Dell EMC OpenManage Enterprise Version 3.6 User's Guide June 2021 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2017 - 2021 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents Tables........................................................................................................................................... 9 Chapter 1: About Dell EMC OpenManage Enterprise.....................................................................10 New in this release............................................................................................................................................................. 11 Other information you may need..........................
Protocol support matrix for discovering devices.......................................................................................................44 View device discovery job details..................................................................................................................................45 Edit a device discovery job.............................................................................................................................................
Run and download Diagnostic reports................................................................................................................... 65 Extract and download SupportAssist reports...................................................................................................... 66 Managing individual device hardware logs............................................................................................................ 66 Run remote–RACADM and IPMI–commands on individual devices.
Network types..............................................................................................................................................................95 Edit or delete a configured network.............................................................................................................................95 Export VLAN definitions..................................................................................................................................................
Create a job for managing power devices................................................................................................................. 127 Create a Remote command job for managing devices........................................................................................... 128 Create a job to change the virtual console plugin type.......................................................................................... 128 Select target devices and device groups.......................
Edit an OpenID Connect provider details in OpenManage Enterprise.......................................................... 154 Enable OpenID Connect providers........................................................................................................................ 155 Delete OpenID Connect providers.........................................................................................................................155 Disable OpenID Connect providers.........................................
Tables 1 Other information you may need........................................................................................................................... 11 2 OpenManage Enterprise User role types............................................................................................................14 3 Role-based user privileges in OpenManage Enterprise...................................................................................16 4 Minimum recommended hardware....................
1 About Dell EMC OpenManage Enterprise OpenManage Enterprise is a systems management and monitoring web application delivered as a virtual appliance. It provides a comprehensive view of the Dell EMC servers, chassis, storage, and network switches on the enterprise network. With OpenManage Enterprise, a web-based one‑to‑many systems management application, users can: ● Discover devices in a data center environment. ● View hardware inventory and monitor health of devices.
● ● ● ● ● Manage the device warranty on page 130 Reports on page 132 Managing MIB files on page 137 Role and scope based access control in OpenManage Enterprise on page 15 Directory services integration in OpenManage Enterprise on page 148 Topics: • • • • New in this release Other information you may need Contacting Dell EMC OpenManage Enterprise Advanced license New in this release ● Scope-based access control (SBAC) now allows a more efficient and secure management of the discovered devices.
Table 1. Other information you may need (continued) Document Description Availability Dell EMC SupportAssist Enterprise User's Guide Provides information about installing, configuring, using, and troubleshooting SupportAssist Enterprise. Dell.com/ServiceabilityTools Contacting Dell EMC NOTE: If you do not have an active internet connection, you can find contact information on your purchase invoice, packing slip, bill, or Dell EMC product catalog.
Verify license information OpenManage Enterprise provides a built-in report to view the list of devices monitored by OpenManage Enterprise, and their licenses. Click OpenManage Enterprise > Monitor > Reports > License Report. Click Run. See Run reports on page 133. You can verify if the OpenManage Enterprise Advanced license is installed on a server by: ● On all pages of OpenManage Enterprise, in the upper-right corner, click the i symbol, and then click Licenses.
2 Security features in OpenManage Enterprise Some of the security features of OpenManage Enterprise are: ● Role-based access control allows different device management functionality for different user roles (Administrator, Device Manager, Viewer). ● Scope-based access control allows an administrator to determine the device groups that the device managers are expected to manage. ● Hardened appliance with Security-Enhanced Linux (SELinux) and an internal firewall.
Table 2. OpenManage Enterprise User role types (continued) User with this role... Has the following user privileges ● Can create local, Microsoft Active Directory (AD), and LDAP users and assign suitable roles ● Enable and disable users ● Modify the roles of existing users ● Delete the users ● Change the user password Device Manager (DM) ● Run tasks, policies, and other actions on the devices (scope) assigned by the Administrator.
Table 3. Role-based user privileges in OpenManage Enterprise OpenManage Privilege Description Enterprise features User levels for accessing OpenManage Enterprise Admin Device Manager Viewer Appliance setup Global appliance settings involving setting up of the appliance.
Scope-Based Access Control (SBAC) in OpenManage Enterprise With the use of Role-Based Access Control (RBAC) feature, administrators can assign roles while creating users. Roles determine their level of access to the appliance settings and device management features. Scope-based Access Control (SBAC) is an extension of the RBAC feature that allows an administrator to restrict a Device Manager role to a subset of device groups called scope.
● User dm1 is a member of two AD groups (adg1 and adg2). Both AD groups have been assigned the DM role, with scope assignments for the AD groups as follows: adg1 is given access to g1 and adg2 is given access to g2. If g1 is the superset of g2, then the scope of dm1 is the larger scope (g1, all its child groups, and all leaf devices). When a user is a member of multiple AD groups that have different roles, the higher-functionality role takes precedence (in the order Administrator, DM, Viewer).
3 Install OpenManage Enterprise Dell EMC OpenManage Enterprise is provided as an appliance that you can install on a hypervisor and manage resources to minimize downtime. The virtual appliance can be configured from the application web console after initial network provisioning in the Text User Interface (TUI). For steps to view and update the console version, see Check and update the version of the OpenManage Enterprise and the available plugins on page 160.
Minimum system requirements for deploying OpenManage Enterprise Table 5. Minimum requirements Particulars Minimum requirements Supported hypervisors ● VMware vSphere versions: ○ vSphere ESXi 5.5 onwards ● Microsoft Hyper-V supported on: ○ Windows Server 2012 R2 onwards ● KVM supported on: ○ Red Hat Enterprise Linux 6.5 onwards Network Available virtual NIC which has access to the management networks of all the devices which is managed from OpenManage Enterprise.
10. On the Ready to Complete page, review the options you selected on previous pages and click Finish to run the deployment job. A completion status window displays where you can track job progress. Deploy OpenManage Enterprise on Hyper-V 2012 R2 and earlier host NOTE: ● To perform any tasks on OpenManage Enterprise, you must have necessary user privileges.
● If a secondary adapter is added before powering on the appliance for the first time, the adapter will be configured with IPv4 and IPv6 disabled. Upon login to the TUI, and after accepting the EULA and changing the admin password, the adapter will show up as DISABLED and must be configured by the user. ● After installing or upgrading the appliance on Hyper-V, power off the appliance, remove the standard network adapter and add a legacy network adapter, and then power on the appliance. 1.
5. On the Specify Name and Location page ● provide the Virtual machine name. ● (Optional) Select the Store the virtual machine in a different location check box to activate the Location field, and then browse and navigate to capture a folder location where the VM would be stored. NOTE: If the check box is not selected, the VM is stored in the default folder. 6. Click Next 7. On the Specify Generation page, select Generation 1 and click Next. NOTE: OpenManage Enterprise does not support Generation 2. 8.
Deploy OpenManage Enterprise programmatically OpenManage Enterprise can be deployed programmatically (using a script) on VMWare ESXi version 6.5 or later. NOTE: Programmatic/scripted deployment is only supported using the primary interface. NOTE: If a secondary adapter is added before powering on the appliance for the first time, the adapter will be configured with IPv4 and IPv6 disabled.
NOTE: The ovftool command must be run with the --X:injectOvfEnv and --powerOn flags because they are required for programmatic deployment. After the ovftool command is run, the manifest validates and the deployment begins.
4 Get started with OpenManage Enterprise Topics: • • • • • • Log in to OpenManage Enterprise Configure OpenManage Enterprise by using Text User Interface Configure OpenManage Enterprise Recommended scalability and performance settings for optimal usage of OpenManage Enterprise Supported protocols and ports in OpenManage Enterprise Use case links for the supported protocols and ports in OpenManage Enterprise Log in to OpenManage Enterprise When you boot the system for the first time from the Text User Inte
You can configure OpenManage Enterprise by using the TUI. The TUI screen has the following options: Table 7. Text User Interface options Options Descriptions Change the Admin Password Select Change the Admin Password screen to enter a new password and confirm the password. For the first time, you must change the password by using the TUI screen. Display Current Appliance Status Select Display Current Appliance Status to view the URL and the status of the appliance.
Table 7. Text User Interface options (continued) Options Descriptions ambiguity. The primary interface is also expected to be the 'public facing' interface which allows for corporate network/ internet connectivity. Different firewall rules are applied to the primary interface, which allow for tighter access control such as access restriction by IP range. NOTE: If multihoming is enabled, the appliance can be accessed from two networks.
Table 7. Text User Interface options (continued) Options Descriptions Restart Services Select Restart Services with the following options to restart the services and networking: ● Restart All Services ● Restart Networking Setup Debug Logging Select Setup Debug Logging using the following options : ● Enable Debug Logs—to collect the Debug logs of the application monitoring tasks, events, and the task execution history. ● Disable Debug Logs—to disable the Debug logs.
● If the proxy server requires credentials to log in, select the Enable Proxy Authentication check box and enter the user name and password. ● Select the Ignore Certificate Validation check box if the configured proxy intercepts SSL traffic and does not use a trusted third-party certificate. Using this option will ignore the built-in certificate checks used for the warranty and catalog synchronization. 4. Click Apply to save the settings.
Table 9. OpenManage Enterprise Supported protocols and ports on management stations (continued) Port Number Protocol Port Type Maximum Encryption Level Source Direction Destination Usage administrator must enable only if interacting with the Dell EMC support staff. 25 SMTP TCP None OpenManage Enterprise appliance Out Management station ● To receive email alerts from OpenManage Enterprise. 53 DNS UDP/TCP None OpenManage Enterprise appliance Out Management station ● For DNS queries.
Table 9. OpenManage Enterprise Supported protocols and ports on management stations (continued) Port Number Protocol Port Type Maximum Encryption Level Source Direction Destination Usage using the Trap forward policy. 443 (default) HTTPS TCP 128-bit SSL Management station In/Out OpenManage Enterprise appliance ● Web GUI. ● To download updates and warranty information from Dell.com. 256-bit encryption is allowed when communicating with the OpenManage Enterprise by using HTTPS for the web GUI.
Table 10. OpenManage Enterprise supported protocols and ports on the managed nodes (continued) Port Number Protocol 623 IPMI/ RMCP 69 TFTP Port Type Maximum Encryption Level Source Directio n Destinatio n Usage UDP None OpenManage Enterprise appliance Out Managed node ● IPMI access through LAN. UDP None CMC In Manageme nt station ● For updating CMC firmware. * Port can be configured up to 499 excluding the port numbers that are already allocated.
5 OpenManage Enterprise Graphical User Interface overview On the OpenManage Enterprise Graphical User Interface (GUI), you can use menu items, links, buttons, panes, dialog boxes, lists, tabs, filter boxes, and pages to navigate between pages and complete device management tasks. Features such as devices list, Donut charts, audit logs, OpenManage Enterprise settings, system alerts, and firmware/driver update are displayed at more than one place.
● G—The number of events generated in the alerts log. Also, based on your settings to whether or not view the unacknowledged alerts, the number of alerts in this section varies. By default, only the unacknowledged alerts are displayed. To hide or unhide the acknowledged alerts, see Customize the alert display on page 158. Deleting the alerts reduces the count. For information about symbols that are used to indicate severity statuses, see Device health statuses on page 38.
6 OpenManage Enterprise Home portal By clicking OpenManage Enterprise > Home, the Home page of OpenManage Enterprise is displayed. On the Home page: ● View the Dashboard to get a live snapshot about the health statuses of devices, and then take actions, where necessary. See Dashboard. ● View alerts under the critical and warning categories and resolve those. See Managing device alerts.
NOTE: If you select any device group in the Device Groups drop down, then all the data displayed on the Dashboard will be for only the selected device group. By default, the Hardware Health section displays a Donut chart that indicates the current health of all the devices monitored by OpenManage Enterprise. Click sections of the Donut chart to view information about devices with respective health statuses. A Donut in the Alerts section lists the alerts received by devices in the selected device groups.
NOTE: The total number of alerts in the Donut chart varies based on the setting to whether or not view the unacknowledged alerts. By default, only the unacknowledged alerts are displayed. See Customize the alert display on page 158. ● The firmware version compliance of a device against the version on the catalog: See Manage the device firmware and drivers on page 72. ● The configuration compliance baseline of devices and device groups: See Managing the device configuration compliance on page 104.
7 Discovering devices for monitoring or management By clicking OpenManage Enterprise > Monitor > Discovery, you can discover devices in your data center environment to manage them, improve their usability, and improve resource availability for your business-critical operations. The Discovery page displays the number of devices discovered in task and information about the status of discovery job for that device. The job statuses are Queued, Completed, and Stopped.
• • • • • • • • • • • Global exclusion of ranges Specify discovery mode for creating Create customized device discovery Specify discovery mode for creating Create customized device discovery Specify discovery mode for creating Specify discovery mode for creating Create customized device discovery Create customized device discovery Specify discovery mode for creating Delete a device discovery job a server discovery job job protocol for servers –Additional settings for discovery protocols a chassis discover
○ To create hostname record >dnscmd /RecordAdd example.com omehost A XX.XX.XX.XX ○ To add records for server-initiated discovery >dnscmd /RecordAdd example.com _dcimprovsrv._tcp PTR ptr.dcimprovsrv._tcp.example.com >dnscmd /RecordAdd example.com ptr.dcimprovsrv._tcp TXT URI=/api/ DiscoveryConfigService/Actions/DiscoveryConfigService.SignalNodePresence >dnscmd /RecordAdd example.com ptr.dcimprovsrv._tcp SRV 0 0 443 omehost.example.com 2.
c. In the Export All wizard, select any of the following file formats: HTML, CSV, and PDF. d. Click Finish. A job is created, and the data is exported to the selected location. Create a device discovery job The following steps describes how to initiate a device discovery job in OpenManage Enterprise to discover the devices in your data center using the Create Discovery Job wizard. NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary user privileges.
the SMTP settings. See Configure SMTP, SNMP, and Syslog alerts on page 116. If you select this but do not configure SMTP, the Finish button is not displayed to continue the task. 11. Click Finish. The Finish button is not displayed if the fields are incorrectly or incompletely filled. A discovery job is created and run. The status is displayed on the Job Details page.
3. In the Onboarding dialog box, enter the WS-Man credentials—username and password. 4. In the Connection Settings section: a. In the Retries box, enter the number of repeated attempts that must be made to discover a server. b. In the Timeout box, enter the time after which a job must stop running. NOTE: If the timeout value entered is greater than the current session expiry time, you are automatically logged out of OpenManage Enterprise.
Table 13.
Stop a device discovery job You can stop the job only if running. Discovery jobs that are completed or failed cannot be stopped. To stop a job: 1. In the list of existing discovery jobs, select the check box corresponding to the job you want to stop. NOTE: Multiple jobs cannot be stopped at a time. 2. Click Stop. The job is stopped and a message is displayed in the lower-right corner.
4. When prompted, click YES. The IP address or the range is globally excluded, and then displayed in the list of excluded ranges. Such devices are globally excluded which implies that they do not take part in any activity performed by OpenManage Enterprise. NOTE: The device that is globally excluded is clearly identified as 'Globally excluded' on the Job Details page. To remove a device from the global exclusion list: a. Select the check box and click Remove from Exclusion. b. When prompted, click YES.
1. To Discover using WS-Man/Redfish (iDRAC, Server, and/or Chassis) a. In the Credentials section, enter User Name and Password. b. In the Connection Settings section: ● In the Retries box, enter the number of repeated attempts that must be made to discover a server. ● In the Timeout box, enter the time after which a job must stop running. ● Enter in the Port box to edit the port number. By default, 443 is used to connect to the device.
5. To create customized discovery template by clicking Additional Settings, see Create customized device discovery job protocol for Chassis – Additional settings for discovery protocols on page 49. NOTE: Currently, for any M1000e chassis that is discovered, the date in the TIMESTAMP column under Hardware Logs is displayed as JAN 12, 2013 in the CMC 5.1x and earlier versions. However, for all versions of CMC VRTX and FX2 chassis, correct date is displayed.
● PowerVault ME: To discover the storage devices using the HTTPS protocol like the PowerVault ME. ● Others: To discover storage devices which use SNMP protocol. Based on your selection, the fields change under Settings. 3. Enter the IP address, host name, or IP range in IP/Hostname/Range. 4. Under Settings, depending on your initial selection — enter the User Name and Password for Storage HTTPS or enter the SNMP version and the community type of the device to be detected. 5.
1. Under Credentials, select the SNMP version, and then enter the community type. 2. In the Connection Settings section: a. In the Retries box, enter the number of repeated attempts that must be made to discover a server. b. In the Timeout box, enter the time after which a job must stop running. c. In the Port box, enter the port number that the job must use to discover.
8 Manage devices and device groups By clicking OpenManage Enterprise > Devices you can view and manage the device groups and devices discovered in OpenManage Enterprise. If you are logged in as a device manager, only the device groups and its associated trees that are in your scope would be available for viewing and management. The left pane displays the device groups as follows: ● All Devices — The top-level root group containing all groups.
NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary role-based user privileges and scopebased operational access to the devices. See Role and scope based access control in OpenManage Enterprise on page 15. To view Dashboard data pertaining to selected devices or groups, select from the Device Groups drop-down menu. NOTE: The health status of a device or group is indicated by appropriate symbols.
On the All Devices page, in the left pane, you can create child groups under the parent Static and Query group. See Create a Static device group on page 54 and Create a Query device group on page 55. NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary role-based user privileges and scopebased operational access to the devices. See Role and scope based access control in OpenManage Enterprise on page 15. To delete the child group of a Static or Query group: 1.
The static group is created and listed under the parent group in the left pane. The child groups are indented from its parent group. Create a Query device group Query groups are dynamic groups whose devices are defined by matching some user-specified criteria. Devices in the group change based on the result of devices that are discovered by using the query criteria. On the All Devices page (OpenManage Enteprise > Devices), You can create query groups using the Create Query Group wizard.
Remove a configuration compliance baseline on page 110 Edit a static group On the All Devices page (OpenManage Enterprise > Devices) the existing static groups can be renamed, repositioned, and the devices in the static group can be added or deleted using the Edit Static Group wizard. NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary role-based user privileges and scopebased operational access to the devices.
1. Under CUSTOM GROUPS, right-click the static or query group or click on the three dots vertical menu next to the group and then click Delete. OR, Select the group you want to delete, and then from the Group Actions drop-down menu and click Delete Group. 2. When prompted, click Yes. The group is deleted from the CUSTOM GROUPS. Clone a static or query group The existing static or query groups can be cloned and added to the CUSTOM GROUPS.
Refresh health on group The following steps describe how you can refresh the health and online status of a selected group. NOTE: ● To perform any tasks on OpenManage Enterprise, you must have necessary role-based user privileges and scope-based operational access to the devices. See Role and scope based access control in OpenManage Enterprise on page 15. ● For the in-band devices discovered using the ESXi and Linux operating systems, the Health State ( Unknown ( ) is displayed as ). 1.
corresponding color band on the Donut chart. The data in the table changes. For more information about using the Donut chart, see Donut chart. All Devices page — device list actions On the All Devices page (OpenManage Enterprise > Devices) devices list, you can perform various device actions. The action buttons are context sensitive to both the group selection from the tree on the left and also for the devices selected in the grid.
Delete devices from OpenManage Enterprise The following steps describe how to delete and offboard the discovered devices in OpenManage Enterprise. NOTE: ● To perform any tasks on OpenManage Enterprise, you must have necessary role-based user privileges and scope-based operational access to the devices. See, Role and scope based access control in OpenManage Enterprise on page 15. ● A device on which a profile is assigned cannot be deleted unless the profile is unassigned from it.
Update the device firmware and drivers by using baselines You can update the firmware and/or driver version of device(s) on the All Devices page or from the Firmware/Driver Compliance page (see Update firmware and/or drivers using the baseline compliance report on page 78). Updating using the All Devices page is recommended when updating firmware and/driver of a single device.
2. Select the check box corresponding to the device(s), and then click Refresh Health on Group. A job is created and listed in the Jobs list and identified as New in the JOB STATUS column. The latest working status of selected device(s) is collected and displayed on the Dashboard and other relevant sections of OpenManage Enterprise. To download a device inventory, see Export the single device inventory on page 63.
7. Click Finish. The firmware version is rolled back. NOTE: Currently, the Rollback feature tracks only the version number from which the firmware is rolled back. Rollback does not consider the firmware version that is installed by using the Rollback feature (by rolling back the version). Export the single device inventory You can export inventory data of only one device at a time to only the .csv format. 1. In the left pane, select the device group.
● Avoid exporting 'wide' tables that have column(s) with long strings or with too many columns to PDF. Due to a limitation in the PDFMaker library, the right-most section of such exported data is truncated or cut off. ● A single device inventory can be exported only into a .csv format. See Export the single device inventory on page 63 ● Only in case of reports, you can export only selected reports at a time and not all the reports. See Export selected reports on page 136. . 1.
● ● ● ● ○ Run and download the Diagnostics report. See Run and download Diagnostic reports on page 65. ○ Reset iDRAC. ○ Extract and download the SupportAssist report. See Extract and download SupportAssist reports on page 66. Refresh the device status. Refresh the device inventory. Export the device inventory that is collected by clicking Refresh Inventory. See Export all or selected data on page 63. Run a remote RACADM, and IPMI command on the device.
● Extended: At nominal speed. ● Long Run: At a slow pace. NOTE: See the Remotely Running Automated Diagnostics Using WS-Man and RACADM Commands technical white paper at https://en.community.dell.com/techcenter/extras/m/white_papers/20438187. 3. To generate the Diagnostics report now, select Run Now. 4. Click OK. When prompted, click YES. WARNING: Running a Diagnostics report automatically restarts the server. A job is created and displayed on the Jobs page.
● To export all logs on a page, click Export > Export Current Page. Run remote–RACADM and IPMI–commands on individual devices RACADM and IPMI commands can be sent to a device's iDRAC from the 'Device name' page to remotely manage the respective device. NOTE: ● The RACADM CLI only allows for one command at a time. ● The use of the following special characters as RACADM and IPMI CLI parameters is not supported: [, ;, |, $,>,<, &, ', ], ., *, and '. 1.
2. Click Refresh Inventory to initiate an Inventory job. The status of the inventory job can be viewed on the Inventory page (OpenManage Enterprise > Monitor > Inventory) . Select the Inventory job and click on View Details to view the collected inventory of selected device. For more information about viewing the refreshed inventory data, see View and configure individual devices on page 64. To download a device inventory, see Export the single device inventory on page 63.
9 Managing device inventory NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary role-based user privileges and scopebased operational access to the devices. See Role and scope based access control in OpenManage Enterprise on page 15. By clicking OpenManage Enterprise > Monitor > Inventory, you can generate a device inventory report to better manage your data center, reduce maintenance, maintain minimum stock, and reduce operational costs.
2. In the Inventory dialog box, a default inventory job name is populated in Inventory Job Name. To change, enter an inventory job name. 3. From the Select Groups drop-down menu, select the device groups on which the inventory must be run. If you have initiated the Inventory job from the All Devices page after selecting a group, then Select Groups will be prepopulated with the selected group name. For information about device groups, see Organize devices into groups on page 52. 4.
Delete an inventory job NOTE: You cannot delete a job if it is running. 1. In the list of existing inventory schedule jobs, select the check box corresponding to the inventory job you want to delete. 2. Click Delete. The job is deleted and a message is displayed in the lower-right corner. Related information Managing device inventory on page 69 Edit an inventory schedule job 1. Click Edit. 2. In the Inventory Schedule dialog box, edit the inventory job name in Inventory Job Name.
10 Manage the device firmware and drivers On the OpenManage Enterprise > Configuration > Firmware/Driver Compliance page, you can manage the firmware of all the 'managed' devices. You can also update the drivers of the 64-bit Windows-based devices. NOTE: ● To perform any tasks on OpenManage Enterprise you must have the necessary user privileges. See Role and scope based access control in OpenManage Enterprise on page 15.
NOTE: Updating a device using the Individual Package workflow only supports executable (EXE) based Dell Update Packages. When updating an FX2 CMC, the executable DUP must be installed via one of the sleds in the chassis. The summary of all the baselines is displayed in the working pane, and the compliance of a selected baseline is displayed in the right pane by using a Donut chart. A Donut chart and list of items in the baseline changes based on the baseline you select from the Baseline list.
The Finish button appears only after you have entered all the fields in the dialog box A new firmware catalog is created and listed in the Catalog table on the Catalog Management page. 3. To go back to the Firmware/Driver Compliance page, click Return to Firmware/Driver Compliance. Add a catalog to the local network Catalog containing the firmware and drivers (64-bit Windows) can be downloaded using the Dell Repository Manager (DRM) and saved on a network share. 1.
A new firmware catalog is created and listed in the Catalog table on the Catalog Management page. 4. To go back to the Firmware/Driver Compliance page, click Return to Firmware/Driver Compliance. Related tasks Delete a catalog on page 76 SSL Certificate Information The catalog files for firmware and driver updates can be downloaded from the Dell support site, Dell EMC Repository Manager (Repository Manager), or a web site within your organization network.
Delete a catalog 1. On the Catalog Management page, select the catalogs, and then click Delete. The catalogs are deleted from the list. 2. To go back to the Firmware/Driver Compliance page, click Return to Firmware/Driver Compliance. NOTE: Catalogs cannot be deleted if linked to a baseline. Related information Add a catalog to the local network on page 74 Create a firmware/driver baseline A baseline is a set of devices or group of devices that are associated with a firmware/driver catalog.
In the Baseline table, data about the device and baseline job is displayed. For field definitions, see Firmware baseline field definitions on page 172. Delete configuration compliance baselines You can delete the configuration compliance baselines on the Configuration > Configuration Compliance page and delink the devices from the associated baselines. NOTE: To perform any tasks on OpenManage Enterprise, you must have the necessary user privileges.
View the baseline compliance report On the Configuration > Firmware/Driver Compliance page, the compliance status of the baselines is indicated. A Donut chart provides a summary of baselines' compliance to their respective catalogs. When more than one device is associated with a baseline, the status of the least compliant device to the baseline is indicated as the compliance level of that baseline.
Device managers can run firmware/driver update only on the devices which are in their scope. NOTE: Inventory collection and the firmware update on chassis storage sleds is not supported in OpenManage Enterprise if they are managed via chassis device management. Prerequisites: ● To perform any tasks on OpenManage Enterprise, you must have necessary role-based user privileges and scope-based operational access to the devices. See Role and scope based access control in OpenManage Enterprise on page 15.
a. To reboot the server immediately after the firmware/driver update, choose Reboot server immediately and from the dropdown menu select one of the following options: i. Graceful Reboot without Forced Shutdown ii. Graceful Reboot with Forced Shutdown iii. PowerCycle for a hard reset of the device. b. Select Stage for next server reboot to trigger the firmware/driver update when the next server reboot happens.
11 Manage device deployment templates Device deployment template in OpenManage Enterprise allows you to set the configuration properties such as BIOS, boot, network properties, and so on of servers and chassis. The deployment template is a consolidation of system configuration settings referred to as attributes. The deployment template allows for multiple servers or chassis to be configured quickly and automatically without the risk of human error.
1. From the OpenManage Enterprise menu, click Configuration > Templates > Create Template, and then select From Reference Device. 2. In the Create Template dialog box: a. In the Template Information section, enter a name for the deployment template and description for the template. b. Select the Deployment template type: ● Clone Reference Server: Enables you to clone the configuration of an existing server. ● Clone Reference Chassis: Enables you to clone the configuration of an existing chassis.
View a deployment template information A list of predefined, user-created, or cloned device deployment templates is displayed under Configuration > Templates. 1. In the list of deployment templates, select the check box corresponding to the required device template. 2. In the working pane, click View Details.
Attributes are grouped together functionally for display. Vendor-specific attributes are grouped under Other Attributes. Each individual attribute is displayed with a check box preceding its name. The check box indicates whether or not the attribute will be included when the deployment template is deployed to a target device.
Edit network properties of a deployment template On the Configuration > Templates page, you can edit the network configuration for the deployment templates that contains applicable NIC attributes. After selecting a deployment template, click Edit Network to activate the Edit Network wizard and do the following: NOTE: VLAN settings on in-scope 'proxied' MX7000 sleds is allowed for a device manager, even if the MX7000 chassis is out of scope. 1.
NOTE: During deployment of an MX7000 chassis template: ● The target device can only be the lead MX7000 chassis. ● If an MX7000 chassis is removed from group, it has to be rediscovered in OpenManage Enterprise. ● Users on the MX7000 chassis are replaced by the users who are configured in the template. ● Imported Active Directory settings are replaced with the values in chassis profile. 1.
● You have created an IOA deployment template for deployment. See Create a deployment template from a reference device on page 81. ● The target devices meet the requirements that are specified in Minimum system requirements for deploying OpenManage Enterprise on page 20. ● Firmware version of the target device is the same as the IOA deployment template. ● Only the following cross template deployments are supported: Table 14.
Once an auto-deployment target is discovered, its entry from the Auto-Deploy page is automatically deleted and moved to the All Device page. Also, a profile is created on the Profiles page which contains the configuration settings of the device. The following actions can be performed on the Auto Deploy page: ● Create templates for auto deployment. See Create auto deployment targets on page 88 ● Delete templates that are not needed.
is deployed, these changed target attributes are implemented on only the specific devices. To change the device-specific, non-virtual identity attributes: a. Select a target device from the list displaying the previously-selected target devices. b. Expand the attribute categories and then select or clear the attributes that must be included or excluded during template deployment on the target device. c. Click Next. 12. Click Finish.
uniquely identify a server on a network and also determine how the server communicates with a network resource using a specific protocol. Using OpenManage Enterprise, you can automatically generate and assign virtual identity attributes to the I/O interfaces of a server. Servers deployed by using a device deployment template that contains virtual I/O identities are known as 'stateless.' Stateless deployments enable you to create a server environment that is dynamic and flexible.
OpenManage Enterprise uses the identity pools to automatically assign virtual identities to the device deployment template that is used for deploying a server. NOTE: ● For the identities that belong to an existing identity pool but were deployed outside of OpenManage Enterprise, a new Configuration Inventory job must be initiated to identify and designate them as 'assigned' in the appliance.
● AA-BB-CC-DD-EE-FF ● AABB.CCDD.EEFF The length of the postfix can be a maximum of 50 characters. This option is displayed only if the Include FC Identity check box is selected. Number of WWPN/WWNN Addresses Select the number of WWPN or WWNN address. The address can be between 1 and 5000. This option is displayed only if the Include FC Identity check box is selected. Actions Previous Displays the FCoE tab. Finish Saves the changes and displays the Configuration page.
Subnet mask Select the subnet mask address of the iSCSI pool from the drop-down. Gateway Enter the gateway address of the iSCSI pool. Primary DNS Server Enter the primary DNS server address. Secondary DNS Server Enter the secondary DNS server address. NOTE: The IP Address Range, Gateway, Primary DNS Server, and Secondary DNS Server must be valid IPv4 addresses. Actions Previous Displays the Ethernet tab. Next Displays the FCoE tab. Finish Saves the changes and displays the Configuration page.
Include ethernet virtual MAC addresses Select the check box to add the virtual MAC addresses to the identity pool. Starting virtual MAC Address Enter the starting virtual MAC address in one of the following formats: ● AA:BB:CC:DD:EE:FF ● AA-BB-CC-DD-EE-FF ● AABB.CCDD.EEFF The maximum length of a MAC address is 50 characters. This option is displayed only if the Include ethernet virtual MAC addresses check box is selected. Number of virtual Select the number of virtual MAC identities.
Define networks On the VLANs page, you can enter information of the networks that are currently configured in your environment which the devices can access. NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary role-based user privileges and scopebased operational access to the devices. See Role and scope based access control in OpenManage Enterprise on page 15. 1. Select Configuration > VLANs > Define. 2. In the Define Network dialog box, enter a name and an appropriate description.
NOTE: VLAN configuration on M1000e and FX2 chassis is not supported in an IPv6 infra, as the IPv6 addressing is not supported by M I/O Aggregator (IOA) and FN I/O modules. NOTE: The changed VLAN name and IDs are not updated on the target MX7000 chassis after a stateless deployment task is run. 3. To delete the network, select the network and click Delete. 4. Click Yes. Export VLAN definitions The network definitions available in OpenManage Enterprise can downloaded either as a CSV or as a JASON file. 1.
b. Click Import and select Import VLANs from Chassis. c. On the Job Target screen, select the chassis from where the VLAN definitions need to be imported and click OK. A job with name ImportVLANDefinitionsTask is created to import the networks from the selected chassis. Upon completion of the job, refresh the Configuration > VLANs page to view the successfully imported VLAN definitions.
12 Manage Profiles A 'Profile' is a specific instance of an existing deployment template that is customized with attributes unique to an individual device. Profiles can be created either implicitly during a template's deployment/auto-deployment or from the existing templates by the user. A Profile consists of target-specific attribute values along with the BootToISO choices, and iDRAC management IP details of the target device.
Table 19. Profile states and possible operations (continued) Profile State Edit Assign Target Unassign Target Re-Deploy Migrate Deployed Yes No Yes Yes Yes ● ● ● ● ● ● ● ● ● Create profiles and pre-reserve virtual identities. See, Create profiles on page 99 View profile details. See, View Profile details on page 100 Edit profile attributes and settings. See, Edit a profile on page 100 Assign a profile to a device or service tag (through auto-deploy).
View Profile details To just view the details of an existing profile without editing: 1. Select a profile from the list of profiles on the Configurations > Profiles page. 2. Click View to activate the View Profile Wizard. 3. On the Details page of the wizard, Source Template, Name, Description, and Target information are displayed. 4. Click Next.
Assign a Profile From the Configuration > Profiles page, an unassigned profile can be either deployed on an existing server or can be reserved for auto deployment on a yet-to-be discovered server. NOTE: ● To perform any tasks on OpenManage Enterprise, you must have necessary role-based user privileges and scope-based operational access to the devices. See Role and scope based access control in OpenManage Enterprise on page 15.
Unassign profiles Using Configuration > Profiles > Unassign, the deployed or auto-deployed profiles can be disassociated from their respective targets. . To unassign profiles: 1. Select the profiles from the Profiles list on the Configuration > Profile page. 2. Click Unassign. 3. Click Finish on the Confirmation dialog box. The selected profiles are unassigned and the identities from their respective targets are removed.
c. If needed, select the 'Force the migration even if the source device cannot be contacted' check box. NOTE: You must ensure that there are no virtual identity conflicts. d. Click Next. 3. On the Schedule page select from one of the following: a. Select Update Now to migrate the profile settings immediately to the target. b. Select a Date and Time to schedule the migration. 4. Click Finish. A job is created to migrate profile's settings to the new target device.
13 Managing the device configuration compliance By selecting OpenManage Enterprise > Configuration > Configuration Compliance, you can create configurationcompliance baselines by using the built-in or user-created compliance templates. You can create a compliance template from an existing deployment template, reference device, or by importing from a file. To use this feature, you must have the Enterprise level license of OpenManage Enterprise and iDRAC for servers.
Manage compliance templates Use compliance template to create compliance baselines and then periodically check the configuration compliance status of devices that are associated with the baseline. See Managing the device configuration compliance on page 104. You can create compliance templates by using deployment template, reference device, importing from a file. See Manage compliance templates on page 105.
Related tasks Manage compliance templates on page 105 Clone a compliance template on page 106 Create a compliance template from reference device To use the configuration properties of a device as a template for creating configuration baseline, the device must be already onboarded. See Onboarding devices on page 43. 1. Click Configuration > Configuration Compliance > Template Management > Create > From Reference Device. 2.
the same time. Additionally, disable the default system generated Configuration Inventory job on the Monitor > Jobs page (set source to System generated). ● It is recommended that you associate a maximum of 1500 devices per baseline for optimal performance. ● If there is a use case of frequent template edits, it is recommended that you associate a maximum of 100 devices per baseline for optimal performance. 1. On the Compliance Templates page, select the corresponding check box, and then click Edit. 2.
3. Click Finish. A compliance baseline is created and listed. A compliance comparison is initiated when the baseline is created or updated. The overall compliance level of the baseline is indicated in the COMPLIANCE column. For information about the fields in the list, see Managing the device configuration compliance on page 104.
The deleted configuration baselines are removed from the Configuration Compliance page. Refresh compliance of the configuration compliance baselines The compliance status check of a compliance baseline is triggered automatically if changes are made to either the attributes of the baseline reference template or if there is any change to the configuration inventory of any of the baseline-associated devices.
Export the Compliance Baseline report A complete or partial list of the devices associated with a compliance template baseline can be exported to a CSV file. On Compliance Report page of a configuration baseline 1. Click Export All to export details of all the devices in the compliance baseline. Or, 2. Click Export Selected after selecting the individual devices from the report.
14 Monitor and Manage device alerts By selecting OpenManage Enterprise > Alerts, you can view and manage alerts generated by the devices in the management system environment. The Alerts page has the following tabs displayed: ● Alert log: You can view and manage all alerts generated on the target devices. ● Alert Policies: You can create alert policies to send alerts generated on target devices to destinations such as email, mobile, syslog server and so on.
● The box on the right provides additional information such as the detailed description and recommended action for a selected alert NOTE: OpenManage Enterprise version 3.2 and above tracks the Last Updated By data point, however, in the previous versions this was not tracked. Therefore, be aware that if the Alert log is refined using the User advanced filter field, the acknowledged alerts from the previous versions will not be displayed.
Delete alerts You can delete an alert to permanently remove that occurrence of the alert from the console. Select the check box corresponding to the alert, and then click Delete. A message is displayed prompting you to confirm the deletion process. Click YES to delete the alert. The total number of alerts displayed in the header row of OpenManage Enterprise is decremented. View archived alerts A maximum of 50,000 alerts can be generated and viewed within OpenManage Enterprise.
● Send an alert through an SNMP trap. ● Send an alert to a syslog server. ● Perform device power control actions such as turning on or turning off a device when an alert of a predefined category is generated. ● Run a remote script. To view, create, edit, enable, disable, and delete alert policies, click Alerts > Alert Policies.
● ● ● ● ● ● NOTE: Emails for multiple alerts of the same category, message ID and content are triggered only once every 2 minutes to avoid repeated or redundant alert messages in the inbox. SNMP Trap Forwarding (Enable)—Click Enable to view the SNMP Configuration window where you can configure the SNMP settings for the alert. See Configure SMTP, SNMP, and Syslog alerts on page 116.
a. The Enable Policy check box is selected by default to indicate that the alert policy will be enabled once it is created. To disable the alert policy, clear the check box. For more information about enabling alert policies at a later time, see Configure and manage alert policies on page 114. b. Click Next. 3. In the Category section, expand Application and select the categories and subcategories of the appliance logs. Click Next. 4. In the Target section, the Select Devices option is selected by default.
c. If SNMPv3 is selected, provide the following additional details: i. USERNAME: Provide a username. ii. AUTHENTICATION TYPE : From the drop down list select SHA, MD_5, or None. iii. AUTHENTICATION PASSPHRASE: Provide an authentication passphrase having a minimum of eight characters. iv. PRIVACY TYPE: From the drop down list select DES, AES_128, or None. v. PRIVACY PASSPHRASE: Provide a privacy passphrase containing a minimum of eight characters. 5.
Automatic refresh of MX7000 chassis on insertion and removal sleds OpenManage Enterprise can almost instantly reflect the addition or removal of sleds after a standalone or a lead MX7000 chassis is discovered or onboarded. When a standalone or a lead MX7000 chassis is discovered or onboarded by using OpenManage Enterprise (versions 3.4 and later), an alert policy is created simultaneously on the the MX7000 chassis.
1. From the OpenManage Enterprise menu, under Alerts, click Alert Definitions. Under Alert Definitions, a list of all the standard alert messages is displayed. 2. To quickly search for an error message, click Advanced Filters. The right pane displays Error and Event Message information of the message ID you selected in the table.
15 Monitor audit logs OpenManage Enterprise > Monitor > Audit logs page lists the log data to help you or the Dell EMC Support teams in troubleshooting and analysis. An audit log is recorded when: ● A group is assigned or access permission is changed. ● User role is modified. ● Actions that were performed on the devices monitored by OpenManage Enterprise. The audit log files can be exported to the CSV file format. See Export all or selected data on page 63.
• Forward audit logs to remote Syslog servers Forward audit logs to remote Syslog servers To monitor all the audit logs of OpenManage Enterprise from Syslog servers, you can create an alert policy. All the audit logs such as user login attempts, creation of alert policies, and running different jobs can be forwarded to Syslog servers. To create an alert policy to forward audit logs to Syslog servers: 1. Select Alerts > Alert Policies > Create. 2.
16 Using jobs for device control A job is a set of instructions for performing a task on one or more devices. The jobs include discovery, firmware update, inventory refresh for devices, warranty, and so on. You can view the status and details of jobs that are initiated in the devices and its components, on the Jobs page. OpenManage Enterprise has many internal maintenance jobs which are triggered on a set schedule automatically by the appliance.
Jobs can also be filtered by entering or selecting the values in the Advanced Filters section. The following additional information can be provided to filter the alerts: ● Last run start date:Jobs last run start date. ● Last run end date: Jobs last run end date. ● Source: The available options are All, User Generated (Default), and System. To view more information about a job, select a job and click View Details in the right pane. See View an individual job information on page 127.
Table 22. Job Types and description (continued) Job Type Description Backup Chassis Profiles Debug Logs Collects Debug logs of the application monitoring tasks, events, and the task execution history. Device Action Creates actions on devices such as Turn LED On, Turn LED Off, IPMI CLI, RACADM CLI, and so on. Diagnostic_Task Download/Run of Diagnostic/TSR or SupportAssist tasks are related to Diagnostic task. See Run and download Diagnostic reports.
Table 23. The following table lists the OpenManage Enterprise Default job names and their schedule.
Table 23. The following table lists the OpenManage Enterprise Default job names and their schedule.
Table 23. The following table lists the OpenManage Enterprise Default job names and their schedule. (continued) Job Name Cron Expression Cron Expression Description Example Subscription poller task 0 0/30 * 1/1 * ? * At second :00, every 30 minutes starting at minute :00, every hour, every day starting on the 1st, every month ● Mon May 17 19:30:00 UTC 2021 ● Mon May 17 20:00:00 UTC 2021 ● Mon May 17 20:30:00 UTC 2021 View an individual job information 1.
1. Click Create, and then select Power Control Devices. 2. In the Power Control Devices Wizard dialog box: a. In the Options section: i. Enter the job name in Job Name. ii. From the Power Options drop-down menu, select any one of the tasks: Power on, Power off, or Power cycle. iii. Click Next. b. In the Target section, select the target devices and click Next. See Select target devices and device groups on page 129. c. In the Schedule section, run the job immediately or schedule for a later point of time.
4. In the Job Target section, select the target devices and click Next. See Select target devices and device groups on page 129. a. Click Next. 5. In the Schedule section, run the job immediately or schedule for a later point of time. See Schedule job field definitions on page 172. 6. Click Finish. The job is created and listed in the Jobs list and identified by an appropriate status in the JOB STATUS column. 7.
17 Manage the device warranty NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary role-based user privileges and scopebased operational access to the devices. See Role and scope based access control in OpenManage Enterprise on page 15. By clicking OpenManage Enterprise > Monitor > Warranty, you can view the warranty statuses of all the devices that are monitored by OpenManage Enterprise that are in your scope.
● Select the check box corresponding to the device. In the right pane, warranty status and other important details of the device such as the service level code, service provider, the warranty start date, the warranty end date, and so on are displayed. ● Expired warranties can be renewed by clicking Dell Warranty Renewal for Device, which redirects you to the Dell EMC support site allowing you to manage your device warranty.
18 Reports By clicking OpenManage Enterprise > Monitor > Reports, you can build customized reports to view device details at depth. Reports enables you to view data about the devices, jobs, alerts, and other elements of your data center. Reports are built-in, and user-defined. You can edit or delete only the user-defined reports. Definitions and criteria used for a built-in report cannot be edited or deleted. A preview about the report you select from the Reports list is displayed in the right pane.
Run reports From the Reports page (OpenManage Enterprise > Monitor > Reports), you can run, view and download the built-in reports or the reports that you have created. When you run a report, the first 20 rows are displayed and paginated results can be paged through. To view all the rows at one time, download the report. To edit this value, see Export all or selected data on page 63. Data displayed in the output cannot be sorted because it is defined in the query used to build a report.
Related information Reports on page 132 Edit reports Only user-created reports can be edited. 1. Select the report and click Edit. 2. In the Report Definition dialog box, edit the settings. See Creating reports. 3. Click Save. The updated information is saved. An audit log entry is made whenever you generate, edit, delete, or copy a report definition. NOTE: While editing a customized-report, if the category is changed, the associated fields are also removed.
While built-in reports have default definitions (filter criteria) for generating reports, you can customize the criteria to create your own definitions, and then generate customized reports. The fields or columns that you want to display in your report depends on the category you select. You can select only one category at a time. The arrangement of columns in a report can be altered by dragging and placing.
NOTE: When evaluating a query with multiple conditions, the order of evaluation is same as SQL. To specify a particular order for the evaluation of the conditions, add or remove parenthesis when defining the query. NOTE: When selected, the filters of an existing query criteria is copied only virtually to build a new query criteria. The default filters associated with an existing query criteria is not changed.
19 Managing MIB files NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary role-based user privileges and scopebased operational access to the devices. See Role and scope based access control in OpenManage Enterprise on page 15. Third party tools in your data center may generate alerts that are vital for your operations. Such alerts are stored in the Management Information Base (MIB) files defined and understood by respective vendor tools.
● Only one MIB file can be imported at a time. 1. Click MIB > Import MIB. 2. In the Import MIB dialog box, in the Upload MIB Files section, click Choose File to select a MIB file. If the MIB has import statements that are resolved by external MIBs, a message is displayed. a. Click Resolve Types. Resolve the MIB types. See Remove MIB files on page 139. b. Click Finish. If the MIB file is Dell EMC owned, a message indicates that the MIB is shipped with the product and cannot be modified. 3. Click Next. 4.
Remove MIB files NOTE: You cannot remove a MIB file that has trap definitions used by any of the alert policies. See Alert policies on page 113. NOTE: Events that are received before removing a MIB will not be affected by the associated MIB removal. However, events generated after the removal will have unformatted traps. 1. In the MIB FILENAME column, expand the folder, and select the MIB files. 2. Click Remove MIB. 3. In the Remove MIB dialog box, select the check boxes of the MIBs to be removed. 4.
20 Managing OpenManage Enterprise appliance settings NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary user privileges. See Role and scope based access control in OpenManage Enterprise on page 15. NOTE: For information about supported browsers, see the OpenManage Enterprise Support Matrix available on the support site.
Configure OpenManage Enterprise network settings NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary user privileges. See Role and scope based access control in OpenManage Enterprise on page 15. 1. To only view the current network settings of all the active network connections of OpenManage Enterprise such as DNS domain name, FQDN, and IPv4 and IPv6 settings, expand Current Settings. 2.
● View, add, enable, edit, disable, or delete the OpenManage Enterprise local users. For more information, see Add and edit OpenManage Enterprise local users ● Assign OpenManage Enterprise roles to Active Directory users by importing the directory groups. AD and LDAP directory users can assigned an Admin, or a Device Manager, or a Viewer role in OpenManage Enterprise.
Table 27. Role-based user privileges in OpenManage Enterprise OpenManage Privilege Description Enterprise features User levels for accessing OpenManage Enterprise Admin Device Manager Viewer Appliance setup Global appliance settings involving setting up of the appliance.
Scope-Based Access Control (SBAC) in OpenManage Enterprise With the use of Role-Based Access Control (RBAC) feature, administrators can assign roles while creating users. Roles determine their level of access to the appliance settings and device management features. Scope-based Access Control (SBAC) is an extension of the RBAC feature that allows an administrator to restrict a Device Manager role to a subset of device groups called scope.
● User dm1 is a member of two AD groups (adg1 and adg2). Both AD groups have been assigned the DM role, with scope assignments for the AD groups as follows: adg1 is given access to g1 and adg2 is given access to g2. If g1 is the superset of g2, then the scope of dm1 is the larger scope (g1, all its child groups, and all leaf devices). When a user is a member of multiple AD groups that have different roles, the higher-functionality role takes precedence (in the order Administrator, DM, Viewer).
NOTE: The username must contain only alphanumeric characters (but underscore is allowed) and the password must contain at least one character in: uppercase, lowercase, digit, and special character. 3. Click Finish. A message is displayed that the user is successfully saved. A job is started to create a new user. After running the job, the new user is created and displayed in the list of users. Edit OpenManage Enterprise user properties 1.
Related information Manage OpenManage Enterprise users on page 141 Import AD and LDAP groups NOTE: ● The users without Administrator rights cannot enable or disable the Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) users. ● Before importing AD groups in OpenManage Enterprise, you must include the user groups in a UNIVERSAL GROUP while configuring the AD.
Transfer of ownership of Device Manager entities This topic describes how an administrator can transfer entities such as jobs, firmware or configuration templates and baselines, alert policies, and profiles that are created by one device manager to another device manager. Administrator can initiate a 'transfer of ownership' when a device manager leaves the organization. NOTE: ● To perform this task on OpenManage Enterprise you must have the administrator user privileges.
Pre-requisites/supported attributes for LDAP Integration Table 28. OpenManage Enterprise Pre-requisites/supported attributes for LDAP Integration Attribute of User Login Attribute of Group Membership Certificate Requirement AD/LDAP Cn, sAMAccountName Member ● Subject to Domain Controller Certificate needs to have FQDN. SAN field can have IPv4 and/or IPv6 or FQDN.
● DNS: In the Method box, enter the domain name to query DNS for the domain controllers. ● Manual: In the Method box, enter the FQDN or the IP address of the domain controller. For multiple servers, a maximum of three servers are supported, use a comma-separated list. c. In the Group Domain box, enter the group domain as suggested in the tool tip syntax. 3. In the Advanced Options section: a. By default, Global Catalog Address port number 3269 is populated.
NOTE: The user attributes should be configured in the LDAP system used to query before integrating on the directory services. NOTE: You need to enter the user attributes as cn or sAMAccountName for AD LDS configuration and UID for LDAP configuration d. In the Attribute of Group Membership box, enter the attribute that stores the groups and member information in the directory. e. Enter the network timeout and search timeout duration in seconds. The maximum timeout duration supported is 300 seconds. f.
NOTE: ● To perform any tasks on OpenManage Enterprise, you must have the necessary user privileges. See Role and scope based access control in OpenManage Enterprise on page 15. ● Only a maximum of four OpenID Connect provider IDs can be added in the appliance. ● Post upgrade of OpenManage Enterprise to version 3.6, the AD/LDAP and OIDC (PingFederate or KeyCloak) device managers would need to recreate all the previous-version entities as these entities are only available to the administrators post upgrade.
d. (Optional) Certificate Validation check box - You can select the check box and upload the OIDC provider's certificate by clicking Browse and locating the certificate or by dragging and dropping the certificate in the 'broken line' box. e. (Optional) Test connection - Click Test URI and SSL Connection to test the connection with the OpenID Connect provider.
Configure an OpenID Connect provider policy in Keycloak for rolebased access to OpenManage Enterprise To enable OpenManage Enterprise OpenID Connect login using Keycloak, you must first add and map a scope dxcua to the Client ID and define the user privileges as follows: NOTE: The Discovery URI specified in the OpenID Connect provider configuration wizard should have a valid endpoint of the provider listed. 1.
Enable OpenID Connect providers If an OpenID Connect provider's login was not enabled at the time when it was added to the appliance, then to activate the login you must 'enable' it in the appliance. On the Application Settings > Users > OpenID Connect providers page do the following: 1. Select the OpenID Connect provider(s). 2. Click Enable. Enabling the OpenID Connect providers in OpenManage Enterprise allows the authorized client access tokens to login to the appliance.
Assigning a webserver certificate to OpenManage Enterprise using the Microsoft Certificate Services 1. Generate and download the Certificate Signing Request (CSR) in OpenManage Enterprise. See Generate and download the certificate signing request on page 155 2. Open a web session to the certification server (https://x.x.x.x/certsrv) and click on the Request a certificate link . 3. On the Request a Certificate page, click on the submit an advanced certificate request link. 4.
Manage Console preferences NOTE: To perform any tasks on OpenManage Enterprise, you must have the necessary user privileges. See Role and scope based access control in OpenManage Enterprise on page 15. By clicking OpenManage Enterprise > Application Settings > Console Preferences, you can set the default properties of the OpenManage Enterprise GUI.
5. MX7000 Onboarding Preferences: Specify one of the following alert-forwarding behavior on MX7000 chassis when they are onboarded: ● Receive All Alerts ● Receive 'Chassis' category alerts only 6. SMB Setting: To select one of the following Server Message Block (SMB) version that must be used for network communication: ● Disable V1: SMBv1 is disabled. This is the default selection in the appliance. ● Enable V1: To enable SMBv1.
3. 4. 5. 6. 7. 8. To authenticate the SMTP server, select the Enable Authentication check box and enter the username and password. By default, the SMTP port number to be accessed is 25. Edit if necessary. Select the Use SSL check box to secure your SMTP transaction. To test if the SMTP server is working properly, click on the Send Test Email check box and enter an Email Recipient. Click Apply. To reset the settings to default attributes, click Discard. To 1. 2. 3.
NOTE: If SNMPv3 alert settings are configured before upgrading the appliance, you have to reconfigure the settings by providing the username, authentication passphrase, and privacy passphrase to continue receiving the alerts. If the issues persists, restart the services using the Text User Interface (TUI). 8. Click Apply to save the changes or click Discard to reset to cancel. Set SNMP Credentials 1. Click Credentials. 2. In the SNMP Credentials dialog box: a. b. c. d. e.
● Click More Actions drop-down menu to learn more about the plugin, disable, uninstall, enable, or to change the settings of the plugin. For more information, see plugin, plugin, plugin ● You can click on Update Available as and when new versions of the plugins are available. Related information Update from Dell.
● A direct update from the OpenManage Enterprise—Tech Release version is not supported. TechRelease version should be first upgraded to OpenManage Enterprise either version 3.0 or 3.1. ● After you upgrade to version 3.6, the existing device managers will have all devices in their scope by default. However, if required, the administrator can edit the device manager(s) scope using the SBAC feature.
with details of the new version is displayed. All users can view the banner, however, only users with Administrator privilege can opt for the remind later or dismiss the message option. 1. Click Update and perform an update. NOTE: ● Clicking Update initiates an Upgrade Bundle Download job. This job finishes by itself after all the update files are downloaded and cannot be terminated. ● If the upgrade fails, the appliance would restart. It is recommended to revert the VM snapshot and upgrade again 2.
The available update version with a brief description of the new features are displayed. 4. To validate a connection to the catalog click Test now. If the connection to the catalog is established, a Connection Successful message is displayed. If connection to the share address or the catalog file path is not established, Connection to path failed error message is displayed. This step is an optional. 5. Click Update, and perform an update (applicable for future upgrades).
The status of installation operation is displayed. After the successful installation of the plugin, the status that appears on the top of the plugin section changes from Available or Downloaded to Installed. Disable a plugin Disables all the functionality of the plugin on OpenManage Enterprise. NOTE: Disabling a plugin on OpenManage Enterprise restarts the appliance services. 1. In OpenManage Enterprise, click Application Settings > Console and Plugins. The Console and Plugins tab is displayed. 2.
available on the Application Settings > Console and Plugins page. The Plugin section of the Console and Plugins page displays all the new features and enhancements of the available plugin update. Before you update a plugin, ensure that the update settings is configured as mentioned in Update settings in OpenManage Enterprise on page 161. To update a plugin, do the following: 1. In the Plugin section, click Update Available for the plugin you want to update. The Update Plugin page is displayed. 2.
OpenManage Mobile settings OpenManage Mobile (OMM) is a systems management application that allows you to securely perform a subset of data center monitoring and remediation tasks on one or more OpenManage Enterprise consoles and/or integrated Dell Remote Access Controllers (iDRACs) by using your Android or iOS device. Using OMM you can: ● Receive alert notifications from OpenManage Enterprise. ● View the group, device, alert, and log information. ● Turn on, turn off, or restart a server.
● OpenManage Mobile subscribers may be automatically disabled by OpenManage Enterprise if their mobile service provider push notification service indicates that the device is permanently unreachable. ● Even if an OpenManage Mobile subscriber is enabled in the Mobile Subscribers list, they can disable receiving alert notifications in their OpenManage Mobile application settings. To enable or disable alert notifications to the OpenManage Mobile subscribers: 1.
View the alert notification service status on page 168 Notification service status The following table provides information about the Notification Service Status displayed on the Application Settings > Mobile page. Table 29. Notification service status Status Icon Status Description The service is running and operating normally. NOTE: This service status only reflects successful communication with the platform notification service.
Table 30. OpenManage Mobile subscriber information (continued) Field Description LAST PUSH The date and time the last alert notification was sent successfully from OpenManage Enterprise to the Alert Forwarding Service. LAST CONNECTION The date and time the user last accessed OpenManage Enterprise through OpenManage Mobile. REGISTRATION The date and time the user added OpenManage Enterprise in OpenManage Mobile.
Related tasks OpenManage Mobile settings on page 167 Related information OpenManage Mobile settings on page 167 Managing OpenManage Enterprise appliance settings 171
21 Other references and field descriptions Definitions about some of the commonly displayed fields on the OpenManage Enterprise Graphical User Interface (GUI) are listed and defined in this chapter. Also, other information that is useful for further reference is described here.
NOTE: By default, the job scheduler clock is reset at 12:00 A.M. everyday. The cron format does not consider the job creation time while calculating the job frequency. For example, if a job is started at 10:00 A.M. to run after every 10 hours, the next time the job runs is at 08:00 P.M. However, the subsequent time is not 06:00 A.M. next day but 12:00 A.M. This is because the scheduler clock is reset at 12:00 A.M. everyday. Alert categories after EEMI relocation Table of EEMI relocations Table 32.
Table 32.
Unblock the FSD capability You can unblock the FSD capability through the TUI screen. 1. Navigate to the TUI main menu. 2. On the TUI screen, to use the FSD option, select Enable Field Service Debug (FSD) Mode. 3. To generate a new FSD unblock request, on the FSD Functions screen, select Unblock FSD Capabilities 4. To determine the duration of the debug capabilities being requested, select a start and end date. 5.
Disable FSD After you invoke a debug capability on a console, it continues to operate until the console is restarted, or the debug capability is stopped. Else, the duration determined from the start and end date exceeds. 1. To stop the debug capabilities, on the FSD Functions screen, select Disable Debug Capabilities. 2. On the Disable Invoked Debug Capabilities screen, select a debug capability or capabilities from a list of currently invoked debug capabilities.
Generic naming convention for Dell EMC PowerEdge servers To cover a range of server models, the PowerEdge servers are now be referred to using the generic naming convention and not their generation. This topic explains how to identify the generation of a PowerEdge server that are referred to using the generic naming convention. Example: The R740 server model is a rack, two processor system from the 14th generation of servers with Intel processors.
