Dell EMC OpenManage Enterprise Version 3.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2018 - 2019 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 About Dell EMC OpenManage Enterprise........................................................................................ 9 New in this release............................................................................................................................................................... 10 Other information you may need....................................................................................................................................... 10 Contacting Dell EMC....
Clone a Static or Query group..................................................................................................................................... 35 Add devices to a new group.........................................................................................................................................35 Add devices to existing group......................................................................................................................................
Overview of stateless deployment....................................................................................................................................55 Create Identity Pool - Pool Information............................................................................................................................56 Identity pools..................................................................................................................................................................
13 Using jobs for device control...................................................................................................... 78 View the jobs list.................................................................................................................................................................. 78 View an individual job information.....................................................................................................................................
18 Managing MIB files.................................................................................................................. 100 Import MIB files..................................................................................................................................................................100 Edit MIB traps.....................................................................................................................................................................
Firmware baseline field definitions................................................................................................................................... 122 Schedule job field definitions............................................................................................................................................ 122 Field service debug workflow..........................................................................................................................................
1 About Dell EMC OpenManage Enterprise OpenManage Enterprise is a systems management and monitoring application that provides a comprehensive view of the Dell EMC servers, chassis, storage, and network switches on the enterprise network. With OpenManage Enterprise, a web-based and one‑to‑many systems management application, you can: • • • • • • • • • • • Discover and manage devices in a data center environment. Create and manage OpenManage Enterprise users. Group and manage devices.
• Directory services integration in OpenManage Enterprise Topics: • • • • New in this release Other information you may need Contacting Dell EMC OpenManage Server Configuration Management License New in this release • • • Ability to forward audit logs for remote monitoring through Syslog servers. Support for the latest 14th generation PowerEdge servers. Enhancements: • • • Availability of additional alert categories for creating alert policies.
OpenManage Server Configuration Management License NOTE: Installing and using OpenManage Enterprise does not require the OpenManage Server Configuration Management license. Only the server configuration management feature—deploying device configurations and verifying configuration compliance on servers, requires that the OpenManage Server Configuration Management license is installed on target servers. This license is not required for creating device configuration template from a server.
2 Security features in OpenManage Enterprise Some of the security features of OpenManage Enterprise are: • • • • Role-based access that limits access to appliance settings and device actions. Hardened appliance with Security-Enhanced Linux (SELinux) and an internal firewall. Encryption of sensitive data in an internal database. Use of encrypted communication outside the appliance (HTTPs).
OpenManage Enterprise features User levels for accessing OpenManage Enterprise Admin Device Manager Viewer Create monitoring policies Y Y N Deploy OS Y Y N Power control Y Y N Manage reports Y Y N Refresh inventory Y Y N Set up the OpenManage Enterprise appliance Y N N Manage discovery Y N N Manage groups Y N N Set up security Y N N Manage traps Y N N Related tasks Deploying and managing OpenManage Enterprise Related reference OpenManage Enterprise user role types
User with this role... Has the following user privileges Viewer • • • Can only view information displayed on OpenManage Enterprise and run reports. By default, has read-only access to the console and all groups. Cannot run tasks or create and manage policies. NOTE: • If a viewer or DM is changed to an administrator, they get the full administrator privileges. If a viewer is changed to a DM, the DM has the same privileges as a viewer. • A change in the user role will not affect a logged-in user.
3 Deploying and managing OpenManage Enterprise Dell EMC OpenManage Enterprise is provided as an appliance that you can deploy on a hypervisor and manage resources to minimize downtime. The virtual appliance can be configured from the application web console after initial network provisioning in the Text User Interface (TUI). For steps to view and update the console version, see Check and update the OpenManage Enterprise version. This chapter describes the installation prerequisites and minimum requirements.
Minimum system requirements for deploying OpenManange Enterprise Table 5. Minimum requirements Particulars Minimum requirements Supported hypervisors • VMware vSphere versions: • • vSphere ESXi 6.5 • vSphere ESXi 6.0 • vSphere ESXi 5.5 Microsoft Hyper-V supported on: • • Windows Server 2016 • Windows Server 2012 R2 KVM supported on: • • • Red Hat Enterprise Linux 7.2 Red Hat Enterprise Linux 7.0 Red Hat Enterprise Linux 6.
9. On the Disk Format page, click Thick provision to pre-allocate physical storage space to VMs at the time a drive is created. 10. On the Ready to Complete page, review the options you selected on previous pages and click Finish to run the deployment job. A completion status window displays where you can track job progress. Deploy OpenManage Enterprise on Hyper-V 2012 R2 and earlier host 1. Download the openmanage_enterprise_vhd_format.zip file from the support site.
3. Start the virtual manager and select File > Properties. 4. On the Network Interfaces page, click Add. 5. Select Bridge as the interface type and click Forward. 6. Set the start mode to onboot and select the Activate now check box. 7. Select the interface to bridge from the list and ensure the properties match with the host device, and then click Finish. A virtual interface is now created, and you can configure the firewall settings by using the terminal. 8.
4 Getting started with OpenManage Enterprise Topics: • • • • • Log in to OpenManage Enterprise Configure OpenManage Enterprise by using Text User Interface Configure OpenManage Enterprise Recommended scalability and performance settings for optimal usage of OpenManage Enterprise Supported protocols and ports in OpenManage Enterprise Log in to OpenManage Enterprise When you boot the system for the first time from the Text User Interface (TUI), you are prompted to accept the EULA, and then change the admini
• Reboot the Appliance NOTE: Possibly after running a command to restart the services, it may be observed that the TUI displays the following message: NMI watchdog: BUG: soft lockup - CPU#0 stuck for 36s! [java:14439]. This • soft lockup issue likely occurs as a result of the hypervisor being overloaded. In such situations, it is recommended to have at least 16 GB of RAM and CPU of 8000 MHz reserved to the OpenManage Enterprise appliance.
5. In the Server IP Address box, enter the IP address or host name for the proxy server. 6. In the Port box, enter the port number for the proxy server. 7. If the proxy server requires credentials to log in, select the Use Proxy Credentials check box, enter the user name and password. 8. Click FINISH. NOTE: For information about supported browsers, see the OpenManage Enterprise Support Matrix available on the support site.
Port Number Protocol Port Type Maximum Source Encryption Level Direction Destination Usage interacting with the Dell EMC support staff. 25 SMTP TCP None OpenManage Enterprise appliance Out Management station To receive email alerts from OpenManage Enterprise. 53 DNS UDP/TCP None OpenManage Enterprise appliance Out Management station For DNS queries. 68 / 546 (IPv6) DHCP UDP/TCP None OpenManage Enterprise appliance Out Management station Network configuration.
Supported protocols and ports on managed nodes Table 8. OpenManage Enterprise supported protocols and ports on the managed nodes Port Number Protocol Port Type Maximum Source Encryption Level 22 SSH TCP 256-bit OpenManage Out Enterprise appliance Managed Linux For the Linux OS node discovery only. 161 SNMP UDP None OpenManage Out Enterprise appliance Managed node For SNMP queries. 162* SNMP UDP None OpenManage In/ Out Enterprise appliance Managed node Send and receive SNMP traps.
5 OpenManage Enterprise Graphical User Interface overview On the OpenManage Enterprise Graphical User Interface (GUI), you can use menu items, links, buttons, panes, dialog boxes, lists, tabs, filter boxes, and pages to navigate between pages and complete device management tasks. Features such as devices list, Donut charts, audit logs, OpenManage Enterprise settings, system alerts, and firmware update are displayed at more than one place.
• • • • • • G—The number of events generated in the alerts log. Deleting the alerts reduces the count. For information about symbols that are used to indicate severity statuses, see Device health statuses. Click a severity symbol to view all events in that severity category on the Alerts page. To view all the events, click All events. See Managing device alerts. H—Number of devices whose warranty status is critical and requires immediate attention. Click to view the system alerts under each category.
6 OpenManage Enterprise Home portal By clicking OpenManage Enterprise > Home, the Home page of OpenManage Enterprise is displayed. On the Home page: • • • • • • View the Dashboard to get a live snapshot about the health statuses of devices, and then take actions, where necessary. See Dashboard. View alerts under the critical and warning categories and resolve those. See Managing device alerts.
For more information about a Donut chart, see Donut chart and Device health statuses. To view the summary of devices in a different device group monitored by OpenManage Enterprise, select from the Device Groups drop-down menu. To view the list of devices that belong to a health state, you can either click the color band associated with a health category, or click the respective health status symbol next to a Donut chart.
To view a list of configuration compliance baselines that drift from the template properties, click Configuration. On the Compliance page: • • • COMPLIANCE indicates the level to which the configuration compliance baseline drifts. NAME indicates the name of the configuration compliance baseline. TEMPLATE NAME indicates the compliance baseline template against which the baseline is compared. See Managing the device configuration compliance.
NOTE: The Discovery Group feature is not supported in OpenManage Enterprise 3.0 and later versions. If you have created Discovery Groups in OpenManage Enterprise-Tech Release and upgraded to OpenManage Enterprise 3.1, all the associated data is removed after the update, and the associated jobs and tasks are not run. NOTE: To expand all the subgroups in a group, right-click the group, and then click Expand All. Custom Groups: Created by the user for specific requirements.
Upgrade , the compliance level of the firmware baseline is indicated as Upgrade. The rollup status is equal to the status of the device that has high severity. For more information about Rollup Health status, see the MANAGING THE ROLLUP HEALTH STATUS BY USING IDRAC ON THE DELL EMC 14TH GENERATION AND LATER POWEREDGE SERVERS technical white paper on the Dell TechCenter.
7 Managing devices By clicking OpenManage Enterprise > Devices > All Devices you can view the devices and device groups managed by OpenManage Enterprise. The System groups are default groups created by OpenManage Enterprise when shipped, and Custom groups are created by users such as administrators and device managers. You can create child groups under these two parent groups. For information about the parent-child rules, see Device Groups.
• Start the Virtual Console Organize devices into groups In a data center, for effective and quick device management, you can: • • • Group the devices. For example, you can group devices based on functions, OSs, user profiles, location, jobs run, and then run queries to manage devices. Filter the device-related data while managing devices, updating firmware, discovering devices, and managing alert policies and reports. You can manage the properties of a device in a group.
• • Static Groups: Manually created by the user by adding specific devices to a group. These groups change only when a user manually changes the devices in the group or a sub-group. The items in the group remain static until the parent group is edited or the child device is deleted. Query Group: Groups that are dynamically defined by matching user-specified criteria. Devices in the group change based on the result of devices that are discovered by using criteria.
4. In the Query Criteria Selection dialog box, from the Select existing query to copy drop-down menu, select a query, and then select the other filter criteria. See Select a query criteria. 5. Click Finish. The query group is created and listed in line with the parent group in the left pane. NOTE: You cannot add devices directly under Query Groups. You must create child Query groups, and then add devices under the child groups. To edit a Query group: a.
Adding or editing devices in a Static child group By using the Static child groups, you can classify your servers based on their use, configuration, department of use, customers, and so on. You can add or remove devices to the child groups, and then edit, remove, delete, and clone such groups. NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary user privileges. See Role-based OpenManage Enterprise user privileges. 1. Right-click the Static child group, and then click Add Devices.
3. Click Finish. A new group is created and the devices are added to the selected group. NOTE: For creating groups or adding devices to a group, you must follow the parent-child relationship of groups. See Device Groups. Add devices to existing group NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary user privileges. See Role-based OpenManage Enterprise user privileges. 1. From the OpenManage Enterprise menu, under Devices, click All Devices. 2.
Upgrade or downgrade device firmware by using the firmware baseline NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary user privileges. See Role-based OpenManage Enterprise user privileges. You can upgrade or downgrade the firmware version of device(s) on the: • • • All Devices page: Recommended for updating firmware of multiple devices. From the Devices menu, select Devices. Select the devices, click More Actions > Update Firmware.
• • • • OK—The current firmware version of the device or component matches the baseline defined in the catalog file. Critical—The current firmware version of the component or device is older than the baseline defined in the catalog file. The update is essential for the proper functioning of the device or component. Downgrade—The current firmware version of the component or device is newer than the baseline defined in the catalog file.
• • ROLLBACK VERSION: Suggested firmware version to which the component can be downgraded. ROLLBACK SOURCE: Click Browse to select a source from where the firmware version can be downloaded. 7. Click Finish. The firmware version is rolled back. NOTE: Currently, the Rollback feature tracks only the version number from which the firmware is rolled back. Rollback does not consider the firmware version that is installed by using the Rollback feature (by rolling back the version).
• • • • • • • Health State indicates the working state of the device. The health statuses—OK, critical, and warning—are identified by respective color symbols. See Device health statuses. Power State indicates if the device is turned on or off. Connection State indicates whether or not the device is connected to OpenManage Enterprise. Name indicates device name. TYPE indicates the type of device—Server, Chassis, Dell Storage, and Networking switch.
NOTE: However, a single device inventory can be exported only into a .csv format. See Export the single device inventory. NOTE: Only in case of reports, you can export only selected reports at a time and not all the reports. See Export selected reports. 1. To export data, select Export All or Export Selected. A job is created and the data is exported to the selected location. 2. Download the data and perform strategic and statistical analysis, if necessary.
Device hardware information OpenManage Enterprise provides a built-in report about the components and their compliance with the firmware compliance baseline. Click OpenManage Enterprise > Monitor > Reports > Firmware Compliance per Component Report. Click Run. See Run reports. • • • • • • • • • • • • • • • • Device Card Information—Information about cards used in the device. Installed Software—List of firmware and software installed on different components in the device.
1. On the page, from the Troubleshoot drop-down menu, select Extract SupportAssist Report. 2. In the Extract SupportAssist Report dialog box: a) Enter the file name where the SupportAssist report must be saved. b) Select the check boxes corresponding to the log types whose SupportAssist report must be extracted. 3. Click OK. A job is created and displayed on the Jobs page. To view information about the job, click View Details in the right pane. See View the jobs list.
For more information about using iDRAC, visit Dell.com/idracmanuals. NOTE: You can also start the management application by clicking the IP address in the Device list. See Devices list. Start the Virtual Console The Virtual Console link works on the iDRAC Enterprise license of 14G servers. On the 12G and 13G servers, the link works on the 2.52.52.52 and later versions of OME Enterprise license.
8 Manage the device firmware By clicking OpenManage Enterprise > Configuration, and selecting: • • • Firmware: Manage the firmware of devices by using firmware baselines. Deploy: Create templates to define configuration compliance baseline and manage such templates. Compliance: Create device or device group configuration compliance baseline and manage device configuration.
Related tasks Delete a firmware baseline Topics: • • • • • • Manage firmware Catalogs Create a firmware baseline Delete a firmware baseline Check the compliance of a device firmware against its baseline Edit a firmware baseline Delete a firmware baseline Manage firmware Catalogs Catalogs are bundles of firmware based on device types. All the available catalogs (update packages) are validated and posted to Dell.com.
4. In the User Name box, enter the user name of the device where the catalog is stored. 5. In the Password box, enter the password of the device to access the share. Type the username and password of the shared folder where the catalog.xml file is stored. • HTTP 1. In the Share Address box, enter the IP address of the system where the firmware catalog is stored on the network. 2. In the Catalog File Path box, enter the full file path of the catalog file location. Example path: compute/catalog.xml.
2. To go back to the Firmware page, click Back to Firmware. NOTE: Catalogs cannot be deleted if linked to a firmware baseline. Related information Create a firmware catalog by using local network Create a firmware baseline NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary user privileges. See Role-based OpenManage Enterprise user privileges. NOTE: When a device is connected, the firmware version, if earlier than baseline version, is not automatically updated.
Check the compliance of a device firmware against its baseline NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary user privileges. See Role-based OpenManage Enterprise user privileges. NOTE: When a device is connected, the firmware version, if earlier than baseline version, is not automatically updated. You must update the firmware version.
• • • • • • • • • A list of components and their compliance to the firmware baseline is displayed. 2. Select the check box(es) corresponding to the devices whose firmware compliance status is Critical and requires an update. 3. Click Update Firmware. See Updating the device firmware version. SERVICE TAG: Click to view complete information about the device on the page. For more information about tasks you can complete on this page, see Viewing and configuring devices.
Delete a firmware baseline Select the check box corresponding to the baseline, and then click Delete. The firmware baseline is deleted and the updated information is displayed in the Baseline list.
9 Manage device configuration templates From the OpenManage Enterprise menu, by clicking Configuration > Deploy, you can set the configuration properties such as network properties, and BIOS versions of servers, and chassis by using device configuration templates—predefined templates or custom templates. Templates enable you to optimize your data center resources, Subject Matter Expert (SME) bandwidth, and reduce the cycle time in creating clones and deployments.
After successful creation, the job is displayed in the list. A template creation job is started and the status is displayed in the STATUS column. The job information is also displayed on the Monitor > Jobs page. To view additional details of the job, select the job and click View Details in the working pane. On the Job Details page, the execution details of the job are displayed. In the Results pane, click View Details to view detailed information of the job execution.
• System profile: From the drown-down menu, select to specify the type of performance optimization to be achieved in the system profile. • User accessible USB ports: From the drop-down menu, select to specify the ports that the user can access. • By default, the use of logical processor and in-band manageability are enabled. • Optimize based on workload: From the Select workload profile drop-down menu, select to specify the type of workload performance optimization you want achieve on the profile. 2.
NOTE: During deployment of an MX7000 chassis template: • The target device can only be the lead MX7000 chassis. • If an MX7000 chassis is removed from group, it has to be rediscovered in OpenManage Enterprise. • Users on the MX7000 chassis are replaced by the users who are configured in the template. • Imported Active Directory settings are replaced with the values in chassis profile. 1.
3. Assign virtual identities to a device template—Select a device template from the Templates pane, and click Edit Network to assign an identity pool to the device template. You can also select the Tagged and Untagged network, and assign the minimum and maximum bandwidth to the ports. 4. Deploy the device template on target devices—Use the Deploy Template task under the Deploy tab to deploy the device template and virtual identities on the target devices.
a) Enter a unique name for the identity pool and an appropriate description. b) Click Next. 4. In the Ethernet section: a) Select the Include ethernet virtual MAC addresses check box to include the MAC addresses. b) Enter a starting MAC address and specify the number of virtual MAC identities to be created. 5. In the iSCSI section: a) b) c) d) Select the Include iSCSI MAC addresses check box to include iSCSI MAC addresses.
Include iSCSI MAC Select the check box to add the iSCSI MAC addresses to the identity pool. Addresses Starting MAC Address Enter the starting MAC address of the identity pool in one of the following formats: • • • AA:BB:CC:DD:EE:FF AA-BB-CC-DD-EE-FF AABB.CCDD.EEFF The maximum length of a MAC address is 50 characters. This option is displayed only if the Include iSCSI MAC Addresses check box is selected. Number of iSCSI MAC addresses Enter the number of iSCSI MAC addresses.
Create Identity Pool - Fibre channel over ethernet You can add the required number of Fibre Channel over Ethernet (FCoE) Initialization Protocol (FIP) MAC addresses to the identity pool. The World Wide Port Name (WWPN)/World Wide Node Name (WWNN) values are generated from these MAC addresses. Include FCoE Identity Select the check box to include the FCoE MAC addresses to the identity pool.
View definitions of identity pools To view the definitions of an identity pool: 1. On the Configuration page, click Identity Pools. 2. Select an identity pool, and then click Summary. The various identity definitions of the identity pool are listed. 3. To view the usage of these identity definitions, click the Usage tab and select the View By filter option.
Network types Description VM Migration Used for VLANs supporting vMotion and similar technologies VMWare FT Logging Used for VLANs supporting VMware Fault Tolerance Edit or delete a configured network 1. On the Configuration page, click Networks. 2. Select a network from the list, and then click Edit in the right pane to change the name, description, VLAN ID, or the network type.
Delete identity pools You cannot delete an identity pool if the identities are reserved or assigned to a configuration template. To delete an identity pool: 1. On the Configuration page, click Identity Pools. 2. Select the identity pool, and then click Delete. 3. Click Yes. The identity pool is deleted and the reserved identities associated with one or more templates are removed. Reclaim assigned virtual identities You can reclaim the assigned virtual identities from a device based on your preference.
10 Managing the device configuration compliance By selecting OpenManage Enterprise > Configuration > Compliance, you can create configuration baselines by using the built-in or user-created compliance templates. You can create a configuration compliance template from an existing deploy template, reference device, or by importing from a file. To use this feature, you must have the Enterprise level license of OpenManage Enterprise and iDRAC for servers.
Manage compliance baseline templates Use compliance template to create compliance baselines and then periodically check the configuration compliance status of devices that are associated with the baseline. See Managing the device configuration compliance. You can create baseline templates by using deployment template, reference device, importing from a file. See Manage compliance baseline templates. By selecting Configuration > Compliance > Template Management, you can view the list of compliance templates.
A template creation job is created and run. The newly created compliance baseline template is listed on the Compliance Templates page. Create a compliance baseline by importing from a file 1. Click Configuration > Compliance > Template Management > Create > Import from File. 2. In the Import Compliance Template dialog box, enter a name for the baseline compliance template. 3. Select either the server or chassis template type, and then click Select a file to browse through to the file and select. 4.
When you select a template for creating a baseline, the attributes associated with the templates are also selected. However, you can edit the baseline properties. See Edit a configuration compliance baseline. CAUTION: If a template used for a baseline is already associated with another baseline, editing the template properties changes the baseline compliance levels of devices already associated. Read through the Error and Event message displayed and act accordingly.
Remediate noncompliant devices You can remediate the devices which are not conforming to the associated baseline by changing the attribute values to match with the associated baseline attributes. To view the drifted attributes, from the device compliance report, click View Report. The Compliance Report table lists the attribute names with the expected and current values of the attributes. To remediate one or more noncompliant devices: 1. Select Configuration > Compliance. 2.
11 Monitoring device alerts By clicking the OpenManage Enterprise menu, and selecting items under Alerts, you can: • • • • Monitor alerts by: • Acknowledge alerts • Ignore alerts • View archived alerts and Download archived alerts Create and manage alert policies. See Alert policies. View alert definitions. See Alert definitions. Export all or selected alert data. See Exporting data.
On this page, you can acknowledge, unacknowledge, ignore, export, delete, and archive alert data. For more information about archiving alerts, see View archived alerts. Related tasks Delete alerts Related information Monitoring device alerts Acknowledge alerts After you view an alert and understand its contents, you can acknowledge that you have read through the alert message. To acknowledge, select the check box corresponding to the alert, and then click Acknowledge.
Table 11. Alert purging Workflow Description Result Purge Task Runs after every 30 minutes on the console. If the alerts have reached its maximum capacity (that is, 50,000), check and generate the purge archives. Purge Alert Warning Generates an internal purge alert warning. If the alerts have exceeded more than 95% (that is, 475000), generates an internal purge alert to purge 10% of the alerts . Purge Alerts Alerts purged from the alert log.
1. Click the MOBILE cell corresponding to the alert policy. If enabled, the policy is disabled and the tick mark disappears. Vice-versa if disabled. • Send an SMS message: 1. Click the SMS cell corresponding to the alert policy. 2. In the Alert Actions: SMS dialog box, type phone number. 3. Click Finish. A tick mark is displayed in the cell. SMS message is sent when an alert is received that meets the set policy criteria. NOTE: An SMS is sent to only the US-based cell phones.
b) Click Next. 6. In the Severity section, select the severity level of the alert for which this policy must be activated. a) To select all the severity categories, select the All check box. b) Click Next. 7. In the Actions section, select one or more check boxes to initiate the following actions when the policy is run: • • • • • • • Send email to a designated recipient by selecting the Email check box, and specifying data in the fields.
9. In the Summary section, details of the alert policy you defined are displayed. Carefully read through the information. 10. Click Finish. The alert policy is successfully created and listed in the Alert Policies section.
• Enter the password or a SSH key. Provide a private key for the remote script execution. To generate a private key, run the following command in the remote host:ssh -keygen -t rsa. The private key is stored in the default folder—cd / root/ .ssh/. d) Command that must be run on the remote host server to open a ticket. Example command: ./RCE.sh $IP $MODEL $DATE $ASSETTAG $SERVICETAG 3. Click Save. The command is saved. You can set and run these commands also while setting your alert policies.
NOTE: The Disable button of an alert policy that is already disabled appears grayed-out. Related information Alert policies Forward audit logs to remote Syslog servers Delete alert policies To delete an alert policy, select the check box corresponding to the alert policy and click Delete. The alert policy is deleted and removed from the Alert Policies table. NOTE: You can delete multiple alert policies at a time by selecting the respective check boxes.
12 Manage audit logs Audit logs lists the actions that were performed on the devices monitored by OpenManage Enterprise. Log data help you or Dell EMC Support teams in troubleshooting and analysis. The audit log files can be exported to the .CSV file format. See Export all or selected data. NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary user privileges. See Role-based OpenManage Enterprise user privileges.
Forward audit logs to remote Syslog servers To monitor all the audit logs of OpenManage Enterprise from Syslog servers, you can create an alert policy. All the audit logs such as user login attempts, creation of alert policies, and running different jobs can be forwarded to Syslog servers. To create an alert policy to forward audit logs to Syslog servers: 1. Select Alerts > Alert Policies > Create. 2.
13 Using jobs for device control NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary user privileges. See Role-based OpenManage Enterprise user privileges. NOTE: Each job type is limited to devices that: • The user has permissions to access. • Have the ability to complete the required action. This rule is applicable to all tasks such as blink, power control, managing firmware baselines, and managing configuration compliance baseline, where the device selection task is involved.
• • • • Report_Task: Create reports about devices by using inbuilt or customized data fields. See Reports. Warranty: Generate data about devices' warranty status. See Manage the device warranty. Onboarding_Task: See Onboarding devices. Discovery: Discover devices to be managed by OpenManage Enterprise. See Discovering devices for monitoring or management. OpenManage Enterprise provides a built-in report to view the list of scheduled jobs.
3. Click Finish. The job is created and listed in the Jobs list and identified by an appropriate status in the JOB STATUS column. 4. If the job is scheduled for a later point of time, but you want to run the job immediately: • • • On the Jobs page, select the check box corresponding to the Scheduled job. Click Run Now. The job is run and the status is updated. To view the job data, click View Details in the right pane. See View an individual job information.
In the Job Target dialog box, the left pane lists the devices monitored by OpenManage Enterprise. In the working pane, list of devices associated with each group, and device details are displayed. For field descriptions, see Devices list. For information about device groups, see Organize devices into groups. 2. Select the check box corresponding to a device and click OK. The selected devices are displayed in the All Selected Devices section of the selected group.
14 Discovering devices for monitoring or management NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary user privileges. See Role-based OpenManage Enterprise user privileges. By clicking OpenManage Enterprise > Monitor > Discovery, you can discover devices in your data center environment to manage them, improve their usability, and improve resource availability for your business-critical operations.
• • • • • • Specify discovery mode for creating a chassis discovery job Specify discovery mode for creating a Dell storage and network switch discovery job Create customized device discovery job protocol for SNMP devices Specify discovery mode for creating a MULTIPLE protocol discovery job Delete a device discovery job Enable WS-Man in HTTPS mode for discovering Windows or Hyper-V servers Create a device discovery job NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary user privil
Onboarding devices Onboarding enables servers to be managed, rather than just be monitored. • • • • • If administrator-level credentials are provided during discovery, the servers are onboarded (the device status is displayed as "managed" in the All Devices view). If lower privileged credentials are provided during discovery, the servers are not onboarded (the status is displayed as "monitored" in the All Devices view).
Table 12.
Related information Discovering devices for monitoring or management Stop a device discovery job You can stop the job only if running. Discovery jobs that are completed or failed cannot be stopped. To stop a job: 1. In the list of existing discovery jobs, select the check box corresponding to the job you want to stop. NOTE: Multiple jobs cannot be stopped at a time. 2. Click Stop. The job is stopped and a message is displayed in the lower-right corner.
To remove a device from the global exclusion list: a. Select the check box and click Remove from Exclusion. b. When prompted, click YES. The device is removed from the global exclusion list. However, a device removed from the global exclusion list is not automatically monitored by OpenManage Enterprise. You must discover the device so that OpenManage Enterprise starts monitoring.
c) Enter in the Port box to edit the port number. By default, 443 is used to connect to the device. For supported port numbers, see Supported protocols and ports in OpenManage Enterprise. • Generate Trusted key: Disabled by default. Select to generate a trusted device key for communicating with devices. NOTE: First time, a user must generate the trust key by using the REST API, only after which this option can be used.
Related information Discovering devices for monitoring or management Create customized device discovery job protocol for SNMP devices By default, the Discover using SNMP check box is selected to enable you detect the storage, networking, or other SNMP devices. 1. Under Credentials, select the SNMP version, and then enter the community type. 2. In the Connection Settings section: a) In the Retries box, enter the number of repeated attempts that must be made to discover a server.
Enable WS-Man in HTTPS mode for discovering Windows or Hyper-V servers By default, the WS-Man service is not enabled on the Windows servers. You must enable the WS-Man service on target servers in HTTPS mode. Pre-requisites: • • • IIS with HTTPS enabled WS-Man service with HTTPS enabled PowerShell 4.0 to configure the WS-Man service with certificate Creating a Self-Sign Certificate NOTE: If you have a publicly-signed certificate, things are easier and you can use Set-WSManQuickConfig -UseSSL.
Kerberos = true Negotiate = true Certificate = true CredSSP = false DefaultPorts HTTP = 5985 HTTPS = 5986 TrustedHosts Service RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD) MaxConcurrentOperations = 4294967295 MaxConcurrentOperationsPerUser = 1500 EnumerationTimeoutms = 240000 MaxConnections = 300 MaxPacketRetrievalTimeSeconds = 120 AllowUnencrypted = false Auth Basic = true Kerberos = true Negotiate = true Certificate = false CredSSP = false CbtHardeningLevel = Relaxed D
15 Managing device inventory NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary user privileges. See Role-based OpenManage Enterprise user privileges. By clicking OpenManage Enterprise > Monitor > Inventory, you can generate a device inventory report to better manage your data center, reduce maintenance, maintain minimum stock, and reduce operational costs.
6. Click Finish. 7. The job is created and listed in the queue. An inventory job is created displayed in the list of inventory jobs. The SCHEDULE column specifies whether the job is Scheduled or Not Scheduled. See Run an inventory job now. Related information Managing device inventory Run an inventory job now NOTE: You cannot rerun a job that is already running. 1. In the list of existing inventory schedule jobs, select the check box corresponding to the inventory job you want to run immediately. 2.
16 Manage the device warranty NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary user privileges. See Role-based OpenManage Enterprise user privileges. By clicking OpenManage Enterprise > Monitor > Warranty, you can view the warranty statuses of devices monitored by OpenManage Enterprise. You can export selected or all data to Excel sheet for statistical and analytical purposes.
17 Reports By clicking OpenManage Enterprise > Monitor > Reports, you can build customized reports to view device details at depth. Reports enables you to view data about the devices, jobs, alerts, and other elements of your data center. Reports are built-in, and user-defined. You can edit or delete only the user-defined reports. Definitions and criteria used for a built-in report cannot be edited or deleted. A preview about the report you select from the Reports list is displayed in the right pane.
Run reports NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary user privileges. See Role-based OpenManage Enterprise user privileges. When you run a report, the first 20 rows are displayed and paginated results can be paged through. To view all the rows at one time, download the report. To edit this value, see Export all or selected data. Data displayed in the output cannot be sorted because it is defined in the query used to build a report.
2. In the Report Definition dialog box, edit the settings. See Creating reports. 3. Click Save. The updated information is saved. An audit log entry is made whenever you generate, edit, delete, or copy a report definition. NOTE: While editing a customized-report, if the category is changed, the associated fields are also removed. Related information Reports Copy reports Only user-created reports can be copied. 1. Select the report, click More Actions, and then click Copy. 2.
Table 14. The role-based access privileges for generating reports on OpenManage Enterprise User Role... Report tasks permitted... Administrators and Device Managers Run, create, edit, copy, email, download, and export Viewers Run, email, export, view, and download 1. Click Reports > Create. 2. In the Report Definition dialog box: a) Type the name and description of the new report to be defined. b) Click Next. 3.
Remove a configuration compliance baseline Export selected reports 1. Select the check boxes corresponding to the reports to be exported, click More Actions, and then click Export Selected. Currently, you cannot export all the reports at a time. 2. In the Export Selected Reports dialog box, select any one of the following file formats in which the report must be exported — HTML, CSV, or PDF. 3. Click Finish. In the dialog box, open or save the file to a known location for analysis and statistical purposes.
18 Managing MIB files NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary user privileges. See Role-based OpenManage Enterprise user privileges. Third party tools in your data center may generate alerts that are vital for your operations. Such alerts are stored in the Management Information Base (MIB) files defined and understood by respective vendor tools.
If the MIB has import statements that are resolved by external MIBs, a message is displayed. a) Click Resolve Types. Resolve the MIB types. See Remove MIB files. b) Click Finish. If the MIB file is Dell EMC owned, a message indicates that the MIB is shipped with the product and cannot be modified. 3. Click Next. 4. In the View Traps section, a list of MIB files is displayed with the following information: • • • • • • Alert category of the trap.
2. Click Remove MIB. 3. In the Remove MIB dialog box, select the check boxes of the MIBs to be removed. 4. Click Remove. The MIB files are removed and the MIB table is updated. Resolve MIB types 1. Import the MIB files. See Import MIB files. If the MIB type is unresolved, the Unresolved Types dialog box lists MIB type(s) indicating that the MIB type(s) will be imported only if resolved. 2. Click Resolve Types. 3. In the Resolve Types dialog box, click Select Files, and then select the missing file(s). 4.
19 Managing OpenManage Enterprise appliance settings NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary user privileges. See Role-based OpenManage Enterprise user privileges. NOTE: For information about supported browsers, see the OpenManage Enterprise Support Matrix available on the support site.
Configure OpenManage Enterprise network settings NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary user privileges. See Role-based OpenManage Enterprise user privileges. NOTE: If you have more than one IP for OpenManage Enterprise by using vNIC, you must use only the IPv4 address that is indicated in the Current IP Address field (click Application Settings > Current Settings) for accessing the REST API. 1.
• • • • USERNAME: Along with the users you created, OpenManage Enterprise displays the following default user roles that cannot be edited or deleted: admin, system, and root. However, you can edit the login credentials by selecting the default username and clicking Edit. See Enable OpenManage Enterprise users. The recommended characters for user names are as follows: • • • • 0–9 A–Z a–z -!#$%&()*/;?@[\]^_`{|}~+<=> • The recommended characters for passwords are as follows: • 0–9 • A–Z • a–z • '-!"#$%&(
Delete OpenManage Enterprise users 1. Select the check box corresponding to the username and click Delete. 2. When prompted, click YES. Related reference Disable OpenManage Enterprise users Enable OpenManage Enterprise users Related information Manage OpenManage Enterprise users Delete Directory services Select the check box corresponding to the Directory Services to be deleted, and then click Delete.
OpenManage Enterprise features User levels for accessing OpenManage Enterprise Admin Device Manager Viewer View Y Y Y Manage templates Y Y N Manage baseline Y Y N Configure device Y Y N Update device Y Y N Manage jobs Y Y N Create monitoring policies Y Y N Deploy OS Y Y N Power control Y Y N Manage reports Y Y N Refresh inventory Y Y N Set up the OpenManage Enterprise appliance Y N N Manage discovery Y N N Manage groups Y N N Set up security Y N
3. Click Finish. A message is displayed that the user is successfully saved. A job is started to create a new user. After running the job, the new user is created and displayed in the list of users. Edit OpenManage Enterprise user properties 1. On the Application Settings page, under Users, select the check box corresponding to the user. 2. Complete the tasks in Add and edit OpenManage Enterprise users. The updated data is saved.
Directory services integration in OpenManage Enterprise Directory Services allows you to import directory groups from AD or LDAP for use on the console. To use Directory Services: • • • Add a directory connection. See Add or edit Active Directory groups to be used with Directory Services. Import directory groups and map all users in the group to a specific role. See Import AD and LDAP groups. For DM users, edit the directory group to add the groups the DM can manage.
• • DNS: In the Method box, enter the domain name to query DNS for the domain controllers. Manual: In the Method box, enter the FQDN or the IP address of the domain controller. For multiple servers, a maximum of three servers are supported, use a comma-separated list. c) Enter the LDAP Binder Distinguished Name (DN) and password. 3. In the Advanced Options section: a) By default, LDAP port number of 636 is populated. To change, enter a port number.
Security Certificates By clicking Application Settings > Security > Certifciates, you can view information about the currently available SSL certificate for the device. NOTE: To perform any tasks on OpenManage Enterprise, you must have necessary user privileges. See Role-based OpenManage Enterprise user privileges. To generate a Certificate Signing Request (CSR), see Generate and download the certificate signing request.
3. To use the system hostname for discovering a device, select the Prefer System Hostname check box. 4. To discover a device by using the system hostname through iDRAC, select the Prefer iDRAC Hostname check box. 5. Expand Advance Settings: • • Enter one or more invalid hostname separated by a comma in Invalid Device Hostname. By default, a list of invalid device hostname is populated. • Enter the common MAC addresses separated by a comma in Common MAC Addresses.
• To apply the TrapForward settings: 1. Expand TrapForward Settings. • To forward the trap, select AS_IS. • To forward the normalized trap, select Normalized. 2. Click Apply. 3. To reset the settings to default attributes, click Discard. Set SNMP Credentials 1. Click Credentials. 2. In the SNMP Credentials dialog box: a) b) c) d) e) In the User Name box, enter the login ID of the user managing the OpenManage Enterprise settings.
• • • • Allocate at least an hour for the update process. Allocate more time if the update must be downloaded by using a slower network connection. Ensure that no device configuration tasks or deployment tasks are running or are scheduled to run during the planned downtime. Notify other console users of the impending scheduled update. Take a VM snapshot of the console as a backup in case something unexpected occurs. (Allocate more downtime for this, if necessary).
Update from an internal network share You must set up a local share and manually download the update package when you are not automatically connected to Dell.com. An audit log is created after every manual attempt to find an update. NOTE: Updating OpenManage Enterprise version 3.0 to 3.1 through a shared Network File Share (NFS) is not supported. You can update by selecting the Automatic and Online options, or by using HTTP and HTTPS methods.
Process map for checking and updating the OpenManage Enterprise version Related information Deploying and managing OpenManage Enterprise Execute remote commands and scripts When you get an SNMP trap, you can run a script on OpenManage Enterprise to set up a policy that opens a ticket on your third party ticketing system for alert management. You can create and store only four remote commands for running immediately or at a later time. 1. Click Application Settings > Script Execution. 2.
• • Enter the user name. Enter the password or a SSH key. Provide a private key for the remote script execution. To generate a private key, run the following command in the remote host:ssh -keygen -t rsa. The private key is stored in the default folder—cd / root/ .ssh/. d) Command that must be run on the remote host server to open a ticket. Example command: ./RCE.sh $IP $MODEL $DATE $ASSETTAG $SERVICETAG 3. Click Save. The command is saved.
NOTE: For OpenManage Enterprise to send alert notifications to OpenManage Mobile, ensure that the OpenManage Enterprise server has outbound (HTTPS) Internet access. To enable or disable alert notifications from OpenManage Enterprise to OpenManage Mobile: 1. Click OpenManage Enterprise > Application Settings > Mobile. 2. Select the Enable push notifications check box. 3. Click Apply.
Delete an OpenManage Mobile subscriber View the alert notification service status Related information OpenManage Mobile settings Delete an OpenManage Mobile subscriber View the alert notification service status OpenManage Enterprise forwards alert notifications to OpenManage Mobile subscribers through their respective device platform alert notification service.
Table 19. OpenManage Mobile subscriber information Field Description ENABLED Select or clear the check box, and then click Enable or Disable respectively to enable or disable the alert notifications to an OpenManage Mobile subscriber. STATUS Displays the status of the subscriber, indicating whether or not OpenManage Enterprise is able to send alert notifications successfully to the Alert Forwarding Service. STATUS MESSAGE Status description of the status message.
Problem Reason Resolution The device communication token is no The OpenManage Mobile application has longer registered with the platform provider been updated, restored, uninstalled, or the service. [Code 203] device operating system has been upgraded or restored. Reinstall OpenManage Mobile on the device or follow the OpenManage Mobile troubleshooting procedures specified in the OpenManage Mobile User’s Guide and reconnect the device to OpenManage Enterprise.
20 Other references and field descriptions Definitions about some of the commonly displayed fields on the OpenManage Enterprise Graphical User Interface (GUI) are listed and defined in this chapter. Also, other information that is useful for further reference is described here. Topics: • • • • • • • • • Schedule Reference Firmware baseline field definitions Schedule job field definitions Field service debug workflow Unblock the FSD capability Install or grant a signed FSD DAT.
• • • Allow enabling and copying of debug logs Allow copying of real-time logs Allow backing up or restoring of database to VM. The topics referenced in each task provide detailed instructions. To enable FSD, perform the following tasks: 1. Unblock FSD capability. See Unblock the FSD capability. 2. Install or grant signed FSD DAT.ini file. See Install or grant a signed FSD DAT.ini file. 3. Invoke FSD. See Invoke FSD. 4. Disable FSD. See Disable FSD.
2. On the Invoke Requested Debug Capabilities screen, select a debug capability from a list of debug capabilities that is approved in the Dell EMC signed DAT.ini file. In the lower-right corner, click Invoke. NOTE: The debug capability that is currently supported is, RootShell. While the invoke command is run, OpenManage Enterprise can start an SSH daemon. The external SSH client can attach with OpenManage Enterprise for debugging purposes.
