How To: Integrated Dell Remote Access Controller (IDRAC)

1

Overview

The Integrated Dell Remote Access Controller (iDRAC) is designed to make server administrators more productive and improve the overall availability of Dell servers. iDRAC alerts administrators to server issues, helps them perform remote server management, and reduces the need for physical access to the server.

iDRAC with Lifecycle controller technology is part of a larger datacenter solution that helps keep business critical applications and workloads available at all times. The technology allows administrators to deploy, monitor, manage, configure, update, troubleshoot and remediate Dell servers from any location, and without the use of agents. It accomplishes this regardless of operating system or hypervisor presence or state.

Several products work in conjunction with the iDRAC and Lifecycle controller to simplify and streamline IT operations, such as:

• Dell Management plug-in for VMware vCenter

• Dell Repository Manager

• Dell Management Packs for Microsoft System Center Operations Manager (SCOM) and Microsoft System Center Configuration Manager (SCCM)

• BMC Bladelogic

• Dell OpenManage Essentials

• Dell OpenManage Power Center

The iDRAC is available in the following variants:

• Basic Management with IPMI (available by default for 200-500 series servers)

• iDRAC Express (available by default on all 600 and higher series of rack or tower servers, and all blade servers)

• iDRAC Enterprise (available on all server models)

For more information, see the iDRAC Overview and Feature Guide available at dell.com/support/ manuals.

Benefits of Using iDRAC With Lifecycle Controller

The benefits include:

• Increased Availability — Early notification of potential or actual failures that help prevent a server failure or reduce recovery time after failure.

• Improved Productivity and Lower Total Cost of Ownership (TCO) — Extending the reach of administrators to larger numbers of distant servers can make IT staff more productive while driving down operational costs such as travel.

• Secure Environment — By providing secure access to remote servers, administrators can perform critical management functions while maintaining server and network security.

• Enhanced Embedded Management through Lifecycle Controller – Lifecycle Controller provides deployment and simplified serviceability through Lifecycle Controller GUI for local deployment and


Remote Services (WS-Management) interfaces for remote deployment integrated with Dell OpenManage Essentials and partner consoles.

For more information on Lifecycle Controller GUI, see Lifecycle Controller User’s Guide and for remote services, see Lifecycle Controller Remote Services User’s Guide available at dell.com/support/manuals.

Key Features

The key features in iDRAC include:

NOTE icon NOTE: Some of the features are available only with iDRAC Enterprise license. For information on the features available for a license, see Managing Licenses .

Inventory and Monitoring

• View managed server health.

• Inventory and monitor network adapters and storage subsystem (PERC and direct attached storage) without any operating system agents.

• View and export system inventory.

• View sensor information such as temperature, voltage, and intrusion.

• Monitor CPU state, processor automatic throttling, and predictive failure.

• View memory information.

• Monitor and control power usage.

• Support for SNMPv3 gets.

• For blade servers: launch Chassis Management Controller (CMC) Web interface, view CMC information, and WWN/MAC addresses.

NOTE icon NOTE: CMC provides access to iDRAC through the M1000E Chassis LCD panel and local console connections. For more information, see Chassis Management Controller User’s Guide

available at dell.com/support/manuals.

• View network interfaces available on host operating systems.

• View inventory and monitor information and configure basic iDRAC settings using iDRAC Quick Sync feature and a mobile device.

Deployment

• Manage vFlash SD card partitions.

• Configure front panel display settings.

• Launch Lifecycle Controller, which allows you to configure and update BIOS and supported network and storage adapters.

• Manage iDRAC network settings.

• Configure and use virtual console and virtual media.

• Deploy operating systems using remote file share, virtual media, and VMCLI.

• Enable auto-discovery.

• Perform server configuration using the export or import XML profile feature through RACADM and WS-MAN. For more information, see the Lifecycle Controller Remote Services Quick Start Guide.

• Configure persistence policy for virtual addresses, initiator, and storage targets.

• Remotely configure storage devices attached to the system at run-time.

• Perform the following operations for storage devices:

– Physical disks: Assign or unassign physical disk as a global hot spare


– Virtual disks:

* Create virtual disks

* Edit virtual disks cache policies

* Check virtual disk consistency

* Initialize virtual disks

* Encrypt virtual disks

* Assign or unassign dedicated hot spare

* Delete virtual disks

– Controllers:

* Configure controller properties

* Import or auto-import foreign configuration

* Clear foreign configuration

* Reset controller configuration

* Create or change security keys

– PCIe SSD devices:

* Inventory and remotely monitor the health of PCIe SSD devices in the server.

* Prepare the PCIe SSD to be removed

* Securely erase the data

– Set the backplane mode (unified or split mode).

– Blink or unblink component LEDs

– Apply the device settings immediately, at next system reboot, at a scheduled time, or as a pending operation to be applied as a batch as part of the single job.

Update

• Manage iDRAC licenses.

• Update BIOS and device firmware for devices supported by Lifecycle Controller

• Update or rollback iDRAC firmware and lifecycle controller firmware using a single firmware image.

• Manage staged updates.

• Backup and restore server profile

• Access iDRAC interface over direct USB connection.

• Configure iDRAC using Server Configuration Profiles on USB device.

Maintenance and Troubleshooting

• Perform power related operations and monitor power consumption.

• Optimize system performance and power consumption by modifying the thermal settings.

• No dependency on Server Administrator for generation of alerts.

• Log event data: Lifecycle and RAC logs.

• Set email alerts, IPMI alerts, remote system logs, WS eventing logs, and SNMP traps (v1, v2c, and v3) for events and improved email alert notification.

• Capture last system crash image.

• View boot and crash capture videos.

• Out-of-band monitor and alert the performance index of CPU, memory, and I/O modules.

• Configure warning threshold for inlet temperature and power consumption.


• Use iDRAC Service Module to:

– View Operating System (OS) information

– Replicate Lifecycle Controller logs to operating system logs

– Automatic system recovery options

– Populate Windows Management Instrumentation (WMI) information

– Integrate with Technical Support Report. This is applicable only if iDRAC Service Module Version

2.0 or later is installed. For more information, see Generating Tech Support Report .

– Integrate with NVMe Management for Prepare to Remove operation on a NVMe class PCIe SSD. For more information, see Preparing to Remove PCIe SSD .

• Generate technical support report in the following ways:

– Automatic — Using iDRAC Service Module that automatically invokes the OS Collector tool.

– Manual — Using OS Collector tool

Secure Connectivity

Securing access to critical network resources is a priority. iDRAC implements a range of security features that includes:

• Custom signing certificate for Secure Socket Layer (SSL) certificate.

• Signed firmware updates.

• User authentication through Microsoft Active Directory, generic Lightweight Directory Access Protocol (LDAP) Directory Service, or locally administered user IDs and passwords.

• Two-factor authentication using the Smart–Card logon feature. The two-factor authentication is based on the physical smart card and the smart card PIN.

• Single Sign-on and Public Key Authentication.

• Role-based authorization, to configure specific privileges for each user.

• SNMPv3 authentication for user accounts stored locally in the iDRAC. It is recommended to use this, but it is disabled by default.

• User ID and password configuration.

• Default login password modification.

• Set user passwords and BIOS passwords using one way hash format for improved security.

• SMCLP and Web interfaces that support 128-bit and 40-bit encryption (for countries where 128 bit is not acceptable), using the SSL 3.0 standard.

• Session time-out configuration (in seconds).

• Configurable IP ports (for HTTP, HTTPS, SSH, Telnet, Virtual Console, and Virtual Media).

NOTE icon NOTE: Telnet does not support SSL encryption and is disabled by default.

• Secure Shell (SSH) that uses an encrypted transport layer for higher security.

• Login failure limits per IP address, with login blocking from that IP address when the limit is exceeded.

• Limited IP address range for clients connecting to iDRAC.

• Dedicated Gigabit Ethernet adapter on rack or tower servers with Enterprise license.

New In This Release

• Set user passwords and BIOS passwords using one way hash format for improved security.

• Optimize system performance and power consumption by modifying the thermal settings.

• Update iDRAC and Lifecycle Controller firmware using a single firmware image.


• Update device firmware using TFTP or HTTP.

• Out-of-band monitor and alert the performance index of CPU, memory, and I/O modules.

• Configure warning threshold for inlet Temperature.

• Configure persistence policy for virtual addresses, initiator, and storage targets.

• View network interfaces available on host operating systems.

• Enable SNMPv3 authentication for a user to receive SNMP traps.

• Configure the SNMPv3 trap format.

• Set the warning threshold for power consumption.

• Remotely configure storage devices attached to the system at run-time.

• Perform the following operations for storage devices:

– Physical disks: Assign or unassign physical disk as a global hot spare

– Virtual disks:

* Create virtual disks

* Edit virtual disks cache policies

* Check virtual disk consistency

* Initialize virtual disks

* Encrypt virtual disks

* Assign or unassign dedicated hot spare

* Delete virtual disks

– Controllers:

* Configure controller properties

* Import or auto-import foreign configuration

* Clear foreign configuration

* Reset controller configuration

* Create or change security keys

– PCIe SSD devices:

* Inventory and remotely monitor the health of PCIe SSD devices in the server.

* Prepare the PCIe SSD to be removed

* Securely erase the data

– Set the backplane mode (unified or split mode).

– Blink or unblink component LEDs

– Apply the device settings immediately, at next system reboot, at a scheduled time, or as a pending operation to be applied as a batch as part of the single job.

• Use iDRAC Service Module to:

– Populate WMI information.

– Integrate with Technical Support Report.

• Access iDRAC interface over direct USB connection.

• Configure iDRAC using configuration XML file on USB device.

• View inventory and monitor information and configure basic iDRAC settings using iDRAC Quick Sync feature and a mobile device.

• Configure video capture settings

• Generate technical support report in the following ways:


– Automatic — Using iDRAC Service Module that automatically invokes the OS Collector tool.

– Manual — Using OS Collector tool

• Erase system and user data

• Six users can launch the Virtual Console at any point of time.

How To Use This User's Guide

The contents of this User's Guide enable you to perform the tasks by using:

• iDRAC Web interface — Only the task-related information is provided here. For information about the fields and options, see the iDRAC Online Help that you can access from the Web interface.

• RACADM — The RACADM command or the object that you must use is provided here. For more information, see the RACADM Command Line Reference Guide available at dell.com/support/ manuals.

• iDRAC Settings Utility — Only the task-related information is provided here. For information about the fields and options, see the iDRAC Settings Utility Online Help that you can access when you click Help in the iDRAC Settings GUI (press <F2> during boot, and then click iDRAC Settings on the System Setup Main Menu page).

Supported Web Browsers

iDRAC is supported on the following browsers:

• Internet Explorer

• Mozilla Firefox

• Google Chrome

• Safari

For the list of versions, see the iDRAC8 Release Notes available at dell.com/support/manuals.

Managing Licenses

iDRAC features are available based on the purchased license (Basic Management, iDRAC Express, or iDRAC Enterprise). Only licensed features are available in the interfaces that allow you to configure or use iDRAC. For example, iDRAC Web interface, RACADM, WS-MAN, OpenManage Server Administrator, and so on. Some features, such as dedicated NIC or vFlash requires iDRAC ports card. This is optional on

200-500 series servers.

iDRAC license management and firmware update functionality is available through iDRAC Web interface and RACADM.

Types of Licenses

The types of licenses offered are:

• 30 day evaluation and extension — The license expires after 30 days and can be extended for 30 days. Evaluation licenses are duration based, and the timer runs when power is applied to the system.

• Perpetual — The license is bound to the service tag and is permanent.

Acquiring Licenses

Use any of the following methods to acquire the licenses:


• E-mail — License is attached to an email that is sent after requesting it from the technical support center.

• Self-service portal — A link to the Self-Service Portal is available from iDRAC. Click this link to open the licensing Self-Service Portal on the internet. Currently, you can use the License Self-Service Portal to retrieve licenses that were purchased with the server. You must contact the sales representative or technical support to buy a new or upgrade license. For more information, see the online help for the self-service portal page.

• Point-of-sale — License is acquired while placing the order for a system.

License Operations

Before you perform the license management tasks, make sure to acquire the licenses. For more information, see the Overview and Feature Guide available at dell.com/support/manuals.

NOTE icon NOTE: If you have purchased a system with all the licenses pre-installed, then license management is not required.

You can perform the following licensing operations using iDRAC, RACADM, WS-MAN, and Lifecycle Controller-Remote Services for one-to-one license management, and Dell License Manager for one-to- many license management:

• View — View the current license information.

• Import — After acquiring the license, store the license in a local storage and import it into iDRAC using one of the supported interfaces. The license is imported if it passes the validation checks.

NOTE icon NOTE: For a few features, a system restart is required to enable the features.

• Export — Export the installed license into an external storage device for backup or to reinstall it again after a part or motherboard replacement. The file name and format of the exported license is

<EntitlementID>.xml.

• Delete — Delete the license that is assigned to a component if the component is missing. After the license is deleted, it is not stored in iDRAC and the base product functions are enabled.

• Replace — Replace the license to extend an evaluation license, change a license type such as an evaluation license with a purchased license, or extend an expired license.

– An evaluation license may be replaced with an upgraded evaluation license or with a purchased license.

– A purchased license may be replaced with an updated license or with an upgraded license.

• Learn More — Learn more about an installed license, or the licenses available for a component installed in the server.

NOTE icon NOTE: For the Learn More option to display the correct page, make sure that *.dell.com is added to the list of Trusted Sites in the Security Settings. For more information, see the Internet

Explorer help documentation.

For one-to-many license deployment, you can use Dell License Manager. For more information, see the

Dell License Manager User’s Guide available at dell.com/support/manuals.

Importing License After Replacing Motherboard

You can use the Local iDRAC Enterprise License Installation Tool if you have recently replaced the motherboard and need to reinstall the iDRAC Enterprise license locally (with no network connectivity) and activate the dedicated NIC. This utility installs a 30-day trial iDRAC Enterprise license and allows you to reset the iDRAC to change from shared NIC to dedicated NIC.


For more information about this utility and to download this tool, click here.

License Component State or Condition and Available Operations

The following table provides the list of license operations available based on the license state or condition.

Table 1. License Operations Based on State and Condition

License/ Component state or condition

Import

Export

Delete

Replace

Learn More

Non- administrator login

No

No

No

No

Yes

Active license

Yes

Yes

Yes

Yes

Yes

Expired license

No

Yes

Yes

Yes

Yes

License installed but component missing

No

Yes

Yes

No

Yes

NOTE icon NOTE: In the iDRAC Web interface, on the Licenses page, expand the device to view the Replace

option in the drop-down menu.

Managing Licenses Using iDRAC Web Interface

To manage the licenses using the iDRAC Web interface, go to Overview → Server → Licenses .

The Licensing page displays the licenses that are associated to devices, or the licenses that are installed but the device is not present in the system. For more information on importing, exporting, deleting, or replacing a license, see the iDRAC Online Help.

Managing Licenses Using RACADM

To manage licenses using RACADM, use the license subcommand. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.

Licensable Features In iDRAC8

The following table provides the iDRAC8 features that are enabled based on the license purchased.

Feature

iDRAC8 Basic

iDRAC8 Express

iDRAC8 Express for Blades

iDRAC8 Enterprise

Interfaces / Standards

IPMI 2.0

Yes

Yes

Yes

Yes

DCMI 1.5

Yes

Yes

Yes

Yes


Feature iDRAC8 Basic iDRAC8 Express iDRAC8 Express for Blades


iDRAC8 Enterprise


Web-based GUI

Yes

Yes

Yes

Yes

Racadm command line (local/remote)

Yes

Yes

Yes

Yes

SMASH-CLP (SSH-only)

Yes

Yes

Yes

Yes

Telnet

Yes

Yes

Yes

Yes

SSH

Yes

Yes

Yes

Yes

WSMAN

Yes

Yes

Yes

Yes

Network Time Protocol

No

Yes

Yes

Yes

Connectivity

Shared NIC

Yes

Yes

N/A

Yes1

Dedicated NIC2

Yes

Yes

Yes

Yes2

VLAN tagging

Yes

Yes

Yes

Yes

IPv4

Yes

Yes

Yes

Yes

IPv6

Yes

Yes

Yes

Yes

DHCP

Yes

Yes

Yes

Yes

Dynamic DNS

Yes

Yes

Yes

Yes

OS pass-through

Yes

Yes

Yes

Yes

Front panel USB

Yes

Yes

Yes

Yes

Security

Role-based authority

Yes

Yes

Yes

Yes

Local users

Yes

Yes

Yes

Yes

SSL encryption

Yes

Yes

Yes

Yes

IP blocking

No

Yes

Yes

Yes

Directory services (AD, LDAP)

No

No

No

Yes

Two-factor authentication

No

No

No

Yes


Feature iDRAC8 Basic iDRAC8 Express iDRAC8 Express for Blades


iDRAC8 Enterprise


Single sign-on

No

No

No

Yes

PK authentication

No

Yes

Yes

Yes

Remote Presence

Power control

Yes

Yes

Yes

Yes

Boot control

Yes

Yes

Yes

Yes

Serial-over-LAN

Yes

Yes

Yes

Yes

Virtual Media

No

No

Yes

Yes

Virtual Folders

No

No

No

Yes

Remote File Share

No

No

No

Yes

Virtual Console

No

No

Yes

Yes

VNC connection to OS

No

No

No

Yes

Quality/bandwidth control

No

No

No

Yes

Virtual Console collaboration (6 users)

No

No

Yes

Yes

Virtual Console chat

No

No

No

Yes

Virtual Flash partitions

No

No

No

Yes 2,3

Power and Thermal

Real-time power meter

Yes

Yes

Yes

Yes

Power thresholds & alerts

No

Yes

Yes

Yes

Real-time power graphing

No

Yes

Yes

Yes

Historical power counters

No

Yes

Yes

Yes

Power capping

No

No

No

Yes

Power Center integration

No

No

No

Yes

Temperature monitoring

Yes

Yes

Yes

Yes

Temperature graphing

No

Yes

Yes

Yes


Feature iDRAC8 Basic iDRAC8 Express iDRAC8 Express for Blades


iDRAC8 Enterprise


Health Monitoring

Full agent-free monitoring

Yes

Yes

Yes

Yes

Predictive failure monitoring

Yes

Yes

Yes

Yes

SNMPv1, v2, and v3 (traps and gets)

Yes

Yes

Yes

Yes

Email Alerting

No

Yes

Yes

Yes

Configurable thresholds

Yes

Yes

Yes

Yes

Fan monitoring

Yes

Yes

Yes

Yes

Power Supply monitoring

Yes

Yes

Yes

Yes

Memory monitoring

Yes

Yes

Yes

Yes

CPU monitoring

Yes

Yes

Yes

Yes

RAID monitoring

Yes

Yes

Yes

Yes

NIC monitoring

Yes

Yes

Yes

Yes

HD monitoring (enclosure)

Yes

Yes

Yes

Yes

Out of Band Performance Monitoring

No

No

No

Yes

Update

Remote agent-free update

Yes

Yes

Yes

Yes

Embedded update tools

Yes

Yes

Yes

Yes

Sync with repository (scheduled updates)

No

No

No

Yes

Auto-update

No

No

No

Yes

Deployment and Configuration

Embedded OS deployment tools

Yes

Yes

Yes

Yes


Feature iDRAC8 Basic iDRAC8 Express iDRAC8 Express for Blades


iDRAC8 Enterprise


Embedded configuration tools

Yes

Yes

Yes

Yes

Auto-Discovery

No

Yes

Yes

Yes

Remote OS deployment

No

Yes

Yes

Yes

Embedded driver pack

Yes

Yes

Yes

Yes

Full configuration inventory

Yes

Yes

Yes

Yes

Inventory export

Yes

Yes

Yes

Yes

Remote configuration

Yes

Yes

Yes

Yes

Zerotouch configuration

No

No

No

Yes

System Retire/Repurpose

Yes

Yes

Yes

Yes

Diagnostics, Service, and Logging

Embedded diagnostic tools

Yes

Yes

Yes

Yes

Part Replacement

No

Yes

Yes

Yes

Server Configuration Backup

No

No

No

Yes

Server Configuration Restore

Yes

Yes

Yes

Yes

Easy Restore (system configuration)

Yes

Yes

Yes

Yes

Health LED / LCD

Yes

Yes

Yes

Yes

Quick Sync (require NFC bezel)

Yes

Yes

N/A

Yes

iDRAC Direct (front USB management port)

Yes

Yes

Yes

Yes

iDRAC Service Module (iSM)

Yes

Yes

Yes

Yes

Embedded Tech Support Report

Yes

Yes

Yes

Yes


Feature iDRAC8 Basic iDRAC8 Express iDRAC8 Express for Blades


iDRAC8 Enterprise


Crash screen capture

No

Yes

Yes

Yes

Crash video capture

No

No

No

Yes

Boot capture

No

No

No

Yes

Manual reset for iDRAC

Yes

Yes

Yes

Yes

Virtual NMI

Yes

Yes

Yes

Yes

OS watchdog

Yes

Yes

Yes

Yes

Embedded Health Report

Yes

Yes

Yes

Yes

System Event Log

Yes

Yes

Yes

Yes

Lifecycle Log

Yes

Yes

Yes

Yes

Work notes

Yes

Yes

Yes

Yes

Remote Syslog

No

No

No

Yes

License management

Yes

Yes

Yes

Yes

[1] Not available with blade servers.

[2] 500 series and lower rack and tower servers require a hardware card to enable this feature; this hardware is offered at additional cost.

[3] Requires vFlash SD card media.

Interfaces and Protocols to Access iDRAC

The following table lists the interfaces to access iDRAC.

NOTE icon NOTE: Using more than one interface at the same time may generate unexpected results.

Table 2. Interfaces and Protocols to Access iDRAC

Interface or Protocol

Description

iDRAC Settings Utility

Use the iDRAC Settings utility to perform pre-OS operations. It has a subset of the features that are available in iDRAC Web interface along with other features.

To access iDRAC Settings utility, press <F2> during boot and then click iDRAC Settings on the System Setup Main Menu page.

iDRAC Web Interface

Use the iDRAC Web interface to manage iDRAC and monitor the managed system. The browser connects to the Web server through the HTTPS port. Data streams


Interface or Protocol


Description

are encrypted using 128-bit SSL to provide privacy and integrity. Any connection to the HTTP port is redirected to HTTPS. Administrators can upload their own SSL certificate through an SSL CSR generation process to secure the Web server. The default HTTP and HTTPS ports can be changed. The user access is based on user privileges.


RACADM

Use this command line utility to perform iDRAC and server management. You can use RACADM locally and remotely.

• Local RACADM command line interface runs on the managed systems that have Server Administrator installed. Local RACADM communicates with iDRAC through its in-band IPMI host interface. Since it is installed on the local managed system, users are required to log in to the operating system to run this utility. A user must have a full administrator privilege or be a root user to use this utility.

• Remote RACADM is a client utility that runs on a management station. It uses the out-of-band network interface to run RACADM commands on the managed system and uses the HTTPs channel. The –r option runs the RACADM

Server LCD Panel/ Chassis LCD Panel

• Firmware RACADM is accessible by logging in to iDRAC using SSH or telnet. You can run the firmware RACADM commands without specifying the iDRAC IP, user name, or password.

• You do not have to specify the iDRAC IP, user name, or password to run the firmware RACADM commands. After you enter the RACADM prompt, you can directly run the commands without the racadm prefix.

Use the LCD on the server front panel to:

• View alerts, iDRAC IP or MAC address, user programmable strings.

• Set DHCP

• Configure iDRAC static IP settings.

For blade servers, the LCD is on the chassis front panel and is shared between all the blades.

To reset iDRAC without rebooting the server, press and hold the System Identification button for 16 seconds.

CMC Web Interface

In addition to monitoring and managing the chassis, use the CMC Web interface to:

• View the status of a managed system

• Update iDRAC firmware

• Configure iDRAC network settings

• Log in to iDRAC Web interface

Lifecycle Controller

• Start, stop, or reset the managed system

• Update BIOS, PERC, and supported network adapters

Use Lifecycle Controller to perform iDRAC configurations. To access Lifecycle Controller, press <F10> during boot and go to System Setup → Advanced Hardware Configuration → iDRAC Settings. For more information, see Lifecycle Controller User’s Guide available at dell.com/support/manuals.

Telnet

Use Telnet to access iDRAC where you can run RACADM and SMCLP commands. For details about RACADM, see iDRAC8 RACADM Command Line Interface

command over a network.

system indentification button


Interface or Protocol


Description


NOTE icon

NOTE icon

Reference Guide available at dell.com/support/manuals. For details about SMCLP, see Using SMCLP .

NOTE: Telnet is not a secure protocol and is disabled by default. Telnet transmits all data, including passwords in plain text. When transmitting sensitive information, use the SSH interface.

SSH

Use SSH to run RACADM and SMCLP commands. It provides the same capabilities as the Telnet console using an encrypted transport layer for higher security. The SSH service is enabled by default on iDRAC. The SSH service can be disabled in iDRAC. iDRAC only supports SSH version 2 with DSA and the RSA host key algorithm. A unique 1024-bit DSA and 1024-bit RSA host key is generated when you power-up iDRAC for the first time.

IPMITool

Use the IPMITool to access the remote system’s basic management features through iDRAC. The interface includes local IPMI, IPMI over LAN, IPMI over Serial, and Serial over LAN. For more information on IPMITool, see the Dell OpenManage Baseboard Management Controller Utilities User’s Guide at dell.com/support/ manuals.

NOTE: IPMI version 1.5 is not supported.

VMCLI

Use the Virtual Media Command Line Interface (VMCLI) to access a remote media through the management station and deploy operating systems on multiple managed systems.

SMCLP

Use Server Management Workgroup Server Management-Command Line Protocol (SMCLP) to perform systems management tasks. This is available through SSH or Telnet. For more information about SMCLP, see Using SMCLP .

WS-MAN

The LC-Remote Services is based on the WS-Management protocol to do one-to- many systems management tasks. You must use WS-MAN client such as WinRM client (Windows) or the OpenWSMAN client (Linux) to use the LC-Remote Services functionality. You can also use Power Shell and Python to script to the WS-MAN interface.

Web Services for Management (WS-Management) is a Simple Object Access Protocol (SOAP)–based protocol used for systems management. iDRAC uses WS– Management to convey Distributed Management Task Force (DMTF) Common Information Model (CIM)–based management information. The CIM information defines the semantics and information types that can be modified in a managed system. The data available through WS-Management is provided by iDRAC instrumentation interface mapped to the DMTF profiles and extension profiles.

For more information, see the following:

• Lifecycle Controller-Remote Services User’s Guide available at dell.com/

support/manuals.

• Lifecycle Controller Integration Best Practices Guide available at dell.com/ support/manuals.

• Lifecycle Controller page on Dell TechCenter — delltechcenter.com/page/ Lifecycle+Controller

• Lifecycle Controller WS-Management Script Center — delltechcenter.com/ page/Scripting+the+Dell+Lifecycle+Controller

• MOFs and Profiles — delltechcenter.com/page/DCIM.Library


Interface or Protocol


Description

DTMF Web site — dmtf.org/standards/profiles/


iDRAC Port Information

The following ports are required to remotely access iDRAC through firewalls. These are the default ports iDRAC listens to for connections. Optionally, you can modify most of the ports. To do this, see Configuring Services .

Table 3. Ports iDRAC Listens for Connections

Port Number

Function

22*

SSH

23*

Telnet

80*

HTTP

443*

HTTPS

623

RMCP/RMCP+

161*

SNMP

5900*

Virtual Console keyboard and mouse redirection, Virtual Media, Virtual Folders, and Remote File Share

5901

VNC

When VNC feature is enabled, the port 5901 opens.

* Configurable port

The following table lists the ports that iDRAC uses as a client.

Table 4. Ports iDRAC Uses as Client

Port Number

Function

25*

SMTP

53

DNS

68

DHCP-assigned IP address

69

TFTP

162*

SNMP trap


Port Number

Function

445

Common Internet File System (CIFS)

636

LDAP Over SSL (LDAPS)

2049

Network File System (NFS)

123

Network Time Protocol (NTP)

3269

LDAPS for global catalog (GC)

* Configurable port

Other Documents You May Need

In addition to this guide, the following documents available on the Dell Support website at dell.com/ support/manuals provides additional information about the setup and operation of iDRAC in your system.

• The iDRAC Online Help provides detailed information about the fields available on the iDRAC Web interface and the descriptions for the same. You can access the online help after you install iDRAC.

• The iDRAC8 RACADM Command Line Interface Reference Guide provides information about the RACADM sub-commands, supported interfaces, and iDRAC property database groups and object definitions.

• The iDRAC RACADM Support Matrix provides the list of sub commands and objects that are applicable for a particular iDRAC version.

• The Systems Management Overview Guide provides brief information about the various software available to perform systems management tasks.

• The Dell Lifecycle Controller Graphical User Interface For 13th Generation Dell PowerEdge Servers User’s Guide provides information on using Lifecycle Controller Graphical User Interface (GUI).

• The Dell Lifecycle Controller Remote Services For 13th Generation Dell PowerEdge Servers Quick Start Guide provides an overview of the Remote Services capabilities, information on getting started with Remote Services, Lifecycle Controller API, and provides references to various resources on Dell Tech Center.

• The Dell Remote Access Configuration Tool User’s Guide provides information on how to use the tool to discover iDRAC IP addresses in your network and perform one-to-many firmware updates and active directory configurations for the discovered IP addresses.

• The Dell Systems Software Support Matrix provides information about the various Dell systems, the operating systems supported by these systems, and the Dell OpenManage components that can be installed on these systems.

• The iDRAC Service Module Installation Guide provides information to install the iDRAC Service Module.

• The Dell OpenManage Server Administrator Installation Guide contains instructions to help you install Dell OpenManage Server Administrator.

• The Dell OpenManage Management Station Software Installation Guide contains instructions to help you install Dell OpenManage management station software that includes Baseboard Management Utility, DRAC Tools, and Active Directory Snap-In.

• The Dell OpenManage Baseboard Management Controller Management Utilities User’s Guide has information about the IPMI interface.

• The Release Notes provides last-minute updates to the system or documentation or advanced technical reference material intended for experienced users or technicians.


• The Glossary provides information about the terms used in this document. The following system documents are available to provide more information:

• The iDRAC Overview and Feature Guide provides information about iDRAC, its licensable features, and license upgrade options.

• The safety instructions that came with your system provide important safety and regulatory information. For additional regulatory information, see the Regulatory Compliance home page at dell.com/regulatory_compliance. Warranty information may be included within this document or as a separate document.

• The Rack Installation Instructions included with your rack solution describe how to install your system into a rack.

• The Getting Started Guide provides an overview of system features, setting up your system, and technical specifications.

• The Owner’s Manual provides information about system features and describes how to troubleshoot the system and install or replace system components.

Related Links

Contacting Dell

Accessing documents from Dell support site

Social Media Reference

To know more about the product, best practices, and information about Dell solutions and services, you can access the social media platforms such as Dell TechCenter. You can access blogs, forums, whitepapers, how-to videos, and so on from the iDRAC wiki page at www.delltechcenter.com/idrac.

For iDRAC and other related firmware documents, see www.dell.com/esmmanuals.

Contacting Dell

NOTE icon NOTE: If you do not have an active Internet connection, you can find contact information on your purchase invoice, packing slip, bill, or Dell product catalog.

Dell provides several online and telephone-based support and service options. Availability varies by country and product, and some services may not be available in your area. To contact Dell for sales, technical support, or customer service issues:

1. Go to dell.com/support.

2. Select your support category.

3. Verify your country or region in the Choose a Country/Region drop-down list at the top of page.

4. Select the appropriate service or support link based on your need.

Accessing documents from Dell support site

You can access the required documents in one of the following ways:

• Using the following links:

– For all Systems Management documents — dell.com/softwaresecuritymanuals

– For Remote Enterprise Systems Management documents — dell.com/esmmanuals

– For Enterprise Systems Management documents — dell.com/openmanagemanuals


– For Client Systems Management documents — dell.com/clientsystemsmanagement

– For Serviceability Tools documents — dell.com/serviceabilitytools

– For OpenManage Connections Enterprise Systems Management documents — dell.com/ OMConnectionsEnterpriseSystemsManagement

– For OpenManage Connections Client Systems Management documents — dell.com/ connectionsclientsystemsmanagement

• From the Dell Support site:

a. Go to dell.com/support/manuals.

b. Under General support section, click Software & Security.

c. In the Software & Security group box, click the required link from the following:

– Serviceability Tools

– Enterprise Systems Management

– Client Systems Management

– Remote Enterprise Systems Management

– Connections Client Systems Management

d. To view a document, click the required product version.

• Using search engines:

– Type the name and version of the document in the search box.


2

Logging into iDRAC

You can log in to iDRAC as an iDRAC user, as a Microsoft Active Directory user, or as a Lightweight Directory Access Protocol (LDAP) user. The default user name and password is root and calvin, respectively. You can also log in using Single Sign-On or Smart Card.

NOTE icon NOTE: You must have Login to iDRAC privilege to log in to iDRAC.

Related Links

Logging into iDRAC as Local User, Active Directory User, or LDAP User Logging into iDRAC Using Smart Card

Logging into iDRAC Using Single Sign-on Changing Default Login Password

Logging into iDRAC as Local User, Active Directory User, or LDAP User

Before you log in to iDRAC using the Web interface, make sure that you have configured a supported Web browser and the user account is created with the required privileges.

NOTE icon NOTE: The user name is not case-sensitive for an Active Directory user. The password is case- sensitive for all users.

NOTE icon NOTE: In addition to Active Directory, openLDAP, openDS, Novell eDir, and Fedora based directory services are supported.

To log in to iDRAC as local user, Active Directory user, or LDAP user:

1. Open a supported Web browser.

2. In the Address field, type https://[iDRAC-IP-address] and press <Enter>.

NOTE icon NOTE: If the default HTTPS port number (port 443) was changed, enter: https://[iDRAC- IP-address]:[port-number] where, [iDRAC-IP-address] is the iDRAC IPv4 or IPv6

address and [port-number] is the HTTPS port number.

The Login page is displayed.

3. For a local user:

• In the Username and Password fields, enter your iDRAC user name and password.

• From the Domain drop-down menu, select This iDRAC.

4. For an Active Directory user, in the Username and Password fields, enter the Active Directory user name and password. If you have specified the domain name as a part of the username, select This iDRAC from the drop-down menu. The format of the user name can be: <domain>\<username>,

<domain>/<username>, or <user>@<domain>.

For example, dell.com\john_doe, or JOHN_DOE@DELL.COM.


If the domain is not specified in the user name, select the Active Directory domain from the Domain

drop-down menu.

5. For an LDAP user, in the Username and Password fields, enter your LDAP user name and password. Domain name is not required for LDAP login. By default, This iDRAC is selected in the drop-down menu.

6. Click Submit. You are logged into iDRAC with the required user privileges.

If you log in with Configure Users privileges and the default account credentials, and if the default password warning feature is enabled, the Default Password Warning page is displayed allowing you to easily change the password.

Related Links

Configuring User Accounts and Privileges Changing Default Login Password Configuring Supported Web Browsers

Logging into iDRAC Using Smart Card

You can log in to iDRAC using a smart card. Smart cards provide Two Factor Authentication (TFA) that provide two-layers of security:

• Physical smart card device.

• Secret code such as, a password or a PIN.

Users must verify their credentials using the smart card and the PIN.

Related Links

Logging Into iDRAC as a Local User Using Smart Card

Logging Into iDRAC as an Active Directory User Using Smart Card

Logging Into iDRAC as a Local User Using Smart Card

Before you log in as a local user using Smart Card, make sure to:

• Upload user smart card certificate and the trusted Certificate Authority (CA) certificate to iDRAC

• Enable smart card logon.

The iDRAC Web interface displays the smart card logon page for users who are configured to use the smart card.

NOTE icon NOTE: Depending on the browser settings, you are prompted to download and install the smart card reader ActiveX plug-in when using this feature for the first time.

To log in to iDRAC as a local user using smart card:

1. Access the iDRAC Web interface using the link https://[IP address]. The iDRAC Login page is displayed prompting you to insert the smart card.

NOTE icon NOTE: If the default HTTPS port number (port 443) has been changed, type: https://[IP address]:[port number] where, [IP address] is the IP address for the iDRAC and

[port number] is the HTTPS port number.

2. Insert the Smart Card into the reader and click Login.

A prompt is displayed for the Smart Card’s PIN. A password in not required.


3. Enter the Smart Card PIN for local Smart Card users. You are logged into the iDRAC.

NOTE icon NOTE: If you are a local user for whom Enable CRL check for Smart Card Logon is enabled, iDRAC attempts to download the CRL and checks the CRL for the user's certificate. The login

fails if the certificate is listed as revoked in the CRL or if the CRL cannot be downloaded for some reason.

Related Links

Enabling or Disabling Smart Card Login

Configuring iDRAC Smart Card Login for Local Users

Logging Into iDRAC as an Active Directory User Using Smart Card

Before you log in as a Active Directory user using Smart Card, make sure to:

• Upload a Trusted Certificate Authority (CA) certificate (CA-signed Active Directory certificate) to iDRAC.

• Configure the DNS server.

• Enable Active Directory login.

• Enable Smart Card login.

To log in to iDRAC as an Active Directory user using smart card:

1. Log in to iDRAC using the link https://[IP address].

The iDRAC Login page is displayed prompting you to insert the Smart Card.

NOTE icon NOTE: If the default HTTPS port number (port 443) is changed, type: https://[IP address]:[port number] where, [IP address] is the iDRAC IP address and [port

number] is the HTTPS port number.

2. Insert the Smart Card and click Login. The PIN pop-up is displayed.

3. Enter the PIN and click Submit.

You are logged in to iDRAC with your Active Directory credentials. NOTE icon NOTE:

If the smart card user is present in Active Directory, an Active Directory password is not required.

Related Links

Enabling or Disabling Smart Card Login

Configuring iDRAC Smart Card Login for Active Directory Users

Logging into iDRAC Using Single Sign-on

When Single Sign-On (SSO) is enabled, you can log in to iDRAC without entering your domain user authentication credentials, such as user name and password.

Related Links

Configuring iDRAC SSO Login for Active Directory Users

Logging into iDRAC SSO Using iDRAC Web Interface

Before logging into iDRAC using Single Sign-on, make sure that:


• You have logged into your system using a valid Active Directory user account.

• Single Sign-On option is enabled during Active Directory configuration. To login to iDRAC using Web interface:

1. Log in to your management station using a valid Active Directory account.

2. In a Web browser, type https://[FQDN address]

NOTE icon NOTE: If the default HTTPS port number (port 443) has been changed, type: https://[FQDN address]:[port number] where, [FQDN address] is the iDRAC FQDN

(iDRACdnsname.domain. name) and [port number] is the HTTPS port number.

NOTE icon NOTE: If you use IP address instead of FQDN, SSO fails.

iDRAC logs you in with appropriate Microsoft Active Directory privileges, using your credentials that were cached in the operating system when you logged in using a valid Active Directory account.

Logging into iDRAC SSO Using CMC Web Interface

Using the SSO feature, you can launch iDRAC Web interface from CMC Web interface. A CMC user has the CMC user privileges when launching iDRAC from CMC. If the user account is present in CMC and not in iDRAC, the user can still launch iDRAC from CMC.

If iDRAC network LAN is disabled (LAN Enabled = No), SSO is not available.

If the server is removed from the chassis, iDRAC IP address is changed, or there is a problem in iDRAC network connection, the option to Launch iDRAC is grayed-out in the CMC Web interface.

For more information, see the Chassis Management Controller User’s Guide available at dell.com/ support/manuals.

Accessing iDRAC Using Remote RACADM

You can use remote RACADM to access iDRAC using RACADM utility.

For more information, see the RACADM Reference Guide for iDRAC and CMC available at dell.com/ support/manuals.

If the management station has not stored the iDRAC’s SSL certificate in its default certificate storage, a warning message is displayed when you run the RACADM command. However, the command is executed successfully.

NOTE icon NOTE: The iDRAC certificate is the certificate iDRAC sends to the RACADM client to establish the secure session. This certificate is either issued by a CA or self-signed. In either case, if the

management station does not recognize the CA or signing authority, a warning is displayed.

Related Links

Validating CA Certificate To Use Remote RACADM on Linux

Validating CA Certificate To Use Remote RACADM on Linux

Before running remote RACADM commands, validate the CA certificate that is used for secure communications.


To validate the certificate for using remote RACADM:

1. Convert the certificate in DER format to PEM format (using openssl command line tool):

openssl x509 -inform pem -in [yourdownloadedderformatcert.crt] –outform pem

-out [outcertfileinpemformat.pem] –text

2. Find the location of the default CA certificate bundle on the management station. For example, for RHEL5 64-bit, it is /etc/pki/tls/cert.pem.

3. Append the PEM formatted CA certificate to the management station CA certificate. For example, use the cat command: - cat testcacert.pem >> cert.pem

4. Generate and upload the server certificate to iDRAC.

Accessing iDRAC Using Local RACADM

For information to access iDRAC using local RACADM, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.

Accessing iDRAC Using Firmware RACADM

You can use SSH or Telnet interfaces to access iDRAC and run firmware RACADM commands. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/ support/manuals.

Accessing iDRAC Using SMCLP

SMCLP is the default command line prompt when you log in to iDRAC using Telnet or SSH. For more information, see Using SMCLP .

Logging in to iDRAC Using Public Key Authentication

You can log into the iDRAC over SSH without entering a password. You can also send a single RACADM command as a command line argument to the SSH application. The command line options behave similar to remote RACADM since the session ends after the command is completed.

For example:

Logging in:

ssh username@<domain>

or

ssh username@<IP_address>

where IP_address is the IP address of the iDRAC.

Sending RACADM commands:

ssh username@<domain> racadm getversion ssh username@<domain> racadm getsel

Related Links

Using Public Key Authentication For SSH


Multiple iDRAC Sessions

The following table provides the list of multiple iDRAC sessions that are possible using the various interfaces.

Table 5. Multiple iDRAC Sessions

Interface

Number of Sessions

iDRAC Web Interface

6

Remote RACADM

4

Firmware RACADM / SMCLP

SSH - 2

Telnet - 2

Serial - 1

Changing Default Login Password

The warning message that allows you to change the default password is displayed if:

• You log in to iDRAC with Configure User privilege.

• Default password warning feature is enabled.

• Credentials for any currently enabled account are root/calvin.

A warning message is also displayed when you log in to iDRAC using SSH, Telnet, remote RACADM, or the Web interface. For Web interface, SSH, and Telnet, a single warning message is displayed for each session. For remote RACADM, the warning message is displayed for each command.

Related Links

Enabling or Disabling Default Password Warning Message

Changing Default Login Password Using Web Interface

When you log in to iDRAC Web interface, if the Default Password Warning page is displayed, you can change the password. To do this:

1. Select the Change Default Password option.

2. In the New Password field, enter the new password.

The maximum characters for the password are 20. The characters are masked. The following characters are supported:

• 0-9

• A-Z

• a-z

• Special characters: +, &, ?, >, -, }, |, ., !, (, ', ,, _,[, ", @, #, ), *, ;, $, ], /, §, %, =, <, :, {, I, \

3. In the Confirm Password field, enter the password again.

4. Click Continue. The new password is configured and you are logged in to iDRAC.


NOTE icon NOTE: Continue is enabled only if the passwords entered in the New Password and Confirm Password fields match.

For information about the other fields, see the iDRAC Online Help.

Changing Default Login Password Using RACADM

To change the password, run the following RACADM command:

racadm set iDRAC.Users.<index>.Password <Password>

where, <index> is a value from 1 to 16 (indicates the user account) and <password> is the new user— defined password.

For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide.

Changing Default Login Password Using iDRAC Settings Utility

To change the default login password using iDRAC Settings Utility:

1. In the iDRAC Settings utility, go to User Configuration. The iDRAC Settings.User Configuration page is displayed.

2. In the Change Password field, enter the new password.

3. Click Back, click Finish, and then click Yes. The details are saved.

Enabling or Disabling Default Password Warning Message

You can enable or disable the display of the default password warning message. To do this, you must have Configure Users privilege.

Enabling or Disabling Default Password Warning Message Using Web Interface

To enable or disable the display of the default password warning message after logging in to iDRAC:

1. Go to Overview → iDRAC Settings → User Authentication → Local Users . The Users page is displayed.

2. In the Default Password Warning section, select Enable, and then click Apply to enable the display of the Default Password Warning page when you log in to iDRAC. Else, select Disable.

Alternatively, if this feature is enabled and you do not want to display the warning message for subsequent log-ins, on the Default Password Warning page, select the Do not show this warning again option, and then click Apply.

Enabling or Disabling Warning Message to Change Default Login Password Using RACADM

To enable the display of the warning message to change the default login password using RACADM, use idrac.tuning.DefaultCredentialWarning object. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.


3

Setting Up Managed System and Management Station

To perform out-of-band systems management using iDRAC, you must configure iDRAC for remote accessibility, set up the management station and managed system, and configure the supported Web browsers.

NOTE icon NOTE: In case of blade servers, install CMC and I/O modules in the chassis and physically install the system in the chassis before performing the configurations.

Both iDRAC Express and iDRAC Enterprise ship from the factory with a default static IP address. However, Dell also offers two options-Auto-discovery that allows you to access the iDRAC, and remotely configure your server, and DHCP:

• Auto Discovery — Use this option if you have a provisioning server installed in your data center environment. A provisioning server manages and automates the deployment or upgrade of an operating system and applications to a Dell PowerEdge server. By enabling Auto Discovery, the servers — upon first boot — searches for a provisioning server to take control and begin the automated deployment or update process.

• DHCP — Use this option if you have a Dynamic Host Configuration Protocol (DHCP) server installed in the data center environment. The DHCP server automatically assigns the IP address, gateway, and subnet mask for iDRAC.

You can enable Auto-discovery or DHCP when you place an order for the server. There is no charge to enable either of these features. Only one setting is possible.

Related Links

Setting Up iDRAC IP Address Setting Up Managed System Updating Device Firmware Rolling Back Device Firmware Setting Up Management Station

Configuring Supported Web Browsers

Setting Up iDRAC IP Address

You must configure the initial network settings based on your network infrastructure to enable the communication to and from iDRAC. You can set up the IP address using one of the following interfaces:

• iDRAC Settings utility

• Lifecycle Controller (see Lifecycle Controller User’s Guide)

• Dell Deployment Toolkit (see Dell Deployment Toolkit User’s Guide)

• Chassis or Server LCD panel (see the system’s Hardware Owner’s Manual)


NOTE icon NOTE: In case of blade servers, you can configure the network setting using the Chassis LCD panel only during initial configuration of CMC. After the chassis is deployed, you cannot

reconfigure iDRAC using the Chassis LCD panel.

• CMC Web interface (see Dell Chassis Management Controller Firmware User’s Guide)

In case of rack and tower servers, you can set up the IP address or use the default iDRAC IP address 192.168.0.120 to configure initial network settings, including setting up DHCP or the static IP for iDRAC.

In case of blade servers, the iDRAC network interface is disabled by default. After you configure iDRAC IP address:

• Make sure to change the default user name and password after setting up the iDRAC IP address.

• Access it through any of the following interfaces:

– iDRAC Web interface using a supported browser (Internet Explorer, Firefox, Chrome, or Safari)

– Secure Shell (SSH) — Requires a client such as PuTTY on Windows. SSH is available by default in most of the Linux systems and hence does not require a client.

– Telnet (must be enabled, since it is disabled by default)

– IPMITool (uses IPMI command) or shell prompt (requires Dell customized installer in Windows or Linux, available from Systems Management Documentation and Tools DVD or support.dell.com)

Related Links

Setting Up iDRAC IP Using iDRAC Settings Utility Setting Up iDRAC IP Using CMC Web Interface Enabling Auto-discovery

Configuring Servers and Server Components Using Auto Config

Setting Up iDRAC IP Using iDRAC Settings Utility

To set up the iDRAC IP address:

1. Turn on the managed system.

2. Press <F2> during Power-on Self-test (POST).

3. In the System Setup Main Menu page, click iDRAC Settings. The iDRAC Settings page is displayed.

4. Click Network.

The Network page is displayed.

5. Specify the following settings:

• Network Settings

• Common Settings

• IPv4 Settings

• IPv6 Settings

• IPMI Settings

• VLAN Settings

6. Click Back, click Finish, and then click Yes.

The network information is saved and the system reboots.

Related Links

Network Settings Common Settings


IPv4 Settings IPv6 Settings IPMI Settings VLAN Settings

Network Settings

To configure the Network Settings:

NOTE icon NOTE: For information about the options, see the iDRAC Settings Utility Online Help.

1. Under Enable NIC, select the Enabled option.

2. From the NIC Selection drop-down menu, select one of the following ports based on the network requirement:

• Dedicated — Enables the remote access device to use the dedicated network interface available on the Remote Access Controller (RAC). This interface is not shared with the host operating system and routes the management traffic to a separate physical network, enabling it to be separated from the application traffic.

This option implies that iDRAC's dedicated network port routes its traffic separately from the Server's LOM or NIC ports. With respect to managing network traffic, the Dedicated option allows iDRAC to be assigned an IP address from the same subnet or different subnet in comparison to the IP addresses assigned to the Host LOM or NICs.

NOTE icon NOTE: The option is available only on rack or tower systems.

• LOM1

• LOM2

• LOM3

• LOM4

NOTE icon NOTE: In the case of rack and tower servers, two LOM options (LOM1 and LOM2) or all four LOM options are available depending on the server model. Blade servers do not use LOM for

iDRAC communication.

3. From the Failover Network drop-down menu, select one of the remaining LOMs. If a network fails, the traffic is routed through the failover network.

NOTE icon NOTE: If you have selected Dedicated in NIC Selection drop-down menu, the option is grayed-out .

For example, to route the iDRAC network traffic through LOM2 when LOM1 is down, select LOM1 for

NIC Selection and LOM2 for Failover Network.

4. Under Auto Negotiation, select On if iDRAC must automatically set the duplex mode and network speed. This option is available only for dedicated mode. If enabled, iDRAC sets the network speed to 10, 100, or 1000 Mbps based on the network speed.

5. Under Network Speed, select either 10 Mbps or100 Mbps.

NOTE icon NOTE: You cannot manually set the Network Speed to 1000 Mbps. This option is available only if Auto Negotiation option is enabled.

6. Under Duplex Mode, select Half Duplex or Full Duplex option.

NOTE icon NOTE: If you enable Auto Negotiation, this option is grayed-out.


Common Settings

If network infrastructure has DNS server, register iDRAC on the DNS. These are the initial settings requirements for advanced features such as Directory services—–Active Directory or LDAP, Single Sign On, and smart card.

To register iDRAC:

1. Enable Register DRAC on DNS.

2. Enter the DNS DRAC Name.

3. Select Auto Config Domain Name to automatically acquire domain name from DHCP. Else, provide the DNS Domain Name.

IPv4 Settings

To configure the IPv4 settings:

1. Select Enabled option under Enable IPv4 .

2. Select Enabled option under Enable DHCP , so that DHCP can automatically assign the IP address, gateway, and subnet mask to iDRAC. Else, select Disabled and enter the values for:

• Static IP Address

• Static Gateway

• Static Subnet Mask

3. Optionally, enable Use DHCP to obtain DNS server address, so that the DHCP server can assign the Static Preferred DNS Server and Static Alternate DNS Server. Else, enter the IP addresses for Static Preferred DNS Server and Static Alternate DNS Server.

IPv6 Settings

Alternately, based on the infrastructure setup, you can use IPv6 address protocol. To configure the IPv6 settings:

1. Select Enabled option under Enable IPv6.

2. For the DHCPv6 server to automatically assign the IP address, gateway, and subnet mask to iDRAC, select Enabled option under Enable Auto-configuration. If enabled, the static values are disabled. Else, proceed to the next step to configure using the static IP address.

3. In the Static IP Address 1 box, enter the static IPv6 address.

4. In the Static Prefix Length box, enter a value between 0 and 128.

5. In the Static Gateway box, enter the gateway address.

6. If you are using DHCP, enable DHCPv6 to obtain DNS Server addresses to obtain Primary and Secondary DNS server addresses from DHCPv6 server. Else, select Disabled and do the following:

• In the Static Preferred DNS Server box, enter the static DNS server IPv6 address.

• In the Static Alternate DNS Server box, enter the static alternate DNS server.

IPMI Settings

To enable the IPMI Settings:

1. Under Enable IPMI Over LAN, select Enabled.

2. Under Channel Privilege Limit, select Administrator, Operator, or User.

3. In the Encryption Key box, enter the encryption key in the format 0 to 40 hexadecimal characters (without any blanks characters.) The default value is all zeros.


VLAN Settings

You can configure iDRAC into the VLAN infrastructure. To configure VLAN Settings:

1. Under Enable VLAN ID, select Enabled.

2. In the VLAN ID box, enter a valid number from 1 to 4094.

3. In the Priority box, enter a number from 0 to 7 to set the priority of the VLAN ID. NOTE icon NOTE: After enabling VLAN, the idrac IP is not accessible for sometime.

Setting Up iDRAC IP Using CMC Web Interface

To set up the iDRAC IP address using CMC Web interface:

NOTE icon NOTE: You must have Chassis Configuration Administrator privilege to set up iDRAC network settings from CMC.

1. Log in to CMC Web interface.

2. Go to Server Overview → Setup → iDRAC. The Deploy iDRAC page is displayed.

3. Under iDRAC Network Settings, select Enable LAN and other network parameters as per requirements. For more information, see CMC online help .

4. For additional network settings specific to each blade server, go to Server Overview → <server name>.

The Server Status page is displayed.

5. Click Launch iDRAC and go to Overview → iDRAC Settings → Network.

6. In the Network page, specify the following settings:

• Network Settings

• Common Settings

• IPV4 Settings

• IPV6 Settings

• IPMI Settings

• VLAN Settings

NOTE icon NOTE: For more information, see iDRAC Online Help.

7. To save the network information, click Apply.

For more information, see the Chassis Management Controller User’s Guide available at dell.com/ support/manuals.

Enabling Auto-discovery

The auto-discovery feature allows newly installed servers to automatically discover the remote management console that hosts the provisioning server. The provisioning server provides custom administrative user credentials to iDRAC, so that the unprovisioned server can be discovered and managed from the management console. For more information about auto-discovery, see the Lifecycle Controller Remote Services User’s Guide available at dell.com/support/manuals.

Auto-discovery works with a static IP. DHCP, DNS server, or the default DNS host name discovers the provisioning server. If DNS is specified, the provisioning server IP is retrieved from DNS and the DHCP settings are not required. If the provisioning server is specified, discovery is skipped so neither DHCP nor DNS is required.


You can enable auto-discovery using iDRAC Settings Utility or using Lifecycle Controller. For information on using Lifecycle Controller, see Lifecycle Controller User’s Guide available at dell.com/support/ manuals.

If auto-discovery feature is not enabled on the factory-shipped system, the default administrator account (user name as root and password as calvin) is enabled. Before enabling auto-discovery, make sure to disable this administrator account. If the auto-discovery in Lifecycle Controller is enabled, all the iDRAC user accounts are disabled until the provisioning server is discovered.

To enable auto-discovery using iDRAC Settings utility:

1. Turn on the managed system.

2. During POST, press <F2 >, and go to iDRAC Settings → Remote Enablement. The iDRAC Settings Remote Enablement page is displayed.

3. Enable auto-discovery, enter the provisioning server IP address, and click Back.

NOTE icon NOTE: Specifying the provisioning server IP is optional. If it is not set, it is discovered using DHCP or DNS settings (step 7).

4. Click Network.

The iDRAC Settings Network page is displayed.

5. Enable NIC.

6. Enable IPv4.

NOTE icon NOTE: IPv6 is not supported for auto-discovery.

7. Enable DHCP and get the domain name, DNS server address, and DNS domain name from DHCP. NOTE icon NOTE: Step 7 is optional if the provisioning server IP address (step 3) is provided.

Configuring Servers and Server Components Using Auto Config

The Auto Config feature allows you to configure and provision all the components in a server (example, iDRAC, PERC, and RAID) in a single operation by automatically importing an XML configuration file. All the configurable parameters are specified in the XML file. The DHCP server that assigns the IP address also provides the XML file details to configure the iDRAC.

You can create the XML file based on the service tag of the servers or create a generic XML file that you can use to configure all iDRACs serviced by the DHCP server. This XML file is stored in a shared location (CIFS or NFS) that is accessible by the DHCP server and iDRAC(s) of the server being configured. The DHCP server uses a DHCP server option to specify the XML file name, XML file location, and the user credentials to access the file location.

When the iDRAC or CMC obtains an IP address from the DHCP server, the XML file is used to configure the devices. Auto-config is invoked only after the iDRAC gets its IP address from the DHCP server. If it does not get a response or an IP address from the DHCP server, then auto-config is not invoked.

NOTE icon NOTE:

• You can enable Auto Config only if DHCPv4 and the Enable IPv4 options are enabled.

• Auto Config and auto-discovery features are mutually exclusive. You must disable auto- discovery for the Auto Config feature to work.

If all the Dell PowerEdge servers in the DHCP server pool are of the same Model type and number, then a single xml file (config.xml) is required. (This is the default XML file name.)


You can configure individual servers using different configuration files mapped using individual host names. In an environment that has different servers with specific requirements, you can use different XML filenames to distinguish each server. For example, if there are two servers – a PowerEdge R720 and a PowerEdge R520, you must use two XML files, R720-config.xml and R520-config.xml.

The server-config-agent uses the rules in the following sequence to determine which XML file(s) on the File Share to apply for each iDRAC/PowerEdge server:

1. The filename specified in DHCP option 60.

2. <ServiceTag>-config.xml - If a filename is not specified in DHCP option 60, use the system service tag to uniquely identify the XML config file for the system. For example, <servicetag>-config.xml

3. <Model number>-config.xml - If the option 60 filename is not specified and the <ServiceTag>- config.xml file is not found, then use the system Model number as the basis for the XML config file name to use. For example, R520-config.xml.

4. config.xml – If the option 60 filename, service tag-based, and model number—based files are not available, use the default config.xml file.

Related Links

Auto Config Sequence DHCP Options

Enabling Auto Config Using iDRAC Web Interface Enabling Auto Config Using RACADM

Auto Config Sequence

1. Create or modify the XML file that configures the attributes of Dell servers.

2. Place the XML file in a share location that is accessible by the DHCP server and all the Dell servers that are assigned IP address from the DHCP server.

3. Specify the XML file location in vendor-option 43 field of DHCP server.

4. The iDRAC as part of acquiring IP address advertises vendor class identifier iDRAC. (Option 60)

5. The DHCP server matches the vendor class to the vendor option in the dhcpd.conf file and sends the XML file location and XML file name to the iDRAC.

6. The iDRAC processes the XML file and configures all the attributes listed in the file

DHCP Options

DHCPv4 allows a large number of globally defined parameters to be passed to the DHCP clients. Each parameter is known as a DHCP option. Each option is identified with an option tag, which is a 1 byte value. Option tags 0 and 255 are reserved for padding and end of options, respectively. All other values are available for defining options.

The DHCP Option 43 is used to send information from the DHCP server to the DHCP client. The option is defined as a text string. This text string is set to contain the values of the XML filename, share location and the credentials to access the location. For example,

option myname code 43 = text;

option myname "-l 10.35.175.88://xmlfiles –f dhcpProv.xml -u root -p calvin";

where, -l is the location of the Remote File Share and –f is the file name in the string along with the credentials to the Remote File Share. In this example, root and calvin are the username and password to the RFS.

The DHCP Option 60 identifies and associates a DHCP client with a particular vendor. Any DHCP server configured to take action based on a client’s vendor ID should have Option 60 and Option 43 configured.


With Dell PowerEdge servers, the iDRAC identifies itself with vendor ID: iDRAC. Therefore, you must add a new ‘Vendor Class’ and create a ‘scope option’ under it for ‘code 60,’ and then enable the new scope option for the DHCP server.

Related Links

Configuring Option 43 on Windows Configuring Option 60 on Windows Configuring Option 43 and Option 60 on Linux

Configuring Option 43 on Windows

To configure option 43 on Windows:

1. On the DHCP server, go to Start → Administration Tools → DHCP to open the DHCP server administration tool.

2. Find the server and expand all items under it.

3. Right-click on Scope Options and select Configure Options. The Scope Options dialog box is displayed.

4. Scroll down and select 043 Vendor Specific Info.

5. In the Data Entry field, click anywhere in the area under ASCII and enter the IP address of the server that has the share location, which contains the XML configuration file.

The value appears as you type it under the ASCII, but it also appears in binary to the left.

6. Click OK to save the configuration.

Configuring Option 60 on Windows

To configure option 60 on Windows:

1. On the DHCP server, go to Start → Administration Tools → DHCP to open the DHCP server administration tool.

2. Find the server and expand the items under it.

3. Right-click on IPv4 and choose Define Vendor Classes.

4. Click Add and enter the following:

• Display name — iDRAC (read-only)

• Description — Vendor Class

• Under ASCII, click and enter iDRAC.

5. Click OK.

6. On the DHCP window, right-click on IPv4 and choose Set Predefined Options.

7. From the Option class drop-down menu,select iDRAC (created in step 4) and click Add.

8. In the Option Type dialogue box, enter the following information:

• Name — iDRAC

• Data Type — String

• Code – 1

• Description — Dell vendor class identifier

9. Click OK twice to return to the DHCP window.

10. Expand all items under the server name, right-click on Scope Options and select Configure Options.

11. Click on the Advanced tab.

12. From the Vendor class drop-down menu, select iDRAC. The 060iDRAC appears in the Available Options column.


13. Select 060iDRAC option.

14. Enter the string value that must be sent to the iDRAC (along with a standard DHCP provided IP address). The string value will help in importing the correct XML configuration file.

For the option’s DATA entry, String Value setting, use a text parameter that has the following letter options and values:

• Filename – iDRAC_Config.XML or iDRAC_Config-<service-tag>.XML. (-f )

• Sharename – (-n)

• ShareType – -s (0 = NFS, 2 = CIFS)

• IPAddress – IP address of the file share. (-i )

• Username – Required for CIFS (-u)

• Password – Required for CIFS (-p)

• ShutdownType – Specify Graceful or Forced. (-d)

• Timetowait - Default is 300 ( -t )

• EndHostPowerState - (-e)

Configuring Option 43 and Option 60 on Linux

Update the /etc/dhcpd.conf file. Similar to Windows, the steps are :

1. Set aside a block or pool of addresses that this DHCP server can allocate.

2. Set the option 43 and use the name vendor class identifier for option 60.

For example,

option myname code 43 = text;

subnet 192.168.0.0 netmask 255.255.0.0 {

#default gateway

option routers 192.168.0.1;

option subnet-mask 255.255.255.0; option nis-domain "domain.org";

option domain-name "domain.org"; option domain-name-servers 192.168.1.1;

option time-offset -18000; # Eastern Standard Time

# option ntp-servers 192.168.1.1;

# option netbios-name-servers 192.168.1.1;

# --- Selects point-to-point node (default is hybrid). Don't change this unless

# -- you understand Netbios very well

# option netbios-node-type 2;

option vendor-class-identifier "iDRAC";

set vendor-string = option vendor-class-identifier;

option myname "2001::9174:9611:5c8d:e85//xmlfiles/dhcpProv.xml -u root -p calvin";

range dynamic-bootp 192.168.0.128 192.168.0.254;

default-lease-time 21600;

max-lease-time 43200;

# we want the nameserver to appear at a fixed address host ns {

next-server marvin.redhat.com; hardware ethernet 12:34:56:78:AB:CD; fixed-address 207.175.42.254;

}

}

Enabling Auto Config Using iDRAC Web Interface

Make sure that DHCPv4 and the Enable IPv4 options are enabled and Auto-discovery is disabled.


To enable Auto Config:

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Network. The Network page is displayed.

2. In the Auto Config section, select one of the following options to enable Auto Config:

• Enable Once — Configures the component only once using the XML file referenced by the DHCP server. After this, Auto Config is disabled.

• Enable Once After Reset — After the iDRAC is reset, configures the components only once using the XML file referenced by the DHCP server. After this, Auto Config is disabled.

To disable the Auto Config feature, select Disable.

3. Click Apply to apply the setting.

Enabling Auto Config Using RACADM

To enable Auto Config feature using RACADM, use the iDRAC.NIC.AutoConfig object. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide.

Using Hash Passwords for Improved Security

For iDRAC in 13th generation servers, you can set user passwords and BIOS passwords using a one way hash format. The user authentication mechanism is not affected (except for SNMPv3 and IPMI) and you can provide the password in plain text format.

With the new password hash feature:

• You can generate your own SHA256 hashes to set iDRAC user passwords and BIOS passwords. This allows you to have the SHA256 values in the server configuration profile, RACADM, and WSMAN. When you provide the SHA256 password values, you cannot authenticate through SNMPv3 and IPMI.

• You can set up a template server including all the iDRAC user accounts and BIOS passwords using the current plain text mechanism. After the server is set up, you can export the server configuration profile with the password that has hash values. The export includes the hash values required for SNMPv3 and IPMI authentication.

You can generate the hash password with and without Salt using SHA256.

You must have Server Control privileges to include and export hash passwords.

If access to all accounts is lost, use iDRAC Settings Utility or local RACADM and perform reset iDRAC to default task.

If the iDRAC user account’s password is set with the SHA256 password hash only and not the other hashes (SHA1v3Key or MD5v3Key), then authentication through SNMP v3 and IPMI is not available.

Hash Password Using RACADM

Use the following objects with the set racadm sub command to set hash passwords:

• iDRAC.Users.SHA256Password

• iDRAC.Users.SHA256PasswordSalt

Use the following command to include the hash password in the exported server configuration profile:

racadm get -f <file name> -l <NFS / CIFS share> -u <username> -p <password> -t

<filetype> --includePH

You must set the Salt attribute when the associated hash is set.


NOTE icon NOTE: The attributes are not applicable to the INI configuration file.

Hash Password in Server Configuration Profile

The new hash passwords can be optionally exported in the server configuration profile.

When importing server configuration profile, you can uncomment the existing password attribute or the new password hash attribute(s). If both are uncommented an error is generated and the password is not set. A commented attribute is not applied during an import.

Generating Hash Password Without SNMPv3 and IPMI Authentication

To generate hash password without SNMPv3 and IPMI authentication:

1. For iDRAC user accounts, you must salt the password using SHA256.

When you salt the password, a 16 byte binary string is appended. The Salt is required to be 16 bytes long, if provided.

2. Provide hash value and salt in the imported server configuration profile, RACADM commands, or WSMAN.

3. After setting the password, the normal plain text password authentication works except that SNMP v3 and IPMI authentication fails for iDRAC user accounts that had passwords updated with hash.

Setting Up Management Station

A management station is a computer used for accessing iDRAC interfaces to remotely monitor and manage the PowerEdge server(s).

To set up the management station:

1. Install a supported operating system. For more information, see the readme.

2. Install and configure a supported Web browser (Internet Explorer, Firefox, Chrome, or Safari).

3. Install the latest Java Runtime Environment (JRE) (required if Java plug-in type is used to access iDRAC using a Web browser).

4. From the Dell Systems Management Tools and Documentation DVD, install Remote RACADM and VMCLI from the SYSMGMT folder. Else, run Setup on the DVD to install Remote RACADM by default and other OpenManage software. For more information about RACADM, see iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.

5. Install the following based on the requirement:

• Telnet

• SSH client

• TFTP

• Dell OpenManage Essentials

Related Links

Installing and Using VMCLI Utility Configuring Supported Web Browsers

Accessing iDRAC Remotely

To remotely access iDRAC Web interface from a management station, make sure that the management station is in the same network as iDRAC. For example:


• Blade servers — The management station must be on the same network as CMC. For more information on isolating CMC network from the managed system’s network, see Chassis Management Controller User’s Guide available at dell.com/support/manuals.

• Rack and tower servers — Set the iDRAC NIC to Dedicated or LOM1 and make sure that the management station is on the same network as iDRAC.

To access the managed system’s console from a management station, use Virtual Console through iDRAC Web interface.

Related Links

Launching Virtual Console Network Settings

Setting Up Managed System

If you need to run local RACADM or enable Last Crash Screen capture, install the following from the Dell Systems Management Tools and Documentation DVD:

• Local RACADM

• Server Administrator

For more information about Server Administrator, see Dell OpenManage Server Administrator User’s Guide available at dell.com/support/manuals.

Related Links

Modifying Local Administrator Account Settings

Modifying Local Administrator Account Settings

After setting the iDRAC IP address, you can modify the local administrator account settings (that is, user

2) using the iDRAC Settings utility. To do this:

1. In the iDRAC Settings utility, go to User Configuration. The iDRAC Settings User Configuration page is displayed.

2. Specify the details for User Name, LAN User Privilege, Serial Port User Privilege, and Change Password.

For information about the options, see the iDRAC Settings Utility Online Help.

3. Click Back, click Finish, and then click Yes.

The local administrator account settings are configured.

Setting Up Managed System Location

You can specify the location details of the managed system in the data center using the iDRAC Web interface or iDRAC Settings utility.

Setting Up Managed System Location Using Web Interface

To specify the system location details:

1. In the iDRAC Web interface, go to Overview → Server → Properties → Details. The System Details page is displayed.

2. Under System Location, enter the location details of the managed system in the data center.


For information about the options, see the iDRAC Online Help.

3. Click Apply. The system location details is saved in iDRAC.

Setting Up Managed System Location Using RACADM

To specify the system location details, use the System.Location group objects. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/ manuals.

Setting Up Managed System Location Using iDRAC Settings Utility

To specify the system location details:

1. In the iDRAC Settings utility, go to System Location. The iDRAC Settings System Location page is displayed.

2. Enter the location details of the managed system in the data center. For information about the options, see the iDRAC Settings Utility Online Help.

3. Click Back, click Finish, and then click Yes. The details are saved.

Optimizing System Performance and Power Consumption

The power required to cool a server can contribute a significant amount to the overall system power. Thermal control is the active management of system cooling through fan speed and system power management to make sure that the system is reliable while minimizing system power consumption, airflow, and system acoustic output. You can adjust the thermal control settings and optimize against the system performance and performance-per-Watt requirements.

Using the iDRAC Web interface, RACADM, or the iDRAC Settings Utility, you can change the following thermal settings:

• Optimize for performance

• Optimize for minimum power

• Set the maximum air exhaust temperature

• Increase airflow through a fan offset, if required

• Increase airflow through increasing minimum fan speed

Modifying Thermal Settings Using iDRAC Web Interface

To modify the thermal settings:

1. In the iDRAC Web interface, go to Overview → Hardware → Fans → Setup. The Fan Setup page is displayed.

2. Specify the following:

• Thermal Profile — Select the thermal profile:

– Default Thermal Profile Settings — Implies that the thermal algorithm uses the same system profile settings that is defined under System BIOS → System BIOS Settings.System Profile Settings page.

By default, this is set to Default Thermal Profile Settings. You can also select a custom algorithm, which is independent of the BIOS profile. The options available are:


– Maximum Performance (Performance Optimized) :

* Reduced probability of memory or CPU throttling.

* Increased probability of turbo mode activation.

* Generally, higher fan speeds at idle and stress loads.

– Minimum Power (Performance per Watt Optimized):

* Optimized for lowest system power consumption based on optimum fan power state.

* Generally, lower fan speeds at idle and stress loads.

NOTE icon NOTE: Selecting Maximum Performance or Minimum Power, overrides thermal settings associated to System Profile setting under System BIOS → System BIOS Settings.System

Profile Settings page.

• Maximum Exhaust Temperature Limit — From the drop-down menu, select the maximum exhaust air temperature. The values are displayed based on the system.

The default value is Default, 70°C (158 °F).

This option allows the system fans speeds to change such that the exhaust temperature does not exceed the selected exhaust temperature limit. This cannot always be guaranteed under all system operating conditions due to dependency on system load and system cooling capability.

• Fan Speed Offset — Selecting this option allows additional cooling to the server. In case hardware is added (example, new PCIe cards), it may require additional cooling. A fan speed offset causes fan speeds to increase (by the offset % value) over baseline fan speeds calculated by the Thermal Control algorithm. Possible values are:

– Low Fan Speed — Drives fan speeds to a moderate fan speed.

– Medium Fan Speed — Drives fan speeds close to medium.

– High Fan Speed — Drives fan speeds close to full speed.

– Max Fan Speed — Drives fan speeds to full speed.

– Off — Fan speed offset is set to off. This is the default value. When set to off, the percentage does not display. The default fan speed is applied with no offset. Conversely, the maximum setting will result in all fans running at maximum speed.

The fan speed offset is dynamic and based on the system. The fan speed increase for each offset is displayed next to each option.

The fan speed offset increases all fan speeds by the same percentage. Fan speeds may increase beyond the offset speeds based on individual component cooling needs. The overall system power consumption is expected to increase.

Fan speed offset allows you to increase the system fan speed with four incremental steps. These steps are equally divided between the typical baseline speed and the maximum speed of the server system fans. Some hardware configurations results in higher baseline fan speeds, which results in offsets other than the maximum offset to achieve maximum speed.

The most common usage scenario is non-standard PCIe adapter cooling. However, the feature can be used to increase system cooling for other purposes.

• Minimum Fan Speed in PWM (% of Max) — Select this option to fine tune the fan speed. Using this option, you can set a higher baseline system fan speed or increase the system fan speed if other custom fan speed options are not resulting in the required higher fan speeds.

– Default — Sets minimum fan speed to default value as determined by the system cooling algorithm.


– Custom — Enter the percentage value.

The allowable range for minimum fan speed PWM is dynamic based on the system configuration. The first value is the idle speed and the second value is the configuration max (which may or may not be 100% based on system configuration).

System fans can run higher than this speed as per thermal requirements of the system but not lower than the defined minimum speed. For example, setting Minimum Fan Speed at 35% limits the fan speed to never go lower than 35% PWM.

NOTE icon NOTE: 0% PWM does not indicate fan is off. It is the lowest fan speed that the fan can achieve.

The settings are persistent, which means that once they are set and applied, they do not automatically change to the default setting during system reboot, power cycling, iDRAC, or BIOS updates. A few Dell servers may or may not support some or all of these custom user cooling options. If the options are not supported, they are not displayed or you cannot provide a custom value.

3. Click Apply to apply the settings. The following message is displayed:

It is recommended to reboot the system when a thermal profile change has been made. This is to ensure all power and thermal settings are activated.

Click Reboot Later or Reboot Now.

NOTE icon NOTE: You must reboot the system for the settings to take effect.

Modifying Thermal Settings Using RACADM

To modify the thermal settings, use the objects in the system.thermalsettings group with the set sub command as provided in the following table.

Object Description Usage Example


AirExhaustT emp


Allows to set the maximum air exhaust temperature limit.


Set to any of the following values (based on the system):

• 0 - Indicates 40°C

• 1 - Indicates 45°C

• 2 - Indicates 50°C

• 3 - Indicates 55°C

• 4 - Indicates 60°C

• 255 - Indicates 70°C (default)


To check the existing setting on the system:

racadm get system.thermalsettings.AirE xhaustTemp

The output is:

AirExhaustTemp=70

This means that the system is set to limit the air exhaust temperature to 70°C.

To set the exhaust temperature limit to 60°C:

racadm set system.thermalsettings.AirE xhaustTemp 4


Object Description Usage Example

The output is:

Object value modified successfully.

If a system does not support a particular air exhaust temperature limit, then when you run the following command:

racadm set system.thermalsettings.AirE xhaustTemp 0

The following error message is displayed:

ERROR: RAC947: Invalid object value specified.

Make sure to specify the value depending on the type of object.

For more information, see RACADM help.

To set the limit to the default value:

racadm set system.thermalsettings.AirE xhaustTemp 255

FanSpeedHig hOffsetVal

• Getting this variable reads the fan speed offset value in %PWM for High Fan Speed Offset setting.

• This value depends on the system.

• Use FanSpeedOffset object to set this value using index value 1.

Values from 0-100

racadm get system.thermalsettings FanSpeedHighOffsetVal

This returns a value such as “66”. This means that when you use the following command, it applies a fan speed offset of High (66% PWM) over the baseline fan speed

racadm set system.thermalsettings FanSpeedOffset 1

FanSpeedLow OffsetVal

• Getting this variable reads the fan speed offset value in %PWM for Low Fan Speed Offset setting.

• This value depends on the system.

• Use FanSpeedOffset object to set this value using index value 0.

Values from 0-100

racadm get system.thermalsettings FanSpeedLowOffsetVal

This returns a value such as “23”. This means that when you use the following command, it applies a fan speed offset of Low (23% PWM) over baseline fan speed

racadm set system.thermalsettings FanSpeedOffset 0


Object

Description

Usage

Example

FanSpeedMax OffsetVal

• Getting this variable reads the fan speed offset value in %PWM for Max Fan Speed Offset setting.

• This value depends on the system.

• Use FanSpeedOffset to set this value using index value 3

Values from 0-100

racadm get system.thermalsettings FanSpeedMaxOffsetVal

This returns a value such as “100”. This means that when you use the following command, it applies a fan speed offset of Max (meaning full speed, 100% PWM). In most cases, this offset results in fan speeds increasing to full speed.

racadm set system.thermalsettings FanSpeedOffset 3

FanSpeedMed iumOffsetVa l

• Getting this variable reads the fan speed offset value in %PWM for Medium Fan Speed Offset setting.

• This value depends on the system.

• Use FanSpeedOffset object to set this value using index value 2

Values from 0-100

racadm get system.thermalsettings FanSpeedMediumOffsetVal

This returns a value such as “47”. This means that when you use the following command, it applies a fan speed offset of Medium (47% PWM) over baseline fan speed

racadm set system.thermalsettings FanSpeedOffset 2

FanSpeedOff set

• Using this object with get command displays the existing Fan Speed Offset value.

• Using this object with set command allows setting the required fan speed offset value.

• The index value decides the offset that is applied and the FanSpeedLowOffsetVa l, FanSpeedMaxOffsetVa l, FanSpeedHighOffsetV al, and FanSpeedMediumOffse tVal objects (defined earlier) are the values at which the offsets are applied.

Values are:

• 0 - Low Fan Speed

• 1 - High Fan Speed

• 2 - Medium Fan Speed

• 3 - Max Fan Speed

• 255 - None

To view the existing setting:

racadm get system.thermalsettings.FanS peedOffset

To set the fan speed offset to High value (as defined in FanSpeedHighOffsetVal)

racadm set system.thermalsettings.FanS peedOffset 1

MFSMaximumL imit

Read Maximum limit for MFS

Values from 1 - 100

To display the highest value that can be set using MinimumFanSpeed option:

racadm get system.thermalsettings.MFSM aximumLimit


Object

Description

Usage

Example

MFSMinimumL imit

Read Minimum limit for MFS

Values from 0 to MFSMaximumLimi t

Default is 255 (means None)

To display the lowest value that can be set using MinimumFanSpeed option.

racadm get system.thermalsettings.MFSM inimumLimit

MinimumFanS peed

• Allows configuring the Minimum Fan speed that is required for the system to operate.

• It defines the baseline (floor) value for fan speed and system allows fans to go lower than this defined fan speed value.

• This value is %PWM value for fan speed.

Values from MFSMinimumLimi t to MFSMaximumLimi t

When get command reports 255, it means user configured offset is not applied.

To make sure that the system minimum speed does not decrease lower than 45% PWM (45 must be a value between MFSMinimumLimit to MFSMaximumLimit):

racadm set system.thermalsettings.Mini mumFanSpeed 45

ThermalProf ile

• Allows to specify the Thermal Base Algorithm.

• Allows to set the system profile as required for thermal behavior associated to the profile.

Values:

• 0 — Auto

• 1 — Maximum performance

• 2 — Minimum Power

To view the existing thermal profile setting:

racadm get system.thermalsettings.Ther malProfile

To set the thermal profile to Maximum Performance:

racadm set system.thermalsettings.Ther malProfile 1

Modifying Thermal Settings Using iDRAC Settings Utility

To modify the thermal settings:

1. In the iDRAC Settings utility, go to Thermal. The iDRAC Settings Thermal page is displayed.

2. Specify the following:

• Thermal Profile

• Maximum Exhaust Temperature Limit

• Fan Speed Offset

• Minimum Fan Speed

For information about the fields, see the Modifying Thermal Settings Using Web Interface .

The settings are persistent, which means that once they are set and applied, they do not automatically change to the default setting during system reboot, power cycling, iDRAC, or BIOS updates. A few Dell servers may or may not support some or all of these custom user cooling options. If the options are not supported, they are not displayed or you cannot provide a custom value.

3. Click Back, click Finish, and then click Yes.


The thermal settings are configured.

Configuring Supported Web Browsers

iDRAC is supported on Internet Explorer, Mozilla Firefox, Google Chrome, and Safari Web browsers. For information about the versions, see the Readme available at dell.com/support/manuals.

If you are connecting to iDRAC Web interface from a management station that connects to the Internet through a proxy server, you must configure the Web browser to access the Internet from through this server. This section provides information to configure Internet Explorer.

To configure the Internet Explorer Web browser:

1. Set IE to Run As Administrator.

2. In the Web browser, go to Tools → Internet Options → Security → Local Network.

3. Click Custom Level, select Medium-Low, and click Reset. Click OK to confirm. Click Custom Level

to open the dialog.

4. Scroll down to the section labeled ActiveX controls and plug-ins and set the following: NOTE icon NOTE: The settings in the Medium-Low state depend on the IE version.

• Automatic prompting for ActiveX controls: Enable

• Binary and script behaviors: Enable

• Download signed ActiveX controls: Prompt

• Initialize and script ActiveX controls not marked as safe: Prompt

• Run ActiveX controls and plug-ins: Enable

• Script ActiveX controls marked safe for scripting: Enable

Under Downloads:

• Automatic prompting for file downloads: Enable

• File download: Enable

• Font download: Enable

Under Miscellaneous:

• Allow META-REFRESH: Enable

• Allow scripting of Internet Explorer Web browser control: Enable

• Allow script-initiated windows without size or position constraints: Enable

• Do not prompt for client certificate selection when no certificates or only one certificate exists: Enable

• Launching programs and files in an IFRAME: Enable

• Open files based on content, not file extension: Enable

• Software channel permissions: Low safety

• Submit non-encrypted form data: Enable

• Use Pop-up Blocker: Disable

Under Scripting:

• Active scripting: Enable

• Allow paste operations via script: Enable


• Scripting of Java applets: Enable

5. Go to Tools → Internet Options → Advanced.

6. Under Browsing:

• Always send URLs as UTF-8: selected

• Disable script debugging (Internet Explorer): selected

• Disable script debugging: (Other): selected

• Display a notification about every script error: cleared

• Enable Install On demand (Other): selected

• Enable page transitions: selected

• Enable third-party browser extensions: selected

• Reuse windows for launching shortcuts: cleared

Under HTTP 1.1 settings:

• Use HTTP 1.1: selected

• Use HTTP 1.1 through proxy connections: selected

Under Java (Sun):

• Use JRE 1.6.x_yz: selected (optional; version may differ)

Under Multimedia:

• Enable automatic image resizing: selected

• Play animations in Web pages: selected

• Play videos in Web pages: selected

• Show pictures: selected

Under Security:

• Check for publishers' certificate revocation: cleared

• Check for signatures on downloaded programs: selected

• Use SSL 2.0: cleared

• Use SSL 3.0: selected

• Use TLS 1.0: selected

• Warn about invalid site certificates: selected

• Warn if changing between secure and not secure mode: selected

• Warn if forms submittal is being redirected: selected

NOTE icon NOTE: To modify the settings, it is recommended that you learn and understand the consequences. For example, if you block pop-ups, parts of iDRAC Web interface may not

function properly.

7. Click Apply, and then click OK.

8. Click the Connections tab.

9. Under Local Area Network (LAN) settings, click LAN Settings.

10. If you are using IE9 and IPv6 address to access iDRAC, clear the Use automatic configuration script

option.

11. If the Use a proxy server box is selected, select the Bypass proxy server for local addresses box.

12. Click OK twice.

13. Close and restart your browser to make sure all changes take effect.


NOTE icon NOTE: When you log in to iDRAC Web interface using Internet Explorer 9.x, sometimes contents in few pages are not shown properly. To resolve this, press <F12>. In the Internet

Explorer 9 Debug window, select Document Mode as Internet Explorer 7. The browser refreshes and the iDRAC Login page is displayed.

Related Links

Viewing Localized Versions of Web Interface Adding iDRAC to the List of Trusted Domains Disabling Whitelist Feature in Firefox

Adding iDRAC to the List of Trusted Domains

When you access iDRAC Web interface, you are prompted to add iDRAC IP address to the list of trusted domains if the IP address is missing from the list. When completed, click Refresh or relaunch the Web browser to establish a connection to iDRAC Web interface.

On some operating systems, Internet Explorer (IE) 8 may not prompt you to add iDRAC IP address to the list of trusted domains if the IP address is missing from the list.

NOTE icon NOTE: When connecting to the iDRAC Web interface with a certificate the browser does not trust, the browser's certificate error warning may display a second time after you acknowledge the first

warning. This is the expected behavior to for security.

To add iDRAC IP address to the list of trusted domains in IE8, do the following:

1. Select Tools → Internet Options → Security → Trusted sites → Sites.

2. Enter iDRAC IP address to the Add this website to the zone.

3. Click Add, click OK, and then click Close.

4. Click OK and then refresh your browser.

Disabling Whitelist Feature in Firefox

Firefox has a "whitelist" security feature that requires user permission to install plug-ins for each distinct site that hosts a plug-in. If enabled, the whitelist feature requires you to install a Virtual Console viewer for each iDRAC you visit, even though the viewer versions are identical.

To disable the whitelist feature and avoid unnecessary plug-in installations, perform the following steps:

1. Open a Firefox Web browser window.

2. In the address field, enter about:config and press <Enter>.

3. In the Preference Name column, locate and double-click xpinstall.whitelist.required.

The values for Preference Name, Status, Type, and Value change to bold text. The Status value changes to user set and the Value changes to false.

4. In the Preferences Name column, locate xpinstall.enabled.

Make sure that Value is true. If not, double-click xpinstall.enabled to set Value to true.

Viewing Localized Versions of Web Interface

iDRAC Web interface is supported in the following languages:

• English (en-us)

• French (fr)

• German (de)


• Spanish (es)

• Japanese (ja)

• Simplified Chinese (zh-cn)

The ISO identifiers in parentheses denote the supported language variants. For some supported languages, resizing the browser window to 1024 pixels wide is required to view all features.

iDRAC Web interface is designed to work with localized keyboards for the supported language variants. Some features of iDRAC Web interface, such as Virtual Console, may require additional steps to access certain functions or letters. Other keyboards are not supported and may cause unexpected problems.

NOTE icon NOTE: See the browser documentation on how to configure or setup different languages and view localized versions of iDRAC Web interface.

Updating Device Firmware

Using iDRAC, you can update the iDRAC, BIOS, and all device firmware that is supported through Lifecycle Controller update such as:

• Lifecycle Controller

• Diagnostics

• Operating System Driver Pack

• Network Interface Card (NIC)

• RAID Controller

• Power Supply Unit (PSU)

• PCIe Solid State Drives (SSDs)

You must upload the required firmware to iDRAC. After the upload is complete, the current version of the firmware installed on the device and the version being applied is displayed. If the firmware being uploaded is not valid, an error message is displayed. Updates that do not require a reboot are applied immediately. Updates that require a system reboot are staged and committed to run on the next system reboot. Only one system reboot is required to perform all updates.

After the firmware is updated, the System Inventory page displays the updated firmware version and logs are recorded.

The supported firmware image file types are:

.exe — Windows based Dell Update Package (DUP)

.d7 — Contains both iDRAC and Lifecycle Controller firmware.

For files with .exe extension, you must have System Control privilege. The Remote Firmware Update licensed feature and Lifecycle Controller must be enabled.

For files with .d7 extension, you must have Configure privilege. You can perform firmware updates using the following methods:

• Using a firmware image file on a local system or on a network share.

• Connecting to the FTP, TFTP, or HTTP site or a network repository that contains a catalog of available updates. You can create custom repositories using Repository Manager. For more information, see


Repository Manager User's Guide . iDRAC automatically provides a difference between the BIOS and the firmware that is installed on the server and the repository location or FTP site. All applicable updates contained in the repository are applied to the system. This feature is available with iDRAC Enterprise license.

• Scheduling recurring automated firmware updates using the catalog file in the FTP site or the network repository location.

The following table provides information on whether a system restart is required or not when firmware is updated for a particular component.

NOTE icon NOTE: When multiple firmware updates are applied through out-of-band methods, the updates are ordered in the most efficient possible manner to reduce unnecessary system restart.

Table 6. Firmware Update – Supported Components

Component Name

Firmware Rollback Supported? (Yes or No)

Out-of-band— System Restart Required?

In-band—System Restart Required?

Lifecycle Controller GUI— Restart Required?

Diagnostics

No

No

No

No

OS Driver Pack

No

No

No

No

Lifecycle Controller

No

No

No

Yes

BIOS

Yes

Yes

Yes

Yes

RAID Controller

Yes

Yes

Yes

Yes

Backplanes

Yes

Yes

Yes

Yes

Enclosures

Yes

Yes

No

Yes

NIC

Yes

Yes

Yes

Yes

iDRAC

Yes

**No

*No

*No

Power Supply Unit

Yes

Yes

Yes

Yes

CPLD

No

Yes

Yes

Yes

FC Cards

Yes

Yes

Yes

Yes

PCIe SSD

Yes

Yes

Yes

Yes

* Indicates that though a system restart is not required, iDRAC must be restarted to apply the updates. iDRAC communication and monitoring will temporarily be interrupted.

** When iDRAC is updated from version 1.30.30 or later, a system restart is not necessary. However, firmware versions of iDRAC earlier than 1.30.30 require a system restart when applied using the out-of- band interfaces.

Related Links

Downloading Device Firmware Updating Single Device Firmware Updating Firmware Using Repository Updating Firmware Using FTP Updating Device Firmware Using TFTP Updating Device Firmware Using HTTP

Updating Device Firmware Using RACADM


Scheduling Automatic Firmware Updates Updating Firmware Using CMC Web Interface Updating Firmware Using DUP

Updating Firmware Using Remote RACADM

Updating Firmware Using Lifecycle Controller Remote Services

Downloading Device Firmware

The image file format that you download depends on the method of update:

• iDRAC Web interface — Download the binary image packaged as a self-extracting archive. The default firmware image file is firmimg.d7 .

NOTE icon NOTE: The same file format is used to recover iDRAC using CMC Web interface.

• Managed System — Download the operating system-specific Dell Update Package (DUP). The file extensions are .bin for Linux Operating systems and .exe for Windows operating systems.

• Lifecycle Controller — Download the latest catalog file and DUPs and use the Platform Update feature in Lifecycle Controller to update the device firmware. For more information about Platform Update, see Lifecycle Controller User’s Guide available at dell.com/support/manuals.

Updating Firmware Using iDRAC Web Interface

You can update the device firmware using firmware images available on the local system, from a repository on a network share (CIFS or NFS), or from FTP.

Updating Single Device Firmware

Before updating the firmware using single device update method, make sure that you have downloaded the firmware image to a location on the local system.

To update single device firmware using iDRAC Web interface:

1. Go to Overview → iDRAC Settings → Update and Rollback . The Firmware Update page is displayed.

2. On the Update tab, select Local as the File Location.

3. Click Browse, select the firmware image file for the required component, and then click Upload.

4. After the upload is complete, the Update Details section displays each firmware file uploaded to iDRAC and its status.

If the firmware image file is valid and was successfully uploaded, the Contents column displays a  icon next to the firmware image file name. Expand the name to view the Device Name, Current, and Available firmware version information.

5. Select the required firmware file to be updated and do one of the following:

• For firmware images that do not require a host system reboot, click Install. For example, iDRAC firmware file.

• For firmware images that require a host system reboot, click Install and Reboot or Install Next Reboot.

• To cancel the firmware update, click Cancel.

NOTE icon NOTE: If you have uploaded the same firmware image file more than once, only the latest firmware file is available for selection. The check box for the earlier firmware image files is

disabled.


When you click Install, Install and Reboot or Install Next Reboot, the message Updating Job Queue is displayed.

6. Click Job Queue to display the Job Queue page, where you can view and manage the staged firmware updates or click OK to refresh the current page and view the status of the firmware update.

NOTE icon NOTE: If you navigate away from the page without committing the updates, an error message is displayed and all the uploaded content is lost.

Related Links

Updating Device Firmware

Viewing and Managing Staged Updates Downloading Device Firmware

Updating Firmware Using Repository

You can perform multiple firmware updates by specifying a network share containing a valid repository of DUPs and a catalog describing the available DUPs. When iDRAC connects to the network share location and checks for available updates, a comparison report is generated that lists all available updates. You can then select and apply the required updates contained in the repository to the system.

Before performing an update using the repository, make sure that:

• A repository containing Windows based update packages (DUPs) and a catalog file is created in the network share (CIFS or NFS). If a user-defined catalog file is not available, by default Catalog.xml is used.

• Lifecycle Controller is enabled.

• You have Server Control privilege to update firmware for devices other than iDRAC. To update device firmware using a repository:

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Update and Rollback . The Firmware Update page is displayed.

2. On the Update tab, select Network Share as the File Location.

3. In the Catalog Location section, enter the network setting details.

While specifying the network share settings, it is recommended to avoid special characters for user name and password or percent encode the special characters.

For information about the fields, see the iDRAC Online Help.

4. Click Check for Update.

The Update Details section displays a comparison report showing the current firmware versions and the firmware versions available in the repository.

NOTE icon NOTE: Any update in the repository that is not applicable to the system or the installed hardware or not supported is not included in the comparison report.

5. Select the required updates and do one of the following:

• For firmware images that do not require a host system reboot, click Install. For example, .d7 firmware file.

• For firmware images that require a host system reboot, click Install and Reboot or Install Next Reboot.

• To cancel the firmware update, click Cancel.


When you click Install, Install and Reboot or Install Next Reboot, the message Updating Job Queue is displayed.

6. Click Job Queue to display the Job Queue page, where you can view and manage the staged firmware updates or click OK to refresh the current page and view the status of the firmware update.

Related Links

Updating Device Firmware

Viewing and Managing Staged Updates Downloading Device Firmware Scheduling Automatic Firmware Updates

Updating Firmware Using FTP

You can directly connect to the Dell FTP site or any other FTP site from iDRAC to perform the firmware updates. You can use the Windows based update packages (DUPs) and a catalog file available on the FTP site instead of creating custom repositories.

Before performing an update using the repository, make sure that:

• Lifecycle Controller is enabled.

• You have Server Control privilege to update firmware for devices other than iDRAC. To update device firmware using FTP:

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Update and Rollback . The Firmware Update page is displayed.

2. On the Update tab, select FTP as the File Location.

3. In the FTP Server Settings section, enter the FTP details.

For information about the fields, see the iDRAC Online Help.

4. Click Check for Update.

5. After the upload is complete, the Update Details section displays a comparison report showing the current firmware versions and the firmware versions available in the repository.

NOTE icon NOTE: Any update in the repository that is not applicable to the system or the installed hardware or is not supported is not included in the comparison report.

6. Select the required updates and do one of the following:

• For firmware images that do not require a host system reboot, click Install. For example, .d7 firmware file.

• For firmware images that require a host system reboot, click Install and Reboot or Install Next Reboot.

• To cancel the firmware update, click Cancel.

When you click Install, Install and Reboot or Install Next Reboot, the message Updating Job Queue is displayed.

7. Click Job Queue to display the Job Queue page, where you can view and manage the staged firmware updates or click OK to refresh the current page and view the status of the firmware update.

Related Links

Updating Device Firmware

Viewing and Managing Staged Updates Downloading Device Firmware Scheduling Automatic Firmware Updates


Updating Device Firmware Using TFTP

You can directly connect to the TFTP site from iDRAC to perform the firmware updates. You can use the Windows based update packages (DUPs) and a catalog file available on the TFTP site instead of creating custom repositories.

Before performing an update, make sure that:

• Lifecycle Controller is enabled.

• You have Server Control privilege to update firmware for devices other than iDRAC. To update device firmware using TFTP:

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Update and Rollback . The Firmware Update page is displayed.

2. On the Update tab, select TFTP as the File Location.

3. In the TFTP Server Settings section, enter the TFTP details. For information about the fields, see the iDRAC Online Help.

4. Click Check for Update.

5. After the upload is complete, the Update Details section displays a comparison report showing the current firmware versions and the firmware versions available in the repository.

NOTE icon NOTE: Any update in the repository that is not applicable to the system or the installed hardware or is not supported is not included in the comparison report.

6. Select the required updates and do one of the following:

• For firmware images that do not require a host system reboot, click Install. For example, .d7 firmware file.

• For firmware images that require a host system reboot, click Install and Reboot or Install Next Reboot.

• To cancel the firmware update, click Cancel.

When you click Install, Install and Reboot or Install Next Reboot, the message Updating Job Queue is displayed.

7. Click Job Queue to display the Job Queue page, where you can view and manage the staged firmware updates or click OK to refresh the current page and view the status of the firmware update.

Related Links

Downloading Device Firmware Updating Device Firmware

Viewing and Managing Staged Updates Downloading Device Firmware Scheduling Automatic Firmware Updates

Updating Device Firmware Using HTTP

You can directly connect to the HTTP site from iDRAC to perform the firmware updates. You can use the Windows based update packages (DUPs) and a catalog file available on the HTTP site instead of creating custom repositories.

Before performing an update using the repository, make sure that:

• Lifecycle Controller is enabled.


• You have Server Control privilege to update firmware for devices other than iDRAC. To update device firmware using HTTP:

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Update and Rollback . The Firmware Update page is displayed.

2. On the Update tab, select HTTP as the File Location.

3. In the HTTP Server Settings section, enter the HTTP details. For information about the fields, see the iDRAC Online Help.

4. Click Check for Update.

5. After the upload is complete, the Update Details section displays a comparison report showing the current firmware versions and the firmware versions available in the repository.

NOTE icon NOTE: Any update in the repository that is not applicable to the system or the installed hardware or is not supported is not included in the comparison report.

6. Select the required updates and do one of the following:

• For firmware images that do not require a host system reboot, click Install. For example, .d7 firmware file.

• For firmware images that require a host system reboot, click Install and Reboot or Install Next Reboot.

• To cancel the firmware update, click Cancel.

When you click Install, Install and Reboot or Install Next Reboot, the message Updating Job Queue is displayed.

7. Click Job Queue to display the Job Queue page, where you can view and manage the staged firmware updates or click OK to refresh the current page and view the status of the firmware update.

Enter the tasks the user should do after finishing this task (optional).

Related Links

Downloading Device Firmware Updating Device Firmware

Viewing and Managing Staged Updates Downloading Device Firmware Scheduling Automatic Firmware Updates

Updating Device Firmware Using RACADM

To update device firmware using RACADM, use the update subcommand. For more information, see the

RACADM Reference Guide for iDRAC and CMC available at dell.com/support/manuals. Examples:

• To generate a comparison report using an update repository:

racadm update –f catalog.xml –l //192.168.1.1 –u test –p passwd -- verifycatalog

• To perform all applicable updates from an update repository using myfile.xml as a catalog file and perform a graceful reboot:

racadm update –f “myfile.xml” –b “graceful” –l //192.168.1.1 –u test –p passwd

• To perform all applicable updates from an FTP update repository using Catalog.xml as a catalog file:

racadm update –f “Catalog.xml” –t FTP –e 192.168.1.20/Repository/Catalog


Scheduling Automatic Firmware Updates

You can create a periodic recurring schedule for iDRAC to check for new firmware updates. At the scheduled day and time, iDRAC connects to the specified network share (CIFS or NFS) or the FTP, checks for new updates and applies or stages all applicable updates. A log file on the remote server contains information about server access and staged firmware updates.

Automatic updates is available only with the iDRAC Enterprise license.

You can schedule automatic firmware updates using the iDRAC Web interface or RACADM. NOTE icon NOTE: IPv6 address is not supported for scheduling automatic firmware updates.

Related Links

Downloading Device Firmware Updating Device Firmware

Viewing and Managing Staged Updates

Scheduling Automatic Firmware Update Using Web Interface

To schedule automatic firmware update using Web Interface:

NOTE icon NOTE: Do not create the next scheduled occurrence of an automatic update job if a job is already Scheduled. It overwrites the current scheduled job.

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Update and Rollback . The Firmware Update page is displayed.

2. Click the Automatic Update tab.

3. Select the Enable Automatic Update option.

4. Select any of the following options to specify if a system reboot is required after the updates are staged:

• Schedule Updates — Stage the firmware updates but do not reboot the server.

• Schedule Updates and reboot Server — Enables server reboot after the firmware updates are staged.

5. Select any of the following to specify the location of the firmware images:

• Network — Use the catalog file from a network share (CIFS or NFS). Enter the network share location details.

NOTE icon NOTE: While specifying the network share settings, it is recommended to avoid special characters for user name and password or percent encode the special characters.

• FTP — Use the catalog file from the FTP site. Enter the FTP site details.

6. Based on the selection in step 5, enter the network settings or the FTP settings. For information about the fields, see the iDRAC Online Help.

7. In the Update Window Schedule section, specify the start time for the firmware update and the frequency of the updates (daily, weekly, or monthly).

For information about the fields, see the iDRAC Online Help.

8. Click Schedule Update.

The next scheduled job is created in the job queue. Five minutes after the first instance of the recurring job starts, the job for the next time period is created.


Scheduling Automatic Firmware Update Using RACADM

To schedule automatic firmware update, use the following commands:

• To enable automatic firmware update:

racadm set lifecycleController.lcattributes.AutoUpdate.Enable 1

• To view the status of automatic firmware update:

racadm get lifecycleController.lcattributes.AutoUpdate

• To schedule the start time and frequency of the firmware update:

racadm AutoUpdateScheduler create -u username –p password –l <location> [-f catalogfilename -pu <proxyuser> -pp<proxypassword> -po <proxy port> -pt

<proxytype>] -time < hh:mm> [-dom < 1 – 28,L,’*’> -wom <1-4,L,’*’> -dow <sun- sat,’*’>] -rp <1-366> -a <applyserverReboot (1-enabled | 0-disabled)>

For example,

– To automatically update firmware using a CIFS share:

racadm AutoUpdateScheduler create -u admin -p pwd -l //1.2.3.4/CIFS-share

–f cat.xml -time 14:30 -wom 1 -dow sun -rp 5 -a 1

– To automatically update firmware using FTP:

racadm AutoUpdateScheduler create -u admin -p pwd -l ftp.mytest.com -pu puser –pp puser –po 8080 –pt http –f cat.xml -time 14:30 -wom 1 -dow sun - rp 5 -a 1

• To view the current firmware update schedule:

racadm AutoUpdateScheduler view

• To disable automatic firmware update:

racadm set lifecycleController.lcattributes.AutoUpdate.Enable 0

• To clear the schedule details:

racadm AutoUpdateScheduler clear

Updating Firmware Using CMC Web Interface

You can update iDRAC firmware for blade servers using the CMC Web interface. To update iDRAC firmware using the CMC Web interface:

1. Log in to CMC Web interface.

2. Go to Server → Overview → <server name>. The Server Status page is displayed.

3. Click Launch iDRAC Web interface and perform iDRAC Firmware Update.

Related Links

Updating Device Firmware Downloading Device Firmware

Updating Firmware Using iDRAC Web Interface

Updating Firmware Using DUP

Before you update firmware using Dell Update Package (DUP), make sure to:

• Install and enable the IPMI and managed system drivers.

• Enable and start the Windows Management Instrumentation (WMI) service if your system is running Windows operating system,


NOTE icon NOTE: While updating the iDRAC firmware using the DUP utility in Linux, if you see error messages such as usb 5-2: device descriptor read/64, error -71 displayed on the

console, ignore them.

• If the system has ESX hypervisor installed, then for the DUP file to run, make sure that the "usbarbitrator" service is stopped using command: service usbarbitrator stop

To update iDRAC using DUP:

1. Download the DUP based on the installed operating system and run it on the managed system.

2. Run the DUP.

The firmware is updated. A system restart is not required after firmware update is complete.

Updating Firmware Using Remote RACADM

To update using remote RACADM:

1. Download the firmware image to the TFTP or FTP server. For example, C:\downloads\firmimg.d7

2. Run the following RACADM command: TFTP server:

• Using fwupdate command: racadm -r <iDRAC IP address> -u <username> -p

<password> fwupdate -g -u -a <path>

where path is the location on the TFTP server where firmimg.d7 is stored.

• Using update command: racadm -r <iDRAC IP address> -u <username> -p

<password> update —f <filename>

FTP server:

• Using fwupdate command: racadm -r <iDRAC IP address> -u <username> -p

<password> fwupdate –f <ftpsrever IP> <ftpserver username> <ftpserver password> –d <path>

where path is the location on the FTP server where firmimg.d7 is stored.

• Using update command: racadm -r <iDRAC IP address> -u <username> -p

<password> update —f <filename>

For more information, see fwupdate command in the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.

Updating Firmware Using Lifecycle Controller Remote Services

For information to update the firmware using Lifecycle Controller–Remote Services, see Lifecycle Controller Remote Services Quick Start Guide available at dell.com/support/manuals.

Viewing and Managing Staged Updates

You can view and delete the scheduled jobs including configuration and update jobs. This is a licensed feature. All jobs queued to run during the next reboot can be deleted.

Related Links

Updating Device Firmware


Viewing and Managing Staged Updates Using iDRAC Web interface

To view the list of scheduled jobs using iDRAC Web interface, go to Overview → Server → Job Queue. The Job Queue page displays the status of jobs in the Lifecycle Controller job queue. For information about the displayed fields, see the iDRAC Online Help.

To delete job(s), select the job(s) and click Delete. The page is refreshed and the selected job is removed from the Lifecycle Controller job queue. You can delete all the jobs queued to run during the next reboot. You cannot delete active jobs, that is, jobs with the status Running or Downloading.

You must have Server Control privilege to delete jobs.

Viewing and Managing Staged Updates Using RACADM

To view the staged updates using RACADM, use jobqueue subcommand. For more information, see the

iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.

Rolling Back Device Firmware

You can rollback the firmware for iDRAC or any device that is supported by Lifecycle Controller even if the update was previously performed using another interface. For example, if the firmware was updated using the Lifecycle Controller GUI, you can rollback the firmware using the iDRAC Web interface. You can perform firmware rollback for multiple devices with one system reboot.

In 13th generation servers that have a single iDRAC and Lifecycle Controller firmware, rolling back iDRAC firmware will also rollback Lifecycle Controller firmware.

You can perform firmware rollback for the following components:

• iDRAC with Lifecycle Controller

• BIOS

• Network Interface Card (NIC)

• Power Supply Unit (PSU)

• RAID Controller

• Backplane

NOTE icon NOTE: You cannot perform firmware rollback for Diagnostics, Driver Packs, and CPLD. Before you rollback the firmware, make sure that:

• You have Configure privilege to rollback iDRAC firmware.

• You have Server Control privilege and have enabled Lifecycle Controller to rollback firmware for any other device other than the iDRAC.

You can rollback the firmware to the previously installed version using any of the following methods:

• iDRAC Web interface

• CMC Web interface

• RACADM CLI (iDRAC and CMC)

• Lifecycle Controller


• Lifecycle Controller-Remote Services

Related Links

Rollback Firmware Using iDRAC Web Interface Rollback Firmware Using CMC Web Interface Rollback Firmware Using RACADM

Rollback Firmware Using Lifecycle Controller

Rollback Firmware Using Lifecycle Controller-Remote Services

Rollback Firmware Using iDRAC Web Interface

To roll back device firmware:

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Update and Rollback → Rollback. The Rollback page displays the devices for which you can rollback the firmware. You can view the device name, associated devices, currently installed firmware version, and the available firmware

rollback version.

2. Select one or more devices for which you want to rollback the firmware.

3. Based on the selected devices, click Install and Reboot or Install Next Reboot. If only iDRAC is selected, then click Install.

When you click Install and Reboot or Install Next Reboot, the message “Updating Job Queue” is displayed.

4. Click Job Queue.

The Job Queue page is displayed, where you can view and manage the staged firmware updates.

NOTE icon NOTE:

• While in rollback mode, the rollback process continues in the background even if you navigate away from this page.

• If iDRAC configuration is reset to default values, the iDRAC IP address is reset to 192.168.0.120. You can access iDRAC using this IP, or reconfigure the iDRAC address using local RACADM or F2 (remote RACADM requires network access).

An error message appears if:

• You do not have Server Control privilege to rollback any firmware other than the iDRAC or Configure privilege to rollback iDRAC firmware.

• Firmware rollback is already in-progress in another session.

• Updates are staged to run or already in running state.

If Lifecycle Controller is disabled or in recovery state and you try to perform a firmware rollback for any device other than iDRAC, an appropriate warning message is displayed along with steps to enable Lifecycle Controller.

Rollback Firmware Using CMC Web Interface

To roll back using the CMC Web interface:

1. Log in to CMC Web interface.

2. Go to Server Overview → <server name>. The Server Status page is displayed.

3. Click Launch iDRAC and perform device firmware rollback as mentioned in the Rollback Firmware Using iDRAC Web Interface section.


Rollback Firmware Using RACADM

To rollback device firmware using racadm:

1. Check the rollback status and the FQDD using the swinventory command:

racadm swinventory

For the device for which you want to rollback the firmware, the Rollback Version must be

Available. Also, make a note of the FQDD.

2. Rollback the device firmware using:

racadm rollback <FQDD>

For more information, see iDRAC8 RACADM Command Line Interface Reference Guide available at

dell.com/support/manuals.

Rollback Firmware Using Lifecycle Controller

For information, see Lifecycle Controller User’s Guide available at dell.com/support/manuals.

Rollback Firmware Using Lifecycle Controller-Remote Services

For information, see Lifecycle Controller Remote Services Quick Start Guide available at dell.com/ support/manuals.

Recovering iDRAC

iDRAC supports two operating system images to make sure a bootable iDRAC. In the event of an unforeseen catastrophic error and you lose both boot paths:

• iDRAC bootloader detects that there is no bootable image.

• System Health and Identify LED is flashed at ~1/2 second rate. (LED is located on the back of a rack and tower servers and on the front of a blade server.)

• Bootloader is now polling the SD card slot.

• Format an SD card with FAT using a Windows operating system, or EXT3 using a Linux operating system.

• Copy firmimg.d7 to the SD card.

• Insert the SD card into the server.

• Bootloader detects the SD card, turns the flashing LED to solid amber, reads the firmimg.d7, reprograms iDRAC, and then reboots iDRAC.

Using TFTP Server

You can use Trivial File Transfer Protocol (TFTP) server to upgrade or downgrade iDRAC firmware or install certificates. It is used in SM-CLP and RACADM command line interfaces to transfer files to and from iDRAC. The TFTP server must be accessible using an iDRAC IP address or DNS name.

NOTE icon NOTE: If you use iDRAC Web interface to transfer certificates and update firmware, TFTP server is not required.

You can use the netstat -acommand on Windows or Linux operating systems to see if a TFTP server is running. The default port for TFTP is 69. If TFTP server is not running, do one of the following:

• Find another computer on the network running a TFTP service.


• Install a TFTP server on the operating system.

Backing Up Server Profile

You can backup the system configuration, including the installed firmware images on various components such as BIOS, RAID, NIC, iDRAC, Lifecycle Controller, and Network Daughter Cards (NDCs) and the configuration settings of those components. The backup operation also includes the hard disk configuration data, motherboard, and replaced parts. The backup creates a single file that you can save to a vFlash SD card or network share (CIFS or NFS).

You can also enable and schedule periodic backups of the firmware and server configuration based on a certain day, week, or month.

Backup feature is licensed and is available with iDRAC Enterprise license. NOTE icon NOTE: In 13th generation servers, this feature is automatically enabled.

Before performing a backup operation, make sure that:

• Collect System Inventory On Reboot (CSIOR) option is enabled. If CSIOR is disabled and if you initiate a backup operation, the following message is displayed:

System Inventory with iDRAC may be stale,start CSIOR for updated inventory

• To perform backup on a vFlash SD card:

– A Dell supported vFlash SD card is inserted, enabled, and initialized.

– vFlash SD card has enough space to store the backup file.

The backup file contains encrypted user sensitive data, configuration information, and firmware images that you can use for import server profile operation.

Backup events are recorded in the Lifecycle Log.

Related Links

Scheduling Automatic Backup Server Profile Importing Server Profile

Backing Up Server Profile Using iDRAC Web Interface

To back up the server profile using iDRAC Web interface:

1. Go to Overview → iDRAC Settings → Server Profile. The Backup and Export Server Profile page is displayed.

2. Select one of the following to save the backup file image:

• Network to save the backup file image on a CIFS or NFS share.

• vFlash to save the backup file image on the vFlash card.

3. Enter the backup file name and encryption passphrase (optional).

4. If Network is selected as the file location, enter the network settings.

NOTE icon NOTE: While specifying the network share settings, it is recommended to avoid special characters for user name and password or percent encode the special characters.

For information about the fields, see the iDRAC Online Help.


5. Click Backup Now.

The backup operation is initiated and you can view the status on the Job Queue page. After a successful operation, the backup file is created in the specified location.

Backing Up Server Profile Using RACADM

To backup the server profile using RACADM, use systemconfig backup subcommand. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/ support/manuals.

Scheduling Automatic Backup Server Profile

You can enable and schedule periodic backups of the firmware and server configuration based on a certain day, week, or month.

Before scheduling automatic backup server profile operation, make sure that:

• Lifecycle Controller and Collect System Inventory On Reboot (CSIOR) option is enabled.

• Network Time Protocol (NTP) is enabled so that time drift does not affect the actual times of scheduled jobs running and when the next scheduled job is created.

• To perform backup on a vFlash SD card:

– A Dell supported vFlash SD card is inserted, enabled, and initialized.

– vFlash SD card has enough space to store the backup file.

NOTE icon NOTE: IPv6 address is not supported for scheduling automatic backup server profile.

Scheduling Automatic Backup Server Profile Using Web Interface

To schedule automatic backup server profile:

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Server Profile. The Backup and Export Server Profile page is displayed.

2. Click the Automatic Backup tab.

3. Select the Enable Automatic Backup option.

4. Select one of the following to save the backup file image:

• Network to save the backup file image on a CIFS or NFS share.

• vFlash to save the backup file image on the vFlash card.

5. Enter the backup file name and encryption passphrase (optional).

6. If Network is selected as the file location, enter the network settings.

NOTE icon NOTE: While specifying the network share settings, it is recommended to avoid special characters for user name and password or percent encode the special characters.

For information about the fields, see the iDRAC Online Help

7. In the Backup Window Schedule section, specify the backup operation start time and frequency of the operation (daily, weekly, or monthly).

For information about the fields, see the iDRAC Online Help.

8. Click Schedule Backup.

A recurring job is represented in the job queue with a start date and time of the next scheduled backup operation. Five minutes after the first instance of the recurring job starts, the job for the next


time period is created. The backup server profile operation is performed at the scheduled date and time.

Scheduling Automatic Backup Server Profile Using RACADM

To enable automatic backup use the command:

racadm set lifecyclecontroller.lcattributes.autobackup Enabled

To schedule a backup server profile operation:

racadm systemconfig backup –f <filename> <target> [-n <passphrase>] -time

<hh:mm> -dom <1-28,L,’*’> -dow<*,Sun-Sat> -wom <1-4, L,’*’> -rp <1-366>-mb

<Max Backups>

To view the current backup schedule:

racadm systemconfig getbackupscheduler

To disable automatic backup use the command:

racadm set LifeCycleController.lcattributes.autobackup Disabled

To clear the backup schedule:

racadm systemconfig clearbackupscheduler

For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at

dell.com/support/manuals.

Importing Server Profile

You can use the back up image file to import (restore) the configuration and firmware for the same server without rebooting the server.

In 13th generation servers, this feature automates the entire motherboard replacement process. After replacing the motherboard and reinstalling the memory, HDDs, and other hardware, a special boot screen is displayed that provides an option to restore all saved configuration, service tag and license settings, and diagnostic programs. The iDRAC on the new motherboard reads this information and restores the saved configuration.

Import feature is not licensed.

NOTE icon NOTE: For the restore operation, the system service tag and the service tag in the backup file must be identical. The restore operation applies to all system components that are same and present in

the same location (example, in the same slot) as captured in the backup file. If components are different or not in the same location, they are not modified and restore failures is logged to the Lifecycle Log.

Before performing an import operation, make sure that Lifecycle Controller is enabled. If Lifecycle Controller is disabled, and if you initiate the import operation, the following message is displayed:

Lifecycle Controller is not enabled, cannot create Configuration job.

When import is already in-progress, and if you initiate a import operation again, the following error message is displayed:

Restore is already running


Import events are recorded in the Lifecycle Log.

Related Links

Restore Operation Sequence

Importing Server Profile Using iDRAC Web Interface

To import the server profile using iDRAC Web interface:

1. Go to Overview → iDRAC Settings → Server Profile → Import. The Import Server Profile page is displayed.

2. Select one of the following to specify the location of the backup file:

• Network

• vFlash

3. Enter the backup file name and decryption passphrase (optional).

4. If Network is selected as the file location, enter the network settings.

NOTE icon NOTE: While specifying the network share settings, it is recommended to avoid special characters for user name and password or percent encode the special characters.

For information about the fields, see the iDRAC Online Help.

5. Select one of the following for Virtual disks configuration and hard disk data:

• Preserve - Preserves the RAID level, virtual disk, controller attributes, and hard disk data in the system and restores the system to a previously known state using the backup image file.

• Delete and Replace - Deletes and replaces the RAID level, virtual disk, controller attributes, and hard disk configuration information in the system with the data from the backup image file.

6. Click Import.

The import server profile operation is initiated.

Importing Server Profile Using RACADM

To import the server profile using RACADM, use systemconfig restore command. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/ manuals.

Restore Operation Sequence

The restore operation sequence is:

1. Host system shuts down.

2. Backup file information is used to restore the Lifecycle Controller.

3. Host system turns on.

4. Firmware and configuration restore process for the devices is completed.

5. Host system shuts down.

6. iDRAC firmware and configuration restore process is completed.

7. iDRAC restarts.

8. Restored host system turns on to resume normal operation.


Monitoring iDRAC Using Other Systems Management Tools

You can discover and monitor iDRAC using Dell Management Console or Dell OpenManage Essentials. You can also use Dell Remote Access Configuration Tool (DRACT) to discover iDRACs, update firmware, and set up Active Directory. For more information, see the respective user’s guides.


4

Configuring iDRAC

iDRAC enables you to configure iDRAC properties, set up users, and set up alerts to perform remote management tasks.

Before you configure iDRAC, make sure that the iDRAC network settings and a supported browser is configured, and the required licenses are updated. For more information about the licensable feature in iDRAC, see Managing Licenses .

You can configure iDRAC using:

• iDRAC Web Interface

• RACADM

• Remote Services (see Lifecycle Controller Remote Services User’s Guide)

• IPMITool (see Baseboard Management Controller Management Utilities User’s Guide) To configure iDRAC:

1. Log in to iDRAC.

2. Modify the network settings if required.

NOTE icon NOTE: If you have configured iDRAC network settings, using iDRAC Settings utility during iDRAC IP address setup, then ignore this step.

3. Configure interfaces to access iDRAC.

4. Configure front panel display.

5. Configure System Location if required.

6. Configure time zone and Network Time Protocol (NTP) if required.

7. Establish any of the following alternate communication methods to iDRAC:

• IPMI or RAC serial

• IPMI serial over LAN

• IPMI over LAN

• SSH or Telnet client

8. Obtain the required certificates.

9. Add and configure iDRAC users with privileges.

10. Configure and enable e-mail alerts, SNMP traps, or IPMI alerts.

11. Set the power cap policy if required.

12. Enable the Last Crash Screen.

13. Configure virtual console and virtual media if required.

14. Configure vFlash SD card if required.

15. Set the first boot device if required.

16. Set the OS to iDRAC Pass-through if required.

Related Links

Logging into iDRAC


Modifying Network Settings Configuring Services Configuring Front Panel Display

Setting Up Managed System Location Configuring Time Zone and NTP Setting Up iDRAC Communication

Configuring User Accounts and Privileges Monitoring and Managing Power Enabling Last Crash Screen

Configuring and Using Virtual Console Managing Virtual Media

Managing vFlash SD Card Setting First Boot Device

Enabling or Disabling OS to iDRAC Pass-through Configuring iDRAC to Send Alerts

Viewing iDRAC Information

You can view the basic properties of iDRAC.

Viewing iDRAC Information Using Web Interface

In the iDRAC Web interface, go to Overview → iDRAC Settings → Properties to view the following information related to iDRAC. For information about the properties, see iDRAC Online Help.

• Hardware and firmware version

• Last firmware update

• RAC time

• IPMI version

• User interface title bar information

• Network settings

• IPv4 Settings

• IPv6 Settings

Viewing iDRAC Information Using RACADM

To view iDRAC information using RACADM, see getsysinfo or get subcommand details provided in the

iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.

Modifying Network Settings

After configuring the iDRAC network settings using the iDRAC Settings utility, you can also modify the settings through the iDRAC Web interface, RACADM, Lifecycle Controller, Dell Deployment Toolkit, and Server Administrator (after booting to the operating system). For more information on the tools and privilege settings, see the respective user’s guides.

To modify the network settings using iDRAC Web interface or RACADM, you must have Configure

privileges.


NOTE icon NOTE: Changing the network settings may terminate the current network connections to iDRAC.

Modifying Network Settings Using Web Interface

To modify the iDRAC network settings:

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Network. The Network page is displayed.

2. Specify the network settings, common settings, IPv4, IPv6, IPMI, and/or VLAN settings as per your requirement and click Apply.

If you select Auto Dedicated NIC under Network Settings, when the iDRAC has its NIC Selection as shared LOM (1, 2, 3, or 4) and a link is detected on the iDRAC dedicated NIC, the iDRAC changes its NIC selection to use the dedicated NIC. If no link is detected on the dedicated NIC, then the iDRAC uses the shared LOM. The switch from shared to dedicated time-out is five seconds and from dedicated to shared is 30 seconds. You can configure this time-out value using RACADM or WS- MAN.

For information about the various fields, see the iDRAC Online Help.

Modifying Network Settings Using Local RACADM

To generate a list of available network properties, type the following:

NOTE icon NOTE: You can use either getconfig and config commands or get and set commands with the RACADM objects.

• Using getconfig command: racadm getconfig -g cfgLanNetworking

• Using get command: racadm get iDRAC.Nic

To use DHCP to obtain an IP address, use the following command to write the object cfgNicUseDhcp or DHCPEnable and enable this feature:

• Using config command: racadm config -g cfgLanNetworking -o cfgNicUseDHCP 1

• Using set command: racadm set iDRAC.IPv4.DHCPEnable 1

The following is an example of how the command may be used to configure the required LAN network properties:

• Using config command:

racadm config -g cfgLanNetworking -o cfgNicEnable 1

racadm config -g cfgLanNetworking -o cfgNicIpAddress 192.168.0.120 racadm config -g cfgLanNetworking -o cfgNicNetmask 255.255.255.0 racadm config -g cfgLanNetworking -o cfgNicGateway 192.168.0.120 racadm config -g cfgLanNetworking -o cfgNicUseDHCP 0

racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 192.168.0.5 racadm config -g cfgLanNetworking -o cfgDNSServer2 192.168.0.6 racadm config -g cfgLanNetworking -o cfgDNSRegisterRac 1

racadm config -g cfgLanNetworking -o cfgDNSRacName RAC-EK00002 racadm config -g cfgLanNetworking -o cfgDNSDomainNameFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSDomainName MYDOMAIN

• Using set command:

racadm set iDRAC.Nic.Enable 1

racadm set iDRAC.IPv4.Address 192.168.0.120


racadm set iDRAC.IPv4.Netmask 255.255.255.0 racadm set iDRAC.IPv4.Gateway 192.168.0.120 racadm set iDRAC.IPv4.DHCPEnable 0

racadm set iDRAC.IPv4.DNSFromDHCP 0 racadm set iDRAC.IPv4.DNS1 192.168.0.5 racadm set iDRAC.IPv4.DNS2 192.168.0.6 racadm set iDRAC.Nic.DNSRegister 1

racadm set iDRAC.Nic.DNSRacName RAC-EK00002 racadm set iDRAC.Nic.DNSDomainFromDHCP 0 racadm set iDRAC.Nic.DNSDomainName MYDOMAIN

NOTE icon NOTE: If cfgNicEnable or iDRAC.Nic.Enable is set to 0, the iDRAC LAN is disabled even if DHCP is enabled.

Configuring IP Filtering

In addition to user authentication, use the following options to provide additional security while accessing iDRAC:

• IP filtering limits the IP address range of the clients accessing iDRAC. It compares the IP address of an incoming login to the specified range and allows iDRAC access only from a management station whose IP address is within the range. All other login requests are denied.

• When repeated login failures occur from a particular IP address, it prevents the address from logging in to iDRAC for a preselected time span. If you unsuccessfully log in up to two times, you are allowed to log in again only after 30 seconds. If you unsuccessfully log in more than two times, you are allowed to log in again only after 60 seconds.

As login failures accumulate from a specific IP address, they are registered by an internal counter. When the user successfully logs in, the failure history is cleared and the internal counter is reset.

NOTE icon NOTE: When login attempts are prevented from the client IP address, few SSH clients may display the message: ssh exchange identification: Connection closed by remote host.

NOTE icon NOTE: If you are using Dell Deployment Toolkit (DTK), see the Dell Deployment Toolkit User’s Guide

for the privileges.

Configure IP Filtering Using iDRAC Web Interface

You must have Configure privilege to perform these steps. To configure IP filtering:

1. In iDRAC Web interface, go to Overview → iDRAC Settings → Network → Network. The Network page is displayed.

2. Click Advanced Settings.

The Network Security page is displayed.

3. Specify the IP filtering settings.

For more information about the options, see iDRAC Online Help.

4. Click Apply to save the settings.

Configuring IP Filtering Using RACADM

You must have Configure privilege to perform these steps. To configure IP filtering, use the following RACADM objects:

• With config command:


– cfgRacTuneIpRangeEnable

– cfgRacTuneIpRangeAddr

– cfgRacTuneIpRangeMask

• With set command, use the objects in the iDRAC.IPBlocking group:

– RangeEnable

– RangeAddr

– RangeMask

The cfgRacTuneIpRangeMask or the RangeMask property is applied to both the incoming IP address and to the cfgRacTuneIpRangeAddr or RangeAddr property. If the results are identical, the incoming login request is allowed to access iDRAC. Logging in from IP addresses outside this range results in an error.

The login proceeds if the following expression equals zero:

• Using legacy syntax: cfgRacTuneIpRangeMask & (<incoming-IP-address> ^ cfgRacTuneIpRangeAddr)

• Using new syntax: RangeMask & (<incoming-IP-address> ^ RangeAddr) where, & is the bitwise AND of the quantities and ^ is the bitwise exclusive-OR. Examples for IP Filtering

• The following RACADM commands block all IP addresses except 192.168.0.57:

– Using config command:

racadm config -g cfgRacTuning -o cfgRacTuneIpRangeEnable 1

racadm config -g cfgRacTuning -o cfgRacTuneIpRangeAddr 192.168.0.57 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.255

– Using set command:

racadm set iDRAC.IPBlocking.RangeEnable 1

racadm set iDRAC.IPBlocking.RangeAddr 192.168.0.57 racadm set iDRAC.IPBlocking.RangeMask 255.255.255.255

• To restrict logins to a set of four adjacent IP addresses (for example, 192.168.0.212 through 192.168.0.215), select all but the lowest two bits in the mask:

– Using set command:

racadm set iDRAC.IPBlocking.RangeEnable 1

racadm set iDRAC.IPBlocking.RangeAddr 192.168.0.212 racadm set iDRAC.IPBlocking.RangeMask 255.255.255.252

The last byte of the range mask is set to 252, the decimal equivalent of 11111100b.

For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/ support/manuals.

Configuring Services

You can configure and enable the following services on iDRAC:

• Local Configuration — Disable access to iDRAC configuration (from the host system) using Local RACADM and iDRAC Settings utility.

• Web Server — Enable access to iDRAC Web interface. If you disable the option, use local RACADM to re-enable the Web Server, since disabling the Web Server also disables remote RACADM.


• SSH — Access iDRAC through firmware RACADM.

• Telnet — Access iDRAC through firmware RACADM

• Remote RACADM — Remotely access iDRAC.

• SNMP Agent — Enables support for SNMP queries (GET, GETNEXT, and GETBULK operations) in iDRAC.

• Automated System Recovery Agent — Enable Last System Crash Screen.

• VNC Server — Enable VNC server with or without SSL encryption.

Configuring Services Using Web Interface

To configure the services using iDRAC Web interface:

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Network → Services. The Services page is displayed.

2. Specify the required information and click Apply.

For information about the various settings, see the iDRAC Online Help.

Configuring Services Using RACADM

To enable and configure the various services using RACADM:

• Use the following objects with the config command:

– cfgRacTuneLocalConfigDisable

– cfgRacTuneCtrlEConfigDisable

– cfgSerialSshEnable

– cfgRacTuneSshPort

– cfgSsnMgtSshIdleTimeout

– cfgSerialTelnetEnable

– cfgRacTuneTelnetPort

– cfgSsnMgtTelnetIdleTimeout

– cfgRacTuneWebserverEnable

– cfgSsnMgtWebserverTimeout

– cfgRacTuneHttpPort

– cfgRacTuneHttpsPort

– cfgRacTuneRemoteRacadmEnable

– cfgSsnMgtRacadmTimeout

– cfgOobSnmpAgentEnable

– cfgOobSnmpAgentCommunity

• Use the objects in the following object groups with the set command:

– iDRAC.LocalSecurity

– iDRAC.LocalSecurity

– iDRAC.SSH

– iDRAC.Webserver

– iDRAC.Telnet


– iDRAC.Racadm

– iDRAC.SNMP

For more information about these objects, see iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.

Enabling or Disabling HTTPs Redirection

If you do not want automatic redirection from HTTP to HTTPs due to certificate warning issue with default iDRAC certificate or as a temporary setting for debugging purpose, you can configure iDRAC such that redirection from http port (default is 80) to https port (default is 443) is disabled. By default, it is enabled. You have to log out and log in to iDRAC for this setting to take effect. When you disable this feature, a warning message is displayed.

You must have Configure iDRAC privilege to enable or disable HTTPs redirection.

An event is recorded in the Lifecycle Controller log file when this feature is enabled or disabled. To disable the HTTP to HTTPs redirection:

racadm set iDRAC.Webserver.HttpsRedirection Disabled

To enable HTTP to HTTPs redirection:

racadm set iDRAC.Webserver.HttpsRedirection Enabled

To view the status of the HTTP to HTTPs redirection:

racadm get iDRAC.Webserver.HttpsRedirection

Using VNC Client to Manage Remote Server

You can use a standard open VNC client to manage the remote server using both desktop and mobile devices such as Dell Wyse PocketCloud. When servers in data centers stop functioning, the iDRAC or the operating system sends an alert to the console on the management station. The console sends an email or SMS to a mobile device with required information and launches VNC viewer application on the management station. This VNC viewer can connect to OS/Hypervisor on the server and provide access to keyboard, video and mouse of the host server to perform the necessary remediation. Before launching the VNC client, you must enable the VNC server and configure the VNC server settings in iDRAC such as password, VNC port number, SSL encryption, and the time out value. You can configure these settings using iDRAC Web interface or RACADM.

NOTE icon NOTE: VNC feature is licensed and is available in the iDRAC Enterprise license.

You can choose from many VNC applications or Desktop clients such as the ones from RealVNC or Dell Wyse PocketCloud.

Only one VNC client session can be active at a time.

If a VNC session is active, you can only launch the Virtual Media using Launch Virtual Console and not the Virtual Console Viewer.

If video encryption is disabled, the VNC client starts RFB handshake directly, and a SSL handshake is not required. During VNC client handshake (RFB or SSL), if another VNC session is active or if a Virtual Console session is open, the new VNC client session is rejected. After completion of the initial handshake,


VNC server disables Virtual Console and allows only Virtual Media. After termination of the VNC session, VNC server restores the original state of Virtual Console (enabled or disabled).

NOTE icon NOTE:

• When iDRAC NIC is in shared mode and the host system is power cycled, the network

connection is lost for a few seconds. During this time, if you perform any action in the active VNC client, the VNC session may close. You must wait for timeout (value configured for the VNC Server settings in the Services page in iDRAC Web interface) and then re-establish the VNC connection.

• If the VNC client window is minimized for more than 60 seconds, the client window closes. You must open a new VNC session. If you maximize the VNC client window within 60 seconds, you can continue to use it.

Configuring VNC Server Using iDRAC Web Interface

To configure the VNC server settings:

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Network → Services. The Services page is displayed.

2. In the VNC Server section, enable the VNC server, specify the password, port number, and enable or disable SSL encryption.

For information about the fields, see the iDRAC Online Help.

3. Click Apply.

The VNC server is configured.

Configuring VNC Server Using RACADM

To configure the VNC server, use the VNCserver object with the set command. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/ manuals.

Setting Up VNC Viewer With SSL Encryption

While configuring the VNC server settings in iDRAC, if the SSL Encryption option was enabled, then the SSL tunnel application must be used along with the VNC Viewer to establish the SSL encrypted connection with iDRAC VNC server.

NOTE icon NOTE: Most of the VNC clients do not have built-in SSL encryption support. To configure the SSL tunnel application:

1. Configure SSL tunnel to accept connection on <localhost>:<localport number>. For example, 127.0.0.1:5930.

2. Configure SSL tunnel to connect to <iDRAC IP address>:<VNC server port Number>. For example, 192.168.0.120:5901.

3. Start the tunnel application.

To establish connection with the iDRAC VNC server over the SSL encrypted channel, connect the VNC viewer to the localhost (link local IP address) and the local port number (127.0.0.1:<local port number>).

Setting Up VNC Viewer Without SSL Encryption

In general, all Remote Frame Buffer (RFB) compliant VNC Viewers connect to the VNC server using the iDRAC IP address and port number that is configured for the VNC server. If the SSL encryption option is


disabled when configuring the VNC server settings in iDRAC, then to connect to the VNC Viewer do the following:

In the VNC Viewer dialog box, enter the iDRAC IP address and the VNC port number in the VNC Server

field.

The format is <iDRAC IP address:VNC port number>

For example, if the iDRAC IP address is 192.168.0.120 and VNC port number is 5901, then enter

192.168.0.120:5901.

Configuring Front Panel Display

You can configure the front panel LCD and LED display for the managed system. For rack and tower servers, two types of front panels are available:

• LCD front panel and System ID LED

• LED front panel and System ID LED

For blade servers, only the System ID LED is available on the server front panel since the blade chassis has the LCD.

Related Links

Configuring LCD Setting Configuring System ID LED Setting

Configuring LCD Setting

You can set and display a default string such as iDRAC name, IP, and so on or a user-defined string on the LCD front panel of the managed system.

Configuring LCD Setting Using Web Interface

To configure the server LCD front panel display:

1. In iDRAC Web interface, go to Overview → Hardware → Front Panel.

2. In LCD Settings section, from the Set Home Message drop-down menu, select any of the following:

• Service Tag (default)

• Asset Tag

• DRAC MAC Address

• DRAC IPv4 Address

• DRAC IPv6 Address

• System Power

• Ambient Temperature

• System Model

• Host Name

• User Defined

• None

If you select User Defined, enter the required message in the text box.


If you select None, home message is not displayed on the server LCD front panel.

3. Enable Virtual Console indication (optional). If enabled, the Live Front Panel Feed section and the LCD panel on the server displays the Virtual console session active message when there is an active Virtual Console session.

4. Click Apply.

The server LCD front panel displays the configured home message.

Configuring LCD Setting Using RACADM

To configure the server LCD front panel display, use the objects in the System.LCD group. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/ support/manuals.

Configuring LCD Setting Using iDRAC Settings Utility

To configure the server LCD front panel display:

1. In the iDRAC Settings utility, go to Front Panel Security. The iDRAC Settings.Front Panel Security page is displayed.

2. Enable or disable the power button.

3. Specify the following:

• Access to the front panel

• LCD message string

• System power units, ambient temperature units, and error display

4. Enable or disable the virtual console indication.

For information about the options, see the iDRAC Settings Utility Online Help.

5. Click Back, click Finish, and then click Yes.

Configuring System ID LED Setting

To identify a server, enable or disable System ID LED blinking on the managed system.

Configuring System ID LED Setting Using Web Interface

To configure the System ID LED display:

1. In iDRAC Web interface, go to Overview → Hardware → Front Panel. The Front Panel page is displayed.

2. In System ID LED Settings section, select any of the following options to enable or disable LED blinking:

• Blink Off

• Blink On

• Blink On 1 Day Timeout

• Blink On 1 Week Timeout

• Blink On 1 Month Timeout

3. Click Apply.

The LED blinking on the front panel is configured.


Configuring System ID LED Setting Using RACADM

To configure system ID LED, use the setled command. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.

Configuring Time Zone and NTP

You can configure the time zone on iDRAC and synchronize the iDRAC time using Network Time Protocol (NTP) instead of BIOS or host system times.

You must have Configure privilege to configure time zone or NTP settings.

Configuring Time Zone and NTP Using iDRAC Web Interface

To configure time zone and NTP using iDRAC Web interface:

1. Go to Overview → iDRAC Settings → Properties → Settings. The Time zone and NTP page is displayed.

2. To configure the time zone, from the Time Zone drop-down menu, select the required time zone, and then click Apply.

3. To configure NTP, enable NTP, enter the NTP server addresses, and then click Apply. For information about the fields, see iDRAC Online Help .

Configuring Time Zone and NTP Using RACADM

To configure time zone and NTP using RACADM, use the objects in the iDRAC.Time and iDRAC.NTPConfigGroup group with the set command. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.

Setting First Boot Device

You can set the first boot device for the next boot only or for all subsequent reboots. Based on this selection, you can set the first boot device for the system. The system boots from the selected device on the next and subsequent reboots and remains as the first boot device in the BIOS boot order, until it is changed again either from the iDRAC Web interface or from the BIOS boot sequence. You can set the first boot device to one of the following:

• Normal Boot

• PXE

• BIOS Setup

• Local Floppy/Primary Removable Media

• Local CD/DVD

• Hard Drive

• Virtual Floppy

• Virtual CD/DVD/ISO

• Local SD Card

• vFlash

• Lifecycle Controller


• BIOS Boot Manager

NOTE icon NOTE:

• BIOS Setup (F2), Lifecycle Controller (F10), BIOS Boot Manager (F11) only support boot once enabled.

• Virtual Console does not support permanent boot configuration. It is always boot once.

• The first boot device setting in iDRAC Web Interface overrides the System BIOS boot settings.

Setting First Boot Device Using Web Interface

To set the first boot device using iDRAC Web interface:

1. Go to Overview → Server → Setup → First Boot Device. The First Boot Device page is displayed.

2. Select the required first boot device from the drop-down list, and click Apply. The system boots from the selected device for subsequent reboots.

3. To boot from the selected device only once on the next boot, select Boot Once. Thereafter, the system boots from the first boot device in the BIOS boot order.

For more information about the options, see the iDRAC Online Help.

Setting First Boot Device Using RACADM

• To set the first boot device, use the cfgServerFirstBootDevice object.

• To enable boot once for a device, use the cfgServerBootOnce object.

For more information about these objects, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.

Setting First Boot Device Using Virtual Console

You can select the device to boot from as the server is being viewed in the Virtual Console viewer before the server runs through its boot-up sequence. You can perform boot once to all the supported devices listed in Setting First Boot Device .

To set the first boot device using Virtual Console:

1. Launch Virtual Console.

2. In the Virtual Console Viewer, from the Next Boot menu, set the required device as the first boot device.

Enabling Last Crash Screen

To troubleshoot the cause of managed system crash, you can capture the system crash image using iDRAC.

To enable the last crash screen:

1. From the Dell Systems Management Tools and Documentation DVD, install Server Administrator on the managed system.

For more information, see the Dell OpenManage Server Administrator Installation Guide at dell.com/ support/manuals.

2. In the Windows startup and recovery window, make sure that the automatic reboot option is not selected.


For more information, see Windows documentation.

3. Use Server Administrator to enable the Auto Recovery timer, set the Auto Recovery action to Reset, Power Off, or Power Cycle, and set the timer in seconds (a value between 60 - 480).

For more information, see the Dell OpenManage Server Administrator Installation Guide at dell.com/ support/manuals.

4. Enable the Auto Shutdown and Recovery (ASR) option using one of the following:

• Server Administrator — See Dell OpenManage Server Administrator User’s Guide at dell.com/ support/manuals.

• Local RACADM — Use the command:

racadm config -g cfgRacTuning -o cfgRacTuneAsrEnable 1

5. Enable Automated System Recovery Agent. To do this, go to Overview → iDRAC Settings →

Network → Services, select Enabled and click Apply.

Enabling or Disabling OS to iDRAC Pass-through

In servers that have Network Daughter Card (NDC) or embedded LAN On Motherboard (LOM) devices, you can enable the OS to iDRAC Pass-through feature that provides a high-speed bi-directional in-band communication between iDRAC and the host operating system through a shared LOM (rack or tower servers), a dedicated NIC (rack, tower, or blade servers), or through the USB NIC. This feature is available for iDRAC Enterprise license.

When enabled through dedicated NIC, you can launch the browser in the host operating system and then access the iDRAC Web interface. The dedicated NIC for the blade servers is through the Chassis Management Controller.

Switching between dedicated NIC or shared LOM does not require a reboot or reset of the host operating system or iDRAC.

You can enable this channel using:

• iDRAC Web interface

• RACADM or WS-MAN (post operating system environment)

• iDRAC Settings utility (pre-operating system environment)

If the network configuration is changed through iDRAC Web interface, you must wait for at least 10 seconds before enabling OS to iDRAC Pass-through.

If you are using the XML configuration file through RACADM or WS-MAN and if the network settings are changed in this file, then you must wait for 15 seconds to either enable OS to iDRAC Pass-through feature or set the OS Host IP address.

Before enabling OS to iDRAC Pass-through, make sure that:

• iDRAC is configured to use dedicated NIC or shared mode (that is, NIC selection is assigned to one of the LOMs).

• Host operating system and iDRAC are in the same subnet and same VLAN.

• Host operating system IP address is configured.

• A card that supports OS to iDRAC pass-through capability is installed.

• You have Configure privilege. When you enable this feature:


• In shared mode, the host operating system's IP address is used.

• In dedicated mode, you must provide a valid IP address of the host operating system. If more than one LOM is active, enter the first LOM’s IP address.

After enabling OS to iDRAC Pass-through feature, if it is not working:

• Check whether the iDRAC's dedicated NIC cable is connected properly.

• Make sure that at least one LOM is active.

Related Links

Supported Cards for OS to iDRAC Pass-through Supported Operating Systems for USB NIC

Enabling or Disabling OS to iDRAC Pass-through Using Web Interface Enabling or Disabling OS to iDRAC Pass-through Using RACADM

Enabling or Disabling OS to iDRAC Pass-through Using iDRAC Settings Utility

Supported Cards for OS to iDRAC Pass-through

The following table provides a list of cards that support the OS to iDRAC Pass-through feature using LOM.

Table 7. : OS to iDRAC Pass-through Using LOM — Supported Cards

Category

Manufacturer

Type

NDC

Broadcom

• 5720 QP rNDC 1G BASE-T

• 57810S DP bNDC KR

• 57800S QP rNDC (10G BASE-T + 1G BASE-T)

• 57800S QP rNDC (10G SFP+ + 1G BASE-T)

• 57840 4x10G KR

• 57840 rNDC

Intel

• i540 QP rNDC (10G BASE-T + 1G BASE-T)

• i350 QP rNDC 1G BASE-T

• x520/i350 rNDC 1GB

Qlogic

QMD8262 Blade NDC

In-built LOM cards also support the OS to iDRAC pass-through feature. The following cards do not support the OS to iDRAC Pass-through feature:

• Intel 10 GB NDC.

• Intel rNDC with two controllers – 10G controllers does not support.

• Qlogic bNDC

• PCIe, Mezzanine, and Network Interface Cards.

Supported Operating Systems for USB NIC

The operating systems supported for USB NIC are:

• Windows Server 2008 SP2 (64-bit)

• Windows Server 2008 SP2 R2 (64-bit)


• Windows Server 2012 SP1

• SLES 10 SP4 (64-bit)

• SLES 11 SP2 (64-bit)

• RHEL 5.9 (32-bit and 64-bit)

• RHEL 6.4

• vSphere v5.0 U2 ESXi

• vSphere v5.1 U1 ESXi

• vSphere v5.5 ESXi

On servers with Windows 2008 SP2 64-bit operating system, the iDRAC Virtual CD USB Device is not discovered automatically (or enabled). You must enable this manually. For more information, see steps recommended by Microsoft to manually update the Remote Network Driver Interface Specification (RNDIS) driver for this device.

For Linux operating systems, configure the USB NIC as DHCP on the host operating system before enabling USB NIC.

If the host operating system is SUSE Linux Enterprise Server 11, then after enabling the USB NIC in iDRAC, you must manually enable DHCP client on the host operating system. For information to enable DHCP, see the documents for SUSE Linux Enterprise Server 11 operating systems.

For vSphere, you must install the VIB file before enabling USB NIC.

For the following operating systems, if you install the Avahi and nss-mdns packages, then you can use https://idrac.local to launch the iDRAC from the host operating system. If these packages are not installed, use https://169.254.0.1 to launch the iDRAC.

Operating System

Firewall Status

Avahi Package

nss-mdns Package

RHEL 5.9

32–bit

Disable

Install as a separate package (avahi-0.6.16-10.el5_6.i386.rpm)

Install as a separate package (nss- mdns-0.10-4.el5.i386.rpm)

RHEL 6.4

64–bit

Disable

Install as a separate package (avahi-0.6.25-12.el6.x86_64.rpm)

Install as a separate package (nss- mdns-0.10-8.el6.x86_64.rpm)

SLES 11 SP3

64–bit

Disable

Avahi package is the part of operating system DVD

nss-mdns is installed while installing Avahi

On the host system, while installing RHEL 5.9 operating system, the USB NIC pass-through mode is in disabled state. If it is enabled after the installation is complete, the network interface corresponding to the USB NIC device is not active automatically. You can do any of the following to make the USB NIC device active:

• Configure the USB NIC interface using Network Manager tool. Navigate to System → Administrator

→ Network → Devices → New → Ethernet Connection and select Dell computer corp.iDRAC Virtual NIC USB Device. Click the Activate icon to activate the device. For more information, see the RHEL

5.9 documentation.

• Create corresponding interface’s config file as ifcfg-ethX in /etc/sysconfig/network-script/ directory. Add the basic entries DEVICE, BOOTPROTO, HWADDR, ONBOOT. Add TYPE in the ifcfg-ethX file and restart the network services using the command service network restart.

• Reboot the system.


• Turn off and turn on the system.

On systems with RHEL 5.9 operating system, if the USB NIC was disabled and if you turn off the system or vice-versa, when the system is turned on and if the USB NIC is enabled, the USB NIC device is not active automatically. To make it active, check if any ifcfg-ethX.bak file is available in the /etc/sysconfig/network- script directory for the USB NIC interface. If it is available, rename it to ifcfg-ethX and then use the ifup ethX command.

Related Links

Installing VIB File

Installing VIB File

For vSphere operating systems, before enabling the USB NIC, you must install the VIB file. To install the VIB file:

1. Using Win-SCP, copy the VIB file to /tmp/ folder of the ESX-i host operating system.

2. Go to the ESXi prompt and run the following command:

esxcli software vib install -v /tmp/ iDRAC_USB_NIC-1.0.0-799733X03.vib --no- sig-check

The output is:

Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.

Reboot Required: true

VIBs Installed: Dell_bootbank_iDRAC_USB_NIC_1.0.0-799733X03 VIBs Removed:

VIBs Skipped:

3. Reboot the server.

4. At the ESXi prompt, run the command: esxcfg-vmknic –l. The output displays the usb0 entry.

Enabling or Disabling OS to iDRAC Pass-through Using Web Interface

To enable OS to iDRAC Pass-through using Web interface:

1. Go to Overview → iDRAC Settings → Network → OS to iDRAC Pass-through. The OS to iDRAC Pass-through page is displayed.

2. Select any of the following options to enable OS to iDRAC pass-through:

• LOM — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the LOM or NDC.

• USB NIC — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the internal USB bus.

To disable this feature, select Disabled.

3. If you select LOM as the pass-through configuration, and if the server is connected using dedicated mode, enter the IPv4 address of the operating system.

NOTE icon NOTE: If the server is connected in shared LOM mode, then the OS IP Address field is disabled.

4. If you select USB NIC as the pass-through configuration, enter the IP address of the USB NIC.

The default value is 169.254.0.1. It is recommended to use the default IP address. However, if this IP address conflicts with an IP address of other interfaces of the host system or the local network, you must change it.


Do not enter 169.254.0.3 and 169.254.0.4 IPs. These IPs are reserved for the USB NIC port on the front panel when a A/A cable is used.

5. Click Apply to apply the settings.

6. Click Test Network Configuration to check if the IP is accessible and the link is established between the iDRAC and the host operating system.

Enabling or Disabling OS to iDRAC Pass-through Using RACADM

To enable or disable OS to iDRAC Pass-through using RACADM, use the objects in the iDRAC.OS-BMC group. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.

Enabling or Disabling OS to iDRAC Pass-through Using iDRAC Settings Utility

To enable or disable OS to iDRAC Pass-through using iDRAC Settings Utility:

1. In the iDRAC Settings utility, go to Communications Permissions. The iDRAC Settings.Communications Permissions page is displayed.

2. Select any of the following options to enable OS to iDRAC pass-through:

• LOM — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the LOM or NDC.

• USB NIC — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the internal USB bus.

To disable this feature, select Disabled.

NOTE icon NOTE: The LOM option can be selected only of the card supports OS to iDRAC pass-through capability. Else, this option is grayed-out.

3. If you select LOM as the pass-through configuration, and if the server is connected using dedicated mode, enter the IPv4 address of the operating system.

NOTE icon NOTE: If the server is connected in shared LOM mode, then the OS IP Address field is disabled.

4. If you select USB NIC as the pass-through configuration, enter the IP address of the USB NIC.

The default value is 169.254.0.1. However, if this IP address conflicts with an IP address of other interfaces of the host system or the local network, you must change it. Do not enter 169.254.0.3 and 169.254.0.4 IPs. These IPs are reserved for the USB NIC port on the front panel when a A/A cable is used

5. Click Back, click Finish, and then click Yes. The details are saved.

Obtaining Certificates

The following table lists the types of certificates based on the login type.

Table 8. Types of Certificate Based on Login Type

Login Type

Certificate Type

How to Obtain

Single Sign-on using Active Directory

Trusted CA certificate

Generate a CSR and get it signed from a Certificate Authority


Login Type Certificate Type How to Obtain

SHA-2 certificates are also supported.

Smart Card login as a local or Active Directory user

• User certificate

• Trusted CA certificate

• User Certificate — Export the smart card user certificate as Base64-encoded file using the card management software provided by the smart card vendor.

• Trusted CA certificate — This certificate is issued by a CA.

SHA-2 certificates are also supported.

Active Directory user login

Trusted CA certificate

This certificate is issued by a CA.

SHA-2 certificates are also supported.

Local User login

SSL Certificate

Generate a CSR and get it signed from a trusted CA

NOTE icon NOTE: iDRAC ships with a default self-signed SSL

server certificate. The iDRAC Web server, Virtual Media, and Virtual Console use this certificate.

SHA-2 certificates are also supported.

Related Links

SSL Server Certificates

Generating a New Certificate Signing Request

SSL Server Certificates

iDRAC includes a Web server that is configured to use the industry-standard SSL security protocol to transfer encrypted data over a network. Built upon asymmetric encryption technology, SSL is widely accepted for providing authenticated and encrypted communication between clients and servers to prevent eavesdropping across a network.

An SSL-enabled system can perform the following tasks:

• Authenticate itself to an SSL-enabled client

• Allow the two systems to establish an encrypted connection

The encryption process provides a high level of data protection. iDRAC employs the 128-bit SSL encryption standard, the most secure form of encryption generally available for Internet browsers in North America.

iDRAC Web server has a Dell self-signed unique SSL digital certificate by default. You can replace the default SSL certificate with a certificate signed by a well-known Certificate Authority (CA). A Certificate


Authority is a business entity that is recognized in the Information Technology industry for meeting high standards of reliable screening, identification, and other important security criteria. Examples of CAs include Thawte and VeriSign. To initiate the process of obtaining a CA-signed certificate, use either iDRAC Web interface or RACADM interface to generate a Certificate Signing Request (CSR) with your company’s information. Then, submit the generated CSR to a CA such as VeriSign or Thawte. The CA can be a root CA or an intermediate CA. After you receive the CA-signed SSL certificate, upload this to iDRAC.

For each iDRAC to be trusted by the management station, that iDRAC’s SSL certificate must be placed in the management station’s certificate store. Once the SSL certificate is installed on the management stations, supported browsers can access iDRAC without certificate warnings.

You can also upload a custom signing certificate to sign the SSL certificate, rather than relying on the default signing certificate for this function. By importing one custom signing certificate into all management stations, all the iDRACs using the custom signing certificate are trusted. If a custom signing certificate is uploaded when a custom SSL certificate is already in-use, then the custom SSL certificate is disabled and a one-time auto-generated SSL certificate, signed with the custom signing certificate, is used. You can download the custom signing certificate (without the private key). You can also delete an existing custom signing certificate. After deleting the custom signing certificate, iDRAC resets and auto- generates a new self-signed SSL certificate. If a self-signed certificate is regenerated, then the trust must be re-established between that iDRAC and the management workstation. Auto-generated SSL certificates are self-signed and have an expiration date of seven years and one day and a start date of one day in the past (for different time zone settings on management stations and the iDRAC).

The iDRAC Web server SSL certificate supports the asterisk character (*) as part of the left-most component of the Common Name when generating a Certificate Signing Request (CSR). For example,

*.qa.com, or *.company.qa.com. This is called a wildcard certificate. If a wildcard CSR is generated outside of iDRAC, you can have a signed single wildcard SSL certificate that you can upload for multiple iDRACs and all the iDRACs are trusted by the supported browsers. While connecting to iDRAC Web interface using a supported browser that supports a wildcard certificate, the iDRAC is trusted by the browser. While launching viewers, the iDRACs are trusted by the viewer clients.

Related Links

Generating a New Certificate Signing Request Uploading Server Certificate

Viewing Server Certificate

Uploading Custom Signing Certificate

Downloading Custom SSL Certificate Signing Certificate Deleting Custom SSL Certificate Signing Certificate

Generating a New Certificate Signing Request

A CSR is a digital request to a Certificate Authority (CA) for a SSL server certificate. SSL server certificates allow clients of the server to trust the identity of the server and to negotiate an encrypted session with the server.

After the CA receives a CSR, they review and verify the information the CSR contains. If the applicant meets the CA’s security standards, the CA issues a digitally-signed SSL server certificate that uniquely identifies the applicant’s server when it establishes SSL connections with browsers running on management stations.


After the CA approves the CSR and issues the SSL server certificate, it can be uploaded to iDRAC. The information used to generate the CSR, stored on the iDRAC firmware, must match the information contained in the SSL server certificate, that is, the certificate must have been generated using the CSR created by iDRAC.

Related Links

SSL Server Certificates

Generating CSR Using Web Interface

To generate a new CSR:

NOTE icon NOTE: Each new CSR overwrites any previous CSR data stored in the firmware. The information in the CSR must match the information in the SSL server certificate. Else, iDRAC does not accept the

certificate.

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Network → SSL, select Generate Certificate Signing Request (CSR) and click Next.

The Generate a New Certificate Signing Request page is displayed.

2. Enter a value for each CSR attribute.

For more information, see iDRAC Online Help.

3. Click Generate.

A new CSR is generated. Save it to the management station.

Generating CSR Using RACADM

To generate a CSR using RACADM, use the objects in the cfgRacSecurity group with the config command or use the objects in the iDRAC.Security group with the set command, and then use the sslcsrgen command to generate the CSR. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.

Uploading Server Certificate

After generating a CSR, you can upload the signed SSL server certificate to the iDRAC firmware. iDRAC must be reset to apply the certificate. iDRAC accepts only X509, Base 64 encoded Web server certificates. SHA-2 certificates are also supported.

CAUTION icon CAUTION: During reset, iDRAC is not available for a few minutes. Related Links

SSL Server Certificates

Uploading Server Certificate Using Web Interface

To upload the SSL server certificate:

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Network → SSL, select Upload Server Certificate and click Next.

The Certificate Upload page is displayed.

2. Under File Path, click Browse and select the certificate on the management station.

3. Click Apply.

The SSL server certificate is uploaded to iDRAC.

4. A pop-up message is displayed asking you to reset iDRAC immediately or at a later time. Click Reset iDRAC or Reset iDRAC Later as required.


iDRAC resets and the new certificate is applied. The iDRAC is not available for a few minutes during the reset.

NOTE icon NOTE: You must reset iDRAC to apply the new certificate. Until iDRAC is reset, the existing certificate is active.

Uploading Server Certificate Using RACADM

To upload the SSL server certificate, use the sslcertupload command. For more information, see the

RACADM Command Line Reference Guide for iDRAC available at dell.com/support/manuals.

If the CSR is generated outside of iDRAC with a private key available, then to upload the certificate to iDRAC:

1. Send the CSR to a well-known root CA. CA signs the CSR and the CSR becomes a valid certificate.

2. Upload the private key using the remote racadm sslkeyupload command.

3. Upload the signed certificate to iDRAC using the remote racadm sslcertupload command. The new certificate is uploaded iDRAC. A message is displayed asking you to reset iDRAC.

4. Run the racadm racreset command to reset iDRAC.

iDRAC resets and the new certificate is applied. The iDRAC is not available for a few minutes during the reset.

NOTE icon NOTE: You must reset iDRAC to apply the new certificate. Until iDRAC is reset, the existing certificate is active.

Viewing Server Certificate

You can view the SSL server certificate that is currently being used in iDRAC.

Related Links

SSL Server Certificates

Viewing Server Certificate Using Web Interface

In the iDRAC Web interface, go to Overview → iDRAC Settings → Network → SSL. The SSL page displays the SSL server certificate that is currently in use at the top of the page.

Viewing Server Certificate Using RACADM

To view the SSL server certificate, use the sslcertview command. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.

Uploading Custom Signing Certificate

You can upload a custom signing certificate to sign the SSL certificate. SHA-2 certificates are also supported.

Uploading Custom Signing Certificate Using Web Interface

To upload the custom signing certificate using iDRAC Web interface:

1. Go to Overview → iDRAC Settings → Network → SSL. The SSL page is displayed.

2. Under Custom SSL Certificate Signing Certificate, select Upload Custom SSL Certificate Signing Certificate and click Next.


The Upload Custom SSL Certificate Signing Certificate page is displayed.

3. Click Browse and select the custom SSL certificate signing certificate file.

Only Public-Key Cryptography Standards #12 (PKCS #12) compliant certificate is supported.

4. If the certificate is password protected, in the PKCS#12 Password field, enter the password.

5. Click Apply.

The certificate is uploaded to iDRAC.

6. A pop-up message is displayed asking you to reset iDRAC immediately or at a later time. Click Reset iDRAC or Reset iDRAC Later as required.

After iDRAC resets, the new certificate is applied. The iDRAC is not available for a few minutes during the reset.

NOTE icon NOTE: You must reset iDRAC to apply the new certificate. Until iDRAC is reset, the existing certificate is active.

Uploading Custom SSL Certificate Signing Certificate Using RACADM

To upload the custom SSL certificate signing certificate using RACADM, use the sslcertupload subcommand, and then use the racreset command to reset iDRAC. For more information, see the iDRAC8 2.00.00.00 RACADM Command Line Reference Guide available at www.dell.com/esmmanuals.

Downloading Custom SSL Certificate Signing Certificate

You can download the custom signing certificate using iDRAC Web interface or RACADM.

Downloading Custom Signing Certificate

To download the custom signing certificate using iDRAC Web interface:

1. Go to Overview → iDRAC Settings → Network → SSL. The SSL page is displayed.

2. Under Custom SSL Certificate Signing Certificate, select Download Custom SSL Certificate Signing Certificate and click Next.

A pop-up message is displayed that allows you to save the custom signing certificate to a location of your choice.

Downloading Custom SSL Certificate Signing Certificate Using RACADM

To download the custom SSL certificate signing certificate, use the sslcertdownload subcommand. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.

Deleting Custom SSL Certificate Signing Certificate

You can also delete an existing custom signing certificate using iDRAC Web interface or RACADM.

Deleting Custom Signing Certificate Using iDRAC Web Interface

To delete the custom signing certificate using iDRAC Web interface:

1. Go to Overview → iDRAC Settings → Network → SSL. The SSL page is displayed.

2. Under Custom SSL Certificate Signing Certificate, select Delete Custom SSL Certificate Signing Certificate and click Next.


3. A pop-up message is displayed asking you to reset iDRAC immediately or at a later time. Click Reset iDRAC or Reset iDRAC Later as required.

After iDRAC resets, a new self-signed certificate is generated.

Deleting Custom SSL Certificate Signing Certificate Using RACADM

To delete the custom SSL certificate signing certificate using RACADM, use the sslcertdelete subcommand. Then, use the racreset command to reset iDRAC. For more information, see the iDRAC8

2.1.1.1 RACADM Command Line Reference Guide available at www.dell.com/esmmanuals.

Configuring Multiple iDRACs Using RACADM

You can configure one or more iDRACs with identical properties using RACADM. When you query a specific iDRAC using its group ID and object ID, RACADM creates the .cfg configuration file from the retrieved information. File name is user specified. Import the file to other iDRACs to identically configure them.

NOTE icon NOTE:

• The configuration file contains information that is applicable for the particular server. The information is organized under various object groups.

• Few configuration files contain unique iDRAC information (such as the static IP address) that you must modify before you export the file to other iDRACs.

You can also use the system configuration XML file to configure multiple iDRACs using RACADM. System configuration XML file contains the component configuration information, and this file is used to apply the configuration for BIOS, iDRAC, RAID, and NIC by importing the file into a target system. For more information, see XML Configuration Workflow white paper available at dell.com/support/manuals or at Dell Tech Center.

To configure multiple iDRACs using the .cfg file:

1. Query the target iDRAC that contains the required configuration using the command: racadm getconfig -f myfile.cfg.

The command requests the iDRAC configuration and generates the myfile.cfg file. If required, you can configure the file with another name.

NOTE icon NOTE: Redirecting the iDRAC configuration to a file using getconfig -f is only supported with the local and remote RACADM interfaces.

NOTE icon NOTE: The generated .cfg file does not contain user passwords.

The getconfig command displays all configuration properties in a group (specified by group name and index) and all configuration properties for a user by user name.

2. Modify the configuration file using a simple text editor (optional).

NOTE icon NOTE: It is recommended that you edit this file with a simple text editor. The RACADM utility uses an ASCII text parser. Any formatting confuses the parser, which may corrupt the RACADM

database.

3. Use the new configuration file to modify the target iDRAC using the command: racadm config -f myfile.cfg

This loads the information into the other iDRAC. You can use config subcommand to synchronize the user and password database with Server Administrator.

4. Reset the target iDRAC using the command: racadm racreset


Creating an iDRAC Configuration File

The configuration file .cfg can be:

• Created

• Obtained from racadm getconfig -f <filename>.cfg command or racadm get -f

<filename>.cfg

• Obtained from racadm getconfig -f <filename>.cfg command or racadm get -f

<filename>.cfg, and then edited

For information about the getconfig and get commands, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals .

The .cfg file is first parsed to verify that valid group and object names are present and the basic syntax rules are being followed. Errors are flagged with the line number that detected the error, and a message explains the problem. The entire file is parsed for correctness, and all errors are displayed. Write commands are not transmitted to iDRAC if an error is found in the .cfg file. The user must correct all errors before using the file to configure iDRAC. Use the -c option in the config subcommand, which verifies the syntax and does not perform a write operation to iDRAC.

Use the following guidelines when you create a .cfg file:

• If the parser encounters an indexed group, the index of the group is used as the anchor. Any modifications to the objects within the indexed group is also associated with the index value.

For example:

– If you have used the getconfig command:

[cfgUserAdmin]

# cfgUserAdminIndex=11 cfgUserAdminUserName=

# cfgUserAdminPassword=******** (Write-Only) cfgUserAdminEnable=0 cfgUserAdminPrivilege=0x00000000 cfgUserAdminIpmiLanPrivilege=15 cfgUserAdminIpmiSerialPrivilege=15 cfgUserAdminSolEnable=0

– If you have used the get command:

[idrac.users.16] Enable=Disabled IpmiLanPrivilege=15 IpmiSerialPrivilege=15

!!Password=******** (Write-Only) Privilege=0x0 SNMPv3AuthenticationType=SHA SNMPv3Enable=Disabled SNMPv3PrivacyType=AES SolEnable=Disabled

UserName=

• The indexes are read-only and cannot be modified. Objects of the indexed group are bound to the index under which they are listed and any valid configuration to the object value is applicable only to that particular index.

• A predefined set of indexes are available for each indexed group. For more information, see the

iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals .


• Use the racresetcfg subcommand to reset the iDRAC to the default setting, and then run the racadm config -f <filename>.cfg or racadm set -f <filename>.cfg command. Make sure that the .cfg file includes all required objects, users, indexes, and other parameters.

CAUTION icon CAUTION: Use the racresetcfg subcommand to reset the database and the iDRAC NIC settings to the default settings and remove all users and user configurations. While the root user is

available, other user settings are also reset to the default settings.

Parsing Rules

• All lines that start with '#' are treated as comments. A comment line must start in column one. A '#' character in any other column is treated as a '#' character. Some modem parameters may include # characters in its string. An escape character is not required. You may want to generate a .cfg from a racadm getconfig -f <filename> .cfg command, and then perform a racadm config -f

<filename> .cfg command to a different iDRAC, without adding escape characters. Example:

#

# This is a comment [cfgUserAdmin]

cfgUserAdminPageModemInitString=<Modem init # not a comment>

• All group entries must be surrounded by "[" and "]" characters. The starting "[" character denoting a group name must start in column one. This group name must be specified before any of the objects in that group. Objects that do not include an associated group name generate an error. The configuration data is organized into groups as defined in the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals. The following example displays a group name, object, and the object’s property value.

[cfgLanNetworking] -{group name}

cfgNicIpAddress=143.154.133.121 {object name}

• All parameters are specified as "object=value" pairs with no white space between the object, =, or value.

White spaces that are included after the value are ignored. A white space inside a value string remains unmodified. Any character to the right of the '=' is taken as is (for example, a second '=', or a '#', '[', ']', and so forth). These characters are valid modem chat script characters.

See the example in the previous bullet.

The racadm getconfig -f <filename> .cfg command places a comment in front of index objects, allowing the user to see the included comments.

To view the contents of an indexed group, use the following command:

racadm getconfig -g <groupName> -i <index 1-16>

• For indexed groups the object anchor must be the first object after the "[ ]" pair. The following are examples of the current indexed groups:

[cfgUserAdmin] cfgUserAdminIndex=11

If you type racadm getconfig -f < myexample >.cfg, the command builds a .cfg file for the

current iDRAC configuration. This configuration file can be used as an example and as a starting point for your unique . cfg file.


Modifying the iDRAC IP Address

When you modify the iDRAC IP address in the configuration file, remove all unnecessary

<variable> =value entries. Only the actual variable group’s label with "[" and "]" remains, including the two

<variable> =value entries pertaining to the IP address change. For example:

#

# Object Group "cfgLanNetworking"

#

[cfgLanNetworking] cfgNicIpAddress=10.35.10.110 cfgNicGateway=10.35.10.1

This file is updated as follows:

#

# Object Group "cfgLanNetworking"

#

[cfgLanNetworking] cfgNicIpAddress=10.35.9.143

# comment, the rest of this line is ignored cfgNicGateway=10.35.9.1

The command racadm config -f myfile.cfg parses the file and identifies any errors by line

number. A correct file updates the proper entries. Additionally, you can use the same getconfig

command from the previous example to confirm the update.

Use this file to download company-wide changes or to configure new systems over the network. NOTE icon NOTE: "Anchor" is an internal term and do not use it in the file.

Disabling Access to Modify iDRAC Configuration Settings on Host System

You can disable access to modify the iDRAC configuration settings through Local RACADM or iDRAC Settings utility. However, you can view these configuration settings. To do this:

1. In iDRAC Web interface, go to Overview → iDRAC Settings → Network → Services.

2. Select one or both of the following:


• Disable the iDRAC Local Configuration using iDRAC Settings — Disables access to modify the configuration settings in iDRAC Settings utility.

• Disable the iDRAC Local Configuration using RACADM — Disables access to modify the configuration settings in Local RACADM.

3. Click Apply.

NOTE icon NOTE: If access is disabled, you cannot use Server Administrator or IPMITool to perform iDRAC configurations. However, you can use IPMI Over LAN.


5

Viewing iDRAC and Managed System Information

You can view iDRAC and managed system’s health and properties, hardware and firmware inventory, sensor health, storage devices, network devices, and view and terminate user sessions. For blade servers, you can also view the flex address information.

Related Links

Viewing Managed System Health and Properties Viewing System Inventory

Viewing Sensor Information

Monitoring Performance Index of CPU, Memory, and I/O Modules Checking the System for Fresh Air Compliance

Viewing Historical Temperature Data Inventory and Monitoring Storage Devices Inventory and Monitoring Network Devices Inventory and Monitoring FC HBA Devices

Viewing FlexAddress Mezzanine Card Fabric Connections Viewing or Terminating iDRAC Sessions

Viewing Managed System Health and Properties

When you log in to iDRAC Web interface, the System Summary page allows you to view the managed system's health, basic iDRAC information, preview the virtual console, add and view work notes, and quickly launch tasks such as power on or off, power cycle, view logs, update and rollback firmware, switch on or switch off the front panel LED, and reset iDRAC.

To access the System Summary page, go to Overview → Server → Properties → Summary. The System Summary page is displayed. For more information, see the iDRAC Online Help.

You can also view the basic system summary information using the iDRAC Settings utility. To do this, in iDRAC Settings utility, go to System Summary. The iDRAC Settings System Summary page is displayed. For more information, see the iDRAC Settings Utility Online Help.

Viewing System Inventory

You can view information about the hardware and firmware components installed on the managed system. To do this, in iDRAC Web interface, go to Overview → Server → Properties → System Inventory. For information about the displayed properties, see the iDRAC Online Help.

The Hardware Inventory section displays the information for the following components available on the managed system:

• iDRAC


• RAID controller

• Batteries

• CPUs

• DIMMs

• HDDs

• Backplanes

• Network Interface Cards (integrated and embedded)

• Video card

• SD card

• Power Supply Units (PSUs)

• Fans

• Fibre Channel HBAs

• USB

The Firmware Inventory section displays the firmware version for the following components:

• BIOS

• Lifecycle Controller

• iDRAC

• OS driver pack

• 32-bit diagnostics

• System CPLD

• PERC controllers

• Batteries

• Physical disks

• Power supply

• NIC

• Fibre Channel

• Backplane

• Enclosure

• PCIe SSDs

When you replace any hardware component or update the firmware versions, make sure to enable and run the Collect System Inventory on Reboot (CSIOR) option to collect the system inventory on reboot. After a few minutes, log in to iDRAC, and navigate to the System Inventory page to view the details. It may take up to five minutes for the information to be available depending on the hardware installed on the server.

NOTE icon NOTE: CSIOR option is enabled by default.

Click Export to export the hardware inventory in an XML format and save it to a location of your choice.

Viewing Sensor Information

The following sensors help to monitor the health of the managed system:

• Batteries — Provides information about the batteries on the system board CMOS and storage RAID On Motherboard (ROMB).


NOTE icon NOTE: The Storage ROMB battery settings are available only if the system has a ROMB with a battery.

• Fan (available only for rack and tower servers) — Provides information about the system fans —fan redundancy and fans list that display fan speed and threshold values.

• CPU — Indicates the health and state of the CPUs in the managed system. It also reports processor automatic throttling and predictive failure.

• Memory — Indicates the health and state of the Dual In-line Memory Modules (DIMMs) present in the managed system.

• Intrusion— Provides information about the chassis.

• Power Supplies (available only for rack and tower servers) — Provides information about the power supplies and the power supply redundancy status.

NOTE icon NOTE: If there is only one power supply in the system, the power supply redundancy is set to

Disabled.

• Removable Flash Media — Provides information about the Internal SD Modules—vFlash and Internal Dual SD Module (IDSDM).

– When IDSDM redundancy is enabled, the following IDSDM sensor status is displayed—IDSDM Redundancy Status, IDSDM SD1, IDSDM SD2. When redundancy is disabled, only IDSDM SD1 is displayed.

– If IDSDM redundancy is initially disabled when the system is powered on or after an iDRAC reset, the IDSDM SD1 sensor status is displayed only after a card is inserted.

– If IDSDM redundancy is enabled with two SD cards present in the IDSDM, and the status of one SD card is online while the status of the other card is offline. A system reboot is required to restore redundancy between the two SD cards in the IDSDM. After the redundancy is restored, the status of both the SD cards in the IDSDM is online.

– During the rebuilding operation to restore redundancy between two SD cards present in the IDSDM, the IDSDM status is not displayed since the IDSDM sensors are powered off.

NOTE icon NOTE: If the host system is rebooted during IDSDM rebuild operation, the iDRAC does not display the IDSDM information. To resolve this, rebuild IDSDM again or reset the iDRAC.

– System Event Logs (SEL) for a write-protected or corrupt SD card in the IDSDM module are not repeated until they are cleared by replacing the SD card with a writable or good SD card, respectively.

• Temperature — Provides information about the system board inlet temperature and exhaust temperature (only applies to rack servers). The temperature probe indicates whether the status of the probe is within the pre-set warning and critical threshold value.

• Voltage — Indicates the status and reading of the voltage sensors on various system components.

The following table provides how to view the sensor information using iDRAC Web interface and RACADM. For information about the properties that are displayed on the Web interface, see the iDRAC Online Help for the respective pages.

Table 9. Sensor Information Using Web Interface and RACADM

View Sensor Information For

Using Web Interface

Using RACADM

Batteries

Overview → Hardware →

Batteries

Use the getsensorinfo

command.

For power supplies, you can also use the System.Power.Supply command with the get subcommand.


View Sensor Information For Using Web Interface Using RACADM

For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/ manuals.

Fan

Overview → Hardware → Fans

CPU

Overview → Hardware → CPU

Memory

Overview → Hardware →

Memory

Intrusion

Overview → Server → Intrusion

Power Supplies

Overview → Hardware → Power Supplies

Removable Flash Media

Overview → Hardware →

Removable Flash Media

Temperature

Overview → Server → Power/ Thermal → Temperatures

Voltage

Overview → Server → Power/ Thermal → Voltages

Monitoring Performance Index of CPU, Memory, and I/O Modules

In 13th generation Dell PowerEdge servers, Intel ME provides support for Compute Usage Per Second (CUPS) functionality. The CUPS functionality provides real-time monitoring of CPU, memory and I/O utilization and system-level utilization index for the system. Since it is done by Intel ME, it is independent of the OS and does not consume CPU resources. The Intel ME has a system CUPS sensor which provides the Computation, Memory and I/O resource utilization value as CUPS Index. iDRAC monitors this CUPS index for the overall system utilization and also monitors the instantaneous value of CPU, Memory, and I/O utilization index.

Utilization information of system resources is obtained by querying the data from a set of dedicated counters provided by the CPU and chipset. These counters are called Resource Monitoring Counters or RMCs. These counters are aggregated by the node manager to measure the cumulative utilization of each of these system resources that is read from the iDRAC using existing inter-communication mechanisms to provide these vital data through out-of-band management interfaces.

Since Intel sensor representation of performance parameters and index values are for complete physical system, performance data representation on the interfaces is for the complete physical system, even if the system is virtualized and hosting multiple virtual hosts.

To display the performance parameters, the supported sensors must be present in the server.


The four system utilization parameters are:

• CPU Utilization - There are individual Resource Monitoring counters (RMCs) for each CPU core which are aggregated to provide cumulative utilization of all the cores in the system. This utilization is based on time spent in active state and time spent in inactive state. Each sample of RMC is taken every six seconds.

• Memory Utilization - There are individual counters (RMCs) to measure memory traffic occurring at each memory channel or memory controller instance. These counters are aggregated to measure the cumulative memory traffic across all the memory channels on the system. This is a measure of memory bandwidth consumption and not amount of memory utilization. iDRAC aggregates it for one minute of period, so it may or may not match the memory utilization shown by other OS tools such as TOP in Linux. Memory bandwidth utilization shown by iDRAC is indication of whether workload is memory intensive or not.

• I/O Utilization - There are individual Resource Monitoring Counters (RMCs), one per root port in the PCI Express Root Complex to measure PCI Express traffic emanating from or directed to that root port and the lower segment. These counters are then aggregated to measure PCI express traffic for all PCI Express segments emanating from the package. This is measure of IO bandwidth utilization for the system.

• System Level CUPS Index - The CUPS index is calculated by aggregating CPU, Memory, and I/O index considering a pre-defined load factor of each system resource. The load factor depends on the nature of the workload run on the system. Thus at any given time, CUPS Index represents the measurement of the compute headroom available on the server. Hence, if the system has a large CUPS Index, then there is limited headroom to place additional workload on that system. As the resource consumption decreases, the system’s CUPS Index decreases. A low CUPS Index indicates that there is a large amount of compute headroom and the server is a main target for receiving new workloads or having the workload migrated, and the server being placed into a lower power state in order to reduce power consumption. Such workload monitoring can then be applied throughout the data center to provide a high-level and holistic view of the datacenter’s workload, providing a dynamic datacenter solution.

NOTE icon NOTE: The CPU, memory, and I/O utilization indexes are aggregated over one minute. Therefore, if there are any instantaneous spikes in these indexes, they may be suppressed. They are indication of

workload patterns not the amount of resource utilization.

The IPMI, SEL, and SNMP traps are generated if the thresholds of the utilization indexes are reached and the sensor events are enabled. The sensor event flags are disabled by default. It can be enabled using the standard IPMI interface.

The required privileges are:

• Login privilege is required to monitor performance data.

• Configure privilege is required for setting warning thresholds and reset historical peaks.

• Login privilege and Enterprise license is required for reading historical statics data.

Monitoring Performance Index for of CPU, Memory, and I/O Modules Using Web Interface

To monitor the performance index of CPU, memory, and I/O modules, in the iDRAC Web interface, go to

Overview → Hardware. The Hardware Overview page displays the following:

• Hardware section – Click the required link to view the health of the component.

• System Performance section - Displays the current reading and the warning reading for CPU, Memory and I/O utilization index, and system level CUPS index in a graphical view.

• System Performance Historical Data section:

– Provides the statistics for CPU, memory, IO utilization, and the system level CUPS index. If the host system is powered off, then the graph displays the power off line below 0 percent.


– You can reset the peak utilization for a particular sensor. Click Reset Historical Peak. You must have Configure privilege to reset the peak value.

• Performance Metrics section:

– View status and present reading

– View or specify the warning threshold utilization limit. You must have server configure privilege to set the threshold values.

For information about the displayed properties, see the iDRAC Online Help.

Monitoring Performance Index for of CPU, Memory, and I/O Modules Using RACADM

Use the SystemPerfStatistics sub command to monitor performance index for CPU, memory, and I/O modules. For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/esmmanuals.

Checking the System for Fresh Air Compliance

Fresh air cooling directly uses outside air to cool systems in the data center. Fresh air compliant systems can operate above its normal ambient operating range (temperatures up to 113 °F (45 °C)).

NOTE icon NOTE: Some servers or certain configurations of a server may not be fresh air compliant. See the specific server manual for details related to fresh air compliance or contact Dell for more details.

To check the system for fresh air compliance:

1. In the iDRAC Web interface, go to Overview → Server → Power / Thermal → Temperatures. The Temperatures page is displayed.

2. See the Fresh Air section that indicates whether the server is fresh air compliant or not.

Viewing Historical Temperature Data

You can monitor the percentage of time the system has operated at ambient temperature that is greater than the normally supported fresh air temperature threshold. The system board temperature sensor reading is collected over a period of time to monitor the temperature. The data collection starts when the system is first powered on after it is shipped from the factory. The data is collected and displayed for the duration when the system is powered on. You can track and store the monitored temperature for the last seven years.

NOTE icon NOTE: You can track the temperature history even for systems that are not fresh air compliant. However, the threshold limits and fresh air related warnings generated are based on fresh air

supported limits. The limits are 42ºC for warning and 47ºC for critical. These values correspond to 40ºC and 45ºC fresh air limits with 2ºC margin for accuracy.

Two fixed temperature bands are tracked that are associated to fresh air limits:

• Warning band — Consists of the duration a system has operated above the temperature sensor warning threshold (42ºC). The system can operate in the warning band for 10% of the time for 12 months.

• Critical band — Consists of the duration a system has operated above the temperature sensor critical threshold (47ºC). The system can operate in the critical band for 1% of the time for 12 months which also increments time in the warning band.


The collected data is represented in a graphical format to track the 10% and 1% levels. The logged temperature data can be cleared only before shipping from the factory.

An event is generated if the system continues to operate above the normally supported temperature threshold for a specified operational time. If the average temperature over the specified operational time is greater than or equal to the warning level (> = 8%) or the critical level (> = 0.8%), an event is logged in the Lifecycle Log and the corresponding SNMP trap is generated. The events are:

• Warning event when the temperature was greater than the warning threshold for duration of 8% or more in the last 12 months.

• Critical event when the temperature was greater than the warning threshold for duration of 10% or more in the last 12 months.

• Warning event when the temperature was greater than the critical threshold for duration of 0.8% or more in the last 12 months.

• Critical event when the temperature was greater than the critical threshold for duration of 1% or more in the last 12 months.

You can also configure iDRAC to generate additional events. For more information, see the Setting Alert Recurrence Event section.

Viewing Historical Temperature Data Using iDRAC Web Interface

To view historical temperature data:

1. In the iDRAC Web interface, go to Overview → Server → Power / Thermal → Temperatures. The Temperatures page is displayed.

2. See the System Board Temperature Historical Data section that provides a graphical display of the stored temperature (average and peak values) for the last day, last 30 days, and last year.

For more information, see the iDRAC Online Help.

NOTE icon NOTE: After an iDRAC firmware update or iDRAC reset, some temperature data may not be displayed in the graph.

Viewing Historical Temperature Data Using RACADM

To view historical data using RACADM, use the inlettemphistory subcommand. For more information, see the iDRAC8 RACADM Command Line Reference Guide.

Configuring Warning Threshold for Inlet Temperature

You can modify the minimum and maximum warning threshold values for the system board inlet temperature sensor. If reset to default action is performed, the temperature thresholds are set to the default values. You must have Configure user privilege to set the warning threshold values for the inlet temperature sensor.

Configuring Warning Threshold for Inlet Temperature Using Web Interface

To configure warning threshold for inlet temperature:

1. In the iDRAC Web interface, go to Overview → Server → Power/Thermal → Temperatures. The Temperatures page is displayed.

2. In the Temperature Probes section, for the System Board Inlet Temp, enter the minimum and maximum values for the Warning Threshold in Centigrade or Fahrenheit. If you enter the value in


centigrade, the system automatically calculates and displays the Fahrenheit value. Similarly, if you enter Fahrenheit, the value for Centigrade is displayed.

3. Click Apply.

The values are configured.

NOTE icon NOTE: Changes to default thresholds are not reflected in the historical data chart since the chart limits are for fresh air limit values only. Warnings for exceeding the custom thresholds are

different from warning associated to exceeding fresh air thresholds.

Viewing Network Interfaces Available On Host OS

You can view information about all the network interfaces that are available on the host operating system such as the IP addresses that are assigned to the server. The iDRAC Service Module provides this information to iDRAC. The OS IP address information includes the IPv4 and IPv6 addresses, MAC address, Subnet mask or prefix length, and the FQDD of the network device.

NOTE icon NOTE: This feature is available with iDRAC Express and iDRAC Enterprise licenses. To view the OS information, make sure that:

• You have Login privilege.

• iDRAC Service Module is installed and running on the host operating system.

• OS Information option is enabled in the Overview → Server → Service Module page. iDRAC can display the IPv4 and IPv6 addresses for all the interfaces configured on the Host OS.

Depending on how the Host OS detects the DHCP server, the corresponding IPv4 or IPv6 DHCP server address may not be displayed. Typically one of IPv4 or IPv6 DHCP address is visible if DHCP is enabled.

Viewing Network Interfaces Available on Host OS Using Web Interface

To view the network interfaces available on the host OS using Web interface:

1. Go to Overview → Host OS → Network Interfaces.

The Network Interfaces page displays all the network interfaces that are available on the host operating system.

2. To view the list of network interfaces associated with a network device, from the Network Device FQDD drop-down menu, select a network device and click Apply.

The OS IP details are displayed in the Host OS Network Interfaces section.

3. From the Device FQDD column, click on the network device link.

The corresponding device page is displayed from the Hardware → Network Devicessection, where you can view the device details. For information about the properties, see the iDRAC Online Help.

4. For each network device, click the  icon to display the additional details.

Similarly, you can view the host OS network interface information associated with a network device from the Hardware → Network Devices page. Click View Host OS Network Interfaces.

Viewing Network Interfaces Available on Host OS Using RACADM

Use the gethostnetworkinterfaces command to view the network interfaces available on the host operating systems using RACADM. For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/esmmanuals.


Viewing FlexAddress Mezzanine Card Fabric Connections

In blade servers, FlexAddress allows the use of persistent, chassis-assigned World Wide Names and MAC addresses (WWN/MAC) for each managed server port connection.

You can view the following information for each installed embedded Ethernet and optional mezzanine card port:

• Fabrics to which the cards are connected.

• Type of fabric.

• Server-assigned, chassis-assigned, or remotely assigned MAC addresses.

To view the Flex Address information in iDRAC, configure and enable the Flex Address feature in Chassis Management Controller (CMC). For more information, see the Dell Chassis Management Controller User Guide available at dell.com/support/manuals. Any existing Virtual Console or Virtual Media session terminates if the FlexAddress setting is enabled or disabled.

NOTE icon NOTE: To avoid errors that may lead to an inability to turn on the managed system, you must have the correct type of mezzanine card installed for each port and fabric connection.

The FlexAddress feature replaces the server–assigned MAC addresses with chassis–assigned MAC addresses and is implemented for iDRAC along with blade LOMs, mezzanine cards and I/O modules. The iDRAC FlexAddress feature supports preservation of slot specific MAC address for iDRACs in a chassis.

The chassis–assigned MAC address is stored in CMC non–volatile memory and is sent to iDRAC during an iDRAC boot or when CMC FlexAddress is enabled.

If CMC enables chassis–assigned MAC addresses, iDRAC displays the MAC address on any of the following pages:

• Overview → Server → Properties Details → iDRAC Information.

• Overview → Server → Properties WWN/MAC.

• Overview → iDRAC Settings → Properties iDRAC Information → Current Network Settings.

• Overview → iDRAC Settings → Network Network → Network Settings.

CAUTION icon CAUTION: With FlexAddress enabled, if you switch from a server–assigned MAC address to a chassis–assigned MAC address and vice–versa, iDRAC IP address also changes.

Viewing or Terminating iDRAC Sessions

You can view the number of users currently logged in to iDRAC and terminate the user sessions.

Terminating iDRAC Sessions Using Web Interface

The users who do not have administrative privileges must have Configure iDRAC privilege to terminate iDRAC sessions using iDRAC Web interface.

To view and terminate the iDRAC sessions:

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Sessions.


The Sessions page displays the session ID, username, IP address, and session type. For more information about these properties, see the iDRAC Online Help.

2. To terminate the session, under the Terminate column, click the Trashcan icon for a session.

Terminating iDRAC Sessions Using RACADM

You must have administrator privileges to terminate iDRAC sessions using RACADM. To view the current user sessions, use the getssninfo command.

To terminate a user session, use the closessn command.

For more information about these commands, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.


6

Setting Up iDRAC Communication

You can communicate with iDRAC using any of the following modes:

• iDRAC Web Interface

• Serial connection using DB9 cable (RAC serial or IPMI serial) - For rack and tower servers only

• IPMI Serial Over LAN

• IPMI Over LAN

• Remote RACADM

• Local RACADM

• Remote Services

For an overview of the supported protocols, supported commands, and pre-requisites, see the following table.

Table 10. Communication Modes —Summary

Mode of Communication

Supported Protocol

Supported Commands

Prerequisite

iDRAC Web Interface

Internet Protocol (https)

NA

Web Server

Serial using Null modem DB9 cable

Serial Protocol

RACADM SMCLP

IPMI

Part of iDRAC firmware

RAC Serial or IPMI Serial is enabled.

IPMI Serial Over LAN

Intelligent Platform Management Bus protocol

SSH

Telnet

IPMI

IPMITool is installed and IPMI Serial Over LAN is enabled.

IPMI over LAN

Intelligent Platform Management Bus protocol

IPMI

IPMITool is installed and IPMI Settings is enabled.

SMCLP

SSH

Telnet

SMCLP

SSH or Telnet on iDRAC is enabled.

Remote RACADM

https

Remote RACADM

Remote RACADM is installed and enabled.


Mode of Communication


Supported Protocol Supported Commands Prerequisite


Firmware RACADM

SSH

Telnet

Firmware RACADM

Firmware RACADM is installed and enabled

Local RACADM

IPMI

Local RACADM

Local RACADM is installed.

Remote Services [1]

WS-MAN

WinRM (Windows) OpenWSMAN (Linux)

WinRM is installed (Windows) or OpenWSMAN is installed (Linux).

[1] For more information, see the Lifecycle Controller Remote Services User’s Guide available at

dell.com/support/manuals.

Related Links

Communicating With iDRAC Through Serial Connection Using DB9 Cable Switching Between RAC Serial and Serial Console While Using DB9 Cable Communicating With iDRAC Using IPMI SOL

Communicating With iDRAC Using IPMI Over LAN Enabling or Disabling Remote RACADM

Disabling Local RACADM

Enabling IPMI on Managed System

Configuring Linux for Serial Console During Boot Supported SSH Cryptography Schemes

Communicating With iDRAC Through Serial Connection Using DB9 Cable

You can use any of the following communication methods to perform systems management tasks through serial connection to rack and tower servers:

• RAC Serial

• IPMI Serial — Direct Connect Basic mode and Direct Connect Terminal mode

NOTE icon NOTE: In case of blade servers, the serial connection is established through the chassis. For more information, see the Chassis Management Controller User’s Guide available at dell.com/support/

manuals.

To establish the serial connection:

1. Configure the BIOS to enable serial connection:

2. Connect the Null Modem DB9 cable from the management station’s serial port to the managed system’s external serial connector.

3. Make sure that the management station’s terminal emulation software is configured for serial connection using any of the following:

• Linux Minicom in an Xterm

• Hilgraeve’s HyperTerminal Private Edition (version 6.3)


Based on where the managed system is in its boot process, you can see either the POST screen or the operating system screen. This is based on the configuration: SAC for Windows and Linux text mode screens for Linux.

4. Enable RAC serial or IPMI serial connections in iDRAC.

Related Links

Configuring BIOS For Serial Connection Enabling RAC Serial Connection

Enabling IPMI Serial Connection Basic and Terminal Modes

Configuring BIOS For Serial Connection

To configure BIOS for Serial Connection:

NOTE icon NOTE: This is applicable only for iDRAC on rack and tower servers.

1. Turn on or restart the system.

2. Press <F2>.

3. Go to System BIOS Settings → Serial Communication.

4. Select External Serial Connector to Remote Access device.

5. Click Back, click Finish, and then click Yes.

6. Press <Esc> to exit System Setup.

Enabling RAC Serial Connection

After configuring serial connection in BIOS, enable RAC serial in iDRAC. NOTE icon NOTE: This is applicable only for iDRAC on rack and tower servers.

Enabling RAC Serial Connection Using Web Interface

To enable RAC serial connection:

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Network → Serial. The Serial page is displayed.

2. Under RAC Serial, select Enabled and specify the values for the attributes.

3. Click Apply.

The RAC serial settings are configured.

Enabling RAC Serial Connection Using RACADM

To enable RAC serial connection using RACADM, use any of the following:

• Use the objects in the cfgSerial group with the config command.

• Use the object in the iDRAC.Serial group with the set command.

Enabling IPMI Serial Connection Basic and Terminal Modes

To enable IPMI serial routing of BIOS to iDRAC, configure IPMI Serial in any of the following modes in iDRAC:

NOTE icon NOTE: This is applicable only for iDRAC on rack and tower servers.


• IPMI basic mode — Supports a binary interface for program access, such as the IPMI shell (ipmish) that is included with the Baseboard Management Utility (BMU). For example, to print the System Event Log using ipmish via IPMI Basic mode, run the following command:

ipmish -com 1 -baud 57600 -flow cts -u root -p calvin sel get

• IPMI terminal mode — Supports ASCII commands that are sent from a serial terminal. This mode supports limited number of commands (including power control) and raw IPMI commands that are typed as hexadecimal ASCII characters. It allows you to view the operating system boot sequences up to BIOS, when you login to iDRAC through SSH or Telnet.

Related Links

Configuring BIOS For Serial Connection Additional Settings For IPMI Serial Terminal Mode

Enabling Serial Connection Using Web Interface

Make sure to disable the RAC serial interface to enable IPMI Serial. To configure IPMI Serial settings:

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Network → Serial.

2. Under IPMI Serial, specify the values for the attributes. For information about the options, see the

iDRAC Online Help .

3. Click Apply.

Enabling Serial Connection IPMI Mode Using RACADM

To configure the IPMI mode, disable the RAC serial interface and then enable the IPMI mode using any of the following:

• Usingconfig command:

racadm config -g cfgSerial -o cfgSerialConsoleEnable 0

racadm config -g cfgIpmiSerial -o cfgIpmiSerialConnectionMode < 0 or 1>

where, 0 indicates Terminal mode and 1 indicates Basic mode.

• Using set command:

racadm set iDRAC.Serial.Enable 0

racadm set iDRAC.IPMISerial.ConnectionMode < 0 or 1>

where, 0 indicates Terminal mode and 1 indicates Basic mode.

Enabling Serial Connection IPMI Serial Settings Using RACADM

To configure IPMI Serial settings, you use the set or config command:

1. Change the IPMI serial connection mode to the appropriate setting using the command:

• Using config command: racadm config -g cfgSerial -o cfgSerialConsoleEnable 0

• Using set command: racadm set iDRAC.Serial.Enable 0

2. Set the IPMI Serial baud rate:

• Using config command: racadm config -g cfgIpmiSerial -o cfgIpmiSerialBaudRate

<baud_rate>

• Using set command: racadm set iDRAC.IPMISerial.BaudRate <baud_rate>

where <baud_rate> is 9600, 19200, 57600, or 115200 bps.

3. Enable the IPMI serial hardware flow control:


• Using config command: racadm config -g cfgIpmiSerial -o cfgIpmiSerialFlowControl 1

• Using set command: racadm set iDRAC.IPMISerial.FlowControl 1

4. Set the IPMI serial channel minimum privilege level:

• Using config command: racadm config -g cfgIpmiSerial -o cfgIpmiSerialChanPrivLimit <level>

• Using set command: racadm set iDRAC.IPMISerial.ChanPrivLimit <level>

where <level> is 2 (User), 3 (Operator), or 4 (Administrator).

5. Make sure that the serial MUX (external serial connector) is set correctly to the remote access device in the BIOS Setup program to configure BIOS for serial connection.

For more information about these properties, see the IPMI 2.0 specification.

Additional Settings For IPMI Serial Terminal Mode

This section provides additional configuration settings for IPMI serial terminal mode.

Configuring Additional Settings for IPMI Serial Terminal Mode Using Web Interface

To set the Terminal Mode settings:

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Network → Serial

The Serial page is displayed.

2. Enable IPMI serial.

3. Click Terminal Mode Settings.

The Terminal Mode Settings page is displayed.

4. Specify the following values:

• Line editing

• Delete control

• Echo Control

• Handshaking control

• New line sequence

• Input new line sequences

For information about the options, see the iDRAC Online Help.

5. Click Apply.

The terminal mode settings are configured.

6. Make sure that the serial MUX (external serial connector) is set correctly to the remote access device in the BIOS Setup program to configure BIOS for serial connection.

Configuring Additional Settings for IPMI Serial Terminal Mode Using RACADM

To configure the Terminal Mode settings, run the command:racadm config cfgIpmiSerial

Switching Between RAC Serial and Serial Console While Using DB9 Cable

iDRAC supports Escape key sequences that allow switching between RAC Serial Interface communication and Serial Console on rack and tower servers.


Switching From Serial Console to RAC Serial

To switch to RAC Serial Interface communication mode when in Serial Console Mode, use the following key sequence:

<Esc> +<Shift> <9>

The key sequence directs you to the "iDRAC Login" prompt (if the iDRAC is set to RAC Serial mode) or to the Serial Connection mode where terminal commands can be issued if iDRAC is set to IPMI Serial Direct Connect Terminal Mode.

Switching From RAC Serial to Serial Console

To switch to Serial Console Mode when in RAC Serial Interface Communication Mode, use the following key sequence:

<Esc> +<Shift> <q>

When in terminal mode, to switch the connection to the Serial Console mode use:

<Esc> +<Shift> <q>

To go back to the terminal mode use, when connected in Serial Console mode:

<Esc> +<Shift> <9>

Communicating With iDRAC Using IPMI SOL

IPMI Serial Over LAN (SOL) allows a managed system’s text-based console serial data to be redirected over iDRAC’s dedicated or shared out-of-band ethernet management network. Using SOL you can:

• Remotely access operating systems with no time-out.

• Diagnose host systems on Emergency Management Services (EMS) or Special Administrator Console (SAC) for Windows or Linux shell.

• View the progress of a servers during POST and reconfigure the BIOS setup program. To setup the SOL communication mode:

1. Configure BIOS for serial connection.

2. Configure iDRAC to Use SOL.

3. Enable a supported protocol (SSH, Telnet, IPMItool).

Related Links

Configuring BIOS For Serial Connection Configuring iDRAC to Use SOL Enabling Supported Protocol

Configuring BIOS For Serial Connection

To configure BIOS for Serial Connection:


NOTE icon NOTE: This is applicable only for iDRAC on rack and tower servers.

1. Turn on or restart the system.

2. Press <F2>.

3. Go to System BIOS Settings → Serial Communication.

4. Specify the following values:

• Serial Communication — On With Console Redirection

• Serial Port Address — COM2.

NOTE icon NOTE: You can set the serial communication field to On with serial redirection via com1 if

serial device2 in the serial port address field is also set to com1.

• External serial connector — Serial device 2

• Failsafe Baud Rate — 115200

• Remote Terminal Type — VT100/VT220

• Redirection After Boot — Enabled

5. Click Back and then click Finish.

6. Click Yes to save the changes.

7. Press <Esc> to exit System Setup.

NOTE icon NOTE: BIOS sends the screen serial data in 25 x 80 format. The SSH window that is used to invoke the console com2 command must be set to 25 x 80. Then, the redirected screen

appears correctly.

Configuring iDRAC to Use SOL

You can specify the SOL settings in iDRAC using Web interface, RACADM, or iDRAC Settings utility.

Configuring iDRAC to Use SOL Using iDRAC Web Interface

To configure IPMI Serial over LAN (SOL):

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Network → Serial Over LAN. The Serial over LAN page is displayed.

2. Enable SOL, specify the values, and click Apply. The IPMI SOL settings are configured.

3. To set the character accumulate interval and the character send threshold, select Advanced Settings.

The Serial Over LAN Advanced Settings page is displayed.

4. Specify the values for the attributes and click Apply.

The IPMI SOL advanced settings are configured. These values help to improve the performance. For information about the options, see the iDRAC Online Help.

Configuring iDRAC to Use SOL Using RACADM

To configure IPMI Serial over LAN (SOL):

1. Enable IPMI Serial over LAN:

• Using config command: racadm config -g cfgIpmiSol -o cfgIpmiSolEnable 1

• Using set command: racadm set iDRAC.IPMISol.Enable 1

2. Update the IPMI SOL minimum privilege level:


• Using config command: racadm config -g cfgIpmiSol o cfgIpmiSolMinPrivilege

<level>

• Using set command: racadm set iDRAC.IPMISol.MinPrivilege 1

where <level> is 2 (User), 3 (Operator), 4 (Administrator).

NOTE icon NOTE: The IPMI SOL minimum privilege level determines the minimum privilege to activate IPMI SOL. For more information, see the IPMI 2.0 specification.

3. Update the IPMI SOL baud rate:

• Using config command: racadm config -g cfgIpmiSol -o cfgIpmiSolBaudRate

<baud_rate>

• Using set command: racadm set iDRAC.IPMISol.BaudRate <baud_rate>

where <baud_rate> is 9600, 19200, 57600, or 115200 bps.

NOTE icon NOTE: To redirect the serial console over LAN, make sure that the SOL baud rate is identical to the managed system’s baud rate.

4. Enable SOL for each user:

• Using config command: racadm config -g cfgUserAdmin -o cfgUserAdminSolEnable

-i <id> 2

• Using set command: racadm set iDRAC.Users.<id>.SolEnable 2

where, <id> is the user’s unique ID.

NOTE icon NOTE: To redirect the serial console over LAN, make sure that the SOL baud rate is identical to the managed system’s baud rate.

Enabling Supported Protocol

The supported protocols are IPMI, SSH, and Telnet.

Enabling Supported Protocol Using Web Interface

To enable SSH or Telnet, go to Overview → iDRAC Settings → Network → Services and select Enabled

for SSH or Telnet, respectively.

To enable IPMI, go to Overview → iDRAC Settings → Network and select Enable IPMI Over LAN. Make sure that the Encryption Key value is all zeroes or press the backspace key to clear and change the value to NULL characters.

Enabling Supported Protocol Using RACADM

To enable the SSH or Telnet, run the command:

• Telnet:

– Using config command: racadm config -g cfgSerial -o cfgSerialTelnetEnable 1

– Using set command: racadm set iDRAC.Telnet.Enable 1

• SSH:

– Using config command:racadm config -g cfgSerial -o cfgSerialSshEnable 1

– Using set command: racadm set iDRAC.SSH.Enable 1

To change the SSH port:

– Using config command:racadm config -g cfgRacTuning -o cfgRacTuneSshPort <port number>


– Using set command:racadm set iDRAC.SSH.Port <port number>

You can use tools such as:

• IPMItool for using IPMI protocol

• Putty/OpenSSH for using SSH or Telnet protocol

Related Links

SOL Using IPMI Protocol

SOL Using SSH or Telnet Protocol

SOL Using IPMI Protocol

IPMItool <−−> LAN/WAN connection <−−> iDRAC

The IPMI-based SOL utility and IPMItool uses RMCP+ delivered using UDP datagrams to port 623. The RMCP+ provides improved authentication, data integrity checks, encryption, and the ability to carry multiple types of payloads while using IPMI 2.0. For more information, see http:// ipmitool.sourceforge.net/manpage.html.

The RMCP+ uses an 40-character hexadecimal string (characters 0-9, a-f, and A-F) encryption key for authentication. The default value is a string of 40 zeros.

An RMCP+ connection to iDRAC must be encrypted using the encryption Key (Key Generator (KG)Key). You can configure the encryption key using the iDRAC Web interface or iDRAC Settings utility.

To start SOL session using IPMItool from a management station:

NOTE icon NOTE: If required, you can change the default SOL time-out at Overview → iDRAC Settings →

Network → Services.

1. Install IPMITool from the Dell Systems Management Tools and Documentation DVD. For installation instructions, see the Software Quick Installation Guide.

2. At the command prompt (Windows or Linux), run the command to start SOL from iDRAC: ipmitool

-H <iDRAC-ip-address> -I lanplus -U <login name> -P <login password> sol activate

This connects the management station to the managed system's serial port.

3. To quit a SOL session from IPMItool, press <~> and <.> one after the other. The SOL session closes.

NOTE icon NOTE: If a SOL session does not terminate, reset iDRAC and allow up to two minutes to complete booting.

SOL Using SSH or Telnet Protocol

Secure Shell (SSH) and Telnet are network protocols used to perform command line communications to iDRAC. You can parse remote RACADM and SMCLP commands through either of these interfaces.

SSH has improved security over Telnet. iDRAC only supports SSH version 2 with password authentication, and is enabled by default. iDRAC supports up to two SSH sessions and two Telnet sessions at a time. It is recommended to use SSH as Telnet is not a secure protocol. You must use Telnet only if you cannot install an SSH client or if your network infrastructure is secure.

Use opensource programs such as PuTTY or OpenSSH that support SSH and Telnet network protocols on a management station to connect to iDRAC.


NOTE icon NOTE: Run OpenSSH from a VT100 or ANSI terminal emulator on Windows. Running OpenSSH at the Windows command prompt does not result in full functionality (that is, some keys do not

respond and no graphics are displayed).

Before using SSH or Telnet to communicate with iDRAC, make sure to:

1. Configure BIOS to enable Serial Console.

2. Configure SOL in iDRAC.

3. Enable SSH or Telnet using iDRAC Web interface or RACADM.

Telnet (port 23)/ SSH (port 22) client <−−> WAN connection <−−> iDRAC

The IPMI-based SOL that uses SSH or Telnet protocol eliminates the need for an additional utility because the serial to network translation happens within iDRAC. The SSH or Telnet console that you use must be able to interpret and respond to the data arriving from the managed systems’s serial port. The serial port usually attaches to a shell that emulates an ANSI- or VT100/VT220–terminal. The serial console is automatically redirected to the SSH or Telnet console.

Related Links

Using SOL From Putty On Windows

Using SOL From OpenSSH or Telnet On Linux

Using SOL From Putty On Windows

To start IPMI SOL from PuTTY on a Windows management station:

NOTE icon NOTE: If required, you can change the default SSH or Telnet time-out at Overview → iDRAC Settings → Network → Services.

1. Run the command to connect to iDRAC: putty.exe [-ssh | -telnet] <login name>@<iDRAC-ip-address> <port number>

NOTE icon NOTE: The port number is optional. It is required only when the port number is reassigned.

2. Run the command console com2 or connect to start SOL and boot the managed system.

A SOL session from the management station to the managed system using the SSH or Telnet protocol is opened. To access the iDRAC command line console, follow the ESC key sequence. Putty and SOL connection behavior:

• While accessing the managed system through putty during POST, if the The Function keys and keypad option on putty is set to:

– VT100+ — F2 passes, but F12 cannot pass.

– ESC[n~ — F12 passes, but F2 cannot pass.

• In Windows, if the Emergency Management System (EMS) console is opened immediately after a host reboot, the Special Admin Console (SAC) terminal may get corrupted. Quit the SOL session, close the terminal, open another terminal, and start the SOL session using the same command.

Related Links

Disconnecting SOL Session in iDRAC Command Line Console

Using SOL From OpenSSH or Telnet On Linux

To start SOL from OpenSSH or Telnet on a Linux management station:


NOTE icon NOTE: If required, you can change the default SSH or Telnet session time-out at Overview →

iDRAC Settings → Network → Services.

1. Start a shell.

2. Connect to iDRAC using the following command:

• For SSH: ssh <iDRAC-ip-address> -l <login name>

• For Telnet: telnet <iDRAC-ip-address>

NOTE icon NOTE: If you have changed the port number for the Telnet service from the default (port 23), add the port number to the end of the Telnet command.

3. Enter one of the following commands at the command prompt to start SOL:

• connect

• console com2

This connects iDRAC to the managed system’s SOL port. Once a SOL session is established, iDRAC command line console is not available. Follow the escape sequence correctly to open the iDRAC command line console. The escape sequence is also printed on the screen as soon as a SOL session is connected. When the managed system is off, it takes sometime to establish the SOL session.

NOTE icon NOTE: You can use console com1 or console com2 to start SOL. Reboot the server to establish the connection.

The console -h com2 command displays the contents of the serial history buffer before waiting for input from the keyboard or new characters from the serial port.

The default (and maximum) size of the history buffer is 8192 characters. You can set this number to a smaller value using the command:

racadm config -g cfgSerial -o cfgSerialHistorySize <number>

4. Quit the SOL session to close an active SOL session.

Related Links

Using Telnet Virtual Console

Configuring Backspace Key For Your Telnet Session Disconnecting SOL Session in iDRAC Command Line Console

Using Telnet Virtual Console

Some Telnet clients on the Microsoft operating systems may not display the BIOS setup screen correctly when BIOS Virtual Console is set for VT100/VT220 emulation. If this issue occurs, change the BIOS console to ANSI mode to update the display. To perform this procedure in the BIOS setup menu, select Virtual Console → Remote Terminal Type → ANSI.

When you configure the client VT100 emulation window, set the window or application that is displaying the redirected Virtual Console to 25 rows x 80 columns to make sure correct text display. Else, some text screens may be garbled.

To use Telnet virtual console:

1. Enable Telnet in Windows Component Services.

2. Connect to the iDRAC using the command: telnet < IP address >:< port number >, where IP address is the IP address for the iDRAC and port number is the Telnet port number (if you are using a new port).


Configuring Backspace Key For Your Telnet Session

Depending on the Telnet client, using the <Backspace> key may produce unexpected results. For example, the session may echo ^h. However, most Microsoft and Linux Telnet clients can be configured to use the <Backspace> key.

To configure a Linux Telnet session to use the <Backspace> key, open a command prompt and type

stty erase ^h. At the prompt, type telnet.

To configure Microsoft Telnet clients to use the <Backspace> key:

1. Open a command prompt window (if required).

2. If you are not running a Telnet session, type telnet. If you are running a Telnet session, press

<Ctrl><]>.

3. At the prompt, type set bsasdel.

The message Backspace will be sent as delete is displayed.

Disconnecting SOL Session in iDRAC Command Line Console

The commands to disconnect a SOL session are based on the utility. You can exit the utility only when a SOL session is completely terminated.

To disconnect a SOL session, terminate the SOL session from the iDRAC command line console:

• To quit SOL redirection, press <Enter>, <Esc>, and then <t>. The SOL session closes.

• To quit a SOL session from Telnet on Linux, press and hold <Ctrl>+]. A Telnet prompt is displayed. Enter quit to exit Telnet.

• If a SOL session is not terminated completely in the utility, other SOL sessions may not be available. To resolve this, terminate the command line console in the Web interface under Overview → iDRAC Settings → Sessions.

Communicating With iDRAC Using IPMI Over LAN

You must configure IPMI over LAN for iDRAC to enable or disable IPMI commands over LAN channels to any external systems. If it is not configuration is not done, then external systems cannot communicate with the iDRAC server using IPMI commands.

Configuring IPMI Over LAN Using Web Interface

To configure IPMI over LAN:

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Network. The Network page is displayed.

2. Under IPMI Settings, specify the values for the attributes and click Apply. For information about the options, see the iDRAC Online Help.

The IPMI over LAN settings are configured.

Configuring IPMI Over LAN Using iDRAC Settings Utility

To configure IPMI over LAN:

1. In the iDRAC Settings Utility, go to Network.


The iDRAC Settings Network page is displayed.

2. For IPMI Settings, specify the values.

For information about the options, see the iDRAC Settings Utility Online Help.

3. Click Back, click Finish, and then click Yes. The IPMI over LAN settings are configured.

Configuring IPMI Over LAN Using RACADM

To configure IPMI over LAN using set or config command:

1. Enable IPMI over LAN:

• Using config command: racadm config -g cfgIpmiLan -o cfgIpmiLanEnable 1

• Using set command: racadm set iDRAC.IPMILan.Enable 1

NOTE icon NOTE: This setting determines the IPMI commands that are executed using IPMI over LAN interface. For more information, see the IPMI 2.0 specifications at intel.com.

2. Update the IPMI channel privileges:

• Using config command: racadm config -g cfgIpmiLan -o cfgIpmiLanPrivilegeLimit

<level>

• Using set command: racadm set iDRAC.IPMILan.PrivLimit <level>

where <level> is one of the following: 2 (User), 3 (Operator) or 4 (Administrator)

3. Set the IPMI LAN channel encryption key (if required):

• Using config command: racadm config -g cfgIpmiLan -o cfgIpmiEncryptionKey

<key>

• Using set command: racadm set iDRAC.IPMILan.EncryptionKey <key>

where <key> is a 20-character encryption key in a valid hexadecimal format.

NOTE icon NOTE: The iDRAC IPMI supports the RMCP+ protocol. For more information, see the IPMI 2.0 specifications at intel.com.

Enabling or Disabling Remote RACADM

You can enable or disable remote RACADM using the iDRAC Web interface or RACADM. You can run up to five remote RACADM sessions in parallel.

Enabling or Disabling Remote RACADM Using Web Interface

To enable or disable remote RACADM:

1. In iDRAC Web interface, go to Overview → iDRAC Settings → Network → Services. The Services page is displayed.

2. Under Remote RACADM, select Enabled. Else, select Disabled.

3. Click Apply.

The remote RACADM is enabled or disabled based on the selection.

Enabling or Disabling Remote RACADM Using RACADM

The RACADM remote capability is enabled by default. If disabled, type one of the following command:


• Using config command: racadm config -g cfgRacTuning -o cfgRacTuneRemoteRacadmEnable 1

• Using set command: racadm set iDRAC.Racadm.Enable 1

To disable the remote capability, type one of the following command:

• Using config command: racadm config -g cfgRacTuning -o cfgRacTuneRemoteRacadmEnable 0

• Using set command: racadm set iDRAC.Racadm.Enable 0

NOTE icon NOTE: It is recommended to run these commands on the local system.

Disabling Local RACADM

The local RACADM is enabled by default. To disable, see Disabling Access to Modify iDRAC Configuration Settings on Host System .

Enabling IPMI on Managed System

On a managed system, use the Dell Open Manage Server Administrator to enable or disable IPMI. For more information, see the Dell Open Manage Server Administrator’s User Guide at dell.com/support/ manuals.

Configuring Linux for Serial Console During Boot

The following steps are specific to the Linux GRand Unified Bootloader (GRUB). Similar changes are required if a different boot loader is used.

NOTE icon NOTE: When you configure the client VT100 emulation window, set the window or application that is displaying the redirected Virtual Console to 25 rows x 80 columns to make sure the correct text

displays. Else, some text screens may be garbled.

Edit the /etc/grub.conf file as follows:

1. Locate the General Setting sections in the file and add the following:

serial --unit=1 --speed=57600 terminal --timeout=10 serial

2. Append two options to the kernel line:

kernel ............. console=ttyS1,115200n8r console=tty1

3. Disable GRUB's graphical interface and use the text-based interface. Else, the GRUB screen is not displayed in RAC Virtual Console. To disable the graphical interface, comment-out the line starting with splashimage.

The following example provides a sample /etc/grub.conf file that shows the changes described in this procedure.

# grub.conf generated by anaconda

# Note that you do not have to rerun grub after making changes to this file

# NOTICE: You do not have a /boot partition. This means that all

# kernel and initrd paths are relative to /, e.g.

# root (hd0,0)

# kernel /boot/vmlinuz-version ro root=/dev/sdal

# initrd /boot/initrd-version.img

#boot=/dev/sda


default=0 timeout=10

#splashimage=(hd0,2)/grub/splash.xpm.gz

serial --unit=1 --speed=57600 terminal --timeout=10 serial

title Red Hat Linux Advanced Server (2.4.9-e.3smp) root (hd0,0) kernel /boot/vmlinuz-2.4.9-e.3smp ro root=/dev/sda1 hda=ide-scsi console=ttyS0

console=ttyS1,115200n8r

initrd /boot/initrd-2.4.9-e.3smp.img

title Red Hat Linux Advanced Server-up (2.4.9-e.3) root (hd0,00) kernel /boot/vmlinuz-2.4.9-e.3 ro root=/dev/sda1 s

initrd /boot/initrd-2.4.9-e.3.im

4. To enable multiple GRUB options to start Virtual Console sessions through the RAC serial connection, add the following line to all options:

console=ttyS1,115200n8r console=tty1

The example shows console=ttyS1,57600 added to the first option.

Enabling Login to the Virtual Console After Boot

In the file /etc/inittab, add a new line to configure agetty on the COM2 serial port:

co:2345:respawn:/sbin/agetty -h -L 57600 ttyS1 ansi

The following example shows a sample file with the new line.

#inittab This file describes how the INIT process should set up

#the system in a certain run-level.

#Author:Miquel van Smoorenburg

#Modified for RHS Linux by Marc Ewing and Donnie Barnes

#Default runlevel. The runlevels used by RHS are:

#0 - halt (Do NOT set initdefault to this)

#1 - Single user mode

#2 - Multiuser, without NFS (The same as 3, if you do not have #networking)

#3 - Full multiuser mode

#4 - unused

#5 - X11

#6 - reboot (Do NOT set initdefault to this) id:3:initdefault:

#System initialization. si::sysinit:/etc/rc.d/rc.sysinit l0:0:wait:/etc/rc.d/rc 0

l1:1:wait:/etc/rc.d/rc 1

l2:2:wait:/etc/rc.d/rc 2

l3:3:wait:/etc/rc.d/rc 3

l4:4:wait:/etc/rc.d/rc 4

l5:5:wait:/etc/rc.d/rc 5

l6:6:wait:/etc/rc.d/rc 6

#Things to run in every runlevel. ud::once:/sbin/update ud::once:/sbin/update

#Trap CTRL-ALT-DELETE

ca::ctrlaltdel:/sbin/shutdown -t3 -r now

#When our UPS tells us power has failed, assume we have a few

#minutes of power left. Schedule a shutdown for 2 minutes from now.

#This does, of course, assume you have power installed and your

#UPS is connected and working correctly.


pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down"

#If power was restored before the shutdown kicked in, cancel it. pr:12345:powerokwait:/sbin/shutdown -c "Power Restored; Shutdown Cancelled"

#Run gettys in standard runlevels co:2345:respawn:/sbin/agetty -h -L 57600 ttyS1 ansi 1:2345:respawn:/sbin/mingetty tty1 2:2345:respawn:/sbin/mingetty tty2 3:2345:respawn:/sbin/mingetty tty3 4:2345:respawn:/sbin/mingetty tty4 5:2345:respawn:/sbin/mingetty tty5 6:2345:respawn:/sbin/mingetty tty6

#Run xdm in runlevel 5

#xdm is now a separate service x:5:respawn:/etc/X11/prefdm -nodaemon

In the file /etc/securetty add a new line with the name of the serial tty for COM2:

ttyS1

The following example shows a sample file with the new line.


NOTE icon

vc/1 vc/2 vc/3 vc/4 vc/5 vc/6 vc/7 vc/8 vc/9


NOTE: Use the Break Key Sequence (~B) to execute the Linux Magic SysRq key commands on serial console using IPMI Tool.


vc/10 vc/11 tty1 tty2 tty3 tty4 tty5 tty6 tty7 tty8 tty9 tty10 tty11 ttyS1

Supported SSH Cryptography Schemes

To communicate with iDRAC using SSH protocol, it supports multiple cryptography schemes listed in the following table.


Table 11. SSH Cryptography Schemes

Scheme Type

Scheme

Asymmetric Cryptography

Diffie-Hellman DSA/DSS 512-1024 (random) bits per NIST specification

Symmetric Cryptography

• AES256-CBC

• RIJNDAEL256-CBC

• AES192-CBC

• RIJNDAEL192-CBC

• AES128-CBC

• RIJNDAEL128-CBC

• BLOWFISH-128-CBC

• 3DES-192-CBC

• ARCFOUR-128

Message Integrity

• HMAC-SHA1-160

• HMAC-SHA1-96

• HMAC-MD5-128

• HMAC-MD5-96

Authentication

Password

PKA Authentication

Public-private key pairs

Using Public Key Authentication For SSH

iDRAC supports the Public Key Authentication (PKA) over SSH. This is a licensed feature. When the PKA over SSH is set up and used correctly, you need not enter the user name or password while logging into iDRAC. This is useful for setting up automated scripts that perform various functions. The uploaded keys must be in RFC 4716 or openssh format. Else, you must convert the keys into that format.

In any scenario, a pair of private and public key must be generated on the management station. The public key is uploaded to iDRAC local user and private key is used by the SSH client to establish the trust relationship between the management station and iDRAC.

You can generate the public or private key pair using:

PuTTY Key Generator application for clients running Windows

ssh-keygen CLI for clients running Linux.

CAUTION icon CAUTION: This privilege is normally reserved for users who are members of the Administrator user group on iDRAC. However, users in the ‘Custom’ user group can be assigned this privilege. A

user with this privilege can modify any user’s configuration. This includes creation or deletion of any user, SSH Key management for users, and so on. For these reasons, assign this privilege carefully.

CAUTION icon CAUTION: The capability to upload, view, and/ or delete SSH keys is based on the ’Configure Users’ user privilege. This privilege allows user(s) to configure another user's SSH key. You should

grant this privilege carefully.


Generating Public Keys for Windows

To use the PuTTY Key Generator application to create the basic key:

1. Start the application and select either SSH-2 RSA or SSH-2 DSA for the type of key to generate. (SSH-1 is not supported). The supported key generation algorithms are RSA and DSA only.

2. Enter the number of bits for the key. For RSA, it is between 768 and 4096 bits and for DSA, it 1024 bits.

3. Click Generate and move the mouse in the window as directed. The keys are generated.

4. You can modify the key comment field.

5. Enter a passphrase to secure the key.

6. Save the public and private key.

Generating Public Keys for Linux

To use the ssh-keygen application to create the basic key, open a terminal window and at the shell prompt, enter ssh-keygen –t rsa –b 1024 –C testing

where:

• -t is either dsa or rsa.

• –b specifies the bit encryption size between 768 and 4096.

• –C allows modifying the public key comment and is optional.

NOTE icon NOTE: The options are case-sensitive.

Follow the instructions. After the command executes, upload the public file.

CAUTION icon CAUTION: Keys generated from the Linux management station using ssh-keygen are in non-4716 format. Convert the keys into the 4716 format using ssh-keygen -e -f /root/.ssh/

id_rsa.pub > std_rsa.pub . Do not change the permissions of the key file. The conversion must be done using default permissions.

NOTE icon NOTE: iDRAC does not support ssh-agent forward of keys.

Uploading SSH Keys

You can upload up to four public keys per user to use over an SSH interface. Before adding the public keys, make sure that you view the keys if they are set up, so that a key is not accidentally overwritten.

When adding new public keys, make sure that the existing keys are not at the index where the new key is added. iDRAC does not perform checks to make sure previous key(s) are deleted before a new key(s) are added. When a new key is added, it is usable if the SSH interface is enabled.

Uploading SSH Keys Using Web Interface

To upload the SSH keys:

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Network → User Authentication

→ Local Users.

The Users page is displayed.

2. In the User ID column, click a user ID number. The Users Main Menu page is displayed.


3. Under SSH Key Configurations, select Upload SSH Key(s) and click Next. The Upload SSH Key(s) page is displayed.

4. Upload the SSH keys in one of the following ways:

• Upload the key file.

• Copy the contents of the key file into the text box

For more information, see iDRAC Online Help.

5. Click Apply.

Uploading SSH Keys Using RACADM

To upload the SSH keys, run the following command:

NOTE icon NOTE: You cannot upload and copy a key at the same time.

• For local RACADM: racadm sshpkauth -i <2 to 16> -k <1 to 4> -f <filename>

• From remote RACADM using Telnet or SSH: racadm sshpkauth -i <2 to 16> -k <1 to 4> - t <key-text>

For example, to upload a valid key to iDRAC User ID 2 in the first key space using a file, run the following command:

$ racadm sshpkauth -i 2 -k 1 -f pkkey.key

NOTE icon NOTE: The -f option is not supported on telnet/ssh/serial RACADM.

Viewing SSH Keys

You can view the keys that are uploaded to iDRAC.

Viewing SSH Keys Using Web Interface

To view the SSH keys:

1. In Web interface, go to Overview → iDRAC Settings → Network → User Authentication → Local Users.

The Users page is displayed.

2. In the User ID column, click a user ID number. The Users Main Menu page is displayed.

3. Under SSH Key Configurations, select View/Remove SSH Key(s) and click Next. The View/Remove SSH Key(s) page is displayed with the key details.

Viewing SSH Keys Using RACADM

To view the SSH keys, run the following command:

• Specific key — racadm sshpkauth -i <2 to 16> -v -k <1 to 4>

• All keys — racadm sshpkauth -i <2 to 16> -v -k all

Deleting SSH Keys

Before deleting the public keys, make sure that you view the keys if they are set up, so that a key is not accidentally deleted.


Deleting SSH Keys Using Web Interface

To delete the SSH key(s):

1. In Web interface, go to Overview → iDRAC Settings → Network → User Authentication → Local Users.

The Users page is displayed.

2. In the User ID column, click a user ID number. The Users Main Menu page is displayed.

3. Under SSH Key Configurations, select View/Remove SSH Key(s) and click Next. The View/Remove SSH Key(s) page displays the key details.

4. Select Remove for the key(s) you want to delete, and click Apply.

The selected key(s) is deleted.

Deleting SSH Keys Using RACADM

To delete the SSH key(s), run the following commands:

• Specific key — racadm sshpkauth -i <2 to 16> -d -k <1 to 4>

• All keys — racadm sshpkauth -i <2 to 16> -d -k all


7

Configuring User Accounts and Privileges

You can setup user accounts with specific privileges (role-based authority) to manage your system using iDRAC and maintain system security. By default iDRAC is configured with a local administrator account. This default user name is root and the password is calvin. As an administrator, you can setup user accounts to allow other users to access iDRAC.

You can setup local users or use directory services such as Microsoft Active Directory or LDAP to setup user accounts. Using a directory service provides a central location for managing authorized user accounts.

iDRAC supports role-based access to users with a set of associated privileges. The roles are administrator, operator, read only, or none. The role defines the maximum privileges available.

Related Links

Configuring Local Users Configuring Active Directory Users Configuring Generic LDAP Users

Configuring Local Users

You can configure up to 16 local users in iDRAC with specific access permissions. Before you create an iDRAC user, verify if any current users exist. You can set user names, passwords, and roles with the privileges for these users. The user names and passwords can be changed using any of the iDRAC secured interfaces (that is, Web interface, RACADM or WS-MAN). You can also enable or disable SNMPv3 authentication for each user.

NOTE icon NOTE: SNMPv3 feature is licensed and is available with iDRAC Enterprise license.

Configuring Local Users Using iDRAC Web Interface

To add and configure local iDRAC users:

NOTE icon NOTE: You must have Configure Users permission to create an iDRAC user.

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → User Authentication → Local Users.

The Users page is displayed.

2. In the User ID column, click a user ID number.

NOTE icon NOTE: User 1 is reserved for the IPMI anonymous user and you cannot change this configuration.

The User Main Menu page is displayed.

3. Select Configure User and click Next.

The User Configuration page is displayed.


4. Enable the user ID and specify the user name, password, and access privileges for the user. You can also enable SNMPv3 authentication for the user. For more information about the options, see the iDRAC Online Help.

5. Click Apply. The user is created with the required privileges.

Configuring Local Users Using RACADM

NOTE icon NOTE: You must be logged in as user root to execute RACADM commands on a remote Linux system.

You can configure single or multiple iDRAC users using RACADM.

To configure multiple iDRAC users with identical configuration settings, perform one of the following procedures:

• Use the RACADM examples in this section as a guide to create a batch file of RACADM commands and then execute the batch file on each managed system.

• Create the iDRAC configuration file and execute the racadm config or racadm set subcommand on each managed system using the same configuration file.

If you are configuring a new iDRAC or if you have used the racadm racresetcfg command, the only current user is root with the password calvin. The racresetcfg subcommand resets the iDRAC to the default values.

NOTE icon NOTE: Users can be enabled and disabled over time. As a result, a user may have a different index number on each iDRAC.

To verify if a user exists, type the following command at the command prompt:

• Using config command: racadm getconfig -u <username>

OR

Type the following command once for each index (1–16):

• Using config command: racadm getconfig -g cfgUserAdmin -i <index>

• Using get command: racadm get iDRAC.Users.<index>.UserName

NOTE icon NOTE: You can also type racadm getconfig -f <myfile.cfg> or racadm get -f

<myfile.cfg> and view or edit the myfile.cfg file, which includes all iDRAC configuration

parameters.

Several parameters and object IDs are displayed with their current values. The objects of importance are:

• If you have used getconfig command:

# cfgUserAdminIndex=XX

cfgUserAdminUserName=

• If you have used get command:

iDRAC.Users.UserName=

If the cfgUserAdminUserName object has no value, that index number, which is indicated by the cfgUserAdminIndex object, is available for use. If a name is displayed after the "=", that index is taken by that user name.


When you manually enable or disable a user with the racadm config subcommand, you must specify the index with the -i option.

Observe that the cfgUserAdminIndex object displayed in the previous example contains a '#' character. It indicates that it is a read-only object. Also, if you use the racadm config -f racadm.cfg command to specify any number of groups/objects to write, the index cannot be specified. This behavior allows more flexibility in configuring multiple iDRAC with the same settings.

To enable SNMP v3 authentication for a user, use SNMPv3AuthenticationType, SNMPv3Enable, SNMPv3PrivacyType objects. For more information, see the RACADM Command Line Interface Guide available at dell.com/esmmanuals.

If you are using the configuration XML file, then use the AuthenticationProtocol, ProtocolEnable, and

PrivacyProtocol attributes to enable SNMPv3 authentication.

Adding iDRAC User Using RACADM

To add a new user to the RAC configuration, perform the following:

1. Set the user name.

2. Set the password.

3. Set the following user privileges:

• iDRAC

• LAN

• Serial Port

• Serial Over LAN

4. Enable the user.

Example:

The following example describes how to add a new user named "John" with a "123456" password and LOGIN privileges to the RAC.

racadm config -g cfgUserAdmin -o cfgUserAdminUserName -i 3 john racadm config -g cfgUserAdmin -o cfgUserAdminPassword -i 3 123456

racadm config -g cfgUserAdmin -i 3 -o cfgUserAdminPrivilege 0x00000001 racadm config -g cfgUserAdmin -i 3 -o cfgUserAdminIpmiLanPrivilege 2 racadm config -g cfgUserAdmin -i 3 -o cfgUserAdminIpmiSerialPrivilege 2 racadm config -g cfgUserAdmin -i 3 -o cfgUserAdminSolEnable 1

racadm config -g cfgUserAdmin -i 3 -o cfgUserAdminEnable 1

To verify, use one of the following commands:

racadm getconfig -u john

racadm getconfig –g cfgUserAdmin –i 3

For more information on the RACADM commands, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.

Enabling iDRAC User With Permissions

To enable a user with specific administrative permissions (role-based authority):


NOTE icon NOTE: You can use the getconfig and config commands or get and set commands.

1. Locate an available user index using the command syntax:

• Using getconfig command: racadm getconfig -g cfgUserAdmin -i <index>

• Using get command: racadm get iDRAC.Users <index>

2. Type the following commands with the new user name and password.

• Using config command: racadm config -g cfgUserAdmin -o cfgUserAdminPrivilege

-i <index> <user privilege bitmask value>

• Using set command: racadm set iDRAC.Users.<index>.Privilege <user privilege bitmask value>

NOTE icon NOTE: For a list of valid bit mask values for specific user privileges, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals. The default

privilege value is 0, which indicates the user has no privileges enabled.

Configuring Active Directory Users

If your company uses the Microsoft Active Directory software, you can configure the software to provide access to iDRAC, allowing you to add and control iDRAC user privileges to your existing users in your directory service. This is a licensed feature.

NOTE icon NOTE: Using Active Directory to recognize iDRAC users is supported on the Microsoft Windows 2000, Windows Server 2003, and Windows Server 2008 operating systems.

You can configure user authentication through Active Directory to log in to the iDRAC. You can also provide role-based authority, which enables an administrator to configure specific privileges for each user.

The iDRAC role and privilege names have changed from earlier generation of servers. The role names are:

Table 12. iDRAC Roles

Current Generation

Prior Generation

Privileges

Administrator

Administrator

Login, Configure, Configure Users, Logs, System Control, Access Virtual Console, Access Virtual Media, System Operations, Debug

Operator

Power User

Login, Configure, System Control, Access Virtual Console, Access Virtual Media, System Operations, Debug

Read Only

Guest User

Login

None

None

None


Table 13. iDRAC User Privileges

Current Generation

Prior Generation

Description

Login

Login to iDRAC

Enables the user to log in to iDRAC.

Configure

Configure iDRAC

Enables the user to configure iDRAC.

Configure Users

Configure Users

Enables the user to allow specific users to access the system.

Logs

Clear Logs

Enables the user to clear the System Event Log (SEL).

System Control

Execute Server Control Commands

Allows power cycling the host system.

Access Virtual Console

Access Virtual Console Redirection (for blade servers)

Access Virtual Console (for rack and tower servers)

Enables the user to run Virtual Console.

Access Virtual Media

Access Virtual Media

Enables the user to run and use Virtual Media.

System Operations

Test Alerts

Allows user initiated and generated events, and information is sent as an asynchronous notification and logged.

Debug

Execute Diagnostic Commands

Enables the user to run diagnostic commands.

Related Links

Prerequisites for Using Active Directory Authentication for iDRAC Supported Active Directory Authentication Mechanisms

Prerequisites for Using Active Directory Authentication for iDRAC

To use the Active Directory authentication feature of iDRAC, make sure that you have:

• Deployed an Active Directory infrastructure. See the Microsoft website for more information.

• Integrated PKI into the Active Directory infrastructure. iDRAC uses the standard Public Key Infrastructure (PKI) mechanism to authenticate securely into the Active Directory. See the Microsoft website for more information.

• Enabled the Secure Socket Layer (SSL) on all domain controllers that iDRAC connects to for authenticating to all the domain controllers.

Related Links

Enabling SSL on Domain Controller

Enabling SSL on Domain Controller

When iDRAC authenticates users with an Active Directory domain controller, it starts an SSL session with the domain controller. At this time, the domain controller must publish a certificate signed by the


Certificate Authority (CA)—the root certificate of which is also uploaded into iDRAC. For iDRAC to authenticate to any domain controller—whether it is the root or the child domain controller—that domain controller must have an SSL-enabled certificate signed by the domain’s CA.

If you are using Microsoft Enterprise Root CA to automatically assign all your domain controllers to an SSL certificate, you must:

1. Install the SSL certificate on each domain controller.

2. Export the Domain Controller Root CA Certificate to iDRAC.

3. Import iDRAC Firmware SSL Certificate.

Related Links

Installing SSL Certificate For Each Domain Controller Exporting Domain Controller Root CA Certificate to iDRAC Importing iDRAC Firmware SSL Certificate

Installing SSL Certificate For Each Domain Controller

To install the SSL certificate for each controller:

1. Click Start → Administrative Tools → Domain Security Policy.

2. Expand the Public Key Policies folder, right-click Automatic Certificate Request Settings and click

Automatic Certificate Request.

The Automatic Certificate Request Setup Wizard is displayed.

3. Click Next and select Domain Controller.

4. Click Next and click Finish. The SSL certificate is installed.

Exporting Domain Controller Root CA Certificate to iDRAC

NOTE icon NOTE: If your system is running Windows 2000 or if you are using standalone CA, the following steps may vary.

To export the domain controller root CA certificate to iDRAC:

1. Locate the domain controller that is running the Microsoft Enterprise CA service.

2. Click Start → Run.

3. Enter mmc and click OK.

4. In the Console 1 (MMC) window, click File (or Console on Windows 2000 systems) and select Add/ Remove Snap-in.

5. In the Add/Remove Snap-In window, click Add.

6. In the Standalone Snap-In window, select Certificates and click Add.

7. Select Computer and click Next.

8. Select Local Computer, click Finish, and click OK.

9. In the Console 1 window, go to Certificates Personal Certificates folder.

10. Locate and right-click the root CA certificate, select All Tasks, and click Export....

11. In the Certificate Export Wizard, click Next, and select No do not export the private key.

12. Click Next and select Base-64 encoded X.509 (.cer) as the format.

13. Click Next and save the certificate to a directory on your system.

14. Upload the certificate you saved in step 13 to iDRAC.


Importing iDRAC Firmware SSL Certificate

iDRAC SSL certificate is the identical certificate used for iDRAC Web server. All iDRAC controllers are shipped with a default self-signed certificate.

If the Active Directory Server is set to authenticate the client during an SSL session initialization phase, you need to upload iDRAC Server certificate to the Active Directory Domain controller. This additional step is not required if the Active Directory does not perform a client authentication during an SSL session’s initialization phase.

NOTE icon NOTE: If your system is running Windows 2000, the following steps may vary.

NOTE icon NOTE: If iDRAC firmware SSL certificate is CA-signed and the certificate of that CA is already in the domain controller's Trusted Root Certificate Authority list, do not perform the steps in this section.

To import iDRAC firmware SSL certificate to all domain controller trusted certificate lists:

1. Download iDRAC SSL certificate using the following RACADM command:

racadm sslcertdownload -t 0x1 -f <RAC SSL certificate>

2. On the domain controller, open an MMC Console window and select Certificates → Trusted Root Certification Authorities.

3. Right-click Certificates, select All Tasks and click Import.

4. Click Next and browse to the SSL certificate file.

5. Install iDRAC SSL Certificate in each domain controller’s Trusted Root Certification Authority. If you have installed your own certificate, make sure that the CA signing your certificate is in the

Trusted Root Certification Authority list. If the Authority is not in the list, you must install it on all

your domain controllers.

6. Click Next and select whether you want Windows to automatically select the certificate store based on the type of certificate, or browse to a store of your choice.

7. Click Finish and click OK. The iDRAC firmware SSL certificate is imported to all domain controller trusted certificate lists.

Supported Active Directory Authentication Mechanisms

You can use Active Directory to define iDRAC user access using two methods:

Standard schema solution, which uses Microsoft’s default Active Directory group objects only.

Extended schema solution, which has customized Active Directory objects. All the access control objects are maintained in Active Directory. It provides maximum flexibility to configure user access on different iDRACs with varying privilege levels.

Related Links

Standard Schema Active Directory Overview Extended Schema Active Directory Overview

Standard Schema Active Directory Overview

As shown in the following figure, using standard schema for Active Directory integration requires configuration on both Active Directory and iDRAC.


Image that shows configuration of Active Directory and iDRAC using standard schema

Figure 1. Configuration of iDRAC with Active Directory Standard Schema

In Active Directory, a standard group object is used as a role group. A user who has iDRAC access is a member of the role group. To give this user access to a specific iDRAC, the role group name and its domain name need to be configured on the specific iDRAC. The role and the privilege level is defined on each iDRACand not in the Active Directory. You can configure up to five role groups in each iDRAC. Table reference no shows the default role group privileges.

Table 14. Default Role Group Privileges

Role Groups

Default Privilege Level

Permissions Granted

Bit Mask

Role Group 1

None

Login to iDRAC, Configure iDRAC, Configure Users, Clear Logs, Execute Server Control Commands, Access Virtual Console, Access Virtual Media, Test Alerts, Execute Diagnostic Commands

0x000001ff

Role Group 2

None

Login to iDRAC, Configure iDRAC, Execute Server Control Commands, Access Virtual Console, Access Virtual Media, Test Alerts, Execute Diagnostic Commands

0x000000f9

Role Group 3

None

Login to iDRAC

0x00000001

Role Group 4

None

No assigned permissions

0x00000000

Role Group 5

None

No assigned permissions

0x00000000


NOTE icon NOTE: The Bit Mask values are used only when setting Standard Schema with the RACADM.

Single Domain Versus Multiple Domain Scenarios

If all the login users and role groups, including the nested groups, are in the same domain, then only the domain controllers’ addresses must be configured on iDRAC. In this single domain scenario, any group type is supported.

If all the login users and role groups, or any of the nested groups, are from multiple domains, then Global Catalog server addresses must be configured on iDRAC. In this multiple domain scenario, all the role groups and nested groups, if any, must be a Universal Group type.

Configuring Standard Schema Active Directory

To configure iDRAC for a Active Directory login access:

1. On an Active Directory server (domain controller), open the Active Directory Users and Computers Snap-in.

2. Create a group or select an existing group. Add the Active Directory user as a member of the Active Directory group to access iDRAC.

3. Configure the group name, domain name, and the role privileges on iDRAC using the iDRAC Web interface or RACADM.

Related Links

Configuring Active Directory With Standard Schema Using iDRAC Web Interface Configuring Active Directory With Standard Schema Using RACADM

Configuring Active Directory With Standard Schema Using iDRAC Web Interface

NOTE icon NOTE: For information about the various fields, see the iDRAC Online Help.

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → User Authentication → Directory Services → Microsoft Active Directory.

The Active Directory summary page is displayed.

2. Click Configure Active Directory.

The Active Directory Configuration and Management Step 1 of 4 page is displayed.

3. Optionally, enable certificate validation and upload the CA-signed digital certificate used during initiation of SSL connections when communicating with the Active Directory (AD) server. For this, the Domain Controllers and Global Catalog FQDN must be specified. This is done in the next steps. And hence the DNS should be configured properly in the network settings.

4. Click Next.

The Active Directory Configuration and Management Step 2 of 4 page is displayed.

5. Enable Active Directory and specify the location information about Active Directory servers and user accounts. Also, specify the time iDRAC must wait for responses from Active Directory during iDRAC login.

NOTE icon NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the Global Catalog FQDN. Make sure that DNS is configured correctly under Overview →

iDRAC Settings → Network.

6. Click Next. The Active Directory Configuration and Management Step 3 of 4 page is displayed.

7. Select Standard Schema and click Next.


The Active Directory Configuration and Management Step 4a of 4 page is displayed.

8. Enter the location of Active Directory global catalog server(s) and specify privilege groups used to authorize users.

9. Click a Role Group to configure the control authorization policy for users under the standard schema mode.

The Active Directory Configuration and Management Step 4b of 4 page is displayed.

10. Specify the privileges and click Apply.

The settings are applied and the Active Directory Configuration and Management Step 4a of 4 page is displayed.

11. Click Finish. The Active Directory settings for standard schema is configured.

Configuring Active Directory With Standard Schema Using RACADM

To configure iDRAC Active Directory with Standard Schema using the RACADM:

1. At the racadm command prompt, run the following commands:

• Using config command:

racadm config -g cfgActiveDirectory -o cfgADEnable 1 racadm config -g cfgActiveDirectory -o cfgADType 2

racadm config -g cfgStandardSchema -i <index> -o cfgSSADRoleGroupName

<common name of the role group>

racadm config -g cfgStandardSchema -i <index> -o cfgSSADRoleGroupDomain

<fully qualified domain name>

racadm config -g cfgStandardSchema -i <index> -o cfgSSADRoleGroupPrivilege <Bit Mask Value for specific RoleGroup permissions>

racadm config -g cfgActiveDirectory -o cfgADDomainController1 <fully qualified domain name or IP address of the domain controller>

racadm config -g cfgActiveDirectory -o cfgADDomainController2 <fully qualified domain name or IP address of the domain controller>

racadm config -g cfgActiveDirectory -o cfgADDomainController3 <fully qualified domain name or IP address of the domain controller>

racadm config -g cfgActiveDirectory -o cfgADGlobalCatalog1 <fully qualified domain name or IP address of the domain controller> racadm config -g cfgActiveDirectory -o cfgADGlobalCatalog2 <fully qualified domain name or IP address of the domain controller> racadm config -g cfgActiveDirectory -o cfgADGlobalCatalog3 <fully qualified domain name or IP address of the domain controller>

• Using set command:

racadm set iDRAC.ActiveDirectory.Enable 1 racadm set iDRAC.ActiveDirectory.Schema 2

racadm set iDRAC.ADGroup.Name <common name of the role group> racadm set iDRAC.ADGroup.Domain <fully qualified domain name>

racadm set iDRAC.ADGroup.Privilege <Bit Mask Value for specific RoleGroup permissions>

racadm set iDRAC.ActiveDirectory.DomainController1 <fully qualified domain name or IP address of the domain controller>

racadm set iDRAC.ActiveDirectory.DomainController2 <fully qualified domain name or IP address of the domain controller>

racadm set iDRAC.ActiveDirectory.DomainController3 <fully qualified domain name or IP address of the domain controller>

racadm set iDRAC.ActiveDirectory.GlobalCatalog1 <fully qualified domain name or IP address of the domain controller>

racadm set iDRAC.ActiveDirectory.GlobalCatalog2 <fully qualified domain name or IP address of the domain controller>

racadm set iDRAC.ActiveDirectory.GlobalCatalog3 <fully qualified domain name or IP address of the domain controller>


For Bit Mask values for specific Role Group permissions, see Default Role Group Privileges .

Enter the FQDN of the domain controller, not the FQDN of the domain. For example, enter

servername.dell.com instead of dell.com.

At least one of the three addresses is required to be configured. iDRAC attempts to connect to each of the configured addresses one-by-one until it makes a successful connection. With Standard Schema, these are the addresses of the domain controllers where the user accounts and the role groups are located.

The Global Catalog server is only required for standard schema when the user accounts and role groups are in different domains. In multiple domain case, only the Universal Group can be used.

The FQDN or IP address that you specify in this field should match the Subject or Subject Alternative Name field of your domain controller certificate if you have certificate validation enabled.

If you want to disable the certificate validation during SSL handshake, enter the following RACADM command:

• Using config command: racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 0

• Using set command: racadm set iDRAC.ActiveDirectory.CertValidationEnable 0

In this case, no Certificate Authority (CA) certificate needs to be uploaded. To enforce the certificate validation during SSL handshake (optional):

• Using config command: racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 1

• Using set command: racadm set iDRAC.ActiveDirectory.CertValidationEnable 1

In this case, you must upload the CA certificate using the following RACADM command:

racadm sslcertupload -t 0x2 -f <ADS root CA certificate>

NOTE icon NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the Global Catalog FQDN. Make sure that DNS is configured correctly under Overview →

iDRAC Settings → Network.

Using the following RACADM command may be optional.

racadm sslcertdownload -t 0x1 -f <RAC SSL certificate>

2. If DHCP is enabled on iDRAC and you want to use the DNS provided by the DHCP server, enter the following RACADM commands:

• Using config command: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 1

• Using set command: racadm set iDRAC.IPv4.DNSFromDHCP 1

3. If DHCP is disabled on iDRAC or you want manually input the DNS IP address, enter the following RACADM commands:

• Using config command:

racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0

racadm config -g cfgLanNetworking -o cfgDNSServer1 <primary DNS IP


address>

racadm config -g cfgLanNetworking -o cfgDNSServer2 <secondary DNS IP address>

• Using set command:

racadm set iDRAC.IPv4.DNSFromDHCP 0

racadm set iDRAC.IPv4.DNSFromDHCP.DNS1 <primary DNS IP address> racadm set iDRAC.IPv4.DNSFromDHCP.DNS2 <secondary DNS IP address>

4. If you want to configure a list of user domains so that you only need to enter the user name when logging in to the Web interface, enter the following command:

• Using config command: racadm config -g cfgUserDomain -o cfgUserDomainName

<fully qualified domain name or IP Address of the domain controller> -i

<index>

• Using set command: racadm set iDRAC.UserDomain.<index>.Name <fully qualified domain name or IP Address of the domain controller>

You can configure up to 40 user domains with index numbers between 1 and 40.

Extended Schema Active Directory Overview

Using the extended schema solution requires the Active Directory schema extension.

Active Directory Schema Extensions

The Active Directory data is a distributed database of attributes and classes. The Active Directory schema includes the rules that determine the type of data that can be added or included in the database. The user class is one example of a class that is stored in the database. Some example user class attributes can include the user’s first name, last name, phone number, and so on. You can extend the Active Directory database by adding your own unique attributes and classes for specific requirements. Dell has extended the schema to include the necessary changes to support remote management authentication and authorization using Active Directory.

Each attribute or class that is added to an existing Active Directory Schema must be defined with a unique ID. To maintain unique IDs across the industry, Microsoft maintains a database of Active Directory Object Identifiers (OIDs) so that when companies add extensions to the schema, they can be guaranteed to be unique and not to conflict with each other. To extend the schema in Microsoft's Active Directory, Dell received unique OIDs, unique name extensions, and uniquely linked attribute IDs for the attributes and classes that are added into the directory service:

• Extension is: dell

• Base OID is: 1.2.840.113556.1.8000.1280

• RAC LinkID range is: 12070 to 12079

Overview of iDRAC Schema Extensions

Dell has extended the schema to include an Association, Device, and Privilege property. The Association property is used to link together the users or groups with a specific set of privileges to one or more iDRAC devices. This model provides an administrator maximum flexibility over the different combinations of users, iDRAC privileges, and iDRAC devices on the network without much complexity.

For each physical iDRAC device on the network that you want to integrate with Active Directory for authentication and authorization, create at least one association object and one iDRAC device object. You can create multiple association objects, and each association object can be linked to as many users,


groups of users, or iDRAC device objects as required. The users and iDRAC user groups can be members of any domain in the enterprise.

However, each association object can be linked (or, may link users, groups of users, or iDRAC device objects) to only one privilege object. This example allows an administrator to control each user’s privileges on specific iDRAC devices.

iDRAC device object is the link to iDRAC firmware for querying Active Directory for authentication and authorization. When iDRAC is added to the network, the administrator must configure iDRAC and its device object with its Active Directory name so that users can perform authentication and authorization with Active Directory. Additionally, the administrator must add iDRAC to at least one association object for users to authenticate.

The following figure shows that the association object provides the connection that is needed for the authentication and authorization.

typical setup for active directory objects

Figure 2. Typical Setup for Active Directory Objects

You can create as many or as few association objects as required. However, you must create at least one Association Object, and you must have one iDRAC Device Object for each iDRAC device on the network that you want to integrate with Active Directory for Authentication and Authorization with iDRAC.

The Association Object allows for as many or as few users and/or groups as well as iDRAC Device Objects. However, the Association Object only includes one Privilege Object per Association Object. The Association Object connects the Users who have Privileges on iDRAC devices.

The Dell extension to the ADUC MMC Snap-in only allows associating the Privilege Object and iDRAC Objects from the same domain with the Association Object. The Dell extension does not allow a group or an iDRAC object from other domains to be added as a product member of the Association Object.

When adding Universal Groups from separate domains, create an Association Object with Universal Scope. The Default Association objects created by the Dell Schema Extender Utility are Domain Local Groups and does not work with Universal Groups from other domains.

Users, user groups, or nested user groups from any domain can be added into the Association Object. Extended Schema solutions support any user group type and any user group nesting across multiple domains allowed by Microsoft Active Directory.


Accumulating Privileges Using Extended Schema

The Extended Schema Authentication mechanism supports Privilege Accumulation from different privilege objects associated with the same user through different Association Objects. In other words, Extended Schema Authentication accumulates privileges to allow the user the super set of all assigned privileges corresponding to the different privilege objects associated with the same user.

The following figure provides an example of accumulating privileges using Extended Schema.

example of accumulating privileges using extended schema

Figure 3. Privilege Accumulation for a User

The figure shows two Association Objects—A01 and A02. User1 is associated to iDRAC2 through both association objects.

Extended Schema Authentication accumulates privileges to allow the user the maximum set of privileges possible considering the assigned privileges of the different privilege objects associated to the same user.

In this example, User1 has both Priv1 and Priv2 privileges on iDRAC2. User1 has Priv1 privileges on iDRAC1 only. User2 has Priv1 privileges on both iDRAC1 and iDRAC2. In addition, this figure shows that User1 can be in a different domain and can be a member of a group.

Configuring Extended Schema Active Directory

To configure Active Directory to access iDRAC:

1. Extend the Active Directory schema.

2. Extend the Active Directory Users and Computers Snap-in.

3. Add iDRAC users and their privileges to Active Directory.

4. Configure iDRAC Active Directory properties using iDRAC Web interface or RACADM.

Related Links

Extended Schema Active Directory Overview

Installing Dell Extension to the Active Directory Users and Computers Snap-In Adding iDRAC Users and Privileges to Active Directory

Configuring Active Directory With Extended Schema Using iDRAC Web Interface


Configuring Active Directory With Extended Schema Using RACADM

Extending Active Directory Schema

Extending your Active Directory schema adds a Dell organizational unit, schema classes and attributes, and example privileges and association objects to the Active Directory schema. Before you extend the schema, make sure that you have Schema Admin privileges on the Schema Master Flexible Single Master Operation (FSMO) Role Owner of the domain forest.

NOTE icon NOTE: Make sure to use the schema extension for this product is different from the previous generations of RAC products. The earlier schema does not work with this product.

NOTE icon NOTE: Extending the new schema has no impact on previous versions of the product. You can extend your schema using one of the following methods:

• Dell Schema Extender utility

• LDIF script file

If you use the LDIF script file, the Dell organizational unit is not added to the schema.

The LDIF files and Dell Schema Extender are located on your Dell Systems Management Tools and Documentation DVD in the following respective directories:

• DVDdrive:\SYSMGMT\ManagementStation\support\OMActiveDirectory_Tools

\Remote_Management_Advanced\LDIF_Files

• <DVDdrive>:\SYSMGMT\ManagementStation\support\OMActiveDirectory_Tools

\Remote_Management_Advanced\Schema Extender

To use the LDIF files, see the instructions in the readme included in the LDIF_Files directory. You can copy and run the Schema Extender or LDIF files from any location.

Using Dell Schema Extender

CAUTION icon CAUTION: The Dell Schema Extender uses the SchemaExtenderOem.ini file. To make sure that the Dell Schema Extender utility functions properly, do not modify the name of this file.

1. In the Welcome screen, click Next.

2. Read and understand the warning and click Next.

3. Select Use Current Log In Credentials or enter a user name and password with schema administrator rights.

4. Click Next to run the Dell Schema Extender.

5. Click Finish.

The schema is extended. To verify the schema extension, use the MMC and the Active Directory Schema Snap-in to verify that the classes and attributes Classes and Attributes exist. See the Microsoft documentation for details about using the MMC and the Active Directory Schema Snap-in.


Classes and Attributes

Table 15. Class Definitions for Classes Added to the Active Directory Schema

Class Name

Assigned Object Identification Number (OID)

delliDRACDevice

1.2.840.113556.1.8000.1280.1.7.1.1

delliDRACAssociation

1.2.840.113556.1.8000.1280.1.7.1.2

dellRAC4Privileges

1.2.840.113556.1.8000.1280.1.1.1.3

dellPrivileges

1.2.840.113556.1.8000.1280.1.1.1.4

dellProduct

1.2.840.113556.1.8000.1280.1.1.1.5

Table 16. dellRacDevice Class

OID

1.2.840.113556.1.8000.1280.1.7.1.1

Description

Represents the Dell iDRAC device. iDRAC must be configured as delliDRACDevice in Active Directory. This configuration enables iDRAC to send Lightweight Directory Access Protocol (LDAP) queries to Active Directory.

Class Type

Structural Class

SuperClasses

dellProduct

Attributes

dellSchemaVersion

dellRacType

Table 17. delliDRACAssociationObject Class

OID

1.2.840.113556.1.8000.1280.1.7.1.2

Description

Represents the Dell Association Object. The Association Object provides the connection between the users and the devices.

Class Type

Structural Class

SuperClasses

Group

Attributes

dellProductMembers

dellPrivilegeMember


Table 18. dellRAC4Privileges Class

OID

1.2.840.113556.1.8000.1280.1.1.1.3

Description

Defines the privileges (Authorization Rights) for iDRAC

Class Type

Auxiliary Class

SuperClasses

None

Attributes

dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser

dellIsDebugCommandAdmin

Table 19. dellPrivileges Class

OID

1.2.840.113556.1.8000.1280.1.1.1.4

Description

Used as a container Class for the Dell Privileges (Authorization Rights).

Class Type

Structural Class

SuperClasses

User

Attributes

dellRAC4Privileges

Table 20. dellProduct Class

OID

1.2.840.113556.1.8000.1280.1.1.1.5

Description

The main class from which all Dell products are derived.

Class Type

Structural Class

SuperClasses

Computer

Attributes

dellAssociationMembers


Table 21. List of Attributes Added to the Active Directory Schema

Attribute Name/Description

Assigned OID/Syntax Object Identifier

Single Valued

dellPrivilegeMember

List of dellPrivilege Objects that belong to this Attribute.

1.2.840.113556.1.8000.1280.1.1.2.1

Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12)

FALSE

dellProductMembers

List of dellRacDevice and DelliDRACDevice Objects that belong to this role. This attribute is the forward link to the dellAssociationMembers backward link.

Link ID: 12070

1.2.840.113556.1.8000.1280.1.1.2.2

Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12)

FALSE

dellIsLoginUser

TRUE if the user has Login rights on the device.

1.2.840.113556.1.8000.1280.1.1.2.3

Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7)

TRUE

dellIsCardConfigAdmin

TRUE if the user has Card Configuration rights on the device.

1.2.840.113556.1.8000.1280.1.1.2.4

Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7)

TRUE

dellIsUserConfigAdmin

TRUE if the user has User Configuration rights on the device.

1.2.840.113556.1.8000.1280.1.1.2.5

Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7)

TRUE

delIsLogClearAdmin

TRUE if the user has Log Clearing rights on the device.

1.2.840.113556.1.8000.1280.1.1.2.6

Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7)

TRUE

dellIsServerResetUser

TRUE if the user has Server Reset rights on the device.

1.2.840.113556.1.8000.1280.1.1.2.7

Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7)

TRUE

dellIsConsoleRedirectUser

TRUE if the user has Virtual Console rights on the device.

1.2.840.113556.1.8000.1280.1.1.2.8

Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7)

TRUE

dellIsVirtualMediaUser

1.2.840.113556.1.8000.1280.1.1.2.9

Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7)

TRUE


Attribute Name/Description Assigned OID/Syntax Object

Identifier


Single Valued


TRUE if the user has Virtual Media rights on the device.

dellIsTestAlertUser

TRUE if the user has Test Alert User rights on the device.

1.2.840.113556.1.8000.1280.1.1.2.1

0

Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7)

TRUE

dellIsDebugCommandAdmin

TRUE if the user has Debug Command Admin rights on the device.

1.2.840.113556.1.8000.1280.1.1.2.1

1

Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7)

TRUE

dellSchemaVersion

The Current Schema Version is used to update the schema.

1.2.840.113556.1.8000.1280.1.1.2.1

2

Case Ignore String (LDAPTYPE_CASEIGNORESTRING 1.2.840.113556.1.4.905)

TRUE

dellRacType

This attribute is the Current RAC Type for the delliDRACDevice object and the backward link to the dellAssociationObjectMembers forward link.

1.2.840.113556.1.8000.1280.1.1.2.1

3

Case Ignore String (LDAPTYPE_CASEIGNORESTRING 1.2.840.113556.1.4.905)

TRUE

dellAssociationMembers

List of dellAssociationObjectMembers that belong to this Product.

This attribute is the backward link to the dellProductMembers linked attribute.

Link ID: 12071

1.2.840.113556.1.8000.1280.1.1.2.1

4

Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12)

FALSE

Installing Dell Extension to the Active Directory Users and Computers Snap-In

When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers Snap-in so the administrator can manage iDRAC devices, users and user groups, iDRAC associations, and iDRAC privileges.

When you install your systems management software using the Dell Systems Management Tools and Documentation DVD, you can extend the Snap-in by selecting the Active Directory Users and Computers Snap-in option during the installation procedure. See the Dell OpenManage Software Quick Installation Guide for additional instructions about installing systems management software. For 64-bit Windows Operating Systems, the Snap-in installer is located under:


<DVDdrive>:\SYSMGMT\ManagementStation\support\OMActiveDirectory_SnapIn64

For more information about the Active Directory Users and Computers Snap-in, see Microsoft documentation.

Adding iDRAC Users and Privileges to Active Directory

Using the Dell-extended Active Directory Users and Computers Snap-in, you can add iDRAC users and privileges by creating device, association, and privilege objects. To add each object, perform the following:

• Create an iDRAC device Object

• Create a Privilege Object

• Create an Association Object

• Add objects to an Association Object

Related Links

Adding Objects to Association Object Creating iDRAC Device Object Creating Privilege Object

Creating Association Object

Creating iDRAC Device Object

To create iDRAC device object:

1. In the MMC Console Root window, right-click a container.

2. Select New → Dell Remote Management Object Advanced. The New Object window is displayed.

3. Enter a name for the new object. The name must be identical to iDRAC name that you enter while configuring Active Directory properties using iDRAC Web interface.

4. Select iDRAC Device Object and click OK.

Creating Privilege Object

To create prvivlege object:

NOTE icon NOTE: You must create a privilege object in the same domain as the related association object.

1. In the Console Root (MMC) window, right-click a container.

2. Select New → Dell Remote Management Object Advanced. The New Object window is displayed.

3. Enter a name for the new object.

4. Select Privilege Object and click OK.

5. Right-click the privilege object that you created, and select Properties.

6. Click the Remote Management Privileges tab and assign the privileges for the user or group.

Creating Association Object

To create association object:


NOTE icon NOTE: iDRAC association object is derived from the group and its scope is set to Domain Local.

1. In the Console Root (MMC) window, right-click a container.

2. Select New → Dell Remote Management Object Advanced. This New Object window is displayed.

3. Enter a name for the new object and select Association Object.

4. Select the scope for the Association Object and click OK.

5. Provide access privileges to the authenticated users for accessing the created association objects.

Related Links

Providing User Access Privileges For Association Objects

Providing User Access Privileges For Association Objects

To provide access privileges to the authenticated users for accessing the created association objects:

1. Go to Administrative Tools → ADSI Edit. The ADSI Edit window is displayed.

2. In the right-pane, navigate to the created association object, right-click and select Properties.

3. In the Security tab, click Add.

4. Type Authenticated Users, click Check Names, and click OK. The authenticated users is added to the list of Groups and user names.

5. Click OK.

Adding Objects to Association Object

Using the Association Object Properties window, you can associate users or user groups, privilege objects, and iDRAC devices or iDRAC device groups.

You can add groups of users and iDRAC devices.

Related Links

Adding Users or User Groups Adding Privileges

Adding iDRAC Devices or iDRAC Device Groups

Adding Users or User Groups

To add users or user groups:

1. Right-click the Association Object and select Properties.

2. Select the Users tab and click Add.

3. Enter the user or user group name and click OK.

Adding Privileges

To add privileges:

Click the Privilege Object tab to add the privilege object to the association that defines the user’s or user group’s privileges when authenticating to an iDRAC device. Only one privilege object can be added to an Association Object.

1. Select the Privileges Object tab and click Add.

2. Enter the privilege object name and click OK.


3. Click the Privilege Object tab to add the privilege object to the association that defines the user’s or user group’s privileges when authenticating to an iDRAC device. Only one privilege object can be added to an Association Object.

Adding iDRAC Devices or iDRAC Device Groups

To add iDRAC devices or iDRAC device groups:

1. Select the Products tab and click Add.

2. Enter iDRAC devices or iDRAC device group name and click OK.

3. In the Properties window, click Apply and click OK.

4. Click the Products tab to add one iDRAC device connected to the network that is available for the defined users or user groups. You can add multiple iDRAC devices to an Association Object.

Configuring Active Directory With Extended Schema Using iDRAC Web Interface

To configure Active Directory with extended schema using Web interface:

NOTE icon NOTE: For information about the various fields, see the iDRAC Online Help.

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → User Authentication → Directory Services → Microsoft Active Directory.

The Active Directory summary page is displayed.

2. Click Configure Active Directory.

The Active Directory Configuration and Management Step 1 of 4 page is displayed.

3. Optionally, enable certificate validation and upload the CA-signed digital certificate used during initiation of SSL connections when communicating with the Active Directory (AD) server.

4. Click Next.

The Active Directory Configuration and Management Step 2 of 4 page is displayed.

5. Specify the location information about Active Directory (AD) servers and user accounts. Also, specify the time iDRAC must wait for responses from AD during login process.

NOTE icon NOTE:

• If certificate validation is enabled, specify the Domain Controller Server addresses and the FQDN. Make sure that DNS is configured correctly under Overview → iDRAC Settings → Network

• If the user and iDRAC objects are in different domains, then do not select the User Domain from Login option. Instead select Specify a Domain option and enter the domain name where the iDRAC object is available.

.

6. Click Next. The Active Directory Configuration and Management Step 3 of 4 page is displayed.

7. Select Extended Schema and click Next.

The Active Directory Configuration and Management Step 4 of 4 page is displayed.

8. Enter the name and location of the iDRAC device object in Active Directory (AD) and click Finish. The Active Directory settings for extended schema mode is configured.

Configuring Active Directory With Extended Schema Using RACADM

To configure Active Directory with Extended Schema using the RACADM:

1. Open a command prompt and enter the following RACADM commands:


• Using config command:

racadm config -g cfgActiveDirectory -o cfgADEnable 1 racadm config -g cfgActiveDirectory -o cfgADType 1

racadm config -g cfgActiveDirectory -o cfgADRacName <RAC common name> racadm config -g cfgActiveDirectory -o cfgADRacDomain <fully qualified rac domain name>

racadm config -g cfgActiveDirectory -o cfgADDomainController1 <fully qualified domain name or IP Address of the domain controller>

racadm config -g cfgActiveDirectory -o cfgADDomainController2 <fully qualified domain name or IP Address of the domain controller>

racadm config -g cfgActiveDirectory -o cfgADDomainController3 <fully qualified domain name or IP Address of the domain controller>

• Using set command:

racadm set iDRAC.ActiveDirectory.Enable 1 racadm set iDRAC.ActiveDirectory.Schema 2

racadm set iDRAC.ActiveDirectory.RacName <RAC common name>

racadm set iDRAC.ActiveDirectory.RacDomain <fully qualified rac domain name>

racadm set iDRAC.ActiveDirectory.DomainController1 <fully qualified domain name or IP address of the domain controller>

racadm set iDRAC.ActiveDirectory.DomainController2 <fully qualified domain name or IP address of the domain controller>

racadm set iDRAC.ActiveDirectory.DomainController3 <fully qualified domain name or IP address of the domain controller>

NOTE icon NOTE: You must configure at least one of the three addresses. iDRAC attempts to connect to each of the configured addresses one-by-one until it makes a successful connection. With

Extended Schema, these are the FQDN or IP addresses of the domain controllers where this iDRAC device is located.

To disable the certificate validation during SSL handshake (optional):

• Using config command: racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 0

• Using set command: racadm set iDRAC.ActiveDirectory.CertValidationEnable 0

NOTE icon NOTE: In this case, you do not have to upload a CA certificate. To enforce the certificate validation during SSL handshake (optional):

• Using config command: racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 1

• Using set command: racadm set iDRAC.ActiveDirectory.CertValidationEnable 1

In this case, you must upload a CA certificate:

racadm sslcertupload -t 0x2 -f <ADS root CA certificate>

NOTE icon NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the FQDN. Make sure that DNS is configured correctly under Overview → iDRAC Settings →

Network.

Using the following RACADM command may be optional:

racadm sslcertdownload -t 0x1 -f <RAC SSL certificate>

2. If DHCP is enabled on iDRAC and you want to use the DNS provided by the DHCP server, enter the following RACADM command:


• Using config command: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 1

• Using set command: racadm set iDRAC.IPv4.DNSFromDHCP 1

3. If DHCP is disabled in iDRAC or you want to manually input your DNS IP address, enter the following RACADM commands:

• Using config command:

racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0

racadm config -g cfgLanNetworking -o cfgDNSServer1 <primary DNS IP address>

racadm config -g cfgLanNetworking -o cfgDNSServer2 <secondary DNS IP address>

• Using set command:

racadm set iDRAC.IPv4.DNSFromDHCP 0

racadm set iDRAC.IPv4.DNSFromDHCP.DNS1 <primary DNS IP address> racadm set iDRAC.IPv4.DNSFromDHCP.DNS2 <secondary DNS IP address>

4. If you want to configure a list of user domains so that you only need to enter the user name during log in to iDRAC Web interface, enter the following command:

• Using config command: racadm config -g cfgUserDomain -o cfgUserDomainName

<fully qualified domain name or IP Address of the domain controller> -i

<index>

• Using set command: racadm set iDRAC.UserDomain.<index>.Name <fully qualified domain name or IP Address of the domain controller>

You can configure up to 40 user domains with index numbers between 1 and 40.

5. Press Enter to complete the Active Directory configuration with Extended Schema.

Testing Active Directory Settings

You can test the Active Directory settings to verify whether your configuration is correct, or to diagnose the problem with a failed Active Directory log in.

Testing Active Directory Settings Using iDRAC Web Interface

To test the Active Directory settings:

1. In iDRAC Web Interface, go to Overview → iDRAC Settings → User Authentication → Directory Services → Microsoft Active Directory.

The Active Directory summary page is displayed.

2. Click Test Settings.

3. Enter a test user's name (for example, username@domain.com) and password and click Start Test. A detailed test results and the test log displays.

If there is a failure in any step, examine the details in the test log to identify the problem and a possible solution.

NOTE icon NOTE: When testing Active Directory settings with Enable Certificate Validation checked, iDRAC requires that the Active Directory server be identified by the FQDN and not an IP address. If the

Active Directory server is identified by an IP address, certificate validation fails because iDRAC is not able to communicate with the Active Directory server.


Testing Active Directory Settings Using RACADM

To test the Active Directory settings, use the testfeature command. For more information, see the

iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.

Configuring Generic LDAP Users

iDRAC provides a generic solution to support Lightweight Directory Access Protocol (LDAP)-based authentication. This feature does not require any schema extension on your directory services.

To make iDRAC LDAP implementation generic, the commonality between different directory services is utilized to group users and then map the user-group relationship. The directory service specific action is the schema. For example, they may have different attribute names for the group, user, and the link between the user and the group. These actions can be configured in iDRAC.

NOTE icon NOTE: The Smart Card based Two Factor Authentication (TFA) and the Single Sign-On (SSO) logins are not supported for generic LDAP Directory Service.

Related Links

Configuring Generic LDAP Directory Service Using iDRAC Web-Based Interface Configuring Generic LDAP Directory Service Using RACADM

Configuring Generic LDAP Directory Service Using iDRAC Web-Based Interface

To configure the generic LDAP directory service using Web interface:

NOTE icon NOTE: For information about the various fields, see the iDRAC Online Help.

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → User Authentication → Directory Services → Generic LDAP Directory Service.

The Generic LDAP Configuration and Management page displays the current generic LDAP settings.

2. Click Configure Generic LDAP.

3. Optionally, enable certificate validation and upload the digital certificate used during initiation of SSL connections when communicating with a generic LDAP server.

NOTE icon NOTE: In this release, non-SSL port based LDAP bind is not supported. Only LDAP over SSL is supported.

4. Click Next.

The Generic LDAP Configuration and Management Step 2 of 3 page is displayed.

5. Enable generic LDAP authentication and specify the location information about generic LDAP servers and user accounts.

NOTE icon NOTE: If certificate validation is enabled, specify the LDAP Server’s FQDN and make sure that DNS is configured correctly under Overview → iDRAC Settings → Network.

NOTE icon NOTE: In this release, nested group is not supported. The firmware searches for the direct member of the group to match the user DN. Also, only single domain is supported. Cross

domain is not supported.

6. Click Next.

The Generic LDAP Configuration and Management Step 3a of 3 page is displayed.


7. Click Role Group.

The Generic LDAP Configuration and Management Step 3b of 3 page is displayed.

8. Specify the group distinguished name, the privileges associated with the group, and click Apply.

NOTE icon NOTE: If you are using Novell eDirectory and if you have used these characters—#(hash), "(double quotes), ;(semi colon), > (greater than), , (comma), or <(lesser than)—for the Group DN

name, they must be escaped.

The role group settings are saved. The Generic LDAP Configuration and Management Step 3a of 3

page displays the role group settings.

9. If you want to configure additional role groups, repeat steps 7 and 8.

10. Click Finish. The generic LDAP directory service is configured.

Configuring Generic LDAP Directory Service Using RACADM

To configure the LDAP directory service:

• Use the objects in the cfgLdap and cfgLdapRoleGroup groups with the config command.

• Use the objects in the iDRAC.LDAP and iDRAC.LDAPRole groups with the set command.

For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at

dell.com/support/manuals.

Testing LDAP Directory Service Settings

You can test the LDAP directory service settings to verify whether your configuration is correct, or to diagnose the problem with a failed LDAP log in.

Testing LDAP Directory Service Settings Using iDRAC Web Interface

To test the LDAP directory service settings:

1. In iDRAC Web Interface, go to Overview → iDRAC Settings → User Authentication → Directory Services → Generic LDAP Directory Service.

The Generic LDAP Configuration and Management page displays the current generic LDAP settings.

2. Click Test Settings.

3. Enter the user name and password of a directory user that is chosen to test the LDAP settings. The format depends on the Attribute of User Login is used and the user name entered must match the value of the chosen attribute.

NOTE icon NOTE: When testing LDAP settings with Enable Certificate Validation checked, iDRAC requires that the LDAP server be identified by the FQDN and not an IP address. If the LDAP server is

identified by an IP address, certificate validation fails because iDRAC is not able to communicate with the LDAP server.

NOTE icon NOTE: When generic LDAP is enabled, iDRAC first tries to login the user as a directory user. If it fails, local user lookup is enabled.

The test results and the test log are displayed.

Testing LDAP Directory Service Settings Using RACADM

To test the LDAP directory service settings, use the testfeature command. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.



8

Configuring iDRAC for Single Sign-On or Smart Card Login

This section provides information to configure iDRAC for Smart Card login (for local users and Active Directory users), and Single Sign-On (SSO) login (for Active Directory users.) SSO and smart card login are licensed features.

iDRAC supports Kerberos based Active Directory authentication to support Smart Card and SSO logins. For information on Kerberos, see the Microsoft website.

Related Links

Configuring iDRAC SSO Login for Active Directory Users Configuring iDRAC Smart Card Login for Local Users Configuring iDRAC Smart Card Login for Active Directory Users

Prerequisites for Active Directory Single Sign-On or Smart Card Login

The pre-requisites to Active Directory based SSO or Smart Card logins are:

• Synchronize iDRAC time with the Active Directory domain controller time. If not, kerberos authentication on iDRAC fails. You can use the Time zone and NTP feature to synchronize the time. To do this, see Configuring Time zone and NTP .

• Register iDRAC as a computer in the Active Directory root domain.

• Generate a keytab file using the ktpass tool.

• To enable single sign-on for Extended schema, make sure that the Trust this user for delegation to any service (Kerberos only) option is selected on the Delegation tab for the keytab user. This tab is available only after creating the keytab file using ktpass utility.

• Configure the browser to enable SSO login.

• Create the Active Directory objects and provide the required privileges.

• For SSO, configure the reverse lookup zone on the DNS servers for the subnet where iDRAC resides. NOTE icon NOTE: If the host name does not match the reverse DNS lookup, Kerberos authentication fails.

Related Links

Configuring Browser to Enable Active Directory SSO

Registering iDRAC as a Computer in Active Directory Root Domain Generating Kerberos Keytab File

Creating Active Directory Objects and Providing Privileges


Registering iDRAC as a Computer in Active Directory Root Domain

To register iDRAC in Active Directory root domain:

1. Click Overview → iDRAC Settings → Network → Network. The Network page is displayed.

2. Provide a valid Preferred/Alternate DNS Server IP address. This value is a valid DNS server IP address that is part of the root domain.

3. Select Register iDRAC on DNS.

4. Provide a valid DNS Domain Name.

5. Verify that network DNS configuration matches with the Active Directory DNS information. For more information about the options, see the iDRAC Online Help.

Generating Kerberos Keytab File

To support the SSO and smart card login authentication, iDRAC supports the configuration to enable itself as a kerberized service on a Windows Kerberos network. The Kerberos configuration on iDRAC involves the same steps as configuring a non–Windows Server Kerberos service as a security principal in Windows Server Active Directory.

The ktpass tool (available from Microsoft as part of the server installation CD/DVD) is used to create the Service Principal Name (SPN) bindings to a user account and export the trust information into a MIT–style Kerberos keytab file, which enables a trust relation between an external user or system and the Key Distribution Centre (KDC). The keytab file contains a cryptographic key, which is used to encrypt the information between the server and the KDC. The ktpass tool allows UNIX–based services that support Kerberos authentication to use the interoperability features provided by a Windows Server Kerberos KDC service. For more information on the ktpass utility, see the Microsoft website at: technet.microsoft.com/en-us/library/cc779157(WS.10).aspx

Before generating a keytab file, you must create an Active Directory user account for use with the - mapuser option of the ktpass command. Also, you must have the same name as iDRAC DNS name to which you upload the generated keytab file.

To generate a keytab file using the ktpass tool:

1. Run the ktpass utility on the domain controller (Active Directory server) where you want to map iDRAC to a user account in Active Directory.

2. Use the following ktpass command to create the Kerberos keytab file:

C:\> ktpass.exe -princ HTTP/idrac7name.domainname.com@DOMAINNAME.COM - mapuser DOMAINNAME\username -mapOp set -crypto AES256-SHA1 -ptype KRB5_NT_PRINCIPAL -pass [password] -out c:\krbkeytab

The encryption type is AES256-SHA1. The principal type is KRB5_NT_PRINCIPAL. The properties of the user account to which the Service Principal Name is mapped to must have Use AES 256 encryption types for this account property enabled.

NOTE icon NOTE: Use lowercase letters for the iDRACname and Service Principal Name. Use uppercase letters for the domain name as shown in the example.

3. Run the following command:

C:\>setspn -a HTTP/iDRACname.domainname.com username


A keytab file is generated.

NOTE icon NOTE: If you find any issues with iDRAC user for which the keytab file is created, create a new user and a new keytab file. If the same keytab file which was initially created is again executed,

it does not configure correctly.

Creating Active Directory Objects and Providing Privileges

Perform the following steps for Active Directory Extended schema based SSO login:

1. Create the device object, privilege object, and association object in the Active Directory server.

2. Set access privileges to the created privilege object. It is recommended not to provide administrator privileges as this could bypass some security checks.

3. Associate the device object and privilege object using the association object.

4. Add the preceding SSO user (login user) to the device object.

5. Provide access privilege to Authenticated Users for accessing the created association object.

Related Links

Adding iDRAC Users and Privileges to Active Directory

Configuring Browser to Enable Active Directory SSO

This section provides the browser settings for Internet Explorer and Firefox to enable Active Directory SSO.

NOTE icon NOTE: Google Chrome and Safari do not support Active Directory for SSO login.

Configuring Internet Explorer to Enable Active Directory SSO

To configure the browser settings for Internet Explorer:

1. In Internet Explorer, navigate to Local Intranet and click Sites.

2. Select the following options only:

• Include all local (intranet) sites not listed on other zones.

• Include all sites that bypass the proxy server.

3. Click Advanced.

4. Add all relative domain names that will be used for iDRAC instances that is part of the SSO configuration (for example, myhost.example.com.)

5. Click Close and click OK twice.

Configuring Firefox to Enable Active Directory SSO

To configure the browser settings for Firefox:

1. In Firefox address bar, enter about:config.

2. In Filter, enter network.negotiate.

3. Add the iDRAC name to network.negotiate-auth.trusted-uris (using comma separated list.)

4. Add the iDRAC name to network.negotiate-auth.delegation-uris (using comma separated list.)


Configuring iDRAC SSO Login for Active Directory Users

Before configuring iDRAC for Active Directory SSO login, make sure that you have completed all the prerequisites.

You can configure iDRAC for Active Directory SSO when you setup an user account based on Active Directory.

Related Links

Prerequisites for Active Directory Single Sign-On or Smart Card Login Configuring Active Directory With Standard Schema Using iDRAC Web Interface Configuring Active Directory With Standard Schema Using RACADM Configuring Active Directory With Extended Schema Using iDRAC Web Interface Configuring Active Directory With Extended Schema Using RACADM

Configuring iDRAC SSO Login for Active Directory Users Using Web Interface

To configure iDRAC for Active Directory SSO login:

NOTE icon NOTE: For information about the options, see the iDRAC Online Help.

1. Verify whether the iDRAC DNS name matches the iDRAC Fully Qualified Domain Name. To do this, in iDRAC Web interface, go to Overview → iDRAC Settings → Network → Network and see the DNS Domain Name property.

2. While configuring Active Directory to setup a user account based on standard schema or extended schema, perform the following two additional steps to configure SSO:

• Upload the keytab file on the Active Directory Configuration and Management Step 1 of 4 page.

• Select Enable Single Sign-On option on the Active Directory Configuration and Management Step 2 of 4 page.

Configuring iDRAC SSO Login for Active Directory Users Using RACADM

In addition to the steps performed while configuring Active Directory, to enable SSO, run any of the following command:

• Using config command:

racadm config -g cfgActiveDirectory -o cfgADSSOEnable 1

• Using set command:

racadm set iDRAC.ActiveDirectory.SSOEnable 1

Configuring iDRAC Smart Card Login for Local Users

To configure iDRAC local user for smart card login:

1. Upload the smart card user certificate and trusted CA certificate to iDRAC.

2. Enable smart card login.

Related Links

Obtaining Certificates

Uploading Smart Card User Certificate


Enabling or Disabling Smart Card Login

Uploading Smart Card User Certificate

Before you upload the user certificate, make sure that the user certificate from the smart card vendor is exported in Base64 format. SHA-2 certificates are also supported.

Related Links

Obtaining Certificates

Uploading Smart Card User Certificate Using Web Interface

To upload smart card user certificate:

1. In iDRAC Web interface, go to Overview → iDRAC Settings → Network → User Authentication →

Local Users.

The Users page is displayed.

2. In the User ID column, click a user ID number. The Users Main Menu page is displayed.

3. Under Smart Card Configurations, select Upload User Certificate and click Next. The User Certificate Upload page is displayed.

4. Browse and select the Base64 user certificate, and click Apply.

Uploading Smart Card User Certificate Using RACADM

To upload smart card user certificate, use the usercertupload object. For more information, see the

iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.

Uploading Trusted CA Certificate For Smart Card

Before you upload the CA certificate, make sure that you have a CA-signed certificate.

Related Links

Obtaining Certificates

Uploading Trusted CA Certificate For Smart Card Using Web Interface

To upload trusted CA certificate for smart card login:

1. In iDRAC Web interface, go to Overview → iDRAC Settings → Network → User Authentication →

Local Users.

The Users page is displayed.

2. In the User ID column, click a user ID number. The Users Main Menu page is displayed.

3. Under Smart Card Configurations, select Upload Trusted CA Certificate and click Next. The Trusted CA Certificate Upload page is displayed.

4. Browse and select the trusted CA certificate, and click Apply.


Uploading Trusted CA Certificate For Smart Card Using RACADM

To upload trusted CA certificate for smart card login, use the usercertupload object. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/ support/manuals.

Configuring iDRAC Smart Card Login for Active Directory Users

Before configuring iDRAC Smart Card login for Active Directory users, make sure that you have completed the required prerequisites.

To configure iDRAC for smart card login:

1. In iDRAC Web interface, while configuring Active Directory to set up an user account based on standard schema or extended schema, on the Active Directory Configuration and Management Step 1 of 4 page:

• Enable certificate validation.

• Upload a trusted CA-signed certificate.

• Upload the keytab file.

2. Enable smart card login. For information about the options, see the iDRAC Online Help.

Related Links

Enabling or Disabling Smart Card Login Obtaining Certificates

Generating Kerberos Keytab File

Configuring Active Directory With Standard Schema Using iDRAC Web Interface Configuring Active Directory With Standard Schema Using RACADM Configuring Active Directory With Extended Schema Using iDRAC Web Interface Configuring Active Directory With Extended Schema Using RACADM

Enabling or Disabling Smart Card Login

Before enabling or disabling smart card login for iDRAC, make sure that:

• You have configure iDRAC permissions.

• iDRAC local user configuration or Active Directory user configuration with the appropriate certificates is complete.

NOTE icon NOTE: If smart card login is enabled, then SSH, Telnet, IPMI Over LAN, Serial Over LAN, and remote RACADM are disabled. Again, if you disable smart card login, the interfaces are not enabled

automatically.

Related Links

Obtaining Certificates

Configuring iDRAC Smart Card Login for Active Directory Users Configuring iDRAC Smart Card Login for Local Users


Enabling or Disabling Smart Card Login Using Web Interface

To enable or disable the Smart Card logon feature:

1. In the iDRAC Web interface, go to Overview → iDRAC Settings → User Authentication → Smart Card .

The Smart Card page is displayed.

2. From the Configure Smart Card Logon drop-down menu, select Enabled to enable smart card logon or select Enabled With Remote RACADM. Else, select Disabled.

For more information about the options, see the iDRAC Online Help.

3. Click Apply to apply the settings.

You are prompted for a Smart Card login during any subsequent logon attempts using the iDRAC Web interface.

Enabling or Disabling Smart Card Login Using RACADM

To enable smart card login, use one of the following:

• Use the objects in the cfgSmartCard group with the config command.

• Use the objects in the iDRAC.SmartCard group with the set command.

For more information, see the iDRAC8 RACADM Command Line Interface Reference Guideavailable at

dell.com/support/manuals.

Enabling or Disabling Smart Card Login Using iDRAC Settings Utility

To enable or disable the Smart Card logon feature:

1. In the iDRAC Settings utility, go to Smart Card. The iDRAC Settings Smart Card page is displayed.

2. Select Enabled to enable smart card logon. Else, select Disabled. For more information about the options, see iDRAC Settings Utility Online Help.

3. Click Back, click Finish, and then click Yes.

The smart card logon feature is enabled or disabled based on the selection.


9

Configuring iDRAC to Send Alerts

You can set alerts and actions for certain events that occur on the managed system. An event occurs when the status of a system component is greater than the pre-defined condition. If an event matches an event filter and you have configured this filter to generate an alert (e-mail, SNMP trap, IPMI alert, remote system logs, or WS events), then an alert is sent to one or more configured destinations. If the same event filter is also configured to perform an action (such as reboot, power cycle, or power off the system), the action is performed. You can set only one action for each event.

To configure iDRAC to send alerts:

1. Enable alerts.

2. Optionally, you can filter the alerts based on category or severity.

3. Configure the e-mail alert, IPMI alert, SNMP trap, remote system log, operating system log, and/or WS-event settings.

4. Enable event alerts and actions such as:

• Send an email alert, IPMI alert, SNMP traps, remote system logs, operating system log, or WS events to configured destinations.

• Perform a reboot, power off, or power cycle the managed system.

Related Links

Enabling or Disabling Alerts Filtering Alerts

Setting Event Alerts

Setting Alert Recurrence Event

Configuring Email Alert, SNMP Trap, or IPMI Trap Settings Configuring Remote System Logging

Configuring WS Eventing Alerts Message IDs

Enabling or Disabling Alerts

For sending an alert to configured destinations or to perform an event action, you must enable the global alerting option. This property overrides individual alerting or event actions that is set.

Related Links

Filtering Alerts

Configuring Email Alert, SNMP Trap, or IPMI Trap Settings

Enabling or Disabling Alerts Using Web Interface

To enable or disable generating alerts:

1. In iDRAC Web interface, go to Overview → Server → Alerts. The Alerts page is displayed.

2. Under Alerts section:


• Select Enable to enable alert generation or perform an event action.

• Select Disable to disable alert generation or disable an event action.

3. Click Apply to save the setting.

Enabling or Disabling Alerts Using RACADM

To enable or disable generating alerts or event actions using config command:

racadm config -g cfgIpmiLan -o cfgIpmiLanAlertEnable 1

To enable or disable generating alerts or event actions using set command:

racadm set iDRAC.IPMILan.AlertEnable 1

Enabling or Disabling Alerts Using iDRAC Settings Utility

To enable or disable generating alerts or event actions:

1. In the iDRAC Settings utility, go to Alerts. The iDRAC Settings Alerts page is displayed.

2. Under Platform Events, select Enabled to enable alert generation or event action. Else, select

Disabled. For more information about the options, see iDRAC Settings Utility Online Help.

3. Click Back, click Finish, and then click Yes. The alert settings are configured.

Filtering Alerts

You can filter alerts based on category and severity.

Related Links

Enabling or Disabling Alerts

Configuring Email Alert, SNMP Trap, or IPMI Trap Settings

Filtering Alerts Using iDRAC Web Interface

To filter the alerts based on category and severity:

NOTE icon NOTE: Even if you are a user with read-only privileges, you can filter the alerts.

1. In iDRAC Web interface, go to Overview → Server → Alerts. The Alerts page is displayed.

2. Under Alerts Filter section, select one or more of the following categories:

• System Health

• Storage

• Configuration

• Audit

• Updates

• Work Notes

3. Select one or more of the following severity levels:

• Informational

• Warning


• Critical

4. Click Apply.

The Alert Results section displays the results based on the selected category and severity.

Filtering Alerts Using RACADM

To filter the alerts, use the eventfilters command. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.

Setting Event Alerts

You can set event alerts such as e-mail alerts, IPMI alerts, SNMP traps, remote system logs, operating system logs, and WS events to be sent to configured destinations.

Related Links

Enabling or Disabling Alerts

Configuring Email Alert, SNMP Trap, or IPMI Trap Settings Filtering Alerts

Configuring Remote System Logging Configuring WS Eventing

Setting Event Alerts Using Web Interface

To set an event alert using the Web interface:

1. Make sure that you have configured the e-mail alert, IPMI alert, SNMP trap settings, and/or remote system log settings.

2. Go to Overview → Server → Alerts. The Alerts page is displayed.

3. Under Alerts Results, select one or all of the following alerts for the required events:

• Email Alert

• SNMP Trap

• IPMI Alert

• Remote System Log

• OS Log

• WS Eventing

4. Click Apply.

The setting is saved.

5. Under Alerts section, select the Enable option to send alerts to configured destinations.

6. Optionally, you can send a test event. In the Message ID to Test Event field, enter the message ID to test if the alert is generated and click Test. For the list of message IDs, see the Event Messages Guide available at dell.com/support/manuals.

Setting Event Alerts Using RACADM

To set an event alert, use the eventfilters command. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.


Setting Alert Recurrence Event

You can configure iDRAC to generate additional events at specific intervals if the system continues to operate at a temperature which is greater than the inlet temperature threshold limit. The default interval is 30 days. The valid range is 0 to 366 days. A value of ‘0’ indicates no event recurrence.

NOTE icon NOTE: You must have Configure iDRAC privilege to set the alert recurrence value.

Setting Alert Recurrence Events Using iDRAC Web Interface

To set the alert recurrence value:

1. In the iDRAC Web interface, go to Overview → Server → Alerts → Alert Recurrence. The Alert Recurrence page is displayed.

2. In the Recurrence column, enter the alert frequency value for the required category, alert, and severity type(s).

For more information, see the iDRAC Online help.

3. Click Apply.

The alert recurrence settings are saved.

Setting Alert Recurrence Events Using RACADM

To set the alert recurrence event using RACADM, use the eventfilters subcommand. For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide.

Setting Event Actions

You can set event actions such as perform a reboot, power cycle, power off, or perform no action on the system.

Related Links

Filtering Alerts

Enabling or Disabling Alerts

Setting Event Actions Using Web Interface

To set an event action:

1. In iDRAC Web interface, go to Overview → Server → Alerts. The Alerts page is displayed.

2. Under Alerts Results, from the Actions drop-down menu, for each event select an action:

• Reboot

• Power Cycle

• Power Off

• No Action

3. Click Apply.

The setting is saved.

Setting Event Actions Using RACADM

To configure an event action, use one of the following:


eventfilters command.

cfgIpmiPefAction object with config command.

For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at

dell.com/support/manuals.

Configuring Email Alert, SNMP Trap, or IPMI Trap Settings

The management station uses Simple Network Management Protocol (SNMP) and Intelligent Platform Management Interface (IPMI) traps to receive data from iDRAC. For systems with large number of nodes, it may not be efficient for a management station to poll each iDRAC for every condition that may occur. For example, event traps can help a management station with load balancing between nodes or by issuing an alert if an authentication failure occurs. SNMP v1, v2, and v3 formats are supported.

You can configure the IPv4 and IPv6 alert destinations, email settings, and SMTP server settings, and test these settings. You can also specify the SNMP v3 user to whom you want to send the SNMP traps.

Before configuring the email, SNMP, or IPMI trap settings, make sure that:

• You have Configure RAC permission.

• You have configured the event filters.

Related Links

Configuring IP Alert Destinations Configuring Email Alert Settings

Configuring IP Alert Destinations

You can configure the IPv6 or IPv4 addresses to receive the IPMI alerts or SNMP traps. For information about the iDRAC MIBs required to monitor the servers using SNMP, see the SNMP Reference Guide for iDRAC8 available at dell.com/support/manuals.

Configuring IP Alert Destinations Using Web Interface

To configure alert destination settings using Web interface:

1. Go to Overview → Server → Alerts → SNMP and E-mail Settings.

2. Select the State option to enable an alert destination (IPv4 address, IPv6 address, or Fully Qualified Domain Name (FQDN)) to receive the traps.

You can specify up to eight destination addresses. For more information about the options, see the

iDRAC Online Help .

3. Select the SNMP v3 user to whom you want to send the SNMP trap.

4. Enter the iDRAC SNMP community string (applicable only for SNMPv1 and v2) and the SNMP alert port number.

For more information about the options, see the iDRAC Online Help.

NOTE icon NOTE: The Community String value indicates the community string to use in a Simple Network Management Protocol (SNMP) alert trap sent from iDRAC. Make sure that the destination

community string is the same as the iDRAC community string. The default value is Public.

5. To test whether the IP address is receiving the IPMI or SNMP traps, click Send under Test IPMI Trap

and Test SNMP Trap respectively.

6. Click Apply.


The alert destinations are configured.

7. In the SNMP Trap Format section, select the protocol version to be used to send the traps on the trap destination(s) — SNMP v1, SNMP v2, or SNMP v3 and click Apply.

NOTE icon NOTE: The SNMP Trap Format option applies only for SNMP Traps and not for IPMI Traps. IPMI Traps are always sent in SNMP v1 format and is not based on the configured SNMP Trap Format

option.

The SNMP trap format is configured.

Configuring IP Alert Destinations Using RACADM

To configure the trap alert settings:

1. To enable traps:

• For IPv4 address:

racadm config -g cfgIpmiPet -o cfgIpmiPetAlertEnable -i (index) (0|1)

• For IPv6 address:

racadm config -g cfgIpmiPetIpv6 -o cfgIpmiPetIpv6AlertEnable -i (index) (0|1)

where, (index) is the destination index and 0 or 1 disables or enables the trap, respectively. For example, to enable trap with index 4, enter the following command:

racadm config -g cfgIpmiPet -o cfgIpmiPetAlertEnable -i 4 1

2. To configure the trap destination address:

racadm config -g cfgIpmiPetIpv6 -o cfgIpmiPetIpv6AlertDestIPAddr -i [index] [IP-address]

where [index] is the trap destination index and [IP-address] is the destination IP address of the system that receives the platform event alerts.

3. Configure the SNMP community name string:

racadm config -g cfgIpmiLan -o cfgIpmiPetCommunityName [name]

where [name] is the SNMP Community Name.

4. To configure SNMP destination:

• To set the SNMP trap destination for SNMPv3:

racadm set idrac.SNMP.Alert.[index].DestAddr [Ip address]

For example,

racadm set idrac.SNMP.Alert.1.DestAddr 1.2.3.4

• To set SNMPv3 users for trap destinations:

racadm set idrac.SNMP.Alert.1.SNMPv3Username root

• To enable SNMPv3 for a user:

racadm set idrac.users.2.SNMPv3Enable Enabled

5. To test the trap, if required:

racadm testtrap -i [index]

where [index] is the trap destination index to test.

For more information, see the iDRAC8 RACADM Command Line Interface Reference Guide available at dell.com/support/manuals.