Dell Chassis Management Controller Version 2 1 Users Manual 2.1 User's Guide
2014-11-13
: Dell Dell-Chassis-Management-Controller-Version-2-1-Users-Manual-118081 dell-chassis-management-controller-version-2-1-users-manual-118081 dell pdf
Open the PDF directly: View PDF .
Page Count: 378
Download | |
Open PDF In Browser | View PDF |
cmcugtp[2].fm Page 1 Friday, September 25, 2009 1:30 PM Dell™ Chassis Management Controller Firmware Version 2.10 User Guide cmcugtp[2].fm Page 2 Friday, September 25, 2009 1:30 PM Notes and Cautions NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates a potential for property damage, personal injury, or death. ____________________ Information in this document is subject to change without notice. © 2009 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden. Trademarks used in this text: Dell, the DELL logo, FlexAddress, OpenManage, PowerEdge, and PowerConnect are trademarks of Dell Inc.; Microsoft, Active Directory, Internet Explorer, Windows, Windows NT, Windows Server, and Windows Vista are either trademarks or registered trademarks of Microsoft Corporation in the United States and other countries; Red Hat and Red Hat Enterprise Linux are registered trademarks of Red Hat, Inc. in the United States and other countries; Novell and SUSE are registered trademarks of Novell Corporation in the United States and other countries; Intel is a registered trademark of Intel Corporation; UNIX is a registered trademark of The Open Group in the United States and other countries. Avocent is a trademark of Avocent Corporation; OSCAR is a registered trademark of Avocent Corporation or its affiliates. Copyright 1998-2006 The OpenLDAP Foundation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. A copy of this license is available in the file LICENSE in the top-level directory of the distribution or, alternatively, at http://www.OpenLDAP.org/license.html. OpenLDAP is a registered trademark of the OpenLDAP Foundation. Individual files and/or contributed packages may be copyrighted by other parties and subject to additional restrictions. This work is derived from the University of Michigan LDAP v3.3 distribution. This work also contains materials derived from public sources. Information about OpenLDAP can be obtained at http://www.openldap.org/. Portions Copyright 1998-2004 Kurt D. Zeilenga. Portions Copyright 1998-2004 Net Boolean Incorporated. Portions Copyright 2001-2004 IBM Corporation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. Portions Copyright 1999-2003 Howard Y.H. Chu. Portions Copyright 1999-2003 Symas Corporation. Portions Copyright 1998-2003 Hallvard B. Furuseth. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that this notice is preserved. The names of the copyright holders may not be used to endorse or promote products derived from this software without their specific prior written permission. This software is provided "as is'' without express or implied warranty. Portions Copyright (c) 1992-1996 Regents of the University of Michigan. All rights reserved. Redistribution and use in source and binary forms are permitted provided that this notice is preserved and that due credit is given to the University of Michigan at Ann Arbor. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission. This software is provided "as is'' without express or implied warranty. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own. August 2009 Contents 1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . What’s New For This Release . . . . . . . . . . . . . . 17 . . . . . . . . . . . . . . 18 Security Features . . . . . . . . . . . . . . . . . . . . 20 Chassis Overview . . . . . . . . . . . . . . . . . . . . 21 CMC Management Features . Hardware Specifications TCP/IP Ports . . . . . . . . . . . . . . . . 21 . . . . . . . . . . . . . . . . . . . . 21 Supported Remote Access Connections Supported Platforms . . . . . . . . . 23 . . . . . . . . . . . . . . . . . . 23 Supported Web Browsers . . . . . . . . . . . . . . . . Supported Management Console Applications . WS-Management Support . 24 . . . . . . . . . . . . . . . 24 . . . . . . . . . . . . Installing and Setting Up the CMC Before You Begin 24 . . . . Other Documents You May Need 2 17 26 . . . . . 29 . . . . . . . . . . . . . . . . . . . . 29 Installing the CMC Hardware . . . . . . . . . . . . . . Contents 29 3 Installing Remote Access Software on a Management Station . . . . . . . . . Installing RACADM on a Linux Management Station . . . . . . . . . . 30 . . . . . . . . . . . . 30 Uninstalling RACADM From a Linux Management Station . . . . . . . . . . . . . 31 . . . . . . . . . . . . . . 31 . . . . . . . . . . . . . . . . . . . . ® Phishing Filter . . . . . . . . . . . . . Microsoft 32 Certificate Revocation List (CRL) Fetching . . . . . 33 . . . . . . . . 33 Configuring a Web Browser . Proxy Server Downloading Files From CMC With Internet Explorer . . . . . . . . . . Allow Animations in Internet Explorer Setting Up Initial Access to the CMC . . . . . . . 34 . . . . . . . . . . 34 Basic CMC Network Connection . . . . . . . . . . Daisy-chain CMC Network Connection Configuring the CMC Network . . . . . . 35 37 . . . . . . . . . Accessing the CMC Through a Network . . . . . . . . Installing or Updating the CMC Firmware . 44 45 . . . . . . . . . 45 . . . . . . . . . . 46 . . . . . . . . . . . . 46 . . . . . . . . . . . . . . 47 Updating CMC Firmware Using the Web Interface . . . . . . . . Updating the CMC Firmware Using RACADM . . . . . . . Configuring Power Budgeting . . . . . . . . . . . Adding and Configuring Users 47 . . . . . . . . . . . 47 . . . . . . . . . . 48 . . . . . . . . . . . . 48 Adding SNMP and E-mail Alerts Configuring Remote Syslog . 47 . . . . . . . . Configuring CMC Network Settings Contents 38 . . . . . . . Downloading the CMC Firmware . 4 35 . . . . . . . . . . . Configuring Networking Using the LCD Configuration Wizard . . . . Configuring CMC Properties . 33 Understanding the Redundant CMC Environment . . . . . . . . . . . . . About the Standby CMC . . . . . . . . . . 49 . . . . . . . . . . . . . . 49 Primary CMC Election Process . Obtaining Health Status of Redundant CMC . . . . . 3 . . . . . . . . . . 50 . . . . . . . . . . . . . 50 Configuring CMC to Use Command Line Consoles . . . . . . . . . . . . . . . . . . . . . 51 . . . . . 51 Using a Serial, Telnet, or SSH Console . . . . . . . . . 52 Using a Telnet Console With the CMC . . . . . . . . . 52 . . . . . . . . . . . . . . . . 52 Command Line Console Features on the CMC Using SSH With the CMC . . . . . . . . . . . . . 53 . . . . . . . . . . . . . . 53 Enabling SSH on the CMC Changing the SSH Port . Enabling the Front Panel to iKVM Connection . . . . . . . . . . . . . . . . . . Configuring Terminal Emulation Software Configuring Linux Minicom . 54 . . . . . . . 54 . . . . . . . . . . . . 55 Connecting to Servers or I/O Modules With the Connect Command . . . . . . . . . . . . . . . . . . 56 Configuring the managed server BIOS for serial console redirection . . . . . . . . . . . . 58 . . . . . . . . . . 59 Configuring Windows for serial console redirection . . . . . . . Configuring Linux for Server Serial Console Redirection During Boot. . . . . . . . . . 59 Configuring Linux for Server Serial Console Redirection After Boot . . . . . . . . . . 61 Contents 5 4 Using the RACADM Command Line Interface . . . . . . . . . . . . . . . . . . . . . 65 . . . . . . . . . 65 Logging in to the CMC . . . . . . . . . . . . . . . 66 Starting a Text Console . . . . . . . . . . . . . . . 66 . . . . . . . . . . . . . . . . . . . . . 66 Using a Serial, Telnet, or SSH Console Using RACADM . RACADM Subcommands . . . . . . . . . . . . . . Accessing RACADM Remotely . . . . . . . . . . . Enabling and Disabling the RACADM Remote Capability . . . . . . . . . . . 72 Using RACADM Remotely. . . . . . . . . . . . . . 72 RACADM Error Messages . . . . . . . . . . . . . 73 . . . . . . . . . Configuring CMC IPv4 Network Properties Viewing Current Network Settings 74 . . . . . . . 74 . . . . . . . . . 75 Configuring the Network LAN Settings . . . . . . . 76 . . . . . . . . . 80 . . . . . . . . . . . 80 . . . . . . . . . . . . . . . . . . 80 Configuring the Network Security Settings . . . . . . . . . . . . . . Using RACADM to Configure Users Before You Begin Adding a CMC User . . . . . . . . . . . . . . . . . Using RACADM to Configure Public Key Authentication over SSH . . . . . . . . . Before You Begin 74 . . . . . . . Setting Up Initial Access to the CMC . 81 . . . . . . . . 83 . . . . . . . . . . . . . . . . . . 83 Generating Public Keys for Windows . . . . . . . . 84 . . . . . . . . . 84 . . . . . . . . . . . . . . 85 . . . . . . . . . . . . . . . 85 Generating Public Keys for Linux . Viewing the Public Keys Adding the Public Keys Deleting the Public Keys Contents 71 . . . . . . . Using RACADM to Configure the CMC. 6 67 . . . . . . . . . . . . . . 85 Logging in Using Public Key Authentication . . . . . . . . . . . . . . . . . . . Enabling a CMC User With Permissions Disabling a CMC User . . . . . . 86 . . . . . . . . . . . . . . . 87 Configuring SNMP and E-mail Alerting . . . . . . . . . Configuring Multiple CMCs in Multiple Chassis 87 . . . . . . . . . 89 . . . . . . . . . . . . . . . . . . . 90 Modifying the CMC IP Address . . . . . . . . . . . Using RACADM to Configure Properties on iDRAC . . . . . . . . . . . . . . . . . Troubleshooting 5 92 . . . . . . . . 93 . . . . . . . . . . . . . . . . . . . . . 95 Using the CMC Web Interface . . . . . . . . . 97 . . . . . . . . . . . 97 . . . . . . . . . . . . . . . . . . . . . 98 Accessing the CMC Web Interface Logging In . 87 . . . . Creating a CMC Configuration File Parsing Rules . 86 Logging Out . . . . . . . . . . . . . . . . . . . . . Configuring Basic CMC Settings Setting the Chassis Name . . . . . . . . . . . . 99 . . . . . . . . . . . . . 99 . . . . . . 100 . . . . . . . . . . . . 100 . . . . . . . . . . . . . . 100 Setting the Date and Time on the CMC . Monitoring System Health Status Viewing Chassis and Component Summaries . 99 Viewing Chassis Graphics and Component Health Status . . . Viewing Power Budget Status . . . . . . . . . . 101 . . . . . . . . . . . 101 Viewing Server Model Name and Service Tag . . . . . . . . . . . . . . . . . . . . . Viewing the Health Status of All Servers . . . . . . Contents 102 102 7 Editing Slot Names . . . . . . . . . . . . . . . . Setting the First Boot Device for Servers . . . . . . . . . . . . . . . . . . . . . . 106 Viewing the Health Status of an Individual Server . . . . . . . . . . . . . . . . . 107 Viewing the Health Status of IOMs . . . . . . . . Viewing the iKVM Status . . . . . . 114 116 Viewing the Health Status of the PSUs . . . . . . . . . . . . . . . . . . . . . Viewing Status of the Temperature Sensors . . . . . . . . . . . . . . . 119 . . . . . . . . . . 121 . . . . . . . . . . . . . . . 121 WWN/MAC Addresses . . . . . . . . . . . . . . Configuring CMC Network Properties . . . . . . . . . Setting Up Initial Access to the CMC . . . . . . . 122 . . . . . . . 129 . . . . . . . . . . . . . . . . . . . 131 Adding and Configuring CMC Users . . . . . . . . . . 132 . . . . . . . . . . . . . . . . . . . . 132 Adding and Managing Users Contents 122 122 Configuring CMC Network Security Settings . . . . . . . . . . . . . . . User Types 121 . . . . . Configuring the Network LAN Settings . Configuring VLAN 117 . . . . . . . Viewing World Wide Name/Media Access Control (WWN/MAC) IDs . Fabric Configuration 113 . . . . . . . . . . . . . Viewing the Health Status of the Fans 8 104 . . . . . . . . . . . 138 Configuring and Managing Microsoft Active Directory Certificates . . . . . . . . . . . . . . . . . . 141 Configuring Active Directory (Standard Schema and Extended Schema) . . . . . . . . . . 142 Uploading an Active Directory Certificate Authority-Signed Certificate . . . . . . 146 Viewing an Active Directory Certificate Authority-Signed Certificate . . . . . . 146 . . . . . . . . . . . 147 . . . . . . . . . . . . 147 Securing CMC Communications Using SSL and Digital Certificates Secure Sockets Layer (SSL) Certificate Signing Request (CSR) . . . . . . . . . 148 . . . . . . . . . . 149 . . . . . . . . . . . 149 Accessing the SSL Main Menu Generating a New Certificate Signing Request . . . . . . . Uploading a Server Certificate . . . . . . . . . . . 152 . . . . . . . . . . . . 153 . . . . . . . . . . . . . . . . . . . 153 Viewing a Server Certificate Managing Sessions Configuring Services . . . . . . . . . . . . . . . . . . Configuring Power Budgeting . Managing Firmware Updates . . . . . . . . . . . . . 162 . . . . . . . . . . . . . . 163 . . . . . . 163 . . . . . . . . . . . . . . . . . 164 Viewing the Current Firmware Versions Updating Firmware Recovering iDRAC Firmware Using the CMC . . . . . . . . Managing iDRAC . 154 . . . . . . . . . . . 169 . . . . . . . . . . . . . . . . . . . . 170 iDRAC QuickDeploy . . . . . . . . . . . . . . . . . iDRAC Network Settings . . . . . . . . . . . . . . Launching iDRAC using Single Sign-On . . . . . . Contents 170 174 176 9 FlexAddress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 . . . . . . . . . . . . . 182 Viewing FlexAddress Status Configuring FlexAddress Chassis-Level Fabric and Slot FlexAddress Configuration . . . . . . . . . . . . 182 Server-Level Slot FlexAddress Configuration . . . . . . . . . . . . . . . . . . . 183 . . . . . . . . . . . . . . . . . . 184 Remote File Sharing Frequently Asked Questions . . . . . . . . . . . . . . 186 . . . . . . . . . . . . . . . 188 Using FlexAddress . . . . . . . . . . . . . . . . . 189 Activating FlexAddress . . . . . . . . . . . . . . . . 190 Troubleshooting the CMC 6 . . . . . . . . 191 . . . . . . . . . . . . . . . 193 Verifying FlexAddress Activation . Deactivating FlexAddress Deactivating FlexAddress. . . . . . . . . . . . . Configuring FlexAddress Using the CLI Additional FlexAddress Configuration for Linux . 194 . . . . . . . . . . . . . 195 . . . . . . 195 . . . . . . . 196 . . . . . . . . . . . 196 . . . . . . . . . . . . . 196 . . . . . . . . . . . . . . . . . 200 Configuring FlexAddress Using the GUI . Wake-On-LAN with FlexAddress Troubleshooting FlexAddress Command Messages . FlexAddress DELL SOFTWARE LICENSE AGREEMENT . . . . . Contents 193 . . . . . . . . Viewing FlexAddress Status Using the CLI 10 178 . . . . . . . . . . . . 202 7 Using the CMC With Microsoft Active Directory . . . . . . . . . . . Active Directory Schema Extensions . 207 . . . . . . . . . 207 . . . . . . . . . . . . . 207 . . . . . . . . . . . . . . 208 Extended Schema Versus Standard Schema. . . . . Extended Schema Overview. . . . . . . . Active Directory Schema Extensions . . . . . . . Active Directory Object Overview 209 . . . . . . . . . 209 Configuring Extended Schema Active Directory to Access Your CMC . . . . . . . . . . . Extending the Active Directory Schema . . . . . . Installing the Dell Extension to the Active Directory Users and Computers Snap-In . Adding CMC Users and Privileges to Active Directory . . . . . . . . 208 . . . . . Overview of the RAC Schema Extensions 213 213 . . . . . 219 . . . . . . . . . 220 Configuring the CMC With Extended Schema Active Directory and the Web Interface . . . . . . . . . . . . . . . . . . . 223 Configuring the CMC With Extended Schema Active Directory and RACADM . . . . . . 226 Standard Schema Active Directory Overview . . . . . 228 Configuring Standard Schema Active Directory to Access Your CMC . . . . . . . . . . . 230 Configuring the CMC With Standard Schema Active Directory and Web Interface . . . . . . . . . . . . . . . . . . . 230 Configuring the CMC With Standard Schema Active Directory and RACADM . . . . . . 233 . . . . . . . . . . . . . . 234 . . . . . . . . . . . . . . . 236 . . . . . . . . . . . . . . . . . . 237 Frequently Asked Questions . Configuring Single Sign-On System Requirements Contents 11 Configuring Settings . Prerequisites . . . . . . . . . . . . . . . . . 238 . . . . . . . . . . . . . . . . . . . 238 Configuring Active Directory Configuring the CMC . . . . . . . . . . . 238 . . . . . . . . . . . . . . . 239 . . . . . . . 239 . . . . . . . . . . . . . 240 Uploading the Kerberos Keytab File Enabling Single Sign-On Configuring the Browser For Single Sign-On Login . . . . . . . . . . . . . . . 240 Logging into the CMC Using Single Sign-On . . . . . . . . . . . . . . . . . . 241 Configuring Smart Card Two-Factor Authentication . . . . . . . . . . . . . . 242 System Requirements . . . . . . . . . . . . . . . 242 . . . . . . . . . . . . . . . 242 Configuring Settings Configuring Active Directory Configuring the CMC . . . . . . . . . . . 243 . . . . . . . . . . . . . . . 243 Uploading the Kerberos Keytab File . . . . . . . 243 Enabling Smart Card Authentication . . . . . . . 244 . . . . . . . . . . . 244 Configuring the Browser For Smart Card Login . . . . . . Logging into the CMC Using Smart Card Logging in Using Smart Card . . . . . 244 . . . . . . . . . . . 245 . . . . . . 245 . . . . . . . . . . . . . . . 247 . . . . . . . . . . . . . . . . . . . . . . . 247 Troubleshooting the Smart Card Login 8 Power Management . Overview . AC Redundancy Mode . . . . . . . . . . . . . . No Redundancy Mode 250 . . . . . . . . . . . . . . 251 Power Budgeting for Hardware Modules Server Slot Power Priority Settings. . . . . 252 . . . . . . . 255 Dynamic Power Supply Engagement . 12 Contents 247 . . . . . . . . Power Supply Redundancy Mode . . . . . . 256 Redundancy Policies . . . . . . . . . . . . . . . . . . 258 AC Redundancy . . . . . . . . . . . . . . . . . . . 258 Power Supply Redundancy . No Redundancy . . . . . . . . . . . . . 258 . . . . . . . . . . . . . . . . . . 259 Power Conservation and Power Budget Changes . Power Supply and Redundancy Policy Changes in System Event Log . . . . . . . . 262 . . . . . . . . . . 263 . . . . . . . . . . . 263 Redundancy Status and Overall Power Health . . . . . . . . . . Configuring and Managing Power . . . . . . 263 . . . . . . . 266 . . . . . . . . . . . 270 Viewing the Health Status of the PSUs . Viewing Power Consumption Status . Viewing Power Budget Status Configuring Power Budget and Redundancy . . . . . . . . . . . . . . . . . . 279 . . . . . . . . . . . . . 280 Server Power Reduction to Maintain Power Budget . . 282 . . . . . . . . . . . . Executing Power Control Operations on the Chassis . . . . . . . . . . . . . . . . . . . 282 Executing Power Control Operations on an IOM . . . . . . . . . . . . . . . . . . . . . . 284 Executing Power Control Operations on a Server . . . . . . . . . . . . . . . . . . . . . 284 . . . . . . . . . . . . . . . . . . 286 Troubleshooting . 9 275 . . . . . . . . . . Assigning Priority Levels to Servers Setting the Power Budget 259 . . . . . . . . . . . . . Using the iKVM Module . Overview . . . . . . . . . . . . . 287 . . . . . . . . . . . . . . . . . . . . . . . . 287 . . . . . . . . . . . . . . . . 287 Security . . . . . . . . . . . . . . . . . . . . . . . 287 Scanning . . . . . . . . . . . . . . . . . . . . . . 287 iKVM User Interface Contents 13 Server Identification Video . . . . . . . . . . . . . . . 288 . . . . . . . . . . . . . . . . . . . . . . . 288 Plug and Play . . . . . . . . . . . . . . . . . . . FLASH Upgradable . . . . . . . . . . . . . . . . Physical Connection Interfaces . . . . . . . . . . . . iKVM Connection Precedences . . . . . . . . . 289 . . . . . . . . . . . . . . . . . . . . . 290 Navigation Basics. . . . . . . . . . . . . . . . . 290 Configuring OSCAR . . . . . . . . . . . . . . . . 291 . . . . . . . . . . . . . . . . . 294 295 . . . . . . . . . . . . . 298 . . . . . . . . . . . . . . 302 Viewing and Selecting Servers . Setting Console Security Scanning Your System Broadcasting to Servers . . . . . . . . . . . . . Managing iKVM From the CMC . . . . . . . . . . . . Enabling the Dell CMC Console Through iKVM . . . . . . . . . . 304 305 . . . . . . 305 . . . . . . . . . 306 Enabling or Disabling the Front Panel Viewing the iKVM Status and Properties . . . . . 306 . . . . . . . . . . 308 . . . . . . . . . . . . . . . . . . . . 310 Updating the iKVM Firmware . Troubleshooting 294 . . . . . . . . . Peripherals Compatibility and Support . Contents 288 289 Managing Servers With iKVM . 14 288 . . . . . . . Tiering Through the ACI Connection Using OSCAR . 288 10 I/O Fabric Management . Fabric Management . . . . . . . . . . . . 316 . . . . . . . . . . . . . . . . . . . Invalid Configurations . 317 . . . . . . . . . . . Invalid IOM-Mezzanine Card (MC) Configuration . . . . . . . . . . . . . . . . . . . . 318 . . . . . . . . . . 318 . . . . . . . . . . . . . . . . 318 . . . . . . . . . . . . . . . . . 319 Invalid IOM-IOM Configuration . Fresh Power-up Scenario Monitoring IOM Health 317 . . . . . . . . . . . . . . . . . Invalid Mezzanine Card (MC) Configuration . . . . . . . . . Viewing the Health Status of an Individual IOM . . . . . . . 322 . . . . . . . . . . . Configuring Network Settings for an Individual IOM . . . . . . . . . 324 . . . . . . . . . Troubleshooting IOM Network Settings 11 Troubleshooting and Recovery Overview . 315 326 . . . . . . . . . . . . . 327 . . . . . . . . . . . . . . . . . . . . . . . . Chassis Monitoring Tools . . . . . . . . . . . . . . . . Configuring LEDs to Identify Components on the Chassis 327 327 . . . . . . . . . . . . 327 Configuring SNMP Alerts . . . . . . . . . . . . . . 328 Configuring E-mail Alerts . . . . . . . . . . . . . . 334 First Steps to Troubleshooting a Remote System . . . . . . . . . . . . . . . . . . . . . 337 Monitoring Power and Executing Power Control Commands on the Chassis Viewing Power Budget Status . . . . . . . 337 . . . . . . . . . . . 337 Executing a Power Control Operation . . . . . . . Contents 338 15 Power Supply Troubleshooting Viewing Chassis Summaries . . . . . . . . . . . . 338 . . . . . . . . . . . . . 341 Viewing Chassis and Component Health Status . . . . . . . . . . . Viewing the Event Logs . . . . . . . . . . . 345 . . . . . . . . . . . . . . . . 346 . . . . . . . . . . . . 347 . . . . . . . . . . . . . . 349 Viewing the Hardware Log Viewing the CMC Log . . . . . . . . . . . 350 . . . . . . . . . . . . 352 . . . . . . . . . . . . . . . . 353 Firmware Update Error Codes Using the Diagnostic Console . Resetting Components . Troubleshooting Network Time Protocol (NTP) Errors . . . . . Interpreting LED Colors and Blinking Patterns . . . . . . . . . . . . . . . . . . 357 . . . . . . . . . . . . . . 359 Troubleshooting a Non-responsive CMC . . . . . . . 361 Observing the LEDs to Isolate the Problem . . . . . . . . . . . . . . . . . . . . 362 Obtain Recovery Information From the DB-9 Serial Port . . . . . . . . . . . . . 362 Recovering the Firmware Image . . . . . . . . . 363 Troubleshooting Network Problems . . . . . . . . . . 364 . . . . . . . . . . . 364 . . . . . . . . . . . . . . . 366 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375 Disabling a Forgotten Password . Troubleshooting Alerting Glossary Index 16 Contents 1 Overview The Dell™ Chassis Management Controller (CMC) is a hot-pluggable systems management hardware and software solution designed to provide remote management capabilities and power control functions for Dell PowerEdge™ M1000e chassis systems. You can configure the CMC to send e-mail alerts or SNMP trap alerts for warnings or errors related to temperatures, hardware misconfigurations, power outages, and fan speeds. The CMC, which has its own microprocessor and memory, is powered by the modular chassis into which it is plugged. To get started with the CMC, see "Installing and Setting Up the CMC." What’s New For This Release This release of CMC supports the following features: • IPv6 — CMC now supports the IPv6 protocol. The IPv6 Ready Logo Committee's mission is to define the test specifications for IPv6 conformance and interoperability testing, to provide access to self-test tools, and to deliver the IPv6 Ready Logo. CMC and iDRAC are Phase-2 IPv6 Ready Logo certified, and the Logo ID is 02-C-000378 (Dell PowerEdge M1000e). For information on the IPv6 Ready Logo Program, see www.ipv6ready.org. • VLAN tagging — The CMC and the iDRACs now support the ability to assign their network traffic to a virtual LAN (VLAN). • Single sign-on for active directory accounts — Single sign-on allows users authenticated using Microsoft® Active Directory® on their local systems to automatically apply those credentials to the CMC Web user interface. Overview 17 • Two-Factor Authentication using Smart Card — Provides added security — a smart card plus a PIN to authenticate a user instead of just a password. • Public Key Authentication (PKA) over SSH — Improves SSH scripting automation by removing the need to embed or prompt for user ID/password. • Power management enhancements — Flexible power supply redundant modes: 1+1, 2+1, and 3+1. Additional fault-tolerant AC redundant modes: 1+1, 2+2, and 3+3. • Additional error reporting options — The iDRAC system events log is displayed on the Blade Status page eliminating the need to log into the iDRAC to view them. Also, CMC events are now also posted to a remote syslog server. • Remote Virtual Media File Share option — to map a file from a share drive on the network to one or more blades through the CMC, to deploy or update an operating system. • Ability to read and clear SEL entries for servers from the CMC. CMC Management Features The CMC provides the following management features: 18 • Redundant CMC Environment • Dynamic Domain Name System (DDNS) registration for IPv4 and IPv6 • Remote system management and monitoring using SNMP, a Web interface, iKVM, or Telnet or SSH connection • Support for Microsoft® Active Directory® authentication — Centralizes CMC user IDs and passwords in Active Directory using the Standard Schema or an Extended Schema • Monitoring — Provides access to system information and status of components • Access to system event logs — Provides access to the hardware log and CMC log Overview • Firmware updates for various components - CMC, servers, iKVM, and I/O module infrastructure devices • Dell OpenManage™ software integration — Enables you to launch the CMC Web interface from Dell OpenManage Server Administrator or IT Assistant • CMC alert — Alerts you to potential managed node issues through an e-mail message or SNMP trap • Remote power management — Provides remote power management functions, such as shutdown and reset on any chassis component, from a management console • Power usage reporting • Secure Sockets Layer (SSL) encryption — Provides secure remote system management through the Web interface • Password-level security management — Prevents unauthorized access to a remote system • Role-based authority — Provides assignable permissions for different systems management tasks • Launch point for the Integrated Dell Remote Access Controller (iDRAC) Web interface • Support for WS-Management • FlexAddress™ feature - Replaces the factory-assigned World Wide Name/Media Access Control (WWN/MAC) IDs with chassis-assigned WWN/MAC IDs for a particular slot; an optional upgrade (for more information, see "Using FlexAddress") • Graphical display of chassis component status and health • Support for single and multi-slot servers • Update multiple iDRAC management consoles firmware at once • LCD iDRAC configuration wizard supports iDRAC network configuration • iDRAC single sign-on Overview 19 • Network time protocol (NTP) support • Enhanced server summary, power reporting, and power control pages • Forced CMC failover, and virtual "reseat" of servers Security Features The CMC provides the following security features: • User authentication through Active Directory (optional), or hardware-stored user IDs and passwords • Role-based authority, which enables an administrator to configure specific privileges for each user • User ID and password configuration through the Web interface • Web interface supports 128-bit SSL 3.0 encryption and 40-bit SSL 3.0 encryption (for countries where 128-bit is not acceptable) NOTE: Telnet does not support SSL encryption. 20 • Configurable IP ports (where applicable) • Login failure limits per IP address, with login blocking from the IP address when the limit is exceeded • Configurable session auto time out, and number of simultaneous sessions • Limited IP address range for clients connecting to the CMC • Secure Shell (SSH), which uses an encrypted layer for higher security • Single Sign-on, Two-Factor Authentication, and Public Key Authentication Overview Chassis Overview Figure 1-1 shows the facing edge of a CMC (inset) and the locations of the CMC slots in the chassis. Figure 1-1. Dell M1000e Chassis and CMC Hardware Specifications TCP/IP Ports You must provide port information when opening firewalls for remote access to a CMC. Table 1-1 identifies the ports on which the CMC listens for server connections. Table 1-2 identifies the ports that the CMC uses as clients. Overview 21 Table 1-1. CMC Server Listening Ports Port Number Function 22* SSH 23* Telnet 80* HTTP 161 SNMP Agent 443* HTTPS * Configurable port Table 1-2. CMC Client Port Port Number 25 SMTP 53 DNS 68 DHCP-assigned IP address 69 TFTP 162 SNMP trap 514* Remote syslog 636 LDAPS 3269 LDAPS for global catalog (GC) * Configurable port 22 Function Overview Supported Remote Access Connections Table 1-3 lists the connection features. Table 1-3. Supported Remote Access Connections Connection Features CMC NIC • 10Mbps/100Mbps/1Gbps Ethernet via CMC GbE port • DHCP support • SNMP traps and e-mail event notification • Dedicated network interface for the CMC Web interface • Network interface for the iDRAC and I/O Modules (IOMs) • Support for Telnet/SSH command console and RACADM CLI commands including system boot, reset, power-on, and shutdown commands Serial port • Support for serial console and RACADM CLI commands including system boot, reset, power-on, and shutdown commands • Support for binary interchange for applications specifically designed to communicate with a binary protocol to a particular type of IOM • Serial port can be connected to the serial console of a server, or I/O module, using the connect (or racadm connect) command Other connections • Access to the Dell CMC Console through the Avocent® Integrated KVM Switch Module (iKVM) Supported Platforms The CMC supports modular systems designed for the M1000e platform. For information about compatibility with the CMC, see the documentation for your device. For the latest supported platforms, see the Dell PowerEdge Compatibility Guide located on the Dell Support website at support.dell.com. Overview 23 Supported Web Browsers For the latest information on supported Web browsers, see the Dell Systems Software Support Matrix located on the Dell Support website at support.dell.com/manuals. To view localized versions of the CMC Web interface: 1 Open the Windows Control Panel. 2 Double-click the Regional Options icon. 3 Select the required locale from the Your locale (location) drop-down menu. Supported Management Console Applications The CMC supports integration with Dell OpenManage IT Assistant. For more information, refer to the IT Assistant documentation set available on the Dell Support Web site at support.dell.com. WS-Management Support Web Services for Management (WS-MAN) is a Simple Object Access Protocol (SOAP)-based protocol used for systems management. WS-MAN provides a interoperable protocol for devices to share and exchange data across networks. CMC uses WS-MAN to convey Distributed Management Task Force (DMTF) Common Information Model (CIM)-based management information; the CIM information defines the semantics and information types that can be manipulated in a managed system. The Dell-embedded server platform management interfaces are organized into profiles, where each profile defines the specific interfaces for a particular management domain or area of functionality. Additionally, Dell has defined a number of model and profile extensions that provide interfaces for additional capabilities. Access to WS-Management requires logging in using local user privileges with basic authentication over Secured Socket Layer (SSL) protocol at port 443. For information on setting user accounts, see the cfgSessionManagement database property section in the Dell Chassis Management Controller Firmware Administrator Reference Guide. 24 Overview The data available through WS-Management is a subset of data provided by the CMC instrumentation interface mapped to the following DMTF profiles version 1.0.0: • Allocation Capabilities Profile • Base Metrics Profile • Base Server Profile • Computer System Profile • Modular System Profile • Physical Asset Profile • Dell Power Allocation Profile • Dell Power Supply Profile • Dell Power Topology Profile • Power State Management Profile • Profile Registration Profile • Record Log Profile • Resource Allocation Profile • Role Based Authorization Profile • Sensors Profile • Service Processor Profile • Simple Identity Management Profile • Dell Active Directory Client Profile • Boot Control Profile • Dell Simple NIC Profile The CMC WS-MAN implementation uses SSL on port 443 for transport security, and supports basic authentication. For information on setting user accounts, see the cfgSessionManagement database property section in the Dell Chassis Management Controller Firmware Administrator Reference Guide. Web services interfaces can be utilized by leveraging client infrastructure, such as Windows® WinRM and Powershell CLI, open source utilities like WSMANCLI, and application programming environments like Microsoft® .NET®. Overview 25 There are additional implementation guides, white papers, profile, and code samples available in the Dell Tech Center at www.delltechcenter.com. For more information, also see: • DTMF Web site: www.dmtf.org/standards/profiles/ • WS-MAN release notes or Read Me file. • www.wbemsolutions.com/ws_management.html • DMTF WS-Management Specifications: www.dmtf.org/standards/wbem/wsman Other Documents You May Need In addition to this User’s Guide, the following documents provide additional information about the setup and operation of the CMC. All of these documents may be accessed at support.dell.com: 26 • The CMC Online Help provides information about using the Web interface. • The Chassis Management Controller (CMC) Secure Digital (SD) Card Technical Specification provides minimum BIOS and firmware version, installation and usage information. • The Integrated Dell Remote Access Controller 6 (iDRAC6) Enterprise for Blade Servers User Guide provides information about installation, configuration and maintenance of the iDRAC on managed systems. • The Dell OpenManage™ IT Assistant User’s Guide provides information about IT Assistant. • Documentation specific to your third-party management console application. • The Dell OpenManage Server Administrator’s User’s Guide provides information about installing and using Server Administrator. • The Dell Update Packages User's Guide provides information about obtaining and using Dell Update Packages as part of your system update strategy. Overview The following system documents are also available to provide more information about the system in which your CMC is installed: • The safety instructions that came with your system provide important safety and regulatory information. For additional regulatory information, see the Regulatory Compliance home page at www.dell.com/regulatory_compliance. Warranty information may be included within this document or as a separate document. • The Rack Installation Guide and Rack Installation Instructions included with your rack solution describe how to install your system into a rack. • The Hardware Owner’s Manual provides information about system features and describes how to troubleshoot the system and install or replace system components. • Systems management software documentation describes the features, requirements, installation, and basic operation of the software. • Documentation for any components you purchased separately provides information to configure and install these options. • Updates are sometimes included with the system to describe changes to the system, software, and/or documentation. NOTE: Always read the updates first because they often supersede information in other documents. • Release notes or readme files may be included to provide last-minute updates to the system or documentation or advanced technical reference material intended for experienced users or technicians. • For more information on IOM network settings, refer to the Dell PowerConnect™ M6220 Switch Important Information document and the Dell PowerConnect 6220 Series Port Aggregator White Paper. Overview 27 28 Overview 2 Installing and Setting Up the CMC This section provides information about how to install your CMC hardware, establish access to the CMC, configure your management environment to use the CMC, and guides you through the next steps for configuring the CMC: • Set up initial access to the CMC • Access the CMC through a network • Add and configure CMC users • Update the CMC firmware Additionally, you can find information about installing and setting up redundant CMC environments at "Understanding the Redundant CMC Environment." Before You Begin Prior to setting up your CMC environment, download the latest version of the CMC firmware from the Dell Support website at support.dell.com. Also, ensure that you have the Dell Systems Management Tools and Documentation DVD that was included with your system. Installing the CMC Hardware Because the CMC is preinstalled on your chassis, no installation is required. To get started with the CMC that is installed on your system, see "Installing Remote Access Software on a Management Station." You can install a second CMC to run as a standby to the primary CMC. For more information about a standby CMC, see "Understanding the Redundant CMC Environment." Installing and Setting Up the CMC 29 Installing Remote Access Software on a Management Station You can access the CMC from a management station using remote access software, such as the Telnet, Secure Shell (SSH), or serial console utilities provided on your operating system or using the Web interface. If you want to use remote RACADM from your management station, you will need to install it using the Dell Systems Management Tools and Documentation DVD. Your system includes the Dell Systems Management Tools and Documentation DVD. This DVD includes the following Dell OpenManage components: • DVD root - Contains the Dell Systems Build and Update Utility • SYSMGMT - Contains the systems management software products including Dell OpenManage Server Administrator • docs - Contains documentation for systems, systems management software products, peripherals, and RAID controllers • SERVICE - Contains the tools you need to configure your system, and delivers the latest diagnostics and Dell-optimized drivers for your system For information about installing Dell OpenManage software components, see the Dell OpenManage Installation and Security User's Guide available on the DVD or at support.dell.com. Installing RACADM on a Linux Management Station 1 Log on as root to the system running a supported Red Hat® Enterprise Linux® or SUSE® Linux Enterprise Server operating system where you want to install the managed system components. 2 Insert the Dell Systems Management Tools and Documentation DVD into the DVD drive. 3 If necessary, mount the DVD to a location of your choice using the mount command or a similar command. NOTE: On the Red Hat Enterprise Linux 5 operating system, DVDs are auto-mounted with the -noexec mount option. This option does not allow you to run any executable from the DVD. You need to manually mount the DVD-ROM and then run the executables. 30 Installing and Setting Up the CMC 4 Navigate to the SYSMGMT/ManagementStation/linux/rac directory. To install the RAC software, enter the following command: rpm -ivh *.rpm 5 For help with the RACADM command, type racadm help after issuing the previous commands. For more information about RACADM, see "Using the RACADM Command Line Interface." NOTE: When using the RACADM remote capability, you must have write permission on the folders where you are using the RACADM subcommands involving file operations, for example: racadm getconfig -fUninstalling RACADM From a Linux Management Station 1 Log on as root to the system where you want to uninstall the management station features. 2 Use the rpm query command to determine which version of the DRAC Tools is installed. Use the rpm -qa | grep mgmtst-racadm command. 3 Verify the package version to be uninstalled and uninstall the feature by using the rpm -e `rpm -qa | grep mgmtst-racadm` command. Configuring a Web Browser You can configure and manage the CMC and the servers and modules installed in the chassis through a Web browser. See the Supported Browsers section in the Dell Systems Software Support Matrix on the Dell Support website at support.dell.com/manuals. Your CMC and the management station where you use your browser must be on the same network, which is called the management network. Depending on your security requirements, the management network can be an isolated, highly secure network. You must ensure that security measures on the management network, such as firewalls and proxy servers, do not prevent your Web browser from accessing the CMC. Installing and Setting Up the CMC 31 Also, be aware that some browser features can interfere with connectivity or performance, especially if the management network does not have a route to the Internet. If your management station is running a Windows operating system, there are Internet Explorer settings that can interfere with connectivity even when you are using a command line interface to access the management network. Proxy Server If you have a proxy server for browsing and it does not have access to the management network, you can add the management network addresses to the browser’s exception list. This instructs the browser to bypass the proxy server when accessing the management network. Internet Explorer Follow these steps to edit the exception list in Internet Explorer: 1 Start Internet Explorer. 2 Click Tools→Internet Options, then click Connections. 3 In the Local Area Network (LAN) settings section, click LAN Settings. 4 In the Proxy server section, click Advanced. 5 In the Exceptions section, add the addresses for CMCs and iDRACs on the management network to the semicolon-separated list. You can use DNS names and wildcards in your entries. Mozilla FireFox To edit the exception list in Mozilla Firefox version 3.0: 1 Start Firefox. 2 Click Tools→Options (for Windows) or click Edit→Preferences (for Linux). 3 Click Advanced and then click the Network tab. 4 Click Settings. 5 Select the Manual Proxy Configuration and then in the No Proxy for field, add the addresses for CMCs and iDRACs on the management network to the comma-separated list. You can use DNS names and wildcards in your entries. 32 Installing and Setting Up the CMC Microsoft® Phishing Filter If the Microsoft Phishing Filter is enabled in Internet Explorer 7 on your management system and your CMC does not have Internet access, you may experience delays of several seconds when accessing the CMC, whether you are using the browser or another interface such as remote RACADM. Follow these steps to disable the phishing filter: 1 Start Internet Explorer. 2 Click Tools→Phishing Filter, and then click Phishing Filter Settings. 3 Check the Disable Phishing Filter check box. 4 Click OK. Certificate Revocation List (CRL) Fetching If your CMC has no route to the Internet, disable the certificate revocation list (CRL) fetching feature in Internet Explorer. This feature tests whether a server such as the CMC Web server is using a certificate that is on a list of revoked certificates retrieved from the Internet. If the Internet is inaccessible, this feature can cause delays of several seconds when you access the CMC using the browser or with a command line interface such as remote RACADM. Follow these steps to disable CRL fetching: 1 Start Internet Explorer. 2 Click Tools→Internet Options, then click Advanced. 3 Scroll to the Security section and uncheck Check for publisher’s certificate revocation. 4 Click OK. Downloading Files From CMC With Internet Explorer When you use Internet Explorer to download files from the CMC you may experience problems when the Do not save encrypted pages to disk option is not enabled. Follow these steps to enable the Do not save encrypted pages to disk option: 1 Start Internet Explorer. 2 Click Tools→Internet Options, then click Advanced. 3 Scroll to the Security section and check Do not save encrypted pages to disk. Installing and Setting Up the CMC 33 Allow Animations in Internet Explorer When transferring files to and from the Web interface, a file transfer icon spins to show transfer activity. For Internet Explorer, this requires that the browser be configured to play animations, which is the default setting. Follow these steps to configure Internet Explorer to play animations: 1 Start Internet Explorer. 2 Click Tools→Internet Options, then click Advanced. 3 Scroll to the Multimedia section and check Play animations in web pages. Setting Up Initial Access to the CMC To manage the CMC remotely, connect the CMC to your management network and then configure the CMC network settings. For information on how to configure the CMC network settings, see "Configuring the CMC Network." This initial configuration assigns the TCP/IP networking parameters that enable access to the CMC. Once the CMC is connected to the management network, all external access to the CMC and iDRACs is accomplished through the CMC. Access to the managed servers, conversely, is accomplished through network connections to I/O modules (IOMs). This allows the application network to be isolated from the management network. NOTE: Dell strongly recommends the best practice of isolating/separating the management network in the chassis, used by iDRAC and CMC, from your production network(s). Mixing management and production/application traffic on this management network could cause congestion/saturation, which will result in CMC and iDRAC communication delays. The delays may cause unpredictable chassis behavior, such as CMC displaying iDRAC as offline even when it is up and running, which in turn causes other unwanted behavior. If physically isolating the management network is impractical, the other option is to separate CMC and iDRAC traffic to a separate VLAN. The CMC and individual iDRAC network interfaces can be configured to use a VLAN with the racadm setniccfg command. For more information, see the Dell Chassis Management Controller Administrator Reference Guide. If you have one chassis, connect the CMC, and the standby CMC if present, to the management network. If you have more than one chassis, you can choose between the basic connection, where each CMC is connected to the management network, or a daisy-chained chassis connection, where the chassis are connected in series and only one is connected to the management 34 Installing and Setting Up the CMC network. The basic connection type uses more ports on the management network and provides greater redundancy. The daisy-chain connection type uses fewer ports on the management network but introduces dependencies between CMCs, reducing the redundancy of the system. Basic CMC Network Connection For the highest degree of redundancy, connect each CMC to your management network. If a chassis has just one CMC, make one connection on the management network. If the chassis has a redundant CMC in the secondary CMC slot, make two connections to the management network. Each CMC has two RJ-45 Ethernet ports, labeled GB1 (the uplink port) and STK (the stacking port). With basic cabling, you connect the GB1 port to the management network and leave the STK port unused. CAUTION: Connecting the STK port to the management network can have unpredictable results. Daisy-chain CMC Network Connection If you have multiple chassis in a rack, you can reduce the number of connections to the management network by daisy-chaining up to four chassis together. If each of four chassis contains a redundant CMC, by daisy-chaining you reduce the number of management network connections required from eight to two. If each chassis has only one CMC, you reduce the connections required from four to one. When daisy-chaining chassis together, GB1 is the uplink port and STK is the stacking port. A GB1 port must connect to the management network or to the STK port of the CMC in a chassis that is closer to network. The STK port must only receive a connection from a GB1 port further from the chain or network. Create separate chains for the CMCs in the primary CMC slot and the second CMC slot. Figure 2-1 illustrates the arrangement of cables for four daisy-chained chassis, each with CMCs in the primary and secondary slots. Installing and Setting Up the CMC 35 Figure 2-1. Daisy-chained CMC Network Connection 1 2 3 36 1 management network 3 primary CMC Installing and Setting Up the CMC 2 secondary CMC Follow these steps to daisy-chain up to four chassis: 1 Connect the GB1 port of the primary CMC in the first chassis to the management network. 2 Connect the GB1 port of the primary CMC in the second chassis to the STK port of the primary CMC in the first chassis. 3 If you have a third chassis, connect the GB1 port of its primary CMC to the STK port of the primary CMC in the second chassis. 4 If you have a fourth chassis, connect the GB1 port of its primary CMC to the STK port of the third chassis. 5 If you have redundant CMCs in the chassis, connect them using the same pattern. CAUTION: The STK port on any CMC must never be connected to the management network. It can only be connected to the GB1 port on another chassis. Connecting a STK port to the management network can disrupt the network and cause a loss of data. NOTE: Never connect a primary CMC to a secondary CMC. NOTE: Resetting a CMC whose STK port is chained to another CMC can disrupt the network for CMCs later in the chain. The child CMCs may log messages indicating that the network link has been lost and they may fail over to their redundant CMCs. Configuring the CMC Network NOTE: Changing your CMC Network settings may disconnect your current network connection. You can perform the initial network configuration of the CMC before or after the CMC has an IP address. If you configure the CMC’s initial network settings before you have an IP address, you can use either of the following interfaces: • The LCD panel on the front of the chassis • Dell CMC serial console If you configure initial network settings after the CMC has an IP address, you can use any of the following interfaces: • Command line interfaces (CLIs) such as a serial console, Telnet, SSH, or the Dell CMC Console via iKVM • Remote RACADM • The CMC Web interface Installing and Setting Up the CMC 37 Configuring Networking Using the LCD Configuration Wizard NOTE: The option to configure the CMC using the LCD Configuration Wizard is available only until the CMC is deployed or the default password is changed. If the password is not changed, the LCD can continue to be used to reconfigure the CMC causing a possible security risk. The LCD is located on the bottom left corner on the front of the chassis. Figure 2-2 illustrates the LCD panel. Figure 2-2. LCD Display 1 2 3 4 38 1 LCD screen 2 selection ("check") button 3 scroll buttons (4) 4 status indicator LED Installing and Setting Up the CMC The LCD screen displays menus, icons, pictures, and messages. A status indicator LED on the LCD panel provides an indication of the overall health of the chassis and its components. • Solid blue indicates good health. • Blinking amber indicates that at least one component has a fault condition. • Blinking blue is an ID signal, used to identify one chassis in a group of chassis. Navigating in the LCD Screen The right side of the LCD panel contains five buttons: four arrow buttons (up, down, left, and right) and a center button. • To move between screens, use the right (next) and left (previous) arrow buttons. At any time while using the Configuration Wizard, you can return to a previous screen. • To scroll through options on a screen, use the down and up arrow buttons. • To select and save an item on a screen and move to the next screen, use the center button. For more information about using the LCD panel, see the LCD panel section in the Dell Chassis Management Controller Administrator Reference Guide. Using the LCD Configuration Wizard 1 If you have not already done so, press the chassis power button to turn it on. The LCD screen displays a series of initialization screens as it powers up. When it is ready, the Language Setup screen displays. 2 Select your language using the arrow buttons, and then press the center button to select the Accept/Yes and press the center button again. 3 The Enclosure screen displays with the following question: Configure Enclosure? a Press the center button to continue to the CMC Network Settings screen. See step 4. b To exit the Configure Enclosure menu, select the NO icon and press the center button. See step 9. Installing and Setting Up the CMC 39 4 Press the center button to continue to the CMC Network Settings screen. 5 Select your network speed (10Mbps, 100Mbps, Auto (1 Gbps)) using the down arrow button. NOTE: The Network Speed setting must match your network configuration for effective network throughput. Setting the Network Speed lower than the speed of your network configuration increases bandwidth consumption and slows network communication. Determine whether your network supports the above network speeds and set it accordingly. If your network configuration does not match any of these values, Dell recommends that you use Auto Negotiation (the Auto option) or refer to your network equipment manufacturer. Press the center button to continue to the next CMC Network Settings screen. 6 Select the duplex mode (half or full) that matches your network environment. NOTE: The network speed and duplex mode settings are not available if Auto Negotiation is set to On or 1000MB (1Gbps) is selected. NOTE: If auto negotiation is turned on for one device but not the other, then the device using auto negotiation can determine the network speed of the other device, but not the duplex mode; in this case, duplex mode defaults to the half duplex setting during auto negotiation. Such a duplex mismatch will result in a slow network connection. Press the center button to continue to the next CMC Network Settings screen. 7 Select the Internet Protocol (IPv4, IPv6, or both) that you want to use for the CMC. Press the center button to continue to the next CMC Network Settings screen. 40 Installing and Setting Up the CMC 8 Select the mode in which you want the CMC to obtain the NIC IP addresses: Dynamic Host Configuration Protocol (DHCP) The CMC retrieves IP configuration (IP address, mask, and gateway) automatically from a DHCP server on your network. The CMC will be assigned a unique IP address allotted over your network. If you have selected the DHCP option, press the center button. The Configure iDRAC? screen appears; go to step 10. Static You manually enter the IP address, gateway, and subnet mask in the screens immediately following. If you have selected the Static option, press the center button to continue to the next CMC Network Settings screen, then: a Set the Static IP Address by using the right or left arrow keys to move between positions, and the up and down arrow keys to select a number for each position. When you have finished setting the Static IP Address, press the center button to continue. b Set the subnet mask, and then press the center button. c Set the gateway, and then press the center button. The Network Summary screen displays. The Network Summary screen lists the Static IP Address, Subnet Mask, and Gateway settings you entered. Review the settings for accuracy. To correct a setting, navigate to the left arrow button then press the center key to return to the screen for that setting. After making a correction, press the center button. d When you have confirmed the accuracy of the settings you entered, press the center button. The Register DNS? screen appears. NOTE: If the Dynamic Host Configuration Protocol (DHCP) mode is selected for CMC IP configuration, then DNS registration is also enabled by default. 9 If you selected DHCP in the previous step, go to step 10. To register your DNS server’s IP address, press the center button to proceed. If you have no DNS, press the right arrow key. The Register DNS? screen appears; go to step 10. Installing and Setting Up the CMC 41 Set the DNS IP Address using the right or left arrow keys to move between positions, and the up and down arrow keys to select a number for each position. When you have finished setting the DNS IP address, press the center button to continue. 10 Indicate whether you want to configure iDRAC: – No: Skip to step 13. – Yes: Press the center button to proceed. 11 Select the Internet Protocol (IPv4, IPv6, or both) that you want to use for the blades. Dynamic Host Configuration Protocol (DHCP) iDRAC retrieves IP configuration (IP address, mask, and gateway) automatically from a DHCP server on your network. The iDRAC will be assigned a unique IP address allotted over your network.Press the center button. Static You manually enter the IP address, gateway, and subnet mask in the screens immediately following. If you have selected the Static option, press the center button to continue to the next iDRAC Network Settings screen, then: a Set the Static IP Address by using the right or left arrow keys to move between positions, and the up and down arrow keys to select a number for each position. This address is the static IP of the iDRAC located in the first slot. The static IP address of each subsequent iDRAC will be calculated as a slot number increment of this IP address. When you have finished setting the Static IP Address, press the center button to continue. b Set the subnet mask, and then press the center button. c Set the gateway, and then press the center button. 42 a Select whether to Enable or Disable the IPMI LAN channel. Press the center button to continue. b On the iDRAC Configuration screen, to apply all iDRAC network settings to the installed servers, highlight the Accept/Yes icon and press the center button. To not apply the iDRAC network settings to Installing and Setting Up the CMC the installed servers, highlight the No icon and press the center button and continue to step c. c On the next iDRAC Configuration screen, to apply all iDRAC network settings to newly installed servers, highlight the Accept/Yes icon and press the center button; when a new server is inserted into the chassis, the LCD will prompt the user on whether to automatically deploy the server using the previously configured network settings/policies. To not apply the iDRAC network settings to newly installed servers, highlight the No icon and press the center button; when a new server is inserted into the chassis, the iDRAC network settings will not be configured. 12 On the Enclosure screen, to apply all enclosure settings highlight the Accept/Yes icon and press the center button. To not apply the enclosure settings, highlight the No icon and press the center button. 13 On the IP Summary screen, review the IP addresses you provided to make sure the addresses are accurate. To correct a setting, navigate to the left arrow button and then press the center key to return to the screen for that setting. After making a correction, press the center button. If necessary, navigate to the right arrow button and then press the center key to return to the IP Summary screen. When you have confirmed that the settings you entered are accurate, press the center button. The Configuration Wizard closes and returns you to the Main Menu screen. NOTE: If you selected Yes/Accept, a Wait screen is displayed before the IP Summary screen is displayed. The CMC and iDRACs are now available on the network. You can access the CMC on the assigned IP address using the Web interface or CLIs such as a serial console, Telnet, and SSH. NOTE: After you have completed network setup through the LCD Configuration Wizard, the Wizard is no longer available. Installing and Setting Up the CMC 43 Accessing the CMC Through a Network After you have configured the CMC network settings, you can remotely access the CMC using any of the following interfaces: • Web interface • Telnet console • SSH • Remote RACADM Telnet is enabled via one of the other interfaces; telnet is not as secure as the other interfaces so it is disabled by default. Table 2-1 describes each CMC network interface. Table 2-1. CMC Interfaces Interface Description Web interface Provides remote access to the CMC using a graphical user interface. The Web interface is built into the CMC firmware and is accessed through the NIC interface from a supported Web browser on the management station. For a list of supported Web browsers, see the Supported Browsers section in the Dell System Software Support Matrix on the Dell Support website at support.dell.com/manuals. Remote RACADM Provides remote access to the CMC from a management station command line using a command line interface (CLI). Remote RACADM uses interface the racadm -r option with the CMC’s IP address to execute commands on the CMC. Telnet Provides command line access to the CMC through the network. The RACADM command line interface and the connect command, which is used to connect to the serial console of a server or IO module, are available from the CMC command line. NOTE: Telnet is an unsecure protocol that transmits all data— including passwords—in plain text. When transmitting sensitive information, use the SSH interface. SSH Provides the same capabilities as Telnet using an encrypted transport layer for greater security. NOTE: The CMC default user name is root and the default password is calvin. 44 Installing and Setting Up the CMC You can access the CMC and iDRAC Web interfaces through the CMC NIC using a supported Web browser; you can also launch them from the Dell Server Administrator or Dell OpenManage IT Assistant. For a list of supported Web browsers, see the Supported Browsers section in the Dell Systems Software Support Matrix on the Dell Support website at support.dell.com/manuals. To access the CMC using a supported Web browser, see "Accessing the CMC Web Interface." For information on Dell OpenManage IT Assistant, see "Installing Remote Access Software on a Management Station." To access the CMC interface using Dell Server Administrator, launch Server Administrator on your management station. From the system tree on the left pane of the Server Administrator home page, click System→Main System Chassis→Remote Access Controller. For more information, see your Dell Server Administrator User’s Guide. To access the CMC command line using Telnet or SSH, see "Configuring CMC to Use Command Line Consoles." For information about using RACADM, see "Using the RACADM Command Line Interface." For information about using the connect, or racadm connect, command to connect to servers and IO modules, see "Connecting to Servers or I/O Modules With the Connect Command." Installing or Updating the CMC Firmware Downloading the CMC Firmware Before beginning the firmware update, download the latest firmware version from the Dell Support website at support.dell.com, and save it to your local system. The following software components are included with your CMC firmware package: • Compiled CMC firmware code and data • Web interface, JPEG, and other user interface data files • Default configuration files Installing and Setting Up the CMC 45 NOTE: During updates of CMC firmware, some or all of the fan units in the chassis will spin at 100%. This is normal. NOTE: The firmware update, by default, retains the current CMC settings. During the update process, you have the option to reset the CMC configuration settings back to the factory default settings. NOTE: If you have redundant CMCs installed in the chassis, it is important to update both to the same firmware version. If the CMCs have different firmware and a failover occurs, unexpected results may occur. You can use the RACADM getsysinfo command (see the getsysinfo command section in the Dell Chassis Management Controller Administrator Reference Guide) or the Chassis Summary page (see "Viewing the Current Firmware Versions") to view the current firmware versions for the CMCs installed in your chassis. If you have a standby CMC, it is recommended that you update both CMCs at the same time with a single operation. When the standby CMC has been updated, swap the CMCs’ roles so that the newly updated CMC becomes the primary CMC and the CMC with the older firmware becomes the standby. (See the cmcchangeover command section in the Dell Chassis Management Controller Firmware Administrator Reference Guide for help swapping roles.) This allows you to verify that the update succeeded and that the new firmware is working properly before you update the firmware in the second CMC. When both CMCs are updated, you can use the cmcchangeover command to restore the CMCs to their previous roles. Updating CMC Firmware Using the Web Interface For instructions on using the Web interface to update CMC firmware, see "Updating the CMC Firmware." Updating the CMC Firmware Using RACADM For instructions on using the RACADM fwupdate subcommand to update CMC firmware, see the fwupdate command section in the Dell Chassis Management Controller Administrator Reference Guide. 46 Installing and Setting Up the CMC Configuring CMC Properties You can configure CMC properties such as power budgeting, network settings, users, and SNMP and e-mail alerts using the Web interface or RACADM. For more information about using the Web interface, see "Accessing the CMC Web Interface." For more information about using RACADM, see "Using the RACADM Command Line Interface." CAUTION: Using more than one CMC configuration tool at the same time may generate unexpected results. Configuring Power Budgeting The CMC offers a power budgeting service that allows you to configure power budget, redundancy, and dynamic power for the chassis. The power management service enables optimization of power consumption and re-allocation of power to different modules based on demand. For more information about CMC power management, see "Power Management." For instructions on configuring power budgeting and other power settings using the Web interface, see "Configuring Power Budgeting." Configuring CMC Network Settings NOTE: Changing your CMC network settings may disconnect your current network connection. You can configure the CMC network settings using one of the following tools: • RACADM — see "Configuring Multiple CMCs in Multiple Chassis" NOTE: If you are deploying the CMC in a Linux environment, see "Installing RACADM on a Linux Management Station." • Web interface — see "Configuring CMC Network Properties" Adding and Configuring Users You can add and configure CMC users using either RACADM or the CMC Web interface. You can also utilize Microsoft® Active Directory® to manage users. Installing and Setting Up the CMC 47 For instructions on adding and configuring public key users for the CMC using RACADM, see "Using RACADM to Configure Public Key Authentication over SSH." For instructions on adding and configuring users using the Web interface, see "Adding and Configuring CMC Users." For instructions on using Active Directory with your CMC, see "Using the CMC With Microsoft Active Directory." Adding SNMP and E-mail Alerts You can configure the CMC to generate SNMP and/or e-mail alerts when certain chassis events occur. For more information, see "Configuring SNMP Alerts" and "Configuring E-mail Alerts." Configuring Remote Syslog The remote syslog feature is activated/configured through either the CMC GUI or through the racadm command. Configuration options include the syslog server name (or IP address) and the UDP port that CMC uses when forwarding the log entries. You can specify up to 3 distinct syslog server destinations in the configuration. Remote syslog is an additional log target for the CMC. After you configure the remote syslog, each new log entry generated by CMC is forwarded to the destination(s). NOTE: Since the network transport for the forwarded log entries is UDP, there is no guaranteed delivery of log entries, nor is there any feedback to the CMC on whether the log entries were received successfully. To configure CMC services: 1 Log in to the CMC Web interface. 2 Click the Network/Security tab. 3 Click the Services sub-tab. The Services page appears. For more information on configuring the remote syslog, see Table 5-27. 48 Installing and Setting Up the CMC Understanding the Redundant CMC Environment You can install a standby CMC that takes over if your primary CMC fails. Failovers can occur when you: • Run the RACADM cmcchangeover command. (See the cmcchangeover command section in the Dell Chassis Management Controller Administrator Reference Guide.) • Run the RACADM racreset command on the active CMC. (See the racreset command section in the Dell Chassis Management Controller Administrator Reference Guide.) • Reset the active CMC from Web interface. (See the Reset CMC option for Power Control Operations that is described in "Executing Power Control Operations on the Chassis.") • Remove the network cable from the active CMC • Remove the active CMC from the chassis • Initiate a CMC firmware flash on the active CMC • Primary CMC is no longer functional NOTE: In the event of a CMC failover, all iDRAC connections and all active CMC sessions will be lost. Users with lost sessions must reconnect to the new primary CMC. About the Standby CMC The standby CMC is identical to and is maintained as a mirror of the active CMC. The active and standby CMCs must both be installed with the same firmware revision. If the firmware revisions differ, the system will report as redundancy degraded. The standby CMC assumes the same settings and properties of the primary CMC. You must maintain the same firmware version on both CMCs, but you do not need to duplicate configuration settings on the standby CMC. NOTE: For information about installing a standby CMC, see the Hardware Owner’s Manual. For instructions on installing the CMC firmware on your standby CMC, follow the instructions in "Installing or Updating the CMC Firmware." Installing and Setting Up the CMC 49 Primary CMC Election Process There is no difference between the two CMC slots; that is, slot does not dictate precedence. Instead, the CMC that is installed or booted first assumes the role of the active CMC. If AC power is applied with two CMCs installed, the CMC installed in CMC chassis slot 1 (the left) normally assumes the active role. The active CMC is indicated by the blue LED. If two CMCs are inserted into a chassis that is already powered on, automatic active/standby negotiation can take up to two minutes. Normal chassis operation resumes when the negotiation is complete. Obtaining Health Status of Redundant CMC You can view the health status of the standby CMC in the Web interface. For more information about accessing CMC health status in the Web interface, see "Viewing Chassis Graphics and Component Health Status." 50 Installing and Setting Up the CMC 3 Configuring CMC to Use Command Line Consoles This section provides information about the CMC command line console (or serial/Telnet/Secure Shell console) features, and explains how to set up your system so you can perform systems management actions through the console. For information on using the RACADM commands in CMC through the command line console, see "Using the RACADM Command Line Interface." Command Line Console Features on the CMC The CMC supports the following serial, Telnet and SSH console features: • One serial client connection and up to four simultaneous Telnet client connections • Up to four simultaneous Secure Shell (SSH) client connections • RACADM command support • Built-in connect command connecting to the serial console of servers and I/O modules; also available as racadm connect • Command Line editing and history • Session timeout control on all console interfaces Configuring CMC to Use Command Line Consoles 51 Using a Serial, Telnet, or SSH Console When you connect to the CMC command line, you can enter these commands: Table 3-1. CMC Command Line Commands Command Description racadm RACADM commands begin with the keyword racadm and are followed by a subcommand, such as getconfig, serveraction, or getsensorinfo. See "Using the RACADM Command Line Interface" for details on using RACADM. connect Connects to the serial console of a server or I/O module. See "Connecting to Servers or I/O Modules With the Connect Command" for help using the connect command. NOTE: The racadm connect command can also be used. exit, logout, and quit These commands all perform the same action: they end the current session and return to a login prompt. Using a Telnet Console With the CMC Up to four Telnet client systems and four SSH clients may connect at any given time. If your management station is running Windows XP or Windows 2003, you may experience an issue with the characters in a CMC Telnet session. This issue may occur as a frozen login where the return key does not respond and the password prompt does not appear. To fix this issue, download hotfix 824810 from the Microsoft Support website at support.microsoft.com. See Microsoft Knowledge Base article 824810 for more information. Using SSH With the CMC SSH is a command line session that includes the same capabilities as a Telnet session, but with session negotiation and encryption to improve security. The CMC supports SSH version 2 with password authentication. SSH is enabled on the CMC by default. NOTE: The CMC does not support SSH version 1. 52 Configuring CMC to Use Command Line Consoles When an error occurs during the login procedure, the SSH client issues an error message. The message text is dependent on the client and is not controlled by the CMC. Review the RACLog messages to determine the cause of the failure. NOTE: OpenSSH should be run from a VT100 or ANSI terminal emulator on Windows. Running OpenSSH at the Windows command prompt does not provide full functionality (that is, some keys do not respond and no graphics are displayed). For Linux, run SSH Client Services to connect to CMC with any shell. Four simultaneous SSH sessions are supported at any given time. The session timeout is controlled by the cfgSsnMgtSshIdleTimeout property (see the database property chapter of the Dell Chassis Management Controller Administrator Reference Guide) or from the Services Management page in the Web interface (see "Configuring Services.") CMC also supports the Public Key Authentication (PKA) over SSH. This authentication method improves SSH scripting automation by removing the need to embed or prompt for user ID/password. For more information, see "Using RACADM to Configure Public Key Authentication over SSH." Enabling SSH on the CMC SSH is enabled by default. If SSH is disabled, then you can enable it using any other supported interface. For instructions on enabling SSH connections on the CMC using RACADM, see the config command section and the cfgSerial database property section in the Dell Chassis Management Controller Administrator Reference Guide. For instructions on enabling SSH connections on the CMC using the Web interface, see "Configuring Services." Changing the SSH Port To change the SSH port, use the following command: racadm config -g cfgRacTuning -o cfgRacTuneSshPort For more information about cfgSerialSshEnable and cfgRacTuneSshPort properties, see the database property chapter of the Dell Chassis Management Controller Administrator Reference Guide. Configuring CMC to Use Command Line Consoles 53 The CMC SSH implementation supports multiple cryptography schemes, as shown in Table 3-2. Table 3-2. Cryptography Schemes Scheme Type Scheme Asymmetric Cryptography Diffie-Hellman DSA/DSS 512–1024 (random) bits per NIST specification Symmetric Cryptography • AES256-CBC • RIJNDAEL256-CBC • AES192-CBC • RIJNDAEL192-CBC • AES128-CBC • RIJNDAEL128-CBC • BLOWFISH-128-CBC • 3DES-192-CBC • ARCFOUR-128 Message Integrity • HMAC-SHA1-160 • HMAC-SHA1-96 • HMAC-MD5-128 • HMAC-MD5-96 Authentication Password Enabling the Front Panel to iKVM Connection For information and instructions on using the iKVM front panel ports, see "Enabling or Disabling the Front Panel." Configuring Terminal Emulation Software Your CMC supports a serial text console from a management station running one of the following types of terminal emulation software: • Linux Minicom • Hilgraeve’s HyperTerminal Private Edition (version 6.3) Perform the steps in the following subsections to configure your type of terminal software. 54 Configuring CMC to Use Command Line Consoles Configuring Linux Minicom Minicom is a serial port access utility for Linux. The following steps are valid for configuring Minicom version 2.0. Other Minicom versions may differ slightly but require the same basic settings. Use the information in "Required Minicom Settings" to configure other versions of Minicom. Configuring Minicom Version 2.0 NOTE: For best results, set the cfgSerialConsoleColumns property to match the number of columns. Be aware that the prompt consumes two characters. For example, for an 80-column terminal window, type: racadm config –g cfgSerial –o cfgSerialConsoleColumns 80. 1 If you do not have a Minicom configuration file, go to the next step. If you have a Minicom configuration file, type minicom and skip to step 14. 2 At the Linux command prompt, type minicom -s. 3 Select Serial Port Setup and press . 4 Press , and then select the appropriate serial device (for example, /dev/ttyS0). 5 Press , and then set the Bps/Par/Bits option to 115200 8N1. 6 Press , and then set Hardware Flow Control to Yes and set Software Flow Control to No. To exit the Serial Port Setup menu, press . 7 Select Modem and Dialing and press . 8 In the Modem Dialing and Parameter Setup menu, press to clear the init, reset, connect, and hangup settings so that they are blank. 9 Press to save each blank value. 10 When all specified fields are clear, press to exit the Modem Dialing and Parameter Setup menu. Configuring CMC to Use Command Line Consoles 55 11 Select Save setup as config_name and press . 12 Select Exit From Minicom and press . 13 At the command shell prompt, type minicom . 14 Press , , to exit Minicom. Ensure that the Minicom window displays a login prompt. When the login prompt appears, your connection is successful. You are now ready to login and access the CMC command line interface. Required Minicom Settings Use Table 3-3 to configure any version of Minicom. Table 3-3. Minicom Settings Setting Description Required Setting Bps/Par/Bits 115200 8N1 Hardware flow control Yes Software flow control No Terminal emulation ANSI Modem dialing and parameter settings Clear the init, reset, connect, and hangup settings so that they are blank Connecting to Servers or I/O Modules With the Connect Command The CMC can establish a connection to redirect the serial console of server or I/O modules. For servers, serial console redirection can be accomplished in several ways: 56 • using the CMC command line and the connect, or racadm connect command. For more information about connect, see the racadm connect command in the Dell Chassis Management Controller Administrator Reference Guide. • using the iDRAC Web interface serial console redirection feature. • using the iDRAC Serial Over LAN (SOL) functionality. Configuring CMC to Use Command Line Consoles While in a serial/Telnet/SSH console, the CMC supports the connect command to establish a serial connection to server or IOM modules. The server serial console contains both the BIOS boot and setup screens, as well as the operating system serial console. For I/O modules, the switch serial console is available. CAUTION: When executed from the CMC serial console, the connect -b option stays connected until the CMC resets. This connection is a potential security risk. NOTE: The connect command provides the –b (binary) option. The –b option passes raw binary data, and cfgSerialConsoleQuitKey is not used. Additionally, when connecting to a server using the CMC serial console, transitions in the DTR signal (for example, if the serial cable is removed to connect a debugger) do not cause a logout. NOTE: If an IOM does not support console redirection, the connect command will display an empty console. In that case, to return to the CMC console, type the Escape sequence. The default console escape sequence is \. There are up to six IOMs on the managed system. To connect to an IOM, type: connect switch-n where n is an IOM label a1, a2, b1, b2, c1, and c2. IOMs are labeled A1, A2, B1, B2, C1, and C2. (See Figure 10-1 for an illustration of the placement of IOMs in the chassis.) When you reference the IOMs in the connect command, the IOMs are mapped to switches as shown in Table 3-4. Table 3-4. Mapping I/O Modules to Switches I/O Module Label Switch A1 switch-a1 A2 switch-a2 B1 switch-b1 B2 switch-b2 C1 switch-c1 C2 switch-c2 NOTE: There can only be one IOM connection per chassis at a time. NOTE: You cannot connect to pass-throughs from the serial console. Configuring CMC to Use Command Line Consoles 57 To connect to a managed server serial console, use the command connect server-n, where -n is the slot number of the server; you can also use the racadm connect server-n command. When you connect to a server using the -b option, binary communication is assumed and the escape character is disabled. If the iDRAC is not available, you will see a No route to host error message. The connect server-n command enables the user to access the server's serial port. After this connection is established, the user will be able to see the server's console redirection through CMC's serial port that includes both the BIOS serial console and the operating system serial console. NOTE: To see the BIOS boot screens, serial redirection has to be enabled in the servers’ BIOS Setup. Also, you must set the terminal emulator window to 80x25. Otherwise, the screen will be garbled. NOTE: Not all keys will work in the BIOS setup screens, so you should provide appropriate escape sequences for CTRL+ALT+DEL, and other escape sequences. The initial redirection screen displays the necessary escape sequences. Configuring the Managed Server BIOS for Serial Console Redirection It is necessary to connect to the managed server using the iKVM (see “Managing Servers With iKVM”), or establish a VKVM session from the iDRAC web GUI (see the iDRAC User’s Guide on support.dell.com/manuals), and perform the following steps: Serial communication in the BIOS is OFF by default. To redirect host text console data to Serial over LAN, you must enable console redirection through COM1. To change the BIOS setting: 1 Boot the managed server. 2 Press to enter the BIOS setup utility during POST. 3 Scroll down to Serial Communication and press . In the pop-up dialog box, the serial communication list displays these options: • off • on without console redirection • on with console redirection via COM1 Use the arrow keys to navigate between these options. 4 Ensure that On with console redirection via COM1 is enabled. 58 Configuring CMC to Use Command Line Consoles 5 Enable Redirection After Boot (default value is disabled). This option enables BIOS console redirection across subsequent reboots. 6 Save the changes and exit. 7 The managed server reboots. Configuring Windows for serial console redirection There is no configuration necessary for servers running the Microsoft® Windows Server® versions, starting with Windows Server 2003. Windows will receive information from the BIOS, and enable the Special Administration Console (SAC) console one COM1. Configuring Linux for Server Serial Console Redirection During Boot The following steps are specific to the Linux GRand Unified Bootloader (GRUB). Similar changes are necessary for using a different boot loader. NOTE: When you configure the client VT100 emulation window, set the window or application that is displaying the redirected console to 25 rows x 80 columns to ensure proper text display; otherwise, some text screens may be garbled. Edit the /etc/grub.conf file as follows: 1 Locate the general setting sections in the file and add the following two new lines: serial --unit=1 --speed=57600 terminal --timeout=10 serial 2 Append two options to the kernel line: kernel............. console=ttyS1,57600 3 If /etc/grub.conf contains a splashimage directive, comment it out. The following example shows the changes described in this procedure. # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes # to this file # NOTICE: You do not have a /boot partition. This means that # all kernel and initrd paths are relative to Configuring CMC to Use Command Line Consoles 59 /, e.g. # root (hd0,0) # kernel /boot/vmlinuz-version ro root= /dev/sdal # initrd /boot/initrd-version.img # #boot=/dev/sda default=0 timeout=10 #splashimage=(hd0,2)/grub/splash.xpm.gz serial --unit=1 --speed=57600 terminal --timeout=10 serial title Red Hat Linux Advanced Server (2.4.9-e.3smp) root (hd0,0) kernel /boot/vmlinuz-2.4.9-e.3smp ro root= /dev/sda1 hda=ide-scsi console=ttyS0 console= ttyS1,57600 initrd /boot/initrd-2.4.9-e.3smp.img title Red Hat Linux Advanced Server-up (2.4.9-e.3) root (hd0,00) kernel /boot/vmlinuz-2.4.9-e.3 ro root=/dev/sda1 s initrd /boot/initrd-2.4.9-e.3.im When you edit the /etc/grub.conf file, use the following guidelines: • Disable GRUB's graphical interface and use the text-based interface; otherwise, the GRUB screen will not be displayed in console redirection. To disable the graphical interface, comment out the line starting with splashimage. • To start multiple GRUB options to start console sessions through the serial connection, add the following line to all options: console=ttyS1,57600 The example shows console=ttyS1,57600 added to only the first option. 60 Configuring CMC to Use Command Line Consoles Configuring Linux for Server Serial Console Redirection After Boot Edit the file /etc/inittab, as follows: • Add a new line to configure agetty on the COM2 serial port: co:2345:respawn:/sbin/agetty -h -L 57600 ttyS1 ansi The following example shows the file with the new line. # # inittab This file describes how the INIT process # should set up the system in a certain # run-level. # # Author: Miquel van Smoorenburg # Modified for RHS Linux by Marc Ewing and # Donnie Barnes # # Default runlevel. The runlevels used by RHS are: # 0 - halt (Do NOT set initdefault to this) # 1 - Single user mode # 2 - Multiuser, without NFS (The same as 3, if you # do not have networking) # 3 - Full multiuser mode # 4 - unused # 5 - X11 # 6 - reboot (Do NOT set initdefault to this) # id:3:initdefault: # System initialization. si::sysinit:/etc/rc.d/rc.sysinit l0:0:wait:/etc/rc.d/rc l1:1:wait:/etc/rc.d/rc l2:2:wait:/etc/rc.d/rc l3:3:wait:/etc/rc.d/rc 0 1 2 3 Configuring CMC to Use Command Line Consoles 61 l4:4:wait:/etc/rc.d/rc 4 l5:5:wait:/etc/rc.d/rc 5 l6:6:wait:/etc/rc.d/rc 6 # Things to run in every runlevel. ud::once:/sbin/update # Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -t3 -r now # When our UPS tells us power has failed, assume we have a few # minutes of power left. Schedule a shutdown for 2 minutes from now. # This does, of course, assume you have power installed and your # UPS is connected and working correctly. pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down" # If power was restored before the shutdown kicked in, cancel it. pr:12345:powerokwait:/sbin/shutdown -c "Power Restored; Shutdown Cancelled" # Run gettys in standard runlevels co:2345:respawn:/sbin/agetty -h -L 57600 ttyS1 ansi 1:2345:respawn:/sbin/mingetty tty1 2:2345:respawn:/sbin/mingetty tty2 3:2345:respawn:/sbin/mingetty tty3 4:2345:respawn:/sbin/mingetty tty4 5:2345:respawn:/sbin/mingetty tty5 6:2345:respawn:/sbin/mingetty tty6 # Run xdm in runlevel 5 # xdm is now a separate service x:5:respawn:/etc/X11/prefdm -nodaemon 62 Configuring CMC to Use Command Line Consoles Edit the file /etc/securetty, as follows: • Add a new line, with the name of the serial tty for COM2: ttyS1 The following example shows a sample file with the new line. vc/1 vc/2 vc/3 vc/4 vc/5 vc/6 vc/7 vc/8 vc/9 vc/10 vc/11 tty1 tty2 tty3 tty4 tty5 tty6 tty7 tty8 tty9 tty10 tty11 ttyS1 Configuring CMC to Use Command Line Consoles 63 64 Configuring CMC to Use Command Line Consoles Using the RACADM Command Line Interface 4 RACADM provides a set of commands that allow you to configure and manage the CMC through a text-based interface. RACADM can be accessed using a Telnet/SSH or serial connection, using the Dell CMC console on the iKVM, or remotely using the RACADM command line interface installed on a management station. The RACADM interface is classified as "local" or "remote," depending on the location of the racadm executable program you are using: NOTE: Remote RACADM is included on the Dell Systems Management Tools and Documentation DVD and is installed on a management station. • Remote RACADM — you execute RACADM commands on a management station with the -r option and the DNS name or IP address of the CMC. • Local RACADM — you log into the CMC using Telnet, SSH, a serial connection, or the iKVM. With local RACADM, you are executing the RACADM implementation that is part of the CMC firmware. You can use remote RACADM commands in scripts to configure multiple CMCs. The CMC does not have support for scripting, so you cannot execute scripts directly on the CMC. For more information about configuring multiple CMCs, see "Configuring Multiple CMCs in Multiple Chassis." Using a Serial, Telnet, or SSH Console You can log in to the CMC either through a serial or Telnet/SSH connection, or through Dell CMC console on iKVM. To configure the CMC for serial or remote access, see "Configuring CMC to Use Command Line Consoles." Commonly used subcommand options are listed in Table 4-2. A complete list of RACADM subcommands is listed in the RACADM Subcommands chapter of the Dell Chassis Management Controller Administrator Reference Guide. Using the RACADM Command Line Interface 65 Logging in to the CMC After you have configured your management station terminal emulator software and managed node BIOS, perform the following steps to log into the CMC: 1 Connect to the CMC using your management station terminal emulation software. 2 Type your CMC user name and password, and then press . You are logged into the CMC. Starting a Text Console You can log in to the CMC using Telnet or SSH through a network, serial port, or a Dell CMC console through the iKVM. Open a Telnet or SSH session, connect and log on to the CMC. For information about connecting to the CMC through iKVM, see "Using the iKVM Module." Using RACADM RACADM subcommands can be run remotely from the serial, Telnet, or SSH console command prompt or through a normal command prompt. Use RACADM subcommands to configure CMC properties and perform remote management tasks. To display a list of RACADM subcommands, type: racadm help When run without options or subcommands, RACADM displays syntax information and instructions on how to access subcommands and help. To list syntax and command-line options for individual subcommands, type: racadm help 66 Using the RACADM Command Line Interface RACADM Subcommands Table 4-1 provides a brief list of common subcommands used in RACADM. For a complete list of RACADM subcommands, including syntax and valid entries, see the RACADM Subcommands chapter of the Dell Chassis Management Controller Administrator Reference Guide. NOTE: The connect command is available as both—RACADM command and built-in CMC command. The exit, quit, and logout commands are built-in CMC commands, not RACADM commands. None of these commands can be used with remote RACADM. See "Connecting to Servers or I/O Modules With the Connect Command" for information about using these commands. When entering a RACADM subcommand, prefix the command with racadm. For example: racadm help Table 4-1. RACADM Subcommands Command Description help Lists CMC subcommand descriptions. help Lists usage summary for the specified subcommand. ? Lists CMC subcommand descriptions. ? Lists usage summary for the specified subcommand. arp Displays the contents of the ARP table. ARP table entries may not be added or deleted. chassisaction Executes power-up, power-down, reset, and power-cycle on the chassis, switch, and KVM. clrraclog Clears the CMC log and creates a single entry indicating the user and time that the log was cleared. clrsel Clears the System Event Log entries. cmcchangeover Changes the state of the CMC from active to standby, or vice versa, in redundant CMC environments. config Configures the CMC. connect Connects to the serial console of a server or I/O module. See "Connecting to Servers or I/O Modules With the Connect Command" for help using the connect subcommand. Using the RACADM Command Line Interface 67 RACADM Subcommands (continued) Table 4-1. Command Description deploy Deploys a server by specifying required properties. feature Displays active features and feature deactivation. featurecard Displays feature card status information. fwupdate Performs system component firmware updates, and displays firmware update status. getassettag Displays the asset tag for the chassis. getchassisname Displays the name of the chassis. getconfig Displays the current CMC configuration properties. getdcinfo Displays general I/O module and daughter card misconfiguration information. getflexaddr Displays the FlexAddress enabled/disabled status on a per slot/fabric basis. If used with the -i option, the command displays the WWN and MAC address for a particular slot. getioinfo Displays general I/O module information. getkvminfo Displays information about the iKVM. getled Displays the LED settings on a module. getmacaddress Displays a server’s MAC address. getmodinfo Displays module configuration and status information. getniccfg Displays the current IP configuration for the controller. getpbinfo Displays power budget status information. getpminfo Displays power management status information. getraclog Displays the CMC log. getractime Displays the CMC time. getredundancymode Displays the redundancy mode of the CMC. getsel Displays the system event log (hardware log). getsensorinfo Displays information about system sensors. getslotname Displays the name of a slot in the chassis. getssninfo Displays information about active sessions. 68 Using the RACADM Command Line Interface Table 4-1. RACADM Subcommands (continued) Command Description getsvctag Displays service tags. getsysinfo Displays general CMC and system information. gettracelog Displays the CMCtrace log. If used with the -i option, the command displays the number of entries in the CMC trace log. getversion Displays the current software version, model information, and whether or not the device can be updated. ifconfig Displays the current CMC IP configuration. netstat Displays the routing table and the current connections. ping Verifies that the destination IPv4 address is reachable from the CMC with the current routing-table contents. ping6 Verifies that the destination IPv6 address is reachable from the CMC with the current routing-table contents. racdump Displays the comprehensive chassis status and configuration state information, as well as historic event logs. Used for post deployment configuration verification and during debugging sessions. racreset Resets the CMC. racresetcfg Resets the CMC to the default configuration. remoteimage Connects, disconnects, or deploys a media file on a remote server serveraction Performs power management operations on the managed system. setassettag Sets the asset tag for the chassis. setchassisname Sets the name of the chassis. setflexaddr Enables/disables FlexAddress on a particular slot/fabric, when the FlexAddress feature is activated on the chassis setled Sets the LED settings on a module. setniccfg Sets the IP configuration for the controller. setractime Sets the CMC time. Using the RACADM Command Line Interface 69 RACADM Subcommands (continued) Table 4-1. Command Description setslotname Sets the name of a slot in the chassis. setsysinfo Sets the name and location of the chassis. sshpkauth Enables you to upload up to 6 different SSH public keys, delete existing keys, and view keys already in the CMC. sslcertdownload Downloads a certificate authority-signed certificate. sslcertupload Uploads a certificate authority-signed certificate or server certificate to the CMC. sslcertview Views a certificate authority-signed certificate or server certificate in the CMC. sslcsrgen Generates and downloads the SSL CSR. sslresetcfg Regenerates the self-signed certificate used by the CMC Web GUI. testemail Forces the CMC to send an e-mail over the CMC NIC. testfeature Allow you to verify a specific feature's configuration parameters. For example, it supports testing the Active Directory configuration using simple authentication (user name and password) or Active Directory configuration using Kerberos authentication (Single Sign-on or Smart Card Login). testtrap Forces the CMC to send an SNMP over the CMC NIC. traceroute Prints the route the IPv4 packets take to a network node. traceroute6 Prints the route the IPv6 packets take to a network node. 70 Using the RACADM Command Line Interface Accessing RACADM Remotely Table 4-2 lists the options for the remote RACADM subcommands. Table 4-2. Remote RACADM Subcommand Options Option Description -r Specifies the controller’s remote IP address. -r : Use if the CMC port number is not the default port (443) -i Instructs RACADM to interactively query the user for user name and password. -u Specifies the user name that is used to authenticate the command transaction. If the -u option is used, the -p option must be used, and the -i option (interactive) is not allowed. -p Specifies the password used to authenticate the command transaction. If the -p option is used, the -i option is not allowed. To access RACADM remotely, type the following commands: racadm -r -u -p racadm -i -r NOTE: The -i option instructs RACADM to interactively prompt for user name and password. Without the -i option, you must provide the user name and password in the command using the -u and -p options. For example: racadm -r 192.168.0.120 -u root -p calvin getsysinfo racadm -i -r 192.168.0.120 getsysinfo Using the RACADM Command Line Interface 71 If the HTTPS port number of the CMC has been changed to a custom port other than the default port (443), the following syntax must be used: racadm -r : -u -p racadm -i -r : Enabling and Disabling the RACADM Remote Capability NOTE: Dell recommends that you run these commands at the chassis. The RACADM remote capability on the CMC is enabled by default. In the following commands, -g specifies the configuration group the object belongs to, and -o specifies the configuration object to configure. To disable the RACADM remote capability, type: racadm config -g cfgRacTuning -o cfgRacTuneRemoteRacadmEnable 0 To re-enable RACADM remote capability, type: racadm config -g cfgRacTuning -o cfgRacTuneRemoteRacadmEnable 1 Using RACADM Remotely NOTE: Configure the IP address on your CMC before using the RACADM remote capability. For more information about setting up your CMC, see "Installing and Setting Up the CMC." The RACADM console’s remote option (-r) allows you to connect to the managed system and execute RACADM subcommands from a remote console or management station. To use the remote capability, you need a valid user name (-u option) and password (-p option), and the CMC IP address. Before you try to access RACADM remotely, confirm that you have permissions to do so. To display your user privileges, type: racadm getconfig -g cfguseradmin -i n where n is your user ID (1–16). If you do not know your user ID, try different values for n. 72 Using the RACADM Command Line Interface NOTE: The RACADM remote capability is supported only on management stations through a supported browser. For more information, see the Supported Browsers section in the Dell Systems Software Support Matrix on the Dell Support website at support.dell.com/manuals. NOTE: When using the RACADM remote capability, you must have write permissions on the folders where you are using the RACADM subcommands involving file operations. For example: racadm getconfig -f -r or racadm sslcertupload -t 1 -f c:\cert\cert.txt When using remote RACADM to capture the configuration groups into a file, if a key property within a group is not set, the configuration group will not be saved as part of the configuration file. If these configuration groups are needed to be cloned onto other CMCs, the key property must be set before executing the getconfig -f command. Alternatively, you can manually enter the missing properties into the configuration file after running the getconfig -f command. This is true for all the racadm indexed groups. This is the list of the indexed groups that exhibit this behavior and their corresponding key properties: cfgUserAdmin - cfgUserAdminUserName cfgEmailAlert - cfgEmailAlertAddress cfgTraps - cfgTrapsAlertDestIPAddr cfgStandardSchema - cfgSSADRoleGroupName cfgServerInfo - cfgServerBmcMacAddress RACADM Error Messages For information about RACADM CLI error messages, see "Troubleshooting." Using the RACADM Command Line Interface 73 Using RACADM to Configure the CMC NOTE: In order to configure CMC the first time. You must be logged in as user root to execute RACADM commands on a remote system. Another user can be created that will give him or her the permission to configure the CMC. The CMC Web interface is the quickest way to configure the CMC (see "Using the CMC Web Interface"). However, if you prefer CLI or script configuration or need to configure multiple CMCs, use RACADM, which is installed with the CMC agents on the management station. Configuring CMC IPv4 Network Properties Setting Up Initial Access to the CMC Before you can begin configuring the CMC, you must first configure the CMC network settings to allow the CMC to be managed remotely. This initial configuration assigns the TCP/IP networking parameters that enable access to the CMC. This section explains how to perform the initial CMC network configuration using RACADM commands. All of the configuration described in this section can be performed using the front panel LCD. See "Configuring Networking Using the LCD Configuration Wizard." CAUTION: Changing settings on the CMC Network Settings screen may disconnect your current network connection. For more information about network subcommands, see the RACADM Subcommands and Property Database Group and Object Definitions chapters of the Dell Chassis Management Controller Administrator Reference Guide. NOTE: You must have Chassis Configuration Administrator privilege to set up CMC network settings. The CMC supports both IPv4 and IPv6 addressing modes. The configuration settings for IPv4 and IPv6 are independent of one another. 74 Using the RACADM Command Line Interface Viewing Current IPv4 Network Settings To view a summary of NIC, DHCP, network speed, and duplex settings, type: racadm getniccfg or racadm getconfig -g cfgCurrentLanNetworking Viewing Current IPv6 Network Settings To view a summary of the network settings, type: racadm getconfig -g cfgIpv6LanNetworking To view IPv4 and IPv6 addressing information for the chassis type: racadm getsysinfo By default, the CMC requests and obtains a CMC IP address from the Dynamic Host Configuration Protocol (DHCP) server automatically. You can disable this feature and specify static CMC IP address, gateway, and subnet mask. To disable DHCP and specify static CMC IP address, gateway, and subnet mask, type: racadm config -g cfgLanNetworking -o cfgNicUseDHCP 0 racadm config -g cfgLanNetworking -o cfgNicIpAddress racadm config -g cfgLanNetworking -o cfgNicGateway racadm config -g cfgLanNetworking -o cfgNicNetmask Viewing Current Network Settings To view a summary of NIC, DHCP, network speed, and duplex settings, type: racadm getniccfg or racadm getconfig -g cfgCurrentLanNetworking Using the RACADM Command Line Interface 75 To view IP address and DHCP, MAC address, and DNS information for the chassis, type: racadm getsysinfo Configuring the Network LAN Settings NOTE: To perform the following steps, you must have Chassis Configuration Administrator privilege. NOTE: The LAN settings, such as community string and SMTP server IP address, affect both the CMC and the external settings of the chassis. NOTE: If you have two CMCs (primary and standby) on the chassis, and they are both connected to the network, the standby CMC automatically assumes the network settings in the event of failover of the primary CMC. Enabling the CMC NIC To enable/disable the CMC IPv4 NIC, type: racadm config -g cfgLanNetworking -o cfgNicEnable 1 racadm config -g cfgLanNetworking -o cfgNicEnable 0 NOTE: The CMC IPv4 NIC is enabled by default. To enable/disable the CMC IPv6 addressing, type: racadm config -g cfgIpv6LanNetworking -o cfgNicEnable 1 racadm config -g cfgIpv6LanNetworking -o cfgNicEnable 0 NOTE: The CMC IPv6 addressing is disabled by default. By default, for IPv4, the CMC requests and obtains a CMC IP address from the Dynamic Host Configuration Protocol (DHCP) server automatically. You can disable the DHCP feature and specify static CMC IP address, gateway, and subnet mask. For an IPv4 network, to disable DHCP and specify static CMC IP address, gateway, and subnet mask, type: racadm config -g cfgLanNetworking -o cfgNicUseDHCP 0 racadm config -g cfgLanNetworking -o cfgNicIpAddress racadm config -g cfgLanNetworking -o cfgNicGateway 76 Using the RACADM Command Line Interface racadm config -g cfgLanNetworking -o cfgNicNetmask By default, for IPv6, the CMC requests and obtains a CMC IP address from the IPv6 Autoconfiguration mechanism automatically. For an IPv6 network, to disable the Autoconfiguration feature and specify a static CMC IPv6 address, gateway, and prefix length, type: racadm config -g cfgIPv6LanNetworking -o cfgIPv6AutoConfig 0 racadm config -g cfgIPv6LanNetworking -o cfgIPv6Address racadm config -g cfgIPv6LanNetworking -o cfgIPv6PrefixLength 64 racadm config -g cfgIPv6LanNetworking -o cfgIPv6Gateway Enabling or Disabling DCHP for the NIC Address When enabled, the CMC’s DHCP for NIC address feature requests and obtains an IP address from the Dynamic Host Configuration Protocol (DHCP) server automatically. This feature is enabled by default. You can disable the DHCP for NIC address feature and specify a static IP address, subnet mask, and gateway. For more information, see "Setting Up Initial Access to the CMC." Enabling or Disabling DHCP for DNS IP Addresses By default, the CMC’s DHCP for DNS address feature is disabled. When enabled, this feature obtains the primary and secondary DNS server addresses from the DHCP server. Using this feature, you do not have to configure static DNS server IP addresses. To disable the DHCP for DNS address feature and specify static preferred and alternate DNS server addresses, type: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 Using the RACADM Command Line Interface 77 To disable the DHCP for DNS address feature for IPv6 and specify static preferred and alternate DNS server addresses, type: racadm config -g cfgIPv6LanNetworking -o cfgIPv6DNSServersFromDHCP6 0 Setting Static DNS IP addresses NOTE: These settings are not valid unless the DCHP for DNS address feature is disabled. For IPv4, to set the preferred primary and secondary DNS IP server addresses, type: racadm config -g cfgLanNetworking -o cfgDNSServer1 racadm config -g cfgLanNetworking -o cfgDNSServer2 For IPv6, to set the preferred and secondary DNS IP Server addresses, type: racadm config -g cfgIPv6LanNetworking -o cfgIPv6DNSServer1 racadm config -g cfgIPv6LanNetworking -o cfgIPv6DNSServer2 Configuring DNS Settings (IPv4 Only) • CMC Registration. To register the CMC on the DNS server, type: racadm config -g cfgLanNetworking -o cfgDNSRegisterRac 1 NOTE: Some DNS servers will only register names of 31 characters or fewer. Make sure the designated name is within the DNS required limit. NOTE: The following settings are valid only if you have registered the CMC on the DNS server by setting cfgDNSRegisterRac to 1. • CMC Name. By default, the CMC name on the DNS server is cmc . To change the CMC name on the DNS server, type: racadm config -g cfgLanNetworking -o cfgDNSRacName where is a string of up to 63 alphanumeric characters and hyphens. For example, cmc-1, d-345. 78 Using the RACADM Command Line Interface • DNS Domain Name. The default DNS domain name is a single blank character. To set a DNS domain name, type: racadm config -g cfgLanNetworking -o cfgDNSDomainName where is a string of up to 254 alphanumeric characters and hyphens. For example: p45, a-tz-1, r-id-001. Configuring Auto Negotiation, Duplex Mode, and Network Speed When enabled, the auto negotiation feature determines whether the CMC automatically sets the duplex mode and network speed by communicating with the nearest router or switch. Auto negotiation is enabled by default. You can disable auto negotiation and specify the duplex mode and network speed by typing: racadm config -g cfgNetTuning -o cfgNetTuningNicAutoneg 0 racadm config -g cfgNetTuning -o cfgNetTuningNicFullDuplex where: is 0 (half duplex) or 1 (full duplex, default) racadm config -g cfgNetTuning -o cfgNetTuningNicSpeed where: is 10 or 100(default). Setting the Maximum Transmission Unit (MTU) The MTU property allows you to set a limit for the largest packet that can be passed through the interface. To set the MTU, type: racadm config -g cfgNetTuning -o cfgNetTuningMtu where is a value between 576–1500 (inclusive; default is 1500). NOTE: IPv6 requires a minimum MTU of 1280. If IPv6 is enabled, and cfgNetTuningMtu is set to a lower value, the CMC will use an MTU of 1280. Using the RACADM Command Line Interface 79 Setting the SMTP Server IP Address You can enable the CMC to send e-mail alerts using Simple Mail Transfer Protocol (SMTP) to a specified IP address. To enable this feature, type: racadm config -g cfgRemoteHosts -o cfgRhostsFwUpdateIpAddr where is the IP address of the network SMTP server. NOTE: If your network has an SMTP server that releases and renews IP address leases periodically, and the addresses are different, then there will be a duration when this property setting will not work due to change in the specified SMTP server IP address. In such cases, use the DNS name. Configuring the Network Security Settings NOTE: To perform the following steps, you must have Chassis Configuration Administrator privilege. Enabling IP Range Checking IP filtering compares the IP address of an incoming login to the IP address range that is specified in the following cfgRacTuning properties: • cfgRacTuneIpRangeAddr • cfgRacTuneIpRangeMask A login from the incoming IP address is allowed only if both the following are identical: a cfgRacTuneIpRangeMask bit-wise and with incoming IP address b cfgRacTuneIpRangeMask bit-wise and with cfgRacTuneIpRangeAddr Using RACADM to Configure Users Before You Begin You can configure up to 16 users in the CMC property database. Before you manually enable a CMC user, verify if any current users exist. If you are configuring a new CMC or you ran the RACADM racresetcfg command, the only current user is root with the password calvin. The racresetcfg subcommand resets the CMC back to the original defaults. 80 Using the RACADM Command Line Interface CAUTION: Use caution when using the racresetcfg command, because it will reset all configuration parameters to the original defaults. Any previous changes are lost. NOTE: Users can be enabled and disabled over time, and disabling a user does not delete the user from the database. To verify if a user exists, open a Telnet/SSH text console to the CMC, log in, and type: racadm getconfig -u or type the following command once for each index of 1–16: racadm getconfig -g cfgUserAdmin -i Several parameters and object IDs are displayed with their current values. Two objects of interest are: # cfgUserAdminIndex=XX cfgUserAdminUserName= If the cfgUserAdminUserName object has no value, that index number, which is indicated by the cfgUserAdminIndex object, is available for use. If a name appears after the "=," that index is taken by that user name. NOTE: When you manually enable or disable a user with the RACADM config subcommand, you must specify the index with the -i option. Observe that the cfgUserAdminIndex object displayed in the previous example contains a # character. Also, if you use the racadm config -f racadm.cfg command to specify any number of groups/objects to write, the index cannot be specified. A new user is added to the first available index. This behavior allows more flexibility in configuring a second CMC with the same settings as the main CMC. Adding a CMC User To add a new user to the CMC configuration, you can use a few basic commands. Perform the following procedures: 1 Set the user name. 2 Set the password. Using the RACADM Command Line Interface 81 3 Set the user privileges. For information about user privileges, see Table 5-18, Table 5-19, and Table 3-1 in the database property chapter of the Dell Chassis Management Controller Administrator Reference Guide. 4 Enable the user. Example The following example describes how to add a new user named "John" with a "123456" password and LOGIN privilege to the CMC. NOTE: See Table 3-1 in the database property chapter of the Dell Chassis Management Controller Firmware Administrator Reference Guide for a list of valid bit mask values for specific user privileges. The default privilege value is 0, which indicates the user has no privileges enabled. racadm config -g cfgUserAdmin -o cfgUserAdminUserName -i 2 john racadm config -g cfgUserAdmin -o cfgUserAdminPassword -i 2 123456 racadm config -g cfgUserAdmin -i 2 -o cfgUserAdminPrivilege 0x00000001 racadm config -g cfgUserAdmin -i 2 -o cfgUserAdminEnable 1 To verify that the user was added successfully with the correct privileges, use one of the following commands: racadm getconfig -u john or racadm getconfig –g cfgUserAdmin –i 2 82 Using the RACADM Command Line Interface Using RACADM to Configure Public Key Authentication over SSH Before You Begin You can configure up to 6 public keys that can be used with the service username over SSH interface. Before adding or deleting public keys, be sure to use the view command to see what keys are already set up so a key is not accidentally overwritten or deleted. The service username is a special user account that can be used when accessing the CMC through SSH. When the PKA over SSH is set up and used correctly, you will not have to enter username or passwords when logging into the CMC. This can be very useful for setting up automated scripts to perform various functions. When getting ready to set up this functionality, be aware of the following: • there is no GUI support for managing this feature; you can only use RACADM • when adding new public keys, ensure that the existing keys are not already at the index where the new key is added. CMC does not perform checks to ensure previous keys are deleted before a new one is added. As soon as a new key is added, it is automatically in effect as long as the SSH interface is enabled. • when using the public key comment section of the public key, remember that only the first 16 characters are utilized by the CMC. The public key comment is used by the CMC to distinguish SSH users when using the RACADM getssninfo command since all PKA users use the service username to log in. For example, if two public keys are set up one with comment PC1 and one with comment PC2: racadm getssninfo Type User SSH PC1 x.x.x.x IP Address 06/16/2009 09:00:00 Login Date/Time SSH PC2 x.x.x.x 06/16/2009 09:00:00 For more information on the sshpkauth, see the Dell Chassis Management Controller Administrator Reference Guide. Using the RACADM Command Line Interface 83 Generating Public Keys for Windows Before adding an account, a public key is required from the system that will access the CMC over SSH. There are two ways to generate the public/private key pair: using PuTTY Key Generator application for clients running Windows or ssh-keygen CLI for clients running Linux. This section describes simple instructions to generate a public/private key pair for both applications. For additional or advanced usage of these tools, see the application Help. To use the PuTTY Key Generator for Windows clients to create the basic key: 1 Start the application and select either SSH-2 RSA or SSH-2 DSA for the type of key to generate (SSH-1 is not supported). 2 Enter the number of bits for the key. The number should be between 768 and 4096. NOTE: The CMC may not display a message if you add keys less than 768 or greater than 4096, but when you try to log in, these keys it will fail. 3 Click Generate and move the mouse in the window as directed. After the key is created, you can modify the key comment field. You can also enter a passphrase to make the key secure. Ensure that you save the private key. 4 You have two options for using the public key: • save the public key to a file to upload later. • copy and paste the text from the Public key for pasting… window when adding the account using the text option. Generating Public Keys for Linux The ssh-keygen application for Linux clients is a command line tool with no graphical user interface. Open a terminal window and at the shell prompt type: ssh-keygen –t rsa –b 1024 –C testing NOTE: The options are case sensitive. where, -t option could either be dsa or rsa. 84 Using the RACADM Command Line Interface –b option specifies the bit encryption size between 768 and 4096. –C option allows modifying the public key comment and is optional. the passphrase is optional. Follow the instructions. After the command completes, use the public file to pass to the RACADM for uploading the file. Viewing the Public Keys To view public keys that you have added to the CMC, type: racadm sshpkauth –I svcacct –k all –v To view just one key at a time, replace all with a number from 1 – 6. For example, to view key 2, type: racadm sshpkauth –I svcacct –k 2 –v Adding the Public Keys To add a public key to the CMC using the file upload options, type: racadm sshpkauth –I svcacct –k 1 –p 0xfff –f NOTE: You can only use the file upload option with remote RACADM. For public key privileges, see Table 3-1 in the Database Property chapter of Dell Chassis Management Controller Administrator Reference Guide. To add a public key using the text upload option, type: racadm sshpkauth –I svcacct –k 1 –p 0xfff –t “ ” Deleting the Public Keys To delete a public key type: racadm sshpkauth –I svcacct –k 1 –d To delete all public keys type: racadm sshpkauth –I svcacct –k all –d Using the RACADM Command Line Interface 85 Logging in Using Public Key Authentication After the public keys are uploaded, you should be able to log into the CMC over SSH without having to enter a password. You also have the option of sending a single RACADM command as a command line argument to the SSH application. The command line options behave like remote RACADM since the session ends after the command is completed. For example: Logging in: ssh service@ Or ssh service@ where IP_address is the IP address of the CMC. Sending racadm commands: ssh service@ racadm getversion ssh service@ racadm getsel When you log in using the service account, if a passphrase was set up when creating the public/private key pair, you may be prompted to enter that passphrase again. If a passphrase is used with the keys, both Windows and Linux clients provide methods to automate that as well. For Windows clients, you can use the Pageant application. It runs in the background and makes entering the passphrase transparent. For Linux clients, you can use the sshagent. For setting up and using either of these applications, see the documentation provided from that application. Enabling a CMC User With Permissions To enable a user with specific administrative permissions (role-based authority), first locate an available user index by performing the steps in "Before You Begin." Next, type the following command lines with the new user name and password. NOTE: See Table 3-1 in the Database Property chapter of the Dell Chassis Management Controller Administrator Reference Guide for a list of valid bit mask values for specific user privileges. The default privilege value is 0, which indicates the user has no privileges enabled. racadm config -g cfgUserAdmin -o cfgUserAdminPrivilege -i 86 Using the RACADM Command Line Interface Disabling a CMC User Using RACADM, you can only disable CMC users manually and on an individual basis. You cannot delete users by using a configuration file. The following example illustrates the command syntax that can be used to delete a CMC user: racadm config -g cfgUserAdmin -i 2 cfgUserAdminPrivilege 0x0 Configuring SNMP and E-mail Alerting You can configure the CMC to send SNMP event traps and/or e-mail alerts when certain events occur on the chassis. For more information and instructions, see "Configuring SNMP Alerts" and "Configuring E-mail Alerts." You can specify the trap destinations as appropriately-formatted numeric addresses (IPv6 or IPv4), or fully-qualified domain names (FQDNs). Choose a format that is consistent with your networking technology/infrastructure. NOTE: The Test TRAP functionality does not detect improper choices based on current network configuration. For example, using an IPv6 destination in an IPv4-only environment. Configuring Multiple CMCs in Multiple Chassis Using RACADM, you can configure one or more CMCs with identical properties. When you query a specific CMC card using its group ID and object ID, RACADM creates the racadm.cfg configuration file from the retrieved information. By exporting the file to one or more CMCs, you can configure your controllers with identical properties in a minimal amount of time. NOTE: Some configuration files contain unique CMC information (such as the static IP address) that must be modified before you export the file to other CMCs. Using the RACADM Command Line Interface 87 1 Use RACADM to query the target CMC that contains the desired configuration. NOTE: The generated configuration file is myfile.cfg. You can rename the file. NOTE: The .cfg file does not contain user passwords. When the .cfg file is uploaded to the new CMC, you must re-add all passwords. Open a Telnet/SSH text console to the CMC, log in, and type: racadm getconfig -f myfile.cfg NOTE: Redirecting the CMC configuration to a file using getconfig -f is only supported with the remote RACADM interface. 2 Modify the configuration file using a plain-text editor (optional). Any special formatting characters in the configuration file may corrupt the RACADM database. 3 Use the newly created configuration file to modify a target CMC. At the command prompt, type: racadm config -f myfile.cfg 4 Reset the target CMC that was configured. At the command prompt, type: racadm reset The getconfig -f myfile.cfg subcommand (step 1) requests the CMC configuration for the primary CMC and generates the myfile.cfg file. If required, you can rename the file or save it to a different location. You can use the getconfig command to perform the following actions: • Display all configuration properties in a group (specified by group name and index) • Display all configuration properties for a user by user name The config subcommand loads the information into other CMCs. The Server Administrator uses the config command to synchronize the user and password database. 88 Using the RACADM Command Line Interface Creating a CMC Configuration File The CMC configuration file, .cfg, is used with the racadm config -f .cfg command to create a simple text file. The command allows you to build a configuration file (similar to an .ini file) and configure the CMC from this file. You may use any file name, and the file does not require a .cfg extension (although it is referred to by that designation in this subsection). NOTE: For more information about the getconfig subcommand, see the Dell Chassis Management Controller Administrator Reference Guide. RACADM parses the .cfg file when it is first loaded onto the CMC to verify that valid group and object names are present and that some simple syntax rules are being followed. Errors are flagged with the line number that detected the error, and a message explains the problem. The entire file is parsed for correctness, and all errors display. Write commands are not transmitted to the CMC if an error is found in the .cfg file. You must correct all errors before any configuration can take place. To check for errors before you create the configuration file, use the -c option with the config subcommand. With the -c option, config only verifies syntax and does not write to the CMC. Use the following guidelines when you create a .cfg file: • If the parser encounters an indexed group, it is the value of the anchored object that differentiates the various indexes. The parser reads in all of the indexes from the CMC for that group. Any objects within that group are modifications when the CMC is configured. If a modified object represents a new index, the index is created on the CMC during configuration. • You cannot specify a desired index in a .cfg file. Indexes may be created and deleted. Over time the group may become fragmented with used and unused indexes. If an index is present, it is modified. If an index is not present, the first available index is used. This method allows flexibility when adding indexed entries where you do not need to make exact index matches between all the CMCs being managed. New users are added to the first available index. A .cfg file that parses and runs correctly on one CMC may not run correctly on another if all indexes are full and you must add a new user. Using the RACADM Command Line Interface 89 • Use the racresetcfg subcommand to configure both CMCs with identical properties. Use the racresetcfg subcommand to reset the CMC to original defaults, and then run the racadm config -f .cfg command. Ensure that the .cfg file includes all desired objects, users, indexes, and other parameters. See the database property chapter of the Dell Chassis Management Controller Administrator Reference Guide for a complete list of objects and groups. CAUTION: Use the racresetcfg subcommand to reset the database and the CMC NIC settings to the original default settings and remove all users and user configurations. While the root user is available, other users’ settings are also reset to the default settings. Parsing Rules • Lines that start with a hash character (#) are treated as comments. A comment line must start in column one. A "#" character in any other column is treated as a # character. Some modem parameters may include # characters in their strings. An escape character is not required. You may want to generate a .cfg from a racadm getconfig -f .cfg command, and then perform a racadm config -f .cfg command to a different CMC, without adding escape characters. Example: # # This is a comment [cfgUserAdmin] cfgUserAdminPageModemInitString= • All group entries must be surrounded by open- and close-brackets ([ and ]). The starting [ character that denotes a group name must be in column one. This group name must be specified before any of the objects in that group. Objects that do not include an associated group name generate an error. The configuration data is organized into groups as defined in the database property chapter of the Dell Chassis Management Controller Administrator Reference Guide. 90 Using the RACADM Command Line Interface The following example displays a group name, object, and the object’s property value: [cfgLanNetworking] -{group name} cfgNicIpAddress=143.154.133.121 {object name} {object value} • All parameters are specified as "object=value" pairs with no white space between the object, =, or value. White spaces that are included after the value are ignored. A white space inside a value string remains unmodified. Any character to the right of the = (for example, a second =, a #, [, ], and so on) is taken as-is. These characters are valid modem chat script characters. [cfgLanNetworking] -{group name} cfgNicIpAddress=143.154.133.121 {object value} • The .cfg parser ignores an index object entry. You cannot specify which index is used. If the index already exists, it is either used or the new entry is created in the first available index for that group. The racadm getconfig -f .cfg command places a comment in front of index objects, allowing you to see the included comments. NOTE: You may create an indexed group manually using the following command: racadm config -g -o -i Using the RACADM Command Line Interface 91 • The line for an indexed group cannot be deleted from a .cfg file. If you do delete the line with a text editor, RACADM will stop when it parses the configuration file and alert you of the error. You must remove an indexed object manually using the following command: racadm config -g -o -i "" NOTE: A NULL string (identified by two " characters) directs the CMC to delete the index for the specified group. To view the contents of an indexed group, use the following command: racadm getconfig -g -i • For indexed groups the object anchor must be the first object after the [ ] pair. The following are examples of the current indexed groups: [cfgUserAdmin] cfgUserAdminUserName= If you type racadm getconfig -f .cfg, the command builds a .cfg file for the current CMC configuration. This configuration file can be used as an example and as a starting point for your unique .cfg file. Modifying the CMC IP Address When you modify the CMC IP address in the configuration file, remove all unnecessary = entries. Only the actual variable group’s label with [ and ] remains, including the two = entries pertaining to the IP address change. Example: # # Object Group "cfgLanNetworking" # [cfgLanNetworking] cfgNicIpAddress=10.35.10.110 92 Using the RACADM Command Line Interface cfgNicGateway=10.35.10.1 This file will be updated as follows: # # Object Group "cfgLanNetworking" # [cfgLanNetworking] cfgNicIpAddress=10.35.9.143 # comment, the rest of this line is ignored cfgNicGateway=10.35.9.1 The command racadm config -f .cfg parses the file and identifies any errors by line number. A correct file will update the proper entries. Additionally, you can use the same getconfig command from the previous example to confirm the update. Use this file to download company-wide changes or to configure new systems over the network with the command, racadm getconfig -f .cfg. NOTE: "Anchor" is a reserved word and should not be used in the .cfg file. Using RACADM to Configure Properties on iDRAC RACADM config/getconfig commands support the -m option for the following configuration groups: cfgLanNetworking cfgIPv6LanNetworking cfgRacTuning cfgRemoteHosts cfgSerial cfgSessionManagement Using the RACADM Command Line Interface 93 For more information on the property default values and ranges, see the Integrated Dell Remote Access Controller 6 (iDRAC6) Enterprise for Blade Servers User Guide. If the firmware on the blade server does not support a feature, configuring a property related to that feature displays an error. For example, using RACADM to enable remote syslog on an unsupported iDRAC displays an error message. Similarly, when displaying the iDRAC properties using the RACADM getconfig command, the property values are displayed as N/A for an unsupported feature on the blade server. For example, $ racadm getconfig -g cfgSessionManagement -m server-1 # cfgSsnMgtWebServerMaxSessions=N/A # cfgSsnMgtWebServerActiveSessions=N/A # cfgSsnMgtWebServerTimeout=N/A # cfgSsnMgtSSHMaxSessions=N/A # cfgSsnMgtSSHActiveSessions=N/A # cfgSsnMgtSSHTimeout=N/A # cfgSsnMgtTelnetMaxSessions=N/A # cfgSsnMgtTelnetActiveSessions=N/A # cfgSsnMgtTelnetTimeout=N/A 94 Using the RACADM Command Line Interface Troubleshooting Table 4-3 lists common problems related to remote RACADM. Table 4-3. Using the Serial and RACADM Commands: Frequently Asked Questions Question Answer After performing a CMC reset (using the RACADM racreset subcommand), I enter a command and the following message is displayed: You must wait until the CMC completes the reset before issuing another command. racadm Transport: ERROR: (RC=-1) What does this message mean? When I use the RACADM subcommands, I get errors that I do not understand. You may encounter one or more of the following errors when using RACADM: • Local error messages — Problems such as syntax, typographical errors, and incorrect names. Example: ERROR: Use the RACADM help subcommand to display correct syntax and usage information. • CMC-related error messages — Problems where the CMC is unable to perform an action. Also might say "racadm command failed." Type racadm gettracelog for debugging information. Using the RACADM Command Line Interface 95 Table 4-3. Using the Serial and RACADM Commands: Frequently Asked Questions (continued) Question Answer While I was using remote RACADM, If you type a double quotation mark (") in the the prompt changed to a ">" and I command, the CLI will change to the ">" cannot get the "$" prompt to return. prompt and queue all commands. To return to the "$" prompt, type –d. I tried using the following commands and received an error saying "Not Found": The logout and quit commands are not supported in the CMC CLI interface. $ logout $ quit 96 Using the RACADM Command Line Interface Using the CMC Web Interface 5 The CMC provides a Web interface that enables you to configure the CMC properties and users, perform remote management tasks, and troubleshoot a remote (managed) system for problems. For everyday chassis management, use the CMC Web interface. This chapter provides information about how to perform common chassis management tasks using the CMC Web interface. You can also perform all configuration tasks using local RACADM commands or command line consoles (serial console, Telnet, or SSH). For more information about using local RACADM, see "Using the RACADM Command Line Interface." For information on using command line consoles, see "Configuring CMC to Use Command Line Consoles." NOTE: If you are using Microsoft® Internet Explorer®, connecting through a proxy, and see the error "The XML page cannot be displayed," you will need to disable the proxy to continue. Accessing the CMC Web Interface To access the CMC Web interface over IPv4: 1 Open a supported Web browser window. For the latest information on supported Web browsers, see the Dell Systems Software Support Matrix located on the Dell Support website at support.dell.com. 2 Type the following URL in the Address field, and then press : https:// If the default HTTPS port number (port 443) has been changed, type: https:// : where is the IP address for the CMC and is the HTTPS port number. The CMC Login page appears. Using the CMC Web Interface 97 To access the CMC Web interface over IPv6: 1 Open a supported Web browser window. For the latest information on supported Web browsers, see the Dell Systems Software Support Matrix located on the Dell Support website at support.dell.com. 2 Type the following URL in the Address field, and then press : https://[ ] NOTE: While using IPv6, you must enclose the in square brackets ([ ]). Specifying the HTTPS port number in the URL is optional if you are still using the default value (443). Otherwise, you must specify the port number. The syntax for the IPv6 CMC URL with the port number specified is: https://[ ]: where is the IP address for the CMC and is the HTTPS port number. The CMC Login page appears. Logging In NOTE: To log in to the CMC, you must have a CMC account with Log In to CMC privilege. NOTE: The default CMC user name is root, and the password is calvin. The root account is the default administrative account that ships with the CMC. For added security, Dell strongly recommends that you change the default password of the root account during initial setup. NOTE: The CMC does not support extended ASCII characters, such as ß, å, é, ü, or other characters used primarily in non-English languages. NOTE: You cannot log in to the Web interface with different user names in multiple browser windows on a single workstation. 98 Using the CMC Web Interface You can log in as either a CMC user or as a Microsoft® Active Directory® user. To log in: 1 In the Username field, type your user name: • CMC user name: • Active Directory user name: \ , / or @ . NOTE: This field is case sensitive. 2 In the Password field, type your CMC user password or Active Directory user password. NOTE: This field is case-sensitive. 3 Click OK or press . Logging Out When you are logged in to the Web interface, you can log out at any time by clicking Logout in the upper right corner of any page. NOTE: Be careful to apply (save) any settings or information you enter on a page. If you log out or navigate away from that page without applying your changes, the changes will be lost. Configuring Basic CMC Settings Setting the Chassis Name You can set the name used to identify the chassis on the network. (The default name is "Dell Rack System.") For example, an SNMP query on the chassis name will return the name you configure. To set the chassis name: 1 Log in to the CMC Web interface. The Component Health page displays. 2 Click the Setup tab. The General Chassis Settings page displays. 3 Type the new name in the Chassis Name field, and then click Apply. Using the CMC Web Interface 99 Setting the Date and Time on the CMC You can set the date and time manually, or you can synchronize the date and time with a Network Time Protocol (NTP) server. 1 Log in to the CMC Web interface. The Component Health page displays. 2 Click the Setup tab. The General Chassis Settings page displays. 3 Click the Date/Time sub-tab. The Date/Time page displays. 4 To synchronize the date and time with a Network Time Protocol (NTP) server, check Enable NTP and specify up to three NTP servers. 5 To set the date and time manually, uncheck Enable NTP and edit the Date and Time fields, select the Time Zone from the drop-down menu, and then click Apply. To set the date and time using the command line interface, see the config command and cfgRemoteHosts database property group sections in the Dell Chassis Management Controller Administrator Reference Guide. Monitoring System Health Status Viewing Chassis and Component Summaries The CMC displays a graphical representation of the chassis on the Chassis Graphics page that provides a visual overview of installed component status. The Chassis Graphics page is dynamically updated, and the component subgraphic colors and text hints are automatically changed to reflect the current state. 100 Using the CMC Web Interface Figure 5-1. Example of Chassis Graphics in the Web Interface The Component Health page provides an overall health status for the chassis, primary and stand-by CMCs, sever modules, IO Modules (IOMs), fans, iKVM, power supplies (PSUs), and temperature sensors. The Chassis Summary page provides a text-based overview of the chassis, primary and stand-by CMCs, iKVM, and IOMs. For instructions on viewing chassis and components summaries, see "Viewing Chassis Summaries" on page 341. Viewing Chassis Graphics and Component Health Status The Chassis Graphics page provides a graphical view of the front and rear of the chassis. This graphical representation provides a visual overview of the components installed within the chassis and its corresponding status. The Component Health page provides an overall health status for all chassis components. For instructions on viewing chassis graphics and component health status, see "Viewing Chassis and Component Health Status." Viewing Power Budget Status The Power Budget Status page displays the power budget status for the chassis, servers, and chassis power supply units (PSUs). For instructions on viewing power budget status, see "Viewing Power Consumption Status." For more information about CMC power management, see "Power Management." Using the CMC Web Interface 101 Viewing Server Model Name and Service Tag The Model Name and Service Tag of each server can be obtained instantly using the following steps: • Expanding Servers in the System tree. All the servers (1-16) appear in the expanded Servers list. A slot without a server will have its name grayed out. • Use the cursor to hover over the slot name or slot number of a server, a tool tip is prompted with the servers' model name and service tag number (if available). Viewing the Health Status of All Servers The health status for all servers can be viewed in two ways: from the Chassis Graphics section on the Chassis Status page or the Servers Status page. Chassis Graphics provides a graphical overview of all servers installed in the chassis. To view health status for all servers using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed. The center section of Chassis Graphics depicts the front view of the chassis and contains the health status of all servers. Server health status is indicated by the color of the server subgraphic: • Green - server is present, powered on and communicating with the CMC; there is no indication of an adverse condition. • Amber - server is present, but may or may not be powered on, or may or may not be communicating with the CMC; an adverse condition may exist. • Gray - server is present and not powered on. It is not communicating with the CMC and there is no indication of an adverse condition. The Servers Status page provides overviews of the servers in the chassis. To view health status for all servers: 1 Log in to the CMC Web interface. 2 Select Servers in the system tree. The Servers Status page appears. Table 5-1 provides descriptions of the information provided on the Servers Status page. 102 Using the CMC Web Interface Table 5-1. All Servers Status Information Item Description Slot Displays the location of the server. The slot number is a sequential number that identifies the server by its location within the chassis. Name Indicates the name of the server, which by default is identified by its slot name (SLOT-01 to SLOT-16). NOTE: You can change the server name from the default. For instructions, see "Editing Slot Names". Model Health Displays the server's model name. If this field is blank, the server is not present. If this field displays Extension of # (where the value of # is 1-8), the number # is the main slot of a multi-slot server. OK Indicates that the server is present and communicating with the CMC. Informational Displays information about the server when no change in health status has occurred. Warning Indicates that only warning alerts have been issued, and corrective action must be taken. If corrective actions are not taken within the administrator-specified time, critical or severe failures that can affect the integrity of the device may occur. Severe Indicates at least one Failure alert has been issued. Severe status represents a system failure on the server, and corrective action must be taken immediately. No Value When the server is absent from the slot, health information is not provided. Using the CMC Web Interface 103 Table 5-1. All Servers Status Information (continued) Item Description Launch iDRAC GUI Left click the icon to launch the iDRAC management console for a server in a new browser window or tab. This icon is only displayed for a server where all of the following conditions are true: 1 The server is present 2 The chassis power is on 3 The LAN interface on the server is enabled NOTE: If the server is removed from the chassis, the IP address of iDRAC is changed, or the network connection on iDRAC experiences any problems, then clicking the Launch iDRAC GUI icon may display an error page on the iDRAC LAN interface. Power State Indicates the power status of the server: • N/A - The CMC has not yet determined the power state of the server. • Off - Either the server is off or the chassis is off. • On - Both chassis and server are on. • Powering On - Temporary state between Off and On. When the action completes successfully, the Power State will be On. • Powering Off - Temporary state between On and Off. When the action completes successfully, the Power State will be Off. Service Tag Displays the service tag for the server. The service tag is a unique identifier provided by the manufacturer for support and maintenance. If the server is absent, this field is empty. For information on how to launch the iDRAC management console and single sign-on policies, see "Launching iDRAC using Single Sign-On." Editing Slot Names The Slot Names page allows you to update slot names in the chassis. Slot names are used to identify individual servers. When choosing slot names, the following rules apply: 104 Using the CMC Web Interface • Names may contain a maximum of 15 printable ASCII characters (ASCII codes 32 through 126), excluding the double quote (", ASCII 34). If using the RACADM command to change the slot name using any special characters, (~!@#$%^&*), the name string must be enclosed in double quotes for the environment to pass them correctly to the CMC. • Slot names must be unique within the chassis. No two slots may have the same name. • Strings are not case-sensitive. Server-1, server-1, and SERVER-1 are equivalent names. • Slot names must not begin with the following strings: • • Switch- • Fan- • PS- • KVM • DRAC- • MC- • Chassis • Housing-Left • Housing-Right • Housing-Center The strings Server-1 through Server-16 may be used, but only for the corresponding slot. For example, Server-3 is a valid name for slot 3, but not for slot 4. Note that Server-03 is a valid name for any slot. NOTE: To change a slot name, you must have Chassis Configuration Administrator privilege. NOTE: The slot name setting in the Web interface resides on the CMC only. If a server is removed from the chassis, the slot name setting does not remain with the server. NOTE: The slot name setting does not extend to the optional iKVM. The slot name information is available through the iKVM FRU. NOTE: The slot name setting in the CMC Web interface always overrides any change you make to the display name in the iDRAC interface. Using the CMC Web Interface 105 To edit a slot name: 1 Log in to the CMC Web interface. 2 Select Servers in the Chassis menu in the system tree. 3 Click the Setup tab - the Slot Names subtab. The Slot Names page displays. 4 Type the updated or new name for a slot in the Slot Name field. Repeat this action for each slot you want to rename. 5 Click Apply. 6 To restore the default slot name (SLOT-01 to SLOT-16, based on the server's slot position) to the server, press Restore Default Value. Setting the First Boot Device for Servers The First Boot Device page allows you to specify the CMC first boot device for each server. This may not be the actual first boot device for the server or even represent a device present in that server; instead it represents a device sent by the CMC to the server and used as its first boot device in regard to that server. You can set the default boot device and you can also set a one-time boot device so that you can boot a special image to perform tasks such as running diagnostics or reinstalling an operating system. The boot device that you specify must exist and contain bootable media. Table 5-2 lists the boot devices that you can specify. Table 5-2. Boot Devices Boot Device Description PXE Boot from a Preboot Execution Environment (PXE) protocol on the network interface card. Hard Drive Boot from the hard drive on the server. Local CD/DVD Boot from a CD/DVD drive on the server. Virtual Floppy Boot from the virtual floppy drive. The floppy drive (or a floppy disk image) is on another computer on the management network, and is attached using the iDRAC GUI console viewer. 106 Using the CMC Web Interface Table 5-2. Boot Devices (continued) Boot Device Description Virtual CD/DVD Boot from a virtual CD/DVD drive or CD/DVD ISO image. The optical drive or ISO image file is located on another computer or disk available on the management network and is attached using the iDRAC GUI console viewer. iSCSI Boot from an Internet Small Computer System Interface (iSCSI) device. Local SD Card Boot from the local SD (Secure Digital) card - for the M610/M710/M805/M905 systems only. Floppy Boot from a floppy disk in the local floppy disk drive. NOTE: To set the first boot device for servers you must have Server Administrator privilege or Chassis Configuration Administrator privilege and a login on the iDRAC. To set the first boot device for some or all servers in the chassis: 1 Log in to the CMC Web interface. 2 Click Servers in the system tree and then click Setup→Deploy First Boot Device. A list of servers is displayed, one per row. 3 Select the boot device you want to use for each server. from the list box. 4 If you want the server to boot from the selected device every time it boots, uncheck the Boot Once check box for the server. If you want the server to boot from the selected device only on the next boot cycle, select the Boot Once check box for the server. 5 Click Apply. Viewing the Health Status of an Individual Server The health status for an individual server can be viewed in two ways: from the Chassis Graphics section on the Chassis Status page or the Server Status page. The Chassis Graphics page provides a graphical overview of an individual server installed in the chassis. Using the CMC Web Interface 107 To view health status for individual servers using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed. The center section of Chassis Graphics depicts the front view of the chassis and contains the health status for individual servers. Server health status is indicated by the color of the server subgraphic: • Green - server is present, powered on and communicating with the CMC; there is no indication of an adverse condition. • Amber - server is present, but may or may not be powered on, or may or may not be communicating with the CMC; an adverse condition may exist. • Gray - server is present and not powered on. It is not communicating with the CMC and there is no indication of an adverse condition. 3 Use the cursor to hover over an individual server subgraphic and a corresponding text hint or screen tip is displayed. The text hint provides additional information on that server. 4 The server subgraphic is hyperlinked to the corresponding CMC GUI page to provide immediate navigation to the Server Status page for that server. The Server Status page (separate from the Servers Status page) provides an overview of the server and a launch point to the Web interface for the Integrated Dell Remote Access Controller (iDRAC), which is the firmware used to manage the server. NOTE: To use the iDRAC user interface, you must have an iDRAC user name and password. For more information about iDRAC and the using the iDRAC Web interface, see the Integrated Dell Remote Access Controller Firmware User’s Guide. To view the health status of an individual server: 1 Log in to the CMC Web interface. 2 Expand Servers in the system tree. All of the servers (1–16) appear in the expanded Servers list. 3 Click the server (slot) you want to view. The Server Status page displays. Table 5-3 through Table 5-8 provide descriptions of the information on the Server Status page. 108 Using the CMC Web Interface Table 5-3. Individual Server Status - Properties Item Description Slot Indicates the slot occupied by the server on the chassis. Slot numbers are sequential IDs, from 1 through 16 (there are 16 slots available on the chassis), that help identify the location of the server in the chassis. Slot Name Indicates the name of the slot where the server resides. Present Indicates whether the server is present in the slot (Yes or No). When the server is absent, the health, power state, and service tag information of the server is unknown (not displayed). Health OK Indicates that the server is present and communicating with the CMC. In the event of a communication failure between the CMC and the server, the CMC cannot obtain or display health status for the server. Informational Displays information about the server when no change in health status (OK, Warning, Severe) has occurred. Warning Indicates that only warning alerts have been issued, and corrective action must be taken. If corrective actions are not taken within the administrator-specified time, critical or severe failures that can affect the integrity of the server may occur. Severe Indicates at least one Failure alert has been issued. Severe status represents a system failure on the server, and corrective action must be taken immediately. No Value When the server is absent from the slot, health information is not provided. Server Model Indicates the model of the server in the chassis. Examples: PowerEdge M600, PowerEdge M605. Service Tag Displays the service tag for the server. The service tag a unique identifier provided by the manufacturer for support and maintenance. If the server is absent, this field is empty. Using the CMC Web Interface 109 Individual Server Status - Properties (continued) Table 5-3. Item Description iDRAC Firmware Indicates the iDRAC version currently installed on the server. CPLD Version Displays the version number of Complex Programmable Logic Device (CPLD) of the server. BIOS version Indicates the BIOS version on the server. Operating System Indicates the operating system on the server. Table 5-4. Individual Server Status - iDRAC System Event Log Item Description Severity OK Indicates a normal event that does not require corrective actions. Informational Indicates an informational entry on an event in which the Severity status has not changed. Unknown Indicates an unknown/uncategorized event. Warning Indicates a non-critical event for which corrective actions must be taken soon to avoid system failures. Severe Indicates a critical event requiring immediate corrective actions to avoid system failures. Date/Time Indicates the exact date and time the event occurred (for example, Wed May 02 16:26:55 2007). Description Provides a brief description of the event. 110 Using the CMC Web Interface Table 5-5. Individual Server Status - iDRAC Network Settings Item Description LAN Enabled Indicates if the LAN channel is Enabled (Yes) or disabled (No). Table 5-6. Individual Server Status - IPv4 iDRAC Network Settings Item Description Enabled Indicates if the IPv4 protocol is used on the LAN (Yes). If the server does not support IPv6, the IPv4 protocol is always enabled and this setting is not displayed. DHCP Enabled Indicates whether Dynamic Host Configuration Protocol (DHCP) is enabled (Yes) or disabled (No). If this option is enabled (Yes), the server retrieves IP configuration (IP address, subnet mask, and gateway) automatically from a DHCP server on your network. The server will always have a unique IP Address allotted over your network. IPMI over LAN Indicates if the IPMI LAN channel is Enabled (Yes) Enabled or disabled (No). IP Address Specifies the IP address for the iDRAC network interface. Subnet Mask Specifies the subnet mask for the iDRAC network interface. Gateway Specifies the gateway for the iDRAC network interface. Table 5-7. Individual Server Status - IPv6 iDRAC Network Settings Item Description Enabled Indicates if the IPv6 protocol is used on the LAN (Yes). Autoconfiguration Indicates if Autoconfiguration for IPv6 is enabled (Yes). Enabled If Autoconfiguration is enabled, the server retrieves IPv6 configuration (IPv6 address, Prefix Length, and IPv6 Gateway) automatically from an IPv6 router on your network. The server will always have a unique IPv6 address over your network, and may be given up to 16 IPv6 addresses. Using the CMC Web Interface 111 Individual Server Status - IPv6 iDRAC Network Settings (continued) Table 5-7. Item Description Link Local Address IPv6 address assigned to the CMC based upon the MAC address of the CMC. Gateway Displays the IPv6 gateway for the iDRAC network interface. IPv6 Address Displays an IPv6 address for the iDRAC network interface. There may be up to 16 of these addresses. The prefix length, if nonzero, is given after a forward slash ("/"). Table 5-8. Individual Server Status - WWN/MAC Address Item Description Slot Displays the slot(s) occupied by the server on the chassis. Location Displays the location occupied by the Input/Output modules. The six locations are identified by a combination of the group name (A, B, or C) and slot number (1 or 2). Location names are: A1, A2, B1, B2, C1, or C2. Fabric Displays the type of the I/O fabric. Server-Assigned Displays the server-assigned WWN/MAC addresses embedded in the controller's hardware. WWN/MAC addresses showing N/A indicate that an interface for the specified fabric is not installed. ChassisAssigned Displays the chassis-assigned WWN/MAC addresses used for the particular slot. WWN/MAC addresses showing N/A indicate that the FlexAddress feature is not installed. NOTE: A green check mark in the Server-Assigned and Chassis-Assigned columns indicates the type of active addresses. NOTE: When FlexAddress is enabled, slots without servers installed display the Chassis-Assigned MAC/WWN assignment for the embedded Ethernet controllers (Fabric A). The Chassis-Assigned addresses for fabrics B and C display N/A, unless these fabrics are in use on servers in populated slots; it is assumed that the same fabric types will be deployed in the unpopulated slots. For information on how to launch the iDRAC management console and single sign-on policies, see "Launching iDRAC using Single Sign-On." 112 Using the CMC Web Interface Viewing the Health Status of IOMs The health status for the IOMs can be viewed in two ways: from the Chassis Graphics section on the Chassis Status page or the I/O Modules Status page. The Chassis Graphics page provides a graphical overview of the IOMs installed in the chassis. To view health status of the IOMs using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed. The right section of Chassis Graphics depicts the rear view of the chassis and contains the health status for the IOMs. IOM health status is indicated by the color of the IOM subgraphic: • Green - IOM is present, powered on and communicating with the CMC; there is no indication of an adverse condition. • Amber - IOM is present, but may or may not be powered on, or may or may not be communicating with the CMC; an adverse condition may exist. • Gray - IOM is present and not powered on. It is not communicating with the CMC and there is no indication of an adverse condition. 3 Use the cursor to hover over an individual IOM subgraphic and a corresponding text hint or screen tip is displayed. The text hint provides additional information on that IOM. 4 The IOM subgraphic is hyperlinked to the corresponding CMC GUI page to provide immediate navigation to the I/O Module Status page associated with that IOM. The I/O Modules Status page provides overviews of all IOMs associated with the chassis. For instructions on viewing IOM health through the Web interface or RACADM, see "Monitoring IOM Health." Using the CMC Web Interface 113 Viewing the Health Status of the Fans NOTE: During updates of CMC or iDRAC firmware on a server, some or all of the fan units in the chassis spin at 100%. This is normal. The health status of the fans can be viewed in two ways: from the Chassis Graphics section on the Chassis Status page or the Fans Status page. The Chassis Graphics page provides a graphical overview of all fans installed in the chassis. To view health status for all fans using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed. The right section of Chassis Graphics depicts the rear view of the chassis and contains the health status of all fans. Fan health status is indicated by the color of the fan subgraphic: • Green - fan is present, powered on and communicating with the CMC; there is no indication of an adverse condition. • Amber - fan is present, but may or may not be powered on, or may or may not be communicating with the CMC; an adverse condition may exist. • Gray - fan is present and not powered on. It is not communicating with the CMC and there is no indication of an adverse condition. 3 Use the cursor to hover over the an individual fan subgraphic and a corresponding text hint or screen tip is displayed. The text hint provides additional information on that fan. 4 The fan subgraphic is hyperlinked to the corresponding CMC GUI page to provide immediate navigation to the Fans Status page. The Fans Status page provides the status and speed measurements in revolutions per minute, or RPMs, of the fans in the chassis. There can be one or more fans. The CMC, which controls fan speeds, automatically increases or decreases fan speeds based on system wide events. The CMC generates an alert and increases the fan speeds when the following events occur: 114 • The CMC ambient temperature threshold is exceeded. • A fan fails. • A fan is removed from the chassis. Using the CMC Web Interface To view the health status of the fan units: 1 Log in to the CMC Web interface. 2 Select Fans in the system tree. The Fans Status page displays. Table 5-9 provides descriptions of the information provided on the Fans Status page. Table 5-9. Fans Health Status Information Item Description Name Displays the fan name in the format FAN-n, where n is the fan number. Present Indicates whether the fan unit is present (Yes or No). Health Speed OK Indicates that the fan unit is present and communicating with the CMC. In the event of a communication failure between the CMC and the fan unit, the CMC cannot obtain or display health status for the fan unit. Severe Indicates at least one Failure alert has been issued. Severe status represents a system failure on the fan unit, and corrective action must be taken immediately to prevent overheating and system shutdown. Unknown Displayed when the chassis is first powered on. In the event of a communication failure between the CMC and the fan unit, the CMC cannot obtain or display health status for the fan unit. Indicates the speed of the fan in RPM. Using the CMC Web Interface 115 Viewing the iKVM Status The local access KVM module for your Dell M1000e server chassis is called the Avocent® Integrated KVM Switch Module, or iKVM. The health status of the iKVM associated with the chassis can be viewed on the Chassis Graphics page. To view health status for the iKVM using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed. The right section of Chassis Graphics depicts the rear view of the chassis and contains the health status of the iKVM. iKVM health status is indicated by the color of the iKVM subgraphic: • Green - iKVM is present, powered on and communicating with the CMC; there is no indication of an adverse condition. • Amber - iKVM is present, but may or may not be powered on, or may or may not be communicating with the CMC; an adverse condition may exist. • Gray - iKVM is present and not powered on. It is not communicating with the CMC and there is no indication of an adverse condition. 3 Use the cursor to hover over the iKVM subgraphic and a corresponding text hint or screen tip is displayed. The text hint provides additional information on that iKVM. 4 The iKVM subgraphic is hyperlinked to the corresponding CMC GUI page to provide immediate navigation to the iKVM Status page. For additional instructions on viewing iKVM status and setting properties for the iKVM, see: • "Viewing the iKVM Status and Properties" • "Enabling or Disabling the Front Panel" • "Enabling the Dell CMC Console Through iKVM" • "Updating the iKVM Firmware" For more information about iKVM, see "Using the iKVM Module." 116 Using the CMC Web Interface Viewing the Health Status of the PSUs The health status of the PSUs associated with the chassis can be viewed in two ways: from the Chassis Graphics section on the Chassis Status page or the Power Supply Status page. The Chassis Graphics page provides a graphical overview of all PSUs installed in the chassis. To view health status for all PSUs using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed. The right section of Chassis Graphics depicts the rear view of the chassis and contains the health status of all PSUs. PSU health status is indicated by the color of the PSU subgraphic: • Green - PSU is present, powered on and communicating with the CMC; there is no indication of an adverse condition. • Amber - PSU is present, but may or may not be powered on or may or may not be communicating with the CMC; an adverse condition may exist. • Gray - PSU is present and not powered on. It is not communicating with the CMC and there is no indication of an adverse condition. 3 Use the cursor to hover over the an individual PSU subgraphic and a corresponding text hint or screen tip is displayed. The text hint provides additional information on that PSU. 4 The PSU subgraphic is hyperlinked to the corresponding CMC GUI page to provide immediate navigation to the Power Supply Status page for all PSUs. Using the CMC Web Interface 117 The Power Supply Status page displays the status and readings of the PSUs associated with the chassis. For more information about CMC power management, see "Power Management." To view the health status of the PSUs: 1 Log in to the CMC Web interface. 2 Select Power Supplies in the system tree. The Power Supply Status page displays. Table 5-10 and Table 5-11 provide descriptions of the information provided on the Power Supply Status page. Table 5-10. Power Supply Health Status Information Item Description Name Displays the name of the PSU: PS-n, where n is the power supply number. Present Indicates whether the power supply is present (Yes or No). Health OK Indicates that the PSU is present and communicating with the CMC. Indicates that the health of the PSU is OK. In the event of a communication failure between the CMC and the fan unit, the CMC cannot obtain or display health status for the PSU. Severe Indicates that the PSU has a failure and the health is critical. Corrective action must be taken immediately. Failure to do so may cause the component to shutdown due to power loss. Unknown Displayed with the chassis is first powered on. In the event of a communication failure between the CMC and the PSU, the CMC cannot obtain or display health status for the PSU. Power Status Indicates the power state of the PSU: Online, Off, or Slot Empty. Capacity Displays the power capacity in watts. 118 Using the CMC Web Interface Table 5-11. System Power Status Item Description Overall Power Health Indicates the health status (OK, Non-Critical, Critical, Non-Recoverable, Other, Unknown) of the power management for the entire chassis. System Power Status Displays the power status (On, Off, Powering On, Powering Off) of the chassis. Redundancy Indicates the power supply redundancy status. Values include: No: Power Supplies are not redundant. Yes: Full Redundancy in effect. Viewing Status of the Temperature Sensors The Temperature Sensors Information page displays the status and readings of the temperature probes on the entire chassis (chassis, servers, IOMs, and iKVM). NOTE: The temperature probes value cannot be edited. Any change beyond the threshold will generate an alert that will cause the fan speed to vary. For example, if the CMC ambient temperature probe exceeds threshold, the speed of the fans on the chassis increase. To view the health status of the temperature probes: 1 Log in to the CMC Web interface. 2 Select Temperature Sensors in the system tree. The Temperature Sensors Information page displays. Using the CMC Web Interface 119 Table 5-12 provides descriptions of the information provided on the Temperature Sensors Information page. Table 5-12. Temperature Sensors Health Status Information Item Description ID Displays the numeric ID of the temperature probe. Name Displays the name of each temperature probe on the chassis, servers, IOMs, and iKVM. Examples: Ambient Temp, Server 1 Temp, I/O Module 1, iKVM Temp. Present Indicates whether the sensor is present (Yes) or absent (No) in the chassis. Health OK Indicates that the temperature probe unit is present and communicating with the CMC. Indicates that the health of the temperature probe unit is OK. Severe Indicates that the temperature sensor has a failure and the health is critical. Corrective action must be taken immediately. Unknown Displayed with the chassis is first powered on. In the event of a communication failure between the CMC and the temperature probe unit, the CMC cannot obtain or display health status for the temperature probe. Reading Indicates the current temperature in degrees Centigrade and Fahrenheit. Threshold Maximum Indicates the highest temperature, in degrees Centigrade and Fahrenheit, at which a Failure alert is issued. Threshold Minimum Indicates the lowest temperature, in degrees Centigrade and Fahrenheit, at which a Failure alert is issued. 120 Using the CMC Web Interface Viewing World Wide Name/Media Access Control (WWN/MAC) IDs The WWN/MAC Summary page allows you to view the WWN configuration and MAC address of a slot in the chassis. Fabric Configuration The Fabric Configuration section displays the type of Input/Output fabric that is installed for Fabric A, Fabric B, and Fabric C. A green check mark indicates that the fabric is enabled for FlexAddress. The FlexAddress feature is used to deploy chassis assigned and slot persistent WWN/MAC addresses to various fabrics and slots within the chassis. This feature is enabled on a per fabric and per slot basis. NOTE: See "Using FlexAddress" for more information on the FlexAddress feature. WWN/MAC Addresses The WWN/MAC Address section displays the WWN/MAC information that is assigned to all servers, even if those server slots are currently empty. Location displays the location of the slot occupied by the Input/Output modules. The six slots are identified by a combination of the group name (A, B, or C) and slot number (1 or 2): slot names A1, A2, B1, B2, C1, or C2. iDRAC is the server's integrated management controller. Fabric displays the type of the I/O fabric. Server-Assigned displays the server-assigned WWN/MAC addresses embedded in the controller's hardware. Chassis-Assigned displays the chassis-assigned WWN/MAC addresses used for the particular slot. A green check mark in the Server-Assigned or in Chassis-Assigned columns indicates the type of active addresses. Chassis-Assign addresses are assigned when FlexAddress is activated on the chassis, and represents the slot-persistent addresses. When Chassis-Assigned addresses are checked, those addresses will be used even if one server is replaced with another server. Using the CMC Web Interface 121 Configuring CMC Network Properties NOTE: Network configuration changes can result in the loss of connectivity on current network login. Setting Up Initial Access to the CMC Before you begin configuring the CMC, you must first configure the CMC network settings to allow the CMC to be managed remotely. This initial configuration assigns the TCP/IP networking parameters that enable access to the CMC. NOTE: You must have Chassis Configuration Administrator privilege to set up CMC network settings. 1 Log in to the Web interface. 2 Select Chassis in the system tree. 3 Click the Network/Security tab. The Network Configuration page appears. 4 Enable or disable DHCP for the CMC by selecting or clearing the Use DHCP (For CMC NIC IP Address) check box. 5 If you disabled DHCP, type the IP address, gateway, and subnet mask. 6 Click Apply Changes at the bottom of the page. Configuring the Network LAN Settings NOTE: To perform the following steps, you must have Chassis Configuration Administrator privilege. NOTE: The settings on the Network Configuration page, such as community string and SMTP server IP address, affect both the CMC and the external settings of the chassis. NOTE: If you have two CMCs (primary and standby) on the chassis, and they are both connected to the network, the standby CMC automatically assumes the network settings in the event of failover of the primary CMC. 1 Log in to the Web interface. 2 Click the Network/Security tab. 122 Using the CMC Web Interface 3 Configure the CMC network settings described in Table 5-13 through Table 5-15. 4 Click Apply Changes. To configure IP range and IP blocking settings, click the Advanced Settings button (see "Configuring CMC Network Security Settings"). To refresh the contents of the Network Configuration page, click Refresh. To print the contents of the Network Configuration page, click Print. Table 5-13. Network Settings Setting Description CMC MAC Address Displays the chassis’ MAC address, which is a unique identifier for the chassis over the computer network. Enable CMC NIC Enables the NIC of the CMC. Default: Enabled. If this option is checked: • The CMC communicates with and is accessible over the computer network. • The Web interface, CLI (remote RACADM), WSMAN, Telnet, and SSH associated with the CMC are available. If this option is not checked: • The CMC NIC cannot communicate over the network. • Communication to the chassis through CMC is not available. • The Web interface, CLI (remote RACADM), WSMAN, Telnet, and SSH associated with the CMC are not available. • The server iDRAC Web interface, local CLI, I/O modules, and iKVM are still accessible. • Network addresses for the iDRAC and CMC can be obtained, in this case, from the chassis' LCD. NOTE: Access to the other network-accessible components in the chassis is not affected when the network on the chassis is disabled (or lost). Using the CMC Web Interface 123 Table 5-13. Network Settings (continued) Setting Description Register CMC on DNS This property registers the CMC name on the DNS Server. Default: Unchecked (disabled) by default NOTE: Some DNS Servers will only register names of 31 characters or fewer. Make sure the designated name is within the DNS required limit. DNS CMC Name Displays the CMC name only when Register CMC on DNS is selected. The default CMC name is CMC_service_tag, where service tag is the service tag number of the chassis, for example: CMC-00002. The maximum number of characters is 63. The first character must be a letter (a-z, A-Z), followed by an alphanumeric (a-z, A-Z, 0-9) or a hyphen (-) characters. Use DHCP for DNS Domain Name Uses the default DNS domain name. This check box is active only when Use DHCP (For NIC IP Address) is selected. Default: Enabled DNS Domain Name The default DNS Domain Name is a blank character. This field can be edited only when the Use DHCP for DNS Domain Name check box is selected. Auto Negotiation (1 Gb) Determines whether the CMC automatically sets the duplex mode and network speed by communicating with the nearest router or switch (On) or allows you to set the duplex mode and network speed manually (Off). Default: On If Auto Negotiation is On, CMC automatically communicates with the nearest router or switch and operates at 1 Gb speed. If Auto Negotiation is Off, you must set the duplex mode and network speed manually. 124 Using the CMC Web Interface Table 5-13. Network Settings (continued) Setting Description Network Speed Set the network speed to 100 Mbps or 10 Mbps to match your network environment. NOTE: The Network Speed setting must match your network configuration for effective network throughput. Setting the Network Speed lower than the speed of your network configuration increases bandwidth consumption and slows network communication. Determine whether your network supports the above network speeds and set it accordingly. If your network configuration does not match any of these values, Dell recommends that you use Auto Negotiation or refer to your network equipment manufacturer. NOTE: To use 1000 Mb or 1 Gb speeds, select Auto Negotiation. Duplex Mode Set the duplex mode to full or half to match your network environment. Implications: If Auto Negotiation is turned On for one device but not the other, then the device using auto negotiation can determine the network speed of the other device, but not the duplex mode. In this case, duplex mode defaults to the half duplex setting during auto negotiation. such a duplex mismatch will result in a slow network connection. NOTE: The network speed and duplex mode settings are not available if Auto Negotiation is set to On. MTU Sets the size of the Maximum Transmission Unit (MTU), or the largest packet that can be passed through the interface. Configuration range: 576–1500. Default: 1500. NOTE: IPv6 requires a minimum MTU of 1280. If IPv6 is enabled, and cfgNetTuningMtu is set to a lower value, the CMC will use an MTU of 1280. Using the CMC Web Interface 125 Table 5-14. IPv4 Settings Setting Description Enable IPv4 Allow the CMC to use the IPv4 protocol to communicate on the network. Clearing this box does not prevent IPv6 networking from occurring. Default: Checked (enabled) DHCP Enable Enables the CMC to request and obtain an IP address from the IPv4 Dynamic Host Configuration Protocol (DHCP) server automatically. Default: Checked (enabled) If this option is checked, the CMC retrieves IPv4 configuration (IP Address, subnet mask, and gateway) automatically from a DHCP server on your network. The CMC will always have a unique IP Address allotted over your network. NOTE: When this feature is enabled, the Static IP Address, Static Subnet Mask, and Static Gateway property fields (located immediately following this option on the Network Configuration page) are disabled, and any previously entered values for these properties are ignored. If this option is not checked, you must manually type the Static IP Address, Static Subnet Mask, and Static Gateway in the text fields immediately following this option in the Network Configuration page. Static IP Address Specifies the IPv4 address for the CMC NIC. Static Subnet Mask Specifies the static IPv4 subnet mask for the CMC NIC. Static Gateway Specifies the IPv4 gateway for the CMC NIC. NOTE: The Static IP Address, Static Subnet Mask, and Static Gateway fields are active only if DHCP Enable (the property field preceding these fields) is disabled (unchecked). In that case, you must manually type the Static IP Address, Static Subnet Mask, and Static Gateway for the CMC to use over the network. NOTE: The Static IP Address, Static Subnet Mask, and Static Gateway fields apply only to the chassis device. They do not affect the other network-accessible components in the chassis solution, such as the server network, local access, I/O modules, and iKVM. 126 Using the CMC Web Interface Table 5-14. IPv4 Settings (continued) Setting Description Use DHCP to Obtain DNS Server Addresses Obtains the primary and secondary DNS server addresses from the DHCP server instead of the static settings. Default: Checked (enabled) by default NOTE: If Use DHCP (For NIC IP Address) is enabled, then enable the Use DHCP to Obtain DNS Server Addresses property. If this option is checked, the CMC retrieves its DNS IP address automatically from a DHCP server on your network. NOTE: When this property is enabled, the Static Preferred DNS Server and Static Alternate DNS Server property fields (located immediately following this option on the Network Configuration page) are inactivated, and any previously entered values for these properties are ignored. If this option is not selected, the CMC retrieves the DNS IP address from the Static Preferred DNS Server and Static Alternate DNS Server. The addresses of these servers are specified in the text fields immediately following this option on the Network Configuration page. Static Preferred DNS Server Specifies the static IP address for the preferred DNS Server. The Static Preferred DNS Server is implemented only when Use DHCP to Obtain DNS Server Addresses is disabled. Static Alternate DNS Server Specifies the static IP address for the alternate DNS Server. The Static Alternate DNS Server is implemented only when Use DHCP to obtain DNS Server addresses is disabled. If you do not have an alternate DNS Server, type an IP address of 0.0.0.0. Using the CMC Web Interface 127 Table 5-15. IPv6 Settings Setting Description Enable IPv6 Allows the CMC to use the IPv6 protocol to communicate on the network. Unchecking this box does not prevent IPv4 networking from occurring. Default: Checked (enabled) AutoConfiguration Enable Allows the CMC to use the IPv6 protocol to obtain IPv6 related address and gateway settings from an IPv6 router configured to provide this information. The CMC will then have a unique IPv6 address on your network. Default: Checked (enabled) NOTE: When this feature is enabled, the Static IPv6 Address, Static Prefix Length, and Static Gateway property fields (located immediately following this option on the Network Configuration page) are disabled, and any previously entered values for these properties are ignored. If this option is not checked, you must manually type the Static IPv6 Address, Static Prefix Length, and Static Gateway in the text fields located immediately following this option on the Network Configuration page. Static IPv6 Address Specifies the IPv6 address for the CMC NIC when Autoconfiguration is not enabled. Static Prefix Length Specifies the IPv6 prefix length for the CMC NIC when Autoconfiguration is not enabled. Static Gateway Specifies the static IPv6 gateway for the CMC NIC when Autoconfiguration is not enabled. NOTE: The Static IPv6 Address, Static Prefix Length, and Static Gateway fields are active only if AutoConfiguration Enable (the property field preceding these fields) is disabled (unchecked). In that case, you must manually type the Static IPv6 Address, Static Prefix Length, and Static Gateway for the CMC to use over the IPv6 network. NOTE: The Static IPv6 Address, Static Prefix Length, and Static Gateway fields apply only to the chassis device. They do not affect the other network-accessible components in the chassis solution, such as the server network, local access, I/O modules, and iKVM. 128 Using the CMC Web Interface Table 5-15. IPv6 Settings (continued) Setting Description Static Preferred DNS Server Specifies the static IPv6 address for the preferred DNS Server. The entry for Static Preferred DNS Server is considered only when Use DHCP to Obtain DNS Server Addresses is disabled or unchecked. There is an entry for this Server in both IPv4 and IPv6 configuration areas. Static Alternate DNS Specifies the static IPv6 Address for the alternate DNS Server Server. If you do not have an alternate DNS server, type an IPv6 address of "::". The entry for Static Alternate DNS Server is considered only when Use DHCP to Obtain DNS Server Addresses is disabled or unchecked. There is an entry for this server in both IPv4 and IPv6 configuration areas. Configuring CMC Network Security Settings NOTE: To perform the following steps, you must have Chassis Configuration Administrator privilege. 1 Log in to the Web interface. 2 Click the Network/Security tab. The Network Configuration page displays. 3 Click the Advanced Settings button. The Network Security page displays. 4 Configure the CMC network security settings. Table 5-16 describes the settings on the Network Security page. NOTE: The IP Range and IP Blocking settings are applicable to IPv4 only. Table 5-16. Network Security Page Settings Settings Description IP Range Enabled Enables the IP Range checking feature, which defines a specific range of IP addresses that can access the CMC. IP Range Address Determines the base IP address for range checking. Using the CMC Web Interface 129 Table 5-16. Network Security Page Settings (continued) Settings Description IP Range Mask Defines a specific range of IP addresses that can access the CMC, a process called IP range checking. IP range checking allows access to the CMC only from clients or management stations whose IP addresses are within the user-specified range. All other logins are denied. For example: IP range mask: 255.255.255.0 (11111111.11111111.11111111.00000000) IP range address:192.168.0.255 (11000000.10101000.00000000.11111111) The resulting IP address range is any address that contains 192.168.0, that is, any address from 192.168.0.0 through 192.168.0.255. IP Blocking Enabled Enables the IP address blocking feature, which limits the number of failed login attempts from a specific IP address for a pre-selected time span. • IP Blocking Fail Sets the number of login failures attempted from an IP address Count before the login attempts are rejected from that address. • IP Blocking Fail Determines the time span in seconds within which Window IP Blocking Fail Count failures must occur to trigger the IP Block Penalty Time. • IP Blocking Penalty Time The time span in seconds within which login attempts from an IP address with excessive failures are rejected. NOTE: The IP Blocking Fail Count, IP Blocking Fail Window, and IP Blocking Penalty Time fields are active only if the IP Blocking Enabled check box (the property field preceding these fields) is checked (enabled). In that case, you must manually type IP Blocking Fail Count, IP Blocking Fail Window, and IP Blocking Penalty Time properties. 5 Click Apply to save your settings. To refresh the contents of the Network Security page, click Refresh. To print the contents of the Network Security page, click Print. 130 Using the CMC Web Interface Configuring VLAN VLANs are used to allow multiple virtual LANs to co-exist on the same physical network cable and to segregate the network traffic for security or load management purposes. When you enable the VLAN functionality, each network packet is assigned a VLAN tag. 1 Log in to the Web interface. 2 Click the Network/Security tab→VLAN subtab. The VLAN Tag Settings page displays. VLAN tags are chassis properties. They remain with the chassis even when a component is removed. 3 Configure the CMC/iDRAC VLAN settings. Table 5-17 describes the settings on the Network Security page. Table 5-17. VLAN Tag Settings Setting Description Slot Displays the slot occupied by the server in the chassis. Slots are sequential IDs, from 1 to 16 (for the 16 available slots in the chassis), that help identify the location of the server in the chassis. Name Displays the name of the server in each slot. Enable Enables VLAN if the check box is selected. VLAN is disabled by default. Priority Indicates the frame priority level, which can be used to prioritize different types of traffic (voice, video, and data). Valid priorities are 0 to 7; where 0 (default) is the lowest and 7 is the highest. ID Displays the VLAN ID (identification). Valid VLAN IDs are: 1 to 4000 and 4021 to 4094. The default VLAN ID is 1. 4 Click Apply to save the settings. You can also access this page from the Chassis→Servers→Setup tab→ VLAN subtab. Using the CMC Web Interface 131 Adding and Configuring CMC Users To manage your system with the CMC and maintain system security, create unique users with specific administrative permissions (or role-based authority). For additional security, you can also configure alerts that are e-mailed to specific users when a specific system event occurs. User Types There are two types of users: CMC users and iDRAC users. CMC users are also known as "chassis users." Since iDRAC resides on the server, iDRAC users are also known as "server users." CMC users can be local users or Active Directory users. iDRAC users can also be local users or Active Directory users. Except where a CMC user has Server Administrator privilege, privileges granted to a CMC user are not automatically transferred to the same user on a server, because server users are created independently from CMC users. In other words, CMC Active Directory users and iDRAC Active Directory users reside on two different branches in the Active Directory tree. To create a local server user, the User Configuration Administrator must log into the server directly. The User Configuration Administrator cannot create a server user from CMC or vice versa. This rule protects the security and integrity of the servers. Table 5-18, Table 5-19, and Table 5-20 describe CMC user privileges (local or Active Directory), and what operations a CMC user can execute on the chassis and on the servers based on the privileges he is granted. The term user or users, therefore, should be understood as CMC users. Server users will be explicitly specified. 132 Using the CMC Web Interface Table 5-18. User Types Privilege Description CMC Login User Users who have the CMC Login User privilege can log in to CMC. A user with only the login privilege can view all of the CMC data but cannot add or modify data or execute commands. It is possible for a user to have other privileges without the login privilege. This feature is useful when a user is temporarily disallowed to login. When that user’s login privilege is restored, the user retains all the other privileges previously granted. Chassis Configuration Administrator Users who have the Chassis Configuration Administrator privilege can add or change data that: • Identifies the chassis, such as chassis name and chassis location • Is assigned specifically to the chassis, such as IP mode (static or DHCP), static IP address, static gateway, and static subnet mask • Provides services to the chassis, such as date and time, firmware update, and CMC reset. • Is associated with the chassis, such as slot name and slot priority. Although these properties apply to the servers, they are strictly chassis properties relating to the slots rather than the servers themselves. For this reason, slot names and slot priorities can be added or changed whether or not servers are present in the slots. When a server is moved to a different chassis, it inherits the slot name and priority assigned to the slot it occupies in the new chassis. Its previous slot name and priority remain with the previous chassis. User Configuration Administrator Users who have the User Configuration Administrator privilege can: • Add a new user • Delete an existing user • Change a user's password • Change a user's privileges • Enable or disable a user's login privilege but retain the user's name and other privileges in the database. Clear Logs Administrator CMC users who have the Clear Administrator privilege can clear the hardware log and CMC log. Using the CMC Web Interface 133 Table 5-18. User Types (continued) Privilege Description Chassis Control Administrator (Power Commands) CMC users with the Chassis Power Administrator privilege can perform all power-related operations: Server Administrator The Server Administrator privilege is a blanket privilege granting a CMC user all rights to perform any operation on any servers present in the chassis. • Control chassis power operations, including power on, power off, and power cycle. When a user with CMC Server Administrator privilege issues an action to be performed on a server, the CMC firmware sends the command to the targeted server without checking the user's privileges on the server. In other words, the CMC Server Administrator privilege overrides any lack of administrator privileges on the server. Without the Server Administrator privilege, a user created on the chassis can only execute a command on a server when all of the following conditions are true: • The same user name exists on the server • The same user name must have the exact same password on the server • The user must have the privilege to execute the command When a CMC user who does not have Server Administrator privilege issues an action to be performed on a server, the CMC will send a command to the targeted server with the user’s login name and password. If the user does not exist on the server, or if the password does not match, the user is denied the ability to perform the action. If the user exists on the target server and the password matches, the server responds with the privileges of which the user was granted on the server. Based on the privileges responding from the server, CMC firmware decides if the user has the right to perform the action. Listed below are the privileges and the actions on the server to which the Server Administrator is entitled. These rights are applied only when the chassis user does not have the Server Administrative privilege on the chassis. 134 Using the CMC Web Interface Table 5-18. User Types (continued) Privilege Description Server Administrator (continued) Server Configuration Administrator: • Set IP address • Set gateway • Set subnet mask • Set first boot device User Configuration Administrator: • Set iDRAC root password • iDRAC reset Server Control Administrator: • Power on • Power off • Power cycle • Graceful shutdown • Server Reboot Test Alert User CMC users who have the Test Alert User privilege can send test alert messages. Debug Command Administrator CMC users who have the Debug Administrator privilege can execute system diagnostic commands. Fabric A Administrator CMC users who have the Fabric A Administrator privilege can set and configure the Fabric A IOM, which resides in either slot A1 or slot A2 of the I/O slots. Fabric B Administrator CMC users who have the Fabric B Administrator privilege can set and configure the Fabric B IOM, which resides in either slot B1 or slot B2 of the I/O slots. Fabric C Administrator CMC users who have the Fabric C Administrator privilege can set and configure the Fabric C IOM, which resides in either slot C1 or slot C2 of the I/O slots. Using the CMC Web Interface 135 The CMC user groups provide a series of user groups that have pre-assigned user privileges. The privileges are listed and described in Table 5-18. The following table lists the user groups and the pre-defined user privileges. NOTE: If you select Administrator, Power User, or Guest User, and then add or remove a privilege from the pre-defined set, the CMC Group automatically changes to Custom. Table 5-19. CMC Group Privileges User Group Privileges Granted Administrator • CMC Login User • Chassis Configuration Administrator • User Configuration Administrator • Clear Logs Administrator • Server Administrator • Test Alert User • Debug Command Administrator • Fabric A Administrator • Fabric B Administrator • Fabric C Administrator Power User • CMC Login User • Clear Logs Administrator • Chassis Control Administrator (Power Commands) • Server Administrator • Test Alert User • Fabric A Administrator • Fabric B Administrator • Fabric C Administrator Guest User 136 CMC Login User Using the CMC Web Interface Table 5-19. CMC Group Privileges (continued) User Group Privileges Granted Custom Select any combination of the following permissions: • CMC Login User • Chassis Configuration Administrator • User Configuration Administrator • Clear Logs Administrator • Chassis Control Administrator (Power Commands) • Super User • Server Administrator • Test Alert User • Debug Command Administrator • Fabric A Administrator • Fabric B Administrator • Fabric C Administrator None No assigned permissions. Table 5-20. Comparison of Privileges Between CMC Administrators, Power Users, and Guest Users Privilege Set Administrator Permissions Power User Permissions Guest User Permissions CMC Login User Chassis Configuration Administrator User Configuration Administrator Clear Logs Administrator Chassis Control Administrator (Power Commands) Using the CMC Web Interface 137 Table 5-20. Comparison of Privileges Between CMC Administrators, Power Users, and Guest Users (continued) Privilege Set Administrator Permissions Power User Permissions Guest User Permissions Super User Server Administrator Test Alert User Debug Command Administrator Fabric A Administrator Fabric B Administrator Fabric C Administrator Adding and Managing Users From the Users and User Configuration pages in the Web interface, you can view information about CMC users, add a new user, and change settings for an existing user. You can configure up to 16 local users. If additional users are required and your company uses the Microsoft® Active Directory® service software, you can configure Active Directory to provide access to the CMC. Active Directory configuration would allow you to add and control CMC user privileges to your existing users in your Active Directory software, in addition to the 16 local users. For more information, see "Using the CMC With Microsoft Active Directory" on page 207. 138 Using the CMC Web Interface Users can be logged in through Web interface, Telnet serial, SSH, and iKVM sessions. A maximum of 22 active sessions (Web interface, Telnet serial, SSH, and iKVM, in any combination) can be divided among users. NOTE: For added security, Dell strongly recommends that you change the default password of the root (User 1) account. The root account is the default administrative account that ships with the CMC. To change the default password for the root account, click User ID 1 to open the User Configuration page. Help for that page is available through the Help link at the top right corner of the page. To add and configure CMC users: NOTE: You must have User Configuration Administrator privilege to perform the following steps. 1 Log in to the Web interface. 2 Click the Network/Security tab, and then click the Users sub-tab. The Users page appears, listing each user’s user ID, user name, CMC privilege, and login state, including those of the root user. User IDs available for configuration will have no user information displayed. 3 Click an available user ID number. The User Configuration page displays. To refresh the contents of the Users page, click Refresh. To print the contents of the Users age, click Print. 4 Select general settings for the user. Table 5-21 describes the General settings for configuring a new or existing CMC username and password. Table 5-21. General User Settings Property Description User ID (Read only) Identifies a user by one of 16 preset, sequential numbers used for CLI scripting purposes. The User ID identifies the particular user when configuring the user through the CLI tool (RACADM). You cannot edit the User ID. If you are editing information for user root, this field is static. You cannot edit the user name for root. Enable User Enables or disables the user's access to the CMC. Using the CMC Web Interface 139 Table 5-21. General User Settings (continued) Property Description User Name Sets or displays the unique CMC user name associated with the user. The user name can contain up to 16 characters. CMC user names cannot include forward slash (/) or period (.) characters. NOTE: If you change the user name, the new name does not appear in the user interface until your next login. Any user logging in after you apply the new user name will be able to see the change immediately. Change Password Allows an existing user’s password to be changed. Set the new password in the New Password field. The Change Password check box is not selectable if you are configuring a new user. You can select it only when changing an existing user setting. Password Sets a new password for an existing user. To change the password, you must also select the Change Password check box. The password can contain up to 20 characters, which display as dots as you type. Confirm Password Verifies the password you entered in the New Password field. NOTE: The New Password and Confirm New Password fields are editable only when you are (1) configuring a new user; or (2) editing the settings for an existing user, and the Change Password check box is selected. 5 Assign the user to a CMC user group. Table 5-18 describes CMC user privileges. Table 5-19 describes the user group permissions for the CMC User Privileges settings. Table 5-20 provides a comparison of privileges between Administrators, Power Users, and Guest Users. When you select a user privilege setting from the CMC Group drop-down menu, the enabled privileges (shown as checked boxes in the list) display according to the pre-defined settings for that group. You can customize the privileges settings for the user by checking or un-checking boxes. After you have selected a CMC Group or made Custom user privilege selections, click Apply Changes to keep the settings. 6 Click Apply Changes. To refresh the contents of the User Configuration page, click Refresh. To print the contents of the User Configuration page, click Print. 140 Using the CMC Web Interface Configuring and Managing Microsoft Active Directory Certificates NOTE: To configure Active Directory settings for the CMC, you must have Chassis Configuration Administrator privilege. NOTE: For more information about Active Directory configuration and how to configure Active Directory with Standard Schema or Extended Schema, see "Using the CMC With Microsoft Active Directory" on page 207. You can use the Microsoft Active Directory service to configure your software to provide access to the CMC. Active Directory service allows you to add and control the CMC user privileges of your existing users. To access the Active Directory Main Menu page: 1 Log in to the Web interface. 2 Click the Network/Security tab, and then click the Active Directory subtab. The Active Directory Main Menu page appears. Table 5-22 lists the Active Directory Main Menu page options. Table 5-22. Active Directory Main Menu Page Options Field Description Configure Configure and manage the following Active Directory settings for CMC: CMC Name, ROOT Domain Name, CMC Domain Name, Active Directory Authentication Timeout, Active Directory Schema Selection (Extended or Standard), and Role Group settings. Upload AD Certificate Upload a certificate authority-signed certificate for Active Directory to the CMC. This certificate, which you obtain from Active Directory, grants access to the CMC. Download Certificate Downloads a CMC server certificate to your management station or shared network using Windows Download Manager. When you select this option and click Next, a File Download dialog box appears. Use this dialog box to specify a location on your management station or shared network for the server certificate. Using the CMC Web Interface 141 Table 5-22. Active Directory Main Menu Page Options (continued) Field Description View Certificate Displays the certificate authority-signed server certificate for Active Directory that has been uploaded to the CMC. NOTE: By default, CMC does not have a certificate authority-issued server certificate for Active Directory. You must upload a current, certificate authority-signed server certificate. Upload Kerberos Keytab Uploads a Kerberos Keytab for Active Directory to the CMC. You can generate the Kerberos Keytab from the Active Directory Server by executing the ktpass.exe utility. This keytab establishes a trust relationship between the Active Directory Server and the CMC. NOTE: The CMC does not have a Kerberos Keytab for Active Directory. You must upload a currently generated Kerberos Keytab. See "Configuring Single Sign-On" for detailed information. Configuring Active Directory (Standard Schema and Extended Schema) NOTE: To configure Active Directory settings for the CMC, you must have Chassis Configuration Administrator privilege. NOTE: Before configuring or using the Active Directory feature, you must ensure that your Active Directory server is configured to communicate with the CMC. 1 Ensure that all Secure Socket Layer (SSL) certificates for the Active Directory servers are signed by the same certificate authority and have been uploaded to the CMC. 2 Log in to the Web interface and navigate to the Active Directory Main Menu. 3 Select Configure, and then click Next. The Active Directory Configuration and Management page displays. 4 Select the Enable Active Directory check box under the Common Settings heading. 5 Type the required information into the remaining fields. See Table 5-23. 142 Using the CMC Web Interface Table 5-23. Active Directory Common Settings Properties Setting Description Root Domain Name Specifies the domain name used by Active Directory. The root domain name is the fully qualified root domain name for the forest. NOTE: The root domain name must be a valid domain name using the x.y naming convention, where x is a 1–256 character ASCII string with no spaces between characters, and y is a valid domain type such as com, edu, gov, int, mil, net, or org. Default: null (empty) AD Timeout The time in seconds to wait for Active Directory queries to complete. The minimum value is equal to or greater than 15 seconds. Default: 120 seconds Specify AD Server to search (Optional) Enables (when checked) directed call on the domain controller and global catalog. If you enable this option, you must also specify the domain controller and global catalog locations in the following settings. NOTE: The name on the Active Directory CA Certificate will not be matched against the specified Active Directory server or the Global Catalog server. Domain Controller Specifies the server where your Active Directory service is installed. This option is valid only if Specify AD Server to search (OPTIONAL) is enabled. Global Catalog Specifies the location of the global catalog on the Active Directory domain controller. The global catalog provides a resource for searching an Active Directory forest. This option is valid only if Specify AD Server to search (OPTIONAL) is enabled. Using the CMC Web Interface 143 6 Select an Active Directory schema under the Active Directory Schema Selection heading. See Table 5-24. 7 If you selected Extended Schema, type the following required information in the Extended Schema Settings section, and then proceed directly to step 9. If you selected Standard Schema, proceed to step 8. • CMC Device Name – The name that uniquely identifies the CMC card in Active Directory. The CMC name must be the same as the common name of the new CMC object you created in your Domain Controller. The name must be a 1–256 character ASCII string with no spaces between characters. Default: null (empty). • CMC Domain Name – The DNS name (string) of the domain where the Active Directory CMC object resides (example: cmc.com). The name must be a valid domain name consisting of x.y, where x is a 1–256 character ASCII string with no spaces between characters, and y is a valid domain type such as com, edu, gov, int, mil, net, or org. Default: null (empty). NOTE: Do not use the NetBIOS name. The CMC Domain Name is the fully qualified domain name of the sub-domain where the CMC Device Object is located. Table 5-24. Active Directory Schema Options Setting Description Use Standard Schema Uses Standard Schema with Active Directory, which uses Active Directory group objects only. Before configuring CMC to use the Active Directory Standard Schema option, you must first configure the Active Directory software: 1 On an Active Directory server (domain controller), open the Active Directory Users and Computers Snap-in. 2 Create a group or select an existing group. The name of the group and the name of this domain must be configured on the CMC either with the Web interface or RACADM. 144 Using the CMC Web Interface Table 5-24. Active Directory Schema Options (continued) Setting Description Use Extended Schema Uses Extended Schema with Active Directory, which uses Dell-defined Active Directory objects. Before configuring CMC to use the Active Directory Extended Schema option, you must first configure the Active Directory software: 1 Extend the Active Directory schema. 2 Extend the Active Directory Users and Computers Snap-in. 3 Add CMC users and their privileges to Active Directory. 4 Enable SSL on each of your domain controllers. 5 Configure the CMC Active Directory properties using either the CMC Web interface or the RACADM. 8 If you selected Standard Schema, type the following information in the Standard Schema Settings section. If you selected Extended Schema, proceed to step 9. • Role Groups – The role groups associated with the CMC. To change the settings for a role group, click the role group number in the Role Groups list. The Configure Role Group page displays. NOTE: If you click a role group link prior to applying any new settings you have made, you will lose those settings. To avoid losing any new settings, click Apply before clicking a role group link. • Group Name – The name that identifies the role group in the Active Directory associated with the CMC card. • Group Domain – The domain where the group is located. • Group Privilege – The privilege level for the group. 9 Click Apply to save the settings. Using the CMC Web Interface 145 To refresh the contents of the Active Directory Configuration and Management page, click Refresh. To print the contents of the Active Directory Configuration and Management page, click Print. To configure the Role Groups for Active Directory, click the individual Role Group (1–5). See Table 5-19 and Table 5-18. NOTE: To save the settings on the Active Directory Configuration and Management page, you have to click Apply before proceeding to the Custom Role Group page. Uploading an Active Directory Certificate Authority-Signed Certificate From the Active Directory Main Menu page: 1 Select Upload AD Certificate, and then click Next. The Certificate Upload page displays. 2 Type the file path in the text field, or click Browse to select the file. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension. 3 Click Apply. If the certificate is invalid, an error message displays. To refresh the contents of the Upload Active Directory CA Certificate page, click Refresh. To print the contents of the Upload Active Directory CA Certificate page, click Print. Viewing an Active Directory Certificate Authority-Signed Certificate NOTE: If you uploaded an Active Directory server certificate on the CMC, make sure the certificate is still valid and has not expired. From the Active Directory Main Menu page: 1 Select View Certificate, and then click Next. 2 Click the appropriate View Active Directory CA Certificate page button to continue. 146 Using the CMC Web Interface Table 5-16. Active Directory CA Certificate Information Field Description Serial Number Certificate serial number. Subject Information Certificate attributes entered by the subject. Issuer Information Certificate attributes returned by the issuer. Valid From Certificate issue date. Valid To Certificate expiration date. 3 To refresh the contents of the View Active Directory CA Certificate page, click Refresh. To print the contents of the View Active Directory CA Certificate page, click Print. Securing CMC Communications Using SSL and Digital Certificates This subsection provides information about the following data security features that are incorporated in your CMC: • Secure Sockets Layer (SSL) • Certificate Signing Request (CSR) • Accessing the SSL main menu • Generating a new CSR • Uploading a server certificate • Viewing a server certificate Secure Sockets Layer (SSL) The CMC includes a Web server that is configured to use the industry-standard SSL security protocol to transfer encrypted data over the Internet. Built upon public-key and private-key encryption technology, SSL is a widely accepted technique for providing authenticated and encrypted communication between clients and servers to prevent eavesdropping across a network. Using the CMC Web Interface 147 SSL allows an SSL-enabled system to perform the following tasks: • Authenticate itself to an SSL-enabled client • Allow the client to authenticate itself to the server • Allow both systems to establish an encrypted connection This encryption process provides a high level of data protection. The CMC employs the 128-bit SSL encryption standard, the most secure form of encryption generally available for Internet browsers in North America. The CMC Web server includes a Dell self-signed SSL digital certificate (Server ID). To ensure high security over the Internet, replace the Web server SSL certificate by submitting a request to the CMC to generate a new Certificate Signing Request (CSR). Certificate Signing Request (CSR) A CSR is a digital request to a certificate authority (referred to as a CA in the Web interface) for a secure server certificate. Secure server certificates ensure the identity of a remote system and ensure that information exchanged with the remote system cannot be viewed or changed by others. To ensure the security for your CMC, it is strongly recommended that you generate a CSR, submit the CSR to a certificate authority, and upload the certificate returned from the certificate authority. A certificate authority is a business entity that is recognized in the IT industry for meeting high standards of reliable screening, identification, and other important security criteria. Examples of CAs include Thawte and VeriSign. After the certificate authority receives your CSR, they review and verify the information the CSR contains. If the applicant meets the certificate authority’s security standards, the certificate authority issues a certificate to the applicant that uniquely identifies that applicant for transactions over networks and on the Internet. After the certificate authority approves the CSR and sends you a certificate, you must upload the certificate to the CMC firmware. The CSR information stored on the CMC firmware must match the information contained in the certificate. 148 Using the CMC Web Interface Accessing the SSL Main Menu NOTE: To configure SSL settings for the CMC, you must have Chassis Configuration Administrator privilege. NOTE: Any server certificate you upload must be current (not expired) and signed by a certificate authority. 1 Log in to the Web interface. 2 Click the Network/Security tab, and then click the SSL sub-tab. The SSL Main Menu page appears. Use the SSL Main Menu page options to generate a CSR to send to a certificate authority. The CSR information is stored on the CMC firmware. Generating a New Certificate Signing Request To ensure security, Dell strongly recommends that you obtain and upload a secure server certificate to the CMC. Secure server certificates ensure the identity of a remote system and that information exchanged with the remote system cannot be viewed or changed by others. Without a secure server certificate, the CMC is vulnerable to access from unauthorized users. Table 5-17. SSL Main Menu Options Field Description Generate a New Certificate Signing Request (CSR) Select this option and click Next to open the Generate Certificate Signing Request (CSR) page, where you can generate a CSR request for a secure Web certificate to submit to a certificate authority. NOTE: Each new CSR overwrites any previous CSR on the CMC. For a certificate authority to accept your CSR, the CSR in the CMC must match the certificate returned from the certificate authority. Upload Server Certificate Based on Generated CSR Select this option and click Next to display the Certificate Upload page, where you can upload an existing certificate that your company holds title to and uses to control access to the CMC. NOTE: Only X509, Base 64-encoded certificates are accepted by the CMC. DER-encoded certificates are not accepted. Uploading a new certificate replaces the default certificate you received with your CMC. Using the CMC Web Interface 149 Table 5-17. SSL Main Menu Options (continued) Field Description Upload Webserver key and Certificate Select this option and click Next to open the Webserver Key and Certificate Upload page, where you can upload an existing Web server key and server certificate that your company holds title to and uses to control access to the CMC. NOTE: Only X.509, Base64 encoded certificates are accepted by the CMC. Binary DER-encoded certificates are not accepted. Uploading a new certificate replaces the default certificate you received with your CMC. View Server Certificate Select the option and click the Next button to open the View Server Certificate page where you can view the current server certificate. To obtain a secure server certificate for the CMC, you must submit a Certificate Signing Request (CSR) to a certificate authority of your choice. A CSR is a digital request for a signed, secure server certificate containing information about your organization and a unique, identifying key. When a CSR is generated from the Generate Certificate Signing Request (CSR) page, you are prompted to save a copy to your management station or shared network, and the unique information used to generate the CSR is stored on the CMC. This information is used later to authenticate the server certificate you receive from the certificate authority. After you receive the server certificate from the certificate authority, you must then upload it to the CMC. NOTE: For the CMC to accept the server certificate returned by the certificate authority, authentication information contained in the new certificate must match the information that was stored on the CMC when the CSR was generated. CAUTION: When a new CSR is generated, it overwrites any previous CSR on the CMC. If a pending CSR is overwritten before its server certificate is granted from a certificate authority, the CMC will not accept the server certificate because the information it uses to authenticate the certificate has been lost. Take caution when generating a CSR to prevent overwriting any pending CSR. 150 Using the CMC Web Interface To generate a CSR: 1 From the SSL Main Menu page, select Generate a New Certificate Signing Request (CSR), and then click Next. The Generate Certificate Signing Request (CSR) page displays. 2 Type a value for each CSR attribute value. Table 5-18 describes the Generate Certificate Signing Request (CSR) page options. 3 Click Generate. A File Download dialog box appears. 4 Save the csr.txt file to your management station or shared network. (You may also open the file at this time and save it later.) You will later submit this file to a certificate authority. Table 5-18. Generate Certificate Signing Request (CSR) Page Options Field Description Common Name The exact name being certified (usually the Web server's domain name, for example, www.xyzcompany.com/). Valid: Alphanumeric characters (A–Z, a–z, 0–9); hyphens, underscores, and periods. Not valid: Non-alphanumeric characters not noted above (such as, but not limited to, @ # $ % & *); characters used primarily in non-English languages, such as ß, å, é, ü. Organization Name The name associated with your organization (example: XYZ Corporation). Valid: Alphanumeric characters (A–Z, a–z, 0–9); hyphens, underscores, periods, and spaces. Not valid: Non-alphanumeric characters not noted above (such as, but not limited to, @ # $ % & *). Organization Unit The name associated with an organizational unit, such as a department (example: Enterprise Group). Valid: Alphanumeric characters (A–Z, a–z, 0–9); hyphens, underscores, periods, and spaces. Not valid: Non-alphanumeric characters not noted above (such as, but not limited to, @ # $ % & *). Using the CMC Web Interface 151 Table 5-18. Generate Certificate Signing Request (CSR) Page Options (continued) Field Description Locality The city or other location of your organization (examples: Atlanta, Hong Kong). Valid: Alphanumeric characters (A–Z, a–z, 0–9) and spaces. Not Valid: Non-alphanumeric characters not noted above (such as, but not limited to, @ # $ % & *). State The state, province, or territory where the entity that is applying for a certification is located (examples: Texas, New South Wales, Andhra Pradesh). NOTE: Do not use abbreviations. Valid: Alphanumeric characters (upper- and lower-case letters; 0–9); and spaces. Not valid: Non-alphanumeric characters not noted above (such as, but not limited to, @ # $ % & *). Country The country where the organization applying for certification is located. Email Your organization's e-mail address. You may type any e-mail address you want to have associated with the CSR. The e-mail address must be valid, containing the at (@) sign (example: name@xyzcompany.com). NOTE: This e-mail address is an optional field. Uploading a Server Certificate 1 From the SSL Main Menu page, select Upload Server Certificate, and then click Next. The Certificate Upload page displays. 2 Type the file path in the text field, or click Browse to select the file. 3 Click Apply. If the certificate is invalid, an error message displays. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension. To refresh the contents of the Certificate Upload page, click Refresh. To print the contents of the Certificate Upload page, click Print. 152 Using the CMC Web Interface Viewing a Server Certificate From the SSL Main Menu page, select View Server Certificate, and then click Next. The View Server Certificate page displays. Table 5-19 describes the fields and associated descriptions listed in the Certificate window. Table 5-19. Certificate Information Field Description Serial Certificate serial number Subject Certificate attributes entered by the subject Issuer Certificate attributes returned by the issuer notBefore Issue date of the certificate notAfter Expiration date of the certificate To refresh the contents of the View Server Certificate page, click Refresh. To print the contents of the View Server Certificate page, click Print. Managing Sessions The Sessions page displays all current instances of connections to the chassis and allows you to terminate any active session. NOTE: To terminate a session, you must have Chassis Configuration Administrator privilege. To terminate a session: 1 Log into the CMC through the Web. 2 Click the Network/Security tab then click the Sessions sub-tab. 3 On the Sessions page, locate the session you want to terminate and click the trash can icon. To manage sessions: 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. Using the CMC Web Interface 153 3 Click the Network/Security tab. 4 Click the Sessions sub-tab. The Sessions page appears. Table 5-20. Sessions Properties Property Description Session ID Displays the sequentially generated ID number for each instance of a login. Username Displays the user's login name (local user or Active Directory user). Examples of Active Directory user names are name@domain.com, domain.com/name, domain.com\name. IP Address Displays the user’s IP address. Session Type Describes the session type: Telnet, serial, SSH, Remote RACADM, SMASH CLP, WSMAN, or a GUI session. Terminate Allows you to terminate any of the sessions listed, except for your own. To terminate the associated session, click the trash can icon . This column is displayed only if you have Chassis Configuration Administrator privileges. To terminate the session, click the trash can icon on the line that describes the session. Configuring Services The CMC includes a Web server that is configured to use the industry-standard SSL security protocol to accept and transfer encrypted data from and to clients over the Internet. The Web server includes a Dell self-signed SSL digital certificate (Server ID) and is responsible for accepting and responding to secure HTTP requests from clients. This service is required by the Web interface and remote CLI tool for communicating to the CMC. NOTE: The remote (RACADM) CLI tool and the Web interface use the Web server. In the event that the Web Server is not active, the remote RACADM and the Web interface are not operable. 154 Using the CMC Web Interface NOTE: In an event of a Web server reset, wait at least one minute for the services to become available again. A Web server reset usually happens as a result of any of the following events: the network configuration or network security properties are changed through the CMC Web user interface or RACADM; the Web Server port configuration is changed through the Web user interface or RACADM; the CMC is reset; a new SSL server certificate is uploaded. NOTE: To modify service settings, you must have Chassis Configuration Administrator privilege. To configure CMC services: 1 Log in to the CMC Web interface. 2 Click the Network/Security tab. 3 Click the Services sub-tab. The Services page appears. 4 Configure the following services as required: • CMC serial console (Table 5-21) • Web server (Table 5-22) • SSH (Table 5-23) • Telnet (Table 5-24) • Remote RACADM (Table 5-25) • SNMP (Table 5-26) • Remote Syslog (Table 5-27) 5 Click Apply; update all default time outs and maximum time out limits. Table 5-21. CMC Serial Console Settings Setting Description Enabled Enables Telnet console interface on the CMC. Default: Unchecked (disabled) Redirect Enabled Enables the serial/text console redirection to the server through your serial/Telnet/SSH client from the CMC. The CMC connects to iDRAC that internally connects to the server COM2 port. Configuration options: Checked (enabled), unchecked (disabled) Default: Checked (enabled) Using the CMC Web Interface 155 Table 5-21. CMC Serial Console Settings (continued) Setting Description Idle Timeout Indicates the number of seconds before an idle serial session is automatically disconnected. A change to the Timeout setting takes effect at the next login; it does not affect the current session. Timeout Range: 0 or 60 to 10800 seconds. To disable the Timeout feature, enter 0. Default: 1800 seconds Baud Rate Indicates the data speed on the external serial port on the CMC. Configuration options: 9600, 19200, 28800, 38400, 57600, and 115200 bps. Default: 115200 bps Authentication Disabled Enables CMC Serial Console login authentication. Escape Key Allows you to specify the Escape key combination that terminates serial/text console redirection when using the connect or racadm connect command. Default: Unchecked (disabled) Default: ^\ (Hold and type a backslash (\) character) NOTE: The caret character ^ represents the key. Configuration options: • Decimal value (example: 95) • Hexadecimal value (example: 0x12) • Octal value (example: 007) • ASCII value (example: ^a) ASCII values may be represented using the following Escape key codes: • Esc followed by any alphabetic character (a-z, A-Z) • Esc followed by the following special characters: [ ] \ ^ _ • Maximum Allowed Length: 4 156 Using the CMC Web Interface Table 5-21. CMC Serial Console Settings (continued) Setting Description History Size Buffer Indicates the maximum size of the serial history buffer, which holds the last characters written to the Serial Console. Default: 8192 characters Login Command Specifies the serial command that is automatically executed when a user logs into the CMC Serial Console interface. Example: connect server-1 Default: [Null] Table 5-22. Web Server Settings Setting Description Enabled Enables Web Server services (access through remote RACADM and the Web interface) for the CMC. Default: Checked (enabled) Max Sessions Indicates the maximum number of simultaneous Web user interface sessions allowed for the chassis. A change to the Max Sessions property takes effect at the next login; it does not affect current Active Sessions (including your own). The remote RACADM is not affected by the Max Sessions property for the Web Server. Allowed range: 1–4 Default: 4 NOTE: If you change the Max Sessions property to a value less than the current number of Active Sessions and then log out, you cannot log back in until the other sessions have been terminated or expired. Using the CMC Web Interface 157 Table 5-22. Web Server Settings (continued) Setting Description Idle Timeout Indicates the number of seconds before an idle Web user interface session is automatically disconnected. A change to the Timeout setting takes effect at the next login; it does not affect the current session. Timeout range: 60 to 10800 seconds. Default: 1800 seconds HTTP Port Number Indicates the default port used by the CMC that listens for a server connection. NOTE: When you provide the HTTP address on the browser, the Web server automatically redirects and uses HTTPS. If the default HTTP port number (80) has been changed, you must include the port number in the address in the browser address field, as shown: http:// : where IP address is the IP address for the chassis, and port number is the HTTP port number other than the default of 80. Configuration range: 10–65535 Default: 80 HTTPS Port Number Indicates the default port used by the CMC that listens for a secured server connection. If the default HTTPS port number (443) has been changed, you must include the port number in the address in the browser address field, as shown: https:// : where is the IP address for the chassis, and is the HTTPS port number other than the default of 443. Configuration range: 10–65535 Default: 443 158 Using the CMC Web Interface Table 5-23. SSH Settings Setting Description Enabled Enables the SSH on the CMC. Default: Checked (enabled) Max Sessions The maximum number of simultaneous SSH sessions allowed for the chassis. A change to this property takes effect at the next login; it does not affect current Active Sessions (including your own). Configurable range: 1–4 Default: 4 NOTE: If you change the Max Sessions property to a value less than the current number of Active Sessions and then log out, you cannot log back in until the other sessions have been terminated or expired. Idle Timeout Indicates the number of seconds before an idle SSH session is automatically disconnected. A change to the Timeout setting takes effect at the next login; it does not affect the current session. Timeout Range: 0 or 60–10800 seconds. To disable the Timeout feature, enter 0. Default: 1800 seconds Port Number Port used by the CMC that listens for a server connection. Configuration range: 10–65535 Default: 22 Using the CMC Web Interface 159 Table 5-24. Telnet Settings Setting Description Enabled Enables Telnet console interface on the CMC. Default: Unchecked (disabled) Max Sessions Indicates the maximum number of simultaneous Telnet sessions allowed for the chassis. A change to this property takes effect at the next login; it does not affect current Active Sessions (including your own). Allowed range: 1–4 Default: 4 NOTE: If you change the Max Sessions property to a value less than the current number of Active Sessions and then log out, you cannot log back in until the other sessions have been terminated or expired. Idle Timeout Indicates the number of seconds before an idle Telnet session is automatically disconnected. A change to the Timeout setting takes effect at the next login; it does not affect the current session. Timeout Range: 0 or 60–10800 seconds. To disable the Timeout feature, enter 0. Default: 1800 seconds Port Number Indicates the port used by the CMC that listens for a server connection. Default: 23 160 Using the CMC Web Interface Table 5-25. Remote RACADM Settings Setting Description Enabled Enables the remote RACADM utility access to the CMC. Default: Checked (enabled) Max Sessions Indicates the maximum number of simultaneous RACADM sessions allowed for the chassis. A change to this property takes effect at the next login; it does not affect current Active Sessions (including your own). Allowed range: 1–4 Default: 4 NOTE: If you change the Max Sessions property to a value less than the current number of Active Sessions and then log out, you cannot log back in until the other sessions have been terminated or expired. Idle Timeout Indicates the number of seconds before an idle racadm session is automatically disconnected. A change to the Idle Timeout setting takes effect at the next login; it does not affect the current session. To disable the Idle Timeout feature, enter 0. Timeout Range: 0, or 10 to 1920 seconds. To disable the Timeout feature, enter 0. Default: 30 seconds Table 5-26. SNMP Configuration Setting Description Enabled Enables SNMP on the CMC. Legal Values: Checked (enabled), unchecked (disabled) Default: unchecked (disabled) Community Name Indicates the community string used to get data from CMC's SNMP daemon. Using the CMC Web Interface 161 Table 5-27. Remote Syslog Configuration Setting Description Enabled Enables the transmission and remote capture of the System Log on the specified server(s). Legal Values: Checked (enabled), unchecked (disabled) Default: unchecked (disabled) Syslog Server 1 The first of three possible servers to host a copy of the syslog. Specified as a hostname, an IPv6 address, or an IPv4 address. Syslog Server 2 The second of three possible servers to host a copy of the syslog. Specified as a hostname, an IPv6 address, or an IPv4 address. Syslog Server 3 The third of three possible servers to host a copy of the syslog. Specified as a hostname, an IPv6 address, or an IPv4 address. Syslog Port Number Specifies the port number on the remote server for receiving a copy of the syslog. The same port number is used for all three servers. A valid syslog port number is in the 10-65535 range. Default: 514 Configuring Power Budgeting The CMC allows you to budget and manage power to the chassis. The power management service optimizes power consumption and re-allocates power to different modules based on the demand. For instructions on configuring power through the CMC, see "Configuring and Managing Power" on page 263. For more information on the CMC’s power management service, see "Power Management" on page 247. 162 Using the CMC Web Interface Managing Firmware Updates This section describes how to use the Web interface to update firmware. The following components can be updated using the GUI or RACADM commands: • CMC - primary and standby. • iKVM • iDRAC • IOM infrastructure devices When you update firmware, follow the recommended process to prevent a loss of service if the update fails. See "Installing or Updating the CMC Firmware" for guidelines to follow before using the instructions in this section. Viewing the Current Firmware Versions The Update page displays the current version of all the components in the chassis that can be updated. These may include the iKVM firmware, primary CMC firmware, (if applicable) the standby CMC firmware, the iDRAC firmware, and the IOM infrastructure device firmware; see "Updating the IOM Infrastructure Device Firmware" for additional details. Clicking on either the device name or the Select/Deselect All check box and then the Apply Update button will display an update page for the selected devices. If the chassis contains an earlier generation server whose iDRAC is in recovery mode or if the CMC detects that an iDRAC has corrupted firmware, then the earlier generation iDRAC is also listed on the Updatable Components page. See "Recovering iDRAC Firmware Using the CMC" for the steps to recover iDRAC firmware using the CMC. To view the components that can be updated: 1 Log in to the Web interface (see "Accessing the CMC Web Interface"). 2 Click Chassis in the system tree. 3 Click the Update tab. The Updatable Components page appears. Using the CMC Web Interface 163 Updating Firmware NOTE: To update firmware on the CMC, you must have Chassis Configuration Administrator privilege. NOTE: The firmware update retains the current CMC and iKVM settings. NOTE: If a Web user interface session is used to update system component firmware, the Idle Timeout setting must be set high enough to accommodate the file transfer time. In some cases, the firmware file transfer time may be as high as 30 minutes. To set the Idle Timeout value, see "Configuring Services." The Updatable Components page displays the current version of the firmware for each listed component and allows you to update the firmware to the latest revision. The basic steps involved in updating device firmware are: • Select the devices to update • Click the Apply button below the grouping • Click Browse to select the firmware image • Click Begin Firmware Update to start the update process. A message that states Transferring file image is displayed, followed by a status progress page. NOTE: Be sure you have the latest firmware version. You can download the latest firmware image file from the Dell Support website. Updating the CMC Firmware NOTE: During updates of the CMC firmware or the iDRAC firmware on a server, some or all of the fan units in the chassis will spin at 100%. This is normal. NOTE: The Active (primary) CMC resets and becomes temporarily unavailable after the firmware has been uploaded successfully. If a standby CMC is present, the standby and active roles will swap; the standby (secondary) CMC becomes the active (primary) CMC. If an update is applied only to the active (primary) CMC, after the reset is complete the primary CMC will not be running the updated image, only the standby (secondary) will have that image. NOTE: To avoid disconnecting other users during a reset, notify authorized users who might log in to the CMC and check for active sessions by viewing the Sessions page. To open the Sessions page, select Chassis in the tree, click the Network/Security tab, and then click the Sessions sub-tab. Help for that page is available through the Help link at the top right corner of the page. 164 Using the CMC Web Interface NOTE: When transferring files to and from the CMC, the file transfer icon spins during the transfer. If your icon is not animated, make sure that your browser is configured to allow animations. See "Allow Animations in Internet Explorer" on page 34 for instructions. NOTE: If you experience problems downloading files from the CMC using Internet Explorer, enable the Do not save encrypted pages to disk option. See "Downloading Files From CMC With Internet Explorer" on page 33 for instructions. 1 On the Updatable Components page, select the CMC or CMCs to update by selecting the Update Targets check box for the CMC(s). Both CMCs can be updated at the same time. 2 Click the Apply CMC Update button below the CMC component list. NOTE: The default CMC firmware image name is firmimg.cmc. The CMC firmware should be updated first, before updating IOM infrastructure device firmware. 3 In the Firmware Image field, enter the path to the firmware image file on your management station or shared network, or click Browse to navigate to the file location. 4 Click Begin Firmware Update. The Firmware Update Progress section provides firmware update status information. A status indicator displays on the page while the image file uploads. File transfer time can vary greatly based on connection speed. When the internal update process begins, the page automatically refreshes and the Firmware update timer displays. Additional items to note: • Do not use the Refresh button or navigate to another page during the file transfer. • To cancel the process, click Cancel File Transfer and Update - this option is available only during file transfer. • Update status displays in the Update State field; this field is automatically updated during the file transfer process. NOTE: The update may take several minutes for the CMC. 5 For a standby (secondary) CMC, when the update is complete the Update State field displays "Done". For an active (primary) CMC, during the final phases of the firmware update process, the browser session and connection with the CMC will be lost temporarily as the active (primary) CMC is taken off line. You must log in again after a few minutes, when the active (primary) CMC has rebooted. Using the CMC Web Interface 165 After the CMC resets, the new firmware is displayed on the Updatable Components page. NOTE: After the firmware update, clear the Web browser cache. See your Web browser’s online help for instructions on how to clear the browser cache. Updating the iKVM Firmware NOTE: The iKVM resets and becomes temporarily unavailable after the firmware has been uploaded successfully. 1 Log back in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Update tab. The Updatable Components page appears. 4 Select the iKVM to update by selecting the Update Targets check box for that iKVM. 5 Click the Apply iKVM Update button below the iKVM component list. 6 In the Firmware Image field, enter the path to the firmware image file on your management station or shared network, or click Browse to navigate to the file location. NOTE: The default iKVM firmware image name is ikvm.bin; however, the iKVM firmware image name can be changed by the user. 7 Click Begin Firmware Update. 8 Click Yes to continue. The Firmware Update Progress section provides firmware update status information. A status indicator displays on the page while the image file uploads. File transfer time can vary greatly based on connection speed. When the internal update process begins, the page automatically refreshes and the Firmware update timer displays. Additional items to note: • Do not use the Refresh button or navigate to another page during the file transfer. • To cancel the process, click Cancel File Transfer and Update - this option is available only during file transfer. • Update status displays in the Update State field; this field is automatically updated during the file transfer process. NOTE: The update may take up to two minutes for the iKVM. When the update is complete, iKVM resets and the new firmware is displayed on the Updatable Components page. 166 Using the CMC Web Interface Updating the IOM Infrastructure Device Firmware By performing this update, the firmware for a component of the IOM device is updated, but not the firmware of the IOM device itself; the component is the interface circuitry between the IOM device and the CMC. The update image for the component resides in the CMC file system, and the component displays as an updatable device on the CMC Web GUI only if the current revision on the component and the component image on the CMC do not match. 1 Log back in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Update tab. The Updatable Components page appears. 4 Select the IOM device to update by selecting the Update Targets check box for that IOM device. 5 Click the Apply IOM Update button below the IOM component list. NOTE: The Firmware Image field does not display for an IOM infrastructure device (IOMINF) target because the required image resides on the CMC. The CMC firmware should be updated first, before updating IOMINF firmware. IOMINF updates are allowed by the CMC if it detects that the IOMINF firmware is out-of-date with the image contained in the CMC file system. If the IOMINF firmware is up-to-date, the CMC will prevent IOMINF updates. Up-to-date IOMINF devices are be listed as updatable devices. 6 Click Begin Firmware Update. The Firmware Update Progress section provides firmware update status information. A status indicator displays on the page while the image file uploads. File transfer time can vary greatly based on connection speed. When the internal update process begins, the page automatically refreshes and the Firmware update timer displays. Additional items to note: • Do not use the Refresh button or navigate to another page during the file transfer. • Update status displays in the Update State field; this field is automatically updated during the file transfer process. NOTE: No file transfer timer is displayed when updating IOMINF firmware. The update process may cause a brief loss of connectivity to the IOM device since the device restarts when the update is complete. Using the CMC Web Interface 167 When the update is complete, the new firmware is displayed on the Updatable Components page and the updated system will no longer be present on that page. Updating the Server iDRAC Firmware NOTE: The iDRAC (on a Server) will reset and become temporarily unavailable after firmware updates have been uploaded successfully. NOTE: The iDRAC firmware must be at version 1.4 or greater for servers with iDRAC, or 2.0 or greater for servers with iDRAC6 Enterprise. 1 Log back in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Update tab. The Updatable Components page appears. 4 Select the iDRAC or iDRACs to update by selecting the Update Targets check box those devices. 5 Click the Apply iDRAC Update button below the iDRAC component list. 6 In the Firmware Image field, enter the path to the firmware image file on your management station or shared network, or click Browse to navigate to the file location. 7 Click Begin Firmware Update. The Firmware Update Progress section provides firmware update status information. A status indicator displays on the page while the image file uploads. File transfer time can vary greatly based on connection speed. When the internal update process begins, the page automatically refreshes and the firmware update timer displays. Additional items to note: • Do not use the Refresh button or navigate to another page during the file transfer. • To cancel the process, click Cancel File Transfer and Update - this option is available only during file transfer. • Update status displays in the Update State field; this field is automatically updated during the file transfer process. NOTE: The update may take several minutes for the CMC or server. 168 Using the CMC Web Interface Recovering iDRAC Firmware Using the CMC iDRAC firmware is typically updated using iDRAC facilities such as the iDRAC Web interface, the SM-CLP command line interface, or operating system specific update packages downloaded from support.dell.com. See the iDRAC Firmware User’s Guide for instructions for updating the iDRAC firmware. Early generations of servers can have corrupted firmware recovered using the newly-updated iDRAC firmware process. When the CMC detects corrupted iDRAC firmware, it lists the server on the Updatable Components page. Follow these steps to update the iDRAC firmware. 1 Download the latest iDRAC firmware to your management computer from support.dell.com. 2 Log in to the Web interface (see "Accessing the CMC Web Interface"). 3 Click Chassis in the system tree. 4 Click the Update tab. The Updatable Components page appears. 5 Select the iDRAC or iDRACs of the same model to update by selecting the Update Targets check box those devices. 6 Click the Apply iDRAC Update button below the iDRAC component list. 7 Click Browse, browse to the iDRAC firmware image you downloaded, and click Open. NOTE: The default iDRAC firmware image name is firmimg.imc. 8 Click Begin Firmware Update. Additional items to note: • Do not use the Refresh button or navigate to another page during the file transfer. • To cancel the process, click Cancel File Transfer and Update - this option is available only during file transfer. • Update status displays in the Update State field; this field is automatically updated during the file transfer process. NOTE: It can take up to ten minutes to update the iDRAC firmware. Using the CMC Web Interface 169 Managing iDRAC The CMC provides the Deploy iDRAC page to allow the user to configure installed and newly inserted server's iDRAC network configuration settings. A user can configure one or more installed iDRAC devices from this page. The user can also configure the default iDRAC network configuration settings and root password for severs that will be installed later; these default settings are the iDRAC QuickDeploy settings. For more information on the iDRAC behavior, see the iDRAC User’s Guides on the Dell Support website at support.dell.com. iDRAC QuickDeploy The iDRAC QuickDeploy section of the Deploy iDRAC page contains network configuration settings that are applied to newly inserted servers. You may use these settings to automatically populate the iDRAC Network Settings table that is below the QuickDeploy section. Once QuickDeploy is enabled, the QuickDeploy settings are applied to servers when that server is installed. Follow these steps to enable and set the iDRAC QuickDeploy settings: 1 Log in to the CMC Web interface. 2 Select Servers in the system tree. 3 Click the Setup tab. The Deploy iDRAC page appears. 4 Set the QuickDeploy settings accordingly. 170 Using the CMC Web Interface Table 5-28. QuickDeploy Settings Setting Description QuickDeploy Enabled Enables/disables the QuickDeploy feature that automatically applies the iDRAC settings configured on this page to newly inserted servers; the auto configuration must be confirmed locally on the LCD panel. NOTE: This includes the root user password if the Set iDRAC Root Password on Server Insertion box is checked. Default: Unchecked (disabled) Set iDRAC Root Password on Server Insertion Specifies whether a server’s iDRAC root password should be changed to the value provided in the iDRAC Root Password text box when the server is inserted. iDRAC Root Password When Set iDRAC Root Password on Server Insertion and QuickDeploy Enabled are checked, this password value is assigned to a server's iDRAC root user password when the server is inserted into chassis. The password can have 1 to 20 printable (including spaces) characters. Confirm iDRAC Root Password Verifies the password entered into the iDRAC Root Password field. Enable iDRAC LAN Enables/disables the iDRAC LAN channel. Default: Unchecked (disabled) Enable iDRAC IPv4 Enables/disables IPv4 on iDRAC. Default setting is enabled. Enable iDRAC IPMI over LAN Enables/disables the IPMI over LAN channel for each iDRAC present in the chassis. Default: Unchecked (disabled) Enable iDRAC DHCP Enables/disables DHCP for each iDRAC present in the chassis. If this option is enabled, the fields QuickDeploy IP, QuickDeploy Subnet Mask, and QuickDeploy Gateway are disabled, and can not be modified since DHCP will be used to automatically assign these settings for each iDRAC. Default: Unchecked (disabled) Using the CMC Web Interface 171 Table 5-28. QuickDeploy Settings (continued) Setting Description Starting iDRAC IPv4 Address (Slot 1) Specifies the static IP address of the iDRAC of the server in slot 1 of the enclosure. The IP address of each subsequent iDRAC is incremented by 1 for each slot from slot 1's static IP address. In the case where the IP address plus the slot number is greater than the subnet mask, an error message is displayed. NOTE: The subnet mask and the gateway are not incremented like the IP address. For example, if the starting IP address is 192.168.0.250 and the subnet mask is 255.255.0.0 then the QuickDeploy IP address for slot 15 is 192.168.0.265. If the subnet mask were 255.255.255.0, the QuickDeploy IP address range is not fully within QuickDeploy Subnet error message is displayed when either the Save QuickDeploy Settings or Auto-Populate Using QuickDeploy Settings buttons are pressed. iDRAC IPv4 Netmask Specifies the QuickDeploy subnet mask that is assigned to all newly inserted servers. iDRAC IPv4 Gateway Specifies the QuickDeploy default gateway that is assigned to all iDRACs present in the chassis. Enable iDRAC IPv6 Enables IPv6 addressing for each iDRAC present in the chassis that is IPv6 capable. Enable iDRAC IPv6 Autoconfiguration Enables the iDRAC to obtain IPv6 settings (Address and prefix length) from a DHCPv6 server and also enables stateless address auto configuration. Default setting is enabled. iDRAC IPv6 Gateway Specifies the default IPv6 gateway to be assigned to the iDRACs. Default setting is "::". iDRAC IPv6 Prefix Length Specifies the prefix length to be assigned for the IPv6 addresses on the iDRAC. Default setting is 64. 172 Using the CMC Web Interface 5 To save the selections click the Save QuickDeploy Settings button. If you made changes to the iDRAC network setting, click the Apply iDRAC Network Settings button to deploy the settings to the iDRAC. 6 To update the table to the last saved QuickDeploy settings, and restore the iDRAC Network settings to the current values for each installed server, click Refresh. NOTE: Clicking the Refresh button deletes all iDRAC QuickDeploy and iDRAC Network configuration settings that have not been saved. The QuickDeploy feature only executes when it is enabled, and a server is inserted in the chassis. If Set iDRAC Root Password on Server Insertion and QuickDeploy Enabled are checked, the user is prompted using the LCD interface to allow or not allow the password change. If there are network configuration settings that differ from the current iDRAC settings, the user is prompted to either accept or not accept the changes. NOTE: When there is a LAN or LAN over IPMI difference, the user is prompted to accept the QuickDeploy IP address setting. If the difference is the DHCP setting, the user is prompted to accept the DHCP QuickDeploy setting. To copy the QuickDeploy settings into the iDRAC Network Settings section, click Auto-Populate Using QuickDeploy Settings. The QuickDeploy network configurations settings are copied into the corresponding fields in the iDRAC Network Configuration Settings table. NOTE: Changes made to QuickDeploy fields are immediate, but changes made to one or more iDRAC server network configuration settings may require a couple of minutes to propagate from the CMC to an iDRAC. Pressing the Refresh button too soon may display only partially correct data for one or more iDRAC servers. Using the CMC Web Interface 173 iDRAC Network Settings The iDRAC Network Settings section of the Deploy iDRAC page contains a table listing all installed server’s iDRAC IPv4 and IPv6 network configuration settings. Using this table you can configure the iDRAC network configurations settings for each installed server. The initial values displayed for each of the fields are the current values read from the iDRAC. Changing a field and clicking Apply iDRAC Network Settings saves the changed field to the iDRAC. Follow these steps to enable and set the iDRAC Network Settings: 1 Log in to the CMC Web interface. 2 Select Servers in the system tree. 3 Click the Setup tab. The Deploy iDRAC page appears. 4 Select the check box for QuickDeploy Enabled to enable the QuickDeploy settings. 5 Set the remaining iDRAC Network Settings accordingly. Table 5-29. iDRAC Network Settings Setting Description Slot Displays the slot occupied by the server in the chassis. Slot numbers are sequential IDs, from 1 to 16 (for the 16 available slots on the chassis), that help identify the location of the server in the chassis. NOTE: When there are fewer than 16 servers occupying slots, only those slots populated by servers are displayed. Name Displays the server name of the server in each slot. By default, the slots are named SLOT-01 to SLOT-16. NOTE: The slot name cannot be blank or NULL. Enable LAN Enables (checked) or disables (unchecked) the LAN channel. NOTE: When LAN is not selected (disabled), all other network configuration settings, (IPMI over LAN, DHCP, IP Address Subnet Mask and Gateway) are not used. These fields are not accessible. 174 Using the CMC Web Interface Table 5-29. iDRAC Network Settings (continued) Setting Description Change Root Password Enables (when checked) the ability to change the password of the iDRAC root user. The iDRAC Root Password and Confirm iDRAC Root Password fields must be provided for this operation to be successful. DHCP If selected DHCP is used to acquire the iDRAC IP address, subnet mask and default gateway, otherwise the values defined in the iDRAC network configuration fields are used. LAN must be enabled to set this field IPMI over LAN Enables (checked) or disables (unchecked) the IPMI LAN channel. LAN must be enabled to set this field. IP Address The static IPv4 or IPv6 address assigned to the iDRAC located in this slot. Subnet Mask Specifies the subnet mask assigned to the iDRAC installed in this slot. Gateway Specifies the default gateway assigned to the iDRAC which will be installed in this slot. Enable IPv4 Enables the iDRAC in the slot to use the IPv4 protocol on the network. You must select the Enable LAN option for this option to be active. Default setting is enabled. Enable IPv6 Enables the iDRAC in the slot to use the IPv6 protocol on the network. You must select the Enable LAN option and deselect the Autoconfiguration option for this option to be active. Default setting is disabled. NOTE: This option is available only if the server is IPv6 capable. Autoconfiguration Enables the iDRAC to obtain IPv6 settings (Address and prefix length) from a DHCPv6 server and also enables stateless address auto configuration. NOTE: This option is available only if the server is IPv6 capable. Prefix Length Specifies the length, in bits, of the IPv6 subnet to which this iDRAC belongs. Using the CMC Web Interface 175 6 To deploy the setting to iDRAC, click Apply iDRAC Network Settings button. If you made changes to the QuickDeploy settings, they will also be saved. 7 To restore the iDRAC Network settings to the current values for each installed blade, and update the QuickDeploy table to the last saved QuickDeploy settings click Refresh. NOTE: Clicking Refresh button deletes all iDRAC QuickDeploy and iDRAC Network configuration settings that have not been saved. The iDRAC Network Settings table reflects future network configuration settings; the values shown for installed blades may or may not be the same as the currently installed iDRAC network configuration settings. Press the Refresh button to update the iDRAC Deploy page with each installed iDRAC network configuration settings after changes are made. NOTE: Changes made to QuickDeploy fields are immediate, but changes made to one or more iDRAC server network configuration settings may require a couple of minutes to propagate from the CMC to an iDRAC. Pressing the Refresh button too soon may display only partially correct data for a one or more iDRAC servers. Launching iDRAC using Single Sign-On The CMC provides limited management of individual chassis components, such as servers. For complete management of these individual components, the CMC provides a launch point for the server’s management controller (iDRAC) Web-based interface. To launch the iDRAC management console from the Servers page, use the following steps: 1 Log in to the CMC Web interface. 2 Select Servers in the system tree. The Servers Status page appears. 3 Click the Launch iDRAC GUI icon for the server you want to manage. To launch the iDRAC management console for an individual server: 1 Log in to the CMC Web interface. 2 Expand Servers in the system tree. All of the servers (1–16) appear in the expanded Servers list. 3 Click the server you want to view. The Server Status page displays. 4 Click the Launch iDRAC GUI icon. 176 Using the CMC Web Interface A user may be able to launch iDRAC GUI without having to login a second time, as this feature utilizes single sign-on. Single sign-on policies are described below. • A CMC user who has server administrative privilege, will automatically be logged into iDRAC using single sign-on. Once on the iDRAC site, this user is automatically granted Administrator privileges. This is true even if the same user does not have an account on iDRAC, or if the account does not have the Administrator’s privileges. • A CMC user who does NOT have the server administrative privilege, but has the same account on iDRAC will automatically be logged into iDRAC using single sign-on. Once on the iDRAC site, this user is granted the privileges that were created for the iDRAC account. • A CMC user who does not have the server administrative privilege, or the same account on the iDRAC, will NOT be automatically logged into iDRAC using single sign-on. This user is directed to the iDRAC login page when the Launch iDRAC GUI button is clicked. NOTE: The term "the same account" in this context means that the user has the same login name with a matching password for CMC and for iDRAC. The user who has the same login name without a matching password, will not be considered to have the same account. NOTE: Users may be prompted to log in to iDRAC (see the third Single Sign-on policy bullet above). NOTE: If the iDRAC network LAN is disabled (LAN Enabled = No), single sign-on is not available. NOTE: If the server is removed from the chassis, the iDRAC IP address is changed, or the iDRAC network connection experiences a problem, then clicking the Launch iDRAC GUI icon may display an error page. Using the CMC Web Interface 177 FlexAddress This section describes the FlexAddress® Web interface screens. FlexAddress is an optional upgrade that allows server modules to replace the factory-assigned WWN/MAC ID with a WWN/MAC ID provided by the chassis. NOTE: You must purchase and install the FlexAddress upgrade to have access to the configuration screens. If the upgrade has not been purchased and installed, the following text will be displayed on the Web interface: Optional feature not installed. See the Dell Chassis Management Controller Users Guide for information on the chassis-based WWN and MAC address administration feature. To purchase this feature, please contact Dell at www.dell.com. Viewing FlexAddress Status You can use the Web interface to view FlexAddress status information. You can view status information for the entire chassis or for an individual server. The information displayed includes: • Fabric configuration • FlexAddress active/not active • Slot number and name • Chassis-assigned and server-assigned addresses • Addresses in use NOTE: You can also view FlexAddress status using the command line interface. For more command information, see "Using FlexAddress." Viewing Chassis FlexAddress Status FlexAddress status information can be displayed for the entire chassis. The status information includes whether the feature is active and an overview of the FlexAddress status for each blade. 178 Using the CMC Web Interface Use the following steps to view whether FlexAddress is active for the chassis: 1 Log in to the Web interface (see "Accessing the CMC Web Interface"). 2 Click Chassis in the system tree. 3 Click the Setup tab. The General Setup page appears. The FlexAddress entry will have a value of Active or Not Active; a value of active means that the feature is installed on the chassis. A value of not active means that the feature is not installed and not in use on the chassis. Use the following steps to display a FlexAddress status overview for each server module: 1 Log in to the Web interface (see "Accessing the CMC Web Interface"). 2 Click Servers in the system tree. Click the Properties tab, WWN/MAC sub-tab. 3 The FlexAddress Summary page is displayed. This page allows you to view the WWN configuration and MAC addresses for all slots in the chassis. The status page presents the following information: Fabric Configuration Fabric A, Fabric B, and Fabric C display the type of the Input/Output fabric installed. iDRAC displays the server management MAC address. NOTE: If Fabric A is enabled, unpopulated slots display chassisassigned MAC addresses for Fabric A and MAC or WWNs for Fabrics B and C if they are in use by populated slots. WWN/MAC Addresses Displays FlexAddress configuration for each slot in the chassis. Information displayed includes: • iDRAC management controller is not a fabric but its FlexAddress is treated like one. • Slot number and location • FlexAddress active/not active status • Fabric type • Server-assigned and chassis-assigned WWN/MAC addresses in use A green check mark indicates the active address type, either server-assigned or chassis-assigned. 4 For additional information, click the Help link and review "Using FlexAddress." Using the CMC Web Interface 179 Viewing Server FlexAddress Status FlexAddress status information can also be displayed for each individual server. The server level information displays a FlexAddress status overview for that blade. Use the following steps to view FlexAddress server information: 1 Log in to the Web interface (see "Accessing the CMC Web Interface" on page 97). 2 Expand Servers in the system tree. All of the servers (1–16) appear in the expanded Servers list. 3 Click the server you want to view. The Server Status page displays. 4 Click the Setup tab, and the FlexAddress sub-tab. The FlexAddress Status page is displayed. This page allows you to view the WWN configuration and MAC addresses for the selected server. The status page presents the following information: FlexAddress Enabled Displays whether the FlexAddress feature is active or not active for the particular slot. Current State Displays the current FlexAddress configuration: • Chassis-Assigned - selected slot address is chassis assigned using the FlexAddress. The slot-based WWN/MAC addresses remain the same even if a new server is installed. • Server-Assigned - server uses the server-assigned address or the default address embedded into the controller hardware. Power State 180 Displays the current power status of the servers; values are: On, Powering On, Powering Off, Off, and N/A (if a server is not present). Using the CMC Web Interface Health OK Indicates that FlexAddress is present and providing status to the CMC. In the event of a communication failure between the CMC and FlexAddress, the CMC cannot obtain or display health status for FlexAddress. Informational Displays information about FlexAddress when no change in health status (OK, Warning, Severe) has occurred. Warning Indicates that only warning alerts have been issued, and corrective action must be taken. If corrective actions are not taken within the administrator-specified time, critical or severe failures that can affect the integrity of the server could occur. Severe Indicates at least one Failure alert has been issued. Severe status represents a system failure on the server, and corrective action must be taken immediately. No Value When FlexAddress is absent, health information is not provided. iDRAC firmware Displays the iDRAC version currently installed on the server. BIOS Version Displays the current BIOS version of the server module. Slot Slot number of the server associated with the fabric location. Location Displays the location of the Input/Output (I/O) module in the chassis by group number (A, B, or C) and slot number (1 or 2). Slot names: A1, A2, B1, B2, C1, or C2. Fabric Displays the type of fabric. Server-Assigned Displays the server-assigned WWN/MAC addresses that are embedded in the controller's hardware. Chassis-Assigned Displays the chassis-assigned WWN/MAC addresses that are used for the particular slot. 5 For additional information, click the Help link and review "Using FlexAddress" on page 189. Using the CMC Web Interface 181 Configuring FlexAddress If you purchase FlexAddress with your chassis, it will be installed and active when you power up your system. If you purchase FlexAddress separately, you must install the SD feature card using the instructions in the Chassis Management Controller (CMC) Secure Digital (SD) Card Technical Specification document. See support.dell.com for this document. The server must be off before you begin configuration. You can enable or disable FlexAddress on a per fabric basis. Additionally, you can enable/disable the feature on a per slot basis. After you enable the feature on a per-fabric basis, you can then select slots to be enabled. For example, if Fabric-A is enabled, any slots that are enabled will have FlexAddress enabled only on Fabric-A. All other fabrics will use the factory-assigned WWN/MAC on the server. Selected slots will be FlexAddress enabled for all fabrics that are enabled. For example, it is not possible to enable Fabric-A and B, and have Slot 1 be FlexAddress enabled on Fabric-A but not on Fabric-B. NOTE: You can also configure FlexAddress using the command line interface. For more command information, see "Using FlexAddress" on page 189. Chassis-Level Fabric and Slot FlexAddress Configuration At the chassis level, you can enable or disable the FlexAddress feature for fabrics and slots. FlexAddress is enabled on a per-fabric basis and then slots will be selected for participation in the feature. Both fabrics and slots must be enabled to successfully configure FlexAddress. Perform the following steps to enable or disable fabrics and slots to use the FlexAddress feature: 1 Log on to the Web interface (see "Accessing the CMC Web Interface"). 2 Click Servers in the system tree. 3 Click the Setup tab→FlexAddress subtab. The Deploy FlexAddress page is displayed. 4 The Select Fabrics for Chassis-Assigned WWN/MACs section displays a check box for Fabric A, Fabric B, Fabric C, and iDRAC. 182 Using the CMC Web Interface 5 Click the check box for each fabric you want to enable FlexAddress on. To disable a fabric, click the check box to clear the selection. NOTE: If no fabrics are selected, FlexAddress will not be enabled for the selected slots. The Select Slots for Chassis-Assigned WWN/MACs page displays an Enabled check box for each slot in the chassis (1 - 16). 6 Click the Enabled check box for each slot you want to enable FlexAddress on. If you want to select all slots, use the Select/Deselect All check box. To disable a slot, click the Enabled check box to clear the selection. NOTE: If a blade is present in the slot, it needs to be powered off before the FlexAddress feature can be enabled on that slot. NOTE: If no slots are selected, FlexAddress will not be enabled for the selected fabrics. 7 Click Apply to save the changes. For additional information, click the Help link and review "Using FlexAddress." Server-Level Slot FlexAddress Configuration At the server level, you can enable or disable the FlexAddress feature for individual slots. Use the following steps to enable or disable an individual slot to use the FlexAddress feature: 1 Log in to the Web interface (see "Accessing the CMC Web Interface"). 2 Expand Servers in the system tree. All of the servers (1–16) appear in the expanded Servers list. 3 Click the server you want to view. The Server Status page displays. 4 Click the Setup tab, and the FlexAddress sub-tab. The FlexAddress Status page is displayed. 5 Use the pull down menu for FlexAddress Enabled to make your selection; select Yes to enable FlexAddress or select No to disable FlexAddress. 6 Click Apply to save the changes. For additional information, click the Help link and review "Using FlexAddress." Using the CMC Web Interface 183 Remote File Sharing The Remote Virtual Media File Share option maps a file from a share drive on the network to one or more blades through the CMC to deploy or update an operating system. When connected, the remote file is accessible as if it is on the local system. Two types of media are supported: floppy drives and CD/DVD drives. 1 Log in to the Web interface (see "Accessing the CMC Web Interface"). 2 Click Servers in the system tree. 3 Click the Setup tab, and the Remote File Sharing sub-tab. The Deploy Remote File Share page is displayed. 4 Set the Remote File Sharing settings. Table 5-30. Remote File Sharing Settings Setting Description Image File Path Image File Path is only needed for connect and deploy operations. It does not apply to disconnect operations. The path name of the network drive is mounted to the server through a Windows SMB or Linux/Unix NFS protocol. For example, to connect to CIFS, type: // / / To connect to NFS, type: // :/ / File names that end with .img are connected as virtual floppies. File names that end with .iso are connected as virtual CD/DVDs. The maximum number of characters is 511. User Name User Name is only needed for connect and deploy operations. It does not apply to disconnect operations. The maximum number of characters you can specify in this field is 40. Password Password is only needed for connect and deploy operations. It does not apply to disconnect operations. The maximum number of characters you can specify in this field is 40. Slot Identifies the location of the slot. Slot numbers are sequential from 1 to 16 (for the 16 available slots in the chassis). 184 Using the CMC Web Interface Table 5-30. Remote File Sharing Settings (continued) Setting Description Name Indicates the name of the slot. Slots are named depending on their position in the chassis. Model Displays the model name of the server. Power State Displays the power status of the server: N/A – The CMC has not yet determined the power state of the server. Off – Either the server is off or the chassis is off. On – Both the chassis and the server are on. Powering On – Temporary state between Off and On. On success, the Power State is On. Powering Off – Temporary state between On and Off. On success, the Power State is Off. Connect Status Displays the remote file share connection status. Select/Deselect All Select this option before initiating a remote file share operation. Remote file share operations are: Connect, Disconnect, and Deploy. 5 Click Connect to connect to a remote file share. To connect a remote file share, you must provide the path, user name, and password. A successful operation allows access to the media. Click Disconnect to disconnect a previously connected remote file share. Click Deploy to deploy the media device. NOTE: Save all working files before executing the deploy command because this action causes the server to be restarted. This command involves these actions: – The remote file share is connected. – The file is selected as the first boot device for the servers. – The server is restarted. – Power is applied to the server if the server is turned off. Using the CMC Web Interface 185 Frequently Asked Questions Table 5-31 lists frequently asked questions and answers. Table 5-31. Managing and Recovering a Remote System: Frequently Asked Questions Question Answer When accessing the CMC Web interface, I get a security warning stating the host name of the SSL certificate does not match the host name of the CMC. The CMC includes a default CMC server certificate to ensure network security for the Web interface and remote RACADM features. When this certificate is used, the Web browser displays a security warning because the default certificate is issued to CMC default certificate which does not match the host name of the CMC (for example, the IP address). To address this security concern, upload a CMC server certificate issued to the IP address of the CMC. When generating the certificate signing request (CSR) to be used for issuing the certificate, ensure that the common name (CN) of the CSR matches the IP address of the CMC (for example, 192.168.0.120) or the registered DNS CMC name. To ensure that the CSR matches the registered DNS CMC name: 1 In the System tree, click Chassis. 2 Click the Network/Security tab, and then click Network. The Network Configuration page appears. 3 Select the Register CMC on DNS check box. 4 Enter the CMC name In the DNS CMC Name field. 5 Click Apply Changes. For more information about generating CSRs and issuing certificates, see "Securing CMC Communications Using SSL and Digital Certificates" on page 147. 186 Using the CMC Web Interface Table 5-31. Managing and Recovering a Remote System: Frequently Asked Questions (continued) Question Answer Why are the remote RACADM and Web-based services unavailable after a property change? It may take a minute for the remote RACADM services and the Web interface to become available after the CMC Web server resets. The CMC Web server is reset after the following occurrences: • When changing the network configuration or network security properties using the CMC Web user interface • When the cfgRacTuneHttpsPort property is changed (including when a config -f changes it) • When racresetcfg is used • When the CMC is reset • When a new SSL server certificate is uploaded Why doesn’t my DNS server register my CMC? Some DNS servers only register names of 31 characters or fewer. When accessing the CMC Web interface, I get a security warning stating the SSL certificate was issued by a certificate authority that is not trusted. CMC includes a default CMC server certificate to ensure network security for the Web interface and remote RACADM features. This certificate is not issued by a trusted certificate authority. To address this security concern, upload a CMC server certificate issued by a trusted certificate authority (such as Thawte or Verisign). For more information about issuing certificates, see "Securing CMC Communications Using SSL and Digital Certificates" on page 147. Using the CMC Web Interface 187 Table 5-31. Managing and Recovering a Remote System: Frequently Asked Questions (continued) Question Answer The following message is displayed for unknown reasons: As part of discovery, IT Assistant attempts to verify the device’s get and set community names. In IT Assistant, you have the get community name = public and the set community name = private. By default, the community name for the CMC agent is public. When IT Assistant sends out a set request, the CMC agent generates the SNMP authentication error because it will only accept requests from community = public. Remote Access: SNMP Authentication Failure Why does this happen? You can change the CMC community name using RACADM. To see the CMC community name, use the following command: racadm getconfig -g cfgOobSnmp To set the CMC community name, use the following command: racadm config -g cfgOobSnmp -o cfgOobSnmpAgentCommunity To prevent SNMP authentication traps from being generated, you must input community names that will be accepted by the agent. Since the CMC only allows one community name, you must input the same get and set community name for IT Assistant discovery setup. Troubleshooting the CMC The CMC Web interface provides tools for identifying, diagnosing, and fixing problems with your chassis. For more information about troubleshooting, see "Troubleshooting and Recovery." 188 Using the CMC Web Interface 6 Using FlexAddress The FlexAddress feature is an optional upgrade that allows server modules to replace the factory assigned World Wide Name and Media Access Control (WWN/MAC) network IDs with WWN/MAC IDs provided by the chassis. Every server module is assigned unique WWN and/or MAC IDs as part of the manufacturing process. Before FlexAddress, if you had to replace one server module with another, the WWN/MAC IDs would change and Ethernet network management tools and SAN resources had to be reconfigured to be aware of the new server module. FlexAddress allows the CMC to assign WWN/MAC IDs to a particular slot and override the factory IDs. If the server module is replaced, the slot-based WWN/MAC IDs remain the same. This feature eliminates the need to reconfigure Ethernet network management tools and SAN resources for a new server module. Additionally, the override action only occurs when a server module is inserted in a FlexAddress enabled chassis; no permanent changes are made to the server module. If a server module is moved to a chassis that does not support FlexAddress, the factory assigned WWN/MAC IDs will be used. Before installing FlexAddress, you can determine the range of MAC addresses contained on a FlexAddress feature card by inserting the SD card into an USB Memory Card Reader and viewing the file pwwn_mac.xml. This clear text XML file on the SD card will contain an XML tag mac_start that is the first starting hex MAC address that will be used for this unique MAC address range. The mac_count tag is the total number of MAC addresses that the SD card allocates. The total MAC range allocated can be determined by: + 0xCF (208 - 1) = mac_end where 208 is the mac_count and the formula is + - 1 = For example:(starting_mac)00188BFFDCFA + 0xCF = (ending_mac)00188BFFDDC9. NOTE: Lock the SD card prior to inserting in the USB "Memory Card Reader" to prevent accidently modifying any of the contents. You must lock the SD card before inserting into the CMC. Using FlexAddress 189 Activating FlexAddress FlexAddress is delivered on a Secure Digital (SD) card that must be inserted into the CMC to activate the feature. To activate the FlexAddress feature, software updates may be required; if you are not activating FlexAddress these updates are not required. The updates, which are listed in the table below, include server module BIOS, I/O mezzanine BIOS or firmware, and CMC firmware. You must apply these updates before you enable FlexAddress. If these updates are not applied, the FlexAddress feature may not function as expected. Component Minimum required version Ethernet mezzanine card - Broadcom M5708t, 5709, 5710 Boot code firmware 4.4.1 or later iSCSI boot firmware 2.7.11 or later PXE firmware 4.4.3 or later FC mezzanine card - QLogic QME2472, BIOS 2.04 or later FC8 FC mezzanine card - Emulex LPe1105M4, FC8 BIOS 3.03a3 and firmware 2.72A2 or later Server Module BIOS PowerEdge™ M600 – BIOS 2.02 or later PowerEdge M605 – BIOS 2.03 or later PowerEdge M805 PowerEdge M905 PowerEdge M610 PowerEdge M710 PowerEdgeM600/M605 LAN on motherboard (LOM) Boot code firmware 4.4.1 or later iDRAC Version 1.50 or later for PowerEdge xx0x systems iSCSI boot firmware 2.7.11 or later Version 2.10 or later for PowerEdge xx1x systems CMC Version 1.10 or later NOTE: Any system ordered after June 2008 will have the correct firmware versions. 190 Using FlexAddress To ensure proper deployment of the FlexAddress feature, update the BIOS and the firmware in the following order: 1 Update all mezzanine card firmware and BIOS. 2 Update server module BIOS. 3 Update iDRAC firmware on the server module. 4 Update all CMC firmware in the chassis; if redundant CMCs are present, ensure both are updated. 5 Insert the SD card into the passive module for a redundant CMC module system or into the single CMC module for a non-redundant system. NOTE: If CMC firmware that supports FlexAddress (version 1.10 or later) is not installed, the feature is not activated. See the Chassis Management Controller (CMC) Secure Digital (SD) Card Technical Specification document for SD card installation instructions. NOTE: The SD card contains a FlexAddress feature. Data contained on the SD card is encrypted and may not be duplicated or altered in any way as it may inhibit system function and cause the system to malfunction. NOTE: Your use of the SD card is limited to one chassis only. If you have multiple chassis, you must purchase additional SD cards. Activation of the FlexAddress feature is automatic on restart of the CMC with the SD feature card installed; this activation causes the feature to bind to the current chassis. If you have the SD card installed on the redundant CMC, activation of the FlexAddress feature does not occur until the redundant CMC is made active. See the Chassis Management Controller (CMC) Secure Digital (SD) Card Technical Specification document for information on how to make a redundant CMC active. When the CMC restarts, verify the activation process by using the steps in the next section, "Verifying FlexAddress Activation." Verifying FlexAddress Activation To ensure proper activation of FlexAddress, RACADM commands can be used to verify the SD feature card and FlexAddress activation. Use the following RACADM command to verify the SD feature card and its status: racadm featurecard -s Using FlexAddress 191 The following table lists the status messages returned by the command. Table 6-1. Status Messages Returned by featurecard -s Command Status Message Actions No feature card inserted. Check the CMC to verify that the SD card was properly inserted. In a redundant CMC configuration, make sure the CMC with the SD feature card installed is the active CMC and not the standby CMC. The feature card inserted is valid and No action required. contains the following feature(s) FlexAddress: The feature card is bound to this chassis. The feature card inserted is valid and Remove the SD card; locate and install contains the following feature(s) the SD card for the current chassis. FlexAddress: The feature card is bound to another chassis, svctag = ABC1234, SD card SN = 01122334455 The feature card inserted is valid and contains the following feature(s) FlexAddress: The feature card is not bound to any chassis. The feature card can be moved to another chassis or can be reactivated on the current chassis.To reactivate on the current chassis, enter racadm racreset until the CMC module with the feature card installed becomes active. Use the following RACADM command to display all activated features on the chassis: racadm feature -s The command will return the following status message: Feature = FlexAddress Date Activated = 8 April 2008 - 10:39:40 Feature installed from SD-card SN = 01122334455 192 Using FlexAddress If there are no active features on the chassis, the command will return a message: racadm feature -s No features active on the chassis. For further information on the RACADM commands, see the feature and featurecard command sections of the Dell Chassis Management Controller Administrator Reference Guide. Deactivating FlexAddress The FlexAddress feature can be deactivated and the SD card returned to a pre-installation state using a RACADM command. There is no deactivation function within the Web interface. Deactivation returns the SD card to its original state where it can be installed and activated on a different chassis. NOTE: The SD card must be physically installed in the CMC, and the chassis must be powered-down before executing the deactivation command. If you execute the deactivation command with no card installed, or with a card from a different chassis installed, the feature will be deactivated and no change will be made to the card. Deactivating FlexAddress Use the following RACADM command to deactivate the FlexAddress feature and restore the SD card: racadm feature -d -c flexaddress The command will return the following status message upon successful deactivation: feature FlexAddress is deactivated on the chassis successfully. If the chassis is not powered-down prior to execution, the command will fail with the following error message: ERROR: Unable to deactivate the feature because the chassis is powered ON For further information on the command, see the feature command section of the Dell Chassis Management Controller Administrator Reference Guide. Using FlexAddress 193 Configuring FlexAddress Using the CLI NOTE: You must enable both—the slot and fabric— for the chassis-assigned MAC address to be pushed to the iDRAC. NOTE: You can also view FlexAddress status using the graphical user interface. For more information, see "FlexAddress." You can use the command line interface to enable or disable FlexAddress on a per fabric basis. Additionally, you can enable/disable the feature on a per slot basis. After you enable the feature on a per-fabric basis, you can then select slots to be enabled. For example, if only Fabric-A is enabled, any slots that are enabled will have FlexAddress enabled only on Fabric-A. All other fabrics will use the factory-assigned WWN/MAC on the server. For this feature to work, the fabric must be enabled and the server must be powered off. Enabled slots are FlexAddress enabled for all fabrics that are enabled. For example, it is not possible to enable Fabric-A and B, and have Slot 1 be FlexAddress enabled on Fabric-A but not on Fabric-B. Use the following RACADM command to enable or disable fabrics: racadm setflexaddr [-f ] = = A, B, C, or iDRAC 0 or 1 Where 0 is disable and 1 is enable. Use the following RACADM command to enable or disable slots: racadm setflexaddr [-i ] = 1 to 16 = 0 or 1 Where 0 is disable and 1 is enable. For additional information on the command, see the setflexaddr command section of the Dell Chassis Management Controller Administrator Reference Guide. 194 Using FlexAddress Additional FlexAddress Configuration for Linux When changing from a server-assigned MAC ID to chassis-assigned MAC ID on Linux-based operating systems, additional configuration steps may be required: • SUSE Linux Enterprise Server 9 and 10: You may need to run YAST (Yet another Setup Tool) on your Linux system to configure your network devices and then restart the network services. • Red Hat® Enterprise Linux® 4(RHEL) and RHEL 5: Run Kudzu, a utility to detect and configure new/changed hardware on the system. Kudzu presents you with The Hardware Discovery Menu; it detects the MAC address change as hardware was removed and new hardware added. Viewing FlexAddress Status Using the CLI You can use the command line interface to view FlexAddress status information. You can view status information for the entire chassis or for a particular slot. The information displayed includes: • Fabric configuration • FlexAddress enabled/disabled • Slot number and name • Chassis-assigned and server-assigned addresses • Addresses in use Use the following RACADM command to display FlexAddress status for the entire chassis: racadm getflexaddr To display FlexAddress status for a particular slot: racadm getflexaddr [-i ] = 1 to 16 See "Configuring FlexAddress Using the CLI" for additional details on FlexAddress configuration. For additional information on the command, see the getflexaddr command section of the Dell Chassis Management Controller Administrator Reference Guide. Using FlexAddress 195 Configuring FlexAddress Using the GUI Wake-On-LAN with FlexAddress When the FlexAddress feature is deployed for the first time on a given server module, it requires a power-down and power-up sequence for FlexAddress to take effect. FlexAddress on Ethernet devices is programmed by the server module BIOS. For the server module BIOS to program the address, it needs to be operational which requires the server module to be powered up. When the power-down and power-up sequences complete, the chassis-assigned MAC IDs are available for Wake-On-LAN (WOL) function. Troubleshooting FlexAddress This section contains troubleshooting information for FlexAddress. 1 If a feature card is removed, what will happen? Nothing will happen. Feature cards can be removed and stored or may be left in place. 2 If a feature card that was used in one chassis is removed and put into another chassis, what will happen? The Web interface will display an error that states: This feature card was activated with a different chassis. It must be removed before accessing the FlexAddress feature. Current Chassis Service Tag = XXXXXXXX Feature Card Chassis Service Tag = YYYYYYYY An entry will be added to the CMC log that states: cmc : feature 'FlexAddress@XXXXXXX' not activated; chassis ID= 'YYYYYYY' 196 Using FlexAddress 3 What happens if the feature card is removed and a non-FlexAddress card is installed? No activation or modifications to the card should occur. The card will be ignored by CMC. In this situation, the $racadm featurecard -s will return a message of: No feature card inserted ERROR: can't open file 4 If the chassis service tag is reprogrammed, what happens if there is a feature card bound to that chassis? • If the original feature card is present in the active CMC on that or any other chassis, the Web interface displays an error that states: This feature card was activated with a different chassis. It must be removed before accessing the FlexAddress feature. Current Chassis Service Tag = XXXXXXXX Feature Card Chassis Service Tag = YYYYYYYY The original feature card is no longer eligible for deactivation on that or any other chassis, unless Dell Service re-programs the original chassis service tag back into a chassis, and the CMC that has the original feature card is made active on that chassis. • The FlexAddress feature remains activated on the originally bound chassis. The binding of that chassis feature is updated to reflect the new service tag. 5 What if I have two feature cards installed in my redundant CMC system? Will I get an error? The feature card in the active CMC will be active and installed in the chassis. The second card will be ignored by CMC. Using FlexAddress 197 6 Does the SD card have a write protection lock on it? Yes it does. Before installing the SD card into the CMC module, verify the write protection latch is in the unlock position. The FlexAddress feature cannot be activated if the SD card is write protected. In this situation, the $racadm feature -s command will return this message: No features active on the chassis. ERROR: read only file system 7 What will happen if there isn’t an SD card in the active CMC module? The $racadm featurecard -s command will return this message: No feature card inserted. 8 What will happen to my FlexAddress feature if the server BIOS is updated from version 1.xx to version 2.xx? The server module will need to be powered down before it can be used with FlexAddress. After the server BIOS update is complete, the server module will not get chassis-assigned addresses until the server has been power cycled. 9 What will happen if a chassis with a single CMC is downgraded with firmware prior to 1.10? 198 • The FlexAddress feature and configuration will be removed from the chassis. • The feature card used to activate the feature on this chassis is unchanged, and remains bound to the chassis. When the CMC firmware of the chassis is subsequently upgraded to 1.10 or later, the FlexAddress feature is reactivated by reinserting the original feature card (if necessary), resetting the CMC (if feature card was inserted after firmware upgrade was completed), and reconfiguring the feature. Using FlexAddress 10 In a chassis with redundant CMCs, if you are replacing a CMC unit with one that has firmware prior to 1.10, the following procedure must be used to ensure the current FlexAddress feature and configuration will NOT be removed. a Ensure the active CMC firmware is always version 1.10 or later. b Remove the standby CMC and insert the new CMC in its place. c From the Active CMC, upgrade the standby CMC firmware to 1.10 or later. NOTE: If you do not update the standby CMC firmware to 1.10 or later and a failover occurs, the FlexAddress feature is not configured and you will need to reactivate and reconfigure the feature. 11 The SD card was not in the chassis when I executed the deactivation command on the FlexAddress. How do I recover my SD card now? The issue is that the SD card cannot be used to install FlexAddress on another chassis if it was not in the CMC when FlexAddress was deactivated. To recover use of the card, insert the card back into a CMC in the chassis that it is bound to, reinstall FlexAddress, and then deactivate FlexAddress, again. 12 I have the SD card properly installed and all the firmware/software updates installed. I see that FlexAddress is active, but I can’t see anything on the server deployment screen to deploy it? What is wrong? This is a browser caching issue; shut down the browser and relaunch. 13 What happens to FlexAddress if I need to reset my chassis configuration using the RACADM command, racresetcfg? The FlexAddress feature will still be activated and ready to use. All fabrics and slots will be selected as default. NOTE: It is highly recommended that you power down your chassis before issuing the RACADM command racresetcfg. Using FlexAddress 199 Command Messages The following table lists the RACADM commands and output for common FlexAddress situations. Table 6-2. Situation FlexAddress Commands and Output Command SD card in the active $racadm featurecard -s CMC module is bound to another service tag. Output The feature card inserted is valid and contains the following feature(s) FlexAddress: The feature card is bound to another chassis, svctag = J310TF1 SD card SN =0188BFFE03A SD card in the active $racadm featurecard -s CMC module that is bound to the same service tag. The feature card inserted is valid and contains the following feature(s) FlexAddress: The feature card is bound to this chassis SD card in the active $racadm featurecard -s CMC module that is not bound to any service tag. The feature card inserted is valid and contains the following feature(s) FlexAddress: The feature card is not bound to any chassis 200 Using FlexAddress Table 6-2. FlexAddress Commands and Output (continued) Situation Command Output FlexAddress feature not active on the chassis for any reason (No SD card inserted/ corrupt SD card/ after feature deactivated /SD card bound to a different chassis) $racadm setflexaddr [-f ERROR: Flexaddress feature is not ] OR active on the $racadm setflexaddr [-i chassis ] Guest user attempts $racadm setflexaddr [-f ERROR: Insufficient to set FlexAddress user privileges to on slots/fabrics ] perform operation $racadm setflexaddr [-i ] Deactivating $racadm feature -d FlexAddress feature -c flexaddress with chassis powered ON ERROR: Unable to deactivate the feature because the chassis is powered ON Guest user tries to deactivate the feature on the chassis ERROR: Insufficient user privileges to perform operation $racadm feature -d -c flexaddress Changing the $racadm setflexaddr -i slot/fabric 1 1 FlexAddress settings while the server modules are powered ON ERROR: Unable to perform the set operation because it affects a powered ON server Using FlexAddress 201 FlexAddress DELL SOFTWARE LICENSE AGREEMENT This is a legal agreement between you, the user, and Dell Products L.P. or Dell Global B.V. ("Dell"). This agreement covers all software that is distributed with the Dell product, for which there is no separate license agreement between you and the manufacturer or owner of the software (collectively the "Software"). This agreement is not for the sale of Software or any other intellectual property. All title and intellectual property rights in and to Software is owned by the manufacturer or owner of the Software. All rights not expressly granted under this agreement are reserved by the manufacturer or owner of the Software. By opening or breaking the seal on the Software packet(s), installing or downloading the Software, or using the Software that has been preloaded or is embedded in your product, you agree to be bound by the terms of this agreement. If you do not agree to these terms, promptly return all Software items (disks, written materials, and packaging) and delete any preloaded or embedded Software. You may use one copy of the Software on only one computer at a time. If you have multiple licenses for the Software, you may use as many copies at any time as you have licenses. "Use" means loading the Software in temporary memory or permanent storage on the computer. Installation on a network server solely for distribution to other computers is not "use" if (but only if) you have a separate license for each computer to which the Software is distributed. You must ensure that the number of persons using the Software installed on a network server does not exceed the number of licenses that you have. If the number of users of Software installed on a network server will exceed the number of licenses, you must purchase additional licenses until the number of licenses equals the number of users before allowing additional users to use the Software. If you are a commercial customer of Dell or a Dell affiliate, you hereby grant Dell, or an agent selected by Dell, the right to perform an audit of your use of the Software during normal business hours, you agree to cooperate with Dell in such audit, and you agree to provide Dell with all records reasonably related to your use of the Software. The audit will be limited to verification of your compliance with the terms of this agreement. 202 Using FlexAddress The Software is protected by United States copyright laws and international treaties. You may make one copy of the Software solely for backup or archival purposes or transfer it to a single hard disk provided you keep the original solely for backup or archival purposes. You may not rent or lease the Software or copy the written materials accompanying the Software, but you may transfer the Software and all accompanying materials on a permanent basis as part of a sale or transfer of the Dell product if you retain no copies and the recipient agrees to the terms hereof. Any transfer must include the most recent update and all prior versions. You may not reverse engineer, decompile or disassemble the Software. If the package accompanying your computer contains compact discs, 3.5" and/or 5.25" disks, you may use only the disks appropriate for your computer. You may not use the disks on another computer or network, or loan, rent, lease, or transfer them to another user except as permitted by this agreement. LIMITED WARRANTY Dell warrants that the Software disks will be free from defects in materials and workmanship under normal use for ninety (90) days from the date you receive them. This warranty is limited to you and is not transferable. Any implied warranties are limited to ninety (90) days from the date you receive the Software. Some jurisdictions do not allow limits on the duration of an implied warranty, so this limitation may not apply to you. The entire liability of Dell and its suppliers, and your exclusive remedy, shall be (a) return of the price paid for the Software or (b) replacement of any disk not meeting this warranty that is sent with a return authorization number to Dell, at your cost and risk. This limited warranty is void if any disk damage has resulted from accident, abuse, misapplication, or service or modification by someone other than Dell. Any replacement disk is warranted for the remaining original warranty period or thirty (30) days, whichever is longer. Dell does NOT warrant that the functions of the Software will meet your requirements or that operation of the Software will be uninterrupted or error free. You assume responsibility for selecting the Software to achieve your intended results and for the use and results obtained from the Software. DELL, ON BEHALF OF ITSELF AND ITS SUPPLIERS, DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, FOR THE SOFTWARE Using FlexAddress 203 AND ALL ACCOMPANYING WRITTEN MATERIALS. This limited warranty gives you specific legal rights; you may have others, which vary from jurisdiction to jurisdiction. IN NO EVENT SHALL DELL OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, OR OTHER PECUNIARY LOSS) ARISING OUT OF USE OR INABILITY TO USE THE SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Because some jurisdictions do not allow an exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. OPEN SOURCE SOFTWARE A portion of this CD may contain open source software, which you can use under the terms and conditions of the specific license under which the open source software is distributed. THIS OPEN SOURCE SOFTWARE IS DISTRIBUTED IN THE HOPE THAT IT WILL BE USEFUL, BUT IS PROVIDED "AS IS" WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY; INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL DELL, THE COPYRIGHT HOLDERS, OR THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTUTUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILTIY, WHETHER IN CONTRACT, STRICT LIABITLY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILTIY OF SUCH DAMAGE. .U.S. GOVERNMENT RESTRICTED RIGHTS The software and documentation are "commercial items" as that term is defined at 48 C.F.R. 2.101, consisting of "commercial computer software" and "commercial computer software documentation" as such terms are used in 48 C.F.R. 12.212. Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4, all U.S. Government end users acquire the software and 204 Using FlexAddress documentation with only those rights set forth herein. Contractor/manufacturer is Dell Products, L.P., One Dell Way, Round Rock, Texas 78682. GENERAL This license is effective until terminated. It will terminate upon the conditions set forth above or if you fail to comply with any of its terms. Upon termination, you agree that the Software and accompanying materials, and all copies thereof, will be destroyed. This agreement is governed by the laws of the State of Texas. Each provision of this agreement is severable. If a provision is found to be unenforceable, this finding does not affect the enforceability of the remaining provisions, terms, or conditions of this agreement. This agreement is binding on successors and assigns. Dell agrees and you agree to waive, to the maximum extent permitted by law, any right to a jury trial with respect to the Software or this agreement. Because this waiver may not be effective in some jurisdictions, this waiver may not apply to you. You acknowledge that you have read this agreement, that you understand it, that you agree to be bound by its terms, and that this is the complete and exclusive statement of the agreement between you and Dell regarding the Software. Using FlexAddress 205 206 Using FlexAddress Using the CMC With Microsoft Active Directory 7 A directory service maintains a common database of all information needed for controlling network users, computers, printers, and so on. If your company uses the Microsoft® Active Directory® service software, you can configure the software to provide access to the CMC. This allows you to add and control CMC user privileges to your existing users in your Active Directory software. NOTE: Using Active Directory to recognize CMC users is supported on the Microsoft Windows® 2000 and Windows Server® 2003 operating systems. Active Directory over IPv6 is supported only on Windows 2008. Active Directory Schema Extensions You can use Active Directory to define user access on CMC through two methods: • The extended schema solution, which uses Active Directory objects defined by Dell. • The standard schema solution, which uses Active Directory group objects only. Extended Schema Versus Standard Schema When using Active Directory to configure access to the CMC, you must choose either the extended schema or the standard schema solution. With the extended schema solution: • All of the access control objects are maintained in Active Directory. • Configuring user access on different CMCs with different privilege levels allows maximum flexibility. With the standard schema solution: • No schema extension is required, because standard schema use Active Directory objects only. • Configuration on the Active Directory side is simple. Using the CMC With Microsoft Active Directory 207 Extended Schema Overview There are two ways to enable Extended Schema Active Directory: • Using the CMC Web interface. For instructions, see "Configuring the CMC With Extended Schema Active Directory and the Web Interface" on page 223. • Using the RACADM CLI tool. For instructions, see "Configuring the CMC With Extended Schema Active Directory and RACADM" on page 226. Active Directory Schema Extensions The Active Directory data is a distributed database of Attributes and Classes. The Active Directory schema includes the rules that determine the type of data that can be added or included in the database. One example of a Class that is stored in the database is the user class. User class attributes can include the user’s first name, last name, phone number, and so on. You can extend the Active Directory database by adding your own unique Attributes and Classes to address your company’s environment-specific needs. Dell has extended the schema to include the necessary changes to support remote management Authentication and Authorization. Each Attribute or Class that is added to an existing Active Directory Schema must be defined with a unique ID. To maintain unique IDs across the industry, Microsoft maintains a database of Active Directory Object Identifiers (OIDs). To extend the schema in Microsoft's Active Directory, Dell established unique OIDs, unique name extensions, and uniquely linked attribute IDs for Dell-specific Attributes and Classes: Dell extension: dell Dell base OID: 1.2.840.113556.1.8000.1280 RAC LinkID range: 12070–2079 208 Using the CMC With Microsoft Active Directory Overview of the RAC Schema Extensions Dell provides a group of properties that you can configure. The Dell extended schema include Association, Device, and Privilege properties. The Association property links together users or groups with a specific set of privileges to one or more RAC devices. This model provides an Administrator maximum flexibility over the different combinations of users, RAC privileges, and RAC devices on the network without adding too much complexity. Active Directory Object Overview When there are two CMCs on the network that you want to integrate with Active Directory for Authentication and Authorization, you must create at least one Association Object and one RAC Device Object for each CMC. You can create multiple Association Objects, and each Association Object can be linked to as many users, groups of users, or RAC Device Objects as required. The users and RAC Device Objects can be members of any domain in the enterprise. However, each Association Object can be linked (or, may link users, groups of users, or RAC Device Objects) to only one Privilege Object. This example allows an Administrator to control each user’s privileges on specific CMCs. The RAC Device object is the link to the RAC firmware for querying Active Directory for authentication and authorization. When a RAC is added to the network, the Administrator must configure the RAC and its device object with its Active Directory name so users can perform authentication and authorization with Active Directory. Additionally, the Administrator must add the RAC to at least one Association Object in order for users to authenticate. Figure 7-1 illustrates that the Association Object provides the connection that is needed for all of the Authentication and Authorization. NOTE: The RAC privilege object applies to DRAC 4, DRAC 5, and the CMC. You can create as many or as few Association Objects as required. However, you must create at least one Association Object, and you must have one RAC Device Object for each RAC (CMC) on the network that you want to integrate with Active Directory. Using the CMC With Microsoft Active Directory 209 Figure 7-1. Typical Setup for Active Directory Objects Association Object User(s) Group(s) Privilege Object RAC Device Object(s) RAC Privilege Object The Association Object allows for as many or as few users and/or groups as well as RAC Device Objects. However, the Association Object only includes one Privilege Object per Association Object. The Association Object connects the "Users" who have "Privileges" on the RACs (CMCs). Additionally, you can configure Active Directory objects in a single domain or in multiple domains. For example, you have two CMCs (RAC1 and RAC2) and three existing Active Directory users (user1, user2, and user3). You want to give user1 and user2 an administrator privilege to both CMCs and give user3 a login privilege to the RAC2 card. Figure 7-2 illustrates how you set up the Active Directory objects in this scenario. When adding Universal Groups from separate domains, create an Association Object with Universal Scope. The Default Association objects created by the Dell Schema Extender Utility are Domain Local Groups and will not work with Universal Groups from other domains. 210 Using the CMC With Microsoft Active Directory Figure 7-2. Setting Up Active Directory Objects in a Single Domain AO1 Group1 User1 User2 AO2 Priv1 User3 Priv2 RAC1 RAC2 To configure the objects for the single domain scenario: 1 Create two Association Objects. 2 Create two RAC Device Objects, RAC1 and RAC2, to represent the two CMCs. 3 Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (administrator) and Priv2 has login privilege. 4 Group user1 and user2 into Group1. 5 Add Group1 as Members in Association Object 1 (A01), Priv1 as Privilege Objects in A01, and RAC1, RAC2 as RAC Devices in A01. 6 Add User3 as Members in Association Object 2 (A02), Priv2 as Privilege Objects in A02, and RAC2 as RAC Devices in A02. For detailed instruction, see "Adding CMC Users and Privileges to Active Directory." Figure 7-3 provides an example of Active Directory objects in multiple domains. In this scenario, you have two CMCs (RAC1 and RAC2) and three existing Active Directory users (user1, user2, and user3). User1 is in Using the CMC With Microsoft Active Directory 211 Domain1, and user2 and user 3 are in Domain2. In this scenario, configure user1 and user 2 with administrator privileges to both CMCs and configure user3 with login privileges to the RAC2 card. Figure 7-3. Setting Up Active Directory Objects in Multiple Domains Domain1 Domain2 AO1 Group1 User1 User2 AO2 Priv1 User3 Priv2 RAC1 RAC2 To configure the objects for the multiple domain scenario: 1 Ensure that the domain forest function is in Native or Windows 2003 mode. 2 Create two Association Objects, A01 (of Universal scope) and A02, in any domain. Figure 7-3 shows the objects in Domain2. 3 Create two RAC Device Objects, RAC1 and RAC2, to represent the two CMCs. 4 Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (administrator) and Priv2 has login privilege. 212 Using the CMC With Microsoft Active Directory 5 Group user1 and user2 into Group1. The group scope of Group1 must be Universal. 6 Add Group1 as Members in Association Object 1 (A01), Priv1 as Privilege Objects in A01, and RAC1, RAC2 as RAC Devices in A01. 7 Add User3 as Members in Association Object 2 (A02), Priv2 as Privilege Objects in A02, and RAC2 as RAC Devices in A02. Configuring Extended Schema Active Directory to Access Your CMC Before using Active Directory to access your CMC, configure the Active Directory software and the CMC: 1 Extend the Active Directory schema (see "Extending the Active Directory Schema"). 2 Extend the Active Directory Users and Computers Snap-In (see "Installing the Dell Extension to the Active Directory Users and Computers Snap-In"). 3 Add CMC users and their privileges to Active Directory (see "Adding CMC Users and Privileges to Active Directory"). 4 Enable SSL on each of your domain controllers. 5 Configure the CMC Active Directory properties using either the CMC Web interface or the RACADM (see "Configuring the CMC With Extended Schema Active Directory and the Web Interface" or "Configuring the CMC With Extended Schema Active Directory and RACADM"). Extending the Active Directory Schema Extending your Active Directory schema adds a Dell organizational unit, schema classes and attributes, and example privileges and association objects to the Active Directory schema. Before you extend the schema, ensure that you have Schema Admin privilege on the Schema Master Flexible Single Master Operation (FSMO) Role Owner of the domain forest. You can extend your schema using one of the following methods: • Dell Schema Extender utility • LDIF script file If you use the LDIF script file, the Dell organizational unit will not be added to the schema. Using the CMC With Microsoft Active Directory 213 The LDIF files and Dell Schema Extender are located on your Dell Systems Management Tools and Documentation DVD in the following respective directories: • :\SYSMGMT\ManagementStation\support\ OMActiveDirectory_Tools\ \LDIF Files • :\SYSMGMT\ManagementStation\support\ OMActiveDirectory_ Tools\ \Schema Extender To use the LDIF files, see the instructions in the readme included in the LDIF_Files directory. For instructions on using the Dell Schema Extender to extend the Active Directory Schema, see "Using the Dell Schema Extender." You can copy and run the Schema Extender or LDIF files from any location. Using the Dell Schema Extender CAUTION: The Dell Schema Extender uses the SchemaExtenderOem.ini file. To ensure that the Dell Schema Extender utility functions properly, do not modify the name of this file. 1 In the Welcome screen, click Next. 2 Read and understand the warning and click Next. 3 Select Use Current Log In Credentials or enter a user name and password with schema administrator rights. 4 Click Next to run the Dell Schema Extender. 5 Click Finish. The schema is extended. To verify the schema extension, use the Microsoft Management Console (MMC) and the Active Directory Schema Snap-In to verify that the following exist: • Classes — see Table 7-1 through Table 7-6 • Attributes — see Table 7-7 See your Microsoft documentation for more information on how to enable and use the Active Directory Schema Snap-In the MMC. 214 Using the CMC With Microsoft Active Directory Table 7-1. Class Definitions for Classes Added to the Active Directory Schema Class Name Assigned Object Identification Number (OID) dellRacDevice 1.2.840.113556.1.8000.1280.1.1.1.1 dellAssociationObject 1.2.840.113556.1.8000.1280.1.1.1.2 dellRACPrivileges 1.2.840.113556.1.8000.1280.1.1.1.3 dellPrivileges 1.2.840.113556.1.8000.1280.1.1.1.4 dellProduct 1.2.840.113556.1.8000.1280.1.1.1.5 Table 7-2. dellRacDevice Class OID 1.2.840.113556.1.8000.1280.1.1.1.1 Description Represents the Dell RAC device. The RAC device must be configured as dellRacDevice in Active Directory. This configuration enables the CMC to send Lightweight Directory Access Protocol (LDAP) queries to Active Directory. Class Type Structural Class SuperClasses dellProduct Attributes dellSchemaVersion dellRacType Table 7-3. dellAssociationObject Class OID 1.2.840.113556.1.8000.1280.1.1.1.2 Description Represents the Dell Association Object. The Association Object provides the connection between the users and the devices. Class Type Structural Class SuperClasses Group Attributes dellProductMembers dellPrivilegeMember Using the CMC With Microsoft Active Directory 215 Table 7-4. dellRAC4Privileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.3 Description Defines Authorization Rights (privileges) for the CMC device. Class Type Auxiliary Class SuperClasses None Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsTestAlertUser dellIsDebugCommandAdmin dellPermissionMask1 dellPermissionMask2 Table 7-5. dellPrivileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.4 Description Container Class for the Dell Privileges (Authorization Rights). Class Type Structural Class SuperClasses User Attributes dellRAC4Privileges Table 7-6. dellProduct Class OID 1.2.840.113556.1.8000.1280.1.1.1.5 Description The main class from which all Dell products are derived. Class Type Structural Class SuperClasses Computer Attributes dellAssociationMembers 216 Using the CMC With Microsoft Active Directory Table 7-7. List of Attributes Added to the Active Directory Schema Assigned OID/Syntax Object Identifier Single Valued Attribute: dellPrivilegeMember Description: List of dellPrivilege objects that belong to this attribute. OID: 1.2.840.113556.1.8000.1280.1.1.2.1 FALSE Distinguished Name: (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) Attribute: dellProductMembers Description: List of dellRacDevices objects that belong to this role. This attribute is the forward link to the dellAssociationMembers backward link. Link ID: 12070 OID: 1.2.840.113556.1.8000.1280.1.1.2.2 FALSE Distinguished Name: (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) Attribute: dellIsCardConfigAdmin Description: TRUE if the user has Card Configuration rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.4 TRUE Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Attribute: dellIsLoginUser Description: TRUE if the user has Login rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.3 TRUE Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Attribute: dellIsCardConfigAdmin Description: TRUE if the user has Card Configuration rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.4 TRUE Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Using the CMC With Microsoft Active Directory 217 Table 7-7. List of Attributes Added to the Active Directory Schema (continued) Assigned OID/Syntax Object Identifier Single Valued Attribute: dellIsUserConfigAdmin Description: TRUE if the user has User Configuration Administrator rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.5 TRUE Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Attribute: delIsLogClearAdmin Description: TRUE if the user has Clear Logs Administrator rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.6 TRUE Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Attribute: dellIsServerResetUser Description: TRUE if the user has Server Reset rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.7 TRUE Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Attribute: dellIsTestAlertUser Description: TRUE if the user has Test Alert User rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.10 TRUE Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Attribute: dellIsDebugCommandAdmin Description: TRUE if the user has Debug Command Admin rights on the device. OID: 1.2.840.113556.1.8000.1280.1.1.2.11 TRUE Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Attribute: dellSchemaVersion Description: The Current Schema Version is used to update the schema. OID: 1.2.840.113556.1.8000.1280.1.1.2.12 Case Ignore String(LDAPTYPE_CASEIGNORESTRING 1.2.840.113556.1.4.905) 218 Using the CMC With Microsoft Active Directory TRUE Table 7-7. List of Attributes Added to the Active Directory Schema (continued) Assigned OID/Syntax Object Identifier Single Valued Attribute: dellRacType Description: This attribute is the Current Rac Type for the dellRacDevice object and the backward link to the dellAssociationObjectMembers forward link. OID: 1.2.840.113556.1.8000.1280.1.1.2.13 TRUE Case Ignore String(LDAPTYPE_CASEIGNORESTRING 1.2.840.113556.1.4.905) Attribute: dellAssociationMembers Description: List of dellAssociationObjectMembers that belong to this Product. This attribute is the backward link to the dellProductMembers Linked attribute. Link ID: 12071 OID: 1.2.840.113556.1.8000.1280.1.1.2.14 FALSE Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) Attribute: dellPermissionsMask1 OID: 1.2.840.113556.1.8000.1280.1.6.2.1 Integer (LDAPTYPE_INTEGER) Attribute: dellPermissionsMask2 OID: 1.2.840.113556.1.8000.1280.1.6.2.2 Integer (LDAPTYPE_INTEGER) Installing the Dell Extension to the Active Directory Users and Computers Snap-In When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers Snap-In so the administrator can manage RAC (CMC) devices, Users and User Groups, RAC Associations, and RAC Privileges. When you install your systems management software using the Dell Systems Management Tools and Documentation DVD, you can extend the Snap-In by selecting the Dell Extension to the Active Directory User’s and Computers Snap-In option during the installation procedure. See the Dell OpenManage Software Quick Installation Guide for additional instructions about installing systems management software. Using the CMC With Microsoft Active Directory 219 For more information about the Active Directory User’s and Computers Snap-In, see your Microsoft documentation. Installing the Administrator Pack You must install the Administrator Pack on each system that is managing the Active Directory CMC Objects. If you do not install the Administrator Pack, you cannot view the Dell RAC Object in the container. Opening the Active Directory Users and Computers Snap-In To open the Active Directory Users and Computers Snap-In: 1 If you are logged into the domain controller, click Start Admin Tools→ Active Directory Users and Computers. If you are not logged into the domain controller, you must have the appropriate Microsoft Administrator Pack installed on your local system. To install this Administrator Pack, click Start→Run, type MMC, and press . The Microsoft Management Console (MMC) appears. 2 In the Console 1 window, click File (or Console on systems running Windows 2000). 3 Click Add/Remove Snap-in. 4 Select the Active Directory Users and Computers Snap-In and click Add. 5 Click Close and click OK. Adding CMC Users and Privileges to Active Directory Using the Dell-extended Active Directory Users and Computers Snap-In, you can add CMC users and privileges by creating RAC, Association, and Privilege objects. To add each object type, you will: 1 Create a RAC device Object. 2 Create a Privilege Object. 3 Create an Association Object. 4 Add objects to an Association Object. 220 Using the CMC With Microsoft Active Directory Creating a RAC Device Object 1 In the MMC Console Root window, right-click a container. 2 Select New→Dell RAC Object. The New Object window appears. 3 Type a name for the new object. The name must be identical to the CMC Name that you will type in step 8a of "Configuring the CMC With Extended Schema Active Directory and the Web Interface." 4 Select RAC Device Object. 5 Click OK. Creating a Privilege Object NOTE: A Privilege Object must be created in the same domain as the related Association Object. 1 In the Console Root (MMC) window, right-click a container. 2 Select New→Dell RAC Object. The New Object window appears. 3 Type a name for the new object. 4 Select Privilege Object. 5 Click OK. 6 Right-click the privilege object that you created, and select Properties. 7 Click the RAC Privileges tab and select the privileges that you want the user to have. For more information about CMC user privileges, see "User Types." Creating an Association Object The Association Object is derived from a Group and must contain a Group Type. The Association Scope specifies the Security Group Type for the Association Object. When you create an Association Object, choose the Association Scope that applies to the type of objects you intend to add. Using the CMC With Microsoft Active Directory 221 For example, if you select Universal, the association objects are only available when the Active Directory Domain is functioning in Native Mode or above. 1 In the Console Root (MMC) window, right-click a container. 2 Select New→Dell RAC Object. This opens the New Object window. 3 Type a name for the new object. 4 Select Association Object. 5 Select the scope for the Association Object. 6 Click OK. Adding Objects to an Association Object Using the Association Object Properties window, you can associate users or user groups, privilege objects, and RAC devices or RAC device groups. If your system is running Windows 2000 mode or higher, use Universal Groups to span domains with your user or RAC objects. You can add groups of Users and RAC devices. The procedure for creating Dell-related groups and non-Dell-related groups is identical. Adding Users or User Groups 1 Right-click the Association Object and select Properties. 2 Select the Users tab and click Add. 3 Type the user or User Group name and click OK. Click the Privilege Object tab to add the privilege object to the association that defines the user’s or user group’s privileges when authenticating to a RAC device. Only one privilege object can be added to an Association Object. Adding Privileges 1 Select the Privileges Object tab and click Add. 2 Type the Privilege Object name and click OK. 222 Using the CMC With Microsoft Active Directory Click the Products tab to add one or more RAC devices to the association. The associated devices specify the RAC devices connected to the network that are available for the defined users or user groups. Multiple RAC devices can be added to an Association Object. Adding RAC Devices or RAC Device Groups To add RAC devices or RAC device groups: 1 Select the Products tab and click Add. 2 Type the RAC device or RAC device group name and click OK. 3 In the Properties window, click Apply and click OK. Configuring the CMC With Extended Schema Active Directory and the Web Interface 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Network/Security tab, and then click the Active Directory sub-tab. The Active Directory Main Menu page appears. 4 Select the Configure radio button, and then click Next. The Active Directory Configuration and Management page appears. 5 In the Common Settings section: a Select the Enable Active Directory check box so that it is checked. b Type the Root Domain Name. The Root Domain Name is the fully qualified root domain name for the forest. NOTE: The Root domain name must be a valid domain name using the x.y naming convention, where x is a 1–256 character ASCII string with no spaces between characters, and y is a valid domain type such as com, edu, gov, int, mil, net, or org. c Type the Timeout time in seconds. Configuration range: 15–300 seconds. Default: 90 seconds Using the CMC With Microsoft Active Directory 223 6 Optional: If you want the directed call to search the domain controller and global catalog, select the Search AD Server to search (Optional) check box, then: a In the Domain Controller text field, type the server where your Active Directory service is installed. b In the Global Catalog text field, type the location of the global catalog on the Active Directory domain controller. The global catalog provides a resource for searching an Active Directory forest. NOTE: Setting the IP address as 0.0.0.0 disables the CMC from searching for a server. NOTE: You can specify a list of domain controller or global catalog servers separated by commas. The CMC allows you to specify up to three IP addresses or host names. NOTE: Domain controller and global catalog servers that are not correctly configured for all domains and applications may produce unexpected results during the functioning of existing applications/domains. 7 Select the Use Extended Schema radio button in the Active Directory Schema Selection area. 8 In the Extended Schema Settings section: a Type the CMC Name. The CMC Name uniquely identifies the CMC card in Active Directory. The CMC Name must be the same as the common name of the new CMC object you created in your Domain Controller. The CMC Name must be a 1–256 character ASCII string with no spaces between characters. b Type the CMC Domain Name (example: cmc.com). The CMC Domain Name is the DNS name (string) of the domain where the Active Directory CMC object resides. The name must be a valid domain name consisting of x.y, where x is a 1–256 character ASCII string with no spaces between characters, and y is a valid domain type such as com, edu, gov, int, mil, net, or org. 9 Click Apply to save your settings. NOTE: You must apply your settings before continuing to the next step, in which you navigate to another page. If you do not apply the settings, you will lose the settings you entered when you navigate to the next page. 224 Using the CMC With Microsoft Active Directory 10 Click Go Back To Active Directory Main Menu. 11 Select the Upload AD Certificate radio button, and then click Next. The Certificate Upload page appears. 12 Type the file path of the certificate in the text field, or click Browse to select the certificate file. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension. The SSL certificates for the domain controller must be signed by the root certificate authority. The root certificate authority-signed certificate must be available on the management station accessing the CMC. 13 Click Apply. The CMC Web server automatically restarts after you click Apply. 14 Log back in to the CMC Web interface. 15 Select Chassis in the system tree, click the Network/Security tab, then click the Network sub-tab. The Network Configuration page appears. 16 If Use DHCP (for NIC IP Address) is enabled (checked), do one of the following: • Select Use DHCP to Obtain DNS Server Addresses to enable the DNS server addresses to be obtained automatically by the DHCP server., or • Manually configure a DNS server IP address by leaving the Use DHCP to Obtain DNS Server Addresses check box unchecked and then typing your primary and alternate DNS server IP addresses in the fields provided. 17 Click Apply Changes. The CMC Extended Schema Active Directory feature configuration is complete. Using the CMC With Microsoft Active Directory 225 Configuring the CMC With Extended Schema Active Directory and RACADM Using the following commands to configure the CMC Active Directory Feature with Extended Schema using the RACADM CLI tool instead of the Web interface. 1 Open a serial/Telnet/SSH text console to the CMC, log in, and type: racadm config -g cfgActiveDirectory -o cfgADEnable 1 racadm config -g cfgActiveDirectory -o cfgADType 1 racadm config -g cfgActiveDirectory -o cfgADRacDomain racadm config -g cfgActiveDirectory -o cfgADRootDomain racadm config -g cfgActiveDirectory -o cfgADRacName racadm sslcertupload -t 0x2 -f -r NOTE: You can use this command through remote RACADM only. racadm sslcertdownload -t 0x1 -f NOTE: You can use this command through remote RACADM only. Optional: If you want to specify an LDAP or Global Catalog server instead of using the servers returned by the DNS server to search for a user name, type the following command to enable the Specify Server option: racadm config -g cfgActiveDirectory -o cfgADSpecifyServerEnable 1 NOTE: When you use the Specify Server option, the host name in the certificate authority-signed certificate is not matched against the name of the specified server. This is particularly useful if you are a CMC administrator, because it enables you to enter a host name as well as an IP address. 226 Using the CMC With Microsoft Active Directory After you enable the Specify Server option, you can specify an LDAP server and global catalog with IP addresses or fully qualified domain names (FQDNs) of the servers. The FQDNs consist of the host names and the domain names of the servers. To specify an LDAP server, type: racadm config -g cfgActiveDirectory -o cfgADDomainController To specify a Global Catalog server, type: racadm config -g cfgActiveDirectory -o cfgADGlobalCatalog NOTE: Setting the IP address as 0.0.0.0 disables the CMC from searching for a server. NOTE: You can specify a list of LDAP or global catalog servers separated by commas. The CMC allows you to specify up to three IP addresses or host names. NOTE: LDAP or LDAPs that are not correctly configured for all domains and applications may produce unexpected results during the functioning of the existing applications/domains. 2 Specify a DNS server using one of the following options: • If DHCP is enabled on the CMC and you want to use the DNS address obtained automatically by the DHCP server, type the following command: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 1 • If DHCP is disabled on the CMC, or if DHCP is enabled but you want to specify your DNS IP address manually, type following commands: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 racadm config -g cfgLanNetworking -o cfgDNSServer2 The Extended Schema feature configuration is complete. Using the CMC With Microsoft Active Directory 227 Standard Schema Active Directory Overview Using standard schema for Active Directory integration requires configuration on both Active Directory and the CMC. On the Active Directory side, a standard group object is used as a role group. A user who has CMC access will be a member of the role group. In order to give this user access to a specific CMC card, the role group name and its domain name need to be configured on the specific CMC card. Unlike the extended schema solution, the role and the privilege level is defined on each CMC card, not in the Active Directory. Up to five role groups can be configured and defined in each CMC. Table 5-19 shows the privileges level of the role groups and Table 7-8 shows the default role group settings. Figure 7-4. Configuration of CMC with Active Directory and Standard Schema Configuration on Active Directory Side Role Group Configuration on CMC Side Role Group Name and Domain Name User 228 Using the CMC With Microsoft Active Directory Role Definition Table 7-8. Default Role Group Privileges Role Group Default Privilege Level Permissions Granted Bit Mask 1 None • CMC Login User 0x00000fff • Chassis Configuration Administrator • User Configuration Administrator • Clear Logs Administrator • Chassis Control Administrator (Power Commands) • Super User • Server Administrator • Test Alert User • Debug Command User • Fabric A Administrator • Fabric B Administrator • Fabric C Administrator 2 None • CMC Login User 0x000000f9 • Clear Logs Administrator • Chassis Control Administrator (Power Commands) • Server Administrator • Test Alert User • Fabric A Administrator • Fabric B Administrator • Fabric C Administrator 3 None CMC Login User 0x00000001 4 None No assigned permissions 0x00000000 5 None No assigned permissions 0x00000000 Using the CMC With Microsoft Active Directory 229 NOTE: The bit mask values are used only when setting Standard Schema with the RACADM. NOTE: For more information about user privileges, see "User Types" on page 132. There are two ways to enable Standard Schema Active Directory: • With the CMC Web interface. See "Configuring the CMC With Standard Schema Active Directory and Web Interface." • With the RACADM CLI tool. See "Configuring the CMC With Standard Schema Active Directory and RACADM." Configuring Standard Schema Active Directory to Access Your CMC You need to perform the following steps to configure the Active Directory before an Active Directory user can access the CMC: 1 On an Active Directory server (domain controller), open the Active Directory Users and Computers Snap-in. 2 Create a group or select an existing group. The name of the group and the name of this domain will need to be configured on the CMC either with the Web interface or RACADM. For more information, see "Configuring the CMC With Standard Schema Active Directory and Web Interface" or "Configuring the CMC With Standard Schema Active Directory and RACADM." 3 Add the Active Directory user as a member of the Active Directory group to access the CMC. Configuring the CMC With Standard Schema Active Directory and Web Interface 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Network/Security tab, and then click the Active Directory sub-tab. The Active Directory Main Menu page appears. 4 Select the Configure option, and then click Next. The Active Directory Configuration and Management page appears. 230 Using the CMC With Microsoft Active Directory 5 In the Common Settings section: a Select the Enable Active Directory check box. b Type the ROOT Domain Name. The ROOT Domain Name is the fully qualified root domain name for the forest. NOTE: The ROOT domain name must be a valid domain name using the x.y naming convention, where x is a 1–256 character ASCII string with no spaces between characters, and y is a valid domain type such as com, edu, gov, int, mil, net, or org. c Type the Timeout time in seconds. Configuration range: 15–300 seconds. Default: 90 seconds 6 Optional: If you want the directed call to search the domain controller and global catalog, select the Search AD Server to search (Optional) check box, then: a In the Domain Controller text field, type the server where your Active Directory service is installed. b In the Global Catalog text field, type the location of the global catalog on the Active Directory domain controller. The global catalog provides a resource for searching an Active Directory forest. 7 Click Use Standard Schema in the Active Directory Schema Selection section. 8 Click Apply to save your settings. NOTE: You must apply your settings before continuing to the next step, in which you navigate to another page. If you do not apply the settings, you will lose the settings you entered when you navigate to the next page. 9 In the Standard Schema Settings section, click a Role Group. The Configure Role Group page appears. 10 Type the Group Name. The group name identifies the role group in the Active Directory associated with the CMC card. 11 Type the Group Domain. The Group Domain is the fully qualified root domain name for the forest. 12 In the Role Group Privileges page, select privileges for the group. If you modify any of the privileges, the existing Role Group Privilege (Administrator, Power User, or Guest User) will change to either the Custom group or the appropriate Role Group Privilege. See Table 5-19. Using the CMC With Microsoft Active Directory 231 13 Click Apply to save the Role Group settings. 14 Click Go Back To Active Directory Configuration and Management. 15 Click Go Back To Active Directory Main Menu. 16 Upload your domain forest Root certificate authority-signed certificate into the CMC. a Select the Upload Active Directory CA Certificate check box and then click Next. b In the Certificate Upload page, type the file path of the certificate or browse to the certificate file. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension. The SSL certificates for the domain controllers must be signed by the root certificate authority-signed certificate. The root certificate authority-signed certificate must be available on the management station accessing the CMC. c Click Apply. The CMC Web server automatically restarts after you click Apply. 17 Log out and then log in to the CMC to complete the CMC Active Directory feature configuration. 18 Select Chassis in the system tree. 19 Click the Network/Security tab. 20 Click the Network sub-tab. The Network Configuration page appears. 21 If Use DHCP (for NIC IP Address) is selected under Network Settings, select Use DHCP to obtain DNS server address. To manually input a DNS server IP address, deselect Use DHCP to obtain DNS server addresses and type your primary and alternate DNS server IP addresses. 22 Click Apply Changes. The CMC Standard Schema Active Directory feature configuration is complete. 232 Using the CMC With Microsoft Active Directory Configuring the CMC With Standard Schema Active Directory and RACADM To configure the CMC Active Directory Feature with Standard Schema using the RACADM CLI, use the following commands: 1 Open a serial/Telnet/SSH text console to the CMC, log in, and type: racadm config -g cfgActiveDirectory -o cfgADEnable 1 racadm config -g cfgActiveDirectory -o cfgADType 2 racadm config -g cfgActiveDirectory -o cfgADRootDomain racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupName racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupDomain racadm config -g cfgStandardSchema -i -o cfgSSADRoleGroupPrivilege racadm sslcertupload -t 0x2 -f racadm sslcertdownload -t 0x1 -f NOTE: For bit mask number values, see Table 3-1 in the database property chapter of the Dell Chassis Management Controller Administrator Reference Guide. Using the CMC With Microsoft Active Directory 233 2 Specify a DNS server using one of the following options: • If DHCP is enabled on the CMC and you want to use the DNS address obtained automatically by the DHCP server, type the following command: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 1 • If DHCP is disabled on the CMC or you want manually to input your DNS IP address, type the following commands: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 racadm config -g cfgLanNetworking -o cfgDNSServer2 Frequently Asked Questions Table 7-9 lists frequently asked questions and answers about using Active Directory with the CMC. Table 7-9. Using CMC With Active Directory: Frequently Asked Questions Question Answer Can I log into the CMC using Active Directory across multiple trees? Yes. The CMC’s Active Directory querying algorithm supports multiple trees in a single forest. Does the login to the CMC using Active Directory work in mixed mode (that is, the domain controllers in the forest run different operating systems, such as Microsoft Windows® 2000 or Windows Server® 2003)? Yes. In mixed mode, all objects used by the CMC querying process (among user, RAC Device Object, and Association Object) must be in the same domain. 234 The Dell-extended Active Directory Users and Computers Snap-In checks the mode and limits users in order to create objects across domains if in mixed mode. Using the CMC With Microsoft Active Directory Table 7-9. Using CMC With Active Directory: Frequently Asked Questions (continued) Question Answer Does using the CMC with Active Directory support multiple domain environments? Yes. The domain forest function level must be in Native mode or Windows 2003 mode. In addition, the groups among Association Object, RAC user objects, and RAC Device Objects (including Association Object) must be universal groups. Can these Dell-extended objects (Dell Association Object, Dell RAC Device, and Dell Privilege Object) be in different domains? The Association Object and the Privilege Object must be in the same domain. The Dell-extended Active Directory Users and Computers Snap-In forces you to create these two objects in the same domain. Other objects can be in different domains. Are there any restrictions on Domain Controller SSL configuration? Yes. All SSL certificates for Active Directory servers in the forest must be signed by the same root certificate authority-signed certificate, because CMC only allows you to upload one trusted certificate authority-signed SSL certificate. I created and uploaded a new RAC certificate and now the Web interface does not launch. If you use Microsoft Certificate Services to generate the RAC certificate, you may have inadvertently chose User Certificate instead of Web Certificate when creating the certificate. To recover, generate a CSR, and then create a new Web certificate from Microsoft Certificate Services and upload it using the following RACADM commands: racadm sslcsrgen [-g] [-f {filename}] racadm sslcertupload -t 1 -f {web_sslcert} Using the CMC With Microsoft Active Directory 235 Table 7-9. Using CMC With Active Directory: Frequently Asked Questions (continued) Question Answer What can I do if I cannot log into the CMC using Active Directory authentication? How do I troubleshoot the issue? 1 Ensure that you use the correct user domain name during a login and not the NetBIOS name. 2 If you have a local CMC user account, log into the CMC using your local credentials. After you are logged in, perform the following steps: a Ensure that you have checked the Enable Active Directory check box on the CMC Active Directory configuration page. b Ensure that the DNS setting is correct on the CMC Networking configuration page. c Ensure that you have uploaded the Active Directory certificate from your Active Directory root certificate authority-signed certificate to the CMC. d Check the Domain Controller SSL certificates to ensure that they have not expired. e Ensure that your CMC Name, Root Domain Name, and CMC Domain Name match your Active Directory environment configuration. f Ensure that the CMC password has a maximum of 127 characters. While the CMC can support passwords of up to 256 characters, Active Directory only supports passwords that have a maximum length of 127 characters. Configuring Single Sign-On Microsoft® Windows® 2000, Windows XP, Windows Server® 2003, Windows Vista®, and Windows Server 2008 can use Kerberos, a network authentication protocol, as an authentication method allowing users who have signed in to the domain an automatic or single sign-on to subsequent applications such as Exchange. 236 Using the CMC With Microsoft Active Directory Starting with CMC version 2.10, the CMC can use Kerberos to support two additional types of login mechanisms—single sign-on and Smart Card login. For single sign-on login, the CMC uses the client system’s credentials, which are cached by the operating system after you log in using a valid Active Directory® account. NOTE: Selecting a login method does not set policy attributes with respect to other login interfaces, for example, SSH. You must set other policy attributes for other login interfaces as well. If you want to disable all other login interfaces, navigate to the Services page and disable all (or some) login interfaces. System Requirements To use the Kerberos authentication, your network must include: • DNS server • Microsoft Active Directory® Server NOTE: NOTE: If you are using Active Directory on Windows 2003, ensure that you have the latest service packs and patched installed on the client system. If you are using Active Directory on Windows 2008, ensure that you have installed SP1 along with the following hot fixes: Windows6.0-KB951191-x86.msu for the KTPASS utility. Without this patch the utility generates bad keytab files. Windows6.0-KB957072-x86.msu for using GSS_API and SSL transactions during an LDAP bind. • Kerberos Key Distribution Center (packaged with the Active Directory Server software) • DHCP server (recommended) • The DNS server reverse zone must have an entry for the Active Directory server and CMC Client Systems • For only Smart Card login, the client system must have the Microsoft Visual C++ 2005 redistributable. For more information see www.microsoft.com/downloads/details.aspx?FamilyID= 32BC1BEEA3F9-4C13-9C99-220B62A191EE&displaylang=en • For Single Sign-On and Smart Card login, the client system must be a part of the Active Directory domain and Kerberos Realm. Using the CMC With Microsoft Active Directory 237 CMC • The CMC must have firmware version 2.10 or later • Each CMC must have an Active Directory account • The CMC must be a part of the Active Directory domain and Kerberos Realm Configuring Settings Prerequisites • The Kerberos realm & Key Distribution Center (KDC) for Active Directory (AD) has been setup (ksetup). • A robust NTP and DNS infrastructure to avoid issues with clock drift & reverse lookup • The CMC standard schema role group with authorized members Configuring Active Directory On the CMC Properties dialog box under the Accounts options section, configure these settings: • Account is trusted for delegation — Currently the CMC does not use forwarded credentials that are created when this option is selected. You may or may not select this option depending upon other services requirements. • Account is sensitive and cannot be delegated — You may or may not select this option depending upon other services requirements. • User Kerberos DES encryption types for the account — Select this option. • Do not require Kerberos preauthentication — Do not select this option. Run the ktpass utility—part of Microsoft Windows—on the domain controller (Active Directory server) where you want to map the CMC to a user account in Active Directory. For example, C:\>ktpass -princ HTTP/cmcname.domain_name.com@REALM_NAME.COM -mapuser dracname -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -pass * -out c:\krbkeytab 238 Using the CMC With Microsoft Active Directory NOTE: The cmcname.domainname.com must be lower case as required by RFC and the REALM name, @REALM_NAME must be uppercase. In addition the CMC supports the DES-CBC-MD5 type of cryptography for Kerberos authentication. This procedure produces a keytab file that you must upload to the CMC. NOTE: The keytab contains an encryption key and must be kept secure. For more information on the ktpass utility, see the Microsoft website at: technet2.microsoft.com/windowsserver/en/library/64042138-9a5a-4981-84e9d576a8db0d051033.mspx?mfr=true. Configuring the CMC NOTE: The configuration steps described in this section apply only to the CMC's Web access. Configure the CMC to use the Standard Schema role group(s) set up in Active Directory. For more information, see "Configuring Standard Schema Active Directory to Access Your CMC." Uploading the Kerberos Keytab File The Kerberos keytab file serves as the CMC's user name and password credentials to the Kerberos Data Center (KDC), which in turns allows access to the Active Directory. Each CMC in the Kerberos realm must be registered with the Active Directory and must have a unique keytab file. To upload the keytab file: 1 Navigate to Remote Access→Configuration tab→Active Directory subtab. 2 Select Upload Kerberos Keytab and click Next. 3 On the Kerberos Keytab Upload page, navigate to the folder where the keytab file is saved and click Apply. When the upload is complete, a message box is displayed indicating a successful or failed upload. 4 When the keytab file uploads successfully, click Go Back To Active Directory Main Menu. Using the CMC With Microsoft Active Directory 239 Enabling Single Sign-On 1 Navigate to Chassis Management Controller Network Security tab→ Active Directory subtab and select Configure Active Directory. 2 On the Active Directory Configuration and Management page, select: • Single Sign-On — this option enables you to log in to the CMC using the cached credentials obtained when you log in to the Active Directory. NOTE: All command line out-of-band interfaces including secure shell (SSH), Telnet, Serial, and remote RACADM remain unchanged for this option. 3 Scroll to the bottom of the page and click Apply. You can test the Active Directory using Kerberos authentication by using the CLI command test feature. Type: testfeature -f adkrb -u @ where user is a valid Active Directory user account. A command success indicates that the CMC is able to acquire Kerberos credentials and access the user's Active Directory account. If the command is not successful, resolve the error and repeat the command. For more information, see Chassis Management Controller Administrator Reference Guide on support.dell.com/manuals. Configuring the Browser For Single Sign-On Login Single Sign-on is supported on Internet Explorer versions 6.0 and later and Firefox versions 3.0 and later. NOTE: The following instructions are applicable only if the CMC uses Single SignOn with Kerberos authentication. Internet Explorer 1 In Internet Explorer, select Tools→Internet Options. 2 On the Security tab, under Select a zone to view or change security settings, select Local Intranet. 3 Click Sites. The Local Intranet dialog box is displayed. 240 Using the CMC With Microsoft Active Directory 4 Click Advanced. The Local Intranet Advance Settings dialog box is displayed. 5 In the Add this site to the zone, type the name of the CMC and the domain it belongs to and click Add. NOTE: You can use a wildcard (*) to specify all devices/users in that domain. Mozilla Firefox 1 In Firefox, type about:config in the Address bar. NOTE: If the browser displays the This might void your warranty warning, click I'll be careful. I promise. 2 In the Filter text box, type negotiate. The browser displays a list of preference names limited to those containing the word negotiate. 3 From the list, double-click network.negotiate-auth.trusted-uris. 4 In the Enter string value dialog box, type the CMC's domain name and click OK. Logging into the CMC Using Single Sign-On NOTE: You cannot use the IP address to log into the Single Sign-On or Smart Card login. Kerberos validates your credentials against the Fully Qualified Domain Name (FQDN). 1 Log into the client system using your network account. 2 Access the CMC Web page using https:// For example, cmc-6G2WXF1.cmcad.lab where cmc-6G2WXF1 is the cmc-name cmcad.lab is the domain-name. NOTE: If you changed the default HTTPS port number (port 80), access the CMC Web page using : , where the cmcname is the CMC host name for the CMC, domain-name is the domain name, and port number is the HTTPS port number. The CMC Single Sign-On page is displayed. Using the CMC With Microsoft Active Directory 241 3 Click Login. The CMC logs you in, using the Kerberos credentials that were cached by your browser when you logged in using your valid Active Directory account. If the login fails, the browser is redirected to the normal CMC login page. NOTE: If you did not log in to the Active Directory domain and are using a browser other then Internet Explorer, the login fails and the browser only displays a blank page. Configuring Smart Card Two-Factor Authentication Traditional authentication schemes use user name and password to authenticate users. Two-factor-authentication, on the other hand, provides a higher-level of security by requiring users to have a password or PIN and a physical card containing a private key or digital certificate. Kerberos, a network authentication protocol, uses this two-factor authentication mechanism allowing systems to prove their authenticity. Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 use Kerberos as their preferred authentication method. Starting with CMC version 2.10, the CMC can use Kerberos to support Smart Card login. NOTE: Selecting a login method does not set policy attributes with respect to other login interfaces, for example, SSH. You must set other policy attributes for other login interfaces as well. If you want to disable all other login interfaces, navigate to the Services page and disable all (or some) login interfaces. System Requirements The "System Requirements" for Smart Card are the same as Single Sign-On. Configuring Settings The "Prerequisites" for Smart Card are the same as Single Sign-On. 242 Using the CMC With Microsoft Active Directory Configuring Active Directory 1 Set up Kerberos realm & Key Distribution Center (KDC) for Active Directory, if not already configured (ksetup). NOTE: Ensure a robust NTP and DNS infrastructure to avoid issues with clock drift & reverse lookup. 2 Create Active Directory users for each CMC, configured to use Kerberos DES encryption but not pre-authentication. 3 Register the CMC users to the Key Distribution Center with Ktpass (this also outputs a key to upload to the CMC). Configuring the CMC NOTE: The configuration steps described in this section apply only to the CMC's Web access. Configure the CMC to use the Standard Schema role group(s) set up in Active Directory. For more information, see "Configuring Standard Schema Active Directory to Access Your CMC." Uploading the Kerberos Keytab File The Kerberos keytab file serves as the CMC's user name and password credentials to the Kerberos Data Center (KDC), which in turns allows access to the Active Directory. Each CMC in the Kerberos realm must be registered with the Active Directory and must have a unique keytab file. To upload the keytab file: 1 Navigate to Remote Access→Configuration tab→Active Directory subtab. 2 Select Upload Kerberos Keytab and click Next. 3 On the Kerberos Keytab Upload page, navigate to the folder where the keytab file is saved and click Apply. When the upload is complete, a message box is displayed indicating a successful or failed upload. 4 When the keytab file uploads successfully, click Go Back To Active Directory Main Menu. Using the CMC With Microsoft Active Directory 243 Enabling Smart Card Authentication 1 Navigate to Chassis Management Controller Network Security tab→ Active Directory subtab and select Configure Active Directory. 2 On the Active Directory Configuration and Management page, select: • Smart Card — this option requires inserting a Smart Card into reader and entering the PIN number. NOTE: All command line out-of-band interfaces including secure shell (SSH), Telnet, Serial, and remote RACADM remain unchanged for this option. 3 Scroll to the bottom of the page and click Apply. You can test the Active Directory using Kerberos authentication by using the CLI command testfeature. Type: testfeature -f adkrb -u @ where user is a valid Active Directory user account. A command success indicates that the CMC is able to acquire Kerberos credentials and access the user's Active Directory account. If the command is not successful, resolve the error and repeat the command. For more information, see the Chassis Management Controller Administrator Reference Guide. Configuring the Browser For Smart Card Login Mozilla Firefox CMC 2.10 does not support Smart Card login through the Firefox browser. Internet Explorer Ensure that the Internet Browser is configured to download Active-X plug-ins. Logging into the CMC Using Smart Card NOTE: You cannot use the IP address to log into the Single Sign-On or Smart Card login. Kerberos validates your credentials against the Fully Qualified Domain Name (FQDN). 1 Log into the client system using your network account. 2 Access the CMC Web page using 244 Using the CMC With Microsoft Active Directory https:// For example, cmc-6G2WXF1.cmcad.lab where cmc-6G2WXF1 is the cmc-name cmcad.lab is the domain-name. NOTE: If you change the default HTTPS port number (port 80), access the CMC Web page using : , where cmcname is the CMC host name for the CMC, domain-name is the domain name, and port number is the HTTPS port number. The CMC Single Sign-On page is displayed prompting you to insert the Smart Card. 3 Insert the Smart Card into the reader and click OK. The PIN pop-up dialog box is displayed. 4 Enter the PIN and click OK. Troubleshooting the Smart Card Login The following tips help you to debug an inaccessible Smart Card: ActiveX plug-in is unable to detect the Smart Card reader Ensure that the Smart Card is supported on the Microsoft Windows operating system. Windows supports a limited number of Smart Card cryptographic service providers (CSPs). Tip: As a general check to see if the Smart Card CSPs are present on a particular client, insert the Smart Card in the reader at the Windows login (Ctrl-Alt-Del) screen and check to see if Windows detects the Smart Card and displays the PIN dialog-box. Using the CMC With Microsoft Active Directory 245 Incorrect Smart Card PIN Check to see if the Smart Card has been locked out due to too many attempts with an incorrect PIN. In such cases, the issuer of the Smart Card in the organization will be able to help you get a new Smart Card. Unable to Log into CMC as an Active Directory User If you cannot log into the CMC as an Active Directory user, try logging into the CMC without enabling the Smart Card logon. You also have the option of disabling the Smart Card Logon through the local RACADM using the following commands: racadm config -g cfgActiveDirectory -o cfgADSCLEnable 0 racadm config -g cfgActiveDirectory -o cfgADSSOEnable 0 246 Using the CMC With Microsoft Active Directory 8 Power Management Overview The Dell™ PowerEdge™ M1000e server enclosure is the most power-efficient modular server in the market. It is designed to include highly-efficient power supplies and fans, has an optimized layout so that air flows more easily through the system, and contains power-optimized components throughout the enclosure. The optimized hardware design is coupled with sophisticated power management capabilities built into the Chassis Management Controller (CMC), power supplies, and iDRAC to allow you to further enhance power efficiency and to have full control over your power environment. The PowerEdge M1000e modular enclosure takes in AC power and distributes the load across all active internal power supply units (PSUs). The system can deliver up to 7928 Watts of AC power that is allocated to server modules and the associated enclosure infrastructure. NOTE: Actual power delivery is based on configuration and workload. The Power Management features of the M1000e help administrators configure the enclosure to reduce power consumption and to tailor power management to their unique requirements and environments. The PowerEdge M1000e enclosure can be configured for any of three redundancy policies that affect PSU behavior and determine how chassis Redundancy state is reported to administrators. AC Redundancy Mode The purpose of the AC redundancy policy is to enable a modular enclosure system to operate in a mode in which it can tolerate AC power failures. These failures may originate in the AC power grid, the cabling and delivery, or a PSU itself. When you configure a system for AC redundancy, the PSUs are divided into matched sets (or grids): PSU slots 1, 2, and 3 in the first grid (Grid A) and PSU slots 4, 5, and 6 in the second grid (Grid B). Each PSU in a matched set Power Management 247 belongs to a different AC power grid and must be cabled as such for proper AC Redundant mode of operation. The load is shared across all active PSUs. The load on a single PSU never exceeds 50 percent of its capacity. With AC redundancy, the system can tolerate the loss of an entire AC power grid or up to 50 percent of its capacity with failures of individual PSUs. The system continues to supply adequate power to the modular enclosure system. The AC Redundancy mode is the factory-default setting for 6 PSU configuration and indicates the chassis is configured for AC Redundancy. NOTE: A system will operate in an AC Redundant mode only if the required conditions have been met. Specifically, each AC power grid must be populated with matched PSUs and the overall load must not exceed the capacity of a single grid. AC Redundancy Levels CMC supports three levels of N+N AC Redundancy—1+1, 2+2, and 3+3. In AC redundancy, the CMC reports all active power supplies as online. This is done to ensure that the system does not experience downtime in the event of a power failure to a grid. If any of the N PSUs in a grid fail, the CMC reports the Enclosure Redundancy Status as No Redundancy. E-mail and/or SNMP alerts are sent to administrators if you have configured the Redundancy Lost event for alerting. • 1+1 AC Redundancy Level — at least one PSU is connected to each AC grid. Figure 8-1. 1+1 Redundancy Level AC Power Grid #1 AC Power Grid #2 Power Supply #1 Empty Slot #2 Empty Slot #3 Power Supply #4 Chassis DC Power Bus 248 Power Management Empty Slot #5 Empty Slot #6 • 2+2 AC Redundancy Level — at least two PSUs are connected to each AC grid. Figure 8-2. 2+2 Redundancy Level AC Power Grid #1 AC Power Grid #2 Power Supply #1 Power Supply #2 Empty Slot #3 Power Supply #4 Power Supply #5 Empty Slot #6 Chassis DC Power Bus • 3+3 AC Redundancy Level — three PSUs are connected to each power grid. Since three PSUs can power the entire enclosure, this configuration is unaffected by the complete failure of one AC grid without loss of power to the enclosure. Figure 8-3. 3+3 Redundancy Level AC Power Grid #1 AC Power Grid #2 Power Supply #1 Power Supply #2 Power Supply #3 Power Supply #4 Power Supply #5 Power Supply #6 Chassis DC Power Bus Power Management 249 NOTE: In the event of a single PSU failure in this configuration, the two remaining PSUs in the failing grid are marked as Online. In this state, either of the remaining PSUs can fail without interrupting operation of the system. If a PSU fails, the chassis health is marked non-critical. If the smaller grid cannot support the total chassis power allocations, AC redundancy status is reported as No Redundancy and Chassis health is displayed as Critical. NOTE: The chassis needs only 3 PSUs to operate all blades. However, there must be a balanced set of PSUs to support AC Redundancy; half of them are considered when calculating power capacities; the other half are marked for AC redundancy. If you install less than the number of PSUs required to operate your servers, redundancy may be reported as No Redundancy or servers may not be allowed to power on. Power Supply Redundancy Mode The power supply redundancy mode is useful when redundant power grids are not available, but you may want to be protected against a single PSU failure bringing down your servers in a modular enclosure. One PSU's capacity over the allocation requirements is kept in online reserve for this purpose. This forms a Power Supply redundancy pool. Any PSU installed outside this pool is not used. These PSUs join the redundancy pool if any PSU in the pool fails. Power Supply Redundancy Levels CMC supports three levels of Power Supply Redundancy—1+1, 2+1, and 3+1. This option keeps the additional PSU engaged at all times to ensure that the failure of a single PSU can always be tolerated. Although Figure 8-4 illustrates a configuration of four PSU present in the first four PSU slots, CMC does not require the four PSU units to be present in any specific PSU slot positions. Dynamic Power Supply Engagement (DPSE) allows PSUs to be placed in standby. The standby state indicates a physical state (OFF). When you enable DPSE, the extra PSUs are placed in Standby mode to increase efficiency and save power. 250 Power Management Figure 8-4. Power Supply Redundancy: 3+1 PSU Redundancy Power Supply #1 Power Supply #2 Power Supply #3 Power Supply #4 Empty Slot #5 Empty Slot #6 Chassis DC Power Bus Dual or Single Power Grid: Power Supply Redundancy protects against failure of a single power supply. No Redundancy Mode The no redundancy mode is the factory default setting for 3 PSU configuration and indicates that the chassis does not have any power redundancy configured. In this configuration, the overall redundancy status of the chassis always indicates No Redundancy. Although Figure 8-5 illustrates the three PSUs present in the first three PSU slots, CMC does not require the three PSU units to be present in any specific PSU slot positions. NOTE: All active PSU in the chassis are listed as Online and any additional PSU may be turned off for increasing power efficiency and is marked as Standby if DPSE is enabled. All PSUs in the chassis are listed as Online if DPSE is disabled in No Redundancy mode. Power Management 251 Figure 8-5. No Redundancy AC Power Grid #1 Power Supply #1 Power Supply #2 Power Supply #3 Empty Slot #4 Empty Slot #5 Empty Slot #6 Chassis DC Power Bus Single Power Grid: No protection against grid or power supply failure A PSU failure brings the other PSUs out of Standby mode, as needed, to support the chassis power allocations. If you have 4 PSUs and one fails, the fourth PSU is brought online. A chassis can have a maximum of 6 PSUs online. When you enable DPSE, the extra PSUs are placed in Standby mode to increase efficiency and save power. Power Budgeting for Hardware Modules Figure 8-6 illustrates a chassis that contains a six-PSU configuration. The PSUs are numbers 1-6, starting on the left-side of the enclosure. 252 Power Management Figure 8-6. Chassis With Six-PSU Configuration PSU1 PSU2 PSU3 PSU4 PSU5 PSU6 The CMC maintains a power budget for the enclosure that reserves the necessary wattage for all installed servers and components. The CMC allocates power to the CMC infrastructure and the blade servers in the chassis. The CMC infrastructure consists of components in the chassis, such as fans, I/O modules, and iKVM (if present). The chassis may have up to 16 blade servers that communicate to the chassis through the iDRAC. For more information, see the iDRAC User’s Guide at support.dell.com/manuals. The iDRAC provides the CMC with its power envelope requirements before powering up the blade server. The power envelope consists of the maximum and minimum power requirements that could keep the server operating. iDRAC’s initial estimate is based on a worst-case model where all components in the blade server draw maximum power and are often higher than the actual blade requirements. When a server is powered-up in an enclosure, the iDRAC software re-estimates the power requirements and requests a subsequent change in the power envelope (usually a reduced power envelope). Power Management 253 The CMC grants the requested power to the blade server, and the allocated wattage is subtracted from the available budget. Once the server is granted a power request, the server's iDRAC software continuously monitors the actual power consumption. Depending on the actual power requirements, the iDRAC power envelope may change over time. iDRAC requests a power step-up only if the servers are fully consuming the allocated power. However, under heavy load the performance of the server’s processors may be degraded to ensure power consumption stays below or if the user-configured System Input Power Cap if the Cap has been lowered from the factory default setting. The PowerEdge M1000e enclosure can supply enough power for peak performance of most server configurations, but many available server configurations do not consume the maximum power that the enclosure can supply. To help data centers provision power for their enclosures, the M1000e allows you to specify a System Input Power Cap to ensure that the overall chassis AC power draw stays under a given threshold. The CMC first ensures enough power is available to run the fans, IO Modules, iKVM (if present), and the CMC itself. This power allocation is called the Input Power Allocated to Chassis Infrastructure. Once the servers in an enclosure are powered up, any attempt to set a lower System Input Power Cap that would require a server to power off to fulfill this requirement will fail. If necessary for the total power budget to stay below the value of the System Input Power Cap, the CMC will allocate servers a value less than their maximum requested power. Servers are allocated power based on their Server Priority setting, with priority 1 servers getting maximum power, priority 2 servers getting power after priority 1 servers, and so on. Lower priority servers may get less power than priority 1 servers based on System Input Max Power Capacity and user-configured setting of System Input Power Cap. Configuration changes, such as an additional server in the chassis, may require the System Input Power Cap to be increased. Power needs in a modular enclosure also increase when thermal conditions change and the fans are required to run at higher speed, which causes them to consume additional power. Insertion of I/O modules and iKVM also increases the power needs of the modular enclosure. A fairly small amount of power is consumed by servers even when they are powered down to keep the management controller powered up. Additional servers can be powered up in modular enclosure only 254 Power Management if sufficient power is available. The System Input Power Cap can be increased any time up to a maximum value of 7928 watts to allow the power up of additional servers. Changes in the modular enclosure that reduce power allocation are server power off, server, I/O module, or iKVM removal, and transition of the chassis to a powered off state. You can reconfigure the System Input Power Cap when chassis is either ON or OFF. Server Slot Power Priority Settings The CMC allows you to set a power priority for each of the sixteen server slots in an enclosure. The priority settings are 1 (highest) through 9 (lowest). These settings are assigned to slots in the chassis, and the slot's priority is inherited by any server inserted in that slot. The CMC uses slot priority to preferentially budget power to the highest priority servers in the enclosure. According to the default server slot priority setting, power is equally apportioned to all slots. Changing the slot priorities allows administrators to prioritize which servers are given preference for power allocations. If the more critical server modules are left at their default slot priority of 1, and the less critical server modules are changed to lower priority value of 2 or higher, the priority 1 server modules would be powered on first. These higher priority servers would then get their maximum power allocation, while lower priority servers may be not be allocated enough power to run at their maximum performance or they may not even power on at all, depending on how low the limit is set and the server power requirements. If an administrator manually powers on the low priority server modules before the higher priority ones, the low priority server modules will be the first modules to have their power allocation lowered to the minimum value. Once the available power allocation is exhausted, CMC reclaims power from lower or equal priority servers up to their minimum power level. NOTE: I/O modules, fans, and iKVM (if present) are designated the highest priority. CMC reclaims power only to meet the power needs of a higher priority module or server. Power Management 255 Dynamic Power Supply Engagement Dynamic Power Supply Engagement (DPSE) mode is disabled by default. DPSE saves power by using the minimum PSUs needed to power the chassis, resulting in increased utilization of online PSUs and thus increasing their efficiency. This results in increased PSU life, reduced heat generation, and power savings by operating power supplies at more efficient power levels. The CMC monitors total enclosure power allocation, and moves the PSUs that are not required into Standby state, causing the total power allocation of the chassis to be delivered through fewer PSUs. Since the online PSUs are more efficient when running at higher utilization, this improves their efficiency while also improving longevity of the standby PSUs. The system runs most efficiently with as few active PSUs as possible, therefore: 256 • No Redundancy mode with DPSE is highly power efficient, with only the minimum PSUs online. Unneeded PSUs are placed in standby mode. • PSU Redundancy mode with DPSE also provides power efficiency. At least two supplies are active, with one PSU required to power the configuration and one to provide redundancy in case of PSU failure. PSU Redundancy mode offers protection against the failure of any one PSU, but offers no protection in the event of an AC grid loss. • AC Redundancy mode with DPSE, where at least two of six supplies are active, one on each power grid, provides a good balance between efficiency and maximum availability for a partially-loaded modular enclosure configuration. • Disabling DPSE provides the lowest efficiency as all six supplies are active and share the load, resulting in lower utilization of each power supply. Power Management DPSE can be enabled for all three power supply redundancy configurations explained above—No Redundancy, Power Supply Redundancy, and AC Redundancy. • In a No Redundancy configuration with DPSE, the M1000e can have up to five power supply units in Standby state. In a six PSU configuration, some PSU units will be placed in Standby and stay unutilized to improve power efficiency. Removal or failure of an online PSU in this configuration will cause a PSU in Standby state to become Online; however, standby PSUs can take up to 2 seconds to become active, so some server modules may lose power during the transition in the No Redundancy configuration. NOTE: In a three PSU configuration, server load may prevent any PSUs from transitioning to Standby. • In a Power Supply Redundancy configuration, the enclosure always keeps an additional PSU powered on and marked Online in addition to the PSUs required to power the enclosure. Power utilization is monitored and up to four PSUs could be moved to Standby state depending on the overall system load. In a six PSU configuration, a minimum of two power supply units are always powered on. Since an enclosure in the Power Supply Redundancy configuration always has an extra PSU engaged, the enclosure can tolerate the loss of one online PSU and still have enough power for the installed server modules. The loss of the online PSU causes a standby PSU to come online. Simultaneous failure of multiple PSUs may result in the loss of power to some server modules while the standby PSUs are powering up. • In AC Redundancy configuration, all power supplies are engaged at chassis power up. Power utilization is monitored, and if system configuration and power utilization allows, PSUs are moved to the Standby state in pairs— one from each AC grid (except in the 1+1 redundancy level). Since the Online status of PSUs in a grid mirrors that of the other grid, the enclosure can sustain the loss of power to an entire grid with no interruption of power to the enclosure. An increase in power demand in the AC Redundancy configuration will cause the engagement of PSUs from the Standby state in pairs—one from each AC grid (except in the 1+1 redundancy level). This maintains the mirrored configuration needed for dual-grid redundancy. NOTE: With DPSE Enabled, the Standby PSUs are brought Online to reclaim power if power demand increases in all three Power Redundancy policy modes. Power Management 257 Redundancy Policies Redundancy policy is a configurable set of properties that determine how the CMC manages power to the chassis. The following redundancy policies are configurable with or without dynamic PSU engagement: • AC Redundancy • Power Supply Redundancy • No Redundancy The default redundancy configuration for a chassis depends on how many PSUs it contains, as shown in Table 8-1. Table 8-1. Default Redundancy Configuration PSU Configuration Default Redundancy Policy Default Dynamic PSU Engagement Setting Six PSUs AC Redundancy Disabled Three PSUs No Redundancy Disabled AC Redundancy In AC Redundancy mode with six PSUs, all six PSUs are active. The three PSUs on the left must connect to one AC power grid, while the three PSUs on the right connect to another AC power grid. CAUTION: To avoid a system failure and for AC Redundancy to work effectively, there must be a balanced set of PSUs properly cabled to separate AC grids. If one AC grid fails, the three PSUs on the functioning AC grid take over without interruption to the servers or infrastructure. CAUTION: In AC redundancy mode, you must have a balanced set of PSUs (at least one PSU in each grid). If this condition is not met, there is a possibility of a loss of redundancy. Power Supply Redundancy When power supply redundancy is enabled, a PSU in the chassis is kept as a spare, ensuring that the failure of any one PSU does not cause the servers or chassis to power-down. Power Supply Redundancy mode requires up to four PSUs. Additional PSUs, if present, will be utilized to improve power efficiency of the system if DPSE is enabled. Subsequent failures after loss of redundancy may cause the servers in the chassis to power down. 258 Power Management No Redundancy Power from up to three PSUs is used to power the entire chassis. So in a 6-PSU chassis, a chassis continues to operate at full capacity if any 3 PSUs fail. CAUTION: The No Redundancy mode uses only three PSUs without a backup. Failure of one of the three PSUs being used could cause servers to lose power and data. Power Conservation and Power Budget Changes The CMC performs power conservation when the user-configured maximum power limit is reached. When the demand for power exceeds the user configured System Input Power Cap, the CMC reduces power to servers in reverse-priority order to free power for higher priority servers and other modules in the chassis. If all or multiple slots in the chassis are configured with the same priority level, the CMC decreases power to servers in increasing slot number order. For example, if the servers in slots 1 and 2 have the same priority level, the power for the server in slot 1 is decreased before that of the server in slot 2. NOTE: You can assign a priority level to each of the servers in the chassis by giving each server a number from 1 through 9. The default priority level for all servers is 1. The lower the number, the higher the priority level. For instructions on assigning server priority levels, see "Using RACADM." You can assign server priority using the GUI: 1 Click Servers in the system tree. 2 Select the Power Management tab→Priority sub-tab. PSU Failure With Degraded or No Redundancy Policy The CMC decreases power to servers when an insufficient power event occurs, such as a PSU failure. After decreasing power on servers, the CMC re-evaluates the power needs of the chassis. If power requirements are still not met, CMC may also power off the lower priority blade servers. Power for higher priority servers is restored incrementally while power needs remain within the power budget. NOTE: To set the redundancy policy, see "Configuring Power Budget and Redundancy." Power Management 259 New Server Engagement Policy When a new server is powered on, the CMC may need to decrease power to lower priority servers to allow more power for the new server if adding the new server exceeds the power available for the chassis. This could happen if the administrator has configured a power limit for the chassis that is below what would be required for full power allocation to the servers, or if insufficient power is available for the worst-case power need of all servers in the chassis. If enough power cannot be freed by reducing the allocated power of the lower priority servers, the new server may not be allowed to power up. The highest amount of sustained power required to run the chassis and all of the servers, including the new one, at full power is the worst-case power requirement. If that amount of power is available, then no servers are allocated power that is less than the worst-case power needed and the new server is allowed to power up. If the worst-case power requirement cannot be met, power is reduced to the lower priority servers until enough power is freed to power up the new server. Table 8-2 describes the actions taken by the CMC when a new server is powered on in the scenario described above. Table 8-2. CMC Response When a Server Power-On is Attempted Worst Case Power CMC Response is Available Server Power On Yes No power conservation is required Allowed No Perform power conservation: • Power required for new server is available Allowed • Power required for new server is not available Disallowed If a PSU fails, it results in a non-critical health state and a PSU failure event is generated. The removal of a PSU results in a PSU removal event. If either event results in a loss of redundancy, based on power allocations, a loss of redundancy event is generated. If the subsequent power capacity or the user power capacity is greater than the server allocations, servers will have degraded performance or, in a worse case, servers may be powered down. Both conditions are in reverse-priority order, that is, the lower priority servers are powered down first. 260 Power Management Table 8-3 describes the firmware response to a PSU power down or removal as it applies to various PSU redundancy configurations. Table 8-3. Chassis Impact from PSU Failure or Removal PSU Configuration Dynamic PSU Firmware Response Engagement AC Redundancy Disabled CMC alerts you of loss of AC Redundancy. Power Supply Redundancy Disabled CMC alerts you of loss of Power Supply Redundancy. No Redundancy Disabled Decrease power to low priority servers, if needed. AC Redundancy Enabled CMC alerts you of loss of AC Redundancy. PSUs in standby mode (if any) are turned on to compensate for power budget lost from the PSU failure or removal. Power Supply Redundancy Enabled CMC alerts you of loss of Power Supply Redundancy. PSUs in standby mode (if any) are turned on to compensate for power budget lost from PSU failure or removal. No Redundancy Enabled Decrease power to low priority servers, if needed. PSU Removals With Degraded or No Redundancy Policy The CMC may begin conserving power when you remove a PSU or a PSU AC cord. The CMC decreases power to the lower priority servers until power allocation is supported by the remaining PSUs in the chassis. If you remove more than one PSU, the CMC evaluates power needs again when the second PSU is removed to determine the firmware response. If power requirements are still not met, CMC may power off the lower priority blade servers. Power Management 261 Limits • The CMC does not support automated power-down of a lower priority server to allow power up of a higher priority server; however, you can perform user-initiated power-downs. • Changes to the PSU redundancy policy are limited by the number of PSUs in the chassis. The M1000e chassis ships with one of two configurations: three PSUs or six PSUs. You can select any of the three PSU redundancy configuration settings listed in "Redundancy Policies." Power Supply and Redundancy Policy Changes in System Event Log Changes in the power supply state and power redundancy policy are recorded as events. Events related to the power supply that record entries in the system event log (SEL) are power supply insertion and removal, power supply input insertion and removal, and power supply output assertion and de-assertion. Table 8-4 lists the SEL entries that are related to power supply changes. Table 8-4. SEL Events for Power Supply Changes Power Supply Event System Event Log (SEL) Entry Insertion power supply presence was asserted Removal power supply presence was de-asserted AC input received power supply input lost was de-asserted AC input lost power supply input lost was asserted DC output produced power supply failure was de-asserted DC output lost power supply failure was asserted Events related to changes in the power redundancy status that record entries in the SEL are redundancy loss and redundancy regain for the modular enclosure that is configured for either an AC Redundancy power policy or Power Supply Redundancy power policy. A modular enclosure that is configured in the Non Redundant power policy records a SEL entry for insufficient resources, Non Redundant power policy is recorded when the functional power supply count drops below the enclosure minimum of three power supplies. Similarly, when the functional power supply count is restored, a SEL entry for sufficient resources, Non Redundant power policy, is recorded. Table 8-5 lists the SEL entries related to power redundancy policy changes. 262 Power Management Table 8-5. SEL Events for Power Redundancy Status Changes Power Policy Event System Event Log (SEL) Entry Redundancy lost redundancy lost was asserted Redundancy regained redundancy regained was asserted Redundancy Status and Overall Power Health The redundancy status is a factor in determining the overall power health. When the power redundancy policy is set, for example, to AC Redundancy and the redundancy status indicates that the system is operating with redundancy, the overall power health will typically be OK. However, if the conditions for operating with AC redundancy cannot be met, the redundancy status will be No, and the overall power health will be Critical. This is because the system is not able to operate in accordance with the configured redundancy policy. NOTE: The CMC does not perform a pre-check of these conditions when you change the redundancy policy to or from AC redundancy. So, configuring the redundancy policy may immediately result in redundancy lost or a regained condition. Configuring and Managing Power You can use the Web-based and RACADM interfaces to manage and configure power controls on the CMC. Specifically, you can: • View power allocations, consumption, and status for the chassis, servers, and PSUs • Configure System Input Power Cap and Redundancy Policy for the chassis • Execute power control operations (power-on, power-off, system reset, power-cycle) for the chassis Viewing the Health Status of the PSUs The Power Supply Status page displays the status and readings of the PSUs associated with the chassis. Power Management 263 Using the Web Interface The PSU health status can be viewed in two ways: from the Chassis Graphics section on the Chassis Status page or the Power Supply Status page. The Chassis Graphics page provides a graphical overview of all PSUs installed in the chassis. To view health status for all PSUs using Chassis Graphics: 1 Log in to the CMC Web interface. 2 The Chassis Status page is displayed. The right section of Chassis Graphics depicts the rear view of the chassis and contains the health status of all PSUs. PSU health status is indicated by the color of the PSU subgraphic: • Green — PSU is present, powered on and communicating with the CMC; there is no indication of an adverse condition. • Amber — Indicates a PSU failure. See the CMC log for details on the failure condition. • Gray — Occurs during PSU initialization and usually during Chassis power up or PSU insertion. PSU is present and not powered on. It is not communicating with the CMC and there is no indication of an adverse condition. 3 Use the cursor to hover over the an individual PSU subgraphic and a corresponding text hint or screen tip is displayed. The text hint provides additional information on that PSU. 4 The PSU subgraphic is hyperlinked to the corresponding CMC GUI page to provide immediate navigation to the Power Supply Status page for all PSUs. To view the health status of the PSUs using Power Supply Status: 1 Log in to the CMC Web interface. 2 Select Power Supplies in the system tree. The Power Supply Status page displays. Table 8-6 and Table 8-7 provide descriptions of the information provided on the Power Supply Status page. 264 Power Management Table 8-6. Power Supply Health Status Information Item Description Name Displays the name of the power supply unit: PS-[n], where [n] is the power supply number. Present Indicates whether the PSU is Present or Absent. Health OK Indicates that the PSU is present and communicating with the CMC. In the event of a communication failure between the CMC and the power supply, the CMC cannot obtain or display health status for the PSU. Warning Indicates that only Warning alerts have been issued, and corrective action must be taken. If corrective actions are not taken within the administrator-specified time, it could lead to critical or severe power failures that can affect the integrity of the chassis. Severe Indicates at least one Failure alert has been issued for the power supply. Severe status indicates a power failure on the chassis, and corrective action must be taken immediately. Power Status Indicates the power state of the power supplies (one of the following): Initializing, Online, Stand By, In Diagnostics, Failed, Offline, Unknown, or Absent. Capacity Displays the power supply’s capacity in watts. Table 8-7. System Power Health Status Information Item Description Overall Power Health Indicates the health status (OK, Non-Critical, Critical, Non-Recoverable, Other, Unknown) of the power management for the entire chassis. System Power Status Displays the power status (On, Off, Powering On, Powering Off) of the chassis. Redundancy Indicates the power supply redundancy status. Values include: No: Power Supplies are not redundant. Yes: Full Redundancy in effect. Power Management 265 Using RACADM Open a serial/Telnet/SSH text console to the CMC, log in, and type: racadm getpminfo For more information about getpminfo, including output details, see the Chassis Management Controller Administrator Reference Guide on the Dell Support website at support.dell.com. Viewing Power Consumption Status The CMC provides the actual input power consumption for the entire system on the Power Consumption Status page. Using the Web Interface NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Power Management tab - Power Consumption subtab. The Power Consumption page displays. Table 8-8 through Table 8-11 describe the information displayed on the Power Consumption page. NOTE: You can also view the power redundancy status under Power Supplies in the System tree→Status tab. Using RACADM Open a serial/Telnet/SSH text console to the CMC, log in, and type: racadm getpminfo 266 Power Management Table 8-8. Real-Time Power Statistics Item Description System Input Power Displays the current cumulative power consumption of all modules in the chassis measured from the input side of the PSUs. The value for system input power is indicated in both watts and BTU/h units. Peak System Power Displays the maximum system level input power consumption since the value was last cleared. This property allows you to track the maximum power consumption by the system (chassis and modules) recorded over a period of time. Click the Configuration sub-tab on the Budget Status page to clear this value. The value for peak system power is indicated in both watts and BTU/h units. Peak System Displays the date and time recorded when the peak system power Power Start Time consumption value was last cleared. The timestamp is displayed in the format hh:mm:ss MM/DD/YYYY, where hh is hours (0-24), mm is minutes (00-60), ss is seconds (00-60), MM is the month (1-12), DD is the day (1-31), and YYYY is the year. This value is reset with the Reset Peak/Min Power Statistics button and also when the CMC resets or fails over. Peak System Displays the date and time recorded when the peak system power Power Timestamp consumption value occurred over the time period being recorded. The timestamp is displayed in the format hh:mm:ss MM/DD/YYYY, where hh is hours (0–24), mm is minutes (00–60), ss is seconds (00–60), MM is the month (1–12), DD is the day, 1–31, and YYYY is the year. Minimum System Displays the minimum system level AC power consumption value Power (in watts) over the time since the user last cleared this value. This property allows you to track the minimum power consumption by the system (chassis and modules) recorded over a period of time. Click the Configuration sub-tab on the Budget Status page to clear this value. The value for minimum system power is displayed in both the watts and BTU/h units. This value is reset with the Reset Peak/Min Power Statistics button and also when the CMC resets or fails over. Power Management 267 Table 8-8. Real-Time Power Statistics (continued) Item Description Minimum System Displays the date and time recorded when the minimum system Power Start Time power consumption value was last cleared. The timestamp is displayed in the format hh:mm:ss MM/DD/YYYY, where hh is hours (0-24), mm is minutes (00-60), ss is seconds (00-60), MM is the month (1-12), DD is the day (1-31), and YYYY is the year. This value is reset with the Reset Peak/Min Power Statistics button and also when the CMC resets or fails over. Minimum System Displays the date and time recorded when the minimum system Power Timestamp power consumption occurred over the time period being recorded. The format of the timestamp is the same as described for Peak System Power Timestamp. System Idle Power Displays the estimated power consumption of the chassis when it is in idle state. The idle state is defined as the state of the chassis while it's ON and all modules are consuming power while in the idle state. This is an estimated value and not a measured value. It is computed as the cumulative power allocated to chassis infrastructure components (I/O modules, fans, iKVM, iDRAC controllers and front panel LCD) and the minimum power requirement of all servers that have been allocated power and that are in the powered-on state. The value for system idle power is displayed in both watts and BTU/h units. System Potential Power Displays the estimated power consumption of the chassis when it is operating at maximum power. The maximum power consumption is defined as the state of the chassis while it is ON and all modules are consuming maximum power. This is an estimated value derived from historical aggregate power consumption of the system configuration and not a measured value. It is computed as the cumulative power allocated to chassis infrastructure components (I/O modules, fans, iKVM, iDRAC controllers and the front panel LCD) and the maximum power requirement of all servers that have been allocated power and are in the powered-on state. The value for system potential power is displayed in both watts and BTU/h units. System Input Current Reading Displays the total input current draw of the chassis based on the sum of the input current draw of each of the individual PSU modules in the chassis. The value for system input current reading is displayed in Amps. 268 Power Management Table 8-9. Real-Time Energy Statistics Status Item Description System Energy Consumption Displays the current cumulative energy consumption for all modules in the chassis measured from the input side of the power supplies. The value is displayed in KWh and it is a cumulative value. System Energy Consumption Start Time Displays the date and time recorded when the system energy consumption value was last cleared, and the new measurement cycle began. The timestamp is displayed in the format hh:mm:ss MM/DD/YYYY, where hh is hours (0-24), mm is minutes (00-60), ss is seconds (00-60), MM is the month (1-12), DD is the day (1-31), and YYYY is the year. This value is reset with the Reset Energy Statistics button, but will persist through a CMC reset or fail over operation. System Energy Consumption Timestamp Displays the date and time when the system energy consumption was calculated for display. The timestamp is displayed in the format hh:mm:ss MM/DD/YYYY, where hh is hours (0-24), mm is minutes (00-60), ss is seconds (00-60), MM is the month (1-12), DD is the day (1-31), and YYYY is the year. Table 8-10. System Power Status Item Description Overall Power Health Indicates the health status (OK, Non-Critical, Critical, Non-Recoverable, Other, Unknown) of the chassis’ power subsystem. System Power Status Redundancy Displays the power status (On, Off, Powering On, Powering Off) of the chassis. Indicates the redundancy status. Valid values are: No — PSUs are not redundant Yes — full redundancy in effect Power Management 269 Table 8-11. Server Modules Item Description Slot Displays the location of the server module. The Slot is a sequential number (1–16) that identifies the server module by its location within the chassis. Name Displays the server name. The server name can be redefined by the user. Present Displays whether the server is present in the slot (Yes or No). If this field displays Extension of # (where the # will be 1-8), then number that follows it is the main slot of a multi-slot server. Actual (AC) Real-time measurement of the actual power consumption of the server. The measurement is displayed in watts AC. Cumulative Power Start Time Real-time measurement of the cumulative power that the server has consumed since the time displayed in the Start Time field. The measurement is presented in KiloWatt Hour (kWh) units. Peak Consumption Time Stamp Displays the peak power that the server consumed at one time. The time when the peak power consumption occurred is recorded in the Time Stamp field. The measurement is displayed in watts. Viewing Power Budget Status The CMC provides power status overviews of the power subsystem on the Power Budget Status page. Using the Web Interface NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Power Management tab. The Power Budget Status page displays. 270 Power Management Table 8-12 through Table 8-15 describe the information displayed on the Power Budget Status page. See "Configuring Power Budget and Redundancy" for information about configuring the settings for this information. Using RACADM Open a serial/Telnet/SSH text console to the CMC, log in, and type: racadm getpbinfo For more information about getpbinfo, including output details, see the getpbinfo command section in the Chassis Management Controller Administrator Reference Guide. Table 8-12. System Power Policy Configuration Item Description System Input Power Cap Displays the user configured maximum power consumption limit for the entire system (chassis, CMC, servers, I/O modules, power supply units, iKVM, and fans). The CMC will enforce this limit via reduced server power allocations, or by powering off lower priority server modules. The value for system input power cap is displayed in watts, BTU/h and percent units. If the chassis power consumption exceeds the System Input Power Cap, then the performance of lower priority servers is reduced until total power consumption falls below the cap. In cases where the servers are set to the same priority, then the selection of the server for power reduction, or power-off action, is based on the server slot number order. For example, the server in slot 1 is selected first and the server in slot 16 is selected last. Power Management 271 Table 8-12. System Power Policy Configuration (continued) Item Description Redundancy Policy Indicates the current redundancy configuration: AC Redundancy, Power Supply Redundancy, and No Redundancy. AC Redundancy—Power input is load-balanced across all PSUs. Half of them should be cabled to one AC grid and the other half should be cabled to another grid. When the system is running optimally in AC Redundancy mode, power is load-balanced across all active supplies. In case of a grid failure, the PSUs on the functioning AC grid take over at 100% capacity. Power Supply Redundancy — The capacity of the highest-rated PSU in the chassis is held in reserve, ensuring that a failure of any one PSU does not cause the server modules or chassis to power down. Power Supply Redundancy does not use all six PSUs; it uses a maximum of four PSUs and the other PSUs may be placed in Standby mode if DPSE is enabled. No Redundancy — The power from all three PSUs on one AC circuit (grid) is used to power the entire chassis, including the chassis, servers, I/O modules, iKVM, and CMC. CAUTION: The No Redundancy mode uses only three PSUs at a time, with no backup. Failure of one of the three PSUs in use could cause the server modules to lose power and data. Dynamic Power Indicates whether Dynamic Power Supply Engagement is Supply enabled or disabled. Enabling this feature allows the CMC to put Engagement under-utilized PSUs into standby mode based on the redundancy policy that is set and the power requirements of the system. Putting under-utilized PSUs into standby mode increases the utilization, and efficiency, of the online PSUs, saving power. 272 Power Management Table 8-13. Power Budgeting Item Description System Input Max Power Capacity Maximum input power that the available power supplies can supply to the system (in watts). Input Redundancy Reserve Displays the amount of redundant power (in watts) in reserve that can be utilized in the event of an AC grid or power supply unit (PSU) failure. When the chassis is configured to operate in AC Redundancy mode, the Input Redundancy Reserve is the amount of reserve power that can be utilized in the event of an AC grid failure. When the chassis is configured to operate in Power Supply Redundancy mode, the Input Redundancy Reserve is the amount of reserve power that can be utilized in the event of a specific PSU failure. Input Power Allocated to Servers Displays (in watts) the cumulative input power the CMC is allocating to servers based on their configuration. Input Power Allocated to Chassis Infrastructure Displays (in watts) the cumulative input power the CMC is allocating to the chassis infrastructure (Fans, IO modules, iKVM, CMC, Standby CMC and iDRAC on servers). Total Input Indicates the total chassis power budget, in watts, available for Power Available chassis operation. for Allocation Standby Input Displays the amount of standby input power (in watts) that is Power Capacity available in the event of a Power Supply fault or Power Supply removal from the system. This field may show readings when the system has four or more power supplies and the Dynamic Power Supply Engagement is enabled. NOTE: It is possible to see a PSU in standby mode but not contribute to the Standby Input Power Capacity value. In this case, the watts from this PSU are contributing to the Total Input Power Available for Allocation value. Power Management 273 Table 8-14. Server Modules Item Description Slot Displays the location of the server module. The Slot is a sequential number (1–16) that identifies the server module by its location within the chassis. Name Displays the server name. The server name can be redefined by the user. Type Displays the type of the server. Priority Indicates the priority level allotted to the server slot in the chassis for power budgeting. The CMC uses this value in its calculations when power must be reduced or reallocated based on user-defined power limits or power supply or power grid failures. Priority levels: 1 (highest) through 9 (lowest) Default: 1 NOTE: Server slot priority level is associated with the server slot—not with the server inserted into the slot. If you move a server to a different slot in the chassis or to a different chassis, the priority previously associated with new slot determines the priority of the relocated server. Power State Displays the power status of the server: • N/A: The CMC has not determined the power state of the server. • Off: Either the server or chassis is off. • On: Both chassis and server are on. • Powering On: Temporary state between Off and On. When the powering on cycle completes, the Power State will change to On. • Powering Off: Temporary state between On and Off. When the powering off cycle completes, the Power State will change to Off. Budget Allocation Actual 274 Displays the power budget allocation for the server module. • Actual: Current power budget allocation for each server. Power Management Table 8-15. System Power Supplies Item Description Name Displays the name of the PSU in the format PS-n, where n, is the PSU number. Power State Indicates the power state of the PSU — Initializing, Online, Stand By, In Diagnostics, Failed, Unknown, or Absent (missing). Input Volts Displays the present input voltage of the power supply. Input Current Displays the present input current of the power supply. Output Rated Power Displays the maximum output power rating of the power supply. Configuring Power Budget and Redundancy The CMC’s power management service optimizes power consumption for the entire chassis (the chassis, servers, IOMs, iKVM, CMC, and PSUs) and re-allocates power to different modules based on the demand. Using the Web Interface NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Power Management tab→Configuration sub-tab. The Budget/Redundancy Configuration page displays. 4 Set any or all of the properties described in Table 8-16 according to your needs. 5 Click Apply to save your changes. To refresh the content on the Budget/Redundancy Configuration page, click Refresh. To print the contents, click Print. Power Management 275 Table 8-16. Configurable Power Budget/Redundancy Properties Item Description System Input Power Cap System Input Power Cap is the maximum AC power that the system is allowed to allocate to servers and chassis infrastructure. It can be configured by the user to any value that exceeds the minimum power needed for servers that are powered on and the chassis infrastructure; configuring a value that falls below the minimum power needed for servers and the chassis infrastructure will fail. The power allocated to Servers and Chassis Infrastructure can be found in the User Interface on the Chassis→Power Management→Power Budget status page under Power Budgeting section or by using the CLI RACADM utility command (racadm getpbinfo). Users can power off one or more server(s) to lower the current power allocation, and re-attempt setting a lower value for System Input Power Cap (if desired) or simply configure the cap prior to powering on the servers. To change this setting, it is possible to enter a value in any of the units. The interface ensures that the unit field that was last changed will be the value that is submitted when those changes are applied. NOTE: See the Datacenter Capacity Planner (DCCP) tool at www.dell.com/calc for capacity planning. NOTE: When value changes are specified in watts, the submitted value will exactly reflect what is actually applied. However, when the changes are submitted in either of the BTU/h or percent units, the submitted value may not exactly reflect what is actually applied. This is because these units are converted to watts and then applied; and the conversion will be susceptible to some rounding error. 276 Power Management Table 8-16. Configurable Power Budget/Redundancy Properties (continued) Item Description Redundancy Policy This option allows you to select one the following options: • No Redundancy: Power from all three power supplies on one AC circuit (grid) is used to power-on the entire chassis, including the chassis, servers, I/O modules, iKVM, the and CMC. NOTE: The No Redundancy mode uses only three power supplies at a time. If 3 PSUs are installed, then there is no backup available. Failure of one of the three power supplies being used could cause the servers to lose power and/or data. If more than three PSUs are present, then the additional PSUs may be placed in Standby mode for improving power efficiency if DPSE is enabled. • Power Supply Redundancy: The capacity of the highest-rated power supply in the chassis is kept in reserve, ensuring that a failure of any one power supply will not cause the server modules or chassis to power down (hot spare). Power Supply Redundancy mode does not utilize all six power supplies, but rather a maximum of four and a minimum of two power supplies. Any additional power supplies, if present, may be placed in Standby mode for improving power efficiency if DPSE is enabled. Power Supply Redundancy mode prevents server modules from powering up if the power consumption of the chassis exceeds the rated power. Failure of two power supplies may cause some or all server modules in the chassis to power down. Server module performance is not degraded in this mode. • AC Redundancy: This mode divides half the PSUs into two power grids (for example, PSUs 1-3 making up power grid 1 and PSUs 4-6 making up power grid 2). In this configuration, all six PSUs are online. Failure of a PSU or loss of AC power to one grid will report the redundancy status as lost. Power Management 277 Table 8-16. Configurable Power Budget/Redundancy Properties (continued) Item Description Enable Dynamic Power Supply Engagement Enables (when checked) dynamic power management. In Dynamic Engagement mode, the power supplies are turned ON (online) or OFF (standby) based on power consumption, optimizing the energy consumption of the entire chassis. For example, your power budget is 5000 watts, your redundancy policy is set to AC redundancy mode, and you have six power supply units. The CMC determines that four of the power supply units can manage the AC redundancy while the other two remain in standby mode. If an additional 2000W of power is needed for newly installed servers or power efficiency of the existing system configuration is required to be improved, then the two standby power supply units are engaged. Disable Chassis Power Button Disables (when checked) the chassis power button. If the check box is selected and you attempt to change the power state of the chassis by pressing the chassis power button, the action is ignored. Using RACADM To enable redundancy and set the redundancy policy: NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. 1 Open a serial/Telnet/SSH text console to the CMC and log in. 2 Set properties as needed: • To select a redundancy policy, type: racadm config -g cfgChassisPower -o cfgChassisRedundancyPolicy where can be 0 (No Redundancy), 1 (AC Redundancy), 2 (Power Supply Redundancy). The default is 0. 278 Power Management For example, the following command: racadm config -g cfgChassisPower -o cfgChassisRedundancyPolicy 1 sets the redundancy policy to 1. • To enable or disable dynamic PSU engagement, type: racadm config -g cfgChassisPower -o cfgChassisDynamicPSUEngagementEnable where can be 0 (disable), 1 (enable). The default is 1. For example, the following command: racadm config -g cfgChassisPower -o cfgChassisDynamicPSUEngagementEnable 0 disables dynamic PSU engagement. For information about RACADM commands for chassis power, see the config, getconfig, getpbinfo, and cfgChassisPower sections in the CMC Administrator Reference Guide. Assigning Priority Levels to Servers Server priority levels determine which servers the CMC draws power from when additional power is required. NOTE: The priority you assign to a server is linked to its slot and not to the server itself. If you move the server to a new slot, you must reconfigure the priority for the new slot location. NOTE: To perform power management actions, you must have Chassis Configuration Administrator privilege. Using the Web Interface 1 Log in to the CMC Web interface. 2 Select Servers in the system tree. The Servers Status page appears. 3 Click the Power Management tab. The Server Priority page appears, listing all of the servers in your chassis. Power Management 279 4 Select a priority level (1–9, with 1 holding the highest priority) for one, multiple, or all servers. The default value is 1. You can assign the same priority level to multiple servers. 5 Click Apply to save your changes. Using RACADM Open a serial/Telnet/SSH text console to the CMC, log in, and type: racadm config -g cfgServerInfo -o cfgServerPriority -i Where (1–16) refers to the location of the server, and is a value between 1–9. For example, the following command: racadm config -g cfgServerInfo -o cfgServerPriority -i 5 1 sets the priority level to 1 for the server in slot 5. Setting the Power Budget NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. Using the Web Interface 1 Log in to the CMC Web interface. 2 Click Chassis in the system tree. The Component Health page appears. 3 Click the Power Management tab. The Power Budget Status page appears. 4 Click the Configuration sub-tab. The Budget/Redundancy Configuration page appears. 280 Power Management 5 Type a budget value of up to 7928 watts in the System Input Power Cap text field. NOTE: The power budget is limited to a maximum of three PSUs out of a total of six PSUs. If you attempt to set a AC power budget value that exceeds the power capacity of your chassis, the CMC will display a failure message. NOTE: When value changes are specified in watts, the submitted value will exactly reflect what is actually applied. However, when the changes are submitted in either of the BTU/h or percent units, the submitted value may not exactly reflect what is actually applied. This is because these units are converted to watts and then applied; and the conversion will be susceptible to some rounding error. 6 Click Apply to save your changes. Using RACADM Open a serial/Telnet/SSH text console to the CMC, log in, and type: racadm config -g cfgChassisPower -o cfgChassisPowerCap where is a number between 2715–7928 representing the maximum power limit in watts. The default is 7928. For example, the following command: racadm config -g cfgChassisPower -o cfgChassisPowerCap 5400 sets the maximum power budget to 5400 watts. NOTE: The power budget is limited to a maximum of three PSUs out of a total of six PSUs. If you attempt to set a AC power budget value that exceeds the power capacity of your chassis, the CMC displays a failure message. Power Management 281 Server Power Reduction to Maintain Power Budget The CMC reduces power allocations of lower priority servers when additional power is needed to maintain the system power consumption within the user-configured System Input Power Cap. For example, when a new server is engaged, the CMC may decrease power to low priority servers to allow more power for the new server. If the amount of power is still insufficient after reducing power allocations of the lower priority servers, the CMC will lower the performance of servers until sufficient power is freed to power the new server. CMC reduces server power allocation in two cases: • Overall power consumption exceeds the configurable System Input Power Cap (see "Setting the Power Budget.") • A power failure occurs in a non-redundant configuration For information about assigning priority levels to servers, see "Executing Power Control Operations on the Chassis." Executing Power Control Operations on the Chassis NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. NOTE: Power control operations affect the entire chassis. For power control operations on an IOM, see "Executing Power Control Operations on an IOM." For power control operations on servers, see "Executing Power Control Operations on a Server." The CMC enables you to remotely perform several power management actions, such as an orderly shutdown, on the entire chassis (chassis, servers, IOMs, iKVM, and PSUs). Using the Web Interface 1 Log in to the CMC Web interface. 2 Select Chassis in the system tree. 3 Click the Power Management tab. The Power Budget Status page displays. 4 Click the Control sub-tab. The Power Management page displays. 282 Power Management 5 Select one of the following Power Control Operations by clicking its radio button: • Power On System — Turns on the chassis power (the equivalent of pressing the power button when the chassis power is OFF). This option is disabled if the chassis is already powered ON. NOTE: This action powers on the chassis and other subsystems (iDRAC on the servers, IOMs, and iKVM). Servers will not power on. • Power Off System — Turns off the chassis power. This option is disabled if the chassis is already powered OFF. NOTE: This action powers off the chassis (chassis, servers, IOMs, iKVM, and power supplies). The CMCs remain powered on, but in virtual standby state; a power supply unit and fans provide cooling for the CMCs in this state. The power supply will also provide power to the fans that will be running at low speed. • Power Cycle System (cold boot) — Powers off and then reboots the system (cold boot). This option is disabled if the chassis is already powered OFF. NOTE: This action powers off and then reboots the entire chassis (chassis, servers which are configured to always power on, IOMs, iKVM, and power supplies). • Reset CMC — Resets the CMC without powering off (warm reboot). (This option is disabled if the CMC is already powered off). NOTE: This action only resets the CMC. No other components are affected. • Non-Graceful Shutdown — This action forces a non-graceful power off of the entire chassis (chassis, servers, IOMs, iKVM, and power supplies). This does not attempt to cleanly shutdown the operating system of the servers prior to powering off. 6 Click Apply. A dialog box appears requesting confirmation. 7 Click OK to perform the power management action (for example, cause the system to reset). Power Management 283 Using RACADM Open a serial/Telnet/SSH text console to the CMC, log in, and type: racadm chassisaction -m chassis where is powerup, powerdown, powercycle, nongraceshutdown or reset. Executing Power Control Operations on an IOM You can remotely execute a reset or power cycle on an individual IOM. NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. Using the Web Interface 1 Log in to the CMC Web interface. 2 Select I/O Modules. The I/O Modules Status page displays. 3 Click the Power Management tab. The Power Control page displays. 4 Select the operation you want to execute (reset or power cycle) from the drop-down menu beside the IOM in the list. 5 Click Apply. A dialog box appears requesting confirmation. 6 Click OK to perform the power management action (for example, cause the IOM to power cycle). Using RACADM Open a serial/Telnet/SSH text console to the CMC, log in, and type: racadm chassisaction -m switch- where is a number 1-6 and specifies the IOM (A1, A2, B1, B2, C1, C2), and indicates the operation you want to execute: powercycle or reset. Executing Power Control Operations on a Server NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. The CMC enables you to remotely perform several power management actions, for example, an orderly shutdown, on an individual server in the chassis. 284 Power Management Using the Web Interface 1 Log in to the CMC Web interface. 2 Expand Servers in the system tree, and then select the server on which you want to execute a power control operation. The Server Status page displays. 3 Click the Power Management tab. The Server Power Management page displays. 4 Power Status displays the power status of the server (one of the following): • N/A - The CMC has not yet determined the power state of the server. • Off - Either the server is off or the chassis is off. • On - Both chassis and server are on. • Powering On - Temporary state between Off and On. When the action completes successfully, the Power State will be On. • Powering Off - Temporary state between On and Off. When the action completes successfully, the Power State will be Off. 5 Select one of the following Power Control Operations by clicking its radio button: • Power On Server — Turns on the server power (equivalent to pressing the power button when the server power is off). This option is disabled if the server is already powered on. • Power Off Server — Turns off the server power (equivalent to pressing the power button when the server power is on). • Graceful Shutdown — Powers off and then reboots the server. • Reset Server (warm boot) — Reboots the server without powering off. This option is disabled if the server is powered off. • Power Cycle Server (cold boot) — Powers off and then reboots the server. This option is disabled if the server is powered off. 6 Click Apply. A dialog box appears requesting confirmation. 7 Click OK to perform the power management action (for example, cause the server to reset). NOTE: All of the power control operations can be performed on multiple servers from the Servers→Power Management→Control page. Power Management 285 Using RACADM Open a serial/Telnet/SSH text console to the CMC, log in, and type: racadm serveraction -m where specifies the server by its slot number (server-1 through server-16) in the chassis, and indicates the operation you want to execute: powerup, powerdown, powercycle, graceshutdown, or hardreset. Troubleshooting For power supply and power-related issue troubleshooting, see "Troubleshooting and Recovery." 286 Power Management Using the iKVM Module 9 Overview The local access KVM module for your Dell™ M1000e server chassis is called the Avocent® Integrated KVM Switch Module, or iKVM. The iKVM is an analog keyboard, video, and mouse switch that plugs into your chassis. It is an optional, hot-pluggable module to the chassis that provides local keyboard, mouse, and video access to the servers in the chassis, and to the active CMC’s command line. iKVM User Interface The iKVM uses the On Screen Configuration and Reporting (OSCAR®) graphical user interface, which is activated by a hot key. OSCAR allows you to select one of the servers or the Dell CMC command line you wish to access with the local keyboard, display, and mouse. Only one iKVM session per chassis is allowed. Security The OSCAR user interface allows you to protect your system with a screen saver password. After a user-defined time, the screen saver mode engages, and access is prohibited until the appropriate password is entered to reactivate OSCAR. Scanning OSCAR allows you to select a list of servers, which are displayed in the order selected while OSCAR is in scan mode. Using the iKVM Module 287 Server Identification The CMC assigns slots names for all servers in the chassis. Although you can assign names to the servers using the OSCAR interface from a tiered connection, the CMC assigned names take precedence, and any new names you assign to servers using OSCAR will be overwritten. The CMC identifies a slot by assigning it a unique name. To change slot names using the CMC Web interface, see "Editing Slot Names." To change a slot name using RACADM, see the setslotname section in the Dell Chassis Management Controller Administrator Reference Guide. Video The iKVM video connections support video display resolutions ranging from 640 x 480 at 60 Hz up to 1280 x 1024 at 60 Hz. Plug and Play The iKVM supports Display Data Channel (DDC) Plug and Play, which automates video monitor configuration, and is compliant with the VESA DDC2B standard. FLASH Upgradable You can update the iKVM firmware using the CMC Web interface or RACADM fwupdate command. For more information, see "Managing iKVM From the CMC." Physical Connection Interfaces You can connect to a server or the CMC CLI console via the iKVM from the chassis front panel, an Analog Console Interface (ACI), and the chassis rear panel. NOTE: The ports on the control panel on the front of the chassis are designed specifically for the iKVM, which is optional. If you do not have the iKVM, you cannot use the front control panel ports. 288 Using the iKVM Module iKVM Connection Precedences Only one iKVM connection is available at a time. The iKVM assigns an order of precedence to each type of connection so that when there are multiple connections, only one connection is available while others are disabled. The order of precedence for iKVM connections is as follows: 1 Front panel 2 ACI 3 Rear Panel For example, if you have iKVM connections in the front panel and ACI, the front panel connection remains active while the ACI connection is disabled. If you have ACI and rear connections, the ACI connection takes precedence. Tiering Through the ACI Connection The iKVM allows tiered connections with servers and the iKVM’s CMC command line console, either locally through a Remote Console Switch port or remotely through the Dell RCS® software. The iKVM supports ACI connections from the following products: • 180AS, 2160AS, 2161DS*, 2161DS-2, or 4161DS Dell Remote Console Switches™ • Avocent AutoView® switching system • Avocent DSR® switching system • Avocent AMX® switching system * Does not support the Dell CMC console connection. NOTE: The iKVM also supports an ACI connection to the Dell 180ES and 2160ES, but the tiering is non-seamless. This connection requires a USB to PS2 SIP. Using the iKVM Module 289 Using OSCAR This section provides an overview of the OSCAR interface. Navigation Basics Table 9-1 describes navigating the OSCAR interface using the keyboard and mouse. Table 9-1. OSCAR Keyboard and Mouse Navigation Key or Key Sequence Result • Any of these key sequences can open OSCAR, depending on your Invoke OSCAR settings. You can enable two, three, or all of these key sequences by selecting boxes in the Invoke • - OSCAR section of the Main dialog box, and then clicking • - OK. • - Opens the Help screen for the current dialog box. Closes the current dialog box without saving changes and returns to the previous dialog box. In the Main dialog box, closes the OSCAR interface and returns to selected server. In a message box, it closes the pop-up box and returns to the current dialog box. Opens dialog boxes, selects or checks options, and executes actions when used in combination with underlined letters or other designated characters. + Closes the current dialog box and returns to the previous dialog box. + Selects the OK button, then returns to the previous dialog box. Completes a switch operation in the Main dialog box and exits OSCAR. Single-click, In a text box, selects the text for editing and enables the left-arrow key and right-arrow keys to move the cursor. Press again to quit the edit mode. 290 Using the iKVM Module Table 9-1. OSCAR Keyboard and Mouse Navigation (continued) Key or Key Sequence Result , Toggles back to previous selection if there were no other keystrokes. ,