Manualshelf

White Papers

ManualsBrandsDell ManualsActive System ManagerDRAC5 Version 1.60
11121314151617181920
PAGE 20 OF 24
reluctant to use the shared NIC feature because they want to separate regular host traffic from
management traffic; if so, they can use VLANs to segment the traffic.
Web Browser Security
The browser connects to our web server via the HTTPS port. All the data streams are encrypted
using 128-bit SSL to provide privacy and integrity. Any connection to the HTTP port will be
redirected to HTTPS. Administrators can upload their own SSL certificate via an SSL CSR
generation process to secure the web server. The default HTTP and HTTPS ports can be
changed. DRAC 5 ensures that user access is restricted by user privileges.
Remote CLI Security
The Remote RACADM utility is a CLI tool that can be used to configure and manage a DRAC 5.
This scriptable utility can be installed on a management station. The RACADM installed on a
management station is referred to as Remote RACADM. The Remote RACADM communicates
with DRAC 5 through its network interface, and it uses an HTTPS channel to communicate with
DRAC 5. A user must successfully pass its user authentication and must have sufficient privileges
to be able to execute the desired command. Since Remote RACADM uses an HTTPS channel, all
the command data and return data are encrypted by SSL. The encryption ciphers supported are
the same as the web GUI interface.
Local CLI Security
The Local RACADM utility is a CLI tool that can be used to configure and manage a DRAC 5 from
the host server. This scriptable utility can only be installed on the managed system. The RACADM
installed on a local managed system is called Local RACADM. Local RACADM communicates with
DRAC 5 through its in-band IPMI host interface. Since it is installed on the local managed system,
users are required to log in to the operating system to run this utility. The Local RACADM utility
requires that a user must have a full administrator privilege or be a root user to use this utility. On a
Microsoft Windows
®
system, a user must have the administrator privilege on the system to run the
Local RACADM utility. If the user does not have administrator privilege, an error message is
displayed indicating that they do not have privileges to run this utility. On a Linux-based system, a
user must log in as root on the system to have a right to run the local RACADM utility.
A user who can run Local RACADM is guaranteed to have administrator privilege to the system.
The administrator privilege level indicates that the user has full rights to manage DRAC 5 including
configuration, power management, firmware update, debug, and so on.
SSH Security
The SSH service is enabled by default on DRAC 5. RACADM CLI can be run in SSH. SSH service
can be disabled via DRAC 5 configuration setting. DRAC 5 only supports SSH version 2.
DRAC 5 supports DSA and the RSA host key algorithm. A unique 1024-bit DSA and 1024-bit RSA
host key is generated during a DRAC 5 first time power on.
DRAC 5 SSH:
Supports SHA-1 and MD5 hash algorithms
Supports the diffie-hellman-group1-sha1 key exchange algorithm
Supports DSA and RSA public key (asymmetric encryption) algorithms
Supports 3DES-CBC, blowfish-cbc, cast128-cbc, and rc4-cbc symmetric encryption