.
Table 10-1. Standard DMTF (continued) Dell Extensions 1 Dell Active Directory Client Version 2.0.0 Defines CIM and Dell extension classes for configuring iDRAC6 Active Directory client and the local privileges for Active Directory groups. 2 Dell Virtual Media Defines CIM and Dell extension classes for configuring iDRAC6 Virtual Media. Extends USB Redirection Profile. 3 Dell Ethernet Port Defines CIM and Dell extension classes for configuring NIC Side-Band interface for the iDRAC6 NIC.
Table 10-1. Standard DMTF (continued) 12 Dell Power Supply Profile Defines CIM and Dell extension classes to represent the host's power supply inventory information. 13 Dell iDRAC Card Profile Defines CIM and Dell extension classes to represent the iDRAC6 inventory information. 14 Dell Fan Profile Defines CIM and Dell extension classes to represent the host's fan inventory information. 15 Dell Memory Profile Defines CIM and Dell extension classes to represent the host's DIMM inventory information.
There are additional implementation guides, white papers, profile, and code samples available in the Dell Enterprise Technology Center at www.delltechcenter.com. For more information, see the following: 230 • DMTF Web site: www.dmtf.org/standards/profiles/ • WS–MAN release notes or readme file.
Using the iDRAC6 SM-CLP Command Line Interface 11 This section provides information about the Distributed Management Task Force (DMTF) Server Management-Command Line Protocol (SM-CLP) that is incorporated in the iDRAC6. NOTE: This section assumes that you are familiar with the Systems Management Architecture for Server Hardware (SMASH) Initiative and the SM-CLP specifications. For more information on these specifications, see the DMTF website at www.dmtf.org.
SM-CLP Features The SM-CLP promotes the concept of verbs and targets to provide system management capabilities through the CLI. The verb indicates the operation to perform, and the target determines the entity (or object) that runs the operation. Below is an example of the SM-CLP command line syntax. [] [] [] During a typical SM-CLP session, you can perform operations using the verbs listed in Table 11-1. Table 11-1.
Table 11-2.
Table 11-2.
Table 11-2.
Table 11-2.
Table 11-2.
Table 11-2.
12 Deploying Your Operating System Using VMCLI The Virtual Media Command Line Interface (VMCLI) utility is a command-line interface that provides Virtual Media features from the management station to the iDRAC6 in the remote system. Using VMCLI and scripted methods, you can deploy your operating system on multiple remote systems in your network. This section provides information on integrating the VMCLI utility into your corporate network.
Creating a Bootable Image File Before you deploy your image file to the remote systems, ensure that a supported system can boot from the file. To test the image file, transfer the image file to a test system using the iDRAC6 Web user interface and then reboot the system. The following sections provide specific information for creating image files for Linux and Microsoft Windows systems.
When you create the image file, do the following: • Follow standard network-based installation procedures • Mark the deployment image as read only to ensure that each target system boots and executes the same deployment procedure 4 Perform one of the following procedures: • Integrate IPMItool and VMCLI into your existing operating system deployment application. Use the sample vm6deploy script as a guide to using the utility. • Use the existing vm6deploy script to deploy your operating system.
• is the path to an ISO9660 image of the operating system installation CD or DVD • -f {} is the path to the device containing the operating system installation CD , DVD, or Floppy • is the path to a valid floppy image The vm6deploy script passes its command line options to the VMCLI utility. See “Command Line Options” for details about these options. The script processes the -r option slightly differently than the vmcli -r option.
If your operating system supports administrator privileges or an operating system-specific privilege or group membership, administrator privileges are also required to run the VMCLI command. The client system’s administrator controls user groups and privileges, thereby controlling the users who can run the utility. For Windows systems, you must have Power User privileges to run the VMCLI utility. For Linux systems, you can access the VMCLI utility without administrator privileges by using the sudo command.
The VMCLI command format is as follows: VMCLI [parameter] [operating_system_shell_options] Command-line syntax is case-sensitive. See "VMCLI Parameters" on page 244 for more information. If the remote system accepts the commands and the iDRAC6 authorizes the connection, the command continues to run until either of the following occurs: • The VMCLI connection terminates for any reason. • The process is manually terminated using an operating system control.
iDRAC6 User Password -p This parameter provides the password for the specified iDRAC6 user. If iDRAC6 authentication fails, an error message displays and the command terminates.
2 Get the name for the kernel image by typing the following command at the command line: uname -r 3 Go to the /boot directory and delete the kernel image file, whose name you determined in Step 2: mkinitrd /boot/initrd-’uname -r’.img ‘uname -r’ 4 Reboot the server.
Specify at least one media type (floppy or CD/DVD drive) with the command, unless only switch options are provided. Otherwise, an error message is displayed and the command terminates and generates an error. Version Display -v This parameter is used to display the VMCLI utility version. If no other non-switch options are provided, the command terminates without an error message. Help Display -h This parameter displays a summary of the VMCLI utility parameters.
• Background execution — By default, the VMCLI utility runs in the foreground. Use the operating system's command shell features to cause the utility to run in the background. For example, under a Linux operating system, the ampersand character (&) following the command causes the program to be spawned as a new background process.
13 Configuring Intelligent Platform Management Interface This section provides information about configuring and using the iDRAC6 IPMI interface. The interface includes the following: • IPMI over LAN • IPMI over Serial • Serial over LAN The iDRAC6 is fully IPMI 2.0 compliant.
Open a command prompt, type the following command, and press : racadm config -g cfgIpmiLan -o cfgIpmiLanEnable 1 NOTE: This setting determines the IPMI commands that can be executed from the IPMI over LAN interface. For more information, see the IPMI 2.0 specifications. a Update the IPMI channel privileges.
racadm config -g cfgIpmiSol -o cfgIpmiSolEnable 1 a Update the IPMI SOL minimum privilege level. NOTE: The IPMI SOL minimum privilege level determines the minimum privilege required to activate IPMI SOL. For more information, see the IPMI 2.0 specification.
NOTE: SOL can be enabled or disabled for each individual user. At the command prompt, type the following command and press : racadm config -g cfgUserAdmin -o cfgUserAdminSolEnable -i 2 where is the user’s unique ID. 4 Configure IPMI Serial. a Change the IPMI serial connection mode to the appropriate setting. At the command prompt, type the following command and press : racadm config -g cfgSerial -o cfgSerialConsoleEnable 0 b Set the IPMI Serial baud rate.
d Set the IPMI serial channel minimum privilege level.
Using the IPMI Remote Access Serial Interface In the IPMI serial interface, the following modes are available: • IPMI terminal mode — Supports ASCII commands that are submitted from a serial terminal. The command set has a limited number of commands (including power control) and supports raw IPMI commands that are entered as hexadecimal ASCII characters.
Configuring and Using Virtual Media 14 Overview The Virtual Media feature, accessed through the Virtual Console viewer, provides the managed server access to media connected to a remote system on the network. Figure 14-1 shows the overall architecture of Virtual Media. Figure 14-1.
Using Virtual Media, administrators can remotely boot their managed servers, install applications, update drivers, or even install new operating systems remotely from the virtual CD/DVD and diskette drives. NOTE: Virtual media requires a minimum available network bandwidth of 128 Kbps. Virtual media defines two devices for the managed server’s operating system and BIOS: a floppy disk device and an optical disk device. The management station provides the physical media or image file across the network.
Linux-Based Management Station To run the Virtual Media feature on a management station running the Linux operating system, install a supported version of Firefox. A 32-bit Java Runtime Environment (JRE) is required to run the Virtual Console plugin. You can download a JRE from java.sun.com. CAUTION: To successfully launch Virtual Media, ensure that you have installed a 32-bit or 64-bit JRE version on a 64-bit operating system or a 32-bit JRE version on a 32-bit operating system.
Table 14-2. Virtual Media Configuration Properties (continued) Attribute Value Virtual Media Encryption Enabled Select or deselect the checkbox to enable or disable encryption on Virtual Media connections. Selected enables encryption; deselected disables encryption. Floppy Emulation Indicates whether the Virtual Media appears as a floppy drive or as a USB key to the server. If Floppy Emulation is checked, the Virtual Media device appears as a floppy device on the server.
Running Virtual Media CAUTION: Do not issue a racreset command when running a Virtual Media session. Otherwise, undesirable results may occur, including loss of data. NOTE: The Console Viewer window application must remain active while you access the Virtual Media.
3 Select SystemConsole/MediaVirtual Console and Virtual Media. 4 The Virtual Console and Virtual Media page is displayed. If you want to change the values of any of the displayed attributes, see "Configuring Virtual Media" on page 257. NOTE: The Floppy Image File under Floppy Drive (if applicable) may appear, as this device can be virtualized as a virtual floppy. You can select one optical drive and one floppy/USB flash drive at the same time to be virtualized.
Disconnecting Virtual Media 1 Click Tools Launch Virtual Media. 2 Uncheck the box next to the media you want to disconnect. The media is disconnected and the Status window is updated. 3 Click Exit to terminate the Virtual Media Session wizard. NOTE: Whenever a Virtual Media session is initiated or a vFlash is connected, an extra drive named "LCDRIVE" is displayed on the host operating system and the BIOS. The extra drive disappears when the vFlash or the Virtual Media session is disconnected.
Installing Operating Systems Using Virtual Media This section describes a manual, interactive method to install the operating system on your management station that may take several hours to complete. A scripted operating system installation procedure using Virtual Media may take less than 15 minutes to complete. See "Deploying the Operating System" on page 241 for more information. 1 Verify the following: • The operating system installation CD is inserted in the management station’s CD drive.
To use the Boot Once Feature, do the following: 1 Log in to the iDRAC6 through the Web interface and click System Console/Media Configuration. 2 Select the Enable Boot Once option under Virtual Media. 3 Power up the server and enter the BIOS Boot Manager. 4 Change the boot sequence to boot from the remote Virtual Media device. 5 Power cycle the server. The server boots from the remote Virtual Media device. The next time the server reboots, the remote Virtual Media connection is detached.
Frequently Asked Questions about Virtual Media Table 14-4 lists frequently asked questions and answers. Table 14-4. Using Virtual Media: Frequently Asked Questions Question Answer Sometimes, I notice my Virtual When a network timeout occurs, the iDRAC6 Media client connection drop. firmware drops the connection, disconnecting the Why? link between the server and the Virtual Drive.
Table 14-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer An installation of the Windows operating system through Virtual Media seems to take too long. Why? If you are installing the Windows operating system using the Dell Systems Management Tools and Documentation DVD and a slow network connection, the installation procedure may require an extended amount of time to access the iDRAC6 Web interface due to network latency.
Table 14-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer I cannot locate my Virtual Floppy/Virtual CD device on a system running Red Hat Enterprise Linux or the SUSE Linux operating system. My Virtual Media is attached and I am connected to my remote floppy. What should I do? Some Linux versions do not automount the Virtual Floppy Drive and the Virtual CD drive in a similar manner.
Table 14-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer I cannot locate my Virtual Floppy/Virtual CD device on a system running Red Hat Enterprise Linux or the SUSE Linux operating system. My Virtual Media is attached and I am connected to my remote floppy. What should I do? (Answer Continued) To mount the Virtual CD drive, locate the device node that Linux assigns to the Virtual CD drive.
Table 14-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer Why are all my USB devices detached after I connect a USB device? Virtual Media devices and vFlash devices are connected as a composite USB device to the Host USB BUS, and they share a common USB port.
15 Configuring vFlash SD Card and Managing vFlash Partitions The vFlash SD card is a Secure Digital (SD) card that plugs into the optional iDRAC6 Enterprise card slot at the back of your system. It provides storage space and behaves like a common USB Flash Key device. It is the storage location for user-defined partition(s) that can be configured to be exposed to the system as a USB device and also used to create a bootable USB device.
If you are an administrator, you can perform all operations on the vFlash partitions. If not, you must have Access Virtual Media privilege to create, delete, format, attach, detach, or copy the contents for the partition. Configuring vFlash or Standard SD Card Using iDRAC6 Web Interface After you install the vFlash or standard SD card, you can view its properties, enable or disable vFlash, and initialize the card. The vFlash functionality must be enabled to perform partition management.
Table 15-1. SD Card Properties (continued) Attribute Description Available Space Displays the unused space on the vFlash SD card in MB. This space is available to create more partitions on the vFlash SD card. If the inserted vFlash SD card is uninitialized, then the available space displays that the card is uninitialized. For the standard SD card, the available space is not displayed. Write-protected Displays whether the card is write-protected or not.
If you click any option on the vFlash pages when an application such as WSMAN provider, iDRAC6 Configuration Utility, or RACADM is using vFlash, or if you navigate to some other page in the GUI, iDRAC6 may display the following message vFlash is currently in use by another process. Try again after some time. Configuring vFlash or Standard SD Card Using RACADM You can view and configure the vFlash or standard SD card using RACADM commands from local, remote, or Telnet/SSH console.
Enabling or Disabling the vFlash or Standard SD Card Open a telnet/SSH/Serial console to the server, log in, and enter the following commands: • To enable vFlash or standard SD card: racadm config -g cfgvFlashsd -o cfgvflashSDEnable 1 • To disable vFlash or standard SD card: racadm config -g cfgvFlashsd -o cfgvflashSDEnable 0 NOTE: The RACADM command functions only if a vFlash or standard SD card is present. If a card is not present, the following message is displayed: ERROR: SD Card not present.
For more information about vflashsd, see the iDRAC6 Administrator Reference Guide available on the Dell Support website at support.dell.com/manuals. NOTE: The racadm vmkey reset command is deprecated from 1.5 release onwards. The functionality of this command is now covered by vflashsd initialize. While execution of the vmkey reset command will be successful, it is recommended to use the vflashsd initialize command. For more information, see "Initializing the vFlash or Standard SD Card" on page 273.
Before creating an empty partition, ensure the following: • The card is initialized. • The card is not write-protected. • An initialize operation is not already being performed on the card. To create an empty vFlash partition: 1 On the iDRAC6 Web interface, select SystemvFlash tabCreate Empty Partition subtab. The Create Empty Partition page is displayed. 2 Enter the information mentioned in Table 15-2. 3 Click Apply. A new partition is created.
Table 15-2. Create Empty Partition Page Options Field Description Emulation Type Select the emulation type for the partition from the dropdown list. The available options are Floppy and Hard Disk. Size Enter the partition size in megabytes (MB). The maximum partition size is 4GB, or less than or equal to the available space on the vFlash SD card. NOTE: For the standard SD card, the partition size is 256MB and cannot be changed.
Before creating a partition from an image file, ensure the following: • The card is initialized. • The card is not write-protected. • An initialize operation is not already being performed on the card. NOTE: When creating partition from an image file, ensure that the image type and the emulation type match. iDRAC emulates the image as the image type specified. There may be issues when the uploaded image and the emulation type do not match.
Table 15-3. Create Partition from Image File Page Options Field Description Index Select a partition index. Only unused indices are displayed in the drop-down list. The lowest available index is selected by default. You can change it to any other index value from the drop-down list. NOTE: For the standard SD card, only index 1 is available. Label Enter a unique label for the new partition. This can contain up to six alphanumeric characters. Do not include spaces in the label name.
To format vFlash partition: 1 On the iDRAC6 Web interface, select SystemvFlash tabFormat subtab. The Format Partition page is displayed. 2 Enter the information mentioned in Table 15-4. 3 Click Apply. A warning message indicating that all the data on the partition will be erased is displayed. Click OK. The selected partition is formated to the specified file system type. An error message is displayed if: • The card is write-protected. • An initialize operation is already being performed on the card.
Table 15-5. Viewing Available Partitions Field Description Index Partitions are indexed from 1 to 16. The partition index is unique for a particular partition. It is specified when the partition is created. Label Identifies the partition. It is specified when the partition is created. Size Size of the partition in megabytes (MB). Read-Only Read-write access state of the partition. • Checked = Read-only partition.
Modifying a Partition Ensure that the card is enabled to modify the partition. You can change a read-only partition to read-write or vice-versa. To do this: 1 On the iDRAC6 Web interface, select SystemvFlash tabManage subtab. The Manage Partitions page is displayed. 2 In the Read-Only column, select the checkbox for the partition(s) that you want to change to read-only or clear the checkbox for the partition(s) that you want to change to read-write.
To attach or detach partitions: 1 On the iDRAC6 Web interface, select SystemvFlash tabManage subtab. The Manage Partitions page is displayed. 2 In the Attached column, select the checkbox for the partition(s) that you want to attach or clear the checkbox for the partition(s) that you want to detach. NOTE: The detached partitions are not displayed in the boot sequence. 3 Click Apply. The partitions are attached or detached based on the selections.
To delete existing partition(s): 1 On the iDRAC6 Web interface, select SystemvFlash tabManage subtab. The Manage Partitions page is displayed. 2 In the Delete column, click the delete icon for the partition(s) that you want to delete and click Apply. The partition(s) are deleted. Downloading Partition Contents You can download the contents of a vFlash partition to a local or remote location as an image file in the .img or .iso format.
Booting to a Partition You can set an attached vFlash partition as the boot device for the next boot operation. The vFlash partition must contain a bootable image (in the .img or .iso format) to set it as a boot device. Ensure that the card is enabled to set a partition as a boot device and to perform the boot operation. NOTE: You must have Access Virtual Media privileges to set a partition as the boot device. You can perform the boot operation for the vFlash or standard SD card.
Options only valid with the create action: -o
Creating a Partition • To create a 20MB empty partition: racadm vflashpartition create -i 1 -o drive1 -t empty -e HDD -f fat16 -s 20 • To create a partition using an image file on a remote system: racadm vflashpartition create –i 1 –o drive1 –e HDD –t image –l //myserver/sharedfolder/foo.iso –u root –p mypassword NOTE: Creating a partition using an image file is not supported in local RACADM.
Booting to a Partition • To list the available devices in the boot list: racadm getconfig –g cfgServerInfo –o cfgServerFirstBootDevice If it is a vFlash SD card, the label names of the attached partitions appears in the boot list. If it is a standard SD card and if the partition is attached, then VFLASH appears in the boot list.
For more information about the RACADM subcommands and the iDRAC6 property database group and object definitions, see the iDRAC6 Administrator Reference Guide available on the Dell Support website at support.dell.com/manuals. Frequently Asked Questions When is the vFlash or standard SD card locked? The virtual flash media is locked by iDRAC when the operation it is performing needs exclusive access to the media. For example, during an initialize operation.
Power Monitoring and Management 16 Dell PowerEdge systems incorporate many new and enhanced power management features. The entire platform, from hardware to firmware to systems management software, has been designed with a focus on power efficiency, power monitoring, and power management. The base hardware design has been optimized from a power perspective: • High efficiency power supplies and voltage regulators have been incorporated in to the design.
Power Inventory, Power Budgeting, and Capping From a usage perspective, you may have a limited amount of cooling at the rack level. With a user-defined power cap, you can allocate power as needed to meet your performance requirements. The iDRAC6 monitors power consumption and dynamically throttles processors to meet your defined power cap level, which maximizes performance while meeting your power requirements. Power Monitoring The iDRAC6 monitors the power consumption in PowerEdge servers continuously.
Viewing the Health Status of the Power Supply Units The Power Supplies page displays the status and rating of the power supply units installed in the server. Using the Web-Based Interface To view the health status of the power supply units: 1 Log in to the iDRAC6 Web-based interface. 2 Select Power Supplies in the system tree.
• Severe indicates at least one failure alert has been issued. Failure status indicates a power failure on the server, and corrective action must be taken immediately. – Location displays the name of the power supply unit: PS-n, where n is the power supply number. – Type displays the type of power supply, such as AC or DC (AC-to-DC or DC-to-DC voltage conversion).
Viewing Power Budget The server provides power budget status overviews of the power subsystem on the Power Budget Information page. Using the Web Interface NOTE: To perform power management actions, you must have Administrative privilege. 1 Log in to the iDRAC6 Web-based interface. 2 Click the Power tab. 3 Select the Power Budget option. 4 The Power Budget Information page displays.
Power Budget Threshold Power Budget Threshold, if enabled, allows a power capping limit to be set for the system. System performance will be dynamically adjusted to maintain power consumption near the specified threshold. Actual power consumption may be less for light workloads and may momentarily exceed the threshold until performance adjustments have completed. If you check Enabled for the Power budget Threshold, the system will enforce the user-specified threshold.
Using RACADM racadm config -g cfgServerPower -o cfgServerPowerCapWatts racadm config -g cfgServerPower -o cfgServerPowerCapBTUhr racadm config -g cfgServerPower -o cfgServerPowerCapPercent racadm config -g cfgServerPower -o cfgServerPowerCapEnable=<1 to enable, 0 to disable> NOTE: When setting the power budget threshold in BTU/hr, the conversion to Watts is rounded to the nearest integer.
• Warning Threshold: Displays the acceptable power consumption (in Watts and BTU/hr) recommended for system operation. Power consumption that exceeds this value results in warning events. • Failure Threshold: Displays the highest acceptable power consumption (in Watts and BTU/hr) required for system operation. Power consumption that exceeds this value results in critical/failure events.
Power Consumption data is not maintained across system resets and so will reset back to zero on those occasions. The power values displayed are cumulative averages over the respective time interval (previous minute, hour, day and week). Since the Start to Finish time intervals here may differ from those of the Power Tracking Statistics ones, peak power values (Max Peak Watts versus Max Power Consumption) may differ.
Using RACADM Open a Telnet/SSH text console to the iDRAC, log in, and type: racadm getconfig -g cfgServerPower For more information about cfgServerPower, including output details, see cfgServerPower in the iDRAC6 Administrator Reference Guide available on the Dell Support website at support.dell.com/manuals. Executing Power Control Operations on the Server NOTE: To perform power management actions, you must have Chassis Control Administrator privilege.
– Power Cycle System (cold boot) powers off and then reboots the system. This option is disabled if the system is already powered OFF. 4 Click Apply. A dialog box is displayed requesting confirmation. 5 Click OK to perform the power management action you selected (for example, cause the system to reset). Using RACADM Open a Telnet/SSH text console to the server, log in, and type: racadm serveraction where is powerup, powerdown, powercycle, hardreset, or powerstatus.
Power Monitoring and Management
17 Using the iDRAC6 Configuration Utility Overview The iDRAC6 Configuration Utility is a pre-boot configuration environment that allows you to view and set parameters for the iDRAC6 and for the managed server.
Starting the iDRAC6 Configuration Utility 1 Turn on or restart the server by pressing the power button on the front of the server. 2 When you see the Press for Remote Access Setup within 5 sec..... message, immediately press . NOTE: If your operating system begins to load before you press , allow the system to finish booting, then restart your server and try again. The iDRAC6 Configuration Utility window is displayed.
The following sections describe the iDRAC6 Configuration Utility menu items. iDRAC6 LAN Use , , and the spacebar to select between On and Off. The iDRAC6 LAN is enabled in the default configuration. The LAN must be enabled to permit the use of iDRAC6 facilities, such as the Web-based interface, Telnet/SSH, Virtual Console, and Virtual Media. If you choose to disable the LAN the following warning is displayed: iDRAC6 Out-of-Band interface will be disabled if the LAN Channel is OFF.
LAN Parameters Press to display the LAN Parameters submenu. When you have finished configuring the LAN parameters, press to return to the previous menu. Table 17-1. LAN Parameters Item Description Common Settings NIC Selection Press , , and spacebar to switch between the modes. The available modes are Dedicated, Shared, Shared with Failover LOM2, and Shared with Failover All LOMs.
Table 17-1. LAN Parameters (continued) Item Description Domain Name If Domain Name from DHCP is set to Off, press to edit the Current Domain Name text field. Press when you have finished editing. Press to return to the previous menu. The domain name must be a valid DNS domain, for example mycompany.com. Host Name String Press to edit. Enter the name of the host for Platform Event Trap (PET) alerts. LAN Alert Enabled Select On to enable the PET LAN alert.
Table 17-1. LAN Parameters (continued) Item Description Default Gateway If the IP Address Source is set to DHCP, this field displays the IP address of the default gateway obtained from DHCP. If the IP Address Source is set to Static, enter the IP address of the default gateway. The default is 192.168.0.1. DNS Servers from DHCP Select On to retrieve DNS server addresses from a DHCP service on the network. Select Off to specify the DNS server addresses below.
Table 17-1. LAN Parameters (continued) Item Description DNS Servers from DHCP Select On to retrieve DNS server addresses from a DHCP service on the network. Select Off to specify the DNS server addresses below. DNS Server 1 If DNS Servers from DHCP is Off, enter the IP address of the first DNS server. DNS Server 2 If DNS Servers from DHCP is Off, enter the IP address of the first DNS server.
vFlash Press to select Enabled or Disabled. • Enabled - vFlash is available for partition management. • Disabled - vFlash is not available for partition management. CAUTION: vFlash cannot be disabled if one or more partitions are in-use or is attached. Initialize vFlash Choose this option to initialize the vFlash card. Initialize operation erases existing data on the SD card and all existing partitions are removed.
• Write Protected - Displays whether the vFlash SD card is write-protected or not. • Health - Displays the overall health of the vFlash SD card. This can be: – OK – Warning – Critical Press to exit. Smart Card Logon Press to select Enabled or Disabled. This option configures the Smart Card Logon feature. The available options are Enabled, Disabled, and Enabled with RACADM.
Collect System Inventory on Restart Select Enabled to allow the collection of inventory during boot. See the Dell Lifecycle Controller User Guide available on the Dell Support Website at support.dell.com/manuals for more information. NOTE: Modifying this option restarts the server after you have saved your settings and exited from the iDRAC6 Configuration Utility. NOTE: If you choose to restore to factory defaults, the settings for Collect System Inventory on Restart does not change.
LCD Error Display Select Simple or SEL (System Event Log). This feature allows error messages to be displayed on the LCD in one of two formats: The Simple format provides an English language description of the event. The SEL format displays a System Event Log text string LCD Remote Virtual Select Enabled to display the text Virtual Console whenever a Console Indication Virtual Console is active on the unit.
Table 17-3. LAN User Configuration Item Description Auto-Discovery The auto-discovery feature enables automated discovery of unprovisioned systems on the network; further, it securely establishes initial credentials so that these discovered systems can be managed. This feature enables iDRAC6 to locate the provisioning server. iDRAC6 and provisioning service server mutually authenticate each other.
Table 17-3. LAN User Configuration Item Description Auto–Discovery (continued...) Before adding your Dell system to the network and using the auto–discovery feature, ensure that: • Dynamic Host Configuration Protocol (DHCP) server/Domain Name System (DNS) are configured. • Provisioning Web services is installed, configured, and registered. Provisioning Server This field is used to configure the provisioning server.
System Event Log Menu The System Event Log Menu allows you to view System Event Log (SEL) messages and to clear the log messages. Press to display the System Event Log Menu. The system counts the log entries and then displays the total number of records and the most recent message. The SEL retains a maximum of 512 messages. To view SEL messages, select View System Event Log and press .
18 Monitoring and Alert Management This section explains how to monitor the iDRAC6 and provides procedures to configure your system and the iDRAC6 to receive alerts. Configuring the Managed System to Capture the Last Crash Screen Before the iDRAC6 can capture the last crash screen, you must configure the managed system with the following prerequisites. 1 Install the managed system software. For more information about installing the managed system software, see the Server Administrator User's Guide.
Disabling the Windows Automatic Reboot Option To ensure that the iDRAC6 Web-based interface last crash screen feature works properly, disable the Automatic Reboot option on managed systems running the Microsoft Windows Server 2008 and Windows Server 2003 operating systems. Disabling the Automatic Reboot Option in Windows 2008 Server 1 Open the Windows Control Panel and double-click the System icon. 2 Click Advanced System Settings under Tasks on the left. 3 Click the Advanced tab.
• Temperature Warning Assert Filter • Temperature Critical Assert Filter • Intrusion Critical Assert Filter • Redundancy Degraded Filter • Redundancy Lost Filter • Processor Warning Assert Filter • Processor Critical Assert Filter • Processor AbsentCritical Assert Filter • Power Supply Warning Assert Filter • Power Supply Critical Assert Filter • Power Supply AbsentCritical Assert Filter • Event Log Critical Assert Filter • Watchdog Critical Assert Filter • System Power Warning As
Configuring PEF Using the Web-Based Interface For detailed information, see "Configuring Platform Event Filters (PEF)" on page 59. Configuring PEF Using the RACADM CLI 1 Enable PEF. Open a command prompt, type the following command, and press : racadm config -g cfgIpmiPef -o cfgIpmiPefEnable -i 1 1 where 1 and 1 are the PEF index and the enable/disable selection, respectively. The PEF index can be a value from 1 through 22. The enable/disable selection can be set to 1 (Enabled) or 0 (Disabled).
Configuring PET Configuring PET Using the Web User Interface For detailed information, see "Configuring Platform Event Traps (PET)" on page 59. Configuring PET Using the RACADM CLI 1 Enable your global alerts. Open a command prompt, type the following command, and press : racadm config -g cfgIpmiLan -o cfgIpmiLanAlertEnable 1 2 Enable PET.
3 Configure your PET policy. At the command prompt, type the following command and press : iPv4:racadm config -g cfgIpmiPet -o cfgIpmiPetAlertDestIPAddr -i 1 iPv6:racadm config -g cfgIpmiPetIpv6 -o cfgIpmiPetIPv6AlertDestIPAddr -i 1 where 1 is the PET destination index and and are the destination IP addresses of the system that receives the platform event alerts. 4 Configure the Community Name string.
where 1 and 1 are the e-mail destination index and the enable/disable selection, respectively. The e-mail destination index can be a value from 1 through 4. The enable/disable selection can be set to 1 (Enabled) or 0 (Disabled). For example, to enable e-mail with index 4, type the following command: racadm config -g cfgEmailAlert -o cfgEmailAlertEnable -i 4 1 3 Configure your e-mail settings.
Testing the RAC SNMP Trap Alert Feature The RAC SNMP trap alerting feature allows SNMP trap listener configurations to receive traps for system events that occur on the managed system. The following example shows how a user can test the SNMP trap alert feature of the RAC. racadm testtrap -i 2 Before you test the RAC SNMP trap alerting feature, ensure that the SNMP and trap settings are configured correctly.
To access/configure the iDRAC6 SNMP agent community name using the Web-based interface, go to Remote Access Network/Security Services and click SNMP Agent. To prevent SNMP authentication errors from being generated, you must enter community names that will be accepted by the agent. Since the iDRAC6 only allows one community name, you must use the same get and set community name for IT Assistant discovery setup.
Monitoring and Alert Management
19 Recovering and Troubleshooting the Managed System This section explains how to perform tasks related to recovering and troubleshooting a crashed remote system using the iDRAC6 Web-based interface.
Managing Power on a Remote System The iDRAC6 enables you to remotely perform several power management actions on the managed system so you can recover after a system crash or other system event. Selecting Power Control Actions from the iDRAC6 Web-Based Interface To perform power management actions using the Web-based interface, see "Executing Power Control Operations on the Server" on page 298.
The System Details page displays information about the following system components: • Main System Chassis • Remote Access Controller To access the System Details page, expand the System tree and click PropertiesSystem Details tab. Main System Chassis NOTE: To receive Host Name and OS Name information, you must have iDRAC6 services installed on the managed system. Table 19-1. System Information Field Description Description System description. BIOS Version System BIOS version.
Table 19-3. Embedded NIC MAC Addresses Field Description NIC 1 Displays the Media Access Control (MAC) address(es) of the embedded Network Interface Controller (NIC) 1. MAC addresses uniquely identify each node in a network at the Media Access Control layer. Internet Small Computer System Interface (iSCSI) NIC is a network interface controller with the iSCSI stack running on the host computer. Ethernet NICs support the wired Ethernet standard and plug into the system bus of the server.
Table 19-5. IPv4 Information Field Description IPv4 Enabled Yes or No IP Address The 32-bit address that identifies the Network Interface Card (NIC) to a host. The value is in the dot separated format, such as 143.166.154.127. Subnet Mask The Subnet Mask identifies the parts of the IP Address that are the Extended Network Prefix and the Host Number. The value is in the dot separated format, such as 255.255.0.0. Gateway The address of a router or a switch.
Table 19-6. IPv6 Information Fields (continued) Field Description Autoconfig Enabled Yes or No. AutoConfig lets the Server Administrator obtain the IPv6 address for the iDRAC NIC from the Dynamic Host Configuration Protocol (DHCPv6) server. Also, deactivates and flushes out the Static IP Address, Prefix Length, and Static Gateway values. Use DHCPv6 to obtain DNS server Addresses Yes or No. Indicates if you want to use DHCPv6 to obtain DNS server addresses.
Table 19-7. Status Indicator Icons (continued) Icon/Category Description Date/Time The date and time that the event occurred. If the date is blank, then the event occurred at System Boot. The format is mm/dd/yyyy hh:mm:ss, based on a 24-hour clock. Description A brief description of the event Table 19-8. SEL Page Buttons Button Action Print Prints the SEL in the sort order that it is displayed in the window. Refresh Reloads the SEL page. Clear Log Clears the SEL.
Using the POST Boot Logs NOTE: All logs are cleared after you reboot the iDRAC6. The Boot Capture page provides access to recordings of up to the last three available boot cycles. They are arranged in the order of latest to oldest. If the server has experienced no boot cycles then No Recording Available is displayed. Click Play after selecting an available boot cycle to display it in a new window. NOTE: Boot Capture is supported only on Java and not Active-X.
Viewing the Last System Crash Screen NOTE: The last crash screen feature requires the managed system with the Auto Recovery feature configured in Server Administrator. In addition, ensure that the Automated System Recovery feature is enabled using the iDRAC6. Navigate to the Services page under the Network/Security tab in the Remote Access section to enable this feature. The Last Crash Screen page displays the most recent crash screen.
Recovering and Troubleshooting the Managed System
20 Recovering and Troubleshooting the iDRAC6 This section explains how to perform tasks related to recovering and troubleshooting a crashed iDRAC6. You can use one of the following tools to troubleshoot your iDRAC6: • RAC Log • Diagnostics Console • Identify Server • Trace Log • racdump • coredump Using the RAC Log The RAC Log is a persistent log maintained in the iDRAC6 firmware.
Table 20-1. iDRAC Log Page Information Field Description Date/ Time The date and time (for example, Dec 19 16:55:47). When the iDRAC6 initially starts and is unable to communicate with the managed system, the time will be displayed as System Boot. Source The interface that caused the event. Description A brief description of the event and the user name that logged into the iDRAC6. Using the iDRAC Log Page Buttons The iDRAC Log page provides the buttons listed in Table 20-2. Table 20-2.
Using the Command Line Use the getraclog command to view the iDRAC6 log entries. racadm getraclog [options] racadm getraclog -i The getraclog -i command displays the number of entries in the iDRAC6 log. NOTE: For more information, see getraclog in the iDRAC6 Administrator Reference Guide available on the Dell Support website at support.dell.com/manuals. You can use the clrraclog command to clear all entries from the iDRAC log.
Table 20-3. Diagnostic Commands Command Description arp Displays the contents of the Address Resolution Protocol (ARP) table. ARP entries may not be added or deleted. ifconfig Displays the contents of the network interface table. netstat Prints the content of the routing table.
If you entered 0 seconds, follow these steps to disable it: 1 Click System Remote AccessTroubleshooting Identify. 2 On the Identify screen, deselect the Identify Server option. Click Apply. Using the Trace Log The internal iDRAC6 Trace Log is used by administrators to debug iDRAC6 alerting and networking issues. To access the Trace Log from the iDRAC6 Web-based interface: 1 In the System tree, click Remote Access. 2 Click the Diagnostics tab.
Using the coredump The racadm coredump command displays detailed information related to any recent critical issues that have occurred with the RAC. The coredump information can be used to diagnose these critical issues. If available, the coredump information is persistent across RAC power cycles and will remain available until either of the following conditions occur: • The coredump information is cleared using the coredumpdelete subcommand. • Another critical condition occurs on the RAC.
Sensors 21 Hardware sensors or probes help you to monitor the systems on your network in a more efficient way by enabling you to take appropriate actions to prevent disasters, such as system instability or damage. You can use the iDRAC6 to monitor hardware sensors for batteries, fan probes, chassis intrusion, power supplies, power consumed, temperature, and voltages. Battery Probes The Battery probes provide information about the system board CMOS and storage RAM on motherboard (ROMB) batteries.
Power Supplies Probes The power supplies probes provides information on: • Status of the power supplies • Power supply redundancy, that is, the ability of the redundant power supply to replace the primary power supply if the primary power supply fails. NOTE: If there is only one power supply in the system, the Power Supply Redundancy will be set to Disabled. Removable Flash Media Probes The Removable Flash Media sensor provides information about the vFlash SD card status (active or absent).
Voltage Probes The following are typical voltage probes. Your system may have these and/or others present. • CPU [n] VCORE • System Board 0.9V PG • System Board 1.5V ESB2 PG • System Board 1.5V PG • System Board 1.8V PG • System Board 3.3V PG • System Board 5V PG • System Board Backplane PG • System Board CPU VTT • System Board Linear PG The voltage probes indicate whether the status of the probes is within the pre-set warning and critical threshold values.
Sensors
22 Configuring Security Features The iDRAC6 provides the following security features: • Advanced Security options for the iDRAC6 administrator: • The Virtual Console disable option allows the local system user to disable Virtual Console using the iDRAC6 Virtual Console feature.
Security Options for the iDRAC6 Administrator Disabling the iDRAC6 Local Configuration Administrators can disable local configuration through the iDRAC6 graphical user interface (GUI) by selecting Remote Access Network/Security Services. When the Disable the iDRAC Local Configuration using option ROM check box is selected, the iDRAC6 Configuration Utility—accessed by pressing during system boot—operates in read-only mode, preventing local users from configuring the device.
CAUTION: These features severely limit the ability of the local user to configure the iDRAC6 from the local system, including performing a reset to default of the configuration. It is recommended that you use these features with discretion. Disable only one interface at a time to help avoid losing login privileges altogether. NOTE: See the white paper on Disabling Local Configuration and Remote Virtual KVM in the DRAC on the Dell Support site at support.dell.com for more information.
IP address to another device on the network, the resulting conflict may disable the out-of-band connectivity of the DRAC, requiring administrators to reset the firmware to its default settings through a serial connection. Disabling iDRAC6 Virtual Console Administrators can selectively disable the iDRAC6 remote Virtual Console, providing a flexible, secure mechanism for a local user to work on the system without someone else viewing the user’s actions through Virtual Console.
Securing iDRAC6 Communications Using SSL and Digital Certificates This subsection provides information about the following data security features that are incorporated in your iDRAC6: • "Secure Sockets Layer (SSL)" on page 349 • "Certificate Signing Request (CSR)" on page 349 • "Accessing the SSL Main Menu" on page 350 • "Generating a Certificate Signing Request" on page 351 Secure Sockets Layer (SSL) The iDRAC6 includes a Web server that is configured to use the industry-standard SSL security proto
viewed or changed by others. To ensure security for your DRAC, it is strongly recommended that you generate a CSR, submit the CSR to a CA, and upload the certificate returned from the CA. A CA is a business entity that is recognized in the IT industry for meeting high standards of reliable screening, identification, and other important security criteria. Examples of CAs include Thawte and VeriSign. After the CA receives your CSR, they review and verify the information the CSR contains.
Table 22-2. SSL Main Menu Buttons Button Description Print Prints the SSL Main Menu page. Refresh Reloads the SSL Main Menu page. Next Navigates to the next page. Generating a Certificate Signing Request NOTE: Each CSR overwrites any previous CSR on the firmware. Before iDRAC can accept your signed CSR, the CSR in the firmware must match the certificate returned from the CA. 1 On the SSL Main Menu, select Generate Certificate Signing Request (CSR) and click Next.
Table 22-3. Generate Certificate Signing Request (CSR) Page Options (continued) Field Description Locality The city or other location of the entity being certified (for example, Round Rock). Only alphanumeric characters and spaces are valid. Do not separate words using an underscore or some other character. State Name The state or province where the entity who is applying for a certification is located (for example, Texas). Only alphanumeric characters and spaces are valid. Do not use abbreviations.
Certificate Information (continued) Table 22-5. Field Description Subject Information Certificate attributes entered by the subject Issuer Information Certificate attributes returned by the issuer Valid From Issue date of the certificate Valid To Expiration date of the certificate Using the Secure Shell (SSH) For information about using SSH, see "Using the Secure Shell (SSH)" on page 91. Configuring Services NOTE: To modify these settings, you must have Configure iDRAC permission.
5 Click the appropriate Services page button to continue. See Table 22-13. Table 22-6. Local Configuration Settings Setting Description Disable the iDRAC local configuration using option ROM Disables local configuration of the iDRAC using option ROM. The option ROM prompts you to enter the setup module by pressing during system reboot. Disable the iDRAC local Disables local configuration of the iDRAC using configuration using RACADM local RACADM. Table 22-7.
Table 22-8. Setting SSH Settings Description Enabled Enables or disable SSH. When checked, the checkbox indicates that SSH is enabled. Timeout The secure shell idle timeout, in seconds. The Timeout range is 60 to 1920 seconds. Enter 0 seconds to disable the Timeout feature. The default is 300. Port Number The port on which the iDRAC6 listens for an SSH connection. The default is 22. Table 22-9. Telnet Settings Setting Description Enabled Enables or disables Telnet.
Table 22-11. SNMP Agent Settings Setting Description Enabled Enables or disables the SNMP agent. Checked=Enabled; Unchecked=Disabled. Community Name The name of the community that contains the IP address for the SNMP Alert destination. The Community Name can be up to 31 non-blank characters in length. The default setting is public. Table 22-12. Automated System Recovery Agent Setting Setting Description Enabled Enables the Automated System Recovery Agent. Table 22-13.
Enabling Additional iDRAC6 Security Options To prevent unauthorized access to your remote system, the iDRAC6 provides the following features: • IP address filtering (IPRange) — Defines a specific range of IP addresses that can access the iDRAC6. • IP address blocking — Limits the number of failed login attempts from a specific IP address These features are disabled in the iDRAC6 default configuration.
See the iDRAC6 Administrator Reference Guide available on the Dell Support website at support.dell.com/manuals for a complete list of cfgRacTuning properties. Table 22-14. IP Address Filtering (IpRange) Properties Property Description cfgRacTuneIpRangeEnable Enables the IP range checking feature. cfgRacTuneIpRangeAddr Determines the acceptable IP address bit pattern, depending on the 1’s in the subnet mask.
racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.255 To restrict logins to a small set of four adjacent IP addresses (for example, 192.168.0.212 through 192.168.0.215), select all but the lowest two bits in the mask, as shown below: racadm config -g cfgRacTuning -o cfgRacTuneIpRangeEnable 1 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeAddr 192.168.0.212 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.
As login failures accumulate from a specific IP address, they are aged by an internal counter. When the user logs in successfully, the failure history is cleared and the internal counter is reset. NOTE: When login attempts are refused from the client IP address, some SSH clients may display the following message: ssh exchange identification: Connection closed by remote host. See the iDRAC6 Administrator Reference Guide available on the Dell Support website at support.dell.
Enabling IP Blocking The following example prevents a client IP address from establishing a session for five minutes if that client has failed its five login attempts in a one-minute period of time.
Table 22-16. Network Security Page Settings Settings Description IP Range Enabled Enables the IP Range checking feature, which defines a specific range of IP addresses that can access the iDRAC6. IP Range Address Determines the acceptable IP address bit pattern, depending on the 1's in the subnet mask. This value is bitwise AND’d with the IP Range Subnet Mask to determine the upper portion of the allowed IP address.
Index A accessing SSL with web interface, 64 Active Directory adding iDRAC6 users, 160 configure, 31 configuring access to iDRAC6, 152 managing certificates, 70 objects, 149 schema extensions, 148 using with extended schema, 148 using with iDRAC6, 143 using with standard schema, 168 ASR configuring with web interface, 74 attach or detach partition, 281 authenticating Smart Card, 31 Auto Discovery, 312 B battery probes, 341 boot once enabling, 258 boot to a partition, 284 creating, 240 C Certificate Signi
Configuring a VFlash Media Card for Use With iDRAC6, 269 configuring and managing power, 290 Configuring Generic LDAP Directory Service Using RACADM, 182 Configuring Generic LDAP Directory Service Using the iDRAC6 Web-Based Interface, 178 Configuring iDRAC Direct Connect Basic Mode and Direct Connect Terminal Mode, 99 configuring PET with web interface, 59 configuring platform events, 57 configuring SOL using web interface, 254 console redirection configuring, 208 opening a session, 210 using, 203 creating
configuring, 320 configuring using RACADM CLI, 320 configuring using web interface, 320 configuring with web interface, 60 Empty Partition, 274 exporting Smart Card certificate, 193 extended schema Active Directory overview, 148 H hardware installing, 33 I Identify Server, 338 iDRAC KVM disabling or enabling using console redirection, 218 firmware/system services recovery image updating with web interface, 77 iDRAC6 accessing through a network, 109 adding and configuring users, 129 configuring, 36 confi
User 1, 129 preserve configuration, 79 iDRAC6 LAN, 303 IPMI Over LAN, 303 iDRAC6 ports, 26 IPMI Settings, 54 iDRAC6 serial configuring, 106 IPMI support, 20 iDRAC6 services configuring, 73 IpRange checking about, 357 IPv6 Settings, 53 iDRAC6 user enabling permissions, 141 Image File, 276 L installing and configuring iDRAC6 software, 36 LAN Parameters, 304 installing Dell extensions Active Directory Users and Computers snap-in, 159 integrated System-on-Chip microprocessor, 19 last crash screen
N configuring using RACADM CLI, 319 configuring using web interface, 319 Network Interface Card Settings, 50 network properties configuring, 123 configuring manually, 123 Network Security Page Settings, 56 NIC mode dedicated, 34 shared, 34 shared with Failover All LOMs, 35 Platform Event Trap PET, 57 platform events configuring, 316 platform events filters table, 57 platforms supported, 25 POST log using, 332 NIC modes shared with failover LOM2, 34 power capping, 289 O power monitoring, 289, 342 ope
uploading, 68 viewing, 69, 352 remote access connections supported, 26 remote power management, 20 remote system managing power, 326 troubleshooting, 325 role-based authority, 20, 129 S screen resolutions, support, 208 SD Card Properties, 270 Secure Shell (SSH) using, 91, 353 Server Management Command Line Protocol (SM-CLP) about, 231-232 support, 231 services configuring, 353 configuring with web interface, 73 setting up iDRAC6, 31 Single Sign-On, 191 Smart Card Authentication, 197 Smart Card authentica
adding and configuring with web interface, 63, 129 configuring iDRAC service, 73 temperature sensor, 342 terminal mode configuring, 106, 108 testing your configurations, 177 troubleshooting a remote system, 325 using RACADM to configure iDRAC6 Users, 137 utilities dd, 240 troubleshooting tools, 335 V Two-factor-authentication TFA, 193 vFlash Partitions, 269 vFlash SD card, 269 vFlash SD Card Properties, 272 U Unified Server Configurator, 27, 309-310 System Services, 309-310 system services, 27 updati
VMCLI utility, 239 about, 239 deploying the operating system, 241 includes vm6deploy script, 241 operating system shell options, 247 parameters, 244 return codes, 248 syntax, 244 using, 242 voltage probe, 343 W web browser configuring, 41 supported, 25 web interface accessing, 46 for configuring iDRAC6, 45 logging in, 47 logging out, 48 WS-MAN protocol, 20 370 Index