Dell Poweredge C6400 Integrated Remote Access Controller 9 Version 3.15.15.15 User's Guide User Manual Power Edge Installation And Service Idrac9 Lifecycle V3151515 Users En Us

poweredge-c6400 - Integrated Dell Remote Access Controller 9 Version 3.15.15.15 User's Guide idrac9-lifecycle-controller-v3.15.15.15_user's guide_en-us

User Manual: Dell poweredge-c6400 Dell PowerEdge C6400 Dell PowerEdge C6400 Installation and Service Manual

Open the PDF directly: View PDF PDF.
Page Count: 341

DownloadDell Poweredge-c6400 Integrated Remote Access Controller 9 Version 3.15.15.15 User's Guide User Manual Power Edge C6400 Installation And Service Idrac9-lifecycle-controller-v3151515 Users-guide En-us
Open PDF In BrowserView PDF
Integrated Dell Remote Access Controller 9
Version 3.15.15.15 User's Guide

Notes, cautions, and warnings
NOTE: A NOTE indicates important information that helps you make better use of your product.
CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem.
WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

Copyright © 2017 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other
trademarks may be trademarks of their respective owners.

2017 - 12
Rev. A00

Contents
1 Overview.......................................................................................................................................................16
Benefits of using iDRAC with Lifecycle Controller....................................................................................................... 16
Key features.......................................................................................................................................................................17
New in this release............................................................................................................................................................19
How to use this guide......................................................................................................................................................20
Supported web browsers................................................................................................................................................20
Supported OS and Hypervisors............................................................................................................................... 20
iDRAC licenses ................................................................................................................................................................ 20
Types of licenses........................................................................................................................................................ 20
Methods for acquiring licenses................................................................................................................................. 21
License operations...................................................................................................................................................... 21
Licensed features in iDRAC8 and iDRAC9.................................................................................................................... 22
Interfaces and protocols to access iDRAC....................................................................................................................28
iDRAC port information................................................................................................................................................... 30
Other documents you may need.....................................................................................................................................31
Social media reference.................................................................................................................................................... 32
Contacting Dell................................................................................................................................................................. 32
Accessing documents from Dell support site............................................................................................................... 32
2 Logging in to iDRAC.....................................................................................................................................34
Customizable security banner........................................................................................................................................ 34
Logging in to iDRAC as local user, Active Directory user, or LDAP user................................................................... 35
Logging in to iDRAC as a local user using a smart card.............................................................................................. 35
Logging in to iDRAC as an Active Directory user using a smart card..................................................................36
Logging in to iDRAC using Single Sign-On .................................................................................................................. 36
Logging in to iDRAC SSO using iDRAC web interface.......................................................................................... 36
Logging in to iDRAC SSO using CMC web interface.............................................................................................37
Accessing iDRAC using remote RACADM.................................................................................................................... 37
Validating CA certificate to use remote RACADM on Linux..................................................................................37
Accessing iDRAC using local RACADM......................................................................................................................... 37
Accessing iDRAC using firmware RACADM................................................................................................................. 38
Viewing system health.....................................................................................................................................................38
Logging in to iDRAC using public key authentication.................................................................................................. 38
Multiple iDRAC sessions..................................................................................................................................................39
Accessing iDRAC using SMCLP.....................................................................................................................................39
Secure default password.................................................................................................................................................39
Resetting default iDRAC password locally.............................................................................................................. 39
Resetting default iDRAC password remotely......................................................................................................... 40
Changing the default login password............................................................................................................................. 41
Changing the default login password using web interface.................................................................................... 41
Changing the default login password using RACADM........................................................................................... 41
Changing the default login password using iDRAC settings utility...................................................................... 42
Enabling or disabling default password warning message ......................................................................................... 42
Contents

3

IP Blocking........................................................................................................................................................................ 42
Enabling or disabling OS to iDRAC Pass-through using web interface..................................................................... 43
Enabling or disabling alerts using RACADM..................................................................................................................43
3 Setting up managed system.........................................................................................................................44
Setting up iDRAC IP address.......................................................................................................................................... 44
Setting up iDRAC IP using iDRAC settings utility.................................................................................................. 45
Setting up iDRAC IP using the CMC web interface.............................................................................................. 47
Enabling provisioning server..................................................................................................................................... 48
Configuring servers and server components using Auto Config......................................................................... 49
Using hash passwords for improved security.........................................................................................................54
Modifying local administrator account settings........................................................................................................... 56
Setting up managed system location............................................................................................................................ 56
Setting up managed system location using web interface................................................................................... 56
Setting up managed system location using RACADM.......................................................................................... 56
Setting up managed system location using iDRAC settings utility...................................................................... 56
Optimizing system performance and power consumption......................................................................................... 57
Modifying thermal settings using iDRAC web interface........................................................................................57
Modifying thermal settings using RACADM........................................................................................................... 58
Modifying thermal settings using iDRAC settings utility....................................................................................... 62
Setting up management station.....................................................................................................................................62
Accessing iDRAC remotely....................................................................................................................................... 62
Configuring supported web browsers........................................................................................................................... 63
Configuring Internet Explorer................................................................................................................................... 63
Configuring Mozilla Firefox....................................................................................................................................... 64
Configuring web browsers to use virtual console..................................................................................................65
Viewing localized versions of web interface........................................................................................................... 68
Updating device firmware...............................................................................................................................................68
Updating firmware using iDRAC web interface......................................................................................................70
Scheduling automatic firmware updates..................................................................................................................71
Updating device firmware using RACADM............................................................................................................. 72
Updating firmware using CMC web interface........................................................................................................ 72
Updating firmware using DUP.................................................................................................................................. 73
Updating firmware using remote RACADM............................................................................................................ 73
Updating firmware using Lifecycle Controller Remote Services.......................................................................... 73
Updating CMC firmware from iDRAC......................................................................................................................74
Viewing and managing staged updates......................................................................................................................... 74
Viewing and managing staged updates using iDRAC web interface....................................................................74
Viewing and managing staged updates using RACADM.......................................................................................75
Rolling back device firmware.......................................................................................................................................... 75
Rollback firmware using iDRAC web interface....................................................................................................... 75
Rollback firmware using CMC web interface......................................................................................................... 76
Rollback firmware using RACADM...........................................................................................................................76
Rollback firmware using Lifecycle Controller.......................................................................................................... 76
Rollback firmware using Lifecycle Controller-Remote Services........................................................................... 76
Recovering iDRAC......................................................................................................................................................77
Backing up server profile................................................................................................................................................. 77
4

Contents

Backing up server profile using iDRAC web interface........................................................................................... 77
Backing up server profile using RACADM...............................................................................................................78
Scheduling automatic backup server profile...........................................................................................................78
Importing server profile................................................................................................................................................... 79
Easy Restore...............................................................................................................................................................79
Importing server profile using iDRAC web interface..............................................................................................80
Importing server profile using RACADM................................................................................................................. 80
Restore operation sequence.....................................................................................................................................80
Monitoring iDRAC using other Systems Management tools....................................................................................... 81
Support Server Configuration Profile — Import and Export ..................................................................................... 81
Secure Boot Configuration from BIOS Settings or F2................................................................................................. 81
Acceptable file formats.............................................................................................................................................. 81
BIOS recovery.................................................................................................................................................................. 82
4 Configuring iDRAC.......................................................................................................................................83
Viewing iDRAC information.............................................................................................................................................84
Viewing iDRAC information using web interface....................................................................................................84
Viewing iDRAC information using RACADM...........................................................................................................85
Modifying network settings............................................................................................................................................85
Modifying network settings using web interface...................................................................................................85
Modifying network settings using local RACADM................................................................................................. 85
Configuring IP filtering...............................................................................................................................................86
FIPS mode.........................................................................................................................................................................87
Difference between FIPS-mode supported and FIPS-validated.......................................................................... 87
Enabling FIPS Mode...................................................................................................................................................87
Disabling FIPS mode.................................................................................................................................................. 88
Configuring services........................................................................................................................................................ 88
Configuring services using web interface............................................................................................................... 88
Configuring services using RACADM...................................................................................................................... 89
Enabling or disabling HTTPS redirection.................................................................................................................89
Configuring TLS............................................................................................................................................................... 89
Configuring TLS using web interface...................................................................................................................... 90
Configuring TLS using RACADM............................................................................................................................. 90
Using VNC client to manage remote server.................................................................................................................90
Configuring VNC server using iDRAC web interface............................................................................................. 91
Configuring VNC server using RACADM.................................................................................................................91
Setting up VNC viewer with SSL encryption..........................................................................................................91
Setting up VNC viewer without SSL encryption.................................................................................................... 91
Configuring front panel display....................................................................................................................................... 91
Configuring LCD setting............................................................................................................................................92
Configuring system ID LED setting..........................................................................................................................93
Configuring time zone and NTP.....................................................................................................................................93
Configuring time zone and NTP using iDRAC web interface............................................................................... 93
Configuring time zone and NTP using RACADM...................................................................................................93
Setting first boot device................................................................................................................................................. 94
Setting first boot device using web interface........................................................................................................ 94
Setting first boot device using RACADM............................................................................................................... 94
Contents

5

Setting first boot device using virtual console....................................................................................................... 95
Enabling last crash screen........................................................................................................................................ 95
Enabling or disabling OS to iDRAC Pass-through........................................................................................................95
Supported cards for OS to iDRAC Pass-through ................................................................................................. 96
Supported operating systems for USB NIC............................................................................................................96
Enabling or disabling OS to iDRAC Pass-through using web interface............................................................... 97
Enabling or disabling OS to iDRAC Pass-through using RACADM...................................................................... 98
Enabling or disabling OS to iDRAC Pass-through using iDRAC settings utility.................................................. 98
Obtaining certificates...................................................................................................................................................... 98
SSL server certificates..............................................................................................................................................99
Generating a new certificate signing request....................................................................................................... 100
Uploading server certificate.....................................................................................................................................101
Viewing server certificate........................................................................................................................................ 101
Uploading custom signing certificate.....................................................................................................................102
Downloading custom SSL certificate signing certificate ....................................................................................102
Deleting custom SSL certificate signing certificate............................................................................................. 103
Configuring multiple iDRACs using RACADM............................................................................................................. 103
Disabling access to modify iDRAC configuration settings on host system............................................................. 104
5 Viewing iDRAC and managed system information.......................................................................................105
Viewing managed system health and properties........................................................................................................105
Viewing system inventory..............................................................................................................................................105
Viewing sensor information...........................................................................................................................................106
Monitoring performance index of CPU, memory, and input output modules..........................................................107
Monitoring performance index of CPU, memory, and input output modules using web interface................ 108
Monitoring performance index for of CPU, memory, and input output modules using RACADM................. 109
Checking the system for Fresh Air compliance.......................................................................................................... 109
Viewing historical temperature data.............................................................................................................................109
Viewing historical temperature data using iDRAC web interface........................................................................ 110
Viewing historical temperature data using RACADM........................................................................................... 110
Configuring warning threshold for inlet temperature............................................................................................110
Viewing network interfaces available on host OS....................................................................................................... 110
Viewing network interfaces available on host OS using web interface...............................................................111
Viewing network interfaces available on host OS using RACADM............................................................................ 111
Viewing FlexAddress mezzanine card fabric connections.......................................................................................... 111
Viewing or terminating iDRAC sessions........................................................................................................................112
Terminating iDRAC sessions using web interface..................................................................................................112
6 Setting up iDRAC communication............................................................................................................... 113
Communicating with iDRAC through serial connection using DB9 cable................................................................ 114
Configuring BIOS for serial connection.................................................................................................................. 114
Enabling RAC serial connection...............................................................................................................................115
Enabling IPMI serial connection basic and terminal modes..................................................................................115
Switching between RAC serial and serial console while using DB9 cable................................................................ 117
Switching from serial console to RAC serial...........................................................................................................117
Switching from RAC serial to serial console...........................................................................................................117
Communicating with iDRAC using IPMI SOL...............................................................................................................117

6

Contents

Configuring BIOS for serial connection.................................................................................................................. 118
Configuring iDRAC to use SOL................................................................................................................................118
Enabling supported protocol.................................................................................................................................... 119
Communicating with iDRAC using IPMI over LAN.....................................................................................................122
Configuring IPMI over LAN using web interface.................................................................................................. 123
Configuring IPMI over LAN using iDRAC settings utility..................................................................................... 123
Configuring IPMI over LAN using RACADM......................................................................................................... 123
Enabling or disabling remote RACADM........................................................................................................................124
Enabling or disabling remote RACADM using web interface...............................................................................124
Enabling or disabling remote RACADM using RACADM......................................................................................124
Disabling local RACADM................................................................................................................................................ 124
Enabling IPMI on managed system.............................................................................................................................. 124
Configuring Linux for serial console during boot........................................................................................................ 124
Enabling login to the virtual console after boot.................................................................................................... 125
Supported SSH cryptography schemes...................................................................................................................... 126
Using public key authentication for SSH............................................................................................................... 127
7 Configuring user accounts and privileges.................................................................................................... 131
Recommended characters in user names and passwords......................................................................................... 131
Configuring local users...................................................................................................................................................132
Configuring local users using iDRAC web interface............................................................................................. 132
Configuring local users using RACADM.................................................................................................................132
Configuring Active Directory users...............................................................................................................................134
Prerequisites for using Active Directory authentication for iDRAC.................................................................... 135
Supported Active Directory authentication mechanisms.................................................................................... 136
Standard schema Active Directory overview........................................................................................................136
Configuring Standard schema Active Directory....................................................................................................138
Extended schema Active Directory overview....................................................................................................... 139
Configuring Extended schema Active Directory...................................................................................................142
Testing Active Directory settings............................................................................................................................150
Configuring generic LDAP users.................................................................................................................................. 150
Configuring generic LDAP directory service using iDRAC web-based interface............................................. 150
Configuring generic LDAP directory service using RACADM.............................................................................. 151
Testing LDAP directory service settings.................................................................................................................151
8 System Lockdown Mode............................................................................................................................ 153
9 Configuring iDRAC for Single Sign-On or smart card login......................................................................... 155
Prerequisites for Active Directory Single Sign-On or smart card login.................................................................... 155
Registering iDRAC as a computer in Active Directory root domain................................................................... 155
Generating Kerberos keytab file............................................................................................................................. 156
Creating Active Directory objects and providing privileges.................................................................................156
Configuring iDRAC SSO login for Active Directory users.......................................................................................... 157
Configuring iDRAC SSO login for Active Directory users using web interface................................................. 157
Configuring iDRAC SSO login for Active Directory users using RACADM........................................................ 157
Configuring iDRAC smart card login for local users................................................................................................... 157
Uploading smart card user certificate.................................................................................................................... 157

Contents

7

Uploading trusted CA certificate for smart card.................................................................................................. 158
Configuring iDRAC smart card login for Active Directory users............................................................................... 158
Enabling or disabling smart card login..........................................................................................................................158
Enabling or disabling smart card login using web interface.................................................................................159
Enabling or disabling smart card login using RACADM........................................................................................159
Enabling or disabling smart card login using iDRAC settings utility....................................................................159
10 Configuring iDRAC to send alerts..............................................................................................................160
Enabling or disabling alerts............................................................................................................................................ 160
Enabling or disabling alerts using web interface................................................................................................... 160
Enabling or disabling alerts using RACADM...........................................................................................................161
Enabling or disabling alerts using iDRAC settings utility....................................................................................... 161
Filtering alerts ................................................................................................................................................................. 161
Filtering alerts using iDRAC web interface.............................................................................................................161
Filtering alerts using RACADM................................................................................................................................162
Setting event alerts........................................................................................................................................................162
Setting event alerts using web interface...............................................................................................................162
Setting event alerts using RACADM...................................................................................................................... 162
Setting alert recurrence event......................................................................................................................................162
Setting alert recurrence events using RACADM.................................................................................................. 162
Setting alert recurrence events using iDRAC web interface...............................................................................163
Setting event actions..................................................................................................................................................... 163
Setting event actions using web interface............................................................................................................ 163
Setting event actions using RACADM................................................................................................................... 163
Configuring email alert, SNMP trap, or IPMI trap settings....................................................................................... 163
Configuring IP alert destinations............................................................................................................................ 164
Configuring email alert settings.............................................................................................................................. 165
Configuring WS Eventing.............................................................................................................................................. 167
Configuring Redfish Eventing........................................................................................................................................167
Monitoring chassis events............................................................................................................................................. 167
Monitoring chassis events using the iDRAC web interface.................................................................................167
Monitoring chassis events using RACADM...........................................................................................................168
Alerts message IDs......................................................................................................................................................... 168
11 iDRAC 9 Group Manager............................................................................................................................ 171
Group Manager................................................................................................................................................................171
Summary View................................................................................................................................................................ 172
Manage Logins................................................................................................................................................................ 173
Add a New User........................................................................................................................................................173
Change User Password............................................................................................................................................173
Delete User................................................................................................................................................................ 173
Configure Alerts ............................................................................................................................................................. 174
Export...............................................................................................................................................................................174
Discovered Servers View...............................................................................................................................................175
Jobs View........................................................................................................................................................................ 175
Jobs Export..................................................................................................................................................................... 176
Group Information Panel................................................................................................................................................ 176

8

Contents

Group Settings................................................................................................................................................................ 176
Actions on a selected Server.........................................................................................................................................177
Group Manager Single Sign On...............................................................................................................................178
Group Manager Concepts — Controlling System................................................................................................178
Group Manager Concepts — Backup System..................................................................................................... 178
12 Managing logs........................................................................................................................................... 179
Viewing System Event Log............................................................................................................................................179
Viewing System Event Log using web interface...................................................................................................179
Viewing System Event Log using RACADM..........................................................................................................179
Viewing System Event Log using iDRAC settings utility......................................................................................180
Viewing Lifecycle log .....................................................................................................................................................180
Viewing Lifecycle log using web interface..............................................................................................................181
Viewing Lifecycle log using RACADM.....................................................................................................................181
Exporting Lifecycle Controller logs................................................................................................................................181
Exporting Lifecycle Controller logs using web interface.......................................................................................181
Exporting Lifecycle Controller logs using RACADM.............................................................................................182
Adding work notes..........................................................................................................................................................182
Configuring remote system logging..............................................................................................................................182
Configuring remote system logging using web interface.....................................................................................182
Configuring remote system logging using RACADM............................................................................................182
13 Monitoring and managing power............................................................................................................... 183
Monitoring power........................................................................................................................................................... 183
Monitoring performance index of CPU, memory, and input output modules using web interface................ 183
Monitoring performance index for of CPU, memory, and input output modules using RACADM................. 184
Setting warning threshold for power consumption....................................................................................................184
Setting warning threshold for power consumption using web interface...........................................................184
Executing power control operations............................................................................................................................ 184
Executing power control operations using web interface................................................................................... 185
Executing power control operations using RACADM.......................................................................................... 185
Power capping................................................................................................................................................................ 185
Power capping in Blade servers..............................................................................................................................185
Viewing and configuring power cap policy............................................................................................................ 186
Configuring power supply options................................................................................................................................ 187
Configuring power supply options using web interface....................................................................................... 187
Configuring power supply options using RACADM.............................................................................................. 187
Configuring power supply options using iDRAC settings utility.......................................................................... 187
Enabling or disabling power button.............................................................................................................................. 188
Multi-Vector Cooling...................................................................................................................................................... 188
14 Inventorying, monitoring, and configuring network devices.......................................................................190
Inventorying and monitoring network devices............................................................................................................190
Monitoring network devices using web interface................................................................................................ 190
Monitoring network devices using RACADM....................................................................................................... 190
Connection View....................................................................................................................................................... 191
Inventorying and monitoring FC HBA devices............................................................................................................ 193

Contents

9

Monitoring FC HBA devices using web interface.................................................................................................193
Monitoring FC HBA devices using RACADM........................................................................................................193
Dynamic configuration of virtual addresses, initiator, and storage target settings.................................................193
Supported cards for IO Identity Optimization....................................................................................................... 194
Supported NIC firmware versions for IO Identity Optimization..........................................................................195
Virtual or Flex Address and Persistence Policy behavior when iDRAC is set to Flex Address mode or
Console mode........................................................................................................................................................... 195
System behavior for FlexAddress and IO Identity................................................................................................ 196
Enabling or disabling IO Identity Optimization.......................................................................................................197
Configuring persistence policy settings................................................................................................................. 198
15 Managing storage devices.........................................................................................................................201
Understanding RAID concepts.....................................................................................................................................202
What is RAID............................................................................................................................................................ 203
Organizing data storage for availability and performance.................................................................................. 204
Choosing RAID levels ............................................................................................................................................. 204
Comparing RAID level performance.......................................................................................................................210
Supported controllers..................................................................................................................................................... 211
Supported RAID controllers..................................................................................................................................... 211
Supported non-RAID controllers............................................................................................................................. 211
Supported enclosures.................................................................................................................................................... 212
Summary of supported features for storage devices................................................................................................ 212
Inventorying and monitoring storage devices............................................................................................................. 214
Monitoring storage devices using web interface..................................................................................................214
Monitoring storage devices using RACADM.........................................................................................................215
Monitoring backplane using iDRAC settings utility...............................................................................................215
Viewing storage device topology..................................................................................................................................215
Managing physical disks................................................................................................................................................ 215
Assigning or unassigning physical disk as global hot spare................................................................................. 215
Converting a physical disk to RAID or non-RAID mode....................................................................................... 217
Erasing physical disks............................................................................................................................................... 217
Erasing SED device data..........................................................................................................................................218
Rebuild Physical Disk................................................................................................................................................219
Managing virtual disks................................................................................................................................................... 219
Creating virtual disks............................................................................................................................................... 220
Editing virtual disk cache policies........................................................................................................................... 221
Deleting virtual disks................................................................................................................................................222
Checking virtual disk consistency.......................................................................................................................... 222
Initializing virtual disks............................................................................................................................................. 223
Encrypting virtual disks........................................................................................................................................... 224
Assigning or unassigning dedicated hot spares....................................................................................................224
Managing virtual disks using web interface..........................................................................................................226
Managing virtual disks using RACADM................................................................................................................. 227
Managing controllers..................................................................................................................................................... 228
Configuring controller properties........................................................................................................................... 228
Importing or auto importing foreign configuration...............................................................................................230
Clearing foreign configuration................................................................................................................................ 232
10

Contents

Resetting controller configuration......................................................................................................................... 233
Switching the controller mode............................................................................................................................... 233
12 Gbps SAS HBA adapter operations.................................................................................................................. 234
Monitoring predictive failure analysis on drives....................................................................................................235
Controller operations in non-RAID mode or HBA mode......................................................................................235
Running RAID configuration jobs on multiple storage controllers...................................................................... 236
Manage Preserved cache....................................................................................................................................... 236
Managing PCIe SSDs.................................................................................................................................................... 236
Inventorying and monitoring PCIe SSDs............................................................................................................... 237
Preparing to remove PCIe SSD..............................................................................................................................238
Erasing PCIe SSD device data............................................................................................................................... 239
Managing enclosures or backplanes............................................................................................................................240
Configuring backplane mode..................................................................................................................................240
Viewing universal slots............................................................................................................................................ 243
Setting SGPIO mode............................................................................................................................................... 243
Set Enclosure Asset Tag......................................................................................................................................... 244
Set Enclosure Asset Name..................................................................................................................................... 244
Choosing operation mode to apply settings............................................................................................................... 244
Choosing operation mode using web interface....................................................................................................244
Choosing operation mode using RACADM...........................................................................................................245
Viewing and applying pending operations...................................................................................................................245
Viewing, applying, or deleting pending operations using web interface............................................................245
Viewing and applying pending operations using RACADM.................................................................................246
Storage devices — apply operation scenarios...........................................................................................................246
Blinking or unblinking component LEDs...................................................................................................................... 247
Blinking or unblinking component LEDs using web interface............................................................................. 247
Blinking or unblinking component LEDs using RACADM.................................................................................... 248
16 BIOS Settings ..........................................................................................................................................249
Apply................................................................................................................................................................................249
Discard changes ............................................................................................................................................................249
Apply and Reboot ......................................................................................................................................................... 249
Apply At Next Reboot .................................................................................................................................................. 249
Delete All Pending Values ............................................................................................................................................ 250
Pending Value ................................................................................................................................................................250
Modifying Bios Configuration ......................................................................................................................................250
17 Configuring and using virtual console........................................................................................................ 251
Supported screen resolutions and refresh rates......................................................................................................... 251
Configuring virtual console........................................................................................................................................... 252
Configuring virtual console using web interface.................................................................................................. 252
Configuring virtual console using RACADM......................................................................................................... 252
Previewing virtual console............................................................................................................................................ 252
Launching virtual console............................................................................................................................................. 252
Launching virtual console using web interface.................................................................................................... 253
Launching virtual console using a URL................................................................................................................. 253

Contents

11

Disabling warning messages while launching virtual console or virtual media using Java or ActiveX
plug-in....................................................................................................................................................................... 254
Using virtual console viewer.........................................................................................................................................254
HTML5 based virtual console................................................................................................................................ 254
Synchronizing mouse pointers................................................................................................................................257
Passing all keystrokes through virtual console for Java or ActiveX plug-in..................................................... 258
18 Using iDRAC Service Module.................................................................................................................... 261
Installing iDRAC Service Module.................................................................................................................................. 261
Installing iDRAC Service Module from iDRAC Express and Basic...................................................................... 261
Installing iDRAC Service Module from iDRAC Enterprise................................................................................... 262
Supported operating systems for iDRAC Service Module........................................................................................262
iDRAC Service Module monitoring features...............................................................................................................262
Redfish profile support for network attributes.....................................................................................................263
Operating system information................................................................................................................................263
Replicate Lifecycle logs to OS log..........................................................................................................................263
Automatic system recovery options...................................................................................................................... 263
Windows Management Instrumentation providers..............................................................................................264
Remote iDRAC Hard Reset.................................................................................................................................... 265
In-band Support for iDRAC SNMP Alerts............................................................................................................ 266
iDRAC access via Host OS..................................................................................................................................... 267
Coexistence of OpenManage Server Administrator and iDRAC Service Module............................................268
Using iDRAC Service Module from iDRAC web interface........................................................................................ 269
Using iDRAC Service Module from RACADM............................................................................................................269
Using iDRAC Service Module on Windows Nano OS............................................................................................... 269
19 Using USB port for server management................................................................................................... 270
Accessing iDRAC interface over direct USB connection.......................................................................................... 270
Configuring iDRAC using server configuration profile on USB device..................................................................... 271
Configuring USB management port settings........................................................................................................ 271
Importing Server Configuration Profile from USB device .................................................................................. 273
20 Using iDRAC Quick Sync 2.......................................................................................................................275
Configuring iDRAC Quick Sync 2.................................................................................................................................275
Configuring iDRAC Quick Sync 2 settings using web interface......................................................................... 276
Configuring iDRAC Quick Sync 2 settings using RACADM................................................................................ 276
Configuring iDRAC Quick Sync 2 settings using iDRAC settings utility............................................................ 276
Using mobile device to view iDRAC information........................................................................................................ 277
21 Managing virtual media.............................................................................................................................278
Supported drives and devices...................................................................................................................................... 279
Configuring virtual media.............................................................................................................................................. 279
Configuring virtual media using iDRAC web interface.........................................................................................279
Configuring virtual media using RACADM............................................................................................................ 279
Configuring virtual media using iDRAC settings utility........................................................................................ 279
Attached media state and system response........................................................................................................ 280
Accessing virtual media.................................................................................................................................................280

12

Contents

Launching virtual media using virtual console...................................................................................................... 280
Launching virtual media without using virtual console........................................................................................ 281
Adding virtual media images....................................................................................................................................281
Viewing virtual device details................................................................................................................................. 282
Resetting USB..........................................................................................................................................................282
Mapping virtual drive...............................................................................................................................................282
Unmapping virtual drive.......................................................................................................................................... 283
Setting boot order through BIOS.................................................................................................................................283
Enabling boot once for virtual media...........................................................................................................................284
22 Installing and using VMCLI utility............................................................................................................. 285
Installing VMCLI............................................................................................................................................................. 285
Running VMCLI utility................................................................................................................................................... 285
VMCLI syntax.................................................................................................................................................................285
VMCLI commands to access virtual media ......................................................................................................... 286
VMCLI operating system shell options .................................................................................................................286
23 Managing vFlash SD card.........................................................................................................................288
Configuring vFlash SD card.......................................................................................................................................... 288
Viewing vFlash SD card properties........................................................................................................................288
Enabling or disabling vFlash functionality............................................................................................................. 289
Initializing vFlash SD card....................................................................................................................................... 290
Getting the last status using RACADM................................................................................................................. 291
Managing vFlash partitions........................................................................................................................................... 291
Creating an empty partition.................................................................................................................................... 291
Creating a partition using an image file................................................................................................................. 292
Formatting a partition..............................................................................................................................................293
Viewing available partitions.....................................................................................................................................294
Modifying a partition............................................................................................................................................... 294
Attaching or detaching partitions.......................................................................................................................... 295
Deleting existing partitions..................................................................................................................................... 296
Downloading partition contents.............................................................................................................................296
Booting to a partition...............................................................................................................................................297
24 Using SMCLP.......................................................................................................................................... 298
System management capabilities using SMCLP........................................................................................................298
Running SMCLP commands........................................................................................................................................ 298
iDRAC SMCLP syntax...................................................................................................................................................299
Navigating the map address space.............................................................................................................................. 301
Using show verb............................................................................................................................................................. 301
Using the -display option......................................................................................................................................... 301
Using the -level option............................................................................................................................................ 302
Using the -output option........................................................................................................................................ 302
Usage examples............................................................................................................................................................. 302
Server power management....................................................................................................................................302
SEL management.................................................................................................................................................... 303
Map target navigation............................................................................................................................................. 304

Contents

13

25 Deploying operating systems................................................................................................................... 306
Deploying operating system using remote file share................................................................................................. 306
Managing remote file share.................................................................................................................................... 306
Configuring remote file share using web interface.............................................................................................. 307
Configuring remote file share using RACADM..................................................................................................... 308
Deploying operating system using virtual media........................................................................................................ 308
Installing operating system from multiple disks....................................................................................................309
Deploying embedded operating system on SD card................................................................................................. 309
Enabling SD module and redundancy in BIOS......................................................................................................309
26 Troubleshooting managed system using iDRAC........................................................................................ 310
Using diagnostic console............................................................................................................................................... 310
Reset iDRAC and Reset iDRAC to default ............................................................................................................310
Scheduling remote automated diagnostics............................................................................................................ 311
Scheduling remote automated diagnostics using RACADM............................................................................... 312
Viewing post codes........................................................................................................................................................ 312
Viewing boot and crash capture videos.......................................................................................................................312
Configuring video capture settings........................................................................................................................ 313
Viewing logs.................................................................................................................................................................... 313
Viewing last system crash screen.................................................................................................................................313
Viewing System status...................................................................................................................................................313
Viewing system front panel LCD status.................................................................................................................314
Viewing system front panel LED status................................................................................................................. 314
Hardware trouble indicators.......................................................................................................................................... 314
Viewing system health................................................................................................................................................... 315
Checking server status screen for error messages....................................................................................................315
Restarting iDRAC............................................................................................................................................................315
Resetting iDRAC using iDRAC web interface....................................................................................................... 315
Resetting iDRAC using RACADM........................................................................................................................... 315
Erasing system and user data....................................................................................................................................... 315
Resetting iDRAC to factory default settings...............................................................................................................316
Resetting iDRAC to factory default settings using iDRAC web interface......................................................... 316
Resetting iDRAC to factory default settings using iDRAC settings utility......................................................... 317
27 SupportAssist Integration in iDRAC.......................................................................................................... 318
SupportAssist Registration............................................................................................................................................318
Contact and Shipping Information..........................................................................................................................318
Primary Contact Information...................................................................................................................................318
Secondary Contact Information............................................................................................................................. 319
End User License Agreement..................................................................................................................................319
Installing Service Module............................................................................................................................................... 319
Server OS Proxy Information........................................................................................................................................ 319
SupportAssist..................................................................................................................................................................319
Service Request Portal.................................................................................................................................................. 319
Collection Log................................................................................................................................................................. 319
Generating SupportAssist Collection........................................................................................................................... 319

14

Contents

Generating SupportAssist Collection manually using iDRAC web interface.....................................................320
Settings............................................................................................................................................................................321
Collection Settings......................................................................................................................................................... 321
Contact Information....................................................................................................................................................... 321
28 Frequently asked questions......................................................................................................................322
System Event Log..........................................................................................................................................................322
Network security........................................................................................................................................................... 323
Why am I unable to complete operations that involve a remote CIFS share?..................................................323
Active Directory..............................................................................................................................................................323
Single Sign-On............................................................................................................................................................... 325
Smart card login.............................................................................................................................................................326
Virtual console................................................................................................................................................................326
Virtual media...................................................................................................................................................................329
vFlash SD card............................................................................................................................................................... 332
SNMP authentication....................................................................................................................................................332
Storage devices..............................................................................................................................................................332
iDRAC Service Module..................................................................................................................................................332
RACADM.........................................................................................................................................................................334
Permanently setting the default password to calvin................................................................................................. 335
Miscellaneous................................................................................................................................................................. 335
When an OS is installed, hostname may or may not appear/change automatically. ...................................... 335
How to find an iDRAC IP address for a blade server?........................................................................................ 335
How to find the CMC IP address related to the blade server?......................................................................... 336
How to find iDRAC IP address for rack and tower server?................................................................................336
iDRAC network connection is not working...........................................................................................................336
Inserted the blade server into the chassis and pressed the power switch, but it did not power on............. 337
How to retrieve an iDRAC administrative user name and password?...............................................................337
How to change the name of the slot for the system in a chassis?................................................................... 337
iDRAC on blade server is not responding during boot.........................................................................................337
When attempting to boot the managed server, the power indicator is green, but there is no POST or
no video.....................................................................................................................................................................337
29 Use case scenarios.................................................................................................................................. 338
Troubleshooting an inaccessible managed system.................................................................................................... 338
Obtaining system information and assess system health......................................................................................... 339
Setting up alerts and configuring email alerts............................................................................................................ 339
Viewing and exporting System Event Log and Lifecycle Log...................................................................................339
Interfaces to update iDRAC firmware......................................................................................................................... 339
Performing graceful shutdown.....................................................................................................................................339
Creating new administrator user account.................................................................................................................. 340
Launching servers remote console and mounting a USB drive............................................................................... 340
Installing bare metal OS using attached virtual media and remote file share......................................................... 340
Managing rack density.................................................................................................................................................. 340
Installing new electronic license................................................................................................................................... 340
Applying IO Identity configuration settings for multiple network cards in single host system reboot ................ 341

Contents

15

1
Overview
The Integrated Dell Remote Access Controller (iDRAC) is designed to make server administrators more productive and improve the overall
availability of Dell servers. iDRAC alerts administrators to server issues, helps them perform remote server management, and reduces the
need for physical access to the server.
iDRAC with Lifecycle Controller technology is part of a larger data center solution that helps keep business critical applications and
workloads available always. The technology allows administrators to deploy, monitor, manage, configure, update, troubleshoot and remediate
Dell servers from any location, and without the use of agents. It accomplishes this regardless of operating system or hypervisor presence or
state.
Several products work with the iDRAC and Lifecycle Controller to simplify and streamline IT operations, such as:
•
•
•

Dell Management plug-in for VMware vCenter
Dell Repository Manager
Dell Management Packs for Microsoft System Center Operations Manager (SCOM) and Microsoft System Center Configuration
Manager (SCCM)
BMC Bladelogic
Dell OpenManage Essentials/OpenManage Enterprise
Dell OpenManage Power Center

•
•
•

The iDRAC is available in the following variants:
•
•
•

iDRAC Basic (available by default for 200-500 series servers)
iDRAC Express (available by default on all 600 and higher series of rack or tower servers, and all blade servers)
iDRAC Enterprise (available on all server models)

For more information, see the iDRAC Overview and Feature Guide available at dell.com/support/manuals.

Topics:
•
•
•
•
•
•
•
•
•
•
•
•
•

Benefits of using iDRAC with Lifecycle Controller
Key features
New in this release
How to use this guide
Supported web browsers
iDRAC licenses
Licensed features in iDRAC8 and iDRAC9
Interfaces and protocols to access iDRAC
iDRAC port information
Other documents you may need
Social media reference
Contacting Dell
Accessing documents from Dell support site

Benefits of using iDRAC with Lifecycle Controller
The benefits include:

16

Overview

•

Increased Availability — Early notification of potential or actual failures that help prevent a server failure or reduce recovery time after
failure.

•

Improved Productivity and Lower Total Cost of Ownership (TCO) — Extending the reach of administrators to larger numbers of distant
servers can make IT staff more productive while driving down operational costs such as travel.

•

Secure Environment — By providing secure access to remote servers, administrators can perform critical management functions while
maintaining server and network security.

•

Enhanced Embedded Management through Lifecycle Controller – Lifecycle Controller provides deployment and simplified serviceability
through Lifecycle Controller GUI for local deployment and Remote Services (WSMan) interfaces for remote deployment integrated with
Dell OpenManage Essentials and partner consoles.

For more information about Lifecycle Controller GUI, see Lifecycle Controller User’s Guide and for remote services, see Lifecycle Controller
Remote Services User’s Guide available at dell.com/idracmanuals.

Key features
The key features of iDRAC include:
NOTE: Some of the features are available only with iDRAC Enterprise license. For information on the features available for a
license, see iDRAC licenses .
Inventory and Monitoring
•

View managed server health.

•

Inventory and monitor network adapters and storage subsystem (PERC and direct attached storage) without any operating system
agents.

•

View and export system inventory.

•

View sensor information such as temperature, voltage, and intrusion.

•

Monitor CPU state, processor automatic throttling, and predictive failure.

•

View memory information.

•

Monitor and control power usage.

•

Support for SNMPv3 gets and alerts.

•

For blade servers: launch Chassis Management Controller (CMC) web interface, view CMC information, and WWN/MAC addresses.
NOTE: CMC provides access to iDRAC through the M1000E Chassis LCD panel and local console connections. For more
information, see Chassis Management Controller User’s Guide available at dell.com/support/manuals.

•

View network interfaces available on host operating systems.

•

iDRAC9 provides improved monitoring and management functionality with Quick Sync 2. You need OpenManage Mobile app configured
in your Android or iOS mobile device.

Deployment
•

Manage vFlash SD card partitions.

•

Configure front panel display settings.

•

Manage iDRAC network settings.

•

Configure and use virtual console and virtual media.

•

Deploy operating systems using remote file share, virtual media, and VMCLI.

•

Enable auto-discovery.

•

Perform server configuration using the export or import XML or JSON profile feature through RACADM, WSMan and Redfish. For
more information, see the Lifecycle Controller Remote Services Quick Start Guide.

•

Configure persistence policy for virtual addresses, initiator, and storage targets.

•

Remotely configure storage devices attached to the system at run-time.

•

Perform the following operations for storage devices:
•

Physical disks: Assign or unassign physical disk as a global hot spare.

•

Virtual disks:

Overview

17

•

•

•

Create virtual disks.

•

Edit virtual disks cache policies.

•

Check virtual disk consistency.

•

Initialize virtual disks.

•

Encrypt virtual disks.

•

Assign or unassign dedicated hot spare.

•

Delete virtual disks.

Controllers:
•

Configure controller properties.

•

Import or auto-import foreign configuration.

•

Clear foreign configuration.

•

Reset controller configuration.

•

Create or change security keys.

PCIe SSD devices:
•

Inventory and remotely monitor the health of PCIe SSD devices in the server.

•

Prepare the PCIe SSD to be removed.

•

Securely erase the data.

•

Set the backplane mode (unified or split mode).

•

Blink or unblink component LEDs.

•

Apply the device settings immediately, at next system reboot, at a scheduled time, or as a pending operation to be applied as a
batch as part of the single job.

Update
•

Manage iDRAC licenses.

•

Update BIOS and device firmware for devices supported by Lifecycle Controller.

•

Update or rollback iDRAC firmware and Lifecycle Controller firmware using a single firmware image.

•

Manage staged updates.

•

Back up and restore server profile.

•

Access iDRAC interface over direct USB connection.

•

Configure iDRAC using Server Configuration Profiles on USB device.

Maintenance and Troubleshooting
•

Perform power-related operations and monitor power consumption.

•

Optimize system performance and power consumption by modifying the thermal settings.

•

No dependency on OpenManage Server Administrator for generation of alerts.

•

Log event data: Lifecycle and RAC logs.

•

Set email alerts, IPMI alerts, remote system logs, WS Eventing logs, Redfish event, and SNMP traps (v1, v2c, and v3) for events and
improved email alert notification.

•

Capture last system crash image.

•

View boot and crash capture videos.

•

Out-of-band monitor and alert the performance index of CPU, memory, and I/O modules.

•

Configure warning threshold for inlet temperature and power consumption.

•

Use iDRAC Service Module to:

18

•

View operating system information.

•

Replicate Lifecycle Controller logs to operating system logs.

•

Automatic system recovery options.

•

Enable or disable status of Full Power Cycle for all System components except the PSU.

•

Remotely hard-reset iDRAC

Overview

•

•

Enable in-band iDRAC SNMP alerts

•

Access iDRAC using host OS (experimental feature)

•

Populate Windows Management Instrumentation (WMI) information.

•

Integrate with SupportAssist collection. This is applicable only if iDRAC Service Module Version 2.0 or later is installed.

•

Prepare to remove NVMe PCIe SSD.

Generate SupportAssist collection in the following ways:
•

Automatic — Using iDRAC Service Module that automatically invokes the OS Collector tool.

•

Manual — Using OS Collector tool.

Dell Best Practices regarding iDRAC
•

iDRACs are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to
the internet. Doing so could expose the connected system to security and other risks for which Dell is not responsible.

•

Along with locating iDRACs on a separate management subnet, users should isolate the management subnet/vLAN with technologies
such as firewalls, and limit access to the subnet/vLAN to authorized server administrators.

Secure Connectivity
Securing access to critical network resources is a priority. iDRAC implements a range of security features that includes:
•

Custom signing certificate for Secure Socket Layer (SSL) certificate.

•

Signed firmware updates.

•

User authentication through Microsoft Active Directory, generic Lightweight Directory Access Protocol (LDAP) Directory Service, or
locally administered user IDs and passwords.

•

Two-factor authentication using the Smart–Card logon feature. The two-factor authentication is based on the physical smart card and
the smart card PIN.

•

Single Sign-On and Public Key Authentication.

•

Role-based authorization, to configure specific privileges for each user.

•

SNMPv3 authentication for user accounts stored locally in the iDRAC. It is recommended to use this, but it is disabled by default.

•

User ID and password configuration.

•

Default login password modification.

•

Set user passwords and BIOS passwords using one-way hash format for improved security.

•

FIPS 140-2 Level 1 capability.

•

Support for TLS 1.2, 1.1, and 1.0. To enhance security, default setting is TLS 1.1 and higher.

•

SMCLP and web interfaces that support 128 bit and 40-bit encryption (for countries where 128 bit is not acceptable), using the TLS 1.2
standard.

•

Session time-out configuration (in seconds).

•

Configurable IP ports (for HTTP, HTTPS, SSH, Telnet, Virtual Console, and Virtual Media).

•

Secure Shell (SSH) that uses an encrypted transport layer for higher security.

•

Login failure limits per IP address, with login blocking from that IP address when the limit is exceeded.

•

Limited IP address range for clients connecting to iDRAC.

•

Dedicated Gigabit Ethernet adapter available on rack and tower servers (additional hardware may be required).

NOTE: To ensure a secure connection, Dell recommends using TLS 1.1 and higher.

NOTE: Telnet does not support SSL encryption and is disabled by default.

New in this release
•

Added support for Boot Optimized Storage Solution (BOSS) controllers—inventory, configuration, update, and monitoring.

•

Added support to update the NVDIMM firmware.

•

Security update:
•

Removed TLS 1.0 for Port 5900.

•

Port 5900 is closed when vMedia or vConsole is disabled.

Overview

19

•

Option to dynamically disable the front USB ports using iDRAC web interface.

•

Added support for IP blocking using iDRAC web interface.

•

Improved keyboard pass-through support and added more keystrokes to the exception list in virtual console using HTML5.

How to use this guide
The contents of this user's guide enable you to perform various tasks using:
•

iDRAC web interface — Only the task-related information is provided here. For information about the fields and options, see the iDRAC
Online Help that you can access from the web interface.

•

RACADM — The RACADM command or the object that you must use is provided here. For more information, see the iDRAC RACADM
Command Line Reference Guide available at dell.com/idracmanuals.

•

iDRAC Settings Utility — Only the task-related information is provided here. For information about the fields and options, see the
iDRAC Settings Utility Online Help that you can access when you click Help in the iDRAC Settings GUI (press  during boot, and
then click iDRAC Settings on the System Setup Main Menu page).

•

Redfish — Only the task-related information is provided here. For information about the fields and options, see the Redfish Reference
Guide available at dell.com/idracmanuals.

Supported web browsers
iDRAC is supported on the following browsers:
•

Internet Explorer/Edge

•

Mozilla Firefox

•

Google Chrome

•

Safari

For the list of supported versions, see the iDRAC Release Notes available at dell.com/idracmanuals.

Supported OS and Hypervisors
iDRAC is supported on the following OS, Hypervisors:
•

Microsoft

•

VMware

•

Citrix

•

RedHat

•

SuSe
NOTE: For the list of supported versions, see the iDRAC Release Notes available at dell.com/idracmanuals.

iDRAC licenses
iDRAC features are available based on iDRAC Express (default) or iDRAC Enterprise (can be purchased). Only licensed features are
available in the interfaces that allow you to configure or use iDRAC. For more information, see Licensed features in iDRAC8 and iDRAC9.

Types of licenses
The types of licenses offered are:
•

20

30-day evaluation — Evaluation licenses are duration based and the timer runs when power is applied to the system. This license
cannot be extended.

Overview

•

Perpetual — The license is bound to the Service Tag and is permanent.

Methods for acquiring licenses
Use any of the following methods to acquire the licenses:
•

Email — License is attached to an email that is sent after requesting it from the technical support center.

•

License Self-service portal — A link to the Self-Service Portal is available from iDRAC. Click this link to open Dell Digital Locker. The Dell
Digital Locker allows you to view and manage your products, software, and licensing information in one location.

•

Point-of-sale — License is acquired while placing the order for a system.

License operations
Before you perform the license management tasks, ensure that you acquire the licenses. For more information, see the Overview and
Feature Guide available at dell.com/support/manuals.
NOTE: If you have purchased a system with all the licenses pre-installed, then license management is not required.
You can perform the following licensing operations using iDRAC, RACADM, WSMan, Redfish and Lifecycle Controller-Remote Services for
one-to-one license management, and Dell License Manager for one-to-many license management:
•

View — View the current license information.

•

Import — After acquiring the license, store the license in a local storage and import it into iDRAC using one of the supported interfaces.
The license is imported if it passes the validation checks.

•

Export — Exports the installed license for backup. For more information, see the iDRAC Online Help.

•

Delete — Deletes the license. For more information, see the iDRAC Online Help.

•

Learn More — Learn more about an installed license, or the licenses available for a component installed in the server. It allows you to
visit delltechcenter.com.

NOTE: After importing the license, you need to re-login to the iDRAC. This is applicable only for iDRAC web interface.

NOTE: For the Learn More option to display the correct page, ensure that *.dell.com is added to the list of Trusted Sites in the
Security Settings. For more information, see the Internet Explorer help documentation.
For one-to-many license deployment, you can use Dell License Manager. For more information, see the Dell License Manager User’s Guide
available at dell.com/support/manuals.

License component state or condition and available operations
The following table provides the list of license operations available based on the license state or condition:
Table 1. License operations based on state and condition
License/Component state Import
or condition

Export

Delete

Replace

Learn More

Non-administrator login

No

No

No

No

Yes

Active license

Yes

Yes

Yes

Yes

Yes

Expired license

No

Yes

Yes

Yes

Yes

License installed but
component missing

No

Yes

Yes

No

Yes

Overview

21

Managing licenses using iDRAC web interface
To manage the licenses using the iDRAC web interface, go to Configuration > Licenses.
The Licensing page displays the licenses that are associated to devices, or the licenses that are installed but the device is not present in
the system. For more information on importing, exporting, or deleting a license, see the iDRAC Online Help.

Managing licenses using RACADM
To manage licenses using RACADM, use the license subcommand. For more information, see the iDRAC RACADM Command Line
Interface Reference Guide available at dell.com/idracmanuals.

Licensed features in iDRAC8 and iDRAC9
The following table lists the iDRAC8 and iDRAC9 features that are enabled based on the license purchased:
Table 2. Licensed features in iDRAC8 and iDRAC9
Feature

iDRAC8
Basic

iDRAC9
Basic

iDRAC8
Express

iDRAC9
Express

iDRAC8
iDRAC9
iDRAC8
Express for Express for Enterprise
Blades
Blades

iDRAC9
Enterprise

Redfish

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IPMI 2.0

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

DCMI 1.5

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Web-based GUI

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

RACADM command line
(local/remote)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SMASH-CLP (SSH-only) Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Telnet

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SSH

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Serial Redirection

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

WSMan

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Network Time Protocol

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Shared NIC (LOM)

Yes

Yes

Yes

Yes

N/A

N/A

Yes

Yes1

Dedicated NIC2

Yes

Yes

Yes

Yes

Yes

Yes

Yes2

Yes2

VLAN tagging

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IPv4

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IPv6

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

DHCP

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

DHCP with zero touch

No

No

No

No

No

No

Yes

Yes

Interfaces / Standards

Connectivity

22

Overview

Feature

iDRAC8
Basic

iDRAC9
Basic

iDRAC8
Express

iDRAC9
Express

iDRAC8
iDRAC9
iDRAC8
Express for Express for Enterprise
Blades
Blades

iDRAC9
Enterprise

Dynamic DNS

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

OS pass-through

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

iDRAC Direct -Front
panel USB

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Connection View

No

Yes

No

Yes

No

Yes

No

Yes

NFS v4

No

Yes

No

Yes

No

Yes

No

Yes

SMB3.0 with NTLMv1
and NTLMv2

No

Yes

No

Yes

No

Yes

No

Yes

Role-based authority

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Local users

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SSL encryption

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

IP blocking

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Directory services (AD,
LDAP)

No

No

No

No

No

No

Yes

Yes

Two-factor
authentication (smart
card)

No

No

No

No

No

No

Yes

Yes

Single sign-On

No

No

Yes

No

No

No

Yes

Yes

PK authentication (for
SSH)

No

No

Yes

Yes

Yes

Yes

Yes

Yes

FIPS 140-2

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Secure UEFI boot certificate management

No

Yes

No

Yes

No

Yes

No

Yes

Lock down mode

No

No

No

No

No

No

No

Yes

Customizable Security
Policy Banner - login
page

No

Yes

No

Yes

No

Yes

No

Yes

iDRAC Quick Sync 2 optional auth for read
operations

No

Yes

No

Yes

No

Yes

No

Yes

iDRAC Quick Sync 2 add mobile device
number to LCL

No

Yes

No

Yes

No

Yes

No

Yes

Power control

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Boot control

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Serial-over-LAN

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Security

Remote Presence

Overview

23

Feature

iDRAC8
Basic

iDRAC9
Basic

iDRAC8
Express

iDRAC9
Express

iDRAC8
iDRAC9
iDRAC8
Express for Express for Enterprise
Blades
Blades

iDRAC9
Enterprise

Virtual Media

No

No

No

No

Yes

Yes

Yes

Yes

Virtual Folders

No

No

No

No

No

No

Yes

Yes

Remote File Share

No

No

No

No

No

No

Yes

Yes

HTML5 access to Virtual No
Console

No

No

No

Yes

Yes

Yes

Yes

Virtual Console

No

No

No

No

Yes

Yes

6 users

Yes

VNC connection to OS

No

No

No

No

No

No

Yes

Yes

Quality/bandwidth
control

No

No

No

No

No

No

Yes

Yes

Virtual Console
collaboration (up to six
simultaneous users)

No

No

No

No

No

No

Yes

Yes

Virtual Console chat

No

No

No

No

No

No

Yes

Yes 2,3

Virtual Flash partitions

No

No

No

No

No

No

Yes 1,2

Yes

Group Manager

No

No

No

No

No

No

No

Yes

HTTP / HTTPS support
along with NFS/CIFS

No

Yes

No

Yes

No

Yes

No

Yes

Real-time power meter

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Power thresholds and
alerts

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Real-time power
graphing

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Historical power
counters

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Power capping

No

No

No

No

No

No

Yes

Yes

Power Center integration No

No

No

No

No

No

Yes

Yes

Temperature monitoring

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Temperature graphing

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Full agent-free
monitoring

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Predictive failure
monitoring

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Power and Thermal

Health Monitoring

24

Overview

Feature

iDRAC8
Basic

iDRAC9
Basic

iDRAC8
Express

iDRAC9
Express

iDRAC8
iDRAC9
iDRAC8
Express for Express for Enterprise
Blades
Blades

iDRAC9
Enterprise

SNMPv1, v2, and v3
(traps and gets)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Email Alerting

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Configurable thresholds

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Fan monitoring

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Power Supply monitoring Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Memory monitoring

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

CPU monitoring

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

RAID monitoring

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

NIC monitoring

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

HD monitoring
(enclosure)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Out of Band
Performance Monitoring

No

No

No

No

No

No

Yes

Yes

Alerts for excessive SSD
wear

No

Yes

No

Yes

No

Yes

No

Yes

Customizable settings
for Exhaust Temperature

No

Yes

No

Yes

No

Yes

No

Yes

Remote agent-free
update

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Embedded update tools

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Sync with repository
(scheduled updates)

No

No

No

No

No

No

Yes

Yes

Auto-update

No

No

No

No

No

No

Yes

Yes

Improved PSU firmware
updates

No

Yes

No

Yes

No

Yes

Update

Yes

Deployment and Configuration
Local configuration via
F10

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Embedded OS
deployment tools

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Overview

25

Feature

iDRAC8
Basic

iDRAC9
Basic

iDRAC8
Express

iDRAC9
Express

iDRAC8
iDRAC9
iDRAC8
Express for Express for Enterprise
Blades
Blades

iDRAC9
Enterprise

Embedded configuration
tools

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Auto-Discovery

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Remote OS deployment

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Embedded driver pack

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Full configuration
inventory

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Inventory export

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Remote configuration

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Zero-touch configuration No

No

No

No

No

No

Yes

Yes

System Retire/
Repurpose

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Server Configuration
Profile in GUI

No

Yes

No

Yes

No

Yes

No

Yes

Diagnostics, Service, and Logging
Embedded diagnostic
tools

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Part Replacement

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

Server Configuration
Backup

No

No

No

No

No

No

Yes

Yes

Easy Restore (system
configuration)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Server Configuration
Restore

No

Yes

No

Yes

Yes

Yes

Yes

Yes

NOTE: After
performing part
replacement on
RAID hardware,
once the process
is complete for
replacing
firmware and
configuration,
Lifecycle Logs
reports double
part replacement
entries which is
expected
behavior.

26

Overview

Feature

iDRAC8
Basic

iDRAC9
Basic

iDRAC8
Express

iDRAC9
Express

iDRAC8
iDRAC9
iDRAC8
Express for Express for Enterprise
Blades
Blades

iDRAC9
Enterprise

Easy Restore Auto
Timeout

Yes

Yes

Yes

Yes

No

Yes

Yes

Yes

LED Health status
indicators

Yes

Yes 5

Yes

Yes 5

No

N/A

Yes

Yes 5

LCD screen (iDRAC9
requires optional)

Yes

Yes 5

Yes

Yes 5

N/A

N/A

Yes

Yes 5

Quick Sync (require NFC Yes
bezel, 13G only)

N/A

Yes

N/A

No

N/A

Yes

N/A

iDRAC Quick Sync 2
(BLE/Wi-Fi hardware)

N/A

Yes

N/A

Yes

No

Yes

N/A

Yes

iDRAC Direct (front USB
management port)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

iDRAC Service Module
(iSM) embedded

N/A

Yes

N/A

Yes

No

Yes

N/A

Yes

iSM to in-band alert
forwarding to consoles

No

Yes

No

Yes

No

Yes

No

Yes

SupportAssist Collection
(embedded)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Crash screen capture

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Crash video capture4

N/A

No

N/A

No

No

No

Yes

Yes

Boot capture

No

No

No

No

No

No

Yes

Yes

Manual reset for iDRAC
(LCD ID button)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Remote reset for iDRAC
(requires iSM)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Virtual NMI

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

OS watchdog4

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

System Event Log

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Lifecycle Log

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Enhanced Logging in
Lifecycle Controller Log

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Work notes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Remote Syslog

No

No

No

No

No

No

Yes

Yes

License management

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Overview

27

[1] Requires vFlash SD card media.
[2] 500 series and lower rack and tower servers require a hardware card to enable this feature; this hardware is offered at additional cost.
[3] Remote agent-free update feature is available only using IPMI.
[4] Available only using IPMI.
[5] Requires OMSA agent on target server.

Interfaces and protocols to access iDRAC
The following table lists the interfaces to access iDRAC.
NOTE: Using more than one interface at the same time may generate unexpected results.
Table 3. Interfaces and protocols to access iDRAC
Interface or Protocol

Description

iDRAC Settings Utility
(F2)

Use the iDRAC Settings utility to perform pre-OS operations. It has a subset of the features that are available
in iDRAC web interface along with other features.
To access iDRAC Settings utility, press  during boot and then click iDRAC Settings on the System
Setup Main Menu page.

Lifecycle Controller (F10)

Use Lifecycle Controller to perform iDRAC configurations. To access Lifecycle Controller, press  during
boot and go to System Setup > Advanced Hardware Configuration > iDRAC Settings. For more
information, see Lifecycle Controller User’s Guide available at dell.com/idracmanuals.

iDRAC web Interface

Use the iDRAC web interface to manage iDRAC and monitor the managed system. The browser connects to
the web server through the HTTPS port. Data streams are encrypted using 128-bit SSL to provide privacy
and integrity. Any connection to the HTTP port is redirected to HTTPS. Administrators can upload their own
SSL certificate through an SSL CSR generation process to secure the web server. The default HTTP and
HTTPS ports can be changed. The user access is based on user privileges.

CMC web Interface

In addition to monitoring and managing the chassis, use the CMC web interface to:
•
•
•
•
•
•

Server LCD Panel/
Chassis LCD Panel

View the status of a managed system
Update iDRAC firmware
Configure iDRAC network settings
Log in to iDRAC web interface
Start, stop, or reset the managed system
Update BIOS, PERC, and supported network adapters

Use the LCD on the server front panel to:
•
•
•

View alerts, iDRAC IP or MAC address, user programmable strings.
Set DHCP
Configure iDRAC static IP settings.

For blade servers, the LCD is on the chassis front panel and is shared between all the blades.
To reset iDRAC without rebooting the server, press and hold the System Identification button
seconds.

for 16

NOTE: LCD panel is only available with rack or tower systems that support front bezel. For blade
servers, the LCD is on the chassis front panel and is shared between all the blades.

28

Overview

Interface or Protocol

Description

RACADM

Use this command-line utility to perform iDRAC and server management. You can use RACADM locally and
remotely.
•

•
•
•

Redfish

Local RACADM command-line interface runs on the managed systems that have Server Administrator
installed. Local RACADM communicates with iDRAC through its in-band IPMI host interface. Since it is
installed on the local managed system, users are required to log in to the operating system to run this
utility. A user must have a full administrator privilege or be a root user to use this utility.
Remote RACADM is a client utility that runs on a management station. It uses the out-of-band network
interface to run RACADM commands on the managed system and uses the HTTPs channel. The –r
option runs the RACADM command over a network.
Firmware RACADM is accessible by logging in to iDRAC using SSH or telnet. You can run the firmware
RACADM commands without specifying the iDRAC IP, user name, or password.
You do not have to specify the iDRAC IP, user name, or password to run the firmware RACADM
commands. After you enter the RACADM prompt, you can directly run the commands without the racadm
prefix.

The Redfish Scalable Platforms Management API is a standard defined by the Distributed Management Task
Force (DMTF). Redfish is a next-generation systems management interface standard, which enables scalable,
secure, and open server management. It is a new interface that uses RESTful interface semantics to access
data that is defined in model format to perform out-of-band systems management. It is suitable for a wide
range of servers ranging from stand-alone servers to rack mount and bladed environments and for large scale
cloud environments.
Redfish provides the following benefits over existing server management methods:
•
•
•
•

Increased simplicity and usability
High data security
Programmable interface that can be easily scripted
Follows widely-used standards

For more information, see the following:
•
WSMan

Redfish API Reference Guide available at dell.com/support/manuals.

The LC-Remote Service is based on the WSMan protocol to do one-to-many systems management tasks.
You must use WSMan client such as WinRM client (Windows) or the OpenWSMan client (Linux) to use the
LC-Remote Services functionality. You can also use Power Shell and Python to script to the WSMan
interface.
Web Services for Management (WSMan) are a Simple Object Access Protocol (SOAP)–based protocol used
for systems management. iDRAC uses WSMan to convey Distributed Management Task Force (DMTF)
Common Information Model (CIM)–based management information. The CIM information defines the
semantics and information types that can be modified in a managed system. The data available through
WSMan is provided by iDRAC instrumentation interface mapped to the DMTF profiles and extension profiles.
For more information, see the following:
•
•
•
•
•
•

SSH

Lifecycle Controller-Remote Services User’s Guide available at dell.com/idracmanuals.
Lifecycle Controller Integration Best Practices Guide available at dell.com/support/manuals.
Lifecycle Controller page on Dell TechCenter — delltechcenter.com/page/Lifecycle+Controller
Lifecycle Controller WSMan Script Center — delltechcenter.com/page/Scripting+the+Dell+Lifecycle
+Controller
MOFs and Profiles — delltechcenter.com/page/DCIM.Library
DTMF website — dmtf.org/standards/profiles/

Use SSH to run RACADM and SMCLP commands. It provides the same capabilities as the Telnet console
using an encrypted transport layer for higher security. The SSH service is enabled by default on iDRAC. The
SSH service can be disabled in iDRAC. iDRAC only supports SSH version 2 with the RSA host key algorithm.
A unique 1024-bit RSA host key is generated when you power-up iDRAC for the first time.

Overview

29

Interface or Protocol

Description

Telnet

Use Telnet to access iDRAC where you can run RACADM and SMCLP commands. For details about
RACADM, see iDRAC RACADM Command Line Interface Reference Guide available at dell.com/
idracmanuals. For details about SMCLP, see Using SMCLP.
NOTE: Telnet is not a secure protocol and is disabled by default. Telnet transmits all data, including
passwords in plain text. When transmitting sensitive information, use the SSH interface.

VMCLI

Use the Virtual Media Command Line Interface (VMCLI) to access a remote media through the management
station and deploy operating systems on multiple managed systems.

IPMITool

Use the IPMITool to access the remote system’s basic management features through iDRAC. The interface
includes local IPMI, IPMI over LAN, IPMI over Serial, and Serial over LAN. For more information on IPMITool,
see the Dell OpenManage Baseboard Management Controller Utilities User’s Guide at dell.com/
idracmanuals.
NOTE: IPMI version 1.5 is not supported.

SMCLP

Use Server Management Workgroup Server Management-Command Line Protocol (SMCLP) to perform
systems management tasks. This is available through SSH or Telnet. For more information about SMCLP, see
Using SMCLP.

NTLM

iDRAC allows NTLM to provide authentication, integrity, and confidentiality to the users. NT LAN Manager
(NTLM) is a suite of Microsoft security protocols and it works in a Windows network.

SMB

iDRAC9 supports the Server Message Block (SMB) Protocol. This is a network file sharing protocol and the
default minimum SMB version supported is 2.0, SMBv1 is no longer supported.

NFS

iDRAC9 supports Network File System (NFS). This is a distributed filesystem protocol that enables users to
mount remote directories on the servers.

iDRAC port information
The following ports are required to remotely access iDRAC through firewalls. These are the default ports iDRAC listens to for connections.
Optionally, you can modify most of the ports. To do this, see Configuring services.
Table 4. Ports iDRAC listens for connections
Port Number

Function

22*

SSH

23*

Telnet

80*

HTTP

443*

HTTPS

623

RMCP/RMCP+

161*

SNMP

5900*

Virtual Console keyboard and mouse redirection, Virtual Media, Virtual Folders, and Remote File Share

5901

VNC
When VNC feature is enabled, the port 5901 opens.

* Configurable port

30

Overview

The following table lists the ports that iDRAC uses as a client.
Table 5. Ports iDRAC uses as client
Port Number

Function

25*

SMTP

53

DNS

68

DHCP-assigned IP address

69

TFTP

162*

SNMP trap

445

Common Internet File System (CIFS)

636

LDAP Over SSL (LDAPS)

2049

Network File System (NFS)

123

Network Time Protocol (NTP)

3269

LDAPS for global catalog (GC)

* Configurable port

Other documents you may need
In addition to this guide, the following documents available on the Dell Support website at dell.com/support/manuals provide additional
information about the setup and operation of iDRAC in your system.
•

The iDRAC Online Help provides detailed information about the fields available on the iDRAC web interface and the descriptions for the
same. You can access the online help after you install iDRAC.

•

The Redfish API Reference Guide provides information about Redfish API.

•

The iDRAC RACADM Command Line Interface Reference Guide provides information about the RACADM sub-commands, supported
interfaces, and iDRAC property database groups and object definitions.

•

The Systems Management Overview Guide provides brief information about the various software available to perform systems
management tasks.

•

The Dell Remote Access Configuration Tool User’s Guide provides information on how to use the tool to discover iDRAC IP addresses in
your network and perform one-to-many firmware updates and active directory configurations for the discovered IP addresses.

•

The Dell Systems Software Support Matrix provides information about the various Dell systems, the operating systems supported by
these systems, and the Dell OpenManage components that can be installed on these systems.

•

The iDRAC Service Module Installation Guide provides information to install the iDRAC Service Module.

•

The Dell OpenManage Server Administrator Installation Guide contains instructions to help you install Dell OpenManage Server
Administrator.

•

The Dell OpenManage Management Station Software Installation Guide contains instructions to help you install Dell OpenManage
management station software that includes Baseboard Management Utility, DRAC Tools, and Active Directory Snap-In.

•

The Dell OpenManage Baseboard Management Controller Management Utilities User’s Guide has information about the IPMI
interface.

•

The Release Notes provides last-minute updates to the system or documentation or advanced technical reference material intended for
experienced users or technicians.

•

The Glossary provides information about the terms used in this document.

The following system documents are available to provide more information:

Overview

31

•

The safety instructions that came with your system provide important safety and regulatory information. For additional regulatory
information, see the Regulatory Compliance home page at dell.com/regulatory_compliance. Warranty information may be included
within this document or as a separate document.

•

The Rack Installation Instructions included with your rack solution describe how to install your system into a rack.

•

The Getting Started Guide provides an overview of system features, setting up your system, and technical specifications.

•

The Owner’s Manual provides information about system features and describes how to troubleshoot the system and install or replace
system components.

Social media reference
To know more about the product, best practices, and information about Dell solutions and services, you can access the social media
platforms such as Dell TechCenter. You can access blogs, forums, whitepapers, how-to videos, and so on from the iDRAC wiki page at
www.delltechcenter.com/idrac.
For iDRAC and other related firmware documents, see dell.com/idracmanuals and dell.com/esmmanuals.

Contacting Dell
NOTE: If you do not have an active Internet connection, you can find contact information on your purchase invoice, packing slip,
bill, or Dell product catalog.
Dell provides several online and telephone-based support and service options. Availability varies by country and product, and some services
may not be available in your area. To contact Dell for sales, technical support, or customer service issues:
1

Go to Dell.com/support.

2

Select your support category.

3

Verify your country or region in the Choose a Country/Region drop-down list at the bottom of the page.

4

Select the appropriate service or support link based on your need.

Accessing documents from Dell support site
You can access the required documents in one of the following ways:
•

•

Using the following links:
•

For all Enterprise Systems Management documents — Dell.com/SoftwareSecurityManuals

•

For OpenManage documents — Dell.com/OpenManageManuals

•

For Remote Enterprise Systems Management documents — Dell.com/esmmanuals

•

For iDRAC and Lifecycle Controller documents — Dell.com/idracmanuals

•

For OpenManage Connections Enterprise Systems Management documents — Dell.com/
OMConnectionsEnterpriseSystemsManagement

•

For Serviceability Tools documents — Dell.com/ServiceabilityTools

•

For Client Command Suite Systems Management documents — Dell.com/DellClientCommandSuiteManuals

From the Dell Support site:
a

Go to Dell.com/Support/Home.

b

Under Select a product section, click Software & Security.

c

In the Software & Security group box, click the required link from the following:

d

32

•

Enterprise Systems Management

•

Remote Enterprise Systems Management

•

Serviceability Tools

•

Dell Client Command Suite

•

Connections Client Systems Management

To view a document, click the required product version.

Overview

•

Using search engines:
•

Type the name and version of the document in the search box.

Overview

33

2
Logging in to iDRAC
You can log in to iDRAC as an iDRAC user, a Microsoft Active Directory user, or a Lightweight Directory Access Protocol (LDAP) user. You
can also log in using Single Sign-On or Smart Card.
To improve security, each system is shipped with a unique password for iDRAC, which is available on the system information tag. This
unique password improves security of iDRAC and your server. The default user name is root.
While ordering the system, you can choose to retain the legacy password—calvin—as the default password. If you choose to retain the
legacy password, the password is not available on the system information tag.
In this version, DHCP is enabled by default and iDRAC IP address is assigned dynamically.
NOTE:
•

You must have Login to iDRAC privilege to log in to iDRAC.

•

iDRAC GUI does not support browser buttons such as Back, Forward, or Refresh.

NOTE: For information about recommended characters for user names and passwords, see Recommended characters in user
names and passwords.
To change the default password, see Changing the default login password.

Customizable security banner
You can customize the security notice that appears on the login page. You can use RACADM, Redfish, or WSMan to customize the notice.
Depending on the language you use, the notice can be either 1024 or 512 UTF-8 characters long.

Topics:
•

Logging in to iDRAC as local user, Active Directory user, or LDAP user

•

Logging in to iDRAC as a local user using a smart card

•

Logging in to iDRAC using Single Sign-On

•

Accessing iDRAC using remote RACADM

•

Accessing iDRAC using local RACADM

•

Accessing iDRAC using firmware RACADM

•

Viewing system health

•

Logging in to iDRAC using public key authentication

•

Multiple iDRAC sessions

•

Accessing iDRAC using SMCLP

•

Secure default password

•

Changing the default login password

•

Enabling or disabling default password warning message

•

IP Blocking

•

Enabling or disabling OS to iDRAC Pass-through using web interface

•

Enabling or disabling alerts using RACADM

34

Logging in to iDRAC

Logging in to iDRAC as local user, Active Directory
user, or LDAP user
Before you log in to iDRAC using the web interface, ensure that you have configured a supported web browser and the user account is
created with the required privileges.
NOTE: The user name is not case-sensitive for an Active Directory user. The password is case-sensitive for all users.
NOTE: In addition to Active Directory, openLDAP, openDS, Novell eDir, and Fedora-based directory services are supported.
NOTE: LDAP authentication with OpenDS is supported. The DH key must be larger than 768 bits.
To log in to iDRAC as local user, Active Directory user, or LDAP user:
1

Open a supported web browser.

2

In the Address field, type https://[iDRAC-IP-address] and press Enter.
NOTE: If the default HTTPS port number (port 443) changes, enter: https://[iDRAC-IP-address]:[port-number]
where [iDRAC-IP-address] is the iDRAC IPv4 or IPv6 address and [port-number] is the HTTPS port number.
The Login page is displayed.

3

For a local user:
•

4

In the Username and Password fields, enter your iDRAC user name and password.

• From the Domain drop-down menu, select This iDRAC.
For an Active Directory user, in the User name and Password fields, enter the Active Directory user name and password. If you have
specified the domain name as a part of the username, select This iDRAC from the drop-down menu. The format of the user name can
be: \, /, or @.
For example, dell.com\john_doe, or JOHN_DOE@DELL.COM.
If the domain is not specified in the user name, select the Active Directory domain from the Domain drop-down menu.

5

For an LDAP user, in the Username and Password fields, enter your LDAP user name and password. Domain name is not required for
LDAP login. By default, This iDRAC is selected in the drop-down menu.

6

Click Submit. You are logged in to iDRAC with the required user privileges.
If you log in with Configure Users privileges and the default account credentials, and if the default password warning feature is
enabled, the Default Password Warning page is displayed allowing you to easily change the password.

Logging in to iDRAC as a local user using a smart card
Before you log in as a local user using Smart Card, make sure to:
•

Upload user smart card certificate and the trusted Certificate Authority (CA) certificate to iDRAC.

•

Enable smart card logon.

The iDRAC web interface displays the smart card logon page for users who are configured to use the smart card.
NOTE: Depending on the browser settings, you are prompted to download and install the smart card reader ActiveX plug-in when
using this feature for the first time.
To log in to iDRAC as a local user using a smart card:
1

Access the iDRAC web interface using the link https://[IP address].
The iDRAC Login page is displayed prompting you to insert the smart card.
NOTE: If the default HTTPS port number (port 443) changes, type: https://[IP address]:[port number] where,
[IP address] is the IP address for the iDRAC and [port number] is the HTTPS port number.

2

Insert the smart card into the reader and click Login.

Logging in to iDRAC

35

A prompt is displayed for the smart card’s PIN. A password is not required.
3

Enter the Smart Card PIN for local smart card users.
You are logged in to the iDRAC.
NOTE: If you are a local user for whom Enable CRL check for Smart Card Logon is enabled, iDRAC attempts to download
the certificate revocation list (CRL) and checks the CRL for the user's certificate. The login fails if the certificate is listed as
revoked in the CRL or if the CRL cannot be downloaded for some reason.

Logging in to iDRAC as an Active Directory user using a smart
card
Before you log in as an Active Directory user using smart card, ensure that you:
•

Upload a Trusted Certificate Authority (CA) certificate (CA-signed Active Directory certificate) to iDRAC.

•

Configure the DNS server.

•

Enable Active Directory login.

•

Enable smart card login.

To log in to iDRAC as an Active Directory user using smart card:
1

Log in to iDRAC using the link https://[IP address].
The iDRAC Login page is displayed prompting you to insert the smart card.
NOTE: If the default HTTPS port number (port 443) is changed, type: https://[IP address]:[port number]
where, [IP address] is the iDRAC IP address and [port number] is the HTTPS port number.

2

Insert the smart card and click Login.
A prompt is displayed for the smart card's PIN.

3

Enter the PIN and click Submit.
You are logged in to iDRAC with your Active Directory credentials.
NOTE:
If the smart card user is present in Active Directory, an Active Directory password is not required.

Logging in to iDRAC using Single Sign-On
When Single Sign-On (SSO) is enabled, you can log in to iDRAC without entering your domain user authentication credentials, such as user
name and password.

Logging in to iDRAC SSO using iDRAC web interface
Before logging in to iDRAC using Single Sign-On, ensure that:
•

You have logged in to your system using a valid Active Directory user account.

•

Single Sign-On option is enabled during Active Directory configuration.

To log in to iDRAC using web interface:
1

Log in to your management station using a valid Active Directory account.

2

In a web browser, type https://[FQDN address].

36

Logging in to iDRAC

NOTE: If the default HTTPS port number (port 443) has been changed, type: https://[FQDN address]:[port
number] where [FQDN address] is the iDRAC FQDN (iDRACdnsname.domain. name) and [port number] is the
HTTPS port number.
NOTE: If you use IP address instead of FQDN, SSO fails.
iDRAC logs you in with appropriate Microsoft Active Directory privileges, using your credentials that were cached in the operating
system when you logged in using a valid Active Directory account.

Logging in to iDRAC SSO using CMC web interface
Using the SSO feature, you can launch the iDRAC web interface from the CMC web interface. A CMC user has the CMC user privileges
when launching iDRAC from CMC. If the user account is present in CMC and not in iDRAC, the user can still launch iDRAC from CMC.
If iDRAC network LAN is disabled (LAN Enabled = No), SSO is not available.
If the server is removed from the chassis, iDRAC IP address is changed, or there is a problem in iDRAC network connection, the option to
Launch iDRAC is grayed-out in the CMC web interface.
For more information, see the Chassis Management Controller User’s Guide available at dell.com/support/manuals.

Accessing iDRAC using remote RACADM
You can use remote RACADM to access iDRAC using RACADM utility.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
If the management station has not stored the iDRAC’s SSL certificate in its default certificate storage, a warning message is displayed
when you run the RACADM command. However, the command is executed successfully.
NOTE: The iDRAC certificate is the certificate iDRAC sends to the RACADM client to establish the secure session. This
certificate is either issued by a CA or self-signed. In either case, if the management station does not recognize the CA or signing
authority, a warning is displayed.

Validating CA certificate to use remote RACADM on Linux
Before running remote RACADM commands, validate the CA certificate that is used for secure communications.
To validate the certificate for using remote RACADM:
1

Convert the certificate in DER format to PEM format (using openssl command-line tool):
openssl x509 -inform pem -in [yourdownloadedderformatcert.crt] –outform pem -out
[outcertfileinpemformat.pem] –text

2

Find the location of the default CA certificate bundle on the management station. For example, for RHEL5 64 bit, it is /etc/pki/tls/
cert.pem.

3

Append the PEM formatted CA certificate to the management station CA certificate.
For example, use the cat command: cat testcacert.pem >> cert.pem

4

Generate and upload the server certificate to iDRAC.

Accessing iDRAC using local RACADM
For information to access iDRAC using local RACADM, see the iDRAC RACADM Command Line Interface Reference Guide available at
dell.com/idracmanuals.

Logging in to iDRAC

37

Accessing iDRAC using firmware RACADM
You can use SSH or Telnet interfaces to access iDRAC and run firmware RACADM commands. For more information, see the iDRAC
RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Viewing system health
Before you perform a task or trigger an event, you can use RACADM to check if the system is in a suitable state. To view the remote
service status from RACADM, use the getremoteservicesstatus command.
Table 6. Possible values for system status
Host System
•
•
•
•
•
•
•
•

•
•

1
2
3
4

Powered Off
In POST
Out of POST
Collecting System Inventory
Automated Task Execution
Lifecycle Controller Unified
Server Configurator
Server has halted at F1/F2
error prompt because of a
POST error
Server has halted at
F1/F2/F11 prompt because
there are no bootable
devices available
Server has entered F2 setup
menu
Server has entered F11 Boot
Manager menu

Lifecycle Controller (LC)
•
•
•
•
•
•

Ready
Not Initialized
Reloading data
Disabled
In Recovery
In Use

Real Time Status
•
•

Ready
Not Ready

Overall Status
•
•

Ready
Not Ready

Read/Write: Read Only
User Privilege: Login User
License Required: iDRAC Express or iDRAC Enterprise
Dependency: None

Logging in to iDRAC using public key authentication
You can log in to the iDRAC over SSH without entering a password. You can also send a single RACADM command as a command line
argument to the SSH application. The command line options behave like remote RACADM since the session ends after the command is
completed.
For example:
Logging in:
ssh username@
or
ssh username@
where IP_address is the IP address of the iDRAC.

38

Logging in to iDRAC

Sending RACADM commands:
ssh username@ racadm getversion
ssh username@ racadm getsel

Multiple iDRAC sessions
The following table provides the number of iDRAC sessions that are possible using the various interfaces.
Table 7. Multiple iDRAC sessions
Interface

Number of Sessions

iDRAC Web Interface

6

Remote RACADM

4

Firmware RACADM/SMCLP

SSH - 2
Telnet - 2
Serial - 1

Accessing iDRAC using SMCLP
SMCLP is the default command line prompt when you log in to iDRAC using Telnet or SSH. For more information, see Using SMCLP.

Secure default password
All supported systems are shipped with a unique default password for iDRAC, unless you choose to set calvin as the password while
ordering the system. The unique password helps improve the security of iDRAC and your server. To further enhance security, it is
recommended that you change the default password.
The unique password for your system is available on the system information tag. To locate the tag, see the documentation for your server
at dell.com/support/manuals.
NOTE: For PowerEdge C6420, M640, and FC640, the default password is calvin.
NOTE: Resetting iDRAC to the factory default settings reverts the default password to the one that the server was shipped with.
If you have forgotten the password and do not have access to the system information tag, there are a few methods to reset the password
locally or remotely.

Resetting default iDRAC password locally
If you have physical access to the system, you can reset the password using the following:
•

iDRAC Setting utility (System Setup)

•

Local RACADM

•

OpenManage Mobile

•

Server management USB port

•

USB-NIC

Logging in to iDRAC

39

Resetting default password using the iDRAC Settings utility
Access this utility using the System Setup of your server. For more information, see the System Setup section of your system
documentation at dell.com/support/manuals.

Resetting default password using local RACADM
1

Log in to the host OS installed on the system.

2

Access the local RACADM interface.

3

Follow the instructions in Changing the default login password using RACADM.

Resetting default password using OpenManage Mobile
You can use the OpenManage Mobile (OMM) to log in and change the default password. To log in to iDRAC using OMM, scan the QR code
on the system information tag. For more information about using OMM, see the OMM documentation at Dell.com/openmanagemanuals.
NOTE: Scanning the QR code logs you into iDRAC only if the default credentials are at default values. If you have changed them
from the default values, enter the updated credentials.

Resetting default password using the server management USB port
NOTE: These steps require that the USB management port is enabled and configured.

Using Server Configuration Profile file
Create a Server Configuration Profile (SCP) file with a new password for the default account, place it on a memory key, and use the server
management USB port on the server to upload the SCP file. For more information on creating the file, see Using USB port for server
management.

Accessing iDRAC using a laptop
Connect a laptop to the server management USB port and access iDRAC to change the password. For more information, see Accessing
iDRAC interface over direct USB connection.

Changing default password using USB-NIC
If you have access to a keyboard, mouse, and a display device, connect to the server using the USB-NIC to access the iDRAC interface and
change the default password.
1

Connect the devices to the system.

2

Use a supported browser to access the iDRAC interface using the iDRAC IP.

3

Follow the instructions in Changing the default login password using web interface.

Resetting default iDRAC password remotely
If you do not have physical access to the system, you can reset the default password remotely.

40

Logging in to iDRAC

Remote — Provisioned system
If you have an operating system installed on the system, use a remote desktop client to log in to the server. After you log into the server,
use any of the local interfaces such as RACADM or web interface to change the password.

Remote — Non-provisioned system
If there is no operating system installed on the server and if you have a PXE setup available, use PXE and then use RACADM to reset the
password.

Changing the default login password
The warning message that allows you to change the default password is displayed if:
•

You log in to iDRAC with Configure User privilege.

•

The default password warning feature is enabled.

•

The default iDRAC user name and password are provided on the system information tag.

A warning message is also displayed when you log in to iDRAC using SSH, Telnet, remote RACADM, or the Web interface. For Web
interface, SSH, and Telnet, a single warning message is displayed for each session. For remote RACADM, the warning message is displayed
for each command.
NOTE: For information on recommended characters for user names and passwords, see Recommended characters in user names
and passwords.

Changing the default login password using web interface
When you log in to the iDRAC web interface, if the Default Password Warning page is displayed, you can change the password. To do this:
1

Select the Change Default Password option.

2

In the New Password field, enter the new password.
NOTE: For information on recommended characters for user names and passwords, see Recommended characters in user
names and passwords.

3

In the Confirm Password field, enter the password again.

4

Click Continue.
The new password is configured and you are logged in to iDRAC.
NOTE: Continue is enabled only if the passwords entered in the New Password and Confirm Password fields match.
For information about the other fields, see the iDRAC Online Help.

Changing the default login password using RACADM
To change the password, run the following RACADM command:
racadm set iDRAC.Users..Password 
where,  is a value from 1 to 16 (indicates the user account) and  is the new user defined password.
NOTE: The index for the default account is 2.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Logging in to iDRAC

41

NOTE: For information on recommended characters for user names and passwords, see Recommended characters in user names
and passwords.

Changing the default login password using iDRAC settings
utility
To change the default login password using iDRAC settings utility:
1

In the iDRAC Settings utility, go to User Configuration.
The iDRAC Settings User Configuration page is displayed.

2

In the Change Password field, enter the new password.
NOTE: For information on recommended characters for user names and passwords, see Recommended characters in user
names and passwords.

3

Click Back, click Finish, and then click Yes.
The details are saved.

Enabling or disabling default password warning
message
You can enable or disable the display of the default password warning message. To do this, you must have Configure Users privilege.

IP Blocking
You can use IP blocking to dynamically determine when excessive login failures occur from an IP address and block or prevent the IP
address from logging into the iDRAC9 for a preselected time span. IP blocking includes:
•

The number of allowable login failures.

•

The timeframe in seconds when these failures must occur.

•

The amount of time, in seconds, when the IP address is prevented from establishing a session after the total allowable number of
failures is exceeded.

As consecutive login failures accumulate from a specific IP address, they are tracked by an internal counter. When the user logs in
successfully, the failure history is cleared and the internal counter is reset.
NOTE: When consecutive login attempts are refused from the client IP address, some SSH clients may display the following
message:
ssh exchange identification: Connection closed by remote host
.
Table 8. Login Retry Restriction Properties
Property

Definition

iDRAC.IPBlocking.BlockEnable

Enables the IP blocking feature. When consecutive failures
iDRAC.IPBlocking.FailCount
from a single IP address are encountered within a specific amount of
time
iDRAC.IPBlocking.FailWindow

42

Logging in to iDRAC

Property

Definition
all further attempts to establish a session from that address are
rejected for a certain timespan
iDRAC.IPBlocking.PenaltyTime

iDRAC.IPBlocking.FailCount

Sets the number of login failures from an IP address before the login
attempts are rejected.

iDRAC.IPBlocking.FailWindow

The time, in seconds during which the failed attempts are counted.
When the failures occur beyond this time period, the counter gets
reset.

iDRAC.IPBlocking.PenaltyTime

Defines the timespan in seconds when all login attempts from an IP
address with excessive failures are rejected.

Enabling or disabling OS to iDRAC Pass-through using
web interface
To enable OS to iDRAC Pass-through using Web interface:
1

Go to iDRAC Settings > Connectivity > Network > OS to iDRAC Pass-through.
The OS to iDRAC Pass-through page is displayed.

2

Select any of the following options to enable OS to iDRAC pass-through:
•

LOM — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the LOM or
NDC.

•

USB NIC — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the
internal USB bus.

To disable this feature, select Disabled.
3

If you select LOM as the pass-through configuration, and if the server is connected using dedicated mode, enter the IPv4 address of
the operating system.
NOTE: If the server is connected in shared LOM mode, then the OS IP Address field is disabled.
NOTE: If the VLAN is enabled on the iDRAC, the LOM-Passthrough will only function in shared LOM mode with VLAN
tagging configured on the host.

4

If you select USB NIC as the pass-through configuration, enter the IP address of the USB NIC.
The default value is 169.254.1.1. It is recommended to use the default IP address. However, if this IP address conflicts with an IP
address of other interfaces of the host system or the local network, you must change it.
Do not enter 169.254.0.3 and 169.254.0.4 IPs. These IPs are reserved for the USB NIC port on the front panel when a A/A cable is
used.

5

Click Apply.

6

Click Test Network Configuration to check if the IP is accessible and the link is established between the iDRAC and the host
operating system.

Enabling or disabling alerts using RACADM
Use the following command:
racadm set iDRAC.IPMILan.AlertEnable 
n=0 — Disabled
n=1 — Enabled

Logging in to iDRAC

43

3
Setting up managed system
If you need to run local RACADM or enable Last Crash Screen capture, install the following from the Dell Systems Management Tools and
Documentation DVD:
•

Local RACADM

•

Server Administrator

For more information about Server Administrator, see Dell OpenManage Server Administrator User’s Guide available at dell.com/support/
manuals.

Topics:
•

Setting up iDRAC IP address

•

Modifying local administrator account settings

•

Setting up managed system location

•

Optimizing system performance and power consumption

•

Setting up management station

•

Configuring supported web browsers

•

Updating device firmware

•

Viewing and managing staged updates

•

Rolling back device firmware

•

Backing up server profile

•

Importing server profile

•

Monitoring iDRAC using other Systems Management tools

•

Support Server Configuration Profile — Import and Export

•

Secure Boot Configuration from BIOS Settings or F2

•

BIOS recovery

Setting up iDRAC IP address
You must configure the initial network settings based on your network infrastructure to enable the communication to and from iDRAC. You
can set up the IP address using one of the following interfaces:
•

iDRAC Settings utility

•

Lifecycle Controller (see Lifecycle Controller User’s Guide)

•

Dell Deployment Toolkit (see Dell Deployment Toolkit User’s Guide)

•

Chassis or Server LCD panel (see the system’s Hardware Owner’s Manual)
NOTE: In case of blade servers, you can configure the network setting using the Chassis LCD panel only during initial
configuration of CMC. After the chassis is deployed, you cannot reconfigure iDRAC using the Chassis LCD panel.

•

CMC Web interface (see Dell Chassis Management Controller Firmware User’s Guide)

In case of rack and tower servers, you can set up the IP address or use the default iDRAC IP address 192.168.0.120 to configure initial
network settings, including setting up DHCP or the static IP for iDRAC.
In case of blade servers, the iDRAC network interface is disabled by default.

44

Setting up managed system

After you configure iDRAC IP address:
•

Ensure that you change the default user name and password.

•

Access iDRAC through any of the following interfaces:
•

iDRAC Web interface using a supported browser (Internet Explorer, Firefox, Chrome, or Safari)

•

Secure Shell (SSH) — Requires a client such as PuTTY on Windows. SSH is available by default in most of the Linux systems and
hence does not require a client.

•

Telnet (must be enabled, since it is disabled by default)

•

IPMITool (uses IPMI command) or shell prompt (requires Dell customized installer in Windows or Linux, available from Systems
Management Documentation and Tools DVD or dell.com/support)

Setting up iDRAC IP using iDRAC settings utility
To set up the iDRAC IP address:
1

Turn on the managed system.

2

Press  during Power-on Self-test (POST).

3

In the System Setup Main Menu page, click iDRAC Settings.
The iDRAC Settings page is displayed.

4

Click Network.
The Network page is displayed.

5

6

Specify the following settings:
•

Network Settings

•

Common Settings

•

IPv4 Settings

•

IPv6 Settings

•

IPMI Settings

• VLAN Settings
Click Back, click Finish, and then click Yes.
The network information is saved and the system reboots.

Configuring the network settings
To configure the network settings:
NOTE: For information about the options, see the iDRAC Settings Utility Online Help.
1

Under Enable NIC, select the Enabled option.

2

From the NIC Selection drop-down menu, select one of the following ports based on the network requirement:
•

Dedicated — Enables the remote access device to use the dedicated network interface available on the Remote Access Controller
(RAC). This interface is not shared with the host operating system and routes the management traffic to a separate physical
network, enabling it to be separated from the application traffic.
This option implies that iDRAC's dedicated network port routes its traffic separately from the server's LOM or NIC ports. About
managing network traffic, the Dedicated option allows iDRAC to be assigned an IP address from the same subnet or different
subnet in comparison to the IP addresses assigned to the Host LOM or NICs.
NOTE: In blade servers, the Dedicated option is displayed as Chassis (Dedicated).

•

LOM1

•

LOM2

•

LOM3

•

LOM4

Setting up managed system

45

NOTE: In the case of rack and tower servers, two LOM options (LOM1 and LOM2) or all four LOM options are available
depending on the server model. In blade servers with two NDC ports, two LOM options (LOM1 and LOM2) are available and
on server with four NDC ports, all four LOM options are available.
NOTE: Shared LOM is not supported on the Intel 2P X520–k bNDC 10 G if they are used in a full-height server with two
NDCs because they do not support hardware arbitration.
3

From the Failover Network drop-down menu, select one of the remaining LOMs. If a network fails, the traffic is routed through the
failover network.
For example, to route the iDRAC network traffic through LOM2 when LOM1 is down, select LOM1 for NIC Selection and LOM2 for
Failover Network.
NOTE: If you have selected Dedicated in NIC Selection drop-down menu, the option is grayed-out.

4

Under Auto Negotiation, select On if iDRAC must automatically set the duplex mode and network speed.
This option is available only for dedicated mode. If enabled, iDRAC sets the network speed to 10, 100, or 1000 Mbps based on the
network speed.

5

Under Network Speed, select either 10 Mbps or 100 Mbps.
NOTE: You cannot manually set the Network Speed to 1000 Mbps. This option is available only if Auto Negotiation option is
enabled.

6

Under Duplex Mode, select Half Duplex or Full Duplex option.
NOTE: If you enable Auto Negotiation, this option is grayed-out.

Common settings
If network infrastructure has DNS server, register iDRAC on the DNS. These are the initial settings requirements for advanced features
such as Directory services—Active Directory or LDAP, Single Sign On, and smart card.
To register iDRAC:
1

Enable Register DRAC on DNS.

2

Enter the DNS DRAC Name.

3

Select Auto Config Domain Name to automatically acquire domain name from DHCP. Else, provide the DNS Domain Name.

Configuring the IPv4 settings
To configure the IPv4 settings:
1

Select Enabled option under Enable IPv4.

2

Select Enabled option under Enable DHCP, so that DHCP can automatically assign the IP address, gateway, and subnet mask to
iDRAC. Else, select Disabled and enter the values for:

NOTE: In the 14th generation of the PowerEdge servers, DHCP is enabled by default.

3

•

Static IP Address

•

Static Gateway

• Static Subnet Mask
Optionally, enable Use DHCP to obtain DNS server address, so that the DHCP server can assign the Static Preferred DNS Server
and Static Alternate DNS Server. Else, enter the IP addresses for Static Preferred DNS Server and Static Alternate DNS Server.

Configuring the IPv6 settings
Based on the infrastructure setup, you can use IPv6 address protocol.

46

Setting up managed system

To configure the IPv6 settings:
1

Select Enabled option under Enable IPv6.

2

For the DHCPv6 server to automatically assign the IP address, gateway, and subnet mask to iDRAC, select Enabled option under
Enable Auto-configuration.
NOTE: You can configure both static IP and DHCP IP at the same
time.

3

In the Static IP Address 1 box, enter the static IPv6 address.

4

In the Static Prefix Length box, enter a value between 0 and 128.

5

In the Static Gateway box, enter the gateway address.
NOTE: If you configure static IP, the current IP address 1 displays static IP and the IP address 2 displays dynamic IP. If you
clear the static IP settings, the current IP address 1 displays dynamic IP.

6

If you are using DHCP, enable DHCPv6 to obtain DNS Server addresses to obtain Primary and Secondary DNS server addresses
from DHCPv6 server. You can configure the following if required:
•

In the Static Preferred DNS Server box, enter the static DNS server IPv6 address.

•

In the Static Alternate DNS Server box, enter the static alternate DNS server.

Configuring the IPMI settings
To enable the IPMI Settings:
1

Under Enable IPMI Over LAN, select Enabled.

2

Under Channel Privilege Limit, select Administrator, Operator, or User.

3

In the Encryption Key box, enter the encryption key in the format 0 to 40 hexadecimal characters (without any blanks characters.)
The default value is all zeros.

VLAN settings
You can configure iDRAC into the VLAN infrastructure. To configure VLAN settings, perform the following steps:
NOTE: On blade servers that are set as Chassis (Dedicated), the VLAN settings are read-only and can be changed only using
CMC. If the server is set in shared mode, you can configure VLAN settings in shared mode in iDRAC.
1

Under Enable VLAN ID, select Enabled.

2

In the VLAN ID box, enter a valid number from 1 to 4094.

3

In the Priority box, enter a number from 0 to 7 to set the priority of the VLAN ID.
NOTE: After enabling VLAN, the iDRAC IP is not accessible for some time.

Setting up iDRAC IP using the CMC web interface
To set up the iDRAC IP address using the Chassis Management Controller (CMC) Web interface:
NOTE: You must have Chassis Configuration Administrator privilege to set up iDRAC network settings from CMC. The CMC
option is applicable only for blade servers.
1

Log in to the CMC Web interface.

2

Go to iDRAC Settings > Settings > CMC.
The Deploy iDRAC page is displayed.

3

Under iDRAC Network Settings, select Enable LAN and other network parameters as per requirements. For more information, see
CMC online help.

4

For additional network settings specific to each blade server, go to Server Overview > .
The Server Status page is displayed.
Setting up managed system

47

5

Click Launch iDRAC and go to iDRAC Settings > Connectivity > Network.

6

In the Network page, specify the following settings:
•

Network Settings

•

Common Settings

•

IPV4 Settings

•

IPV6 Settings

•

IPMI Settings

•

VLAN Settings

•

Advanced Network Settings
NOTE: For more information, see iDRAC Online Help.

7

To save the network information, click Apply.
For more information, see the Chassis Management Controller User’s Guide available at dell.com/support/manuals.

Enabling provisioning server
The provisioning server feature allows newly installed servers to automatically discover the remote management console that hosts the
provisioning server. The provisioning server provides custom administrative user credentials to iDRAC so that the unprovisioned server can
be discovered and managed from the management console. For more information about provisioning server, see the Lifecycle Controller
Remote Services User’s Guide available at dell.com/idracmanuals.
Provisioning server works with a static IP address. DHCP, DNS server, or the default DNS host name discovers the provisioning server. If
DNS is specified, the provisioning server IP is retrieved from DNS and the DHCP settings are not required. If the provisioning server is
specified, discovery is skipped so neither DHCP nor DNS is required.
You can enable the Provisioning Server feature using iDRAC Settings Utility or using Lifecycle Controller. For information on using Lifecycle
Controller, see Lifecycle Controller User’s Guide available at dell.com/idracmanuals.
If the Provisioning Server feature is not enabled on the factory-shipped system, the default administrator account (the default iDRAC user
name and password are provided on the system badge) is enabled. Before enabling Provisioning Server, make sure to disable this
administrator account. If the Provisioning Server feature in Lifecycle Controller is enabled, all the iDRAC user accounts are disabled until the
provisioning server is discovered.
To enable provisioning server using iDRAC Settings utility:
1

Turn on the managed system.

2

During POST, press F2, and go to iDRAC Settings > Remote Enablement.
The iDRAC Settings Remote Enablement page is displayed.

3

Enable auto-discovery, enter the provisioning server IP address, and click Back.

4

Click Network.

NOTE: Specifying the provisioning server IP is optional. If it is not set, it is discovered using DHCP or DNS settings (step 7).
The iDRAC Settings Network page is displayed.
5

Enable NIC.

6

Enable IPv4.

7

Enable DHCP and get the domain name, DNS server address, and DNS domain name from DHCP.

NOTE: IPv6 is not supported for auto-discovery.

NOTE: Step 7 is optional if the provisioning server IP address (step 3) is provided.

48

Setting up managed system

Configuring servers and server components using Auto Config
The Auto Config feature configures and provisions all the components in a server in a single operation. These components include BIOS,
iDRAC, and PERC. Auto Config automatically imports a Server Configuration Profile (SCP) XML or JSON file containing all configurable
parameters. The DHCP server that assigns the IP address also provides the details for accessing the SCP file.
SCP files are created by configuring a gold configuration server. This configuration is then exported to a shared NFS, CIFS, HTTP or
HTTPS network location that is accessible by the DHCP server and the iDRAC of the server being configured. The SCP file name can be
based on the Service Tag or model number of the target server or can be given as a generic name. The DHCP server uses a DHCP server
option to specify the SCP file name (optionally), SCP file location, and the user credentials to access the file location.
When the iDRAC obtains an IP address from the DHCP server that is configured for Auto Config, iDRAC uses the SCP to configure the
server’s devices. Auto Config is invoked only after the iDRAC gets its IP address from the DHCP server. If it does not get a response or an
IP address from the DHCP server, then Auto Config is not invoked.
HTTP and HTTPS file sharing options are supported for iDRAC firmware 3.00.00.00 or later. Details of the HTTP or HTTPS address need to
be provided. In case the proxy is enabled on the server, the user needs to provide further proxy settings to allow HTTP or HTTPS to
transfer information. The -s option flag is updated as:
Table 9. Different Share Types and pass in values
-s (ShareType)

pass in

NFS

0 or nfs

CIFS

2 or cifs

HTTP

5 or http

HTTPS

6 or https

NOTE: HTTPS certificates are not supported with Auto Config. Auto Config ignores certificate warnings.
Following list describes the required and optional parameters to pass in for the string value:
-f (Filename): name of exported Server Configuration Profile file. This is required for iDRAC firmware versions prior to 2.20.20.20.
-n (Sharename): name of network share. This is required for NFS or CIFS.
-s (ShareType): pass in either 0 for NFS, 2 for CIFS, 5 for HTTP and 6 for HTTPS. This is a mandatory field for iDRAC firmware
versions 3.00.00.00.
-i (IPAddress): IP address of the network share. This is a mandatory field.
-u (Username): username that has access to network share. This is a mandatory field for CIFS.
-p (Password): user password that has access to network share. This is a mandatory field for CIFS.
-d (ShutdownType): either 0 for graceful or 1 for forced (default setting: 0). This is an optional field.
-t (Timetowait): time to wait for the host to shutdown (default setting: 300). This is an optional field.
-e (EndHostPowerState): either 0 for OFF or 1 for ON (default setting 1). This is an optional field.
The additional option flags are supported in iDRAC firmware 3.00.00.00 or later to enable the configuration of HTTP proxy parameters and
set the retry timeout for accessing the Profile file:
—pd (ProxyDefault): Use default proxy setting. This is an optional field.

Setting up managed system

49

—pt (ProxyType): The user can pass in http or socks (default setting http). This is an optional field.
—ph (ProxyHost): IP address of the proxy host. This is an optional field.
—pu (ProxyUserName): username that has access to the proxy server. This is required for proxy support.
—pp (ProxyPassword): user password that has access to the proxy server. This is required for proxy support.
—po (ProxyPort): port for the proxy server (default setting is 80). This is an optional field.
—to (Timeout): specifies the retry timeout in minutes for obtaining config file (default is 60 minutes).
For iDRAC firmware 3.00.00.00 or later, JSON format Profile files are supported. The following file names will be used if the Filename
parameter is not present:
•

-config.xml, Example: CDVH7R1-config.xml

•

-config.xml, Example: R640-config.xml

•

config.xml

•

-config.json, Example:CDVH7R1-config.json

•

-config.json, Example: R630-config.json

•

config.json
NOTE: More information about HTTP can be found in the 14G Support for HTTP and HTTPS across IDRAC/LC Interface white
paper at delltechcenter.com.
NOTE:
•

Auto Config can only be enabled when DHCPv4 and the Enable IPV4 options are enabled.

•

Auto Config and Auto Discovery features are mutually exclusive. Disable Auto Discovery for Auto Config to work.

•

The Auto Config is disabled after a server has carried out an Auto Config operation.

If all the Dell PowerEdge servers in the DHCP server pool are of the same model type and number, then a single SCP file (config.xml) is
required. The config.xml file name is used as the default SCP file name. In addition to .xml file, .json files can also be used with 14G systems.
The file can be config.json.
The user can configure individual servers requiring different configuration files mapped using individual server Service Tags or server
models. In an environment that has different servers with specific requirements, different SCP file names can be used to distinguish each
server or server type. For example, if there are two server models to configure — PowerEdge R740s and PowerEdge R540s, use two SCP
files, R740-config.xml and R540-config.xml.
NOTE: iDRAC server configuration agent automatically generates the configuration filename using the server Service Tag, model
number, or the default filename — config.xml.
NOTE: If none of these files are on the network share, then the server configuration profile import job is marked as failed for file
not found.

Auto Config sequence
1

Create or modify the SCP file that configures the attributes of Dell servers.

2

Place the SCP file in a share location that is accessible by the DHCP server and all the Dell servers that are assigned IP address from
the DHCP server.

3

Specify the SCP file location in vendor-option 43 field of DHCP server.

4

The iDRAC while acquiring IP address advertises vendor class identifier. (Option 60)

5

The DHCP server matches the vendor class to the vendor option in the dhcpd.conf file and sends the SCP file location and, if
specified the SCP file name to the iDRAC.

6

The iDRAC processes the SCP file and configures all the attributes listed in the file.

50

Setting up managed system

DHCP options
DHCPv4 allows many globally defined parameters to be passed to the DHCP clients. Each parameter is known as a DHCP option. Each
option is identified with an option tag, which is a 1-byte value. Option tags 0 and 255 are reserved for padding and end of options,
respectively. All other values are available for defining options.
The DHCP Option 43 is used to send information from the DHCP server to the DHCP client. The option is defined as a text string. This text
string is set to contain the values of the SCP filename, share location and the credentials to access the location. For example,
option myname code 43 = text;
subnet 192.168.0.0 netmask 255.255.255.0 {
# default gateway
option routers 192.168.0.1;
option subnet-mask 255.255.255.0;
option nis-domain "domain.org";
option domain-name "domain.org";
option domain-name-servers 192.168.1.1;
option time-offset -18000; #Eastern Standard Time
option vendor-class-identifier "iDRAC";
set vendor-string = option vendor-class-identifier;
option myname "-f system_config.xml -i 192.168.0.130 -u user -p password -n cifs -s 2 -d 0 t 500";
where, -i is the location of the Remote File Share and –f is the file name in the string along with the credentials to the Remote File Share.
The DHCP Option 60 identifies and associates a DHCP client with a particular vendor. Any DHCP server configured to take action based on
a client’s vendor ID should have Option 60 and Option 43 configured. With Dell PowerEdge servers, the iDRAC identifies itself with vendor
ID: iDRAC. Therefore, you must add a new ‘Vendor Class’ and create a ‘scope option’ under it for ‘code 60,’ and then enable the new scope
option for the DHCP server.

Configuring option 43 on Windows
To configure option 43 on Windows:
1

On the DHCP server, go to Start > Administration Tools > DHCP to open the DHCP server administration tool.

2

Find the server and expand all items under it.

3

Right-click on Scope Options and select Configure Options.
The Scope Options dialog box is displayed.

4

Scroll down and select 043 Vendor Specific Info.

5

In the Data Entry field, click anywhere in the area under ASCII and enter the IP address of the server that has the share location,
which contains the SCP file.
The value appears as you type it under the ASCII, but it also appears in binary to the left.

6

Click OK to save the configuration.

Configuring option 60 on Windows
To configure option 60 on Windows:
1

On the DHCP server, go to Start > Administration Tools > DHCP to open the DHCP server administration tool.

2

Find the server and expand the items under it.

3

Right-click on IPv4 and choose Define Vendor Classes.

4

Click Add.
A dialog box with the following fields is displayed:

5

•

Display name:

•

Description:

• ID: Binary: ASCII:
In the Display name: field, type iDRAC.
Setting up managed system

51

6

In the Description: field, type Vendor Class.

7

Click in the ASCII: section and type iDRAC.

8

Click OK and then Close.

9

On the DHCP window, right-click IPv4 and select Set Predefined Options.

10

From the Option class drop-down menu, select iDRAC (created in step 4) and click Add.

11

In the Option Type dialog box, enter the following information:
•

Name — iDRAC

•

Data Type — String

•

Code — 060

12

• Description — Dell vendor class identifier
Click OK to return to the DHCP window.

13

Expand all items under the server name, right-click Scope Options and select Configure Options.

14

Click the Advanced tab.

15

From the Vendor class drop-down menu, select iDRAC. The 060 iDRAC is displayed in the Available Options column.

16

Select 060 iDRAC option.

17

Enter the string value that must be sent to the iDRAC (along with a standard DHCP provided IP address). The string value helps in
importing the correct SCP file.
For the option’s DATA entry, String Value setting, use a text parameter that has the following letter options and values:
•

Filename (–f) — Indicates the name of the exported Server Configuration Profile(SCP) file.

•

Sharename (-n) — Indicates the name of the network share.

•

ShareType (-s) —
Alongside supporting NFS and CIFS-based file sharing, iDRAC firmware 3.00.00.00 or later also supports accessing profile files by
using HTTP and HTTPS. The -s option flag is updated as follows:
-s (ShareType): type nfs or 0 for NFS; cifs or 2 for CIFS; http or 5 for HTTP; or https or 6 for HTTPS (mandatory).

•

IPAddress (-i) — Indicates the IP address of the file share.
NOTE: Sharename (-n), ShareType (-s), and IPAddress (-i) are required attributes that must be passed. -n is
not required for HTTP or HTTPs.

•

Username (-u) — Indicates the user name required to access the network share. This information is required only for CIFS.

•

Password (-p) — Indicates the password required to access the network share. This information is required only for CIFS.

•

ShutdownType (-d) — Indicates the mode of shutdown. 0 indicates Graceful shutdown and 1 indicates Forced shutdown.
NOTE: The default setting is 0.

•

Timetowait (-t) — Indicates the time the host system waits before shutting down. The default setting is 300.

•

EndHostPowerState (-e) — Indicates the power state of the host. 0 indicates OFF and 1 indicates ON. The default setting
is 1.
NOTE: ShutdownType (-d), Timetowait (-t), and EndHostPowerState (-e) are optional attributes.

NFS: -f system_config.xml -i 192.168.1.101 -n /nfs_share -s 0 -d 1
CIFS: -f system_config.xml -i 192.168.1.101 -n cifs_share -s 2 -u  -p  -d 1 -t 400
HTTP: -f system_config.json -i 192.168.1.101 -s 5
HTTP: -f http_share/system_config.xml -i 192.168.1.101 -s http
HTTP: -f system_config.xml -i 192.168.1.101 -s http -n http_share
HTTPS: -f system_config.json -i 192.168.1.101 -s https

52

Setting up managed system

Configuring option 43 and option 60 on Linux
Update the /etc/dhcpd.conf file. The steps to configure the options are similar to the steps for Windows:
1

Set aside a block or pool of addresses that this DHCP server can allocate.

2

Set the option 43 and use the name vendor class identifier for option 60.
option myname code 43 = text;
subnet 192.168.0.0 netmask 255.255.0.0 {
#default gateway
option routers
192.168.0.1;
option subnet-mask
255.255.255.0;
option nis-domain
"domain.org";
option domain-name
"domain.org";
option domain-name-servers
192.168.1.1;
option time-offset
-18000;
# Eastern Standard Time
option vendor-class-identifier "iDRAC";
set vendor-string = option vendor-class-identifier;
option myname "-f system_config.xml -i 192.168.0.130 -u user -p password -n cifs -s 2 -d
0 -t 500";
range dynamic-bootp 192.168.0.128 192.168.0.254;
default-lease-time 21600;
max-lease-time 43200;
}
}
The following are the required and optional parameters that must be passed in the vendor class identifier string:
•

Filename (–f) — Indicates the name of the exported Server Configuration Profile file.
NOTE: For more information on file naming rules, see Configuring servers and server components using Auto
Config.

•

Sharename (-n) — Indicates the name of the network share.

•

ShareType (-s) — Indicates the share type. 0 indicates NFS and 2 indicates CIFS.

•

IPAddress (-i) — Indicates the IP address of the file share.
NOTE: Sharename (-n), ShareType (-s), and IPAddress (-i) are required attributes that must be passed. -n is not required
for HTTP or HTTPs.

•

Username (-u) — Indicates the user name required to access the network share. This information is required only for CIFS.

•

Password (-p) — Indicates the password required to access the network share. This information is required only for CIFS.
NOTE: Example for Linux NFS and CIFS share:
•

NFS: -f system_config.xml -i 192.168.0.130 -n /nfs -s 0 -d 0 -t 500

•

CIFS: -f system_config.xml -i 192.168.0.130 -n sambashare/config_files -s 2 -u user -p password -d 1 -t
400

Ensure that you use NFS2 or NFS3 for NFS network share
•

ShutdownType (-d) — Indicates the mode of shutdown. 0 indicates Graceful shutdown and 1 indicates Forced shutdown.

•

Timetowait (-t) — Indicates the time the host system waits before shutting down. The default setting is 300.

•

EndHostPowerState (-e) — Indicates the power state of the host. 0 indicates OFF and 1 indicates ON. The default setting is 1.

NOTE: The default setting is 0.

NOTE: ShutdownType (-d), Timetowait (-t), and EndHostPowerState (-e) are optional attributes.
The following is an example of a static DHCP reservation from a dhcpd.conf file:
host my_host {
hardware ethernet b8:2a:72:fb:e6:56;
fixed-address 192.168.0.211;

Setting up managed system

53

option host-name "my_host";
option myname " -f r630_raid.xml -i 192.168.0.1 -n /nfs -s 0 -d 0 -t 300";
}
NOTE: After editing the dhcpd.conf file, make sure to restart the dhcpd service to apply the
changes.

Prerequisites before enabling Auto Config
Before enabling the Auto config feature, make sure that following are already set:
•

Supported network share (NFS, CIFS, HTTP and HTTPS) is available on the same subnet as the iDRAC and DHCP server. Test the
network share to ensure that it can be accessed and that the firewall and user permissions are set correctly.

•

Server configuration profile is exported to the network share. Also, make sure that the necessary changes in the SCP file are complete
so that proper settings can be applied when the Auto Config process is initiated.

•

DHCP server is set and the DHCP configuration is updated as required for iDRAC to call the server and initiate the Auto Config feature.

Enabling Auto Config using iDRAC web interface
Make sure that DHCPv4 and the Enable IPv4 options are enabled and Auto-discovery is disabled.
To enable Auto Config:
1

In the iDRAC web interface, go to iDRAC Settings > Connectivity > Network > Auto Config.
The Network page is displayed.

2

3

In the Auto Config section, select one of the following options from the Enable DHCP Provisioning drop-down menu:
•

Enable Once — Configures the component only once using the SCP file referenced by the DHCP server. After this, Auto Config is
disabled.

•

Enable once after reset — After the iDRAC is reset, configures the components only once using the SCP file referenced by the
DHCP server. After this, Auto Config is disabled.

• Disable — Disables the Auto Config feature.
Click Apply to apply the setting.
The network page automatically refreshes.

Enabling Auto Config using RACADM
To enable Auto Config feature using RACADM, use the iDRAC.NIC.AutoConfig object.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
For more information on the Auto Config feature, see the Zero-Touch Bare Metal Server Provisioning using Dell iDRAC with Lifecycle
Controller Auto Config white paper available at the delltechcenter.com/idrac.

Using hash passwords for improved security
On PowerEdge servers with iDRAC version 3.00.00.00, you can set user passwords and BIOS passwords using a one-way hash format. The
user authentication mechanism is not affected (except for SNMPv3 and IPMI) and you can provide the password in plain text format.
With the new password hash feature:
•

54

You can generate your own SHA256 hashes to set iDRAC user passwords and BIOS passwords. This allows you to have the SHA256
values in the server configuration profile, RACADM, and WSMan. When you provide the SHA256 password values, you cannot
authenticate through SNMPv3 and IPMI.
Setting up managed system

•

NOTE: Remote RACADM or WSMan or Redfish cannot be used for Hash password Configuration / Replacement for IDRAC.
You can use SCP for Hash Password Configuration / Replacement on Remote RACADM or WSMan or Redfish.
You can set up a template server including all the iDRAC user accounts and BIOS passwords using the current plain text mechanism.
After the server is set up, you can export the server configuration profile with the password hash values. The export includes the hash
values required for SNMPv3 authentication. Importing this profile results in losing the IPMI authentication for users who have the
hashed password values set and the F2 IDRAC interface shows that the user account is disabled.

•

The other interfaces such as IDRAC GUI will show the user accounts enabled.

You can generate the hash password with and without Salt using SHA256.
You must have Server Control privileges to include and export hash passwords.
If access to all accounts is lost, use iDRAC Settings Utility or local RACADM and perform reset iDRAC to default task.
If the password of the iDRAC user account is set with the SHA256 password hash only and not the other hashes (SHA1v3Key or
MD5v3Key), then authentication through SNMP v3 is not available.

Hash password using RACADM
To set hash passwords, use the following objects with the set command:
•
•

iDRAC.Users.SHA256Password
iDRAC.Users.SHA256PasswordSalt

Use the following command to include the hash password in the exported server configuration profile:
racadm get -f  -l  -u  -p 
includePH

-t  --

You must set the Salt attribute when the associated hash is set.
NOTE: The attributes are not applicable to the INI configuration file.

Hash password in server configuration profile
The new hash passwords can be optionally exported in the server configuration profile.
When importing server configuration profile, you can uncomment the existing password attribute or the new password hash attribute(s). If
both are uncommented an error is generated and the password is not set. A commented attribute is not applied during an import.

Generating hash password without SNMPv3 and IPMI authentication
Hash password can be generated without SNMPv3 and IPMI authentication with or without salt. Both require SHA256.
To generate hash password with salt:
1

For the iDRAC user accounts, you must salt the password using SHA256.
When you salt the password, a 16-bytes binary string is appended. The Salt is required to be 16 bytes long, if provided. Once
appended, it becomes a 32 character string. The format is "password"+"salt", for example:
Password = SOMEPASSWORD
Salt = ALITTLEBITOFSALT—16 characters are appended

2

Open a Linux command prompt, and run the following command:
Generate Hash-> echo-n SOMEPASSWORDALITTLEBITOFSALT|sha256sum

->

Generate Hex Representation of Salt -> echo -n ALITTLEBITOFSALT | xxd –p

-> 

set iDRAC.Users.4.SHA256Password 
set iDRAC.Users.4.SHA256PasswordSalt 
Setting up managed system

55

3

Provide hash value and salt in the imported server configuration profile, the RACADM commands, Redfish, or WSMan.
NOTE: If you wish to clear a previously salted password, then ensure that the password-salt is explicitly set to an empty
string i.e.
set iDRAC.Users.4.SHA256Password
ca74e5fe75654735d3b8d04a7bdf5dcdd06f1c6c2a215171a24e5a9dcb28e7a2
set iDRAC.Users.4.SHA256PasswordSalt

4

After setting the password, the normal plain text password authentication works except that SNMP v3 and IPMI authentication fails
for the iDRAC user accounts that had passwords updated with hash.

Modifying local administrator account settings
After setting the iDRAC IP address, you can modify the local administrator account settings (that is, user 2) using the iDRAC Settings
utility. To do this:
1

In the iDRAC Settings utility, go to User Configuration.
The iDRAC Settings User Configuration page is displayed.

2

Specify the details for User Name, LAN User Privilege, Serial Port User Privilege, and Change Password.
For information about the options, see the iDRAC Settings Utility Online Help.

3

Click Back, click Finish, and then click Yes.
The local administrator account settings are configured.

Setting up managed system location
You can specify the location details of the managed system in the data center using the iDRAC Web interface or iDRAC Settings utility.

Setting up managed system location using web interface
To specify the system location details:
1

In the iDRAC web interface, go to System > Details > System Details.
The System Details page is displayed.

2

Under System Location, enter the location details of the managed system in the data center.
For information about the options, see the iDRAC Online Help.

3

Click Apply. The system location details are saved in iDRAC.

Setting up managed system location using RACADM
To specify the system location details, use the System.Location group objects.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Setting up managed system location using iDRAC settings
utility
To specify the system location details:
1

In the iDRAC Settings utility, go to System Location.
The iDRAC Settings System Location page is displayed.

2

56

Enter the location details of the managed system in the data center. For information about the options, see the iDRAC Settings Utility
Online Help.
Setting up managed system

3

Click Back, click Finish, and then click Yes.
The details are saved.

Optimizing system performance and power
consumption
The power required to cool a server can contribute a significant amount to the overall system power. Thermal control is the active
management of system cooling through fan speed and system power management to make sure that the system is reliable while minimizing
system power consumption, airflow, and system acoustic output. You can adjust the thermal control settings and optimize against the
system performance and performance-per-Watt requirements.
Using the iDRAC Web interface, RACADM, or the iDRAC Settings Utility, you can change the following thermal settings:
•

Optimize for performance

•

Optimize for minimum power

•

Set the maximum air exhaust temperature

•

Increase airflow through a fan offset, if required

•

Increase airflow through increasing minimum fan speed

Modifying thermal settings using iDRAC web interface
To modify the thermal settings:
1

In the iDRAC Web interface, go to Configuration > System Settings > Hardware Settings > Fans configuration.
The Fan Setup page is displayed.

2

Specify the following:
•

Thermal Profile — Select the thermal profile:
•

Default Thermal Profile Settings — Implies that the thermal algorithm uses the same system profile settings that is defined
under System BIOS > System BIOS Settings > System Profile Settings page.

By default, this is set to Default Thermal Profile Settings. You can also select a custom algorithm, which is independent of the
BIOS profile. The options available are:
•

•

Maximum Performance (Performance Optimized) :
•

Reduced probability of memory or CPU throttling.

•

Increased probability of turbo mode activation.

•

Generally, higher fan speeds at idle and stress loads.

Minimum Power (Performance per Watt Optimized):
•

Optimized for lowest system power consumption based on optimum fan power state.

•

Generally, lower fan speeds at idle and stress loads.

NOTE: Selecting Maximum Performance or Minimum Power, overrides thermal settings associated to System Profile
setting under System BIOS > System BIOS Settings.System Profile Settings page.
•

Maximum Exhaust Temperature Limit — From the drop-down menu, select the maximum exhaust air temperature. The values
are displayed based on the system.
The default value is Default, 70°C (158 °F).
This option allows the system fans speeds to change such that the exhaust temperature does not exceed the selected exhaust
temperature limit. This cannot always be guaranteed under all system operating conditions due to dependency on system load and
system cooling capability.

•

Fan Speed Offset — Selecting this option allows additional cooling to the server. In case hardware is added (example, new PCIe
cards), it may require additional cooling. A fan speed offset causes fan speeds to increase (by the offset % value) over baseline fan
speeds calculated by the Thermal Control algorithm. Possible values are:
•

Low Fan Speed — Drives fan speeds to a moderate fan speed.

Setting up managed system

57

•

Medium Fan Speed — Drives fan speeds close to medium.

•

High Fan Speed — Drives fan speeds close to full speed.

•

Max Fan Speed — Drives fan speeds to full speed.

•

Off — Fan speed offset is set to off. This is the default value. When set to off, the percentage does not display. The default fan
speed is applied with no offset. Conversely, the maximum setting will result in all fans running at maximum speed.

The fan speed offset is dynamic and based on the system. The fan speed increase for each offset is displayed next to each option.
The fan speed offset increases all fan speeds by the same percentage. Fan speeds may increase beyond the offset speeds based
on individual component cooling needs. The overall system power consumption is expected to increase.
Fan speed offset allows you to increase the system fan speed with four incremental steps. These steps are equally divided
between the typical baseline speed and the maximum speed of the server system fans. Some hardware configurations results in
higher baseline fan speeds, which results in offsets other than the maximum offset to achieve maximum speed.
The most common usage scenario is non-standard PCIe adapter cooling. However, the feature can be used to increase system
cooling for other purposes.
•

Minimum Fan Speed in PWM (% of Max) — Select this option to fine tune the fan speed. Using this option, you can set a higher
baseline system fan speed or increase the system fan speed if other custom fan speed options are not resulting in the required
higher fan speeds.
•

Default — Sets minimum fan speed to default value as determined by the system cooling algorithm.

•

Custom — Enter the percentage value.

The allowable range for minimum fan speed PWM is dynamic based on the system configuration. The first value is the idle speed
and the second value is the configuration max (which may or may not be 100% based on system configuration).
System fans can run higher than this speed as per thermal requirements of the system but not lower than the defined minimum
speed. For example, setting Minimum Fan Speed at 35% limits the fan speed to never go lower than 35% PWM.
NOTE: 0% PWM does not indicate fan is off. It is the lowest fan speed that the fan can
achieve.
The settings are persistent, which means that once they are set and applied, they do not automatically change to the default setting
during system reboot, power cycling, iDRAC, or BIOS updates. The custom cooling options may not be supported on all servers. If the
options are not supported, they are not displayed or you cannot provide a custom value.
3

Click Apply to apply the settings.
The following message is displayed:
It is recommended to reboot the system when a thermal profile change has been made. This is
to ensure all power and thermal settings are activated.
Click Reboot Later or Reboot Now.
NOTE: You must reboot the system for the settings to take effect.

Modifying thermal settings using RACADM
To modify the thermal settings, use the objects in the system.thermalsettings group with the set sub command as provided in the
following table.

58

Setting up managed system

Table 10. Thermal Settings
Object

Description

Usage

Example

AirExhaustTemp

Allows you to set the maximum
air exhaust temperature limit.

Set to any of the following
values (based on the system):

To check the existing setting on
the system:
racadm get
system.thermalsettings.
AirExhaustTemp

•
•
•
•
•
•

0 — Indicates 40°C
1 — Indicates 45°C
2 — Indicates 50°C
3 — Indicates 55°C
4 — Indicates 60°C
255 — Indicates 70°C
(default)

The output is:
AirExhaustTemp=70
This output indicates that the
system is set to limit the air
exhaust temperature to 70°C.
To set the exhaust temperature
limit to 60°C:
racadm set
system.thermalsettings.
AirExhaustTemp 4
The output is:
Object value modified
successfully.
If a system does not support a
particular air exhaust
temperature limit, then when you
run the following command:
racadm set
system.thermalsettings.
AirExhaustTemp 0
The following error message is
displayed:
ERROR: RAC947: Invalid
object value specified.
Make sure to specify the value
depending on the type of object.
For more information, see
RACADM help.
To set the limit to the default
value:
racadm set
system.thermalsettings.
AirExhaustTemp 255

FanSpeedHighOffsetVal

•

•
•

Getting this variable reads
the fan speed offset value in
%PWM for High Fan Speed
Offset setting.
This value depends on the
system.
Use FanSpeedOffset
object to set this value using
index value 1.

Values from 0-100

racadm get
system.thermalsettings
FanSpeedHighOffsetVal
A numerical value, for example
66, is returned. This value
indicates that when you use the
following command, it applies a
fan speed offset of High (66%

Setting up managed system

59

Object

Description

Usage

Example
PWM) over the baseline fan
speed
racadm set
system.thermalsettings
FanSpeedOffset 1

FanSpeedLowOffsetVal

•

•
•

FanSpeedMaxOffsetVal

•

•
•

FanSpeedMediumOffsetVal

•

•
•

FanSpeedOffset

•

•

•

60

Setting up managed system

Getting this variable reads
the fan speed offset value in
%PWM for Low Fan Speed
Offset setting.
This value depends on the
system.
Use FanSpeedOffset
object to set this value using
index value 0.

Getting this variable reads
the fan speed offset value in
%PWM for Max Fan Speed
Offset setting.
This value depends on the
system.
Use FanSpeedOffset to
set this value using index
value 3

Getting this variable reads
the fan speed offset value in
%PWM for Medium Fan
Speed Offset setting.
This value depends on the
system.
Use FanSpeedOffset
object to set this value using
index value 2

Using this object with get
command displays the
existing Fan Speed Offset
value.
Using this object with set
command allows setting the
required fan speed offset
value.
The index value decides the
offset that is applied and the
FanSpeedLowOffsetVal,
FanSpeedMaxOffsetVal,
FanSpeedHighOffsetVa
l, and

Values from 0-100

racadm get
system.thermalsettings
FanSpeedLowOffsetVal
This returns a value such as “23”.
This means that when you use
the following command, it
applies a fan speed offset of Low
(23% PWM) over baseline fan
speed
racadm set
system.thermalsettings
FanSpeedOffset 0

Values from 0-100

racadm get
system.thermalsettings
FanSpeedMaxOffsetVal
This returns a value such as
“100”. This means that when you
use the following command, it
applies a fan speed offset of Max
(meaning full speed, 100%
PWM). Usually, this offset results
in fan speed increasing to full
speed.
racadm set
system.thermalsettings
FanSpeedOffset 3

Values from 0-100

racadm get
system.thermalsettings
FanSpeedMediumOffsetVal
This returns a value such as “47”.
This means that when you use
the following command, it
applies a fan speed offset of
Medium (47% PWM) over
baseline fan speed
racadm set
system.thermalsettings
FanSpeedOffset 2

Values are:
•
•
•
•
•

0 — Low Fan Speed
1 — High Fan Speed
2 — Medium Fan Speed
3 — Max Fan Speed
255 — None

To view the existing setting:
racadm get
system.thermalsettings.
FanSpeedOffset
To set the fan speed offset to
High value (as defined in
FanSpeedHighOffsetVal)
racadm set
system.thermalsettings.
FanSpeedOffset 1

Object

Description

Usage

Example

Values from 1 — 100

To display the highest value that
can be set using
MinimumFanSpeed option:

FanSpeedMediumOffset
Val objects (defined earlier)
are the values at which the
offsets are applied.
MFSMaximumLimit

Read Maximum limit for MFS

racadm get
system.thermalsettings.
MFSMaximumLimit
MFSMinimumLimit

Read Minimum limit for MFS

Values from 0 to
MFSMaximumLimit

To display the lowest value that
can be set using
MinimumFanSpeed option.

Default is 255 (means None)

racadm get
system.thermalsettings.
MFSMinimumLimit
MinimumFanSpeed

•

•

•
ThermalProfile

•
•

Allows configuring the
Minimum Fan speed that is
required for the system to
operate.
It defines the baseline (floor)
value for fan speed and
system allows fans to go
lower than this defined fan
speed value.
This value is %PWM value
for fan speed.

Values from
MFSMinimumLimit to
MFSMaximumLimit

To make sure that the system
minimum speed does not
decrease lower than 45% PWM
(45 must be a value between
When get command reports 255, MFSMinimumLimit to
it means user configured offset is MFSMaximumLimit):
not applied.
racadm set
system.thermalsettings.
MinimumFanSpeed 45

Values:
Allows you to specify the
Thermal Base Algorithm.
• 0 — Auto
Allows you to set the system
profile as required for thermal • 1 — Maximum performance
• 2 — Minimum Power
behavior associated to the
profile.

To view the existing thermal
profile setting:
racadm get
system.thermalsettings.
ThermalProfile
To set the thermal profile to
Maximum Performance:
racadm set
system.thermalsettings.
ThermalProfile 1

ThirdPartyPCIFanRespons
•
e
•

•

Values:
Thermal overrides for thirdparty PCI cards.
• 1 — Enabled
Allows you to disable or
• 0 — Disabled
enable the default system
fan response for detected
NOTE: The default value
third-party PCI cards.
is 1.
You can confirm the
presence of third-party PCI
card by viewing the message
ID PCI3018 in the Lifecycle
Controller log.

To disable any default fan speed
response set for a detected
third-party PCI card:
racadm set
system.thermalsettings.
ThirdPartyPCIFanRespons
e 0

Setting up managed system

61

Modifying thermal settings using iDRAC settings utility
To modify the thermal settings:
1

In the iDRAC Settings utility, go to Thermal.
The iDRAC Settings Thermal page is displayed.

2

Specify the following:
•

Thermal Profile

•

Maximum Exhaust Temperature Limit

•

Fan Speed Offset

•

Minimum Fan Speed

The settings are persistent, which means that once they are set and applied, they do not automatically change to the default setting
during system reboot, power cycling, iDRAC, or BIOS updates. A few Dell servers may or may not support some or all of these custom
user cooling options. If the options are not supported, they are not displayed or you cannot provide a custom value.
3

Click Back, click Finish, and then click Yes.
The thermal settings are configured.

Setting up management station
A management station is a computer used for accessing iDRAC interfaces to remotely monitor and manage the PowerEdge server(s).
To set up the management station:
1

Install a supported operating system. For more information, see the release notes.

2

Install and configure a supported Web browser. For more information, see the release notes.

3

Install the latest Java Runtime Environment (JRE) (required if Java plug-in type is used to access iDRAC using a Web browser).
NOTE: You need Java 8 or later to use this feature and to launch iDRAC Virtual Console over an IPv6 network.

4

From the Dell Systems Management Tools and Documentation DVD, install Remote RACADM and VMCLI from the SYSMGMT folder.
Else, run Setup on the DVD to install Remote RACADM by default and other OpenManage software. For more information about
RACADM, see iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

5

Install the following based on the requirement:
•

Telnet

•

SSH client

•

TFTP

•

Dell OpenManage Essentials

Accessing iDRAC remotely
To remotely access iDRAC Web interface from a management station, make sure that the management station is in the same network as
iDRAC. For example:
•

Blade servers — The management station must be on the same network as CMC. For more information on isolating CMC network
from the managed system’s network, see Chassis Management Controller User’s Guide available at dell.com/support/manuals.

•

Rack and tower servers — Set the iDRAC NIC to Dedicated or LOM1 and make sure that the management station is on the same
network as iDRAC.

To access the managed system’s console from a management station, use Virtual Console through iDRAC Web interface.

62

Setting up managed system

Configuring supported web browsers
NOTE: For information about the supported browsers and their versions, see the Release Notes available at dell.com/
idracmanuals.
Most features of iDRAC web interface can be accessed using these browsers with default settings. For certain feature to work, you must
change a few settings. These settings include disabling pop-up blockers, enabling Java, ActiveX, or HTML5 plug-in support and so on.
If you are connecting to iDRAC web interface from a management station that connects to the Internet through a proxy server, configure
the web browser to access the Internet from through this server.
NOTE: If you use Internet Explorer or Firefox to access the iDRAC web interface, you may need to configure certain settings as
described in this section. You can use other supported browsers with their default settings.
NOTE: Blank proxy settings are treated equivalent to No proxy.

Configuring Internet Explorer
This section provides details about configuring Internet Explorer (IE) to ensure you can access and use all features of the iDRAC web
interface. These settings include:
•

Resetting security settings

•

Adding iDRAC IP to trusted sites

•

Configuring IE to enable Active Directory SSO

•

Disabling IE Enhanced Security Configuration

Resetting Internet Explorer security settings
Ensure that Internet Explorer (IE) settings are set to Microsoft-recommended defaults and customize the settings as described in this
section.
1

Open IE as an administrator or using an administrator account.

2

Click Tools Internet Options Security Local Network or Local intranet.

3

Click Custom Level, select Medium-Low, and click Reset. Click OK to confirm.

Adding iDRAC IP to the trusted-sites list
When you access iDRAC Web interface, you are prompted to add iDRAC IP address to the list of trusted domains if the IP address is
missing from the list. When completed, click Refresh or relaunch the web browser to establish a connection to iDRAC web interface. If you
are not prompted to add the IP, it is recommended that you add the IP manually to the trusted-sites list.
NOTE: When connecting to the iDRAC web interface with a certificate the browser does not trust, the browser's certificate
error warning may display a second time after you acknowledge the first warning.
To add iDRAC IP address to the trusted-sites list:
1

Click Tools > Internet Options > Security > Trusted sites > Sites.

2

Enter the iDRAC IP address to the Add this website to the zone.

3

Click Add, click OK, and then click Close.

4

Click OK and then refresh your browser.

Setting up managed system

63

Configuring Internet Explorer to enable Active Directory SSO
To configure the browser settings for Internet Explorer:
1

In Internet Explorer, navigate to Local Intranet and click Sites.

2

Select the following options only:
•

3

Include all local (intranet) sites not listed on other zones.

• Include all sites that bypass the proxy server.
Click Advanced.

4

Add all relative domain names that will be used for iDRAC instances that is part of the SSO configuration (for example,
myhost.example.com.)

5

Click Close and click OK twice.

Disabling Internet Explorer Enhanced Security Configuration
To ensure that you can download log files and other local elements using the web interface, it is recommended to disable Internet Explorer
Enhanced Security Configuration from Windows features. For information about disabling this feature on your version of Windows, see
Microsoft's documentation.

Configuring Mozilla Firefox
This section provides details about configuring Firefox to ensure you can access and use all features of the iDRAC web interface. These
settings include:
•

Disabling whitelist feature

•

Configuring Firefox to enable Active Directory SSO

Disabling whitelist feature in Firefox
Firefox has a "whitelist" security feature that requires user permission to install plug-ins for each distinct site that hosts a plug-in. If enabled,
the whitelist feature requires you to install a Virtual Console viewer for each iDRAC you visit, even though the viewer versions are identical.
To disable the whitelist feature and avoid unnecessary plug-in installations, perform the following steps:
1

Open a Firefox Web browser window.

2

In the address field, enter about:config and press .

3

In the Preference Name column, locate and double-click xpinstall.whitelist.required.
The values for Preference Name, Status, Type, and Value change to bold text. The Status value changes to user set and the Value
changes to false.

4

In the Preferences Name column, locate xpinstall.enabled.
Make sure that Value is true. If not, double-click xpinstall.enabled to set Value to true.

Configuring Firefox to enable Active Directory SSO
To configure the browser settings for Firefox:
1

In Firefox address bar, enter about:config.

2

In Filter, enter network.negotiate.

3

Add the domain name to network.negotiate-auth.trusted-uris (using comma separated list.)

4

Add the domain name to network.negotiate-auth.delegation-uris (using comma separated list.)

64

Setting up managed system

Configuring web browsers to use virtual console
To use Virtual Console on your management station:
1

Make sure that a supported version of the browser (Internet Explorer (Windows), or Mozilla Firefox (Windows or Linux), Google
Chrome, Safari) is installed.
For more information about the supported browser versions, see the Release Notes available at dell.com/idracmanuals.

2

To use Internet Explorer, set IE to Run As Administrator.

3

Configure the Web browser to use ActiveX, Java, or HTML5 plug-in.
ActiveX viewer is supported only with Internet Explorer. HTML5 or a Java viewer is supported on any browser.
NOTE: You need Java 8 or later to use this feature and to launch iDRAC Virtual Console over an IPv6 network.

4

Import the root certificates on the managed system to avoid the pop-ups that prompt you to verify the certificates.

5

Install the compat-libstdc++-33-3.2.3-61 related package.
NOTE: On Windows, the compat-libstdc++-33-3.2.3-61 related package may be included in the .NET framework package or
the operating system package.

6

If you are using MAC operating system, select the Enable access for assistive devices option in the Universal Access window.
For more information, see the MAC operating system documentation.

Configuring Internet Explorer to use HTML5-based plug-in
The HTML5 virtual console and virtual media APIs are created by using HTML5 technology. The following are the advantages of HTML5
technology:
•
•
•
•

Installation is not required on the client workstation.
Compatibility is based on browser and is not based on the operating system or installed components.
Compatible with most of the desktops and mobile platforms.
Quick deployment and the client is downloaded as part of a web page.

You must configure Internet Explorer (IE) settings before you launch and run HTML5 based virtual console and virtual media applications.
To configure the browser settings:
1

Disable pop-up blocker. To do this, click Tools > Internet Options > Privacy and clear the Turn on Pop-up Blocker check-box.

2

Start the HTML5 virtual console using any of the following methods:
• In IE, click Tools > Compatibility View Settings and clear the Display intranet sites in Compatibility View check-box.
• In IE using an IPv6 address, modify the IPv6 address as follows:
https://[fe80::d267:e5ff:fef4:2fe9]/ to https://fe80--d267-e5ff-fef4-2fe9.ipv6literal.net/
•

3

Direct HTML5 virtual console in IE using an IPv6 address, modify the IPv6 address as follows:
https://[fe80::d267:e5ff:fef4:2fe9]/console to https://fe80--d267-e5ff-fef4-2fe9.ipv6literal.net/console

To display the Title Bar information in IE, go to Control Panel > Appearance and Personalization > Personalization > Window
Classic

Configuring the web browser to use Java plug-in
Install a Java Runtime Environment (JRE) if you are using Firefox or IE and want to use the Java Viewer.
NOTE: Install a 32-bit or 64-bit JRE version on a 64-bit operating system or a 32-bit JRE version on a 32-bit operating system.
To configure IE to use Java plug-in:

Setting up managed system

65

•

Disable automatic prompting for file downloads in Internet Explorer.

•

Disable Enhanced Security Mode in Internet Explorer.

Configuring IE to use ActiveX plug-in
You must configure the IE browser settings before you start and run ActiveX based Virtual Console and Virtual Media applications. The
ActiveX applications are delivered as signed CAB files from the iDRAC server. If the plug-in type is set to Native-ActiveX type in Virtual
console, when you try to start the Virtual Console, the CAB file is downloaded to the client system and ActiveX based Virtual Console is
started. Internet Explorer requires some configurations to download, install, and run these ActiveX based applications.
On 64-bit operating systems, you can install both 32-bit or 64-bit versions of Internet Explorer. You may use either of 32-bit or 64-bit,
however, you must install the corresponding plug-in. For example, if you install the plug-in in the 64-bit browser and then open the viewer
in a 32-bit browser, you must install the plug-in again.
NOTE: You can use ActiveX plug-in only with Internet Explorer.
NOTE: To use ActiveX plug-in on systems with Internet Explorer 9, before configuring Internet Explorer, ensure that you disable
the Enhanced Security Mode in Internet Explorer or in the server manager in Windows Server operating systems.
For ActiveX applications in Windows 7, Windows 2008, and Windows 10 configure the following Internet Explorer settings to use the
ActiveX plug-in:
1

Clear the browser’s cache.

2

Add iDRAC IP or host name to the Local Internet site list.

3

Reset the custom settings to Medium-low or change the settings to allow installation of signed ActiveX plug-ins.

4

Enable the browser to download encrypted content and to enable third-party browser extensions. To do this, go to Tools > Internet
Options > Advanced, clear the Do not save encrypted pages to disk option, and select the Enable third-party browser extensions
option.

5

Go to Tools > Internet Options > Security and select the zone in which you want to run the application.

6

Click Custom level. In the Security Settings window, do the following:

NOTE: Restart Internet Explorer for the Enable third-party browser extension setting to take effect.

•

Select Enable for Automatic prompting for ActiveX controls.

•

Select Prompt for Download signed ActiveX controls.

•

Select Enable or Prompt for Run ActiveX controls and plugins.

7

• Select Enable or Prompt for Script ActiveX controls marked safe for scripting.
Click OK to close the Security Settings window.

8

Click OK to close the Internet Options window.
NOTE: On systems with Internet Explorer 11, ensure that you add the iDRAC IP by clicking Tools > Compatibility View
settings.
NOTE:
•

The varying versions of Internet Explorer share Internet Options. Therefore, after you add the server to the list of trusted
sites for one browser the other browser uses the same setting.

•

Before installing the ActiveX control, Internet Explorer may display a security warning. To complete the ActiveX control
installation procedure, accept the ActiveX control when Internet Explorer prompts you with a security warning.

•

If you get the error Unknown Publisher while launching Virtual Console, it may be caused because of the change to the
code-signing certificate path. To resolve this error, you must download an addition key. Use a search engine to search for
Symantec SO16958 and, from the search results, follow the instructions on the Symantec website.

Additional settings for Windows Vista or newer Microsoft operating systems
The Internet Explorer browsers in Windows Vista or newer operating systems have an additional security feature called Protected Mode.

66

Setting up managed system

To launch and run ActiveX applications in Internet Explorer browsers with Protected Mode:
1

Run IE as an administrator.

2

Go to Tools > Internet Options > Security > Trusted Sites.

3

Make sure that the Enable Protected Mode option is not selected for Trusted Sites zone. Alternatively, you can add the iDRAC
address to sites in the Intranet zone. By default, protected mode is turned off for sites in Intranet Zone and Trusted Sites zone.

4

Click Sites.

5

In the Add this website to the zone field, add the address of your iDRAC and click Add.

6

Click Close and then click OK.

7

Close and restart the browser for the settings to take effect.

Clearing browser cache
If you have issues when operating the Virtual Console, (out of range errors, synchronization issues, and so on) clear the browser’s cache to
remove or delete any old versions of the viewer that may be stored on the system and try again.
NOTE: You must have administrator privilege to clear the browser’s cache.

Clearing earlier Java versions
To clear older versions of Java viewer in Windows or Linux, do the following:
1

At the command prompt, run javaws-viewer or javaws-uninstall.
The Java Cache viewer is displayed.

2

Delete the items titled iDRAC Virtual Console Client.

Importing CA certificates to management station
When you launch Virtual Console or Virtual Media, prompts are displayed to verify the certificates. If you have custom Web server
certificates, you can avoid these prompts by importing the CA certificates to the Java or ActiveX trusted certificate store.

Importing CA certificate to Java trusted certificate store
To import the CA certificate to the Java trusted certificate store:
1

Launch the Java Control Panel.

2

Click Security tab and then click Certificates.
The Certificates dialog box is displayed.

3

From the Certificate type drop-down menu, select Trusted Certificates.

4

Click Import, browse, select the CA certificate (in Base64 encoded format), and click Open.
The selected certificate is imported to the Web start trusted certificate store.

5

Click Close and then click OK. The Java Control Panel window closes.

Importing CA certificate to ActiveX trusted certificate store
You must use the OpenSSL command line tool to create the certificate Hash using Secure Hash Algorithm (SHA). It is recommended to use
OpenSSL tool 1.0.x and later since it uses SHA by default. The CA certificate must be in Base64 encoded PEM format. This is one-time
process to import each CA certificate.
To import the CA certificate to the ActiveX trusted certificate store:
1

Open the OpenSSL command prompt.

2

Run a 8 byte hash on the CA certificate that is currently in-use on the management station using the command: openssl x509 in (name of CA cert) -noout -hash

Setting up managed system

67

An output file is generated. For example, if the CA certificate file name is cacert.pem, the command is:
openssl x509 –in cacert.pem –noout –hash
The output similar to “431db322” is generated.
3

Rename the CA file to the output file name and include a “.0" extension. For example, 431db322.0.

4

Copy the renamed CA certificate to your home directory. For example, C:\Documents and Settings\ directory.

Viewing localized versions of web interface
iDRAC web interface is supported in the following languages:
•

English (en-us)

•

French (fr)

•

German (de)

•

Spanish (es)

•

Japanese (ja)

•

Simplified Chinese (zh-cn)

The ISO identifiers in parentheses denote the supported language variants. For some supported languages, resizing the browser window to
1024 pixels wide is required to view all features.
iDRAC Web interface is designed to work with localized keyboards for the supported language variants. Some features of iDRAC Web
interface, such as Virtual Console, may require additional steps to access certain functions or letters. Other keyboards are not supported
and may cause unexpected problems.
NOTE: See the browser documentation on how to configure or setup different languages and view localized versions of iDRAC
Web interface.

Updating device firmware
Using iDRAC, you can update the iDRAC, BIOS, and all device firmware that is supported by using Lifecycle Controller update such as:
•

Fibre Channel (FC) cards

•

Diagnostics

•

Operating System Driver Pack

•

Network Interface Card (NIC)

•

RAID Controller

•

Power Supply Unit (PSU)

•

NVMe PCIe devices

•

SAS/SATA hard drives

•

Backplane update for internal and external enclosures

•

OS Collector
CAUTION: The PSU firmware update may take several minutes depending on the system configuration and PSU model. To avoid
damaging the PSU, do not interrupt the update process or power on the system during PSU firmware update.

You must upload the required firmware to iDRAC. After the upload is complete, the current version of the firmware installed on the device
and the version being applied is displayed. If the firmware being uploaded is not valid, an error message is displayed. Updates that do not
require a reboot are applied immediately. Updates that require a system reboot are staged and committed to run on the next system reboot.
Only one system reboot is required to perform all updates.
After the firmware is updated, the System Inventory page displays the updated firmware version and logs are recorded.
The supported firmware image file types are:

68

Setting up managed system

•

.exe — Windows-based Dell Update Package (DUP)

•

.d9 — Contains both iDRAC and Lifecycle Controller firmware

For files with .exe extension, you must have the System Control privilege. The Remote Firmware Update licensed feature and Lifecycle
Controller must be enabled.
For files with .d9 extension, you must have the Configure privilege.
NOTE: After upgrading the iDRAC firmware, you may notice a difference in the time stamp displayed in the Lifecycle Controller
log until the iDRAC time is reset using NTP. The Lifecycle log displays the BIOS time until the iDRAC time is reset.
You can perform firmware updates by using the following methods:
•

Uploading a supported image type, one at a time, from a local system or network share.

•

Connecting to an FTP, TFTP, HTTP or HTTPS site or a network repository that contains Windows DUPs and a corresponding catalog
file.
You can create custom repositories by using the Dell Repository Manager. For more information, see Dell Repository Manager Data
Center User's Guide. iDRAC can provide a difference report between the BIOS and firmware installed on the system and the updates
available in the repository. All applicable updates contained in the repository are applied to the system. This feature is available with
iDRAC Enterprise license.

•

Scheduling recurring automated firmware updates by using the catalog file and custom repository.

There are multiple tools and interfaces that can be used to update the iDRAC firmware. The following table is applicable only to iDRAC
firmware. The table lists the supported interfaces, image-file types, and whether Lifecycle Controller must be in enabled state for the
firmware to be updated.
Table 11. Image file types and dependencies
.D9 Image

iDRAC DUP

Interface

Supported

Requires LC enabled

Supported

Requires LC enabled

BMCFW64.exe utility

Yes

No

No

N/A

Racadm FWUpdate
(old)

Yes

No

No

N/A

Racadm Update (new) Yes

Yes

Yes

Yes

iDRAC UI

Yes

Yes

Yes

Yes

WSMan

Yes

Yes

Yes

Yes

In-band OS DUP

No

N/A

Yes

No

The following table provides information on whether a system restart is required when firmware is updated for a particular component:
NOTE: When multiple firmware updates are applied through out-of-band methods, the updates are ordered in the most efficient
possible manner to reduce unnecessary system restart.
Table 12. Firmware update — supported components
Component Name

Firmware Rollback
Supported? (Yes or No)

Out-of-band — System
Restart Required?

In-band — System
Restart Required?

Lifecycle Controller
GUI — Restart
Required?

Diagnostics

No

No

No

No

OS Driver Pack

No

No

No

No

iDRAC with Lifecycle
Controller

Yes

No

No*

Yes

BIOS

Yes

Yes

Yes

Yes

RAID Controller

Yes

Yes

Yes

Yes

Setting up managed system

69

Component Name

Firmware Rollback
Supported? (Yes or No)

Out-of-band — System
Restart Required?

In-band — System
Restart Required?

Lifecycle Controller
GUI — Restart
Required?

BOSS

Yes

Yes

Yes

Yes

NVDIMM

No

Yes

Yes

Yes

Backplanes

Yes

Yes

Yes

Yes

Enclosures

Yes

Yes

No

Yes

NIC

Yes

Yes

Yes

Yes

Power Supply Unit

Yes

Yes

Yes

Yes

CPLD

No

Yes

Yes

Yes

FC Cards

Yes

Yes

Yes

Yes

NVMe PCIe SSD drives

Yes

No

No

No

SAS/SATA hard drives

No

Yes

Yes

No

CMC (on PowerEdge FX2
servers)

No

Yes

Yes

Yes

OS Collector

No

No

No

No

* Indicates that though a system restart is not required, iDRAC must be restarted to apply the updates. iDRAC communication and
monitoring may temporarily be interrupted.
When you check for updates, the version marked as Available does not always indicate that it is the latest version available. Before you
install the update, ensure that the version you choose to install is newer than the version currently installed. If you want to control the
version that iDRAC detects, create a custom repository using Dell Repository Manager (DRM) and configure iDRAC to use that repository
to check for updates.

Updating firmware using iDRAC web interface
You can update the device firmware using firmware images available on the local system, from a repository on a network share (CIFS, NFS,
HTTP or HTTPS), or from FTP.

Updating single device firmware
Before updating the firmware using single device update method, make sure that you have downloaded the firmware image to a location on
the local system.
NOTE: Ensure that the file name for the single component DUP does not have any blank space.
To update single device firmware using iDRAC web interface:
1

Go to Maintenance > System Update.
The Firmware Update page is displayed.

2

On the Update tab, select Local as the File Location.

3

Click Browse, select the firmware image file for the required component, and then click Upload.

4

After the upload is complete, the Update Details section displays each firmware file uploaded to iDRAC and its status.
If the firmware image file is valid and was successfully uploaded, the Contents column displays a plus icon ( ) icon next to the
firmware image file name. Expand the name to view the Device Name, Current, and Available firmware version information.

5

70

Select the required firmware file and do one of the following:
•

For firmware images that do not require a host system reboot, click Install. For example, iDRAC firmware file.

•

For firmware images that require a host system reboot, click Install and Reboot or Install Next Reboot.
Setting up managed system

•

To cancel the firmware update, click Cancel.

When you click Install, Install and Reboot, or Install Next Reboot, the message Updating Job Queue is displayed.
6

To display the Job Queue page, click Job Queue. Use this page to view and manage the staged firmware updates or click OK to
refresh the current page and view the status of the firmware update.
NOTE: If you navigate away from the page without saving the updates, an error message is displayed and all the uploaded
content is lost.

Scheduling automatic firmware updates
You can create a periodic recurring schedule for iDRAC to check for new firmware updates. At the scheduled date and time, iDRAC
connects to the specified destination, checks for new updates, and applies or stages all applicable updates. A log file is created on the
remote server, which contains information about server access and staged firmware updates.
It is recommended that you create a repository using Dell Repository Manager (DRM) and configure iDRAC to use this repository to check
for and perform firmware updates. Using an internal repository enables you to control the firmware and versions available to iDRAC and
helps avoid any unintended firmware changes.
NOTE: For more information about DRM, see delltechcenter.com/repositorymanager.
iDRAC Enterprise license is required to schedule automatic updates.
You can schedule automatic firmware updates using the iDRAC web interface or RACADM.
NOTE: IPv6 address is not supported for scheduling automatic firmware updates.

Scheduling automatic firmware update using web interface
To schedule automatic firmware update using web Interface:
NOTE: Do not create the next scheduled occurrence of an automatic update job if a job is already Scheduled. It overwrites the
current scheduled job.
1

In the iDRAC web interface, go to Maintenance > System Update > Automatic Update.
The Firmware Update page is displayed.

2

Click the Automatic Update tab.

3

Select the Enable Automatic Update option.

4

Select any of the following options to specify if a system reboot is required after the updates are staged:
•

5

Schedule Updates — Stage the firmware updates but do not reboot the server.

• Schedule Updates and reboot Server — Enables server reboot after the firmware updates are staged.
Select any of the following to specify the location of the firmware images:
•

Network — Use the catalog file from a network share (CIFS, NFS, HTTP or HTTPS, TFTP). Enter the network share location
details.
NOTE: While specifying the network share settings, it is recommended to avoid special characters for user name and
password or percent encode the special characters.

•
6

FTP — Use the catalog file from the FTP site. Enter the FTP site details.

• HTTP or HTTPS — Allows catalog file streaming and via HTTP and HTTPS file transfer.
Based on the selection in step 5, enter the network settings or the FTP settings.
For information about the fields, see the iDRAC Online Help.

7

In the Update Window Schedule section, specify the start time for the firmware update and the frequency of the updates (daily,
weekly, or monthly).
For information about the fields, see the iDRAC Online Help.

8

Click Schedule Update.

Setting up managed system

71

The next scheduled job is created in the job queue. Five minutes after the first instance of the recurring job starts, the job for the next
time period is created.

Scheduling automatic firmware update using RACADM
To schedule automatic firmware update, use the following commands:
•

To enable automatic firmware update:
racadm set lifecycleController.lcattributes.AutoUpdate.Enable 1

•

To view the status of automatic firmware update:
racadm get lifecycleController.lcattributes.AutoUpdate

•

To schedule the start time and frequency of the firmware update:
racadm AutoUpdateScheduler create -u username –p password –l  [-f catalogfilename pu  -pp -po  -pt ] -time < hh:mm> [-dom < 1
– 28,L,’*’> -wom <1-4,L,’*’> -dow ] -rp <1-366> -a 
For example,
•

To automatically update firmware using a CIFS share:
racadm AutoUpdateScheduler create -u admin -p pwd -l //1.2.3.4/CIFS-share –f cat.xml -time
14:30 -wom 1 -dow sun -rp 5 -a 1

•

To automatically update firmware using FTP:
racadm AutoUpdateScheduler create -u admin -p pwd -l ftp.mytest.com -pu puser –pp puser –
po 8080 –pt http –f cat.xml -time 14:30 -wom 1 -dow sun -rp 5 -a 1

•

To view the current firmware update schedule:
racadm AutoUpdateScheduler view

•

To disable automatic firmware update:
racadm set lifecycleController.lcattributes.AutoUpdate.Enable 0

•

To clear the schedule details:
racadm AutoUpdateScheduler clear

•

Upload the update file from a remote HTTP share:
racadm update -f  -u admin -p mypass -l http://1.2.3.4/share

•

Upload the update file from a remote HTTPS share:
racadm update -f  -u admin -p mypass -l https://1.2.3.4/share

Updating device firmware using RACADM
To update device firmware using RACADM, use the update subcommand. For more information, see the RACADM Reference Guide for
iDRAC and CMC available at dell.com/idracmanuals.
Examples:
•

To generate a comparison report using an update repository:
racadm update –f catalog.xml –l //192.168.1.1 –u test –p passwd --verifycatalog

•

To perform all applicable updates from an update repository using myfile.xml as a catalog file and perform a graceful reboot:
racadm update –f “myfile.xml” –b “graceful” –l //192.168.1.1 –u test –p passwd

•

To perform all applicable updates from an FTP update repository using Catalog.xml as a catalog file:
racadm update –f “Catalog.xml” –t FTP –e 192.168.1.20/Repository/Catalog

Updating firmware using CMC web interface
You can update iDRAC firmware for blade servers using the CMC Web interface.

72

Setting up managed system

To update iDRAC firmware using the CMC Web interface:
1

Log in to CMC Web interface.

2

Go to iDRAC Settings > Settings > CMC.
The Deploy iDRAC page is displayed.

3

Click Launch iDRAC Web interface and perform iDRAC Firmware Update.

Updating firmware using DUP
Before you update firmware using Dell Update Package (DUP), make sure to:
•

Install and enable the IPMI and managed system drivers.

•

Enable and start the Windows Management Instrumentation (WMI) service if your system is running Windows operating system,
NOTE: While updating the iDRAC firmware using the DUP utility in Linux, if you see error messages such as usb 5-2:
device descriptor read/64, error -71 displayed on the console, ignore them.

•

If the system has ESX hypervisor installed, then for the DUP file to run, make sure that the "usbarbitrator" service is stopped using
command: service usbarbitrator stop

To update iDRAC using DUP:
1

Download the DUP based on the installed operating system and run it on the managed system.

2

Run the DUP.
The firmware is updated. A system restart is not required after firmware update is complete.

Updating firmware using remote RACADM
1

Download the firmware image to the TFTP or FTP server. For example, C:\downloads\firmimg.d9

2

Run the following RACADM command:
TFTP server:
•

Using fwupdate command:
racadm -r  -u  -p  fwupdate -g -u -a 
path

•

the location on the TFTP server where firmimg.d9 is stored.

Using update command:
racadm -r  -u  -p  update —f 

FTP server:
•

Using fwupdate command:
racadm -r  -u  -p  fwupdate –f 
  –d 
path

•

the location on the FTP server where firmimg.d9 is stored.

Using update command:
racadm -r  -u  -p  update —f 

For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Updating firmware using Lifecycle Controller Remote Services
For information to update the firmware using Lifecycle Controller–Remote Services, see Lifecycle Controller Remote Services Quick Start
Guide available at dell.com/idracmanuals.

Setting up managed system

73

Updating CMC firmware from iDRAC
In the PowerEdge FX2/FX2s chassis, you can update the firmware for the Chassis Management Controller and any component that can
be updated by CMC and shared by the servers from iDRAC.
Before applying the update, make sure that:
•

Servers are not allowed to power-up by CMC.

•

Chassis with LCD must display a message indicating “update is in-progress”.

•

Chassis without LCD must indicate the update progress using LED blinking pattern.

•

During the update, chassis action power commands are disabled.

The updates for components such as Programmable System-on-Chip (PSoC) of IOM that requires all the servers to be idle, the update is
applied on the next chassis power-up cycle.

CMC settings to update CMC firmware from iDRAC
In the PowerEdge FX2/FX2s chassis, before performing the firmware update from iDRAC for CMC and its shared components, do the
following:
1

Launch the CMC Web interface

2

Go to iDRAC Settings > Settings > CMC.
The Deploy iDRAC page is displayed.

3

From the Chassis Management at Server Mode , select Manage and Monitor, and the click Apply.

iDRAC settings to update CMC firmware
In the PowerEdge FX2/FX2s chassis, before updating the firmware for CMC and its shared components from iDRAC, do the following
settings in iDRAC:
1

Go to iDRAC Settings > Settings > CMC.

2

Click on Chassis Management Controller Firmware Update
The Chassis Management Controller Firmware Update Settings page is displayed.

3

For Allow CMC Updates Through OS and Lifecycle Controller, select Enabled to enable CMC firmware update from iDRAC.

4

Under Current CMC Setting, make sure that Chassis Management at Server Mode option displays Manage and Monitor. You can
set this in CMC.

Viewing and managing staged updates
You can view and delete the scheduled jobs including configuration and update jobs. This is a licensed feature. All jobs queued to run during
the next reboot can be deleted.

Viewing and managing staged updates using iDRAC web
interface
To view the list of scheduled jobs using iDRAC web interface, go to Maintenance > Job Queue. The Job Queue page displays the status of
jobs in the Lifecycle Controller job queue. For information about the displayed fields, see the iDRAC Online Help.

74

Setting up managed system

To delete job(s), select the job(s) and click Delete. The page is refreshed and the selected job is removed from the Lifecycle Controller job
queue. You can delete all the jobs queued to run during the next reboot. You cannot delete active jobs, that is, jobs with the status Running
or Downloading.
You must have Server Control privilege to delete jobs.

Viewing and managing staged updates using RACADM
To view the staged updates using RACADM, use jobqueue sub-command. For more information, see the iDRAC RACADM Command Line
Interface Reference Guide available at dell.com/idracmanuals.

Rolling back device firmware
You can roll back the firmware for iDRAC or any device that Lifecycle Controller supports, even if the upgrade was previously performed
using another interface. For example, if the firmware was upgraded using the Lifecycle Controller GUI, you can roll back the firmware using
the iDRAC web interface. You can perform firmware rollback for multiple devices with one system reboot.
On Dell’s 14th generation PowerEdge servers that have a single iDRAC and Lifecycle Controller firmware, rolling back the iDRAC firmware
also rolls back the Lifecycle Controller firmware.
It is recommended to keep the firmware updated to ensure you have the latest features and security updates. You may need to rollback an
update or install an earlier version if you encounter any issues after an update. To install an earlier version, use Lifecycle Controller to check
for updates and select the version you want to install.
You can perform firmware rollback for the following components:
•

iDRAC with Lifecycle Controller

•

BIOS

•

Network Interface Card (NIC)

•

Power Supply Unit (PSU)

•

RAID Controller

•

Backplane
NOTE: You cannot perform firmware rollback for Diagnostics, Driver Packs, and CPLD.

Before rolling back the firmware, make sure that:
•

You have Configure privilege to roll back iDRAC firmware.

•

You have Server Control privilege and have enabled Lifecycle Controller to roll back firmware for any other device other than the
iDRAC.

•

Change the NIC mode to Dedicated if the mode is set as Shared LOM.

You can roll back the firmware to the previously installed version using any of the following methods:
•

iDRAC web interface

•

CMC web interface

•

RACADM CLI — iDRAC and CMC

•

Lifecycle Controller GUI

•

Lifecycle Controller-Remote Services

Rollback firmware using iDRAC web interface
To roll back device firmware:
1

In the iDRAC Web interface, go to Maintenance > System Update > Rollback.
Setting up managed system

75

The Rollback page displays the devices for which you can rollback the firmware. You can view the device name, associated devices,
currently installed firmware version, and the available firmware rollback version.
2

Select one or more devices for which you want to rollback the firmware.

3

Based on the selected devices, click Install and Reboot or Install Next Reboot. If only iDRAC is selected, then click Install.
When you click Install and Reboot or Install Next Reboot, the message “Updating Job Queue” is displayed.

4

Click Job Queue.
The Job Queue page is displayed, where you can view and manage the staged firmware updates.
NOTE:
•

While in rollback mode, the rollback process continues in the background even if you navigate away from this page.

An error message appears if:
•

You do not have Server Control privilege to rollback any firmware other than the iDRAC or Configure privilege to rollback iDRAC
firmware.

•

Firmware rollback is already in-progress in another session.

•

Updates are staged to run or already in running state.

If Lifecycle Controller is disabled or in recovery state and you try to perform a firmware rollback for any device other than iDRAC, an
appropriate warning message is displayed along with steps to enable Lifecycle Controller.

Rollback firmware using CMC web interface
To roll back using the CMC Web interface:
1

Log in to CMC Web interface.

2

Go to iDRAC Settings > Settings > CMC.
The Deploy iDRAC page is displayed.

3

Click Launch iDRAC and perform device firmware rollback as mentioned in the Rollback firmware using iDRAC web interface.

Rollback firmware using RACADM
1

Check the rollback status and the FQDD using the swinventory command:
racadm swinventory
For the device for which you want to rollback the firmware, the Rollback Version must be Available. Also, note the FQDD.

2

Rollback the device firmware using:
racadm rollback 
For more information, see iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Rollback firmware using Lifecycle Controller
For information, see Lifecycle Controller User’s Guide available at dell.com/idracmanuals.

Rollback firmware using Lifecycle Controller-Remote Services
For information, see Lifecycle Controller Remote Services Quick Start Guide available at dell.com/idracmanuals.

76

Setting up managed system

Recovering iDRAC
iDRAC supports two operating system images to make sure a bootable iDRAC. In the event of an unforeseen catastrophic error and you
lose both boot paths:
•

iDRAC bootloader detects that there is no bootable image.

•

System Health and Identify LED is flashed at ~1/2 second rate. (LED is located on the back of a rack and tower servers and on the
front of a blade server.)

•

Bootloader is now polling the SD card slot.

•

Format an SD card with FAT using a Windows operating system, or EXT3 using a Linux operating system.

•

Copy firmimg.d9 to the SD card.

•

Insert the SD card into the server.

•

Bootloader detects the SD card, turns the flashing LED to solid amber, reads the firmimg.d9, reprograms iDRAC, and then reboots
iDRAC.

Backing up server profile
You can back up the system configuration, including the installed firmware images on various components such as BIOS, RAID, NIC, iDRAC,
Lifecycle Controller, and Network Daughter Cards (NDCs) and the configuration settings of those components. The backup operation also
includes the hard disk configuration data, motherboard, and replaced parts. The backup creates a single file that you can save to a vFlash
SD card or network share (CIFS, NFS, HTTP or HTTPS).
You can also enable and schedule periodic backups of the firmware and server configuration based on a certain day, week, or month.
You can reset iDRAC even when a server-profile backup or restore operation is in progress.
Backup feature is licensed and is available with the iDRAC Enterprise license.
Before performing a backup operation, make sure that:
•

•

Collect System Inventory On Reboot (CSIOR) option is enabled. If you initiate a back operation while CSIOR is disabled, the following
message is displayed:
System Inventory with iDRAC may be stale,start CSIOR for updated inventory
To perform backup on a vFlash SD card:
•

vFlash SD card is inserted, enabled, and initialized.

•

vFlash SD card has at least 100 MB free space to store the backup file.

The backup file contains encrypted user sensitive data, configuration information, and firmware images that you can use for import server
profile operation.
Backup events are recorded in the Lifecycle Log.
NOTE: If you are exporting the server profile using NFS on Windows 10 operating system and face issues accessing the exported
server profile, enable Client for NFS in Windows Features.

Backing up server profile using iDRAC web interface
To back up the server profile using iDRAC Web interface:
1

Go to iDRAC Settings > Settings > Backup and Export Server Profile.
The Backup and Export Server Profile page is displayed.

2

Select one of the following to save the backup file image:
•

Network Share to save the backup file image on a CIFS or NFS share.
Setting up managed system

77

•

HTTP or HTTPS to save the backup file image to a local file via HTTP/S file transfer.
NOTE: Once you mount the NFS share, within iDRAC the non-root user cannot write to the share. This is to make iDRAC
more secure.

3

Enter the backup File Name , Backup File Passphrase (optional), Confirm Passphrase details.

4

If Network is selected as the file location, enter the network settings accordingly.
NOTE: While specifying the network share settings, it is recommended to avoid special characters for user name and
password or percent encode the special characters.
For information about the fields, see the iDRAC Online Help.

Backing up server profile using RACADM
To back up the server profile using RACADM, use the systemconfig backup command.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Scheduling automatic backup server profile
You can enable and schedule periodic backups of the firmware and server configuration based on a certain day, week, or month.
Before scheduling automatic backup server profile operation, make sure that:
•

Lifecycle Controller and Collect System Inventory On Reboot (CSIOR) option is enabled.

•

Network Time Protocol (NTP) is enabled so that time drift does not affect the actual times of scheduled jobs running and when the
next scheduled job is created.

•

To perform backup on a vFlash SD card:
•

A Dell supported vFlash SD card is inserted, enabled, and initialized.

•

vFlash SD card has enough space to store the backup file.

NOTE: IPv6 address is not supported for scheduling automatic backup server profile.

Scheduling automatic backup server profile using web interface
To schedule automatic backup server profile:
1

In the iDRAC Web interface, go to iDRAC Settings > Settings > Backup and Export Server Profile.
The Backup and Export Server Profile page is displayed.

2

Select one of the following to save the backup file image:
•

Network to save the backup file image on a CIFS or NFS share.

3

• HTTP or HTTPS to save the backup file image using HTTP/S file transfer.
Enter the backup File Name, Backup File Passphrase (optional) and Confirm Passphrase.

4

If Network is selected as the file location, enter the network settings.
NOTE: While specifying the network share settings, it is recommended to avoid special characters for user name and
password or percent encode the special characters.
For information about the fields, see the iDRAC Online Help

5

Click Backup Now.
A recurring job is represented in the job queue with a start date and time of the next scheduled backup operation. Five minutes after
the first instance of the recurring job starts, the job for the next time period is created. The backup server profile operation is
performed at the scheduled date and time.

78

Setting up managed system

Scheduling automatic backup server profile using RACADM
To enable automatic backup use the command:
racadm set lifecyclecontroller.lcattributes.autobackup Enabled
To schedule a backup server profile operation:
racadm systemconfig backup –f   [-n ] -time  -dom
<1-28,L,’*’> -dow<*,Sun-Sat> -wom <1-4, L,’*’> -rp <1-366>-mb 
To view the current backup schedule:
racadm systemconfig getbackupscheduler
To disable automatic backup, use the command:
racadm set LifeCycleController.lcattributes.autobackup Disabled
To clear the backup schedule:
racadm systemconfig clearbackupscheduler
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Importing server profile
You can use the backup image file to import or restore the configuration and firmware for the same server without rebooting the server.
Import feature is not licensed.
NOTE: For the restore operation, the system Service Tag and the Service Tag in the backup file must be identical. The restore
operation applies to all system components that are same and present in the same location or slot as captured in the backup file.
If components are different or not in the same location, they are not modified and restore failures is logged to the Lifecycle Log.
Before performing an import operation, make sure that Lifecycle Controller is enabled. If Lifecycle Controller is disabled, and if you initiate
the import operation, the following message is displayed:
Lifecycle Controller is not enabled, cannot create Configuration job.
When the import is in-progress, if you initiate an import operation again, the following error message is displayed:
Restore is already running
Import events are recorded in the Lifecycle Log.

Easy Restore
After you replace the motherboard on your server, Easy Restore allows you to automatically restore the following data:
•

System Service Tag

•

Licenses data

•

UEFI Diagnostics application

•

System configuration settings—BIOS, iDRAC, and NIC

Easy Restore uses the Easy Restore flash memory to back up the data. When you replace the motherboard and power on the system, the
BIOS queries the iDRAC and prompts you to restore the backed-up data. The first BIOS screen prompts you to restore the Service Tag,
licenses, and UEFI diagnostic application. The second BIOS screen prompts you to restore system configuration settings. If you choose not
to restore data on the first BIOS screen and if you do not set the Service Tag by another method, the first BIOS screen is displayed again.
The second BIOS screen is displayed only once.

Setting up managed system

79

NOTE:
•

System configurations settings are backed-up only when CSIOR is enabled. Ensure that Lifecycle Controller and CSIOR are
enabled.

•

System Erase does not clear the data from the Easy Restore flash memory.

•

Easy Restore does not back up other data such as firmware images, vFlash data, or add-in cards data.

Importing server profile using iDRAC web interface
To import the server profile using iDRAC web interface:
1

Go to iDRAC Settings > Settings > Import Server Profile.
The Import Server Profile page is displayed.

2

Select one of the following to specify the location of the backup file:
•

Network Share to save the backup file image on a CIFS or NFS share.

3

• HTTP/ HTTPS to save the backup file image to a local file via HTTP/S file transfer.
Enter the backup File Name, Backup File Passphrase (optional) and Confirm Passphrase details.

4

Enter the backup File Name and decryption passphrase (optional).

5

If Network is selected as the file location, enter the network settings.
NOTE: While specifying the network share settings, it is recommended to avoid special characters for user name and
password or percent encode the special characters.
For information about the fields, see the iDRAC Online Help.

6

Select one of the following for Virtual disks configuration and hard disk data:
•

Preserve - Preserves the RAID level, virtual disk, controller attributes, and hard disk data in the system and restores the system to
a previously known state using the backup image file.

•
7

Delete and Replace - Deletes and replaces the RAID level, virtual disk, controller attributes, and hard disk configuration information
in the system with the data from the backup image file.
Click Import.
The import server profile operation is initiated.

Importing server profile using RACADM
To import the server profile using RACADM, use the systemconfig restore command.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Restore operation sequence
The restore operation sequence is:
1

Host system shuts down.

2

Backup file information is used to restore the Lifecycle Controller.

3

Host system turns on.

4

Firmware and configuration restore process for the devices is completed.

5

Host system shuts down.

6

iDRAC firmware and configuration restore process is completed.

7

iDRAC restarts.

8

Restored host system turns on to resume normal operation.

80

Setting up managed system

Monitoring iDRAC using other Systems Management
tools
You can discover and monitor iDRAC using Dell Management Console or Dell OpenManage Essentials. You can also use Dell Remote Access
Configuration Tool (DRACT) to discover iDRACs, update firmware, and set up Active Directory. For more information, see the respective
user’s guides.

Support Server Configuration Profile — Import and
Export
Server Configuration Profile (SCP) allows you to import and export server configuration files.
User can import and export from local management station, and from a Network Share via CIFS, NFS, HTTP or HTTPS. Using SCP, you
can select and import or export component level configurations for BIOS, NIC and RAID. You can import and export SCP to the local
management station or to a CIFS, NFS, HTTP, or HTTPS network share. You can either import and export individual profiles of iDRAC,
BIOS, NIC, and RAID, or all of them together as a single file.
User can specify preview import or export of the SCP where the job is running and configuration result is generated but none of the
configuration has applied.
A job is created once the import or export is initiated through the GUI. The status of the jobs can be viewed on the Job Queue page.
NOTE: Only Host Name or IP Address are accepted for destination address.
NOTE: You can browse to a specific location to import the server configuration files. You need to select the correct server
configuration file that you want to import. For example, import.xml.
NOTE: Depending on the exported file format (that you selected), the extension is added automatically. For example,
export_system_config.xml.

Secure Boot Configuration from BIOS Settings or F2
UEFI Secure Boot is a technology that eliminates a major security void that may occur during a handoff between the UEFI firmware and
UEFI operating system (OS). In UEFI Secure Boot, each component in the chain is validated and authorized against a specific certificate
before it is allowed to load or run. Secure Boot removes the threat and provides software identity checking at every step of the boot—
Platform firmware, Option Cards, and OS BootLoader.
The Unified Extensible Firmware Interface (UEFI) Forum—an industry body that develops standards for pre-boot software—defines
Secure Boot in the UEFI specification. Computer system vendors, expansion card vendors, and operating system providers collaborate on
this specification to promote interoperability. As a portion of the UEFI specification, Secure Boot represents an industry-wide standard for
security in the pre-boot environment.
When enabled, UEFI Secure Boot prevents the unsigned UEFI device drivers from being loaded, displays an error message, and does not
allow the device to function. You must disable Secure Boot to load the unsigned device drivers.
On the Dell 14th generation and later versions of PowerEdge servers, you can enable or disable the Secure Boot feature by using different
interfaces (RACADM, WSMAN, REDFISH, and LC-UI).

Acceptable file formats
The Secure Boot policy contains only one key in PK, but multiple keys may reside in KEK. Ideally, either the platform manufacturer or
platform owner maintains the private key corresponding to the public PK. Third parties (such as OS providers and device providers)

Setting up managed system

81

maintain the private keys corresponding to the public keys in KEK. In this way, platform owners or third parties may add or remove entries
in the db or dbx of a specific system.
The Secure Boot policy uses db and dbx to authorize pre-boot image file execution. For an image file to get executed, it must associate
with a key or hash value in db, and not associate with a key or hash value in dbx. Any attempts to update the contents of db or dbx must be
signed by a private PK or KEK. Any attempts to update the contents of PK or KEK must be signed by a private PK.
Table 13. Acceptable file formats
Policy Component

Acceptable File Formats

Acceptable File Extensions

Max records allowed

PK

X.509 Certificate (binary DER
format only)

1

.cer

One

2

.der

3

.crt

X.509 Certificate (binary DER
format only)

1

.cer

2

Public Key Store

.der

3

.crt

4

.pbk

1

.cer

2

.der

3

.crt

4

.efi

KEK

DB and DBX

X.509 Certificate (binary DER
format only)
EFI image (system BIOS will
calculate and import image
digest)

More than one

More than one

The Secure Boot Settings feature can be accessed by clicking System Security under System BIOS Settings. To go to System BIOS
Settings, press F2 when the company logo is displayed during POST.
•

By default, Secure Boot is Disabled and the Secure Boot policy is set to Standard. To configure the Secure Boot Policy, you must enable
Secure Boot.

•

When the Secure Boot mode is set to Standard, it indicates that the system has default certificates and image digests or hash loaded
from the factory. This caters to the security of standard firmware, drivers, option-roms, and boot loaders.

•

To support a new driver or firmware on a server, the respective certificate must be enrolled into the DB of Secure Boot certificate store.
Therefore, Secure Boot Policy must be configured to Custom.

When the Secure Boot Policy is configured as Custom, it inherits the standard certificates and image digests loaded in the system by
default, which you can modify. Secure Boot Policy configured as Custom allows you to perform operations such as View, Export, Import,
Delete, Delete All, Reset, and Reset All. Using these operations, you can configure the Secure Boot Policies.
Configuring the Secure Boot Policy to Custom enables the options to manage the certificate store by using various actions such as Export,
Import, Delete, Delete All, Reset, and Rest All on PK, KEK, DB, and DBX. You can select the policy (PK / KEK / DB / DBX) on which you
want to make the change and perform appropriate actions by clicking the respective link. Each section will have links to perform the Import,
Export, Delete, and Reset operations. Links are enabled based on what is applicable, which depends on the configuration at the point of
time. Delete All and Reset All are the operations that have impact on all the policies. Delete All deletes all the certificates and image digests
in the Custom policy, and Rest All restores all the certificates and image digests from Standard or Default certificate store.

BIOS recovery
The BIOS recovery feature allows you to manually recover the BIOS from a stored image. The BIOS is checked when the system is
powered-on and if a corrupt or compromised BIOS is detected, an error message is displayed. You can then initiate the process of BIOS
recovery using RACADM. To perform a manual BIOS recovery, see the iDRAC RACADM Command Line Interface Reference Guide available
at Dell.com/idracmanuals.

82

Setting up managed system

4
Configuring iDRAC
iDRAC enables you to configure iDRAC properties, set up users, and set up alerts to perform remote management tasks.
Before you configure iDRAC, make sure that the iDRAC network settings and a supported browser is configured, and the required licenses
are updated. For more information about the licensable feature in iDRAC, see iDRAC licenses .
You can configure iDRAC using:
•

iDRAC Web Interface

•

RACADM

•

Remote Services (see Lifecycle Controller Remote Services User’s Guide)

•

IPMITool (see Baseboard Management Controller Management Utilities User’s Guide)

To configure iDRAC:
1

Log in to iDRAC.

2

Modify the network settings if required.
NOTE: If you have configured iDRAC network settings, using iDRAC Settings utility during iDRAC IP address setup, then
ignore this step.

3

Configure interfaces to access iDRAC.

4

Configure front panel display.

5

Configure System Location if required.

6

Configure time zone and Network Time Protocol (NTP) if required.

7

Establish any of the following alternate communication methods to iDRAC:
•

IPMI or RAC serial

•

IPMI serial over LAN

•

IPMI over LAN

8

• SSH or Telnet client
Obtain the required certificates.

9

Add and configure iDRAC users with privileges.

10

Configure and enable e-mail alerts, SNMP traps, or IPMI alerts.

11

Set the power cap policy if required.

12

Enable the Last Crash Screen.

13

Configure virtual console and virtual media if required.

14

Configure vFlash SD card if required.

15

Set the first boot device if required.

16

Set the OS to iDRAC Pass-through if required.

Topics:
•

Viewing iDRAC information

•

Modifying network settings

•

FIPS mode

•

Configuring services

•

Configuring TLS

Configuring iDRAC

83

•

Using VNC client to manage remote server

•

Configuring front panel display

•

Configuring time zone and NTP

•

Setting first boot device

•

Enabling or disabling OS to iDRAC Pass-through

•

Obtaining certificates

•

Configuring multiple iDRACs using RACADM

•

Disabling access to modify iDRAC configuration settings on host system

Viewing iDRAC information
You can view the basic properties of iDRAC.

Viewing iDRAC information using web interface
In the iDRAC Web interface, go to iDRAC Settings > Overview to view the following information related to iDRAC. For information about
the properties, see iDRAC Online Help.
iDRAC Details
•

Device Type

•

Hardware Version

•

Firmware Version

•

Firmware Update

•

RAC time

•

IPMI version

•

Number of Possible Sessions

•

Number of Current Sessions

•

IPMI Version

iDRAC Service Module
•

Status

Connection View
•

State

•

Switch Connection ID

•

Switch Port Connection ID

Current Network Settings
•

iDRAC MAC Address

•

Active NIC Interface

•

DNS Domain Name

Current IPv4 Setting
•

IPv4 Enabled

•

DHCP

•

Current IP Address

•

Current Subnet Mask

•

Current Gateway

•

Use DHCP to Obtain DNS Server Address

84

Configuring iDRAC

•

Current Preferred DNS Server

•

Current Alternate DNS Server

Current IPv6 Settings
•

IPv6 Enable

•

Autoconfiguration

•

Current IP Address

•

Current IP Gateway

•

Link Local Address

•

Use DHCPv6 to obtain DNS

•

Current Preferred DNS Server

•

Current Alternate DNS Server

Viewing iDRAC information using RACADM
To view iDRAC information using RACADM, see getsysinfo or get sub-command details provided in the iDRAC RACADM Command
Line Interface Reference Guide available at dell.com/idracmanuals.

Modifying network settings
After configuring the iDRAC network settings using the iDRAC Settings utility, you can also modify the settings through the iDRAC Web
interface, RACADM, Lifecycle Controller, Dell Deployment Toolkit, and Server Administrator (after booting to the operating system). For
more information on the tools and privilege settings, see the respective user’s guides.
To modify the network settings using iDRAC Web interface or RACADM, you must have Configure privileges.
NOTE: Changing the network settings may terminate the current network connections to iDRAC.

Modifying network settings using web interface
To modify the iDRAC network settings:
1

In the iDRAC Web interface, go to iDRAC Settings > Connectivity > Network > Network Settings.
The Network page is displayed.

2

Specify the network settings, common settings, IPv4, IPv6, IPMI, and/or VLAN settings as per your requirement and click Apply.
If you select Auto Dedicated NIC under Network Settings, when the iDRAC has its NIC Selection as shared LOM (1, 2, 3, or 4) and a
link is detected on the iDRAC dedicated NIC, the iDRAC changes its NIC selection to use the dedicated NIC. If no link is detected on
the dedicated NIC, then the iDRAC uses the shared LOM. The switch from shared to dedicated time-out is five seconds and from
dedicated to shared is 30 seconds. You can configure this time-out value using RACADM or WSMan.
For information about the various fields, see the iDRAC Online Help.

Modifying network settings using local RACADM
To generate a list of available network properties, use the command
racadm get iDRAC.Nic
To use DHCP to obtain an IP address, use the following command to write the object DHCPEnable and enable this feature.
racadm set iDRAC.IPv4.DHCPEnable 1

Configuring iDRAC

85

The following example shows how the command may be used to configure the required LAN network properties:
racadm
racadm
racadm
racadm
racadm
racadm
racadm
racadm
racadm
racadm
racadm
racadm

set
set
set
set
set
set
set
set
set
set
set
set

iDRAC.Nic.Enable 1
iDRAC.IPv4.Address 192.168.0.120
iDRAC.IPv4.Netmask 255.255.255.0
iDRAC.IPv4.Gateway 192.168.0.120
iDRAC.IPv4.DHCPEnable 0
iDRAC.IPv4.DNSFromDHCP 0
iDRAC.IPv4.DNS1 192.168.0.5
iDRAC.IPv4.DNS2 192.168.0.6
iDRAC.Nic.DNSRegister 1
iDRAC.Nic.DNSRacName RAC-EK00002
iDRAC.Nic.DNSDomainFromDHCP 0
iDRAC.Nic.DNSDomainName MYDOMAIN

NOTE: If iDRAC.Nic.Enable is set to 0, the iDRAC LAN is disabled even if DHCP is enabled.

Configuring IP filtering
In addition to user authentication, use the following options to provide additional security while accessing iDRAC:
•

IP filtering limits the IP address range of the clients accessing iDRAC. It compares the IP address of an incoming login to the specified
range and allows iDRAC access only from a management station whose IP address is within the range. All other login requests are
denied.

•

When repeated login failures occur from a particular IP address, it prevents the address from logging in to iDRAC for a preselected time
span. If you unsuccessfully log in up to two times, you are allowed to log in again only after 30 seconds. If you unsuccessfully log in
more than two times, you are allowed to log in again only after 60 seconds.

As login failures accumulate from a specific IP address, they are registered by an internal counter. When the user successfully logs in, the
failure history is cleared and the internal counter is reset.
NOTE: When login attempts are prevented from the client IP address, few SSH clients may display the message: ssh
exchange identification: Connection closed by remote host.
NOTE: If you are using Dell Deployment Toolkit (DTK), see the Dell Deployment Toolkit User’s Guide for the privileges.

Configure IP filtering using iDRAC web interface
You must have Configure privilege to perform these steps.
To configure IP filtering:
1

In iDRAC Web interface, go to iDRAC Settings > Connectivity > Network > Network Settings > Advanced Network Settings.
The Network page is displayed.

2

Click Advanced Network Settings.
The Network Security page is displayed.

3

Specify the IP filtering settings using IP Range Address and IP Range Subnet Mask.
For more information about the options, see iDRAC Online Help.

4

Click Apply to save the settings.
Federal Information Processing Standards — FIPS is a set of standards used by the United States government agencies and
contractors. FIPS Mode is intended to meet the requirements of FIPS 140-2 level 1. For more information about FIPS, refer to the FIPS
User Guide for iDRAC and CMC.
NOTE: Enabling FIPS Mode resets iDRAC to the default settings.

Configuring IP filtering using RACADM
You must have Configure privilege to perform these steps.

86

Configuring iDRAC

To configure IP filtering, use the following RACADM objects in the iDRAC.IPBlocking group:
•

RangeEnable

•

RangeAddr

•

RangeMask

The RangeMask property is applied to both the incoming IP address and to the RangeAddr property. If the results are identical, the
incoming login request is allowed to access iDRAC. Logging in from IP addresses outside this range results in an error.
The login proceeds if the following expression equals zero:
RangeMask & ( ^ RangeAddr)
Bitwise AND of the quantities
Bitwise exclusive-OR

&
^
Examples for IP Filtering

The following RACADM commands block all IP addresses except 192.168.0.57:
racadm set iDRAC.IPBlocking.RangeEnable 1
racadm set iDRAC.IPBlocking.RangeAddr 192.168.0.57
racadm set iDRAC.IPBlocking.RangeMask 255.255.255.255
To restrict logins to a set of four adjacent IP addresses (for example, 192.168.0.212 through 192.168.0.215), select all but the lowest two bits
in the mask:
racadm set iDRAC.IPBlocking.RangeEnable 1
racadm set iDRAC.IPBlocking.RangeAddr 192.168.0.212
racadm set iDRAC.IPBlocking.RangeMask 255.255.255.252
The last byte of the range mask is set to 252, the decimal equivalent of 11111100b.
For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals.

FIPS mode
FIPS is a computer security standard that United States government agencies and contractors must use. Starting from version iDRAC
2.40.40.40, iDRAC supports enabling FIPS mode.
iDRAC will be officially certified to support FIPS mode in the future.

Difference between FIPS-mode supported and FIPS-validated
Software that has been validated by completing the Cryptographic Module Validation Program is referred to as FIPS-validated. Because of
the time it takes to complete FIPS-validation, not all versions of iDRAC are validated. For information about the latest status of FIPSvalidation for iDRAC, see the Cryptographic Module Validation Program page on the NIST website.

Enabling FIPS Mode
CAUTION: Enabling FIPS mode resets iDRAC to factory-default settings. If you want to restore the settings, back up the server
configuration profile (SCP) before you enable FIPS mode, and restore the SCP after iDRAC restarts.
NOTE: If you reinstall or upgrade iDRAC firmware, FIPS mode gets disabled.

Configuring iDRAC

87

Enabling FIPS mode using web interface
1

On the iDRAC web interface, navigate to iDRAC Settings > Connectivity > Network > Network Settings > Advanced Network
Settings.

2

In FIPS Mode, select Enabled and click Apply.

3

A message appears prompting you to confirm the change. Click OK.

NOTE: Enabling FIPS Mode resets iDRAC to the default settings.
iDRAC restarts in FIPS mode. Wait for at least 60 seconds before you reconnect to iDRAC.
4

Install a trusted certificate for iDRAC.
NOTE: The default SSL certificate is not allowed in FIPS
mode.
NOTE: Some iDRAC interfaces, such as the standards-compliant implementations of IPMI and SNMP, do not support FIPScompliance.

Enabling FIPS mode using RACADM
Use RACADM CLI to execute the following command:
racadm set iDRAC.Security.FIPSMode 

Disabling FIPS mode
To disable FIPS mode, you must reset iDRAC to the factory-default settings.

Configuring services
You can configure and enable the following services on iDRAC:
Local Configuration

Disable access to iDRAC configuration (from the host system) using Local RACADM and iDRAC Settings utility.

Web Server

Enable access to iDRAC web interface. If you disable the web interface, remote RACADM also gets disabled. Use
local RACADM to re-enable the web server and remote RACADM.

SSH

Access iDRAC through firmware RACADM.

Telnet

Access iDRAC through firmware RACADM.

Remote RACADM

Remotely access iDRAC.

Redfish

Enables support for Redfish RESTful API.

SNMP Agent

Enables support for SNMP queries (GET, GETNEXT, and GETBULK operations) in iDRAC.

Automated System
Recovery Agent

Enable Last System Crash Screen.

VNC Server

Enable VNC server with or without SSL encryption.

Configuring services using web interface
To configure the services using iDRAC Web interface:
1

88

In the iDRAC Web interface, go to iDRAC Settings > Services.

Configuring iDRAC

The Services page is displayed.
2

Specify the required information and click Apply.
For information about the various settings, see the iDRAC Online Help.
NOTE: Do not select the Prevent this page from creating additional dialogs check-box. Selecting this option prevents you
from configuring services.

Configuring services using RACADM
To enable and configure services using RACADM, use the set command with the objects in the following object groups:
•

iDRAC.LocalSecurity

•

iDRAC.LocalSecurity

•

iDRAC.SSH

•

iDRAC.Webserver

•

iDRAC.Telnet

•

iDRAC.Racadm

•

iDRAC.SNMP

For more information about these objects, see iDRAC RACADM Command Line Interface Reference Guide available at dell.com/
idracmanuals.

Enabling or disabling HTTPS redirection
If you do not want automatic redirection from HTTP to HTTPs due to certificate warning issue with default iDRAC certificate or as a
temporary setting for debugging purpose, you can configure iDRAC such that redirection from http port (default is 80) to https port
(default is 443) is disabled. By default, it is enabled. You have to log out and log in to iDRAC for this setting to take effect. When you disable
this feature, a warning message is displayed.
You must have Configure iDRAC privilege to enable or disable HTTPS redirection.
An event is recorded in the Lifecycle Controller log file when this feature is enabled or disabled.
To disable the HTTP to HTTPS redirection:
racadm set iDRAC.Webserver.HttpsRedirection Disabled
To enable HTTP to HTTPS redirection:
racadm set iDRAC.Webserver.HttpsRedirection Enabled
To view the status of the HTTP to HTTPS redirection:
racadm get iDRAC.Webserver.HttpsRedirection

Configuring TLS
By default, iDRAC is configured to use TLS 1.1 and higher. You can configure iDRAC to use any of the following:
•

TLS 1.0 and higher

•

TLS 1.1 and higher

•

TLS 1.2 only
NOTE: To ensure a secure connection, Dell recommends using TLS 1.1 and higher.

Configuring iDRAC

89

Configuring TLS using web interface
1

Go to iDRAC Settings > Services.

2

Click the Services tab and then click Web Server.

3

In the TLS Protocol drop-down, select the TLS version and click Apply.

Configuring TLS using RACADM
To check the version of TLS configured:
racadm get idrac.webserver.tlsprotocol
To set the version of TLS:
racadm set idrac.webserver.tlsprotocol 
TLS 1.0 and Higher
TLS 1.1 and Higher
TLS 1.2 Only

=0
=1
=2

Using VNC client to manage remote server
You can use a standard open VNC client to manage the remote server using both desktop and mobile devices such as Dell Wyse
PocketCloud. When servers in data centers stop functioning, the iDRAC or the operating system sends an alert to the console on the
management station. The console sends an email or SMS to a mobile device with required information and launches VNC viewer application
on the management station. This VNC viewer can connect to OS/Hypervisor on the server and provide access to keyboard, video and
mouse of the host server to perform the necessary remediation. Before launching the VNC client, you must enable the VNC server and
configure the VNC server settings in iDRAC such as password, VNC port number, SSL encryption, and the time out value. You can
configure these settings using iDRAC Web interface or RACADM.
NOTE: VNC feature is licensed and is available in the iDRAC Enterprise license.
You can choose from many VNC applications or Desktop clients such as the ones from RealVNC or Dell Wyse PocketCloud.
2 VNC client sessions can be activated at the same time. Second one is in Read-Only mode.
If a VNC session is active, you can only launch the Virtual Media using Launch Virtual Console and not the Virtual Console Viewer.
If video encryption is disabled, the VNC client starts RFB handshake directly, and a SSL handshake is not required. During VNC client
handshake (RFB or SSL), if another VNC session is active or if a Virtual Console session is open, the new VNC client session is rejected.
After completion of the initial handshake, VNC server disables Virtual Console and allows only Virtual Media. After termination of the VNC
session, VNC server restores the original state of Virtual Console (enabled or disabled).
NOTE:

90

•

When iDRAC NIC is in shared mode and the host system is power cycled, the network connection is lost for a few seconds. During
this time, if you perform any action in the active VNC client, the VNC session may close. You must wait for timeout (value
configured for the VNC Server settings in the Services page in iDRAC Web interface) and then re-establish the VNC connection.

•

If the VNC client window is minimized for more than 60 seconds, the client window closes. You must open a new VNC session. If
you maximize the VNC client window within 60 seconds, you can continue to use it.

Configuring iDRAC

Configuring VNC server using iDRAC web interface
To configure the VNC server settings:
1

In the iDRAC Web interface, go to Configuration > Virtual Console.
The Virtual Console page is displayed.

2

In the VNC Server section, enable the VNC server, specify the password, port number, and enable or disable SSL encryption.
For information about the fields, see the iDRAC Online Help.

3

Click Apply.
The VNC server is configured.

Configuring VNC server using RACADM
To configure the VNC server, use the set command with the objects in VNCserver.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Setting up VNC viewer with SSL encryption
While configuring the VNC server settings in iDRAC, if the SSL Encryption option was enabled, then the SSL tunnel application must be
used along with the VNC Viewer to establish the SSL encrypted connection with iDRAC VNC server.
NOTE: Most of the VNC clients do not have built-in SSL encryption support.
To configure the SSL tunnel application:
1

Configure SSL tunnel to accept connection on :. For example, 127.0.0.1:5930.

2

Configure SSL tunnel to connect to :. For example, 192.168.0.120:5901.

3

Start the tunnel application.
To establish connection with the iDRAC VNC server over the SSL encrypted channel, connect the VNC viewer to the localhost (link
local IP address) and the local port number (127.0.0.1:).

Setting up VNC viewer without SSL encryption
In general, all Remote Frame Buffer (RFB) compliant VNC Viewers connect to the VNC server using the iDRAC IP address and port
number that is configured for the VNC server. If the SSL encryption option is disabled when configuring the VNC server settings in iDRAC,
then to connect to the VNC Viewer do the following:
In the VNC Viewer dialog box, enter the iDRAC IP address and the VNC port number in the VNC Server field.
The format is 
For example, if the iDRAC IP address is 192.168.0.120 and VNC port number is 5901, then enter 192.168.0.120:5901.

Configuring front panel display
You can configure the front panel LCD and LED display for the managed system.
For rack and tower servers, two types of front panels are available:
•

LCD front panel and System ID LED

Configuring iDRAC

91

•

LED front panel and System ID LED

For blade servers, only the System ID LED is available on the server front panel since the blade chassis has the LCD.

Configuring LCD setting
You can set and display a default string such as iDRAC name, IP, and so on or a user-defined string on the LCD front panel of the managed
system.

Configuring LCD setting using web interface
To configure the server LCD front panel display:
1

In iDRAC Web interface, go to Configurations > System Settings > Hardware Settings > Front Panel configuration.

2

In LCD Settings section, from the Set Home Message drop-down menu, select any of the following:
•

Service Tag (default)

•

Asset Tag

•

DRAC MAC Address

•

DRAC IPv4 Address

•

DRAC IPv6 Address

•

System Power

•

Ambient Temperature

•

System Model

•

Host Name

•

User Defined

•

None
If you select User Defined, enter the required message in the text box.
If you select None, home message is not displayed on the server LCD front panel.

3

Enable Virtual Console indication (optional). If enabled, the Live Front Panel Feed section and the LCD panel on the server displays the
Virtual console session active message when there is an active Virtual Console session.

4

Click Apply.
The server LCD front panel displays the configured home message.

Configuring LCD setting using RACADM
To configure the server LCD front panel display, use the objects in the System.LCD group.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Configuring LCD setting using iDRAC settings utility
To configure the server LCD front panel display:
1

In the iDRAC Settings utility, go to Front Panel Security.
The iDRAC Settings.Front Panel Security page is displayed.

2

Enable or disable the power button.

3

Specify the following:

92

•

Access to the front panel

•

LCD message string

Configuring iDRAC

4

• System power units, ambient temperature units, and error display
Enable or disable the virtual console indication.
For information about the options, see the iDRAC Settings Utility Online Help.

5

Click Back, click Finish, and then click Yes.

Configuring system ID LED setting
To identify a server, enable or disable System ID LED blinking on the managed system.

Configuring system ID LED setting using web interface
To configure the System ID LED display:
1

In iDRAC Web interface, go to Configuration > System Settings > Hardware Settings > Front Panel configuration. The System ID
LED Settings page is displayed.

2

In System ID LED Settings section, select any of the following options to enable or disable LED blinking:
• Blink Off
• Blink On
• Blink On 1 Day Timeout
• Blink On 1 Week Timeout
• Blink On 1 Month Timeout
Click Apply.

3

The LED blinking on the front panel is configured.

Configuring system ID LED setting using RACADM
To configure system ID LED, use the setled command.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Configuring time zone and NTP
You can configure the time zone on iDRAC and synchronize the iDRAC time using Network Time Protocol (NTP) instead of BIOS or host
system times.
You must have Configure privilege to configure time zone or NTP settings.

Configuring time zone and NTP using iDRAC web interface
To configure time zone and NTP using iDRAC web interface:
1

Go to iDRAC Settings > Settings > Time zone and NTP Settings.

2

To configure the time zone, from the Time Zone drop-down menu, select the required time zone, and then click Apply.

3

To configure NTP, enable NTP, enter the NTP server addresses, and then click Apply.

The Time zone and NTP page is displayed.

For information about the fields, see iDRAC Online Help.

Configuring time zone and NTP using RACADM
To configure time zone and NTP, use the set command with the objects in the iDRAC.Time and iDRAC.NTPConfigGroup group.
Configuring iDRAC

93

For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Setting first boot device
You can set the first boot device for the next boot only or for all subsequent reboots. If you set the device to be used for all subsequent
boots, it remains as the first boot device in the BIOS boot order until it is changed again either from the iDRAC web interface or from the
BIOS boot sequence.
You can set the first boot device to one of the following:
•

Normal Boot

•

PXE

•

BIOS Setup

•

Local Floppy/Primary Removable Media

•

Local CD/DVD

•

Hard Drive

•

Virtual Floppy

•

Virtual CD/DVD/ISO

•

Local SD Card

•

Lifecycle Controller

•

BIOS Boot Manager

•

UEFI Device Path

•

UEFI HTTP
NOTE:
•

BIOS Setup (F2), Lifecycle Controller (F10), and BIOS Boot Manager (F11) cannot be set as permanent boot device.

•

The first boot device setting in iDRAC Web Interface overrides the System BIOS boot settings.

Setting first boot device using web interface
To set the first boot device using iDRAC Web interface:
1

Go to Configuration > System Settings > Hardware Settings > First Boot Device.
The First Boot Device page is displayed.

2

Select the required first boot device from the drop-down list, and click Apply.
The system boots from the selected device for subsequent reboots.

3

To boot from the selected device only once on the next boot, select Boot Once. Thereafter, the system boots from the first boot
device in the BIOS boot order.
For more information about the options, see the iDRAC Online Help.

Setting first boot device using RACADM
•

To set the first boot device, use the iDRAC.ServerBoot.FirstBootDevice object.

•

To enable boot once for a device, use the iDRAC.ServerBoot.BootOnce object.

For more information about these objects, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/
idracmanuals.

94

Configuring iDRAC

Setting first boot device using virtual console
You can select the device to boot from as the server is being viewed in the Virtual Console viewer before the server runs through its bootup sequence. Boot-once is supported by all devices listed in Setting first boot device.
To set the first boot device using Virtual Console:
1

Launch Virtual Console.

2

In the Virtual Console Viewer, from the Next Boot menu, set the required device as the first boot device.

Enabling last crash screen
To troubleshoot the cause of a crash on the managed system, you can capture the system crash image using iDRAC.
NOTE: For information about Server Administrator, see the Dell OpenManage Server Administrator Installation Guide at
dell.com/support/manuals.
1

From the Dell Systems Management Tools and Documentation DVD or from the Dell Support website, install Server Administrator or
iDRAC Service Module (iSM) on the managed system.

2

In the Windows startup and recovery window, make sure that the automatic reboot option is not selected.
For more information, see Windows documentation.

3

Use Server Administrator to enable the Auto Recovery timer, set the Auto Recovery action to Reset, Power Off, or Power Cycle, and
set the timer in seconds (a value between 60 - 480).

4

Enable the Auto Shutdown and Recovery (ASR) option using one of the following:
• Server Administrator — See the Dell OpenManage Server Administrator User’s Guide.
• Local RACADM — Use the command racadm config -g cfgRacTuning -o cfgRacTuneAsrEnable 1

5

Enable Automated System Recovery Agent. To do this, go to iDRAC Settings > Services > Automated System Recovery Agent,
select Enabled, and click Apply.

Enabling or disabling OS to iDRAC Pass-through
In servers that have Network Daughter Card (NDC) or embedded LAN On Motherboard (LOM) devices, you can enable the OS to iDRAC
Pass-through feature. This feature provides a high-speed bi-directional in-band communication between iDRAC and the host operating
system through a shared LOM, a dedicated NIC, or through the USB NIC. This feature is available for iDRAC Enterprise license.
NOTE: iDRAC Service Module (iSM) provides more features for managing iDRAC through the operating system. For more
information, see the iDRAC Service Module Installation Guide available at dell.com/support/manuals.
When enabled through dedicated NIC, you can launch the browser in the host operating system and then access the iDRAC Web interface.
The dedicated NIC for the blade servers is through the Chassis Management Controller.
Switching between dedicated NIC or shared LOM does not require a reboot or reset of the host operating system or iDRAC.
You can enable this channel using:
•
•
•

iDRAC Web interface
RACADM or WSMan (post operating system environment)
iDRAC Settings utility (pre-operating system environment)

If the network configuration is changed through iDRAC Web interface, you must wait for at least 10 seconds before enabling OS to iDRAC
Pass-through.
If you are configuring the server using a Server Configuration Profile through RACADM, WSMan or Redfish and if the network settings are
changed in this file, then you must wait for 15 seconds to either enable OS to iDRAC Pass-through feature or set the OS Host IP address.
Before enabling OS to iDRAC Pass-through, make sure that:

Configuring iDRAC

95

•

iDRAC is configured to use dedicated NIC or shared mode (that is, NIC selection is assigned to one of the LOMs).

•

Host operating system and iDRAC are in the same subnet and same VLAN.

•

Host operating system IP address is configured.

•

A card that supports OS to iDRAC Pass-through capability is installed.

•

You have the Configure privilege.

When you enable this feature:
•

In shared mode, the host operating system's IP address is used.

•

In dedicated mode, you must provide a valid IP address of the host operating system. If more than one LOM is active, enter the first
LOM’s IP address.

If the OS to iDRAC Pass-through feature does not work after it is enabled, ensure that you check the following:
•

The iDRAC dedicated NIC cable is connected properly.

•

At least one LOM is active.
NOTE: Use the default IP address. Ensure that the IP address of the USB NIC interface is not in the same network subnet as the
iDRAC or host OS IP addresses. If this IP address conflicts with an IP address of other interfaces of the host system or the local
network, you must change it.
NOTE: Do not use 169.254.0.3 and 169.254.0.4 IP addresses. These IP addresses are reserved for the USB NIC port on the front
panel when an A/A cable is used.

Supported cards for OS to iDRAC Pass-through
The following table provides a list of cards that support the OS to iDRAC Pass-through feature using LOM.
Table 14. OS to iDRAC Pass-through using LOM — supported cards
Category

Manufacturer

Type

NDC

Broadcom

•

5720 QP rNDC 1G BASE-T

Intel

•

x520/i350 QP rNDC 1G BASE-T

In-built LOM cards also support the OS to iDRAC pass-through feature.

Supported operating systems for USB NIC
The operating systems supported for USB NIC are:
•

Server 2012 R2 Foundation Edition

•

Server 2012 R2 Essentials Edition

•

Server 2012 R2 Standard Edition

•

Server 2012 R2 Datacenter Edition

•

Server 2012 for Embedded Systems (Base and R2 w/ SP1)

•

Server 2016 Essentials Edition

•

Server 2016 Standard Edition

•

Server 2016 Datacenter Edition

•

RHEL 7.3

•

RHEL 6.9

•

SLES 12 SP2

96

Configuring iDRAC

•

ESXi 6.0 U3

•

vSphere 2016

•

XenServer 7.1

For Linux operating systems, configure the USB NIC as DHCP on the host operating system before enabling USB NIC.
For vSphere, you must install the VIB file before enabling USB NIC.

Installing VIB file
For vSphere operating systems, before enabling the USB NIC, you must install the VIB file.
To install the VIB file:
1

Using Win-SCP, copy the VIB file to /tmp/ folder of the ESX-i host operating system.

2

Go to the ESXi prompt and run the following command:
esxcli software vib install -v /tmp/ iDRAC_USB_NIC-1.0.0-799733X03.vib --no-sig-check
The output is:
Message: The update completed successfully, but the system needs to be rebooted for the
changes to be effective.
Reboot Required: true
VIBs Installed: Dell_bootbank_iDRAC_USB_NIC_1.0.0-799733X03
VIBs Removed:
VIBs Skipped:

3

Reboot the server.

4

At the ESXi prompt, run the command: esxcfg-vmknic –l.
The output displays the usb0 entry.

Enabling or disabling OS to iDRAC Pass-through using web
interface
To enable OS to iDRAC Pass-through using Web interface:
1

Go to iDRAC Settings > Connectivity > Network > OS to iDRAC Pass-through.
The OS to iDRAC Pass-through page is displayed.

2

Select any of the following options to enable OS to iDRAC pass-through:
•

LOM — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the LOM or
NDC.

•

USB NIC — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the
internal USB bus.

To disable this feature, select Disabled.
3

If you select LOM as the pass-through configuration, and if the server is connected using dedicated mode, enter the IPv4 address of
the operating system.
NOTE: If the server is connected in shared LOM mode, then the OS IP Address field is disabled.
NOTE: If the VLAN is enabled on the iDRAC, the LOM-Passthrough will only function in shared LOM mode with VLAN
tagging configured on the host.

4

If you select USB NIC as the pass-through configuration, enter the IP address of the USB NIC.
The default value is 169.254.1.1. It is recommended to use the default IP address. However, if this IP address conflicts with an IP
address of other interfaces of the host system or the local network, you must change it.
Do not enter 169.254.0.3 and 169.254.0.4 IPs. These IPs are reserved for the USB NIC port on the front panel when a A/A cable is
used.

Configuring iDRAC

97

5

Click Apply.

6

Click Test Network Configuration to check if the IP is accessible and the link is established between the iDRAC and the host
operating system.

Enabling or disabling OS to iDRAC Pass-through using
RACADM
To enable or disable OS to iDRAC Pass-through using RACADM, use the objects in the iDRAC.OS-BMC group.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Enabling or disabling OS to iDRAC Pass-through using iDRAC
settings utility
To enable or disable OS to iDRAC Pass-through using iDRAC Settings Utility:
1

In the iDRAC Settings utility, go to Communications Permissions.
The iDRAC Settings.Communications Permissions page is displayed.

2

Select any of the following options to enable OS to iDRAC pass-through:
•

LOM — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the LOM or
NDC.

•

USB NIC — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the
internal USB bus.

To disable this feature, select Disabled.
NOTE: The LOM option can be selected only of the card supports OS to iDRAC pass-through capability. Else, this option is
grayed-out.
3

If you select LOM as the pass-through configuration, and if the server is connected using dedicated mode, enter the IPv4 address of
the operating system.
NOTE: If the server is connected in shared LOM mode, then the OS IP Address field is disabled.

4

If you select USB NIC as the pass-through configuration, enter the IP address of the USB NIC.
The default value is 169.254.1.1. However, if this IP address conflicts with an IP address of other interfaces of the host system or the
local network, you must change it. Do not enter 169.254.0.3 and 169.254.0.4 IPs. These IPs are reserved for the USB NIC port on the
front panel when a A/A cable is used

5

Click Back, click Finish, and then click Yes.
The details are saved.

Obtaining certificates
The following table lists the types of certificates based on the login type.
Table 15. Types of certificate based on login type
Login Type

Certificate Type

How to Obtain

Single Sign-on using Active Directory

Trusted CA certificate

Generate a CSR and get it signed from a
Certificate Authority

98

Configuring iDRAC

Login Type

Certificate Type

How to Obtain
SHA-2 certificates are also supported.

Smart Card login as a local or Active
Directory user

•
•

User certificate
Trusted CA certificate

•

•

User Certificate — Export the smart
card user certificate as Base64encoded file using the card
management software provided by
the smart card vendor.
Trusted CA certificate — This
certificate is issued by a CA.

SHA-2 certificates are also supported.
Active Directory user login

Trusted CA certificate

This certificate is issued by a CA.
SHA-2 certificates are also supported.

Local User login

SSL Certificate

Generate a CSR and get it signed from a
trusted CA
NOTE: iDRAC ships with a
default self-signed SSL server
certificate. The iDRAC Web
server, Virtual Media, and Virtual
Console use this certificate.
SHA-2 certificates are also supported.

SSL server certificates
iDRAC includes a web server that is configured to use the industry-standard SSL security protocol to transfer encrypted data over a
network. An SSL encryption option is provided to disable weak ciphers. Built upon asymmetric encryption technology, SSL is widely
accepted for providing authenticated and encrypted communication between clients and servers to prevent eavesdropping across a
network.
An SSL-enabled system can perform the following tasks:
•
•

Authenticate itself to an SSL-enabled client
Allow the two systems to establish an encrypted connection
NOTE: If SSL encryption is set to 256-bit or higher and 168–bit or higher, the cryptography settings for your virtual machine
environment (JVM, IcedTea) may require installing the Unlimited Strength Java Cryptography Extension Policy Files to permit
usage of iDRAC plugins such as vConsole with this level of encryption. For information about installing the policy files, see the
documentation for Java.

iDRAC Web server has a Dell self-signed unique SSL digital certificate by default. You can replace the default SSL certificate with a
certificate signed by a well-known Certificate Authority (CA). A Certificate Authority is a business entity that is recognized in the
Information Technology industry for meeting high standards of reliable screening, identification, and other important security criteria.
Examples of CAs include Thawte and VeriSign. To initiate the process of obtaining a CA-signed certificate, use either iDRAC Web interface
or RACADM interface to generate a Certificate Signing Request (CSR) with your company’s information. Then, submit the generated CSR
to a CA such as VeriSign or Thawte. The CA can be a root CA or an intermediate CA. After you receive the CA-signed SSL certificate,
upload this to iDRAC.
For each iDRAC to be trusted by the management station, that iDRAC’s SSL certificate must be placed in the management station’s
certificate store. Once the SSL certificate is installed on the management stations, supported browsers can access iDRAC without
certificate warnings.
You can also upload a custom signing certificate to sign the SSL certificate, rather than relying on the default signing certificate for this
function. By importing one custom signing certificate into all management stations, all the iDRACs using the custom signing certificate are

Configuring iDRAC

99

trusted. If a custom signing certificate is uploaded when a custom SSL certificate is already in-use, then the custom SSL certificate is
disabled and a one-time auto-generated SSL certificate, signed with the custom signing certificate, is used. You can download the custom
signing certificate (without the private key). You can also delete an existing custom signing certificate. After deleting the custom signing
certificate, iDRAC resets and auto-generates a new self-signed SSL certificate. If a self-signed certificate is regenerated, then the trust
must be re-established between that iDRAC and the management workstation. Auto-generated SSL certificates are self-signed and have
an expiration date of seven years and one day and a start date of one day in the past (for different time zone settings on management
stations and the iDRAC).
The iDRAC Web server SSL certificate supports the asterisk character (*) as part of the left-most component of the Common Name when
generating a Certificate Signing Request (CSR). For example, *.qa.com, or *.company.qa.com. This is called a wildcard certificate. If a
wildcard CSR is generated outside of iDRAC, you can have a signed single wildcard SSL certificate that you can upload for multiple iDRACs
and all the iDRACs are trusted by the supported browsers. While connecting to iDRAC Web interface using a supported browser that
supports a wildcard certificate, the iDRAC is trusted by the browser. While launching viewers, the iDRACs are trusted by the viewer clients.

Generating a new certificate signing request
A CSR is a digital request to a Certificate Authority (CA) for a SSL server certificate. SSL server certificates allow clients of the server to
trust the identity of the server and to negotiate an encrypted session with the server.
After the CA receives a CSR, they review and verify the information the CSR contains. If the applicant meets the CA’s security standards,
the CA issues a digitally-signed SSL server certificate that uniquely identifies the applicant’s server when it establishes SSL connections
with browsers running on management stations.
After the CA approves the CSR and issues the SSL server certificate, it can be uploaded to iDRAC. The information used to generate the
CSR, stored on the iDRAC firmware, must match the information contained in the SSL server certificate, that is, the certificate must have
been generated using the CSR created by iDRAC.

Generating CSR using web interface
To generate a new CSR:
NOTE: Each new CSR overwrites any previous CSR data stored in the firmware. The information in the CSR must match the
information in the SSL server certificate. Else, iDRAC does not accept the certificate.
1

In the iDRAC Web interface, go to iDRAC Settings > Connectivity > SSL > SSL certificate, select Generate Certificate Signing
Request (CSR) and click Next.
The Generate a New Certificate Signing Request page is displayed.

2

Enter a value for each CSR attribute.
For more information, see iDRAC Online Help.

3

Click Generate.
A new CSR is generated. Save it to the management station.

Generating CSR using RACADM
To generate a CSR using RACADM, use the set command with the objects in the iDRAC.Security group, and then use the sslcsrgen
command to generate the CSR.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

100

Configuring iDRAC

Uploading server certificate
After generating a CSR, you can upload the signed SSL server certificate to the iDRAC firmware. iDRAC must be reset to apply the
certificate. iDRAC accepts only X509, Base 64 encoded Web server certificates. SHA-2 certificates are also supported.
CAUTION: During reset, iDRAC is not available for a few minutes.

Uploading server certificate using web interface
To upload the SSL server certificate:
1

In the iDRAC Web interface, go to iDRAC Settings > Connectivity > SSL > SSL certificate, select Upload Server Certificate and
click Next.
The Certificate Upload page is displayed.

2

Under File Path, click Browse and select the certificate on the management station.

3

Click Apply.
The SSL server certificate is uploaded to iDRAC.

4

A pop-up message is displayed asking you to reset iDRAC immediately or at a later time. Click Reset iDRAC or Reset iDRAC Later as
required.
iDRAC resets and the new certificate is applied. The iDRAC is not available for a few minutes during the reset.
NOTE: You must reset iDRAC to apply the new certificate. Until iDRAC is reset, the existing certificate is
active.

Uploading server certificate using RACADM
To upload the SSL server certificate, use the sslcertupload command. For more information, see the RACADM Command Line Reference
Guide for iDRAC available at dell.com/idracmanuals.
If the CSR is generated outside of iDRAC with a private key available, then to upload the certificate to iDRAC:
1

Send the CSR to a well-known root CA. CA signs the CSR and the CSR becomes a valid certificate.

2

Upload the private key using the remote racadm sslkeyupload command.

3

Upload the signed certificate to iDRAC using the remote racadm sslcertupload command.
The new certificate is uploaded iDRAC. A message is displayed asking you to reset iDRAC.

4

Run the racadm racreset command to reset iDRAC.
iDRAC resets and the new certificate is applied. The iDRAC is not available for a few minutes during the reset.
NOTE: You must reset iDRAC to apply the new certificate. Until iDRAC is reset, the existing certificate is
active.

Viewing server certificate
You can view the SSL server certificate that is currently being used in iDRAC.

Viewing server certificate using web interface
In the iDRAC Web interface, go to iDRAC Settings > Connectivity > SSL > SSL Certificate. The SSL page displays the SSL server
certificate that is currently in use at the top of the page.

Configuring iDRAC

101

Viewing server certificate using RACADM
To view the SSL server certificate, use the sslcertview command.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Uploading custom signing certificate
You can upload a custom signing certificate to sign the SSL certificate. SHA-2 certificates are also supported.

Uploading custom signing certificate using web interface
To upload the custom signing certificate using iDRAC web interface:
1

Go to iDRAC Settings > Connectivity > SSL.
The SSL page is displayed.

2

Under Custom SSL Certificate Signing Certificate, click Upload Signing Certificate.
The Upload Custom SSL Certificate Signing Certificate page is displayed.

3

Click Choose File and select the custom SSL certificate signing certificate file.
Only Public-Key Cryptography Standards #12 (PKCS #12) compliant certificate is supported.

4

If the certificate is password protected, in the PKCS#12 Password field, enter the password.

5

Click Apply.
The certificate is uploaded to iDRAC.

6

A pop-up message is displayed asking you to reset iDRAC immediately or at a later time. Click Reset iDRAC or Reset iDRAC Later as
required.
After iDRAC resets, the new certificate is applied. The iDRAC is not available for a few minutes during the reset.
NOTE: You must reset iDRAC to apply the new certificate. Until iDRAC is reset, the existing certificate is
active.

Uploading custom SSL certificate signing certificate using RACADM
To upload the custom SSL certificate signing certificate using RACADM, use the sslcertupload command, and then use the racreset
command to reset iDRAC.
For more information, see the iDRAC RACADM Command Line Reference Guide available at www.dell.com/idracmanuals.

Downloading custom SSL certificate signing certificate
You can download the custom signing certificate using iDRAC Web interface or RACADM.

Downloading custom signing certificate
To download the custom signing certificate using iDRAC Web interface:
1

Go to iDRAC Settings > Connectivity > SSL.
The SSL page is displayed.

2

Under Custom SSL Certificate Signing Certificate, select Download Custom SSL Certificate Signing Certificate and click Next.
A pop-up message is displayed that allows you to save the custom signing certificate to a location of your choice.

102

Configuring iDRAC

Downloading custom SSL certificate signing certificate using RACADM
To download the custom SSL certificate signing certificate, use the sslcertdownload subcommand. For more information, see the iDRAC
RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Deleting custom SSL certificate signing certificate
You can also delete an existing custom signing certificate using iDRAC Web interface or RACADM.

Deleting custom signing certificate using iDRAC web interface
To delete the custom signing certificate using iDRAC web interface:
1

Go to iDRAC Settings > Connectivity > SSL.
The SSL page is displayed.

2

Under Custom SSL Certificate Signing Certificate, select Delete Custom SSL Certificate Signing Certificate and click Next.

3

A pop-up message is displayed asking you to reset iDRAC immediately or at a later time. Click Reset iDRAC or Reset iDRAC Later as
required.
After iDRAC resets, a new self-signed certificate is generated.

Deleting custom SSL certificate signing certificate using RACADM
To delete the custom SSL certificate signing certificate using RACADM, use the sslcertdelete subcommand. Then, use the racreset
command to reset iDRAC.
For more information, see the iDRAC RACADM Command Line Reference Guide available at www.dell.com/idracmanuals.

Configuring multiple iDRACs using RACADM
You can configure one or more iDRACs with identical properties using RACADM. When you query a specific iDRAC using its group ID and
object ID, RACADM creates a configuration file from the retrieved information. Import the file to other iDRACs to identically configure them.
NOTE:
•

The configuration file contains information that is applicable for the particular server. The information is organized under various
object groups.

•

Some configuration files contain unique iDRAC information, such as the static IP address, that you must modify before you import
the file into other iDRACs.

You can also use the System Configuration Profile (SCP) to configure multiple iDRACs using RACADM. SCP file contains the component
configuration information. You can use this file to apply the configuration for BIOS, iDRAC, RAID, and NIC by importing the file into a target
system. For more information, see XML Configuration Workflow white paper available at dell.com/support/manuals or at the Dell Tech
Center.
To configure multiple iDRACs using the configuration file:
1

Query the target iDRAC that contains the required configuration using the following command:.
racadm get -f .xml -t xml -c iDRAC.Embedded.1
The command requests the iDRAC configuration and generates the configuration file.
NOTE: Redirecting the iDRAC configuration to a file using get -f is only supported with the local and remote RACADM
interfaces.

Configuring iDRAC

103

NOTE: The generated configuration file does not contain user passwords.
The get command displays all configuration properties in a group (specified by group name and index) and all configuration properties
for a user.
2

Modify the configuration file using a text editor, if required.
NOTE: It is recommended that you edit this file with a simple text editor. The RACADM utility uses an ASCII text parser. Any
formatting confuses the parser, which may corrupt the RACADM database.

3

On the target iDRAC, use the following command to modify the settings:
racadm set -f .xml -t xml
This loads the information into the other iDRAC. You can use set command to synchronize the user and password database with
Server Administrator.

4

Reset the target iDRAC using the command: racadm racreset

Disabling access to modify iDRAC configuration
settings on host system
You can disable access to modify the iDRAC configuration settings through Local RACADM or iDRAC Settings utility. However, you can
view these configuration settings. To do this:
1

In iDRAC Web interface, go to iDRAC Settings > Services > Local Configurations.

2

Select one or both of the following:
•

Disable the iDRAC Local Configuration using iDRAC Settings — Disables access to modify the configuration settings in iDRAC
Settings utility.

•
3

Disable the iDRAC Local Configuration using RACADM — Disables access to modify the configuration settings in Local
RACADM.
Click Apply.
NOTE: If access is disabled, you cannot use Server Administrator or IPMITool to perform iDRAC configurations. However,
you can use IPMI Over LAN.

104

Configuring iDRAC

5
Viewing iDRAC and managed system information
You can view iDRAC and managed system’s health and properties, hardware and firmware inventory, sensor health, storage devices,
network devices, and view and terminate user sessions. For blade servers, you can also view the flex address information.

Topics:
•

Viewing managed system health and properties

•

Viewing system inventory

•

Viewing sensor information

•

Monitoring performance index of CPU, memory, and input output modules

•

Checking the system for Fresh Air compliance

•

Viewing historical temperature data

•

Viewing network interfaces available on host OS

•

Viewing network interfaces available on host OS using RACADM

•

Viewing FlexAddress mezzanine card fabric connections

•

Viewing or terminating iDRAC sessions

Viewing managed system health and properties
When you log in to the iDRAC web interface, the System Summary page allows you to view the managed system's health, basic iDRAC
information, preview the virtual console, add and view work notes, and quickly launch tasks such as power on or off, power cycle, view logs,
update and rollback firmware, switch on or switch off the front panel LED, and reset iDRAC.
To access the System Summary page, go to System > Overview > Summary. The System Summary page is displayed. For more
information, see the iDRAC Online Help.
You can also view the basic system summary information using the iDRAC Settings utility. To do this, in iDRAC Settings utility, go to System
Summary. The iDRAC Settings System Summary page is displayed. For more information, see the iDRAC Settings Utility Online Help.

Viewing system inventory
You can view information about the hardware and firmware components installed on the managed system. To do this, in iDRAC web
interface, go to System > Inventories. For information about the displayed properties, see the iDRAC Online Help.
The Hardware Inventory section displays the information for the following components available on the managed system:
•

iDRAC

•

RAID controller

•

Batteries

•

CPUs

•

DIMMs

•

HDDs

•

Backplanes

•

Network Interface Cards (integrated and embedded)

•

Video card

•

SD card

Viewing iDRAC and managed system information

105

•

Power Supply Units (PSUs)

•

Fans

•

Fibre Channel HBAs

•

USB

•

NVMe PCIe SSD devices

The Firmware Inventory section displays the firmware version for the following components:
•

BIOS

•

Lifecycle Controller

•

iDRAC

•

OS driver pack

•

32-bit diagnostics

•

System CPLD

•

PERC controllers

•

Batteries

•

Physical disks

•

Power supply

•

NIC

•

Fibre Channel

•

Backplane

•

Enclosure

•

PCIe SSDs
NOTE: Software inventory displays only the last 4 bytes of the firmware version. For example, if the firmware version is
FLVDL06, the firmware inventory displays DL06.
NOTE: On the Dell PowerEdge FX2/FX2s servers, the naming convention of the CMC version displayed in the iDRAC GUI differs
from the version displayed on the CMC GUI. However, the version remains the same.

When you replace any hardware component or update the firmware versions, make sure to enable and run the Collect System Inventory
on Reboot (CSIOR) option to collect the system inventory on reboot. After a few minutes, log in to iDRAC, and navigate to the System
Inventory page to view the details. It may take up to 5 minutes for the information to be available depending on the hardware installed on
the server.
NOTE: CSIOR option is enabled by default.
NOTE: Configuration changes and firmware updates that are made within the operating system may not reflect properly in the
inventory until you perform a server restart.
Click Export to export the hardware inventory in an XML format and save it to a location of your choice.

Viewing sensor information
The following sensors help to monitor the health of the managed system:
•

Batteries — Provides information about the batteries on the system board CMOS and storage RAID On Motherboard (ROMB).
NOTE: The Storage ROMB battery settings are available only if the system has a ROMB with a battery.

•

Fan (available only for rack and tower servers) — Provides information about the system fans — fan redundancy and fans list that
display fan speed and threshold values.

•

CPU — Indicates the health and state of the CPUs in the managed system. It also reports processor automatic throttling and
predictive failure.

•

Memory — Indicates the health and state of the Dual In-line Memory Modules (DIMMs) present in the managed system.

•

Intrusion — Provides information about the chassis.

•

Power Supplies (available only for rack and tower servers) — Provides information about the power supplies and the power supply
redundancy status.

106

Viewing iDRAC and managed system information

•

•
•

NOTE: If there is only one power supply in the system, the power supply redundancy is set to Disabled.
Removable Flash Media — Provides information about the Internal SD Modules; vFlash and Internal Dual SD Module (IDSDM).
• When IDSDM redundancy is enabled, the following IDSDM sensor status is displayed — IDSDM Redundancy Status, IDSDM SD1,
IDSDM SD2. When redundancy is disabled, only IDSDM SD1 is displayed.
• If IDSDM redundancy is initially disabled when the system is powered on or after an iDRAC reset, the IDSDM SD1 sensor status is
displayed only after a card is inserted.
• If IDSDM redundancy is enabled with two SD cards present in the IDSDM, and the status of one SD card is online while the status
of the other card is offline. A system reboot is required to restore redundancy between the two SD cards in the IDSDM. After the
redundancy is restored, the status of both the SD cards in the IDSDM is online.
• During the rebuilding operation to restore redundancy between two SD cards present in the IDSDM, the IDSDM status is not
displayed since the IDSDM sensors are powered off.
NOTE: If the host system is rebooted during IDSDM rebuild operation, the iDRAC does not display the IDSDM
information. To resolve this, rebuild IDSDM again or reset the iDRAC.
• System Event Logs (SEL) for a write-protected or corrupt SD card in the IDSDM module are not repeated until they are cleared by
replacing the SD card with a writable or good SD card, respectively.
Temperature — Provides information about the system board inlet temperature and exhaust temperature (only applies to rack servers).
The temperature probe indicates whether the status of the probe is within the preset warning and critical threshold value.
Voltage — Indicates the status and reading of the voltage sensors on various system components.

The following table provides information about viewing the sensor information using iDRAC web interface and RACADM. For information
about the properties that are displayed on the web interface, see the iDRAC Online Help.
NOTE: The Hardware Overview page displays data only for sensors present on your system.
Table 16. Sensor information using web interface and RACADM
View sensor information For

Using web interface

Using RACADM

Batteries

Dashboard > System Health > Batteries

Use the getsensorinfo command.
For power supplies, you can also use the
System.Power.Supply command with the
get subcommand.
For more information, see the iDRAC
RACADM Command Line Interface
Reference Guide available at dell.com/
idracmanuals.

Fan

Dashboard > > System Health > Fans

CPU

Dashboard > System Health > CPU

Memory

Dashboard > System Health > Memory

Intrusion

Dashboard > System Health > Intrusion

Power Supplies

> Hardware > Power Supplies

Removable Flash Media

Dashboard > System Health > Removable
Flash Media

Temperature

Dashboard > System Health > Power/
Thermal > Temperatures

Voltage

Dashboard > System Health > Power/
Thermal > Voltages

Monitoring performance index of CPU, memory, and
input output modules
In Dell’s 14th generation Dell PowerEdge servers, Intel ME supports Compute Usage Per Second (CUPS) functionality. The CUPS
functionality provides real-time monitoring of CPU, memory, and I/O utilization and system-level utilization index for the system. Intel ME

Viewing iDRAC and managed system information

107

allows out-of-band (OOB) performance monitoring and does not consume CPU resources. The Intel ME has a system CUPS sensor that
provides computation, memory, and I/O resource utilization values as a CUPS Index. iDRAC monitors this CUPS index for the overall
system utilization and also monitors the instantaneous utilization index of the CPU, Memory, and I/O.
NOTE: This feature is not supported on PowerEdge R930 servers.
The CPU and chipset have dedicated Resource monitoring Counters (RMC). The data from these RMCs is queried to obtain utilization
information of system resources. The data from RMCs is aggregated by the node manager to measure the cumulative utilization of each of
these system resources that is read from iDRAC using existing intercommunication mechanisms to provide data through out-of-band
management interfaces.
The Intel sensor representation of performance parameters and index values is for complete physical system. Therefore, the performance
data representation on the interfaces is for the complete physical system, even if the system is virtualized and has multiple virtual hosts.
To display the performance parameters, the supported sensors must be present in the server.
The four system utilization parameters are:
•
•

•

•

CPU Utilization — Data from RMCs for each CPU core is aggregated to provide cumulative utilization of all the cores in the system.
This utilization is based on time spent in active and inactive states. A sample of RMC is taken every six seconds.
Memory Utilization — RMCs measure memory traffic occurring at each memory channel or memory controller instance. Data from
these RMCs is aggregated to measure the cumulative memory traffic across all the memory channels on the system. This is a measure
of memory bandwidth consumption and not amount of memory utilization. iDRAC aggregates it for one minute, so it may or may not
match the memory utilization that other OS tools, such as top in Linux, show. Memory bandwidth utilization that the iDRAC shows is an
indication of whether workload is memory intensive or not.
I/O Utilization — There is one RMC per root port in the PCI Express Root Complex to measure PCI Express traffic emanating from or
directed to that root port and the lower segment. Data from these RMCs is aggregated for measuring PCI express traffic for all PCI
Express segments emanating from the package. This is measure of I/O bandwidth utilization for the system.
System Level CUPS Index — The CUPS index is calculated by aggregating CPU, Memory, and I/O index considering a predefined load
factor of each system resource. The load factor depends on the nature of the workload on the system. CUPS Index represents the
measurement of the compute headroom available on the server. If the system has a large CUPS Index, then there is limited headroom
to place more workload on that system. As the resource consumption decreases, the system’s CUPS index decreases. A low CUPS
index indicates that there is a large compute headroom and the server can receive new workloads and the server is in a lower power
state to reduce power consumption. Workload monitoring can then be applied throughout the data center to provide a high-level and
holistic view of the data center’s workload, providing a dynamic data center solution.
NOTE: The CPU, memory, and I/O utilization indexes are aggregated over one minute. Therefore, if there are any instantaneous
spikes in these indexes, they may be suppressed. They are indication of workload patterns not the amount of resource utilization.

The IPMI, SEL, and SNMP traps are generated if the thresholds of the utilization indexes are reached and the sensor events are enabled.
The sensor event flags are disabled by default. It can be enabled using the standard IPMI interface.
The required privileges are:
•
•
•

Login privilege is required to monitor performance data.
Configure privilege is required for setting warning thresholds and reset historical peaks.
Login privilege and Enterprise license are required to read historical statics data.

Monitoring performance index of CPU, memory, and input
output modules using web interface
To monitor the performance index of CPU, memory, and I/O modules, in the iDRAC web interface, go to System > Performance.
•
•

108

System Performance section — Displays the current reading and the warning reading for CPU, Memory and I/O utilization index, and
system level CUPS index in a graphical view.
System Performance Historical Data section:
• Provides the statistics for CPU, memory, IO utilization, and the system level CUPS index. If the host system is powered off, then the
graph displays the power off line below 0 percent.
• You can reset the peak utilization for a particular sensor. Click Reset Historical Peak. You must have Configure privilege to reset the
peak value.
Viewing iDRAC and managed system information

•

Performance Metrics section:
•

Displays status and present reading

•

Displays or specifies the warning threshold utilization limit. You must have server configure privilege to set the threshold values.

For information about the displayed properties, see the iDRAC Online Help.

Monitoring performance index for of CPU, memory, and input
output modules using RACADM
Use the SystemPerfStatistics sub command to monitor performance index for CPU, memory, and I/O modules. For more information, see
the iDRAC RACADM Command Line Reference Guide available at dell.com/esmmanuals.

Checking the system for Fresh Air compliance
Fresh Air cooling directly uses outside air to cool systems in the data center. Fresh Air compliant systems can operate above its normal
ambient operating range (temperatures up to 113 °F (45 °C)).
NOTE: Some servers or certain configurations of a server may not be Fresh Air compliant. See the specific server manual for
details related to Fresh Air compliance or contact Dell for more details.
To check the system for Fresh Air compliance:
1

In the iDRAC Web interface, go to System > Overview > Cooling > Temperature overview.
The Temperature overview page is displayed.

2

See the Fresh Air section that indicates whether the server is fresh air compliant or not.

Viewing historical temperature data
You can monitor the percentage of time the system has operated at ambient temperature that is greater than the normally supported fresh
air temperature threshold. The system board temperature sensor reading is collected over a period of time to monitor the temperature. The
data collection starts when the system is first powered on after it is shipped from the factory. The data is collected and displayed for the
duration when the system is powered on. You can track and store the monitored temperature for the last seven years.
NOTE: You can track the temperature history even for systems that are not Fresh-Air compliant. However, the threshold limits
and fresh air related warnings generated are based on fresh air supported limits. The limits are 42ºC for warning and 47ºC for
critical. These values correspond to 40ºC and 45ºC fresh air limits with 2ºC margin for accuracy.
Two fixed temperature bands are tracked that are associated to fresh air limits:
•

Warning band — Consists of the duration a system has operated above the temperature sensor warning threshold (42ºC). The system
can operate in the warning band for 10% of the time for 12 months.

•

Critical band — Consists of the duration a system has operated above the temperature sensor critical threshold (47ºC). The system
can operate in the critical band for 1% of the time for 12 months which also increments time in the warning band.

The collected data is represented in a graphical format to track the 10% and 1% levels. The logged temperature data can be cleared only
before shipping from the factory.
An event is generated if the system continues to operate above the normally supported temperature threshold for a specified operational
time. If the average temperature over the specified operational time is greater than or equal to the warning level (> = 8%) or the critical
level (> = 0.8%), an event is logged in the Lifecycle Log and the corresponding SNMP trap is generated. The events are:
•

Warning event when the temperature was greater than the warning threshold for duration of 8% or more in the last 12 months.

•

Critical event when the temperature was greater than the warning threshold for duration of 10% or more in the last 12 months.

•

Warning event when the temperature was greater than the critical threshold for duration of 0.8% or more in the last 12 months.

•

Critical event when the temperature was greater than the critical threshold for duration of 1% or more in the last 12 months.

Viewing iDRAC and managed system information

109

You can also configure iDRAC to generate additional events. For more information, see the Setting alert recurrence event section.

Viewing historical temperature data using iDRAC web interface
To view historical temperature data:
1

In the iDRAC Web interface, go to System > Overview > Cooling > Temperature overview.
The Temperature overview page is displayed.

2

See the System Board Temperature Historical Data section that provides a graphical display of the stored temperature (average and
peak values) for the last day, last 30 days, and last year.
For more information, see the iDRAC Online Help.
NOTE: After an iDRAC firmware update or iDRAC reset, some temperature data may not be displayed in the
graph.

Viewing historical temperature data using RACADM
To view historical data using RACADM, use the inlettemphistory command.
For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals.

Configuring warning threshold for inlet temperature
You can modify the minimum and maximum warning threshold values for the system board inlet temperature sensor. If reset to default
action is performed, the temperature thresholds are set to the default values. You must have Configure user privilege to set the warning
threshold values for the inlet temperature sensor.

Configuring warning threshold for inlet temperature using web interface
To configure warning threshold for inlet temperature:
1

In the iDRAC Web interface, go to System > Overview > Cooling > Temperature overview.
The Temperature overview page is displayed.

2

In the Temperature Probes section, for the System Board Inlet Temp, enter the minimum and maximum values for the Warning
Threshold in Centigrade or Fahrenheit. If you enter the value in centigrade, the system automatically calculates and displays the
Fahrenheit value. Similarly, if you enter Fahrenheit, the value for Centigrade is displayed.

3

Click Apply.
The values are configured.
NOTE: Changes to default thresholds are not reflected in the historical data chart since the chart limits are for fresh air limit
values only. Warnings for exceeding the custom thresholds are different from warning associated to exceeding fresh air
thresholds.

Viewing network interfaces available on host OS
You can view information about all the network interfaces that are available on the host operating system such as the IP addresses that are
assigned to the server. The iDRAC Service Module provides this information to iDRAC. The OS IP address information includes the IPv4
and IPv6 addresses, MAC address, Subnet mask or prefix length, the FQDD of the network device, network interface name, network
interface description, network interface status, network interface type (Ethernet, tunnel, loopback, and so on.), Gateway address, DNS
server address, and DHCP server address.

110

Viewing iDRAC and managed system information

NOTE: This feature is available with iDRAC Express and iDRAC Enterprise licenses.
To view the OS information, make sure that:
•

You have Login privilege.

•

iDRAC Service Module is installed and running on the host operating system.

•

OS Information option is enabled in the iDRAC Settings > Overview > iDRAC Service Module page.

iDRAC can display the IPv4 and IPv6 addresses for all the interfaces configured on the Host OS.
Depending on how the Host OS detects the DHCP server, the corresponding IPv4 or IPv6 DHCP server address may not be displayed.

Viewing network interfaces available on host OS using web
interface
To view the network interfaces available on the host OS using Web interface:
1

Go to System > Host OS > Network Interfaces.
The Network Interfaces page displays all the network interfaces that are available on the host operating system.

2

To view the list of network interfaces associated with a network device, from the Network Device FQDD drop-down menu, select a
network device and click Apply.
The OS IP details are displayed in the Host OS Network Interfaces section.

3

From the Device FQDD column, click on the network device link.
The corresponding device page is displayed from the Hardware > Network Devices section, where you can view the device details.
For information about the properties, see the iDRAC Online Help.

4

Click the

icon to display more details.

Similarly, you can view the host OS network interface information associated with a network device from the Hardware > Network
Devices page. Click View Host OS Network Interfaces.
NOTE: For the ESXi host OS in the iDRAC Service Module v2.3.0 or later, the Description column in the Additional Details
list is displayed in the following format:
//

Viewing network interfaces available on host OS using
RACADM
Use the gethostnetworkinterfaces command to view the network interfaces available on the host operating systems using RACADM. For
more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/esmmanuals.

Viewing FlexAddress mezzanine card fabric
connections
In blade servers, FlexAddress allows the use of persistent, chassis-assigned World Wide Names and MAC addresses (WWN/MAC) for each
managed server port connection.
You can view the following information for each installed embedded Ethernet and optional mezzanine card port:
•

Fabrics to which the cards are connected.

•

Type of fabric.

•

Server-assigned, chassis-assigned, or remotely assigned MAC addresses.

Viewing iDRAC and managed system information

111

To view the Flex Address information in iDRAC, configure and enable the Flex Address feature in Chassis Management Controller (CMC).
For more information, see the Dell Chassis Management Controller User Guide available at dell.com/support/manuals. Any existing Virtual
Console or Virtual Media session terminates if the FlexAddress setting is enabled or disabled.
NOTE: To avoid errors that may lead to an inability to turn on the managed system, you must have the correct type of mezzanine
card installed for each port and fabric connection.
The FlexAddress feature replaces the server–assigned MAC addresses with chassis–assigned MAC addresses and is implemented for
iDRAC along with blade LOMs, mezzanine cards and I/O modules. The iDRAC FlexAddress feature supports preservation of slot specific
MAC address for iDRACs in a chassis. The chassis–assigned MAC address is stored in CMC non–volatile memory and is sent to iDRAC
during an iDRAC boot or when CMC FlexAddress is enabled.
If CMC enables chassis–assigned MAC addresses, iDRAC displays the MAC address on any of the following pages:
•

System > Details > iDRAC Details.

•

System > Server > WWN/MAC.

•

iDRAC Settings > Overview > Current Network Settings.
CAUTION: With FlexAddress enabled, if you switch from a server–assigned MAC address to a chassis–assigned MAC address
and vice–versa, iDRAC IP address also changes.

Viewing or terminating iDRAC sessions
You can view the number of users currently logged in to iDRAC and terminate the user sessions.

Terminating iDRAC sessions using web interface
The users who do not have administrative privileges must have Configure iDRAC privilege to terminate iDRAC sessions using iDRAC Web
interface.
To view and terminate the iDRAC sessions:
1

In the iDRAC Web interface, go to iDRAC Settings > users > Sessions.
The Sessions page displays the session ID, username, IP address, and session type. For more information about these properties, see
the iDRAC Online Help.

2

To terminate the session, under the Terminate column, click the Trashcan icon for a session.

Terminating iDRAC sessions using RACADM
You must have administrator privileges to terminate iDRAC sessions using RACADM.
To view the current user sessions, use the getssninfo command.
To terminate a user session, use the closessn command.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

112

Viewing iDRAC and managed system information

6
Setting up iDRAC communication
You can communicate with iDRAC using any of the following modes:
•

iDRAC Web Interface

•

Serial connection using DB9 cable (RAC serial or IPMI serial) — For rack and tower servers only

•

IPMI Serial Over LAN

•

IPMI Over LAN

•

Remote RACADM

•

Local RACADM

•

Remote Services
NOTE: To ensure that Local RACADM import or export commands work properly, ensure that the USB mass-storage host is
enabled in the operating system. For information about enabling USB storage host, see the documentation for your operating
system.

The following table provides an overview of the supported protocols, supported commands, and pre-requisites:
Table 17. Communication modes — summary
Mode of Communication

Supported Protocol

Supported Commands

Pre-requisite

iDRAC Web Interface

Internet Protocol (https)

N/A

Web Server

Serial using Null modem DB9
cable

Serial Protocol

RACADM

Part of iDRAC firmware

SMCLP

RAC Serial or IPMI Serial is
enabled

IPMI
IPMI Serial Over LAN

Intelligent Platform Management IPMI
Bus protocol

IPMITool is installed and IPMI
Serial Over LAN is enabled

SSH
Telnet
IPMI over LAN

Intelligent Platform Management IPMI
Bus protocol

IPMITool is installed and IPMI
Settings is enabled

SMCLP

SSH

SMCLP

SSH or Telnet on iDRAC is
enabled

Telnet
Remote RACADM

https

Remote RACADM

Remote RACADM is installed and
enabled

Firmware RACADM

SSH

Firmware RACADM

Firmware RACADM is installed
and enabled

IPMI

Local RACADM

Local RACADM is installed

WSMan

WinRM (Windows)

WinRM is installed (Windows) or
OpenWSMan is installed (Linux)

Telnet
Local RACADM
Remote Services

1

Setting up iDRAC communication

113

Mode of Communication

Supported Protocol

Supported Commands

Pre-requisite

OpenWSMan (Linux)
Redfish

Various browser plug-ins, CURL
(Windows and Linux), Python
request and JSON modules

Plug-ins, CURL, Python modules
are installed

[1] For more information, see the Lifecycle Controller Remote Services User’s Guide available at dell.com/idracmanuals.

Topics:
•

Communicating with iDRAC through serial connection using DB9 cable

•

Switching between RAC serial and serial console while using DB9 cable

•

Communicating with iDRAC using IPMI SOL

•

Communicating with iDRAC using IPMI over LAN

•

Enabling or disabling remote RACADM

•

Disabling local RACADM

•

Enabling IPMI on managed system

•

Configuring Linux for serial console during boot

•

Supported SSH cryptography schemes

Communicating with iDRAC through serial connection
using DB9 cable
You can use any of the following communication methods to perform systems management tasks through serial connection to rack and
tower servers:
•

RAC Serial

•

IPMI Serial — Direct Connect Basic mode and Direct Connect Terminal mode
NOTE: In case of blade servers, the serial connection is established through the chassis. For more information, see the Chassis
Management Controller User’s Guide available at dell.com/support/manuals.

To establish the serial connection:
1

Configure the BIOS to enable serial connection.

2

Connect the Null Modem DB9 cable from the management station’s serial port to the managed system’s external serial connector.
NOTE: Server power cycle is required from vConsole or GUI for any change in Baud-rate.

3

Make sure that the management station’s terminal emulation software is configured for serial connection using any of the following:
•

Linux Minicom in an Xterm

•

Hilgraeve’s HyperTerminal Private Edition (version 6.3)

Based on where the managed system is in its boot process, you can see either the POST screen or the operating system screen. This
is based on the configuration: SAC for Windows and Linux text mode screens for Linux.
4

Enable RAC serial or IPMI serial connections in iDRAC.

Configuring BIOS for serial connection
To configure BIOS for Serial Connection:

114

Setting up iDRAC communication

NOTE: This is applicable only for iDRAC on rack and tower servers.
1

Turn on or restart the system.

2

Press F2.

3

Go to System BIOS Settings > Serial Communication.

4

Select External Serial Connector to Remote Access device.

5

Click Back, click Finish, and then click Yes.

6

Press Esc to exit System Setup.

Enabling RAC serial connection
After configuring serial connection in BIOS, enable RAC serial in iDRAC.
NOTE: This is applicable only for iDRAC on rack and tower servers.

Enabling RAC serial connection using web interface
To enable RAC serial connection:
1

In the iDRAC Web interface, go to iDRAC Settings > Network > Serial.
The Serial page is displayed.

2

Under RAC Serial, select Enabled and specify the values for the attributes.

3

Click Apply.
The RAC serial settings are configured.

Enabling RAC serial connection using RACADM
To enable RAC serial connection using RACADM, use the set command with the object in the iDRAC.Serial group.

Enabling IPMI serial connection basic and terminal modes
To enable IPMI serial routing of BIOS to iDRAC, configure IPMI Serial in any of the following modes in iDRAC:
NOTE: This is applicable only for iDRAC on rack and tower servers.
•

IPMI basic mode — Supports a binary interface for program access, such as the IPMI shell (ipmish) that is included with the Baseboard
Management Utility (BMU). For example, to print the System Event Log using ipmish via IPMI Basic mode, run the following command:
ipmish -com 1 -baud 57600 -flow cts -u  -p  sel get
NOTE: The default iDRAC user name and password are provided on the system badge.

•

IPMI terminal mode — Supports ASCII commands that are sent from a serial terminal. This mode supports limited number of
commands (including power control) and raw IPMI commands that are typed as hexadecimal ASCII characters. It allows you to view the
operating system boot sequences up to BIOS, when you login to iDRAC through SSH or Telnet. You need to logout from the IPMI
terminal using [sys pwd -x], below are the example for IPMI Terminal mode commands.
•

[sys tmode]

•

[sys pwd -u root calvin]

•

[sys health query -v]

•

[18 00 01]

•

[sys pwd -x]

Setting up iDRAC communication

115

Enabling serial connection using web interface
Make sure to disable the RAC serial interface to enable IPMI Serial.
To configure IPMI Serial settings:
1

In the iDRAC Web interface, go to iDRAC Settings > Connectivity > Serial.

2

Under IPMI Serial, specify the values for the attributes. For information about the options, see the iDRAC Online Help.

3

Click Apply.

Enabling serial connection IPMI mode using RACADM
To configure the IPMI mode, disable the RAC serial interface and then enable the IPMI mode.
racadm set iDRAC.Serial.Enable 0
racadm set iDRAC.IPMISerial.ConnectionMode 
n=0 — Terminal Mode
n=1 — Basic Mode

Enabling serial connection IPMI serial settings using RACADM
1

Change the IPMI serial-connection mode to the appropriate setting using the command.
racadm set iDRAC.Serial.Enable 0

2

Set the IPMI Serial baud rate using the command.
racadm set iDRAC.IPMISerial.BaudRate 
Parameter

Allowed values (in bps)



9600, 19200, 57600, and 115200.

3

Enable the IPMI serial hardware flow control using the command.
racadm set iDRAC.IPMISerial.FlowContro 1

4

Set the IPMI serial channel minimum privilege level using the command.
racadm set iDRAC.IPMISerial.ChanPrivLimit 

5

Parameter

Privilege level

 = 2
 = 3
 = 4

User
Operator
Administrator

Ensure that the serial MUX (external serial connector) is set correctly to the remote access device in the BIOS Setup program to
configure BIOS for serial connection.

For more information about these properties, see the IPMI 2.0 specification.

Additional settings for ipmi serial terminal mode
This section provides additional configuration settings for IPMI serial terminal mode.

Configuring additional settings for IPMI serial terminal mode using web interface
To set the Terminal Mode settings:
1

116

In the iDRAC Web interface, go to iDRAC Settings > Connectivity > Serial.

Setting up iDRAC communication

The Serial page is displayed.
2

Enable IPMI serial.

3

Click Terminal Mode Settings.
The Terminal Mode Settings page is displayed.

4

Specify the following values:
•

Line editing

•

Delete control

•

Echo Control

•

Handshaking control

•

New line sequence

•

Input new line sequences

For information about the options, see the iDRAC Online Help.
5

Click Apply.
The terminal mode settings are configured.

6

Make sure that the serial MUX (external serial connector) is set correctly to the remote access device in the BIOS Setup program to
configure BIOS for serial connection.

Configuring additional settings for IPMI serial terminal mode using RACADM
To configure the Terminal Mode settings, use the set command with the objects in the idrac.ipmiserial group.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Switching between RAC serial and serial console while
using DB9 cable
iDRAC supports Escape key sequences that allow switching between RAC Serial Interface communication and Serial Console on rack and
tower servers.

Switching from serial console to RAC serial
To switch to RAC Serial Interface communication mode when in Serial Console Mode, press Esc+Shift, 9.
The key sequence directs you to the iDRAC Login prompt (if the iDRAC is set to RAC Serial mode) or to the Serial Connection mode
where terminal commands can be issued if iDRAC is set to IPMI Serial Direct Connect Terminal Mode.

Switching from RAC serial to serial console
To switch to Serial Console Mode when in RAC Serial Interface Communication Mode, press Esc+Shift, Q.
When in terminal mode, to switch the connection to the Serial Console mode, press Esc+Shift, Q.
To go back to the terminal mode use, when connected in Serial Console mode, press Esc+Shift, 9.

Communicating with iDRAC using IPMI SOL
IPMI Serial Over LAN (SOL) allows a managed system’s text-based console serial data to be redirected over iDRAC’s dedicated or shared
out-of-band ethernet management network. Using SOL you can:
•

Remotely access operating systems with no time-out.

Setting up iDRAC communication

117

•

Diagnose host systems on Emergency Management Services (EMS) or Special Administrator Console (SAC) for Windows or Linux
shell.

•

View the progress of a servers during POST and reconfigure the BIOS setup program.

To setup the SOL communication mode:
1

Configure BIOS for serial connection.

2

Configure iDRAC to Use SOL.

3

Enable a supported protocol (SSH, Telnet, IPMItool).

Configuring BIOS for serial connection
NOTE: This is applicable only for iDRAC on rack and tower servers.
1

Turn on or restart the system.

2

Press F2.

3

Go to System BIOS Settings > Serial Communication.

4

Specify the following values:
•

Serial Communication — On With Console Redirection

•

Serial Port Address — COM2.
NOTE: You can set the serial communication field to On with serial redirection via com1 if serial device2 in the serial port
address field is also set to com1.

•

External serial connector — Serial device 2

•

Failsafe Baud Rate — 115200

•

Remote Terminal Type — VT100/VT220

5

• Redirection After Boot — Enabled
Click Back and then click Finish.

6

Click Yes to save the changes.

7

Press  to exit System Setup.
NOTE: BIOS sends the screen serial data in 25 x 80 format. The SSH window that is used to invoke the console com2
command must be set to 25 x 80. Then, the redirected screen appears correctly.
NOTE: If the boot loader or operating system provides serial redirection such as GRUB or Linux, then the BIOS Redirection
After Boot setting must be disabled. This is to avoid potential race condition of multiple components accessing the serial
port.

Configuring iDRAC to use SOL
You can specify the SOL settings in iDRAC using Web interface, RACADM, or iDRAC Settings utility.

Configuring iDRAC to use SOL using iDRAC web interface
To configure IPMI Serial over LAN (SOL):
1

In the iDRAC Web interface, go to iDRAC Settings > Connectivity > Serial Over LAN.
The Serial over LAN page is displayed.

2

Enable SOL, specify the values, and click Apply.
The IPMI SOL settings are configured.

3

To set the character accumulate interval and the character send threshold, select Advanced Settings.
The Serial Over LAN Advanced Settings page is displayed.

118

Setting up iDRAC communication

4

Specify the values for the attributes and click Apply.
The IPMI SOL advanced settings are configured. These values help to improve the performance.
For information about the options, see the iDRAC Online Help.

Configuring iDRAC to use SOL using RACADM
To configure IPMI Serial over LAN (SOL):
1

Enable IPMI Serial over LAN using the command.
racadm set iDRAC.IPMISol.Enable 1

2

Update the IPMI SOL minimum privilege level using the command.
racadm set iDRAC.IPMISol.MinPrivilege 
Parameter

Privilege level

 = 2
 = 3
 = 4

User
Operator
Administrator

NOTE: To activate IPMI SOL, you must have the minimum privilege defined in IMPI SOL. For more information, see the IPMI
2.0 specification.
3

Update the IPMI SOL baud rate using the command.
racadm set iDRAC.IPMISol.BaudRate 
NOTE: To redirect the serial console over LAN, make sure that the SOL baud rate is identical to the managed system’s baud
rate.

4

Parameter

Allowed values (in bps)



9600, 19200, 57600, and 115200.

Enable SOL for each user using the command.
racadm set iDRAC.Users..SolEnable 2
Parameter

Description



Unique ID of the user

NOTE: To redirect the serial console over LAN, ensure that the SOL baud rate is identical to the baud rate of the managed
system.

Enabling supported protocol
The supported protocols are IPMI, SSH, and Telnet.

Enabling supported protocol using web interface
To enable SSH or Telnet, go to iDRAC Settings > Services and select Enabled for SSH or Telnet, respectively.
To enable IPMI, go to iDRAC Settings > Connectivity and select IPMI Settings. Make sure that the Encryption Key value is all zeroes or
press the backspace key to clear and change the value to NULL characters.

Enabling supported protocol using RACADM
To enable the SSH or Telnet, use the following commands.

Setting up iDRAC communication

119

•

Telnet
racadm set iDRAC.Telnet.Enable 1

•

SSH
racadm set iDRAC.SSH.Enable 1
To change the SSH port
racadm set iDRAC.SSH.Port 

You can use tools such as:
•

IPMItool for using IPMI protocol

•

Putty/OpenSSH for using SSH or Telnet protocol

SOL using IPMI protocol
The IPMI-based SOL utility and IPMItool use RMCP+ delivered using UDP datagrams to port 623. The RMCP+ provides improved
authentication, data integrity checks, encryption, and the ability to carry multiple types of payloads while using IPMI 2.0. For more
information, see http://ipmitool.sourceforge.net/manpage.html.
The RMCP+ uses an 40-character hexadecimal string (characters 0-9, a-f, and A-F) encryption key for authentication. The default value is
a string of 40 zeros.
An RMCP+ connection to iDRAC must be encrypted using the encryption Key (Key Generator Key). You can configure the encryption key
using the iDRAC Web interface or iDRAC Settings utility.
To start SOL session using IPMItool from a management station:
NOTE: If required, you can change the default SOL time-out at iDRAC Settings > Services.
1

Install IPMITool from the Dell Systems Management Tools and Documentation DVD.
For installation instructions, see the Software Quick Installation Guide.

2

At the command prompt (Windows or Linux), run the following command to start SOL from iDRAC:
ipmitool -H  -I lanplus -U  -P  sol activate
This command connected the management station to the managed system's serial port.

3

To quit a SOL session from IPMItool, press ~ and then . (period).
NOTE: If a SOL session does not terminate, reset iDRAC and allow up to two minutes to complete booting.

SOL using SSH or Telnet protocol
Secure Shell (SSH) and Telnet are network protocols used to perform command line communications to iDRAC. You can parse remote
RACADM and SMCLP commands through either of these interfaces.
SSH has improved security over Telnet. iDRAC only supports SSH version 2 with password authentication, and is enabled by default. iDRAC
supports up to two SSH sessions and two Telnet sessions at a time. It is recommended to use SSH as Telnet is not a secure protocol. You
must use Telnet only if you cannot install an SSH client or if your network infrastructure is secure.
Use open-source programs such as PuTTY or OpenSSH that support SSH and Telnet network protocols on a management station to
connect to iDRAC.
NOTE: Run OpenSSH from a VT100 or ANSI terminal emulator on Windows. Running OpenSSH at the Windows command
prompt does not result in full functionality (that is, some keys do not respond and no graphics are displayed).
Before using SSH or Telnet to communicate with iDRAC, make sure to:
1

Configure BIOS to enable Serial Console.

2

Configure SOL in iDRAC.

120

Setting up iDRAC communication

3

Enable SSH or Telnet using iDRAC Web interface or RACADM.
Telnet (port 23)/ SSH (port 22) client <−−> WAN connection <−−> iDRAC
The IPMI-based SOL that uses SSH or Telnet protocol eliminates the need for an additional utility because the serial to network
translation happens within iDRAC. The SSH or Telnet console that you use must be able to interpret and respond to the data arriving
from the serial port of the managed system. The serial port usually attaches to a shell that emulates an ANSI- or VT100/VT220–
terminal. The serial console is automatically redirected to the SSH or Telnet console.

Using SOL from PuTTY on Windows
NOTE: If required, you can change the default SSH or Telnet time-out at iDRAC Settings > Services.
To start IPMI SOL from PuTTY on a Windows management station:
1

Run the following command to connect to iDRAC
putty.exe [-ssh | -telnet] @ 
NOTE: The port number is optional. It is required only when the port number is reassigned.

2

Run the command console com2 or connect to start SOL and boot the managed system.
A SOL session from the management station to the managed system using the SSH or Telnet protocol is opened. To access the iDRAC
command-line console, follow the ESC key sequence. Putty and SOL connection behavior:
•

•

While accessing the managed system through putty during POST, if the Function keys and keypad option on putty is set to:
•

VT100+ — F2 passes, but F12 cannot pass.

•

ESC[n~ — F12 passes, but F2 cannot pass.

In Windows, if the Emergency Management System (EMS) console is opened immediately after a host reboot, the Special Admin
Console (SAC) terminal may get corrupted. Quit the SOL session, close the terminal, open another terminal, and start the SOL
session using the same command.

Using SOL from OpenSSH or Telnet on Linux
To start SOL from OpenSSH or Telnet on a Linux management station:
NOTE: If required, you can change the default SSH or Telnet session time-out at iDRAC Settings > Services.
1

Start a shell.

2

Connect to iDRAC using the following command:
•

For SSH: ssh  -l 

•

For Telnet: telnet 
NOTE: If you have changed the port number for the Telnet service from the default (port 23), add the port number to the
end of the Telnet command.

3

Enter one of the following commands at the command prompt to start SOL:
•

connect

•

console com2

This connects iDRAC to the managed system’s SOL port. Once a SOL session is established, iDRAC command line console is not
available. Follow the escape sequence correctly to open the iDRAC command line console. The escape sequence is also printed on the
screen as soon as a SOL session is connected. When the managed system is off, it takes sometime to establish the SOL session.
NOTE: You can use console com1 or console com2 to start SOL. Reboot the server to establish the connection.
The console -h com2 command displays the contents of the serial history buffer before waiting for input from the keyboard or
new characters from the serial port.

Setting up iDRAC communication

121

The default (and maximum) size of the history buffer is 8192 characters. You can set this number to a smaller value using the
command:
racadm set iDRAC.Serial.HistorySize 
4

Quit the SOL session to close an active SOL session.

Using Telnet virtual console
Some Telnet clients on the Microsoft operating systems may not display the BIOS setup screen correctly when BIOS Virtual Console is set
for VT100/VT220 emulation. If this issue occurs, change the BIOS console to ANSI mode to update the display. To perform this procedure
in the BIOS setup menu, select Virtual Console > Remote Terminal Type > ANSI.
When you configure the client VT100 emulation window, set the window or application that is displaying the redirected Virtual Console to
25 rows x 80 columns to make sure correct text display. Else, some text screens may be garbled.
To use Telnet virtual console:
1

Enable Telnet in Windows Component Services.

2

Connect to the iDRAC using the command
telnet :
Parameter

Description




IP address for the iDRAC
Telnet port number (if you are using a new port)

Configuring backspace key for your Telnet session
Depending on the Telnet client, using the Backspace key may produce unexpected results. For example, the session may echo ^h.
However, most Microsoft and Linux Telnet clients can be configured to use the Backspace key.
To configure a Linux Telnet session to use the  key, open a command prompt and type stty erase ^h. At the prompt,
type telnet.
To configure Microsoft Telnet clients to use the Backspace key:
1

Open a command prompt window (if required).

2

If you are not running a Telnet session, type telnet. If you are running a Telnet session, press Ctrl+].

3

At the prompt, type set bsasdel.
The message Backspace will be sent as delete is displayed.

Disconnecting SOL session in iDRAC command line console
The commands to disconnect a SOL session are based on the utility. You can exit the utility only when a SOL session is completely
terminated.
To disconnect a SOL session, terminate the SOL session from the iDRAC command line console.
•

To quit SOL redirection, press Enter, Esc, T.

•

The SOL session closes.
To quit a SOL session from Telnet on Linux, press and hold Ctrl+].
A Telnet prompt is displayed. Type quit to exit Telnet.

If a SOL session is not terminated completely in the utility, other SOL sessions may not be available. To resolve this, terminate the command
line console in the Web interface under iDRAC Settings > Connectivity > Serial Over LAN.

Communicating with iDRAC using IPMI over LAN
You must configure IPMI over LAN for iDRAC to enable or disable IPMI commands over LAN channels to any external systems. If IPMI over
LAN is not configured, then external systems cannot communicate with the iDRAC server using IPMI commands.

122

Setting up iDRAC communication

NOTE: IPMI also supports IPv6 address protocol for Linux-based operating systems.

Configuring IPMI over LAN using web interface
To configure IPMI over LAN:
1

In the iDRAC Web interface, go to iDRAC Settings > Connectivity.
The Network page is displayed.

2

Under IPMI Settings, specify the values for the attributes and click Apply.
For information about the options, see the iDRAC Online Help.
The IPMI over LAN settings are configured.

Configuring IPMI over LAN using iDRAC settings utility
To configure IPMI over LAN:
1

In the iDRAC Settings Utility, go to Network.
The iDRAC Settings Network page is displayed.

2

For IPMI Settings, specify the values.
For information about the options, see the iDRAC Settings Utility Online Help.

3

Click Back, click Finish, and then click Yes.
The IPMI over LAN settings are configured.

Configuring IPMI over LAN using RACADM
1

Enable IPMI over LAN.
racadm set iDRAC.IPMILan.Enable 1
NOTE: This setting determines the IPMI commands that are executed using IPMI over LAN interface. For more information,
see the IPMI 2.0 specifications at intel.com.

2

3

Update the IPMI channel privileges.
racadm set iDRAC.IPMILan.PrivLimit 
Parameter

Privilege level

 = 2
 = 3
 = 4

User
Operator
Administrator

Set the IPMI LAN channel encryption key ,if required.
racadm set iDRAC.IPMILan.EncryptionKey 
Parameter

Description



20-character encryption key in a valid hexadecimal format.

NOTE: The iDRAC IPMI supports the RMCP+ protocol. For more information, see the IPMI 2.0 specifications at intel.com.

Setting up iDRAC communication

123

Enabling or disabling remote RACADM
You can enable or disable remote RACADM using the iDRAC Web interface or RACADM. You can run up to five remote RACADM sessions
in parallel.
NOTE: Remote RACADM is enabled by default.

Enabling or disabling remote RACADM using web interface
1

In iDRAC Web interface, go to iDRAC Settings > Services.

2

Under Remote RACADM, select the desired option and click Apply.
The remote RACADM is enabled or disabled based on the selection.

Enabling or disabling remote RACADM using RACADM
NOTE: It is recommended to run these commands using local RACADM or firmware RACADM.
•
•

To disable remote RACADM:
racadm set iDRAC.Racadm.Enable 0
To enable remote RACADM:
racadm set iDRAC.Racadm.Enable 1

Disabling local RACADM
The local RACADM is enabled by default. To disable, see Disabling access to modify iDRAC configuration settings on host system.

Enabling IPMI on managed system
On a managed system, use the Dell Open Manage Server Administrator to enable or disable IPMI. For more information, see the Dell Open
Manage Server Administrator’s User Guide at dell.com/support/manuals.
NOTE: From iDRAC v2.30.30.30 or later, IPMI supports IPv6 address protocol for Linux-based operating systems.

Configuring Linux for serial console during boot
The following steps are specific to the Linux GRand Unified Bootloader (GRUB). Similar changes are required if a different boot loader is
used.
NOTE: When you configure the client VT100 emulation window, set the window or application that is displaying the redirected
Virtual Console to 25 rows x 80 columns to make sure the correct text displays. Else, some text screens may be garbled.
Edit the /etc/grub.conf file as follows:
1

Locate the General Setting sections in the file and add the following:
serial --unit=1 --speed=57600 terminal --timeout=10 serial

2

Append two options to the kernel line:
kernel ............. console=ttyS1,115200n8r console=tty1

3

Disable GRUB's graphical interface and use the text-based interface. Else, the GRUB screen is not displayed in RAC Virtual Console. To
disable the graphical interface, comment-out the line starting with splashimage.

124

Setting up iDRAC communication

The following example provides a sample /etc/grub.conf file that shows the changes described in this procedure.
# grub.conf generated by anaconda
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You do not have a /boot partition. This means that all
# kernel and initrd paths are relative to /, e.g.
# root (hd0,0)
# kernel /boot/vmlinuz-version ro root=/dev/sdal
# initrd /boot/initrd-version.img
#boot=/dev/sda
default=0
timeout=10
#splashimage=(hd0,2)/grub/splash.xpm.gz
serial --unit=1 --speed=57600
terminal --timeout=10 serial
title Red Hat Linux Advanced Server (2.4.9-e.3smp) root (hd0,0)
kernel /boot/vmlinuz-2.4.9-e.3smp ro root=/dev/sda1 hda=ide-scsi console=ttyS0
console=ttyS1,115200n8r
initrd /boot/initrd-2.4.9-e.3smp.img
title Red Hat Linux Advanced Server-up (2.4.9-e.3) root (hd0,00)
kernel /boot/vmlinuz-2.4.9-e.3 ro root=/dev/sda1 s
initrd /boot/initrd-2.4.9-e.3.im
4

To enable multiple GRUB options to start Virtual Console sessions through the RAC serial connection, add the following line to all
options:
console=ttyS1,115200n8r console=tty1
The example shows console=ttyS1,57600 added to the first option.
NOTE: If the boot loader or operating system provides serial redirection such as GRUB or Linux, then the BIOS Redirection
After Boot setting must be disabled. This is to avoid potential race condition of multiple components accessing the serial
port.

Enabling login to the virtual console after boot
In the file /etc/inittab, add a new line to configure agetty on the COM2 serial port:
co:2345:respawn:/sbin/agetty -h -L 57600 ttyS1 ansi
The following example shows a sample file with the new line.
#inittab This file describes how the INIT process should set up
#the system in a certain run-level.
#Author:Miquel van Smoorenburg
#Modified for RHS Linux by Marc Ewing and Donnie Barnes
#Default runlevel. The runlevels used by RHS are:
#0 - halt (Do NOT set initdefault to this)
#1 - Single user mode
#2 - Multiuser, without NFS (The same as 3, if you do not have #networking)
#3 - Full multiuser mode
#4 - unused
#5 - X11
#6 - reboot (Do NOT set initdefault to this)
id:3:initdefault:
#System initialization.
si::sysinit:/etc/rc.d/rc.sysinit
l0:0:wait:/etc/rc.d/rc 0
l1:1:wait:/etc/rc.d/rc 1
l2:2:wait:/etc/rc.d/rc 2
l3:3:wait:/etc/rc.d/rc 3
l4:4:wait:/etc/rc.d/rc 4
l5:5:wait:/etc/rc.d/rc 5
l6:6:wait:/etc/rc.d/rc 6
#Things to run in every runlevel.
Setting up iDRAC communication

125

ud::once:/sbin/update
ud::once:/sbin/update
#Trap CTRL-ALT-DELETE
ca::ctrlaltdel:/sbin/shutdown -t3 -r now
#When our UPS tells us power has failed, assume we have a few
#minutes of power left. Schedule a shutdown for 2 minutes from now.
#This does, of course, assume you have power installed and your
#UPS is connected and working correctly.
pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down"
#If power was restored before the shutdown kicked in, cancel it.
pr:12345:powerokwait:/sbin/shutdown -c "Power Restored; Shutdown Cancelled"
#Run gettys in standard runlevels
co:2345:respawn:/sbin/agetty -h -L 57600 ttyS1 ansi
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
3:2345:respawn:/sbin/mingetty tty3
4:2345:respawn:/sbin/mingetty tty4
5:2345:respawn:/sbin/mingetty tty5
6:2345:respawn:/sbin/mingetty tty6
#Run xdm in runlevel 5
#xdm is now a separate service
x:5:respawn:/etc/X11/prefdm -nodaemon

In the file /etc/securetty add a new line with the name of the serial tty for COM2:
ttyS1
The following example shows a sample file with the new line.
NOTE: Use the Break Key Sequence (~B) to execute the Linux Magic SysRq key commands on serial console using IPMI Tool.
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
ttyS1

Supported SSH cryptography schemes
To communicate with iDRAC using SSH protocol, it supports multiple cryptography schemes listed in the following table.

126

Setting up iDRAC communication

Table 18. SSH cryptography schemes
Scheme Type

Algorithms

Asymmetric Cryptography
Public key

ssh-rsa
ecdsa-sha2-nistp256

Symmetric Cryptography
Key Exchange

curve25519-sha256@libssh.org
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group-exchange-sha256
diffie-hellman-group14-sha1

Encryption

chacha20-poly1305@openssh.com
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com

MAC

hmac-sha1
hmac-ripemd160
umac-64@openssh.com

Compression

None

NOTE: If you enable OpenSSH 7.0 or later, DSA public key support is disabled. To ensure better security for iDRAC, Dell
recommends not enabling DSA public key support.

Using public key authentication for SSH
iDRAC supports the Public Key Authentication (PKA) over SSH. This is a licensed feature. When the PKA over SSH is set up and used
correctly, you must enter the user name while logging into iDRAC. This is useful for setting up automated scripts that perform various
functions. The uploaded keys must be in RFC 4716 or OpenSSH format. Else, you must convert the keys into that format.
In any scenario, a pair of private and public key must be generated on the management station. The public key is uploaded to iDRAC local
user and private key is used by the SSH client to establish the trust relationship between the management station and iDRAC.
You can generate the public or private key pair using:
•

PuTTY Key Generator application for clients running Windows

•

ssh-keygen CLI for clients running Linux.

Setting up iDRAC communication

127

CAUTION: This privilege is normally reserved for users who are members of the Administrator user group on iDRAC. However,
users in the ‘Custom’ user group can be assigned this privilege. A user with this privilege can modify any user’s configuration.
This includes creation or deletion of any user, SSH Key management for users, and so on. For these reasons, assign this privilege
carefully.
CAUTION: The capability to upload, view, and/ or delete SSH keys is based on the ’Configure Users’ user privilege. This privilege
allows user(s) to configure another user's SSH key. You should grant this privilege carefully.

Generating public keys for Windows
To use the PuTTY Key Generator application to create the basic key:
1

Start the application and select RSA for the key type.

2

Enter the number of bits for the key. The number of bits must be between 2048 and 4096 bits.

3

Click Generate and move the mouse in the window as directed.
The keys are generated.

4

You can modify the key comment field.

5

Enter a passphrase to secure the key.

6

Save the public and private key.

Generating public keys for Linux
To use the ssh-keygen application to create the basic key, open a terminal window and at the shell prompt, enter ssh-keygen –t rsa
–b 2048 –C testing
where:
•

-t is rsa.

•

–b specifies the bit encryption size between 2048 and 4096.

•

–C allows modifying the public key comment and is optional.
NOTE: The options are case-sensitive.

Follow the instructions. After the command executes, upload the public file.
CAUTION: Keys generated from the Linux management station using ssh-keygen are in non-4716 format. Convert the keys into
the 4716 format using ssh-keygen -e -f /root/.ssh/id_rsa.pub > std_rsa.pub. Do not change the permissions of
the key file. The conversion must be done using default permissions.
NOTE: iDRAC does not support ssh-agent forward of keys.

Uploading SSH keys
You can upload up to four public keys per user to use over an SSH interface. Before adding the public keys, make sure that you view the
keys if they are set up, so that a key is not accidentally overwritten.
When adding new public keys, make sure that the existing keys are not at the index where the new key is added. iDRAC does not perform
checks to make sure previous key(s) are deleted before a new key(s) are added. When a new key is added, it is usable if the SSH interface
is enabled.

Uploading SSH keys using web interface
To upload the SSH keys:
1

128

In the iDRAC Web interface, go to iDRAC Settings > Users > Local Users.

Setting up iDRAC communication

The Local Users page is displayed.
2

In the User ID column, click a user ID number.
The Users Main Menu page is displayed.

3

Under SSH Key Configurations, select Upload SSH Key(s) and click Next.
The Upload SSH Key(s) page is displayed.

4

Upload the SSH keys in one of the following ways:
•

Upload the key file.

•

Copy the contents of the key file into the text box

For more information, see iDRAC Online Help.
5

Click Apply.

Uploading SSH keys using RACADM
To upload the SSH keys, run the following command:
NOTE: You cannot upload and copy a key at the same time.
•

For local RACADM: racadm sshpkauth -i <2 to 16> -k <1 to 4> -f 

•

From remote RACADM using Telnet or SSH: racadm sshpkauth -i <2 to 16> -k <1 to 4> -t 

For example, to upload a valid key to iDRAC User ID 2 in the first key space using a file, run the following command:
$ racadm sshpkauth -i 2 -k 1 -f pkkey.key
NOTE: The -f option is not supported on telnet/ssh/serial RACADM.

Viewing SSH keys
You can view the keys that are uploaded to iDRAC.

Viewing SSH keys using web interface
To view the SSH keys:
1

In Web interface, go to iDRAC Settings > Users.
The Local Users page is displayed.

2

In the User ID column, click a user ID number.
The Users Main Menu page is displayed.

3

Under SSH Key Configurations, select View/Remove SSH Key(s) and click Next.
The View/Remove SSH Key(s) page is displayed with the key details.

Deleting SSH keys
Before deleting the public keys, make sure that you view the keys if they are set up, so that a key is not accidentally deleted.

Deleting SSH keys using web interface
To delete the SSH key(s):
1

In Web interface, go to iDRAC Settings > Users.
The Local Users page is displayed.

2

In the ID column, select a user ID number, click Edit.
The Edit User page is displayed.

Setting up iDRAC communication

129

3

Under SSH Key Configurations, select a SSH Key and click Edit.
The SSH Key page displays the Edit From details.

4

Select Remove for the key(s) you want to delete, and click Apply.
The selected key(s) is deleted.

Deleting SSH keys using RACADM
To delete the SSH key(s), run the following commands:
•

Specific key — racadm sshpkauth -i <2 to 16> -d -k <1 to 4>

•

All keys — racadm sshpkauth -i <2 to 16> -d -k all

130

Setting up iDRAC communication

7
Configuring user accounts and privileges
You can setup user accounts with specific privileges (role-based authority) to manage your system using iDRAC and maintain system
security. By default iDRAC is configured with a local administrator account. The default iDRAC user name and password are provided with
the system badge. As an administrator, you can setup user accounts to allow other users to access iDRAC. For more information see the
documentation for the server.
You can setup local users or use directory services such as Microsoft Active Directory or LDAP to setup user accounts. Using a directory
service provides a central location for managing authorized user accounts.
iDRAC supports role-based access to users with a set of associated privileges. The roles are administrator, operator, read only, or none. The
role defines the maximum privileges available.

Topics:
•

Recommended characters in user names and passwords

•

Configuring local users

•

Configuring Active Directory users

•

Configuring generic LDAP users

Recommended characters in user names and
passwords
This section provides details about the recommended characters while creating and using user names and passwords.
NOTE: The password must include one uppercase and one lower case letter, one number and a special character.
Use the following characters while creating user names and passwords:
Table 19. Recommended characters for user names
Characters

Length

0-9

1–16

A-Z
a-z
-!#$%&()*/;?@[\]^_`{|}~+<=>

Table 20. Recommended characters for passwords
Characters

Length

0-9

1–20

A-Z
a-z

Configuring user accounts and privileges

131

Characters

Length

'-!"#$%&()*,./:;?@[\]^_`{|}~+<=>
NOTE: You may be able to create user names and passwords that include other characters. However, to ensure compatibility with
all interfaces, Dell recommends using only the characters listed here.
NOTE: The characters allowed in user names and passwords for network shares are determined by the network-share type.
iDRAC supports valid characters for network share credentials as defined by the share type, except <, >, and , (comma).
NOTE: To improve security, it is recommended to use complex passwords that have eight or more characters and include
lowercase alphabets, uppercase alphabets, numbers, and special characters. It is also recommended to regularly change the
passwords, if possible.

Configuring local users
You can configure up to 16 local users in iDRAC with specific access permissions. Before you create an iDRAC user, verify if any current
users exist. You can set user names, passwords, and roles with the privileges for these users. The user names and passwords can be
changed using any of the iDRAC secured interfaces (that is, web interface, RACADM or WSMan). You can also enable or disable SNMPv3
authentication for each user.

Configuring local users using iDRAC web interface
To add and configure local iDRAC users:
NOTE: You must have Configure Users permission to create an iDRAC user.
1

In the iDRAC Web interface, go to iDRAC Settings > User.
The Local Users page is displayed.

2

In the User ID column, select a user ID number and click Edit.
NOTE: User 1 is reserved for the IPMI anonymous user and you cannot change this
configuration.
The User Configuration page is displayed.

3

Add User Account Settings and Advanced Settings details to configure the user account.
NOTE: Enable the user ID and specify the user name, password, and user role (access privileges) for the user. You can also
enable LAN privilege level, Serial port privilege level, serial over LAN status, SNMPv3 authentication, authentication type
and the privacy type for the user. For more information about the options, see the iDRAC Online Help.

4

Click Save. The user is created with the required privileges.

Configuring local users using RACADM
NOTE: You must be logged in as user root to execute RACADM commands on a remote Linux system.
You can configure single or multiple iDRAC users using RACADM.
To configure multiple iDRAC users with identical configuration settings, follow these procedures:
•
•

Use the RACADM examples in this section as a guide to create a batch file of RACADM commands and then execute the batch file on
each managed system.
Create the iDRAC configuration file and execute the racadm set command on each managed system using the same configuration file.

If you are configuring a new iDRAC or if you have used the racadm racresetcfg command, then check for the default iDRAC user name and
password on the system badge. The racadm racresetcfg command resets the iDRAC to the default values.

132

Configuring user accounts and privileges

NOTE: Users can be enabled and disabled over time. As a result, a user may have a different index number on each iDRAC.
To verify if a user exists, type the following command once for each index (1–16):
racadm get iDRAC.Users..UserName
Several parameters and object IDs are displayed with their current values. The key field is iDRAC.Users.UserName=. If a user name is
displayed after =, that index number is taken.
NOTE: You can utilize
racadm get -f 
and view or edit the
myfile.cfg
file, which includes all iDRAC configuration parameters.
To enable SNMP v3 authentication for a user, use SNMPv3AuthenticationType, SNMPv3Enable, SNMPv3PrivacyType objects. For more
information, see the RACADM Command Line Interface Guide available at dell.com/idracmanuals.
If you use the Server Configuration Profile file to configure users, use the AuthenticationProtocol, ProtocolEnable, and PrivacyProtocol
attributes to enable SNMPv3 authentication.

Adding iDRAC user using RACADM
1

Set the index and user name.
racadm set idrac.users..username 
Parameter

Description




Unique index of the user
User name

2

Set the password.
racadm set idrac.users..password 

3

Set the user privileges.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

4

Enable the user.
racadm set.idrac.users..enable 1

To verify, use the following command:
racadm get idrac.users.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Enabling iDRAC user with permissions
To enable a user with specific administrative permissions (role-based authority):
1

Locate an available user index.
racadm get iDRAC.Users 

2

Type the following commands with the new user name and password.
racadm set iDRAC.Users..Privilege 
NOTE: The default privilege value is 0, which indicates the user has no privileges enabled. For a list of valid bit-mask values
for specific user privileges, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/
idracmanuals.

Configuring user accounts and privileges

133

Configuring Active Directory users
If your company uses the Microsoft Active Directory software, you can configure the software to provide access to iDRAC, allowing you to
add and control iDRAC user privileges to your existing users in your directory service. This is a licensed feature.
NOTE: Using Active Directory to recognize iDRAC users is supported on the Microsoft Windows 2000, Windows Server 2003,
and Windows Server 2008 operating systems.
You can configure user authentication through Active Directory to log in to the iDRAC. You can also provide role-based authority, which
enables an administrator to configure specific privileges for each user.
The iDRAC role and privilege names have changed from earlier generation of servers. The role names are:
Table 21. iDRAC roles
Current Generation

Prior Generation

Privileges

Administrator

Administrator

Login, Configure, Configure Users, Logs, System Control, Access Virtual
Console, Access Virtual Media, System Operations, Debug

Operator

Power User

Login, Configure, System Control, Access Virtual Console, Access Virtual
Media, System Operations, Debug

Read Only

Guest User

Login

None

None

None

Table 22. iDRAC user privileges
Current Generation

Prior Generation

Description

Login

Login to iDRAC

Enables the user to log in to iDRAC.

Configure

Configure iDRAC

Enables the user to configure iDRAC.

Configure Users

Configure Users

Enables the user to allow specific users to access the system.

Logs

Clear Logs

Enables the user to clear only the System Event Log (SEL).

System Control

Control and configure system

Allows power cycling the host system.

Access Virtual Console

Access Virtual Console
Redirection (for blade servers)

Enables the user to run Virtual Console.

Access Virtual Console (for
rack and tower servers)
Access Virtual Media

Access Virtual Media

Enables the user to run and use Virtual Media.

System Operations

Test Alerts

Allows user initiated and generated events, and information is sent as an
asynchronous notification and logged.

Debug

Execute Diagnostic Commands Enables the user to run diagnostic commands.

134

Configuring user accounts and privileges

Prerequisites for using Active Directory authentication for
iDRAC
To use the Active Directory authentication feature of iDRAC, make sure that you have:
•

Deployed an Active Directory infrastructure. See the Microsoft website for more information.

•

Integrated PKI into the Active Directory infrastructure. iDRAC uses the standard Public Key Infrastructure (PKI) mechanism to
authenticate securely into the Active Directory. See the Microsoft website for more information.

•

Enabled the Secure Socket Layer (SSL) on all domain controllers that iDRAC connects to for authenticating to all the domain
controllers.

Enabling SSL on domain controller
When iDRAC authenticates users with an Active Directory domain controller, it starts an SSL session with the domain controller. At this
time, the domain controller must publish a certificate signed by the Certificate Authority (CA)—the root certificate of which is also
uploaded into iDRAC. For iDRAC to authenticate to any domain controller—whether it is the root or the child domain controller—that
domain controller must have an SSL-enabled certificate signed by the domain’s CA.
If you are using Microsoft Enterprise Root CA to automatically assign all your domain controllers to an SSL certificate, you must:
1

Install the SSL certificate on each domain controller.

2

Export the Domain Controller Root CA Certificate to iDRAC.

3

Import iDRAC Firmware SSL Certificate.

Installing SSL certificate for each domain controller
To install the SSL certificate for each controller:
1

Click Start > Administrative Tools > Domain Security Policy.

2

Expand the Public Key Policies folder, right-click Automatic Certificate Request Settings and click Automatic Certificate Request.
The Automatic Certificate Request Setup Wizard is displayed.

3

Click Next and select Domain Controller.

4

Click Next and click Finish. The SSL certificate is installed.

Exporting domain controller root CA certificate to iDRAC
NOTE: If your system is running Windows 2000 or if you are using standalone CA, the following steps may vary.
To export the domain controller root CA certificate to iDRAC:
1

Locate the domain controller that is running the Microsoft Enterprise CA service.

2

Click Start > Run.

3

Enter mmc and click OK.

4

In the Console 1 (MMC) window, click File (or Console on Windows 2000 systems) and select Add/Remove Snap-in.

5

In the Add/Remove Snap-In window, click Add.

6

In the Standalone Snap-In window, select Certificates and click Add.

7

Select Computer and click Next.

8

Select Local Computer, click Finish, and click OK.

9

In the Console 1 window, go to Certificates Personal Certificates folder.

10

Locate and right-click the root CA certificate, select All Tasks, and click Export....

Configuring user accounts and privileges

135

11

In the Certificate Export Wizard, click Next, and select No do not export the private key.

12

Click Next and select Base-64 encoded X.509 (.cer) as the format.

13

Click Next and save the certificate to a directory on your system.

14

Upload the certificate you saved in step 13 to iDRAC.

Importing iDRAC firmware SSL certificate
iDRAC SSL certificate is the identical certificate used for iDRAC Web server. All iDRAC controllers are shipped with a default self-signed
certificate.
If the Active Directory Server is set to authenticate the client during an SSL session initialization phase, you need to upload iDRAC Server
certificate to the Active Directory Domain controller. This additional step is not required if the Active Directory does not perform a client
authentication during an SSL session’s initialization phase.
NOTE: If your system is running Windows 2000, the following steps may vary.
NOTE: If iDRAC firmware SSL certificate is CA-signed and the certificate of that CA is already in the domain controller's Trusted
Root Certificate Authority list, do not perform the steps in this section.
To import iDRAC firmware SSL certificate to all domain controller trusted certificate lists:
1

Download iDRAC SSL certificate using the following RACADM command:
racadm sslcertdownload -t 0x1 -f 

2

On the domain controller, open an MMC Console window and select Certificates > Trusted Root Certification Authorities.

3

Right-click Certificates, select All Tasks and click Import.

4

Click Next and browse to the SSL certificate file.

5

Install iDRAC SSL Certificate in each domain controller’s Trusted Root Certification Authority.
If you have installed your own certificate, make sure that the CA signing your certificate is in the Trusted Root Certification Authority
list. If the Authority is not in the list, you must install it on all your domain controllers.

6

Click Next and select whether you want Windows to automatically select the certificate store based on the type of certificate, or
browse to a store of your choice.

7

Click Finish and click OK. The iDRAC firmware SSL certificate is imported to all domain controller trusted certificate lists.

Supported Active Directory authentication mechanisms
You can use Active Directory to define iDRAC user access using two methods:
•

Standard schema solution, which uses Microsoft’s default Active Directory group objects only.

•

Extended schema solution, which has customized Active Directory objects. All the access control objects are maintained in Active
Directory. It provides maximum flexibility to configure user access on different iDRACs with varying privilege levels.

Standard schema Active Directory overview
As shown in the following figure, using standard schema for Active Directory integration requires configuration on both Active Directory and
iDRAC.

136

Configuring user accounts and privileges

Figure 1. Configuration of iDRAC with active directory standard schema
In Active Directory, a standard group object is used as a role group. A user who has iDRAC access is a member of the role group. To give
this user access to a specific iDRAC, the role group name and its domain name need to be configured on the specific iDRAC. The role and
the privilege level are defined on each iDRAC and not in the Active Directory. You can configure up to five role groups in each iDRAC. Table
reference no shows the default role group privileges.
Table 23. Default role group privileges
Role Groups

Default Privilege Level

Permissions Granted

Bit Mask

Role Group 1

None

Log in to iDRAC, Configure
iDRAC, Configure Users, Clear
Logs, Execute Server Control
Commands, Access Virtual
Console, Access Virtual Media,
Test Alerts, Execute Diagnostic
Commands

0x000001ff

Role Group 2

None

Log in to iDRAC, Configure
iDRAC, Execute Server Control
Commands, Access Virtual
Console, Access Virtual Media,
Test Alerts, Execute Diagnostic
Commands

0x000000f9

Role Group 3

None

Log in to iDRAC

0x00000001

Role Group 4

None

No assigned permissions

0x00000000

Role Group 5

None

No assigned permissions

0x00000000

NOTE: The Bit Mask values are used only when setting Standard Schema with the RACADM.

Single domain versus multiple domain scenarios
If all the login users and role groups, including the nested groups, are in the same domain, then only the domain controllers’ addresses must
be configured on iDRAC. In this single domain scenario, any group type is supported.

Configuring user accounts and privileges

137

If all the login users and role groups, or any of the nested groups, are from multiple domains, then Global Catalog server addresses must be
configured on iDRAC. In this multiple domain scenario, all the role groups and nested groups, if any, must be a Universal Group type.

Configuring Standard schema Active Directory
To configure iDRAC for an Active Directory login access:
1

On an Active Directory server (domain controller), open the Active Directory Users and Computers Snap-in.

2

Create a group or select an existing group. Add the Active Directory user as a member of the Active Directory group to access iDRAC.

3

Configure the group name, domain name, and the role privileges on iDRAC using the iDRAC web interface or RACADM.

Configuring Active Directory with Standard schema using iDRAC web
interface
NOTE: For information about the various fields, see the iDRAC Online Help.
1

In the iDRAC web interface, go to iDRAC Settings > Users > Directory Services.
The Directory Service page is displayed.

2

Select the Microsoft Active Directory option and then click Edit.
The Active Directory Configuration and Management page is displayed.

3

Click Configure Active Directory.
The Active Directory Configuration and Management Step 1 of 4 page is displayed.

4

Optionally, enable certificate validation and upload the CA-signed digital certificate used during initiation of SSL connections when
communicating with the Active Directory (AD) server. For this, the Domain Controllers and Global Catalog FQDN must be specified.
This is done in the next steps. And hence the DNS should be configured properly in the network settings.

5

Click Next.
The Active Directory Configuration and Management Step 2 of 4 page is displayed.

6

Enable Active Directory and specify the location information about Active Directory servers and user accounts. Also, specify the time
iDRAC must wait for responses from Active Directory during iDRAC login.
NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the Global Catalog FQDN.
Make sure that DNS is configured correctly under iDRAC Settings > Network.

7

Click Next. The Active Directory Configuration and Management Step 3 of 4 page is displayed.

8

Select Standard Schema and click Next.
The Active Directory Configuration and Management Step 4a of 4 page is displayed.

9

Enter the location of Active Directory global catalog server(s) and specify privilege groups used to authorize users.

10

Click a Role Group to configure the control authorization policy for users under the standard schema mode.
The Active Directory Configuration and Management Step 4b of 4 page is displayed.

11

Specify the privileges and click Apply.
The settings are applied and the Active Directory Configuration and Management Step 4a of 4 page is displayed.

12

Click Finish. The Active Directory settings for standard schema are configured.

Configuring Active Directory with Standard schema using RACADM
1

138

Use the following commands:
racadm set iDRAC.ActiveDirectory.Enable 1
racadm set iDRAC.ActiveDirectory.Schema 2
racadm set iDRAC.ADGroup.Name 
racadm set iDRAC.ADGroup.Domain 
racadm set iDRAC.ADGroup.Privilege 

Configuring user accounts and privileges

racadm set iDRAC.ActiveDirectory.DomainController1 
racadm set iDRAC.ActiveDirectory.DomainController2 
racadm set iDRAC.ActiveDirectory.DomainController3 
racadm set iDRAC.ActiveDirectory.GlobalCatalog1 
racadm set iDRAC.ActiveDirectory.GlobalCatalog2 
racadm set iDRAC.ActiveDirectory.GlobalCatalog3 

or IP
or IP
or IP
IP address
IP address
IP address

•

Enter the Fully Qualified Domain Name (FQDN) of the domain controller, not the FQDN of the domain. For example, enter
servername.dell.com instead of dell.com.

•

For bit-mask values for specific Role Group permissions, see Default role group privileges.

•

You must provide at least one of the three domain controller addresses. iDRAC attempts to connect to each of the configured
addresses one-by-one until it makes a successful connection. With Standard Schema, these are the addresses of the domain
controllers where the user accounts and the role groups are located.

•

The Global Catalog server is only required for standard schema when the user accounts and role groups are in different domains. In
multiple domain case, only the Universal Group can be used.

•

If certificate validation is enabled, the FQDN or IP address that you specify in this field must match the Subject or Subject
Alternative Name field of your domain controller certificate.

•

To disable the certificate validation during SSL handshake, use the following command:
racadm set iDRAC.ActiveDirectory.CertValidationEnable 0
In this case, no Certificate Authority (CA) certificate needs to be uploaded.

•

To enforce the certificate validation during SSL handshake (optional), use the following command:
racadm set iDRAC.ActiveDirectory.CertValidationEnable 1
In this case, you must upload the CA certificate using the following command:
racadm sslcertupload -t 0x2 -f 
NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the Global Catalog FQDN.
Ensure that DNS is configured correctly under Overview > iDRAC Settings > Network.
Using the following RACADM command may be optional.
racadm sslcertdownload -t 0x1 -f 

2

If DHCP is enabled on iDRAC and you want to use the DNS provided by the DHCP server, enter the following command:
racadm set iDRAC.IPv4.DNSFromDHCP 1

3

If DHCP is disabled on iDRAC or you want manually enter the DNS IP address, enter the following RACADM command:
racadm set iDRAC.IPv4.DNSFromDHCP 0
racadm set iDRAC.IPv4.DNSFromDHCP.DNS1 
racadm set iDRAC.IPv4.DNSFromDHCP.DNS2 

4

If you want to configure a list of user domains so that you only need to enter the user name when logging in to the web interface, use
the following command:
racadm set iDRAC.UserDomain..Name 
You can configure up to 40 user domains with index numbers between 1 and 40.

Extended schema Active Directory overview
Using the extended schema solution requires the Active Directory schema extension.

Configuring user accounts and privileges

139

Best practices for extended schema
The extended schema uses Dell association objects to join iDRAC and permission. This allows you to use iDRAC based on the overall
permissions granted. The default Access Control List (ACL) of Dell Association objects allows Self and Domain Administrators to manage
the permissions and scope of iDRAC objects.
By default, the Dell Association objects do not inherit all permissions from the parent Active Directory objects. If you enable inheritance for
the Dell Association object, the inherited permissions for that association object are granted to the selected users and groups. This may
result in unintended privileges being provided to the iDRAC.
To use the Extended Schema securely, Dell recommends not enabling inheritance on Dell Association objects within the extended schema
implementation.

Active directory schema extensions
The Active Directory data is a distributed database of attributes and classes. The Active Directory schema includes the rules that determine
the type of data that can be added or included in the database. The user class is one example of a class that is stored in the database.
Some example user class attributes can include the user’s first name, last name, phone number, and so on. You can extend the Active
Directory database by adding your own unique attributes and classes for specific requirements. Dell has extended the schema to include
the necessary changes to support remote management authentication and authorization using Active Directory.
Each attribute or class that is added to an existing Active Directory Schema must be defined with a unique ID. To maintain unique IDs
across the industry, Microsoft maintains a database of Active Directory Object Identifiers (OIDs) so that when companies add extensions to
the schema, they can be guaranteed to be unique and not to conflict with each other. To extend the schema in Microsoft's Active
Directory, Dell received unique OIDs, unique name extensions, and uniquely linked attribute IDs for the attributes and classes that are added
into the directory service:
•

Extension is: dell

•

Base OID is: 1.2.840.113556.1.8000.1280

•

RAC LinkID range is: 12070 to 12079

Overview of iDRAC schema extensions
Dell has extended the schema to include an Association, Device, and Privilege property. The Association property is used to link together
the users or groups with a specific set of privileges to one or more iDRAC devices. This model provides an administrator maximum flexibility
over the different combinations of users, iDRAC privileges, and iDRAC devices on the network without much complexity.
For each physical iDRAC device on the network that you want to integrate with Active Directory for authentication and authorization,
create at least one association object and one iDRAC device object. You can create multiple association objects, and each association
object can be linked to as many users, groups of users, or iDRAC device objects as required. The users and iDRAC user groups can be
members of any domain in the enterprise.
However, each association object can be linked (or, may link users, groups of users, or iDRAC device objects) to only one privilege object.
This example allows an administrator to control each user’s privileges on specific iDRAC devices.
iDRAC device object is the link to iDRAC firmware for querying Active Directory for authentication and authorization. When iDRAC is added
to the network, the administrator must configure iDRAC and its device object with its Active Directory name so that users can perform
authentication and authorization with Active Directory. Additionally, the administrator must add iDRAC to at least one association object for
users to authenticate.
The following figure shows that the association object provides the connection that is needed for the authentication and authorization.

140

Configuring user accounts and privileges

Figure 2. Typical setup for active directory objects
You can create as many or as few association objects as required. However, you must create at least one Association Object, and you must
have one iDRAC Device Object for each iDRAC device on the network that you want to integrate with Active Directory for Authentication
and Authorization with iDRAC.
The Association Object allows for as many or as few users and/or groups as well as iDRAC Device Objects. However, the Association
Object only includes one Privilege Object per Association Object. The Association Object connects the Users who have Privileges on iDRAC
devices.
The Dell extension to the ADUC MMC Snap-in only allows associating the Privilege Object and iDRAC Objects from the same domain with
the Association Object. The Dell extension does not allow a group or an iDRAC object from other domains to be added as a product
member of the Association Object.
When adding Universal Groups from separate domains, create an Association Object with Universal Scope. The Default Association objects
created by the Dell Schema Extender Utility are Domain Local Groups and they do not work with Universal Groups from other domains.
Users, user groups, or nested user groups from any domain can be added into the Association Object. Extended Schema solutions support
any user group type and any user group nesting across multiple domains allowed by Microsoft Active Directory.

Accumulating privileges using Extended Schema
The Extended Schema Authentication mechanism supports Privilege Accumulation from different privilege objects associated with the
same user through different Association Objects. In other words, Extended Schema Authentication accumulates privileges to allow the user
the super set of all assigned privileges corresponding to the different privilege objects associated with the same user.
The following figure provides an example of accumulating privileges using Extended Schema.

Configuring user accounts and privileges

141

Figure 3. Privilege accumulation for a user
The figure shows two Association Objects—A01 and A02. User1 is associated to iDRAC2 through both association objects.
Extended Schema Authentication accumulates privileges to allow the user the maximum set of privileges possible considering the assigned
privileges of the different privilege objects associated to the same user.
In this example, User1 has both Priv1 and Priv2 privileges on iDRAC2. User1 has Priv1 privileges on iDRAC1 only. User2 has Priv1 privileges
on both iDRAC1 and iDRAC2. In addition, this figure shows that User1 can be in a different domain and can be a member of a group.

Configuring Extended schema Active Directory
To configure Active Directory to access iDRAC:
1

Extend the Active Directory schema.

2

Extend the Active Directory Users and Computers Snap-in.

3

Add iDRAC users and their privileges to Active Directory.

4

Configure iDRAC Active Directory properties using iDRAC Web interface or RACADM.

Extending Active Directory schema
Extending your Active Directory schema adds a Dell organizational unit, schema classes and attributes, and example privileges and
association objects to the Active Directory schema. Before you extend the schema, make sure that you have the Schema Admin privileges
on the Schema Master FSMO-Role-Owner of the domain forest.
NOTE: The schema extension for this product is different from the previous generations. The earlier schema does not work with
this product.
NOTE: Extending the new schema has no impact on previous versions of the product.
You can extend your schema using one of the following methods:
•
•

Dell Schema Extender utility
LDIF script file

If you use the LDIF script file, the Dell organizational unit is not added to the schema.
The LDIF files and Dell Schema Extender are on your Dell Systems Management Tools and Documentation DVD in the following respective
directories:

142

Configuring user accounts and privileges

•

DVDdrive :\SYSMGMT\ManagementStation\support\OMActiveDirectory_Tools\Remote_Management_Advanced\LDIF_Files

•

: \SYSMGMT\ManagementStation\support\OMActiveDirectory_Tools\Remote_Management_Advanced\Schema
Extender

To use the LDIF files, see the instructions in the readme included in the LDIF_Files directory.
You can copy and run the Schema Extender or LDIF files from any location.

Using Dell Schema Extender
CAUTION: The Dell Schema Extender uses the SchemaExtenderOem.ini file. To make sure that the Dell Schema Extender utility
functions properly, do not modify the name of this file.
1

In the Welcome screen, click Next.

2

Read and understand the warning and click Next.

3

Select Use Current Log In Credentials or enter a user name and password with schema administrator rights.

4

Click Next to run the Dell Schema Extender.

5

Click Finish.
The schema is extended. To verify the schema extension, use the MMC and the Active Directory Schema Snap-in to verify that the
Classes and attributes exist. See the Microsoft documentation for details about using the MMC and the Active Directory Schema
Snap-in.

Classes and attributes
Table 24. Class definitions for classes added to the active directory schema
Class Name

Assigned Object Identification Number (OID)

delliDRACDevice

1.2.840.113556.1.8000.1280.1.7.1.1

delliDRACAssociation

1.2.840.113556.1.8000.1280.1.7.1.2

dellRAC4Privileges

1.2.840.113556.1.8000.1280.1.1.1.3

dellPrivileges

1.2.840.113556.1.8000.1280.1.1.1.4

dellProduct

1.2.840.113556.1.8000.1280.1.1.1.5

Table 25. DelliDRACdevice class
OID

1.2.840.113556.1.8000.1280.1.7.1.1

Description

Represents the Dell iDRAC device. iDRAC must be configured as
delliDRACDevice in Active Directory. This configuration enables
iDRAC to send Lightweight Directory Access Protocol (LDAP)
queries to Active Directory.

Class Type

Structural Class

SuperClasses

dellProduct

Attributes

dellSchemaVersion
dellRacType

Configuring user accounts and privileges

143

Table 26. delliDRACAssociationObject class
OID

1.2.840.113556.1.8000.1280.1.7.1.2

Description

Represents the Dell Association Object. The Association Object
provides the connection between the users and the devices.

Class Type

Structural Class

SuperClasses

Group

Attributes

dellProductMembers
dellPrivilegeMember

Table 27. dellRAC4Privileges class
OID

1.2.840.113556.1.8000.1280.1.1.1.3

Description

Defines the privileges (Authorization Rights) for iDRAC

Class Type

Auxiliary Class

SuperClasses

None

Attributes

dellIsLoginUser
dellIsCardConfigAdmin
dellIsUserConfigAdmin
dellIsLogClearAdmin
dellIsServerResetUser
dellIsConsoleRedirectUser
dellIsVirtualMediaUser
dellIsTestAlertUser
dellIsDebugCommandAdmin

Table 28. dellPrivileges class
OID

1.2.840.113556.1.8000.1280.1.1.1.4

Description

Used as a container Class for the Dell Privileges (Authorization
Rights).

Class Type

Structural Class

SuperClasses

User

Attributes

dellRAC4Privileges

144

Configuring user accounts and privileges

Table 29. dellProduct class
OID

1.2.840.113556.1.8000.1280.1.1.1.5

Description

The main class from which all Dell products are derived.

Class Type

Structural Class

SuperClasses

Computer

Attributes

dellAssociationMembers

Table 30. List of attributes added to the active directory schema
Attribute Name/Description

Assigned OID/Syntax Object Identifier

Single Valued

dellPrivilegeMember

1.2.840.113556.1.8000.1280.1.1.2.1

FALSE

List of dellPrivilege Objects that belong
to this Attribute.

Distinguished Name (LDAPTYPE_DN
1.3.6.1.4.1.1466.115.121.1.12)

dellProductMembers

1.2.840.113556.1.8000.1280.1.1.2.2

List of dellRacDevice and
DelliDRACDevice Objects that belong to
this role. This attribute is the forward link
to the dellAssociationMembers
backward link.

Distinguished Name (LDAPTYPE_DN
1.3.6.1.4.1.1466.115.121.1.12)

FALSE

Link ID: 12070
dellIsLoginUser

1.2.840.113556.1.8000.1280.1.1.2.3

TRUE if the user has Login rights on the
device.

Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)

dellIsCardConfigAdmin

1.2.840.113556.1.8000.1280.1.1.2.4

TRUE if the user has Card Configuration
rights on the device.

Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)

dellIsUserConfigAdmin

1.2.840.113556.1.8000.1280.1.1.2.5

TRUE if the user has User Configuration
rights on the device.

Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)

delIsLogClearAdmin

1.2.840.113556.1.8000.1280.1.1.2.6

TRUE if the user has Log Clearing rights
on the device.

Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)

dellIsServerResetUser

1.2.840.113556.1.8000.1280.1.1.2.7

TRUE if the user has Server Reset rights
on the device.

Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)

dellIsConsoleRedirectUser

1.2.840.113556.1.8000.1280.1.1.2.8

TRUE if the user has Virtual Console
rights on the device.

Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)

TRUE

TRUE

TRUE

TRUE

TRUE

TRUE

Configuring user accounts and privileges

145

Attribute Name/Description

Assigned OID/Syntax Object Identifier

Single Valued

dellIsVirtualMediaUser

1.2.840.113556.1.8000.1280.1.1.2.9

TRUE

TRUE if the user has Virtual Media rights Boolean (LDAPTYPE_BOOLEAN
on the device.
1.3.6.1.4.1.1466.115.121.1.7)
dellIsTestAlertUser

1.2.840.113556.1.8000.1280.1.1.2.10

TRUE if the user has Test Alert User
rights on the device.

Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)

dellIsDebugCommandAdmin

1.2.840.113556.1.8000.1280.1.1.2.11

TRUE if the user has Debug Command
Admin rights on the device.

Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)

dellSchemaVersion

1.2.840.113556.1.8000.1280.1.1.2.12

The Current Schema Version is used to
update the schema.

Case Ignore String
(LDAPTYPE_CASEIGNORESTRING
1.2.840.113556.1.4.905)

dellRacType

1.2.840.113556.1.8000.1280.1.1.2.13

This attribute is the Current RAC Type
for the delliDRACDevice object and the
backward link to the
dellAssociationObjectMembers forward
link.

Case Ignore String
(LDAPTYPE_CASEIGNORESTRING
1.2.840.113556.1.4.905)

dellAssociationMembers

1.2.840.113556.1.8000.1280.1.1.2.14

TRUE

TRUE

TRUE

TRUE

FALSE

List of dellAssociationObjectMembers
Distinguished Name (LDAPTYPE_DN
that belong to this Product. This attribute 1.3.6.1.4.1.1466.115.121.1.12)
is the backward link to the
dellProductMembers linked attribute.
Link ID: 12071

Installing Dell extension to the Active Directory users and computers snapin
When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers Snap-in so the
administrator can manage iDRAC devices, users and user groups, iDRAC associations, and iDRAC privileges.
When you install your systems management software using the Dell Systems Management Tools and Documentation DVD, you can extend
the Snap-in by selecting the Active Directory Users and Computers Snap-in option during the installation procedure. See the Dell
OpenManage Software Quick Installation Guide for additional instructions about installing systems management software. For 64-bit
Windows Operating Systems, the Snap-in installer is located under:
:\SYSMGMT\ManagementStation\support\OMActiveDirectory_SnapIn64
For more information about the Active Directory Users and Computers Snap-in, see Microsoft documentation.

Adding iDRAC users and privileges to Active Directory
Using the Dell-extended Active Directory Users and Computers Snap-in, you can add iDRAC users and privileges by creating device,
association, and privilege objects. To add each object, perform the following:

146

Configuring user accounts and privileges

•

Create an iDRAC device Object

•

Create a Privilege Object

•

Create an Association Object

•

Add objects to an Association Object

Creating iDRAC device object
To create iDRAC device object:
1

In the MMC Console Root window, right-click a container.

2

Select New > Dell Remote Management Object Advanced.
The New Object window is displayed.

3

Enter a name for the new object. The name must be identical to iDRAC name that you enter while configuring Active Directory
properties using iDRAC Web interface.

4

Select iDRAC Device Object and click OK.

Creating privilege object
To create a privilege object:
NOTE: You must create a privilege object in the same domain as the related association object.
1

In the Console Root (MMC) window, right-click a container.

2

Select New > Dell Remote Management Object Advanced.
The New Object window is displayed.

3

Enter a name for the new object.

4

Select Privilege Object and click OK.

5

Right-click the privilege object that you created, and select Properties.

6

Click the Remote Management Privileges tab and assign the privileges for the user or group.

Creating association object
To create association object:
NOTE: iDRAC association object is derived from the group and its scope is set to Domain Local.
1

In the Console Root (MMC) window, right-click a container.

2

Select New > Dell Remote Management Object Advanced.

3

Enter a name for the new object and select Association Object.

4

Select the scope for the Association Object and click OK.

5

Provide access privileges to the authenticated users for accessing the created association objects.

This New Object window is displayed.

Providing user access privileges for association objects
To provide access privileges to the authenticated users for accessing the created association objects:
1

Go to Administrative Tools > ADSI Edit. The ADSI Edit window is displayed.

2

In the right-pane, navigate to the created association object, right-click and select Properties.

3

In the Security tab, click Add.

4

Type Authenticated Users, click Check Names, and click OK. The authenticated users is added to the list of Groups and user
names.

5

Click OK.

Configuring user accounts and privileges

147

Adding objects to association object
Using the Association Object Properties window, you can associate users or user groups, privilege objects, and iDRAC devices or iDRAC
device groups.
You can add groups of users and iDRAC devices.

Adding users or user groups
To add users or user groups:
1

Right-click the Association Object and select Properties.

2

Select the Users tab and click Add.

3

Enter the user or user group name and click OK.

Adding privileges
To add privileges:
Click the Privilege Object tab to add the privilege object to the association that defines the user’s or user group’s privileges when
authenticating to an iDRAC device. Only one privilege object can be added to an Association Object.
1

Select the Privileges Object tab and click Add.

2

Enter the privilege object name and click OK.

3

Click the Privilege Object tab to add the privilege object to the association that defines the user’s or user group’s privileges when
authenticating to an iDRAC device. Only one privilege object can be added to an Association Object.

Adding iDRAC devices or iDRAC device groups
To add iDRAC devices or iDRAC device groups:
1

Select the Products tab and click Add.

2

Enter iDRAC devices or iDRAC device group name and click OK.

3

In the Properties window, click Apply and click OK.

4

Click the Products tab to add one iDRAC device connected to the network that is available for the defined users or user groups. You
can add multiple iDRAC devices to an Association Object.

Configuring Active Directory with Extended schema using iDRAC web
interface
To configure Active Directory with extended schema using Web interface:
NOTE: For information about the various fields, see the iDRAC Online Help.
1

In the iDRAC Web interface, go to iDRAC Settings > Users > Directory Services > Microsoft Active Directory. Click Edit
The Active Directory Configuration and Management Step 1 of 4 page is displayed.

2

Optionally, enable certificate validation and upload the CA-signed digital certificate used during initiation of SSL connections when
communicating with the Active Directory (AD) server.

3

Click Next.
The Active Directory Configuration and Management Step 2 of 4 page is displayed.

4

148

Specify the location information about Active Directory (AD) servers and user accounts. Also, specify the time iDRAC must wait for
responses from AD during login process.

Configuring user accounts and privileges

NOTE:
•

If certificate validation is enabled, specify the Domain Controller Server addresses and the FQDN. Make sure that DNS is
configured correctly under iDRAC Settings > Network

•

5

If the user and iDRAC objects are in different domains, then do not select the User Domain from Login option. Instead select
Specify a Domain option and enter the domain name where the iDRAC object is available.
Click Next. The Active Directory Configuration and Management Step 3 of 4 page is displayed.

6

Select Extended Schema and click Next.
The Active Directory Configuration and Management Step 4 of 4 page is displayed.

7

Enter the name and location of the iDRAC device object in Active Directory (AD) and click Finish.
The Active Directory settings for extended schema mode is configured.

Configuring Active Directory with Extended schema using RACADM
To configure Active Directory with Extended Schema using the RACADM:
1

Use the following commands:
racadm set iDRAC.ActiveDirectory.Enable 1
racadm set iDRAC.ActiveDirectory.Schema 2
racadm set iDRAC.ActiveDirectory.RacName 
racadm set iDRAC.ActiveDirectory.RacDomain 
racadm set iDRAC.ActiveDirectory.DomainController1 
racadm set iDRAC.ActiveDirectory.DomainController2 
racadm set iDRAC.ActiveDirectory.DomainController3 
•

Enter the Fully Qualified Domain Name (FQDN) of the domain controller, not the FQDN of the domain. For example, enter
servername.dell.com instead of dell.com.

•

You must provide at least one of the three addresses. iDRAC attempts to connect to each of the configured addresses one-by-one
until it makes a successful connection. With Extended Schema, these are the FQDN or IP addresses of the domain controllers
where this iDRAC device is located.

•

To disable the certificate validation during SSL handshake, use the following command:
racadm set iDRAC.ActiveDirectory.CertValidationEnable 0
In this case, you do not have to upload a CA certificate.

•

To enforce the certificate validation during SSL handshake (optional):
racadm set iDRAC.ActiveDirectory.CertValidationEnable 1
In this case, you must upload a CA certificate using the following command:
racadm sslcertupload -t 0x2 -f 
NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the FQDN. Ensure that DNS
is configured correctly under iDRAC Settings > Network.
Using the following RACADM command may be optional:
racadm sslcertdownload -t 0x1 -f 

2

If DHCP is enabled on iDRAC and you want to use the DNS provided by the DHCP server, enter the following command:
racadm set iDRAC.IPv4.DNSFromDHCP 1

3

If DHCP is disabled in iDRAC or you want to manually input your DNS IP address, enter the following command:
racadm set iDRAC.IPv4.DNSFromDHCP 0
racadm set iDRAC.IPv4.DNSFromDHCP.DNS1 
racadm set iDRAC.IPv4.DNSFromDHCP.DNS2 

4

If you want to configure a list of user domains so that you only need to enter the user name during log in to iDRAC web interface, use
the following command:
racadm set iDRAC.UserDomain..Name 
You can configure up to 40 user domains with index numbers between 1 and 40.

Configuring user accounts and privileges

149

Testing Active Directory settings
You can test the Active Directory settings to verify whether your configuration is correct, or to diagnose the problem with a failed Active
Directory log in.

Testing Active Directory settings using iDRAC web interface
To test the Active Directory settings:
1

In iDRAC Web Interface, go to iDRAC Settings > Users > Directory Services > Microsoft Active Directory, click Test.
The Test Active Directory Settings page is displayed.

2

Click Test.

3

Enter a test user's name (for example, username@domain.com) and password and click Start Test. A detailed test results and the
test log displays.
If there is a failure in any step, examine the details in the test log to identify the problem and a possible solution.
NOTE: When testing Active Directory settings with Enable Certificate Validation checked, iDRAC requires that the Active
Directory server be identified by the FQDN and not an IP address. If the Active Directory server is identified by an IP
address, certificate validation fails because iDRAC is not able to communicate with the Active Directory server.

Testing Active Directory settings using RACADM
To test the Active Directory settings, use the testfeature command.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Configuring generic LDAP users
iDRAC provides a generic solution to support Lightweight Directory Access Protocol (LDAP)-based authentication. This feature does not
require any schema extension on your directory services.
To make iDRAC LDAP implementation generic, the commonality between different directory services is utilized to group users and then
map the user-group relationship. The directory service specific action is the schema. For example, they may have different attribute names
for the group, user, and the link between the user and the group. These actions can be configured in iDRAC.
NOTE: The Smart Card based Two Factor Authentication (TFA) and the Single Sign-On (SSO) logins are not supported for
generic LDAP Directory Service.

Configuring generic LDAP directory service using iDRAC webbased interface
To configure the generic LDAP directory service using Web interface:
NOTE: For information about the various fields, see the iDRAC Online Help.
1

In the iDRAC Web interface, go to iDRAC Settings > Users > Directory Services > Generic LDAP Directory Service, click Edit.
The Generic LDAP Configuration and Management Step 1 of 3 page displays the current generic LDAP settings.

2

150

Optionally, enable certificate validation and upload the digital certificate used during initiation of SSL connections when communicating
with a generic LDAP server.

Configuring user accounts and privileges

NOTE: In this release, non-SSL port based LDAP bind is not supported. Only LDAP over SSL is supported.
3

Click Next.
The Generic LDAP Configuration and Management Step 2 of 3 page is displayed.

4

Enable generic LDAP authentication and specify the location information about generic LDAP servers and user accounts.
NOTE: If certificate validation is enabled, specify the LDAP Server’s FQDN and make sure that DNS is configured correctly
under iDRAC Settings > Network.
NOTE: In this release, nested group is not supported. The firmware searches for the direct member of the group to match
the user DN. Also, only single domain is supported. Cross domain is not supported.

5

Click Next.
The Generic LDAP Configuration and Management Step 3a of 3 page is displayed.

6

Click Role Group.
The Generic LDAP Configuration and Management Step 3b of 3 page is displayed.

7

Specify the group distinguished name, the privileges associated with the group, and click Apply.
NOTE: If you are using Novell eDirectory and if you have used these characters—#(hash), "(double quotes), ;(semi colon),
> (greater than), , (comma), or <(lesser than)—for the Group DN name, they must be escaped.
The role group settings are saved. The Generic LDAP Configuration and Management Step 3a of 3 page displays the role group
settings.

8

If you want to configure additional role groups, repeat steps 7 and 8.

9

Click Finish. The generic LDAP directory service is configured.

Configuring generic LDAP directory service using RACADM
To configure the LDAP directory service, use the objects in the iDRAC.LDAP and iDRAC.LDAPRole groups.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Testing LDAP directory service settings
You can test the LDAP directory service settings to verify whether your configuration is correct, or to diagnose the problem with a failed
LDAP log in.

Testing LDAP directory service settings using iDRAC web interface
To test the LDAP directory service settings:
1

In iDRAC Web Interface, go to iDRAC Settings > Users > Directory Services > Generic LDAP Directory Service.
The Generic LDAP Configuration and Management page displays the current generic LDAP settings.

2

Click Test.

3

Enter the user name and password of a directory user that is chosen to test the LDAP settings. The format depends on the Attribute
of User Login is used and the user name entered must match the value of the chosen attribute.
NOTE: When testing LDAP settings with Enable Certificate Validation checked, iDRAC requires that the LDAP server be
identified by the FQDN and not an IP address. If the LDAP server is identified by an IP address, certificate validation fails
because iDRAC is not able to communicate with the LDAP server.
NOTE: When generic LDAP is enabled, iDRAC first tries to login the user as a directory user. If it fails, local user lookup is
enabled.

Configuring user accounts and privileges

151

The test results and the test log are displayed.

Testing LDAP directory service settings using RACADM
To test the LDAP directory service settings, use the testfeature command. For more information, see the iDRAC RACADM Command
Line Interface Reference Guide available at dell.com/idracmanuals.

152

Configuring user accounts and privileges

8
System Lockdown Mode
System Lockdown mode is supported by iDRAC 9 and later versions. This feature enables you to make sure that once a system is
provisioned as needed then it should not drift from that specific configuration. This feature can help protect from unintentional or malicious
changes. The lockdown mode is applicable to both configuration and firmware updates. In the lockdown state all the Dell tools will make
sure to block any attempt to change the system configuration. An error message will be displayed in case there is any such attempt.
NOTE: After the System Lockdown mode is enabled, users cannot change any configuration settings. System Settings fields
remains disabled.
Lockdown mode can be enabled or disabled from the following interfaces:
•

iDRAC UI

•

iDRAC Racadm

•

iDRAC WSMan

•

iDRAC SCP (System Configuration Profile)

•

iDRAC Redfish

•

Using F2 during iDRAC setup
NOTE: To enable lockdown mode the user need to have iDRAC enterprise license and system control privileges.

There are some critical tasks that can be performed even the system is in the lockdown mode. The following operations are allowed when
system is in lockdown mode:
•

Power cap setting

•

System power operations ( power on/off, reset)

•

Identify operations (Chassis or PERC)

•

Part replacement

•

Running diagnostics

•

Modular operations (Vlan configuration, flex address)

•

Group Manager passcode

The following table lists the functional and non-functional features, interfaces, and utilities that are affected by lockdown mode:
Table 31. Items affected by lockdown mode
Disabled

Remain functional

•
•
•
•
•
•
•
•
•

•
•

OMSA/OMSS
IPMI
DRAC/LC
RACADM
WSMan
DTK-Syscfg
Redfish
OpenManage Essentials
BIOS (F2 settings become read-only)

•

•

•

All Vendor tools that have direct access to the device
PERC
• PERC CLI
• DTK-RAIDCFG
• F2/Ctrl+R
NVMe
• DTK-RAIDCFG
• F2/Ctrl+R
BOSS-S1
• Marvell CLI
• F2/Ctrl+R
Part replacement, Easy Restore, and system board replacement

System Lockdown Mode

153

Disabled

Remain functional
•
•
•
•
•
•

154

System Lockdown Mode

Power capping
System power operations ( power on, off, reset)
Identify devices (chassis and PERC)
ISM/OMSA settings (OS BMC enable, watchdog ping, OS name, OS
version)
Modular operations (VLAN configuration, flex addressing)
Group Manager passcode

9
Configuring iDRAC for Single Sign-On or smart
card login
This section provides information to configure iDRAC for Smart Card login (for local users and Active Directory users), and Single Sign-On
(SSO) login (for Active Directory users.) SSO and smart card login are licensed features.
iDRAC supports Kerberos based Active Directory authentication to support Smart Card and SSO logins. For information on Kerberos, see
the Microsoft website.

Topics:
•

Prerequisites for Active Directory Single Sign-On or smart card login

•

Configuring iDRAC SSO login for Active Directory users

•

Configuring iDRAC smart card login for local users

•

Configuring iDRAC smart card login for Active Directory users

•

Enabling or disabling smart card login

Prerequisites for Active Directory Single Sign-On or
smart card login
The prerequisites to Active Directory based SSO or Smart Card logins are:
•

Synchronize iDRAC time with the Active Directory domain controller time. If not, kerberos authentication on iDRAC fails. You can use
the Time zone and NTP feature to synchronize the time. To do this, see Configuring time zone and NTP.

•

Register iDRAC as a computer in the Active Directory root domain.

•

Generate a keytab file using the ktpass tool.

•

To enable Single Sign-On for Extended schema, make sure that the Trust this user for delegation to any service (Kerberos only)
option is selected on the Delegation tab for the keytab user. This tab is available only after creating the keytab file using ktpass utility.

•

Configure the browser to enable SSO login.

•

Create the Active Directory objects and provide the required privileges.

•

For SSO, configure the reverse lookup zone on the DNS servers for the subnet where iDRAC resides.

•

Configure the browser to support SSO login. For more information, see Single Sign-On.

NOTE: If the host name does not match the reverse DNS lookup, Kerberos authentication fails.

NOTE: Google Chrome and Safari do not support Active Directory for SSO login.

Registering iDRAC as a computer in Active Directory root
domain
To register iDRAC in Active Directory root domain:
1

Click iDRAC Settings > Connectivity > Network.

Configuring iDRAC for Single Sign-On or smart card login

155

The Network page is displayed.
2

You can select IPv4 Settings or IPv6 Settings based on the IP settings.

3

Provide a valid Preferred/Alternate DNS Server IP address. This value is a valid DNS server IP address that is part of the root
domain.

4

Select Register iDRAC on DNS.

5

Provide a valid DNS Domain Name.

6

Verify that network DNS configuration matches with the Active Directory DNS information.
For more information about the options, see the iDRAC Online Help.

Generating Kerberos keytab file
To support the SSO and smart card login authentication, iDRAC supports the configuration to enable itself as a kerberized service on a
Windows Kerberos network. The Kerberos configuration on iDRAC involves the same steps as configuring a non–Windows Server Kerberos
service as a security principal in Windows Server Active Directory.
The ktpass tool (available from Microsoft as part of the server installation CD/DVD) is used to create the Service Principal Name (SPN)
bindings to a user account and export the trust information into a MIT–style Kerberos keytab file, which enables a trust relation between an
external user or system and the Key Distribution Centre (KDC). The keytab file contains a cryptographic key, which is used to encrypt the
information between the server and the KDC. The ktpass tool allows UNIX–based services that support Kerberos authentication to use the
interoperability features provided by a Windows Server Kerberos KDC service. For more information on the ktpass utility, see the Microsoft
website at: technet.microsoft.com/en-us/library/cc779157(WS.10).aspx
Before generating a keytab file, you must create an Active Directory user account for use with the -mapuser option of the ktpass
command. Also, you must have the same name as iDRAC DNS name to which you upload the generated keytab file.
To generate a keytab file using the ktpass tool:
1

Run the ktpass utility on the domain controller (Active Directory server) where you want to map iDRAC to a user account in Active
Directory.

2

Use the following ktpass command to create the Kerberos keytab file:
C:\> ktpass.exe -princ HTTP/idrac7name.domainname.com@DOMAINNAME.COM -mapuser DOMAINNAME
\username -mapOp set -crypto AES256-SHA1 -ptype KRB5_NT_PRINCIPAL -pass [password] -out c:
\krbkeytab
The encryption type is AES256-SHA1. The principal type is KRB5_NT_PRINCIPAL. The properties of the user account to which the
Service Principal Name is mapped to must have Use AES 256 encryption types for this account property enabled.
NOTE: Use lowercase letters for the iDRACname and Service Principal Name. Use uppercase letters for the domain name as
shown in the example.

3

Run the following command:
C:\>setspn -a HTTP/iDRACname.domainname.com username
A keytab file is generated.
NOTE: If you find any issues with iDRAC user for which the keytab file is created, create a new user and a new keytab file. If
the same keytab file which was initially created is again executed, it does not configure correctly.

Creating Active Directory objects and providing privileges
Perform the following steps for Active Directory Extended schema based SSO login:
1

Create the device object, privilege object, and association object in the Active Directory server.

2

Set access privileges to the created privilege object. It is recommended not to provide administrator privileges as this could bypass
some security checks.

3

Associate the device object and privilege object using the association object.

4

Add the preceding SSO user (login user) to the device object.

156

Configuring iDRAC for Single Sign-On or smart card login

5

Provide access privilege to Authenticated Users for accessing the created association object.

Configuring iDRAC SSO login for Active Directory
users
Before configuring iDRAC for Active Directory SSO login, make sure that you have completed all the prerequisites.
You can configure iDRAC for Active Directory SSO when you setup an user account based on Active Directory.

Configuring iDRAC SSO login for Active Directory users using
web interface
To configure iDRAC for Active Directory SSO login:
NOTE: For information about the options, see the iDRAC Online Help.
1

Verify whether the iDRAC DNS name matches the iDRAC Fully Qualified Domain Name. To do this, in iDRAC Web interface, go to
iDRAC Settings > Network > Common Settings and see the DNS iDRAC Name property.

2

While configuring Active Directory to setup a user account based on standard schema or extended schema, perform the following two
additional steps to configure SSO:
•

Upload the keytab file on the Active Directory Configuration and Management Step 1 of 4 page.

•

Select Enable Single Sign-On option on the Active Directory Configuration and Management Step 2 of 4 page.

Configuring iDRAC SSO login for Active Directory users using
RACADM
To enable SSO, complete the steps to configure Active Directory, and run the following command:
racadm set iDRAC.ActiveDirectory.SSOEnable 1

Configuring iDRAC smart card login for local users
To configure iDRAC local user for smart card login:
1

Upload the smart card user certificate and trusted CA certificate to iDRAC.

2

Enable smart card login.

Uploading smart card user certificate
Before you upload the user certificate, make sure that the user certificate from the smart card vendor is exported in Base64 format. SHA-2
certificates are also supported.

Uploading smart card user certificate using web interface
To upload smart card user certificate:
1

In iDRAC Web interface, go to iDRAC Settings > Users > Smart Card.

Configuring iDRAC for Single Sign-On or smart card login

157

NOTE: The Smart Card log-On feature requires the configuration of the local and/or Active Directory user
certificate.
2

Under Configure Smart Card Logon, select Enabled With Remote RACADM to enable the configuration..

3

Enable Enable CRL Check for Smart Card Logon.

4

Click Apply.

Uploading smart card user certificate using RACADM
To upload smart card user certificate, use the usercertupload object. For more information, see the iDRACRACADM Command Line
Interface Reference Guide available at dell.com/idracmanuals.

Uploading trusted CA certificate for smart card
Before you upload the CA certificate, make sure that you have a CA-signed certificate.

Uploading trusted CA certificate for smart card using web interface
To upload trusted CA certificate for smart card login:
1

In iDRAC Web interface, go to iDRAC Settings > Network > User Authentication > Local Users.
The Users page is displayed.

2

In the User ID column, click a user ID number.
The Users Main Menu page is displayed.

3

Under Smart Card Configurations, select Upload Trusted CA Certificate and click Next.
The Trusted CA Certificate Upload page is displayed.

4

Browse and select the trusted CA certificate, and click Apply.

Uploading trusted CA certificate for smart card using RACADM
To upload trusted CA certificate for smart card login, use the usercertupload object. For more information, see the iDRAC RACADM
Command Line Interface Reference Guide available at dell.com/idracmanuals.

Configuring iDRAC smart card login for Active
Directory users
Before configuring iDRAC Smart Card login for Active Directory users, make sure that you have completed the required prerequisites.
To configure iDRAC for smart card login:
1

2

In iDRAC Web interface, while configuring Active Directory to set up an user account based on standard schema or extended schema,
on the Active Directory Configuration and Management Step 1 of 4 page:
•

Enable certificate validation.

•

Upload a trusted CA-signed certificate.

• Upload the keytab file.
Enable smart card login. For information about the options, see the iDRAC Online Help.

Enabling or disabling smart card login
Before enabling or disabling smart card login for iDRAC, make sure that:

158

Configuring iDRAC for Single Sign-On or smart card login

•

You have configure iDRAC permissions.

•

iDRAC local user configuration or Active Directory user configuration with the appropriate certificates is complete.
NOTE: If smart card login is enabled, then SSH, Telnet, IPMI Over LAN, Serial Over LAN, and remote RACADM are disabled.
Again, if you disable smart card login, the interfaces are not enabled automatically.

Enabling or disabling smart card login using web interface
To enable or disable the Smart Card logon feature:
1

In the iDRAC web interface, go to iDRAC Settings > Users > Smart Card.
The Smart Card page is displayed.

2

From the Configure Smart Card Logon drop-down menu, select Enabled to enable smart card logon or select Enabled With Remote
RACADM. Else, select Disabled.
For more information about the options, see the iDRAC Online Help.

3

Click Apply to apply the settings.
You are prompted for a Smart Card login during any subsequent logon attempts using the iDRAC web interface.

Enabling or disabling smart card login using RACADM
To enable smart card login, use the set command with objects in the iDRAC.SmartCard group.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Enabling or disabling smart card login using iDRAC settings
utility
To enable or disable the Smart Card logon feature:
1

In the iDRAC Settings utility, go to Smart Card.
The iDRAC Settings Smart Card page is displayed.

2

Select Enabled to enable smart card logon. Else, select Disabled. For more information about the options, see iDRAC Settings Utility
Online Help.

3

Click Back, click Finish, and then click Yes.
The smart card logon feature is enabled or disabled based on the selection.

Configuring iDRAC for Single Sign-On or smart card login

159

10
Configuring iDRAC to send alerts
You can set alerts and actions for certain events that occur on the managed system. An event occurs when the status of a system
component is greater than the pre-defined condition. If an event matches an event filter and you have configured this filter to generate an
alert (e-mail, SNMP trap, IPMI alert, remote system logs, Redfish event, or WS events), then an alert is sent to one or more configured
destinations. If the same event filter is also configured to perform an action (such as reboot, power cycle, or power off the system), the
action is performed. You can set only one action for each event.
To configure iDRAC to send alerts:
1

Enable alerts.

2

Optionally, you can filter the alerts based on category or severity.

3

Configure the e-mail alert, IPMI alert, SNMP trap, remote system log, Redfish event, operating system log, and/or WS-event settings.

4

Enable event alerts and actions such as:
•

Send an email alert, IPMI alert, SNMP traps, remote system logs, Redfish event, operating system log, or WS events to configured
destinations.

•

Perform a reboot, power off, or power cycle the managed system.

Topics:
•

Enabling or disabling alerts

•

Filtering alerts

•

Setting event alerts

•

Setting alert recurrence event

•

Setting event actions

•

Configuring email alert, SNMP trap, or IPMI trap settings

•

Configuring WS Eventing

•

Configuring Redfish Eventing

•

Monitoring chassis events

•

Alerts message IDs

Enabling or disabling alerts
For sending an alert to configured destinations or to perform an event action, you must enable the global alerting option. This property
overrides individual alerting or event actions that is set.

Enabling or disabling alerts using web interface
To enable or disable generating alerts:
1

In iDRAC Web interface, go to Configuration > System Settings > Alert Configuration.
The Alerts page is displayed.

2

Under Alerts section:
•

3

160

Select Enable to enable alert generation or perform an event action.

• Select Disable to disable alert generation or disable an event action.
Click Apply to save the setting.

Configuring iDRAC to send alerts

Enabling or disabling alerts using RACADM
Use the following command:
racadm set iDRAC.IPMILan.AlertEnable 
n=0 — Disabled
n=1 — Enabled

Enabling or disabling alerts using iDRAC settings utility
To enable or disable generating alerts or event actions:
1

In the iDRAC Settings utility, go to Alerts.
The iDRAC Settings Alerts page is displayed.

2

Under Platform Events, select Enabled to enable alert generation or event action. Else, select Disabled. For more information about
the options, see iDRAC Settings Utility Online Help.

3

Click Back, click Finish, and then click Yes.
The alert settings are configured.

Filtering alerts
You can filter alerts based on category and severity.

Filtering alerts using iDRAC web interface
To filter the alerts based on category and severity:
NOTE: Even if you are a user with read-only privileges, you can filter the alerts.
1

In iDRAC Web interface, go to Configuration > System Settings > Alerts and Remote System Log Configuration.

2

Under Alerts and Remote System Log Configuration section, select Filter:
•

System Health — System Health category represents all the alerts that are related to hardware within the system chassis.
Examples include temperature errors, voltage errors, device errors.

•

Storage Health — Storage Health category represents alerts that are related to the storage subsystem. Examples include,
controller errors, physical disk errors, virtual disk errors.

•

Configuration — Configuration category represents alerts that are related to hardware, firmware and software configuration
changes. Examples include, PCI-e card added/removed, RAID configuration changed, iDRAC license changed.

•

Audit — Audit category represents the audit log. Examples include, user login/logout information, Password authentication failures,
session info, power states.

•

Updates — Update category represents alerts that are generated due to firmware/Driver upgrades/downgrades.
NOTE: This doesn’t represent firmware inventory.

3

4

• Work Notes
Select one or more of the following severity levels:
•

Informational

•

Warning

• Critical
Click Apply.
The Alert Results section displays the results based on the selected category and severity.

Configuring iDRAC to send alerts

161

Filtering alerts using RACADM
To filter the alerts, use the eventfilters command. For more information, see the iDRAC RACADM Command Line Interface Reference
Guide available at dell.com/idracmanuals.

Setting event alerts
You can set event alerts such as e-mail alerts, IPMI alerts, SNMP traps, remote system logs, operating system logs, and WS events to be
sent to configured destinations.

Setting event alerts using web interface
To set an event alert using the web interface:
1

Make sure that you have configured the e-mail alert, IPMI alert, SNMP trap settings, and/or remote system log settings.

2

In iDRAC Web interface, go to Configuration > System Settings > Alerts and Remote System Log Configuration.

3

Under Category, select one or all of the following alerts for the required events:

4

•

Email

•

SNMP Trap

•

IPMI Alert

•

Remote System Log

•

WS Eventing

•

OS Log

• Redfish Event
Select Action.
The setting is saved.

5

Optionally, you can send a test event. In the Message ID to Test Event field, enter the message ID to test if the alert is generated and
click Test. For the list of message IDs, see the Event Messages Guide available at dell.com/support/manuals.

Setting event alerts using RACADM
To set an event alert, use the eventfilters command. For more information, see the iDRAC RACADM Command Line Interface Reference
Guide available at dell.com/idracmanuals.

Setting alert recurrence event
You can configure iDRAC to generate additional events at specific intervals if the system continues to operate at a temperature which is
greater than the inlet temperature threshold limit. The default interval is 30 days. The valid range is 0 to 366 days. A value of ‘0’ indicates no
event recurrence.
NOTE: You must have Configure iDRAC privilege to set the alert recurrence value.

Setting alert recurrence events using RACADM
To set the alert recurrence event using RACADM, use the eventfilters command. For more information, see the iDRAC RACADM
Command Line Interface Reference Guide available at dell.com/idracmanuals.

162

Configuring iDRAC to send alerts

Setting alert recurrence events using iDRAC web interface
To set the alert recurrence value:
1

In iDRAC Web interface, go to Configuration > System Settings > Alert Recurrence.

2

In the Recurrence column, enter the alert frequency value for the required category, alert, and severity type(s).
For more information, see the iDRAC Online help.

3

Click Apply.
The alert recurrence settings are saved.

Setting event actions
You can set event actions such as perform a reboot, power cycle, power off, or perform no action on the system.

Setting event actions using web interface
To set an event action:
1

In iDRAC Web interface, go to Configuration > System Settings > Alert and Remote System Log Configuration.

2

From the Actions drop-down menu, for each event select an action:

3

•

Reboot

•

Power Cycle

•

Power Off

• No Action
Click Apply.
The setting is saved.

Setting event actions using RACADM
To configure an event action, use the eventfilters command. For more information, see the iDRAC RACADM Command Line Interface
Reference Guide available at dell.com/idracmanuals.

Configuring email alert, SNMP trap, or IPMI trap
settings
The management station uses Simple Network Management Protocol (SNMP) and Intelligent Platform Management Interface (IPMI) traps
to receive data from iDRAC. For systems with large number of nodes, it may not be efficient for a management station to poll each iDRAC
for every condition that may occur. For example, event traps can help a management station with load balancing between nodes or by
issuing an alert if an authentication failure occurs. SNMP v1, v2, and v3 formats are supported.
You can configure the IPv4 and IPv6 alert destinations, email settings, and SMTP server settings, and test these settings. You can also
specify the SNMP v3 user to whom you want to send the SNMP traps.
Before configuring the email, SNMP, or IPMI trap settings, make sure that:
•

You have Configure RAC permission.

•

You have configured the event filters.

Configuring iDRAC to send alerts

163

Configuring IP alert destinations
You can configure the IPv6 or IPv4 addresses to receive the IPMI alerts or SNMP traps.
For information about the iDRAC MIBs required to monitor the servers using SNMP, see the SNMP Reference Guide available at dell.com/
support/manuals.

Configuring IP alert destinations using web interface
To configure alert destination settings using Web interface:
1

In iDRAC Web interface, go to Configuration > System Settings > SNMP and E-mail Settings.

2

Select the State option to enable an alert destination (IPv4 address, IPv6 address, or Fully Qualified Domain Name (FQDN)) to receive
the traps.
You can specify up to eight destination addresses. For more information about the options, see the iDRAC Online Help.

3

Select the SNMP v3 user to whom you want to send the SNMP trap.

4

Enter the iDRAC SNMP community string (applicable only for SNMPv1 and v2) and the SNMP alert port number.
For more information about the options, see the iDRAC Online Help.
NOTE: The Community String value indicates the community string to use in a Simple Network Management Protocol
(SNMP) alert trap sent from iDRAC. Make sure that the destination community string is the same as the iDRAC community
string. The default value is Public.

5

To test whether the IP address is receiving the IPMI or SNMP traps, click Send under Test IPMI Trap and Test SNMP Trap
respectively.

6

Click Apply.
The alert destinations are configured.

7

In the SNMP Trap Format section, select the protocol version to be used to send the traps on the trap destination(s) — SNMP v1,
SNMP v2, or SNMP v3 and click Apply.
NOTE: The SNMP Trap Format option applies only for SNMP Traps and not for IPMI Traps. IPMI Traps are always sent in
SNMP v1 format and is not based on the configured SNMP Trap Format option.
The SNMP trap format is configured.

Configuring IP alert destinations using RACADM
To configure the trap alert settings:
1

2

164

To enable traps:
racadm set idrac.SNMP.Alert..Enable 
Parameter

Description



Destination index. Allowed values are 1 through 8.

=0

Disable the trap

=1

Enable the trap

To configure the trap destination address:
racadm set idrac.SNMP.Alert..DestAddr 

Parameter

Description



Destination index. Allowed values are 1 through 8.

Configuring iDRAC to send alerts

3

4

5

Parameter

Description




A valid IPv4, IPv6, or FQDN address

Configure the SNMP community name string:
racadm set idrac.ipmilan.communityname 
Parameter

Description



The SNMP Community Name.

To configure SNMP destination:
•

Set the SNMP trap destination for SNMPv3:
racadm set idrac.SNMP.Alert..DestAddr 

•

Set SNMPv3 users for trap destinations:
racadm set idrac.SNMP.Alert..SNMPv3Username 

•

Enable SNMPv3 for a user:
racadm set idrac.users..SNMPv3Enable Enabled

To test the trap, if required:
racadm testtrap -i 

For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Configuring IP alert destinations using iDRAC settings utility
You can configure alert destinations (IPv4, IPv6, or FQDN) using the iDRAC Settings utility. To do this:
1

In the iDRAC Settings utility, go to Alerts.
The iDRAC Settings Alerts page is displayed.

2

Under Trap Settings, enable the IP address(es) to receive the traps and enter the IPv4, IPv6, or FQDN destination address(es). You
can specify up to eight addresses.

3

Enter the community string name.
For information about the options, see the iDRAC Settings Utility Online Help.

4

Click Back, click Finish, and then click Yes.
The alert destinations are configured.

Configuring email alert settings
You can configure the email address to receive the email alerts. Also, configure the SMTP server address settings.
NOTE: If your mail server is Microsoft Exchange Server 2007, ensure that the iDRAC domain name is configured for the mail
server to receive the email alerts from iDRAC.
NOTE: Email alerts support both IPv4 and IPv6 addresses. The iDRAC DNS Domain Name must be specified when using IPv6.
NOTE: If you are using an external SMTP server, ensure that iDRAC can communicate with that server. If the server is
unreachable, the error RAC0225 is displayed while trying to send a test mail.

Configuring email alert settings using web interface
To configure the email alert settings using Web interface:
1

In iDRAC Web interface, go to Configuration > System Settings > SMTP (E-mail) Configuration.

2

Type a valid email address.

3

Click Send under Test Email to test the configured email alert settings.

4

Click Apply.

Configuring iDRAC to send alerts

165

5

6

For SMTP (E-mail) Server Settings provide the following details:
•

SMTP (E-mail) Server IP Address or FQDN/DNS Name

•

SMTP Port Number

•

Authentication

• Username
Click Apply. For more information about the options, see the iDRAC Online Help.

Configuring email alert settings using RACADM
1

2

3

4

To enable email alert:
racadm set iDRAC.EmailAlert.Enable.[index] [n]
Parameter

Description

index

Email destination index. Allowed values are 1 through 4.

n=0

Disables email alerts.

n=1

Enables email alerts.

To configure email settings:
racadm set iDRAC.EmailAlert.Address.[index] [email-address]
Parameter

Description

index
email-address

Email destination index. Allowed values are 1 through 4.
Destination email address that receives the platform event alerts.

To configure a custom message:
racadm set iDRAC.EmailAlert.CustomMsg.[index] [custom-message]
Parameter

Description

index
custom-message

Email destination index. Allowed values are 1 through 4.
Custom message

To test the configured email alert, if required:
racadm testemail -i [index]
Parameter

Description

index

Email destination index to be tested. Allowed values are 1 through 4.

For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Configuring SMTP email server address settings
You must configure the SMTP server address for email alerts to be sent to specified destinations.

Configuring SMTP email server address settings using iDRAC web interface
To configure the SMTP server address:
1

In iDRAC Web interface, go to Configuaration > System Settings > Alert Configuration > SNMP (E-mail Configuration).

2

Enter the valid IP address or fully qualified domain name (FQDN) of the SMTP server to be used in the configuration.

3

Select the Enable Authentication option and then provide the user name and password (of a user who has access to SMTP server).

4

Enter the SMTP port number.
For more information about the fields, see the iDRAC Online Help.

5

166

Click Apply.

Configuring iDRAC to send alerts

The SMTP settings are configured.

Configuring SMTP email server address settings using RACADM
To configure the SMTP email server:
racadm set iDRAC.RemoteHosts.SMTPServerIPAddress 

Configuring WS Eventing
The WS Eventing protocol is used for a client service (subscriber) to register interest (subscription) with a server (event source) for
receiving messages containing the server events (notifications or event messages). Clients interested in receiving the WS Eventing
messages can subscribe with iDRAC and receive Lifecycle Controller job related events.
The steps required to configure WS Eventing feature to receive WS Eventing messages for changes related to Lifecycle Controller jobs are
described in the Web service Eventing Support for iDRAC 1.30.30 specification document. In addition to this specification, see the
DSP0226 (DMTF WS Management Specification), Section 10 Notifications (Eventing) document for the complete information on the WS
Eventing protocol. The Lifecycle Controller related jobs are described in the DCIM Job Control Profile document.

Configuring Redfish Eventing
The Redfish eventing protocol is used for a client service (subscriber) to register interest (subscription) with a server (event source) for
receiving messages containing the Redfish events (notifications or event messages). Clients interested in receiving the Redfish eventing
messages can subscribe with iDRAC and receive Lifecycle Controller job related events.

Monitoring chassis events
On the PowerEdge FX2/FX2s chassis, you can enable the Chassis Management and Monitoring setting in iDRAC to perform chassis
management and monitoring tasks such as monitoring chassis components, configuring alerts, using iDRAC RACADM to pass CMC
RACADM commands, and updating the chassis management firmware. This setting allows you to manage the servers in the chassis even if
the CMC is not on the network. You can set the value to Disabled to forward the chassis events. By default, this setting is set as Enabled.
NOTE: For this setting to take effect, you must ensure that in CMC, the Chassis Management at Server setting must be set to
Monitor or Manage and Monitor.
When the Chassis Management and Monitoring option is set to Enabled, iDRAC generates and logs chassis events. The events generated
are integrated into the iDRAC event subsystem and alerts are generated similar to the rest of the events.
CMC also forwards the events generated to iDRAC. In case the iDRAC on the server is not functional, CMC queues the first 16 events and
logs the rest in the CMC log. These 16 events are sent to iDRAC as soon as Chassis monitoring is set to enabled.
In instances where iDRAC detects that a required CMC functionality is absent, a warning message is displayed informing you that certain
features may not be functional without a CMC firmware upgrade.

Monitoring chassis events using the iDRAC web interface
To monitor chassis events using the iDRAC web interface, perform the following steps:
NOTE: This section appears only for PowerEdge FX2/FX2s chassis and if Chassis Management at Server mode is set to Monitor
or Manage and Monitor in CMC.
1

On the CMC interface, click Chassis Overview > Setup > General.

2

From the Chassis Management at Server Mode drop-down menu, select Manage and Monitor, and click Apply.

3

Launch the iDRAC web interface, click Overview > iDRAC Settings > CMC.

4

Under the Chassis Management at Server section, ensure that Capability from iDRAC drop-down box is set to Enabled.

Configuring iDRAC to send alerts

167

Monitoring chassis events using RACADM
This setting is applicable only for PowerEdge FX2/FX2s servers and if Chassis Management at Server mode is set to Monitor or Manage
and Monitor in CMC.
To monitor chassis events using iDRAC RACADM:
racadm get system.chassiscontrol.chassismanagementmonitoring
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Alerts message IDs
The following table provides the list of message IDs that are displayed for the alerts.
Table 32. Alert message IDs
Message ID

Description

AMP

Amperage

ASR

Auto Sys Reset

BAR

Backup/Restore

BAT

Battery Event

BIOS

BIOS Management

BOOT

BOOT Control

CBL

Cable

CPU

Processor

CPUA

Proc Absent

CTL

Storage Contr

DH

Cert Mgmt

DIS

Auto-Discovery

ENC

Storage Enclosr

FAN

Fan Event

FSD

Debug

HWC

Hardware Config

IPA

DRAC IP Change

ITR

Intrusion

JCP

Job Control

168

Configuring iDRAC to send alerts

Message ID

Description

LC

Lifecycle Controller

LIC

Licensing

LNK

Link Status

LOG

Log event

MEM

Memory

NDR

NIC OS Driver

NIC

NIC Config

OSD

OS Deployment

OSE

OS Event

PCI

PCI Device

PDR

Physical Disk

PR

Part Exchange

PST

BIOS POST

PSU

Power Supply

PSUA

PSU Absent

PWR

Power Usage

RAC

RAC Event

RDU

Redundancy

RED

FW Download

RFL

IDSDM Media

RFLA

IDSDM Absent

RFM

FlexAddress SD

RRDU

IDSDM Redundancy

RSI

Remote Service

SEC

Security Event

SEL

Sys Event Log

SRD

Software RAID

SSD

PCIe SSD

Configuring iDRAC to send alerts

169

Message ID

Description

STOR

Storage

SUP

FW Update Job

SWC

Software Config

SWU

Software Change

SYS

System Info

TMP

Temperature

TST

Test Alert

UEFI

UEFI Event

USR

User Tracking

VDR

Virtual Disk

VF

vFlash SD card

VFL

vFlash Event

VFLA

vFlash Absent

VLT

Voltage

VME

Virtual Media

VRM

Virtual Console

WRK

Work Note

170

Configuring iDRAC to send alerts

11
iDRAC 9 Group Manager
iDRAC Group Manager feature is available for Dell's 14th generation servers to offer simplified basic management of iDRACs and associated
servers on the associated servers on the local network using the iDRAC GUI. Group Manager allows 1XMany console experience without
involving a separate application. It allows the users to view the details of a set of servers by permitting more powerful management than by
inspecting servers visually for faults and other manual methods.
Group manager is a licensed feature and part of the Enterprise license. Only iDRAC admin users can access the Group Manager
functionality.
NOTE: For better user experience Group Manager supports up to 100 server nodes.

Topics:
•

Group Manager

•

Summary View

•

Manage Logins

•

Configure Alerts

•

Export

•

Discovered Servers View

•

Jobs View

•

Jobs Export

•

Group Information Panel

•

Group Settings

•

Actions on a selected Server

Group Manager
To use Group Manager feature, you need to enable the Group Manager from iDRAC index page or on the Group Manager Welcome
screen. The group manager welcome screen provides options listed in the below table.
Table 33. Options in Group Manager
Option

Description

Join Existing Group

Allows you to join an existing group, you need to know the
GroupName and Passcode to join a specific group.
NOTE: Passwords are associated to iDRAC user
credentials. Whereas, a passcode is associated to a group
to establish authenticated device communication between
different iDRACs in the same group.

Create New Group

Allows you to create a new group. The specific iDRAC which has
created the group would be the master (primary controller) of the
group.

Disable Group Manager for this System

You can select this option in case you do not want to join any group
from a specific system. However, you can access Group Manager at
any point of time by selecting Open Group Manager from the

iDRAC 9 Group Manager

171

Option

Description
iDRAC index page. Once you disable the group manager, user needs
to wait for 60 seconds to perform any further group manager
operations.

Once the group manager feature is enabled, that iDRAC allows you the option to create or join an iDRAC local group. More than one iDRAC
group can be setup in the local network but an individual iDRAC can only be a member of one group at a time. To change group (join a new
group) the iDRAC must first leave its current group and then join the new group. The iDRAC from where the group was created gets
chosen as the primary controller of the group by default. The user does not define a dedicated group manager primary controller to control
that group. The primary controller hosts the group manager web interface and provides the GUI based work flows. The iDRAC members
self-select a new primary controller for the group if the current primary goes offline for a prolonged duration, but that does not have any
impact on the end user. You can normally access the group manager from all iDRAC members by clicking group manager from the iDRAC
index page.

Summary View
You need to have administrator privileges to access group manager pages. If a non-administrator user logs onto the iDRAC, the group
manager section does not appear with their credentials. The group manager home page (summary view) is broadly categorized as three
sections. The first section shows rollup summary with aggregated summary details.
•

Total number of servers in the local group.

•

Chart showing number of servers per server model.

•

Doughnut chart showing the servers per their health status (clicking on a chart section filters the server list to show only the servers
with selected health).

•

Warning box if there is a duplicate group detected in the local network. Duplicate group is typically the group with the same name but
with a different passcode. This warning box does not appear if there is no duplicate group.

•

Displays the iDRACs, that are controlling the group (Primary and Secondary controller).

The second section provides buttons for actions that are taken on the group as whole and the third section displays the list of all iDRACs in
the group.
It shows all the systems in the group and their current health status and allows the user to take corrective action as needed. Server
attributes specific to a server is described in the below table.
Table 34. Server Attributes
Server Attribute

Description

Health

Indicates the health status of that specific server.

Host Name

Displays the Server name.

iDRAC IP Address

Displays the exact IPV4 and IPV6 addresses.

Service Tag

Displays the Service Tag information.

Model

Displays the Model number of the Dell Server.

iDRAC

Displays the iDRAC version.

Last Status Update

Displays the time stamp when the server Status was last updated.

The System Information panel provides further details on the server like iDRAC network connectivity status, server host power state,
express service code, operating system, asset tag, node ID, IDRAC DNS name, Server BIOS version, Server CPU information, System
memory and location information. You may double click on a row or click on the launch iDRAC button to perform a single sign on redirect to
the selected iDRAC index page. On the selected server, virtual console can be accessed or server power actions can be performed from
More Actions dropped down list.
Manage iDRAC user logins, Alert configuration and group inventory export are the group actions supported.

172

iDRAC 9 Group Manager

Manage Logins
Use this section to Add New User, Change User Password and Delete User from the Group.
Group jobs including Manage Logins are one time configurations of the servers. Group manager uses SCP and jobs to make any changes.
Every iDRAC in the group owns an individual job in its job queue for each Group Manager job. Group Manager does not detect changes on
member iDRACs or lock member configurations.
NOTE: Group jobs does not configure or override the lockdown mode for any specific iDRAC.
Leaving a group does not change local user or change settings on a member iDRAC.

Add a New User
Use this section to create and add a new user profile on all the servers in that group. A group job would be created to add the user to all
servers in that group. The status of group job can be found at GroupManager > Jobs page.
NOTE: By default iDRAC is configured with a local administrator account. You can access further information for each parameter
with local administrator account.
For more information see, Configuring user accounts and privileges.
Table 35. New User Options
Option

Description

New User Information

Allows you to provide the new user's information details.

iDRAC Permissions

Allows you to define the user's role for future usage.

Advanced User Settings

Allows you to set (IPMI) user privileges and helps you to enable
SNMP.

NOTE: Any member iDRAC with system lockdown enabled, that is part of the same group returns an error that the user
password was not updated.

Change User Password
Use this section to change the password information for the user. You can see the Users detail with the User Name, Role and Domain
information for individual user. A group job would be created to change the user password on all the servers in that group. The status of
group job can be found at GroupManager > Jobs page.
If user already exists then the password can be updated. Any member iDRAC with system lockdown enabled, that is part of the group
returns an error that the user password was not updated. If the user does not exist, then an error is returned to group manager indicating
that the user does not exist on the system. The list of users shown in Group Manager GUI is based on the current user list on the iDRAC
that is acting as the primary controller. It does not show all users for all iDRACs.

Delete User
Use this section to delete users from all the group servers. A group job would be created to delete users from all the group servers. The
status of group job can be found at GroupManager > Jobs page.
If user already exists on a member iDRAC then the user can be deleted. Any member iDRAC with system lockdown enabled that is part of
the group returns an error that the user is not deleted. If the user does not exist then it shows a successful deletion for that iDRAC. The list

iDRAC 9 Group Manager

173

of users shown in Group Manager GUI is based on the current user list on the iDRAC which is acting as the primary controller. It does not
show all users for all iDRACs.

Configure Alerts
Use this section to configure e-mail alerts. By default alerting is disabled. However, you can enable the alerting anytime. A group job would
be created to apply the e-mail alert configuration to all the group servers. The status of group job can be monitored at GroupManager >
Jobs page. Group manager email alert configures email alerts on all members. It sets the SMTP server settings on all members in the same
group. Each iDRAC is configured separately. Email configuration is not globally saved. Current values are based on the iDRAC that is acting
as a primary controller. Leaving a group does not reconfigure email alerts.
For more information on Configuring Alerts, see Configuring iDRAC to send alerts.
Table 36. Configuring alerts options
Option

Description

SMTP (Email) Server Address Settings

Allows you to configure Server IP Address, SMTP Port Number and
enable the authentication. In case you are enabling authentication,
you need to provide username and password.

Email Addresses

Allows you to configure multiple Email IDs to receive email
notifications about system status change. You can send one test
email to the configured account from the system.

Alert Categories

Allows you to select multiple alert categories to receive email
notifications.

NOTE: Any member iDRAC with system lockdown enabled, that is part of the same group returns an error that the user
password was not updated.

Export
Use this section to export the Group Summary to the local system. The information can be exported to a csv file format. It contains data
related to each individual system in the group. Export includes the following information in csv format. Server details:
•

Health

•

Host Name

•

iDRAC IPV4 Address

•

iDRAC IPV6 Address

•

Asset Tag

•

Model

•

iDRAC Firmware Version

•

Last Status Update

•

Express Service Code

•

iDRAC Connectivity

•

Power State

•

Operating System

•

Service Tag

•

Node ID

•

iDRAC DNS Name

•

BIOS Version

•

CPU Details

•

System Memory(MB)

•

Location Details

174

iDRAC 9 Group Manager

NOTE: In case, you are using Internet Explorer, disable the Enhanced Security settings to successfully download the csv file.

Discovered Servers View
After creating the local group, iDRAC group manager notifies all other iDRACs on the local network that a new group has been created. For
iDRACs to be displayed under Discovered Servers, group manager feature should be enabled in each iDRAC. Discovered Servers View
displays the list of the iDRACs detected on the same network, which can be part of any group. If an iDRAC does not show up in the
discovered systems list then the user must logon to the specific iDRAC and join the group. The iDRAC that created the group will be shown
as the only member in the essentials view until more iDRACs are joined to the group.
NOTE: Discovered servers view at the Group manager console allows you to onboard one or more servers listed in the view in to
that group. The progress of the activity can be tracked from GroupManager > Jobs. Alternatively you can logon to the iDRAC
and select the group you would like to onboard from the drop down list to join that group. You can access the GroupManager
welcome screen from iDRAC index page.
Table 37. Group onboard options
Option

Description

Onboard and Change Login

Select a specific row and select the Onboard and Change Login
option to get the newly discovered systems to the group. You must
provide the admin logon credentials for the new systems to join the
group. If the system has the default password, you need to change
it while onboarding it to a group.
Group onboarding allows you to apply the same group alert settings
to the new systems.

Ignore

Allows you to ignore the systems from the discovered servers list, in
case you do not want to add them in any group.

Un-Ignore

Allows you to select the systems that you would like to reinstate in
the discovered servers list.

Rescan

Allows you to scan and generate the list of discovered servers at
any time.

Jobs View
Jobs view allows the user to track the progress of a group job, helps with simple recovery steps to correct connectivity induced failures. It
also shows the history of the last group actions that were performed as an audit log. The user can use the jobs view to track the progress
of the action across the group or to cancel an action that is schedule to occur in the future. The Jobs view allows the user to view the
status of the last 50 jobs that have been run and any success or failures that has occurred.
Table 38. Jobs View
Option

Description

Status

Shows the job's status and the state of the ongoing job.

Job

Displays the Job's name.

ID

Displays the Job's ID.

Start Time

Displays the start time.

End Time

Displays the end time.

Actions

•

Cancel — A scheduled job can be cancelled, before it moves to
running state. A running job can be stopped by using the stop
button.

iDRAC 9 Group Manager

175

Option

Description
•
•

Export

Rerun — Allows the user to rerun the job in case the job is in
failure state.
Remove — Allows the user to remove the completed old jobs.

You can export the group job information to the local system for
future references. The jobs list can be exported to csv file format. It
contains data related to individual job.

NOTE: For each job entry, the list of systems provide details up to 100 systems. Each system entry contains Hostname, Service
Tag, Member Job Status and Message if in case the job failed.
All Group actions that create jobs are performed on all the group members with immediate effect. You can perform the following tasks:
•

Add/Edit/Remove users

•

Configure email alerts

•

Change group passcode and name
NOTE: Group jobs complete quickly as long as all members are online and accessible. It may take 10 minutes from job start to job
complete. A job will wait and retry for up to 10 hours for the systems that are not accessible.
NOTE: While an onboarding job is running no other Job can be scheduled. Jobs include:
•

Add New User

•

Change User Password

•

Delete User

•

Configure Alerts

•

Onboard additional systems

•

Change Group Passcode

•

Change Group Name

Attempting to invoke another Job while an Onboarding task is active, consequences GMGR0039 error code. Once the
onboarding task has made its first attempt to onboard all the new systems, Jobs can be created at any point in time.

Jobs Export
You can export the log to the local system for further references. The jobs list can be exported to a csv file format. It contains all the data
related to each job.
NOTE: Exported CSV files are available only in English.

Group Information Panel
Group Information panel in the top right of group manager summary view shows a consolidated group summary. Current group
configuration can be edited from the Group Settings page accessible by clicking Group Settings button. It shows how many systems are
there in the group. It also provides the information about the Primary and the Secondary controller of the Group.

Group Settings
Group settings page provides a listing of selected group attributes.

176

iDRAC 9 Group Manager

Table 39. Group setting attributes
Group Attribute

Description

Group Name

Displays the name of that Group.

Number of Systems

Displays the total number of systems in that group.

Created on

Displays the time stamp details.

Created by

Displays the details of Group admin.

Controlling System

Displays the Service Tag of the system, that acts as the controlling
system and coordinates the group management tasks.

Backup System

Displays the Service Tag of the system, that acts as the backup
system. In case the controlling system is unavailable, it takes up
roles of the controlling system.

Allows the user to perform actions listed on the table below on the group. A group configuration job would be created for these actions
(change group name, change group passcode, remove the members and delete the group). The status of group job can be viewed or
modified from GroupManager > Jobs page.
Table 40. Group setting actions
Actions

Description

Change Name

Allows you to change the Current Group Name with a New Group
Name.

Change Passcode

Allows you to change the existing group password by entering a
New Group Passcode and validating that password by Reenter
New Group Passcode.

Remove Systems

Allows you to remove multiple systems from the group at a time.

Delete Group

Allows you to delete the group. To use any feature of group
manager, the user should have administrator privileges. Any pending
jobs will be stopped in case the group is deleted.

Actions on a selected Server
On the Summary page, you can double click on a row to launch iDRAC for that server through a single sign on redirect. Ensure to turn off
the popup blocker in the browser settings. You can perform following actions on the selected server by clicking appropriate item from the
More Actions drop down list.
Table 41. Actions on a selected Server
Option

Description

Graceful Shutdown

Shuts down the operating system and powers off the system.

Cold Reboot

Powers off, then reboots the system.

Virtual Console

Launches Virtual Console with single sign on a new browser
window.
NOTE: Disable Popup blocker from the browser to use this
functionality.

iDRAC 9 Group Manager

177

Group Manager Single Sign On
All iDRACs in the group trust each other based on the shared passcode secret and shared group name. As a result an administrator user at
a group member IDRAC is grant administrator level privileges at any group member iDRAC when accessed through Group Manager web
interface single sign on. iDRACs logs - as the user that logged on into peer members.  is the service tag of
the iDRAC where the user first logged in.

Group Manager Concepts — Controlling System
•

Automatically selected — by default the first iDRAC configured for Group Manager.

•

Provides Group Manager GUI workflow.

•

Keeps track of all members.

•

Coordinates tasks.

•

If a user logs in to any member and clicks on Open Group Manager the browser will be redirected to the primary controller.

Group Manager Concepts — Backup System
•

Primary controller automatically selects a secondary controller to take over if the primary goes offline for an extended period of time (10
mins or more).

•

If both primary and secondary goes offline for an extended duration (for more than 14 mins) a new primary and secondary controller
gets elected.

•

Keeps a copy of the group manager cache of all the groups members and tasks.

•

The controlling system and backup system are automatically determined by group manager.

•

No user configuration or involvement required.

178

iDRAC 9 Group Manager

12
Managing logs
iDRAC provides Lifecycle log that contains events related to system, storage devices, network devices, firmware updates, configuration
changes, license messages, and so on. However, the system events are also available as a separate log called System Event Log (SEL). The
lifecycle log is accessible through iDRAC Web interface, RACADM, and WSMan interface.
When the size of the lifecycle log reaches 800 KB, the logs are compressed and archived. You can only view the non-archived log entries,
and apply filters and comments to non-archived logs. To view the archived logs, you must export the entire lifecycle log to a location on
your system.

Topics:
•
•
•
•
•

Viewing System Event Log
Viewing Lifecycle log
Exporting Lifecycle Controller logs
Adding work notes
Configuring remote system logging

Viewing System Event Log
When a system event occurs on a managed system, it is recorded in the System Event Log (SEL). The same SEL entry is also available in
the LC log.

Viewing System Event Log using web interface
To view the SEL, in iDRAC Web interface, go to Maintenance > System Event Log.
The System Event Log page displays a system health indicator, a time stamp, and a description for each event logged. For more
information, see the iDRAC Online Help.
Click Save As to save the SEL to a location of your choice.
NOTE: If you are using Internet Explorer and if there is a problem when saving, download the Cumulative Security Update for
Internet Explorer. You can download it from the Microsoft Support website at support.microsoft.com.
To clear the logs, click Clear Log.
NOTE: Clear Log only appears if you have Clear Logs permission.
After the SEL is cleared, an entry is logged in the Lifecycle Controller log. The log entry includes the user name and the IP address from
where the SEL was cleared.

Viewing System Event Log using RACADM
To view the SEL:
racadm getsel 
If no arguments are specified, the entire log is displayed.

Managing logs

179

To display the number of SEL entries: racadm getsel -i
To clear the SEL entries: racadm clrsel
For more information, see iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Viewing System Event Log using iDRAC settings utility
You can view the total number of records in the System Event Log (SEL) using the iDRAC Settings Utility and clear the logs. To do this:
1

In the iDRAC Settings Utility, go to System Event Log.
The iDRAC Settings.System Event Log displays the Total Number of Records.

2

To clear the records, select Yes. Else, select No.

3

To view the system events, click Display System Event Log.

4

Click Back, click Finish, and then click Yes.

Viewing Lifecycle log
Lifecycle Controller logs provide the history of changes related to components installed on a managed system. You can also add work notes
to each log entry.
The following events and activities are logged:
•

All

•

System Health — System Health category represents all the alerts that are related to hardware within the system chassis.

•

Storage — Storage Health category represents alerts that are related to the storage subsystem.

•

Updates — Update category represents alerts that are generated due to firmware/Driver upgrades/downgrades.

•

Audit — Audit category represents the audit log.

•

Configuration — Configuration category represents alerts that are related to hardware, firmware and software configuration changes.

•

Work Notes

When you log in to or log out of iDRAC using any of the following interfaces, the log-in, log-out, or login failure events are recorded in the
Lifecycle logs:
•

Telnet

•

SSH

•

Web interface

•

RACADM

•

Redfish

•

SM-CLP

•

IPMI over LAN

•

Serial

•

Virtual console

•

Virtual media

You can view and filter logs based on the category and severity level. You can also export and add a work note to a log event.
NOTE: Lifecycle logs for Personality Mode change is generated only during the warm boot of the host.
If you initiate configuration jobs using RACADM CLI or iDRAC web interface, the Lifecycle log contains information about the user, interface
used, and the IP address of the system from which you initiate the job.

180

Managing logs

Viewing Lifecycle log using web interface
To view the Lifecycle Logs, click Maintenance > Lifecycle Log. The Lifecycle Log page is displayed. For more information about the
options, see the iDRAC Online Help.

Filtering Lifecycle logs
You can filter logs based on category, severity, keyword, or date range.
To filter the lifecycle logs:
1

2

In the Lifecycle Log page, under the Log Filter section, do any or all of the following:
•

Select the Log Type from the drop-down list.

•

Select the severity level from the Severity drop-down list.

•

Enter a keyword.

• Specify the date range.
Click Apply.
The filtered log entries are displayed in Log Results.

Adding comments to Lifecycle logs
To add comments to the Lifecycle logs:
1

In the Lifecycle Log page, click the + icon for the required log entry.
The Message ID details are displayed.

2

Enter the comments for the log entry in the Comment box.
The comments are displayed in the Comment box.

Viewing Lifecycle log using RACADM
To view Lifecycle logs, use the lclog command.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Exporting Lifecycle Controller logs
You can export the entire Lifecycle Controller log (active and archived entries) in a single zipped XML file to a network share or to the local
system. The zipped XML file extension is .xml.gz. The file entries are ordered sequentially based on their sequence numbers, ordered from
the lowest sequence number to the highest.

Exporting Lifecycle Controller logs using web interface
To export the Lifecycle Controller logs using the Web interface:
1

In the Lifecycle Log page, click Export.

2

Select any of the following options:
•

Network — Export the Lifecycle Controller logs to a shared location on the network.

•

Local — Export the Lifecycle Controller logs to a location on the local system.

Managing logs

181

NOTE: While specifying the network share settings, it is recommended to avoid special characters for user name and
password or percent encode the special characters.
For information about the fields, see the iDRAC Online Help.
3

Click Export to export the log to the specified location.

Exporting Lifecycle Controller logs using RACADM
To export the Lifecycle Controller logs, use the lclog export command.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.

Adding work notes
Each user who logs in to iDRAC can add work notes and this is stored in the lifecycle log as an event. You must have iDRAC logs privilege
to add work notes. A maximum of 255 characters are supported for each new work note.
NOTE: You cannot delete a work note.
To add a work note:
1

In the iDRAC Web interface, go to Dashboard > Notes > add note.
The Work Notes page is displayed.

2

Under Work Notes, enter the text in the blank text box.
NOTE: It is recommended not to use too many special characters.

3

Click Save.
The work note is added to the log. For more information, see the iDRAC Online Help.

Configuring remote system logging
You can send lifecycle logs to a remote system. Before doing this, make sure that:
•

There is network connectivity between iDRAC and the remote system.

•

The remote system and iDRAC is on the same network.

Configuring remote system logging using web interface
To configure the remote syslog server settings:
1

In the iDRAC Web interface, go to Configuration > System Settings > Remote Syslog Settings.
The Remote Syslog Settings page is displayed

2

Enable remote syslog, specify the server address, and the port number. For information about the options, see the iDRAC Online Help.

3

Click Apply.
The settings are saved. All logs written to the lifecycle log are also simultaneously written to configured remote server(s).

Configuring remote system logging using RACADM
To configure the remote system-logging settings, use the set command with the objects in the iDRAC.SysLog group.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

182

Managing logs

13
Monitoring and managing power
You can use iDRAC to monitor and manage the power requirements of the managed system. This helps to protect the system from power
outages by appropriately distributing and regulating the power consumption on the system.
The key features are:
•

Power Monitoring — View the power status, history of power measurements, the current averages, peaks, and so on for the managed
system.

•

Power Capping — View and set the power cap for the managed system, including displaying the minimum and maximum potential
power consumption. This is a licensed feature.

•

Power Control — Enables you to remotely perform power control operations (such as, power on, power off, system reset, power cycle,
and graceful shutdown) on the managed system.

•

Power Supply Options — Configure the power supply options such as redundancy policy, hot spare, and power factor correction.

Topics:
•

Monitoring power

•

Setting warning threshold for power consumption

•

Executing power control operations

•

Power capping

•

Configuring power supply options

•

Enabling or disabling power button

•

Multi-Vector Cooling

Monitoring power
iDRAC monitors the power consumption in the system continuously and displays the following power values:
•

Power consumption warning and critical thresholds.

•

Cumulative power, peak power, and peak amperage values.

•

Power consumption over the last hour, last day or last week.

•

Average, minimum, and maximum power consumption.

•

Historical peak values and peak timestamps.

•

Peak headroom and instantaneous headroom values (for rack and tower servers).
NOTE: The histogram for the system power consumption trend (hourly, daily, weekly) is maintained only while iDRAC is running.
If iDRAC is restarted, the existing power consumption data is lost and the histogram is restarted.

Monitoring performance index of CPU, memory, and input
output modules using web interface
To monitor the performance index of CPU, memory, and I/O modules, in the iDRAC web interface, go to System > Performance.
•

System Performance section — Displays the current reading and the warning reading for CPU, Memory and I/O utilization index, and
system level CUPS index in a graphical view.

Monitoring and managing power

183

•

•

System Performance Historical Data section:
•

Provides the statistics for CPU, memory, IO utilization, and the system level CUPS index. If the host system is powered off, then the
graph displays the power off line below 0 percent.

•

You can reset the peak utilization for a particular sensor. Click Reset Historical Peak. You must have Configure privilege to reset the
peak value.

Performance Metrics section:
•

Displays status and present reading

•

Displays or specifies the warning threshold utilization limit. You must have server configure privilege to set the threshold values.

For information about the displayed properties, see the iDRAC Online Help.

Monitoring performance index for of CPU, memory, and input
output modules using RACADM
Use the SystemPerfStatistics sub command to monitor performance index for CPU, memory, and I/O modules. For more information, see
the iDRAC RACADM Command Line Reference Guide available at dell.com/esmmanuals.

Setting warning threshold for power consumption
You can set the warning threshold value for the power consumption sensor in the rack and tower systems. The warning/critical power
threshold for rack and tower systems may change, after the system is power-cycled, based on PSU capacity and redundancy policy.
However, the warning threshold must not exceed the critical threshold even if Power Supply Unit capacity of the redundancy policy is
changed.
The warning power threshold for blade systems is set to CMC power allocation.
If reset to default action is performed, the power thresholds will be set to default.
You must have Configure user privilege to set the warning threshold value for power consumption sensor.
NOTE: The Warning Threshold value is reset to the default value after performing a racreset or an iDRAC update.

Setting warning threshold for power consumption using web
interface
1

In the iDRAC Web interface, go to System > Overview > Present Power Reading and Thresholds.

2

In the Present Power Reading and Thresholds section, click Edit Warning Threshold.
The Edit Warning Threshold page is displayed.

3

In the Warning Threshold column, enter the value in Watts or BTU/hr.
The values must be lower than the Failure Threshold values. The values are rounded off to the nearest value that is divisible by 14. If
you enter Watts, the system automatically calculates and displays the BTU/hr value. Similarly, if you enter BTU/hr, the value for Watts
is displayed.

4

Click Save. The values are configured.

Executing power control operations
iDRAC enables you to remotely perform a power-on, power off, reset, graceful shutdown, Non-Masking Interrupt (NMI), or power cycle
using the Web interface or RACADM.

184

Monitoring and managing power

You can also perform these operations using Lifecycle Controller Remote Services or WSMan. For more information, see the Lifecycle
Controller Remote Services Quick Start Guide available at dell.com/idracmanuals and the Dell Power State Management profile document
available at delltechcenter.com.
Server power-control operations initiated from iDRAC are independent of the power-button behavior configured in the BIOS. You can use
the PushPowerButton function to gracefully shut down the system, or power it on, even if the BIOS is configured to do nothing when the
physical power button is pressed.

Executing power control operations using web interface
To perform power control operations:
1

In iDRAC web interface, go to Configuration > Power Control. The Power Control options are displayed.

2

Select the required power operation:

3

•

Power On System

•

Power Off System

•

NMI (Non-Masking Interrupt)

•

Graceful Shutdown

•

Reset System (warm boot)

• Power Cycle System (cold boot)
Click Apply. For more information, see the iDRAC Online Help.

Executing power control operations using RACADM
To perform power actions, use the serveraction command.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Power capping
You can view the power threshold limits that covers the range of AC and DC power consumption that a system under heavy workload
presents to the datacenter. This is a licensed feature.

Power capping in Blade servers
Before a blade server in a PowerEdge M1000e or PowerEdge VRTX chassis powers up, iDRAC provides CMC with its power requirements.
It is higher than the actual power that the blade can consume and is calculated based on limited hardware inventory information. It may
request that a smaller power range after the server is powered up based on the actual power consumed by the server. If the power
consumption increases over time and if the server is consuming power near its maximum allocation, iDRAC may request an increase of the
maximum potential power consumption thus increasing the power envelope. iDRAC only increases its maximum potential power
consumption request to CMC. It does not request for a lesser minimum potential power if the consumption decreases. iDRAC continues to
request for more power if the power consumption exceeds the power allocated by CMC.
After, the system is powered on and initialized, iDRAC calculates a new power requirement based on the actual blade configuration. The
blade stays powered on even if the CMC fails to allocate new power request.
CMC reclaims any unused power from lower priority servers and then allocates the reclaimed power to a higher priority infrastructure
module or a server.
If there is not enough power allocated, the blade server does not power on. If the blade has been allocated enough power, the iDRAC turns
on the system power.

Monitoring and managing power

185

Viewing and configuring power cap policy
When power cap policy is enabled, it enforces user-defined power limits for the system. If not, it uses the hardware power protection policy
that is implemented by default. This power protection policy is independent of the user defined policy. The system performance is
dynamically adjusted to maintain power consumption close to the specified threshold.
Actual power consumption may be less for light workloads and momentarily may exceed the threshold until performance adjustments are
completed. For example, for a given system configuration, the Maximum Potential Power Consumption is 700W and the Minimum Potential
Power Consumption is 500W. You can specify and enable a Power Budget Threshold to reduce consumption from its current 650W to
525W. From that point onwards, the system's performance is dynamically adjusted to maintain power consumption so as to not exceed the
user-specified threshold of 525W.
If the power cap value is set to be lower than the minimum recommended threshold, iDRAC may not be able maintain the requested power
cap.
You can specify the value in Watts, BTU/hr, or as a percentage (%) of the recommended maximum power limit.
When setting the power cap threshold in BTU/hr, the conversion to Watts is rounded to the nearest integer. When reading the power cap
threshold back, the Watts to BTU/hr conversion is again rounded in this manner. As a result, the value written could be nominally different
than the value read; for example, a threshold set to 600 BTU/hr will be read back as 601 BTU/hr.

Configuring power cap policy using web interface
To view and configure the power policies:
1

In iDRAC Web interface, go to Configuration > Power Management > Power Cap Policy.
The current power policy limit is displayed under the Power Cap Limits section.

2

Select Enable under Power Cap.

3

Under Power Cap Limits section, enter the maximum power limit in Watts and BTU/hr or the maximum % of recommended system
limit.

4

Click Apply to apply the values.

Configuring power cap policy using RACADM
To view and configure the current power cap values, use the following objects with the set command:
•

System.Power.Cap.Enable

•

System.Power.Cap.Watts

•

System.Power.Cap.Btuhr

•

System.Power.Cap.Percent

For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Configuring power cap policy using iDRAC settings utility
To view and configure power policies:
1

In iDRAC Settings utility, go to Power Configuration.
NOTE: The Power Configuration link is available only if the server power supply unit supports power
monitoring.

186

Monitoring and managing power

The iDRAC Settings Power Configuration page is displayed.
2

Select Enabled to enable the Power Cap Policy Else, select Disabled.

3

Use the recommended settings, or under User Defined Power Cap Policy, enter the required limits.
For more information about the options, see the iDRAC Settings Utility Online Help.

4

Click Back, click Finish, and then click Yes.
The power cap values are configured.

Configuring power supply options
You can configure the power supply options such as redundancy policy, hot spare, and power factor correction.
Hot spare is a power supply feature that configures redundant Power Supply Units (PSUs) to turn off depending on the server load. This
allows the remaining PSUs to operate at a higher load and efficiency. This requires PSUs that support this feature, so that it quickly powers
ON when needed.
In a two PSU system, either PSU1 or PSU2 can be configured as the primary PSU.
After Hot Spare is enabled, PSUs can become active or go to sleep based on load. If Hot Spare is enabled, asymmetric electrical current
sharing between the two PSUs is enabled. One PSU is awake and provides the majority of the current; the other PSU is in sleep mode and
provides a small amount of the current. This is often called 1 + 0 with two PSUs and hot spare enabled. If all PSU-1s are on Circuit-A and all
PSU-2s are on Circuit-B, then with hot spare enabled (default hot spare factory configuration), Circuit-B has much less load and triggers
the warnings. If hot spare is disabled, the electrical current sharing is 50-50 between the two PSUs, the Circuit-A and Circuit-B normally
has the same load.
Power factor is the ratio of real power consumed to the apparent power. When power factor correction is enabled, the server consumes a
small amount of power when the host is OFF. By default, power factor correction is enabled when the server is shipped from the factory.

Configuring power supply options using web interface
To configure the power supply options:
1

In iDRAC Web interface, go to Configuration > Power Management > Power Configuration.

2

Under Power Redundancy Policy, select the required options. For more information, see iDRAC Online Help.

3

Click Apply. The power supply options are configured.

Configuring power supply options using RACADM
To configure the power supply options, use the following objects with the set command:
•

System.Power.RedundancyPolicy

•

System.Power.Hotspare.Enable

•

System.Power.Hotspare.PrimaryPSU

•

System.Power.PFC.Enable

For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Configuring power supply options using iDRAC settings utility
To configure the power supply options:
1

In iDRAC Settings utility, go to Power Configuration.

Monitoring and managing power

187

NOTE: The Power Configuration link is available only if the server power supply unit supports power
monitoring.
The iDRAC Settings Power Configuration page is displayed.
2

3

Under Power Supply Options:
•

Enable or disable power supply redundancy.

•

Enable or disable hot spare.

•

Set the primary power supply unit.

• Enable or disable power factor correction. For more information about the options, see the iDRAC Settings Utility Online Help.
Click Back, click Finish, and then click Yes.
The power supply options are configured.

Enabling or disabling power button
To enable or disable the power button on the managed system:
1

In iDRAC Settings utility, go to Front Panel Security.
The iDRAC Settings Front Panel Security page is displayed.

2

Select Enabled to enable the power button or Disabled to disable it.

3

Click Back, click Finish, and then click Yes.
The settings are saved.

Multi-Vector Cooling
Multi-Vector Cooling implements multi-prong approach to Thermal Controls in Dell EMC Server Platforms. It includes (but not limited to):
•

Large set of sensors (thermal, power, inventory etc.) that allows accurate interpretation of real-time system thermal state at various
locations within the server. It displays only a small subset of sensors that are relevant to users need based on the configuration.

•

Intelligent and adaptive closed loop control algorithm optimizes fan response to maintain component temperatures. It also conserves fan
power, airflow consumption, and acoustics.

•

Using fan zone mapping, cooling can be initiated for the components when it requires. Thus, it results maximum performance without
compromising the efficiency of power utilization.

•

Accurate representation of slot by slot PCIe airflow in terms of LFM metric (Linear Feet per Minute - an accepted industry standard on
how PCIe card airflow requirement is specified). Display of this metric in various iDRAC interfaces allows user to:
a

know the maximum LFM capability of each slot within the server.

b

know what approach is being taken for PCIe cooling for each slot (airflow controlled, temperature controlled).

c

know the minimum LFM being delivered to a slot, if the card is a 3rd Party Card (user defined custom card).

d

dial in custom minimum LFM value for the 3rd Party Card allowing more accurate definition of the card cooling needs for which
the user is better aware of through their custom card specification.

•

Displays real-time system airflow metric (CFM, cubic feet per minute) in various iDRAC interfaces to the user to enable datacenter
airflow balancing based on aggregation of per server CFM consumption.

•

Allows custom thermal settings like Thermal Profiles (Maximum Performance vs. Maximum Performance per Watt, Sound Cap), custom
fan speed options (minimum fan speed, fan speed offsets) and custom Exhaust Temperature settings.
a

Most of these settings allow additional cooling over the baseline cooling generated by thermal algorithms and do not allow fan
speeds to go below system cooling requirements.
NOTE: One exception to above statement is for fan speeds that are added for 3rd Party PCIe cards. The thermal
algorithm provision airflow for 3rd party cards may be more or less than the actual card cooling needs and customer may
fine tune the response for the card by entering the LFM corresponding to the 3rd Party Card.

b

Custom Exhaust Temperature option limits exhaust temperature to customer desired settings.
NOTE: It is important to note that with certain configurations and workloads, it may not be physically possible to reduce
exhaust below a desired set point (e.g. Custom exhaust setting of 45C with a high inlet temp {e.g. 30C} and a loaded
config {high system power consumption, low airflow}).

c

188

Sound Cap option is new in the 14th generation of PowerEdge server. It limits CPU power consumption and controls fan speed
and acoustical ceiling. This is unique for acoustical deployments and may result in reduced system performance.
Monitoring and managing power

•

System layout and design enables increased airflow capability (by allowing high power) and dense system configurations. It provides
less system restrictions and increased feature density.
a

•

Custom fans are designed for higher efficiency, better performance, longer life and less vibration. It also delivers better acoustics
outcome.
a

•

Streamlined airflow permits efficient airflow to fan power consumption ratio.

Fans are capable of long life (in general it may run for more than 5 years), even if it runs at full speed all the time.

Custom heat-sinks are designed for optimize component cooling at minimum (required) airflow yet supports high performance CPUs.

Monitoring and managing power

189

14
Inventorying, monitoring, and configuring
network devices
You can inventory, monitor, and configure the following network devices:
•

Network Interface Cards (NICs)

•

Converged Network Adapters (CNAs)

•

LAN On Motherboards (LOMs)

•

Network Daughter Cards (NDCs)

•

Mezzanine cards (only for blade servers)

Before you disable NPAR or an individual partition on CNA devices, ensure that you clear all I/O identity attributes (Example: IP address,
virtual addresses, initiator, and storage targets) and partition-level attributes (Example: Bandwidth allocation). You can disable a partition
either by changing the VirtualizationMode attribute setting to NPAR or by disabling all personalities on a partition.
Depending on the type of installed CNA device, the settings of partition attributes may not be retained from the last time the partition was
active. Set all I/O identity attributes and partition-related attributes when enabling a partition. You can enable a partition by either changing
the VirtualizationMode attribute setting to NPAR or by enabling a personality (Example: NicMode) on the partition.

Topics:
•

Inventorying and monitoring network devices

•

Inventorying and monitoring FC HBA devices

•

Dynamic configuration of virtual addresses, initiator, and storage target settings

Inventorying and monitoring network devices
You can remotely monitor the health and view the inventory of the network devices in the managed system.
For each device, you can view the following information of the ports and enabled partitions:
•

Link Status

•

Properties

•

Settings and Capabilities

•

Receive and Transmit Statistics

•

iSCSI, FCoE initiator, and target information

Monitoring network devices using web interface
To view the network device information using Web interface, go to System > Overview > Network Devices. The Network Devices page is
displayed. For more information about the displayed properties, see iDRAC Online Help.

Monitoring network devices using RACADM
To view information about network devices, use the hwinventory and nicstatistics commands.
190

Inventorying, monitoring, and configuring network devices

For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
Additional properties may be displayed when using RACADM or WSMan in addition to the properties displayed in the iDRAC web interface.

Connection View
Manually checking and troubleshooting the servers’ networking connections is unmanageable in a datacenter environment. iDRAC9
streamlines the job with iDRAC Connection View. This feature allows you to remotely check and troubleshoot network connections from
the same centralized GUI that you are using for deploying, updating, monitoring, and maintaining the servers. Connection View in iDRAC9
provide details of the physical mapping of switch ports to server’s network ports and iDRAC (integrated Dell Remote Access Controller)
dedicated port connections. All supported network cards are visible in Connection View, irrespective of the brand.
Instead of manually checking and troubleshooting the server's networking connections, you can view and manage network cable
connections remotely.
The Connection View provides the information of the switch ports which are connected to the server ports, and iDRAC dedicated port.
The server network ports include those on PowerEdge LOM, NDC, Mezz cards, and PCIe add-in cards.
To View network devices connection view, navigate to System > Network Device > Network Device FQDD > Ports and Partitioned
ports .
You can click iDRAC Settings > Overview > Connection View to view the Connection View.
Also, you can click iDRAC Settings > Connectivity > Common Settings > Switch Connection View to enable or disable the connection
view.
Connection View can be explored with racadm SwitchConnection View command and it can also be viewed with winrm command.

Field or Option

Description

Enabled

Select Enabled, to enable Connection View. By default the Enabled option is selected.

State

Displays Enabled, if you enable the connection view option from the Connection View from iDRAC settings.

Switch Connection
ID

Displays the LLDP chassis ID of the switch through which the device port is connected.

Switch Port
Connection ID

Displays the LLDP port ID of the switch port to which the device port is connected.

NOTE: Switch Connection ID and Switch Port Connection ID are available once the Connection View is enabled and the Link is
connected. The associated network card needs to be compatible with the Connection View. Only users with iDRAC Configure
privilege can modify the Connection View settings.

Refresh Connection View
Use Refresh Connection View to get the latest information of Switch Connection ID and Switch Port Connection ID.
NOTE: If iDRAC has switch connection and switch port connection information for server network port or iDRAC network port
and due to some reason, the switch connection and switch port connection information is not refreshed for 5min, then the
switch connection and switch port connection information is shown as stale (last known good data) data for all user interfaces.
In the UI, you see yellow bang which is a natural representation and it does not indicate any warning.

Inventorying, monitoring, and configuring network devices

191

Connection View Possible Values
Possible
Description
Connection View
Data
Feature Disabled

Connection view feature is disabled, to view the connection view data enable the feature.

No Link

Indicates that the link associated with network controller port is down.

Not Available

LLDP is not enabled on the switch. Check whether LLDP is enabled on the switch port.

Not Supported

Network controller does not support Connection view feature.

Stale Data

Last known good data, either the Network controller port link is down or the system is powered off. Use the
refresh option to refresh the connection view details to get the latest data.

Valid Data

Displays the Valid Switch Connection ID and the Switch Port Connection ID information.

Connection View Supported Network Controllers
Following cards or controllers support Connection View feature.

Manufacturer
Broadcom

Intel

Mellanox

QLogic

192

Type
•

57414 rNDC 25GE

•

57416/5720 rNDC 10GbE

•

57412/5720 rNDC 10GbE

•

57414 PCIe FH/LP 25GE

•

57412 PCIe FH/LP 10GbE

•

57416 PCIe FH/LP 10GbE

•

X710 bNDC 10Gb

•

X710 DP PCIe 10Gb

•

X710 QP PCIe 10Gb

•

X710 + I350 rNDC 10Gb+1Gb

•

X710 rNDC 10Gb

•

X710 bNDC 10Gb

•

XL710 PCIe 40Gb

•

XL710 OCP Mezz 10Gb

•

X710 PCIe 10Gb

•

MT27710 rNDC 40Gb

•

MT27710 PCIe 40Gb

•

MT27700 PCIe 100Gb

•

QL41162 PCIe 10GE 2P

•

QL41112 PCIe 10GE 2P

•

QL41262 PCIe 25GE 2P

Inventorying, monitoring, and configuring network devices

Inventorying and monitoring FC HBA devices
You can remotely monitor the health and view the inventory of the Fibre Channel Host Bus Adapters (FC HBA) devices in the managed
system. The Emulex and QLogic FC HBAs are supported. For each FC HBA device, you can view the following information for the ports:
•

Link Status and Information

•

Port Properties

•

Receive and Transmit Statistics
NOTE: Emulex FC8 HBAs are not supported.

Monitoring FC HBA devices using web interface
To view the FC HBA device information using Web interface, go to System > Overview > Network Devices > Fibre Channel. For more
information about the displayed properties, see iDRAC Online Help.
The page name also displays the slot number where the FC HBA device is available and the type of FC HBA device.

Monitoring FC HBA devices using RACADM
To view the FC HBA device information using RACADM, use the hwinventory command.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.

Dynamic configuration of virtual addresses, initiator,
and storage target settings
You can dynamically view and configure the virtual address, initiator and storage target settings, and apply a persistence policy. It allows the
application to apply the settings based on power state changes (that is, operating system restart, warm reset, cold reset, or AC cycle) and
also based on persistence policy setting for that power state. This provides more flexibility in deployments that need rapid re-configuration
of system workloads to another system.
The virtual addresses are:
•

Virtual MAC Address

•

Virtual iSCSI MAC Address

•

Virtual FIP MAC Address

•

Virtual WWN

•

Virtual WWPN
NOTE: When you clear the persistence policy, all the virtual addresses are reset to the default permanent address set at the
factory.
NOTE: Some cards with the virtual FIP, virtual WWN, and virtual WWPN MAC attributes, the virtual WWN and virtual WWPN
MAC attributes are automatically configured when you configure virtual FIP.

Using the IO Identity feature, you can:
•

View and configure the virtual addresses for network and fibre channel devices (for example, NIC, CNA, FC HBA).

•

Configure the initiator (for iSCSI and FCoE) and storage target settings (for iSCSI, FCoE, and FC).

•

Specify persistence or clearance of the configured values over a system AC power loss, cold, and warm system resets.

Inventorying, monitoring, and configuring network devices

193

The values configured for virtual addresses, initiator and storage targets may change based on the way the main power is handled during
system reset and whether the NIC, CNA, or FC HBA device has auxiliary power. The persistence of IO identity settings can be achieved
based on the policy setting made using iDRAC.
Only if the I/O identity feature is enabled, the persistence policies take effect. Each time the system resets or powers on, the values are
persisted or cleared based on the policy settings.
NOTE: After the values are cleared, you cannot re-apply the values before running the configuration job.

Supported cards for IO Identity Optimization
The following table provides the cards that support the I/O Identity Optimization feature.
Table 42. Supported cards for I/O Identity Optimization
Manufacturer

Type

Broadcom

•
•
•
•
•

5719 Mezz 1GB
5720 PCIe 1 GB
5720 bNDC 1 GB
5720 rNDC 1 GB
57414 PCIe 25GbE

Intel

•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•

i350 DP FH PCIe 1GB
i350 QP PCIe 1GB
i350 QP rNDC 1GB
i350 Mezz 1GB
i350 bNDC 1GB
x520 PCIe 10GB
x520 bNDC 10GB
x520 Mezz 10GB
x520 + i350 rNDC 10GB+1GB
X710 bNDC 10GB
X710 QP bNDC 10GB
X710 PCIe 10 GB
X710 + I350 rNDC 10GB+1GB
X710 rNDC 10GB
XL710 QSFP DP LP PCIe 40GE
XL710 QSFP DP FH PCIe 40GE
X550 DP BT PCIe 2 x 10 Gb
X550 DP BT LP PCIe 2 x 10 Gb

Mellanox

•
•
•
•

ConnectX-3 Pro 10G Mezz 10GB
ConnectX-4 LX 25GE SFP DP rNDC 25GB
ConnectX-4 LX 25GE DP FH PCIe 25GB
ConnectX-4 LX 25GE DP LP PCIe 25GB

Qlogic

•
•
•
•
•
•

57810 PCIe 10GB
57810 bNDC 10GB
57810 Mezz 10GB
57800 rNDC 10GB+1GB
57840 rNDC 10GB
57840 bNDC 10GB

194

Inventorying, monitoring, and configuring network devices

Manufacturer

Type

Emulex

•
•
•
•
•
•
•
•

QME2662 Mezz FC16
QLE 2692 SP FC16 Gen 6 HBA FH PCIe FC16
SP FC16 Gen 6 HBA LP PCIe FC16
QLE 2690 DP FC16 Gen 6 HBA FH PCIe FC16
DP FC16 Gen 6 HBA LP PCIe FC16
QLE 2742 DP FC32 Gen 6 HBA FH PCIe FC32
DP FC32 Gen 6 HBA LP PCIe FC32
QLE2740 PCIe FC32

•
•
•
•
•
•
•
•

LPe15002B-M8 (FH) PCIe FC8
LPe15002B-M8 (LP) PCIe FC8
LPe15000B-M8 (FH) PCIe FC8
LPe15000B-M8 (LP) PCIe FC8
LPe31000-M6-SP PCIe FC16
LPe31002-M6-D DP PCIe FC16
LPe32000-M2-D SP PCIe FC32
LPe32002-M2-D DP PCIe FC32

Supported NIC firmware versions for IO Identity Optimization
In 14th generation Dell PowerEdge servers, the required NIC firmware is available by default.
The following table provides the NIC firmware versions for the I/O identity optimization feature.

Virtual or Flex Address and Persistence Policy behavior when
iDRAC is set to Flex Address mode or Console mode
The following table describes the Virtual Address Management (VAM) configuration and Persistence Policy behavior, and the
dependencies.
Table 43. Virtual/Flex Address and Persistence Policy behavior
Flex Address
Feature State in
CMC

Mode set in iDRAC

IO Identity Feature
State in iDRAC

SCP

Persistence Policy

Clear Persistence
Policy — Virtual
Address

Flex Address enabled FlexAddress Mode

Enabled

Virtual address
management (VAM)
configured

Configured VAM
persists

Set to Flex Address

Flex Address enabled FlexAddress Mode

Enabled

VAM not configured

Set to Flex Address

No persistence — Is
set to Flex Address

Flex Address enabled Flex Address Mode

Disabled

Configured using the Set to Flex Address
path provided in
for that cycle
Lifecycle Controller

No persistence — Is
set to Flex Address

Flex Address enabled Flex Address Mode

Disabled

VAM not configured

Set to Flex Address

Set to Flex Address

Flex Address disabled Flex Address Mode

Enabled

VAM configured

Configured VAM
persists

Persistence only —
clear is not possible

Inventorying, monitoring, and configuring network devices

195

Flex Address
Feature State in
CMC

Mode set in iDRAC

IO Identity Feature
State in iDRAC

SCP

Persistence Policy

Clear Persistence
Policy — Virtual
Address

Flex Address disabled Flex Address Mode

Enabled

VAM not configured

Set to hardware
MAC address

No persistence
supported. Depends
on card behavior

Flex Address disabled Flex Address Mode

Disabled

Configured using the Lifecycle Controller
No persistence
path provided in
configuration persists supported. Depends
Lifecycle Controller
for that cycle
on card behavior

Flex Address disabled Flex Address Mode

Disabled

VAM not configured

Set to hardware
MAC address

Set to hardware
MAC address

Flex Address enabled Console Mode

Enabled

VAM configured

Configured VAM
persists

Both persistence and
clear must work

Flex Address enabled Console Mode

Enabled

VAM not configured

Set to hardware
MAC address

Set to hardware
MAC address

Flex Address enabled Console Mode

Disabled

Configured using the Lifecycle Controller
No persistence
path provided in
configuration persists supported. Depends
Lifecycle Controller
for that cycle
on card behavior

Flex Address disabled Console Mode

Enabled

VAM configured

Configured VAM
persists

Both persistence and
clear must work

Flex Address disabled Console Mode

Enabled

VAM not configured

Set to hardware
MAC address

Set to hardware
MAC address

Flex Address disabled Console Mode

Disabled

Configured using the Lifecycle Controller
No persistence
path provided in
configuration persists supported. Depends
Lifecycle Controller
for that cycle
on card behavior

Flex Address enabled Console Mode

Disabled

VAM not configured

Set to hardware
MAC address

Set to hardware
MAC address

System behavior for FlexAddress and IO Identity
Table 44. System behavior for FlexAddress and I/O Identity
Type
Server with FAequivalent
Persistence

Server with VAM
Persistence Policy
Feature

196

FlexAddress Feature
State in CMC

IO Identity Feature
State in iDRAC

Enabled

Disabled

N/A, Enabled, or
Disabled

Enabled

Disabled

Disabled

Enabled

Disabled

Enabled

Enabled

Inventorying, monitoring, and configuring network devices

Availability of
Remote Agent VA
for the Reboot
Cycle

VA Programming
Source
FlexAddress from
CMC

Reboot Cycle VA
Persistence
Behavior
Per FlexAddress spec

Yes - New or
Persisted

Remote Agent Virtual Per FlexAddress spec
Address

No

Virtual Address
Cleared

FlexAddress from
CMC
Yes — New or
Persisted

Per FlexAddress spec

Remote Agent Virtual Per Remote Agent
Address
Policy Setting

Type

FlexAddress Feature
State in CMC

Disabled

Disabled

Availability of
Remote Agent VA
for the Reboot
Cycle

IO Identity Feature
State in iDRAC

Enabled

VA Programming
Source

Reboot Cycle VA
Persistence
Behavior

No

FlexAddress from
CMC

Per FlexAddress spec

Yes — New or
Persisted

Remote Agent Virtual Per Remote Agent
Address
Policy Setting

No

Virtual Address
Cleared

Disabled

Enabling or disabling IO Identity Optimization
Normally, after the system boots, the devices are configured and then after a reboot the devices are initialized. You can enable the I/O
Identity Optimization feature to achieve boot optimization. If it is enabled, it sets the virtual address, initiator, and storage target attributes
after the device is reset and before it is initialized, thus eliminating a second BIOS restart. The device configuration and boot operation
occur in a single system start and is optimized for boot time performance.
Before enabling I/O identity optimization, make sure that:
•

You have the Login, Configure, and System Control privileges.

•

BIOS, iDRAC, and network cards are updated to the latest firmware.

After enabling I/O Identity Optimization feature, export the Server Configuration Profile file from iDRAC, modify the required I/O Identity
attributes in the SCP file, and import the file back to iDRAC.
For the list of I/O Identity Optimization attributes that you can modify in the SCP file, see the NIC Profile document available at
delltechcenter.com/idrac.
NOTE: Do not modify non I/O Identity Optimization attributes.

Enabling or disabling IO Identity Optimization using web interface
To enable or disable I/O Identity Optimization:
1

In the iDRAC Web interface, go to Configuration > System Settings > Hardware Settings > I/O Identity Optimization.
The I/O Identity Optimization page is displayed.

2

Click the I/O Identity Optimization tab, select the Enable option to enable this feature. To disable, clear this option.

3

Click Apply to apply the setting.

Enabling or disabling IO Identity Optimization using RACADM
To enable I/O Identity Optimization, use the command:
racadm set idrac.ioidopt.IOIDOptEnable Enabled
After enabling this feature, you must restart the system for the settings to take effect.
To disable I/O Identity Optimization, use the command:
racadm set idrac.ioidopt.IOIDOptEnable Disabled

Inventorying, monitoring, and configuring network devices

197

To view the I/O Identity Optimization setting, use the command:
racadm get iDRAC.IOIDOpt

Configuring persistence policy settings
Using IO identity, you can configure policies specifying the system reset and power cycle behaviors that determine the persistence or
clearance of the virtual address, initiator, and storage target settings. Each individual persistence policy attribute applies to all ports and
partitions of all applicable devices in the system. The device behavior changes between auxiliary powered devices and non-auxiliary
powered devices.
NOTE: The Persistence Policy feature may not work when set to default, if the VirtualAddressManagement attribute is set to
FlexAddress mode on iDRAC and if the FlexAddress feature is disabled in CMC. Ensure that you set the
VirtualAddressManagement attribute to Console mode in iDRAC or enable the FlexAddress feature in CMC.
You can configure the following persistence policies:
•

Virtual Address: Auxiliary powered devices

•

Virtual Address: Non-Auxiliary powered devices

•

Initiator

•

Storage target

Before applying the persistence policy, make sure to:
•

Inventory the network hardware at least once, that is, enabled Collect System Inventory On Restart.

•

Enable I/O Identity Optimization.

Events are logged to the Lifecycle Controller log when:
•

I/O Identity Optimization is enabled or disabled.

•

Persistence policy is changed.

•

Virtual address, initiator and target values are set based on the policy. A single log entry is logged for the configured devices and the
values that are set for those devices when the policy is applied.

Event actions are enabled for SNMP, email, or WS-eventing notifications. Logs are also included in the remote syslogs.

Default values for persistence policy
Table 45. Default values for persistence policy
Persistence Policy

AC Power Loss

Cold Boot

Warm Boot

Virtual Address: Auxiliary
Powered Devices

Not selected

Selected

Selected

Virtual Address: Non-Auxiliary
Powered Devices

Not selected

Not selected

Selected

Initiator

Selected

Selected

Selected

Storage Target

Selected

Selected

Selected

NOTE: When a persistent policy is disabled and when you perform the action to lose the virtual address, re-enabling the
persistent policy does not retrieve the virtual address. You must set the virtual address again after you enable the persistent
policy.

198

Inventorying, monitoring, and configuring network devices

NOTE: If there is a persistence policy in effect and the virtual addresses, initiator, or storage targets are set on a CNA-device
partition, do not reset or clear the values configured for virtual addresses, initiator, and storage targets before changing the
VirtualizationMode or the personality of the partition. The action is performed automatically when you disable the persistence
policy. You can also use a configuration job to explicitly set the virtual address attributes to 0s and the initiator and storage
targets values as defined in iSCSI initiator and storage target default values.

Configuring persistence policy settings using iDRAC web interface
To configure the persistence policy:
1

In the iDRAC Web interface, go to Configuration > System Settings > I/O Identity Optimization.

2

Click I/O Identity Optimization tab.

3

In the Persistence Policy section, select one or more of the following for each persistence policy:

4

•

Warm Reset - The virtual address or target settings persist when warm reset condition occurs.

•

Cold Reset - The virtual address or target settings persist when cold reset conditions occur.

• AC Power Loss - The virtual address or target settings persist when AC power loss conditions occur.
Click Apply.
The persistence policies are configured.

Configuring persistence policy settings using RACADM
To set persistence policy, use the following racadm object with the set sub command:
•

For virtual addresses, use iDRAC.IOIDOpt.VirtualAddressPersistencePolicyAuxPwrd and
iDRAC.IOIDOpt.VirtualAddressPersistencePolicyNonAuxPwrd objects

•

For initiator, use iDRAC.IOIDOPT.InitiatorPersistencePolicy object

•

For storage targets, use iDRAC.IOIDOpt.StorageTargetPersistencePolicy object

For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/esmmanuals.

iSCSI initiator and storage target default values
The following tables provide the list of default values for iSCSI initiator and storage targets when the persistence policies are cleared.
Table 46. iSCSI initiator —default values
iSCSI Initiator

Default Values in IPv4 mode

Default Values in IPv6 mode

IscsiInitiatorIpAddr

0.0.0.0

::

IscsiInitiatorIpv4Addr

0.0.0.0

0.0.0.0

IscsiInitiatorIpv6Addr

::

::

IscsiInitiatorSubnet

0.0.0.0

0.0.0.0

IscsiInitiatorSubnetPrefix

0

0

IscsiInitiatorGateway

0.0.0.0

::

IscsiInitiatorIpv4Gateway

0.0.0.0

0.0.0.0

IscsiInitiatorIpv6Gateway

::

::

Inventorying, monitoring, and configuring network devices

199

iSCSI Initiator

Default Values in IPv4 mode

Default Values in IPv6 mode

IscsiInitiatorPrimDns

0.0.0.0

::

IscsiInitiatorIpv4PrimDns

0.0.0.0

0.0.0.0

IscsiInitiatorIpv6PrimDns

::

::

IscsiInitiatorSecDns

0.0.0.0

::

IscsiInitiatorIpv4SecDns

0.0.0.0

0.0.0.0

IscsiInitiatorIpv6SecDns

::

::

IscsiInitiatorName

Value Cleared

Value Cleared

IscsiInitiatorChapId

Value Cleared

Value Cleared

IscsiInitiatorChapPwd

Value Cleared

Value Cleared

IPVer

Ipv4

Table 47. ISCSI storage target attributes — default values
iSCSI Storage Target Attributes

Default Values in IPv4 mode

Default Values in IPv6 mode

ConnectFirstTgt

Disabled

Disabled

FirstTgtIpAddress

0.0.0.0

::

FirstTgtTcpPort

3260

3260

FirstTgtBootLun

0

0

FirstTgtIscsiName

Value Cleared

Value Cleared

FirstTgtChapId

Value Cleared

Value Cleared

FirstTgtChapPwd

Value Cleared

Value Cleared

FirstTgtIpVer

Ipv4

ConnectSecondTgt

Disabled

Disabled

SecondTgtIpAddress

0.0.0.0

::

SecondTgtTcpPort

3260

3260

SecondTgtBootLun

0

0

SecondTgtIscsiName

Value Cleared

Value Cleared

SecondTgtChapId

Value Cleared

Value Cleared

SecondTgtChapPwd

Value Cleared

Value Cleared

SecondTgtIpVer

Ipv4

200

Inventorying, monitoring, and configuring network devices

15
Managing storage devices
Starting with iDRAC 3.15.15.15 release, iDRAC supports Boot Optimized Storage Solution (BOSS) controller in the 14th generation of
PowerEdge servers. BOSS controllers are designed specifically for booting the operating system of the server. These controllers support
limited RAID features and the configuration is staged.
NOTE: BOSS controllers support only RAID level1.
iDRAC has expanded its agent-free management to include direct configuration of the PERC controllers. It enables you to remotely
configure the storage components attached to your system at run-time. These components include RAID and non-RAID controllers and the
channels, ports, enclosures, and disks attached to them. For the 14th generation of PowerEdge servers, PERC 9 and PERC 10 controllers
are supported.
The complete storage subsystem discovery, topology, health monitoring, and configuration are accomplished in the Comprehensive
Embedded Management (CEM) framework by interfacing with the internal and external PERC controllers through the MCTP protocol over
I2C interface. For real-time configuration, CEM supports PERC9 controllers and above. The firmware version for PERC9 controllers must
be 9.1 or later.
NOTE: The S140 or Software RAID (SWRAID) is not supported by CEM and thus is not supported in the iDRAC GUI. SWRAID
can be managed using the WSMan API and RACADM.
Using iDRAC, you can perform most of the functions that are available in OpenManage Storage Management including real-time (no
reboot) configuration commands (for example, create virtual disk). You can completely configure RAID before installing the operating
system.
You can configure and manage the controller functions without accessing the BIOS. These functions include configuring virtual disks and
applying RAID levels and hot spares for data protection. You can initiate many other controller functions such as rebuilds and
troubleshooting. You can protect your data by configuring data-redundancy or assigning hot spares.
The storage devices are:
•

Controllers — Most operating systems do not read and write data directly from the disks, but instead send read and write instructions
to a controller. The controller is the hardware in your system that interacts directly with the disks to write and retrieve data. A controller
has connectors (channels or ports) which are attached to one or more physical disks or an enclosure containing physical disks. RAID
controllers can span the boundaries of the disks to create an extended amount of storage space— or a virtual disk — using the
capacity of more than one disk. Controllers also perform other tasks, such as initiating rebuilds, initializing disks, and more. To complete
their tasks, controllers require special software known as firmware and drivers. In order to function properly, the controller must have
the minimum required version of the firmware and the drivers installed. Different controllers have different characteristics in the way
they read and write data and execute tasks. It is helpful to understand these features to most efficiently manage the storage.

•

Physical disks or physical devices — Reside within an enclosure or are attached to the controller. On a RAID controller, physical disks or
devices are used to create virtual disks.

•

Virtual disk — It is storage created by a RAID controller from one or more physical disks. Although a virtual disk may be created from
several physical disks, it is viewed by the operating system as a single disk. Depending on the RAID level used, the virtual disk may retain
redundant data if there is a disk failure or have particular performance attributes. Virtual disks can only be created on a RAID controller.

•

Enclosure — It is attached to the system externally while the backplane and its physical disks are internal.

•

Backplane — It is similar to an enclosure. In a Backplane, the controller connector and physical disks are attached to the enclosure, but
it does not have the management features (temperature probes, alarms, and so on) associated with external enclosures. Physical disks
can be contained in an enclosure or attached to the backplane of a system.

In addition to managing the physical disks contained in the enclosure, you can monitor the status of the fans, power supply, and
temperature probes in an enclosure. You can hot-plug enclosures. Hot-plugging is defined as adding of a component to a system while the
operating system is still running.

Managing storage devices

201

The physical devices connected to the controller must have the latest firmware. For the latest supported firmware, contact your service
provider.
Storage events from PERC are mapped to SNMP traps and WSMan events as applicable. Any changes to the storage configurations are
logged in the Lifecycle Log.
Table 48. PERC capability
PERC Capability

CEM configuration Capable Controller
(PERC 9.1 or later)

Real-time

NOTE: For the 14th generation of
PowerEdge servers, PERC 9 and
PERC 10 controllers are supported.
If there is no existing pending or scheduled
jobs for the controller, then configuration is
applied.
If there are pending or scheduled jobs for
that controller, then the jobs have to be
cleared or you must wait for the jobs to be
completed before applying the configuration
at run-time. Run-time or real-time means, a
reboot is not required.

Staged

If all the set operations are staged, the
configuration is staged and applied after
reboot or it is applied at real-time.

CEM configuration Non-capable Controller
(PERC 9.0 and lower)
Configuration is applied. An error message is
displayed. Job creation is not successful and
you cannot create real-time jobs using Web
interface.

Configuration is applied after reboot

Topics:
•

Understanding RAID concepts

•

Supported controllers

•

Supported enclosures

•

Summary of supported features for storage devices

•

Inventorying and monitoring storage devices

•

Viewing storage device topology

•

Managing physical disks

•

Managing virtual disks

•

Managing controllers

•

Managing PCIe SSDs

•

Managing enclosures or backplanes

•

Choosing operation mode to apply settings

•

Viewing and applying pending operations

•

Storage devices — apply operation scenarios

•

Blinking or unblinking component LEDs

Understanding RAID concepts
Storage Management uses the Redundant Array of Independent Disks (RAID) technology to provide Storage Management capability.
Understanding Storage Management requires an understanding of RAID concepts, as well as some familiarity with how the RAID controllers
and operating system view disk space on your system.

202

Managing storage devices

What is RAID
RAID is a technology for managing the storage of data on the physical disks that reside or are attached to the system. A key aspect of
RAID is the ability to span physical disks so that the combined storage capacity of multiple physical disks can be treated as a single,
extended disk space. Another key aspect of RAID is the ability to maintain redundant data which can be used to restore data in the event of
a disk failure. RAID uses different techniques, such as striping, mirroring, and parity, to store and reconstruct data. There are different RAID
levels that use different methods for storing and reconstructing data. The RAID levels have different characteristics in terms of read/write
performance, data protection, and storage capacity. Not all RAID levels maintain redundant data, which means for some RAID levels lost
data cannot be restored. The RAID level you choose depends on whether your priority is performance, protection, or storage capacity.
NOTE: The RAID Advisory Board (RAB) defines the specifications used to implement RAID. Although RAB defines the RAID
levels, commercial implementation of RAID levels by different vendors may vary from the actual RAID specifications. An
implementation of a particular vendor may affect the read and write performance and the degree of data redundancy.

Hardware and software RAID
RAID can be implemented with either hardware or software. A system using hardware RAID has a RAID controller that implements the RAID
levels and processes data reads and writes to the physical disks. When using software RAID provided by the operating system, the
operating system implements the RAID levels. For this reason, using software RAID by itself can slow the system performance. You can,
however, use software RAID along with hardware RAID volumes to provide better performance and variety in the configuration of RAID
volumes. For example, you can mirror a pair of hardware RAID 5 volumes across two RAID controllers to provide RAID controller
redundancy.

RAID concepts
RAID uses particular techniques for writing data to disks. These techniques enable RAID to provide data redundancy or better performance.
These techniques include:
•

Mirroring — Duplicating data from one physical disk to another physical disk. Mirroring provides data redundancy by maintaining two
copies of the same data on different physical disks. If one of the disks in the mirror fails, the system can continue to operate using the
unaffected disk. Both sides of the mirror contain the same data always. Either side of the mirror can act as the operational side. A
mirrored RAID disk group is comparable in performance to a RAID 5 disk group in read operations but faster in write operations.

•

Striping — Disk striping writes data across all physical disks in a virtual disk. Each stripe consists of consecutive virtual disk data
addresses that are mapped in fixed-size units to each physical disk in the virtual disk using a sequential pattern. For example, if the
virtual disk includes five physical disks, the stripe writes data to physical disks one through five without repeating any of the physical
disks. The amount of space consumed by a stripe is the same on each physical disk. The portion of a stripe that resides on a physical
disk is a stripe element. Striping by itself does not provide data redundancy. Striping in combination with parity does provide data
redundancy.

•

Stripe size — The total disk space consumed by a stripe not including a parity disk. For example, consider a stripe that contains 64KB
of disk space and has 16KB of data residing on each disk in the stripe. In this case, the stripe size is 64KB and the stripe element size is
16KB.

•

Stripe element — A stripe element is the portion of a stripe that resides on a single physical disk.

•

Stripe element size — The amount of disk space consumed by a stripe element. For example, consider a stripe that contains 64KB of
disk space and has 16KB of data residing on each disk in the stripe. In this case, the stripe element size is 16KB and the stripe size is
64KB.

•

Parity — Parity refers to redundant data that is maintained using an algorithm in combination with striping. When one of the striped
disks fails, the data can be reconstructed from the parity information using the algorithm.

•

Span — A span is a RAID technique used to combine storage space from groups of physical disks into a RAID 10, 50, or 60 virtual disk.

RAID levels
Each RAID level uses some combination of mirroring, striping, and parity to provide data redundancy or improved read and write
performance. For specific information on each RAID level, see Choosing raid levels.
Managing storage devices

203

Organizing data storage for availability and performance
RAID provides different methods or RAID levels for organizing the disk storage. Some RAID levels maintain redundant data so that you can
restore data after a disk failure. Different RAID levels also entail an increase or decrease in the I/O (read and write) performance of a
system.
Maintaining redundant data requires the use of additional physical disks. The possibility of a disk failure increases with an increase in the
number of disks. Since the differences in I/O performance and redundancy, one RAID level may be more appropriate than another based on
the applications in the operating environment and the nature of the data being stored.
When choosing a RAID level, the following performance and cost considerations apply:
•

Availability or fault-tolerance — Availability or fault-tolerance refers to the ability of a system to maintain operations and provide access
to data even when one of its components has failed. In RAID volumes, availability or fault-tolerance is achieved by maintaining
redundant data. Redundant data includes mirrors (duplicate data) and parity information (reconstructing data using an algorithm).

•

Performance — Read and write performance can be increased or decreased depending on the RAID level you choose. Some RAID
levels may be more appropriate for particular applications.

•

Cost efficiency — Maintaining the redundant data or parity information associated with RAID volumes requires additional disk space. In
situations where the data is temporary, easily reproduced, or non-essential, the increased cost of data redundancy may not be justified.

•

Mean Time Between Failure (MTBF) — Using additional disks to maintain data redundancy also increases the chance of disk failure at
any given moment. Although this option cannot be avoided in situations where redundant data is a requirement, it does have
implications on the workload of the system support staff within your organization.

•

Volume — Volume refers to a single disk non-RAID virtual disk. You can create volumes using external utilities like the O-ROM 
. Storage Management does not support the creation of volumes. However, you can view volumes and use drives from these
volumes for creation of new virtual disks or Online Capacity Expansion (OCE) of existing virtual disks, provided free space is available.

Choosing RAID levels
You can use RAID to control data storage on multiple disks. Each RAID level or concatenation has different performance and data
protection characteristics.
NOTE: The H3xx PERC controllers do not support RAID levels 6 and 60.
The following topics provide specific information on how each RAID level store data as well as their performance and protection
characteristics:
•

Raid level 0 (striping)

•

Raid level 1 (mirroring)

•

Raid level 5 (striping with distributed parity)

•

Raid level 6 (striping with additional distributed parity)

•

Raid level 50 (striping over raid 5 sets)

•

Raid level 60 (striping over raid 6 sets)

•

Raid level 10 (striping over mirror sets)

RAID level 0 - striping
RAID 0 uses data striping, which is writing data in equal-sized segments across the physical disks. RAID 0 does not provide data
redundancy.

204

Managing storage devices

RAID 0 characteristics:
•

Groups n disks as one large virtual disk with a capacity of (smallest disk size) *n disks.

•

Data is stored to the disks alternately.

•

No redundant data is stored. When a disk fails, the large virtual disk fails with no means of rebuilding the data.

•

Better read and write performance.

RAID level 1 - mirroring
RAID 1 is the simplest form of maintaining redundant data. In RAID 1, data is mirrored or duplicated on one or more physical disks. If a
physical disk fails, data can be rebuilt using the data from the other side of the mirror.

RAID 1 characteristics:
•

Groups n + n disks as one virtual disk with the capacity of n disks. The controllers currently supported by Storage Management allow
the selection of two disks when creating a RAID 1. Because these disks are mirrored, the total storage capacity is equal to one disk.

•

Data is replicated on both the disks.

Managing storage devices

205

•

When a disk fails, the virtual disk still works. The data is read from the mirror of the failed disk.

•

Better read performance, but slightly slower write performance.

•

Redundancy for protection of data.

•

RAID 1 is more expensive in terms of disk space since twice the number of disks are used than required to store the data without
redundancy.

RAID level 5 or striping with distributed parity
RAID 5 provides data redundancy by using data striping in combination with parity information. Rather than dedicating a physical disk to
parity, the parity information is striped across all physical disks in the disk group.

RAID 5 characteristics:
•

Groups n disks as one large virtual disk with a capacity of (n-1) disks.

•

Redundant information (parity) is alternately stored on all disks.

•

When a disk fails, the virtual disk still works, but it is operating in a degraded state. The data is reconstructed from the surviving disks.

•

Better read performance, but slower write performance.

•

Redundancy for protection of data.

RAID level 6-striping with additional distributed parity
RAID 6 provides data redundancy by using data striping in combination with parity information. Similar to RAID 5, the parity is distributed
within each stripe. RAID 6, however, uses an additional physical disk to maintain parity, such that each stripe in the disk group maintains
two disk blocks with parity information. The additional parity provides data protection in the event of two disk failures. In the following
image, the two sets of parity information are identified as P and Q.

206

Managing storage devices

RAID 6 characteristics:
•

Groups n disks as one large virtual disk with a capacity of (n-2) disks.

•

Redundant information (parity) is alternately stored on all disks.

•

The virtual disk remains functional with up to two disk failures. The data is reconstructed from the surviving disks.

•

Better read performance, but slower write performance.

•

Increased redundancy for protection of data.

•

Two disks per span are required for parity. RAID 6 is more expensive in terms of disk space.

RAID level 50 - striping over RAID 5 sets
RAID 50 is striping over more than one span of physical disks. For example, a RAID 5 disk group that is implemented with three physical
disks and then continues on with a disk group of three more physical disks would be a RAID 50.
It is possible to implement RAID 50 even when the hardware does not directly support it. In this case, you can implement more than one
RAID 5 virtual disks and then convert the RAID 5 disks to dynamic disks. You can then create a dynamic volume that is spanned across all
RAID 5 virtual disks.

Managing storage devices

207

RAID 50 characteristics:
•

Groups n*s disks as one large virtual disk with a capacity of s*(n-1) disks, where s is the number of spans and n is the number of disks
within each span.

•

Redundant information (parity) is alternately stored on all disks of each RAID 5 span.

•

Better read performance, but slower write performance.

•

Requires as much parity information as standard RAID 5.

•

Data is striped across all spans. RAID 50 is more expensive in terms of disk space.

RAID level 60 - striping over RAID 6 sets
RAID 60 is striping over more than one span of physical disks that are configured as a RAID 6. For example, a RAID 6 disk group that is
implemented with four physical disks and then continues on with a disk group of four more physical disks would be a RAID 60.

208

Managing storage devices

RAID 60 characteristics:
•

Groups n*s disks as one large virtual disk with a capacity of s*(n-2) disks, where s is the number of spans and n is the number of disks
within each span.

•

Redundant information (parity) is alternately stored on all disks of each RAID 6 span.

•

Better read performance, but slower write performance.

•

Increased redundancy provides greater data protection than a RAID 50.

•

Requires proportionally as much parity information as RAID 6.

•

Two disks per span are required for parity. RAID 60 is more expensive in terms of disk space.

RAID level 10 - striped with mirrors
The RAB considers RAID level 10 to be an implementation of RAID level 1. RAID 10 combines mirrored physical disks (RAID 1) with data
striping (RAID 0). With RAID 10, data is striped across multiple physical disks. The striped disk group is then mirrored onto another set of
physical disks. RAID 10 can be considered a mirror of stripes.

Managing storage devices

209

RAID 10 characteristics:
•

Groups n disks as one large virtual disk with a capacity of (n/2) disks, where n is an even integer.

•

Mirror images of the data are striped across sets of physical disks. This level provides redundancy through mirroring.

•

When a disk fails, the virtual disk still works. The data is read from the surviving mirrored disk.

•

Improved read performance and write performance.

•

Redundancy for protection of data.

Comparing RAID level performance
The following table compares the performance characteristics associated with the more common RAID levels. This table provides general
guidelines for choosing a RAID level. Evaluate your specific environment requirements before choosing a RAID level.
Table 49. RAID level performance comparison
RAID Level

Data Availability

Read
Performance

Write
Performance

Rebuild
Performance

Minimum Disks
Required

Suggested Uses

RAID 0

None

Very Good

Very Good

N/A

N

Noncritical data.

RAID 1

Excellent

Very Good

Good

Good

2N (N = 1)

Small databases,
database logs,
and critical
information.

RAID 5

Good

Sequential reads:
good.
Transactional
reads: Very good

Fair, unless using
writeback cache

Fair

N + 1 (N = at least Databases and
two disks)
other read
intensive
transactional
uses.

210

Managing storage devices

RAID Level

Data Availability

Read
Performance

Write
Performance

Rebuild
Performance

Minimum Disks
Required

Suggested Uses

RAID 10

Excellent

Very Good

Fair

Good

2N x X

Data intensive
environments
(large records).

RAID 50

Good

Very Good

Fair

Fair

N + 2 (N = at
least 4)

Medium sized
transactional or
data intensive
uses.

RAID 6

Excellent

Sequential reads:
good.
Transactional
reads: Very good

Fair, unless using
writeback cache

Poor

N + 2 (N = at
least two disks)

Critical
information.
Databases and
other read
intensive
transactional
uses.

RAID 60

Excellent

Very Good

Fair

Poor

X x (N + 2) (N =
at least 2)

Critical
information.
Medium sized
transactional or
data intensive
uses.

N = Number of physical disks
X = Number of RAID sets

Supported controllers
Supported RAID controllers
The iDRAC interfaces support the following BOSS controllers:
•

BOSS-S1 Adapter

•

BOSS-S1 Modular (for blade servers)

The iDRAC interfaces support the following PERC10 controllers:
•

PERC H740P Mini

•

PERC H740P Adapter

•

PERC H840 Adapter

The iDRAC interfaces support the following PERC9 controllers:
•

PERC H330 Mini

•

PERC H330 Adapter

•

PERC H730P Mini

•

PERC H730P Adapter

Supported non-RAID controllers
The iDRAC interface supports 12 Gbps SAS HBA external controller and HBA330 Mini or Adapter controllers.
Managing storage devices

211

Supported enclosures
iDRAC supports MD1400, and MD1420 enclosures.
NOTE: Redundant Array of Inexpensive Disks (RBODS) that are connected to HBA controllers are not supported.
NOTE: For iDRAC version 3.00.00.00, daisy chain of enclosures is not supported for H840. Only one enclosure per port is
allowed.

Summary of supported features for storage devices
The following tables provide the features supported by the storage devices through iDRAC.
NOTE: Features such as prepare to remove and blink or unblink component LED are not applicable for HHHL PCIe SSD cards.
Table 50. Supported features for storage controllers
Feature

PERC 10

PERC 9

H740P Mini H740P
Adapter

H840
Adapter

H330 Mini H330
Adapter

H730P
Mini

H730P
Adapter

FD33xS

Assign or unassign physical
disk as a global hot spare

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Convert to RAID/Non RAID,

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Rebuild

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Cancel Rebuild

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Create virtual disks

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Edit virtual disks cache
policies

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Check virtual disk
consistency

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Cancel check consistency

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Initialize virtual disks

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Cancel initialization

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Encrypt virtual disks

Real-time

Real-time

Real-time

Not
applicable

Not
applicable

Real-time

Real-time

Real-time

Assign or unassign dedicated Real-time
hot spare

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Delete virtual disks

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Cancel Background
Initialization

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Online Capacity Expansion

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

RAID Level Migration

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Discard Preserved Cache

Real-time

Real-time

Real-time

Not
applicable

Not
applicable

Real-time

Real-time

Real-time

Rename virtual disks

212

Managing storage devices

Feature

PERC 10

PERC 9

H740P Mini H740P
Adapter

H840
Adapter

H330 Mini H330
Adapter

H730P
Mini

H730P
Adapter

FD33xS

Set Patrol Read Mode

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Manual Patrol Read Mode

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Patrol Read Unconfigured
Areas

Real-time

Real-time

Real-time

Real-time
(only in
web
interface)

Real-time
(only in
web
interface)

Real-time
(only in
web
interface)

Real-time
(only in
web
interface)

Real-time
(only in
web
interface)

Check Consistency Mode

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Copyback Mode

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Load Balance Mode

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Check Consistency Rate

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Rebuild Rate

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

BGI Rate

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Reconstruct Rate

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Import foreign configuration

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Auto-import foreign
configuration

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Clear foreign configuration

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Reset controller
configuration

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Create or change security
keys

Real-time

Real-time

Real-time

Not
applicable

Not
applicable

Real-time

Real-time

Real-time

Inventory and remotely
monitor the health of PCIe
SSD devices

Not
applicable

Not
applicable

Not
applicable

Not
applicable

Not
applicable

Not
applicable

Not
Not
applicable applicable

Prepare the PCIe SSD to be
removed

Not
applicable

Not
applicable

Not
applicable

Not
applicable

Not
applicable

Not
applicable

Not
Not
applicable applicable

Securely erase the data for
PCIe SSD

Not
applicable

Not
applicable

Not
applicable

Not
applicable

Not
applicable

Not
applicable

Not
Not
applicable applicable

Configure Backplane mode
(split/unified)

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Blink or unblink component
LEDs

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Real-time

Switch controller mode

Not
applicable

Not
applicable

Not
applicable

Staged

Staged

Staged

Staged

Staged

T10PI support for Virtual
Disks

Not
applicable

Not
applicable

Not
applicable

Not
applicable

Not
applicable

Not
applicable

Not
Not
applicable applicable

NOTE: PERC 10 no longer supports convert drives to non-RAID, convert controller to HBA mode and RAID 10 uneven span
support.

Managing storage devices

213

Table 51. Supported features for storage devices
Feature

PCIe SSD

BOSS

Create virtual disks

Not applicable

Staged

Reset controller configuration

Not applicable

Staged

Fast Initialization

Not applicable

Staged

Delete virtual disks

Not applicable

Staged

Full Initialization

Not applicable

Not applicable

Inventory and remotely monitor the health of Real-time
PCIe SSD devices

Not applicable

Prepare the PCIe SSD to be removed

Real-time

Not applicable

Securely erase the data for PCIe SSD

Staged

Not applicable

Blink or unblink component LEDs

Real-time

Not applicable

Inventorying and monitoring storage devices
You can remotely monitor the health and view the inventory of the following Comprehensive Embedded Management (CEM) enabled
storage devices in the managed system using iDRAC web interface:
•
•
•
•
•

RAID controllers, non-RAID controllers, BOSS controllers and PCIe extenders
Enclosures that include Enclosure Management Modules (EMMs), power supply, fan probe, and temperature probe
Physical disks
Virtual disks
Batteries

The recent storage events and topology of storage devices are also displayed.
Alerts and SNMP traps are generated for storage events. The events are logged in the Lifecycle Log.
NOTE: For an accurate inventory of BOSS controllers, ensure that Collect System Inventory On Reboot Operation (CSIOR) is
completed. CSIOR is enabled by default.
NOTE: If you enumerate the enclosure view's WSMan command on a system while one PSU-cable is removed, the primary status
of the enclosure view is reported as Healthy instead of Warning.
NOTE: The storage health rollup follows the same convention of Dell EMC OpenManage product. For more information see the
Dell EMC OpenManage Server Administrator Users Guide available at dell.com/openmanagemanuals.
NOTE: Physical disks in system with multiple backplanes may be listed under a different backplane. Use the blink function to
identify the disks.

Monitoring storage devices using web interface
To view the storage device information using Web interface:
•
•
•
•
•

Go to Storage > Overview > Summary to view the summary of the storage components and the recently logged events. This page is
automatically refreshed every 30 seconds.
Go to Storage > Overview > Controllers to view the RAID controller information. The Controllers page is displayed.
Go to Storage > Overview > Physical Disks to view physical disk information. The Physical Disks page is displayed.
Go to Storage > Overview > Virtual Disks to view virtual disk information. The Virtual Disks page is displayed.
Go to Storage > Overview > Enclosures to view the enclosure information. The Enclosures page is displayed.

You can also use filters to view specific device information.

214

Managing storage devices

NOTE: The storage hardware list is not displayed in case the system does not have storage devices with CEM support.
NOTE: When NVMe SSDs are in RAID (behind S140) mode, web interface does not display NVMe SSD’s slot information in the
Enclosure page. Refer Physical Disks page for the details.
For more information on the displayed properties and to use the filter options, see iDRAC Online Help.

Monitoring storage devices using RACADM
To view the storage device information, use the storage command.
For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals.

Monitoring backplane using iDRAC settings utility
In the iDRAC Settings utility, go to System Summary. The iDRAC Settings.System Summary page is displayed. The Backplane Inventory
section displays the backplane information. For information about the fields, see the iDRAC Settings Utility Online Help.

Viewing storage device topology
You can view the hierarchical physical containment view of the key storage components, that is, a list of controllers, enclosures connected
to the controller and a link to the physical disk contained in each enclosure. The physical disks attached directly to the controller are also
displayed.
To view the storage device topology, go to Storage > Overview. The Overview page displays the hierarchical representation of the storage
components in the system. The available options are:
•

Controllers

•

Physical Disks

•

Virtual Disks

•

Enclosures

Click the links to view the respective component details.

Managing physical disks
You can perform the following for physical disks:
•

View physical disk properties.

•

Assign or unassign physical disk as a global hot-spare.

•

Convert to RAID capable disk.

•

Convert to non-RAID disk.

•

Blink or unblink the LED.

•

Rebuild physical disk

•

Cancel rebuild physical disk

•

Cryptographic erase

Assigning or unassigning physical disk as global hot spare
A global hot spare is an unused backup disk that is part of the disk group. Hot spares remain in standby mode. When a physical disk that is
used in a virtual disk fails, the assigned hot spare is activated to replace the failed physical disk without interrupting the system or requiring
your intervention. When a hot spare is activated, it rebuilds the data for all redundant virtual disks that were using the failed physical disk.

Managing storage devices

215

NOTE: From iDRAC v2.30.30.30 or later, you can add global hot spares when virtual disks are not created.
You can change the hot spare assignment by unassigning a disk and choosing another disk as needed. You can also assign more than one
physical disk as a global hot spare.
Global hot spares must be assigned and unassigned manually. They are not assigned to specific virtual disks. If you want to assign a hot
spare to a virtual disk (it replaces any physical disk that fails in the virtual disk), then see Assigning or unassigning dedicated hot spares.
When deleting virtual disks, all assigned global hot spares may be automatically unassigned when the last virtual disk associated with the
controller is deleted.
If you reset the configuration, the virtual disks are deleted and all the hot spares are unassigned.
You must be familiar with the size requirements and other considerations associated with hot spares.
Before assigning a physical disk as a global hot spare:
•

Make sure that Lifecycle Controller is enabled.

•

If there are no disk drives available in ready state, insert additional disk drives and make sure that the drives are in ready state.

•

If physical disks are in non-RAID mode convert them to RAID mode using iDRAC interfaces such as iDRAC web interface, RACADM,
Redfish or WSMan, or .
NOTE: During POST, you can press  to enter System Setup.  option is no longer supported for PERC 10, only
works with PERC 9.

If you have assigned a physical disk as a global hot spare in Add to Pending Operation mode, the pending operation is created but a job is
not created. Then, if you try to unassign the same disk as global hot spare, the assign global hot spare pending operation is cleared.
If you have unassigned a physical disk as a global hot spare in Add to Pending Operation mode, the pending operation is created but a job is
not created. Then, if you try to assign the same disk as a global hot spare, the unassign global hot spare pending operation is cleared.
If the last VD is deleted, the global hot spares also returns to ready state.
If a PD is already a global hot spares, user can still assign it again as a global hot spares.

Assigning or unassigning global hot spare using web interface
To assign or unassign a global hot spare for a physical disk drive:
1

In the iDRAC web interface, go to Overview > Storage > Physical Disks > Setup.

2

From the Controller drop-down menu, select the controller to view the associated physical disks.

3

To assign as a global hotspare, from the drop-down menus in the Action-Assign to All column, select Global Hotspare for one or more
physical disks.

4

To unassign a hot spare, from the drop-down menus in the Action-Assign to All column, select Unassign Hotspare for one or more
physical disks.

5

From the Apply Operation Mode drop-down menu, select when you want to apply the settings.

6

Click Apply.

The Setup Physical Disk page is displayed.

Based on the selected operation mode, the settings are applied.

Assigning or unassigning global hot spare using RACADM
Use the storage command and specify the type as global hot spare.
For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals.

216

Managing storage devices

Converting a physical disk to RAID or non-RAID mode
Converting a physical disk to RAID mode enables the disk for all RAID operations. When a disk is in a non-RAID mode, the disk is exposed to
the operating system unlike unconfigured good disks and is used in a direct pass-through mode.
PERC 10 is not supported to convert drives to non-RAID.
You can convert the physical disk drives to RAID or non-RAID mode by:
•
•

Using iDRAC interfaces such as iDRAC web interface, RACADM, Redfish or WSMan.
Pressing  while restarting the server and selecting the required controller.
NOTE: If the physical drives connected to a PERC controller are in non-RAID mode, the size of the disk displayed in the iDRAC
interfaces, such as iDRAC GUI, RACADM, Redfish and WSMan, may be slightly less than the actual size of the disk. However,
you can use the full capacity of the disk to deploy operating systems.
NOTE: Hot plugged disks in H330 are always in non-RAID mode. In other RAID controllers, they are always in RAID mode.

Converting physical disks to RAID capable or non-RAID mode using the
iDRAC web interface
To convert the physical disks to RAID mode or non-RAID mode, perform the following steps:
1

In the iDRAC web interface, click Storage > Overview > Physical Disks.

2

Click Advanced Filter.
An elaborated list is displayed that allows you to configure different parameters.

3

From the Group By drop-down menu, select an enclosure or virtual disks.
The parameters associated with the enclosure or the VD are displayed.

4

Click Apply, once you select all the desired parameters. For more information about the fields, see the iDRAC Online Help.
The settings are applied based on the option selected in the operation mode.

Converting physical disks to RAID capable or non-RAID mode using
RACADM
Depending on whether you want to convert to RAID or Non-RAID mode, use the following RACADM commands
•
•

To convert to RAID mode, use the racadm storage converttoraid command.
To convert to Non-RAID mode, use the racadm storage converttononraid command.
NOTE: On the S140 controller, you can only use the RACADM interface to convert the drives from non-RAID to RAID mode. The
supported Software RAID modes are Windows or Linux Mode.

For more information about the commands, see the iDRAC RACADM Command Line Reference Guide available at dell.com/esmmanuals.

Erasing physical disks
The System Erase feature allows you to erase the contents of the physical drives. This feature is accessible using RACADM or the LC GUI.
Physical drives on the server are grouped into two categories.
•
•

Secure erase drives— Includes drives that provide cryptographic erase such as ISE and SED SAS and SATA drives, and PCIe SSDs.
Overwrite erase drives— Includes all drives that do not support cryptographic erase.

The RACADM SystemErase sub-command includes options for the following categories:

Managing storage devices

217

•

The SecureErasePD option cryptographically erases all the secure erase drives.

•

The OverwritePD option overwrites data on all drives.

Before performing SystemErase, use the following command to check the erase capability of all physical disks for a server:
# racadm storage get pdisks –o –p SystemEraseCapability
To erase ISE and SED drives, use this command:
# racadm systemerase –secureerasepd
To erase overwrite erase drives, use the following command:
# racadm systemerase -overwritepd
NOTE: RACADM SystemErase removes all the virtual disks from the physical disks that are erased by the above commands.
NOTE: RACADM SystemErase causes the server to restart in order to perform the erase operations.
NOTE: Individual PCIe SSD or SED devices can be erased using the iDRAC GUI or RACADM. For more information, see the
Erasing PCIe SSD device data and the Erasing SED device data section.
For information on the System Erase function within the Lifecycle Controller GUI, see the Lifecycle Controller User's Guide available at
dell.com/idracmanuals.

Erasing SED device data
NOTE: This operation is not supported when SED device is a part of a Virtual Disk. The target SED device must be removed from
the virtual disk prior to performing device erase.
Cryptographic Erase permanently erases all data present on the disk. Performing a Cryptographic Erase on an SED overwrites all blocks and
results in permanent loss of all data on the SED. During Cryptographic Erase, the host is unable to access the SED. SED device erase can
be performed either in real time or be applied after a system reboot.
If the system reboots or experiences a power loss during cryptographic erase, the operation is canceled. You must reboot the system and
restart the process.
Before erasing SED device data, ensure that:
•

Lifecycle Controller is enabled.

•

You have Server Control and Login privileges.

•

Selected SED drive is not part of a virtual disk.
NOTE:
•

Erasing SEDs can be performed either as a real time or as a staged operation.

•

After the SED drive is erased, it may still be displayed as active within the OS due to data caching. If this occurs, reboot the OS and
the erased SED drive will no longer be displayed or report any data.

•

Cryptographic erase feature is supported for SEDs for 14th generation PowerEdge servers.

Erasing SED device data using web interface
To erase the data on the SED device:
1

In the iDRAC Web interface, go to Storage > Overview > Physical Disks.
The Physical Disk page is displayed.

2

From the Controller drop-down menu, select the controller to view the associated SEDs.

3

From the drop-down menus, select Cryptographic Erase for one or more SEDs.
If you have selected Cryptographic Erase and you want to view the other options in the drop-down menu, then select Action and
then click the drop-down menu to view the other options.

218

Managing storage devices

4

From the Apply Operation Mode drop-down menu, select one of the following options:
•
•
•

5

Apply Now — Select this option to apply the actions immediately with no system reboot required.
At Next Reboot — Select this option to apply the actions during the next system reboot.
At Scheduled Time — Select this option to apply the actions at a scheduled day and time:
• Start Time and End Time — Click the calendar icons and select the days. From the drop-down menus, select the time. The
action is applied between the start time and end time.
• From the drop-down menu, select the type of reboot:
•

No Reboot (Manually Reboot System)

•

Graceful Shutdown

•

Force Shutdown

•

Power Cycle System (cold boot)

Click Apply.
If the job is not created, a message indicating that the job creation was not successful is displayed. Also, the message ID and the
recommended response action is displayed.
If the job is created successfully, a message indicating that the job ID is created for the selected controller is displayed. Click Job
Queue to view the progress of the job in the Job Queue page.
If pending operation is not created, an error message is displayed. If pending operation is successful and job creation is not successful,
then an error message is displayed.

Erasing SED device data using RACADM
To securely erase an SED device:
racadm storage cryptographicerase:
To create the target job after executing the cryptographicerase command:
racadm jobqueue create  -s TIME_NOW -realtime
To create the target staged job after executing the cryptographicerase command:
racadm jobqueue create  -s TIME_NOW -e 
To query the job ID returned:
racadm jobqueue view -i 
For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals.

Rebuild Physical Disk
Rebuild Physical Disk is the ability to reconstruct the contents of a failed disk. This is true only when auto rebuild option is set to false. If
there is a redundant virtual disk, the rebuild operation can reconstruct the contents of a failed physical disk. A rebuild can take place during
normal operation, but it degrades performance.
Cancel Rebuild can be used to cancel a rebuild that is in progress. If you cancel a rebuild, the virtual disk remains in a degraded state. The
failure of an additional physical disk can cause the virtual disk to fail and may result in data loss. It is recommended to perform a rebuild on
the failed physical disk at the earliest.
In case, you cancel the rebuild of a physical disk that is assigned as a hot spare, reinitiate the rebuild on the same physical disk in order to
restore the data. Canceling the rebuild of a physical disk and then assigning another physical disk as a hot spare does not cause the newly
assigned hot spare to rebuild the data.

Managing virtual disks
You can perform the following operations for the virtual disks:

Managing storage devices

219

•

Create

•

Delete

•

Edit policies

•

Initialize

•

Check consistency

•

Cancel check consistency

•

Encrypt virtual disks

•

Assign or unassign dedicated hot spares

•

Blink and unblink virtual disk

•

Cancel background initialization

•

Online capacity expansion

•

RAID level migration
NOTE: You can manage and monitor 192 virtual disks if auto-configuration is enabled through PERC controller BIOS, Human
Interface Infrastructure (HII), and Dell OpenManage Server Administrator (OMSA).
NOTE: PERC 10 count is less since it does not support daisy chain arrangements.

Creating virtual disks
To implement RAID functions, you must create a virtual disk. A virtual disk refers to storage created by a RAID controller from one or more
physical disks. Although a virtual disk may be created from several physical disks, it is seen by the operating system as a single disk.
Before creating a virtual disk, you should be familiar with the information in Considerations Before Creating Virtual Disks.
You can create a Virtual Disk using the Physical Disks attached to the PERC controller. To create a Virtual Disk, you must have the Server
Control user privilege. You can create a maximum of 64 virtual drives and a maximum of 16 virtual drives in the same drive group.
You cannot create a virtual disk if:
•

Physical disk drives are not available for virtual disk creation. Install additional physical disk drives.

•

Maximum number of virtual disks that can be created on the controller has been reached. You must delete at least one virtual disk and
then create a new virtual disk.

•

Maximum number of virtual disks supported by a drive group has been reached. You must delete one virtual disk from the selected
group and then create a new virtual disk.

•

A job is currently running or scheduled on the selected controller. You must wait for this job to complete or you can delete the job
before attempting a new operation. You can view and manage the status of the scheduled job in the Job Queue page.

•

Physical disk is in non-RAID mode. You must convert to RAID mode using iDRAC interfaces such as iDRAC web interface, RACADM,
Redfish, WSMan, or .
NOTE: If you create a virtual disk in Add to Pending Operation mode and a job is not created, and then if you delete the Virtual
disk, then the create pending operation for the virtual disk is cleared.
NOTE: RAID 6 and 60 are not supported in H330.

Considerations before creating virtual disks
Before creating virtual disks, consider the following:
•

Virtual disk names not stored on controller—The names of the virtual disks that you create are not stored on the controller. This means
that if you reboot using a different operating system, the new operating system may rename the virtual disk using its own naming
conventions.

•

Disk grouping is a logical grouping of disks attached to a RAID controller on which one or more virtual disks are created, such that all
virtual disks in the disk group use all of the physical disks in the disk group. The current implementation supports the blocking of mixed
disk groups during the creation of logical devices.

220

Managing storage devices

•

Physical disks are bound to disk groups. Therefore, there is no RAID level mixing on one disk group.

•

There are limitations on the number of physical disks that can be included in the virtual disk. These limitations depend on the controller.
When creating a virtual disk, controllers support a certain number of stripes and spans (methods for combining the storage on physical
disks). Because the number of total stripes and spans is limited, the number of physical disks that can be used is also limited. The
limitations on stripes and spans affect the RAID levels as follows:

•

•

Maximum number of spans affects RAID 10, RAID 50, and RAID 60.

•

Maximum number of stripes affects RAID 0, RAID 5, RAID 50, RAID 6, and RAID 60.

•

Number of physical disks in a mirror is always 2. This affects RAID 1 and RAID 10.

Cannot create virtual disks on PCIe SSDs.

Creating virtual disks using web interface
To create virtual disk:
1

In the iDRAC Web interface, go to Storage > Overview > Virtual DisksAdvanced Filter.

2

In the Virtual Disk section, do the following:
a
b

From the Controller drop-down menu, select the controller for which you want to create the virtual disk.
From the Layout drop-down menu, select the RAID level for the Virtual Disk.

c

Only those RAID levels supported by the controller appear in the drop-down menu and it is based on the RAID levels are available
based on the total number of physical disks available.
Select the Media Type, Stripe Size, Read Policy, Write Policy, Disk Cache Policy, .

d

Only those values supported by the controller appear in the drop-down menus for these properties.
In the Capacity field, enter the size of the virtual disk.

e

3

The maximum size is displayed and then updated as disks are selected.
The Span Count field is displayed based on the selected physical disks (step 3). You cannot set this value. It is automatically
calculated after selecting disks for multi-raid level. If you have selected RAID 10 and if the controller supports uneven RAID 10,
then the span count value is not displayed. The controller automatically sets the appropriate value.

In the Select Physical Disks section, select the number of physical disks.
For more information about the fields, see the iDRAC Online Help

4

From the Apply Operation Mode drop-down menu, select when you want to apply the settings.

5

Click Create Virtual Disk.
Based on the selected Apply Operation Mode, the settings are applied.
NOTE: You can use alphanumeric characters, spaces, dashes, and underscores in the disk name. Any other special
characters that you enter are removed while creating the virtual disk.

Creating virtual disks using RACADM
Use the racadm storage createvd command.
For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals.

Editing virtual disk cache policies
You can change the read, write, or disk cache policy of a virtual disk.
NOTE: Some of the controllers do not support all read or write policies. Therefore, when a policy is applied, an error message is
displayed.
The read policies indicate whether the controller must read sequential sectors of the virtual disk searching for data:
•

Adaptive Read Ahead — The controller initiates read ahead only if the two most recent reads requests accessed sequential sectors of
the disk. If subsequent read requests access random sectors of the disk, the controller reverts to no read ahead policy. The controller
continues to evaluate whether read requests are accessing sequential sectors of the disk, and initiates read ahead if necessary.

Managing storage devices

221

•
•

Read Ahead — The controller reads sequential sectors of the virtual disk when seeking data. Read ahead policy may improve system
performance if the data is written to the sequential sectors of the virtual disk.
No Read Ahead — Selecting no read ahead policy indicates that the controller should not use read ahead policy.

The write policies specify if the controller sends a write-request completion signal when the data is in the cache or after it has been written
to the disk.
• Write Through — The controller sends a write-request completion signal only after the data is written to the disk. Write-through
caching provides better data security than write-back caching, since the system assumes that the data is available only after it has
been safely written to the disk.
• Write Back — The controller sends a write-request completion signal as soon as the data is in the controller cache but has not yet
been written to disk. Write back caching may provide improved performance since subsequent read requests can retrieve data quickly
from the cache then from the disk. However, data loss may occur in the event of a system failure which prevents that data from being
written on a disk. Other applications may also experience problems when actions assume that the data is available on the disk.
• Force Write Back — The write cache is enabled regardless of whether the controller has a battery. If the controller does not have a
battery and force write-back caching is used, data loss may occur in the event of a power failure.
The Disk Cache policy applies to readings on a specific virtual disk. These settings do not affect the read-ahead policy.
NOTE:
•

Controller non-volatile cache and battery backup of controller cache affects the read-policy or the write policy that a controller can
support. All PERCs do not have battery and cache.

•

Read ahead and write back requires cache. Therefore, if the controller does not have cache, it does not allow you to set the policy
value.
Similarly, if the PERC has cache but not battery and the policy is set that requires accessing cache, then data loss may occur if
base of power off. So few PERCs may not allow that policy.
Therefore, depending upon the PERC, the policy value is set.

Deleting virtual disks
Deleting a virtual disk destroys all information including file systems and volumes residing on the virtual disk and removes the virtual disk
from the controller’s configuration. When deleting virtual disks, all assigned global hot spares may be automatically unassigned when the
last virtual disk associated with the controller is deleted. When deleting the last virtual disk of a disk group, all assigned dedicated hot
spares automatically become global hot spares.
If you delete all the VDs for a global hotspare, then the global hotspare gets automatically deleted.
You must have the Login and Server Control privilege to perform delete virtual disks.
When this operation is allowed, you can delete a boot virtual drive. It is done from sideband and the independent of the operating system.
Hence, a warning message appears before you delete the virtual drive.
If you delete a virtual disk and immediately create a new virtual disk with all the same characteristics as the one that was deleted, the
controller recognizes the data as if the first virtual disk were never deleted. In this situation, if you do not want the old data after recreating
a new virtual disk, re-initialize the virtual disk.

Checking virtual disk consistency
This operation verifies the accuracy of the redundant (parity) information. This task only applies to redundant virtual disks. When necessary,
the check consistency task rebuilds the redundant data. If the virtual drive has a degraded status, running a check consistency may be able
to return the virtual drive to ready status. You can perform a consistency check using the web interface or RACADM.
You can also cancel the check consistency operation. The cancel check consistency is a real-time operation.
You must have Login and Server Control privilege to check consistency of virtual disks.

222

Managing storage devices

NOTE: Consistency check is not supported when the drives are set up in RAID0 mode.

Initializing virtual disks
Initializing virtual disks erases the all the data on the disk but does not change the virtual disk configuration. You must initialize a virtual disk
that is configured before it is used.
NOTE: Do not initialize virtual disks when attempting to recreate an existing configuration.
You can perform a fast initialization, a full Initialization, or cancel the initialization operation.
NOTE: The cancel initialization is a real-time operation. You can cancel the initialization using only the iDRAC Web interface and
not RACADM.

Fast initialization
The fast initialize operation initializes all physical disks included in the virtual disk. It updates the metadata on the physical disks so that all
disk space is available for future write operations. The initialize task can be completed quickly because the existing information on the
physical disks is not erased, although future write operations overwrite any information that remains on the physical disks.
Fast initialization only deletes the boot sector and stripe information. Perform a fast initialize only if you are constrained for time or the hard
drives are new or unused. Fast Initialization takes less time to complete (usually 30-60 seconds).
CAUTION: Performing a fast initialize causes existing data to be inaccessible.
The fast initialize task does not write zeroes to the disk blocks on the physical disks. It is because the Fast Initialize task does not perform a
write operation, it causes less degradation to the disk.
A fast initialization on a virtual disk overwrites the first and last 8 MB of the virtual disk, clearing any boot records or partition information.
The operation takes only 2-3 seconds to complete and is recommended when you are recreating virtual disks.
A background initialization starts five minutes after the Fast Initialization is completed.

Full or slow initialization
The full initialization (also called slow initialize) operation initializes all physical disks included in the virtual disk. It updates the metadata on
the physical disks and erases all existing data and file systems. You can perform a full initialization after creating the virtual disk. In
comparison with the fast initialize operation, you may want to use the full initialize if you have trouble with a physical disk or suspect that it
has bad disk blocks. The full initialize operation remaps bad blocks and writes zeroes to all disk blocks.
If full initialization of a virtual disk is performed, background initialization is not required. During full initialization, the host is not able to
access the virtual disk. If the system reboots during a full initialization, the operation terminates and a background initialization process
starts on the virtual disk.
It is always recommended to do a full initialization on drives that previously contained data. Full initialization can take up to 1-2 minutes per
GB. The speed of initialization depends on the controller model, speed of hard drives, and the firmware version.
The full initialize task initializes one physical disk at a time.
NOTE: Full initialize is supported only in real-time. Only few controllers support full initialization.

Managing storage devices

223

Encrypting virtual disks
When encryption is disabled on a controller (that is, the security key is deleted), manually enable encryption for virtual disks created using
SED drives. If the virtual disk is created after encryption is enabled on a controller, the virtual disk is automatically encrypted. It is
automatically configured as an encrypted virtual disk unless the enabled encryption option is disabled during the virtual disk creation.
You must have Login and Server Control privilege to manage the encryption keys.
NOTE: Though encryption is enabled in the controllers, user needs to manually enable encryption on the VD if VD is created from
iDRAC. Only if the VD is created from OMSA, it would be automatically encrypted.

Assigning or unassigning dedicated hot spares
A dedicated hot spare is an unused backup disk that is assigned to a virtual disk. When a physical disk in the virtual disk fails, the hot spare
is activated to replace the failed physical disk without interrupting the system or requiring your intervention.
You must have Login and Server Control privilege to run this operation.
You can assign only 4K drives as hot spare to 4K virtual disks.
If you have assigned a physical disk as a dedicated hot spare in Add to Pending Operation mode, the pending operation is created but a job
is not created. Then, if you try to unassign the dedicated hot spare, the assign dedicated hot spare pending operation is cleared.
If you have unassigned a physical disk as a dedicated hot spare in Add to Pending Operation mode, the pending operation is created but a
job is not created. Then, if you try to assign the dedicated hot spare, the unassign dedicated hot spare pending operation is cleared.
NOTE: While the log export operation is in progress, you cannot view information about dedicated hot spares on the Manage
Virtual Disks page. After the log export operation is complete, reload or refresh the Manage Virtual Disks page to view the
information.

Rename VD
To change the name of a Virtual Disk, the user must have System Control privilege. The virtual disk name can contain only alphanumeric
characters, spaces, dashes and underscores. The maximum length of the name depends on the individual controller. In most cases, the
maximum length is 15 characters. The name cannot start with a space, end with a space, or be left blank. Every time a virtual disk is
renamed, an LC Log gets created.

Edit Disk capacity
Online Capacity Expansion (OCE) allows you to increase the storage capacity of selected RAID levels while the system remains online. The
controller redistributes the data on the array(called Reconfiguration), placing new space available at the end of each RAID array.
Online Capacity Expansion (OCE) can be achieved in two ways:
•

If free space is available on the smallest physical drive on the virtual disks group after starting LBA of Virtual disks, the virtual disk´s
capacity can be expanded within that free space. This option allows you to enter the new increased virtual disk size. If disk group in a
virtual disk has space available only before starting LBA, then Edit Disk Capacity in same disk group is not permitted even though there
is Available Space on a physical drive.
• A virtual disk's capacity can also be expanded by adding additional compatible physical disks to the existing virtual disk group. This
option does not allow you to enter the new increased virtual disk size. New increased virtual disk size is calculated and displayed to the
user based on the used disk space of existing physical disk group on a particular virtual disk, existing raid level of the virtual disk and the
number of new drives added to the virtual disk.
Capacity Expansion allows user to specify the final VD size. Internally final VD size is conveyed to PERC in percentage (this percentage is
the space user would like to use from empty space left in the array for the local disk to expand). Because of this percentage logic final VD

224

Managing storage devices

size after reconfiguration completes may be different from what user provided for scenario where user is not giving maximum VD size
possible as the final VD size (percentage turns out to be less than 100%). User does not see difference in this entered VD size and final VD
size after reconfiguration, if maximum possible VD size is entered by user.

Raid Level Migration
RAID Level Migration (RLM) refers to changing a virtual disk´s RAID level. iDRAC9 provides an option to increase the VD size using RLM. In
a way, RLM allows migrating the RAID level of a virtual disk which in turn may increase the size of virtual disk.
RAID level migration is the process of converting a VD with one RAID Level to another. When you migrate a VD to a different Raid Level,
the user data on it is redistributed to the format of the new configuration.
This configuration is supported by both staged and realtime.
The below table describes possible reconfigurable VD layouts while reconfiguring (RLM) a VD with addition of disks and without addition of
disks.
Table 52. Possible VD Layout
Source VD Layout

Possible target VD Layout with Disk Add

Possible target VD Layout Without disk
addition

R0 (single disk)

R1

NA

R0

R5/R6

NA

R1

R0/R5/R6

R0

R5

R0/R6

R0

R6

R0/R5

R0/R5

Permitted operations when OCE or RLM is going on
The following operations are allowed when OCE/RLM is going on:
Table 53. Permitted operations
From Controller End behind which From VD End (which is going
a VD is going through OCE/RLM through OCE/RLM)

From any other Ready State
Physical Disk on the same
controller

From any other VD (which
is not going through OCE/
RLM) End on the same
controller

Reset Configuration

Delete

Blink

Delete

Export Log

Blink

Unblink

Blink

Set Patrol Read Mode

Unblink

Assign Global Hot Spare

Unblink

Convert to non-RAID Disks

Rename

Start Patrol Read
Change Controller Properties

Change Policy

Manage Physical Disk Power

Slow Initialize

Convert to RAID Capable Disks

Fast Initialize

Convert to Non-RAID Disks

Replace Member Disk

Managing storage devices

225

Change Controller Mode

OCE and RLM Restrictions or Limitations
Following are the common limitations for OCE and RLM:
•

OCE/RLM is restricted to the scenario where the disk group contains only one VD.

•

OCE is not supported on RAID50 and RAID60. RLM is not supported on RAID10,RAID50 and RAID60.

•

If the controller already contains the maximum number of virtual disks, you cannot perform a RAID level migration or capacity expansion
on any virtual disk.

•

The controller changes the write cache policy of all virtual disks undergoing a RLM/OCE to Write-Through until RLM/OCE is complete.

•

Reconfiguring Virtual Disks typically impacts disk performance until the reconfiguration operation is complete.

•

The total number of physical disks in a disk group cannot exceed 32.

•

If any background operation (like BGI/rebuild/copyback/patrol read ) is already running on the corresponding VD/PD then
Reconfiguration (OCE/RLM) is not allowed at that time.

•

Any kind of disk migration when Reconfiguration (OCE/RLM) is on progress on drives associated with VD causes reconfiguration to fail.

•

Any new drive added for OCE/RLM becomes part of the VD after reconstruction completes. But State for those new drive changes to
Online just after reconstruction starts.

Cancel Initialization
This feature is the ability to cancel the background initialization on a virtual disk. On PERC controllers, the background initialization of
redundant virtual disk starts automatically after a virtual disk is created. The background initialization of redundant virtual disk prepares the
virtual disk for parity information and improves write performance. However, some processes such as creating a virtual disk cannot be run
while the background initialization is in progress. Cancel Initialization provides the ability to cancel the background initialization manually.
Once cancelled, the background initialization automatically restarts within 0 to 5 minutes.
NOTE: Background initialization is not applicable for RAID 0 virtual disks.

Managing virtual disks using web interface
1

In the iDRAC web interface, go to Storage > Overview > Virtual Disks > Advanced Filter.

2

From the Virtual Disks, select the controller for which you want to manage the virtual disks.

3

For one or more Virtual Disks, from each Action drop-down menu, select an action.
You can specify more than one action for a virtual drive. When you select an action, an additional Action drop-down menu is displayed.
Select another action from this drop-down menu. The action that is already selected does not appear in the additional Action dropdown menus. Also, the Remove link is displayed next to the selected action. Click this link to remove the selected action.
•

Delete

•

Edit Policy: Read Cache — Change the read cache policy to one of the following options:

•

•

No Read Ahead — Indicates that for the given volume, no read ahead policy is used.

•

Read Ahead — Indicates that for the given volume, the controller reads sequentially ahead of the requested data and stores
the additional data in cache memory, anticipating a data requirement. This speeds up sequential data reads, but there is less
improvement when accessing random data.

•

Adaptive Read Ahead — Indicates that for the given volume, the control uses the Read-Ahead cache policy if the two most
recent disks accesses occurred in sequential sectors. If the read requests are random, the controller returns to No Read Ahead
mode.

Edit Policy: Write Cache — Change the write cache policy to one of the following options:
•

226

Write Through — Indicates that for the given volume, the controller sends a data transfer completion signal to the host
system when the disk subsystem has received all the data in a transaction.

Managing storage devices

•

•

Write Back — Indicates that for the given volume, the controller sends a data transfer completion signal to the host system
when the controller cache has received all the data in a transaction. The controller then writes the cached data to the storage
device in the background.

•

Force Write Back — When using force write-back caching, the write cache is enabled regardless of whether the controller
has a battery. If the controller does not have a battery and force write-back caching is used, data loss may occur in the event
of a power failure.

Edit Policy: Disk Cache — Change the disk cache policy to one of the following options:
•

Default — Indicates that the disk is using its default write cache mode. For SATA disks, this is enabled and for SAS disks this is
disabled.

•

Enabled — Indicates that the disk’s write cache is enabled. This increases performance and the probability of data loss if there
is power loss.

•

Disabled — Indicates that the disk’s write cache is disabled. This decreases performance and the probability of data loss.

•

Initialize: Fast — Updates the metadata on the physical disks so that all the disk space is available for future write operations. The
initialize option can be completed quickly because existing information on the physical disks is not erased, although future write
operations overwrites any information that remains on the physical disks.

•

Initialize: Full — All existing data and file systems are erased.

•

Check Consistency — To check the consistency of a virtual disk, select Check Consistency from the corresponding drop-down
menu.

NOTE: The Initialize: Full option is not applicable for PERC H330 controllers.

NOTE: Consistency check is not supported on drives set up in RAID0 mode.
•

Encrypt Virtual Disk — Encrypts the virtual disk drive. If the controller is encryption capable, you can create, change or delete the
security keys.
NOTE: The Encrypt Virtual Disk option is available only if the virtual disk is created using the Self-Encrypting Drive (SED)
drives.

•

Manage Dedicated Hotspares — Assign or unassign a physical disk as a dedicated hot spare. Only the valid dedicated hot spares
are displayed. If there are no valid dedicated hot spares, then this section does not appear in the drop-down menu.

For more information about these options, see the iDRAC Online Help.
4

From the Apply Operation Mode drop-down menu, select when you want to apply the settings.

5

Click Apply.
Based on the selected operation mode, the settings are applied.
The other options are:
RAID Level Migration — Displays the Disk Name, Current RAID Level, and size of the virtual disk. Allows you to select a New RAID
Level. User may have to add additional drives to existing Virtual disks to migrate to new raid level. This feature is not applicable on
RAID 10, 50 and 60.

Managing virtual disks using RACADM
Use the following commands to manage virtual disks:
•

To delete virtual disk:
racadm storage deletevd:

•

To initialize virtual disk:
racadm storage init: -speed {fast|full}

•

To check consistency of virtual disks (not supported on RAID0):
racadm storage ccheck:
To cancel the consistency check:
racadm storage cancelcheck: 

•

To encrypt virtual disks:
racadm storage encryptvd:

Managing storage devices

227

•

To assign or unassign dedicated hot spares:
racadm storage hotspare: -assign
Source Exif Data: 
File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.6
Linearized                      : No
Author                          : Dell
Create Date                     : 2018:01:05 06:42:59+00:00
Modify Date                     : 2018:01:05 06:42:59+00:00
Creator                         : AH XSL Formatter V6.3 MR3 for Windows (x64) : 6.3.4.25128 (2016/07/01 17:39JST)
Producer                        : Antenna House PDF Output Library 6.3.815 (Windows (x64))
Keywords                        : iDRAC9, Integrated Dell Remote.Access Controller 9, Connection View, Licensed features , multiple iDRAC session, accessing iDRAC-SMCLP-SEL, secure defalut.password, system performance-power consumption, FIPS Mode, Configuring TLS, Fresh Air, System Lockdown mode, Group Manager, SupportAssist, Multi-Vector.Cooling, managing-virtual-physical-disks-controllers, BIOS settings-iDRAC9, iDRAC-Quick-Sync-2, setting-boot-order, Virtual-media-console-vFLASH.SD, rack-density
Title                           : Integrated Dell Remote Access Controller 9 Version 3.15.15.15 User's Guide
Trapped                         : False
Page Count                      : 341
Page Mode                       : UseOutlines
Tagged PDF                      : Yes
Language                        : EN
EXIF Metadata provided by EXIF.tools

Navigation menu