White Papers

ManualsBrandsDell ManualsActive System ManagerDRAC4 Version 1.70

PAGE 14 OF 17

Port # Protocol Port

Type

Version Maximum

Encryption

Level

Direction Usage Configurable

authentication

3269 LDAPS TCP 1.0 128-bit SSL In/Out Optional ADS

authentication

3668 Proprietary TCP 1.0 None In/Out CD/diskette virtual

media service

Yes

5869 Proprietary TCP 1.0 None In/Out Remote RACADM No

5900 Proprietary TCP 1.0 128-bit RC4,

Keyboard/mo

use traffic

only

In/Out Video redirection Yes

Table 1: Port Configuration for DRAC 4

Web Browser Security

The browser connects to your web server using the HTTPS port. All the data streams are

encrypted using 128-bit SSL to provide privacy and integrity. Any connection to the HTTP port

is redirected to HTTPS. Administrators can upload their own SSL certificate using an SSL

CSR generation process to secure the web server. The default HTTP and HTTPS ports can

be changed. DRAC 4 is designed to ensure that user access is restricted by user privileges.

Remote CLI Security

The Remote RACADM utility is a CLI tool that can be used to configure and manage a

DRAC 4. This scriptable utility can be installed on a management station. The RACADM

installed on a management station is referred to as Remote RACADM. The Remote RACADM

communicates with DRAC 4 through its network interface and uses an HTTPS channel to

communicate with DRAC 4. A user must successfully pass its user authentication and must

have sufficient privileges to be able to execute the desired command. Since Remote RACADM

uses an HTTPS channel, all the command data and return data are encrypted by SSL. The

encryption ciphers supported are the same as the web GUI interface.

Local CLI Security

The Local RACADM utility is a CLI tool that can be used to configure and manage a DRAC 4

from the host server. This scriptable utility can only be installed on the managed system. The

RACADM installed on a local managed system is called Local RACADM. Local RACADM

communicates with DRAC 4 through its in-band IPMI host interface. Since it is installed on the

local managed system, users are required to log in to the operating system to run this utility.

The Local RACADM utility requires that a user must have a full administrator privilege or be a

root user to use this utility. On a Microsoft Windows

system, a user must have administrator

privileges on the system to run the Local RACADM utility. If the user does not have

administrator privileges, an error message is displayed indicating that they do not have

privileges to run this utility. On a Linux-based system, a user must log in as root on the system

to have a right to run the local RACADM utility.

A user who can run Local RACADM is guaranteed to have administrator privilege to the

system. The administrator privilege level indicates that the user has full rights to manage

DRAC 4 including configuration, power management, firmware update, debug, and so on.