Users Guide
NOTE: When the iDRAC Service Module is disabled, the iDRAC GUI Launcher icon is also disabled.
NOTE: If the default browser proxy is set to use the system proxy, then you will see a failure to launch the iDRAC GUI.
You have to copy the IP address from the address bar and enter it in the exception list of 'proxy settings'.
Single sign-on (SSO) to iDRAC GUI from Host OS
administrators desktop
Overview
Starting iSM 3.5, host administrators have an option to launch iDRAC from within the host OS using IPv6. iDRAC SSO launcher requires
a desktop environment of the host OS.
NOTE: Non-administrators cannot access this feature on the host OS.
The single sign-on (SSO) feature enables an authenticated OS administrator to directly access the iDRAC web interface without requiring
login of separate iDRAC administrator credentials. On installing this feature, a Program Menu shortcut that is called Invoke-
iDRACLauncher on Microsoft Windows operating systems is created. On the Linux operating system, iSM creates a shortcut under
Applications, where the user can double-click and launch the iDRAC dashboard. iSM provides a command-line interface that is called
Invoke-iDRACLauncher on Microsoft Windows operating systems and Invoke-iDRACLauncher.sh on Linux operating systems.
Starting iSM 3.5, user can configure the iDRAC service module using IPv6 address. By default, the communication is established through
IPv4. Upon failure, the communication is reattempted through IPv6. An error message is displayed, when the communication fails.
User can update the IPv6 address using RACADM-passthrough commands and it accepts any valid IPv6 address. The single sign-on
feature over IPv6 is valid only when IPv6 is configured within the below range:
fde1:53ba:e9a0:de12::/64
fde1:53ba:e9a0:de13::/64
fde1:53ba:e9a0:de14::/64
fde1:53ba:e9a0:de15::/64
fde1:53ba:e9a0:de16::/64
Users can choose from two types of privileges to log in to iDRAC.
• Read-Only user: An express or basic install of iSM installs iDRAC SSO launcher, enabling the Administrator to log in to iDRAC as a
Read-Only user. Besides the ability to view component health status, logs, and inventory, few additional SupportAssist operations
that are required by the service personnel are enabled.
• Administrative user: Installing this feature by selecting the Administrator privilege, enables the Host OS Administrator to log in to
iDRAC as an Operator user. The user can perform all the operations as that of an iDRAC root user except configuring or deleting
iDRAC users or clearing the Lifecycle Log.
NOTE:
Host OS users without administration rights cannot initiate iDRAC GUI launcher, if the iDRAC firmware version is
4.00.00.00 or later and the communication between iDRAC and iSM is not through IPv4.
NOTE: See the
iDRAC 9 User's Guide
for specific privileges that are granted to a
Read-only
or
Operator
user account.
Disable Single Sign-On into iDRAC from Host OS: The user can also opt to Disable this feature completely. When iSM is installed by
disabling this feature, launching iDRAC GUI launcher launches the iDRAC login page with the default browser.
NOTE:
Invoke-iDRACLauncher
is independent of the iSM service and can be invoked even if iSM service is stopped.
NOTE: When browsers are not installed on the Host OS or
Invoke-iDRACLauncher
is not able to launch iDRAC due to
browser issue, a session is created in iDRAC already. An iDRAC admin user can log in to iDRAC and delete the sessions.
Following are the iDRAC GUI Launcher behavior with different OS-to-iDRAC Passthrustates:
• When OS-to-iDRAC Passthru setting in iDRAC is disabled, Invoke-iDRACLauncher prompts if you want to enable OSBMC-Passthru
in USBNIC mode.
• When OS-to-iDRAC Passthru setting is already configured in LOM mode, the iDRAC Launcher does not launch the iDRAC GUI.
• When OS-to-iDRAC Passthru setting is disabled in iDRAC and Disable iDRAC Local Configuration using Settings is also
disabled or lockdown mode is enabled in iDRAC, iDRAC GUI is not launched.
iDRAC Service Module monitoring features
37