Dell Idrac For Blade Servers Version 1 4 Owners Manual 1.4 User Guide

2014-11-13

: Dell Dell-Idrac-For-Blade-Servers-Version-1-4-Owners-Manual-118294 dell-idrac-for-blade-servers-version-1-4-owners-manual-118294 dell pdf

Open the PDF directly: View PDF PDF.
Page Count: 400 [warning: Documents this large are best viewed by clicking the View PDF Link!]

www.dell.com | support.dell.com
Integrated Dell Remote Access
Controller Firmware Version 1.4
User Guide
Notes and Cautions
NOTE: A NOTE indicates important information that helps you make better use of
your computer.
CAUTION: A CAUTION indicates potential damage to hardware or loss of data if
instructions are not followed.
___________________
Information in this document is subject to change without notice.
© 2009 Dell Inc. All rights reserved.
Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc.
is strictly forbidden.
Trademarks used in this text: Dell, the DELL logo, Dell OpenManage, and PowerEdge, are trademarks
of Dell Inc.; Microsoft, Windows, Windows Server, MS-DOS, Windows Vista, Internet Explorer and
Active Directory are either trademarks or registered trademarks of Microsoft Corporation in the United
States and/or other countries; Red Hat and Linux are registered trademarks of Red Hat, Inc.; Novell
and SUSE are registered trademarks of Novell Corporation. Intel is a registered trademark of Intel
Corporation; UNIX is a registered trademark of The Open Group in the United States and other
countries.
Copyright 1998-2006 The OpenLDAP Foundation. All rights reserved. Redistribution and use in source
and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public
License. A copy of this license is available in the file LICENSE in the top-level directory of the distribution
or, alternatively, at www.OpenLDAP.org/license.html. OpenLDAP is a registered trademark of the
OpenLDAP Foundation. Individual files and/or contributed packages may be copyrighted by other parties
and subject to additional restrictions. This work is derived from the University of Michigan LDAP v3.3
distribution. This work also contains materials derived from public sources. Information about OpenLDAP
can be obtained at www.openldap.org/. Portions Copyright 1998-2004 Kurt D. Zeilenga. Portions
Copyright 1998-2004 Net Boolean Incorporated. Portions Copyright 2001-2004 IBM Corporation. All
rights reserved. Redistribution and use in source and binary forms, with or without modification, are
permitted only as authorized by the OpenLDAP Public License. Portions Copyright 1999-2003 Howard
Y.H. Chu. Portions Copyright 1999-2003 Symas Corporation. Portions Copyright 1998-2003 Hallvard
B. Furuseth. All rights reserved. Redistribution and use in source and binary forms, with or without
modification, are permitted provided that this notice is preserved. The names of the copyright holders may
not be used to endorse or promote products derived from this software without their specific prior written
permission. This software is provided "as is'' without express or implied warranty. Portions Copyright (c)
1992-1996 Regents of the University of Michigan. All rights reserved. Redistribution and use in source
and binary forms are permitted provided that this notice is preserved and that due credit is given to the
University of Michigan at Ann Arbor. The name of the University may not be used to endorse or promote
products derived from this software without specific prior written permission. This software is provided
"as is'' without express or implied warranty. Other trademarks and trade names may be used in this
document to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims
any proprietary interest in trademarks and trade names other than its own.
February 2009 Rev. A00
Contents 3
Contents
1 iDRAC Overview . . . . . . . . . . . . . . . . . . . 23
iDRAC Management Features . . . . . . . . . . . . . . 24
iDRAC Security Features . . . . . . . . . . . . . . . . 25
iDRAC Firmware Improvements . . . . . . . . . . . . . 26
Supported Platforms . . . . . . . . . . . . . . . . . . 26
Supported Operating Systems . . . . . . . . . . . . . . 26
Supported Web Browsers . . . . . . . . . . . . . . . . 27
Supported Remote Access Connections . . . . . . . . 28
iDRAC Ports . . . . . . . . . . . . . . . . . . . . . . . 28
Other Documents You May Need . . . . . . . . . . . . 29
2 Configuring the iDRAC . . . . . . . . . . . . . . 33
Before You Begin . . . . . . . . . . . . . . . . . . . . 33
Interfaces for Configuring the iDRAC . . . . . . . . . . 33
Configuration Tasks . . . . . . . . . . . . . . . . . . . 36
Configure the Management Station . . . . . . . . 36
Configure iDRAC Networking . . . . . . . . . . . 36
Configure iDRAC Users . . . . . . . . . . . . . . 37
Configure Active Directory . . . . . . . . . . . . . 37
Configure IP Filtering and IP Blocking . . . . . . . 37
4Contents
Configure Platform Events . . . . . . . . . . . . . 38
Enabling or Disabling Local Configuration
Access . . . . . . . . . . . . . . . . . . . . . . . 38
Configure iDRAC Services . . . . . . . . . . . . . 38
Configure Secure Sockets Layer (SSL) . . . . . . 38
Configure Virtual Media . . . . . . . . . . . . . . 39
Install the Managed Server Software . . . . . . . 39
Configure the Managed Server for the Last Crash
Screen Feature . . . . . . . . . . . . . . . . . . . 39
Configuring Networking Using the CMC
Web Interface . . . . . . . . . . . . . . . . . . . . . . 39
Viewing FlexAddress Mezzanine Card Fabric
Connections . . . . . . . . . . . . . . . . . . . . . . . 40
Updating the iDRAC Firmware . . . . . . . . . . . . . 41
Downloading the Firmware or Update
Package . . . . . . . . . . . . . . . . . . . . . . 41
Execute the Firmware Update . . . . . . . . . . . 42
Using the DOS Update Utility . . . . . . . . . . . . 43
Verifying the Digital Signature . . . . . . . . . . . 44
Clear Your Browser’s Cache . . . . . . . . . . . . 47
Configuring iDRAC for Use with IT Assistant . . . . . . 48
Using the iDRAC Configuration Utility to Enable
Discovery and Monitoring . . . . . . . . . . . . . 48
Using the iDRAC Web Interface to Enable
Discovery and Monitoring . . . . . . . . . . . . . 49
Using the Dell IT Assistant to View iDRAC
Status and Events . . . . . . . . . . . . . . . . . 50
3 Configuring the Management Station . . . 51
Management Station Set Up Steps . . . . . . . . . . . 51
Management Station Network Requirements . . . . . 51
Contents 5
Configuring a Supported Web Browser . . . . . . . . 52
Opening Your Web Browser . . . . . . . . . . . . 52
Configuring Your Web Browser to Connect to the
Web Interface . . . . . . . . . . . . . . . . . . . 52
Adding iDRAC to the List of Trusted Domains . . . 55
Viewing Localized Versions of the
Web Interface . . . . . . . . . . . . . . . . . . . 55
Setting the Locale in Linux . . . . . . . . . . . . . 57
Disabling the Whitelist Feature in Firefox . . . . . 58
Installing a Java Runtime Environment (JRE) . . . . . 59
Installing Telnet or SSH Clients . . . . . . . . . . . . . 60
Telnet with iDRAC . . . . . . . . . . . . . . . . . 60
Configuring the Backspace Key For Your
Telnet Session . . . . . . . . . . . . . . . . . . . 60
SSH With iDRAC . . . . . . . . . . . . . . . . . . 61
Installing a TFTP Server . . . . . . . . . . . . . . . . . 62
Installing Dell OpenManage IT Assistant . . . . . . . 63
4 Configuring the Managed Server . . . . . . 65
Installing the Software on the Managed Server . . . . 65
Configuring the Managed Server to Capture the
Last Crash Screen . . . . . . . . . . . . . . . . . . . . 66
Disabling the Windows Automatic Reboot Option . . . 67
5 Configuring the iDRAC Using the
Web Interface 69
Accessing the Web Interface . . . . . . . . . . . . . . 69
Logging In . . . . . . . . . . . . . . . . . . . . . 70
6Contents
Logging Out . . . . . . . . . . . . . . . . . . . . . 70
Using Multiple Browser Tabs and Windows . . . . 71
Configuring the iDRAC NIC . . . . . . . . . . . . . . . 71
Configuring the Network and IPMI
LAN Settings . . . . . . . . . . . . . . . . . . . . 72
Configuring IP Filtering and IP Blocking . . . . . . 75
Configuring Platform Events . . . . . . . . . . . . . . . 76
Configuring Platform Event Filters (PEF) . . . . . . 77
Configuring Platform Event Traps (PET) . . . . . . 78
Configuring E-Mail Alerts . . . . . . . . . . . . . 78
Configuring IPMI . . . . . . . . . . . . . . . . . . . . 79
Adding and Configuring iDRAC Users . . . . . . . . . . 80
Securing iDRAC Communications Using SSL and
Digital Certificates . . . . . . . . . . . . . . . . . . . 83
Secure Sockets Layer (SSL) . . . . . . . . . . . . 84
Certificate Signing Request (CSR) . . . . . . . . . 84
Accessing the SSL Main Menu . . . . . . . . . . 85
Generating a New Certificate Signing
Request . . . . . . . . . . . . . . . . . . . . . . . 86
Uploading a Server Certificate . . . . . . . . . . . 87
Viewing a Server Certificate . . . . . . . . . . . . 88
Configuring and Managing Active Directory
Certificates . . . . . . . . . . . . . . . . . . . . . . . 89
Configuring Active Directory (Standard Schema
and Extended Schema) . . . . . . . . . . . . . . . 90
Uploading an Active Directory CA Certificate . . . 93
Downloading an iDRAC Server Certificate . . . . . 94
Viewing an Active Directory CA Certificate . . . . 94
Enabling or Disabling Local Configuration Access . . . 95
Enabling Local Configuration Access . . . . . . . 95
Contents 7
Disabling Local Configuration Access . . . . . . . 95
Configuring iDRAC Services . . . . . . . . . . . . . . 95
Updating the iDRAC Firmware . . . . . . . . . . . . . 99
Recovering iDRAC Firmware Using the CMC . . . 100
6 Using the iDRAC with Microsoft
Active Directory 103
Advantages and Disadvantages of Extended Schema
and Standard Schema . . . . . . . . . . . . . . . . . . 103
Extended Schema Active Directory Overview . . . . . 104
Active Directory Schema Extensions . . . . . . . 104
Overview of the RAC Schema Extensions . . . . . 105
Active Directory Object Overview . . . . . . . . . 105
Configuring Extended Schema Active Directory
to Access Your iDRAC . . . . . . . . . . . . . . . 109
Extending the Active Directory Schema . . . . . . 109
Installing the Dell Extension to the Active
Directory Users and Computers Snap-In . . . . . 115
Adding iDRAC Users and Privileges to
Active Directory . . . . . . . . . . . . . . . . . . 116
Configuring the iDRAC With Extended Schema
Active Directory Using the Web Interface . . . . . 119
Configuring the iDRAC With Extended Schema
Active Directory Using RACADM . . . . . . . . . 120
Configuring the iDRAC With Extended Schema
Active Directory and SM-CLP . . . . . . . . . . . 121
Active Directory Standard Schema Overview . . . . . 122
Configuring Standard Schema Active Directory
to Access Your iDRAC . . . . . . . . . . . . . . . 124
Configuring the iDRAC With Standard Schema
Active Directory and the Web Interface . . . . . . 124
8Contents
Configuring the iDRAC With Standard Schema
Active Directory and RACADM . . . . . . . . . . . 126
Configuring the iDRAC With Standard Schema
Active Directory and SM-CLP . . . . . . . . . . . 127
Enabling SSL on a Domain Controller . . . . . . . . . . 129
Exporting the Domain Controller Root
CA Certificate . . . . . . . . . . . . . . . . . . . . 130
Importing the iDRAC Firmware SSL Certificate . . 131
Using Active Directory to Log In To the iDRAC . . . . . 132
Frequently Asked Questions . . . . . . . . . . . . . . 132
7 Viewing the Configuration and Health
of the Managed Server 135
System Summary . . . . . . . . . . . . . . . . . . . . . 135
Main System Enclosure . . . . . . . . . . . . . . 135
Integrated Dell Remote Access Controller . . . . . 136
WWN/MAC Summary . . . . . . . . . . . . . . . . . . 137
System Health . . . . . . . . . . . . . . . . . . . . . . 137
iDRAC . . . . . . . . . . . . . . . . . . . . . . . . 137
CMC . . . . . . . . . . . . . . . . . . . . . . . . . 138
Batteries . . . . . . . . . . . . . . . . . . . . . . 138
Temperatures . . . . . . . . . . . . . . . . . . . . 138
Voltages . . . . . . . . . . . . . . . . . . . . . . 138
Power Monitoring . . . . . . . . . . . . . . . . . 138
CPU . . . . . . . . . . . . . . . . . . . . . . . . . 139
POST . . . . . . . . . . . . . . . . . . . . . . . . 139
Misc Health . . . . . . . . . . . . . . . . . . . . . 139
Contents 9
8 Configuring and Using Serial Over
LAN 141
Enabling Serial Over LAN in the BIOS . . . . . . . . . 141
Configuring Serial Over LAN in the iDRAC Web
GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Using Serial Over LAN (SOL) . . . . . . . . . . . . . . 145
Model for Redirecting SOL Over Telnet
or SSH . . . . . . . . . . . . . . . . . . . . . . . 145
Model for the SOL Proxy . . . . . . . . . . . . . . 146
Model for Redirecting SOL Over IMPItool . . . . . 146
Disconnecting an SOL Session in SM-CLP . . . . 146
Using SOL Over PuTTY . . . . . . . . . . . . . . . 147
Using SOL Over Telnet With Linux . . . . . . . . . 147
Using SOL Over OpenSSH with Linux . . . . . . . 148
Using SOL Over IPMItool . . . . . . . . . . . . . . 148
Opening SOL With SOL Proxy . . . . . . . . . . . 149
Operating System Configuration . . . . . . . . . . . . 154
Linux Enterprise Operating System . . . . . . . . 154
Windows 2003 Enterprise . . . . . . . . . . . . . 159
9 Using GUI Console Redirection . . . . . . . 161
Overview . . . . . . . . . . . . . . . . . . . . . . . . 161
Using Console Redirection . . . . . . . . . . . . . . . 161
Supported Screen Resolutions and
Refresh Rates . . . . . . . . . . . . . . . . . . . 162
Configuring Your Management Station . . . . . . 162
Configuring Console Redirection in the iDRAC
Web Interface . . . . . . . . . . . . . . . . . . . 163
Configuring Console Redirection in the SM-CLP
Command Line Interface . . . . . . . . . . . . . . 165
10 Contents
Opening a Console Redirection Session . . . . . . 165
Using the Video Viewer . . . . . . . . . . . . . . . . . 167
Synchronizing the Mouse Pointers . . . . . . . . 170
Disabling or Enabling Local Console . . . . . . . . 171
Frequently Asked Questions . . . . . . . . . . . . . . 172
10 Configuring and Using Virtual Media . . 177
Overview . . . . . . . . . . . . . . . . . . . . . . . . . 177
Windows-Based Management Station . . . . . . 179
Linux-Based Management Station . . . . . . . . . 179
Configuring Virtual Media . . . . . . . . . . . . . . . . 180
Running Virtual Media . . . . . . . . . . . . . . . . . . 182
Booting From Virtual Media . . . . . . . . . . . . 183
Installing Operating Systems Using
Virtual Media . . . . . . . . . . . . . . . . . . . . 184
Using Virtual Media When the Server’s
Operating System Is Running . . . . . . . . . . . . 184
Frequently Asked Questions . . . . . . . . . . . . . . 185
11 Using the Local RACADM Command Line
Interface 191
Using the RACADM Command . . . . . . . . . . . . . 191
RACADM Subcommands . . . . . . . . . . . . . . . . 192
Using the RACADM Utility to Configure the iDRAC . . . 193
Displaying Current iDRAC Settings . . . . . . . . . 193
Managing iDRAC Users with RACADM . . . . . . 194
Adding an iDRAC User . . . . . . . . . . . . . . . 195
Contents 11
Enabling an iDRAC User With Permissions . . . . 195
Removing an iDRAC User . . . . . . . . . . . . . 196
Testing E-mail Alerting . . . . . . . . . . . . . . . 196
Testing the iDRAC SNMP Trap Alert Feature . . . 197
Configuring iDRAC Network Properties . . . . . . 197
Configuring IPMI . . . . . . . . . . . . . . . . . . 198
Configuring PEF . . . . . . . . . . . . . . . . . . 200
Configuring PET . . . . . . . . . . . . . . . . . . 201
Configuring IP Filtering (IpRange) . . . . . . . . . 203
Configuring IP Filtering . . . . . . . . . . . . . . . 204
Configuring IP Blocking . . . . . . . . . . . . . . 205
Configuring iDRAC Telnet and SSH Services
Using Local RACADM . . . . . . . . . . . . . . . 207
Using an iDRAC Configuration File . . . . . . . . . . . 208
Creating an iDRAC Configuration File . . . . . . . 208
Configuration File Syntax . . . . . . . . . . . . . 209
Modifying the iDRAC IP Address in a
Configuration File . . . . . . . . . . . . . . . . . 211
Loading the Configuration File Into the iDRAC . . . 212
Configuring Multiple iDRACs . . . . . . . . . . . . . . 212
12 Using the iDRAC SM-CLP Command
Line Interface 215
System Management With SM-CLP . . . . . . . . . . . 215
iDRAC SM-CLP Support . . . . . . . . . . . . . . . . . 216
SM-CLP Features . . . . . . . . . . . . . . . . . . . . 216
Navigating the MAP Address Space . . . . . . . . . . 219
Targets . . . . . . . . . . . . . . . . . . . . . . . 220
Using the Show Verb . . . . . . . . . . . . . . . . . . 220
12 Contents
Using the -display Option . . . . . . . . . . . . . . 221
Using the -level Option . . . . . . . . . . . . . . . 221
Using the -output Option . . . . . . . . . . . . . . 221
iDRAC SM-CLP Examples . . . . . . . . . . . . . . . . 222
Server Power Management . . . . . . . . . . . . 222
SEL Management . . . . . . . . . . . . . . . . . . 222
MAP Target Navigation . . . . . . . . . . . . . . 224
Setting the iDRAC IP Address, Subnet Mask,
and Gateway Address . . . . . . . . . . . . . . . 225
Updating the iDRAC Firmware Using SM-CLP . . . 226
13 Deploying Your Operating System
Using iVM-CLI 229
Before You Begin . . . . . . . . . . . . . . . . . . . . 229
Remote System Requirements . . . . . . . . . . . 229
Network Requirements . . . . . . . . . . . . . . . 229
Creating a Bootable Image File . . . . . . . . . . . . . 230
Creating an Image File for Linux Systems . . . . . 230
Creating an Image File for Windows Systems . . . 230
Preparing for Deployment . . . . . . . . . . . . . . . . 230
Configuring the Remote Systems . . . . . . . . . . 230
Deploying the Operating System . . . . . . . . . . . . 231
Using the Virtual Media Command Line
Interface Utility . . . . . . . . . . . . . . . . . . . . . 232
Installing the iVM-CLI Utility . . . . . . . . . . . . 233
Command Line Options . . . . . . . . . . . . . . . 234
iVM-CLI Parameters . . . . . . . . . . . . . . . . 234
iVM-CLI Operating System Shell Options . . . . . 237
Contents 13
14 Using the iDRAC Configuration
Utility 239
Overview . . . . . . . . . . . . . . . . . . . . . . . . 239
Starting the iDRAC Configuration Utility . . . . . . . . 240
Using the iDRAC Configuration Utility . . . . . . . . . 240
LAN . . . . . . . . . . . . . . . . . . . . . . . . . 241
IPMI Over LAN (On/Off) . . . . . . . . . . . . . . 241
LAN Parameters . . . . . . . . . . . . . . . . . . 242
Virtual Media . . . . . . . . . . . . . . . . . . . . 244
LAN User Configuration . . . . . . . . . . . . . . 244
Reset to Default . . . . . . . . . . . . . . . . . . 245
System Event Log Menu . . . . . . . . . . . . . . 245
Exiting the iDRAC Configuration Utility . . . . . . . 246
15 Recovering and Troubleshooting the
Managed Server 247
Safety First–For You and Your System . . . . . . . . . 247
Trouble Indicators . . . . . . . . . . . . . . . . . . . . 248
LED Indicators . . . . . . . . . . . . . . . . . . . 248
Hardware Trouble Indicators . . . . . . . . . . . 249
Other Trouble Indicators . . . . . . . . . . . . . . 249
Problem Solving Tools . . . . . . . . . . . . . . . . . 250
Checking the System Health . . . . . . . . . . . . 250
Checking the System Event Log (SEL) . . . . . . . 251
Checking the Post Codes . . . . . . . . . . . . . 252
Viewing the Last System Crash Screen . . . . . . 252
Viewing the Most Recent Boot Sequences . . . . 253
Checking the Server Status Screen for
Error Messages . . . . . . . . . . . . . . . . . . 254
14 Contents
Viewing the iDRAC Log . . . . . . . . . . . . . . . 262
Viewing System Information . . . . . . . . . . . . 263
Identifying the Managed Server in the
Chassis . . . . . . . . . . . . . . . . . . . . . . . 265
Using the Diagnostics Console . . . . . . . . . . . 266
Managing Power on a Remote System . . . . . . 267
Troubleshooting and Frequently Asked Questions . . . 268
A RACADM Subcommand Overview . . . . . 275
help . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
config . . . . . . . . . . . . . . . . . . . . . . . . . . 276
getconfig . . . . . . . . . . . . . . . . . . . . . . . . . 278
getssninfo . . . . . . . . . . . . . . . . . . . . . . . . 280
getsysinfo . . . . . . . . . . . . . . . . . . . . . . . . 282
getractime . . . . . . . . . . . . . . . . . . . . . . . . 284
setniccfg . . . . . . . . . . . . . . . . . . . . . . . . . 285
getniccfg . . . . . . . . . . . . . . . . . . . . . . . . . 287
getsvctag . . . . . . . . . . . . . . . . . . . . . . . . . 288
racreset . . . . . . . . . . . . . . . . . . . . . . . . . 288
racresetcfg . . . . . . . . . . . . . . . . . . . . . . . . 289
serveraction . . . . . . . . . . . . . . . . . . . . . . . 290
getraclog . . . . . . . . . . . . . . . . . . . . . . . . . 291
clrraclog . . . . . . . . . . . . . . . . . . . . . . . . . 292
getsel . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Contents 15
clrsel . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
gettracelog . . . . . . . . . . . . . . . . . . . . . . . 294
sslcsrgen . . . . . . . . . . . . . . . . . . . . . . . . 296
sslcertupload . . . . . . . . . . . . . . . . . . . . . . 297
sslcertdownload . . . . . . . . . . . . . . . . . . . . 298
sslcertview . . . . . . . . . . . . . . . . . . . . . . . 299
testemail . . . . . . . . . . . . . . . . . . . . . . . . . 301
testtrap . . . . . . . . . . . . . . . . . . . . . . . . . . 303
B iDRAC Property Database Group and
Object Definitions 305
Displayable Characters . . . . . . . . . . . . . . . . . 305
idRacInfo . . . . . . . . . . . . . . . . . . . . . . . . 305
idRacProductInfo (Read Only) . . . . . . . . . . . 306
idRacDescriptionInfo (Read Only) . . . . . . . . . 306
idRacVersionInfo (Read Only) . . . . . . . . . . . 306
idRacBuildInfo (Read Only) . . . . . . . . . . . . 307
idRacName (Read Only) . . . . . . . . . . . . . . 307
idRacType (Read Only) . . . . . . . . . . . . . . . 307
cfgLanNetworking . . . . . . . . . . . . . . . . . . . 307
cfgDNSDomainNameFromDHCP
(Read/Write) . . . . . . . . . . . . . . . . . . . . 308
cfgDNSDomainName (Read/Write) . . . . . . . . 308
cfgDNSRacName (Read/Write) . . . . . . . . . . 309
cfgDNSRegisterRac (Read/Write) . . . . . . . . . 309
cfgDNSServersFromDHCP (Read/Write) . . . . . 309
cfgDNSServer1 (Read/Write) . . . . . . . . . . . 310
16 Contents
cfgDNSServer2 (Read/Write) . . . . . . . . . . . 310
cfgNicEnable (Read/Write) . . . . . . . . . . . . . 310
cfgNicIpAddress (Read/Write) . . . . . . . . . . . 311
cfgNicNetmask (Read/Write) . . . . . . . . . . . 311
cfgNicGateway (Read/Write) . . . . . . . . . . . 312
cfgNicUseDhcp (Read/Write) . . . . . . . . . . . 312
cfgNicMacAddress (Read Only) . . . . . . . . . . 313
cfgUserAdmin . . . . . . . . . . . . . . . . . . . . . . 313
cfgUserAdminIpmiLanPrivilege (Read/Write) . . . 313
cfgUserAdminPrivilege (Read/Write) . . . . . . . 314
cfgUserAdminUserName (Read/Write) . . . . . . 315
cfgUserAdminPassword (Write Only) . . . . . . . 315
cfgUserAdminEnable . . . . . . . . . . . . . . . . 316
cfgUserAdminSolEnable . . . . . . . . . . . . . . 316
cfgEmailAlert . . . . . . . . . . . . . . . . . . . . . . 316
cfgEmailAlertIndex (Read Only) . . . . . . . . . . 317
cfgEmailAlertEnable (Read/Write) . . . . . . . . . 317
cfgEmailAlertAddress . . . . . . . . . . . . . . . 317
cfgEmailAlertCustomMsg . . . . . . . . . . . . . 318
cfgSessionManagement . . . . . . . . . . . . . . . . . 318
cfgSsnMgtConsRedirMaxSessions
(Read/Write) . . . . . . . . . . . . . . . . . . . . 318
cfgSsnMgtWebserverTimeout (Read/Write) . . . . 319
cfgSsnMgtSshIdleTimeout (Read/Write) . . . . . . 319
cfgSsnMgtTelnetIdleTimeout (Read/Write) . . . . 320
cfgSerial . . . . . . . . . . . . . . . . . . . . . . . . . 320
cfgSerialSshEnable (Read/Write) . . . . . . . . . 320
cfgSerialTelnetEnable (Read/Write) . . . . . . . . 321
cfgRacTuning . . . . . . . . . . . . . . . . . . . . . . 321
cfgRacTuneHttpPort (Read/Write) . . . . . . . . . 321
Contents 17
cfgRacTuneHttpsPort (Read/Write) . . . . . . . . 322
cfgRacTuneIpRangeEnable . . . . . . . . . . . . 322
cfgRacTuneIpRangeAddr . . . . . . . . . . . . . 322
cfgRacTuneIpRangeMask . . . . . . . . . . . . . 323
cfgRacTuneIpBlkEnable . . . . . . . . . . . . . . 323
cfgRacTuneIpBlkFailCount . . . . . . . . . . . . . 323
cfgRacTuneIpBlkFailWindow . . . . . . . . . . . 324
cfgRacTuneIpBlkPenaltyTime . . . . . . . . . . . 324
cfgRacTuneSshPort (Read/Write) . . . . . . . . . 324
cfgRacTuneTelnetPort (Read/Write) . . . . . . . . 325
cfgRacTuneConRedirEncryptEnable
(Read/Write) . . . . . . . . . . . . . . . . . . . . 325
cfgRacTuneConRedirPort (Read/Write) . . . . . . 325
cfgRacTuneConRedirVideoPort (Read/Write) . . . 326
cfgRacTuneAsrEnable (Read/Write) . . . . . . . . 326
cfgRacTuneWebserverEnable (Read/Write) . . . . 326
cfgRacTuneLocalServerVideo (Read/Write) . . . . 327
cfgRacTuneLocalConfigDisable (Read/Write) . . . 327
ifcRacManagedNodeOs . . . . . . . . . . . . . . . . . 328
ifcRacMnOsHostname (Read/Write) . . . . . . . . 328
ifcRacMnOsOsName (Read/Write) . . . . . . . . 328
cfgRacSecurity . . . . . . . . . . . . . . . . . . . . . 328
cfgSecCsrCommonName (Read/Write) . . . . . . 329
cfgSecCsrOrganizationName (Read/Write) . . . . 329
cfgSecCsrOrganizationUnit (Read/Write) . . . . . 329
cfgSecCsrLocalityName (Read/Write) . . . . . . . 330
cfgSecCsrStateName (Read/Write) . . . . . . . . 330
cfgSecCsrCountryCode (Read/Write) . . . . . . . 330
cfgSecCsrEmailAddr (Read/Write) . . . . . . . . . 331
cfgSecCsrKeySize (Read/Write) . . . . . . . . . . 331
cfgRacVirtual . . . . . . . . . . . . . . . . . . . . . . 331
cfgVirMediaAttached (Read/Write) . . . . . . . . 331
18 Contents
cfgVirAtapiSrvPort (Read/Write) . . . . . . . . . . 332
cfgVirAtapiSrvPortSsl (Read/Write) . . . . . . . . 332
cfgVirMediaBootOnce (Read/Write) . . . . . . . . 333
cfgFloppyEmulation (Read/Write) . . . . . . . . . 333
cfgActiveDirectory . . . . . . . . . . . . . . . . . . . 333
cfgADRacDomain (Read/Write) . . . . . . . . . . 334
cfgADRacName (Read/Write) . . . . . . . . . . . 334
cfgADEnable (Read/Write) . . . . . . . . . . . . . 334
cfgADAuthTimeout (Read/Write) . . . . . . . . . . 335
cfgADRootDomain (Read/Write) . . . . . . . . . . 335
cfgADSpecifyServerEnable (Read/Write) . . . . . 335
cfgADDomainController (Read/Write) . . . . . . . 336
cfgADGlobalCatalog (Read/Write) . . . . . . . . . 336
cfgADType (Read/Write) . . . . . . . . . . . . . . 336
cfgStandardSchema . . . . . . . . . . . . . . . . . . . 337
cfgSSADRoleGroupIndex (Read Only) . . . . . . . 337
cfgSSADRoleGroupName (Read/Write) . . . . . . 337
cfgSSADRoleGroupDomain (Read/Write) . . . . . 337
cfgSSADRoleGroupPrivilege (Read/Write) . . . . 338
cfgIpmiSol . . . . . . . . . . . . . . . . . . . . . . . . 338
cfgIpmiSolEnable (Read/Write) . . . . . . . . . . 339
cfgIpmiSolBaudRate (Read/Write) . . . . . . . . . 339
cfgIpmiSolMinPrivilege (Read/Write) . . . . . . . 339
cfgIpmiSolAccumulateInterval (Read/Write) . . . 340
cfgIpmiSolSendThreshold (Read/Write) . . . . . . 340
cfgIpmiLan . . . . . . . . . . . . . . . . . . . . . . . . 340
cfgIpmiLanEnable (Read/Write) . . . . . . . . . . 340
cfgIpmiLanPrivLimit (Read/Write) . . . . . . . . . 341
cfgIpmiLanAlertEnable (Read/Write) . . . . . . . . 341
cfgIpmiEncryptionKey (Read/Write) . . . . . . . . 342
cfgIpmiPetCommunityName (Read/Write) . . . . . 342
Contents 19
cfgIpmiPef . . . . . . . . . . . . . . . . . . . . . . . . 342
cfgIpmiPefName (Read Only) . . . . . . . . . . . 342
cfgIpmiPefIndex (Read Only) . . . . . . . . . . . . 343
cfgIpmiPefAction (Read/Write) . . . . . . . . . . 343
cfgIpmiPefEnable (Read/Write) . . . . . . . . . . 343
cfgIpmiPet . . . . . . . . . . . . . . . . . . . . . . . . 344
cfgIpmiPetIndex (Read/Write) . . . . . . . . . . . 344
cfgIpmiPetAlertDestIpAddr (Read/Write) . . . . . 344
cfgIpmiPetAlertEnable (Read/Write) . . . . . . . . 345
C iDRAC SMCLP Property Database . . . . 347
/system1/sp1/account<1-16> . . . . . . . . . . . . . . 347
userid (Read Only) . . . . . . . . . . . . . . . . . 347
username (Read/Write) . . . . . . . . . . . . . . 347
oemdell_ipmilanprivileges (Read/Write) . . . . . . 348
password (Write Only) . . . . . . . . . . . . . . . 348
enabledstate (Read/Write) . . . . . . . . . . . . . 349
solenabled (Read/Write) . . . . . . . . . . . . . . 349
oemdell_extendedprivileges (Read/Write) . . . . 349
/system1/sp1/enetport1/* . . . . . . . . . . . . . . . . 351
macaddress (Read Only) . . . . . . . . . . . . . . 351
/system1/sp1/enetport1/lanendpt1/ipendpt1 . . . . . . 351
oemdell_nicenable (Read/Write) . . . . . . . . . 351
ipaddress (Read/Write) . . . . . . . . . . . . . . 352
subnetmask (Read/Write) . . . . . . . . . . . . . 352
oemdell_usedhcp (Read/Write) . . . . . . . . . . 352
committed (Read/Write) . . . . . . . . . . . . . . 353
/system1/sp1/enetport1/lanendpt1/ipendpt1/
dnsendpt1 . . . . . . . . . . . . . . . . . . . . . . . . 353
20 Contents
oemdell_domainnamefromdhcp (Read/Write) . . . 353
oemdell_dnsdomainname (Read/Write) . . . . . . 354
oemdell_dnsregisterrac (Read/Write) . . . . . . . 354
oemdell_dnsracname (Read/Write) . . . . . . . . 355
oemdell_serversfromdhcp (Read/Write) . . . . . . 355
/system1/sp1/enetport1/lanendpt1/ipendpt1/dnsendpt1/
remotesap1 . . . . . . . . . . . . . . . . . . . . . . . 355
dnsserveraddress (Read/Write) . . . . . . . . . . 355
/system1/sp1/enetport1/lanendpt1/ipendpt1/dnsendpt1/
remotesap2 . . . . . . . . . . . . . . . . . . . . . . . 356
dnsserveraddress (Read/Write) . . . . . . . . . . 356
/system1/sp1/enetport1/lanendpt1/ipendpt1/
remotesap1 . . . . . . . . . . . . . . . . . . . . . . . 356
defaultgatewayaddress (Read/Write) . . . . . . . 356
/system1/sp1/group<1-5> . . . . . . . . . . . . . . . . 357
oemdell_groupname (Read/Write) . . . . . . . . . 357
oemdell_groupdomain (Read/Write) . . . . . . . . 357
oemdell_groupprivilege (Read/Write) . . . . . . . 357
/system1/sp1/oemdell_adservice1 . . . . . . . . . . . 358
enabledstate (Read/Write) . . . . . . . . . . . . . 358
oemdell_adracname (Read/Write) . . . . . . . . . 359
oemdell_adracdomain (Read/Write) . . . . . . . . 359
oemdell_adrootdomain (Read/Write) . . . . . . . 359
oemdell_timeout (Read/Write) . . . . . . . . . . . 360
oemdell_schematype (Read/Write) . . . . . . . . 360
oemdell_adspecifyserverenable (Read/Write) . . . 360
oemdell_addomaincontroller (Read/Write) . . . . 361
oemdell_adglobalcatalog (Read/Write) . . . . . . 361
/system1/sp1/oemdell_racsecurity1 . . . . . . . . . . 361
commonname (Read/Write) . . . . . . . . . . . . 362
Contents 21
organizationname (Read/Write) . . . . . . . . . . 362
oemdell_organizationunit (Read/Write) . . . . . . 362
oemdell_localityname (Read/Write) . . . . . . . . 363
oemdell_statename (Read/Write) . . . . . . . . . 363
oemdell_countrycode (Read/Write) . . . . . . . . 363
oemdell_emailaddress (Read/Write) . . . . . . . 364
oemdell_keysize (Read/Write) . . . . . . . . . . . 364
/system1/sp1/oemdell_ssl1 . . . . . . . . . . . . . . . 364
generate (Read/Write) . . . . . . . . . . . . . . . 364
oemdell_status (Read Only) . . . . . . . . . . . . 365
oemdell_certtype (Read / Write) . . . . . . . . . . 365
/system1/sp1/oemdell_vmservice1 . . . . . . . . . . . 366
enabledstate (Read/Write) . . . . . . . . . . . . . 366
oemdell_singleboot (Read/Write) . . . . . . . . . 366
oemdell_floppyemulation (Read/Write) . . . . . . 367
/system1/sp1/oemdell_vmservice1/tcpendpt1 . . . . . 367
portnumber (Read/Write) . . . . . . . . . . . . . 367
portnumber (Read/Write) . . . . . . . . . . . . . 368
oemdell_sslenabled (Read Only) . . . . . . . . . . 368
D RACADM and SM-CLP
Equivalencies 369
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
22 Contents
iDRAC Overview 23
1
iDRAC Overview
The Integrated Dell™ Remote Access Controller (iDRAC) is a systems
management hardware and software solution that provides remote management
capabilities, crashed system recovery, and power control functions for Dell
PowerEdge™ systems.
The iDRAC uses an integrated System-on-Chip microprocessor for the remote
monitor/control system. The iDRAC co-exists on the system board with the
managed PowerEdge server. The server operating system is concerned with
executing applications; the iDRAC is concerned with monitoring and managing
the server’s environment and state outside of the operating system.
You can configure the iDRAC to send you an e-mail or Simple Network
Management Protocol (SNMP) trap alert for warnings or errors. To help you
diagnose the probable cause of a system crash, iDRAC can log event data and
capture an image of the screen when it detects that the system has crashed.
Managed servers are installed in a Dell M1000e system enclosure (chassis) with
modular power supplies, cooling fans, and a chassis management controller
(CMC). The CMC monitors and manages all components installed in the
chassis. A redundant CMC can be added to provide hot failover if the primary
CMC fails. The chassis provides access to the iDRACs through its LCD display,
local console connections, and its web interface.
All network connections to the iDRAC are through the CMC network interface
(CMC RJ45 connection port labelled "GB1"). The CMC routes traffic to the
iDRACs on its servers through a private, internal network. This private
management network is outside of the servers data path and outside of the
operating system’s control, that is, out-of-band. The managed servers’ inband
network interfaces are accessed through I/O modules (IOMs) installed in the
chassis.
24 iDRAC Overview
The iDRAC network interface is disabled by default. It must be configured
before the iDRAC is accessible. After the iDRAC is enabled and configured on
the network, it can be accessed at its assigned IP address with the iDRAC web
interface, telnet or SSH, and supported network management protocols, such as
Intelligent Platform Management Interface (IPMI).
iDRAC Management Features
The iDRAC provides the following management features:
Dynamic Domain Name System (DDNS) registration
Remote system management and monitoring using a Web interface, the local
RACADM command line interface via console redirection, and the SM-CLP
command line over a telnet/SSH connection
Support for Microsoft
®
Active Directory
®
authentication — Centralizes
iDRAC user IDs and passwords in Active Directory using the standard
schema or an extended schema
Console Redirection — Provides remote system keyboard, video, and mouse
functions
Virtual Media — Enables a managed server to access a local media drive on
the management station or ISO CD/DVD images on a network share
Monitoring — Provides access to system information and status of
components
Access to system logs — Provides access to the system event log, the iDRAC
log, and the last crash screen of the crashed or unresponsive system that is
independent of the operating system state
Dell OpenManage™ software integration — Enables you to launch the
iDRAC Web interface from Dell OpenManage Server Administrator or IT
Assistant
iDRAC alert — Alerts you to potential managed node issues through an e-
mail message or SNMP trap
Remote power management — Provides remote power management
functions, such as shutdown and reset, from a management console
Single Sign-On from CMC Web interface — Once credentials are accepted
by CMC, users can access any iDRAC without additional login
iDRAC Overview 25
NOTE: If a warning window appears during the Single Sign-On process, it
must be bypassed within 20 seconds or Single Sign-On will fail.
One-to-Many firmware update – Enables user configurable update of more
than one iDRAC using CMC GUI and command line
Intelligent Platform Management Interface (IPMI) support
Secure Sockets Layer (SSL) encryption — Provides secure remote system
management through the Web interface
Password-level security management — Prevents unauthorized access to a
remote system
Role-based authority — Provides assignable permissions for different
systems management tasks
iDRAC Security Features
The iDRAC provides the following security features:
User authentication through Microsoft Active Directory (optional) or
hardware-stored user IDs and passwords
Role-based authority, which enables an administrator to configure specific
privileges for each user
User ID and password configuration through the Web interface or SM-CLP
SM-CLP and Web interfaces, which support 128-bit and 40-bit encryption
(for countries where 128 bit is not acceptable), using the SSL 3.0 standard
Session time-out configuration (in seconds) through the Web interface or
SM-CLP
Configurable IP ports (where applicable)
NOTE: Telnet does not support SSL encryption.
Secure Shell (SSH), which uses an encrypted transport layer for higher
security
Login failure limits per IP address, with login blocking from the IP address
when the limit is exceeded
Limited IP address range for clients connecting to the iDRAC
26 iDRAC Overview
iDRAC Firmware Improvements
The following improvements have been made to the iDRAC firmware:
Major improvements in Active Directory lookup performance
Improved responsiveness of TCP-IP networking stack
Improved health status interface between iDRAC and CMC
Security improvements using multiple third-party analysis tools
Supported Platforms
The iDRAC supports the following PowerEdge systems in the Dell PowerEdge
M1000e system enclosure:
PowerEdge M600
PowerEdge M605
PowerEdge M805
PowerEdge M905
Check the iDRAC Readme file and the Dell PowerEdge Compatibility Guide
located on the Dell Support website at support.dell.com for the latest supported
platforms.
Supported Operating Systems
Table 1-1 lists the operating systems that support the iDRAC.
See the Dell OpenManage Server Administrator Compatibility Guide located on
the Dell Support website at support.dell.com for the latest information.
iDRAC Overview 27
Supported Web Browsers
Table 1-2 lists the Web browsers that are supported as iDRAC clients.
See the iDRAC Readme file and the Dell OpenManage Server Administrator
Compatibility Guide located on the Dell Support website at support.dell.com
for the latest information.
NOTE: Due to serious security flaws, support for SSL 2.0 has been discontinued.
Your browser must be configured to enable SSL 3.0 in order to work properly.
Table 1-1. Supported Operating Systems
Operating System
Family
Operating System
Microsoft
Windows
Microsoft® Windows Server® 2003 R2 Standard and Enterprise
(32-bit x86) Editions with SP2
Microsoft Windows Server 2003 Web, Standard and Enterprise
(32-bit x86) Editions with SP2
Microsoft Windows Server 2003 Standard and Enterprise (x64)
Editions with SP2
Microsoft Windows Storage Server 2003 R2 Express, Workgroup,
Standard, and Enterprise x64 Editions
Microsoft Windows Server 2008 Web, Standard, and Enterprise
(32-bit x86) Editions
Microsoft Windows Server 2008 Web, Standard, Enterprise and
Datacenter (x64) Editions
NOTE: When installing Windows Server 2003 with Service Pack 1,
be aware of changes to DCOM security settings. For more
information, see article 903220 from the Microsoft Support website
at support.microsoft.com/kb/903220.
Red Hat® Linux®Enterprise Linux WS, ES, and AS (version 4) (x86 and x86_64)
Enterprise Linux 5 (x86 and x86-64)
SUSE® Linux Enterprise Server 10 (Gold) (x86_64)
VMware ESX(i) 3.5 U2 or later
28 iDRAC Overview
Supported Remote Access Connections
Table 1-3 lists the connection features.
iDRAC Ports
Table 1-4 lists the ports iDRAC listens on for connections. Table 1-5 identifies
the ports that the iDRAC uses as a client. This information is required when
opening firewalls for remote access to an iDRAC.
Table 1-2. Supported Web Browsers
Operating System Supported Web Browser
Windows Internet Explorer® 6.0 with Service Pack 2 (SP2) for
Windows XP and Windows 2003 R2 SP2 only
Internet Explorer 7.0 for Windows Vista, Windows XP,
Windows 2003 R2 SP2, and Windows Server 2008 only
Mozilla Firefox 2.0 for Windows (Java vKVM/vMedia
console only)
Linux Mozilla Firefox 1.5 on SUSE Linux (version 10) only
Mozilla Firefox 2.0 on Red Hat Enterprise Linux 4 and 5
(32-bit or 64-bit) and SUSE Linux Enterprise Server 10
(32-bit or 64-bit)
Table 1-3. Supported Remote Access Connections
Connection Features
iDRAC NIC
10Mbps/100Mbs/1Gbps Ethernet via CMC Gb Ethernet port
DHCP support
SNMP traps and e-mail event notification
Support for SM-CLP (telnet or SSH) command shell for
operations such as iDRAC configuration, system boot, reset,
power-on, and shutdown commands
Support for IPMI utilities such as ipmitool and ipmishell
iDRAC Overview 29
Other Documents You May Need
In addition to this User Guide, the following documents provide additional
information about the setup and operation of the iDRAC in your system:
The iDRAC online help provides information about using the Web interface.
Table 1-4. iDRAC Server Listening Ports
Port Number Function
22*
Secure Shell (SSH)
23*
Telnet
80*
HTTP
443*
HTTPS
623
RMCP/RMCP+
3668*, 3669*
Virtual Media Service
3770*, 3771*
Virtual Media Secure Service
5900*
Console Redirection keyboard/mouse
5901*
Console Redirection video
* Configurable port
Table 1-5. iDRAC Client Ports
Port Number Function
25
SMTP
53
DNS
68
DHCP-assigned IP address
69
TFTP
162
SNMP trap
636
LDAPS
3269
LDAPS for global catalog (GC)
30 iDRAC Overview
The
Dell Chassis Management Controller User Guide
provides information
about using the controller that manages all modules in the chassis containing
your PowerEdge server.
The
Dell OpenManage IT Assistant User’s Guide
provides information about
using IT Assistant.
The
Dell OpenManage Server Administrator User’s Guide
provides
information about installing and using Server Administrator.
The
Dell Update Packages Users Guide
provides information about
obtaining and using Dell Update Packages as part of your system update
strategy.
The following system documents are also available to provide more information
about the system in which your iDRAC is installed:
The
Product Information Guide
provides important safety and regulatory
information. Warranty information may be included within this document or
as a separate document.
The
Rack Installation Guide
and
Rack Installation Instructions
included with
your rack solution describe how to install your system into a rack.
The
Getting Started Guide
provides an overview of system features, setting
up your system, and technical specifications.
The
Hardware Owners Manual
provides information about system features
and describes how to troubleshoot the system and install or replace system
components.
Systems management software documentation describes the features,
requirements, installation, and basic operation of the software.
Operating system documentation describes how to install (if necessary),
configure, and use the operating system software.
Documentation for any components you purchased separately provides
information to configure and install these options.
Updates are sometimes included with the system to describe changes to the
system, software, and/or documentation.
NOTE: Always read the updates first because they often supersede
information in other documents.
iDRAC Overview 31
Release notes or readme files may be included to provide last-minute updates
to the system or documentation or advanced technical reference material
intended for experienced users or technicians.
32 iDRAC Overview
Configuring the iDRAC 33
2
Configuring the iDRAC
This section provides information about how to establish access to the iDRAC
and to configure your management environment to use iDRAC.
Before You Begin
Gather the following items prior to configuring the iDRAC:
Dell Chassis Management Controller User Guide
Dell Systems Management Tools and Documentation
DVD
Interfaces for Configuring the iDRAC
You can configure the iDRAC using the iDRAC Configuration Utility, the
iDRAC Web interface, the local RACADM CLI, or the SM-CLP CLI. The local
RACADM CLI is available after you have installed the operating system and the
Dell PowerEdge server management software on the managed server. Table 2-1
describes these interfaces.
For greater security, access to the iDRAC configuration through the iDRAC
Configuration Utility or Local RACADM CLI can be disabled by means of a
RACADM command (see "cfgRacTuneLocalConfigDisable (Read/Write)" on
page 327) or from the GUI (see "Enabling or Disabling Local Configuration
Access" on page 95).
NOTE: Using more than one configuration interface at the same time may generate
unexpected results.
34 Configuring the iDRAC
Table 2-1. Configuration Interfaces
Interface Description
iDRAC
Configuration
Utility
Accessed at boot time, the iDRAC Configuration utility is useful
when installing a new PowerEdge server. Use it for setting up the
network and basic security features and for enabling other
features.
iDRAC Web
Interface
The iDRAC Web interface is a browser-based management
application that you can use to interactively manage the iDRAC
and monitor the managed server. It is the primary interface for
day-to-day tasks, such as monitoring system health, viewing the
system event log, managing local iDRAC users, and launching
the CMC Web interface and console redirection sessions.
CMC Web Interface In addition to monitoring and managing the chassis, the CMC
Web interface can be used to view the status of a managed
server, configure iDRAC network settings, and to start, stop, or
reset the managed server.
Chassis LCD Panel The LCD panel on the chassis containing the iDRAC can be
used to view the high-level status of the servers in the chassis.
During initial configuration of the CMC, the configuration
wizard allows you to enable DHCP configuration of iDRAC
networking.
Local RACADM The local RACADM command line interface runs on the
managed server. It is accessed from either the iKVM or a console
redirection session initiated from the iDRAC Web interface.
RACADM is installed on the managed server when you install
Dell OpenManage Server Administrator.
RACADM commands provide access to nearly all iDRAC
features. You can inspect sensor data, system event log records,
and the current status and configuration values maintained in the
iDRAC. You can alter iDRAC configuration values, manage
local users, enable and disable features, and perform power
functions such as shutting down or rebooting the managed
server.
iVM-CLI The iDRAC Virtual Media Command Line Interface (iVM-CLI)
provides the managed server access to media on the management
station. It is useful for developing scripts to install operating
systems on multiple managed servers.
Configuring the iDRAC 35
SM-CLP SM-CLP is the Distributed Management Task Force (DMTF)
Server Management-Command Line Protocol (SM-CLP) that is
incorporated in the iDRAC. The SM-CLP command line is
accessed by logging into the iDRAC using telnet or SSH.
SM-CLP commands implement a useful subset of the local
RACADM commands. The commands are useful for scripting
since they can be executed from a management station command
line. The output of commands can be retrieved in well-defined
formats, including XML, facilitating scripting and integration
with existing reporting and management tools.
See "RACADM and SM-CLP Equivalencies" on page 369 for a
comparison of the RACADM and SM-CLP commands.
IPMI IPMI defines a standard way for embedded management
subsystems such as the iDRAC to communicate with other
embedded systems and management applications.
You can use the iDRAC Web interface, SM-CLP, or RACADM
commands to configure IPMI Platform Event Filters (PEFs) and
Platform Event Traps (PETs).
PEFs cause the iDRAC to perform selectable actions (for
example, rebooting the managed server) when it detects a
condition. PETs instruct the iDRAC to send e-mail or IPMI
alerts when it detects specified events or conditions.
You can also use standard IPMI tools such as ipmitool and
ipmishell with iDRAC when you enable IPMI Over LAN.
Table 2-1. Configuration Interfaces (continued)
Interface Description
36 Configuring the iDRAC
Configuration Tasks
This section is an overview of the configuration tasks for the management
station, the iDRAC, and the managed server. The tasks to be performed include
configuring the iDRAC so that it can be used remotely, configuring the iDRAC
features you want to use, installing the operating system on the managed server,
and installing management software on your management station and the
managed server.
The configuration tasks that can be used to perform each task are listed beneath
the task.
NOTE: Before performing configuration procedures in this guide, the CMC and I/O
modules must be installed in the chassis and configured, and the PowerEdge server
must be physically installed in the chassis.
Configure the Management Station
Set up a management station by installing the Dell OpenManage software, a
Web browser, and other software utilities.
See "Configuring the Management Station" on page 51
Configure iDRAC Networking
Enable the iDRAC network and configure IP, netmask, gateway, and DNS
addresses.
NOTE: Access to the iDRAC configuration through the iDRAC Configuration Utility
or Local RACADM CLI can be disabled by means of a RACADM command (see
"cfgRacTuneLocalConfigDisable (Read/Write)" on page 327) or from the GUI (see
"Enabling or Disabling Local Configuration Access" on page 95).
NOTE: Changing the iDRAC network settings terminates all current network
connections to the iDRAC.
NOTE: The option to configure the server using the LCD panel is available only
during the CMC initial configuration. Once the chassis is deployed, the LCD panel
cannot be used to reconfigure the iDRAC.
NOTE: The LCD panel can be used to enable DHCP to configure the iDRAC network.
If you want to assign static addresses, you must use the iDRAC Configuration Utility
or the CMC Web interface.
Configuring the iDRAC 37
Chassis LCD Panel — see the
Dell Chassis Management Controller
Firmware User Guide
.
iDRAC configuration utility — see "LAN" on page 241
CMC Web interface — see "Configuring Networking Using the CMC Web
Interface" on page 39
RACADM — see "cfgLanNetworking" on page 307
Configure iDRAC Users
Set up the local iDRAC users and permissions. The iDRAC holds a table of
sixteen local users in firmware. You can set usernames, passwords, and roles for
these users.
iDRAC configuration utility (configures administrative user only) — see
"LAN User Configuration" on page 244
iDRAC Web interface — see "Adding and Configuring iDRAC Users" on
page 80
RACADM — see "Adding an iDRAC User" on page 195
Configure Active Directory
In addition to the local iDRAC users, you can use Microsoft® Active Directory®
to authenticate iDRAC user logins.
See "Using the iDRAC with Microsoft Active Directory" on page 103
NOTE: When using iDRAC in an Active Directory environment, be sure your user
names conform to the Active Directory naming convention in force in your
environment.
Configure IP Filtering and IP Blocking
In addition to user authentication, you can prevent unauthorized access by
rejecting connection attempts from IP addresses outside of a defined range and
by temporarily blocking connections from IP addresses where authentication
has failed multiple times within a configurable timespan.
iDRAC Web interface — see "Configuring IP Filtering and IP Blocking" on
page 75
RACADM — see "Configuring IP Filtering (IpRange)" on page 203,
"Configuring IP Blocking" on page 205
38 Configuring the iDRAC
Configure Platform Events
Platform events occur when the iDRAC detects a warning or critical condition
from one of the managed servers sensors.
Configure Platform Event Filters (PEFs) to choose the events you want to
detect, such as rebooting the managed server, when an event is detected.
iDRAC Web interface — see "Configuring Platform Event Filters (PEF)" on
page 77
RACADM — see "Configuring PEF" on page 200
Configure Platform Event Traps (PETs) to send alert notifications to an IP
address, such as a management station with IPMI software or to send an e-mail
to a specified e-mail address.
iDRAC Web interface — see "Configuring Platform Event Traps (PET)" on
page 78
RACADM — see "Configuring PET" on page 201
Enabling or Disabling Local Configuration Access
Access to critical configuration parameters, such as network configuration and
user privileges, can be disabled. Once disabled, the setting remains persistent
across reboots. Configuration write access is blocked for both the Local
RACADM program and the iDRAC Configuration Utility (at boot). Web access
to configuration parameters is unimpeded and configuration data is always
available for viewing. For information about the iDRAC Web interface, see
"Enabling or Disabling Local Configuration Access" on page 95. For cfgRac
Tuning commands, see "cfgRacTuning" on page 321.
Configure iDRAC Services
Enable or disable the iDRAC network services — such as telnet, SSH, and the
Web server interface — and reconfigure ports and other service parameters.
iDRAC Web interface — see "Configuring iDRAC Services" on page 95
RACADM — see "Configuring iDRAC Telnet and SSH Services Using
Local RACADM" on page 207
Configure Secure Sockets Layer (SSL)
Configure SSL for the iDRAC web server.
Configuring the iDRAC 39
iDRAC Web interface — see "Secure Sockets Layer (SSL)" on page 84
RACADM — see "cfgRacSecurity" on page 328, "sslcsrgen" on page 295,
"sslcertupload" on page 297, "sslcertdownload" on page 298, "sslcertview"
on page 299
Configure Virtual Media
Configure the virtual media feature so that you can install the operating system
on the PowerEdge server. Virtual media allows the managed server to access
media devices on the management station or ISO CD/DVD images on a network
share as if they were devices on the managed server.
iDRAC Web interface — see "Configuring and Using Virtual Media" on
page 177
iDRAC configuration utility — see "Virtual Media" on page 244
Install the Managed Server Software
Install the operating system on the PowerEdge server using virtual media and
then install the Dell OpenManage software on the managed PowerEdge server
and set up the last crash screen feature.
Console redirection — see "Installing the Software on the Managed Server"
on page 65
iVM-CLI — see "Using the Virtual Media Command Line Interface Utility"
on page 232
Configure the Managed Server for the Last Crash Screen Feature
Set up the managed server so that the iDRAC can capture the screen image after
an operating system crash or freeze.
Managed Server — see "Configuring the Managed Server to Capture the Last
Crash Screen" on page 66, "Disabling the Windows Automatic Reboot
Option" on page 67
Configuring Networking Using the CMC Web
Interface
NOTE: You must have Chassis Configuration Administrator privilege to set up
iDRAC network settings from the CMC.
40 Configuring the iDRAC
NOTE: The default CMC user is root and the default password is calvin.
NOTE: The CMC IP address can be found in the iDRAC Web interface by clicking
System Remote Access CMC. You can also launch the CMC Web interface
from this page.
1
Use your web browser to log in to the CMC web user interface using a URL
of the form https://<
CMC-IP-address>
or https://<
CMC-DNS-name
>.
2
Enter the CMC username and password and click
OK
.
3
Click the plus (+) symbol next to
Chassis
in the left column, then click
Servers
.
4
Click
Setup
Deploy Network
.
5
Enable the LAN for the server by checking the checkbox next to the server
beneath the
Enable Lan
heading.
6
Enable or disable IPMI over LAN by checking the or unchecking the
checkbox next to the server beneath the
Enable IPMI over LAN
heading.
7
Enable or disable DHCP for the server by checking or unchecking the
checkbox next to the server under the
DHCP Enabled
heading.
8
If DHCP is disabled, enter the static IP address, netmask, and default
gateway for the server.
9
Click
Apply
at the bottom of the page.
Viewing FlexAddress Mezzanine Card Fabric
Connections
The M1000e includes FlexAddress, an advanced multilevel, multistandard
networking system. FlexAddress allows the use of persistent, chassis-assigned
World Wide Names and MAC addresses (WWN/MAC) for each managed
server port connection.
NOTE: In order to avoid errors that may lead to an inability to power on the
managed server, you must have the correct type of mezzanine card installed for
each port and fabric connection.
Configuration of the FlexAddress feature is performed using the CMC web
interface. For more information on the FlexAddress feature and its
configuration, see your Dell Chassis Management Controller Firmware Version
1.20 User Guide.
Configuring the iDRAC 41
Once the FlexAddress feature has been enabled and configured for the cabinet,
click System PropertiesWWN/MAC to view a list of installed mezzanine
cards, the fabrics and ports to which they are connected, the fabric port location,
type of fabric, and server-configured or chassis-assigned MAC addresses for
each installed embedded Ethernet and optional mezzanine card port.
To view a list of installed mezzanine cards, the type of mezzanine cards
installed, and if FlexAddress is configured, click System Properties
Summary.
Updating the iDRAC Firmware
Updating the iDRAC firmware installs a new firmware image in the iDRAC
flash memory. iDRAC 1.4 supports One-to-Many firmware updates via the
CMC in normal mode, not just for corruption. You can update the firmware
using any of the following methods:
•SM-CLP
load
command
iDRAC Web interface
Dell Update Package (for Linux or Microsoft Windows)
DOS iDRAC Firmware update utility
CMC Web interface (you must use this method if iDRAC firmware is
corrupted, or to do One-to-Many updates with CMC 2.0 or later firmware;
see your
CMC Firmware User Guide
for more information)
Downloading the Firmware or Update Package
Download the firmware from support.dell.com. The firmware image is
available in several different formats to support the different update methods
available.
To update the iDRAC firmware using the iDRAC Web interface or SM-CLP, or
to recover the iDRAC using the CMC Web interface, download the binary
image, packaged as a self-extracting archive.
To update the iDRAC firmware from the managed server, download the
operating system-specific Dell Update Package (DUP) for the operating system
running on the server whose iDRAC you are updating.
42 Configuring the iDRAC
To update the iDRAC firmware using the DOS iDRAC Firmware update utility,
download both the update utility and the binary image, which are packaged in
self-extracting archive files.
Execute the Firmware Update
NOTE: When the iDRAC firmware update begins, all existing iDRAC sessions are
disconnected and new sessions are not permitted until the update process is
completed.
NOTE: The chassis fans run at 100% during the iDRAC firmware update. When the
update is complete, normal fan speed regulation resumes. This is normal behavior,
designed to protect the server from overheating during a time when it cannot send
sensor information to the CMC.
To use a Dell Update Package for Linux or Microsoft Windows, execute the
operating-specific DUP on the managed server.
When using the SM-CLP load command, place the firmware binary image in a
directory where a Trivial File Transfer Protocol (TFTP) server can serve it to the
iDRAC. See "Updating the iDRAC Firmware Using SM-CLP" on page 226.
When using the iDRAC Web interface or the CMC Web interface, place the
firmware binary image on a disk that is accessible to the management station
from which you are running the Web interface. See "Updating the iDRAC
Firmware" on page 98.
NOTE: The iDRAC Web interface also allows you to reset the iDRAC configuration
to the factory defaults.
You must use the CMC Web interface to update the firmware when the CMC
detects that the iDRAC firmware is corrupted, as could occur if the iDRAC
firmware update progress is interrupted before it completes. See "Recovering
iDRAC Firmware Using the CMC" on page 99.
The CMC Web interface (CMC 2.0 or later) also provides a One-to-Many Out-
of-Band iDRAC Firmware update capacity that can be used at any time.
NOTE: After the CMC updates the firmware of the iDRAC, the iDRAC generates
new SHA1 and MD5 keys for the SSL certificate. Because the keys are different
from those in the open Web browser, all browser windows that are connected to
the iDRAC must be closed after the firmware update is complete. If the browser
windows are not closed, an Invalid Certificate error message is displayed.
Configuring the iDRAC 43
NOTE: If you are backdating your iDRAC firmware from version 1.20 to an earlier
version, you must delete the existing Internet Explorer ActiveX browser plugin on
any Windows-based Management Station to allow the firmware to install a
compatible version of the ActiveX plugin. To delete the ActiveX plugin, navigate to
c:\WINNT\Downloaded Program Files and delete the file DELL IMC KVM Viewer.
Using the DOS Update Utility
To update the iDRAC firmware using the DOS update utility, boot the managed
server to DOS, and execute the idrac16d command. The syntax for the
command is:
idrac16d [-f] [-i=<filename>] [-l=<logfile>]
When executed with no options, the idrac16d command updates the iDRAC
firmware using the firmware image file
firmimg.imc
in the current directory.
The options are as follows:
-f — forces the update. The -f option can be used to downgrade the firmware
to an earlier image.
-i=<filename> — specifies the filename image that contains the firmware
image. This option is required if the firmware filename has been changed from
the default name firmimg.imc.
-l=<logfile> — logs output from the update activity. This option is used
for debugging.
CAUTION: If you enter incorrect arguments for the idrac16d command or supply
the -h option, you may notice an additional option, -nopresconfig, in the
usage output. This option is used to update the firmware without preserving any
configuration information. You should not use this option unless explicitly told to
do so by a Dell Support Representative because it deletes all of your existing
iDRAC configuration information such as IP addresses, users, and passwords.
44 Configuring the iDRAC
Verifying the Digital Signature
A digital signature is used to authenticate the identity of the signer of a file and
to certify that the original content of the file has not been modified since it was
signed.
If you do not already have it installed on your system, you must install the Gnu
Privacy Guard (GPG) to verify a digital signature. To use the standard
verification procedure, perform the following steps:
1
Download the Dell Linux public GnuPG key, if you do not already have it, by
navigating to
lists.us.dell.com
and clicking the
Dell Public GPG key
link.
Save the file to your local system. The default name is
linux-security-
publickey.txt
.
2
Import the public key to your gpg trust database by running the following
command:
gpg --import <Public Key Filename>
NOTE: You must have your private key to complete the process.
3
To avoid a distrusted-key warning, change the trust level for the Dell Public
GPG key.
a
Type the following command:
gpg --edit-key 23B66A9D
b
Within the GPG key editor, type
fpr
. The following message appears:
pub 1024D/23B66A9D 2001-04-16 Dell, Inc.
(Product Group) <linux-security@dell.com>
Primary key fingerprint: 4172 E2CE 955A 1776
A5E6 1BB7 CA77 951D 23B6 6A9D
If the fingerprint of your imported key is the same as above, you have a
correct copy of the key.
c
While still in the GPG key editor, type
trust
. The following menu
appears:
Please decide how far you trust this user to
correctly verify other users' keys (by looking
Configuring the iDRAC 45
at passports, checking fingerprints from
different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision?
d
Type
5
<Enter>. The following prompt appears:
Do you really want to set this key to ultimate
trust? (y/N)
e
Type
y
<Enter> to confirm your choice.
f
Type
quit
<Enter> to exit the GPG key editor.
You must import and validate the public key only once.
4
Obtain the package you need, for example the Linux DUP or self-extracting
archive) and its associated signature file from the Dell Support website at
support.dell.com/support/downloads
.
NOTE: Each Linux Update Package has a separate signature file, which is
shown on the same web page as the Update Package. You need both the
Update Package and its associated signature file for verification. By default,
the signature file is named the same as the DUP filename with a .sign
extension. For example, if a Linux DUP is named PEM600_BIOS_LX_2.1.2.BIN,
its signature filename is PEM600_BIOS_LX_2.1.2.BIN.sign. The iDRAC
firmware image also has an associated .sign file, which is included in the self-
extracting archive with the firmware image. To download the files, right-click
on the download link and use the Save Target As… file option.
5
Verify the Update Package:
gpg --verify <Linux Update Package signature
filename> <Linux Update Package filename>
46 Configuring the iDRAC
The following example illustrates the steps that you follow to verify a
PowerEdge M600 BIOS Update Package:
1
Download the following two files from
support.dell.com
:
• PEM600_BIOS_LX_2.1.2.BIN.sign
• PEM600_BIOS_LX_2.1.2.BIN
2
Import the public key by running the following command line:
gpg --import <linux-security-publickey.txt>
The following output message appears:
gpg: key 23B66A9D: "Dell Computer Corporation
(Linux Systems Group) <linux-
security@dell.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
3
Set the GPG trust level for the Dell public key. if you haven’t done so
previously.
a
Typing the following command:
gpg --edit-key 23B66A9D
b
At the command prompt, type the following commands:
fpr
trust
c
Type
5
<Enter> to choose
I trust ultimately
from the menu.
d
Type
y
<Enter> to confirm your choice.
e
Type
quit
<Enter> to exit the GPG key editor.
This completes validation of the Dell public key.
4
Verify the PEM600 BIOS package digital signature by running the following
command:
gpg --verify PEM600_BIOS_LX_2.1.2.BIN.sign
PEM600_BIOS_LX_2.1.2.BIN
The following output message appears:
gpg: Signature made Fri Jul 11 15:03:47 2008
CDT using DSA key ID 23B66A9D
Configuring the iDRAC 47
gpg: Good signature from "Dell, Inc. (Product
Group) <linux-security@dell.com>"
NOTE: If you have not validated the key as shown in step 3, you will receive
additional messages:
gpg: WARNING: This key is not certified with a
trusted signature!
gpg: There is no indication that the signature
belongs to the owner.
Primary key fingerprint: 4172 E2CE 955A 1776
A5E6 1BB7 CA77 951D 23B6 6A9D
Clear Your Browsers Cache
To be able to use the features in the latest iDRAC, you must clear the browser’s
cache to remove/delete any old web pages that may be stored on the system.
Internet Explorer
1
Start Internet Explorer.
2
Click
Tools
, and then click
Internet Options
.
The
Internet Options
window appears.
3
Click the
General
tab.
4
Under
Temporary Internet files
, click
Delete Files
.
The
Delete Files
window appears.
5
Click to check
Delete all offline content
, and then click
OK
.
6
Click OK to close the
Internet Options
window.
48 Configuring the iDRAC
Firefox
1
Start Firefox.
2
Click
Edit
Preferences
.
3
Click the
Privacy
tab.
4
Click the
Clear Cache Now
.
5
Click
Close
.
Configuring iDRAC for Use with IT Assistant
Dell™ OpenManage™ IT Assistant comes preconfigured to discover managed
devices that comply with Simple Network Management Protocol (SNMP)
version 1 and version 2c and Intelligent Platform Management Interface (IPMI)
version 2.0.
The iDRAC complies with IPMI version 2.0. This section describes the steps to
configure an iDRAC for discovery and monitoring by IT Assistant. There are
two ways to accomplish this: through the iDRAC Configuration Utility and
through the iDRAC's graphical Web interface.
Using the iDRAC Configuration Utility to Enable Discovery and
Monitoring
To set up an iDRAC for IPMI discovery and alert trap sending at the iDRAC
configuration utility level, you need to restart your managed server (blade) and
observe its power-up using the iKVM and either a remote monitor and console
keyboard or a Serial-Over-LAN (SOL) connection. When Press <Ctrl-E>
for Remote Access Setup is displayed, press <Ctrl><E>.
When the iDRAC Configuration Utility screen appears, use the arrow keys to
scroll down.
1
Enable
IPMI over LAN
.
2
Enter your site's
RMCP+ Encryption Key
, if used.
NOTE: See your senior Network Administrator or CIO to discuss implementing
this option because it adds valuable security protection and must be implemented
site wide in order to function properly.
3
At
LAN Parameters
, press <Enter> to enter the sub-screen. Use the up-
arrow and down-arrow keys to navigate.
Configuring the iDRAC 49
4
Toggle
LAN Alert Enabled
to
On
using the spacebar.
5
Enter the IP address of your Management Station into
Alert Destination 1
.
6
Enter a name string into
iDRAC Name
with a consistent naming convention
across your data center. The default is
iDRAC-{Service Tag}
.
Exit the iDRAC Configuration Utility by pressing <Esc>, <Esc>, and then
<Enter> to save your changes. Your server will now boot into normal operation,
and IT Assistant will discover it during the next scheduled Discovery pass.
Using the iDRAC Web Interface to Enable Discovery and Monitoring
IPMI Discovery can also be enabled through the remote Web Interface:
1
Enter the IP address of your iDRAC into your browser.
2
Log in using a user name and password with Administrator rights.
3
Select
iDRAC
Network/Security
Network
.
4
Scroll down to
IPMI LAN Settings
.
5
Make sure
Enable IPMI over LAN
is selected.
6
Set
Channel Level Privileges
to
Administrator
.
7
Enter your site's RMCP+
Encryption Key
, if used.
8
Click
Apply
, if needed.
9
Navigate to
System
Alert Management
Platform Events
.
10
Enable
Alerts
for the
Platform Event
categories for which you wish to set
traps.
11
Click
Apply
if you've made changes.
12
Click
Trap Settings
.
13
Enter the IP address of your Management Station in the first available
Destination IP Address
textbox.
14
Make sure the
Enabled
box is selected.
15
Click
Apply
if you've made changes.
You can now send a test trap by clicking the Send link.
Dell highly recommends that for security purposes you create a separate user
account for IPMI commands with its own user name, IPMI over LAN
privileges, and password.
50 Configuring the iDRAC
1
Navigate to
iDRAC
Network/Security
Users
.
2
Click on the number of an undefined
User
.
3
In the sub-screen, enable the
User
and enter a
Name
and
Password
.
4
Make sure
Maximum LAN User Privilege Granted
is set to
Administrator
.
5
Click
Apply
to save your changes.
Using the Dell IT Assistant to View iDRAC Status and Events
After Discovery is complete, the iDRACs will show up in the Servers category
of the ITA Devices detail screen, and iDRAC information can be seen by
clicking on the iDRAC name. This is different than DRAC5 systems, where the
management card shows up in the RAC group. This is due to the fact that
iDRAC uses IPMI discovery as opposed to SNMP.
iDRAC error and warning traps can now be seen in the primary Alert Log of IT
Assistant. They will show up in the Unknown category, but the trap description
and severity will be accurate.
For more information on using IT Assistant to manage your data center, please
read the IT Assistant User's Guide.
Configuring the Management Station 51
3
Configuring the Management
Station
A management station is a computer used to monitor and manage the
PowerEdge servers and other modules in the chassis. This section describes
software installation and configuration tasks that set up a management station to
work with the iDRAC. Before you begin configuring the iDRAC, follow the
procedures in this section to ensure that you have installed and configured the
tools you will need.
Management Station Set Up Steps
To set up your Management Station, perform the following steps:
1
Set up the management station network.
2
Install and configure a supported Web browser.
3
Install a Java Runtime Environment (JRE) (optional for Windows).
4
Install telnet or SSH clients, if required.
5
Install a TFTP server, if required.
6
Install Dell OpenManage IT Assistant (optional).
Management Station Network Requirements
To access the iDRAC, the management station must be on the same network as
the CMC RJ45 connection port labelled "GB1". It is possible to isolate the CMC
network from the network the managed server is on, so that your management
station may have LAN access to the iDRAC but not to the managed server.
Using the iDRAC console redirection feature (see "Configuring and Using
Serial Over LAN" on page 141), you can access the managed servers console
even if you do not have network access to the servers ports. You can also
52 Configuring the Management Station
perform several management functions on the managed server, such as
rebooting the computer, using iDRAC facilities. To access network and
application services hosted on the managed server, however, you may need an
additional NIC in the management computer.
Configuring a Supported Web Browser
The following sections provide instructions for configuring the supported Web
browsers for use with the iDRAC Web interface. For a list of supported Web
browsers, see "Supported Web Browsers" on page 27.
Opening Your Web Browser
The iDRAC Web Interface is designed to be viewed in a supported Web browser
at a minimum screen resolution of 800 pixels wide by 600 pixels high. In order
to view the interface and access all features, ensure that your resolution is set to
at least 800 by 600 pixels and/or resize your browser, as needed.
NOTE: In some situations, most often during the first session after a firmware
update, users of Internet Explorer 6 may see the message Done, with errors
displayed in the browser status bar along with a partially rendered page in the main
browser window. This error can also occur if you are experiencing connectivity
problems or have the Windows Firewall enabled. These are known issues with
Internet Explorer 6. Because Internet Explorer 7 does not exhibit these issues, Dell
recommends that you upgrade.
Configuring Your Web Browser to Connect to the Web Interface
If you are connecting to the iDRAC Web interface from a management station
that connects to the Internet through a proxy server, you must configure the Web
browser to access the Internet from this server.
To configure the Internet Explorer Web browser to access a proxy server,
perform the following steps:
1
Open a Web browser window.
2
Click
Tools
, and click
Internet Options
.
The
Internet Options
window appears.
3
Select
Too ls
Internet Options
Security
Local Network
(Internet
Explorer 7)
-or-
Local Intranet
(Internet Explorer 6).
4
Click the
Custom Level
.
Configuring the Management Station 53
5
Select
Medium-Low
from the drop-down menu, and click
Reset
. Click
OK
to confirm. You will need to re-enter the
Custom Level
dialog by clicking its
button.
6
Scroll down to the section labeled
ActiveX controls and plug-ins
, and check
each setting, as different versions of Internet Explorer have differing settings
in
Medium-Low
state:
Automatic prompting for ActiveX controls:
Enable
Binary and script behaviors:
Enable
Download signed ActiveX controls:
Prompt
Initialize and script ActiveX controls not marked as safe:
Prompt
Run ActiveX controls and plug-ins:
Enable
Script ActiveX controls marked safe for scripting:
Enable
In the section on
Downloads
:
Automatic prompting for file downloads:
Enable
File download:
Enable
Font download:
Enable
In the
Miscellaneous
section:
Allow META-REFRESH:
Enable
Allow scripting of Internet Explorer Web browser control:
Enable
Allow script-initiated windows without size or position constraints:
Enable
Don't prompt for client certificate selection when no certificates or only
one certificate exists:
Enable
Launching programs and files in an IFRAME:
Enable
Open files based on content, not file extension:
Enable
Software channel permissions:
Low safety
Submit nonencrypted form data:
Enable
Use Pop-up Blocker:
Disable
In the
Scripting
section:
Active scripting:
Enable
54 Configuring the Management Station
Allow paste operations via script:
Enable
Scripting of Java applets:
Enable
7
Select
Too ls
Internet Options
Advanced
.
8
Make sure the following items are checked or unchecked:
In the
Browsing
section:
Always send URLs as UTF-8: checked
Disable script debugging (Internet Explorer): checked
Disable script debugging: (Other): checked
Display a notification about every script error: unchecked
Enable Install On demand (Other): checked
Enable page transitions: checked
Enable third-party browser extensions: checked
Reuse windows for launching shortcuts: unchecked
In the
HTTP 1.1 settings
section:
Use HTTP 1.1: checked
Use HTTP 1.1 through proxy connections: checked
In the
Java (Sun)
section:
Use JRE 1.6.x_yz: checked (optional; version may differ)
In the
Multimedia
section:
Enable automatic image resizing: checked
Play animations in web pages: checked
Play videos in web pages: checked
Show pictures: checked
In the
Security
section:
Check for publishers' certificate revocation: unchecked
Check for signatures on downloaded programs: checked
Use SSL 2.0: unchecked
Use SSL 3.0: checked
Configuring the Management Station 55
Use TLS 1.0: checked
Warn about invalid site certificates: checked
Warn if changing between secure and not secure mode: checked
Warn if forms submittal is being redirected: checked
NOTE: If you choose to alter any of the above settings, first understand the
consequences of doing so. For example, if you choose to block pop-ups,
portions of the iDRAC Web User Interface will not function properly.
9
Click
Apply
.
10
Click
OK
.
11
Select the
Connections
tab.
12
Under
Local Area Network (LAN) settings
, click
LAN Settings
.
13
If the
Use a proxy server
box is selected, select the
Bypass proxy server for
local addresses
box.
14
Click
OK
twice.
15
Close and restart your browser to make sure all changes take effect.
Adding iDRAC to the List of Trusted Domains
When you access the iDRAC Web interface through the Web browser, you may
be prompted to add the iDRAC IP address to the list of trusted domains if the IP
address is missing from the list. When completed, click Refresh or relaunch the
Web browser to establish a connection to the iDRAC Web interface.
Viewing Localized Versions of the Web Interface
The iDRAC Web interface is supported on the following operating system
languages:
English (en-us)
French (fr)
•German (de)
•Spanish (es)
Japanese (ja)
Simplified Chinese (zh-cn)
56 Configuring the Management Station
The ISO identifiers in parentheses denote the specific language variants which
are supported. Use of the interface with other dialects or languages is not
supported and may not function as intended. For some supported languages,
resizing the browser window to 1024 pixels wide may be necessary in order to
view all features.
The iDRAC Web Interface is designed to work with localized keyboards for the
specific language variants listed above. Some features of the iDRAC Web
Interface, such as Console Redirection, may require additional steps to access
certain functions/letters. For more details on how to use localized keyboards in
these situations, see "Using the Video Viewer" on page 167. Use of other
keyboards is not supported and may cause unexpected problems.
Internet Explorer 6.0 and 7.0 (Windows)
To view a localized version of the iDRAC Web interface in Internet Explorer,
perform the following steps:
1
Click the
Tools
menu and select
Internet Options
.
2
In the
Internet Options
window, click
Languages
.
3
In the
Language Preference
window, click
Add
.
4
In the
Add Language
window, select a supported language.
To select more than one language, press <Ctrl>.
5
Select your preferred language and click
Move Up
to move the language to
the top of the list.
6
In the
Language Preference
window, click
OK
.
7
Click
OK
.
Firefox 1.5 (Linux)
To view a localized version of the iDRAC Web interface in Firefox 1.5, perform
the following steps:
1
Click
Edit
Preferences
, then click the
Advanced
tab.
2
In the
Language
section, click
Choose
.
3
Click
Select a language to add…
.
4
Select a supported language and click
Add
.
Configuring the Management Station 57
5
Select your preferred language and click
Move Up
to move it to the top of
the list.
6
In the Languages menu, click
OK
.
7
Click
OK
.
Firefox 2.0 (Linux or Windows)
To view a localized version of the iDRAC Web interface in Firefox 2.0, perform
the following steps:
1
Click
Tools
Options
, and then click the
Advanced
tab.
2
Under
Language
, click
Choose
.
The
Languages
window appears.
3
In the
Select a language to add...
drop down menu, click to highlight a
supported language, and then click
Add
.
4
Click to select your preferred language, and then click
Move Up
until the
language appears a the top of the list.
5
Click
OK
to close the
Languages
window.
6
Click
OK
to close the
Options
window.
Setting the Locale in Linux
The console redirection viewer requires a UTF-8 character set to display
correctly. If your display is garbled, check your locale and reset the character set
if needed.
The following steps show how to set the character set on a Red Hat® Enterprise
Linux® client with a Simplified Chinese GUI:
1
Open a command terminal.
2
Type
locale
and press <Enter>. Output similar to the following output
appears:
LANG=zh_CN.UTF-8
LC_CTYPE="zh_CN.UTF-8"
LC_NUMERIC="zh_CN.UTF-8"
LC_TIME="zh_CN.UTF-8"
LC_COLLATE="zh_CN.UTF-8"
LC_MONETARY="zh_CN.UTF-8"
58 Configuring the Management Station
LC_MESSAGES="zh_CN.UTF-8"
LC_PAPER="zh_CN.UTF-8"
LC_NAME="zh_CN.UTF-8"
LC_ADDRESS="zh_CN.UTF-8"
LC_TELEPHONE="zh_CN.UTF-8"
LC_MEASUREMENT="zh_CN.UTF-8"
LC_IDENTIFICATION="zh_CN.UTF-8"
LC_ALL=
3
If the values include
"zh_CN.UTF-8"
, no changes are required. If the
values do not include
"zh_CN.UTF-8"
, go to step 4.
4
Edit the
/etc/sysconfig/i18n
file with a text editor.
5
In the file, apply the following changes:
Current entry:
LANG="zh_CN.GB18030"
SUPPORTED="zh_CN.GB18030:zh_CH.GB2312:zh_CN:zh"
Updated entry:
LANG="zh_CN.UTF-8"
SUPPORTED="zh_CN.UTF-
8:zh_CN.GB18030:zh_CH.GB2312:zh_CN:zh"
6
Log out and then log in to the operating system.
When you switch from any other language, ensure that this fix is still valid. If
not, repeat this procedure.
Disabling the Whitelist Feature in Firefox
Firefox has a "whitelist" security feature that requires user permission to install
plugins for each distinct site that hosts a plugin. If enabled, the whitelist feature
requires you to install a console redirection viewer for each iDRAC you visit,
even though the viewer versions are identical.
To disable the whitelist feature and avoid unnecessary plugin installations,
perform the following steps:
1
Open a Firefox Web browser window.
2
In the address field, type
about:config
and press <Enter>.
Configuring the Management Station 59
3
In the
Preference Name
column, locate and double-click
xpinstall.whitelist.required
.
The values for
Preference Name
,
Status
,
Type
, and
Value
change to bold
text. The
Status
value changes to
user set
and the
Value
value changes to
false
.
4
In the
Preferences
Name
column, locate
xpinstall.enabled
.
Ensure that
Val ue
is
true
. If not, double-click
xpinstall.enabled
to set
Val ue
to
true
.
Installing a Java Runtime Environment (JRE)
NOTE: If you use the Internet Explorer browser, an ActiveX control is provided for
the console viewer. You can also use the Java console viewer with Internet
Explorer if you install a JRE and configure the console viewer in iDRAC web
interface before you launch the viewer. See "Configuring Console Redirection in the
iDRAC Web Interface" on page 163 for more information.
You can choose to use the Java viewer instead before you launch the viewer.
If you use the Firefox browser you must install a JRE (or a Java Development
Kit [JDK]) to use the console redirection feature. The console viewer is a Java
application that is downloaded to the management station from the iDRAC Web
interface and then launched with Java Web Start on the management station.
Go to java.sun.com to install a JRE or JDK. Version 1.6 (Java 6.0) or higher is
recommended.
The Java Web Start program is automatically installed with the JRE or JDK. The
file jviewer.jnlp is downloaded to your desktop and a dialog box prompts you
for what action to take. It may be necessary to associate the .jnlp extension type
with the Java Web Start application in your browser. Otherwise, click Open
with and then select the javaws application, which is located in the bin
subdirectory of your JRE installation directory.
NOTE: If the .jnlp file type is not associated with Java Web Start after installing JRE
or JDK, you can set the association manually. For Windows (javaws.exe) click
StartControl Panel Appearance and ThemesFolder Options. Under the File
Types tab, highlight .jnlp under Registered file types, and then click Change. For
Linux (javaws), start Firefox, and click Edit Preferences Downloads, and then
click View and Edit Actions.
60 Configuring the Management Station
For Linux, once you have installed either JRE or JDK, add a path to the Java bin
directory to the front of your system PATH. For example, if Java is installed in
/usr/java, add the following line to your local .bashrc or /etc/profile:
PATH=/usr/java/bin:$PATH; export PATH
NOTE: There may already be PATH-modification lines in the files. Ensure that the
path information you enter does not create conflicts.
Installing Telnet or SSH Clients
By default, the iDRAC telnet service is disabled and the SSH service is enabled.
Since telnet is an insecure protocol, you should use it only if you cannot install
an SSH client or your network connection is otherwise secured.
NOTE: There can be only one active telnet or SSH connection to the iDRAC at a
time. When there is an active connection, other connection attempts are denied.
Telnet with iDRAC
Telnet is included in Microsoft
®
Windows® and Linux operating systems and
can be run from a command shell. You may also choose to install a commercial
or freely available telnet client with more convenience features than the standard
version included with your operating system.
If your management station is running Windows XP or Windows 2003, you may
experience an issue with the characters in an iDRAC telnet session.This issue
may occur as a frozen login where the return key does not respond and the
password prompt does not appear.
To fix this issue, download hotfix 824810 from the Microsoft Support website at
support.microsoft.com. See Microsoft Knowledge Base article 824810 for
more information.
Configuring the Backspace Key For Your Telnet Session
Depending on the telnet client, using the <Backspace> key may produce
unexpected results. For example, the session may echo ^h. However, most
Microsoft and Linux telnet clients can be configured to use the <Backspace>
key.
To configure Microsoft telnet clients to use the <Backspace> key, perform the
following steps:
Configuring the Management Station 61
1
Open a command prompt window (if required).
2
If you are not running a telnet session, type:
telnet
If you are running a telnet session, press <Ctrl><]>.
3
At the prompt, type:
set bsasdel
The following message appears:
Backspace will be sent as delete.
To configure a Linux telnet session to use the <Backspace> key, perform the
following steps:
1
Open a shell and type:
stty erase ^h
2
At the prompt, type:
telnet
SSH With iDRAC
Secure Shell (SSH) is a command line connection with the same capabilities as a
telnet session, but with session negotiation and encryption to improve security.
The iDRAC supports SSH version 2 with password authentication. SSH is
enabled by default on the iDRAC.
You can use PuTTY (Windows) or OpenSSH (Linux) on a management station
to connect to the managed servers iDRAC. When an error occurs during the
login procedure, the ssh client issues an error message. The message text is
dependent on the client and is not controlled by the iDRAC.
NOTE: OpenSSH should be run from a VT100 or ANSI terminal emulator on
Windows. Running OpenSSH at the Windows command prompt does not result in
full functionality (that is, some keys do not respond and no graphics are displayed).
Only one telnet or SSH session is supported at any given time. The session
timeout is controlled by the cfgSsnMgtSshIdleTimeout property as
described in "iDRAC Property Database Group and Object Definitions" on
page 305.
62 Configuring the Management Station
The iDRAC SSH implementation supports multiple cryptography schemes, as
shown in Table 3-1.
NOTE: SSHv1 is not supported.
Installing a TFTP Server
NOTE: If you use only the iDRAC Web interface to transfer SSL certificates and
upload new iDRAC firmware, no TFTP server is required.
Trivial File Transfer Protocol (TFTP) is a simplified form of the File Transfer
Protocol (FTP). It is used with the SM-CLP and RACADM command line
interfaces to transfer files to and from the iDRAC.
Table 3-1. Cryptography Schemes
Scheme Type Scheme
Asymmetric Cryptography Diffie-Hellman DSA/DSS 512-1024 (random)
bits per NIST specification
Symmetric Cryptography
AES256-CBC
RIJNDAEL256-CBC
AES192-CBC
RIJNDAEL192-CBC
AES128-CBC
RIJNDAEL128-CBC
BLOWFISH-128-CBC
3DES-192-CBC
ARCFOUR-128
Message Integrity
HMAC-SHA1-160
HMAC-SHA1-96
HMAC-MD5-128
• HMAC-MD5-96
Authentication
•Password
Configuring the Management Station 63
The only times when you need to copy files to or from the iDRAC are when you
update the iDRAC firmware or install certificates on the iDRAC. If you choose
to use SM-CLP or RACADM when you perform these tasks, a TFTP server
must be running on a computer the iDRAC can access by IP number or DNS
name.
You can use the netstat -a command on Windows or Linux operating systems to
see if a TFTP server is already listening. Port 69 is the TFTP default port. If no
server is running, you have the following options:
Find another computer on the network running a TFTP service
If you are using Linux, install a TFTP server from your distribution
If you are using Windows, install a commercial or free TFTP server
Installing Dell OpenManage IT Assistant
Your system includes the Dell OpenManage System Management Software Kit.
This kit includes, but is not limited to, the following components:
Dell Systems Management Tools and Documentation
DVD — Contains all
the latest Dell systems management console products, including Dell
OpenManage IT Assistant; provides the tools you need to configure your
system and delivers firmware, diagnostics, and Dell-optimized drivers for
your system; and helps you stay current with documentation for systems,
systems management software products, peripherals, and RAID controllers.
Dell Support website and Readme files — Check Readme files and the Dell
Support website at
support.dell.com
for the most recent information about
your Dell products.
Use the
Dell Systems Management Tools and Documentation
DVD
to install the
management console software, including Dell OpenManage IT Assistant, on the
management station. For instructions on installing this software, see your Quick
Installation Guide.
64 Configuring the Management Station
Configuring the Managed Server 65
4
Configuring the Managed Server
This section describes tasks to set up the managed server to enhance your
remote management capabilities. These tasks include installing the Dell Open
Manage Server Administrator software and configuring the managed server to
capture the last crash screen.
Installing the Software on the Managed Server
The Dell management software includes the following features:
Local RACADM CLI — allows you to configure and administer the iDRAC
from the managed system. It is a powerful tool for scripting configuration
and management tasks.
Server Administrator is required to use the iDRAC last crash screen feature.
Server Administrator — a Web interface that allows you to administer the
remote system from a remote host on the network.
Server Administrator Instrumentation Service — provides access to detailed
fault and performance information gathered by industry-standard systems
management agents and allows remote administration of monitored systems,
including shutdown, startup, and security.
Server Administration Storage Management Service — provides storage
management information in an integrated graphical view.
Server Administrator Logs — displays logs of commands issued to or by the
system, monitored hardware events, POST events, and system alerts. You can
view logs on the home page, print or save them as reports, and send them by
e-mail to a designated service contact.
Use the
Dell Systems Management Tools and Documentation
DVD to install
Server Administrator.
For instructions on installing this software, see your Quick
Installation Guide.
66 Configuring the Managed Server
Configuring the Managed Server to Capture the
Last Crash Screen
The iDRAC can capture the last crash screen so that you can view it in the Web
interface to help troubleshoot the cause of the managed system crash. Follow
these steps to enable the last crash screen feature.
1
Install the managed server software. Dell OpenManage Server Administrator
(OMSA) must be installed. For more information about installing the
managed server software, see the
Server Administrator Users Guide
.
2
If you are running a Microsoft
®
Windows
®
operating system, ensure that the
Automatically Reboot feature is deselected in the
Windows Startup and
Recovery Settings
. See "Disabling the Windows Automatic Reboot Option"
on page 67.
3
Enable the Last Crash Screen (disabled by default) in the iDRAC Web
interface.
To enable the Last Crash Screen in the iDRAC Web interface, click
System
Remote Access
iDRAC
Network/Security
Services
, then
check the
Enable
checkbox under the Automatic System Recovery Agent
Settings heading.
To enable the Last Crash Screen using local RACADM, open a command
prompt on the managed system and type the following command:
racadm config -g cfgRacTuning -o
cfgRacTuneAsrEnable 1
4
In the Server Administrator web-based interface, enable the
Auto Recovery
timer and set the
Auto Recovery
action to
Reset
,
Power Off
, or
Power
Cycle
.
For information about how to configure the
Auto Recovery
timer, see the
Server Administrator User's Guide
. To ensure that the last crash screen can
be captured, the
Auto Recovery
timer should be set to 60 seconds. The
default setting is 480 seconds.
The last crash screen is not available when the
Auto Recovery
action is set to
Shutdown
or
Power Cycle
if the managed server is powered off.
Configuring the Managed Server 67
Disabling the Windows Automatic Reboot Option
To ensure that the iDRAC can capture the last crash screen, disable the
Automatic Reboot option on managed servers running Microsoft Windows
Server® or Windows Vista®.
1
Open the Windows
Control Panel
and double-click the
System
icon.
2
Click the
Advanced
tab.
3
Under
Startup and Recovery
, click
Settings
.
4
Deselect the
Automatically Reboot
check box.
5
Click
OK
twice.
68 Configuring the Managed Server
Configuring the iDRAC Using the Web Interface 69
5
Configuring the iDRAC Using the
Web Interface
The iDRAC provides a Web interface that enables you to configure the iDRAC
properties and users, perform remote management tasks, and troubleshoot a
remote (managed) system for problems. For everyday systems management, use
the iDRAC Web interface. This chapter provides information about how to
perform common systems management tasks with the iDRAC Web interface
and provides links to related information.
Most Web interface configuration tasks can also be performed with local
RACADM commands or with SM-CLP commands.
Local RACADM commands are executed from the managed server. For more
information about local RACADM, see "Using the Local RACADM Command
Line Interface" on page 191.
SM-CLP commands are executed in a shell that can be accessed remotely with a
telnet or SSH connection. For more information about SM-CLP, see "Using the
iDRAC SM-CLP Command Line Interface" on page 215.
Accessing the Web Interface
To access the iDRAC Web interface, perform the following steps:
1
Open a supported Web browser window.
See "Supported Web Browsers" on page 27 for more information.
2
In the
Address
field, type
https://<iDRAC-IP-address>
and press
<Enter>.
If the default HTTPS port number (port 443) has been changed, type:
https://<iDRAC-IP-address>:<port-number>
70 Configuring the iDRAC Using the Web Interface
where
iDRAC-IP-address
is the IP address for the iDRAC and
port-number
is the HTTPS port number.
The iDRAC
Login
window appears.
Logging In
You can log in as either an iDRAC user or as a Microsoft® Active Directory®
user. The default user name and password are root and calvin, respectively.
You must have been granted Login to iDRAC privilege by the administrator to
log in to the iDRAC.
To log in, perform the following steps:
1
In the
Username
field, type one of the following:
Your iDRAC user name.
The user name for local users is case sensitive. Examples are
root
,
it_user
, or john_doe.
Your Active Directory user name.
Active Directory names can be entered in any of the forms
<
domain
>\<
username
>, <
domain
>/<
username
>, or <
user
>@<
domain
>.
They are not case sensitive. Examples are
dell.com
\
john_doe,
or
JOHN_DOE@DELL.COM
.
2
In the
Password
field, type your iDRAC user password or Active Directory
user password. Passwords are case sensitive.
3
Click
OK
or press <Enter>.
Logging Out
1
In the upper-right corner of the main window, click
Logout
to close the
session.
2
Close the browser window.
NOTE: The Logout button does not appear until you log in.
NOTE: Closing the browser without gracefully logging out may cause the session
to remain open until it times out. It is strongly recommended that you click the
logout button to end the session; otherwise, the session may remain active until the
session timeout is reached.
Configuring the iDRAC Using the Web Interface 71
NOTE: Closing the iDRAC Web interface within Microsoft Internet Explorer using
the close button ("x") at the top right corner of the window may generate an
application error. To fix this issue, download the latest Cumulative Security Update
for Internet Explorer from the Microsoft Support website, located at
support.microsoft.com.
Using Multiple Browser Tabs and Windows
Different versions of web browsers exhibit different behaviors when opening
new tabs and windows. Each window is a new session, but each new tab is not.
Microsoft Internet Explorer 6 does not support tabs; therefore, each browser
window opened becomes a new iDRAC Web Interface session. Internet
Explorer 7 has the option to open tabs as well as windows. Each tab inherits the
characteristics of the most recently opened tab. For example, if a user logs in
with Power User privileges on one tab, and then logs in as Administrator on
another tab, both open tabs then have Administrator privileges. Closing any one
tab expires all iDRAC Web Interface tabs.
Tab behavior in Firefox 2 is the same as Internet Explorer 7; new tabs initiate
new sessions. Window behavior in Firefox, however, is different. Firefox
windows will operate with the same privileges as the latest window opened. For
example, if one Firefox window is open with a Power User logged in and
another window is opened with Administrator privileges, both users will now
have Administrator privileges.
Configuring the iDRAC NIC
This section assumes that the iDRAC has already been configured and is
accessible on the network. See "Configure iDRAC Networking" on page 36 for
help with the initial iDRAC network configuration.
Table 5-1. User Privilege Behavior in Supported Browsers
Browser Tab Behavior Window Behavior
Microsoft Internet
Explorer 6
Not applicable New session
Microsoft Internet
Explorer 7
From latest session opened New session
Firefox 2 From latest session opened From latest session opened
72 Configuring the iDRAC Using the Web Interface
Configuring the Network and IPMI LAN Settings
NOTE: You must have Configure iDRAC privilege to perform the following steps.
NOTE: Most DHCP servers require a server to store a client identifier token in its
reservations table. The client (iDRAC, for example) must provide this token during
DHCP negotiation. The iDRAC supplies the client identifier option using a one-byte
interface number (0) followed by a six-byte MAC address.
1
Click
System
Remote Access
iDRAC
.
2
Click the
Network/Security
tab to open the
Network Configuration
page.
Table 5-2 and Table 5-3 describe the
Network Settings
and
IPMI LAN
Settings
on the
Network
page.
3
When you have completed entering the required settings, click
Apply
.
4
Click the appropriate button to continue. See Table 5-4.
Table 5-2. Network Settings
Setting Description
Enable NIC When checked, indicates that the NIC is enabled and activates the
remaining controls in this group. When a NIC is disabled, all
communication to and from the iDRAC via the network is
blocked.
The default is off.
Media Access
Control (MAC)
Address
Displays the Media Access Control (MAC) address that uniquely
identifies each node in a network. The MAC address cannot be
changed.
Use DHCP (For
NIC IP Address)
Prompts the iDRAC to obtain an IP address for the NIC from the
Dynamic Host Configuration Protocol (DHCP) server. Also
deactivates the Static IP Address, Static Subnet Mask, and
Static Gateway controls.
The default is off.
Static IP Address Allows you to enter or edit a static IP address for the iDRAC NIC.
To change this setting, deselect the Use DHCP (For NIC IP
Address) checkbox.
Static Subnet Mask Allows you to enter or edit a subnet mask for the iDRAC NIC. To
change this setting, first deselect the Use DHCP (For NIC IP
Address) checkbox.
Configuring the iDRAC Using the Web Interface 73
Static Gateway Allows you to enter or edit a static gateway for the iDRAC NIC.
To change this setting, first deselect the Use DHCP (For NIC IP
Address) checkbox.
Use DHCP to
obtain DNS server
addresses
Enable DHCP to obtain DNS server addresses by selecting the
Use DHCP to obtain DNS server addresses checkbox. When
not using DHCP to obtain the DNS server addresses, provide the
IP addresses in the Static Preferred DNS Server and Static
Alternate DNS Server fields.
The default is off.
NOTE: When the Use DHCP to obtain DNS server addresses
checkbox is selected, IP addresses cannot be entered into the
Static Preferred DNS Server and Static Alternate DNS Server
fields.
Static Preferred
DNS Server
Allows the user to enter or edit a static IP address for the preferred
DNS server. To change this setting, first deselect the Use DHCP
to obtain DNS server addresses checkbox.
Static Alternate
DNS Server
Uses the secondary DNS server IP address when Use DHCP to
obtain DNS server addresses is not selected. Enter an IP
address of 0.0.0.0 if there is no alternate DNS server.
Register iDRAC on
DNS
Registers the iDRAC name on the DNS server.
The default is Disabled.
DNS iDRAC Name Displays the iDRAC name only when Register iDRAC on DNS
is selected. The default name is idrac-service_tag, where
service_tag is the service tag number of the Dell server. For
example: idrac-00002.
Use DHCP for DNS
Domain Name
Uses the default DNS domain name. When the box is not selected
and the Register iDRAC on DNS option is selected, modify the
DNS domain name in the DNS Domain Name field.
The default is Disabled.
NOTE: To select the Use DHCP for DNS Domain Name checkbox,
also select the Use DHCP (For NIC IP Address) checkbox.
DNS Domain Name The default DNS Domain Name is blank. When the Use DHCP
for DNS Domain Name checkbox is selected, this option is
grayed out and the field cannot be modified.
Table 5-2. Network Settings (continued)
Setting Description
74 Configuring the iDRAC Using the Web Interface
Community String Contains the community string to use in Simple Network
Management Protocol (SNMP) alert traps sent from the iDRAC.
SNMP alert traps are transmitted by the iDRAC when a platform
event occurs. The default is public.
SMTP Server
Address
The IP address of the Simple Mail Transfer Protocol (SMTP)
server that the iDRAC communicates with to send e-mail alerts
when a platform event occurs. The default is 127.0.0.1.
Table 5-3. IPMI LAN Settings
Setting Description
Enable IPMI Over
LAN
When checked, indicates that the IPMI LAN channel is enabled.
The default is off.
Channel Privilege
Level Limit
Configures the maximum privilege level, for the user, that can be
accepted on the LAN channel. Select one of the following
options: Administrator, Operator, or User. The default is
Administrator.
Encryption Key Configures the encryption key: 0 to 20 hexadecimal characters
(with no blanks allowed). The default is blank.
Table 5-4. Network Configuration Page Buttons
Button Description
Advanced Settings Opens the Network Security page, allowing the user to enter IP
Range, and IP Blocking attributes.
Print Prints the Network Configuration values that appear on the
screen.
Refresh Reloads the Network Configuration page.
Table 5-2. Network Settings (continued)
Setting Description
Configuring the iDRAC Using the Web Interface 75
Configuring IP Filtering and IP Blocking
NOTE: You must have Configure iDRAC permission to perform the following steps.
1
Click
System
Remote Access
iDRAC
and then click the
Network/Security
tab to open the
Network Configuration
page.
2
Click
Advanced Settings
to configure the network security settings.
Table 5-5 describes the
Network Security
page settings.
3
When you have finished configuring the settings, click
Apply
.
4
Click the appropriate
button to continue. See Table 5-6.
Apply Saves any new settings made to the network configuration page.
NOTE: Changes to the NIC IP address settings will close all user
sessions and require users to reconnect to the iDRAC Web
interface using the updated IP address settings. All other changes
will require the NIC to be reset, which may cause a brief loss in
connectivity.
Table 5-5. Network Security Page Settings
Settings Description
IP Range Enabled Enables the IP Range checking feature, which defines a range of
IP addresses that can access the iDRAC. The default is off.
IP Range Address Determines the acceptable IP subnet address. The default is
192.168.1.0.
IP Range Subnet
Mask
Defines the significant bit positions in the IP address. The subnet
mask should be in the form of a netmask, where the more
significant bits are all 1's with a single transition to all zeros in the
lower-order bits. The default is 255.255.255.0.
IP Blocking
Enabled
Enables the IP address blocking feature, which limits the number
of failed login attempts from a specific IP address for a
preselected time span. The default is off.
IP Blocking Fail
Count
Sets the number of login failures attempted from an IP address
before the login attempts are rejected from that address. The
default is 10.
Table 5-4. Network Configuration Page Buttons (continued)
Button Description
76 Configuring the iDRAC Using the Web Interface
Configuring Platform Events
Platform event configuration provides a mechanism for configuring the iDRAC
to perform selected actions on certain event messages. The actions include no
action, reboot system, power cycle system, power off system, and generate an
alert (Platform Event Trap [PET] and/or e-mail).
The filterable platform events are listed in Table 5-7.
IP Blocking Fail
Window
Determines the time span in seconds within which IP Block Fail
Count failures must occur to trigger the IP Block Penalty Time.
The default is 3600.
IP Blocking Penalty
Time
The time span in seconds that login attempts from an IP address
with excessive failures are rejected. The default is 3600.
Table 5-6. Network Security Page Buttons
Button Description
Print Prints the Network Security values that appear on the screen.
Refresh Reloads the Network Security page.
Apply Saves any new settings that you made to the Network Security
page.
Go Back to
Network Page
Returns to the Network page.
Table 5-7. Filterable Platform Events
Index Platform Event
1 Battery Warning Assert
2 Battery Critical Assert
3 Discrete Voltage Critical Assert
4 Temperature Warning Assert
5 Temperature Critical Assert
Table 5-5. Network Security Page Settings (continued)
Settings Description
Configuring the iDRAC Using the Web Interface 77
When a platform event occurs (for example, a battery warning assert), a system
event is generated and recorded in the System Event Log (SEL). If this event
matches a platform event filter (PEF) that is enabled and you have configured
the filter to generate an alert (PET or e-mail), then a PET or e-mail alert is sent
to one or more configured destinations.
If the same platform event filter is also configured to perform an action (such as
rebooting the system), the action is performed.
Configuring Platform Event Filters (PEF)
NOTE: Configure platform event filters before you configure the platform event
traps or e-mail alert settings.
1
Log in to the iDRAC Web interface. See "Accessing the Web Interface" on
page 69.
2
Click
System
and then the
Alert Management
tab.
3
On the Platform Events page, enable
Alert Generation
for an event by
clicking the corresponding
Generate Alert
checkbox for that event.
NOTE: You can enable or disable Alert Generation for all events by clicking the
checkbox next to the Generate Alert column heading.
4
Click the radio button below the action you would like to enable for each
event. Only one action can be set for each event.
5
Click
Apply
.
NOTE: Generate Alert must be enabled for an alert to be sent to any valid,
configured destination (PET or e-mail).
6 Redundancy Degraded
7 Redundancy Lost
8 Processor Warning Assert
9 Processor Critical Assert
10 Processor Absent Assert
11 Event Log Critical Assert
12 Watchdog Critical Assert
Table 5-7. Filterable Platform Events
Index Platform Event
78 Configuring the iDRAC Using the Web Interface
Configuring Platform Event Traps (PET)
NOTE: You must have Configure iDRAC permission to add or enable/disable an
SNMP alert. The following options will not be available if you do not have Configure
iDRAC permission.
1
Log in to the remote system using a supported Web browser. See "Accessing
the Web Interface" on page 69.
2
Ensure that you followed the procedures in "Configuring Platform Event
Filters (PEF)" on page 77.
3
Configure your PET destination IP address:
a
Click the
Enable
checkbox next to the
Destination Number
you would
like to activate.
b
Enter an IP address in the
Destination IP Address
box.
NOTE: The destination community string must be the same as the iDRAC
community string.
c
Click
Apply
.
NOTE: To successfully send a trap, configure the Community String value on
the Network Configuration page. The Community String value indicates the
community string to use in a Simple Network Management Protocol (SNMP)
alert trap sent from the iDRAC. SNMP alert traps are transmitted by the iDRAC
when a platform event occurs. The default setting for the Community String is
Public.
d
Click
Send
to test the configured alert (if desired).
e
Repeat step a through step d for any remaining destination numbers.
Configuring E-Mail Alerts
1
Log in to the remote system using a supported Web browser.
2
Ensure that you followed the procedures in "Configuring Platform Event
Filters (PEF)" on page 77.
3
Configure your e-mail alert settings.
a
On the
Alert Management
tab, click
Email Alert Settings
.
4
Configure your e-mail alert destination.
a
In the
Email Alert Number
column, click a destination number. There
are four possible destinations to receive alerts.
Configuring the iDRAC Using the Web Interface 79
b
Ensure that the
Enabled
checkbox is selected.
c
In the
Destination Email Address
field, type a valid e-mail address.
d
Click
Apply
.
NOTE: To successfully send a test e-mail, the SMTP Server Address must be
configured on the Network Configuration page. The IP address of the SMTP
Server communicates with the iDRAC to send e-mail alerts when a platform
event occurs.
e
Click
Send
to test the configured e-mail alert (if desired).
f
Repeat step a through step e for any remaining e-mail alert settings.
Configuring IPMI
1
Log in to the remote system using a supported Web browser.
2
Configure IPMI over LAN.
a
Click
System
Remote Access
iDRAC, then click the
Network/Security
.
b
In the
Network Configuration
page under
IPMI LAN Settings
, select
Enable IPMI Over LAN
.
c
Update the IPMI LAN channel privileges, if required:
NOTE: This setting determines the IPMI commands that can be executed
from the IPMI over LAN interface. For more information, see the IPMI 2.0
specifications.
Under
IPMI LAN Settings
, click the
Channel Privilege Level Limit
drop-down menu, select
Administrator
,
Operator
, or
User
and click
Apply
.
d
Set the IPMI LAN channel encryption key, if required.
NOTE: The iDRAC IPMI supports the RMCP+ protocol.
NOTE: The encryption key must consist of an even number of hexadecimal
characters with a maximum length of 20 characters.
Under
IPMI LAN Settings
in the
Encryption Key field
, type the
encryption key.
e
Click
Apply
.
3
Configure IPMI Serial over LAN (SOL).
80 Configuring the iDRAC Using the Web Interface
a
Click
System
Remote Access
iDRAC
.
b
Click the
Network Security
tab, then click
Serial Over LAN
.
c
On the
Serial Over LAN Configuration
page, click the
Enable Serial
Over LAN
checkbox to enable Serial over LAN.
d
Update the IPMI SOL baud rate.
NOTE: To redirect the serial console over the LAN, ensure that the SOL baud
rate is identical to your managed server’s baud rate.
Click the
Baud Rate
drop-down menu to select a data speed of
19.2 kbps, 57.6 kbps or 115.2 kbps.
e
Click
Apply
.
Adding and Configuring iDRAC Users
To manage your system with the iDRAC and maintain system security, create
unique users with specific administrative permissions (or role-based authority).
To add and configure iDRAC users, perform the following steps:
NOTE: You must have Configure iDRAC permission to perform the following steps.
1
Click
System
Remote Access
iDRAC
and then click the
Network/Security
tab.
2
Open the
Users
page to configure users.
The
Users
page displays each users
User ID, State, Username, IPMI LAN
Privileges
,
iDRAC Privileges
, and
Serial Over LAN
.
NOTE: User-1 is reserved for the IPMI anonymous user and is not configurable.
3
In the
User ID
column, click a user ID number.
4
On the
User Configuration
page, configure the user’s properties and
privileges.
Table 5-8 describes the
General
settings for configuring an iDRAC user
name and password.
Table 5-9
describes
the
IPMI LAN Privileges
for configuring the users
LAN privileges.
Table 5-10
describes
the
User Group
permissions for the
IPMI LAN
Privileges
and the
iDRAC User Privileges
settings.
Configuring the iDRAC Using the Web Interface 81
Table 5-11
describes
the
iDRAC Group
permissions. If you add an
iDRAC
User Privilege
to the
Administrator
,
Power User
, or
Guest User
, the
iDRAC Group
will change to the
Custom
group.
5
When completed, click
Apply
.
6
Click the appropriate button to continue. See Table 5-12.
Table 5-8. General Properties
Property Description
User ID Contains one of 16 preset User ID numbers. This field
cannot be edited.
Enable User When checked, indicates that the users access to the
iDRAC is enabled. When unchecked, user access is
disabled.
Username Specifies an iDRAC user name with up to 16 characters.
Each user must have a unique user name.
NOTE: User names on the iDRAC cannot include the /
(forward slash) or . (period) characters.
NOTE: If the user name is changed, the new name will not
appear in the user interface until the next user login.
Change Password Enables the New Password and Confirm New Password
fields. When unchecked, the users Password cannot be
changed.
New Password Enables editing the iDRAC users password. Enter a
Password with up to 20 characters. The characters will not
display.
Confirm New Password Retype the iDRAC user’s password to confirm.
Table 5-9. IPMI LAN User Privileges
Property Description
Maximum LAN User
Privilege Granted
Specifies the user’s maximum privilege on the IPMI LAN
channel to one of the following user groups: None,
Administrator, Operator, or User.
Enable Serial Over LAN Allows the user to use IPMI Serial Over LAN. When
checked, this privilege is enabled.
82 Configuring the iDRAC Using the Web Interface
Table 5-10. iDRAC User Privileges
Property Description
iDRAC Group Specifies the users maximum iDRAC user privilege as one
of the following: Administrator, Power User, Guest User,
Custom, or None.
See Table 5-11 for iDRAC Group permissions.
Login to iDRAC Enables the user to log in to the iDRAC.
Configure iDRAC Enables the user to configure the iDRAC.
Configure Users Enables the user to allow specific users to access the
system.
Clear Logs Enables the user to clear the iDRAC logs.
Execute Server Control
Commands
Enables the user to execute RACADM commands.
Access Console
Redirection
Enables the user to run Console Redirection.
Access Virtual Media Enables the user to run and use Virtual Media.
Test Alerts Enables the user to send test alerts (e-mail and PET) to a
specific user.
Execute Diagnostic
Commands
Enables the user to run diagnostic commands.
Table 5-11. iDRAC Group Permissions
User Group Permissions Granted
Administrator Login to iDRAC, Configure iDRAC, Configure Users, Clear
Logs, Execute Server Control Commands, Access Console
Redirection, Access Virtual Media, Test Alerts, Execute
Diagnostic Commands
Power User Login to iDRAC, Clear Logs, Execute Server Control
Commands, Access Console Redirection, Access Virtual
Media, Test Alerts
Guest User Login to iDRAC
Configuring the iDRAC Using the Web Interface 83
Securing iDRAC Communications Using SSL and
Digital Certificates
This section provides information about the following data security features that
are incorporated in your iDRAC:
Secure Sockets Layer (SSL)
Certificate Signing Request (CSR)
Accessing the SSL main menu
Generating a new CSR
Uploading a server certificate
Viewing a server certificate
Custom Selects any combination of the following permissions: Login to
iDRAC, Configure iDRAC, Configure Users, Clear Logs,
Execute Server Action Commands, Access Console
Redirection, Access Virtual Media, Test Alerts, Execute
Diagnostic Commands
None No assigned permissions
Table 5-12. User Configuration Page Buttons
Button Action
Print Prints the User Configuration values that appear on the screen.
Refresh Reloads the User Configuration page.
Apply Saves any new settings made to the user configuration.
Go Back To Users
Page
Returns to the Users Page.
Table 5-11. iDRAC Group Permissions
User Group Permissions Granted
84 Configuring the iDRAC Using the Web Interface
Secure Sockets Layer (SSL)
The iDRAC includes a Web server that is configured to use the industry-
standard SSL security protocol to transfer encrypted data over a network. Built
upon public-key and private-key encryption technology, SSL is a widely
accepted technology for providing authenticated and encrypted communication
between clients and servers to prevent eavesdropping across a network.
An SSL-enabled system can perform the following tasks:
Authenticate itself to an SSL-enabled client
Allow the client to authenticate itself to the server
Allow both systems to establish an encrypted connection
The encryption process provides a high level of data protection. The iDRAC
employs the 128-bit SSL encryption standard, the most secure form of
encryption generally available for Internet browsers in North America.
The iDRAC Web server has a Dell self-signed SSL digital certificate (Server
ID) by default. To ensure high security over the Internet, replace the Web server
SSL certificate with a certificate signed by a well-known certificate authority.
To initiate the process of obtaining a signed certificate, you can use the iDRAC
Web interface to generate a Certificate Signing Request (CSR) with your
companys information. You can then submit the generated CSR to a CA such as
VeriSign or Thawte.
Certificate Signing Request (CSR)
A CSR is a digital request to a Certificate Authority (CA) for a secure server
certificate. Secure server certificates allow clients of the server to trust the
identity of the server they have connected to and to negotiate an encrypted
session with the server.
A Certificate Authority is a business entity that is recognized in the IT industry
for meeting high standards of reliable screening, identification, and other
important security criteria. Examples of CAs include Thawte and VeriSign.
After the CA receives a CSR, they review and verify the information the CSR
contains. If the applicant meets the CAs security standards, the CA issues a
digitally-signed certificate that uniquely identifies that applicant for transactions
over networks and on the Internet.
Configuring the iDRAC Using the Web Interface 85
After the CA approves the CSR and sends the certificate, upload the certificate
to the iDRAC firmware. The CSR information stored on the iDRAC firmware
must match the information contained in the certificate.
Accessing the SSL Main Menu
1
Click
System
Remote Access
iDRAC
, then click the
Network/Security
tab.
2
Click
SSL
to open the
SSL Main Menu
page.
Use the SSL Main Menu page to generate a CSR to send to a CA. The CSR
information is stored on the iDRAC firmware.
Table 5-13 describes the options available when generating a CSR.
Table 5-14 describes the available buttons on the SSL Main Menu page.
Table 5-13. SSL Main Menu Options
Field Description
Generate a New
Certificate Signing
Request (CSR)
Select the option and click Next to open the Generate
Certificate Signing Request (CSR) page.
NOTE: Each new CSR overwrites any previous CSR on the
firmware. For a CA to accept your CSR, the CSR in the
firmware must match the certificate returned from the CA.
Upload Server
Certificate
Select the option and click Next to open the Certificate
Upload page and upload the certificate sent to you by the CA.
NOTE: Only X509, Base 64-encoded certificates are accepted
by the iDRAC. DER-encoded certificates are not accepted.
View Server Certificate Select the option and click Next to open the View Server
Certificate page and view an existing server certificate.
Table 5-14. SSL Main Menu Buttons
Button Description
Print Prints the SSL Main Menu values that appear on the screen.
Refresh Reloads the SSL Main Menu page.
Next Processes the information on the SSL Main Menu page and
continues to the next step.
86 Configuring the iDRAC Using the Web Interface
Generating a New Certificate Signing Request
NOTE: Each new CSR overwrites any previous CSR data stored in the firmware.
The CSR in the firmware must match the certificate returned from the CA.
Otherwise, the iDRAC will not accept the certificate.
1
On the
SSL Main Menu
page, select
Generate a New Certificate Signing
Request (CSR)
and click
Next
.
2
On the
Generate Certificate Signing Request (CSR)
page, enter a value for
each CSR attribute.
Table 5-15 describes the
Generate Certificate Signing Request (CSR)
page
options.
3
Click
Generate
to create the CSR.
4
Click
Download
to save the CSR file to your local computer.
5
Click the appropriate button to continue. See Table 5-16.
Table 5-15. Generate Certificate Signing Request (CSR) Page Options
Field Description
Common Name The exact name being certified (usually the Web server's
domain name, for example, www.xyzcompany.com). Only
alphanumeric characters, hyphens, underscores, and periods
are valid. Spaces are not valid.
Organization Name The name associated with this organization (for example,
XYZ Corporation). Only alphanumeric characters, hyphens,
underscores, periods and spaces are valid.
Organization Unit The name associated with an organizational unit, such as a
department (for example, Information Technology). Only
alphanumeric characters, hyphens, underscores, periods, and
spaces are valid.
Locality The city or other location of the entity being certified (for
example, Round Rock). Only alphanumeric characters and
spaces are valid. Do not separate words using an underscore
or other character.
State Name The state or province where the entity who is applying for a
certification is located (for example, Texas). Only
alphanumeric characters and spaces are valid. Do not use
abbreviations.
Configuring the iDRAC Using the Web Interface 87
Uploading a Server Certificate
1
In the
SSL Main Menu
page, select
Upload Server Certificate
and click
Next
.
The
Certificate Upload
page appears.
2
In the
File Path
field, type the path to the certificate or click
Browse
to
navigate to the certificate file.
NOTE: The File Path value displays the relative file path of the certificate you are
uploading. You must type the absolute file path, which includes the full path and the
complete file name and file extension.
3
Click
Apply
.
4
Click the appropriate button to continue. See Table 5-17.
Country Code The name of the country where the entity applying for
certification is located.
Email The e-mail address associated with the CSR. Type the
company’s e-mail address, or any e-mail address associated
with the CSR. This field is optional.
Table 5-16. Generate Certificate Signing Request (CSR) Page Buttons
Button Description
Print Prints the Generate Certificate Signing Request values that
appear on the screen.
Refresh Reloads the Generate Certificate Signing Request page.
Generate Generates a CSR and then prompts the user to save it to a
specified directory.
Download Downloads the certificate to the local computer.
Go Back to SSL Main
Menu
Returns the user to the SSL Main Menu page.
Table 5-15. Generate Certificate Signing Request (CSR) Page Options (continued)
Field Description
88 Configuring the iDRAC Using the Web Interface
Viewing a Server Certificate
1
On the
SSL Main Menu
page, select
View Server Certificate
and click
Next
.
Table 5-18 describes the fields and associated descriptions listed in the
Certificate
window.
2
Click the appropriate button to continue. See Table 5-19.
Table 5-17. Certificate Upload Page Buttons
Button Description
Print Prints the values that appear on the Certificate Upload page.
Refresh Reloads the Certificate Upload page.
Apply Applies the certificate to the iDRAC firmware.
Go Back to SSL Main
Menu
Returns the user to the SSL Main Menu page.
Table 5-18. Certificate Information
Field Description
Serial Number Certificate serial number
Subject Information Certificate attributes entered by the subject
Issuer Information Certificate attributes returned by the issuer
Valid From Issue date of the certificate
Valid To Expiration date of the certificate
Table 5-19. View Server Certificate Page Buttons
Button Description
Print Prints the View Server Certificate values that appear on the
screen.
Refresh Reloads the View Server Certificate page.
Go Back to SSL Main
Menu
Return to the SSL Main Menu page.
Configuring the iDRAC Using the Web Interface 89
Configuring and Managing Active Directory
Certificates
NOTE: You must have Configure iDRAC permission to configure Active Directory
and upload, download, and view an Active Directory certificate.
NOTE: For more information about Active Directory configuration and how to
configure Active Directory with the standard schema or an extended schema, see
"Using the iDRAC with Microsoft Active Directory" on page 103.
To access the Active Directory Main Menu:
1
Click
System
Remote Access
iDRAC,
and then click the
Network/Security
tab.
2
Click
Active Directory
to open the
Active Directory Main Menu
page.
Table 5-20 lists the
Active Directory Main Menu
page options.
3
Click the appropriate button to continue. See Table 5-20.
Table 5-20. Active Directory Main Menu Page Options
Field Description
Configure Active
Directory
Configures the Active Directory ROOT Domain Name,
Active Directory Authentication Timeout, Active
Directory Schema Selection, iDRAC Name, iDRAC
Domain Name, Role Groups, Group Name, and Group
Domain settings.
Upload Active
Directory CA
Certificate
Uploads an Active Directory certificate to the iDRAC.
Download iDRAC
Server Certificate
The Windows Download Manager downloads an iDRAC
server certificate to the system.
View Active Directory
CA Certificate
Displays an Active Directory Certificate that has been
uploaded to the iDRAC.
90 Configuring the iDRAC Using the Web Interface
Configuring Active Directory (Standard Schema and Extended Schema)
1
On the
Active Directory Main Menu
page, select
Configure Active
Directory
and click
Next
.
2
On the
Active Directory Configuration
page, enter the Active Directory
settings.
Table 5-22 describes the
Active Directory Configuration and
Management
page settings.
3
Click
Apply
to save the settings.
4
Click the appropriate button to continue. See Table 5-23.
5
To configure the Role Groups for Active Directory Standard Schema, click
on the individual Role Group (1-5). See Table 5-24 and Table 5-25.
NOTE: To save the settings on the Active Directory Configuration page, click
Apply before proceeding to the Custom Role Group page.
Table 5-21. Active Directory Main Menu Page Buttons
Button Definition
Print Prints the Active Directory Main Menu values that appear on
the screen.
Refresh Reloads the Active Directory Main Menu page.
Next Processes the information on the Active Directory Main
Menu page and continues to the next step.
Table 5-22. Active Directory Configuration Page Settings
Setting Description
Enable Active
Directory
When checked, enables Active Directory. The default is
disabled.
ROOT Domain Name The Active Directory ROOT domain name. This default is
blank.
The name must be a valid domain name consisting of x.y,
where x is a 1-254 character ASCII string with no spaces
between characters, and y is a valid domain type such as com,
edu, gov, int, mil, net, or org. The default is blank.
Configuring the iDRAC Using the Web Interface 91
Timeout The time, in seconds, to wait for Active Directory queries to
complete. Minimum value is equal to or greater than
15 seconds. The default value is 120.
Use Standard Schema Uses standard schema with Active Directory.
Use Extended Schema Uses the extended schema with Active Directory.
iDRAC Name The name that uniquely identifies the iDRAC in Active
Directory. This default is blank.
The name must be a 1-254 character ASCII string with no
spaces between characters.
iDRAC Domain Name The DNS name of the domain, where the Active Directory
iDRAC object resides. This default is blank.
The name must be a valid domain name consisting of x.y,
where x is a 1-254 character ASCII string with no spaces
between characters, and y is a valid domain type such as com,
edu, gov, int, mil, net, or org.
Role Groups The list of role groups associated with the iDRAC.
To change the settings for a role group, click their role group
number, in the role groups list.
Group Name The name that identifies the role group in the Active Directory
associated with the iDRAC. This default is blank.
Group Domain The domain type where the Role Group resides.
Table 5-23. Active Directory Configuration Page Buttons
Button Description
Print Prints the Active Directory Configuration values that appear
on the screen.
Refresh Reloads the Active Directory Configuration page.
Apply Saves any new settings made to the Active Directory
Configuration page.
Go Back to Active
Directory Main Menu
Returns to the Active Directory Main Menu page.
Table 5-22. Active Directory Configuration Page Settings (continued)
Setting Description
92 Configuring the iDRAC Using the Web Interface
Table 5-24. Role Group Privileges
Setting Description
Role Group Privilege Level Specifies the user’s maximum iDRAC user
privilege as one of the following:
Administrator, Power User, Guest User,
None, or Custom.
See Table 5-25 for Role Group permissions.
Login to iDRAC Allows the group log in access to the iDRAC.
Configure iDRAC Allows the group permission to configure the
iDRAC.
Configure Users Allows the group permission to configure users.
Clear Logs Allows the group permission to clear logs.
Execute Server Control Commands Allows the group permission to execute server
control commands.
Access Console Redirection Allows the group access to Console Redirection.
Access Virtual Media Allows the group access to Virtual Media.
Test Alerts Allows the group to send test alerts (e-mail and
PET) to a specific user.
Execute Diagnostic Commands Allows the group permission to execute
diagnostic commands.
Table 5-25. Role Group Permissions
Property Description
Administrator Login to iDRAC, Configure iDRAC,
Configure Users, Clear Logs, Execute Server
Control Commands, Access Console
Redirection, Access Virtual Media, Test
Alerts, Execute Diagnostic Commands
Power User Login to iDRAC, Clear Logs, Execute Server
Control Commands, Access Console
Redirection, Access Virtual Media, Test
Alerts
Guest User Login to iDRAC
Configuring the iDRAC Using the Web Interface 93
Uploading an Active Directory CA Certificate
1
On the
Active Directory Main Menu
page, select
Upload Active Directory
CA Certificate
and click
Next
.
2
On the
Certificate Upload page,
type the file path of the certificate in the
File Path
field, or click
Browse
to navigate to the certificate file.
NOTE: The File Path value displays the relative file path of the certificate you are
uploading. You must type the absolute file path, which includes the full path and the
complete file name and file extension.
Ensure that the domain controllers SSL certificates have been signed by the
same Certificate Authority and that this Certificate is available on the
management station accessing the iDRAC.
3
Click
Apply
.
4
Click the appropriate button to continue. See Table 5-26.
Custom Selects any combination of the following
permissions: Login to iDRAC, Configure
iDRAC, Configure Users, Clear Logs,
Execute Server Action Commands, Access
Console Redirection, Access Virtual Media,
Test Alerts, Execute Diagnostic Commands
None No assigned permissions
Table 5-26. Certificate Upload Page Buttons
Button Description
Print Prints the Certificate Upload values that appear on the
screen.
Refresh Reloads the Certificate Upload page.
Apply Applies the certificate to the iDRAC firmware.
Go Back to Active
Directory Main Menu
Returns to the Active Directory Main Menu page.
Table 5-25. Role Group Permissions (continued)
Property Description
94 Configuring the iDRAC Using the Web Interface
Downloading an iDRAC Server Certificate
1
On the
Active Directory Main Menu
page, select
Download iDRAC
Server Certificate
and click
Next
.
2
Save the file to a directory on your system.
3
In the
Download Complete
window, click
Close
.
Viewing an Active Directory CA Certificate
Use the Active Directory Main Menu page to view a CA server certificate for
your iDRAC.
1
On the
Active Directory Main Menu
page, select
View Active Directory
CA Certificate
and click
Next
.
Table 5-27 describes the fields and associated descriptions listed in the
Certificate
window.
2
Click the appropriate button to continue. See Table 5-28.
Table 5-27. Active Directory CA Certificate Information
Field Description
Serial Number Certificate serial number.
Subject Information Certificate attributes entered by the subject.
Issuer Information Certificate attributes returned by the issuer.
Valid From Certificate issue date.
Valid To Certificate expiration date.
Table 5-28. View Active Directory CA Certificate Page Buttons
Button Description
Print Prints the Active Directory CA Certificate values that
appear on the screen.
Refresh Reloads the Active Directory CA Certificate page.
Go Back to Active
Directory Main Menu
Returns the user to the Active Directory Main Menu page.
Configuring the iDRAC Using the Web Interface 95
Enabling or Disabling Local Configuration Access
NOTE: The default setting for local configuration access is Enabled.
Enabling Local Configuration Access
1
Click
System
Remote Access
iDRAC
Network/Security
.
2
Under
Local Configuration
, click to uncheck
Disable iDRAC local USER
Configuration Updates
to enable access.
3
Click
Apply
.
4
Click the appropriate button to continue.
Disabling Local Configuration Access
1
Click
System
Remote Access
iDRAC
Network/Security
.
2
Under
Local Configuration
, click to check
Disable iDRAC local USER
Configuration Updates
to disable access.
3
Click
Apply
.
4
Click the appropriate button to continue.
Configuring iDRAC Services
NOTE: To modify these settings, you must have Configure iDRAC permission.
NOTE: When you apply changes to services, the changes take effect immediately.
Existing connections may be terminated without warning.
NOTE: There is a known issue with the Telnet client supplied with Microsoft
Windows communicating with a BMU. Use another Telnet client such as
HyperTerminal or PuTTY.
1
Click
System Remote Access
iDRAC
, and then click the
Network/Security
tab.
2
Click
Services
to open the
Services
configuration page.
3
Configure the following services, as required:
Web server — see Table 5-29 for Web server settings
SSH — see Table 5-30 for SSH settings
Telnet — see Table 5-31 for telnet settings
96 Configuring the iDRAC Using the Web Interface
Automated System Recovery Agent — see Table 5-32 for Automated
System Recovery Agent settings
4
Click
Apply
.
5
Click the appropriate button to continue. See Table 5-33.
Table 5-29. Web Server Settings
Setting Description
Enabled Enables or disables the iDRAC web server. When checked,
the checkbox indicates that the web server is enabled. The
default is enabled.
Max Sessions The maximum number of simultaneous sessions allowed for
this system. This field is not editable. There can be four
simultaneous sessions.
Current Sessions The number of current sessions on the system, less than or
equal to the Max Sessions. This field is not editable.
Timeout The time, in seconds, that a connection is allowed to remain
idle. The session is cancelled when the timeout is reached.
Changes to the timeout setting take affect immediately and
will reset the web server. Timeout range is 60 to 10,800
seconds. The default is 1,800 seconds.
HTTP Port Number The port on which the iDRAC listens for a browser
connection. The default is 80.
HTTPS Port Number The port on which the iDRAC listens for a secure browser
connection. The default is 443.
Table 5-30. SSH Settings
Setting Description
Enabled Enables or disables SSH. When checked, the checkbox
indicates that SSH is enabled.
Max Sessions The maximum number of simultaneous sessions allowed for
this system. Only one session is supported.
Active Sessions The number of current sessions on the system.
Configuring the iDRAC Using the Web Interface 97
Timeout The secure shell idle timeout, in seconds. Timeout range is 60
to 10,800 seconds. Enter 0 seconds to disable the Timeout
feature. The default is 1,800.
Port Number The port on which the iDRAC listens for an SSH connection.
The default is 22.
Table 5-31. Telnet Settings
Setting Description
Enabled Enables or disables telnet. When checked, telnet is enabled.
Max Sessions The maximum number of simultaneous sessions allowed for
this system. Only one session is supported.
Active Sessions The number of current sessions on the system.
Timeout The telnet idle timeout, in seconds. Timeout range is 60 to
10,800 seconds. Enter 0 seconds to disable the Timeout
feature. The default is 1,800.
Port Number The port on which the iDRAC listens for a telnet connection.
The default is 23.
Table 5-32. Automated System Recovery Agent Setting
Setting Description
Enabled Enables the Automated System Recovery Agent.
Table 5-33. Services Page Buttons
Button Description
Print Prints the Services page.
Refresh Refreshes the Services page.
Apply Changes Applies the Services page settings.
Table 5-30. SSH Settings (continued)
Setting Description
98 Configuring the iDRAC Using the Web Interface
Updating the iDRAC Firmware
NOTE: If the iDRAC firmware becomes corrupted, as could occur if the iDRAC
firmware update progress is interrupted before it completes, you can recover the
iDRAC using the CMC. See your CMC Firmware User Guide for instructions. The
CMC Web interface (CMC 2.0 or later) also provides a One-to-Many Out-of-Band
iDRAC firmware update capacity that can be used at any time.
NOTE: The firmware update, by default, retains the current iDRAC settings. During
the update process, you have the option to reset the iDRAC configuration to the
factory defaults. If you set the configuration to the factory defaults external network
access will be disabled when the update completes. You must enable and configure
the network using the iDRAC Configuration Utility or the CMC Web interface.
1
Start the iDRAC Web interface.
2
Click
System
Remote Access
iDRAC
, then click the
Update
tab.
NOTE: To update the firmware, the iDRAC must be placed in an update mode.
Once in this mode, the iDRAC will automatically reset, even if you cancel the
update process.
3
On the
Firmware Update
page, click
Next
to start the update process.
4
In the
Firmware Update - Upload (page 1 of 4)
window, click
Browse
, or
type the path to the firmware image that you downloaded.
For example:
C:\Updates\V1.0\<
image_name
>
.
The default firmware image name is
firmimg.imc
.
5
Click
Next
.
The file will be uploaded to the iDRAC. This may take several minutes
to complete.
OR
You can click
Cancel
at this time, if you would like to end the firmware
upgrade process. Clicking
Cancel
will reset the iDRAC to normal
operating mode.
Configuring the iDRAC Using the Web Interface 99
6
In the
Firmware Update - Validation (page 2 of 4)
window, you will see the
results of the validation performed on the image file you uploaded.
If the image file uploaded successfully and passed all verification
checks, a message will appear indicating that the firmware image has
been verified.
OR
If the image did not upload successfully, or it did not pass the
verification checks, the firmware update will return to the
Firmware
Update - Upload (page 1 of 4)
window. You can attempt to upgrade the
iDRAC again or click
Cancel
to reset the iDRAC to normal operating
mode.
NOTE: If you deselect the Preserve Configuration checkbox, the iDRAC will be
reset to its default settings. In the default settings, the LAN is disabled. You will not
be able to log in to the iDRAC Web interface. You will have to reconfigure the LAN
settings using the CMC Web interface or iKVM using the iDRAC Configuration Utility
during BIOS POST.
7
By default the
Preserve Configuration
checkbox is checked, to preserve the
current settings on the iDRAC after an upgrade. If you do not want the
settings to be preserved, deselect the
Preserve Configuration
checkbox.
8
Click
Begin Update
to start the upgrade process. Do not interrupt the
upgrade process.
9
In the
Firmware Update - Updating (page 3 of 4)
window, you will see the
status of the upgrade. The progress of the firmware upgrade operation,
measured in percentages, will appear in the
Progress
column.
10
Once the firmware update is complete, the
Firmware Update - Update
Results (page 4 of 4)
window will appear and the iDRAC will reset
automatically. You must close the current browser window and reconnect to
the iDRAC using a new browser window.
Recovering iDRAC Firmware Using the CMC
Typically, the iDRAC firmware is updated using iDRAC facilities such as the
iDRAC Web interface, or operating system specific update packages
downloaded from support.dell.com.
100 Configuring the iDRAC Using the Web Interface
If the iDRAC firmware becomes corrupted, as could occur if the iDRAC
firmware update progress is interrupted before it completes, you can use the
CMC Web interface to update its firmware.
If the CMC detects the corrupted iDRAC firmware, the iDRAC is listed on the
Updatable Components page in the CMC Web interface.
NOTE: See the CMC Firmware User Guide for instructions for using the CMC Web
interface.
To update the iDRAC firmware, perform the following steps:
1
Download the latest iDRAC firmware to your management computer from
support.dell.com
.
2
Log in to the CMC Web-based interface.
3
Click
Chassis
in the system tree.
4
Click the
Update
tab. The
Updatable Components
page appears. The server
with the recoverable iDRAC is included in the list if it is able to be recovered
from the CMC.
5
Click
server-
n
, where
n
is the number of the server whose iDRAC you want
to recover.
6
Click
Browse
, to browse to the iDRAC firmware image you downloaded,
and click
Open
.
7
Click
Begin Firmware Update
.
After the firmware image file has been uploaded to the CMC, the iDRAC will
update itself with the image.
Configuring the iDRAC Using the Web Interface 101
102 Configuring the iDRAC Using the Web Interface
Using the iDRAC with Microsoft Active Directory 103
6
Using the iDRAC with Microsoft
Active Directory
A directory service maintains a common database of all information needed for
controlling users, computers, printers, and other devices on a network. If your
company uses the Microsoft® Active Directory® service software, you can
configure the software to provide access to the iDRAC, allowing you to add and
control iDRAC user privileges to your existing users in your Active Directory
software.
NOTE: Using Active Directory to recognize iDRAC users is supported on the
Microsoft Windows® 2000 and Windows Server® 2003 operating systems.
You can use Active Directory to define user access on iDRAC through an
extended schema solution which uses De