Dell Chassis Management Controller Version 1 2 Users Manual 1.2 User's Guide
2014-11-13
: Dell Dell-Chassis-Management-Controller-Version-1-2-Users-Manual-118065 dell-chassis-management-controller-version-1-2-users-manual-118065 dell pdf
Open the PDF directly: View PDF .
Page Count: 460
Download | |
Open PDF In Browser | View PDF |
Dell™ Chassis Management Controller Firmware Version 1.2 User Guide w w w. d e l l . c o m | s u p p o r t . d e l l . c o m Notes and Notices NOTE: A NOTE indicates important information that helps you make better use of your computer. NOTICE: A NOTICE indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. ____________________ Information in this document is subject to change without notice. © 2008 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden. Trademarks used in this text: Dell, the DELL logo, OpenManage, PowerEdge, and PowerConnect are trademarks of Dell Inc.; Microsoft, Active Directory, Internet Explorer, Windows, Windows NT, Windows Server, and Windows Vista are either trademarks or registered trademarks of Microsoft Corporation in the United States and other countries; Red Hat and Red Hat Enterprise Linux are registered trademarks of Red Hat, Inc.; Novell and SUSE are registered trademarks of Novell Corporation in the United States and other countries; Intel is a registered trademark of Intel Corporation; UNIX is a registered trademark of The Open Group in the United States and other countries. Avocent is a trademark of Avocent Corporation; OSCAR is a registered trademark of Avocent Corporation or its affiliates. Copyright 1998-2006 The OpenLDAP Foundation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. A copy of this license is available in the file LICENSE in the top-level directory of the distribution or, alternatively, at http://www.OpenLDAP.org/license.html. OpenLDAP is a registered trademark of the OpenLDAP Foundation. Individual files and/or contributed packages may be copyrighted by other parties and subject to additional restrictions. This work is derived from the University of Michigan LDAP v3.3 distribution. This work also contains materials derived from public sources. Information about OpenLDAP can be obtained at http:// www.openldap.org/. Portions Copyright 1998-2004 Kurt D. Zeilenga. Portions Copyright 1998-2004 Net Boolean Incorporated. Portions Copyright 2001-2004 IBM Corporation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. Portions Copyright 1999-2003 Howard Y.H. Chu. Portions Copyright 1999-2003 Symas Corporation. Portions Copyright 1998-2003 Hallvard B. Furuseth. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that this notice is preserved. The names of the copyright holders may not be used to endorse or promote products derived from this software without their specific prior written permission. This software is provided "as is'' without express or implied warranty. Portions Copyright (c) 1992-1996 Regents of the University of Michigan. All rights reserved. Redistribution and use in source and binary forms are permitted provided that this notice is preserved and that due credit is given to the University of Michigan at Ann Arbor. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission. This software is provided "as is'' without express or implied warranty. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own. August 2008 Rev. A00 Contents 1 CMC Overview . . . . . . . . . . . . . . . . . . . . . CMC Management Features . . . . . . . . . . . . . . . 25 Security Features . . . . . . . . . . . . . . . . . . . . 26 Chassis Overview . . . . . . . . . . . . . . . . . . . . 27 Hardware Specifications TCP/IP Ports . . . . . . . . . . . . . . . . 28 . . . . . . . . . . . . . . . . . . . . 28 Supported Remote Access Connections Supported Platforms . . . . . . . . . 29 . . . . . . . . . . . . . . . . . . 29 Supported Web Browsers . . . . . . . . . . . . . . . . Supported Management Console Applications . WS-Management Support . 30 . . . . . . . . . . . . . . . 30 . . . . . . . . . . . . Installing and Setting Up the CMC Before You Begin 29 . . . . Other Documents You May Need 2 25 32 . . . . . 35 . . . . . . . . . . . . . . . . . . . . 35 Installing the CMC Hardware . . . . . . . . . . . . . . Contents 35 3 Installing Remote Access Software on a Management Station . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Installing RACADM on a Linux Management Station . . . . . . . . . . . . . . . . . . . . . . . . 36 Uninstalling RACADM From a Linux Management Station . . . . . . . . . . . . . . . . . . . . . . . . 37 Configuring a Web Browser . . . . . . . . . . . . . . . 38 . . . . . . . . . . . . . . . . . . . . ® Phishing Filter . . . . . . . . . . . . . Microsoft 38 Certificate Revocation List (CRL) Fetching 39 Proxy Server . . . . . Downloading Files From CMC With Internet Explorer . . . . . . . . . . . . . . . . . . . . . . . 40 . . . . . . . 40 . . . . . . . . . . 40 Allow Animations in Internet Explorer Setting Up Initial Access to the CMC Basic CMC Network Connection . . . . . . . . . . . . . . . . 41 44 Configuring Networking Using the LCD Configuration Wizard . . . . . . . . . . Accessing the CMC Through a Network . . . . . . 45 . . . . . . . . 50 Installing or Updating the CMC Firmware . Downloading the CMC Firmware . . . . . . . . 52 . . . . . . . . . 52 Updating CMC Firmware Using the Web Interface . . . . . . . . . . . . . . . . . . . . . . 53 . . . . . . . . . . . . . . 53 Configuring Power Budgeting . . . . . . . . . . . Adding and Configuring Users . . . . . . . . 54 54 Adding SNMP and Email Alerts . Contents 54 . . . . . . . . . . . Configuring CMC Network Settings 4 53 . . . Updating the CMC Firmware Using RACADM Configuring CMC Properties . 41 . . . . . . . . . . . Daisy-chain CMC Network Connection Configuring the CMC Network 39 . . . . . . . . . . 55 Understanding the Redundant CMC Environment. About the Standby CMC . . . 55 . . . . . . . . . . . . . . 55 Primary CMC Election Process . 3 . . . . . . . . . . 56 Planning Deployment of Redundant CMCs . . . . . 56 Obtaining Health Status of Redundant CMC . . . . 56 . . . . . 57 . . . . . 57 . . . . . . . . . . . . 58 Configuring CMC to Use Command Line Consoles . . . . . . . . . . . . . . . . Command Line Console Features on the CMC Using a Serial or Telnet Console Using a Telnet Console With the CMC Using SSH With the CMC . . . . . . . . . 58 . . . . . . . . . . . . . . . . 58 Enabling SSH on the CMC Changing the SSH Port . . . . . . . . . . . . . . 59 . . . . . . . . . . . . . . 59 . . . 60 . . . . . . . 60 Enabling the Front Panel to iKVM Connection Configuring Terminal Emulation Software Configuring Linux Minicom for Serial Console Emulation . . . . . . . . . . . . . . . . . . . . Configuring Linux for Server Serial Console Redirection During Boot . . . . . . . . . . . . 61 . . . . 63 Enabling Login to the Server Serial Console After Boot . . . . . . . . . . . . . . . . . . . Connecting to Modules With the Connect Command . . . . . . . . . . . . . . . . . . . . . 64 . . . . . . . 67 Contents 5 4 Using the RACADM Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . 69 . . . . . . . . . . . . 70 . . . . . . . . . . . . . . . 70 Using a Serial or Telnet Console Logging in to the CMC . . . . . . . . . . . . . . 70 . . . . . . . . . . . . . . . . . . . . . 70 Starting a Text Console . Using RACADM. RACADM Subcommands . . . . . . . . . . . . . . Accessing RACADM Remotely . . . . . . . . . . . Enabling and Disabling the RACADM Remote Capability . . . . . . . . . . . . . . . . . . . 75 Using RACADM Remotely. . . . . . . . . . . . . . 75 RACADM Error Messages . . . . . . . . . . . . . 76 Using RACADM to Configure the CMC. . . . . . . . . . 76 Configuring CMC Network Properties . . . . . . . . . . 77 Viewing Current Network Settings . . . . . . . 77 . . . . . . . . . 78 Configuring the Network LAN Settings . . . . . . . 81 . . . . . . . . . . . 82 . . . . . . . . . . . . . . . . . . 82 Using RACADM to Configure Users Before You Begin Adding a CMC User . . . . . . . . . . . . . . . . . Disabling a CMC User . 83 . . . . . . 84 . . . . . . . . . . . . . . . 84 Enabling a CMC User With Permissions Configuring SNMP and Email Alerting . . . . . . . . . Configuring Multiple CMCs in Multiple Chassis 84 . . . . 84 . . . . . . . . . 86 . . . . . . . . . . . . . . . . . . . . 87 Creating a CMC Configuration File Parsing Rules 78 . . . . Configuring the Network Security Settings. Modifying the CMC IP Address . Contents 74 . . . Setting Up Initial Access to the CMC . 6 71 . . . . . . . . . . 89 Troubleshooting . . . . . . . . . . . . . . . . . . . . . Command updates for CMC 1.20 . 5 . . . . . . . . . . . . Using the CMC Web Interface . 91 . . . . . . . . 93 . . . . . . . . . . . 93 . . . . . . . . . . . . . . . . . . . . . 94 Accessing the CMC Web Interface Logging In . 90 Logging Out . . . . . . . . . . . . . . . . . . . . . Configuring Basic CMC Settings Setting the Chassis Name . . . . . . . . . . . . 95 . . . . . . . . . . . . . 95 . . . . . . 95 . . . . . . . . . . . . 95 Setting the Date and Time on the CMC . Monitoring System Health Status . . . 95 . . . . 96 . . . . . . . . . . . 96 Viewing Chassis and Component Summaries Viewing Chassis Graphics and Component Health Status . . . . . . . . . . . . . . . . Viewing Power Budget Status . . . . . 97 . . . . . . . . . . . . . . . . . 99 Viewing the Health Status of All Servers . Editing Slot Names 94 Setting the First Boot Device for Servers . . . . . Viewing the Health Status of an Individual Server . . . . . . . . . . . . . . . . . . . . Viewing the Health Status of IOMs . . . . . 102 . . . . . . . . 105 . . . . . . . 105 . . . . . . . . . . . . . 107 Viewing the Health Status of the Fans Viewing the iKVM Status . Viewing the Health Status of the PSUs . . . . . . . Viewing Status of the Temperature Sensors . . . . Viewing World Wide Name/Media Access Control (WWN/MAC) IDs . . . . . . . . . . . . . . . . . . . Fabric Configuration 100 108 110 . . 111 . . . . . . . . . . . . . . . . 111 WWN/MAC Addresses . . . . . . . . . . . . . . . Contents 112 7 Configuring CMC Network Properties . . . . . . . . . Setting Up Initial Access to the CMC . . . . . . . Configuring the Network LAN Settings . . . . . . . . . . . . . . . 120 . . . . . . . . . . . . . . . . . . . . 120 Adding and Managing Users . . . . . . . . . . . Configuring and Managing Microsoft Active Directory Certificates . . . . . . . . . . . . 127 . . . . . 130 Configuring Active Directory (Standard Schema and Extended Schema) . . . . . . . . . . . . . . 131 Uploading an Active Directory Certificate Authority-Signed Certificate . . . . . . . . . . . 135 . . . . . 135 Viewing an Active Directory Certificate Authority-Signed Certificate . . . . . . Securing CMC Communications Using SSL and Digital Certificates . . . . . . . . . . . . . . . . Secure Sockets Layer (SSL) . . . 136 . . . . . . . . . . . 136 . . . . . . . . 137 . . . . . . . . . 137 Certificate Signing Request (CSR) Accessing the SSL Main Menu . Generating a New Certificate Signing Request . . . . . . . . . . . . . . . . 141 141 . . . . . . . . . . . . . . . . . . 142 Configuring Services . . . . . . . . . . . . . . . . . . Configuring Power Budgeting . Managing Firmware 138 . . . . . . . . . . Viewing a Server Certificate Managing Sessions . . . . . . . . . . . . . . . . . Uploading a Server Certificate Contents 112 118 Adding and Configuring CMC Users . 8 112 . . Configuring CMC Network Security Settings . User Types 112 143 . . . . . . . . . . . . 150 . . . . . . . . . . . . . . . . . . 151 Viewing the Current Firmware Versions Updating Firmware . . . . . . 151 . . . . . . . . . . . . . . . . . 152 . . . 157 . . . . . . . . . . . . . . . . . . . . . . . 158 Recovering iDRAC Firmware Using the CMC FlexAddress Viewing FlexAddress Status Configuring FlexAddress . . . . . . . . . . . . 159 . . . . . . . . . . . . . . 163 Chassis-Level Fabric and Slot FlexAddress Configuration . . . . . . . . . . . . . . . . . . . 164 . . . . . . . . . . . . . . 165 . . . . . . . . . . . . . . . . 167 Server-Level Slot FlexAddress Configuration Frequently Asked Questions . Troubleshooting the CMC 6 Using FlexAddress . Activating FlexAddress 163 . . . . . . . . . . . . . . . . . . . . 169 . . . . . . . . . . . . . . . . . . . . . . . . . . 171 . . . . . . . . . . . . . . . 173 Verifying FlexAddress Activation . Deactivating FlexAddress . 170 Deactivating FlexAddress . . . . . . . . . . . . . Viewing FlexAddress Status Using the CLI . Configuring FlexAddress Using the CLI . . . . . . . 174 . . . . . . . . 174 Additional FlexAddress Configuration for Linux . . . . . . . . . . . . . . . . . . . . . . . . 175 . . . . . . . . . . . . 175 . . . . . . . . . . . . . . 176 Wake-On-LAN with FlexAddress Troubleshooting FlexAddress 173 FlexAddress DELL SOFTWARE LICENSE AGREEMENT . . . . . . . . . . . . . . . . . . . . . . . Contents 180 9 7 Using the CMC With Microsoft Active Directory . . . . . . . . . . . . . . . . . . . . . . . Active Directory Schema Extensions . 185 . . . . . . . . . 185 . . 185 . . . . . . . . . . . . . 186 Extended Schema Versus Standard Schema. Extended Schema Overview . Active Directory Schema Extensions . . . . . . . . . . . 186 . . . . . . . . 187 Overview of the RAC Schema Extensions Active Directory Object Overview Configuring Extended Schema Active Directory to Access Your CMC . . . . . . . . . . Extending the Active Directory Schema . . . . . Installing the Dell Extension to the Active Directory Users and Computers Snap-In . . . . . Adding CMC Users and Privileges to Active Directory . . . . . . . . . . . . . . . . . . . . . 191 197 198 . . 201 Configuring the CMC With Extended Schema Active Directory and RACADM . . . . . . . . . . 203 . . . . 205 Configuring Standard Schema Active Directory to Access Your CMC . . . . . . . . . . . . . . . 208 Configuring the CMC With Standard Schema Active Directory and Web Interface . . . . . . . 208 Configuring the CMC With Standard Schema Active Directory and RACADM . . . . . . . . . . 211 . . . . . . . . . . . . . 212 Frequently Asked Questions . Contents 191 Configuring the CMC With Extended Schema Active Directory and the Web Interface . . . Standard Schema Active Directory Overview. 10 186 8 Power Management Overview . . . . . . . . . . . . . . . . 215 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215 . . . . . . . . . . . . 216 Redundancy Policies . . . . . . . . . . . . . . . . . . 217 AC Redundancy . . . . . . . . . . . . . . . . . . . 217 Power Budgeting for Hardware Modules Dynamic PSU Engagement . . . . . . . . . . . . . 218 . . . . . . . . . . . . . . . . . . 218 Power Supply Redundancy . No Redundancy . Power Conservation and Power Budget Changes. . . . . . . . . . . . . . . . . . Configuring and Managing Power . . . . . 218 . . . . . . . . . . . 222 . . . . . . 223 . . . . . . . . . . . 224 Viewing the Health Status of the PSUs . Viewing Power Budget Status Configuring Power Budget and Redundancy . . . 233 . . . . . . . . 238 . . . . . . . . . . . . . 239 Assigning Priority Levels to Servers Setting the Power Budget 9 215 Throttling Power to Maintain Power Budget . . . . 240 Executing Power Control Operations on the Chassis . . . . . . . . . . . . . . . . . . . . . . . 241 Executing Power Control Operations on an IOM . . . . . . . . . . . . . . . . . . . . . . . . . 242 Executing Power Control Operations on a Server . . . . . . . . . . . . . . . . . . . . . . . . 243 Using the iKVM Module . Overview . . . . . . . . . . . . . 245 . . . . . . . . . . . . . . . . . . . . . . . . iKVM User Interface 245 . . . . . . . . . . . . . . . . 245 Security . . . . . . . . . . . . . . . . . . . . . . . 245 Scanning . . . . . . . . . . . . . . . . . . . . . . 245 . . . . . . . . . . . . . . . . 245 . . . . . . . . . . . . . . . . . . . . . . . . 246 Server Identification Video Contents 11 Plug and Play . . . . . . . . . . . . . . . . . . . FLASH Upgradable . . . . . . . . . . . . . . . . Physical Connection Interfaces . . . . . . . . . . . . iKVM Connection Precedences . . . . . . . . . 246 . . . . . . . . . . . . . . . . . . . . . 247 Navigation Basics. . . . . . . . . . . . . . . . . 247 Configuring OSCAR . . . . . . . . . . . . . . . . 249 . . . . . . . . . . . . . . . . . 251 252 . . . . . . . . . . . . . 255 . . . . . . . . . . . . . . 260 Viewing and Selecting Servers . Setting Console Security Scanning Your System 251 . . . . . . . . . Peripherals Compatibility and Support . Broadcasting to Servers . . . . . . . . . . . . . Managing iKVM From the CMC . . . . . . . . . . . . Enabling or Disabling the Front Panel . . . . . . 261 263 263 Enabling the Dell CMC Console via iKVM. . . . . 263 Viewing the iKVM Status and Properties . . . . . 264 . . . . . . . . . . 265 . . . . . . . . . . . . . . . . . . . . 267 Updating the iKVM Firmware . Troubleshooting 10 I/O Fabric Management . Fabric Management . . . . . . . . . . . . 273 . . . . . . . . . . . . . . . . . . 273 Invalid Configurations . . . . . . . . . . . . . . . . . Invalid Mezzanine Card (MC) Configuration Invalid IOM-IOM Configuration . 275 . . . 275 . . . . . . . . 275 . . . . . . . . . 275 Invalid IOM-Mezzanine Card (MC) Configuration . . . . . . . . . . . Contents 246 247 Managing Servers With iKVM . 12 246 . . . . . . . Tiering Through the ACI Connection Using OSCAR . 246 Fresh Power-up Scenario Monitoring IOM Health . . . . . . . . . . . . . . . . 276 . . . . . . . . . . . . . . . . . 276 Viewing the Health Status of an Individual IOM . . . . . . . . . . . . . . . . . . . . . Troubleshooting IOM Network Settings 11 Troubleshooting and Recovery Overview . . . . . 279 . . . . . . 284 . . . . . . . 285 . . . . . . . . . . . . . . . . . . . . . . . . Chassis Monitoring Tools . . . . . . . . . . . . . . . . Configuring LEDs to Identify Components on the Chassis . . . . . . . . . . . . . . . . . . 285 . . . . . . . . . . . . . 286 . . . . . . . . . . . . . . 291 First Steps to Troubleshooting a Remote System . . . . Monitoring Power and Executing Power Control Commands on the Chassis . . . . . . . . . . . . . Viewing Power Budget Status 294 . . . . . . . . . . . 294 . . . . . . . 295 . . . . . . . . . . . . . . 295 . . . . 298 . . . . . . . . . . . . . . . . . 300 Viewing Chassis and Component Health Status Viewing the Event Logs 294 . . . Executing a Power Control Operation Viewing Chassis Summaries 285 . . . Configuring SNMP Alerts . Configuring Email Alerts 285 Viewing the Hardware Log . Viewing the CMC Log . . . . . . . . . . . . . 300 . . . . . . . . . . . . . . . 303 . . . . . . . . . . . 304 . . . . . . . . . . . . . 306 Firmware Update Error Codes Using the Diagnostic Console . Interpreting LED Colors and Blinking Patterns . . . . . Contents 307 13 Troubleshooting a Non-responsive CMC . . . . . . . Observing the LEDs to Isolate the Problem . . . . Obtain Recovery Information From the DB-9 Serial Port . . . . . . . . . . . . . . . . . . . 310 Recovering the Firmware Image . . . . . . . . . 311 Troubleshooting Network Problems . . . . . . . . . . 312 . . . . . . . . . . . 312 . . . . . . . . . . . . . . . 315 Troubleshooting Alerting A RACADM Subcommands . . . . . . . . . . . . 317 . . . . . . . . . . . . . . . . 317 . . . . . . . . . . . . . . . . . . . . . . . . . . . 318 "?" and "?" arp chassisaction . . . . . . . . . . . . . . . . . . . . . 319 . . . . . . . . . . . . . . . . . . . . . . . . 320 . . . . . . . . . . . . . . . . . . . . . . . . . . 321 clrraclog clrsel . . . . . . . . . . . . . . . . . . . . 321 config . . . . . . . . . . . . . . . . . . . . . . . . . . 322 deploy . . . . . . . . . . . . . . . . . . . . . . . . . 324 feature . . . . . . . . . . . . . . . . . . . . . . . . . 326 cmcchangeover featurecard . fwupdate . . . . . . . . . . . . . . . . . . . . . . 327 . . . . . . . . . . . . . . . . . . . . . . . . 329 getassettag . . . . . . . . . . . . . . . . . . . . . . . getchassisname Contents 310 . . Disabling a Forgotten Password. 14 310 . . . . . . . . . . . . . . . . . . . . 331 332 getconfig . . . . . . . . . . . . . . . . . . . . . . . . . 332 getdcinfo . . . . . . . . . . . . . . . . . . . . . . . . . 335 getflexaddr . getioinfo . . . . . . . . . . . . . . . . . . . . . . . 337 . . . . . . . . . . . . . . . . . . . . . . . . . 339 . . . . . . . . . . . . . . . . . . . . . . . 340 . . . . . . . . . . . . . . . . . . . . . . . . . . 340 getkvminfo . getled. getmacaddress. . . . . . . . . . . . . . . . . . . . . . 342 . . . . . . . . . . . . . . . . . . . . . . . 343 getniccfg . . . . . . . . . . . . . . . . . . . . . . . . . 345 getpbinfo . . . . . . . . . . . . . . . . . . . . . . . . . 346 getpminfo . . . . . . . . . . . . . . . . . . . . . . . . 348 getraclog . . . . . . . . . . . . . . . . . . . . . . . . . 349 getractime . . . . . . . . . . . . . . . . . . . . . . . . 350 getmodinfo . getredundancymode . getsel . . . . . . . . . . . . . . . . . . . 351 . . . . . . . . . . . . . . . . . . . . . . . . . . 352 getsensorinfo . . . . . . . . . . . . . . . . . . . . . . 353 . . . . . . . . . . . . . . . . . . . . . . . 354 getssninfo . . . . . . . . . . . . . . . . . . . . . . . . 354 getsvctag . . . . . . . . . . . . . . . . . . . . . . . . . 356 getsysinfo . . . . . . . . . . . . . . . . . . . . . . . . 357 getslotname gettracelog . . . . . . . . . . . . . . . . . . . . . . . . Contents 359 15 help and help . . . . . . . . . . . . . . . 360 ifconfig . . . . . . . . . . . . . . . . . . . . . . . . . 361 netstat . . . . . . . . . . . . . . . . . . . . . . . . . 361 . . . . . . . . . . . . . . . . . . . . . . . . . . 362 ping . racdump . . . . . . . . . . . . . . . . . . . . . . . . 363 racreset . . . . . . . . . . . . . . . . . . . . . . . . . 366 racresetcfg . . . . . . . . . . . . . . . . . . . . . . . 367 serveraction . . . . . . . . . . . . . . . . . . . . . . 368 setchassisname . . . . . . . . . . . . . . . . . . . . 369 setassettag . . . . . . . . . . . . . . . . . . . . . . . 370 setflexaddr . . . . . . . . . . . . . . . . . . . . . . . 370 . . . . . . . . . . . . . . . . . . . . . . . . . 372 setled . setniccfg . . . . . . . . . . . . . . . . . . . . . . . . setractime . . . . . . . . . . . . . . . . . . . . . . . setslotname setsysinfo . 376 . . . . . . . . . . . . . . . . . . . . . . . 377 . . . . . . . . . . . . . . . . . . . 378 . . . . . . . . . . . . . . . . . . . . . 378 . . . . . . . . . . . . . . . . . . . . . . 379 sslcsrgen . . . . . . . . . . . . . . . . . . . . . . . . 381 sslresetcfg . . . . . . . . . . . . . . . . . . . . . . . 382 sslcertupload . sslcertview . Contents 374 . . . . . . . . . . . . . . . . . . . . . . sslcertdownload . 16 373 testemail . testtrap . . . . . . . . . . . . . . . . . . . . . . . . . 383 . . . . . . . . . . . . . . . . . . . . . . . . . 384 B CMC Property Database Group and Object Definitions . . . . . . . . . . . . . . Displayable Characters 385 . . . . . . . . . . . . . . . . . 385 . . . . . . . . . . . . . . . . . . 385 . . . . . . . . . . . . . . . . . . . . . 386 idRacInfo (read only). #idRacType . . . #idRacProductInfo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386 . . . . . . . . . . . . . . . . . 386 . . . . . . . . . . . . . . . . . . 386 . . . . . . . . . . . . . . . . . . . . 386 #idRacDescriptionInfo #idRacVersionInfo #idRacBuildInfo . #idRacName cfgLanNetworking . cfgNicEnable 386 . . . . . . . . . . . . . . . . . . . 387 . . . . . . . . . . . . . . . . . . . . 387 cfgNicIpAddress . . . . . . . . . . . . . . . . . . 387 cfgNicNetmask . . . . . . . . . . . . . . . . . . . 387 cfgNicGateway . . . . . . . . . . . . . . . . . . . 388 cfgNicUseDhcp . . . . . . . . . . . . . . . . . . . 388 #cfgNicMacAddress . . . . . . . . . . . . . . . . 388 . . . . . 388 cfgDNSServer1 (Read/Write) . . . . . . . . . . . . 388 cfgDNSServer2 (Read/Write) . . . . . . . . . . . . 389 . . . . . . . . . . . . . . . . . 389 cfgDNSServersFromDHCP (Read/Write) . cfgDNSRacName . cfgDNSDomainName . . . . . . . . . . . . . . . . cfgDNSRegisterRac 389 . . . . . . . . . 389 . . . . . . . . . . . . . . . . 390 cfgDNSDomainNameFromDHCP . Contents 17 cfgCurrentLanNetworking (read only) . . . . . . . . . 390 . . . . . . . . . . . . 390 # cfgNicCurrentNetmask . . . . . . . . . . . . . 391 # cfgNicCurrentGateway . . . . . . . . . . . . . 391 # cfgNicCurrentIpAddress . . . . . . . . . 391 # cfgDNSCurrentServer1 . . . . . . . . . . . . . 391 # cfgDNSCurrentServer1 . . . . . . . . . . . . . 391 # cfgNicCurrentDhcpWasUsed . # cfgDNSCurrentDomainName . cfgRemoteHosts . . . . . . . . . 391 . . . . . . . . . . . . . . . . . . . . 391 . . . . . . . . . 392 . . . . . . . . . . . 392 . . . . . . . . . . . . . 392 cfgRhostsFwUpdateTftpEnable . cfgRhostsFwUpdateIpAddr . cfgRhostsFwUpdatePath cfgRhostsSmtpServerIpAddr . cfgUserAdmin . . . . . . . . . . 392 . . . . . . . . . . . . . . . . . . . . . 393 . . . . . . . . . . . . . . 393 . . . . . . . . . . . . . . . 393 # cfgUserAdminIndex . cfgUserAdminEnable cfgUserAdminUserName . . . . . . . . . . . . . 394 # cfgUserAdminPassword . . . . . . . . . . . . 394 . . . . . . . . . . . . . 394 . . . . . . . . . . . . . . . . . . . . . 395 cfgUserAdminPrivilege . cfgEmailAlert . # cfgEmailAlertIndex . . . . . . . . . . . . . . . 396 cfgEmailAlertEnable . . . . . . . . . . . . . . . 396 # cfgEmailAlertAddress . . . . . . . . . . . . . . . . . . . . . . . . . . 396 . . . . . . . . . . . . . . . 397 cfgEmailAlertEmailName . cfgSessionManagement . cfgSsnMgtWebserverTimeout . . . . . . . . . . 397 cfgSsnMgtTelnetIdleTimeout . . . . . . . . . . . 397 . . . . . . . . . . . . 397 cfgSsnMgtSshIdleTimeout cfgSsnMgtRacadmTimeout . 18 Contents 396 . . . . . . . . . . . 397 cfgSerial . . . . . . . . . . . . . . . . . . . . . . . . . cfgSerialBaudRate . . . . . . . . . . . . . . . . . cfgSerialConsoleEnable . . . . . . . . . . . . . . cfgSerialConsoleQuitKey . . . . . . . . . . . . . . 399 399 . . . . . . . . . . . . 399 399 . . . . . . . . . . . . . . . 400 . . . . . . . . . . . . . . . . 400 . . . . . . . . . . . . . . . . . . . . . . 400 cfgSerialSshEnable . cfgNetTuningNicSpeed . . . . . . . . . . . . . . . cfgNetTuningNicFullDuplex cfgNetTuningNicMtu . . . . . . . . . . . . . 401 401 . . . . . . . . . . . . . 401 . . . . . . . . . . . . . . . . . . . . . . . 402 cfgOobSnmpAgentEnable . . . . . . . . . . . . . cfgOobSnmpAgentCommunity cfgTraps 401 . . . . . . . . . . . . . . . cfgNetTuningNicAutoneg cfgOobSnmp 399 . . . . . . . . . . . . . . . . cfgSerialTelnetEnable cfgNetTuning . 398 . . . . . . . . . . . cfgSerialConsoleCommand. cfgSerialHistorySize 398 . . . . . . . . . . . . . cfgSerialConsoleIdleTimeout . cfgSerialConsoleNoAuth . 398 402 . . . . . . . . . . . 402 . . . . . . . . . . . . . . . . . . . . . . . . . 402 # cfgTrapsIndex . . . . . . . . . . . . . . . . . . . 403 cfgTrapsEnable . . . . . . . . . . . . . . . . . . . 403 cfgTrapsAlertDestIpAddr . . . . . . . . . . . . . . 403 cfgTrapsCommunityName . . . . . . . . . . . . . 403 . . . . . . . . . . . . . . . . . . . . . . . 403 cfgAlerting . cfgAlertingEnable. . . . . . . . . . . . . . . . . . cfgAlertingFilterMask . . . . . . . . . . . . . . . cfgAlertingSourceEmailName cfgRacTuning 404 404 . . . . . . . . . . . 404 . . . . . . . . . . . . . . . . . . . . . . 404 . . . . . . . . 405 . . . . . . . . . . . 405 cfgRacTuneRemoteRacadmEnable cfgRacTuneWebserverEnable Contents 19 cfgRacTuneHttpPort . . . . . . . . . . . . . . . cfgRacTuneHttpsPort . . . . . . . . . . . . . . . 405 cfgRacTuneTelnetPort . . . . . . . . . . . . . . 405 . . . . . . . . . . . . . . . 405 cfgRacTuneSshPort . . . . . . . . . . . . 406 cfgRacTuneIpRangeAddr . . . . . . . . . . . . . 406 cfgRacTuneIpRangeMask . . . . . . . . . . . . 406 . . . . . . . . . . . . . 406 cfgRacTuneIpRangeEnable . cfgRacTuneIpBlkEnable cfgRacTuneIpBlkFailCount . . . . . . . . . . . . . . . . . . . . . . 407 cfgRacTuneIpBlkPenaltyTime. . . . . . . . . . . 407 . . . . . . . . . . . 407 . . . . . . . . . . . . 407 . . . . . . . . . . . . . . . . . . . . 408 cfgRacTuneDaylightOffset cfgRacSecurity . cfgRacSecCsrKeySize . . . . . . . . . . . . . . cfgRacSecCsrCommonName . . . . . . . . . . . cfgRacSecCsrOrganizationName. 408 409 . . . . . . . . . . . 409 . . . . . . . . . . . . 409 . . . . . . . . . . . 409 . . . . . . . . . . . . . 409 . . . . . . . . . . . . . . . . . . 410 . . . . . . . . . . . . . . . . . . . 410 cfgRacSecCsrCountryCode . cfgRacSecCsrEmailAddr cfgActiveDirectory . cfgADEnable 408 . . . . . . . . cfgRacSecCsrLocalityName cfgRacSecCsrStateName. 408 . . . . . . . . . cfgRacSecCsrOrganizationUnit . cfgADRacDomain . . . . . . . . . . . . . . . . . 410 cfgADRootDomain . . . . . . . . . . . . . . . . 410 . . . . . . . . . . . . . . . . . 410 cfgADRacName . . . . . . . . . . . . . . . . . 411 . . . . . . . . . . . . . . . . . . . . 411 cfgADAuthTimeout cfgADType . . . . . . . . . . . 411 . . . . . . . . . . . . . 411 . . . . . . . . . . . . . . . 411 cfgADSpecifyServerEnable . cfgADDomainController. cfgADGlobalCatalog Contents 406 cfgRacTuneIpBlkFailWindow . cfgRacTuneTimezoneOffset . 20 405 cfgStandardSchema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412 . . . . . . . . . . . . . 412 # cfgSSADRoleGroupIndex . cfgSSADRoleGroupName cfgSSADRoleGroupDomain . . . . . . . . . . . . 412 . . . . . . . . . . . 413 . . . . . . . . . . . . . . . . . . . . 413 cfgSSADRoleGroupPrivilege . cfgChassisPower 412 # cfgChassisInPower . . . . . . . . . . . . . . . . # cfgChassisPeakPower . . . . . . . . . . . . . . 413 . . . . . . . . 414 . . . . . . . . . . . . . . 414 # cfgChassisPeakPowerTimestamp # cfgChassisMinPower . 413 . . . . . . . . 414 . . . . . . . . . . . . . 414 # cfgChassisMinPowerTimestamp . # cfgChassisPowerStatus # cfgChassisRedundantState . . . . . . . . . . . . 414 cfgChassisPowerCap . . . . . . . . . . . . . . . . 414 cfgChassisPowerCapF . . . . . . . . . . . . . . . 414 cfgChassisPowerCapBTU . . . . . . . . . . . . . cfgChassisPowerCapFBTU . . . . . . . . . . . . . cfgChassisPowerCapPercent . . . . . . . . . . . 415 415 . . . . . . . . . . 415 . . . . . . . . . . . 416 cfgChassisPowerCapFPercent . cfgChassisRedundancyPolicy 415 . . . 416 # cfgChassisInMaxPowerCapacity . . . . . . . . . 416 # cfgChassisInRedundancyReserve . . . . . . . . 416 cfgChassisDynamicPSUEngagementEnable . # cfgChassisInPowerServerAllocation . . . . . . . . . 416 . . . . . . . . 416 # cfgChassisInfrastructureInPowerAllocation . # cfgChassisTotalInPowerAvailable . . . . . . 417 . . . . . . . . . . . . . . 417 # cfgChassisStandbyInPowerCapacity . # cfgChassisPowerClear 416 . . . . . . . . 417 . . . . . . . . . . 417 # cfgChassisPowerClearTimestamp cfgChassisPowerButtonEnable # cfgSystemEnergyConsumptionClear . . . . . . . Contents 417 21 cfgServerInfo . . . . . . . . . . . . . . . . . . . . . . # cfgServerInfoIndex . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418 418 . . . . . . . . . . . . . . . . . 419 # cfgServerServiceTag # cfgServerBmcMacAddress . . . . . . . . . . . 419 # cfgServerNic1MacAddress . . . . . . . . . . . 419 # cfgServerNic2MacAddress . . . . . . . . . . . 419 . . . . . . . . . . . . . . . . . 419 cfgServerPriority cfgServerNicEnable . . . . . . . . . . . . . . . cfgServerIPMIOverLanEnable . . . . . . . . . . . . . . . . . . . . . 420 . . . . . . . . . . . . . 420 . . . . . . . . . . . . 420 . . . . . . . . . . . . . . . . . . . . . . 421 #cfgServerRootPassword. cfgKVMInfo . cfgKVMAccessToCMCEnable cfgKVMFrontPanelEnable . . . . . . . . . . 421 . . . . . . . . . . . . 421 C Using the LCD Panel Interface . . . . . . . 423 LCD Navigation . . . . . . . . . . . . . . . . . . . . . 423 Main Menu . . . . . . . . . . . . . . . . . . . . 424 LCD Setup Menu . . . . . . . . . . . . . . . . . Default Screen 424 . . . . . . . . . . . . . 424 . . . . . . . . . . . . . . . . . . 425 Language Setup Screen Graphical Server Status Screen . . . . . . . . . . . . . . . . . 426 427 . . . . . . . . . . . . . . 427 Enclosure Menu Screen Module Status Screen . . . . . . . . . . . . . 427 . . . . . . . . . . . . . . . 427 Enclosure Status Screen IP Summary Screen . 425 . . . . . . . . . . . . . Graphical Module Status Screen . Contents 419 419 cfgServerDNSRegisterIMC . cfgServerDNSIMCName 419 . . . . . . . #cfgServerPowerBudgetAllocation 22 418 . . . . . . . . . . . . . . # cfgServerSlotNumber . cfgServerName . 418 Diagnostics . . . . . . . . . . . . 428 . . . . . . . . . . . . . . . 431 . . . . . . . . . . . . . . . . . . 432 LCD Hardware Troubleshooting . Front Panel LCD Messages LCD Error Messages . LCD Module and Server Status Information . Glossary Index 428 . . . . . . . . . . . . . . . . . . . . . . . 442 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455 Contents 23 24 Contents CMC Overview The Dell™ Chassis Management Controller (CMC) is a hot-pluggable systems management hardware and software solution designed to provide remote management capabilities and power control functions for Dell M1000e chassis systems. You can configure the CMC to send email alerts or SNMP trap alerts for warnings or errors related to temperatures, hardware misconfigurations, power outages, and fan speeds. The CMC, which has its own microprocessor and memory, is powered by the modular chassis into which it is plugged. To get started with the CMC, see "Installing and Setting Up the CMC" on page 35. CMC Management Features The CMC provides the following management features: • Redundant CMC Environment • Dynamic Domain Name System (DNS) registration • Remote system management and monitoring using SNMP, a Web interface, iKVM, or Telnet or SSH connection • Support for Microsoft® Active Directory® authentication — Centralizes CMC user IDs and passwords in Active Directory using the Standard Schema or an Extended Schema • Monitoring — Provides access to system information and status of components • Access to system event logs — Provides access to the hardware log and CMC log • Firmware updates for various components - CMC, servers, iKVM, and I/O module infrastructure devices CMC Overview 25 • Dell OpenManage™ software integration — Enables you to launch the CMC Web interface from Dell OpenManage Server Administrator or IT Assistant • CMC alert — Alerts you to potential managed node issues through an e-mail message or SNMP trap • Remote power management — Provides remote power management functions, such as shutdown and reset on any chassis component, from a management console • Power usage reporting • Secure Sockets Layer (SSL) encryption — Provides secure remote system management through the Web interface • Password-level security management — Prevents unauthorized access to a remote system • Role-based authority — Provides assignable permissions for different systems management tasks • Launch point for the Integrated Dell Remote Access Controller (iDRAC) Web interface • Support for WS-Management (for more information, see "WSManagement Support" on page 30) • FlexAddress feature - Replaces the factory-assigned World Wide Name/Media Access Control (WWN/MAC) IDs with chassis-assigned WWN/MAC IDs for a particular slot; an optional upgrade (for more information, see "Using FlexAddress" on page 169) • Graphical display of chassis component status and health • Support for single and multi-slot servers Security Features The CMC provides the following security features: 26 • User authentication through Active Directory (optional), or hardwarestored user IDs and passwords • Role-based authority, which enables an administrator to configure specific privileges for each user • User ID and password configuration through the Web interface CMC Overview • Web interface supports 128-bit SSL 3.0 encryption and 40-bit SSL 3.0 encryption (for countries where 128-bit is not acceptable) NOTE: Telnet does not support SSL encryption. • Configurable IP ports (where applicable) • Login failure limits per IP address, with login blocking from the IP address when the limit is exceeded • Configurable session auto time out, and number of simultaneous sessions • Limited IP address range for clients connecting to the CMC • Secure Shell (SSH), which uses an encrypted layer for higher security Chassis Overview Figure 1-1 shows the facing edge of a CMC (inset) and the locations of the CMC slots in the chassis. Figure 1-1. Dell M1000e Chassis and CMC CMC Overview 27 Hardware Specifications TCP/IP Ports You must provide port information when opening firewalls for remote access to a CMC. Table 1-1 identifies the ports on which the CMC listens for server connections. Table 1-2 identifies the ports that the CMC uses as clients. Table 1-1. CMC Server Listening Ports Port Number Function 22* SSH 23* Telnet 80* HTTP 161 SNMP Agent 443* HTTPS * Configurable port Table 1-2. CMC Client Port Port Number 28 Function 25 SMTP 53 DNS 68 DHCP-assigned IP address 69 TFTP 162 SNMP trap 636 LDAPS 3269 LDAPS for global catalog (GC) CMC Overview Supported Remote Access Connections Table 1-3 lists the connection features. Table 1-3. Supported Remote Access Connections Connection Features CMC NIC • 10Mbps/100Mbps/1Gbps Ethernet via CMC GbE port • DHCP support • SNMP traps and email event notification • Dedicated network interface for the CMC Web interface • Network interface for the iDRAC and I/O Modules (IOMs) • Support for Telnet/SSH command console and RACADM CLI commands including system boot, reset, power-on, and shutdown commands Serial port • Support for serial console and RACADM CLI commands including system boot, reset, power-on, and shutdown commands • Support for binary interchange for applications specifically designed to communicate with a binary protocol to a particular type of IOM • Serial port can be switched to IOMs using the connect command Other connections • Access to the Dell CMC Console through the Avocent® Integrated KVM Switch Module (iKVM) Supported Platforms The CMC supports modular systems designed for the M1000e platform. For information about compatibility with the CMC, see the documentation for your device. For the latest supported platforms, see the Dell PowerEdge Compatibility Guide located on the Dell Support website at support.dell.com. Supported Web Browsers Table 1-4 lists the Web browsers supported as CMC clients. CMC Overview 29 For the latest information on supported Web browsers, see the Dell OpenManage Server Administrator Compatibility Guide located on the Dell Support website at support.dell.com. Table 1-4. Supported Web Browsers Operating System Supported Web Browser Windows® Internet Explorer® 6.0 (32-bit) with Service Pack 2 (SP2) for Windows XP and Windows 2003 R2 SP2 only. Internet Explorer 7.0 for Windows Vista®, Windows XP, and Windows 2003 R2 SP2 only. Linux Mozilla Firefox 1.5 (32-bit) for SUSE® Enterprise Linux (version 10) only. Mozilla Firefox 2.0 (32-bit). To view localized versions of the CMC Web interface: 1 Open the Windows Control Panel. 2 Double-click the Regional Options icon. 3 Select the desired locale from the Your locale (location) drop-down menu. Supported Management Console Applications The CMC supports integration with Dell OpenManage IT Assistant. For more information, refer to the documentation for the OpenManage IT Assistant. WS-Management Support The CMC firmware includes an implementation of the WS-Management specification. WS-Management, a new Web Services specification over SOAP-based protocol for systems management, provides a universal language for devices to share data so they can be managed more easily. Access to WS-Management requires Administrator (or root) user privileges using Basic authentication over Secured Socket Layer (SSL) protocol at port 443. For information on setting user accounts, see "cfgSessionManagement" on page 397. 30 CMC Overview The data available through WS-Management is a subset of data provided by the CMC instrumentation interface mapped to the following DMTF profiles version 1.0.0: • Allocation Capabilities Profile • Base Metrics Profile • Base Server Profile • Computer System Profile • Modular System Profile • Physical Asset Profile • Dell Power Allocation Profile • Dell Power Supply Profile • Dell Power Topology Profile • Power State Management Profile • Profile Registration Profile • Record Log Profile • Resource Allocation Profile • Role Based Authorization Profile • Sensors Profile • Service Processor Profile • Simple Identity Management Profile For more information, refer to www.dmtf.org/standards/profiles/. For updates to this list or information, refer to WS-Management release notes or readme file. The WS-Management implementation complies with the DMTF Web Services for Management (WS Management) specification version 1.0.0. Known compatible tools that support WS-Management protocol include (but are not limited to) the Microsoft WinRM and OpenWSMan CLI tools. CMC Overview 31 For specific WS-Management support, see your management application documentation. Additional documentation is available on the Web: • www.wbemsolutions.com/ws_management.html • DMTF WS-Management Specifications: www.dmtf.org/standards/wbem/wsman • DMTF Management Profiles: www.dmtf.org/standards/profiles/ Other Documents You May Need In addition to this User’s Guide, the following documents provide additional information about the setup and operation of the CMC. All of these documents may be accessed at http:support.dell.com: • The CMC online help provides information about using the Web interface. • The Chassis Management Controller (CMC) Secure Digital (SD) Card Technical Specification provides minimum BIOS and firmware version, installation and usage information. • The Integrated Dell Remote Access Controller Firmware Version 1.0 User’s Guide provides information about installation, configuration and maintenance of the iDRAC on management and managed systems. • The Dell OpenManage™ IT Assistant User’s Guide provides information about IT Assistant. • Documentation specific to your third-party management console application. • The Dell OpenManage Server Administrator’s User’s Guide provides information about installing and using Server Administrator. • The Dell Update Packages User's Guide provides information about obtaining and using Dell Update Packages as part of your system update strategy. The following system documents are also available to provide more information about the system in which your CMC is installed: • 32 The Product Information Guide provides important safety and regulatory information. Warranty information may be included within this document or as a separate document. CMC Overview • The Rack Installation Guide and Rack Installation Instructions included with your rack solution describe how to install your system into a rack. • The Hardware Owner’s Manual provides information about system features and describes how to troubleshoot the system and install or replace system components. • Systems management software documentation describes the features, requirements, installation, and basic operation of the software. • Documentation for any components you purchased separately provides information to configure and install these options. • Updates are sometimes included with the system to describe changes to the system, software, and/or documentation. NOTE: Always read the updates first because they often supersede information in other documents. • Release notes or readme files may be included to provide last-minute updates to the system or documentation or advanced technical reference material intended for experienced users or technicians. • For more information on IOM network settings, refer to the Dell™ PowerConnect™ M6220 Switch Important Information document and the Dell™ PowerConnect™ 6220 Series Port Aggregator White Paper. CMC Overview 33 34 CMC Overview Installing and Setting Up the CMC This section provides information about how to install your CMC hardware, establish access to the CMC, and configure your management environment to use the CMC. This chapter guides you through the next steps for configuring the CMC: • Set up initial access to the CMC • Access the CMC through a network • Add and configure CMC users • Update the CMC firmware Additionally, you can find information about installing and setting up redundant CMC environments at "Understanding the Redundant CMC Environment" on page 55. Before You Begin Prior to setting up your CMC environment, download the latest version of the CMC firmware from the Dell Support website at support.dell.com. Then, get the Dell Systems Management Tools and Documentation DVD that was included with your system: Installing the CMC Hardware Because the CMC is preinstalled on your chassis, no installation is required. To get started with the CMC that is installed on your system, see "Installing Remote Access Software on a Management Station" on page 36. You can install a second CMC to run as a standby to the primary CMC. For more information about a standby CMC, see "Understanding the Redundant CMC Environment" on page 55. Installing and Setting Up the CMC 35 Installing Remote Access Software on a Management Station You can access the CMC using the Telnet, Secure Shell (SSH), or serial console utilities provided on your operating system or using the Web interface. If you want to use remote RACADM from your management station, you will need to install it. Your system includes the Dell Systems Management Tools and Documentation DVD. This DVD includes the following components: • DVD root - Contains the Dell System Build and Update Utility • SYSMGMT - Contains the systems management software products including Dell OpenManage Server Administrator • Docs - Contains documentation for systems, systems management software products, peripherals, and RAID controllers • SERVICE - Contains the tools you need to configure your system, and delivers the latest diagnostics and Dell-optimized drivers for your system For information about installing Server Administrator software, see your Server Administrator User's Guide. Installing RACADM on a Linux Management Station 1 Log on as root to the system running a supported Red Hat Enterprise Linux or SUSE Linux Enterprise Server operating system where you want to install the managed system components. 2 Insert the Dell Systems Management Tools and Documentation DVD into the DVD drive. 3 If necessary, mount the DVD to a location of your choice using the mount command or a similar command. NOTE: On the Red Hat Enterprise Linux 5 operating system, DVDs are automounted with the -noexec mount option. This option does not allow you to run any executable from the DVD. You need to manually mount the DVD-ROM and then run the executables. 4 Navigate to the SYSMGMT/srvadmin/linux/supportscripts directory. Execute the srvadmin-install.sh script as follows: sh srvadmin-install.sh --express 36 Installing and Setting Up the CMC or sh srvadmin-install.sh -x The script installs the typical software suite for your system configuration. NOTE: You can log the output of the RPM installation by adding 2>&1 | tee -a /var/log/srvadmin.log to the above shell script execution. The resulting command is sh srvadmin-install.sh 2>&1|tee -a /var/log/srvadmin.log 5 Start the Server Administrator services with the sh srvadminservices.sh start command. NOTE: The Dell Systems Management Tools and Documentation DVD contains version 5.4 of the Dell OpenManage systems management software kit and version 1.0.3 of the Dell Systems Build and Update Utility. The root of the DVD also contains ISO images of the Dell Systems Build and Update Utility (version 1.0) and the Dell Systems Console and Agent CD (Dell OpenManage software version 5.3.0.1). You can also download Web packages of versions 5.4 of the Dell OpenManage Server Administrator and Dell OpenManage Management Station software from the Dell Support site at support.dell.com. You can transfer the contents of these Web packages to CDs or USB keys for systems that do not have DVD drives. For help with the RACADM command, type racadm help after issuing the previous commands. For more information about RACADM, see "Using the RACADM Command Line Interface" on page 69. NOTE: When using the RACADM remote capability, you must have write permission on the folders where you are using the RACADM subcommands involving file operations, for example: racadm getconfig -f or racadm sslcertupload -t 1 -f c:\cert\cert.txt Uninstalling RACADM From a Linux Management Station Open a text console on your management station and type: rpm -e where is the rpm package that was used to install the RAC software. Installing and Setting Up the CMC 37 For example, if the rpm package name is srvadmin-racadm5, then type: rpm -e srvadmin-racadm5 Configuring a Web Browser You can configure and manage the CMC and the servers and modules installed in the chassis through a Web browser. See "Supported Web Browsers" on page 29 for a list of the Web browsers you can use with the CMC. Your CMC and the management station where you use your browser must be on the same network, which is called the management network. Depending on your security requirements, the management network can be an isolated, highly secure network. You must ensure that security measures on the management network, such as firewalls and proxy servers, do not prevent your Web browser from accessing the CMC. Also, be aware that some browser features can interfere with connectivity or performance, especially if the management network does not have a route to the Internet. If your management station is running a Windows operating system, there are Internet Explorer settings that can interfere with connectivity even when you are using a command line interface to access the management network. Proxy Server If you have a proxy server for browsing and it does not have access to the management network, you can add the management network addresses to the browser’s exception list. This instructs the browser to bypass the proxy server when accessing the management network. Internet Explorer Follow these steps to edit the exception list in Internet Explorer: 1 Start Internet Explorer. 2 Click Tools→ Internet Options…, then click Connections. 3 In the Local Area Network (LAN) settings section, click LAN Settings…. 4 In the Proxy server section, click Advanced…. 38 Installing and Setting Up the CMC 5 In the Exceptions section, add the addresses for CMCs and iDRACs on the management network to the semicolon-separated list. You can use DNS names and wildcards in your entries. Mozilla FireFox Follow these steps to edit the exception list in Mozilla FireFox: 1 Start FireFox. 2 Click Tools→ Options…→ Advanced, then click the Network tab. 3 Click Settings…. 4 In the No Proxy for field, add the addresses for CMCs and iDRACs on the management network to the comma-separated list. You can use DNS names and wildcards in your entries. Microsoft® Phishing Filter If the Microsoft Phishing Filter is enabled in Internet Explorer 7 on your management system and your CMC does not have Internet access, you may experience delays of several seconds when accessing the CMC, whether you are using the browser or another interface such as remote RACADM. Follow these steps to disable the phishing filter: 1 Start Internet Explorer. 2 Click Tools→ Phishing Filter, and then click Phishing Filter Settings. 3 Check the Disable Phishing Filter checkbox. 4 Click OK. Certificate Revocation List (CRL) Fetching If your CMC has no route to the Internet, you should disable the certificate revocation list (CRL) fetching feature in Internet Explorer. This feature tests whether a server such as the CMC Web server is using a certificate that is on a list of revoked certificates retrieved from the Internet. If the Internet is inaccessible, this feature can cause delays of several seconds when you access the CMC using the browser or with a command line interface such as remote RACADM. Installing and Setting Up the CMC 39 Follow these steps to disable CRL fetching: 1 Start Internet Explorer. 2 Click Tools→ Internet Options…, then click Advanced. 3 Scroll to the Security section and uncheck Check for publisher’s certificate revocation. 4 Click OK. Downloading Files From CMC With Internet Explorer When you use Internet Explorer to download files from the CMC you may experience problems when the Do not save encrypted pages to disk option is not enabled. Follow these steps to enable the Do not save encrypted pages to disk option: 1 Start Internet Explorer. 2 Click Tools→ Internet Options…, then click Advanced. 3 Scroll to the Security section and check Do not save encrypted pages to disk. Allow Animations in Internet Explorer When transferring files to and from the Web interface, a file transfer icon spins to show transfer activity. For Internet Explorer, this requires that the browser be configured to play animations, which is the default setting. Follow these steps to configure Internet Explorer to play animations: 1 Start Internet Explorer. 2 Click Tools→ Internet Options…, then click Advanced. 3 Scroll to the Multimedia section and check Play animations in web pages. Setting Up Initial Access to the CMC To manage the CMC remotely, connect the CMC to your management network and then configure the CMC network settings. For information on how to configure the CMC network settings, see "Configuring the CMC Network" on page 44. This initial configuration assigns the TCP/IP networking parameters that enable access to the CMC. 40 Installing and Setting Up the CMC The CMC is connected to the management network. All external access to the CMC and iDRACs is accomplished through the CMC. Access to the managed servers, conversely, is accomplished through network connections to I/O modules (IOMs). This allows the application network to be isolated from the management network. If you have one chassis, connect the CMC, and the standby CMC if present, to the management network. If you have more than one chassis, you can choose between the basic connection, where each CMC is connected to the management network, or a daisy-chained chassis connection, where the chassis are connected in series and only one is connected to the management network. The basic connection type uses more ports on the management network and provides greater redundancy. The daisy-chain connection type uses fewer ports on the management network but introduces dependencies between CMCs, reducing the redundancy of the system. Basic CMC Network Connection For the highest degree of redundancy, connect each CMC to your management network. If a chassis has just one CMC, make one connection on the management network. If the chassis has a redundant CMC in the secondary CMC slot, make two connections to the management network. Each CMC has two RJ-45 Ethernet ports, labeled GB1 (the uplink port) and STK (the stacking port). With basic cabling, you connect the GB1 port to the management network and leave the STK port unused. Daisy-chain CMC Network Connection If you have multiple chassis in a rack, you can reduce the number of connections to the management network by daisy-chaining up to four chassis together. If each of four chassis contains a redundant CMC, by daisy-chaining you reduce the number of management network connections required from eight to two. If each chassis has only one CMC, you reduce the connections required from four to one. When daisy-chaining chassis together, GB1 is the uplink port and STK is the stacking port. A GB1 port must connect to the management network or to the STK port of the CMC in a chassis that is closer to network. The STK port must only receive a connection from a GB1 port further from the chain or network. Installing and Setting Up the CMC 41 Create separate chains for the CMCs in the primary CMC slot and the second CMC slot. Figure 2-1 illustrates the arrangement of cables for four daisy-chained chassis, each with CMCs in the primary and secondary slots. 42 Installing and Setting Up the CMC Figure 2-1. Daisy-chained CMC Network Connection 1 2 3 1 management network 3 primary CMC 2 secondary CMC Installing and Setting Up the CMC 43 Follow these steps to daisy-chain up to four chassis: 1 Connect the GB1 port of the primary CMC in the first chassis to the management network. 2 Connect the GB1 port of the primary CMC in the second chassis to the STK port of the primary CMC in the first chassis. 3 If you have a third chassis, connect the GB1 port of its primary CMC to the STK port of the primary CMC in the second chassis. 4 If you have a fourth chassis, connect the GB1 port of its primary CMC to the STK port of the third chassis. 5 If you have redundant CMCs in the chassis, connect them using the same pattern. NOTICE: The STK port on any CMC must never be connected to the management network. It can only be connected to the GB1 port on another chassis. Connecting a STK port to the management network can disrupt the network and cause a loss of data. NOTE: Never connect a primary CMC to a secondary CMC. NOTE: Resetting a CMC whose STK port is chained to another CMC can disrupt the network for CMCs later in the chain. The child CMCs may log messages indicating that the network link has been lost and they may fail over to their redundant CMCs. Configuring the CMC Network NOTE: Changing your CMC Network settings may disconnect your current network connection. You can perform the initial network configuration of the CMC before or after the CMC has an IP address. If you configure the CMC’s initial network settings before you have an IP address, you can use either of the following interfaces: 44 • The LCD panel on the front of the chassis • Dell CMC serial console Installing and Setting Up the CMC If you configure initial network settings after the CMC has an IP address, you can use any of the following interfaces: • Command line interfaces (CLIs) such as a serial console, Telnet, SSH, or the Dell CMC Console via iKVM • Remote RACADM • The CMC Web interface Configuring Networking Using the LCD Configuration Wizard NOTE: The option to configure the CMC using the LCD Configuration Wizard is available only until the CMC is deployed or the default password is changed. If the password is not changed, the LCD can continue to be used to reconfigure the CMC causing a possible security risk. The LCD is located on the bottom left corner on the front of the chassis. Figure 2-2 illustrates the LCD panel. Installing and Setting Up the CMC 45 Figure 2-2. LCD Display 3 2 1 4 1 LCD screen 2 scroll buttons (4) 3 selection ("check") button 4 status indicator LED The LCD screen displays menus, icons, pictures, and messages. A status indicator LED on the LCD panel provides an indication of the overall health of the chassis and its components. 46 • Solid blue indicates good health. • Blinking amber indicates that at least one component has a fault condition. • Blinking blue is an ID signal, used to identify one chassis in a group of chassis. Installing and Setting Up the CMC Navigating in the LCD Screen The right side of the LCD panel contains five buttons: four arrow buttons (up, down, left, and right) and a center button. • To move between screens, use the right (next) and left (previous) arrow buttons. At any time while using the Configuration Wizard, you can return to a previous screen. • To scroll through options on a screen, use the down and up arrow buttons. • To select and save an item on a screen and move to the next screen, use the center button. For more information about using the LCD panel see "Using the LCD Panel Interface" on page 423. Using the LCD Configuration Wizard 1 If you have not already done so, press the chassis power button to turn it on. The LCD screen displays a series of initialization screens as it powers up. When it is ready, the Language Setup screen displays. 2 Select your language using the down arrow button, and then press the center button. The Enclosure screen displays with the following question: "Configure Enclosure?" 3 Press the center button to continue to the CMC Network Settings screen. 4 Select your network speed (10Mbps, 100Mbps, 1Gbps, or Auto) using the down arrow button. NOTE: The Network Speed setting must match your network configuration for effective network throughput. Setting the Network Speed lower than the speed of your network configuration increases bandwidth consumption and slows network communication. Determine whether your network supports the above network speeds and set it accordingly. If your network configuration does not match any of these values, Dell recommends that you use Auto Negotiation (the Auto option) or refer to your network equipment manufacturer. Press the center button to continue to the next CMC Network Settings screen. Installing and Setting Up the CMC 47 5 Select the duplex mode (half or full) that matches your network environment. NOTE: The network speed and duplex mode settings are not available if Auto Negotiation is set to On or 1000MB (1Gbps) is selected. NOTE: If auto negotiation is turned on for one device but not the other, then the device using auto negotiation can determine the network speed of the other device, but not the duplex mode; in this case, duplex mode defaults to the half duplex setting during auto negotiation. Such a duplex mismatch will result in a slow network connection. Press the center button to continue to the next CMC Network Settings screen. 6 Select the mode in which you want the CMC to obtain the NIC IP addresses: The CMC retrieves IP configuration (IP address, mask, and Dynamic Host gateway) automatically from a DHCP server on your Configuration Protocol (DHCP) network. The CMC will be assigned a unique IP address allotted over your network. If you have selected the DHCP option, press the center button. The Register DNS? screen appears; go to step 7. 48 Installing and Setting Up the CMC Static You manually enter the IP address, gateway, and subnet mask in the screens immediately following. If you have selected the Static option, press the center button to continue to the next CMC Network Settings screen, then: a Set the Static IP Address by using the right or left arrow keys to move between positions, and the up and down arrow keys to select a number for each position. When you have finished setting the Static IP Address, press the center button to continue. b Set the subnet mask, and then press the center button. c Set the gateway, and then press the center button. The Network Summary screen displays. The Network Summary screen lists the Static IP Address, Subnet Mask, and Gateway settings you entered. Review the settings for accuracy. To correct a setting, navigate to the left arrow button then press the center key to return to the screen for that setting. After making a correction, press the center button. d When you have confirmed the accuracy of the settings you entered, press the center button. The Register DNS? screen appears. 7 If you selected Static in the previous step, go to step 8. To register your DNS server’s IP address, press the center button to proceed. If you have no DNS, press the right arrow key. The Configure iDRAC? screen appears; go to step 8. Set the DNS IP Address using the right or left arrow keys to move between positions, and the up and down arrow keys to select a number for each position. When you have finished setting the DNS IP address, press the center button to continue. 8 Indicate whether you want to configure iDRAC: – No: Press the right arrow button. The IP Summary screen appears. Skip to step 9. – Yes: Press the center button to proceed. Installing and Setting Up the CMC 49 NOTE: You cannot set a static IP address for the iDRAC using the LCD Configuration Wizard. To set a static IP address, use the CMC Web interface or RACADM. When you have made your selection, press the center button. The IP Summary screen displays, listing the IP addresses you provided. 9 On the IP Summary screen, review the IP addresses you provided to make sure the addresses are accurate. To correct a setting, navigate to the left arrow button and then press the center key to return to the screen for that setting. After making a correction, press the center button. If necessary, navigate to the right arrow button and then press the center key to return to the IP Summary screen. When you have confirmed that the settings you entered are accurate, press the center button. The Configuration Wizard closes and returns you to the Main Menu screen. The CMC is now available on the network. You can access the CMC on the assigned IP address using the Web interface or CLIs such as a serial console, Telnet, and SSH. NOTE: After you have completed network setup through the LCD Configuration Wizard, the Wizard is no longer available. Accessing the CMC Through a Network After you have configured the CMC network settings, you can remotely access the CMC using any of the following interfaces: • Web interface • Telnet console • SSH Telnet is enabled via one of the other interfaces; telnet is not as secure as the other interfaces so it is disabled by default. 50 Installing and Setting Up the CMC Table 2-1 describes each CMC network interface. Table 2-1. CMC Interfaces Interface Description Web interface Provides remote access to the CMC using a graphical user interface. The Web interface is built into the CMC firmware and is accessed through the NIC interface from a supported Web browser on the management station. For a list of supported Web browsers, see "Supported Web Browsers" on page 29. Remote RACADM command line interface Provides remote access to the CMC from a management station using a command line interface (CLI). Remote RACADM uses the racadm -r option with the CMC’s IP address to execute commands on the CMC. Telnet Provides command line access to the CMC through the network. The RACADM command line interface and the connect command, which is used for server and IO module debugging, are available from the CMC command line. NOTE: Telnet is an unsecure protocol that transmits all data— including passwords—in plain text. When transmitting sensitive information, use the SSH interface. SSH Provides the same capabilities as Telnet using an encrypted transport layer for greater security. NOTE: The CMC default user name is root and the default password is calvin. You can access the CMC and iDRAC Web interfaces through the CMC NIC using a supported Web browser; you can also launch them from the Dell Server Administrator or Dell OpenManage IT Assistant. For a list of supported Web browsers, see "Supported Web Browsers" on page 29. To access the CMC using a supported Web browser, see "Accessing the CMC Web Interface" on page 93. For information on Dell Server Administrator and Dell OpenManage IT Assistant, see "Installing Remote Access Software on a Management Station" on page 36. Installing and Setting Up the CMC 51 To access the CMC interface using Dell Server Administrator, launch Server Administrator on your management station. From the system tree on the left pane of the Server Administrator home page, click System→ Main System Chassis→ Remote Access Controller. For more information, see your Dell Server Administrator User’s Guide. To access the CMC command line using Telnet or SSH, see "Configuring CMC to Use Command Line Consoles" on page 57. For information about using RACADM, see "Using the RACADM Command Line Interface" on page 69. For information about using the connect command to connect to servers and IO modules, see "Connecting to Modules With the Connect Command" on page 67. Installing or Updating the CMC Firmware Downloading the CMC Firmware Before beginning the firmware update, download the latest firmware version from the Dell Support website at support.dell.com, and save it to your local system. The following software components are included with your CMC firmware package: • Compiled CMC firmware code and data • Web interface, JPEG, and other user interface data files • Default configuration files NOTE: During updates of CMC firmware, some or all of the fan units in the chassis will spin at 100%. This is normal. NOTE: The firmware update, by default, retains the current CMC settings. During the update process, you have the option to reset the CMC configuration settings back to the factory default settings. NOTE: If you have redundant CMCs installed in the chassis, it is important to update both to the same firmware version. If the CMCs have different firmware and a failover occurs, unexpected results may occur. 52 Installing and Setting Up the CMC You can use the RACADM getsysinfo command (see "getsysinfo" on page 357) or the Chassis Summary page (see "Viewing the Current Firmware Versions" on page 151) to view the current firmware versions for the CMCs installed in your chassis. If you have a standby CMC, it is recommended that you update the firmware in the standby CMC first. When the standby CMC has been updated, swap the CMCs’ roles so that the newly updated CMC becomes the primary CMC and the CMC with the older firmware becomes the standby. (See "cmcchangeover" on page 321 for help swapping roles.) This allows you to verify that the update succeeded and that the new firmware is working properly before you update the firmware in the second CMC. When both CMCs are updated, you can use the cmcchangeover command to restore the CMCs to their previous roles. Updating CMC Firmware Using the Web Interface For instructions on using the Web interface to update CMC firmware, see "Updating the CMC Firmware" on page 152. Updating the CMC Firmware Using RACADM For instructions on using the RACADM fwupdate subcommand to update CMC firmware, see "fwupdate" on page 329. Configuring CMC Properties You can configure CMC properties such as power budgeting, network settings, users, and SNMP and email alerts using the Web interface or RACADM. For more information about using the Web interface, see "Accessing the CMC Web Interface" on page 93. For more information about using RACADM, see "Using the RACADM Command Line Interface" on page 69. You can configure the CMC using one of the following configuration tools: • The CMC Web interface. For more information, see "Using the CMC Web Interface" on page 93. • A local RACADM command line interface (CLI). Fore more information, see "Using the RACADM Command Line Interface" on page 69. Installing and Setting Up the CMC 53 NOTICE: Using more than one CMC configuration tool at the same time may generate unexpected results. Configuring Power Budgeting The CMC offers a power budgeting service that allows you to configure power budget, redundancy, and dynamic power for the chassis. The chassis ships with either three or six power supply units (PSUs). If your chassis has only three PSUs, you can add up to three more. The power management service enables optimization of power consumption and reallocation of power to different modules based on demand. For more information about CMC power management, see "Power Management" on page 215. For instructions on configuring power budgeting and other power settings using the Web interface, see "Configuring Power Budgeting" on page 150. Configuring CMC Network Settings NOTE: Changing your CMC network settings may disconnect your current network connection. You can configure the CMC network settings using one of the following tools: • RACADM — see "Configuring Multiple CMCs in Multiple Chassis" on page 84 NOTE: If you are deploying the CMC in a Linux environment, see "Installing RACADM on a Linux Management Station" on page 36. • Web interface — see "Configuring CMC Network Properties" on page 112 Adding and Configuring Users You can add and configure CMC users using either RACADM or the CMC Web interface. You can also utilize Microsoft® Active Directory® to manage users. For instructions on adding and configuring users using RACADM, see "Adding a CMC User" on page 83. For instructions on adding and configuring users using the Web interface, see "Adding and Configuring CMC Users" on page 120. 54 Installing and Setting Up the CMC For instructions on using Active Directory with your CMC, see "Using the CMC With Microsoft Active Directory" on page 185. Adding SNMP and Email Alerts You can configure the CMC to generate SNMP and/or email alerts when certain chassis events occur. For more information, see "Configuring SNMP Alerts" on page 286 and "Configuring Email Alerts" on page 291. Understanding the Redundant CMC Environment You can install a standby CMC that takes over if your primary CMC fails. Failovers can occur when you: • Run the RACADM cmcchangeover command. (See "cmcchangeover" on page 321.) • Run the RACADM racreset command on the active CMC. (See "racreset" on page 366.) • Remove the network cable from the active CMC • Remove the active CMC from the chassis • Initiate a CMC firmware flash on the active CMC • Primary CMC is no longer functional NOTE: In the event of CMC failover, all iDRAC connections and all active CMC sessions will be lost. Users who lose sessions must reconnect to the new primary CMC. About the Standby CMC The standby CMC is identical to and is maintained as a mirror of the active CMC. The active and standby CMCs must both be installed with the same firmware revision. If the firmware revisions differ, the system will report as redundancy degraded. The standby CMC assumes the same settings and properties of the primary CMC. You must maintain the same firmware version on both CMCs, but you do not need to duplicate configuration settings on the standby CMC. NOTE: For information about installing a standby CMC, see the Hardware Owner’s Manual. For instructions on installing the CMC firmware on your standby CMC, follow the instructions in "Installing or Updating the CMC Firmware" on page 52. Installing and Setting Up the CMC 55 Primary CMC Election Process There is no difference between the two CMC slots; that is, slot does not dictate precedence. Instead, the CMC that is installed or booted first assumes the role of the active CMC. If AC power is applied with two CMCs installed, the CMC installed in CMC chassis slot 1 (the left) normally assumes the active role. The active CMC is indicated by the blue LED. If two CMCs are inserted into a chassis that is already powered on, automatic active/standby negotiation can take up to two minutes. Normal chassis operation resumes when the negotiation is complete. Planning Deployment of Redundant CMCs When planning CMC deployment and chassis cabling, it is recommended that you choose the left CMC to act as the primary and the right CMC to act as secondary, and then maintain those roles. This is best practice because it is the default arrangement when the chassis is powered on and redundancy is increased when all of the primary CMCs in a daisy-chained chassis are cabled together. When a failover occurs and a CMC in the right slot becomes primary, use the RACADM cmcchangeover command to reset the CMC in the left slot to primary. Obtaining Health Status of Redundant CMC You can view the health status of the standby CMC in the Web interface. For more information about accessing CMC health status in the Web interface, see "Viewing Chassis Graphics and Component Health Status" on page 96. 56 Installing and Setting Up the CMC Configuring CMC to Use Command Line Consoles This section provides information about the CMC command line console (or serial/Telnet/Secure Shell console) features, and explains how to set up your system so you can perform systems management actions through the console. For information on using the RACADM commands in CMC via the command line console, see "Using the RACADM Command Line Interface" on page 69. Command Line Console Features on the CMC The CMC supports the following serial and Telnet console features: • One serial client connection and up to four simultaneous Telnet client connections • Up to four simultaneous Secure Shell (SSH) client connections • RACADM command support • Built-in connect command for debugging servers and I/O modules • Command Line editing and history • Session timeout control on all console interfaces Configuring CMC to Use Command Line Consoles 57 Using a Serial or Telnet Console The CMC serial or telnet console enables you to turn on, turn off, or reset the server and access server logs. When you connect to the CMC command line, you are able to enter these commands: Table 3-1. CMC Command Line Commands Command Description racadm RACADM commands begin with the keyword racadm and are followed by a subcommand, such as getconfig, serveraction, or getsensorinfo. See "Using the RACADM Command Line Interface" on page 69 for details on using RACADM. connect Connects to a server or I/O module for debugging. See "Connecting to Modules With the Connect Command" on page 67 for help using the connect command. exit, logout, and quit These commands all perform the same action: they end the current session and return to a login prompt. Using a Telnet Console With the CMC Up to four Telnet client systems and four SSH clients may connect at any given time. The management station connection to the managed system Telnet console requires management station terminal emulation software. For more information, see "Configuring Terminal Emulation Software" on page 60. Using SSH With the CMC SSH is a command line session that includes the same capabilities as a Telnet session, but with session negotiation and encryption to improve security. The CMC supports SSH version 2 with password authentication. SSH is enabled on the CMC by default. NOTE: The CMC does not support SSH version 1. When an error occurs during the login procedure, the SSH client issues an error message. The message text is dependent on the client and is not controlled by the CMC. Review the RACLog messages to determine the cause of the failure. 58 Configuring CMC to Use Command Line Consoles NOTE: OpenSSH should be run from a VT100 or ANSI terminal emulator on Windows. Running OpenSSH at the Windows command prompt does not provide full functionality (that is, some keys do not respond and no graphics are displayed). For Linux, run SSH Client Services to connect to CMC with any shell. Four simultaneous SSH sessions are supported at any given time. The session timeout is controlled by the cfgSsnMgtSshIdleTimeout property (see "RACADM Subcommands" on page 317) or from the Services Management page in the Web interface (see "Configuring Services" on page 143). Enabling SSH on the CMC SSH is enabled by default. If SSH is disabled, then you can enable it using any other supported interface. For instructions on enabling SSH connections on the CMC using RACADM, see "config" on page 322 and "cfgSerial" on page 398. For instructions on enabling SSH connections on the CMC using the Web interface, see "Configuring Services" on page 143. Changing the SSH Port To change the SSH port, use the following command: racadm config -g cfgRacTuning -o cfgRacTuneSshPort For more information about cfgSerialSshEnable and cfgRacTuneSshPort properties, see "CMC Property Database Group and Object Definitions" on page 385. The CMC SSH implementation supports multiple cryptography schemes, as shown in Table 3-2. Configuring CMC to Use Command Line Consoles 59 Table 3-2. Cryptography Schemes Scheme Type Scheme Asymmetric Cryptography Diffie-Hellman DSA/DSS 512–1024 (random) bits per NIST specification Symmetric Cryptography • AES256-CBC • RIJNDAEL256-CBC • AES192-CBC • RIJNDAEL192-CBC • AES128-CBC • RIJNDAEL128-CBC • BLOWFISH-128-CBC • 3DES-192-CBC • ARCFOUR-128 Message Integrity • HMAC-SHA1-160 • HMAC-SHA1-96 • HMAC-MD5-128 • HMAC-MD5-96 Authentication Password Enabling the Front Panel to iKVM Connection For information and instructions on using the iKVM front panel ports, see "Enabling or Disabling the Front Panel" on page 263. Configuring Terminal Emulation Software Your CMC supports a serial or Telnet text console from a management station running one of the following types of terminal emulation software: 60 • Linux Minicom in an Xterm • Hilgraeve’s HyperTerminal Private Edition (version 6.3) • Linux Telnet or SSH in an Xterm • Microsoft® Telnet Configuring CMC to Use Command Line Consoles Perform the steps in the following subsections to configure your type of terminal software. If you are using Microsoft Telnet, configuration is not required. Configuring Linux Minicom for Serial Console Emulation Minicom is a serial port access utility for Linux. The following steps are valid for configuring Minicom version 2.0. Other Minicom versions may differ slightly but require the same basic settings. Use the information in "Required Minicom Settings for Serial Console Emulation" on page 62 to configure other versions of Minicom. Configuring Minicom Version 2.0 for Serial Console Emulation NOTE: To ensure that the text displays properly, Dell recommends that you use an Xterm window to display the Telnet console instead of the default console provided by the Linux installation. 1 To start a new Xterm session, type xterm & at the command prompt. 2 In the Xterm window, move your mouse arrow to the lower right-hand corner of the window and resize the window to 80 x 25. 3 If you do not have a Minicom configuration file, go to the next step. If you have a Minicom configuration file, type minicom and skip to step 17. 4 At the Xterm command prompt, type minicom -s. 5 Select Serial Port Setup and press . 6 Press , and then select the appropriate serial device (for example, /dev/ttyS0). 7 Press , and then set the Bps/Par/Bits option to 115200 8N1. 8 Press , and then set Hardware Flow Control to Yes and set Software Flow Control to No. To exit the Serial Port Setup menu, press . 9 Select Modem and Dialing and press . 10 In the Modem Dialing and Parameter Setup menu, press to clear the init, reset, connect, and hangup settings so that they are blank. 11 Press to save each blank value. Configuring CMC to Use Command Line Consoles 61 12 When all specified fields are clear, press to exit the Modem Dialing and Parameter Setup menu. 13 Select Save setup as config_name and press . 14 Select Exit From Minicom and press . 15 At the command shell prompt, type minicom . To expand the Minicom window to 80 x 25, drag the corner of the window. 16 Press , , to exit Minicom. Ensure that the Minicom window displays a command prompt such as [iDRAC\root]#. When the command prompt appears, your connection is successful and you are ready to connect to the managed system console using the connect serial command. Required Minicom Settings for Serial Console Emulation Use Table 3-3 to configure any version of Minicom. Table 3-3. Minicom Settings for Serial Console Emulation Setting Description Required Setting Bps/Par/Bits 115200 8N1 Hardware flow control Yes Software flow control No Terminal emulation ANSI Modem dialing and parameter settings Clear the init, reset, connect, and hangup settings so that they are blank Window size 80 x 25 (to resize, drag the corner of the window) Running Telnet Using Windows XP or Windows 2003 If your management station is running Windows XP or Windows 2003, you may experience an issue with the characters in a CMC Telnet session. This issue may occur as a frozen login where the return key does not respond and the password prompt does not appear. 62 Configuring CMC to Use Command Line Consoles To fix this issue, download hotfix 824810 from the Microsoft Support website at support.microsoft.com. See Microsoft Knowledge Base article 824810 for more information. Configuring Linux for Server Serial Console Redirection During Boot The following steps are specific to the Linux GRand Unified Bootloader (GRUB). Similar changes would be necessary for using a different boot loader. NOTE: When you configure the client VT100 emulation window, set the window or application that is displaying the redirected console to 25 rows x 80 columns to ensure proper text display; otherwise, some text screens may be garbled. Edit the /etc/grub.conf file as follows: 1 Locate the general setting sections in the file and add the following two new lines: serial --unit=1 --speed=57600 terminal --timeout=10 serial 2 Append two options to the kernel line: kernel............. console=ttyS1,57600 3 If the /etc/grub.conf contains a splashimage directive, comment it out. The following example shows the changes described in this procedure. # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes # to this file # NOTICE: You do not have a /boot partition. This means that # all kernel and initrd paths are relative to /, e.g. # root (hd0,0) # kernel /boot/vmlinuz-version ro root= /dev/sdal # initrd /boot/initrd-version.img # #boot=/dev/sda default=0 Configuring CMC to Use Command Line Consoles 63 timeout=10 #splashimage=(hd0,2)/grub/splash.xpm.gz serial --unit=1 --speed=57600 terminal --timeout=10 serial title Red Hat Linux Advanced Server (2.4.9-e.3smp) root (hd0,0) kernel /boot/vmlinuz-2.4.9-e.3smp ro root= /dev/sda1 hda=ide-scsi console=ttyS0 console= ttyS1,57600 initrd /boot/initrd-2.4.9-e.3smp.img title Red Hat Linux Advanced Server-up (2.4.9-e.3) root (hd0,00) kernel /boot/vmlinuz-2.4.9-e.3 ro root=/dev/sda1 s initrd /boot/initrd-2.4.9-e.3.im When you edit the /etc/grub.conf file, use the following guidelines: • Disable GRUB's graphical interface and use the text-based interface; otherwise, the GRUB screen will not be displayed in console redirection. To disable the graphical interface, comment out the line starting with splashimage. • To start multiple GRUB options to start console sessions through the serial connection, add the following line to all options: console=ttyS1,57600 The example shows console=ttyS1,57600 added to only the first option. Enabling Login to the Server Serial Console After Boot Edit the file /etc/inittab, as follows: • Add a new line to configure agetty on the COM2 serial port: co:2345:respawn:/sbin/agetty -h -L 57600 ttyS1 ansi 64 Configuring CMC to Use Command Line Consoles The following example shows the file with the new line. # # inittab This file describes how the INIT process # should set up the system in a certain # run-level. # # Author: Miquel van Smoorenburg # Modified for RHS Linux by Marc Ewing and # Donnie Barnes # # Default runlevel. The runlevels used by RHS are: # 0 - halt (Do NOT set initdefault to this) # 1 - Single user mode # 2 - Multiuser, without NFS (The same as 3, if you # do not have networking) # 3 - Full multiuser mode # 4 - unused # 5 - X11 # 6 - reboot (Do NOT set initdefault to this) # id:3:initdefault: # System initialization. si::sysinit:/etc/rc.d/rc.sysinit l0:0:wait:/etc/rc.d/rc l1:1:wait:/etc/rc.d/rc l2:2:wait:/etc/rc.d/rc l3:3:wait:/etc/rc.d/rc l4:4:wait:/etc/rc.d/rc l5:5:wait:/etc/rc.d/rc l6:6:wait:/etc/rc.d/rc 0 1 2 3 4 5 6 # Things to run in every runlevel. ud::once:/sbin/update # Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -t3 -r now Configuring CMC to Use Command Line Consoles 65 # When our UPS tells us power has failed, assume we have a few # minutes of power left. Schedule a shutdown for 2 minutes from now. # This does, of course, assume you have power installed and your # UPS is connected and working correctly. pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down" # If power was restored before the shutdown kicked in, cancel it. pr:12345:powerokwait:/sbin/shutdown -c "Power Restored; Shutdown Cancelled" # Run gettys in standard runlevels co:2345:respawn:/sbin/agetty -h -L 57600 ttyS1 ansi 1:2345:respawn:/sbin/mingetty tty1 2:2345:respawn:/sbin/mingetty tty2 3:2345:respawn:/sbin/mingetty tty3 4:2345:respawn:/sbin/mingetty tty4 5:2345:respawn:/sbin/mingetty tty5 6:2345:respawn:/sbin/mingetty tty6 # Run xdm in runlevel 5 # xdm is now a separate service x:5:respawn:/etc/X11/prefdm -nodaemon Edit the file /etc/securetty, as follows: • Add a new line, with the name of the serial tty for COM2: ttyS1 The following example shows a sample file with the new line. vc/1 vc/2 vc/3 vc/4 vc/5 vc/6 vc/7 66 Configuring CMC to Use Command Line Consoles vc/8 vc/9 vc/10 vc/11 tty1 tty2 tty3 tty4 tty5 tty6 tty7 tty8 tty9 tty10 tty11 ttyS1 Connecting to Modules With the Connect Command While in a command line connection, the CMC supports the connect command to establish a serial connection to server and IOM modules. Connection to server modules is only provided for operating system debugging. To connect to server modules to use operating system remote consoles, you should use the iDRAC Web interface console redirection feature or the iDRAC Serial Over LAN (SOL) functionality. NOTICE: When executed from the CMC serial console, the connect -b option stays connected until the CMC resets. This connection is a potential security risk. NOTE: The connect command provides the –b (binary) option. The –b option passes raw binary data, and cfgSerialConsoleQuitKey is not used. Additionally, when connecting to a server using the CMC serial console, transitions in the DTR signal (for example, if the serial cable is removed to connect a debugger) do not cause a logout. NOTE: If an IOM does not support console redirection, the connect command will display an empty console. In that case, to return to the CMC console, type the Escape sequence. The default console escape sequence is \. Configuring CMC to Use Command Line Consoles 67 There are up to six IOMs on the managed system. To connect to an IOM, type: connect switch-n where n is an IOM label a1, a2, b1, b2, c1, and c2. IOMs are labeled A1, A2, B1, B2, C1, and C2. (See Table 10-1 for an illustration of the placement of IOMs in the chassis.) When you reference the IOMs in the connect command, the IOMs are mapped to switches as shown in Table 3-4. Table 3-4. Mapping I/O Modules to Switches I/O Module Label Switch A1 switch-a1 A2 switch-a2 B1 switch-b1 B2 switch-b2 C1 switch-c1 C2 switch-c2 NOTE: There can only be one IOM connection per chassis at a time. NOTE: You cannot connect to passthroughs from the serial console. To connect to a managed server for debugging, use the command connect server-n, where -n is the slot number of the server you wish to debug. When you connect to a server, binary communication is assumed and the escape character is disabled. If the iDRAC is not available, you will see a No route to host error message. Ensure that your server is inserted properly and the iDRAC has had time to complete the boot routine. For details on how to connect through a serial connection, see "Configuring CMC to Use Command Line Consoles" on page 57. 68 Configuring CMC to Use Command Line Consoles Using the RACADM Command Line Interface RACADM provides a set of commands that allow you to configure and manage the CMC through a text-based interface. RACADM can be accessed using a Telnet/SSH or serial connection, using the Dell CMC console on the iKVM, or remotely using the RACADM command line interface installed on a management station. The RACADM interface is classified as "local" or "remote," depending on the location of the racadm executable program you are using: NOTE: Remote RACADM is included on the Dell Systems Management Tools and Documentation DVD and is installed on a management station. • Remote RACADM — you execute RACADM commands on a management station with the -r option and the DNS name or IP address of the CMC. • Local RACADM — you log into the CMC using Telnet, SSH, a serial connection, or the iKVM. With local RACADM, you are executing the RACADM implementation that is part of the CMC firmware. You can use remote RACADM commands in scripts to configure multiple CMCs. The CMC does not have support for scripting, so you cannot execute scripts directly on the CMC. For more information about configuring multiple CMCs, see "Configuring Multiple CMCs in Multiple Chassis" on page 84. This section provides the following information: • Using the serial and racadm commands. See "Using a Serial or Telnet Console" on page 70 or "Using RACADM" on page 70. • Configuring your CMC through RACADM. See "Using RACADM to Configure the CMC" on page 76. • Using the RACADM configuration file to configure multiple CMCs. See "Configuring Multiple CMCs in Multiple Chassis" on page 84. Using the RACADM Command Line Interface 69 Using a Serial or Telnet Console You can log in to the CMC either through a serial or Telnet/SSH connection, or through Dell CMC console on iKVM. To configure the CMC for serial or remote access, see "Configuring CMC to Use Command Line Consoles" on page 57. Commonly used subcommand options are listed in Table 4-2. A complete list of RACADM subcommands is listed in "RACADM Subcommands" on page 317. Logging in to the CMC After you have configured your management station terminal emulator software and managed node BIOS, perform the following steps to log into the CMC: 1 Connect to the CMC using your management station terminal emulation software. 2 Type your CMC user name and password, and then press . You are logged into the CMC. Starting a Text Console You can log in to the CMC using Telnet or SSH through a network, serial port, or a Dell CMC console through the iKVM. Open a Telnet or SSH session, connect and log on to the CMC. For information about connecting to the CMC through iKVM, see "Using the iKVM Module" on page 245. Using RACADM RACADM subcommands can be run remotely from the serial or Telnet console command prompt or through a normal command prompt. Use RACADM subcommands to configure CMC properties and perform remote management tasks. To display a list of RACADM subcommands, type: racadm help 70 Using the RACADM Command Line Interface When run without options or subcommands, RACADM displays syntax information and instructions on how to access subcommands and help. To list syntax and command-line options for individual subcommands, type: racadm help RACADM Subcommands Table 4-1 provides a brief list of common subcommands used in RACADM. For a complete list of RACADM subcommands, including syntax and valid entries, see "RACADM Subcommands" on page 317. NOTE: The connect, exit, quit, and logout commands are built-in CMC commands, not RACADM commands. They cannot be used with remote RACADM. See "Connecting to Modules With the Connect Command" on page 67 for information about using these commands. When entering a RACADM subcommand, prefix the command with racadm. For example: racadm help Table 4-1. RACADM Subcommands Command Description help Lists CMC subcommand descriptions. help Lists usage summary for the specified subcommand. ? Lists CMC subcommand descriptions. ? Lists usage summary for the specified subcommand. arp Displays the contents of the ARP table. ARP table entries may not be added or deleted. chassisaction Executes power-up, power-down, reset, and power-cycle on the chassis, switch, and KVM. clrraclog Clears the CMC log and creates a single entry indicating the user and time that the log was cleared. clrsel Clears the System Event Log entries. cmcchangeover Changes the state of the CMC from active to standby, or vice versa, in redundant CMC environments. config Configures the CMC. Using the RACADM Command Line Interface 71 Table 4-1. RACADM Subcommands (continued) Command Description deploy Deploys a server by specifying required properties. feature Displays active features and feature deactivation. featurecard Displays feature card status information. fwupdate Performs system component firmware updates, and displays firmware update status. getassettag Displays the asset tag for the chassis. getchassisname Displays the name of the chassis. getconfig Displays the current CMC configuration properties. getdcinfo Displays general I/O module and daughter card misconfiguration information. getflexaddr Displays the FlexAddress enabled/disabled status on a per slot/fabric basis. If used with the -i option, the command displays the WWN and MAC address for a particular slot. getioinfo Displays general I/O module information. getkvminfo Displays information about the iKVM. getled Displays the LED settings on a module. getmacaddress Displays a server’s MAC address. getmodinfo Displays module configuration and status information. getniccfg Displays the current IP configuration for the controller. getpbinfo Displays power budget status information. getraclog Displays the CMC log. getractime Displays the CMC time. getredundancymode Displays the redundancy mode of the CMC. getsel Displays the system event log (hardware log). getsensorinfo Displays information about system sensors. getslotname Displays the name of a slot in the chassis. getssninfo Displays information about active sessions. getsvctag Displays service tags. 72 Using the RACADM Command Line Interface Table 4-1. RACADM Subcommands (continued) Command Description getsysinfo Displays general CMC and system information. gettracelog (Dell internal Displays the CMCtrace log. If used with the -i option, use only) the command displays the number of entries in the CMC trace log. ifconfig Displays the current CMC IP configuration. netstat Displays the routing table and the current connections. ping Verifies that the destination IP address is reachable from the CMC with the current routing-table contents. racdump Displays the comprehensive chassis status and configuration state information, as well as historic event logs. Used for post deployment configuration verification and during debugging sessions. racreset Resets the CMC. racresetcfg Resets the CMC to the default configuration. serveraction Performs power management operations on the managed system. setassettag Sets the asset tag for the chassis. setchassisname Sets the name of the chassis. setflexaddr Enables/disables FlexAddress on a particular slot/fabric, when the FlexAddress feature is activated on the chassis setled Sets the LED settings on a module. setniccfg Sets the IP configuration for the controller. setractime Sets the CMC time. setslotname Sets the name of a slot in the chassis. setsysinfo Sets the name and location of the chassis. sslcertdownload Downloads a certificate authority-signed certificate. sslcertupload Uploads a certificate authority-signed certificate or server certificate to the CMC. sslcertview Views a certificate authority-signed certificate or server certificate in the CMC. Using the RACADM Command Line Interface 73 Table 4-1. RACADM Subcommands (continued) Command Description sslcsrgen Generates and downloads the SSL CSR. sslresetcfg Regenerates the self-signed certificate used by the CMC Web GUI. testemail Forces the CMC to send an email over the CMC NIC. testtrap Forces the CMC to send an SNMP over the CMC NIC. Accessing RACADM Remotely Table 4-2 lists the options for the remote RACADM subcommands. Table 4-2. Remote RACADM Subcommand Options Option Description -r Specifies the controller’s remote IP address. -r : Use if the CMC port number is not the default port (443) -i Instructs RACADM to interactively query the user for user name and password. -u Specifies the user name that is used to authenticate the command transaction. If the -u option is used, the -p option must be used, and the -i option (interactive) is not allowed. -p Specifies the password used to authenticate the command transaction. If the -p option is used, the -i option is not allowed. To access RACADM remotely, type the following commands: racadm -r -u -p racadm -i -r 74 Using the RACADM Command Line Interface NOTE: The -i option instructs RACADM to interactively prompt for user name and password. Without the -i option, you must provide the user name and password in the command using the -u and -p options. For example: racadm -r 192.168.0.120 -u root -p calvin getsysinfo racadm -i -r 192.168.0.120 getsysinfo If the HTTPS port number of the CMC has been changed to a custom port other than the default port (443), the following syntax must be used: racadm -r : -u -p racadm -i -r : Enabling and Disabling the RACADM Remote Capability NOTE: Dell recommends that you run these commands at the chassis. The RACADM remote capability on the CMC is enabled by default. In the following commands, -g specifies the configuration group the object belongs to, and -o specifies the configuration object to configure. To disable the RACADM remote capability, type: racadm config -g cfgRacTuning -o cfgRacTuneRemoteRacadmEnable 0 To re-enable RACADM remote capability, type: racadm config -g cfgRacTuning -o cfgRacTuneRemoteRacadmEnable 1 Using RACADM Remotely NOTE: Configure the IP address on your CMC before using the RACADM remote capability. For more information about setting up your CMC, see "Installing and Setting Up the CMC" on page 35. The RACADM console’s remote option (-r) allows you to connect to the managed system and execute RACADM subcommands from a remote console or management station. To use the remote capability, you need a valid user name (-u option) and password (-p option), and the CMC IP address. Using the RACADM Command Line Interface 75 Before you try to access RACADM remotely, confirm that you have permissions to do so. To display your user privileges, type: racadm getconfig -g cfguseradmin -i n where n is your user ID (1–16). If you do not know your user ID, try different values for n. NOTE: The RACADM remote capability is supported only on management stations through a supported browser. See "Supported Web Browsers" on page 29 for more information. NOTE: When using the RACADM remote capability, you must have write permissions on the folders where you are using the RACADM subcommands involving file operations. For example: racadm getconfig -f -r or racadm sslcertupload -t 1 -f c:\cert\cert.txt RACADM Error Messages For information about RACADM CLI error messages, see "Troubleshooting" on page 90. Using RACADM to Configure the CMC NOTE: In order to configure CMC the first time. You must be logged in as user root to execute RACADM commands on a remote system. Another user can be created that will give him or her the permission to configure the CMC. The CMC Web interface is the quickest way to configure the CMC (see "Using the CMC Web Interface" on page 93). However, if you prefer CLI or script configuration or need to configure multiple CMCs, use RACADM, which is installed with the CMC agents on the management station. 76 Using the RACADM Command Line Interface Configuring CMC Network Properties Setting Up Initial Access to the CMC Before you can begin configuring the CMC, you must first configure the CMC network settings to allow the CMC to be managed remotely. This initial configuration assigns the TCP/IP networking parameters that enable access to the CMC. This section explains how to perform the initial CMC network configuration using RACADM commands. All of the configuration described in this section can be performed using the front panel LCD. See "Configuring Networking Using the LCD Configuration Wizard" on page 45. NOTICE: Changing your CMC Network settings may disconnect your current network connection. For more information about network subcommands, see "RACADM Subcommands" on page 317 and "CMC Property Database Group and Object Definitions" on page 385. NOTE: You must have Chassis Configuration Administrator privilege to set up CMC network settings. By default, the CMC requests and obtains a CMC IP address from the Dynamic Host Configuration Protocol (DHCP) server automatically. You can disable this feature and specify static CMC IP address, gateway, and subnet mask. To disable DHCP and specify static CMC IP address, gateway, and subnet mask, type: racadm config -g cfgLanNetworking -o cfgNicUseDHCP 0 racadm config -g cfgLanNetworking -o cfgNicIpAddress racadm config -g cfgLanNetworking -o cfgNicGateway racadm config -g cfgLanNetworking -o cfgNicNetmask Using the RACADM Command Line Interface 77 Viewing Current Network Settings To view a summary of NIC, DHCP, network speed, and duplex settings, type: racadm getniccfg or racadm getconfig -g cfgCurrentLanNetworking To view IP address and DHCP, MAC address, and DNS information for the chassis, type: racadm getsysinfo Configuring the Network LAN Settings NOTE: To perform the following steps, you must have Chassis Configuration Administrator privilege. NOTE: The LAN settings, such as community string and SMTP server IP address, affect both the CMC and the external settings of the chassis. NOTE: If you have two CMCs (primary and standby) on the chassis, and they are both connected to the network, the standby CMC automatically assumes the network settings in the event of failover of the primary CMC. Enabling the CMC NIC To enable the CMC NIC, type: racadm config -g cfgLanNetworking -o cfgNicEnable 1 NOTE: The CMC NIC is enabled by default. Enabling or Disabling DCHP for the NIC Address When enabled, the CMC’s DHCP for NIC address feature requests and obtains an IP address from the Dynamic Host Configuration Protocol (DHCP) server automatically. This feature is enabled by default. You can disable the DHCP for NIC address feature and specify a static IP address, subnet mask, and gateway. For instructions, see "Setting Up Initial Access to the CMC" on page 77. NOTE: If you disable the DHCP for NIC address feature and then re-enable it later, the static IP address, subnet mask, and gateway settings are lost. 78 Using the RACADM Command Line Interface Enabling or Disabling DHCP for DNS IP Addresses By default, the CMC’s DHCP for DNS address feature is disabled. When enabled, this feature obtains the primary and secondary DNS server addresses from the DHCP server. Using this feature, you do not have to configure static DNS server IP addresses. To disable the DHCP for DNS address feature and specify static preferred and alternate DNS server addresses, type: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP Setting Static DNS IP addresses NOTE: These settings are not valid unless the DCHP for DNS address feature is disabled. To set the preferred DNS IP address, type: racadm config -g cfgLanNetworking -o cfgDNSServer1 To set the secondary DNS IP address, type: racadm config -g cfgLanNetworking -o cfgDNSServer2 Configuring DNS Settings • CMC Registration. To register the CMC on the DNS server, type: racadm config -g cfgLanNetworking -o cfgDNSRegisterRac 1 NOTE: Some DNS servers will only register names of 31 characters or fewer. Make sure the designated name is within the DNS required limit. NOTE: The following settings are valid only if you have registered the CMC on the DNS server by setting cfgDNSRegisterRac to 1. • CMC Name. By default, the CMC name on the DNS server is cmc . To change the CMC name on the DNS server, type: racadm config -g cfgLanNetworking -o cfgDNSRacName Using the RACADM Command Line Interface 79 where is a string of up to 63 alphanumeric characters and hyphens; the name must begin with a letter. For example, cmc-1, d-345. • DNS Domain Name. The default DNS domain name is a single blank character. To set a DNS domain name, type: racadm config -g cfgLanNetworking -o cfgDNSDomainName where is a string of up to 254 alphanumeric characters and hyphens; the DNS domain name must begin with a letter. For example: p45, a-tz-1, r-id-001. Configuring Auto Negotiation, Duplex Mode, and Network Speed When enabled, the auto negotiation feature determines whether the CMC automatically sets the duplex mode and network speed by communicating with the nearest router or switch. Auto negotiation is enabled by default. You can disable auto negotiation and specify the duplex mode and network speed by typing: racadm config -g cfgNetTuning -o cfgNetTuningNicEnable 0 racadm config -g cfgNetTuning -o cfgNetTuningNicFullDuplex where: • is 0 (half duplex) or 1 (full duplex, default) racadm config -g cfgNetTuning -o cfgNetTuningNicSpeed where: • is 10 or 100(default). Setting the Maximum Transmission Unit (MTU) The MTU property allows you to set a limit for the largest packet that can be passed through the interface. To set the MTU, type: racadm config -g cfgNetTuning -o cfgNetTuningMtu where is a value between 576–1500 (inclusive; default is 1500). 80 Using the RACADM Command Line Interface Setting the SMTP Server IP Address You can enable the CMC to send email alerts using Simple Mail Transfer Protocol (SMTP) to a specified IP address. To enable this feature, type: racadm config -g cfgRemoteHosts -o cfgRhostsFwUpdateIpAddr where is the IP address of the network SMTP server. NOTE: If your network has an SMTP server that releases and renews IP address leases periodically, and the addresses are different, then there will be a duration when this property setting will not work due to change in the specified SMTP server IP address. In such cases, use the DNS name. Configuring the Network Security Settings NOTE: To perform the following steps, you must have Chassis Configuration Administrator privilege. Enabling IP Range Checking IP filtering compares the IP address of an incoming login to the IP address range that is specified in the following cfgRacTuning properties: • cfgRacTuneIpRangeAddr • cfgRacTuneIpRangeMask The cfgRacTuneIpRangeMask property is applied to both the incoming IP address and to the cfgRacTuneIpRangeAddr properties. If the results are identical, the incoming login request is allowed to access the iDRAC. Logins from IP addresses outside this range receive an error. The login proceeds only if either the cfgRacTuneIpRangeMask is zero or the incoming IP address is identical to the IP address specified by cfgRacTuneIpRangeAddr. Using the RACADM Command Line Interface 81 Using RACADM to Configure Users Before You Begin You can configure up to 16 users in the CMC property database. Before you manually enable a CMC user, verify if any current users exist. If you are configuring a new CMC or you ran the RACADM racresetcfg command, the only current user is root with the password calvin. The racresetcfg subcommand resets the CMC back to the original defaults. NOTICE: Use caution when using the racresetcfg command, because it will reset all configuration parameters to the original defaults. Any previous changes are lost. NOTE: Users can be enabled and disabled over time, and disabling a user does not delete the user from the database. If a user is disabled and then added again, the user may have a different index number on each chassis. To verify if a user exists, open a Telnet/SSH text console to the CMC, log in, and type: racadm getconfig -u or type the following command once for each index of 1–16: racadm getconfig -g cfgUserAdmin -i NOTE: You can also type racadm getconfig -f to view or edit the myfile.cfg file, which includes all CMC configuration parameters. Several parameters and object IDs are displayed with their current values. Two objects of interest are: # cfgUserAdminIndex=XX cfgUserAdminUserName= If the cfgUserAdminUserName object has no value, that index number, which is indicated by the cfgUserAdminIndex object, is available for use. If a name appears after the "=," that index is taken by that user name. NOTE: When you manually enable or disable a user with the RACADM config subcommand, you must specify the index with the -i option. Observe that the cfgUserAdminIndex object displayed in the previous example contains a # character. Also, if you use the racadm config -f racadm.cfg command to 82 Using the RACADM Command Line Interface specify any number of groups/objects to write, the index cannot be specified. A new user is added to the first available index. This behavior allows more flexibility in configuring a second CMC with the same settings as the main CMC. Adding a CMC User To add a new user to the CMC configuration, you can use a few basic commands. Perform the following procedures: 1 Set the user name. 2 Set the password. 3 Set the user privileges. For information about user privileges, see Table 5-9, Table 5-10, and Table B-1. 4 Enable the user. Example The following example describes how to add a new user named "John" with a "123456" password and LOGIN privilege to the CMC. NOTE: See Table B-1 for a list of valid bit mask values for specific user privileges. The default privilege value is 0, which indicates the user has no privileges enabled. racadm config -g cfgUserAdmin -o cfgUserAdminUserName -i 2 john racadm config -g cfgUserAdmin -o cfgUserAdminPassword -i 2 123456 racadm config -g cfgUserAdmin -i 2 -o cfgUserAdminPrivilege 0x00000001 racadm config -g cfgUserAdmin -i 2 -o cfgUserAdminEnable 1 To verify that the user was added successfully with the correct privileges, use one of the following commands: racadm getconfig -u john or racadm getconfig –g cfgUserAdmin –i 2 Using the RACADM Command Line Interface 83 Enabling a CMC User With Permissions To enable a user with specific administrative permissions (role-based authority), first locate an available user index by performing the steps in "Before You Begin" on page 82. Next, type the following command lines with the new user name and password. NOTE: See Table B-1 for a list of valid bit mask values for specific user privileges. The default privilege value is 0, which indicates the user has no privileges enabled. racadm config -g cfgUserAdmin -o cfgUserAdminPrivilege -i Disabling a CMC User Using RACADM, you can only disable CMC users manually and on an individual basis. You cannot delete users by using a configuration file. The following example illustrates the command syntax that can be used to delete a CMC user: racadm config -g cfgUserAdmin -i 2 cfgUserAdminPrivilege 0x0 Configuring SNMP and Email Alerting You can configure the CMC to send SNMP event traps and/or email alerts when certain events occur on the chassis. For more information and instructions, see "Configuring SNMP Alerts" on page 286 and "Configuring Email Alerts" on page 291. Configuring Multiple CMCs in Multiple Chassis Using RACADM, you can configure one or more CMCs with identical properties. When you query a specific CMC card using its group ID and object ID, RACADM creates the racadm.cfg configuration file from the retrieved information. By exporting the file to one or more CMCs, you can configure your controllers with identical properties in a minimal amount of time. NOTE: Some configuration files contain unique CMC information (such as the static IP address) that must be modified before you export the file to other CMCs. 84 Using the RACADM Command Line Interface 1 Use RACADM to query the target CMC that contains the desired configuration. NOTE: The generated configuration file is myfile.cfg. You can rename the file. NOTE: The .cfg file does not contain user passwords. When the .cfg file is uploaded to the new CMC, you must re-add all passwords. Open a Telnet/SSH text console to the CMC, log in, and type: racadm getconfig -f myfile.cfg NOTE: Redirecting the CMC configuration to a file using getconfig -f is only supported with the remote RACADM interface. 2 Modify the configuration file using a plain-text editor (optional). Any special formatting characters in the configuration file may corrupt the RACADM database. 3 Use the newly created configuration file to modify a target CMC. At the command prompt, type: racadm config -f myfile.cfg 4 Reset the target CMC that was configured. At the command prompt, type: racadm reset The getconfig -f myfile.cfg subcommand (step 1) requests the CMC configuration for the primary CMC and generates the myfile.cfg file. If required, you can rename the file or save it to a different location. You can use the getconfig command to perform the following actions: • Display all configuration properties in a group (specified by group name and index) • Display all configuration properties for a user by user name The config subcommand loads the information into other CMCs. The Server Administrator uses the config command to synchronize the user and password database. Using the RACADM Command Line Interface 85 Creating a CMC Configuration File The CMC configuration file, .cfg, is used with the racadm config -f .cfg command to create a simple text file. The command allows you to build a configuration file (similar to an .ini file) and configure the CMC from this file. You may use any file name, and the file does not require a .cfg extension (although it is referred to by that designation in this subsection). NOTE: For more information about the getconfig subcommand, see "getconfig" on page 332. RACADM parses the .cfg when it is first loaded onto the CMC to verify that valid group and object names are present and that some simple syntax rules are being followed. Errors are flagged with the line number that detected the error, and a message explains the problem. The entire file is parsed for correctness, and all errors display. Write commands are not transmitted to the CMC if an error is found in the .cfg file. You must correct all errors before any configuration can take place. To check for errors before you create the configuration file, use the -c option with the config subcommand. With the -c option, config only verifies syntax and does not write to the CMC. Use the following guidelines when you create a .cfg file: • If the parser encounters an indexed group, it is the value of the anchored object that differentiates the various indexes. The parser reads in all of the indexes from the CMC for that group. Any objects within that group are modifications when the CMC is configured. If a modified object represents a new index, the index is created on the CMC during configuration. • You cannot specify a desired index in a .cfg file. Indexes may be created and deleted. Over time the group may become fragmented with used and unused indexes. If an index is present, it is modified. If an index is not present, the first available index is used. This method allows flexibility when adding indexed entries where you do not need to make exact index matches between all the CMCs being managed. New users are added to the first available index. A .cfg file that parses and runs correctly on one CMC may not run correctly on another if all indexes are full and you must add a new user. 86 Using the RACADM Command Line Interface • Use the racresetcfg subcommand to configure both CMCs with identical properties. Use the racresetcfg subcommand to reset the CMC to original defaults, and then run the racadm config -f .cfg command. Ensure that the .cfg file includes all desired objects, users, indexes, and other parameters. See "CMC Property Database Group and Object Definitions" on page 385 for a complete list of objects and groups. NOTICE: Use the racresetcfg subcommand to reset the database and the CMC NIC settings to the original default settings and remove all users and user configurations. While the root user is available, other users’ settings are also reset to the default settings. Parsing Rules • Lines that start with a hash character (#) are treated as comments. A comment line must start in column one. A "#" character in any other column is treated as a # character. Some modem parameters may include # characters in their strings. An escape character is not required. You may want to generate a .cfg from a racadm getconfig -f .cfg command, and then perform a racadm config -f .cfg command to a different CMC, without adding escape characters. Example: # # This is a comment [cfgUserAdmin] cfgUserAdminPageModemInitString= • All group entries must be surrounded by open- and close-brackets ([ and ]). The starting [ character that denotes a group name must be in column one. This group name must be specified before any of the objects in that group. Objects that do not include an associated group name generate an error. The configuration data is organized into groups as defined in "CMC Property Database Group and Object Definitions" on page 385. Using the RACADM Command Line Interface 87 The following example displays a group name, object, and the object’s property value: [cfgLanNetworking] -{group name} cfgNicIpAddress=143.154.133.121 {object name} {object value} • All parameters are specified as "object=value" pairs with no white space between the object, =, or value. White spaces that are included after the value are ignored. A white space inside a value string remains unmodified. Any character to the right of the = (for example, a second =, a #, [, ], and so on) is taken as-is. These characters are valid modem chat script characters. [cfgLanNetworking] -{group name} cfgNicIpAddress=143.154.133.121 {object value} • The .cfg parser ignores an index object entry. You cannot specify which index is used. If the index already exists, it is either used or the new entry is created in the first available index for that group. The racadm getconfig -f .cfg command places a comment in front of index objects, allowing you to see the included comments. NOTE: You may create an indexed group manually using the following command: racadm config -g -o -i • The line for an indexed group cannot be deleted from a .cfg file. If you do delete the line with a text editor, RACADM will stop when it parses the configuration file and alert you of the error. You must remove an indexed object manually using the following command: racadm config -g -o -i "" NOTE: A NULL string (identified by two " characters) directs the CMC to delete the index for the specified group. 88 Using the RACADM Command Line Interface To view the contents of an indexed group, use the following command: racadm getconfig -g -i • For indexed groups the object anchor must be the first object after the [ ] pair. The following are examples of the current indexed groups: [cfgUserAdmin] cfgUserAdminUserName= If you type racadm getconfig -f .cfg, the command builds a .cfg file for the current CMC configuration. This configuration file can be used as an example and as a starting point for your unique .cfg file. Modifying the CMC IP Address When you modify the CMC IP address in the configuration file, remove all unnecessary = entries. Only the actual variable group’s label with [ and ] remains, including the two = entries pertaining to the IP address change. Example: # # Object Group "cfgLanNetworking" # [cfgLanNetworking] cfgNicIpAddress=10.35.10.110 cfgNicGateway=10.35.10.1 This file will be updated as follows: # # Object Group "cfgLanNetworking" # [cfgLanNetworking] cfgNicIpAddress=10.35.9.143 Using the RACADM Command Line Interface 89 # comment, the rest of this line is ignored cfgNicGateway=10.35.9.1 The command racadm config -f .cfg parses the file and identifies any errors by line number. A correct file will update the proper entries. Additionally, you can use the same getconfig command from the previous example to confirm the update. Use this file to download company-wide changes or to configure new systems over the network with the command, racadm getconfig -f .cfg. NOTE: "Anchor" is a reserved word and should not be used in the .cfg file. Troubleshooting Table 4-3 lists common problems related to remote RACADM. Table 4-3. Using the Serial and RACADM Commands: Frequently Asked Questions Question Answer After performing a CMC reset (using the You must wait until the CMC completes RACADM racreset subcommand), I issue the reset before issuing another a command and the following message is command. displayed: racadm Transport: ERROR: (RC=-1) What does this message mean? 90 Using the RACADM Command Line Interface Table 4-3. Using the Serial and RACADM Commands: Frequently Asked Questions (continued) Question Answer When I use the RACADM subcommands, I get errors that I do not understand. You may encounter one or more of the following errors when using RACADM: • Local error messages — Problems such as syntax, typographical errors, and incorrect names. Example: ERROR: Use the RACADM help subcommand to display correct syntax and usage information. • CMC-related error messages — Problems where the CMC is unable to perform an action. Also might say "racadm command failed." Type racadm gettracelog for debugging information. While I was using remote RACADM, the If you type a double quotation mark (") in prompt changed to a ">" and I cannot get the command, the CLI will change to the the "$" prompt to return. ">" prompt and queue all commands. To return to the "$" prompt, type –d. I tried using the following commands and The logout and quit commands are not supported in the CMC CLI interface. received an error saying "Not Found": $ logout $ quit Command updates for CMC 1.20 The following commands have been updated for the CMC 1.20 release: • chassisaction – -d and -w deprecated – nongraceshutdown added Using the RACADM Command Line Interface 91 • gettracelog/gettraclog/getsel – • getsensorinfo – • • • -s and -G deprecated serveraction – -s is now -m to specify a server – -A applies the serveraction command to all servers in the enclosure – graceshutdown deprecated fwupdate – added {-f } to specify FTP server IP address and username and password – added -c to cancel firmware update getpbinfo – • -A and -o do not generate additional output; provide backwards compatibility for existing scripts added new power budget status items and reporting values getpminfo – new command that provides power management status items and values For more information on the updates to these command, refer to the detailed section on each command in "RACADM Subcommands" on page 317. 92 Using the RACADM Command Line Interface Using the CMC Web Interface The CMC provides a Web interface that enables you to configure the CMC properties and users, perform remote management tasks, and troubleshoot a remote (managed) system for problems. For everyday chassis management, use the CMC Web interface. This chapter provides information about how to perform common chassis management tasks using the CMC Web interface. You can also perform all of the Web interface configuration tasks using local RACADM commands or command line consoles (serial console, Telnet, or SSH). For more information about using local RACADM, see "Using the RACADM Command Line Interface" on page 69. For information on using command line consoles, see "Configuring CMC to Use Command Line Consoles" on page 57. NOTE: If you are using Microsoft® Internet Explorer®, connecting through a proxy, and see the error "The XML page cannot be displayed," you will need to disable the proxy to continue. Accessing the CMC Web Interface To access the CMC Web interface: 1 Open a supported Web browser window. For more information, see "Supported Web Browsers" on page 29. 2 Type the following URL in the Address field, and then press : https:// If the default HTTPS port number (port 443) has been changed, type: https:// : where is the IP address for the CMC and port number is the HTTPS port number. The CMC Login page appears. Using the CMC Web Interface 93 Logging In NOTE: To log in to the CMC, you must have a CMC account with Log In to CMC privilege. NOTE: The default CMC user name is root, and the password is calvin. The root account is the default administrative account that ships with the CMC. For added security, Dell strongly recommends that you change the default password of the root account during initial setup. NOTE: The CMC does not support extended ASCII characters, such as ß, å, é, ü, or other characters used primarily in non-English languages. NOTE: You cannot log in to the Web interface with different user names in multiple browser windows on a single workstation. You can log in as either a CMC user or as a Microsoft® Active Directory® user. To log in: 1 In the Username field, type your user name: • CMC user name: • Active Directory user name: \ , / or @ . NOTE: This field is case sensitive. 2 In the Password field, type your CMC user password or Active Directory user password. NOTE: This field is case sensitive. 3 Click OK or press . Logging Out When you are logged in to the Web interface, you can log out at any time by clicking Logout in the upper right corner of any page. NOTE: Be careful to apply (save) any settings or information you enter on a page. If you log out or navigate away from that page without applying your changes, the changes will be lost. NOTE: Closing the browser without logging out first causes your session to remain open until it times out. Dell strongly recommends that you log out properly, by clicking the Logout button, before you close the browser. 94 Using the CMC Web Interface Configuring Basic CMC Settings Setting the Chassis Name You can set the name used to identify the chassis on the network. (The default name is "Dell Rack System.") For example, an SNMP query on the chassis name will return the name you configure. To set the chassis name: 1 Log in to the CMC Web interface. The Component Health page displays. 2 Click the Setup tab. The General Chassis Settings page displays. 3 Type the new name in the Chassis Name field, and then click Apply. Setting the Date and Time on the CMC 1 Log in to the CMC Web interface. The Component Health page displays. 2 Click the Setup tab. The General Chassis Settings page displays. 3 Click the Date/Time sub-tab. The Date/Time page displays. 4 Set date, time, and time zone settings, and then click Apply. Monitoring System Health Status Viewing Chassis and Component Summaries The CMC displays a graphical representation of the chassis on the Chassis Graphics page that provides a visual overview of installed component status. The Chassis Graphics page is dynamically updated, and the component subgraphic colors and text hints are automatically changed to reflect the current state. Using the CMC Web Interface 95 Figure 5-1. Example of Chassis Graphics in the Web Interface The Component Health page provides an overall health status for the chassis, primary and stand-by CMCs, iKVM, PSUs, fans, and I/O modules (IOMs). The Chassis Summary page provides a text-based overview of the chassis, primary and stand-by CMCs, iKVM, and IOMs. For instructions on viewing chassis and components summaries, see "Viewing Chassis Summaries" on page 295. Viewing Chassis Graphics and Component Health Status The Chassis Graphics page provides a graphical view of the front and rear of the chassis. This graphical representation provides a visual overview of the components installed within the chassis and its corresponding status. The Component Health page provides an overall health status for all chassis components. For instructions on viewing chassis graphics and component health status, see "Viewing Chassis and Component Health Status" on page 298. Viewing Power Budget Status The Power Budget Status page displays the power budget status for the chassis, servers, and chassis power supply units (PSUs). For instructions on viewing power budget status, see "Viewing Power Budget Status" on page 224. For more information about CMC power management, see "Power Management" on page 215. 96 Using the CMC Web Interface Viewing the Health Status of All Servers The health status for all servers can be viewed in two ways: from the Chassis Graphics section on the Chassis Status page or the Servers Status page. Chassis Graphics provides a graphical overview of all servers installed in the chassis. To view health status for all servers using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed. The center section of Chassis Graphics depicts the front view of the chassis and contains the health status of all servers. Server health status is indicated by the color of the server subgraphic: • Green - server is present, powered on and communicating with the CMC; there is no indication of an adverse condition. • Amber - server is present, but may or may not be powered on, or may or may not be communicating with the CMC; an adverse condition may exist. • Gray - server is present and not powered on. It is not communicating with the CMC and there is no indication of an adverse condition. The Servers Status page provides overviews of the servers in the chassis. To view health status for all servers: 1 Log in to the CMC Web interface. 2 Select Servers in the system tree. The Servers Status page appears. Table 5-1 provides descriptions of the information provided on the Servers Status page. Table 5-1. All Servers Status Information Item Description Slot # Displays the location of the server. The slot number is a sequential number that identifies the server by its location within the chassis. Present Indicates whether the server is present in the slot (Yes or No). If this field displays Extension of # (where the # will be 1-8), then the number that follows it is the main slot of a multi-slot server. When the server is absent, the health, power state, and service tag information of the server is unknown (not displayed). Using the CMC Web Interface 97 Table 5-1. All Servers Status Information (continued) Item Description Health OK Indicates that the server is present and communicating with the CMC. Informational Displays information about the server when no change in health status has occurred. Health (continued) Name Warning Indicates that only warning alerts have been issued, and corrective action must be taken within the time frame set by the administrator. If corrective actions are not taken within the administrator-specified time, critical or severe failures that can affect the integrity of the device could occur. Severe Indicates at least one Failure alert has been issued. Severe status represents a system failure on the server, and corrective action must be taken immediately. No Value When the server is absent from the slot, health information is not provided. Indicates the name of the server, which by default is identified by its slot name (SLOT-01 to SLOT-16). NOTE: You can change the server name from the default. For instructions, see "Editing Slot Names". Power State Indicates the power status of the server: • N/A - The CMC has not yet determined the power state of the server. • Off - Either the server is off or the chassis is off. • On - Both chassis and server are on. • Powering On - Temporary state between Off and On. When the action completes successfully, the Power State will be On. • Powering Off - Temporary state between On and Off. When the action completes successfully, the Power State will be Off. Service Tag 98 Displays the service tag for the server. The service tag a unique identifier provided by the manufacturer for support and maintenance. If the server is absent, this field is empty. Using the CMC Web Interface Editing Slot Names The Slot Names page allows you to update slot names in the chassis. Slot names are used to identify individual servers. When choosing slot names, the following rules apply: • Names may contain a maximum of 15 printable ASCII characters (ASCII codes 32 through 126), excluding the double quote (", ASCII 34). If using the RACADM command to change the slot name using any special characters, (~!@#$%^&*), the name string must be enclosed in double quotes for the environment to pass them correctly to the CMC. • Slot names must be unique within the chassis. No two slots may have the same name. • Strings are not case-sensitive. Server-1, server-1, and SERVER-1 are equivalent names. • Slot names must not begin with the following strings: • • Switch- • Fan- • PS- • KVM • DRAC- • MC- • Chassis • Housing-Left • Housing-Right • Housing-Center The strings Server-1 through Server-16 may be used, but only for the corresponding slot. For example, Server-3 is a valid name for slot 3, but not for slot 4. Note that Server-03 is a valid name for any slot. NOTE: To change a slot name in the Web interface, you must have Chassis Configuration Administrator privilege. NOTE: The slot name setting in the Web interface resides on the CMC only. If a server is removed from the chassis, the slot name setting does not remain with the server. Using the CMC Web Interface 99 NOTE: The slot name setting in the CMC Web interface always overrides any change you make to the display name in the iDRAC interface. To edit a slot name: 1 Log in to the CMC Web interface. 2 Select Servers in the Chassis menu in the system tree. 3 Click the Setup tab. The Slot Names page displays. 4 Type the updated or new name for a slot in the Slot Name field. Repeat this action for each slot you want to rename. 5 Click Apply. Setting the First Boot Device for Servers The First Boot Device page allows you to specify the CMC first boot device for each server. This may not be the actual first boot device for the server or even represent a device present in that server; instead it represents a device that will be used by the CMC as the first boot device in regard to that server. You can set the default boot device and you can also set a one-time boot device so that you can boot a special image to perform tasks such as running diagnostics or reinstalling an operating system. The boot device that you specify must exist and contain bootable media. Table 5-2 lists the boot devices that you can specify. Table 5-2. Boot Devices Boot Device Description PXE Boot from a Preboot Execution Environment (PXE) protocol on the network interface card. Hard Drive Boot from the hard drive on the server. Local CD/DVD Boot from a CD/DVD drive on the server. 100 Using the CMC Web Interface Table 5-2. Boot Devices (continued) Boot Device Description Virtual Floppy Boot from the virtual floppy drive. The floppy drive (or a floppy disk image) is on another computer on the management network, and is attached using the iDRAC GUI console viewer. Virtual CD/DVD Boot from a virtual CD/DVD drive or CD/DVD ISO image. The optical drive or ISO image file is located on another computer or disk available on the management network and is attached using the iDRAC GUI console viewer. iSCSI Boot from an Internet Small Computer System Interface (iSCSI) device. Local SD Card Boot from the local SD (Secure Digital) card - for the M805/M905 systems only. Floppy Boot from a floppy disc in the local Floppy disc drive. NOTE: To set the first boot device for servers you must have Server Administrator privilege or Chassis Configuration Administrator privilege and a login on the iDRAC. To set the first boot device for some or all servers in the chassis: 1 Log in to the CMC Web interface. 2 Click Servers in the system tree and then click Setup→ Deploy First Boot Device. A list of servers is displayed, one per row. 3 Select the boot device you want to use for each server. from the list box. Using the CMC Web Interface 101 4 If you want the server to boot from the selected device every time it boots, uncheck the Boot Once checkbox for the server. If you want the server to boot from the selected device only on the next boot cycle, select the Boot Once checkbox for the server. 5 Click Apply. Viewing the Health Status of an Individual Server The health status for an individual server can be viewed in two ways: from the Chassis Graphics section on the Chassis Status page or the Server Status page. The Chassis Graphics page provides a graphical overview of an individual server installed in the chassis. To view health status for individual servers using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed. The center section of Chassis Graphics depicts the front view of the chassis and contains the health status for individual servers. Server health status is indicated by the color of the server subgraphic: • Green - server is present, powered on and communicating with the CMC; there is no indication of an adverse condition. • Amber - server is present, but may or may not be powered on, or may or may not be communicating with the CMC; an adverse condition may exist. • Gray - server is present and not powered on. It is not communicating with the CMC and there is no indication of an adverse condition. 3 Use the cursor to hover over an individual server subgraphic and a corresponding text hint or screen tip is displayed. The text hint provides additional information on that server. 4 The server subgraphic is hyperlinked to the corresponding CMC GUI page to provide immediate navigation to the Server Status page for that server. The Server Status page (separate from the Servers Status page) provides an overview of the server and a launch point to the Web interface for the Integrated Dell Remote Access Controller (iDRAC), which is the firmware used to manage the server. 102 Using the CMC Web Interface NOTE: To use the iDRAC user interface, you must have an iDRAC user name and password. For more information about iDRAC and the using the iDRAC Web interface, see the Integrated Dell Remote Access Controller Firmware Version 1.00 User’s Guide. To view the health status of an individual server: 1 Log in to the CMC Web interface. 2 Expand Servers in the system tree. All of the servers (1–16) appear in the expanded Servers list. 3 Click the server you want to view. The Server Status page displays. Table 5-3 provides descriptions of the information provided on the Server Status page. Table 5-3. Individual Server Status Information Item Description Slot Indicates the slot occupied by the server on the chassis. Slot numbers are sequential IDs, from 1 through 16 (there are 16 slots available on the chassis), that help identify the location of the server in the chassis. Slot Name Indicates the name of the slot where the server resides. Present Indicates whether the server is present in the slot (Present or Absent). When the server is absent, the health, power state, and service tag information of the server is unknown (not displayed). Using the CMC Web Interface 103 Table 5-3. Individual Server Status Information (continued) Item Description Health OK Indicates that the server is present and communicating with the CMC. In the event of a communication failure between the CMC and the server, the CMC cannot obtain or display health status for the server. Informational Displays information about the server when no change in health status (OK, Warning, Severe) has occurred. Warning Indicates that only warning alerts have been issued, and corrective action must be taken within the time frame set by the administrator. If corrective actions are not taken within the administrator-specified time, critical or severe failures that can affect the integrity of the server could occur. Severe Indicates at least one Failure alert has been issued. Severe status represents a system failure on the server, and corrective action must be taken immediately. No Value When the server is absent from the slot, health information is not provided. Server Model Indicates the model of the server in the chassis. Examples: PowerEdge M600 or PowerEdge M605. Service Tag Displays the service tag for the server. The service tag a unique identifier provided by the manufacturer for support and maintenance. If the server is absent, this field is empty. iDRAC Firmware Indicates the iDRAC version currently installed on the server. BIOS version Indicates the BIOS version on the server. Operating System Indicates the operating system on the server. 104 Using the CMC Web Interface Viewing the Health Status of IOMs The health status for the IOMs can be viewed in two ways: from the Chassis Graphics section on the Chassis Status page or the I/O Modules Status page. The Chassis Graphics page provides a graphical overview of the IOMs installed in the chassis. To view health status of the IOMs using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed. The right section of Chassis Graphics depicts the rear view of the chassis and contains the health status for the IOMs. IOM health status is indicated by the color of the IOM subgraphic: • Green - IOM is present, powered on and communicating with the CMC; there is no indication of an adverse condition. • Amber - IOM is present, but may or may not be powered on, or may or may not be communicating with the CMC; an adverse condition may exist. • Gray - IOM is present and not powered on. It is not communicating with the CMC and there is no indication of an adverse condition. 3 Use the cursor to hover over an individual IOM subgraphic and a corresponding text hint or screen tip is displayed. The text hint provides additional information on that IOM. 4 The IOM subgraphic is hyperlinked to the corresponding CMC GUI page to provide immediate navigation to the I/O Module Status page associated with that IOM. The I/O Modules Status page provides overviews of all IOMs associated with the chassis. For instructions on viewing IOM health through the Web interface or RACADM, see "Monitoring IOM Health" on page 276. Viewing the Health Status of the Fans NOTE: During updates of CMC or iDRAC firmware on a server, some or all of the fan units in the chassis will spin at 100%. This is normal. Using the CMC Web Interface 105 The health status of the fans can be viewed in two ways: from the Chassis Graphics section on the Chassis Status page or the Fans Status page. The Chassis Graphics page provides a graphical overview of all fans installed in the chassis. To view health status for all fans using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed. The right section of Chassis Graphics depicts the rear view of the chassis and contains the health status of all fans. Fan health status is indicated by the color of the fan subgraphic: • Green - fan is present, powered on and communicating with the CMC; there is no indication of an adverse condition. • Amber - fan is present, but may or may not be powered on, or may or may not be communicating with the CMC; an adverse condition may exist. • Gray - fan is present and not powered on. It is not communicating with the CMC and there is no indication of an adverse condition. 3 Use the cursor to hover over the an individual fan subgraphic and a corresponding text hint or screen tip is displayed. The text hint provides additional information on that fan. 4 The fan subgraphic is hyperlinked to the corresponding CMC GUI page to provide immediate navigation to the Fans Status page. The Fans Status page provides the status and speed measurements (in revolutions per minute, or RPMs, of the fans in the chassis. There can be one or more fans. The CMC, which controls fan speeds, automatically increases or decreases fan speeds based on system wide events. The CMC generates an alert and increases the fan speeds when the following events occur: • The CMC ambient temperature threshold is exceeded. • A fan fails. • A fan is removed from the chassis. To view the health status of the fan units: 1 Log in to the CMC Web interface. 2 Select Fans in the system tree. The Fans Status page displays. 106 Using the CMC Web Interface Table 5-4 provides descriptions of the information provided on the Fans Status page. Table 5-4. Fans Health Status Information Item Description Present Indicates whether the fan unit is present (Yes or No). Health OK Indicates that the fan unit is present and communicating with the CMC. In the event of a communication failure between the CMC and the fan unit, the CMC cannot obtain or display health status for the fan unit. Severe Indicates at least one Failure alert has been issued. Severe status represents a system failure on the fan unit, and corrective action must be taken immediately to prevent overheating and system shutdown. Unknown Displayed when the chassis is first powered on. In the event of a communication failure between the CMC and the fan unit, the CMC cannot obtain or display health status for the fan unit. Name Displays the fan name in the format FAN-n, where n is the fan number. Speed Indicates the speed of the fan in revolutions per minute (RPM). Viewing the iKVM Status The local access KVM module for your Dell M1000e server chassis is called the Avocent® Integrated KVM Switch Module, or iKVM. The health status of the iKVM associated with the chassis can be viewed on the Chassis Graphics page. Using the CMC Web Interface 107 To view health status for the iKVM using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed. The right section of Chassis Graphics depicts the rear view of the chassis and contains the health status of the iKVM. iKVM health status is indicated by the color of the iKVM subgraphic: • Green - iKVM is present, powered on and communicating with the CMC; there is no indication of an adverse condition. • Amber - iKVM is present, but may or may not be powered on, or may or may not be communicating with the CMC; an adverse condition may exist. • Gray - iKVM is present and not powered on. It is not communicating with the CMC and there is no indication of an adverse condition. 3 Use the cursor to hover over the iKVM subgraphic and a corresponding text hint or screen tip is displayed. The text hint provides additional information on that iKVM. 4 The iKVM subgraphic is hyperlinked to the corresponding CMC GUI page to provide immediate navigation to the iKVM Status page. For additional instructions on viewing iKVM status and setting properties for the iKVM, see: • "Viewing the iKVM Status and Properties" on page 264 • "Enabling or Disabling the Front Panel" on page 263 • "Enabling the Dell CMC Console via iKVM" on page 263 • "Updating the iKVM Firmware" on page 265 For more information about iKVM, see "Using the iKVM Module" on page 245. Viewing the Health Status of the PSUs The health status of the PSUs associated with the chassis can be viewed in two ways: from the Chassis Graphics section on the Chassis Status page or the Power Supply Status page. The Chassis Graphics page provides a graphical overview of all PSUs installed in the chassis. 108 Using the CMC Web Interface To view health status for all PSUs using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed. The right section of Chassis Graphics depicts the rear view of the chassis and contains the health status of all PSUs. PSU health status is indicated by the color of the PSU subgraphic: • Green - PSU is present, powered on and communicating with the CMC; there is no indication of an adverse condition. • Amber - PSU is present, but may or may not be powered on or may or may not be communicating with the CMC; an adverse condition may exist. • Gray - PSU is present and not powered on. It is not communicating with the CMC and there is no indication of an adverse condition. 3 Use the cursor to hover over the an individual PSU subgraphic and a corresponding text hint or screen tip is displayed. The text hint provides additional information on that PSU. 4 The PSU subgraphic is hyperlinked to the corresponding CMC GUI page to provide immediate navigation to the Power Supply Status page for all PSUs. The Power Supply Status page displays the status and readings of the PSUs associated with the chassis. For more information about CMC power management, see "Power Management" on page 215. To view the health status of the PSUs: 1 Log in to the CMC Web interface. 2 Select Power Supplies in the system tree. The Power Supply Status page displays. Using the CMC Web Interface 109 Table 5-5 provides descriptions of the information provided on the Power Supply Status page. Table 5-5. Power Supply Health Status Information Item Description Present Indicates whether the power supply is present (Yes or No). Health OK Indicates that the PSU is present and communicating with the CMC. Indicates that the health of the PSU is OK. In the event of a communication failure between the CMC and the fan unit, the CMC cannot obtain or display health status for the PSU. Severe Indicates that the PSU has a failure and the health is critical. Corrective action must be taken immediately. Failure to do so may cause the component to shutdown due to power loss. Unknown Displayed with the chassis is first powered on. In the event of a communication failure between the CMC and the PSU, the CMC cannot obtain or display health status for the PSU. Name Displays the name of the PSU: PS-n, where n is the power supply number. Power Status Indicates the power state of the PSU: Online, Off, or Slot Empty. Capacity Displays the power capacity in watts. Viewing Status of the Temperature Sensors The Temperature Sensors Information page displays the status and readings of the temperature probes on the entire chassis (chassis, servers, IOMs, and iKVM). NOTE: The temperature probes value cannot be edited. Any change beyond the threshold will generate an alert that will cause the fan speed to vary. For example, if the CMC ambient temperature probe exceeds threshold, the speed of the fans on the chassis will increase. 110 Using the CMC Web Interface To view the health status of the temperature probes: 1 Log in to the CMC Web interface. 2 Select Temperature Sensors in the system tree. The Temperature Sensors Information page displays. Table 5-6 provides descriptions of the information provided on the Temperature Sensors Information page. Table 5-6. Temperature Sensors Health Status Information Item Description Present Indicates whether the sensor is present (Yes) or absent (No) in the chassis. Temperature ID Displays the numeric ID of the temperature probe. Name Displays the name of each temperature probe on the chassis, servers, IOMs, and iKVM. Examples: Ambient Temp, Server 1 Temp, I/O Module 1, iKVM Temp. Reading Indicates the current temperature in degrees Centigrade. Threshold Maximum Indicates the highest temperature, in degrees Centigrade, at which a Failure alert is issued. Threshold Minimum Indicates the lowest temperature, in degrees Centigrade, at which a Failure alert is issued. Viewing World Wide Name/Media Access Control (WWN/MAC) IDs The WWN/MAC Summary page allows you to view the WWN configuration and MAC address of a slot in the chassis. Fabric Configuration The Fabric Configuration section displays the type of Input/Output fabric that is installed for Fabric A, Fabric B, and Fabric C. A green check mark indicates that the fabric is enabled for FlexAddress. The FlexAddress feature is used to deploy chassis assigned and slot persistent WWN/MAC addresses to various fabrics and slots within the chassis. This feature is enabled on a per fabric and per slot basis. Using the CMC Web Interface 111 NOTE: Refer to "Using FlexAddress" on page 169 for more information on the FlexAddress feature. WWN/MAC Addresses The WWN/MAC Address section displays WWN/MAC information for all servers. Location displays the location of the slot occupied by the Input/Output modules. The six slots are identified by a combination of the group name (A, B, or C) and slot number (1 or 2): slot names A1, A2, B1, B2, C1, or C2. Fabric displays the type of the I/O fabric. Server-Assigned displays the server-assigned WWN/MAC addresses embedded in the controller's hardware. Chassis-Assigned displays the chassis-assigned WWN/MAC addresses used for the particular slot. A green check mark in the ServerAssigned or in Chassis-Assigned columns indicates the type of active addresses. Configuring CMC Network Properties Setting Up Initial Access to the CMC NOTE: You must have Chassis Configuration Administrator privilege to set up CMC network settings. 1 Log in to the Web interface. 2 Select Chassis in the system tree. The Component Health page appears. 3 Click the Network/Security tab. The Network Configuration page appears. 4 Enable or disable DHCP for the CMC by selecting or clearing the Use DHCP (For CMC NIC IP Address) check box. 5 If you disabled DHCP, type the IP address, gateway, and subnet mask. 6 Click Apply Changes at the bottom of the page. Configuring the Network LAN Settings NOTE: To perform the following steps, you must have Chassis Configuration Administrator privilege. NOTE: The settings on the Network Configuration page, such as community string and SMTP server IP address, affect both the CMC and the external settings of the chassis. 112 Using the CMC Web Interface NOTE: If you have two CMCs (primary and standby) on the chassis, and they are both connected to the network, the standby CMC automatically assumes the network settings in the event of failover of the primary CMC. 1 Log in to the Web interface. 2 Click the Network/Security tab. 3 Configure the CMC network settings described in Table 5-7. 4 Click Apply Changes. To configure IP range and IP blocking settings, click the Advanced Settings button (see "Configuring CMC Network Security Settings" on page 118). To refresh the contents of the Network Configuration page, click Refresh. To print the contents of the Network Configuration page, click Print. Using the CMC Web Interface 113 Table 5-7. Network Settings Setting Description CMC MAC Address Displays the chassis’ MAC address, which is a unique identifier for the chassis over the computer network. Enable NIC Enables the NIC of the CMC. Default: Enabled. If this option is checked: • The CMC communicates with and is accessible over the computer network. • The Web interface, CLI (remote RACADM), WSMAN, Telnet, and SSH associated with the CMC are available. If this option is not checked: • The CMC NIC cannot communicate over the network. • Communication to the chassis through CMC is not available. • The Web interface, CLI (remote RACADM), WSMAN, Telnet, and SSH associated with the CMC are not available. • The server iDRAC Web interface, local CLI, I/O modules, and iKVM are still accessible. • Network addresses for the iDRAC and CMC can be obtained, in this case, from the chassis' LCD. NOTE: Access to the other network-accessible components in the chassis is not affected when the network on the chassis is disabled (or lost). 114 Using the CMC Web Interface Table 5-7. Network Settings (continued) Setting Description Use DHCP (For CMC NIC IP Address) Enables the CMC to request and obtain an IP address from the Dynamic Host Configuration Protocol (DHCP) server automatically. Default: Checked (enabled) If this option is checked, the CMC retrieves IP configuration (IP address, mask, and gateway) automatically from a DHCP server on your network. The CMC will always have a unique IP address allotted over your network. NOTE: When this feature is enabled, the IP address, Gateway, and Mask property fields (located immediately following this option on the Network Configuration page) are disabled, and any previously entered values for these properties are ignored. If this option is not checked, you must manually type the IP address, gateway, and mask in the text fields immediately following this option on the Network Configuration page. • Static CMC IP Address Specifies or edits the static IP address for the CMC NIC. To change this setting, deselect the Use DHCP (For NIC IP Address) check box. • Static Gateway Specifies or edits the static gateway for the CMC NIC. To change this setting, deselect the Use DHCP (For NIC IP Address) check box. • Static Subnet Mask Specifies or edits the static mask for the CMC NIC. To change this setting, deselect the Use DHCP (For NIC IP Address) check box. Using the CMC Web Interface 115 Table 5-7. Network Settings (continued) Setting Description Use DHCP to Obtain DNS Server Addresses Obtains the primary and secondary DNS server addresses from the DHCP server instead of the static settings. Default: Unchecked (disabled) by default NOTE: If Use DHCP (For NIC IP Address) is enabled, then enable the Use DHCP to Obtain DNS Server Addresses property. If this option is checked, the CMC retrieves its DNS IP address automatically from a DHCP server on your network. NOTE: When this property is enabled, the Static Preferred DNS Server and Static Alternate DNS Server property fields (located immediately following this option on the Network Configuration page) are inactivated, and any previously entered values for these properties are ignored. If this option is not checked, the CMC retrieves the DNS IP address from the Static Preferred DNS Server and Static Alternate DNS Server. The addresses of these servers are specified in the text fields immediately following this option on the Network Configuration page. • Static Preferred DNS Server Specifies the static IP address for the preferred DNS Server. The Static Preferred DNS Server is implemented only when Use DHCP to Obtain DNS Server Addresses is disabled. • Static Alternate DNS Server Specifies the static IP address for the alternate DNS Server. The Static Alternate DNS Server is implemented only when Use DHCP to obtain DNS Server addresses is disabled. If you do not have an alternate DNS Server, type an IP address of 0.0.0.0. Register CMC on DNS This property registers the CMC name on the DNS Server. Default: Unchecked (disabled) by default NOTE: Some DNS Servers will only register names of 31 characters or fewer. Make sure the designated name is within the DNS required limit. 116 Using the CMC Web Interface Table 5-7. Network Settings (continued) Setting Description DNS CMC Name Displays the CMC name only when Register CMC on DNS is selected. The default CMC name is CMC_service_tag, where service tag is the service tag number of the chassis, for example: CMC-00002. The maximum number of characters is 63. The first character must be a letter (a-z, A-Z), followed by an alphanumeric (a-z, A-Z, 0-9) or a hyphen (-) characters. Use DHCP for DNS Domain Name Uses the default DNS domain name. This check box is active only when Use DHCP (For NIC IP Address) is selected. Default: Disabled DNS Domain Name The default DNS Domain Name is a blank character. This field can be edited only when the Use DHCP for DNS Domain Name check box is selected. Auto Negotiation Determines whether the CMC automatically sets the duplex mode and network speed by communicating with the nearest router or switch (On) or allows you to set the duplex mode and network speed manually (Off). Default: On If Auto Negotiation is On, CMC automatically communicates with the nearest router or switch. If Auto Negotiation is Off, you must set the duplex mode and network speed manually. Network Speed Set the network speed to 100 Mbps or 10 Mbps to match your network environment. NOTE: The Network Speed setting must match your network configuration for effective network throughput. Setting the Network Speed lower than the speed of your network configuration increases bandwidth consumption and slows network communication. Determine whether your network supports the above network speeds and set it accordingly. If your network configuration does not match any of these values, Dell recommends that you use Auto Negotiation or refer to your network equipment manufacturer. Using the CMC Web Interface 117 Table 5-7. Network Settings (continued) Setting Description Duplex Mode Set the duplex mode to full or half to match your network environment. Implications: If Auto Negotiation is turned On for one device but not the other, then the device using auto negotiation can determine the network speed of the other device, but not the duplex mode. In this case, duplex mode defaults to the half duplex setting during auto negotiation. such a duplex mismatch will result in a slow network connection. NOTE: The network speed and duplex mode settings are not available if Auto Negotiation is set to On. MTU Sets the size of the Maximum Transmission Unit (MTU), or the largest packet that can be passed through the interface. Configuration range: 576–1500. Default: 1500. Configuring CMC Network Security Settings NOTE: To perform the following steps, you must have Chassis Configuration Administrator privilege. 1 Log in to the Web interface. 2 Click the Network/Security tab. The Network Configuration page displays. 3 Click the Advanced Settings button. The Network Security page displays. 4 Configure the CMC network security settings. Table 5-8 describes the settings on the Network Security page. Table 5-8. Network Security Page Settings Settings Description IP Range Enabled Enables the IP Range checking feature, which defines a specific range of IP addresses that can access the CMC. IP Range Address Determines the base IP address for range checking. 118 Using the CMC Web Interface Table 5-8. Network Security Page Settings (continued) Settings Description IP Range Mask Defines a specific range of IP addresses that can access the CMC, a process called IP range checking. IP range checking allows access to the CMC only from clients or management stations whose IP addresses are within the userspecified range. All other logins are denied. For example: IP range mask: 255.255.255.0 (11111111.11111111.11111111.00000000) IP range address:192.168.0.255 (11000000.10101000.00000000.11111111) The resulting IP address range is any address that contains 192.168.0, that is, any address from 192.168.0.0 through 192.168.0.255. IP Blocking Enabled Enables the IP address blocking feature, which limits the number of failed login attempts from a specific IP address for a pre-selected time span. • IP Blocking Fail Sets the number of login failures attempted from an IP address Count before the login attempts are rejected from that address. • IP Blocking Fail Determines the time span in seconds within which IP Blocking Window Fail Count failures must occur to trigger the IP Block Penalty Time. • IP Blocking Penalty Time The time span in seconds within which login attempts from an IP address with excessive failures are rejected. NOTE: The IP Blocking Fail Count, IP Blocking Fail Window, and IP Blocking Penalty Time fields are active only if the IP Blocking Enabled check box (the property field preceding these fields) is checked (enabled). In that case, you must manually type IP Blocking Fail Count, IP Blocking Fail Window, and IP Blocking Penalty Time properties. 5 Click Apply to save your settings. To refresh the contents of the Network Security page, click Refresh. To print the contents of the Network Security page, click Print. Using the CMC Web Interface 119 Adding and Configuring CMC Users To manage your system with the CMC and maintain system security, create unique users with specific administrative permissions (or role-based authority). For additional security, you can also configure alerts that are e-mailed to specific users when a specific system event occurs. User Types There are two types of users: CMC users and iDRAC users. CMC users are also known as "chassis users." Since iDRAC resides on the server, iDRAC users are also known as "server users." CMC users can be local users or Active Directory users. iDRAC users can also be local users or Active Directory users. Except where a CMC user has Server Administrator privilege, privileges granted to a CMC user are not automatically transferred to the same user on a server, because server users are created independently from CMC users. In other words, CMC Active Directory users and iDRAC Active Directory users reside on two different branches in the Active Directory tree. To create a local server user, the User Configuration Administrator must log into the server directly. The User Configuration Administrator cannot create a server user from CMC or vice versa. This rule protects the security and integrity of the servers. Table 5-9, Table 5-10, and Table 5-11 describe CMC user privileges (local or Active Directory), and what operations a CMC user can execute on the chassis and on the servers based on the privileges he is granted. The term user or users, therefore, should be understood as CMC users. Server users will be explicitly specified. 120 Using the CMC Web Interface Table 5-9. User Types Privilege Description CMC Login User Users who have the CMC Login User privilege can log in to CMC. A user with only the login privilege can view all of the CMC data but cannot add or modify data or execute commands. It is possible for a user to have other privileges without the login privilege. This feature is useful when a user is temporarily disallowed to login. When that user’s login privilege is restored, the user retains all the other privileges previously granted. Chassis Configuration Administrator Users who have the Chassis Configuration Administrator privilege can add or change data that: • Identifies the chassis, such as chassis name and chassis location • Is assigned specifically to the chassis, such as IP mode (static or DHCP), static IP address, static gateway, and static subnet mask • Provides services to the chassis, such as date and time, firmware update, and CMC reset. • Is associated with the chassis, such as slot name and slot priority. Although these properties apply to the servers, they are strictly chassis properties relating to the slots rather than the servers themselves. For this reason, slot names and slot priorities can be added or changed whether or not servers are present in the slots. When a server is moved to a different chassis, it inherits the slot name and priority assigned to the slot it occupies in the new chassis. Its previous slot name and priority remain with the previous chassis. Using the CMC Web Interface 121 Table 5-9. User Types (continued) Privilege Description User Configuration Administrator Users who have the User Configuration Administrator privilege can: • Add a new user • Delete an existing user • Change a user's password • Change a user's privileges • Enable or disable a user's login privilege but retain the user's name and other privileges in the database. Clear Logs Administrator CMC users who have the Clear Administrator privilege can clear the hardware log and CMC log. Chassis Control Administrator (Power Commands) CMC users with the Chassis Power Administrator privilege can perform all power-related operations: 122 • Control chassis power operations, including power on, power off, and power cycle. Using the CMC Web Interface Table 5-9. User Types (continued) Privilege Description Server Administrator The Server Administrator privilege is a blanket privilege granting a CMC user all rights to perform any operation on any servers present in the chassis. When a user with CMC Server Administrator privilege issues an action to be performed on a server, the CMC firmware sends the command to the targeted server without checking the user's privileges on the server. In other words, the CMC Server Administrator privilege overrides any lack of administrator privileges on the server. Without the Server Administrator privilege, a user created on the chassis can only execute a command on a server when all of the following conditions are true: • The same user name exists on the server • The same user name must have the exact same password on the server • The user must have the privilege to execute the command When a CMC user who does not have Server Administrator privilege issues an action to be performed on a server, the CMC will send a command to the targeted server with the user’s login name and password. If the user does not exist on the server, or if the password does not match, the user is denied the ability to perform the action. If the user exists on the target server and the password matches, the server responds with the privileges of which the user was granted on the server. Based on the privileges responding from the server, CMC firmware decides if the user has the right to perform the action. Listed below are the privileges and the actions on the server to which the Server Administrator is entitled. These rights are applied only when the chassis user does not have the Server Administrative privilege on the chassis. Using the CMC Web Interface 123 Table 5-9. User Types (continued) Privilege Description Server Administrator (continued) Server Configuration Administrator: • Set IP address • Set gateway • Set subnet mask • Set first boot device User Configuration Administrator: • Set iDRAC root password • iDRAC reset Server Control Administrator: • Power on • Power off • Power cycle • Graceful shutdown • Server Reboot Test Alert User CMC users who have the Test Alert User privilege can send test alert messages. Debug Command Administrator CMC users who have the Debug Administrator privilege can execute system diagnostic commands. Fabric A Administrator CMC users who have the Fabric A Administrator privilege can set and configure the Fabric A IOM, which resides in either slot A1 or slot A2 of the I/O slots. Fabric B Administrator CMC users who have the Fabric B Administrator privilege can set and configure the Fabric B IOM, which resides in either slot B1 or slot B2 of the I/O slots. Fabric C Administrator CMC users who have the Fabric C Administrator privilege can set and configure the Fabric C IOM, which resides in either slot C1 or slot C2 of the I/O slots. The CMC user groups provide a series of user groups that have pre-assigned user privileges. The privileges are listed and described in Table 5-9. The following table lists the user groups and the pre-defined user privileges. 124 Using the CMC Web Interface NOTE: If you select Administrator, Power User, or Guest User, and then add or remove a privilege from the pre-defined set, the CMC Group automatically changes to Custom. Table 5-10. CMC Group Privileges User Group Privileges Granted Administrator • CMC Login User • Chassis Configuration Administrator • User Configuration Administrator • Clear Logs Administrator • Server Administrator • Test Alert User • Debug Command Administrator • Fabric A Administrator • Fabric B Administrator • Fabric C Administrator Power User • CMC Login User • Clear Logs Administrator • Chassis Control Administrator (Power Commands) • Server Administrator • Test Alert User • Fabric A Administrator • Fabric B Administrator • Fabric C Administrator Guest User CMC Login User Using the CMC Web Interface 125 Table 5-10. CMC Group Privileges (continued) User Group Privileges Granted Custom Select any combination of the following permissions: • CMC Login User • Chassis Configuration Administrator • User Configuration Administrator • Clear Logs Administrator • Chassis Control Administrator (Power Commands) • Super User • Server Administrator • Test Alert User • Debug Command Administrator • Fabric A Administrator • Fabric B Administrator • Fabric C Administrator None No assigned permissions. Table 5-11. Comparison of Privileges Between CMC Administrators, Power Users, and Guest Users Privilege Set Administrator Permissions CMC Login User Chassis Configuration Administrator User Configuration Administrator Clear Logs Administrator Chassis Control Administrator (Power Commands) 126 Using the CMC Web Interface Power User Permissions Guest User Permissions Table 5-11. Comparison of Privileges Between CMC Administrators, Power Users, and Guest Users (continued) Privilege Set Administrator Permissions Power User Permissions Guest User Permissions Super User Server Administrator Test Alert User Debug Command Administrator Fabric A Administrator Fabric B Administrator Fabric C Administrator Adding and Managing Users From the Users and User Configuration pages in the Web interface, you can view information about CMC users, add a new user, and change settings for an existing user. You can configure up to 16 local users. If additional users are required and your company uses the Microsoft® Active Directory® service software, you can configure Active Directory to provide access to the CMC. Active Directory configuration would allow you to add and control CMC user privileges to your existing users in your Active Directory software, in addition to the 16 local users. For more information, see "Using the CMC With Microsoft Active Directory" on page 185. Users can be logged in through Web interface, Telnet serial, SSH, and iKVM sessions. A maximum of 22 active sessions (Web interface, Telnet serial, SSH, and iKVM, in any combination) can be divided among users. Using the CMC Web Interface 127 NOTE: For added security, Dell strongly recommends that you change the default password of the root (User 1) account. The root account is the default administrative account that ships with the CMC. To change the default password for the root account, click User ID 1 to open the User Configuration page. Help for that page is available through the Help link at the top right corner of the page. To add and configure CMC users: NOTE: You must have User Configuration Administrator privilege to perform the following steps. 1 Log in to the Web interface. 2 Click the Network/Security tab, and then click the Users sub-tab. The Users page appears, listing each user’s user ID, user name, CMC privilege, and login state, including those of the root user. User IDs available for configuration will have no user information displayed. 3 Click an available user ID number. The User Configuration page displays. To refresh the contents of the Users page, click Refresh. To print the contents of the Users age, click Print. 4 Select general settings for the user. Table 5-12 describes the General settings for configuring a new or existing CMC username and password. Table 5-12. General User Settings Property Description User ID (Read only) Identifies a user by one of 16 preset, sequential numbers used for CLI scripting purposes. The User ID identifies the particular user when configuring the user through the CLI tool (RACADM). You cannot edit the User ID. If you are editing information for user root, this field is static. You cannot edit the user name for root. Enable User 128 Enables or disables the user's access to the CMC. Using the CMC Web Interface Table 5-12. General User Settings (continued) Property Description User Name Sets or displays the unique CMC user name associated with the user. The user name can contain up to 16 characters. CMC user names cannot include forward slash (/) or period (.) characters. NOTE: If you change the user name, the new name does not appear in the user interface until your next login. Any user logging in after you apply the new user name will be able to see the change immediately. Change Password Allows an existing user’s password to be changed. Set the new password in the New Password field. The Change Password check box is not selectable if you are configuring a new user. You can select it only when changing an existing user setting. Password Sets a new password for an existing user. To change the password, you must also select the Change Password check box. The password can contain up to 20 characters, which display as dots as you type. Confirm Password Verifies the password you entered in the New Password field. NOTE: The New Password and Confirm New Password fields are editable only when you are (1) configuring a new user; or (2) editing the settings for an existing user, and the Change Password check box is selected. 5 Assign the user to a CMC user group. Table 5-9 describes CMC user privileges. Table 5-10 describes the user group permissions for the CMC User Privileges settings. Table 5-11 provides a comparison of privileges between Administrators, Power Users, and Guest Users. When you select a user privilege setting from the CMC Group drop-down menu, the enabled privileges (shown as checked boxes in the list) display according to the pre-defined settings for that group. You can customize the privileges settings for the user by checking or unchecking boxes. After you have selected a CMC Group or made Custom user privilege selections, click Apply Changes to keep the settings. 6 Click Apply Changes. Using the CMC Web Interface 129 To refresh the contents of the User Configuration page, click Refresh. To print the contents of the User Configuration page, click Print. Configuring and Managing Microsoft Active Directory Certificates NOTE: To configure Active Directory settings for the CMC, you must have Chassis Configuration Administrator privilege. NOTE: For more information about Active Directory configuration and how to configure Active Directory with Standard Schema or Extended Schema, see "Using the CMC With Microsoft Active Directory" on page 185. You can use the Microsoft Active Directory service to configure your software to provide access to the CMC. Active Directory service allows you to add and control the CMC user privileges of your existing users. To access the Active Directory Main Menu page: 1 Log in to the Web interface. 2 Click the Network/Security tab, and then click the Active Directory subtab. The Active Directory Main Menu page appears. Table 5-13 lists the Active Directory Main Menu page options. Table 5-13. Active Directory Main Menu Page Options Field Description Configure Configure and manage the following Active Directory settings for CMC: CMC Name, ROOT Domain Name, CMC Domain Name, Active Directory Authentication Timeout, Active Directory Schema Selection (Extended or Standard), and Role Group settings. Upload AD Certificate Upload a certificate authority-signed certificate for Active Directory to the CMC. This certificate, which you obtain from Active Directory, grants access to the CMC. 130 Using the CMC Web Interface Table 5-13. Active Directory Main Menu Page Options (continued) Field Description Download Certificate Download a CMC server certificate to your management station or shared network using Windows Download Manager. When you select this option and click Next, a File Download dialog box appears. Use this dialog box to specify a location on your management station or shared network for the server certificate. View Certificate Displays the certificate authority-signed server certificate for Active Directory that has been uploaded to the CMC. NOTE: By default, CMC does not have a certificate authorityissued server certificate for Active Directory. You must upload a current, certificate authority-signed server certificate. Configuring Active Directory (Standard Schema and Extended Schema) NOTE: To configure Active Directory settings for the CMC, you must have Chassis Configuration Administrator privilege. NOTE: Before configuring or using the Active Directory feature, you must ensure that your Active Directory server is configured to communicate with the CMC. 1 Ensure that all Secure Socket Layer (SSL) certificates for the Active Directory servers are signed by the same certificate authority and have been uploaded to the CMC. 2 Log in to the Web interface and navigate to the Active Directory Main Menu. 3 Select Configure, and then click Next. The Active Directory Configuration and Management page displays. 4 Select the Enable Active Directory check box under the Common Settings heading. 5 Type the required information into the remaining fields. See Table 5-14. Using the CMC Web Interface 131 Table 5-14. Active Directory Common Settings Properties Setting Description Root Domain Name Specifies the domain name used by Active Directory. The root domain name is the fully qualified root domain name for the forest. NOTE: The root domain name must be a valid domain name using the x.y naming convention, where x is a 1–256 character ASCII string with no spaces between characters, and y is a valid domain type such as com, edu, gov, int, mil, net, or org. Default: null (empty) AD Timeout The time in seconds to wait for Active Directory queries to complete. The minimum value is equal to or greater than 15 seconds. Default: 120 seconds Specify AD Server to search (Optional) Enables (when checked) directed call on the domain controller and global catalog. If you enable this option, you must also specify the domain controller and global catalog locations in the following settings. NOTE: The name on the Active Directory CA Certificate will not be matched against the specified Active Directory server or the Global Catalog server. Domain Controller Specifies the server where your Active Directory service is installed. This option is valid only if Specify AD Server to search (OPTIONAL) is enabled. Global Catalog Specifies the location of the global catalog on the Active Directory domain controller. The global catalog provides a resource for searching an Active Directory forest. This option is valid only if Specify AD Server to search (OPTIONAL) is enabled. 6 Select an Active Directory schema under the Active Directory Schema Selection heading. See Table 5-15. 132 Using the CMC Web Interface 7 If you selected Extended Schema, type the following required information in the Extended Schema Settings section, and then proceed directly to step 9. If you selected Standard Schema, proceed to step 8. • CMC Device Name – The name that uniquely identifies the CMC card in Active Directory. The CMC name must be the same as the common name of the new CMC object you created in your Domain Controller. The name must be a 1–256 character ASCII string with no spaces between characters. Default: null (empty). • CMC Domain Name – The DNS name (string) of the domain where the Active Directory CMC object resides (example: cmc.com). The name must be a valid domain name consisting of x.y, where x is a 1–256 character ASCII string with no spaces between characters, and y is a valid domain type such as com, edu, gov, int, mil, net, or org. Default: null (empty). NOTE: Do not use the NetBIOS name. The CMC Domain Name is the fully qualified domain name of the sub-domain where the CMC Device Object is located. Table 5-15. Active Directory Schema Options Setting Description Use Standard Schema Uses Standard Schema with Active Directory, which uses Active Directory group objects only. Before configuring CMC to use the Active Directory Standard Schema option, you must first configure the Active Directory software: 1 On an Active Directory server (domain controller), open the Active Directory Users and Computers Snap-in. 2 Create a group or select an existing group. The name of the group and the name of this domain must be configured on the CMC either with the Web interface or RACADM. Using the CMC Web Interface 133 Table 5-15. Active Directory Schema Options (continued) Setting Description Use Extended Schema Uses Extended Schema with Active Directory, which uses Dell-defined Active Directory objects. Before configuring CMC to use the Active Directory Extended Schema option, you must first configure the Active Directory software: 1 Extend the Active Directory schema. 2 Extend the Active Directory Users and Computers Snapin. 3 Add CMC users and their privileges to Active Directory. 4 Enable SSL on each of your domain controllers. 5 Configure the CMC Active Directory properties using either the CMC Web interface or the RACADM. 8 If you selected Standard Schema, type the following information in the Standard Schema Settings section. If you selected Extended Schema, proceed to step 9. • Role Groups – The role groups associated with the CMC. To change the settings for a role group, click the role group number in the Role Groups list. The Configure Role Group page displays. NOTE: If you click a role group link prior to applying any new settings you have made, you will lose those settings. To avoid losing any new settings, click Apply before clicking a role group link. • Group Name – The name that identifies the role group in the Active Directory associated with the CMC card. • Group Domain – The domain where the group is located. • Group Privilege – The privilege level for the group. 9 Click Apply to save the settings. To refresh the contents of the Active Directory Configuration and Management page, click Refresh. To print the contents of the Active Directory Configuration and Management page, click Print. 134 Using the CMC Web Interface To configure the Role Groups for Active Directory, click the individual Role Group (1–5). See Table 5-10 and Table 5-9). NOTE: To save the settings on the Active Directory Configuration and Management page, you have to click Apply before proceeding to the Custom Role Group page. Uploading an Active Directory Certificate Authority-Signed Certificate From the Active Directory Main Menu page: 1 Select Upload AD Certificate, and then click Next. The Certificate Upload page displays. 2 Type the file path in the text field, or click Browse to select the file. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension. 3 Click Apply. If the certificate is invalid, an error message displays. To refresh the contents of the Upload Active Directory CA Certificate page, click Refresh. To print the contents of the Upload Active Directory CA Certificate page, click Print. Viewing an Active Directory Certificate Authority-Signed Certificate NOTE: If you uploaded an Active Directory server certificate on the CMC, make sure the certificate is still valid and has not expired. From the Active Directory Main Menu page: 1 Select View Certificate, and then click Next. 2 Click the appropriate View Active Directory CA Certificate page button to continue. Table 5-16. Active Directory CA Certificate Information Field Description Serial Number Certificate serial number. Subject Information Certificate attributes entered by the subject. Issuer Information Certificate attributes returned by the issuer. Using the CMC Web Interface 135 Table 5-16. Active Directory CA Certificate Information (continued) Field Description Valid From Certificate issue date. Valid To Certificate expiration date. To refresh the contents of the View Active Directory CA Certificate page, click Refresh. To print the contents of the View Active Directory CA Certificate page, click Print. Securing CMC Communications Using SSL and Digital Certificates This subsection provides information about the following data security features that are incorporated in your CMC: • Secure Sockets Layer (SSL) • Certificate Signing Request (CSR) • Accessing the SSL main menu • Generating a new CSR • Uploading a server certificate • Viewing a server certificate Secure Sockets Layer (SSL) The CMC includes a Web server that is configured to use the industrystandard SSL security protocol to transfer encrypted data over the Internet. Built upon public-key and private-key encryption technology, SSL is a widely accepted technique for providing authenticated and encrypted communication between clients and servers to prevent eavesdropping across a network. SSL allows an SSL-enabled system to perform the following tasks: 136 • Authenticate itself to an SSL-enabled client • Allow the client to authenticate itself to the server • Allow both systems to establish an encrypted connection Using the CMC Web Interface This encryption process provides a high level of data protection. The CMC employs the 128-bit SSL encryption standard, the most secure form of encryption generally available for Internet browsers in North America. The CMC Web server includes a Dell self-signed SSL digital certificate (Server ID). To ensure high security over the Internet, replace the Web server SSL certificate by submitting a request to the CMC to generate a new Certificate Signing Request (CSR). Certificate Signing Request (CSR) A CSR is a digital request to a certificate authority (referred to as a CA in the Web interface) for a secure server certificate. Secure server certificates ensure the identity of a remote system and ensure that information exchanged with the remote system cannot be viewed or changed by others. To ensure the security for your CMC, it is strongly recommended that you generate a CSR, submit the CSR to a certificate authority, and upload the certificate returned from the certificate authority. A certificate authority is a business entity that is recognized in the IT industry for meeting high standards of reliable screening, identification, and other important security criteria. Examples of CAs include Thawte and VeriSign. After the certificate authority receives your CSR, they review and verify the information the CSR contains. If the applicant meets the certificate authority’s security standards, the certificate authority issues a certificate to the applicant that uniquely identifies that applicant for transactions over networks and on the Internet. After the certificate authority approves the CSR and sends you a certificate, you must upload the certificate to the CMC firmware. The CSR information stored on the CMC firmware must match the information contained in the certificate. Accessing the SSL Main Menu NOTE: To configure SSL settings for the CMC, you must have Chassis Configuration Administrator privilege. Using the CMC Web Interface 137 NOTE: Any server certificate you upload must be current (not expired) and signed by a certificate authority. 1 Log in to the Web interface. 2 Click the Network/Security tab, and then click the SSL sub-tab. The SSL Main Menu page appears. Use the SSL Main Menu page options to generate a CSR to send to a certificate authority. The CSR information is stored on the CMC firmware. Generating a New Certificate Signing Request To ensure security, Dell strongly recommends that you obtain and upload a secure server certificate to the CMC. Secure server certificates ensure the identity of a remote system and that information exchanged with the remote system cannot be viewed or changed by others. Without a secure server certificate, the CMC is vulnerable to access from unauthorized users. Table 5-17. SSL Main Menu Options Field Description Generate a New Certificate Signing Request (CSR) Select this option and click Next to open the Generate Certificate Signing Request (CSR) page, where you can generate a CSR request for a secure Web certificate to submit to a certificate authority. NOTICE: Each new CSR overwrites any previous CSR on the CMC. For a certificate authority to accept your CSR, the CSR in the CMC must match the certificate returned from the certificate authority. Upload Server Certificate Select this option and click Next to open the Certificate Upload page, where you can upload an existing certificate that your company holds title to and uses to control access to the CMC. NOTICE: Only X509, Base 64-encoded certificates are accepted by the CMC. DER-encoded certificates are not accepted. Uploading a new certificate replaces the default certificate you received with your CMC. View Server Certificate Select the option and click the Next button to open the View Server Certificate page where you can view the current server certificate. 138 Using the CMC Web Interface To obtain a secure server certificate for the CMC, you must submit a Certificate Signing Request (CSR) to a certificate authority of your choice. A CSR is a digital request for a signed, secure server certificate containing information about your organization and a unique, identifying key. When a CSR is generated from the Generate Certificate Signing Request (CSR) page, you are prompted to save a copy to your management station or shared network, and the unique information used to generate the CSR is stored on the CMC. This information is used later to authenticate the server certificate you receive from the certificate authority. After you receive the server certificate from the certificate authority, you must then upload it to the CMC. NOTE: For the CMC to accept the server certificate returned by the certificate authority, authentication information contained in the new certificate must match the information that was stored on the CMC when the CSR was generated. NOTICE: When a new CSR is generated, it overwrites any previous CSR on the CMC. If a pending CSR is overwritten before its server certificate is granted from a certificate authority, the CMC will not accept the server certificate because the information it uses to authenticate the certificate has been lost. Take caution when generating a CSR to prevent overwriting any pending CSR. To generate a CSR: 1 From the SSL Main Menu page, select Generate a New Certificate Signing Request (CSR), and then click Next. The Generate Certificate Signing Request (CSR) page displays. 2 Type a value for each CSR attribute value. Table 5-18 describes the Generate Certificate Signing Request (CSR) page options. 3 Click Generate. A File Download dialog box appears. 4 Save the csr.txt file to your management station or shared network. (You may also open the file at this time and save it later.) You will later submit this file to a certificate authority. Using the CMC Web Interface 139 Table 5-18. Generate Certificate Signing Request (CSR) Page Options Field Description Common Name The exact name being certified (usually the Web server's domain name, for example, www.xyzcompany.com/). Valid: Alphanumeric characters (A–Z, a–z, 0–9); hyphens, underscores, and periods. Not valid: Non-alphanumeric characters not noted above (such as, but not limited to, @ # $ % & *); characters used primarily in non-English languages, such as ß, å, é, ü. Organization Name The name associated with your organization (example: XYZ Corporation). Valid: Alphanumeric characters (A–Z, a–z, 0–9); hyphens, underscores, periods, and spaces. Not valid: Non-alphanumeric characters not noted above (such as, but not limited to, @ # $ % & *). Organization Unit The name associated with an organizational unit, such as a department (example: Enterprise Group). Valid: Alphanumeric characters (A–Z, a–z, 0–9); hyphens, underscores, periods, and spaces. Not valid: Non-alphanumeric characters not noted above (such as, but not limited to, @ # $ % & *). Locality The city or other location of your organization (examples: Atlanta, Hong Kong). Valid: Alphanumeric characters (A–Z, a–z, 0–9) and spaces. Not Valid: Non-alphanumeric characters not noted above (such as, but not limited to, @ # $ % & *). State The state, province, or territory where the entity that is applying for a certification is located (examples: Texas, New South Wales, Andhra Pradesh). NOTE: Do not use abbreviations. Valid: Alphanumeric characters (upper- and lower-case letters; 0–9); and spaces. Not valid: Non-alphanumeric characters not noted above (such as, but not limited to, @ # $ % & *). 140 Using the CMC Web Interface Table 5-18. Generate Certificate Signing Request (CSR) Page Options (continued) Field Description Country The country where the organization applying for certification is located. Email Your organization's email address. You may type any email address you want to have associated with the CSR. The email address must be valid, containing the at (@) sign (example: name@xyzcompany.com). Uploading a Server Certificate 1 From the SSL Main Menu page, select Upload Server Certificate, and then click Next. The Certificate Upload page displays. 2 Type the file path in the text field, or click Browse to select the file. 3 Click Apply. If the certificate is invalid, an error message displays. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension. To refresh the contents of the Certificate Upload page, click Refresh. To print the contents of the Certificate Upload page, click Print. Viewing a Server Certificate From the SSL Main Menu page, select View Server Certificate, and then click Next. The View Server Certificate page displays. Table 5-19 describes the fields and associated descriptions listed in the Certificate window. Table 5-19. Certificate Information Field Description Serial Certificate serial number Subject Certificate attributes entered by the subject Issuer Certificate attributes returned by the issuer Using the CMC Web Interface 141 Table 5-19. Certificate Information (continued) Field Description notBefore Issue date of the certificate notAfter Expiration date of the certificate To refresh the contents of the View Server Certificate page, click Refresh. To print the contents of the View Server Certificate page, click Print. Managing Sessions The Sessions page displays all current instances of connections to the chassis and allows you to terminate any active session. NOTE: To terminate a session, you must have Chassis Configuration Administrator privilege. To manage sessions: 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Network/Security tab. 4 Click the Sessions sub-tab. The Sessions page appears. Table 5-20. Sessions Properties Property Description Session ID Displays the sequentially generated ID number for each instance of a login. Username Displays the user's login name (local user or Active Directory user). Examples of Active Directory user names are name@domain.com, domain.com/name, domain.com\name. IP Address Displays the user’s IP address in dot-separated format. Session Type Describes the session type: Telnet, serial, SSH, Remote RACADM, SMASH CLP, WSMAN, or a GUI session. 142 Using the CMC Web Interface Table 5-20. Sessions Properties (continued) Property Description Terminate Allows you to terminate any of the sessions listed, except for your own. To terminate the associated session, click the trash can icon . This column is displayed only if you have Chassis Configuration Administrator privileges. To terminate the session, click the trash can icon on the line that describes the session. Configuring Services The CMC includes a Web server that is configured to use the industrystandard SSL security protocol to accept and transfer encrypted data from and to clients over the Internet. The Web server includes a Dell self-signed SSL digital certificate (Server ID) and is responsible for accepting and responding to secure HTTP requests from clients. This service is required by the Web interface and remote CLI tool for communicating to the CMC. NOTE: The remote (RACADM) CLI tool and the Web interface use the Web server. In the event that the Web Server is not active, the remote RACADM and the Web interface are not operable. NOTE: In an event of a Web server reset, wait at least one minute for the services to become available again. A Web server reset usually happens as a result of any of the following events: the network configuration or network security properties are changed through the CMC Web user interface or RACADM; the Web Server port configuration is changed through the Web user interface or RACADM; the CMC is reset; a new SSL server certificate is uploaded. NOTE: To modify service settings, you must have Chassis Configuration Administrator privilege. To configure CMC services: 1 Log in to the CMC Web interface. 2 Click the Network/Security tab. 3 Click the Services sub-tab. The Services page appears. Using the CMC Web Interface 143 4 Configure the following services as required: • CMC serial console (Table 5-21) • Web server (Table 5-22) • SSH (Table 5-23) • Telnet (Table 5-24) • Remote RACADM (Table 5-25) 5 Click Apply; update all default time outs and maximum time out limits. Table 5-21. CMC Serial Console Settings Setting Description Enabled Enables Telnet console interface on the CMC. Default: Unchecked (disabled) Redirect Enabled Enables the serial/text console redirection to the server through your Telnet client from the CMC. The CMC connects to iDRAC, which internally connects to the server. Configuration options: Checked (enabled), unchecked (disabled) Default: Unchecked (disabled) Idle Timeout Indicates the number of seconds before an idle Telnet session is automatically disconnected. A change to the Timeout setting takes effect at the next login; it does not affect the current session. Timeout Range: 0 or 60 to 10800 seconds. To disable the Timeout feature, enter 0. Default: 1800 seconds Baud Rate Indicates the data speed on the external serial port on the CMC. Configuration options: 9600, 19200, 28800, 38400, 57600, and 115200 bps. Default: 115200 bps Authentication Disabled 144 Enables CMC Serial Console login authentication. Default: Unchecked (disabled) Using the CMC Web Interface Table 5-21. CMC Serial Console Settings (continued) Setting Description Escape Key Allows you to specify the Escape key combination that terminates serial/text console redirection when using the connect com2 command. Default: ^\ (Hold and type a backslash (\) character) NOTE: The caret character ^ represents the key. Configuration options: • Decimal value (example: 95) • Hexadecimal value (example: 0x12) • Octal value (example: 007) • ASCII value (example: ^a) ASCII values may be represented using the following Escape key codes: • Esc followed by any alphabetic character (a-z, A-Z) • Esc followed by the following special characters: [ ] \ ^ _ • Maximum Allowed Length: 4 History Size Buffer Indicates the maximum size of the serial history buffer, which holds the last characters written to the Serial Console. Default: 8192 characters Login Command Specifies the serial command that is automatically executed when a user logs into the CMC Serial Console interface. Example: connect server-1 Default: [Null] Using the CMC Web Interface 145 Table 5-22. Web Server Settings Setting Description Enabled Enables Web Server services (access through remote RACADM and the Web interface) for the CMC. Default: Checked (enabled) Max Sessions Indicates the maximum number of simultaneous Web user interface sessions allowed for the chassis. A change to the Max Sessions property takes effect at the next login; it does not affect current Active Sessions (including your own). The remote RACADM is not affected by the Max Sessions property for the Web Server. Allowed range: 1–4 Default: 4 NOTE: If you change the Max Sessions property to a value less than the current number of Active Sessions and then log out, you cannot log back in until the other sessions have been terminated or expired. Idle Timeout Indicates the number of seconds before an idle Web user interface session is automatically disconnected. A change to the Timeout setting takes effect at the next login; it does not affect the current session. Timeout range: 60 to 10800 seconds. Default: 1800 seconds 146 Using the CMC Web Interface Table 5-22. Web Server Settings (continued) Setting Description HTTP Port Number Indicates the default port used by the CMC that listens for a server connection. NOTE: When you provide the HTTP address on the browser, the Web server automatically redirects and uses HTTPS. If the default HTTP port number (80) has been changed, you must include the port number in the address in the browser address field, as shown: http:// : where IP address is the IP address for the chassis, and port number is the HTTP port number other than the default of 80. Configuration range: 10–65535 Default: 80 HTTPS Port Number Indicates the default port used by the CMC that listens for a secured server connection. If the default HTTPS port number (443) has been changed, you must include the port number in the address in the browser address field, as shown: http:// : where is the IP address for the chassis, and is the HTTPS port number other than the default of 443. Configuration range: 10–65535 Default: 443 Using the CMC Web Interface 147 Table 5-23. SSH Settings Setting Description Enabled Enables the SSH on the CMC. Default: Checked (enabled) Max Sessions The maximum number of simultaneous SSH sessions allowed for the chassis. A change to this property takes effect at the next login; it does not affect current Active Sessions (including your own). Configurable range: 1–4 Default: 4 NOTE: If you change the Max Sessions property to a value less than the current number of Active Sessions and then log out, you cannot log back in until the other sessions have been terminated or expired. Idle Timeout Indicates the number of seconds before an idle SSH session is automatically disconnected. A change to the Timeout setting takes effect at the next login; it does not affect the current session. Timeout Range: 0 or 60–10800 seconds. To disable the Timeout feature, enter 0. Default: 1800 seconds Port Number Port used by the CMC that listens for a server connection. Configuration range: 10–65535 Default: 22 148 Using the CMC Web Interface Table 5-24. Telnet Settings Setting Description Enabled Enables Telnet console interface on the CMC. Default: Unchecked (disabled) Max Sessions Indicates the maximum number of simultaneous Telnet sessions allowed for the chassis. A change to this property takes effect at the next login; it does not affect current Active Sessions (including your own). Allowed range: 1–4 Default: 4 NOTE: If you change the Max Sessions property to a value less than the current number of Active Sessions and then log out, you cannot log back in until the other sessions have been terminated or expired. Idle Timeout Indicates the number of seconds before an idle Telnet session is automatically disconnected. A change to the Timeout setting takes effect at the next login; it does not affect the current session. Timeout Range: 0 or 60–10800 seconds. To disable the Timeout feature, enter 0. Default: 1800 seconds Port Number Indicates the port used by the CMC that listens for a server connection. Default: 23 Using the CMC Web Interface 149 Table 5-25. Remote RACADM Settings Setting Description Enabled Enables the remote RACADM utility access to the CMC. Default: Checked (enabled) Max Sessions Indicates the maximum number of simultaneous RACADM sessions allowed for the chassis. A change to this property takes effect at the next login; it does not affect current Active Sessions (including your own). Allowed range: 1–4 Default: 4 NOTE: If you change the Max Sessions property to a value less than the current number of Active Sessions and then log out, you cannot log back in until the other sessions have been terminated or expired. Idle Timeout Indicates the number of seconds before an idle racadm session is automatically disconnected. A change to the Idle Timeout setting takes effect at the next login; it does not affect the current session. To disable the Idle Timeout feature, enter 0. Timeout Range: 0, or 10 to 1920 seconds. To disable the Timeout feature, enter 0. Default: 30 seconds Configuring Power Budgeting The CMC allows you to budget and manage power to the chassis. The power management service optimizes power consumption and re-allocates power to different modules based on the demand. For instructions on configuring power through the CMC, see "Configuring and Managing Power" on page 222. For more information on the CMC’s power management service, see "Power Management" on page 215. 150 Using the CMC Web Interface Managing Firmware This section describes how to use the Web interface to update firmware. The following components can be updated using the GUI or RACADM commands: • CMC - primary and standby. • iKVM • iDRAC (boot-block mode only) • IOM infrastructure devices When you update firmware, there is a recommended process to follow that can prevent a loss of service if the update fails. See "Installing or Updating the CMC Firmware" on page 52 for guidelines to follow before you use the instructions in this section. Viewing the Current Firmware Versions The Updatable Components page displays the current version of the iKVM firmware, primary CMC firmware, (if applicable) the standby CMC firmware, the iDRAC firmware, and the IOM infrastructure device firmware. Clicking on either the device name or the firmware version will display a Device Update page for that particular device. The Device Update page displays only one device at a time, except in the case of the CMC where both the standby and active CMCs are displayed if both are updatable. Only the standby and active CMC can be updated at the same time with the same action from the Web interface; all other devices (IOMs or servers) must be updated one at a time. To update multiple servers and IOMs, refer to "fwupdate" on page 329 for information on the fwupdate command. If the chassis contains a server whose iDRAC is in recovery mode or if the CMC detects that an iDRAC has corrupted firmware, the iDRAC is also listed on the Updatable Components page. See "Recovering iDRAC Firmware Using the CMC" on page 157 for the steps to recover iDRAC firmware using the CMC. Using the CMC Web Interface 151 To view firmware versions: 1 Log in to the Web interface (see "Accessing the CMC Web Interface" on page 93). 2 Click Chassis in the system tree. 3 Click the Update tab. The Updatable Components page appears. Updating Firmware NOTE: To update firmware on the CMC, you must have Chassis Configuration Administrator privilege. NOTE: The firmware update retains the current CMC and iKVM settings. NOTE: If a web user interface session is used to update system component firmware, the "Idle Timeout" setting must be set high enough to accommodate the file transfer time. In some cases, the firmware file transfer time may be as high as 30 minutes. To set the "Idle Timeout" value, see "Configuring Services" on page 143. NOTE: The iDRAC firmware is updatable through the iDRAC Web-based user interface or remote RACADM. However, if the CMC user interface detects the presence of a server but is unable to communicate with it, it indicates a corruption. In such cases, iDRAC Firmware Update will be available from the Updatable Components page. To open the Updatable Components page, select Chassis in the system tree, and then click the Update tab. The Updatable Components page displays the current version of the firmware for each listed component and allows you to update the firmware to the latest revision by uploading the firmware image file (package). NOTE: Be sure you have the latest firmware version. You can download the latest firmware image file from the Dell Support website. Updating the CMC Firmware NOTE: During updates of the CMC firmware or the iDRAC firmware on a server, some or all of the fan units in the chassis will spin at 100%. This is normal. NOTE: The Active (primary) CMC resets and becomes temporarily unavailable after the firmware has been uploaded successfully. If a standby CMC is present, the standby and active roles will swap; the standby (secondary) CMC becomes the active (primary) CMC. If an update is applied only to the active (primary) CMC, after the reset is complete the primary CMC will not be running the updated image, only the standby (secondary) will have that image. 152 Using the CMC Web Interface NOTE: To avoid disconnecting other users during a reset, notify authorized users who might log in to the CMC and check for active sessions by viewing the Sessions page. To open the Sessions page, select Chassis in the tree, click the Network/Security tab, and then click the Sessions sub-tab. Help for that page is available through the Help link at the top right corner of the page. NOTE: When transferring files to and from the CMC, the file transfer icon spins during the transfer. If your icon is not animated, make sure that your browser is configured to allow animations. See "Allow Animations in Internet Explorer" on page 40 for instructions. NOTE: If you experience problems downloading files from CMC using Internet Explorer, enable the Do not save encrypted pages to disk option. See "Downloading Files From CMC With Internet Explorer" on page 40 for instructions. 1 On the Updatable Components page, click the CMC name. The Firmware Update page appears. The active, and, if present, the standby, CMCs are listed and selected. Both CMCs can be updated at the same time. 2 In the Firmware Image field, enter the path to the firmware image file on your management station or shared network, or click Browse to navigate to the file location. NOTE: The default CMC firmware image name is firmimg.cmc. The CMC firmware should be updated first, before updating IOM infrastructure device firmware. 3 Click Begin Firmware Update. A dialog box prompts you to confirm the action. 4 Click Yes to continue. The Firmware Update Progress section provides firmware update status information. A status indicator displays on the page while the image file uploads. File transfer time can vary greatly based on connection speed. When the internal update process begins, the page automatically refreshes and the Firmware update timer displays. Additional items to note: • Do not use the Refresh button or navigate to another page during the file transfer. • To cancel the process, click Cancel File Transfer and Update - this option is available only during file transfer. Using the CMC Web Interface 153 • Update status displays in the Update State field; this field is automatically updated during the file transfer process. Certain older browsers do not support these automatic updates. To manually refresh the Update State field, click Refresh. NOTE: The update may take several minutes for the CMC. 5 For a standby (secondary) CMC, when the update is complete the Update State field displays "Done". For an active (primary) CMC, during the final phases of the firmware update process, the browser session and connection with the CMC will be lost temporarily as the active (primary) CMC is taken off line. You must log in again after a few minutes, when the active (primary) CMC has rebooted. After the CMC resets, the new firmware is updated and displayed on the Updatable Components page. NOTE: After the firmware update, clear the Web browser cache. See your Web browser’s online help for instructions on how to clear the browser cache. Updating the iKVM Firmware NOTE: The iKVM resets and becomes temporarily unavailable after the firmware has been uploaded successfully. 1 Log back in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Update tab. The Updatable Components page appears. 4 Click the iKVM name. The Firmware Update page appears. 5 In the Firmware Image field, enter the path to the firmware image file on your management station or shared network, or click Browse to navigate to the file location. NOTE: The default iKVM firmware image name is ikvm.bin; however, the iKVM firmware image name can be changed by the user. 6 Click Begin Firmware Update. A dialog box prompts you to confirm the action. 7 Click Yes to continue. The Firmware Update Progress section provides firmware update status information. A status indicator displays on the page while the image file uploads. File transfer time can vary greatly based 154 Using the CMC Web Interface on connection speed. When the internal update process begins, the page automatically refreshes and the Firmware update timer displays. Additional items to note: • Do not use the Refresh button or navigate to another page during the file transfer. • To cancel the process, click Cancel File Transfer and Update - this option is available only during file transfer. • Update status displays in the Update State field; this field is automatically updated during the file transfer process. Certain older browsers do not support these automatic updates. To manually refresh the Update State field, click Refresh. NOTE: The update may take up to one minute for the iKVM. When the update is complete, iKVM resets and the new firmware is updated and displayed on the Updatable Components page. Updating the IOM Infrastructure Device Firmware By performing this update, the firmware for an infrastructure component of the IOM device is updated. 1 Log back in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Update tab. The Updatable Components page appears. 4 Click the IOM Infrastructure device name. The Firmware Update page appears. 5 In the Firmware Image field, enter the path to the firmware image file on your management station or shared network, or click Browse to navigate to the file location. NOTE: The Firmware Image field does not display for an IOM infrastructure device (IOMINKF) target because the required image resides on the CMC. The CMC firmware should be updated first, before updating IOMINF firmware. 6 Click Begin Firmware Update. A dialog box prompts you to confirm the action. 7 Click Yes to continue. The Firmware Update Progress section provides firmware update status information. A status indicator displays on the page while the image file uploads. File transfer time can vary greatly based Using the CMC Web Interface 155 on connection speed. When the internal update process begins, the page automatically refreshes and the Firmware update timer displays. Additional items to note: • Do not use the Refresh button or navigate to another page during the file transfer. • To cancel the process, click Cancel File Transfer and Update - this option is available only during file transfer. • Update status displays in the Update State field; this field is automatically updated during the file transfer process. Certain older browsers do not support these automatic updates. To manually refresh the Update State field, click Refresh. NOTE: No file transfer timer is displayed when updating IOMINF firmware. The update process will cause a brief loss of connectivity to the IOM device since the device will perform a restart when the update is complete. When the update is complete, the new firmware is updated and displayed on the Updatable Components page. Updating the Server iDRAC Firmware NOTE: The iDRAC (on a Server) will reset and become temporarily unavailable after firmware updates have been uploaded successfully. 1 Log back in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Update tab. The Updatable Components page appears. 4 Click the Server name. The Firmware Update page appears. 5 In the Firmware Image field, enter the path to the firmware image file on your management station or shared network, or click Browse to navigate to the file location. 6 Click Begin Firmware Update. A dialog box prompts you to confirm the action. 7 Click Yes to continue. The Firmware Update Progress section provides firmware update status information. A status indicator displays on the page while the image file uploads. File transfer time can vary greatly based 156 Using the CMC Web Interface on connection speed. When the internal update process begins, the page automatically refreshes and the Firmware update timer displays. Additional items to note: • Do not use the Refresh button or navigate to another page during the file transfer. • To cancel the process, click Cancel File Transfer and Update - this option is available only during file transfer. • Update status displays in the Update State field; this field is automatically updated during the file transfer process. Certain older browsers do not support these automatic updates. To manually refresh the Update State field, click Refresh. NOTE: The update may take several minutes for the CMC or Server. When the update is complete, the updated Server will no longer be present on the Updatable Components page. Recovering iDRAC Firmware Using the CMC iDRAC firmware is typically updated using iDRAC facilities such as the iDRAC Web interface, the SM-CLP command line interface, or operating system specific update packages downloaded from support.dell.com. See the iDRAC Firmware User’s Guide for instructions for updating the iDRAC firmware. If the iDRAC firmware becomes corrupted, as could occur if the iDRAC firmware update progress is interrupted before it completes, you can use the CMC Web interface to update its firmware. If the CMC detects the corrupted iDRAC firmware, the iDRAC is listed on the Updatable Components page. See "Viewing the Current Firmware Versions" on page 151 for instructions to display the Updatable Components page. Using the CMC Web Interface 157 NOTE: If the iDRAC MAC address has been lost or corrupted, it must be set to a valid address before you can recover the iDRAC firmware using the CMC. You can use the IPMI config params command to set a MAC address. The MAC address is the fifth parameter of the command. It must be set to a 6-byte address that is unique on your management network. Refer to the documentation for your IPMI utility (for example, ipmitool or ipmish) for help executing the command. Follow these steps to update the iDRAC firmware. 1 Download the latest iDRAC firmware to your management computer from support.dell.com. 2 Log in to the Web interface (see "Accessing the CMC Web Interface" on page 93). 3 Click Chassis in the system tree. 4 Click the Update tab. The Updatable Components page appears. The server with the recoverable iDRAC is included in the list if it is able to be recovered from the CMC. 5 Click server-n, where n is the number of the server whose iDRAC you want to recover. 6 Click Browse, browse to the iDRAC firmware image you downloaded, and click Open. NOTE: The default iDRAC firmware image name is firmimg.imc. 7 Click Begin Firmware Update. NOTE: It can take up to ten minutes to update the iDRAC firmware. The file transfer icon spins while the firmware image is transferred to the CMC, but not while the CMC transfers the image to the iDRAC. After the firmware image file has been uploaded to the CMC, the iDRAC will update itself with the image. FlexAddress This section describes the FlexAddress feature Web interface screens. FlexAddress is an optional upgrade that allows server modules to replace the factory assigned WWN/MAC ID with a WWN/MAC ID provided by the chassis. 158 Using the CMC Web Interface NOTE: You must purchase and install the FlexAddress upgrade to have access to the configuration screens. If the upgrade has not been purchased and installed, the following text will be displayed on the Web interface: Optional feature not installed. See the Dell Chassis Management Controller Users Guide for information on the chassis-based WWN and MAC address administration feature. To purchase this feature, please contact Dell at www.dell.com. Viewing FlexAddress Status You can use the Web interface to view FlexAddress status information. You can view status information for the entire chassis or for an individual server. The information displayed includes: • Fabric configuration • FlexAddress active/not active • Slot number and name • Chassis-assigned and server-assigned addresses • Addresses in use NOTE: You can also view FlexAddress status using the command line interface. For more command information, see "Using FlexAddress" on page 169. Viewing Chassis FlexAddress Status FlexAddress status information can be displayed for the entire chassis. The status information includes whether the feature is active and an overview of the FlexAddress status for each blade. Use the following steps to view whether FlexAddress is active for the chassis: 1 Log in to the Web interface (see "Accessing the CMC Web Interface" on page 93). 2 Click Chassis in the system tree. 3 Click the Setup tab. The General Setup page appears. The FlexAddress entry will have a value of Active or Not Active; a value of active means that the feature is installed on the chassis. A value of not active means that the feature is not installed and not in use on the chassis. Using the CMC Web Interface 159 Use the following steps to display a FlexAddress status overview for each server module: 1 Log in to the Web interface (see "Accessing the CMC Web Interface" on page 93). 2 Click Servers in the system tree. Click the Properties tab, WWN/MAC sub-tab. 3 The FlexAddress Summary page is displayed. This page allows you to view the WWN configuration and MAC addresses for all slots in the chassis. The status page presents the following information: Fabric Configuration Fabric A, Fabric B, and Fabric C display the type of the Input/Output fabric installed. WWN/MAC Addresses Displays FlexAddress configuration for each slot in the chassis. Information displayed includes: • Slot number and location • FlexAddress active/not active status • Fabric type • Server-assigned and chassis-assigned WWN/MAC addresses in use A green check mark indicates the active address type, either server-assigned or chassis-assigned. 4 For additional information, click the Help link and review "Using FlexAddress" on page 169. Viewing Server FlexAddress Status FlexAddress status information can also be displayed for each individual server. The server level information displays a FlexAddress status overview for that blade. 160 Using the CMC Web Interface Use the following steps to view FlexAddress server information: 1 Log in to the Web interface (see "Accessing the CMC Web Interface" on page 93). 2 Expand Servers in the system tree. All of the servers (1–16) appear in the expanded Servers list. 3 Click the server you want to view. The Server Status page displays. 4 Click the Setup tab, and the FlexAddress sub-tab. The FlexAddress Status page is displayed. This page allows you to view the WWN configuration and MAC addresses for the selected server. The status page presents the following information: FlexAddress Enabled Displays whether the FlexAddress feature is active or not active for the particular slot. Current State Displays the current FlexAddress configuration: • Chassis-Assigned - selected slot address is chassis assigned using the FlexAddress. The slot-based WWN/MAC addresses remain the same even if a new server is installed. • Server-Assigned - server uses the server-assigned address or the default address embedded into the controller hardware. Power State Displays the current power status of the servers; values are: On, Powering On, Powering Off, Off, and N/A (if a server is not present). Using the CMC Web Interface 161 Health OK Indicates that FlexAddress is present and providing status to the CMC. In the event of a communication failure between the CMC and FlexAddress, the CMC cannot obtain or display health status for FlexAddress. Informational Displays information about FlexAddress when no change in health status (OK, Warning, Severe) has occurred. Warning Indicates that only warning alerts have been issued, and corrective action must be taken within the time frame set by the administrator. If corrective actions are not taken within the administratorspecified time, critical or severe failures that can affect the integrity of the server could occur. Severe Indicates at least one Failure alert has been issued. Severe status represents a system failure on the server, and corrective action must be taken immediately. No Value When FlexAddress is absent, health information is not provided. iDRAC firmware Displays the iDRAC version currently installed on the server. BIOS Version Displays the current BIOS version of the server module. Slot Slot number of the server associated with the fabric location. Location Displays the location of the Input/Output (I/O) module in the chassis by group number (A, B, or C) and slot number (1 or 2). Slot names: A1, A2, B1, B2, C1, or C2. Fabric Displays the type of fabric. Server-Assigned Displays the server-assigned WWN/MAC addresses that are embedded in the controller's hardware. Chassis-Assigned Displays the chassis-assigned WWN/MAC addresses that are used for the particular slot. 162 Using the CMC Web Interface 5 For additional information, click the Help link and review "Using FlexAddress" on page 169. Configuring FlexAddress If you purchase FlexAddress with your chassis, it will be installed and active when you power up your system. If you purchase FlexAddress separately, you must install the SD feature card using the instructions in the Chassis Management Controller (CMC) Secure Digital (SD) Card Technical Specification document. See support.dell.com for this document. The server must be off before you begin configuration. You can enable or disable FlexAddress on a per fabric basis. Additionally, you can enable/disable the feature on a per slot basis. After you enable the feature on a per-fabric basis, you can then select slots to be enabled. For example, if Fabric-A is enabled, any slots that are enabled will have FlexAddress enabled only on Fabric-A. All other fabrics will use the factory-assigned WWN/MAC on the server. Selected slots will be FlexAddress enabled for all fabrics that are enabled. For example, it is not possible to enable Fabric-A and B, and have Slot 1 be FlexAddress enabled on Fabric-A but not on Fabric-B. NOTE: You can also configure FlexAddress using the command line interface. For more command information, see "Using FlexAddress" on page 169. Chassis-Level Fabric and Slot FlexAddress Configuration At the chassis level, you can enable or disable the FlexAddress feature for fabrics and slots. FlexAddress is enabled on a per-fabric basis and then slots will be selected for participation in the feature. Both fabrics and slots must be enabled to successfully configure FlexAddress. Perform the following steps to enable or disable fabrics and slots to use the FlexAddress feature: 1 Log on to the Web interface (see "Accessing the CMC Web Interface" on page 93). 2 Click Servers in the system tree. 3 Click the Setup tab. The General Setup page appears. Click Deploy FlexAddress. The Deploy FlexAddress page is displayed. Using the CMC Web Interface 163 4 The Select Fabrics for Chassis-Assigned WWN/MACs displays a check box for Fabric A, Fabric B, and Fabric C. 5 Click the check box for each fabric you want to enable FlexAddress on. To disable a fabric, click the check box to clear the selection. NOTE: If no fabrics are selected, FlexAddress will not be enabled for the selected slots. The Select Slots for Chassis-Assigned WWN/MACs page displays an Enabled check box for each slot in the chassis (1 - 16). 6 Click the Enabled check box for each slot you want to enable FlexAddress on. If you want to select all slots, use the Select/Deselect All check box. To disable a slot, click the Enabled check box to clear the selection. NOTE: If a blade is present in the slot, it needs to be powered off before the FlexAddress feature can be enabled on that slot. NOTE: If no slots are selected, FlexAddress will not be enabled for the selected fabrics. 7 Click Apply to save the changes. 8 For additional information, click the Help link and review "Using FlexAddress" on page 169. Server-Level Slot FlexAddress Configuration At the server level, you can enable or disable the FlexAddress feature for individual slots. Use the following steps to enable or disable an individual slot to use the FlexAddress feature: 1 Log in to the Web interface (see "Accessing the CMC Web Interface" on page 93). 2 Expand Servers in the system tree. All of the servers (1–16) appear in the expanded Servers list. 3 Click the server you want to view. The Server Status page displays. 4 Click the Setup tab, and the FlexAddress sub-tab. The FlexAddress Status page is displayed. 5 Use the pull down menu for FlexAddress Enabled to make your selection; select Yes to enable FlexAddress or select No to disable FlexAddress. 164 Using the CMC Web Interface 6 Click Apply to save the changes. For additional information, click the Help link and review "Using FlexAddress" on page 169. Frequently Asked Questions Table 5-26 lists frequently asked questions and answers. Table 5-26. Managing and Recovering a Remote System: Frequently Asked Questions Question Answer When accessing the CMC Web interface, I get a security warning stating the host name of the SSL certificate does not match the host name of the CMC. The CMC includes a default CMC server certificate to ensure network security for the Web interface and remote RACADM features. When this certificate is used, the Web browser displays a security warning because the default certificate is issued to CMC default certificate which does not match the host name of the CMC (for example, the IP address). To address this security concern, upload a CMC server certificate issued to the IP address of the CMC. When generating the certificate signing request (CSR) to be used for issuing the certificate, ensure that the common name (CN) of the CSR matches the IP address of the CMC (for example, 192.168.0.120) or the registered DNS CMC name. To ensure that the CSR matches the registered DNS CMC name: 1 In the System tree, click Chassis. 2 Click the Network/Security tab, and then click Configuration. The Network Configuration page appears. 3 Select the Register CMC on DNS check box. 4 Enter the CMC name In the DNS CMC Name field. 5 Click Apply Changes. Using the CMC Web Interface 165 Table 5-26. Managing and Recovering a Remote System: Frequently Asked Questions (continued) Question Answer For more information about generating CSRs and issuing certificates, see "Securing CMC Communications Using SSL and Digital Certificates" on page 136. Why are the remote RACADM and Web-based services unavailable after a property change? It may take a minute for the remote RACADM services and the Web interface to become available after the CMC Web server resets. The CMC Web server is reset after the following occurrences: • When changing the network configuration or network security properties using the CMC Web user interface • When the cfgRacTuneHttpsPort property is changed (including when a config -f changes it) • When racresetcfg is used • When the CMC is reset • When a new SSL server certificate is uploaded Why doesn’t my DNS server register my CMC? Some DNS servers only register names of 31 characters or fewer. When accessing the CMC Web interface, I get a security warning stating the SSL certificate was issued by a certificate authority that is not trusted. CMC includes a default CMC server certificate to ensure network security for the Web interface and remote RACADM features. This certificate is not issued by a trusted certificate authority. To address this security concern, upload a CMC server certificate issued by a trusted certificate authority (such as Thawte or Verisign). For more information about issuing certificates, see "Securing CMC Communications Using SSL and Digital Certificates" on page 136. 166 Using the CMC Web Interface Table 5-26. Managing and Recovering a Remote System: Frequently Asked Questions (continued) Question Answer The following message is displayed for unknown reasons: As part of discovery, IT Assistant attempts to verify the device’s get and set community names. In IT Assistant, you have the get community name = public and the set community name = private. By default, the community name for the CMC agent is public. When IT Assistant sends out a set request, the CMC agent generates the SNMP authentication error because it will only accept requests from community = public. Remote Access: SNMP Authentication Failure Why does this happen? You can change the CMC community name using RACADM. To see the CMC community name, use the following command: racadm getconfig -g cfgOobSnmp To set the CMC community name, use the following command: racadm config -g cfgOobSnmp -o cfgOobSnmpAgentCommunity To prevent SNMP authentication traps from being generated, you must input community names that will be accepted by the agent. Since the CMC only allows one community name, you must input the same get and set community name for IT Assistant discovery setup. Troubleshooting the CMC The CMC Web interface provides tools for identifying, diagnosing, and fixing problems with your chassis. For more information about troubleshooting, see "Troubleshooting and Recovery" on page 285. Using the CMC Web Interface 167 168 Using the CMC Web Interface Using FlexAddress The FlexAddress feature is an optional upgrade introduced in CMC 1.1 that allows server modules to replace the factory assigned World Wide Name and Media Access Control (WWN/MAC) network IDs with WWN/MAC IDs provided by the chassis. Every server module is assigned unique WWN and MAC IDs as part of the manufacturing process. Before FlexAddress, if you had to replace one server module with another, the WWN/MAC IDs would change and Ethernet network management tools and SAN resources would need to be reconfigured to be aware of the new server module. FlexAddress allows the CMC to assign WWN/MAC IDs to a particular slot and override the factory IDs. If the server module is replaced, the slot-based WWN/MAC IDs remain the same. This feature eliminates the need to reconfigure Ethernet network management tools and SAN resources for a new server module. Additionally, the override action only occurs when a server module is inserted in a FlexAddress enabled chassis; no permanent changes are made to the server module. If a server module is moved to a chassis that does not support FlexAddress, the factory assigned WWN/MAC IDs will be used. Prior to installing FlexAddress, you can determine the range of MAC addresses contained on a FlexAddress feature card by inserting the SD card into an USB Memory Card Reader and viewing the file pwwn_mac.xml. This clear text XML file on the SD card will contain an XML tag mac_start that is the first starting hex MAC address that will be used for this unique MAC address range. The mac_count tag is the total number of MAC addresses that the SD card allocates. The total MAC range allocated can be determined by: + 0xCF (208 - 1) = mac_end For example:(starting_mac)00188BFFDCFA + 0xCF = (ending_mac)00188BFFDDC9 NOTE: You should lock the SD card prior to inserting in the USB "Memory Card Reader" to prevent accidently modifying any of the contents. You MUST UNLOCK the SD card before inserting into the CMC. Using FlexAddress 169 Activating FlexAddress FlexAddress is delivered on a Secure Digital (SD) card that must be inserted into the CMC to provide the chassis-assigned WWN/MAC IDs. To activate the FlexAddress feature, perform several required updates; if you are not activating FlexAddress these updates are not required. The updates, which are listed in the table below, include server module BIOS, I/O mezzanine BIOS or firmware, and CMC firmware. You must apply these updates before you enable FlexAddress. If these updates are not applied, the FlexAddress feature may not function as expected. Component Minimum required version Ethernet mezzanine card - Broadcom M5708t Boot code firmware 4.4.1 or later iSCSI boot firmware 2.7.11 or later PXE firmware 4.4.3 or later FC mezzanine card - QLogic QME2472 BIOS 2.04 or later FC mezzanine card - Emulex LPe1105M4 BIOS 3.03a3 and firmware 2.72A2 or later Server Module BIOS (PowerEdge™ M600) BIOS 2.02 or later (PowerEdge M605) BIOS 2.03 or later PowerEdgeM600/M605 LAN on motherboard (LOM) Boot code firmware 4.4.1 or later iDRAC Version 1.11 or later CMC Version 1.10 or later iSCSI boot firmware 2.7.11 or later To ensure proper deployment of the FlexAddress feature, update the BIOS and the firmware in the following order: 1 Update all mezzanine card firmware and BIOS. 2 Update server module BIOS. 3 Update iDRAC firmware on the server module. 4 Update all CMC firmware in the chassis; if redundant CMCs are present, ensure both are updated. 5 Insert the SD card into the passive module for a redundant CMC module system or into the single CMC module for a non-redundant system. 170 Using FlexAddress NOTE: If the CMC firmware that supports FlexAddress (version 1.10 or later) is not installed, the feature will not be activated. See the Chassis Management Controller (CMC) Secure Digital (SD) Card Technical Specification document for SD card installation instructions. NOTE: The SD card contains a FlexAddress feature. Data contained on the SD card is encrypted and may not be duplicated or altered in any way as it may inhibit system function and cause the system to malfunction. NOTE: Your use of the SD card is limited to one chassis only. If you have multiple chassis, you must purchase additional SD cards. Activation of the FlexAddress feature is automatic on restart of the CMC with the SD feature card installed; this activation will cause the feature to bind to the current chassis. If you have the SD card installed on the redundant CMC system, activation of the FlexAddress feature will not occur until the redundant CMC is made active. See the Chassis Management Controller (CMC) Secure Digital (SD) Card Technical Specification document for information on how to make a redundant CMC active. When the CMC restarts, verify the activation process by using the steps in the next section, "Verifying FlexAddress Activation." Verifying FlexAddress Activation To ensure proper activation of FlexAddress, RACADM commands can be used to verify the SD feature card and FlexAddress activation. Use the following RACADM command to verify the SD feature card and its status: racadm featurecard -s Using FlexAddress 171 The following table lists the status messages returned by the command. Table 6-1. Status Messages Returned by featurecard -s Command Status Message Actions No feature card inserted. Check the CMC to verify that the SD card was properly inserted. In a redundant CMC configuration, make sure the CMC with the SD feature card installed is the active CMC and not the standby CMC. The feature card inserted is valid and No action required. contains the following feature(s) FlexAddress: The feature card is bound to this chassis. The feature card inserted is valid and Remove the SD card; locate and install the SD contains the following feature(s) card for the current chassis. FlexAddress: The feature card is bound to another chassis, svctag = ABC1234, SD card SN = 01122334455 The feature card inserted is valid and contains the following feature(s) FlexAddress: The feature card is not bound to any chassis. The feature card can be moved to another chassis or can be reactivated on the current chassis.To reactivate on the current chassis, enter racadm racreset until the CMC module with the feature card installed becomes active. Use the following RACADM command to display all activated features on the chassis: racadm feature -s The command will return the following status message: Feature = FlexAddress Date Activated = 8 April 2008 - 10:39:40 Feature installed from SD-card SN = 01122334455 172 Using FlexAddress If there are no active features on the chassis, the command will return a message: racadm feature -s No features active on the chassis. After you have run both commands, the FlexAddress feature activation is verified. For further information on the RACADM commands, see "feature" on page 326 and "featurecard" on page 327. Deactivating FlexAddress The FlexAddress feature can be deactivated and the SD card returned to a pre-installation state using a RACADM command. There is no deactivation function within the Web interface. Deactivation will return the SD card to its original state where it can be installed and activated on a different chassis. NOTICE: The SD card must be physically installed in the CMC, and the chassis must be powered-down before executing the deactivation command or there could be data loss. If you execute the deactivation command with no card installed, or with a card from a different chassis installed, the feature will be deactivated and no change will be made to the card. Deactivating FlexAddress Use the following RACADM command to deactivate the FlexAddress feature and restore the SD card: racadm feature -d -c flexaddress The command will return the following status message upon successful deactivation: feature FlexAddress is deactivated on the chassis successfully. If the chassis is not powered-down prior to execution, the command will fail with the following error message: ERROR: Unable to deactivate the feature because the chassis is powered ON For further information on the command, see "feature" on page 326. Using FlexAddress 173 Viewing FlexAddress Status Using the CLI You can use the command line interface to view FlexAddress status information. You can view status information for the entire chassis or for a particular slot. The information displayed includes: • Fabric configuration • FlexAddress enabled/disabled • Slot number and name • Chassis-assigned and server-assigned addresses • Addresses in use Use the following RACADM command to display FlexAddress status for the entire chassis: racadm getflexaddr To display FlexAddress status for a particular slot: racadm getflexaddr [-i ] = 1 to 16 Refer to "Configuring FlexAddress" for additional details on FlexAddress configuration. For additional information on the command, see "getflexaddr" on page 337. Configuring FlexAddress Using the CLI You can use the command line interface to enable or disable FlexAddress on a per fabric basis. Additionally, you can enable/disable the feature on a per slot basis. After you enable the feature on a per-fabric basis, you can then select slots to be enabled. For example, if Fabric-A is enabled, any slots that are enabled will have FlexAddress enabled only on Fabric-A. All other fabrics will use the factory-assigned WWN/MAC on the server. Enabled slots will be FlexAddress enabled for all fabrics that are enabled. For example, it is not possible to enable Fabric-A and B, and have Slot 1 be FlexAddress enabled on Fabric-A but not on Fabric-B. Use the following RACADM command to enable or disable fabrics: racadm setflexaddr [-f ] 174 Using FlexAddress = = A, B, C 0 or 1 Where 0 is disable and 1 is enable. Use the following RACADM command to enable or disable slots: racadm setflexaddr [-i ] = 1 to 16 = 0 or 1 Where 0 is disable and 1 is enable. For additional information on the command, see "setflexaddr" on page 370. Additional FlexAddress Configuration for Linux When changing from a server-assigned MAC ID to chassis-assigned MAC ID on Linux-based operating systems, additional configuration steps may be required: • SLES 9 and SLES 10: Users may need to run YAST (Yet another Setup Tool) on their Linux system to configure their network devices and then restart the network services. • Red Hat® Enterprise Linux® 4(RHEL) and RHEL 5: Users will need to run Kudzu, a utility to detect and configure new/changed hardware on the system. Kudzu will present the user with The Hardware Discovery Menu, it will detect the MAC address change as hardware was removed and new hardware added. Wake-On-LAN with FlexAddress When the FlexAddress feature is deployed for the first time on a given server module, it requires a power-down and power-up sequence for FlexAddress to take effect. FlexAddress on Ethernet devices is programmed by the server module BIOS. For the server module BIOS to program the address, it needs to be operational which requires the server module to be powered up. When the power-down and power-up sequences complete, the chassis-assigned MAC IDs are available for Wake-On-LAN (WOL) function. Using FlexAddress 175 Troubleshooting FlexAddress This section contains troubleshooting information for FlexAddress. 1 If a feature card is removed, what will happen? Nothing will happen. Feature cards can be removed and stored or may be left in place. 2 If a feature card that was used in one chassis is removed and put into another chassis, what will happen? The Web interface will display an error that states: This feature card was activated with a different chassis. It must be removed before accessing the FlexAddress feature. Current Chassis Service Tag = XXXXXXXX Feature Card Chassis Service Tag = YYYYYYYY An entry will be added to the CMC log that states: cmc : feature 'FlexAddress@XXXXXXX' not activated; chassis ID= 'YYYYYYY' 3 What happens if the feature card is removed and a non-FlexAddress card is installed? No activation or modifications to the card should occur. The card will be ignored by CMC. In this situation, the $racadm featurecard -s will return a message of: No feature card inserted ERROR: can't open file 4 If the chassis service tag is reprogrammed, what happens if there is a feature card bound to that chassis? The Web interface will display an error that states: This feature card was activated with a different chassis. It must be removed before accessing the FlexAddress feature. 176 Using FlexAddress Current Chassis Service Tag = XXXXXXXX Feature Card Chassis Service Tag = YYYYYYYY Dell Service will need to program the original chassis service tag back into the chassis and reset the CMC. 5 What if I have two feature cards installed in my redundant CMC system? Will I get an error? The feature card in the active CMC will be active and installed in the chassis. The second card will be ignored by CMC. 6 Does the SD card have a write protection lock on it? Yes it does. Before installing the SD card into the CMC module, verify the write protection latch is in the unlock position. The FlexAddress feature cannot be activated if the SD card is write protected. In this situation, the $racadm feature -s command will return this message: No features active on the chassis. ERROR: read only file system 7 What will happen if there isn’t an SD card in the active CMC module? The $racadm featurecard -s command will return this message: No feature card inserted. 8 What will happen to my FlexAddress feature if the server BIOS is updated from version 1.xx to version 2.xx? The server module will need to be powered down before it can be used with FlexAddress. After the server BIOS update is complete, the server module will not get chassis-assigned addresses until the server has been power cycled. 9 What will happen if a chassis with a single CMC is downgraded with firmware prior to 1.10? The FlexAddress feature and configuration will be removed. After the CMC firmware is upgraded to 1.10 or later, the FlexAddress feature will need to be reactivated and configured by the user. Using FlexAddress 177 10 In a chassis with redundant CMCs, if you are replacing a CMC unit with one that has firmware prior to 1.10, the following procedure must be used to ensure the current FlexAddress feature and configuration will NOT be removed. a Ensure the active CMC firmware is always version 1.10 or later. b Remove the standby CMC and insert the new CMC in its place. c From the Active CMC, upgrade the standby CMC firmware to 1.10 later. NOTE: If a user does not update the standby CMC firmware to 1.10 or later and a failover occurs, the FlexAddress feature will not be configured and the user will need to reactivate the feature. 11 I have the SD card properly installed and all the firmware/software updates installed. I see that FlexAddress is active, but I can’t see anything on the server deployment screen to deploy it? What is wrong? This is a browser caching issue; shut down the browser and relaunch. Command messages - the following table lists the RACADM commands and output for common FlexAddress situations. Table 6-2. FlexAddress Commands and Output Situation Command SD card in the active $racadm featurecard -s CMC module is bound to another service tag. Output The feature card inserted is valid and contains the following feature(s) FlexAddress: The feature card is bound to another chassis, svctag = J310TF1 SD card SN =0188BFFE03A 178 Using FlexAddress Table 6-2. FlexAddress Commands and Output (continued) Situation Command SD card in the active $racadm featurecard -s CMC module that is bound to the same service tag. Output The feature card inserted is valid and contains the following feature(s) FlexAddress: The feature card is bound to this chassis SD card in the active $racadm featurecard -s CMC module that is not bound to any service tag. The feature card inserted is valid and contains the following feature(s) FlexAddress: The feature card is not bound to any chassis FlexAddress feature not active on the chassis for any reason (No SD card inserted/ corrupt SD card/ after feature deactivated /SD card bound to a different chassis) $racadm setflexaddr [-f ERROR: Flexaddress feature is not ] OR active on the $racadm setflexaddr [-i chassis ] Guest user attempts $racadm setflexaddr [-f ERROR: Insufficient to set FlexAddress user privileges to on slots/fabrics ] perform operation $racadm setflexaddr [-i ] Using FlexAddress 179 Table 6-2. FlexAddress Commands and Output (continued) Situation Command Output Deactivating $racadm feature -d FlexAddress feature -c flexaddress with chassis powered ON ERROR: Unable to deactivate the feature because the chassis is powered ON Guest user tries to deactivate the feature on the chassis ERROR: Insufficient user privileges to perform operation $racadm feature -d -c flexaddress Changing the $racadm setflexaddr -i slot/fabric 1 1 FlexAddress settings while the server modules are powered ON ERROR: Unable to perform the set operation because it affects a powered ON server FlexAddress DELL SOFTWARE LICENSE AGREEMENT This is a legal agreement between you, the user, and Dell Products L.P. or Dell Global B.V. ("Dell"). This agreement covers all software that is distributed with the Dell product, for which there is no separate license agreement between you and the manufacturer or owner of the software (collectively the "Software"). This agreement is not for the sale of Software or any other intellectual property. All title and intellectual property rights in and to Software is owned by the manufacturer or owner of the Software. All rights not expressly granted under this agreement are reserved by the manufacturer or owner of the Software. By opening or breaking the seal on the Software packet(s), installing or downloading the Software, or using the Software that has been preloaded or is embedded in your product, you agree to be bound by the terms of this agreement. If you do not agree to these terms, promptly return all Software items (disks, written materials, and packaging) and delete any preloaded or embedded Software. 180 Using FlexAddress You may use one copy of the Software on only one computer at a time. If you have multiple licenses for the Software, you may use as many copies at any time as you have licenses. "Use" means loading the Software in temporary memory or permanent storage on the computer. Installation on a network server solely for distribution to other computers is not "use" if (but only if) you have a separate license for each computer to which the Software is distributed. You must ensure that the number of persons using the Software installed on a network server does not exceed the number of licenses that you have. If the number of users of Software installed on a network server will exceed the number of licenses, you must purchase additional licenses until the number of licenses equals the number of users before allowing additional users to use the Software. If you are a commercial customer of Dell or a Dell affiliate, you hereby grant Dell, or an agent selected by Dell, the right to perform an audit of your use of the Software during normal business hours, you agree to cooperate with Dell in such audit, and you agree to provide Dell with all records reasonably related to your use of the Software. The audit will be limited to verification of your compliance with the terms of this agreement. The Software is protected by United States copyright laws and international treaties. You may make one copy of the Software solely for backup or archival purposes or transfer it to a single hard disk provided you keep the original solely for backup or archival purposes. You may not rent or lease the Software or copy the written materials accompanying the Software, but you may transfer the Software and all accompanying materials on a permanent basis as part of a sale or transfer of the Dell product if you retain no copies and the recipient agrees to the terms hereof. Any transfer must include the most recent update and all prior versions. You may not reverse engineer, decompile or disassemble the Software. If the package accompanying your computer contains compact discs, 3.5" and/or 5.25" disks, you may use only the disks appropriate for your computer. You may not use the disks on another computer or network, or loan, rent, lease, or transfer them to another user except as permitted by this agreement. LIMITED WARRANTY Dell warrants that the Software disks will be free from defects in materials and workmanship under normal use for ninety (90) days from the date you receive them. This warranty is limited to you and is not transferable. Any implied warranties are limited to ninety (90) days from the date you receive the Software. Some jurisdictions do not allow limits on the duration of an Using FlexAddress 181 implied warranty, so this limitation may not apply to you. The entire liability of Dell and its suppliers, and your exclusive remedy, shall be (a) return of the price paid for the Software or (b) replacement of any disk not meeting this warranty that is sent with a return authorization number to Dell, at your cost and risk. This limited warranty is void if any disk damage has resulted from accident, abuse, misapplication, or service or modification by someone other than Dell. Any replacement disk is warranted for the remaining original warranty period or thirty (30) days, whichever is longer. Dell does NOT warrant that the functions of the Software will meet your requirements or that operation of the Software will be uninterrupted or error free. You assume responsibility for selecting the Software to achieve your intended results and for the use and results obtained from the Software. DELL, ON BEHALF OF ITSELF AND ITS SUPPLIERS, DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, FOR THE SOFTWARE AND ALL ACCOMPANYING WRITTEN MATERIALS. This limited warranty gives you specific legal rights; you may have others, which vary from jurisdiction to jurisdiction. IN NO EVENT SHALL DELL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, OR OTHER PECUNIARY LOSS) ARISING OUT OF USE OR INABILITY TO USE THE SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Because some jurisdictions do not allow an exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. OPEN SOURCE SOFTWARE A portion of this CD may contain open source software, which you can use under the terms and conditions of the specific license under which the open source software is distributed. THIS OPEN SOURCE SOFTWARE IS DISTRIBUTED IN THE HOPE THAT IT WILL BE USEFUL, BUT IS PROVIDED "AS IS" WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY; INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL DELL, 182 Using FlexAddress THE COPYRIGHT HOLDERS, OR THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTUTUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILTIY, WHETHER IN CONTRACT, STRICT LIABITLY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILTIY OF SUCH DAMAGE. .U.S. GOVERNMENT RESTRICTED RIGHTS The software and documentation are "commercial items" as that term is defined at 48 C.F.R. 2.101, consisting of "commercial computer software" and "commercial computer software documentation" as such terms are used in 48 C.F.R. 12.212. Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4, all U.S. Government end users acquire the software and documentation with only those rights set forth herein. Contractor/manufacturer is Dell Products, L.P., One Dell Way, Round Rock, Texas 78682. GENERAL This license is effective until terminated. It will terminate upon the conditions set forth above or if you fail to comply with any of its terms. Upon termination, you agree that the Software and accompanying materials, and all copies thereof, will be destroyed. This agreement is governed by the laws of the State of Texas. Each provision of this agreement is severable. If a provision is found to be unenforceable, this finding does not affect the enforceability of the remaining provisions, terms, or conditions of this agreement. This agreement is binding on successors and assigns. Dell agrees and you agree to waive, to the maximum extent permitted by law, any right to a jury trial with respect to the Software or this agreement. Because this waiver may not be effective in some jurisdictions, this waiver may not apply to you. You acknowledge that you have read this agreement, that you understand it, that you agree to be bound by its terms, and that this is the complete and exclusive statement of the agreement between you and Dell regarding the Software. Using FlexAddress 183 184 Using FlexAddress Using the CMC With Microsoft Active Directory A directory service maintains a common database of all information needed for controlling network users, computers, printers, and so on. If your company uses the Microsoft® Active Directory® service software, you can configure the software to provide access to the CMC. This allows you to add and control CMC user privileges to your existing users in your Active Directory software. NOTE: Using Active Directory to recognize CMC users is supported on the Microsoft Windows® 2000 and Windows Server® 2003 operating systems. Active Directory Schema Extensions You can use Active Directory to define user access on CMC through two methods: • The extended schema solution, which uses Active Directory objects defined by Dell. • The standard schema solution, which uses Active Directory group objects only. Extended Schema Versus Standard Schema When using Active Directory to configure access to the CMC, you must choose either the extended schema or the standard schema solution. With the extended schema solution: • All of the access control objects are maintained in Active Directory. • Configuring user access on different CMCs with different privilege levels allows maximum flexibility. With the standard schema solution: • No schema extension is required, because standard schema use Active Directory objects only. • Configuration on the Active Directory side is simple. Using the CMC With Microsoft Active Directory 185 Extended Schema Overview There are two ways to enable Extended Schema Active Directory: • Using the CMC Web interface. For instructions, see "Configuring the CMC With Extended Schema Active Directory and the Web Interface" on page 201. • Using the RACADM CLI tool. For instructions, see "Configuring the CMC With Extended Schema Active Directory and RACADM" on page 203. Active Directory Schema Extensions The Active Directory data is a distributed database of Attributes and Classes. The Active Directory schema includes the rules that determine the type of data that can be added or included in the database. One example of a Class that is stored in the database is the user class. User class attributes can include the user’s first name, last name, phone number, and so on. You can extend the Active Directory database by adding your own unique Attributes and Classes to address your company’s environment-specific needs. Dell has extended the schema to include the necessary changes to support remote management Authentication and Authorization. Each Attribute or Class that is added to an existing Active Directory Schema must be defined with a unique ID. To maintain unique IDs across the industry, Microsoft maintains a database of Active Directory Object Identifiers (OIDs). To extend the schema in Microsoft's Active Directory, Dell established unique OIDs, unique name extensions, and uniquely linked attribute IDs for Dell-specific Attributes and Classes: Dell extension: dell Dell base OID: 1.2.840.113556.1.8000.1280 RAC LinkID range: 12070–2079 Overview of the RAC Schema Extensions Dell provides a group of properties that you can configure. The Dell extended schema include Association, Device, and Privilege properties. 186 Using the CMC With Microsoft Active Directory The Association property links together users or groups with a specific set of privileges to one or more RAC devices. This model provides an Administrator maximum flexibility over the different combinations of users, RAC privileges, and RAC devices on the network without adding too much complexity. Active Directory Object Overview When there are two CMCs on the network that you want to integrate with Active Directory for Authentication and Authorization, you must create at least one Association Object and one RAC Device Object for each CMC. You can create multiple Association Objects, and each Association Object can be linked to as many users, groups of users, or RAC Device Objects as required. The users and RAC Device Objects can be members of any domain in the enterprise. However, each Association Object can be linked (or, may link users, groups of users, or RAC Device Objects) to only one Privilege Object. This example allows an Administrator to control each user’s privileges on specific CMCs. The RAC Device object is the link to the RAC firmware for querying Active Directory for authentication and authorization. When a RAC is added to the network, the Administrator must configure the RAC and its device object with its Active Directory name so users can perform authentication and authorization with Active Directory. Additionally, the Administrator must add the RAC to at least one Association Object in order for users to authenticate. Figure 7-1 illustrates that the Association Object provides the connection that is needed for all of the Authentication and Authorization. NOTE: The RAC privilege object applies to DRAC 4, DRAC 5, and the CMC. You can create as many or as few Association Objects as required. However, you must create at least one Association Object, and you must have one RAC Device Object for each RAC (CMC) on the network that you want to integrate with Active Directory. Using the CMC With Microsoft Active Directory 187 Figure 7-1. Typical Setup for Active Directory Objects Association Object User(s) Group(s) Privilege Object RAC Device Object(s) RAC Privilege Object The Association Object allows for as many or as few users and/or groups as well as RAC Device Objects. However, the Association Object only includes one Privilege Object per Association Object. The Association Object connects the "Users" who have "Privileges" on the RACs (CMCs). Additionally, you can configure Active Directory objects in a single domain or in multiple domains. For example, you have two CMCs (RAC1 and RAC2) and three existing Active Directory users (user1, user2, and user3). You want to give user1 and user2 an administrator privilege to both CMCs and give user3 a login privilege to the RAC2 card. Figure 7-2 illustrates how you set up the Active Directory objects in this scenario. When adding Universal Groups from separate domains, create an Association Object with Universal Scope. The Default Association objects created by the Dell Schema Extender Utility are Domain Local Groups and will not work with Universal Groups from other domains. 188 Using the CMC With Microsoft Active Directory Figure 7-2. Setting Up Active Directory Objects in a Single Domain AO1 Group1 User1 User2 AO2 Priv1 User3 Priv2 RAC1 RAC2 To configure the objects for the single domain scenario: 1 Create two Association Objects. 2 Create two RAC Device Objects, RAC1 and RAC2, to represent the two CMCs. 3 Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (administrator) and Priv2 has login privilege. 4 Group user1 and user2 into Group1. 5 Add Group1 as Members in Association Object 1 (A01), Priv1 as Privilege Objects in A01, and RAC1, RAC2 as RAC Devices in A01. 6 Add User3 as Members in Association Object 2 (A02), Priv2 as Privilege Objects in A02, and RAC2 as RAC Devices in A02. For detailed instruction, see "Adding CMC Users and Privileges to Active Directory" on page 198. Figure 7-3 provides an example of Active Directory objects in multiple domains. In this scenario, you have two CMCs (RAC1 and RAC2) and three existing Active Directory users (user1, user2, and user3). User1 is in Using the CMC With Microsoft Active Directory 189 Domain1, and user2 and user 3 are in Domain2. In this scenario, configure user1 and user 2 with administrator privileges to both CMCs and configure user3 with login privileges to the RAC2 card. Figure 7-3. Setting Up Active Directory Objects in Multiple Domains Domain1 Domain2 AO1 Group1 User1 User2 AO2 Priv1 User3 Priv2 RAC1 RAC2 To configure the objects for the multiple domain scenario: 1 Ensure that the domain forest function is in Native or Windows 2003 mode. 2 Create two Association Objects, A01 (of Universal scope) and A02, in any domain. Figure 7-3 shows the objects in Domain2. 3 Create two RAC Device Objects, RAC1 and RAC2, to represent the two CMCs. 4 Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (administrator) and Priv2 has login privilege. 5 Group user1 and user2 into Group1. The group scope of Group1 must be Universal. 190 Using the CMC With Microsoft Active Directory 6 Add Group1 as Members in Association Object 1 (A01), Priv1 as Privilege Objects in A01, and RAC1, RAC2 as RAC Devices in A01. 7 Add User3 as Members in Association Object 2 (A02), Priv2 as Privilege Objects in A02, and RAC2 as RAC Devices in A02. Configuring Extended Schema Active Directory to Access Your CMC Before using Active Directory to access your CMC, configure the Active Directory software and the CMC: 1 Extend the Active Directory schema (see "Extending the Active Directory Schema" on page 191). 2 Extend the Active Directory Users and Computers Snap-In (see "Installing the Dell Extension to the Active Directory Users and Computers Snap-In" on page 197). 3 Add CMC users and their privileges to Active Directory (see "Adding CMC Users and Privileges to Active Directory" on page 198). 4 Enable SSL on each of your domain controllers. 5 Configure the CMC Active Directory properties using either the CMC Web interface or the RACADM (see "Configuring the CMC With Extended Schema Active Directory and the Web Interface" on page 201 or "Configuring the CMC With Extended Schema Active Directory and RACADM" on page 203). Extending the Active Directory Schema Extending your Active Directory schema adds a Dell organizational unit, schema classes and attributes, and example privileges and association objects to the Active Directory schema. Before you extend the schema, ensure that you have Schema Admin privilege on the Schema Master Flexible Single Master Operation (FSMO) Role Owner of the domain forest. You can extend your schema using one of the following methods: • Dell Schema Extender utility • LDIF script file If you use the LDIF script file, the Dell organizational unit will not be added to the schema. Using the CMC With Microsoft Active Directory 191 The LDIF files and Dell Schema Extender are located on your Dell Systems Management Tools and Documentation DVD in the following respective directories: • :\SYSMGMT\ManagementStation\support\ OMActiveDirectory_Tools\ \LDIF Files • :\SYSMGMT\ManagementStation\support\ OMActiveDirectory_ Tools\ \Schema Extender To use the LDIF files, see the instructions in the readme included in the LDIF_Files directory. For instructions on using the Dell Schema Extender to extend the Active Directory Schema, see "Using the Dell Schema Extender." You can copy and run the Schema Extender or LDIF files from any location. Using the Dell Schema Extender NOTICE: The Dell Schema Extender uses the SchemaExtenderOem.ini file. To ensure that the Dell Schema Extender utility functions properly, do not modify the name of this file. 1 In the Welcome screen, click Next. 2 Read and understand the warning and click Next. 3 Select Use Current Log In Credentials or enter a user name and password with schema administrator rights. 4 Click Next to run the Dell Schema Extender. 5 Click Finish. The schema is extended. To verify the schema extension, use the Microsoft Management Console (MMC) and the Active Directory Schema Snap-In to verify that the following exist: • Classes — see Table 7-1 through Table 7-6 • Attributes — see Table 7-7 See your Microsoft documentation for more information on how to enable and use the Active Directory Schema Snap-In the MMC. 192 Using the CMC With Microsoft Active Directory Table 7-1. Class Definitions for Classes Added to the Active Directory Schema Class Name Assigned Object Identification Number (OID) dellRacDevice 1.2.840.113556.1.8000.1280.1.1.1.1 dellAssociationObject 1.2.840.113556.1.8000.1280.1.1.1.2 dellRACPrivileges 1.2.840.113556.1.8000.1280.1.1.1.3 dellPrivileges 1.2.840.113556.1.8000.1280.1.1.1.4 dellProduct 1.2.840.113556.1.8000.1280.1.1.1.5 Table 7-2. dellRacDevice Class OID 1.2.840.113556.1.8000.1280.1.1.1.1 Description Represents the Dell RAC device. The RAC device must be configured as dellRacDevice in Active Directory. This configuration enables the CMC to send Lightweight Directory Access Protocol (LDAP) queries to Active Directory. Class Type Structural Class SuperClasses dellProduct Attributes dellSchemaVersion dellRacType Table 7-3. dellAssociationObject Class OID 1.2.840.113556.1.8000.1280.1.1.1.2 Description Represents the Dell Association Object. The Association Object provides the connection between the users and the devices. Class Type Structural Class SuperClasses Group Attributes dellProductMembers dellPrivilegeMember Using the CMC With Microsoft Active Directory 193 Table 7-4. dellRAC4Privileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.3 Description Defines Authorization Rights (privileges) for the CMC device. Class Type Auxiliary Class SuperClasses None Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsTestAlertUser dellIsDebugCommandAdmin dellPermissionMask1 dellPermissionMask2 Table 7-5. dellPrivileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.4 Description Container Class for the Dell Privileges (Authorization Rights). Class Type Structural Class SuperClasses User Attributes dellRAC4Privileges Table 7-6. dellProduct Class OID 1.2.840.113556.1.8000.1280.1.1.1.5 Description The main class from which all Dell products are derived. Class Type Structural Class SuperClasses Computer Attributes dellAssociationMembers 194 Using the CMC With Microsoft Active Directory Table 7-7. List of Attributes Added to the Active Directory Schema Assigned OID/Syntax Object Identifier Single Valued Attribute: dellPrivilegeMember Description: List of dellPrivilege objects that belong to this attribute. OID: 1.2.840.113556.1.8000.1280.1.1.2.1 FALSE Distinguished Name: (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) Attribute: dellProductMembers Description: List of dellRacDevices objects that belong to this role. This attribute is the forward link to the dellAssociationMembers backward link. Link ID: 12070 OID: 1.2.840.113556.1.8000.1280.1.1.2.2 FALSE Distinguished Name: (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) Attribute: dellIsCardConfigAdmin Description: TRUE if the user has Card Configuration rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.4 TRUE Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Attribute: dellIsLoginUser Description: TRUE if the user has Login rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.3 TRUE Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Attribute: dellIsCardConfigAdmin Description: TRUE if the user has Card Configuration rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.4 TRUE Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Using the CMC With Microsoft Active Directory 195 Table 7-7. List of Attributes Added to the Active Directory Schema (continued) Assigned OID/Syntax Object Identifier Single Valued Attribute: dellIsUserConfigAdmin Description: TRUE if the user has User Configuration Administrator rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.5 TRUE Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Attribute: delIsLogClearAdmin Description: TRUE if the user has Clear Logs Administrator rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.6 TRUE Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Attribute: dellIsServerResetUser Description: TRUE if the user has Server Reset rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.7 TRUE Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Attribute: dellIsTestAlertUser Description: TRUE if the user has Test Alert User rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.10 TRUE Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Attribute: dellIsDebugCommandAdmin Description: TRUE if the user has Debug Command Admin rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.11 TRUE Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Attribute: dellSchemaVersion Description: The Current Schema Version is used to update the schema. OID: 1.2.840.113556.1.8000.1280.1.1.2.12 Case Ignore String(LDAPTYPE_CASEIGNORESTRING 1.2.840.113556.1.4.905) 196 Using the CMC With Microsoft Active Directory TRUE Table 7-7. List of Attributes Added to the Active Directory Schema (continued) Assigned OID/Syntax Object Identifier Single Valued Attribute: dellRacType Description: This attribute is the Current Rac Type for the dellRacDevice object and the backward link to the dellAssociationObjectMembers forward link. OID: 1.2.840.113556.1.8000.1280.1.1.2.13 TRUE Case Ignore String(LDAPTYPE_CASEIGNORESTRING 1.2.840.113556.1.4.905) Attribute: dellAssociationMembers Description: List of dellAssociationObjectMembers that belong to this Product. This attribute is the backward link to the dellProductMembers Linked attribute. Link ID: 12071 OID: 1.2.840.113556.1.8000.1280.1.1.2.14 FALSE Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) Attribute: dellPermissionsMask1 OID: 1.2.840.113556.1.8000.1280.1.6.2.1 Integer (LDAPTYPE_INTEGER) Attribute: dellPermissionsMask2 OID: 1.2.840.113556.1.8000.1280.1.6.2.2 Integer (LDAPTYPE_INTEGER) Installing the Dell Extension to the Active Directory Users and Computers Snap-In When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers Snap-In so the administrator can manage RAC (CMC) devices, Users and User Groups, RAC Associations, and RAC Privileges. When you install your systems management software using the Dell Systems Management Tools and Documentation DVD, you can extend the Snap-In by selecting the Dell Extension to the Active Directory User’s and Computers Snap-In option during the installation procedure. See the Dell OpenManage Software Quick Installation Guide for additional instructions about installing systems management software. Using the CMC With Microsoft Active Directory 197 For more information about the Active Directory User’s and Computers Snap-In, see your Microsoft documentation. Installing the Administrator Pack You must install the Administrator Pack on each system that is managing the Active Directory CMC Objects. If you do not install the Administrator Pack, you cannot view the Dell RAC Object in the container. Opening the Active Directory Users and Computers Snap-In To open the Active Directory Users and Computers Snap-In: 1 If you are logged into the domain controller, click Start Admin Tools→ Active Directory Users and Computers. If you are not logged into the domain controller, you must have the appropriate Microsoft Administrator Pack installed on your local system. To install this Administrator Pack, click Start→ Run, type MMC, and press . The Microsoft Management Console (MMC) appears. 2 In the Console 1 window, click File (or Console on systems running Windows 2000). 3 Click Add/Remove Snap-in. 4 Select the Active Directory Users and Computers Snap-In and click Add. 5 Click Close and click OK. Adding CMC Users and Privileges to Active Directory Using the Dell-extended Active Directory Users and Computers Snap-In, you can add CMC users and privileges by creating RAC, Association, and Privilege objects. To add each object type, you will: 1 Create a RAC device Object. 2 Create a Privilege Object. 3 Create an Association Object. 4 Add objects to an Association Object. 198 Using the CMC With Microsoft Active Directory Creating a RAC Device Object 1 In the MMC Console Root window, right-click a container. 2 Select New→ Dell RAC Object. The New Object window appears. 3 Type a name for the new object. The name must be identical to the CMC Name that you will type in step 8a of "Configuring the CMC With Extended Schema Active Directory and the Web Interface" on page 201. 4 Select RAC Device Object. 5 Click OK. Creating a Privilege Object NOTE: A Privilege Object must be created in the same domain as the related Association Object. 1 In the Console Root (MMC) window, right-click a container. 2 Select New→ Dell RAC Object. The New Object window appears. 3 Type a name for the new object. 4 Select Privilege Object. 5 Click OK. 6 Right-click the privilege object that you created, and select Properties. 7 Click the RAC Privileges tab and select the privileges that you want the user to have. For more information about CMC user privileges, see "User Types" on page 121. Creating an Association Object The Association Object is derived from a Group and must contain a Group Type. The Association Scope specifies the Security Group Type for the Association Object. When you create an Association Object, choose the Association Scope that applies to the type of objects you intend to add. Using the CMC With Microsoft Active Directory 199 For example, if you select Universal, the association objects are only available when the Active Directory Domain is functioning in Native Mode or above. 1 In the Console Root (MMC) window, right-click a container. 2 Select New→ Dell RAC Object. This opens the New Object window. 3 Type a name for the new object. 4 Select Association Object. 5 Select the scope for the Association Object. 6 Click OK. Adding Objects to an Association Object Using the Association Object Properties window, you can associate users or user groups, privilege objects, and RAC devices or RAC device groups. If your system is running Windows 2000 mode or higher, use Universal Groups to span domains with your user or RAC objects. You can add groups of Users and RAC devices. The procedure for creating Dell-related groups and non-Dell-related groups is identical. Adding Users or User Groups 1 Right-click the Association Object and select Properties. 2 Select the Users tab and click Add. 3 Type the user or User Group name and click OK. Click the Privilege Object tab to add the privilege object to the association that defines the user’s or user group’s privileges when authenticating to a RAC device. Only one privilege object can be added to an Association Object. Adding Privileges 1 Select the Privileges Object tab and click Add. 2 Type the Privilege Object name and click OK. Click the Products tab to add one or more RAC devices to the association. The associated devices specify the RAC devices connected to the network that are available for the defined users or user groups. Multiple RAC devices can be added to an Association Object. 200 Using the CMC With Microsoft Active Directory Adding RAC Devices or RAC Device Groups To add RAC devices or RAC device groups: 1 Select the Products tab and click Add. 2 Type the RAC device or RAC device group name and click OK. 3 In the Properties window, click Apply and click OK. Configuring the CMC With Extended Schema Active Directory and the Web Interface 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Network/Security tab, and then click the Active Directory subtab. The Active Directory Main Menu page appears. 4 Select the Configure radio button, and then click Next. The Active Directory Configuration and Management page appears. 5 In the Common Settings section: a Select the Enable Active Directory check box so that it is checked. b Type the Root Domain Name. The Root Domain Name is the fully qualified root domain name for the forest. NOTE: The Root domain name must be a valid domain name using the x.y naming convention, where x is a 1–256 character ASCII string with no spaces between characters, and y is a valid domain type such as com, edu, gov, int, mil, net, or org. c Type the Timeout time in seconds. Configuration range: 15–300 seconds. Default: 90 seconds 6 Optional: If you want the directed call to search the domain controller and global catalog, select the Search AD Server to search (Optional) check box, then: a In the Domain Controller text field, type the server where your Active Directory service is installed. b In the Global Catalog text field, type the location of the global catalog on the Active Directory domain controller. The global catalog provides a resource for searching an Active Directory forest. Using the CMC With Microsoft Active Directory 201 7 Select the Use Extended Schema radio button in the Active Directory Schema Selection area. 8 In the Extended Schema Settings section: a Type the CMC Name. The CMC Name uniquely identifies the CMC card in Active Directory. The CMC Name must be the same as the common name of the new CMC object you created in your Domain Controller. The CMC Name must be a 1–256 character ASCII string with no spaces between characters. b Type the CMC Domain Name (example: cmc.com). The CMC Domain Name is the DNS name (string) of the domain where the Active Directory CMC object resides. The name must be a valid domain name consisting of x.y, where x is a 1–256 character ASCII string with no spaces between characters, and y is a valid domain type such as com, edu, gov, int, mil, net, or org. 9 Click Apply to save your settings. NOTE: You must apply your settings before continuing to the next step, in which you navigate to another page. If you do not apply the settings, you will lose the settings you entered when you navigate to the next page. 10 Click Go Back To Active Directory Main Menu. 11 Select the Upload AD Certificate radio button, and then click Next. The Certificate Upload page appears. 12 Type the file path of the certificate in the text field, or click Browse to select the certificate file. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension. The SSL certificates for the domain controller must be signed by the root certificate authority. The root certificate authority-signed certificate must be available on the management station accessing the CMC. 13 Click Apply. The CMC Web server automatically restarts after you click Apply. 14 Log back in to the CMC Web interface. 15 Select Chassis in the system tree, click the Network/Security tab, then click the Network sub-tab. The Network Configuration page appears. 202 Using the CMC With Microsoft Active Directory 16 If Use DHCP (for NIC IP Address) is enabled (checked), do one of the following: • Select Use DHCP to Obtain DNS Server Addresses to enable the DNS server addresses to be obtained automatically by the DHCP server., or • Manually configure a DNS server IP address by leaving the Use DHCP to Obtain DNS Server Addresses check box unchecked and then typing your primary and alternate DNS server IP addresses in the fields provided. 17 Click Apply Changes. The CMC Extended Schema Active Directory feature configuration is complete. Configuring the CMC With Extended Schema Active Directory and RACADM Using the following commands to configure the CMC Active Directory Feature with Extended Schema using the RACADM CLI tool instead of the Web interface. 1 Open a Telnet/SSH text console to the CMC, log in, and type: racadm config -g cfgActiveDirectory -o cfgADEnable 1 racadm config -g cfgActiveDirectory -o cfgADType 1 racadm config -g cfgActiveDirectory -o cfgADRacDomain racadm config -g cfgActiveDirectory -o cfgADRootDomain racadm config -g cfgActiveDirectory -o cfgADRacName racadm sslcertupload -t 0x2 -f -r racadm sslcertdownload -t 0x1 -f Using the CMC With Microsoft Active Directory 203 Optional: If you want to specify an LDAP or Global Catalog server instead of using the servers returned by the DNS server to search for a user name, type the following command to enable the Specify Server option: racadm config -g cfgActiveDirectory -o cfgADSpecifyServerEnable 1 NOTE: When you use the Specify Server option, the host name in the certificate authority-signed certificate is not matched against the name of the specified server. This is particularly useful if you are a CMC administrator, because it enables you to enter a host name as well as an IP address. After you enable the Specify Server option, you can specify an LDAP server and global catalog with IP addresses or fully qualified domain names (FQDNs) of the servers. The FQDNs consist of the host names and the domain names of the servers. To specify an LDAP server, type: racadm config -g cfgActiveDirectory -o cfgADDomainController To specify a Global Catalog server, type: racadm config -g cfgActiveDirectory -o cfgADGlobalCatalog NOTE: Setting the IP address as 0.0.0.0 disables the CMC from searching for a server. NOTE: You can specify a list of LDAP or global catalog servers separated by commas. The CMC allows you to specify up to three IP addresses or host names. NOTE: LDAP or LDAPs that are not correctly configured for all domains and applications may produce unexpected results during the functioning of the existing applications/domains. 2 Specify a DNS server using one of the following options: • If DHCP is enabled on the CMC and you want to use the DNS address obtained automatically by the DHCP server, type the following command: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 1 204 Using the CMC With Microsoft Active Directory • If DHCP is disabled on the CMC, or if DHCP is enabled but you want to specify your DNS IP address manually, type following commands: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 racadm config -g cfgLanNetworking -o cfgDNSServer2 The Extended Schema feature configuration is complete. Standard Schema Active Directory Overview Using standard schema for Active Directory integration requires configuration on both Active Directory and the CMC. On the Active Directory side, a standard group object is used as a role group. A user who has CMC access will be a member of the role group. In order to give this user access to a specific CMC card, the role group name and its domain name need to be configured on the specific CMC card. Unlike the extended schema solution, the role and the privilege level is defined on each CMC card, not in the Active Directory. Up to five role groups can be configured and defined in each CMC. Table 5-10 shows the privileges level of the role groups and Table 7-8 shows the default role group settings. Using the CMC With Microsoft Active Directory 205 Figure 7-4. Configuration of CMC with Active Directory and Standard Schema Configuration on Active Directory Side Role Group Configuration on CMC Side Role Group Name and Domain Name User 206 Using the CMC With Microsoft Active Directory Role Definition Table 7-8. Default Role Group Privileges Role Group Default Privilege Level Permissions Granted Bit Mask 1 None • CMC Login User 0x00000fff • Chassis Configuration Administrator • User Configuration Administrator • Clear Logs Administrator • Chassis Control Administrator (Power Commands) • Super User • Server Administrator • Test Alert User • Debug Command User • Fabric A Administrator • Fabric B Administrator • Fabric C Administrator 2 None • CMC Login User 0x000000f9 • Clear Logs Administrator • Chassis Control Administrator (Power Commands) • Server Administrator • Test Alert User • Fabric A Administrator • Fabric B Administrator • Fabric C Administrator 3 None CMC Login User 0x00000001 4 None No assigned permissions 0x00000000 5 None No assigned permissions 0x00000000 Using the CMC With Microsoft Active Directory 207 NOTE: The bit mask values are used only when setting Standard Schema with the RACADM. NOTE: For more information about user privileges, see "User Types" on page 120. There are two ways to enable Standard Schema Active Directory: • With the CMC Web interface. See "Configuring the CMC With Standard Schema Active Directory and Web Interface" on page 208. • With the RACADM CLI tool. See "Configuring the CMC With Standard Schema Active Directory and RACADM" on page 211. Configuring Standard Schema Active Directory to Access Your CMC You need to perform the following steps to configure the Active Directory before an Active Directory user can access the CMC: 1 On an Active Directory server (domain controller), open the Active Directory Users and Computers Snap-in. 2 Create a group or select an existing group. The name of the group and the name of this domain will need to be configured on the CMC either with the Web interface or RACADM. For more information, see "Configuring the CMC With Standard Schema Active Directory and Web Interface" on page 208 or "Configuring the CMC With Standard Schema Active Directory and RACADM" on page 211. 3 Add the Active Directory user as a member of the Active Directory group to access the CMC. Configuring the CMC With Standard Schema Active Directory and Web Interface 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Network/Security tab, and then click the Active Directory subtab. The Active Directory Main Menu page appears. 4 Select the Configure option, and then click Next. The Active Directory Configuration and Management page appears. 208 Using the CMC With Microsoft Active Directory 5 In the Common Settings section: a Select the Enable Active Directory check box. b Type the ROOT Domain Name. The ROOT Domain Name is the fully qualified root domain name for the forest. NOTE: The ROOT domain name must be a valid domain name using the x.y naming convention, where x is a 1–256 character ASCII string with no spaces between characters, and y is a valid domain type such as com, edu, gov, int, mil, net, or org. c Type the Timeout time in seconds. Configuration range: 15–300 seconds. Default: 90 seconds 6 Optional: If you want the directed call to search the domain controller and global catalog, select the Search AD Server to search (Optional) check box, then: a In the Domain Controller text field, type the server where your Active Directory service is installed. b In the Global Catalog text field, type the location of the global catalog on the Active Directory domain controller. The global catalog provides a resource for searching an Active Directory forest. 7 Click Use Standard Schema in the Active Directory Schema Selection section. 8 Click Apply to save your settings. NOTE: You must apply your settings before continuing to the next step, in which you navigate to another page. If you do not apply the settings, you will lose the settings you entered when you navigate to the next page. 9 In the Standard Schema Settings section, click a Role Group. The Configure Role Group page appears. 10 Type the Group Name. The group name identifies the role group in the Active Directory associated with the CMC card. 11 Type the Group Domain. The Group Domain is the fully qualified root domain name for the forest. 12 In the Role Group Privileges page, select privileges for the group. If you modify any of the privileges, the existing Role Group Privilege (Administrator, Power User, or Guest User) will change to either the Custom group or the appropriate Role Group Privilege. See Table 5-10. Using the CMC With Microsoft Active Directory 209 13 Click Apply to save the Role Group settings. 14 Click Go Back To Active Directory Configuration and Management. 15 Click Go Back To Active Directory Main Menu. 16 Upload your domain forest Root certificate authority-signed certificate into the CMC. a Select the Upload Active Directory CA Certificate check box and then click Next. b In the Certificate Upload page, type the file path of the certificate or browse to the certificate file. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension. The SSL certificates for the domain controllers must be signed by the root certificate authority-signed certificate. The root certificate authority-signed certificate must be available on the management station accessing the CMC. c Click Apply. The CMC Web server automatically restarts after you click Apply. 17 Log out and then log in to the CMC to complete the CMC Active Directory feature configuration. 18 Select Chassis in the system tree. 19 Click the Network/Security tab. 20 Click the Network sub-tab. The Network Configuration page appears. 21 If Use DHCP (for NIC IP Address) is selected under Network Settings, select Use DHCP to obtain DNS server address. To manually input a DNS server IP address, deselect Use DHCP to obtain DNS server addresses and type your primary and alternate DNS server IP addresses. 22 Click Apply Changes. The CMC Standard Schema Active Directory feature configuration is complete. 210 Using the CMC With Microsoft Active Directory Configuring the CMC With Standard Schema Active Directory and RACADM To configure the CMC Active Directory Feature with Standard Schema using the RACADM CLI, use the following commands: 1 Open a Telnet/SSH text console to the CMC, log in, and type: racadm config -g cfgActiveDirectory -o cfgADEnable 1 racadm config -g cfgActiveDirectory -o cfgADType 2 racadm config -g cfgActiveDirectory -o cfgADRootDomain racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupName racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupDomain racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupPrivilege racadm sslcertupload -t 0x2 -f racadm sslcertdownload -t 0x1 -f NOTE: For bit mask number values, see "Bit Masks for User Privileges" on page 394. 2 Specify a DNS server using one of the following options: • If DHCP is enabled on the CMC and you want to use the DNS address obtained automatically by the DHCP server, type the following command: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 1 Using the CMC With Microsoft Active Directory 211 • If DHCP is disabled on the CMC or you want manually to input your DNS IP address, type the following commands: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 racadm config -g cfgLanNetworking -o cfgDNSServer2 Frequently Asked Questions Table 7-9 lists frequently asked questions and answers about using Active Directory with the CMC. Table 7-9. Using CMC With Active Directory: Frequently Asked Questions Question Answer Can I log into the CMC using Active Yes. The CMC’s Active Directory querying Directory across multiple trees? algorithm supports multiple trees in a single forest. Does the login to the CMC using Active Directory work in mixed mode (that is, the domain controllers in the forest run different operating systems, such as Microsoft Windows® 2000 or Windows Server® 2003)? Yes. In mixed mode, all objects used by the CMC querying process (among user, RAC Device Object, and Association Object) must be in the same domain. Does using the CMC with Active Directory support multiple domain environments? Yes. The domain forest function level must be in Native mode or Windows 2003 mode. In addition, the groups among Association Object, RAC user objects, and RAC Device Objects (including Association Object) must be universal groups. 212 The Dell-extended Active Directory Users and Computers Snap-In checks the mode and limits users in order to create objects across domains if in mixed mode. Using the CMC With Microsoft Active Directory Table 7-9. Using CMC With Active Directory: Frequently Asked Questions (continued) Question Answer Can these Dell-extended objects (Dell Association Object, Dell RAC Device, and Dell Privilege Object) be in different domains? The Association Object and the Privilege Object must be in the same domain. The Dellextended Active Directory Users and Computers Snap-In forces you to create these two objects in the same domain. Other objects can be in different domains. Are there any restrictions on Domain Yes. All SSL certificates for Active Directory Controller SSL configuration? servers in the forest must be signed by the same root certificate authority-signed certificate, because CMC only allows you to upload one trusted certificate authority-signed SSL certificate. I created and uploaded a new RAC certificate and now the Web interface does not launch. If you use Microsoft Certificate Services to generate the RAC certificate, you may have inadvertently chose User Certificate instead of Web Certificate when creating the certificate. To recover, generate a CSR, and then create a new Web certificate from Microsoft Certificate Services and upload it using the using the following RACADM commands: racadm sslcsrgen [-g] [-u] [-f {filename}] racadm sslcertupload -t 1 -f {web_sslcert} Using the CMC With Microsoft Active Directory 213 Table 7-9. Using CMC With Active Directory: Frequently Asked Questions (continued) Question Answer What can I do if I cannot log into the CMC using Active Directory authentication? How do I troubleshoot the issue? 1 Ensure that you use the correct user domain name during a login and not the NetBIOS name. 2 If you have a local CMC user account, log into the CMC using your local credentials. After you are logged in, perform the following steps: a Ensure that you have checked the Enable Active Directory check box on the CMC Active Directory configuration page. b Ensure that the DNS setting is correct on the CMC Networking configuration page. c Ensure that you have uploaded the Active Directory certificate from your Active Directory root certificate authority-signed certificate to the CMC. d Check the Domain Controller SSL certificates to ensure that they have not expired. e Ensure that your CMC Name, Root Domain Name, and CMC Domain Name match your Active Directory environment configuration. f Ensure that the CMC password has a maximum of 127 characters. While the CMC can support passwords of up to 256 characters, Active Directory only supports passwords that have a maximum length of 127 characters. 214 Using the CMC With Microsoft Active Directory Power Management Overview The M1000e chassis ships with either three power supply units (PSUs) or six, the maximum. If your chassis has three PSUs, you can add up to three more. The PSUs supply power to the chassis and all the modules in the chassis: CMC, IOM, iKVM, fans, front panel LCD and servers. The CMC manages the power budget for all the chassis modules. For AC redundancy to work in a six-PSU configuration, the three PSUs on the left must connect to one AC power grid while the three on the right connect to another. AC Redundancy is not available in a three-PSU configuration. Each PSU helps the CMC manage the power distribution to the modules. Power Budgeting for Hardware Modules The CMC allocates power to the modules in the M1000e chassis dynamically as they are installed into the chassis. Power Management 215 Figure 8-1. Chassis With Six-PSU Configuration PSUs Dynamic PSU Engagement Dynamic PSU engagement is a configurable option that enables the CMC to conserve power by powering-off unused PSUs and keeping them in Standby mode in case more power is required. This saves power by increasing the utilization of the PSUs that remain active so that they are used more efficiently. Factors that cause a single or set of PSUs to change to Standby mode include the following: 216 • Module population • The number of PSUs in the chassis • The redundancy policy • The capabilities and maximum efficiency point of the PSU configuration Power Management To maintain optimal efficiency, the CMC uses this information to determine how many PSUs are required to power a given configuration and place excess PSUs on standby. If new modules are installed, the CMC may, depending on need and optimization, turn on new supplies. Redundancy Policies The redundancy policy is a configurable set of properties that determine how the CMC manages power to the chassis. The following redundancy policies are configurable with or without dynamic PSU engagement: • AC Redundancy • Power Supply Redundancy • No Redundancy You can select and configure a redundancy policy or use the default redundancy policy for your chassis. The default redundancy configuration for your chassis depends on how many PSUs are configured for it, as shown in Table 8-1. Table 8-1. Default Redundancy Configuration PSU Configuration Default Redundancy Policy Default Dynamic PSU Engagement Setting Six PSUs AC Redundancy Disabled Three PSUs No Redundancy Disabled AC Redundancy For AC Redundancy mode to operate at optimal power, you must have six PSUs in your chassis. You can set your chassis to operate in AC Redundancy mode with fewer than six PSUs, but it will operate in a degraded state. In AC Redundancy mode, all six PSUs will be active. The three PSUs on the left must connect to one AC power grid, while the three PSUs on the right connect to another AC power grid. NOTICE: To avoid a system failure and for AC Redundancy to work effectively, you must ensure that each set of PSUs is connected to a separate AC grid. In case one AC grid fails, the three PSUs on the functioning AC grid take over without interruption to the servers or infrastructure. Power Management 217 NOTICE: In AC Redundancy mode, a difference in the number of PSUs between the two AC grids (for example, three PSUs on one AC grid and two on the other AC grid) will cause a degradation in the redundancy. Power Supply Redundancy The capacity of a PSU in the chassis is kept as a spare, ensuring that a failure of any one PSU will not cause the servers or chassis to power-down. Power Supply Redundancy mode requires four PSUs to operate correctly; any additional PSUs will not be utilized. Failure of two PSUs may cause the servers in the chassis to power down. No Redundancy Power from up to three PSUs is used to power on the entire chassis. NOTICE: The No Redundancy mode uses only three PSUs without a backup. Failure of one of the three PSUs being used could cause servers to lose power and data. Power Conservation and Power Budget Changes The CMC performs power conservation when the user-configured maximum power limit is reached. When the demand for power exceeds the power limit you have set, the CMC reduces power to servers you assign a lower priority to free power for higher priority servers and other modules in the chassis. If all or multiple slots in the chassis are configured with the same priority level, the CMC decreases power to servers by increasing slot number order. For example, if the servers in slots 1 and 2 have the same priority level, the power for the server in slot 1 is decreased before that of the server in slot 2. NOTE: You can assign a priority level to each of the servers in the chassis by giving each server a number from 1 through 9 inclusive. The default priority level for all servers is 1. The lower the number, the higher the priority level. For instructions on assigning server priority levels, see "Using RACADM" on page 237. PSU Failure With a No Redundancy Policy The CMC decreases power to servers when an insufficient power event occurs, such as a PSU failure. After decreasing power on servers, the CMC reevaluates the power needs of the chassis. Power for higher priority servers is restored incrementally while power needs remain within the power budget. 218 Power Management NOTE: To set the redundancy policy, see "Configuring Power Budget and Redundancy" on page 233. Figure 8-2. AC Redundancy (top), and Power Supply Redundancy (bottom) Power Grid #1 Power Grid #2 Power Supply #1 Power Supply #2 Power Supply #3 Power Supply #4 Power Supply #5 Power Supply #6 Empty Slot #5 Empty Slot #6 Chassis DC Power Bus Dual Power Grid: Protects against failure to an AC grid Power Grid #1 Power Grid #2 Power Supply #1 Power Supply #2 Power Supply #3 Power Supply #4 Chassis DC Power Bus Dual or Single Power Grid: Power Supply Redundancy protects against failure of a single power supply. Power Management 219 Figure 8-3. No Redundancy Power Grid #1 Power Supply #1 Power Supply #2 Power Supply #3 Empty Slot #4 Empty Slot #5 Empty Slot #6 Chassis DC Power Bus Single Power Grid: No protection against grid or power supply failure New Server Engagement Policy When a new server is powered on, the CMC may need to decrease power to lower priority servers to allow more power for the new server if adding the new server exceeds the power available for the system. This could happen if the administrator has configured a power limit for the chassis that is below what would be required for full power allocation to the servers, or if insufficient power is available for the worst-case power need of all servers in the chassis. If enough power cannot be freed by reducing the allocated power of the lower priority servers, the new server may not be allowed to power up. The highest amount of sustained power required to run the chassis and all of the servers, including the new one, at full power is the worst-case power requirement. If that amount of power is available, then no servers are allocated power that is less than the worst-case power needed and the new server is allowed to power up. If the worst-case power requirement cannot be met, power is reduced to the lower priority servers until enough power is freed to power up the new server. • 220 If enough power cannot be freed by reducing power to the existing servers, the new server is not allowed to power up. Power Management • If enough power is freed by reducing power to the existing servers, the freed power is allocated to the new server and the server is allowed to power up. Table 8-2 describes the actions taken by the CMC when a new server is powered on in the scenario described above. Table 8-2. CMC Response When a Server Power-On is Attempted Worst Case Power CMC Response is Available Server Power On Yes No power conservation is required Allowed No Perform power conservation: • Power required for new server is available Allowed • Power required for new server is not available Disallowed Table 8-3 describes the firmware response to a PSU power down or removal as it applies to various PSU redundancy configurations. Table 8-3. Chassis Impact from PSU Failure or Removal PSU Configuration Dynamic PSU Firmware Response Engagement AC Redundancy Disabled User alerted of loss of AC Redundancy. Power Supply Redundancy Disabled User alerted of loss of Power Supply Redundancy. No Redundancy Disabled Decrease power to low priority servers, if needed. AC Redundancy Enabled User alerted of loss of AC Redundancy. PSUs in standby mode (if any) are turned on to compensate for power budget lost from the PSU failure or removal. Power Supply Redundancy Enabled User alerted of loss of Power Supply Redundancy. PSUs in standby mode (if any) are turned on to compensate for power budget lost from PSU failure or removal. Power Management 221 Table 8-3. Chassis Impact from PSU Failure or Removal (continued) PSU Configuration Dynamic PSU Firmware Response Engagement No Redundancy Enabled Decrease power to low priority servers, if needed. PSU Removals With a No Redundancy Policy The CMC may begin conserving power when a user removes a PSU or a PSU AC cord. The CMC decreases power to the lower priority servers until power allocation is supported by the remaining PSUs in the chassis. If a user removes more than one PSU, the CMC evaluates power needs again when the second PSU is removed to determine the firmware response. Limits • The CMC does not support automated power-down of a lower priority server to allow power up of a higher priority server; however, you can perform user-initiated power-downs. • Changes to the PSU redundancy policy are limited by the number of PSUs in the chassis. The M1000e chassis ships with one of two configurations: three PSUs or six PSUs. You can select any of the three PSU redundancy configuration settings listed in "Redundancy Policies" on page 217. However, some redundancy policies, such as AC Redundancy, are not available for chassis with fewer than six PSUs (the maximum number allowable per chassis). Configuring and Managing Power You can use the Web-based and RACADM interfaces to manage and configure power controls on the CMC. Specifically, you can: 222 • View power allocations, consumption, and status for the chassis, servers, and PSUs • Configure power budget and redundancy for the chassis • Execute power control operations (power-on, power-off, system reset, power-cycle) the chassis Power Management Viewing the Health Status of the PSUs The Power Supply Status page displays the status and readings of the PSUs associated with the chassis. For more information about CMC power management, see "Power Management" on page 215. Using the Web Interface The PSU health status can be viewed in two ways: from the Chassis Graphics section on the Chassis Status page or the Power Supply Status page. The Chassis Graphics page provides a graphical overview of all PSUs installed in the chassis. To view health status for all PSUs using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed. The right section of Chassis Graphics depicts the rear view of the chassis and contains the health status of all PSUs. PSU health status is indicated by the color of the PSU subgraphic: • Green - PSU is present, powered on and communicating with the CMC; there is no indication of an adverse condition. • Amber - PSU is present, but may or may not be powered on, or may or may not be communicating with the CMC; an adverse condition may exist. • Gray - PSU is present and not powered on. It is not communicating with the CMC and there is no indication of an adverse condition. 3 Use the cursor to hover over the an individual PSU subgraphic and a corresponding text hint or screen tip is displayed. The text hint provides additional information on that PSU. 4 The PSU subgraphic is hyperlinked to the corresponding CMC GUI page to provide immediate navigation to the Power Supply Status page for all PSUs. To view the health status of the PSUs using Power Supply Status: 1 Log in to the CMC Web interface. 2 Select Power Supplies in the system tree. The Power Supply Status page displays. Power Management 223 Table 8-4 provides descriptions of the information provided on the Power Supply Status page. Table 8-4. Power Supply Health Status Information Item Description Present Indicates whether the PSU is Present or Absent. Health OK Indicates that the PSU is present and communicating with the CMC. In the event of a communication failure between the CMC and the fan unit, the CMC cannot obtain or display health status for the PSU. Warning Indicates that only Warning alerts have been issued, and corrective action must be taken within the time frame set by the administrator. If corrective actions are not taken within the administrator-specified time, it could lead to critical or severe power failures that can affect the integrity of the chassis. Severe Indicates at least one Failure alert has been issued. Failure status indicates a power failure on the chassis, and corrective action must be taken immediately. Name Displays the name of the PSU: PS-n, where n is the power supply number. Power Status Indicates the power state of the power supplies (one of the following): Initializing, Online, Stand By, In Diagnostics, Failed, Redundant, Offline, or Absent (missing). Capacity Displays the power capacity in watts. Using RACADM See Viewing Power Budget Status below. Viewing Power Budget Status The CMC provides power status overviews of the power subsystem on the Power Budget Status page. 224 Power Management Using the Web Interface NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Power Management tab. The Power Budget Status page displays. Table 8-5 through Table 8-11 describe the information displayed on the Power Budget Status page. See "Configuring Power Budget and Redundancy" on page 233 for information about configuring the settings for this information. Using RACADM Open a Telnet/SSH text console to the CMC, log in, and type: racadm getpbinfo NOTE: For more information about getpbinfo, including output details, see "getpbinfo" on page 346. Table 8-5. Real-Time Power Statistics Item Description System Input Power Displays the current cumulative power consumption of all modules in the chassis measured from the input side of the PSUs. The value for system input power is indicated in both watts and BTU/h units. Peak System Power Displays the maximum system level input power consumption since the value was last cleared. This property allows you to track the maximum power consumption by the system (chassis and modules) recorded over a period of time. Click the Configuration sub-tab on the Budget Status page to clear this value. The value for peak system power is indicated in both watts and BTU/h units. Power Management 225 Table 8-5. Real-Time Power Statistics (continued) Item Description Peak System Power Start Displays the date and time recorded when the peak system Time power consumption value was last cleared. The timestamp is displayed in the format hh:mm:ss MM/DD/YYYY, where hh is hours (0-24), mm is minutes (00-60), ss is seconds (00-60), MM is the month (1-12), DD is the day (1-31), and YYYY is the year. This value is reset with the Reset Peak/Min Power Statistics button and also when the CMC resets or fails over. Peak System Power Timestamp Displays the date and time recorded when the peak system power consumption value occurred over the time period being recorded. The timestamp is displayed in the format hh:mm:ss MM/DD/YYYY, where hh is hours (0–24), mm is minutes (00–60), ss is seconds (00–60), MM is the month (1–12), DD is the day, 1–31, and YYYY is the year. Minimum System Power Displays the minimum system level AC power consumption value (in watts) over the time since the user last cleared this value. This property allows you to track the minimum power consumption by the system (chassis and modules) recorded over a period of time. Click the Configuration sub-tab on the Budget Status page to clear this value. The value for minimum system power is displayed in both the watts and BTU/h units. This value is reset with the Reset Peak/Min Power Statistics button and also when the CMC resets or fails over. Minimum System Power Displays the date and time recorded when the minimum Start Time system power consumption value was last cleared. The timestamp is displayed in the format hh:mm:ss MM/DD/YYYY, where hh is hours (0-24), mm is minutes (00-60), ss is seconds (00-60), MM is the month (1-12), DD is the day (1-31), and YYYY is the year. This value is reset with the Reset Peak/Min Power Statistics button and also when the CMC resets or fails over. Minimum System Power Displays the date and time recorded when the minimum Timestamp system power consumption occurred over the time period being recorded. The format of the timestamp is the same as described for Peak System Power Timestamp. 226 Power Management Table 8-5. Real-Time Power Statistics (continued) Item Description System Idle Power Displays the estimated power consumption of the chassis when it is in idle state. The idle state is defined as the state of the chassis while it's ON and all modules are consuming power while in the idle state. This is an estimated value and not a measured value. It is computed as the cumulative power allocated to chassis infrastructure components (I/O modules, Fans, iKVM, iDRAC controllers and front panel LCD) and the minimum power requirement of all servers that have been allocated power and that are in the powered-on state. The value for system idle power is displayed in both watts and BTU/h units. System Potential Power Displays the estimated power consumption of the chassis when it is operating at maximum power. The maximum power consumption is defined as the state of the chassis while it's ON and all modules are consuming maximum power. This is an estimated value and not a measured value. It is computed as the cumulative power allocated to chassis infrastructure components (I/O modules, Fans, iKVM, iDRAC controllers and front panel LCD) and the maximum power requirement of all servers that have been allocated power and that are in the powered-on state. The value for system potential power is displayed in both watts and BTU/h units. System Input Current Reading Displays the total input current draw of the chassis based on the sum of the input current draw of each of the individual PSU modules in the chassis. The value for system input current reading is displayed in Amps. Table 8-6. Real-Time Energy Statistics Status Item Description System Energy Consumption Displays the current cumulative energy consumption for all modules in the chassis measured from the input side of the power supplies. The value is displayed in KWh and it is a cumulative value. Power Management 227 Table 8-6. Real-Time Energy Statistics Status (continued) Item Description System Energy Start Time Displays the date and time recorded when the system energy consumption value was last cleared, and the new measurement cycle began. The timestamp is displayed in the format hh:mm:ss MM/DD/YYYY, where hh is hours (0-24), mm is minutes (00-60), ss is seconds (00-60), MM is the month (1-12), DD is the day (1-31), and YYYY is the year. This value is reset with the Reset Energy Statistics button, but will persist through a CMC reset or fail over operation. System Energy Consumption Timestamp Displays the date and time when the system energy consumption was calculated for display. The timestamp is displayed in the format hh:mm:ss MM/DD/YYYY, where hh is hours (0-24), mm is minutes (00-60), ss is seconds (00-60), MM is the month (1-12), DD is the day (1-31), and YYYY is the year. Table 8-7. System Power Status Item Description Overall Power Health Indicates the health status (OK, Non-Critical, Critical, NonRecoverable, Other, Unknown) of the chassis’ power subsystem. System Power Status Displays the power status (On, Off, Powering On, Powering Off) of the chassis. Redundancy Indicates the redundancy status. Valid values are: No — PSUs are not redundant Yes — full redundancy in effect 228 Power Management Table 8-8. System Power Policy Configuration Item Description System Input Power Cap Displays the user configured maximum power consumption limit for the entire system (chassis, CMC, servers, I/O modules, power supply units, iKVM, and fans). The CMC will enforce this limit via reduced server power allocations, or by powering off lower priority server modules. The value for system input power cap is displayed in watts, BTU/h and percent units. If the chassis power consumption exceeds the System Input Power Cap, then the performance of lower priority servers is reduced until total power consumption falls below the cap. In cases where the servers are set to the same priority, then the selection of the server for power reduction, or power-off action, is based on the server slot number order. For example, the server in slot 1 is selected first and the server in slot 16 is selected last. Surplus for Peak The surplus for peak performance value is the difference between the System Input Power Cap and the sum of the Maximum Input Performance Power Allocated to Servers and the Maximum Input Power Allocated to Chassis Infrastructure. The value for surplus for peak performance is indicated in both the watts and BTU/h units. Power Management 229 Table 8-8. System Power Policy Configuration (continued) Item Description Redundancy Policy Indicates the current redundancy configuration: AC Redundancy, Power Supply Redundancy, and No Redundancy. AC Redundancy — Power input is load-balanced across all PSUs. Three of the PSUs are connected to one AC grid and the other three are connected to another grid. When the system is running optimally in AC Redundancy mode, power is load-balanced across all active supplies. In case of a grid failure, the PSUs on the functioning AC grid take over at 100% capacity. NOTE: In AC Redundancy mode, a difference in the number of PSUs between the two AC circuits (for example, three PSUs on one AC circuit and two on the other AC circuit) causes a degradation in the system redundancy. Power Supply Redundancy — The capacity of the highest-rated PSU in the chassis is held as spare, ensuring that a failure of any one PSU does not cause the server modules or chassis to power down. Power Supply Redundancy mode does not use all six PSUs; it uses a maximum of four. PSUs in excess of four do not participate in Power Supply Redundancy unless a PSU fails or is removed. No Redundancy — The power from all three PSUs on one AC circuit (grid) is used to power the entire chassis, including the chassis, servers, I/O modules, iKVM, and CMC. NOTICE: The No Redundancy mode uses only three PSUs at a time, with no backup. Failure of one of the three PSUs in use could cause the server modules to lose power and data. Dynamic Power Indicates whether Dynamic Power Supply Engagement is enabled Supply or disabled. Enabling this feature allows the CMC to put underEngagement utilized PSUs into standby mode based on the redundancy policy that is set and the power requirements of the system. Putting under-utilized PSUs into standby mode increases the utilization, and efficiency, of the online PSUs, saving power. 230 Power Management Table 8-9. Power Budgeting Item Description System Input Max Power Capacity Maximum input power that the available power supplies can supply to the system (in watts). Input Redundancy Reserve Displays the amount of redundant power (in watts) in reserve that can be utilized in the event of an AC grid or power supply unit (PSU) failure. When the chassis is configured to operate in AC Redundancy mode, the Input Redundancy Reserve is the amount of reserve power that can be utilized in the event of an AC grid failure. When the chassis is configured to operate in Power Supply Redundancy mode, the Input Redundancy Reserve is the amount of reserve power that can be utilized in the event of a specific PSU failure. Input Power Allocated to Servers Displays (in watts) the cumulative input power the CMC is allocating to servers based on their configuration. Input Power Allocated to Chassis Infrastructure Displays (in watts) the cumulative input power the CMC is allocating to the chassis infrastructure (Fans, IO modules, iKVM, CMC, Standby CMC and iDRAC on servers). Total Input Indicates the total chassis power budget, in watts, available for Power Available chassis operation. for Allocation Standby Input Displays the amount of standby input power (in watts) that is Power Capacity available in the event of a Power Supply fault or Power Supply removal from the system. This field may show readings when the system has four or more power supplies and the Dynamic Power Supply Engagement is enabled. NOTE: It is possible to see a PSU in standby mode but not contribute to the Standby Input Power Capacity value. In this case, the watts from this PSU are contributing to the Total Input Power Available for Allocation value. Power Management 231 Table 8-10. Server Modules Item Description Slot # Displays the location of the server module. The Slot # is a sequential number (1–16) that identifies the server module by its location within the chassis. Name Displays the server name. The server name can be redefined by the user. Type Displays the type of the server. Priority Indicates the priority level allotted to the server slot in the chassis for power budgeting. The CMC uses this value in its calculations when power must be reduced or reallocated based on user-defined power limits or power supply or power grid failures. Priority levels: 1 (highest) through 9 (lowest) Default: 1 NOTE: Server slot priority level is associated with the server slot— not with the server inserted into the slot. If you move a server to a different slot in the chassis or to a different chassis, the priority previously associated with new slot determines the priority of the relocated server. Power State Displays the power status of the server: • N/A: The CMC has not determined the power state of the server. • Off: Either the server or chassis is off. • On: Both chassis and server are on. • Powering On: Temporary state between Off and On. When the powering on cycle completes, the Power State will change to On. • Powering Off: Temporary state between On and Off. When the powering off cycle completes, the Power State will change to Off. Budget Allocation 232 Displays the power budget allocation for the server module. Power Management Table 8-11. System Power Supplies Item Description Name Displays the name of the PSU in the format PS-n, where n, is the PSU number. Power State Indicates the power state of the PSU — On, Initializing, Online, Stand By, In Diagnostics, Failed, Redundant, Unknown, or Absent (missing). Input Volts Displays the present input voltage of the power supply. Input Current Displays the present input current of the power supply. Output Rated Power Displays the maximum output power rating of the power supply. Configuring Power Budget and Redundancy The CMC’s power management service optimizes power consumption for the entire chassis (the chassis, servers, IOMs, iKVM, CMC, and PSUs) and reallocates power to different modules based on the demand. Using the Web Interface NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Power Management tab. The Power Budget Status page displays. 4 Click the Configuration sub-tab. The Budget/Redundancy Configuration page displays. 5 Set any or all of the properties described in Table 8-12 according to your needs. 6 Click Apply to save your changes. To refresh the content on the Budget/Redundancy Configuration page, click Refresh. To print the contents, click Print. Power Management 233 Table 8-12. Configurable Power Budget/Redundancy Properties Item Description Surplus for Peak Performance The surplus for peak performance value is the difference between the System Input Power Cap and the Power Required for Peak Performance (sum of the Maximum Input Power Allocated to Servers and the Maximum Input Power Allocated to Chassis Infrastructure). The value for surplus for peak performance is indicated in both the watts and BTU/h units. Power Required for Peak Performance The power required for peak performance value is the sum of the Maximum Input Power Need of Servers that are powered on and the Input Power Allocated to Chassis Infrastructure. The value for power required for peak performance is indicated in both the watts and BTU/h units. If System Input Power Cap is set to less than Power Required for Peak Performance, some servers may throttle under extreme load. 234 Power Management Table 8-12. Configurable Power Budget/Redundancy Properties (continued) Item Description System Input Power Cap System Input Power Cap is the maximum AC power that the system is allowed to allocate to servers and chassis infrastructure. It can be configured by the user to any value that exceeds the minimum power needed for servers that are powered on and the chassis infrastructure; configuring a value that falls below the minimum power needed for servers and the chassis infrastructure will fail. The power allocated to Servers and Chassis Infrastructure can be found in the User Interface on the Chassis -> Power Management-> Power Budget status page under Power Budgeting section or via CLI RACADM utility command (racadm getpbinfo). Users can power OFF one or more server(s) to lower the current Power allocation, and re-attempt setting a lower value for System Input Power Cap (if desired) or simply configure the cap prior to powering on the servers. To change this setting, it is possible to enter a value in any of the units. The interface ensures that the unit field that was last changed will be the value that is submitted when those changes are applied. NOTE: Refer to the Datacenter Capacity Planner (DCCP) tool at www.dell.com/calc for capacity planning. NOTE: When value changes are specified in watts, the submitted value will exactly reflect what is actually applied. However, when the changes are submitted in either of the BTU/h or percent units, the submitted value may not exactly reflect what is actually applied. This is because these units are converted to watts and then applied; and the conversion will be susceptible to some rounding error. Power Management 235 Table 8-12. Configurable Power Budget/Redundancy Properties (continued) Item Description Redundancy Policy This option will allow you to select one the following options: • No Redundancy: Power from all three power supplies on one AC circuit (grid) is used to power-on the entire chassis, including the chassis, servers, I/O modules, iKVM, and CMC. NOTE: The No Redundancy mode uses only three power supplies at a time. If 3 PSUs are installed, then there is no backup available. Failure of one of the three power supplies being used could cause the servers to lose power and/or data. If PSUs 4-6 are present, then these will become redundant and will become available in the event of an online PSU going down. • Power Supply Redundancy: The capacity of the highestrated power supply in the chassis is kept as a spare, ensuring that a failure of any one power supply will not cause the server modules or chassis to power down (hot spare). Power Supply Redundancy mode does not utilize all six power supplies, but rather a maximum of four and a minimum of two power supplies. Power Supply Redundancy mode prevents server modules from powering up if the power consumption of the chassis exceeds the rated power. Failure of two power supplies may cause some or all server modules in the chassis to power down. Server modules are not throttled in this mode. • AC Redundancy: This mode divides the 6 PSUs into two power grids (PSUs 1-3 making up power grid 1 and PSUs 4-6 making up power grid 2). 6 PSUs are required to have a fully redundant AC Redundancy power policy. In this configuration, 3 PSUs in one grid will be online and 3 PSUs in the other grid will be redundant. Failover will occur when any of the 3 PSUs in the online grid fail, which will cause the redundant PSUs to convert to online and will report the redundancy policy as degraded. NOTE: In AC Redundancy mode, a difference in the number of power supplies between the two AC circuits (for example, three power supplies on one AC circuit and two on the other AC circuit) will cause a degradation in the redundancy. 236 Power Management Table 8-12. Configurable Power Budget/Redundancy Properties (continued) Item Description Enable Dynamic Power Supply Engagement Enables (when checked) dynamic power management. In Dynamic Engagement mode, the power supplies are turned ON or OFF based on power consumption, optimizing the energy consumption of the entire chassis. For example, your power budget is 5000 watts, your redundancy policy is set to AC redundancy mode, and you have six power supply units. The CMC determines that four of the power supply units can manage the AC redundancy while the other two remain in standby mode. If an additional 2000W of power is needed for newly installed servers, then the two standby power supply units are engaged. Disable Chassis Power Button Disables (when checked) the chassis power button. If the check box is checked and the user attempts to change the power state of the chassis by pressing the chassis power button, the action is ignored. Using RACADM To enable redundancy and set the redundancy policy: NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. 1 Open a Telnet/SSH text console to the CMC and log in. 2 Set properties as needed: • To set the maximum power budget for the chassis, type: racadm config -g cfgChassisPower -o cfgChassisPowerCap where is a number between 2768–7928 representing the maximum power limit in watts. The default is 7928. For example, the following command: racadm config -g cfgChassisPower -o cfgChassisInMaxPowerCapacity 5400 sets the maximum power budget to 5400 watts. Power Management 237 • To select a redundancy policy, type: racadm config -g cfgChassisPower -o cfgChassisRedundancyPolicy where is 0 (No Redundancy), 1 (AC Redundancy), 2 (Power Supply Redundant). The default is 0. For example, the following command: racadm config -g cfgChassisPower -o cfgChassisRedundancyPolicy 1 sets the redundancy policy to 1. • To enable or disable dynamic PSU engagement, type: racadm config -g cfgChassisPower -o cfgChassisDynamicPSUEngagementEnable where is 0 (disable), 1 (enable). The default is 1. For example, the following command: racadm config -g cfgChassisPower -o cfgChassisDynamicPSUEngagementEnable 0 disables dynamic PSU engagement. For information about RACADM commands for chassis power: • See "config" on page 322 • See "getconfig" on page 332 • See "getpbinfo" on page 346 • See "cfgChassisPower" on page 413 Assigning Priority Levels to Servers Server priority levels determine which servers the CMC draws power from when additional power is required. NOTE: The priority you assign to a server is linked to its slot and not to the server itself. If you move the server to a new slot, you must reconfigure the priority from the new slot location. NOTE: To perform power management actions, you must have Chassis Configuration Administrator privilege. 238 Power Management Using the Web Interface 1 Log in to the CMC Web interface. 2 Select Servers in the system tree. The Servers Status page appears. 3 Click the Power Management tab. The Server Priority page appears, listing all of the servers in your chassis. 4 Select a priority level (1–9, with 1 holding the highest priority) for one, multiple, or all servers. The default value is 1. You can assign the same priority level to multiple servers. 5 Click Apply to save your changes. Using RACADM Open a Telnet/SSH text console to the CMC, log in, and type: racadm config -g cfgServerInfo -o cfgServer Priority -i Where (1–16) refers to the location of the server, and is a value between 1–9. For example, the following command: racadm config -g cfgServerInfo -o cfgServerPriority -i 5 1 sets the priority level to 1 for the server with the index name of 5. Setting the Power Budget NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. Using the Web Interface 1 Log in to the CMC Web interface. 2 Click Chassis in the system tree. The Component Health page appears. 3 Click the Power Management tab. The Power Budget Status page appears. 4 Click the Configuration sub-tab. The Budget/Redundancy Configuration page appears. Power Management 239 5 Type a budget value of up to 7928 watts in the System Input Power Cap text field. NOTE: The power budget is limited to a maximum of three PSUs out of a total of six PSUs. If you attempt to set a AC power budget value that exceeds the power capacity of your chassis, the CMC will display a failure message. NOTE: When value changes are specified in watts, the submitted value will exactly reflect what is actually applied. However, when the changes are submitted in either of the BTU/h or percent units, the submitted value may not exactly reflect what is actually applied. This is because these units are converted to watts and then applied; and the conversion will be susceptible to some rounding error. 6 Click Apply to save your changes. Using RACADM Open a Telnet/SSH text console to the CMC, log in, and type: racadm config -g cfgChassisPowerCap -o cfgChassisInMaxPowerCapacity where is the maximum amount of power (in watts) available to the chassis. NOTE: The power budget is limited to a maximum of three PSUs out of a total of six PSUs. If you attempt to set a AC power budget value that exceeds the power capacity of your chassis, the CMC will display a failure message. For example: racadm config -g cfgChassisPowerCap -o cfgChassisInMaxPowerCapacity 7928 Throttling Power to Maintain Power Budget The CMC throttles power to lower priority servers when additional power is needed to maintain the maximum AC power limit. For example, when a new server is engaged, the CMC may decrease power to low priority servers to allow more power for the new server. If the amount of power is still insufficient after throttling the lower priority servers, the CMC will throttle higher priority servers until sufficient power is freed to power the new server. 240 Power Management Throttling is executed in two cases: • Overall power consumption exceeds the configurable maximum power limit (see "Setting the Power Budget" on page 239) • A power failure occurs in a non-redundant configuration For information about assigning priority levels to servers, see "Executing Power Control Operations on the Chassis" on page 241. Executing Power Control Operations on the Chassis NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. NOTE: Power control operations affect the entire chassis. For power control operations on an IOM, see "Executing Power Control Operations on an IOM" on page 242. For power control operations on servers, see "Executing Power Control Operations on a Server" on page 243. The CMC enables you to remotely perform several power management actions, such as an orderly shutdown, on the entire chassis (chassis, servers, IOMs, iKVM, and PSUs). Using the Web Interface 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Power Management tab. The Power Budget Status page displays. 4 Click the Control sub-tab. The Power Management page displays. 5 Select one of the following Power Control Operations by clicking its radio button: • Power On System — Turns on the chassis power (the equivalent of pressing the power button when the chassis power is OFF). This option is disabled if the chassis is already powered ON. NOTE: This action powers on the chassis and other subsystems (iDRAC on the servers, IOMs, and iKVM). Servers will not power on. • Power Off System — Turns off the chassis power. This option is disabled if the chassis is already powered OFF. Power Management 241 NOTE: This action powers off the chassis (chassis, servers, IOMs, iKVM, and power supplies). The CMCs remain powered on, but in virtual standby state; a power supply unit and fans provide cooling for the CMCs in this state. The power supply will also provide power to the fans that will be running at low speed. • Power Cycle System (cold boot) — Powers off and then reboots the system (cold boot). This option is disabled if the chassis is already powered OFF. NOTE: This action powers off and then reboots the entire chassis (chassis, servers which are configured to always power on, IOMs, iKVM, and power supplies). • Reset CMC — Resets the CMC without powering off (warm reboot). (This option is disabled if the CMC is already powered off). NOTE: This action only resets the CMC. No other components are affected. • Non-Graceful Shutdown — This action forces a non-graceful power off of the entire chassis (chassis, servers, IOMs, iKVM, and power supplies). This does not attempt to cleanly shutdown the operating system of the servers prior to powering off. 6 Click Apply. A dialog box appears requesting confirmation. 7 Click OK to perform the power management action (for example, cause the system to reset). Using RACADM Open a Telnet/SSH text console to the CMC, log in, and type: racadm chassisaction -m chassis where is powerup, powerdown, powercycle, nongraceshutdown or reset. Executing Power Control Operations on an IOM You can remotely execute a reset or power cycle on an individual IOM. NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. 242 Power Management Using the Web Interface 1 Log in to the CMC Web interface. 2 Select I/O Modules. The I/O Modules Status page displays. 3 Click the Power Management tab. The Power Control page displays. 4 Select the operation you want to execute (reset or power cycle) from the drop-down menu beside the IOM in the list. 5 Click Apply. A dialog box appears requesting confirmation. 6 Click OK to perform the power management action (for example, cause the IOM to power cycle). Using RACADM Open a Telnet/SSH text console to the CMC, log in, and type: racadm chassisaction -m switch- where is a number 1-6 and specifies the IOM (a1, a2, b1, b2, c1, c2), and indicates the operation you want to execute: powercycle or reset. Executing Power Control Operations on a Server NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. The CMC enables you to remotely perform several power management actions, for example, an orderly shutdown, on an individual server in the chassis. Using the Web Interface 1 Log in to the CMC Web interface. 2 Expand Servers in the system tree, and then select the server on which you want to execute a power control operation. The Server Status page displays. 3 Click the Power Management tab. The Server Power Management page displays. Power Management 243 4 Power Status displays the power status of the server (one of the following): • N/A - The CMC has not yet determined the power state of the server. • Off - Either the server is off or the chassis is off. • On - Both chassis and server are on. • Powering On - Temporary state between Off and On. When the action completes successfully, the Power State will be On. • Powering Off - Temporary state between On and Off. When the action completes successfully, the Power State will be Off. 5 Select one of the following Power Control Operations by clicking its radio button: • Power On Server — Turns on the server power (equivalent to pressing the power button when the server power is off). This option is disabled if the server is already powered on. • Power Off Server — Turns off the server power (equivalent to pressing the power button when the server power is on). • Graceful Shutdown — Powers off and then reboots the server. • Reset Server (warm boot) — Reboots the server without powering off. This option is disabled if the server is powered off. • Power Cycle Server (cold boot) — Powers off and then reboots the server. This option is disabled if the server is powered off. 6 Click Apply. A dialog box appears requesting confirmation. 7 Click OK to perform the power management action (for example, cause the server to reset). Using RACADM Open a Telnet/SSH text console to the CMC, log in, and type: racadm serveraction -m where specifies the server by its slot number (server-1 through server-16) in the chassis, and indicates the operation you want to execute: powerup, powerdown, powercycle, graceshutdown, or hardreset. 244 Power Management Using the iKVM Module Overview The local access KVM module for your Dell™ M1000e server chassis is called the Avocent® Integrated KVM Switch Module, or iKVM. The iKVM is an analog keyboard, video, and mouse switch that plugs into your chassis. It is an optional, hot-pluggable module to the chassis that provides local keyboard, mouse, and video access to the servers in the chassis, and to the active CMC’s command line. iKVM User Interface The iKVM uses the On Screen Configuration and Reporting (OSCAR®) graphical user interface, which is activated by a hot key. OSCAR allows you to select one of the servers or the Dell CMC command line you wish to access with the local keyboard, display, and mouse. Only one iKVM session per chassis is allowed. Security The OSCAR user interface allows you to protect your system with a screen saver password. After a user-defined time, the screen saver mode engages, and access is prohibited until the appropriate password is entered to reactivate OSCAR. Scanning OSCAR allows you to select a list of servers, which are displayed in the order selected while OSCAR is in scan mode. Server Identification The CMC assigns slots names for all servers in the chassis. Although you can assign names to the servers using the OSCAR interface from a tiered connection, the CMC assigned names take precedence, and any new names you assign to servers using OSCAR will be overwritten. Using the iKVM Module 245 The CMC identifies a slot by assigning it a unique name. To change slot names using the CMC Web interface, see "Editing Slot Names" on page 99. To change a slot name using RACADM, see "setslotname" on page 376. Video The iKVM video connections support video display resolutions ranging from 640 x 480 at 60 Hz up to 1280 x 1024 at 60 Hz. Plug and Play The iKVM supports Display Data Channel (DDC) Plug and Play, which automates video monitor configuration, and is compliant with the VESA DDC2B standard. FLASH Upgradable You can update the iKVM firmware using the CMC Web interface or RACADM fwupdate command. For more information, see "Managing iKVM From the CMC" on page 263. Physical Connection Interfaces You can connect to a server or the CMC CLI console via the iKVM from the chassis front panel, an Analog Console Interface (ACI), and the chassis rear panel. NOTE: The ports on the control panel on the front of the chassis are designed specifically for the iKVM, which is optional. If you do not have the iKVM, you cannot use the front control panel ports. iKVM Connection Precedences Only one iKVM connection is available at a time. The iKVM assigns an order of precedence to each type of connection so that when there are multiple connections, only one connection is available while others are disabled. The order of precedence for iKVM connections is as follows: 1 Front panel 2 ACI 3 Rear Panel 246 Using the iKVM Module For example, if you have iKVM connections in the front panel and ACI, the front panel connection remains active while the ACI connection is disabled. If you have ACI and rear connections, the ACI connection takes precedence. Tiering Through the ACI Connection The iKVM allows tiered connections with servers and the iKVM’s CMC command line console, either locally through a Remote Console Switch port or remotely through the Dell RCS® software. The iKVM supports ACI connections from the following products: • 180AS, 2160AS, 2161DS-2*, or 4161DS Dell Remote Console Switches™ • Avocent AutoView® switching system • Avocent DSR® switching system • Avocent AMX® switching system * Does not support the Dell CMC console connection. NOTE: The iKVM also supports an ACI connection to the Dell 180ES and 2160ES, but the tiering is non-seamless. This connection requires a USB to PS2 SIP. Using OSCAR This section provides an overview of the OSCAR interface. Navigation Basics Table 9-1 describes navigating the OSCAR interface using the keyboard and mouse. Table 9-1. OSCAR Keyboard and Mouse Navigation Key or Key Sequence Result • Any of these key sequences can open OSCAR, depending on your Invoke OSCAR settings. You can enable two, three, or all of these key sequences by selecting boxes in the Invoke • - OSCAR section of the Main dialog box, and then clicking • - OK. • - Opens the Help screen for the current dialog box. Using the iKVM Module 247 Table 9-1. OSCAR Keyboard and Mouse Navigation (continued) Key or Key Sequence Result Closes the current dialog box without saving changes and returns to the previous dialog box. In the Main dialog box, closes the OSCAR interface and returns to selected server. In a message box, it closes the pop-up box and returns to the current dialog box. Opens dialog boxes, selects or checks options, and executes actions when used in combination with underlined letters or other designated characters. + Closes the current dialog box and returns to the previous dialog box. + Selects the OK button, then returns to the previous dialog box. Completes a switch operation in the Main dialog box and exits OSCAR. Single-click, In a text box, selects the text for editing and enables the leftarrow key and right-arrow keys to move the cursor. Press again to quit the edit mode. , Toggles back to previous selection if there were no other keystrokes. , +<0> Immediately disconnects a user from a server; no server is selected. Status flag displays Free. (This action only applies to the =<0> on the keyboard and not the keypad.) , Immediately turns on screen saver mode and prevents access to that specific console, if it is password protected. Up/Down Arrow keys Moves the cursor from line to line in lists. Right/Left Arrow keys Moves the cursor within the columns when editing a text box. / Moves the cursor to the top (Home) or bottom (End) of a list. Deletes characters in a text box. Number keys Type from the keyboard or keypad. Disabled. To change case, use the key. 248 Using the iKVM Module Configuring OSCAR Table 9-2 describes the features available from the OSCAR Setup menu for configuring your servers. Table 9-2. OSCAR Setup Menu Features Feature Purpose Menu Changes the server listing between numerically by slot or alphabetically by name. Security • Sets a password to restrict access to servers. • Enables a screen saver and set an inactivity time before the screen saver appears and set the screen save mode. Flag Changes display, timing, color, or location of the status flag. Language Changes the language for all OSCAR screens. Broadcast Sets up to simultaneously control multiple servers through keyboard and mouse actions. Scan Sets up a custom scan pattern for up to 16 servers. To access the Setup dialog box: 1 Press to launch the OSCAR interface. The Main dialog box appears. 2 Click Setup. The Setup dialog box appears. Changing the Display Behavior Use the Menu dialog box to change the display order of servers and set a Screen Delay Time for OSCAR. To access the Menu dialog box: 1 Press to launch OSCAR. The Main dialog box appears. 2 Click Setup and then Menu. The Menu dialog box appears. Using the iKVM Module 249 To choose the default display order of servers in the Main dialog box: 1 Select Name to display servers alphabetically by name. or Select Slot to display servers numerically by slot number. 2 Click OK. To assign one or more key sequences for OSCAR activation: 1 Select a key sequence from the Invoke OSCAR menu. 2 Click OK. The default key to invoke OSCAR is . To set a Screen Delay Time for the OSCAR: 1 Enter the number of seconds (0 through 9) to delay display of OSCAR after you press . Entering <0> launches OSCAR with no delay. 2 Click OK. Setting a time to delay display of OSCAR allows you to complete a soft switch. To perform a soft switch, see "Soft Switching" on page 254. Controlling the Status Flag The status flag displays on your desktop and shows the name of the selected server or the status of the selected slot. Use the Flag dialog box to configure the flag to display by server, or to change the flag color, opacity, display time, and location on the desktop. Table 9-3. Flag OSCAR Status Flags Description Flag type by name Flag indicating that the user has been disconnected from all systems Flag indicating that Broadcast mode is enabled 250 Using the iKVM Module To access the Flag dialog box: 1 Press . The Main dialog box appears. 2 Click Setup and then Flag. The Flag dialog box appears. To specify how the status flag displays: 1 Select Displayed to show the flag all the time or Displayed and Timed to display the flag for only five seconds after switching. NOTE: If you select Timed by itself, the flag is not displayed. 2 Select a flag color from the Display Color section. Options are black, red, blue, and purple. 3 In Display Mode, select Opaque for a solid color flag or Transparent to see the desktop through the flag. 4 To position the status flag on the desktop: a Click Set Position. The Set Position Flag displays. b Left-click on the title bar and drag it to the desired location on the desktop. c Right-click to return to the Flag dialog box. NOTE: Changes made to the flag position are not saved until you click OK in the Flag dialog box. 5 Click OK to save settings. To exit without saving changes, click . Managing Servers With iKVM The iKVM is an analog switch matrix supporting up to 16 servers. The iKVM switch uses the OSCAR user interface to select and configure your servers. In addition, the iKVM includes a system input to establish a CMC command line console connection to the CMC. Peripherals Compatibility and Support The iKVM is compatible with the following peripherals: • Standard PC USB keyboards with QWERTY, QWERTZ, AZERTY, and Japanese 109 layouts. • VGA monitors with DDC support. Using the iKVM Module 251 • Standard USB pointing devices. • Self-powered USB 1.1 hubs connected to the local USB port on the iKVM. • Powered USB 2.0 hubs connected to the Dell M1000e chassis’ front panel console. NOTE: You can use multiple keyboards and mice on the iKVM local USB port. The iKVM aggregates the input signals. If there are simultaneous input signals from multiple USB keyboards or mice, it may have unpredictable results. NOTE: The USB connections are solely for supported keyboard, mouse, and USB hubs. iKVM does not support data transmitted from other USB peripherals. Viewing and Selecting Servers Use the OSCAR Main dialog box to view, configure, and manage servers through the iKVM. You can view your servers by name or by slot. The slot number is the chassis slot number the server occupies. The Slot column indicates the slot number in which a server is installed. NOTE: The Dell CMC command line occupies Slot 17. Selecting this slot displays the CMC command line, where you can execute remote RACADM commands or connect to servers and modules for debugging. NOTE: Server names and slot numbers are assigned by the CMC. To access the Main dialog box: Press to launch the OSCAR interface. The Main dialog box appears. or If a password has been assigned, the Password dialog box appears. Type your password and click OK. The Main dialog box appears. For more information about setting a password, see "Setting Console Security" on page 255. NOTE: There are four options for invoking OSCAR. You can enable one, multiple, or all of these key sequences by selecting boxes in the Invoke OSCAR section of the Main dialog box and then clicking OK. 252 Using the iKVM Module Viewing the Status of Your Servers The status of the servers in your chassis is indicated in the right columns of the Main dialog box. The following table describe the status symbols. Table 9-4. OSCAR Interface Status Symbols Symbols Description (Green dot.) Server is online. (Red X.) Server is offline or absent from chassis. (Yellow dot.) Server is not available. (Green A or B.) Server is being accessed by the user channel indicated by the letter: A=rear panel, B=front panel. Selecting Servers Use the Main dialog box to select servers. When you select a server, the iKVM reconfigures the keyboard and mouse to the proper settings for that server. • To select servers: Double-click the server name or the slot number. or If the display order of your server list is by slot (that is, the Slot button is depressed), type the slot number and press . or If the display order of your server list is by name (that is, the Name button is depressed), type the first few characters of the server name, establish it as unique, and press twice. • To select the previous server: Press and then . This key combination toggles between the previous and current connections. Using the iKVM Module 253 • To disconnect the user from a server: Press to access OSCAR and then click Disconnect. or Press and then <0>. This leaves you in a free state, with no server selected. The status flag on your desktop, if active, displays Free. See "Controlling the Status Flag" on page 250. Soft Switching Soft switching is switching between servers using a hotkey sequence. You can soft switch to a server by pressing and then typing the first few characters of its name or number. If you previously set a delay time (the number of seconds before the Main dialog box is displayed after is pressed) and you press the key sequences before that time has elapsed, the OSCAR interface does not display. To configure OSCAR for soft switching: 1 Press to launch the OSCAR interface. The Main dialog box appears. 2 Click Setup and then Menu. The Menu dialog box appears. 3 Select Name or Slot for the Display/Sort Key. 4 Type the desired delay time in seconds in the Screen Delay Time field. 5 Click OK. To soft switch to a server: • To select a server, press . If the display order of your server list is by slot as per your selection in step 3 (that is, the Slot button is depressed), type the slot number and press . or If the display order of your server list is by name as per your selection in step 3(that is, the Name button is depressed), type the first few characters of the name of the server to establish it as unique and press . • 254 To switch back to the previous server, press then . Using the iKVM Module Video Connections The iKVM has video connections on the front and rear panels of the chassis. The front panel connection signals take precedence over that of the rear panel. When a monitor is connected to the front panel, the video connection does not pass through to the rear panel, and an OSCAR message displays stating that the rear panel KVM and ACI connections are disabled. If the monitor is disabled (that is, removed from the front panel or disabled by a CMC command), the ACI connection becomes active while the rear panel KVM remains disabled. (For information about order of connection precedence, see "iKVM Connection Precedences" on page 246.) For information about enabling or disabling the front panel connection, see "Enabling or Disabling the Front Panel" on page 263. Preemption Warning Normally, a user connected to a server console through the iKVM and another user connected to the same server console through the iDRAC GUI console redirection feature both have access to the console and are able to type simultaneously. To prevent this scenario, the remote user, before starting the iDRAC GUI console redirection, can disable the local console in the iDRAC Web interface. The local iKVM user sees an OSCAR message that the connection will be preempted in a specified amount of time. The local user should finish work before the iKVM connection to the server is terminated. There is no preemption feature available to the iKVM user. NOTE: If a remote iDRAC user has disabled the local video for a specific server, that server's video, keyboard and mouse will be unavailable to the iKVM. The server state is marked with a yellow dot in the OSCAR menu to indicate that it is locked or unavailable for local use (see "Viewing the Status of Your Servers" on page 253). Setting Console Security OSCAR enables you to configure security settings on your iKVM console. You can establish a screen saver mode that engages after your console remains unused for a specified delay time. Once engaged, your console remains locked until you press any key or move the mouse. Enter the screen saver password to continue. Using the iKVM Module 255 Use the Security dialog box to lock your console with password protection, set or change your password, or enable the screen saver. NOTE: If the iKVM password is lost or forgotten, you can reset it to the iKVM factory default using the CMC Web interface or RACADM. See "Clearing a Lost or Forgotten Password" on page 258. Accessing the Security Dialog Box 1 Press . The Main dialog box appears. 2 Click Setup and the Security. The Security dialog box appears. Setting or Changing the Password 1 Single-click and press or double-click in the New field. 2 Type the new password in the New field and then press . Passwords are case sensitive and require 5–12 characters. They must include at least one letter and one number. Legal characters are: A–Z, a–z, 0–9, space, and hyphen. 3 In the Repeat field, type the password again, and then press . 4 Click OK if you only want to change your password, and then close the dialog box. Password-protecting Your Console 1 Set your password as described in the previous procedure. 2 Select the Enable Screen Saver box. 3 Type the number of minutes of Inactivity Time (from 1 through 99) to delay password protection and screen saver activation. 4 For Mode: If your monitor is ENERGY STAR® compliant, select Energy; otherwise select Screen. NOTE: If the mode is set to Energy, the appliance will put the monitor into sleep mode. This is normally indicated by the monitor powering off and the amber light replacing the green power LED. If the mode is set to Screen, the OSCAR flag will bounce around the screen for the duration of the test. Before the test starts, a warning popup box displays the following message: "Energy mode may damage a monitor that is not ENERGY STAR compliant. However, once started, the test can be quit immediately via mouse or keyboard interaction." 256 Using the iKVM Module CAUTION: Monitor damage may result from the use of Energy mode with monitors not compliant with Energy Star. 5 Optional: To activate the screen saver test, click Test. The Screen Saver Test dialog box displays. Click OK to start the test. The test takes 10 seconds. When it concludes, you are returned to the Security dialog box. Logging In 1 Press