Dell™ Remote Access Controller 5 Firmware Version 1.40 User’s Guide w w w. d e l l . c o m | s u p p o r t . d e l l .
Notes and Notices NOTE: A NOTE indicates important information that helps you make better use of your computer. NOTICE: A NOTICE indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. ____________________ Information in this document is subject to change without notice. © 2008 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Contents 1 DRAC 5 Overview . . . . . . . . . . . . . . . . . . What’s New in DRAC 5 for this Release? . . . . . . . . 23 . . . . . . . . . . 24 . . . . . . . . . . . . . . . 24 DRAC 5 Specifications and Features DRAC 5 Specifications 23 DRAC 5 Standard Features . . . . . . . . . . . . . 27 Other Documents You May Need . . . . . . . . . . . . 28 2 Getting Started With the DRAC 5 . . . . . . 31 3 Basic Installation of the DRAC 5 . . . . . . . 33 . . . . . . . . . . . . . . . . . . .
Installing and Removing RACADM on a Linux Management Station . . . . . . . . . . . . . Installing RACADM . . . 38 . . . . . . . . . . . . . . . . . 38 . . . . . . . . . . . . . 39 . . . . . . . . . . . . . . . . . . 39 Updating the DRAC 5 Firmware Before You Begin Downloading the DRAC 5 Firmware . . . . . . . . Updating the DRAC 5 Firmware Using the Web-Based Interface . . . . . . . . . . . . . . . 40 . . . . 41 . . . . . . . . . . . .
Enabling and Configuring the Managed System to Use a Serial or Telnet Console . . . . . . . . Using the connect com2 Serial Command . . . . . Configuring the BIOS Setup Program for a Serial Connection on the Managed System 48 . . . . 48 . . . . . . . 49 . . . . . 51 . . . . . . 54 Enabling Login to the Console After Boot Enabling the DRAC 5 Serial/Telnet/SSH Console . . . . . . . . . . . . . . . . . Using the RACADM Command to Configure the Settings for the Serial and Telnet Console . . .
Configuring Linux XTerm for Telnet Console Redirection . . . . . . . . . . . . . . . . 65 Enabling Microsoft Telnet for Telnet Console Redirection . . . . . . . . . . . . . . . . 66 . . . . . . . . . . . . 67 . . . . . . . . . . . . . . 68 Using a Serial or Telnet Console Using the Secure Shell (SSH) Configuring the DRAC 5 Network Settings . . . . . . . 69 Accessing the DRAC 5 Through a Network . . . . . . . 70 . . . . . . . . . . . . . . .
5 Adding and Configuring DRAC 5 Users . . 91 . . . . . . . . 95 . . . . . . . . . . . . . . . . . 95 Using the RACADM Utility to Configure DRAC 5 Users . . . . . . . . . . . . . . Before You Begin . Adding a DRAC 5 User . . . . . . . . . . . . . . . Testing e-mail Alerting 6 96 . . . . . . . . . . . . . 97 . . . . . . . . . . . . . . . 97 Removing a DRAC 5 User Testing the RAC SNMP Trap Alert Feature . . . . 98 Enabling a DRAC 5 User With Permissions . . . . 98 . . . . .
Extending the Active Directory Schema . . . . . . Installing the Dell Extension to the Active Directory Users and Computers Snap-In . . . . . 117 Adding DRAC 5 Users and Privileges to Active Directory . . . . . . . . . . . . . . . . . . 118 Configuring the DRAC 5 With Extended Schema Active Directory and Web-Based Interface . . . . . . . . . . . . . . . 120 Configuring the DRAC 5 With Extended Schema Active Directory and RACADM . . . . . . 122 Accumulating Privileges Using Extended Schema . .
7 Configuring Smart Card Authentication . . . . . . . . . . . . . . . . . . . Configuring Smart Card Login in DRAC 5 Exporting the Smart Card Certificate . . . . . . . 141 . . . . . . . 141 Configuring Active Directory Users for Smart Card Logon . . . . . . . . . . . . . . . . . . . . . . . . 142 . . . . . . . . . . . . . . . . . 142 . . . . 144 . . . . . . . . . 145 Logging Into the DRAC 5 Using the Smart Card . Logging Into the DRAC 5 Using Active Directory Smart Card Authentication .
Configuring Your Management Station Configuring Console Redirection . . . . . . . 154 . . . . . . . . . 154 . . . . . . 156 . . . . . . . . . 158 . . . . . . . . . . . . . . . . . 159 Opening a Console Redirection Session Disabling or Enabling Local Video Using the Video Viewer Accessing the Viewer Menu Bar Adjusting the Video Quality . . . . . . . . . . 159 . . . . . . . . . . . . 162 . . . . . . . . 162 . . . . . . . . . . . . . .
Storing Images in a Virtual Flash . . . . . . . . 182 . . . . . . . . 183 . . . . . . . . . . . . . . . . . 184 Configuring a Bootable Virtual Flash . Using the Virtual Media Command Line Interface Utility . . . . . . . . . . . . . Utility Installation . . . . . . . . . . . . . . . 184 . . . . . . . . . . . . . . . . 185 Command Line Options . VM-CLI Parameters VM-CLI Operating System Shell Options 188 . . . . . Deploying Your Operating System Using VM-CLI . Before You Begin 182 . . . . .
Certificate Signing Request (CSR) Accessing the SSL Main Menu . . . . . . . . . 204 . . . . . . . . . . 204 Generating a New Certificate Signing Request . . . . . . . . . . . 207 207 . . . . . . . . . . . . . . 207 . . . . . . . . . . . . . . . . . . 209 Viewing a Server Certificate Using the Secure Shell (SSH) Enabling Additional DRAC 5 Security Options . . . . . Configuring the Network Security Settings Using the DRAC 5 GUI . . . . . . . . . . . . . . .
Property Names for Power Management Service . . . . . . . . . . . . . . . . . . Property Names for Power Capability . . . . . 240 . . . . . . . 241 13 Monitoring and Alert Management . Configuring the Managed System to Capture the Last Crash Screen . . . 243 . . . . . . . . 244 . . . . . . . . . . . . . . 244 Configuring Platform Event Filters (PEF) Configuring PET . . . . . . 245 . . . . . . . . . . . . . . . . . . 247 . . . . . . . . . . . . . 249 . . . . . . . . . . . . . . .
15 Recovering and Troubleshooting the Managed System . . . . . . . . . . . . . . . First Steps to Troubleshoot a Remote System . Managing Power on a Remote System . . . . . 263 . . . . . . . . . 263 Selecting Power Control Actions from the DRAC 5 GUI . . . . . . . . . . . . . . . . . . . . . 264 . . . . . . . . . . . . . . 265 . . . . . . . . . . . . . . . 265 Viewing System Information Main System Chassis . Remote Access Controller . . . . . . . . . . . . .
17 Sensors . . . . . . . . . . . . . . . . . . . . . . . . . Battery Probes . Fan Probes . . . . . . . . . . . . . . . . . . . . . . 277 . . . . . . . . . . . . . . . . . . . . . . . 277 Chassis Intrusion Probes Power Supplies Probes . . . . . . . . . . . . . . . . 277 . . . . . . . . . . . . . . . . . 278 Hardware Performance Probes . . . . . . . . . . . . . 278 . . . . . . . . . . . . . . . 278 . . . . . . . . . . . . . . . . . . . 278 . . . . . . . . . . . . . . . . . . . . .
getractime . . . . . . . . . . . . . . . . . . . . . . . . 297 ifconfig . . . . . . . . . . . . . . . . . . . . . . . . . . 298 netstat . . . . . . . . . . . . . . . . . . . . . . . . . . 298 . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 ping setniccfg . . . . . . . . . . . . . . . . . . . . . . . . . 299 getniccfg . . . . . . . . . . . . . . . . . . . . . . . . . 301 getsvctag . . . . . . . . . . . . . . . . . . . . . . . . . 302 racdump . . . . . . . . . . . . . . . . . .
testemail . testtrap . . . . . . . . . . . . . . . . . . . . . . . . . 321 . . . . . . . . . . . . . . . . . . . . . . . . . 322 vmdisconnect vmkey . . . . . . . . . . . . . . . . . . . . . . 324 . . . . . . . . . . . . . . . . . . . . . . . . . . 325 usercertupload usercertview . . . . . . . . . . . . . . . . . . . . . 325 . . . . . . . . . . . . . . . . . . . . . . 327 localConRedirDisable . B DRAC 5 Property Database Group and Object Definitions . . . . . . . . .
cfgNicNetmask (Read/Write) . . . . . . . . . . . 335 cfgNicGateway (Read/Write) . . . . . . . . . . . 336 cfgNicUseDhcp (Read/Write) . . . . . . . . . . . 336 cfgNicSelection (Read/Write) . . . . . . . . . . . 337 cfgNicMacAddress (Read Only) . . . . . . . . . . 338 cfgNicVLanEnable (Read/Write) . . . . . . . . . . 338 . . . . . . . . . . . . 338 cfgNicVLanId (Read/Write) . . . . . . . . . . 339 . . . . . . . . . . . . . . . . . . . . . 339 cfgNicVLanPriority (Read/Write) .
cfgSsnMgtSshIdleTimeout (Read/Write) . . . . . 348 . . . . . . 349 . . . . . . . . . . . . . . . . . . . . . . . . . 349 cfgSsnMgtTelnetTimeout (Read/Write) cfgSerial cfgSerialBaudRate (Read/Write) . . . . . . . . . cfgSerialConsoleEnable (Read/Write) 350 . . . . . . . 350 . . . . . . 350 cfgSerialConsoleQuitKey (Read/Write) . . . . 351 . . . . . . 352 cfgSerialConsoleIdleTimeout (Read/Write) cfgSerialConsoleNoAuth (Read/Write) . . . . . 352 cfgSerialHistorySize (Read/Write) . . . .
cfgRacTuneIpBlkPenaltyTime . . . . . . . . . . . cfgRacTuneSshPort (Read/Write) . . . . . . . . . cfgRacTuneTelnetPort (Read/Write) . . . . . . . . . . . . . . . . 362 . . . . . . 362 . . . . . . . . 363 cfgRacTuneDaylightOffset (Read/Write) . . . . . . cfgRacTuneTimezoneOffset (Read/Write) . . . . . 363 364 cfgRacTuneWebserverEnable (Read/Write) . . . . 364 cfgRacTuneLocalServerVideo (Read/Write) . . . . 365 cfgRacTuneLocalConfigDisable . . . . . . . . . .
cfgVirMediaBootOnce (Read/Write) . . . . . . . . 372 . . . . . . . . . 372 . . . . . . . . . . . . . . . . . . . 373 cfgFloppyEmulation (Read/Write) cfgActiveDirectory cfgADRacDomain (Read/Write) . . . . . . . . . . 373 . . . . . . . . . . . 373 . . . . . . . . . . . . . 374 cfgADRacName (Read/Write) cfgADEnable (Read/Write) . . . . . . . . . 377 . . . . . . . . . . 377 . . . . . . . . . . . . . . 378 cfgADAuthTimeout (Read/Write) .
cfgIpmiSolAccumulateInterval (Read/Write) . . . 386 . . . . . . 386 . . . . . . . . . . . . . . . . . . . . . . . . 386 cfgIpmiSolSendThreshold (Read/Write) cfgIpmiLan cfgIpmiLanEnable (Read/Write) . . . . . . . . . . cfgIpmiLanPrivLimit (Read/Write) . . . . . . . . . 387 . . . . . . . . 388 . . . . . 388 . . . . . . . . . . . . . . . . . . . . . . . . 389 cfgIpmiPetCommunityName (Read/Write) cfgIpmiPef 387 . . . . . . . cfgIpmiLanAlertEnable (Read/Write) .
DRAC 5 Overview The Dell™ Remote Access Controller 5 (DRAC 5) is a systems management hardware and software solution designed to provide remote management capabilities, crashed system recovery, and power control functions for Dell systems. By communicating with the system’s baseboard management controller (BMC), the DRAC 5 (when installed) can be configured to send you e-mail alerts for warnings or errors related to voltages, temperatures, intrusion, and fan speeds.
DRAC 5 Specifications and Features Figure 1-1 shows the DRAC 5 hardware. Figure 1-1. DRAC 5 Hardware Features 44-pin MII cable connector 50-pin management cable connector RJ-45 Connector PCIe Connector Jumper Connector DRAC 5 Specifications Power Specifications Table 1-1 lists the power requirements for the DRAC 5. Table 1-1. DRAC 5 Power Specifications System Power 1.2 A on +3.3 V AUX (maximum) 550 mA on +3.
The DRAC 5 includes one onboard 10/100 Mbps RJ-45 NIC, a 50-pin management cable, and a 44-pin MII cable. See Figure 1-1 for the DRAC 5 cable connectors. The 50-pin management cable is the main interface to the DRAC that provides connectivity to USB, serial, video, and an inter-integrated circuit (I2C) bus. The 44-pin MII cable connects the DRAC NIC to the system’s motherboard. The RJ-45 connector connects the DRAC NIC to an out-ofband connection when the DRAC 5 is configured in Dedicated NIC mode.
Table 1-3. DRAC 5 Client Ports Port Number Function 25 SMTP 53 DNS 68 DHCP-assigned IP address 69 TFTP 162 SNMP trap 636 LDAPS 3269 LDAPS for global catalog (GC) Supported Remote Access Connections Table 1-4 lists the connection features. Table 1-4.
DRAC 5 Standard Features The DRAC 5 provides the following features: • Two-factor authentication, which is provided by the Smart Card logon. The two-factor authentication is based on what the users have (the Smart Card) and what they know (the PIN).
• IPMI support. • Standards-based management with IPMI over LAN and SM-CLP. • Sensors for monitoring power consumption. The DRAC 5 uses this data to depict system power consumption through charts and statistics. • Secure Sockets Layer (SSL) encryption — Provides secure remote system management through the Web-based interface. • Password-level security management — Prevents unauthorized access to a remote system.
The following system documents are also available to provide more information about the system in which your DRAC 5 is installed: • The Product Information Guide provides important safety and regulatory information. For additional regulatory information, see the Regulatory Compliance home page at www.dell.com/regulatory_compliance. Warranty information may be included within this document or as a separate document.
DRAC 5 Overview
Getting Started With the DRAC 5 The DRAC 5 enables you to remotely monitor, troubleshoot, and repair a Dell system even when the system is down. The DRAC 5 offers a rich set of features like console redirection, virtual media, virtual KVM, Smart Card authentication, and so on. Management station is the system from where an administrator remotely manages a Dell system that is installed with a DRAC card. The systems that are thus monitored are called managed systems.
8 Configure alerts for efficient systems management capability. 9 Configure the DRAC 5 Intelligent Platform Management Interface (IPMI) settings to use the standards-based IPMI tools to manage the systems on your network.
Basic Installation of the DRAC 5 This section provides information about how to install and set up your DRAC 5 hardware and software.
Configuring Your System to Use a DRAC 5 To configure your system to use a DRAC 5, use the Dell™ Remote Access Configuration Utility (formerly known as the BMC Setup Module). To run the Dell Remote Access Configuration Utility: 1 Turn on or restart your system. 2 Press when prompted during POST. If your operating system begins to load before you press , allow the system to finish booting, and then restart your system and try again. 3 Configure the NIC.
4 Configure the network controller LAN parameters to use DHCP or a Static IP address source. a Using the down-arrow key, select LAN Parameters, and press . b Using the up-arrow and down-arrow keys, select IP Address Source. c Using the right-arrow and left-arrow keys, select DHCP or Static. d If you selected Static, configure the Ethernet IP Address, Subnet Mask, and Default Gateway settings. e Press . 5 Press . 6 Select Save Changes and Exit. The system automatically reboots.
Configuring Your DRAC 5 To configure your DRAC 5: 1 Select one of the following configuration tools: • Web-based interface • RACADM CLI • Serial/Telnet/SSH console NOTICE: Using more than one DRAC 5 configuration tool at the same time may generate unexpected results. 2 Configure the DRAC 5 network settings. See "Configuring DRAC 5 Properties". 3 Add and configure DRAC 5 users. See "Adding and Configuring DRAC 5 Users". 4 Configure the Web browser to access the Web-based interface.
Managed system software installs your choices from the appropriate version of Dell™ OpenManage™ Server Administrator on the managed system. NOTE: Do not install the DRAC 5 management station software and the DRAC 5 managed system software on the same system. If Server Administrator is not installed on the managed system, you cannot view the system’s last crash screen or use the Auto Recovery feature. For more information about the last crash screen, see "Viewing the Last System Crash Screen".
• When prompted to add or remove packages, install the optional Legacy Software Development software. This software package includes the necessary software components to run the Dell Digital KVM viewer on your management station.
Updating the DRAC 5 Firmware Use one of the following methods to update your DRAC 5 firmware. • Web-based Interface • RACADM CLI • Dell Update Packages Before You Begin Before you update your DRAC 5 firmware using local RACADM or the Dell Update Packages, perform the following procedures. Otherwise, the firmware update operation may fail. 1 Install and enable the appropriate IPMI and managed node drivers.
Use the Firmware Update page to update the DRAC 5 firmware to the latest revision. When you run the firmware update, the update retains the current DRAC 5 settings. Updating the DRAC 5 Firmware Using the Web-Based Interface 1 Open the Web-based interface and login to the remote system. See "Accessing the Web-Based Interface." 2 In the System tree, click Remote Access and click the Update tab.
2 Run the following racadm command: racadm -pud c:\downloads\ You can also update the firmware using remote racadm. For example: racadm -r U -p fwupdate -p -u -d where path is the location where you saved firmimg.d5 on the managed system.
4 Under Local Area Network (LAN) settings, click LAN Settings. 5 If the Use a proxy server box is selected, select the Bypass proxy server for local addresses box. 6 Click OK twice. List of Trusted Domains When you access the DRAC 5 Web-based interface through the Web browser, you are prompted to add the DRAC 5 IP address to the list of trusted domains if the IP address is missing from the list.
To view a localized version of the DRAC 5 Web-based interface in Internet Explorer: 1 Click the Tools menu and select Internet Options. 2 In the Internet Options window, click Languages. 3 In the Language Preference window, click Add. 4 In the Add Language window, select a supported language. To select more than one language, press . 5 Select your preferred language and click Move Up to move the language to the top of the list. 6 Click OK. 7 In the Language Preference window, click OK.
3 If the values include “zh_CN.UTF-8”, no changes are required. If the values do not include “zh_CN.UTF-8”, go to step 4. 4 Navigate to the /etc/sysconfig/i18n file. 5 In the file, apply the following changes: Current entry: LANG="zh_CN.GB18030" SUPPORTED="zh_CN.GB18030:zh_CH.GB2312:zh_CN:zh" Updated entry: LANG="zh_CN.UTF-8" SUPPORTED="zh_CN.UTF8:zh_CN.GB18030:zh_CH.GB2312:zh_CN:zh" 6 Log out and then login to the operating system. 7 Relaunch the DRAC 5.
Advanced Configuration of the DRAC 5 This section provides information about advanced DRAC 5 configuration and is recommended for users with advanced knowledge of systems management and who want to customize the DRAC environment to suit their specific needs. Before You Begin You should have completed the basic installation and setup of your DRAC 5 hardware and software. See "Basic Installation of the DRAC 5" for more information.
Accessing the Web-Based Interface To access the DRAC 5 Web-based interface: 1 Open a supported Web browser window. See "Supported Web Browsers" for more information. 2 In the Address field, type the following and press : https:// If the default HTTPS port number (port 443) has been changed, type: https://: where IP address is the IP address for the DRAC 5 and port number is the HTTPS port number. The DRAC 5 Log in window appears.
• Your Active Directory user name. For example, \, /, or @. Examples of an Active Directory user name are: dell.com\john_doe or john_doe@dell.com. The Active Directory user name is not case sensitive. 2 In the Password field, type your DRAC 5 user password or Active Directory user password. This field is case sensitive. 3 Click OK or press .
Using the connect com2 Serial Command When using the connect com2 serial command, ensure that the following are configured properly: • The Serial Communication→ Serial Port setting in the BIOS Setup program. • The DRAC configuration settings. When a telnet session is established to the DRAC 5 and these settings are incorrect, connect com2 may display a blank screen.
RAC Serial Interface RAC also supports a serial console interface (or RAC Serial Console) that provides a RAC CLI, which is not defined by IPMI. If your system includes a RAC card with Serial Console enabled, the RAC card will override the IPMI serial settings and display the RAC CLI serial interface. To enable the RAC serial terminal interface, set the cfgSerialConsoleEnable property to 1 (TRUE).
3 If the /etc/grub.conf contains a splashimage directive, comment it out. Table 4-2 provides a sample /etc/grub.conf file that shows the changes described in this procedure. Table 4-2. Sample File: /etc/grub.conf # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes # to this file # NOTICE: You do not have a /boot partition. This means that # all kernel and initrd paths are relative to /, e.g.
When you edit the /etc/grub.conf file, use the following guidelines: 1 Disable GRUB's graphical interface and use the text-based interface; otherwise, the GRUB screen will not be displayed in RAC console redirection. To disable the graphical interface, comment out the line starting with splashimage.
Table 4-3. Sample File: /etc/innitab # # inittab This file describes how the INIT process should set up # the system in a certain run-level. # # Author: Miquel van Smoorenburg # Modified for RHS Linux by Marc Ewing and Donnie Barnes # # Default runlevel.
Table 4-3. Sample File: /etc/innitab (continued) # Things to run in every runlevel. ud::once:/sbin/update # Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -t3 -r now # When our UPS tells us power has failed, assume we have a few # minutes of power left. Schedule a shutdown for 2 minutes from now. # This does, of course, assume you have power installed and your # UPS is connected and working correctly.
Table 4-4 shows a sample file with the new line. Table 4-4. Sample File: /etc/securetty vc/1 vc/2 vc/3 vc/4 vc/5 vc/6 vc/7 vc/8 vc/9 vc/10 vc/11 tty1 tty2 tty3 tty4 tty5 tty6 tty7 tty8 tty9 tty10 tty11 ttyS1 Enabling the DRAC 5 Serial/Telnet/SSH Console The serial/telnet/ssh console can be enabled locally or remotely. Enabling the Serial/Telnet/SSH Console Locally NOTE: You (the current user) must have Configure DRAC 5 permission in order to perform the steps in this section.
Enabling the Serial/Telnet/SSH Console Remotely To enable the serial/telnet/ssh console remotely, type the following remote RACADM commands from a command prompt: racadm -u -p -r config -g cfgSerial -o cfgSerialConsoleEnable 1 racadm -u -p -r config -g cfgSerial -o cfgSerialTelnetEnable 1 racadm -u -p -r config -g cfgSerial -o cfgSerialSshEnable 1 NOTE: When you use Internet Explore
Using RACADM Remotely To use RACADM commands remotely, type the following command from a command prompt on a management station: racadm -u -p -r config -g -o Ensure that your web server is configured with a DRAC 5 card before you use RACADM remotely. Otherwise, RACADM times out and the following message appears: Unable to connect to RAC at specified IP address.
Configuring the Telnet Port Number Type the following command to change the telnet port number on the DRAC 5. racadm config -g cfgRacTuning -o cfgRacTuneTelnetPort Using a Serial or Telnet Console You can run the serial commands in Table 4-19 remotely using RACADM or from the serial/telnet/ssh console command prompt.
NOTE: When using the -h option, the client and server terminal emulation type (ANSI or VT100) must be identical; otherwise, the output may be garbled. Additionally, set the client terminal row to 25. The default (and maximum) size of the history buffer is 8192 characters.
Table 4-6. IPMI Serial Settings (continued) Setting Description Channel Privilege Level Limit • Administrator • Operator • User Table 4-7. RAC Serial Settings Setting Description Enabled Enables or disables the RAC serial console. Checked= Enabled; Unchecked=Disabled Maximum Sessions The maximum number of simultaneous sessions allowed for this system. Timeout The maximum number of seconds of line idle time before the line is disconnected. The range is 60 to 1920 seconds.
Table 4-8. Serial Configuration Page Settings Button Description Print Print the Serial Configuration page. Refresh Refresh the Serial Configuration page. Apply Changes Apply the IPMI and RAC serial changes. Terminal Mode Settings Opens the Terminal Mode Settings page. Configuring Terminal Mode 1 Expand the System tree and click Remote Access. 2 Click the Configuration tab and then click Serial. 3 In the Serial Configuration page, click Terminal Mode Settings.
Table 4-10. Terminal Mode Settings Page Buttons Button Description Print Print the Terminal Mode Settings page. Refresh Refresh the Terminal Mode Settings page. Go Back to Serial Port Return to the Serial Port Configuration page. Configuration Apply Changes Apply the terminal mode settings changes.
Connecting the DB-9 or Null Modem Cable for the Serial Console To access the managed system using a serial text console, connect a DB-9 null modem cable to the COM port on the managed system. Not all DB-9 cables carry the pinout/signals necessary for this connection. The DB-9 cable for this connection must conform to the specification shown in Table 4-11. NOTE: The DB-9 cable can also be used for BIOS text console redirection. Table 4-11.
Configuring Linux Minicom for Serial Console Emulation Minicom is the serial port access utility for Linux. The following steps are valid for configuring Minicom version 2.0. Other Minicom versions may differ slightly but require the same basic settings. Use the information in "Required Minicom Settings for Serial Console Emulation" to configure other versions of Minicom. Configuring Minicom Version 2.
16 At the command shell prompt, type minicom . 17 To expand the Minicom window to 80 x 25, drag the corner of the window. 18 Press , , to exit Minicom. NOTE: If you are using Minicom for serial text console redirection to configure the managed system BIOS, it is recommended to turn on color in Minicom. To turn on color, type the following command: minicom -c on Ensure that the Minicom window displays a command prompt such as [DRAC 5\root]#.
3 Next to Connect using:, select the COM port on the management station (for example, COM2) to which you have connected the DB-9 null modem cable and click OK. 4 Configure the COM port settings as shown in Table 4-13. 5 Click OK. 6 Click File → Properties, and then click the Settings tab. 7 Set the Telnet terminal ID: to ANSI. 8 Click Terminal Setup and set Screen Rows to 26. 9 Set Columns to 80 and click OK. Table 4-13.
To run telnet with Linux: 1 Start a new Xterm session. At the command prompt, type xterm & 2 Click on the lower right-hand corner of the XTerm window and resize the window to 80 x 25. 3 Connect to the DRAC 5 in the managed system. At the Xterm prompt, type telnet Enabling Microsoft Telnet for Telnet Console Redirection NOTE: Some telnet clients on Microsoft operating systems may not display the BIOS setup screen correctly when BIOS console redirection is set for VT100 emulation.
3 At the prompt, type: set bsasdel The following message appears: Backspace will be sent as delete. To configure a Linux telnet session to use the key: 1 Open a command prompt and type: stty erase ^h 2 At the prompt, type: telnet Using a Serial or Telnet Console Serial and telnet commands, and RACADM CLI can be typed in a serial or telnet console and executed on the server locally or remotely. The local RACADM CLI is installed for use by a root user only.
Using the Secure Shell (SSH) It is critical that your system’s devices and device management are secure. Embedded connected devices are the core of many business processes. If these devices are compromised, your business may be at risk, which requires new security demands for command line interface (CLI) device management software. Secure Shell (SSH) is a command line session that includes the same capabilities as a telnet session, but with improved security.
Table 4-14. Cryptography Schemes Scheme Type Scheme Asymmetric Cryptography Diffie-Hellman DSA/DSS 512-1024 (random) bits per NIST specification Symmetric Cryptography • AES256-CBC • RIJNDAEL256-CBC • AES192-CBC • RIJNDAEL192-CBC • AES128-CBC • RIJNDAEL128-CBC • BLOWFISH-128-CBC • 3DES-192-CBC • ARCFOUR-128 Message Integrity • HMAC-SHA1-160 • HMAC-SHA1-96 • HMAC-MD5-128 • HMAC-MD5-96 Authentication • Password NOTE: SSHv1 is not supported.
Accessing the DRAC 5 Through a Network After you configure the DRAC 5, you can remotely access the managed system using one of the following interfaces: • Web-based interface • RACADM • Telnet Console • SSH • IPMI Table 4-15 describes each DRAC 5 interface. Table 4-15. DRAC 5 Interfaces Interface Description Web-based interface Provides remote access to the DRAC 5 using a graphical user interface.
Table 4-15. DRAC 5 Interfaces (continued) Interface Description Telnet Console Provides access through the DRAC 5 to the server RAC port and hardware management interfaces through the DRAC 5 NIC and provides support for serial and RACADM commands including powerdown, powerup, powercycle, and hardreset commands. NOTE: Telnet is an unsecure protocol that transmits all data—including passwords—in plain text. When transmitting sensitive information, use the SSH interface.
Configuring the DRAC 5 NIC Configuring the Network and IPMI LAN Settings NOTE: You must have Configure DRAC 5 permission to perform the following steps. NOTE: Most DHCP servers require a server to store a client identifier token in its reservations table. The client (DRAC 5, for example) must provide this token during DHCP negotiation. For RACs, the DRAC 5 supplies the client identifier option using a one-byte interface number (0) followed by a six-byte MAC address.
Table 4-16. Network Settings (continued) Setting Description Use DHCP (For Enables Dell OpenManage™ Server Administrator to obtain the NIC IP DRAC 5 NIC IP address from the Dynamic Host Configuration Address) Protocol (DHCP) server. Selecting the check box deactivates the Static IP Address, Static Gateway, and Static Subnet Mask controls. The default setting is Disabled. Static IP Address Specifies or edits the static IP address for the DRAC 5 NIC.
Table 4-16. Network Settings (continued) Setting Description DNS Domain Name The default DNS domain name is MYDOMAIN. When the Use DHCP for DNS Domain Name check box is selected, this option is grayed out and you cannot modify this field. Auto Negotiation Determines whether the DRAC 5 automatically sets the Duplex Mode and Network Speed by communicating with the nearest router or hub (On) or allows you to set the Duplex Mode and Network Speed manually (Off).
Table 4-18. Network Configuration Page Buttons Button Description Print Prints the Network Configuration page Refresh Reloads the Network Configuration page Advanced Settings Displays the Network Security page. Apply Changes Saves the changes made to the network configuration. NOTE: Changes to the NIC IP address settings will close all user sessions and require users to reconnect to the DRAC 5 Webbased interface using the updated IP address settings.
racadm continues to execute the command. However, if you use the –s option, racadm stops executing the command and displays the following message: Security Alert: Certificate is invalid - Name on Certificate is invalid or does not match site name Racadm not continuing execution of the command. EORROR: Unable to connect to RAC at specified IP address NOTE: The racadm remote capability is supported only on management stations.
RACADM Options Table 4-19 lists the options for the racadm command. Table 4-19. racadm Command Options Option Description -r Specifies the controller’s remote IP address. -r : Use : if the DRAC 5 port number is not the default port (443) -i Instructs racadm to interactively query the user for user name and password. -u Specifies the user name that is used to authenticate the command transaction.
RACADM Subcommands Table 4-20 provides a description of each racadm subcommand that you can run in RACADM. For a detailed listing of racadm subcommands including syntax and valid entries, see "RACADM Subcommand Overview." When entering a RACADM subcommand, prefix the command with racadm. For example: racadm help Table 4-20. RACADM Subcommands Command Description help Lists DRAC 5 subcommands. help Lists usage statement for the specified subcommand.
Table 4-20. RACADM Subcommands (continued) Command Description getsvctag Displays service tags. racdump Dumps DRAC 5 status and state information for debug. racreset Resets the DRAC 5. racresetcfg Resets the DRAC 5 to the default configuration. serveraction Performs power management operations on the managed system. getraclog Displays the RAC log. clrsel Clears the System Event Log entries. gettracelog Displays the DRAC 5 trace log.
You may encounter one or more of the following errors when using the racadm commands and subcommands: • Local racadm error messages — Problems such as syntax, typographical errors, and incorrect names. • Remote racadm error messages—Problems such as incorrect IP Address, incorrect username, or incorrect password. When I ping the DRAC IP address from my system and then switch my DRAC 5 card between Dedicated and Shared modes during the ping response, I do not receive a response.
3 Use the new configuration file to modify a target RAC. In the command prompt, type: racadm config -f myfile.cfg 4 Reset the target RAC that was configured. In the command prompt, type: racadm reset The getconfig -f racadm.cfg subcommand requests the DRAC 5 configuration and generates the racadm.cfg file. If required, you can configure the file with another name.
The .cfg file can be: • Created • Obtained from a racadm getconfig -f .cfg command • Obtained from a racadm getconfig -f .cfg command, and then edited NOTE: See "getconfig" for information about the getconfig command. The .cfg file is first parsed to verify that valid group and object names are present and that some simple syntax rules are being followed. Errors are flagged with the line number that detected the error, and a simple message explains the problem.
• Use the racresetcfg subcommand to configure all DRAC 5 cards with identical properties. Use the racresetcfg subcommand to reset the DRAC 5 to original defaults, and then run the racadm config -f .cfg command. Ensure that the .cfg file includes all required objects, users, indexes, and other parameters. NOTICE: Use the racresetcfg subcommand to reset the database and the DRAC 5 NIC settings to the original default settings and remove all users and user configurations.
The following example displays a group name, object, and the object’s property value. Example: [cfgLanNetworking] -{group name} cfgNicIpAddress=143.154.133.121 {object name} • All parameters are specified as "object=value" pairs with no white space between the object, =, or value. White spaces that are included after the value are ignored. A white space inside a value string remains unmodified.
• For indexed groups the object anchor must be the first object after the "[ ]" pair. The following are examples of the current indexed groups: [cfgUserAdmin] cfgUserAdminUserName= If you type racadm getconfig -f .cfg, the command builds a .cfg file for the current DRAC 5 configuration. This configuration file can be used as an example and as a starting point for your unique .cfg file.
The command racadm config -f myfile.cfg parses the file and identifies any errors by line number. A correct file will update the proper entries. Additionally, you can use the same getconfig command from the previous example to confirm the update. Use this file to download company-wide changes or to configure new systems over the network. NOTE: "Anchor" is an internal term and should not be used in the file.
racadm config -g cfgLanNetworking -o cfgDNSServer2 192.168.0.6 racadm config -g cfgLanNetworking -o cfgDNSRegisterRac 1 racadm config -g cfgLanNetworking -o cfgDNSRacName RAC-EK00002 racadm config -g cfgLanNetworking -o cfgDNSDomainNameFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSDomainName MYDOMAIN NOTE: If cfgNicEnable is set to 0, the DRAC 5 LAN is disabled even if DHCP is enabled.
Frequently Asked Questions When accessing the DRAC 5 Web-based interface, I get a security warning stating the hostname of the SSL certificate does not match the hostname of the DRAC 5. The DRAC 5 includes a default DRAC 5 server certificate to ensure network security for the Web-based interface and remote racadm features.
• When racresetcfg is used • When the DRAC 5 is reset • When a new SSL server certificate is uploaded Why doesn’t my DNS server register my DRAC 5? Some DNS servers only register names of 31 characters or fewer. When accessing the DRAC 5 Web-based interface, I get a security warning stating the SSL certificate was issued by a certificate authority (CA) that is not trusted.
Advanced Configuration of the DRAC 5
Adding and Configuring DRAC 5 Users To manage your system with the DRAC 5 and maintain system security, create unique users with specific administrative permissions (or role-based authority). For additional security, you can also configure alerts that are e-mailed to specific users when a specific system event occurs. To add and configure DRAC 5 users: NOTE: You must have Configure DRAC 5 permission to perform the following steps. 1 Expand the System tree and click Remote Access.
Table 5-5 describes the DRAC Group permissions. If you add a DRAC User Privilege to the Administrator, Power User, or Guest User, the DRAC Group will change to the Custom group. 6 When completed, click Apply Changes. 7 Click the appropriate User Configuration page button to continue. See Table 5-6. Table 5-1. Options in the Smart Card Configuration section Option Description Upload User Certificate Enables you to upload the user certificate to DRAC and import it to the user profile.
Table 5-2. General Properties (continued) Property Description Change Password Enables the New Password and Confirm New Password fields. When unchecked, the user’s Password cannot be changed. New Password Specifies or edits the DRAC 5 user's password. Confirm New Password Requires you to retype the DRAC 5 user's password to confirm. Table 5-3.
Table 5-4. DRAC User Privileges (continued) Property Description Execute Server Control Commands Enables the user to execute racadm commands. Access Console Redirection Enables the user to run Console Redirection. Access Virtual Media Enables the user to run and use Virtual Media. Test Alerts Enables the user to send test alerts (e-mail and PET) to a specific user. Execute Diagnostic Commands Enables the user to run diagnostic commands. Table 5-5.
Table 5-6. User Configuration Page Buttons Button Action Print Prints the User Configuration page Refresh Reloads the User Configuration page Go Back To Users Page Returns to the Users Page. Apply Changes Saves the changes made to the network configuration. Using the RACADM Utility to Configure DRAC 5 Users NOTE: You must be logged in as user root to execute RACADM commands on a remote Linux system. The DRAC 5 Web-based interface is the quickest way to configure a DRAC 5.
NOTE: Users can be enabled and disabled over time. As a result, a user may have a different index number on each DRAC 5. To verify if a user exists, type the following command at the command prompt: racadm getconfig -u OR type the following command once for each index of 1–16: racadm getconfig -g cfgUserAdmin -i NOTE: You can also type racadm getconfig -f and view or edit the myfile.cfg file, which includes all DRAC 5 configuration parameters.
Example The following example describes how to add a new user named "John" with a "123456" password and LOGIN privileges to the RAC.
Testing the RAC SNMP Trap Alert Feature The RAC SNMP trap alerting feature allows SNMP trap listener configurations to receive traps for system events that occur on the managed system. The following example shows how a user can test the SNMP trap alert feature of the RAC. racadm testtrap -i 2 Before you test the RAC SNMP trap alerting feature, ensure that the SNMP and trap settings are configured correctly. See "testtrap" and "testemail" subcommand descriptions to configure these settings.
Using the DRAC 5 With Microsoft Active Directory A directory service maintains a common database of all information needed for controlling users, computers, printers, etc. on a network. If your company already uses the Microsoft® Active Directory® service software, you can configure the software to provide access to the DRAC 5, allowing you to add and control DRAC 5 user privileges to your existing users in your Active Directory software.
Supported Active Directory Authentication Mechanisms You can use Active Directory to define user access on the DRAC 5 through two methods: you can use a standard schema solution, which uses Active Directory group objects only or you can use the extended schema solution, which Dell has customized to add Dell-defined Active Directory objects. For more information about these solutions, see the sections below.
Figure 6-1. Configuration of DRAC 5 with Microsoft Active Directory and Standard Schema Configuration on DRAC 5 Side Configuration on Active Directory Side Role Group Name and Domain Name Role Group Role Definition User Table 6-1.
Table 6-1. Default Role Group Privileges (continued) Role Groups Default Permissions Granted Privilege Level Bit Mask Role Group 3 Guest User Login to DRAC 0x00000001 Role Group 4 None No assigned permissions 0x00000000 Role Group 5 None No assigned permissions 0x00000000 NOTE: The Bit Mask values are used only when setting Standard Schema with the RACADM. There are two ways to enable Standard Schema Active Directory: • With the DRAC 5 web-based user interface.
Configuring the DRAC 5 With Standard Schema Active Directory and Web-Based Interface 1 Open a supported Web browser window. 2 Log in to the DRAC 5 Web-based interface. 3 Expand the System tree and click Remote Access. 4 Click the Configuration tab and select Active Directory. 5 On the Active Directory Main Menu page, select Configure Active Directory and click Next. 6 In the Common Settings section: a Select the Enable Active Directory check box. b Type the Root Domain Name.
14 Click Go Back To Active Directory Configuration and Management. 15 Click Go Back To Active Directory Main Menu. 16 Upload your domain forest Root CA certificate into the DRAC 5. a Select the Upload Active Directory CA Certificate check-box and then click Next. b In the Certificate Upload page, type the file path of the certificate or browse to the certificate file. NOTE: The File Path value displays the relative file path of the certificate you are uploading.
Configuring the DRAC 5 With Standard Schema Active Directory and RACADM Using the following commands to configure the DRAC 5 Active Directory Feature with Standard Schema using the RACADM CLI instead of the Web-based interface.
Extended Schema Active Directory Overview There are two ways to enable Extended Schema Active Directory: • With the DRAC 5 web-based user interface. See "Configuring the DRAC 5 With Extended Schema Active Directory and Web-Based Interface". • With the RACADM CLI tool. See "Configuring the DRAC 5 With Extended Schema Active Directory and RACADM". Active Directory Schema Extensions The Active Directory data is a distributed database of Attributes and Classes.
Overview of the RAC Schema Extensions To provide the greatest flexibility in the multitude of customer environments, Dell provides a group of properties that can be configured by the user depending on the desired results. Dell has extended the schema to include an Association, Device, and Privilege property. The Association property is used to link together the users or groups with a specific set of privileges to one or more RAC devices.
Figure 6-2. Typical Setup for Active Directory Objects Association Object User(s) Group(s) Privilege Object RAC Device Object(s) RAC4 Privilege Object NOTE: The RAC privilege object applies to both DRAC 4 and DRAC 5. You can create as many or as few association objects as required.
When adding Universal Groups from separate domains, create an Association Object with Universal Scope. The Default Association objects created by the Dell Schema Extender Utility are Domain Local Groups and will not work with Universal Groups from other domains. Figure 6-3.
See" Adding DRAC 5 Users and Privileges to Active Directory" for detailed instructions. Figure 6-4 provides an example of Active Directory objects in multiple domains. In this scenario, you have two DRAC 5 cards (RAC1 and RAC2) and three existing Active Directory users (user1, user2, and user3). User1 is in Domain1, and user2 and user 3 are in Domain2. In this scenario, configure user1 and user 2 with administrator privileges to both DRAC 5 cards and configure user3 with login privileges to the RAC2 card.
4 Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (administrator) and Priv2 has login privileges. 5 Group user1 and user2 into Group1. The group scope of Group1 must be Universal. 6 Add Group1 as Members in Association Object 1 (AO1), Priv1 as Privilege Objects in AO1, and RAC1, RAC2 as RAC Devices in AO1. 7 Add User3 as Members in Association Object 2 (AO2), Priv2 as Privilege Objects in AO2, and RAC2 as RAC Devices in AO2.
You can extend your schema using one of the following methods: • Dell Schema Extender utility • LDIF script file If you use the LDIF script file, the Dell organizational unit will not be added to the schema.
Table 6-2. Class Definitions for Classes Added to the Active Directory Schema Class Name Assigned Object Identification Number (OID) dellRacDevice 1.2.840.113556.1.8000.1280.1.1.1.1 dellAssociationObject 1.2.840.113556.1.8000.1280.1.1.1.2 dellRACPrivileges 1.2.840.113556.1.8000.1280.1.1.1.3 dellPrivileges 1.2.840.113556.1.8000.1280.1.1.1.4 dellProduct 1.2.840.113556.1.8000.1280.1.1.1.5 Table 6-3. dellRacDevice Class OID 1.2.840.113556.1.8000.1280.1.1.1.
Table 6-5. dellRAC4Privileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.3 Description Used to define the privileges (Authorization Rights) for the DRAC 5 device. Class Type Auxiliary Class SuperClasses None Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 6-6. dellPrivileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.
Table 6-8. List of Attributes Added to the Active Directory Schema Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellPrivilegeMember 1.2.840.113556.1.8000.1280.1.1.2.1 FALSE List of dellPrivilege Objects that belong to this Attribute. Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) dellProductMembers 1.2.840.113556.1.8000.1280.1.1.2.2 FALSE List of dellRacDevices Objects Distinguished Name (LDAPTYPE_DN that belong to this role. This 1.3.6.1.4.1.
Table 6-8. List of Attributes Added to the Active Directory Schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellIsVirtualMediaUser 1.2.840.113556.1.8000.1280.1.1.2.9 TRUE TRUE if the user has Virtual Media rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsTestAlertUser 1.2.840.113556.1.8000.1280.1.1.2.10 TRUE if the user has Test Alert User rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.
Installing the Dell Extension to the Active Directory Users and Computers Snap-In When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers snap-in so the administrator can manage RAC (DRAC 5) devices, Users and User Groups, RAC Associations, and RAC Privileges.
4 Select the Active Directory Users and Computers snap-in and click Add. 5 Click Close and click OK. Adding DRAC 5 Users and Privileges to Active Directory Using the Dell-extended Active Directory Users and Computers snap-in, you can add DRAC 5 users and privileges by creating RAC, Association, and Privilege objects.
6 Right-click the privilege object that you created, and select Properties. 7 Click the RAC Privileges tab and select the privileges that you want the user to have (for more information, see Table 5-4). Creating an Association Object The Association Object is derived from a Group and must contain a Group Type. The Association Scope specifies the Security Group Type for the Association Object.
Click the Privilege Object tab to add the privilege object to the association that defines the user’s or user group’s privileges when authenticating to a RAC device. Only one privilege object can be added to an Association Object. Adding Privileges 1 Select the Privileges Object tab and click Add. 2 Type the Privilege Object name and click OK. Click the Products tab to add one or more RAC devices to the association.
8 In the Extended Schema Settings section: a Type the DRAC Name. This name must be the same as the common name of the new RAC object you created in your Domain Controller (see step 3 of Creating a RAC Device Object). b Type the DRAC Domain Name (for example, drac5.com). Do not use the NetBIOS name. The DRAC Domain Name is the fully qualified domain name of the sub-domain where the RAC Device Object is located. 9 Click Apply to save the Active Directory settings.
15 If Use DHCP (for NIC IP Address) is selected under Network Settings, then select Use DHCP to obtain DNS server address. To manually input a DNS server IP address, deselect Use DHCP to obtain DNS server addresses and type your primary and alternate DNS server IP addresses. 16 Click Apply Changes. The DRAC 5 Extended Schema Active Directory feature configuration is complete.
2 If you want to specify an LDAP, Global Catalog server, or Association Object domain instead of using the servers returned by the DNS server to search for a user name, type the following command to enable the Specify Server option: racadm config -g cfgActive Directory -o cfgADSpecifyServer Enable 1 NOTE: If you use this option, the hostname in the CA certificate is not matched against the name of the specified server.
To specify the Association Object, ensure that you provide the IP or FQDN of the Global Catalog also. NOTE: If you specify the IP address as 0.0.0.0, DRAC 5 will not search for any server. You can specify a list of LDAP, Global Catalog servers, or Association Objects separated by commas. DRAC 5 allows you to specify up to four IP addresses or hostnames.
Accumulating Privileges Using Extended Schema The Extended Schema Authentication mechanism supports Privilege Accumulation from different privilege objects associated with the same user through different Association Objects. In other words, Extended Schema Authentication accumulates privileges to allow the user the super set of all assigned privileges corresponding to the different privilege objects associated with the same user.
For example, Priv1 had the privileges: Login, Virtual Media, and Clear Logs and Privr2 had the privileges: Login, Configure DRAC, and Test Alerts.
Configuring Active Directory (Standard Schema and Extended Schema) 1 In the Active Directory Main Menu page, select Configure Active Directory and click Next. 2 In the Active Directory Configuration and Management page, enter the Active Directory settings. Table 6-10 describes the Active Directory Configuration and Management page settings. 3 Click Apply to save the settings. 4 Click the appropriate Active Directory Configuration page button to continue. See Table 6-11.
Table 6-10. Active Directory Configuration and Management Page Settings (continued) Setting Description DRAC Name The name that uniquely identifies the DRAC 5 card in Active Directory. This value is NULL by default. The name must be a 1-254 character ASCII string with no blank spaces between characters. DRAC Domain Name The DNS name (string) of the domain, where the Active Directory DRAC 5 object resides. This value is NULL by default. The name must be a valid domain name consisting of x.
Table 6-12. Role Group Privileges Setting Description Role Group Privilege Level Specifies the user’s maximum DRAC user privilege to one of the following: Administrator, Power User, Guest user, None, or Custom. See Table 6-13 for Role Group permissions Login to DRAC Enables the user to log in to the DRAC. Configure DRAC Enables the user to configure the DRAC. Configure Users Enables the user to allow specific users to access the system. Clear Logs Enables the user to clear the DRAC logs.
Table 6-13. Role Group Permissions (continued) Property Description Custom Selects any combination of the following permissions: Login to DRAC, Configure DRAC, Configure Users, Clear Logs, Execute Server Action Commands, Access Console Redirection, Access Virtual Media, Test Alerts, Execute Diagnostic Commands None No assigned permissions Uploading an Active Directory CA Certificate 1 In the Active Directory Main Menu page, select Upload Active Directory CA Certificate and click Next.
Viewing an Active Directory CA Certificate Use the Active Directory Main Menu page to view a CA server certificate for your DRAC 5. 1 In the Active Directory Main Menu page, select View Active Directory CA Certificate and click Next. Table 6-14 describes the fields and associated descriptions listed in the Certificate window. 2 Click the appropriate View Active Directory CA Certificate page button to continue. See Table 6-11. Table 6-14.
If you are using Microsoft Enterprise Root CA to automatically assign all your domain controllers to an SSL certificate, perform the following steps to enable SSL on each domain controller: 1 Enable SSL on each of your domain controllers by installing the SSL certificate for each controller. a Click Start→ Administrative Tools→ Domain Security Policy. b Expand the Public Key Policies folder, right-click Automatic Certificate Request Settings and click Automatic Certificate Request.
13 Click Next and select Base-64 encoded X.509 (.cer) as the format. 14 Click Next and save the certificate to a directory on your system. 15 Upload the certificate you saved in step 14 to the DRAC 5. To upload the certificate using RACADM, see "Configuring the DRAC 5 With Extended Schema Active Directory and Web-Based Interface". To upload the certificate using the Web-based interface, perform the following procedure: a Open a supported Web browser window. b Log in to the DRAC 5 Web-based interface.
The DRAC 5 SSL certificate is the identical certificate used for the DRAC 5 Web server. All DRAC 5 controllers are shipped with a default self-signed certificate. To access the certificate using the DRAC 5 Web-based interface, select Configuration→ Active Directory→ Download DRAC 5 Server Certificate. 1 On the domain controller, open an MMC Console window and select Certificates→ Trusted Root Certification Authorities. 2 Right-click Certificates, select All Tasks and click Import.
Supported Active Directory Configuration The Active Directory querying algorithm of the DRAC 5 supports multiple trees in a single forest. DRAC 5 Active Directory Authentication supports mixed mode (that is, the domain controllers in the forest run different operating systems, such as Microsoft Windows NT® 4.0, Windows 2000, or Windows Server 2003). However, all objects used by the DRAC 5 querying process (among user, RAC Device Object, and Association Object) should be in the same domain.
White space and special characters (such as \, /, or @) cannot be used in the user name or the domain name. NOTE: You cannot specify NetBIOS domain names, such as Americas, because these names cannot be resolved. You can also log into the DRAC 5 using the Smart Card. For more information, see "Logging Into the DRAC 5 Using Active Directory Smart Card Authentication.
3 Click Login. The DRAC 5 logs you in, using your credentials that were cached in the operating system when you logged in using your valid Active Directory account. Frequently Asked Questions Are there any restrictions on Domain Controller SSL configuration? Yes. All Active Directory servers’ SSL certificates in the forest must be signed by the same root CA since DRAC 5 only allows uploading one trusted CA SSL certificate.
d Check the Domain Controller SSL certificates to ensure that they have not expired. e Ensure that your DRAC Name, Root Domain Name, and DRAC Domain Name match your Active Directory environment configuration. f Ensure that the DRAC 5 password has a maximum of 127 characters. While the DRAC 5 can support passwords of up to 256 characters, Active Directory only supports passwords that have a maximum length of 127 characters.
Configuring Smart Card Authentication The Dell™ Remote Access Controller 5 (DRAC 5) version 1.30 and later support the two-factor-authentication for logging into the DRAC 5 Web interface. This support is provided by the Smart Card Logon feature on the DRAC 5. The traditional authentication schemes use user name and password to authenticate users. This provides minimal security.
NOTE: Dell recommends that the DRAC 5 administrator use the Enable with Remote Racadm setting only to access the DRAC 5 user interface to run scripts using the remote racadm commands. If the administrator does not need to use the remote racadm, Dell recommends the Enabled setting for Smart Card logon. Also, ensure that the DRAC 5 local user configuration and/or Active Directory configuration is complete before enabling Smart Card Logon.
Configuring Local DRAC 5 Users for Smart Card Logon You can configure the local DRAC 5 users to log into the DRAC 5 using the Smart Card. Navigate to Remote Access→ Configuration→ Users. Figure 7-1. User Management Page for Smart Card However, before the user can log into the DRAC 5 using the Smart Card, you must upload the user's Smart Card certificate and the trusted Certificate Authority (CA) certificate to the DRAC 5.
the Base64 encoded form. You should upload this file as the trusted CA certificate for the user. Configure the user with the username that forms the user’s User Principle Name (UPN) in the Smart Card certificate. NOTE: To log into the DRAC 5, the user name that you configure in the DRAC 5 should have the same case as the User Principle Name (UPN) in the Smart Card certificate. For example, in case the Smart Card certificate has been issued to the user, "sampleuser@domain.
Table 7-1. Smart Card Settings Setting Description Configure Smart Card Logon • Disabled — Disables Smart Card logon. Subsequent logins from the graphical user interface (GUI) display the regular login page. All command line out-of-band interfaces including secure shell (SSH), Telnet, Serial, and remote RACADM are set to their default state. • Enabled — Enables Smart Card logon. After applying the changes, logout, insert your Smart Card and then click Login to enter your Smart Card PIN.
Logging Into the DRAC 5 Using the Smart Card The DRAC 5 Web interface displays the Smart Card logon page for all users who are configured to use the Smart Card. NOTE: Ensure that the DRAC 5 local user and/or Active Directory configuration is complete before enabling the Smart Card Logon for the user. NOTE: Depending on your browser settings, you may be prompted to download and install the Smart Card reader ActiveX plug-in when using this feature for the first time. Figure 7-2.
2 Insert the Smart Card into the reader and click Login. The DRAC 5 prompts you for the Smart Card’s PIN. 3 Enter the Smart Card PIN and click OK. . NOTE: If you are an Active Directory user for whom the Enable CRL check for Smart Card Logon is selected, DRAC 5 attempts to download the CRL and checks the CRL for the user's certificate. The login through Active Directory fails if the certificate is listed as revoked in the CRL or if the CRL cannot be downloaded for any reason.
3 Enter the PIN and click OK. You are logged into the DRAC 5 with your credentials as set in Active Directory. For more information, see "Enabling Kerberos Authentication." Troubleshooting the Smart Card Logon in DRAC 5 Use the following tips to help you debug an inaccessible Smart Card: ActiveX plug-in unable to detect the Smart Card reader Ensure that the Smart Card is supported on the Microsoft Windows® operating system.
Unable to Log into DRAC 5 as an Active Directory User If you cannot log into the DRAC 5 as an Active Directory user, try to log into the DRAC 5 without enabling the Smart Card logon. If you have enabled the CRL check, try the Active Directory logon without enabling the CRL check. The DRAC 5 trace log should provide important messages in case of CRL failure.
Configuring Smart Card Authentication
Enabling Kerberos Authentication Kerberos is a network authentication protocol that allows systems to communicate securely over a non-secure network. It achieves this by allowing the systems to prove their authenticity. Microsoft® Windows® 2000, Windows XP, Windows Server® 2003, Windows Vista®, and Windows Server 2008 use Kerberos as their default authentication method. Starting with DRAC 5 version 1.
Since the DRAC 5 is a device with a non-Windows operating system, run the ktpass utility—part of Microsoft® Windows®—on the Domain Controller (Active Directory server) where you want to map the DRAC 5 to a user account in Active Directory. For example, C:\>ktpass -princ HOST/dracname.domainname.com@domain-name.COM -mapuser dracname -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -pass * -out c:\krbkeytab NOTE: The cryptography type that DRAC 5 supports for Kerberos authentication is DES-CBC-MD5.
Logging Into the DRAC 5 Using Single Sign-On NOTE: To log into the DRAC 5, ensure that you have the latest runtime components of Microsoft Visual C++ 2005 Libraries. For more information, see the Microsoft website. 1 Log into your system using a valid Active Directory account. 2 Type the web address of the DRAC 5 in the address bar of your browser.
Enabling Kerberos Authentication
Using GUI Console Redirection This section provides information about using the DRAC 5 console redirection feature. Overview The DRAC 5 console redirection feature enables you to access the local console remotely in either graphic or text mode. Using console redirection, you can control one or more DRAC 5-enabled systems from one location. Today with the power of networking and the Internet, you do not have to sit in front of each server to perform all the routine maintenance.
Supported Screen Resolutions Refresh Rates on the Managed System Table 9-1 lists the supported screen resolutions and corresponding refresh rates for a console redirection session that is running on the managed system. Table 9-1.
3 Click the Console tab and then click Configuration. 4 In the Console Redirect Configuration page, use the information in Table 9-2 to configure your console redirection session. 5 In DRAC 5 versions 1.40 and later, you can select the Native or Java plug-in type you want to install. Click Apply Changes. Table 9-2.
Table 9-3. Console Redirection Configuration Page Buttons Property Description Print Prints the Console Redirect Configuration page Refresh Reloads the Console Redirect Configuration page Apply Changes Saves your configuration settings. NOTE: With DRAC 5 version 1.30 and later, you can disable console redirection for a remote user. For more information, see "Disabling DRAC 5 Remote Virtual KVM.
Table 9-4. Console Redirection Page Information (continued) Property Description Local Server Video Enabled Yes/No Status Connected or Disconnected Max Sessions The maximum number of supported console redirection sessions Active Sessions The current number of active console redirection sessions Plug-in Type The plug-in type you selected in the Console Redirect Configuration page. The buttons in Table 9-5 are available on the Console Redirection page. Table 9-5.
NOTE: Multiple message boxes may appear after you launch the application. To prevent unauthorized access to the application, you must navigate through these message boxes within three minutes. Otherwise, you will be prompted to relaunch the application. NOTE: If one or more Security Alert windows appear in the following steps, read the information in the window and click Yes to continue.
Using the Video Viewer The Video Viewer provides a user interface between the management station and the remote system, allowing you to see the remote system's desktop and control its mouse and keyboard functions from your management station. When you connect to the remote system, the Video Viewer starts in a separate window. The Video Viewer provides various control adjustments such as video calibration, mouse acceleration, and snapshots. Click Help for more information on these functions.
Table 9-6. Viewer Menu Bar Selections Menu Item Item Description File Capture to File Captures the current remote system screen to a .bmp (Windows) or .png (Linux) file on the local system. A dialog box is displayed that allows you to save the file to a specified location. Exit Exits the Console Redirection page. Refresh Updates the entire remote systemscreen viewport. Full Screen Expands the session screen from a window to full screen.
Table 9-6. Viewer Menu Bar Selections (continued) Menu Item Item Description Tools Automatic Video Adjust Recalibrates the session viewer video output. Manual Video Adjust Provides individual controls to manually adjust the session viewer video output. NOTE: Adjusting the horizontal position off-center desynchronizes the mouse pointers. Session Options Provides additional session viewer control adjustments.
Adjusting the Video Quality The Video Viewer provides video adjustments that allow you to optimize the video for the best possible view. Click Help for more information. To automatically adjust the video quality: 1 Access the Viewer Menu Bar. See "Accessing the Viewer Menu Bar." 2 Click Tools and select Automatic Video Adjust. The video quality is recalibrated, and the session viewer reappears. To manually adjust the video quality: 1 Access the Viewer Menu Bar. See "Accessing the Viewer Menu Bar.
4 Click Tools and select Manual Video Adjust. 5 Adjust the horizontal controls so the remote system’s desktop appears in the center of the session window. 6 Click OK. When using Linux (Red Hat® or Novell®), the operating system’s default mouse settings are used to control the mouse arrow in the DRAC 5 Console Redirection screen. NOTE: On Linux (Red Hat or Novell) systems, there are known mouse arrow synchronization issues.
My local video is turned OFF and for some reason my DRAC 5 is not accessible remotely and the server is not accessible with RDP, telnet, or SSH. How do I recover the local video? The only way to recover the local video in this case is by removing the AC power cord from the server, draining the server flee power and reconnecting the AC power cord; this will bring back the local video on the server monitor. Also, the DRAC 5 configuration is changed to local video ON (default).
Where can I get more information on the Local Server Video feature? See the Dell Support website at support.dell.com for a white paper discussing this feature. I see video corruption on my screen. How do I fix this issue? In the Console Redirection window, click Refresh to refresh the screen. NOTE: You may need to click Refresh several times to correct the video corruption. During Console Redirection, the keyboard and mouse are locked after hibernation on a Windows 2000 system.
Why do I get a blank screen on the remote console after completing a Windows 2000 installation? The managed system does not have the correct ATI video driver. The DRAC 5 Console Redirection will not run correctly on the SVGA video driver on the Windows 2000 distribution CD. You must install Windows 2000 using the Dell Systems Management Tools and Documentation DVD to ensure that you have the latest, supported drivers for the managed system.
Why doesn’t the vKVM mouse sync after coming back from hibernation on a Windows system? Select a different operating system for mouse acceleration on the vKVM window pull-down menu. Next, return to the original operating system to initialize the USB mouse device. 1 In the vKVM toolbar, click Tools and select Session Options. 2 In the Session Options window, click the Mouse tab. 3 In the Mouse Acceleration box, select another operating system and click OK. 4 Initialize the USB mouse device.
Why doesn’t the vKVM mouse and keyboard work when changing mouse acceleration for different operating systems? The USB vKVM keyboard and mouse are inactive from 5 to 10 seconds after changing the mouse acceleration. The network load can sometimes cause this operation to take longer than normal (more than 10 seconds). Why can't I see the bottom of the server screen from the vKVM window? Ensure that the server screen resolution is 1280 x 1024 pixels at 60 Hz with 128 colors.
Why doesn’t the Num Lock indicator on my management station reflect the status of the Num Lock on the remote server? When accessed through the DRAC 5, the Num Lock indicator on the management station does not necessarily coincide with the state of the Num Lock on the remote server. The state of the Num Lock is dependent on the setting on the remote server when the remote session is connected, regardless of the state of the Num Lock on the management station.
How can I install a Web browser on my management station that has a readonly file system? If you are running Linux and your management station has a read-only file system, a browser can be installed on a client system without requiring a connection to a DRAC 5. By using the native plug-in installation package, the browser can be manually installed during the client setup phase.
Once installed, the browser will not prompt for that plug-in installation again, as long as the target DRAC5 firmware does not contain a newer version of the plug-in. Why does the console redirection session end when I reboot my terminal? When the DRAC 5 NIC settings are in "shared" or "shared with failover" mode, a system reset causes the LAN On Motherboard (LOM) to reset.
Using GUI Console Redirection
Using and Configuring Virtual Media Overview The Virtual Media feature provides the managed system with a virtual CD drive, which can use standard media from anywhere on the network. Figure 10-1 shows the overall architecture of virtual media. Figure 10-1.
The managed system is configured with a DRAC 5 card. The virtual CD and floppy drives are two electronic devices embedded in the DRAC 5 that are controlled by the DRAC 5 firmware. These two devices are present on the managed system’s operating system and BIOS at all times, whether virtual media is connected or disconnected. The management station provides the physical media or image file across the network.
Installing the Virtual Media Plug-In The virtual media browser plug-in must be installed on your management station to use the virtual media feature. After you open the DRAC 5 user interface and launch the Virtual Media page, the browser automatically downloads the plug-in, if required. If the plug-in is successfully installed, the Virtual Media page displays a list of floppy diskettes and optical disks that connect to the virtual drive.
Running Virtual Media NOTICE: Do not issue a racreset command when running a Virtual Media session. Otherwise, undesired results may occur, including loss of data. Using Virtual Media, you can "virtualize" a diskette image or drive, enabling a floppy image, floppy drive, or optical drive on your management console to become an available drive on the remote system. Supported Virtual Media Configurations You can enable Virtual Media for one floppy drive and one optical drive.
4 If prompted, follow the on-screen instructions to install the virtual media plug-in. 5 In the Attribute box, perform the following steps: a In the Value column, ensure that the Attach/Detach status value is Attached. If the value is Detached, perform the following steps: • In the Media tab, click Configuration. • In the Value column, ensure that the Attach Virtual Media check box is selected. • Click Apply Changes. • In the Virtual Media tab, click Virtual Media.
7 Click Connect. If the connection is authenticated, the connection status becomes Connected and a list of all connected drives is displayed. All available diskette images and drives you selected become available on the managed system’s console as though they are real drives. NOTE: The assigned virtual drive letter (for Microsoft® Windows® systems) or device special file (for Linux systems) may not be identical to the drive letter on your management console.
Auto-Attaching Virtual Media DRAC 5 firmware version 1.30 and later support the auto-attach virtual media feature. When you enable this feature, DRAC 5 will automatically attach a virtual device to the system only when a device is virtualized (connected) on a supported client.
To change the BIOS setting: 1 Boot the managed system. 2 Press to enter the BIOS setup window. 3 Scroll to the boot sequence and press . In the pop-up window, the virtual optical drives and virtual floppy drives are listed with the standard boot devices. 4 Ensure that the virtual drive is enabled and listed as the first device with bootable media. If required, follow the on-screen instructions to modify the boot order. 5 Save the changes and exit. The managed system reboots.
Using Virtual Media When the Server’s Operating System Is Running Windows-Based Systems On Windows systems, the virtual media drives are automounted and configured with a drive letter. Using the virtual drives from within Windows is similar to using your physical drives. When you connect to the media at a management station, the media is available at the system by clicking the drive and browsing its content.
Enabling Virtual Flash To enable Virtual Flash, open a command prompt, type the following command, and press : racadm config -g cfgRacVirtual -o cfgVirMediaKeyEnable 1 Disabling Virtual Flash To disable Virtual Flash, open a command prompt, type the following command, and press : racadm config -gcfgRacVirtual -o cfgVirMediaKeyEnable 0 Storing Images in a Virtual Flash The Virtual Flash can be formatted from the managed host.
4 Using the format command, format the drive with the /s switch to transfer the system files to the Virtual Flash. For example: format /s x where x is the drive letter assigned to Virtual Flash. 5 Shut down the system and remove the bootable floppy or CD from the appropriate drive. 6 Turn on the system and verify that the system boots from Virtual Flash to the C:\ or A:\ prompt.
For Windows systems, you must have Power User privileges to run the VM-CLI utility. For Linux systems, you can access the VM-CLI utility without administrator privileges by using the sudo command. This command provides a centralized means of providing non-administrator access and logs all user commands. To add or edit users in the VM-CLI group, the administrator uses the visudo command.
All command-line syntax are case sensitive. See "VM-CLI Parameters" for more information. If the remote system accepts the commands and the DRAC 5 authorizes the connection, the command continues to run until either of the following occurs: • The VM-CLI connection terminates for any reason. • The process is manually terminated using an operating system control. For example, in Windows, you can use the Task Manager to terminate the process.
DRAC User Password -p This parameter provides the password for the specified DRAC 5 user. If DRAC 5 authentication fails, an error message displays and the command terminates.
CD/DVD Device or Image File -c { | } where is a valid CD/DVD drive letter (Windows systems) or a valid CD/DVD device file name (Linux systems) and is the file name and path of a valid ISO-9660 image file. This parameter specifies the device or file that will supply the virtual CD/DVD-ROM media: For example, an image file is specified as: -c c:\temp\mydvd.img (Windows systems) -c /tmp/mydvd.
Encrypted Data -e When this parameter is included in the command line, the VM-CLI utility will use an SSL-encrypted channel to transfer data between the management station and the DRAC 5 in the remote system. If this parameter is not included in the command line, the data transfer is not encrypted. VM-CLI Operating System Shell Options The following operating system features can be used in the VM-CLI command line: • stderr/stdout redirection — Redirects any printed utility output to a file.
Deploying Your Operating System Using VM-CLI The Virtual Media Command Line Interface (VM-CLI) utility is a command-line interface that provides Virtual Media features from the management station to the DRAC 5 in the remote system. Using VM-CLI and scripted methods, you can deploy your operating system on multiple remote systems in your network. This section provides information on integrating the VM-CLI utility into your corporate network.
Network Requirements You must have a network share containing: • Operating system files • Required drivers • Operating system boot image file(s) The image file must be a floppy image or CD/DVD ISO image with an industry-standard, bootable format. Creating a Bootable Image File Before you deploy your image file to the remote systems, ensure that a supported system can boot from the file.
Preparing for Deployment Configuring the Remote Systems 1 Create a network share that can be accessed by the management station. 2 Copy the operating system files to the network share. 3 If you have a bootable, preconfigured deployment image file to deploy the operating system to the remote systems, skip this step. If you do not have a bootable, preconfigured deployment image file, create the file.
The following procedure is a high-level overview for deploying the operating system on targeted remote systems. 1 Identify the remote systems that will be deployed. 2 Record the DRAC 5 names and IP addresses of the targeted remote systems.
• When a network time-out occurs, the DRAC 5 firmware drops the connection, disconnecting the link between the server and the Virtual Drive. To reconnect to the Virtual Drive, use the Virtual Media feature.
I am viewing the contents of a floppy drive or USB memory key. If I try to establish a Virtual Media connection using the same drive, I receive a connection failure message and am asked to retry. Why? Simultaneous access to Virtual Floppy drives is not allowed. Close the application used to view the drive contents before you attempt to virtualize the drive. How do I configure my virtual device as a bootable device? On the managed system, access the BIOS Setup and navigate to the boot menu.
Do I need Administrator privileges to install the ActiveX plug-in? You must have Administrator or Power User privileges on Windows systems to install the Virtual Media plug-in. What privileges do I need to install and use the Virtual Media plug-in on a Red Hat Linux Management station? You must have Write privileges on the browser’s directory tree to successfully install the Virtual Media plug-in.
What file system types are supported on my Virtual Floppy Drive or Virtual Flash? Your Virtual Floppy Drive or Virtual Flash supports FAT16 or FAT32 file systems. When I performed a firmware update remotely using the DRAC 5 Webbased interface, my virtual drives at the server were removed. Why? Firmware updates cause the DRAC 5 to reset, drop the remote connection, and unmount the virtual drives. The drives will reappear when the DRAC reset is complete.
3 Locate the two subdirectories vm and vkvm. Navigate to the appropriate subdirectory, right click the rac5XXX.xpi file, and select Save Link Target As.... 4 Choose a location to save the plug-in installation package file. To install the plug-in installation package: 1 Copy the installation package to the client's native file system share that is accessible by the client. 2 Open an instance of the browser on the client system.
Using and Configuring Virtual Media
Configuring Security Features The DRAC 5 provides the following security features: • Advanced Security options for the DRAC administrator: • The Console Redirection disable option allows the local system user to disable console redirection using the DRAC 5 Console Redirection feature.
Security Options for the DRAC Administrator Disabling the DRAC 5 Local Configuration Administrators can disable local configuration through the DRAC 5 graphical user interface (GUI) by selecting Remote Access→ Configuration→ Services. When the Disable the DRAC local Configuration using option ROM check box is selected, the Remote Access Configuration Utility— accessed by pressing Ctrl+E during system boot—operates in read-only mode, preventing local users from configuring the device.
NOTICE: These features severely limit the ability of the local user to configure the DRAC 5 from the local system, including performing a reset to default of the configuration. Dell recommends that you use these features with discretion and should disable only one interface at a time to help avoid losing login privileges altogether. NOTE: See the white paper on Disabling Local Configuration and Remote Virtual KVM in the DRAC on the Dell Support site at support.dell.com for more information.
IP address to another device on the network, the resulting conflict may disable the out-of-band connectivity of the DRAC, requiring administrators to reset the firmware to its default settings through a serial connection. Disabling DRAC 5 Remote Virtual KVM Administrators can selectively disable the DRAC 5 remote KVM, providing a flexible, secure mechanism for a local user to work on the system without someone else viewing the user’s actions through console redirection.
Securing DRAC 5 Communications Using SSL and Digital Certificates This subsection provides information about the following data security features that are incorporated in your DRAC 5: • "Secure Sockets Layer (SSL)" • "Certificate Signing Request (CSR)" • "Accessing the SSL Main Menu" • "Generating a New Certificate Signing Request" • "Uploading a Server Certificate" • "Uploading a Server Certificate" Secure Sockets Layer (SSL) The DRAC includes a Web server that is configured to use the industry
Certificate Signing Request (CSR) A CSR is a digital request to a Certificate Authority (CA) for a secure server certificate. Secure server certificates protect the identity of a remote system and ensure that information exchanged with the remote system cannot be viewed or changed by others. To ensure security for your DRAC, it is strongly recommended that you generate a CSR, submit the CSR to a CA, and upload the certificate returned from the CA.
Table 11-1. SSL Main Menu Options (continued) Field Description Upload Server Certificate Click Next to upload an existing certificate that your company has title to, and uses to control access to the DRAC 5. NOTICE: Only X509, Base 64 encoded certificates are accepted by the DRAC 5. DER encoded certificates are not accepted. Upload a new certificate to replace the default certificate you received with your DRAC 5. View Server Certificate Table 11-2.
Table 11-3. Generate Certificate Signing Request (CSR) Page Options Field Description Common Name The exact name being certified (usually the Web server's domain name, for example, www.xyzcompany.com). Only alphanumeric characters, hyphens, underscores, and periods are valid. Spaces are not valid. Organization Name The name associated with this organization (for example, XYZ Corporation). Only alphanumeric characters, hyphens, underscores, periods and spaces are valid.
Uploading a Server Certificate 1 In the SSL Main Menu page, select Upload Server Certificate and click Next. The Certificate Upload page appears. 2 In the File Path field, type the path of the certificate in the Value field or click Browse to navigate to the certificate file. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension 3 Click Apply.
You can change the SSH port with the command: racadm config -g cfgRacTuning -o cfgRacTuneSshPort For more information on cfgSerialSshEnable and cfgRacTuneSshPort properties, see "DRAC 5 Property Database Group and Object Definitions." The DRAC 5 SSH implementation supports multiple cryptography schemes, as shown in Table 11-6. Table 11-6.
Configuring Services NOTE: To modify these settings, you must have Configure DRAC 5 permission. Additionally, the remote RACADM command-line utility can only be enabled if the user is logged in as root. 1 Expand the System tree and click Remote Access. 2 Click the Configuration tab and then click Services.
Table 11-8. Web Server Settings Setting Description Enabled Enables or disables the Web server. Checked=Enabled; Unchecked=Disabled. Max Sessions The maximum number of simultaneous sessions allowed for this system. Active Sessions The number of current sessions on the system, less than or equal to the Max Sessions. Timeout The time in seconds that a connection is allowed to remain idle. The session is cancelled when the timeout is reached.
Table 11-10. Telnet Settings Setting Description Enabled Enables or disables Telnet. Checked=Enabled; Unchecked=Disabled. Max Sessions The maximum number of simultaneous sessions allowed for this system. Up to four sessions are supported. Active Sessions The number of current sessions on the system, less than or equal to the Max Sessions. Timeout The Secure Shell idle timeout, in seconds. Range = 60 to 1920 seconds. Enter 0 seconds to disable the Timeout feature. The default setting is 0.
Table 11-13. Automated System Recovery Agent Setting Setting Description Enabled Enables the Automated System Recovery Agent. Table 11-14. Services Page Buttons Button Description Print Prints the Services page. Refresh Refreshes the Services page. Apply Changes Applies the Services page settings.
IP filtering compares the IP address of an incoming login to the IP address range that is specified in the following cfgRacTuning properties: • cfgRacTuneIpRangeAddr • cfgRacTuneIpRangeMask The cfgRacTuneIpRangeMask property is applied to both the incoming IP address and to the cfgRacTuneIpRangeAddr properties. If the results of both properties are identical, the incoming login request is allowed to access the DRAC 5. Logins from IP addresses outside this range receive an error.
Enabling IP Filtering Below is an example command for IP filtering setup. See "Using RACADM Remotely" for more information about RACADM and RACADM commands. NOTE: The following RACADM commands block all IP addresses except 192.168.0.57) To restrict the login to a single IP address (for example, 192.168.0.57), use the full mask, as shown below. racadm config -g cfgRacTuning -o cfgRacTuneIpRangeEnable 1 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeAddr 192.168.0.
IP Blocking IP blocking dynamically determines when excessive login failures occur from a particular IP address and blocks (or prevents) the address from logging into the DRAC 5 for a preselected time span.
Table 11-16. Login Retry Restriction Properties (continued) Property Definition cfgRacTuneIpBlkFailWindow The timeframe in seconds when the failure attempts are counted. When the failures exceed this limit, they are dropped from the counter. crgRacTuneIpBlkPenaltyTime Defines the timespan in seconds when all login attempts from an IP address with excessive failures are rejected.
Configuring the Network Security Settings Using the DRAC 5 GUI NOTE: You must have Configure DRAC 5 permission to perform the following steps. 1 In the System tree, click Remote Access. 2 Click the Configuration tab and then click Network. 3 In the Network Configuration page, click Advanced Settings. 4 In the Network Security page, configure the attribute values and then click Apply Changes. Table 11-17 describes the Network Security page settings.
Table 11-18. Network Security Page Buttons Button Description Print Prints the Network Security page Refresh Reloads the Network Security page Apply Changes Saves the changes made to the Network Security page. Go Back to Network Configuration Page Returns to the Network Configuration page.
Using the DRAC 5 SM-CLP Command Line Interface This section provides information about the Server Management Workgroup (SMWG) Server Management-Command Line Protocol (SM-CLP) that is incorporated in the DRAC 5. NOTE: This section assumes that you are familiar with the Systems Management Architecture for Server Hardware (SMASH) Initiative and the SMWG SM-CLP specifications. For more information on these specifications, see the Distributed Management Task Force (DMTF) website at www.dmtf.org.
During a typical SM-CLP session, the user can perform operations using the verbs listed in Table 12-1 and Table 12-2. Table 12-1. Supported CLI Verbs for System Verb Definition cd Navigates through the MAP using the shell. delete Deletes an object instance. help Displays help for a specific target. reset Resets the target. show Displays the target properties, verbs, and subtargets. start Turns on a target. stop Shuts down a target. exit Exits from the SM-CLP shell session.
SM-CLP Management Operations and Targets Management Operations The DRAC 5 SM-CLP enables users to manage the following: • Server Power Management — Turn on, shutdown, or reboot the system • System Event Log (SEL) Management — Display or clear the SEL records Options Table 12-3 lists the supported SM-CLP options. Table 12-3. Supported SM-CLP Options SM-CLP Option Description -all Instructs the verb to perform all possible functions. -display Displays the user-defined data.
Table 12-4. SM-CLP Targets (continued) Target Definition /system1/pwrmgtsvc1/ pwrmgtcap1 Capabilities of the power management service for the system. /system1/fan1 A fan target on the managed system. /system1/fan1/ tachsensor1 An individual sensor target on the fan target on the managed system. /system1/batteries1 A battery target on the managed system. /system1/batteries1/ sensor1 An individual sensor target on the battery target on the managed system.
DRAC 5 SM-CLP Examples The following subsections provide sample scenarios for using the SM-CLP to perform the following operations: • Server power management • SEL management • MAP target navigation • Display system properties Server Power Management Table 12-5 provides examples of using SM-CLP to perform power management operations on a managed system. Table 12-5. Server Power Management Operations Operation Syntax Logging into the RAC using the telnet/SSH interface >ssh 192.168.0.
SEL Management Table 12-6 provides examples of using the SM-CLP to perform SEL-related operations on the managed system. Table 12-6.
Table 12-6. SEL Management Operations (continued) Operation Syntax Viewing the SEL record ->show /system1/logs1/log1/record4 /system1/logs1/log1/record4 Properties: LogCreationClassName CreationClassName LogName RecordID MessageTimeStamp 000 Description detected a failure ElementName = = = = = CIM_RecordLog CIM_LogRecord IPMI SEL 1 20050620100512.
Table 12-7. Batteries Management Operations Operation Syntax Viewing the status of the batteries ->show system1/batteries1/sensor1 /system1/batteries1/sensor1: Properties: SystemCreationClassName = CIM_ComputerSystem SystemName = F196P1S CreationClassName = CIM_Sensor DeviceID = BATTERY 1 SensorType = 1 PossibleStates = {"Good" "Bad" "Unknown"} CurrentState = good ElementName Battery = System Board CMOS OtherSensorTypeDescription sensor.
Table 12-8. Map Target Navigation Operations Operation Syntax Navigate to the system target and reboot ->cd system1 ->reset NOTE: The current default target is /. Navigate to the SEL ->cd system1 target and display the ->cd logs1/log1 log records ->show ->cd system1/logs1/log1 ->show Display current target ->cd . Move up one level ->cd ..
Table 12-9. System Properties (continued) Object Property Description ElementName User-friendly name for the system. MaxLen = 64 NameFormat Identifies the method by which the Name is generated. Values: Other, IP, Dial, HID, NWA, HWA, X25, ISDN, IPX, DCC, ICD, E.164, SNA, OID/OSI, WWN, NAA Dedicated Enumeration indicating whether the system is a special-purpose system or general-purpose system.
Table 12-9. Object System Properties (continued) Property Description 16=File Server 17=Mobile User Device, 18=Repeater 19=Bridge/Extender 20=Gateway 21=Storage Virtualizer 22=Media Library 23=Extender Node 24=NAS Head 25=Self-Contained NAS 26=UPS 27=IP Phone 28=Management Controller 29=Chassis Manager ResetCapability Defines the reset methods available on the system Values: 1=Other 2=Unknown 3=Disabled 4=Enabled 5=Not Implemented CreationClassName The superclass from which this instance is derived.
Table 12-9. System Properties (continued) Object Property Description EnabledState Indicates the enabled/disabled states of the system. Values: 0=Unknown 1=Other 2=Enabled 3=Disabled 4=Shutting Down 5=Not Applicable 6=Enabled but Offline 7=In Test 8=Deferred 9=Quiesce 10=Starting EnabledDefault Indicates the default startup configuration for the enabled state of the system. By default, the system is "Enabled" (value= 2).
Table 12-9. Object System Properties (continued) Property Description RequestedState Indicates the last requested or desired state for the system. Values: 2=Enabled 3=Disabled 4=Shut Down 5=No Change 6=Offline 7=Test 8=Deferred 9=Quiesce 10=Reboot 11=Reset 12=Not Applicable HealthState Indicates the current health of the system.
Table 12-9. System Properties (continued) Object Property Description OperationalStatus Indicates the current status of the system. Values: 0=Unknown 1=Other 2=OK 3=Degraded 4=Stressed 5=Predictive Failure 6=Error 7=Non-Recoverable Error 8=Starting 9=Stopping 10=Stopped 11=In Service 12=No Contact 13=Lost Communication 14=Aborted 15=Dormant 16=Supporting Entity in Error 17=Completed 18=Power Mode Description 232 A text-based description of the system.
Property Names for Fan, Temperature, Numeric Voltage, Power Consumption, and Amperage Sensors Supported Property Names for Fans, Temperature, Numeric Voltage, Power Consumption, and Amperage Sensors Table 12-10.
Supported Property Names for Fans, Temperature, Numeric Voltage, Power Consumption, and Amperage Sensors Table 12-10. Sensors (continued) Object Property Description BaseUnits The units of measurement of the sensor RPM=Tachometer (for tachsensor) C=Temperature (for tempsensor) V=Voltage (for numericsensor) Watts=Power Consumption (for powerconsumption) Amp=Amperage (for amperage) CurrentReading The current reading of the sensor.
Supported Property Names for Fans, Temperature, Numeric Voltage, Power Consumption, and Amperage Sensors Table 12-10. Object Sensors (continued) Property Description SupportedThreshold The supported threshold for the sensor.
Supported Property Names for Fans, Temperature, Numeric Voltage, Power Consumption, and Amperage Sensors Table 12-10. Sensors (continued) Object Property Description CurrentState The current state as reported by a sensor ElementName The name of the sensor OtherSensorTypeDesc If the sensortype property ription contains a value of "1" (others), this property gives additional description about that sensor. "Power consumption sensor." for powerconsumption "Amperage sensor.
Table 12-11. Supported Property Names for Power Supply Sensors (continued) Object Property Description TotalOutputPower The total power output as shown on the DRAC user interface ElementName Name of the particular sensor. OperationalStatus Current operational status of the power supply unit. HealthState The health status of the power supply unit.
Table 12-12.
Table 12-12. Supported Property Names for Intrusion, Battery, Voltage, and Hardware Performance Sensors (continued) Object Property Description OtherSensorTyp If the sensortype property eDescription contains a value of "1" (others), this property gives additional description about that sensor.
Property Names for Chassis Sensors Table 12-14. Supported Property Names for Chassis Sensors Object Property Description CIM_Chassis CreationClassName The name of the creation class—CIM_Chassis PackageType Type of package 3=Chassis ChassisPackageType Chassis package type 17=Main system chassis Manufacturer Manufacturer "Dell" Model The model name of the system ElementName Element name Property Names for Power Management Service Table 12-15.
Table 12-15. Supported Property Names for Power Management Service (continued) Object Property Description powerstate Current power state of the system. 2=On 6=Off Can be set to the following values: 2=Power On 6=Power Off 5=Power Reset 9=Powercycle the system Using the set verb, you can set the power state of the system. for example, to turn on the system if it is off: set powerstate=2 Property Names for Power Capability Table 12-16.
Using the DRAC 5 SM-CLP Command Line Interface
Monitoring and Alert Management This section explains how to monitor the DRAC 5 and procedures to configure your system and the DRAC 5 to receive alerts. Configuring the Managed System to Capture the Last Crash Screen Before the DRAC 5 can capture the last crash screen, you must configure the managed system with the following prerequisites. 1 Install the managed system software. For more information about installing the managed system software, see the Server Administrator User's Guide.
Disabling the Windows Automatic Reboot Option To ensure that the DRAC 5 Web-based interface last crash screen feature works properly, disable the Automatic Reboot option on managed systems running the Microsoft Windows Server 2003 and Windows 2000 Server operating systems. Disabling the Automatic Reboot Option in Windows Server 2003 1 Open the Windows Control Panel and double-click the System icon. 2 Click the Advanced tab. 3 Under Startup and Recovery, click Settings.
• Redundancy Degraded • Redundancy Lost • Processor Warning • Processor Failure • Processor Absent • PS/VRM/D2D Warning • PS/VRM/D2D Failure • Power Supply Absent • Hardware Log Failure • Automatic System Recovery When a platform event occurs (for example, a fan probe failure), a system event is generated and recorded in the System Event Log (SEL).
5 Under Platform Event Filters List, double-click a filter that you wish to configure. 6 In the Set Platform Events page, make the appropriate selections and then click Apply Changes. NOTE: Generate Alert must be enabled for an alert to be sent to any valid, configured destination (PET or e-mail). Configuring PEF Using the RACADM CLI 1 Enable PEF.
For example, to enable PEF to reboot the system, type the following command: racadm config -g cfgIpmiPef -o cfgIpmiPefAction -i 1 2 where 1 is the PEF index and 2 is the PEF action to reboot. Configuring PET Configuring PET Using the Web User Interface 1 Login to the remote system using a supported Web browser. See "Accessing the Web-Based Interface". 2 Ensure that you followed the procedures in "Configuring PEF Using the Web User Interface". 3 Configure your PET policy.
Configuring PET Using RACADM CLI 1 Enable your global alerts. Open a command prompt, type the following command, and press : racadm config -g cfgIpmiLan -o cfgIpmiLanAlertEnable 1 2 Enable PET. At the command prompt, type the following commands and press after each command: racadm config -g cfgIpmiPet -o cfgIpmiPetAlertEnable -i 1 1 where 1 and 1 are the PET destination index and the enable/disable selection, respectively. The PET destination index can be a value from 1 through 4.
Configuring E-Mail Alerts Configuring E-mail Alerts Using the Web User Interface 1 Login to the remote system using a supported Web browser. See "Accessing the Web-Based Interface". 2 Ensure that you followed the procedures in "Configuring PEF Using the Web User Interface". 3 Configure your e-mail alert settings. a In the Alert Management tab, click Email Alert Settings.
2 Enable e-mail alerts. At the command prompt, type the following commands and press after each command: racadm config -g cfgEmailAlert -o cfgEmailAlertEnable -i 1 1 where 1 and 1 are the e-mail destination index and the enable/disable selection, respectively. The e-mail destination index can be a value from 1 through 4. The enable/disable selection can be set to 1 (Enabled) or 0 (Disabled).
Testing e-mail Alerting The RAC e-mail alerting feature allows users to receive e-mail alerts when a critical event occurs on the managed system. The following example shows how to test the e-mail alerting feature to ensure that the RAC can properly send out e-mail alerts across the network. racadm testemail -i 2 NOTE: Ensure that the SMTP and Email Alert settings are configured before testing the e-mail alerting feature. See "Configuring E-Mail Alerts" for more information.
To set the DRAC 5 community name, use the following command: racadm config -g cfgOobSnmp -o cfgOobSnmpAgentCommunity To prevent SNMP authentication traps from being generated, you must enter community names that will be accepted by the agent. Since the DRAC 5 only allows one community name, you must use the same get and set community name for IT Assistant discovery setup.
Configuring Intelligent Platform Management Interface (IPMI) Configuring IPMI This section provides information about configuring and using the DRAC 5 IPMI interface. The interface includes the following: • IPMI over LAN • IPMI over Serial • Serial over LAN The DRAC 5 is fully IPMI 2.0 compliant. You can configure the DRAC IPMI using: • your browser • an open source utility, such as ipmitool • the Dell OpenManage IPMI shell, ipmish • RACADM.
c In the Network Configuration page under IPMI LAN Settings, select Enable IPMI Over LAN and click Apply Changes. d Update the IPMI LAN channel privileges, if required. NOTE: This setting determines the IPMI commands that can be executed from the IPMI over LAN interface. For more information, see the IPMI 2.0 specifications. Under IPMI LAN Settings, click the Channel Privilege Level Limit drop-down menu, select Administrator, Operator, or User and click Apply Changes.
4 Configure IPMI Serial. a In the Configuration tab, click Serial. b In the Serial Configuration menu, change the IPMI serial connection mode to the appropriate setting. Under IPMI Serial, click the Connection Mode Setting drop-down menu, select the appropriate mode. c Set the IPMI Serial baud rate. Click the Baud Rate drop-down menu, select the appropriate baud rate, and click Apply Changes. d Set the Channel Privilege Level Limit.
Configuring IPMI Using the RACADM CLI 1 Login to the remote system using any of the RACADM interfaces. See "Using RACADM Remotely." 2 Configure IPMI over LAN. Open a command prompt, type the following command, and press : racadm config -g cfgIpmiLan -o cfgIpmiLanEnable 1 NOTE: This setting determines the IPMI commands that can be executed from the IPMI over LAN interface. For more information, see the IPMI 2.0 specifications. a Update the IPMI channel privileges.
3 Configure IPMI Serial over LAN (SOL). At the command prompt, type the following command and press : racadm config -g cfgIpmiSol -o cfgIpmiSolEnable 1 a Update the IPMI SOL minimum privilege level. NOTICE: The IPMI SOL minimum privilege level determines the minimum privilege required to activate IPMI SOL. For more information, see the IPMI 2.0 specification.
c Enable SOL. NOTE: SOL can be enabled or disabled for each individual user. At the command prompt, type the following command and press : racadm config -g cfgUserAdmin -o cfgUserAdminSolEnable -i 2 where is the user’s unique ID. 4 Configure IPMI Serial. a Change the IPMI serial connection mode to the appropriate setting. At the command prompt, type the following command and press : racadm config -g cfgSerial -o cfgSerialConsoleEnable 0 b Set the IPMI Serial baud rate.
d Set the IPMI serial channel minimum privilege level.
• New line sequences • Input new line sequences For more information about these properties, see the IPMI 2.0 specification. Using the IPMI Remote Access Serial Interface In the IPMI serial interface, the following modes are available: • IPMI terminal mode — Supports ASCII commands that are submitted from a serial terminal. The command set has a limited number of commands (including power control) and supports raw IPMI commands that are entered as hexadecimal ASCII characters.
3 Configure the Serial Over LAN settings. Table 14-1 provides information about the Serial Over LAN Configuration page settings. 4 Click Apply Changes. 5 Configure the advanced settings, if required. Otherwise, click the appropriate Serial Over LAN Configuration page button to continue (see Table 14-2). To configure the advanced settings: a Click Advanced Settings. b In the Serial Over LAN Configuration Advanced Settings page, configure the advanced settings as required. See Table 14-3.
Table 14-3. Serial Over LAN Configuration Advanced Settings Page Settings Setting Description Character Accumulate The amount of time that the BMC will wait before Interval transmitting a partial SOL character data package. 1-based 5ms increments. Character Send Threshold The BMC will send an SOL character data package containing the characters as soon as this number of characters (or greater) has been accepted. 1-based units. Table 14-4.
Recovering and Troubleshooting the Managed System This section explains how to perform tasks related to recovering and troubleshooting a crashed remote system using the DRAC 5 Web-based interface.
To access the Power Management page from the System tree, click System and then click the Power Management tab. NOTE: You must have Execute Server Action Commands permission to perform power management actions. Selecting Power Control Actions from the DRAC 5 GUI 1 Select one of the following Power Control Actions. • Power On System— Turns on the system power (equivalent to pressing the power button when the system power is off).
• powercycle — Issues a power-cycle operation on the managed system. This action is similar to pressing the power button on the system’s front panel to power down and then power up the system. • powerstatus — Displays the current power status of the server ("ON", or "OFF") • hardreset — Performs a reset (reboot) operation on the managed system.
Table 15-3. Auto Recovery Fields Field Description Recovery Action When a "system hang" is detected, the DRAC can be configured to do one of the following actions: No Action, Hard Reset, Power Down, or Power Cycle. Initial Countdown The number of seconds after a "system hang" is detected at which the DRAC will perform a Recovery Action. Present Countdown The current value, in seconds, of the countdown timer. Remote Access Controller Table 15-4 describes the Remote Access Controller properties.
Table 15-5. BMC Information Fields (continued) Field Description Number of Current Active Sessions Total number of current active sessions. Firmware Version Version of the BMC firmware. LAN Enabled LAN Enabled or LAN Disabled. Using the System Event Log (SEL) The SEL Log page displays system-critical events that occur on the managed system. To view the System Event Log: 1 In the System tree, click System. 2 Click the Logs tab and then click System Event Log.
Table 15-7. SEL Page Buttons Button Action Print Prints the SEL in the sort order that it appears in the window. Clear Log Clears the SEL. NOTE: The Clear Log button appears only if you have Clear Logs permission. Save As Opens a pop-up window that enables you to save the SEL to a directory of your choice.
3 Select the log number of the POST or operating system boot capture log. The video of the logs is played on a new screen. 4 Click STOP to stop the video. Viewing the Last System Crash Screen NOTICE: The last crash screen feature requires the managed system with the Auto Recovery feature configured in Server Administrator. In addition, ensure that the Automated System Recovery feature is enabled using the DRAC.
Recovering and Troubleshooting the Managed System
Recovering and Troubleshooting the DRAC 5 This section explains how to perform tasks related to recovering and troubleshooting a crashed DRAC 5. You can use one of the following tools to troubleshoot your DRAC 5: • RAC Log • Diagnostic Console • Trace Log • racdump • coredump Using the RAC Log The RAC Log is a persistent log maintained in the DRAC 5 firmware. The log contains a list of user actions (such as log in, log out, and security policy changes) and alerts issued by the DRAC 5.
Table 16-1. RAC Log Page Information Field Description Date/ Time The date and time (for example, Dec 19 16:55:47). When the DRAC 5 initially starts and is unable to communicate with the managed system, the time will be displayed as System Boot. Source The interface that caused the event. Description A brief description of the event and the user name that logged into the DRAC 5. Using the RAC Log Page Buttons The RAC Log page provides the buttons listed in Table 16-2. Table 16-2.
Using the Command Line Use the getraclog command to view the RAC log entries. racadm getraclog -i The getraclog -i command displays the number of entries in the DRAC 5 log. racadm getraclog [options] NOTE: For more information, see "getraclog." You can use the clrraclog command to clear all entries from the RAC log.
Table 16-3. Diagnostic Commands (continued) Command Description netstat Prints the content of the routing table. If the optional interface number is provided in the text field to the right of the netstat option, then netstat prints additional information regarding the traffic across the interface, buffer usage, and other network interface information. ping Verifies that the destination IP address is reachable from the DRAC 5 with the current routing-table contents.
Using the racdump The racadm racdump command provides a single command to get dump, status, and general DRAC 5 board information. NOTE: This command is available only on Telnet and SSH interfaces. For more inform, see the "racdump" command. Using the coredump The racadm coredump command displays detailed information related to any recent critical issues that have occurred with the RAC. The coredump information can be used to diagnose these critical issues.
Recovering and Troubleshooting the DRAC 5
Sensors Hardware sensors or probes help you to monitor the systems on your network in a more efficient way by enabling you to take appropriate actions to prevent disasters, such as system instability or damage. You can use the DRAC 5 to monitor hardware sensor for batteries, fan probes, chassis intrusion, power supplies, power consumed, temperature, and voltages. Battery Probes The Battery probes provide information about the system board CMOS and storage RAM on motherboard (ROMB) batteries.
Power Supplies Probes The power supplies probes provides information on: • status of the power supplies, whether within the normal threshold value or has crossed threshold value. NOTE: You can set threshold values only from the Dell™ OpenManage™ Server Administrator. See the Dell OpenManage Server Administrator User’s Guide for more information. • power supply redundancy, that is, the ability of the redundant power supply to replace the primary power supply if the primary power supply fails.
Voltage Probes The following are typical voltage probes. Your system may have these and/or others present. • CPU [n] VCORE • System Board 0.9V PG • System Board 1.5V ESB2 PG • System Board 1.5V PG • System Board 1.8V PG • System Board 3.3V PG • System Board 5V PG • System Board Backplane PG • System Board CPU VTT • System Board Linear PG The voltage probes indicate whether the status of the probes is within the pre-set warning and critical threshold values.
Sensors
RACADM Subcommand Overview This section provides descriptions of the subcommands that are available in the RACADM command line interface. help NOTE: To use this command, you must have Log In DRAC 5 permission. Table A-1 describes the help command. Table A-1. Help Command Command Definition help Lists all of the subcommands available to use with racadm and provides a short description for each.
arp NOTE: To use this command, you must have Execute Diagnostic Commands permission. Table A-2 describes the arp command. Table A-2. arp Command Command Definition arp Displays the contents of the ARP table. ARP table entries may not be added or deleted. Synopsis racadm arp Supported Interfaces • Remote RACADM • telnet/ssh/serial RACADM clearasrscreen NOTE: To use this command, you must have Clear Logs permission. Table A-3 describes the clearasrscreen subcommand. Table A-3.
config NOTE: To use the getconfig command, you must have Log In DRAC 5 permission. Table A-4 describes the config and getconfig subcommands. Table A-4. config/getconfig Subcommand Definition config Configures the DRAC 5. getconfig Gets the DRAC 5 configuration data.
Table A-5. config Subcommand Options and Descriptions Option Description -f The -f option causes config to read the contents of the file specified by and configure the DRAC 5. The file must contain data in the format specified in "Parsing Rules." -p The -p, or password option, directs config to delete the password entries contained in the config file -f after the configuration is complete. -g The -g , or group option, must be used with the -o option.
Examples • racadm config -g cfgLanNetworking -o cfgNicIpAddress 10.35.10.100 Sets the cfgNicIpAddress configuration parameter (object) to the value 10.35.10.110. This IP address object is contained in the group cfgLanNetworking. • racadm config -f myrac.cfg Configures or reconfigures the DRAC 5. The myrac.cfg file may be created from the getconfig command. The myrac.cfg file may also be edited manually as long as the parsing rules are followed. NOTE: The myrac.
Table A-6. getconfig Subcommand Options Option Description -f The -f option directs getconfig to write the entire RAC configuration to a configuration file. This file can be used for batch configuration operations using the config subcommand. NOTE: The -f option does not create entries for the cfgIpmiPet and cfgIpmiPef groups. You must set at least one trap destination to capture the cfgIpmiPet group to the file.
If errors are not encountered, this subcommand displays the contents of the specified configuration. Examples • racadm getconfig -g cfgLanNetworking Displays all of the configuration properties (objects) that are contained in the group cfgLanNetworking. • racadm getconfig -f myrac.cfg Saves all group configuration objects from the RAC to myrac.cfg. • racadm getconfig -h Displays a list of the available configuration groups on the DRAC 5.
coredump NOTE: To use this command, you must have Execute Debug Commands permission. Table A-7 describes the coredump subcommand. Table A-7. coredump Subcommand Definition coredump Displays the last DRAC 5 core dump. Synopsis racadm coredump Description The coredump subcommand displays detailed information related to any recent critical issues that have occurred with the RAC. The coredump information can be used to diagnose these critical issues.
coredumpdelete NOTE: To use this command, you must have Clear Logs or Execute Debug Commands permission. Table A-8 describes the coredumpdelete subcommand. Table A-8. coredumpdelete Subcommand Definition coredumpdelete Deletes the core dump stored in the DRAC 5. Synopsis racadm coredumpdelete Description The coredumpdelete subcommand can be used to clear any currently resident coredump data stored in the RAC.
Table A-9. fwupdate Subcommand Definition fwupdate Updates the firmware on the DRAC 5. Synopsis racadm fwupdate -s racadm fwupdate -g -u -a -d racadm fwupdate -p -u -d Description The fwupdate subcommand allows users to update the firmware on the DRAC 5.
Table A-10. fwupdate Subcommand Options Option Description -u The update option performs a checksum of the firmware update file and starts the actual update process. This option may be used along with the -g or -p options. At the end of the update, the DRAC 5 performs a soft reset. -s The status option returns the current status of where you are in the update process. This option is always used by itself. -g The get option instructs the firmware to get the firmware update file from the TFTP server.
• racadm fwupdate -s This option reads the current status of the firmware update. • racadm fwupdate -p -u -d c:\ In this example, the firmware image for the update is provided by the host’s file system. • racadm -r 192.168.0.120 -u root -p racpassword fwupdate -g -u -a 192.168.0.120 -d In this example, RACADM is used to remotely update the firmware of a specified DRAC using the provided DRAC username and password. The image is retrieved from a TFTP server.
Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh/serial RACADM Input Table A-12 describes the getssninfo subcommand options. Table A-12. getssninfo Subcommand Options Option Description -A The -A option eliminates the printing of data headers. -u The -u user name option limits the printed output to only the detail session records for the given user name. If an "*" symbol is given as the user name, all users are listed.
getsysinfo NOTE: To use this command, you must have Log In To DRAC 5 permission. Table A-14 describes the racadm getsysinfo subcommand. Table A-14. getsysinfo Command Definition getsysinfo Displays DRAC 5 information, system information, and watchdog status information. Synopsis racadm getsysinfo [-d] [-s] [-w] [-A] Description The getsysinfo subcommand displays information related to the RAC, managed system, and watchdog configuration.
Output The getsysinfo subcommand displays information related to the RAC, managed system, and watchdog configuration. Sample Output RAC Information: RAC Date/Time Firmware Version Firmware Build Last Firmware Update = = = = Thu Dec 8 20:01:33 2005 1.0 05.12.
Watchdog Information: Recovery Action Present countdown value Initial countdown value = None = 0 seconds = 0 seconds Examples • racadm getsysinfo -A -s "System Information:" "PowerEdge 2900" "A08" "1.0" "EF23VQ-0023" "Hostname" "Microsoft Windows 2000 version 5.0, Build Number 2195, Service Pack 2" "ON" • racadm getsysinfo -w -s System Information: System Model System BIOS Version BMC Firmware Version Service Tag Host Name OS Name 2003 Power Status = = = = = = PowerEdge 2900 0.2.3 0.
getractime NOTE: To use this command, you must have Log In DRAC 5 permission. Table A-16 describes the getractime subcommand. Table A-16. getractime Subcommand Definition getractime Displays the current time from the remote access controller. Synopsis racadm getractime [-d] Description With no options, the getractime subcommand displays the time in a common readable format. With the -d option, getractime displays the time in the format, yyyymmddhhmmss.
ifconfig NOTE: To use this command, you must have Execute Diagnostic Commands or Configure DRAC 5 permission. Table A-17 describes the ifconfig subcommand. Table A-17. ifconfig Subcommand Definition ifconfig Displays the contents of the network interface table. Synopsis racadm ifconfig netstat NOTE: To use this command, you must have Execute Diagnostic Commands permission. Table A-18 describes the netstat subcommand. Table A-18.
ping NOTE: To use this command, you must have Execute Diagnostic Commands or Configure DRAC 5 permission. Table A-19 describes the ping subcommand. Table A-19. ping Subcommand Definition ping Verifies that the destination IP address is reachable from the DRAC 5 with the current routing-table contents. A destination IP address is required. An ICMP echo packet is sent to the destination IP address based on the current routing-table contents.
Synopsis racadm setniccfg -d racadm setniccfg -s [ ] racadm setniccfg -o [ ] Description The setniccfg subcommand sets the controller IP address. • The -d option enables DHCP for the Ethernet management port (default is DHCP enabled). • The -s option enables static IP settings. The IP address, netmask, and gateway can be specified. Otherwise, the existing static settings are used.
getniccfg NOTE: To use the getniccfg command, you must have Log In To DRAC 5 permission. Table A-21 describes the setniccfg and getniccfg subcommands. Table A-21. setniccfg/getniccfg Subcommand Definition getniccfg Displays the current IP configuration for the controller. Synopsis racadm getniccfg Description The getniccfg subcommand displays the current Ethernet management port settings.
getsvctag NOTE: To use this command, you must have Log In To DRAC 5 permission. Table A-22 describes the getsvctag subcommand. Table A-22. getsvctag Subcommand Definition getsvctag Displays a service tag. Synopsis racadm getsvctag Description The getsvctag subcommand displays the service tag of the host system. Example Type getsvctag at the command prompt. The output is displayed as follows: Y76TP0G The command returns 0 on success and nonzero on errors.
racdump NOTE: To use this command, you must have Debug permission. Table A-23 describes the racdump subcommand. Table A-23. racdump Subcommand Definition racdump Displays status and general DRAC 5 information. Synopsis racadm racdump Description The racdump subcommand provides a single command to get dump, status, and general DRAC 5 board information.
racreset NOTE: To use this command, you must have Configure DRAC 5 permission. Table A-24 describes the racreset subcommand. Table A-24. racreset Subcommand Definition racreset Resets the DRAC 5. NOTICE: When you issue a racreset subcommand, the DRAC may require up to one minute to return to a usable state. Synopsis racadm racreset [hard | soft] Description The racreset subcommand issues a reset to the DRAC 5. The reset event is written into the DRAC 5 log.
Examples • racadm racreset Start the DRAC 5 soft reset sequence. • racadm racreset hard Start the DRAC 5 hard reset sequence. Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh/serial RACADM racresetcfg NOTE: To use this command, you must have Configure DRAC 5 permission. Table A-26 describes the racresetcfg subcommand. Table A-26. racresetcfg Subcommand Definition racresetcfg Resets the entire RAC configuration to factory default values.
Description The racresetcfg command removes all database property entries that have been configured by the user. The database has default properties for all entries that are used to restore the card back to its original default settings. After resetting the database properties, the DRAC 5 resets automatically. NOTICE: This command deletes your current RAC configuration and resets the RAC and serial configuration to the original default settings.
Table A-28. serveraction Subcommand Options String Definition Specifies the action. The options for the string are: • powerdown — Powers down the managed system. • powerup — Powers up the managed system. • powercycle — Issues a power-cycle operation on the managed system. This action is similar to pressing the power button on the system’s front panel to power down and then power up the system.
Synopsis racadm getraclog -i racadm getraclog [-A] [-o] [-c count] [-s startrecord] [-m] Description The getraclog -i command displays the number of entries in the DRAC 5 log. The following options allow the getraclog command to read entries: • -A — Displays the output with no headers or labels. • -c — Provides the maximum count of entries to be returned. • -m — Displays one screen of information at a time and prompts the user to continue (similar to the UNIX more command).
clrraclog NOTE: To use this command, you must have Clear Logs permission. Synopsis racadm clrraclog Description The clrraclog subcommand removes all existing records from the RAC log. A new single record is created to record the date and time when the log was cleared. getsel NOTE: To use this command, you must have Log In To DRAC 5 permission. Table A-30 describes the getsel command. Table A-30. getsel Command Definition getsel -i Displays the number of entries in the System Event Log.
-s — Specifies the starting record used for the display -E — Places the 16 bytes of raw SEL at the end of each line of output as a sequence of hex values. -R — Only the raw data is printed. -m — Displays one screen at a time and prompts the user to continue (similar to the UNIX more command). NOTE: If no arguments are specified, the entire log is displayed. Output The default output display shows the record number, timestamp, severity, and description.
Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh/serial RACADM gettracelog NOTE: To use this command, you must have Log In To DRAC 5 permission. Table A-31 describes the gettracelog subcommand. Table A-31. gettracelog Command Definition gettracelog -i Displays the number of entries in the DRAC 5 trace log. gettracelog Displays the DRAC 5 trace log.
Output The default output display shows the record number, timestamp, source, and description. The timestamp begins at midnight, January 1 and increases until the system boots. After the system boots, the system’s timestamp is used. For example: Record: 1 Date/Time: Dec Source: ssnmgrd[175] 8 08:21:30 Description: root from 143.166.157.
Description The sslcsrgen subcommand can be used to generate a CSR and download the file to the client’s local file system. The CSR can be used for creating a custom SSL certificate that can be used for SSL transactions on the RAC. Options NOTE: The -f option is not supported for the serial/telnet/ssh console. Table A-33 describes the sslcsrgen subcommand options. Table A-33. sslcsrgen Subcommand Options Option Description -g Generates a new CSR.
Examples racadm sslcsrgen -s or racadm sslcsrgen -g -f c:\csr\csrtest.txt Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh/serial RACADM sslcertupload NOTE: To use this command, you must have Configure DRAC 5 permission. Table A-34 describes the sslcertupload subcommand. Table A-34. sslcertupload Subcommand Description sslcertupload Uploads a custom SSL server or CA certificate from the client to the RAC.
The sslcertupload command returns 0 when successful and returns a nonzero number when unsuccessful. Restrictions The sslcertupload subcommand can only be executed from a local or remote RACADM client. The sslcsrgen subcommand cannot be used in the serial, telnet, or SSH interface. Example racadm sslcertupload -t 1 -f c:\cert\cert.txt Supported Interfaces • Local RACADM • Remote RACADM sslcertdownload NOTE: To use this command, you must have Configure DRAC 5 permission.
Options Table A-37 describes the sslcertdownload subcommand options. Table A-37. sslcertdownload Subcommand Options Option Description -t Specifies the type of certificate to download, either the Microsoft® Active Directory® certificate or server certificate. 1 = server certificate 2 = Microsoft Active Directory certificate -f Specifies the file name of the certificate to be uploaded. If the -f option or the filename is not specified, the sslcert file in the current directory is selected.
sslcertview NOTE: To use this command, you must have Configure DRAC 5 permission. Table A-38 describes the sslcertview subcommand. Table A-38. sslcertview Subcommand Description sslcertview Displays the SSL server or CA certificate that exists on the RAC. Synopsis racadm sslcertview -t [-A] Options Table A-39 describes the sslcertview subcommand options. Table A-39.
Organizational Unit (OU) Common Name (CN) : Remote Access Group : DRAC5 default certificate Issuer Information: Country Code (CC) State (S) Locality (L) Organization (O) Organizational Unit (OU) Common Name (CN) : : : : : : Valid From Valid To : Jul : Jul racadm sslcertview -t 1 -A 00 US Texas Round Rock Dell Inc. Remote Access Group DRAC5 default certificate US Texas Round Rock Dell Inc.
sslkeyupload NOTE: To use this command, you must have Configure DRAC 5 permission. Table A-40 describes the sslkeyupload subcommand. Table A-40. sslkeyupload Subcommand Description sslkeyupload Uploads SSL key from the client to the DRAC 5. Synopsis racadm sslkeyupload -t [-f ] Options Table A-41 describes the sslkeyupload subcommand options. Table A-41. sslkeyupload Subcommand Options Option Description -t Specifies the key to upload.
Supported Interfaces • Local RACADM • Remote RACADM krbkeytabupload NOTE: To use this command, you must have Configure DRAC 5 permission. Table A-42 describes the krbkeytabupload subcommand. Table A-42. kerbkeytabupload Subcommand Description krbkeytabupload Uploads a Kerberos keytab file. Synopsis racadm krbkeytabupload [-f ] Options Table A-43 describes the krbkeytabupload subcommand options. Table A-43.
Supported Interfaces • Local RACADM • Remote RACADM testemail Table A-44 describes the testemail subcommand. Table A-44. testemail configuration Subcommand Description testemail Tests the RAC’s e-mail alerting feature. Synopsis racadm testemail -i Description Sends a test e-mail from the RAC to a specified destination. Prior to executing the test e-mail command, ensure that the specified index in the RACADM cfgEmailAlert group is enabled and configured properly.
Table A-45. testemail Configuration (continued) Action Command Ensure the SNMP IP address is configured properly racadm config -g cfgRemoteHosts -o cfgRhostsSmptServerIpAddr -i 192.168.0.152 View the current e-mail racadm getconfig -g cfgEmailAlert -i alert settings where is a number from 1 to 4 Options Table A-46 describes the testemail subcommand options. Table A-46. testemail Subcommands Option Description -i Specifies the index of the e-mail alert to test. Output None.
Synopsis racadm testtrap -i Description The testtrap subcommand tests the RAC’s SNMP trap alerting feature by sending a test trap from the RAC to a specified destination trap listener on the network. Before you execute the testtrap subcommand, ensure that the specified index in the RACADM cfgIpmiPet group is configured properly. Table A-48 provides a list and associated commands for the cfgIpmiPet group. Table A-48.
Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh/serial RACADM vmdisconnect NOTE: To use this command, you must have Access Virtual Media permission. Table A-50 describes the vmdisconnect subcommand. Table A-50. vmdisconnect Subcommand Description vmdisconnect Closes all open RAC virtual media connections from remote clients. Synopsis racadm vmdisconnect Description The vmdisconnect subcommand allows a user to disconnect another user's virtual media session.
vmkey NOTE: To use this command, you must have Access Virtual Media permission. Table A-51 describes the vmkey subcommand. Table A-51. vmkey Subcommand Description vmkey Performs virtual media key-related operations. Synopsis racadm vmkey If is configured as reset, the virtual flash memory is reset to the default size of 16 MB. Description When a custom virtual media key image is uploaded to the RAC, the key size becomes the image size.
Synopsis racadm usercertupload -t [-f ] -i Options Table A-53 describes the usercertupload subcommand options. Table A-53. usercertupload Subcommand Options Option Description -t Specifies the type of certificate to upload, either the CA certificate or server certificate. 1 = user certificate 2 = user CA certificate -f Specifies the file name of the certificate to be uploaded. If the file is not specified, the sslcert file in the current directory is selected.
usercertview NOTE: To use this command, you must have Configure DRAC 5 permission. Table A-54 describes the usercertview subcommand. Table A-54. usercertview Subcommand Description usercertview Displays the user certificate or user CA certificate that exists on the DRAC. Synopsis racadm sslcertview -t [-A] -i Options Table A-55 describes the sslcertview subcommand options. Table A-55.
localConRedirDisable NOTE: Only a local racadm user can execute this command. Table A-56 describes the localConRedirDisable subcommand. Table A-56. localConRedirDisable Subcommand Description localConRedirDisable Disables console redirection to the management station. Synopsis racadm localConRedirDisable
DRAC 5 Property Database Group and Object Definitions The DRAC 5 property database contains the configuration information for the DRAC 5. Data is organized by associated object, and objects are organized by object group. The IDs for the groups and objects that the property database supports are listed in this section. Use the group and object IDs with the racadm utility to configure the DRAC 5. The following sections describe each object and indicate whether the object is readable, writable, or both.
Default "Dell Remote Access Controller 5" Description Uses a text string to identify the product. idRacDescriptionInfo (Read Only) Legal Values String of up to 255 ASCII characters. Default "This system component provides a complete set of remote management functions for Dell PowerEdge servers." Description A text description of the RAC type. idRacVersionInfo (Read Only) Legal Values String of up to 63 ASCII characters. Default "1.
Default The current RAC firmware build version. For example, "05.12.06". Description A string containing the current product build version. idRacName (Read Only) Legal Values String of up to 15 ASCII characters. Default DRAC 5 Description A user assigned name to identify this controller. idRacType (Read Only) Default 6 Description Identifies the remote access controller type as the DRAC 5. cfgLanNetworking This group contains parameters to configure the DRAC 5 NIC.
cfgDNSDomainNameFromDHCP (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Specifies that the RAC DNS Domain Name should be assigned from the network DHCP server. cfgDNSDomainName (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values String of up to 254 ASCII characters. At least one of the characters must be alphabetic.
Legal Values String of up to 63 ASCII characters. At least one character must be alphabetic. NOTE: Some DNS servers only register names of 31 characters or fewer. Default rac-service tag Description Displays the RAC name, which is rac-service tag (by default). This parameter is only valid if cfgDNSRegisterRac is set to 1 (TRUE). cfgDNSRegisterRac (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
Description Specifies that the DNS server IP addresses should be assigned from the DHCP server on the network. cfgDNSServer1 (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values A string representing a valid IP address. For example: "192.168.0.20". Description Specifies the IP address for DNS server 1. This property is only valid if cfgDNSServersFromDHCP is set to 0 (FALSE).
Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the RAC network interface controller. If the NIC is disabled, the remote network interfaces to the RAC will no longer be accessible, and the RAC will only be available through the serial or local RACADM interfaces. cfgNicIpAddress (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. This parameter is only configurable if the cfgNicUseDhcp parameter is set to 0 (FALSE).
Default 255.255.255.0 Description The subnet mask used for static assignment of the RAC IP address. This property is only valid if cfgNicUseDhcp is set to 0 (FALSE). cfgNicGateway (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. This parameter is only configurable if the cfgNicUseDhcp parameter is set to 0 (FALSE). Legal Values A string representing a valid gateway IP address. For example: "192.168.0.1". Default 192.168.0.
Description Specifies whether DHCP is used to assign the RAC IP address. If this property is set to 1 (TRUE), then the RAC IP address, subnet mask, and gateway are assigned from the DHCP server on the network. If this property is set to 0 (FALSE), the static IP address, subnet mask, and gateway is assigned from the cfgNicIpAddress, cfgNicNetmask, and cfgNicGateway properties. NOTE: If you are updating your system remotely, use the setniccfg command.
cfgNicMacAddress (Read Only) Legal Values A string representing the RAC NIC MAC address. Default The current MAC address of the RAC NIC. For example, "00:12:67:52:51:A3". Description The RAC NIC MAC address. cfgNicVLanEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the VLAN capabilities of the RAC/BMC.
Description Specifies the VLAN ID for the network VLAN configuration. This property is only valid if cfgNicVLanEnable is set to 1 (enabled). cfgNicVLanPriority (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0–7 Default 0 Description Specifies the VLAN Priority for the network VLAN configuration. This property is only valid if cfgNicVLanEnable is set to 1 (enabled).
cfgRhostsFwUpdateTftpEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables or disables the RAC firmware update from a network TFTP server. cfgRhostsFwUpdateIpAddr (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values A string representing a valid TFTP server IP address. For example, 192.168.0.61. Default 0.0.0.
Default "" Description Specifies TFTP path where the RAC firmware image file exists on the TFTP server. The TFTP path is relative to the TFTP root path on the TFTP server. NOTE: The server may still require you to specify the drive (for example, C). cfgUserAdmin This group provides configuration information about the users who are allowed to access the RAC through the available remote interfaces. Up to 16 instances of the user group are allowed.
Legal Values 2 (User) 3 (Operator) 4 (Administrator) 15 (No access) Default 4 (User 2) 15 (All others) Description The maximum privilege on the IPMI serial channel. cfgUserAdminPrivilege (Read/Write) NOTE: To modify this property, you must have Configure Users permission. Legal Values 0x0000000 to 0x00001ff, and 0x0 Default 0x0000000 Description This property specifies the allowed role-based authority privileges allowed for the user.
Table B-2. Bit Masks for User Privileges (continued) User Privilege Privilege Bit Mask Clear Logs 0x0000008 Execute Server Control Commands 0x0000010 Access Console Redirection 0x0000020 Access Virtual Media 0x0000040 Test Alerts 0x0000080 Execute Debug Commands 0x0000100 Examples Table B-3 provides sample privilege bit masks for users with one or more privileges. Table B-3.
Default "" Description The name of the user for this index. The user index is created by writing a string into this name field if the index is empty. Writing a string of double quotes ("") deletes the user at that index. You cannot change the name. You must delete and then recreate the name. The string must not contain "/" (forward slash, "\" (backslash), "." (period), "@" ("at" symbol) or quotations marks. NOTE: This property value MUST be unique from other user instances.
Description Enables or disables an individual user. cfgUserAdminSolEnable NOTE: To modify this property, you must have Config Users permission. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables Serial Over LAN (SOL) user access. cfgEmailAlert This group contains parameters to configure the RAC e-mail alerting capabilities. The following subsections describe the objects in this group. Up to four instances of this group are allowed.
cfgEmailAlertEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Specifies the destination e-mail address for e-mail alerts. For example, user1@company.com. cfgEmailAlertAddress (Read Only) Legal Values E-mail address format, with a maximum length of 64 ASCII characters. Default "" Description The e-mail address of the alert source. cfgEmailAlertCustomMsg (Read Only) Legal Values String. Maximum Length = 32.
cfgSessionManagement This group contains parameters to configure the number of sessions that can connect to the DRAC 5. One instance of the group is allowed. The following subsections describe the objects in this group. cfgSsnMgtConsRedirMaxSessions (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1–2 Default 2 Description Specifies the maximum number of console redirection sessions allowed on the RAC.
cfgSsnMgtWebserverTimeout (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 60 – 1920 Default 300 Description Defines the Web server time-out. This property sets the amount of time in seconds that a connection is allowed to remain idle (there is no user input). The session is cancelled if the time limit set by this property is reached.
An expired Secure Shell session displays the following error message only after you press : Warning: Session no longer valid, may have timed out After the message appears, the system returns you to the shell that generated the Secure Shell session. cfgSsnMgtTelnetTimeout (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0 (No timeout) 60 – 1920 Default 0 Description Defines the Telnet idle time-out.
cfgSerialBaudRate (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 9600, 28800, 57600, 115200 Default 57600 Description Sets the baud rate on the DRAC 5 serial port. cfgSerialConsoleEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the RAC serial console interface.
Default ^\ (<\>) NOTE: The "^" is the key. Description This key or key combination terminates text console redirection when using the connect com2 command.
cfgSerialConsoleNoAuth (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0 (enables serial login authentication) 1 (disables serial login authentication) Default 0 Description Enables or disables the RAC serial console login authentication. cfgSerialConsoleCommand (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
Description Specifies the maximum size of the serial history buffer. cfgSerialSshEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables or disables the secure shell (SSH) interface on the DRAC 5. cfgSerialTelnetEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
Legal Values 1 (TRUE) 0 (FALSE) Description Enables or disables the console for COM 2 port redirection. cfgNetTuning This group enables users to configure the advanced network interface parameters for the RAC NIC. When configured, the updated settings may take up to a minute to become active. NOTICE: Use extra precaution when modifying properties in this group. Inappropriate modification of the properties in this group can result in your RAC NIC become inoperable.
cfgNetTuningNic100MB (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0 (10 MBit) 1 (100 MBit) Default 1 Description Specifies the speed to use for the RAC NIC. This property is not used if the cfgNetTuningNicAutoNeg is set to 1 (enabled). cfgNetTuningNicFullDuplex (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
Default 1500 Description The size in bytes of the maximum transmission unit used by the DRAC 5 NIC. cfgNetTuningTcpSrttDflt (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 6 – 384 Default 6 Description The smoothed round trip time-out base default value for TCP retransmission round trip time in ½ second units. (Type hexadecimal values.) cfgOobSnmp The group contains parameters to configure the SNMP agent and trap capabilities of the DRAC 5.
Description Specifies the SNMP Community Name used for SNMP Traps. cfgOobSnmpAgentEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the SNMP agent in the RAC. cfgRacTuning This group is used to configure various RAC configuration properties, such as valid ports and security port restrictions.
cfgRacTuneHttpsPort (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 10 – 65535 Default 443 Description Specifies the port number to use for HTTPS network communication with the RAC. cfgRacTuneIpRangeEnable NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the IP Address Range validation feature of the RAC.
Description Specifies the acceptable IP address bit pattern in positions determined by the 1's in the range mask property (cfgRacTuneIpRangeMask). cfgRacTuneIpRangeMask NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values Standard IP mask values with left-justified bits Default 255.255.255.0 Description String, IP-address formatted. For example, 255.255.255.0. cfgRacTuneIpBlkEnable NOTE: To modify this property, you must have Configure DRAC 5 permission.
Default 5 Description The maximum number of login failure to occur within the window before the login attempts from the IP address are rejected. cfgRacTuneIpBlkFailWindow NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 2 – 65535 Default 60 Description Defines the timespan in seconds that the failed attempts are counted. When the failure attempts age to this limit, the failures are dropped from the count.
cfgRacTuneSshPort (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 – 65535 Default 22 Description Specifies the port number used for the RAC SSH interface. cfgRacTuneTelnetPort (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 – 65535 Default 23 Description Specifies the port number used for the RAC telnet interface.
Description Enables or disables the Remote RACADM interface in the RAC. cfgRacTuneConRedirEncryptEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Encrypts the video in a console redirection session. cfgRacTuneConRedirPort (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
Legal Values 1 – 65535 Default 5901 Description Specifies the port to be used for video traffic during Console Redirection activity with the RAC. NOTE: This object requires a DRAC 5 reset before it becomes active. cfgRacTuneAsrEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables the crash screen capture feature of the RAC.
Description Specifies the daylight savings offset (in minutes) to use for the RAC Time. cfgRacTuneTimezoneOffset (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values -720 – 780 Default 0 Description Specifies the timezone offset (in minutes) from GMT/UTC to use for the RAC Time.
Description Enables and disables the RAC Web server. If this property is disabled, the RAC will not be accessible using client Web browsers or remote RACADM. This property has no effect on the telnet/ssh/serial or local RACADM interfaces. cfgRacTuneLocalServerVideo (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (Enables) 0 (Disables) Default 1 Description Enables (switches ON) or disables (switches OFF) the local server video.
cfgRacTuneCtrlEConfigDisable NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the ability to disable the ability of the local user to configure the DRAC 5 from the BIOS POST option-ROM. ifcRacManagedNodeOs This group contains properties that describe the Managed Server operating system. One instance of the group is allowed. The following subsections describe the objects in this group.
Legal Values String. Maximum Length = 255. Default "" Description The operating system name of the managed system. cfgRacSecurity This group is used to configure settings related to the RAC SSL certificate signing request (CSR) feature. The properties in this group MUST be configured prior to generating a CSR from the RAC. See the RACADM sslcsrgen subcommand details for more information on generating certificate signing requests.
Default "" Description Specifies the CSR Organization Name (O). cfgRacSecCsrOrganizationUnit (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values String. Maximum Length = 254. Default "" Description Specifies the CSR Organization Unit (OU). cfgRacSecCsrLocalityName (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values String. Maximum Length = 254. Default "" Description Specifies the CSR Locality (L).
Default "" Description Specifies the CSR State Name (S). cfgRacSecCsrCountryCode (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values String. Maximum Length = 2. Default "" Description Specifies the CSR Country Code (CC) cfgRacSecCsrEmailAddr (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values String. Maximum Length = 254. Default "" Description Specifies the CSR e-mail Address.
cfgRacSecCsrKeySize (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1024 2048 4096 Default 1024 Description Specifies the SSL asymmetric key size for the CSR. cfgRacVirtual This group contains parameters to configure the DRAC 5 Virtual Media feature. One instance of the group is allowed. The following subsections describe the objects in this group.
are attached you then can connect to the virtual devices remotely using DRAC5 web-based interface or the CLI. Setting this object to 0 will cause the devices to detach from the USB bus. NOTE: You must restart your system to enable all changes. cfgVirAtapiSrvPort (Read/Write) NOTE: To modify this property, you must have Access Virtual Media permission. Legal Values 1 – 65535 Default 3669 Description Specifies the port number used for encrypted virtual media connections to the RAC.
cfgVirMediaKeyEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the virtual media key feature of the RAC. cfgVirMediaBootOnce (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (Enabled) 0 (Disabled) Default 0 Description Enables or disables the virtual media boot-once feature of the RAC.
Legal Values 1 (True) 0 (False) Default 0 Description When set to 0, the Virtual Floppy drive is recognized as a removable disk by Windows operating systems. Windows operating systems will assign a drive letter that is C: or higher during enumeration. When set to 1, the Virtual Floppy drive will be seen as a floppy drive by Windows operating systems. Windows operating systems will assign a drive letter of A: or B:.
Legal Values Any printable text string with no white space. Length is limited to 254 characters. Default "" Description Name of DRAC as recorded in the Active Directory forest. cfgADEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables Active Directory user authentication on the RAC. If this property is disabled, local RAC authentication is used for user logins instead.
Description 1 (True) enables you to specify an LDAP or a Global Catalog server. 0 (False) disables this option. cfgADDomainController (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values Valid IP address or fully qualified domain name (FQDN) Default No default values Description DRAC 5 uses the value you specify, to search the LDAP server for user names.
Format : Default No default values Description DRAC 5 uses the value you specify, to search the Association Object for user names. cfgADSmartCardLogonEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the Smart Card logon on DRAC 5. cfgADCRLEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
Description Enables or disables the Certificate Revocation List (CRL) check for Active Directory-based Smart Card users. cfgADAuthTimeout (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 15 – 300 Default 120 Description Specifies the number of seconds to wait for Active Directory authentication requests to complete before timing out. cfgADRootDomain (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
cfgADType (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 = Enables Extended Schema with Active Directory. 2 = Enables Standard Schema with Active Directory. Default 1 = Extended Schema Description Determines the schema type to use with Active Directory. cfgADSSOEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
Description Index of the Role Group as recorded in the Active Directory. cfgSSADRoleGroupName (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values Any printable text string with no white space. Length is limited to 254 characters. Default (blank) Description Name of the Role Group as recorded in the Active Directory forest. cfgSSADRoleGroupDomain (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
Default (blank) Description Use the bit mask numbers in Table B-4 to set role-based authority privileges for a Role Group. Table B-4.
Description When the DRAC 5 cfgSerialConsoleEnable property is set to 0 (disabled), the DRAC 5 serial port becomes the IPMI serial port. This property determines the IPMI defined mode of the serial port. In Basic mode, the port uses binary data with the intent of communicating with an application program on the serial client. In Terminal mode, the port assumes that a dumb ASCII terminal is connected and allows very simple commands to be entered.
cfgIpmiSerialFlowControl (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0 (None) 1 (CTS/RTS) 2 (XON/XOFF) Default 1 Description Specifies the flow control setting for the IPMI serial port. cfgIpmiSerialHandshakeControl (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables he IPMI terminal mode handshake control.
Default 1 Description Enables or disables line editing on the IPMI serial interface. cfgIpmiSerialEchoControl (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables echo control on the IPMI serial interface. cfgIpmiSerialDeleteControl (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission.
Legal Values 0 (None) 1 (CR-LF) 2 (NULL) 3 () 4 () 5 () Default 1 Description Specifies the newline sequence specification for the IPMI serial interface. cfgIpmiSerialInputNewLineSequence (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0 () 1 (NULL) Default 1 Description Specifies the input newline sequence specification for the IPMI serial interface.
cfgIpmiSolEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables Serial Over LAN (SOL). cfgIpmiSolBaudRate (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 9600, 19200, 57600, 115200 Default 57600 Description The baud rate for serial communication over LAN.
Default 4 Description Specifies the minimum privilege level required for serial over LAN access. cfgIpmiSolAccumulateInterval (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1 – 255. Default 10 Description Specifies the typical amount of time that the BMC waits before transmitting a partial SOL character data packet. This value is 1-based 5ms increments.
cfgIpmiLanEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables the IPMI-Over-LAN interface. cfgIpmiLanPrivLimit (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 2 (User) 3 (Operator) 4 (Administrator) Default 0 Description Specifies the maximum privilege level allowed for IPMI over LAN access.
Default 1 Description Enables or disables global e-mail alerting. This property overrides all individual e-mail alerting enable/disable properties. cfgIpmiEncryptionKey (Read/Write) NOTE: To view or modify this property, you must have Configure DRAC 5 permission and administrator privileges. Legal Values A string of hexadecimal digits from 0 to 20 characters with no spaces. Default "00000000000000000000" Description The IPMI encryption key.
cfgIpmiPef This group is used to configure the platform event filters available on the managed server. The event filters can be used to control policy related to actions that are triggered when critical events occur on the managed system. cfgIpmiPefName (Read Only) Legal Values String. Maximum Length = 255. Default The name of the index filter. Description Specifies the name of the platform event filter.
cfgIpmiPefAction (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0 (None) 1 (Power Down) 2 (Reset) 3 (Power Cycle) Default 0 Description Specifies the action that is performed on the managed system when the alert is triggered. cfgIpmiPefEnable (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables a specific platform event filter.
cfgIpmiPetIndex (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values 1–4 Default The appropriate index value. Description Unique identifier for the index corresponding to the trap. cfgIpmiPetAlertDestIpAddr (Read/Write) NOTE: To modify this property, you must have Configure DRAC 5 permission. Legal Values String representing a valid IP address. For example, 192.168.0.67. Default 0.0.0.
Default 1 Description Enables or disables a specific trap.
Supported RACADM Interfaces The following table provides an overview of RACADM subcommands and their corresponding interface support. Table C-1.
Table C-1.
Glossary Active Directory Active Directory is a centralized and standardized system that automates network management of user data, security, and distributed resources, and enables interoperation with other directories. Active Directory is designed especially for distributed networking environments. AGP Abbreviation for accelerated graphics port, which is a bus specification that allows graphics cards faster access to main system memory.
CA A certificate authority is a business entity that is recognized in the IT industry for meeting high standards of reliable screening, identification, and other important security criteria. Examples of CAs include Thawte and VeriSign. After the CA receives your CSR, they review and verify the information the CSR contains.
DLL Abbreviation for Dynamic Link Library, which is a library of small programs, any of which can be called when needed by a larger program that is running in the system. The small program that lets the larger program communicate with a specific device such as a printer or scanner is often packaged as a DLL program (or file). DDNS Abbreviation for Dynamic Domain Name System. DMTF Abbreviation for Distributed Management Task Force. DNS Abbreviation for Domain Name System.
GPIO Abbreviation for general purpose input/output. GRUB Acronym for GRand Unified Bootloader, a new and commonly-used Linux loader. GUI Abbreviation for graphical user interface, which refers to a computer display interface that uses elements such as windows, dialog boxes, and buttons as opposed to a command prompt interface, in which all user interaction is displayed and typed in text. hardware log Records events generated by the DRAC 5 and the BMC.
LAN Abbreviation for local area network. LDAP Abbreviation for Lightweight Directory Access Protocol. LED Abbreviation for light-emitting diode. LOM Abbreviation for Local area network On Motherboard. MAC Acronym for media access control, which is a network sublayer between a network node and the network physical layer. MAC address Acronym for media access control address, which is a unique address embedded in the physical components of a NIC.
NIC Abbreviation for network interface card. An adapter circuit board installed in a computer to provide a physical connection to a network. OID Abbreviation for Object Identifiers. PCI Abbreviation for Peripheral Component Interconnect, which is a standard interface and bus technology for connecting peripherals to a system and for communicating with those peripherals. PKI Abbreviation for Public Key Infrastructure.
RPM Abbreviation for Red Hat Package Manager, which is a package-management system for the Red Hat Enterprise Linux operating system that helps installation of software packages. It is similar to an installation program. SAC Acronym for Microsoft’s Special Administration Console. SAP Abbreviation for Service Access Point. SEL Acronym for system event log. SMI Abbreviation for systems management interrupt.
standard schema A solution used with Active Directory to determine user access to DRAC 5; uses Active Directory group objects only. TAP Abbreviation for Telelocator Alphanumeric Protocol, which is a protocol used for submitting requests to a pager service. TCP/IP Abbreviation for Transmission Control Protocol/Internet Protocol, which represents the set of standard Ethernet protocols that includes the network layer and transport layer protocols.
Index A Active Directory adding DRAC 5 users, 118 configuring access to the DRAC 5, 111 extending schemas, 111 logging in to the DRAC 5, 135 objects, 107 schema extensions, 106 using with extended schema, 106 using with standard schema, 100 using with the DRAC 5, 99 B BIOS setup configuring on a managed system, 48 certificates exporting the root CA certificate, 132 SSL and digital, 203 uploading a server certificate, 207 viewing a server certificate, 207 configuration file creating, 81 configuring serial
DRAC 5 (continued) enabling security options, 212 enabling serial/telnet/ssh console, 54 securing communications, 203 updating the firmware, 39 H hardware installing, 33 E e-mail alerts configuring, 249 configuring using RACADM CLI, 249 configuring using the web user interface, 249 example see sample extended schema using with Active Directory, 106 F features DRAC 5, 27 DRAC 5 hardware, 24 new, 23 firmware downloading, 39 updating, 39 frequently asked questions managing and recovering a remote system, 88
Linux XTerm configuring for telnet console redirection, 65 logs operating system boot, 268 POST, 268 N network properties configuring manually, 86 configuring using racadm, 86 O M operating system boot, 268 managed system accessing through the local serial port, 61 capturing the last crash screen, 243 configuring BIOS setup, 48 enabling serial or telnet console, 47 installing software, 36 P management station configuring, 154 configuring a Red Hat Enterprise Linux management station, 37 configuring te
property database groups cfcRacManagedNodesOs, 366 cfgActiveDirectory, 373 cfgEmailAlert, 345 cfgIpmiLan, 386 cfgIpmiPef, 389 cfgIpmiPet, 390 cfgIpmiSerial, 380 cfgIpmiSol, 384 cfgLanNetworking, 331 cfgNetTuning, 354 cfgOobSnmp, 356 cfgRacSecurity, 367 cfgRacTuning, 357 cfgRacVirtual, 370 cfgRemoteHosts, 339 cfgSerial, 349 cfgSessionManagement, 347 cfgUserAdmin, 341 idRacInfo, 329 R RAC serial configuring, 58 RAC serial interface about, 49 RACADM attaching virtual media, 179 configuring serial and telnet,
RACADM subcommands (continued) testemail, 321 testtrap, 322 usercertupload, 325 userertview, 327 vmdisconnect, 324 vmkey, 325 serial console connecting the DB-9 cable, 62 using, 67 racadm utility configuring network properties, 86 parsing rules, 83 subcommands, 281 server certificate uploading, 207 viewing, 207 reboot option disabling, 244 Red Hat Enterprise Linux configuring for serial console redirection, 49 remote access connections supported, 26 serial mode configuring, 58 Serial Over LAN (SOL) con
T telnet console using, 67 terminal mode configuring, 58, 60 VM-CLI about, 183 deploying the operating system, 191 operating system shell options, 188 parameters, 185 using, 183 U usercertupload, 325 web browser configuring, 41 V video viewer accessing the viewer menu bar, 159 using, 159 virtual flash configuring, 182 disabling, 182 enabling, 182 using, 181 virtual media about, 173 attaching, 178 booting, 179 detaching, 178 installing the operating system, 180 installing the plug-in, 175 running, 176 su
