Manualshelf

White Papers

ManualsBrandsDell ManualsActive System ManagerDRAC5 Version 1.60
12345678910
PAGE 9 OF 24
The Active Directory data is a distributed database of Attributes and Classes. The Active Directory
schema includes the rules that determine the type of data that can be added or included in the
database. The user class is one example of a Class that is stored in the database. Some example
user class attributes can include the user’s first name, last name, phone number, and so on.
Companies can extend the Active Directory database by adding their own unique Attributes and
Classes to solve environment-specific needs. Dell has extended the schema to include the
necessary changes to support remote management Authentication and Authorization.
To provide the greatest flexibility in a variety of customer environments, Dell provides a group of
properties that can be configured by the user depending on the desired results. Dell has extended
the schema to include Association, Device, and Privilege properties. The Association property is
used to link together the users or groups with a specific set of privileges to one or more RAC
devices. This model provides an Administrator with maximum flexibility over the different
combinations of users, RAC privileges, and RAC devices on the network without adding too much
complexity.
Figure 1: Dell Extended Schema Active Directory Architecture
DRAC 5 authenticates against Active Directory using LDAP simple binding and queries Active
Directory objects via an SSL channel. All data including user name and password for
authentication are sent via an encrypted channel to Active Directory. When a DRAC 5 establishes
an SSL connection with Active Directory Domain Controller, it verifies the Domain Controller entity
via SSL server authentication. The root CA SSL certificate (which is used to sign all the Domain
Controller= SSL certificates) has been imported to the DRAC. DRAC 5 supports up to a 4096-bit
root CA certificate and Domain Controller SSL certificate.
Dell strongly recommend following the Microsoft PKI best practices and using 4096-bit for the root
CA certificate and a 1024-bit for the Domain Controller certificate.