Users Guide

ManualsBrandsDell ManualsActive System ManageriDRAC6 for Blade Servers Version 3.0

161

162

163

164

165

166

167

168

169

170

Table Of Contents

Integrated Dell Remote Access Controller 6 (iDRAC6) Enterprise for Blade Servers Version 3.0
User Guide
Contents
iDRAC6 Enterprise Overview
- IPv6 Ready Logo Certification
- iDRAC6 Security Features
- iDRAC6 Enterprise and vFlash Media
- Supported Platforms
- Supported Operating Systems
- Supported Web Browsers
- Supported Remote Access Connections
- iDRAC6 Ports
- Other Documents You May Need
Configuring iDRAC6 Enterprise
- Before You Begin
- Interfaces for Configuring iDRAC6
- Configuration Tasks
- Configuring Network Settings Using CMC Web Interface
  - Launching iDRAC6 Web Interface From CMC
  - Configuring Networking for iDRAC6
- Viewing FlexAddress Mezzanine Card Fabric Connections
  - FlexAddress MAC for iDRAC6
- Remote Syslog
- First Boot Device
- Remote File Share
- Internal Dual SD Module
  - Viewing Internal Dual SD Module Status Using GUI
- Updating iDRAC6 Firmware
- Updating the USC Repair Package
- Configuring iDRAC6 For Use With IT Assistant
- Using iDRAC6 Configuration Utility to Enable Discovery and Monitoring
- Using iDRAC6 Web Interface to Enable Discovery and Monitoring
- Using IT Assistant to View iDRAC6 Status and Events
Configuring the Management Station
- Management Station Set Up Steps
- Management Station Network Requirements
- Configuring a Supported Web Browser
- Installing iDRAC6 Software on the Management Station
  - Installing and Uninstalling RACADM on a Management Station
  - Installing and Uninstalling RACADM on Linux
- Installing a Java Runtime Environment (JRE)
- Installing Telnet or SSH Clients
- Installing a TFTP Server
- Installing Dell OpenManage IT Assistant
- Installing Dell Management Console
Configuring the Managed Server
- Installing the Software on the Managed Server
- Configuring the Managed Server to Capture the Last Crash Screen
- Disabling the Windows Automatic Reboot Option
Configuring iDRAC6 Enterprise Using the Web Interface
- Accessing the Web Interface
- Configuring iDRAC6 NIC
  - Configuring the Network, IPMI, and VLAN Settings
  - Configuring IP Filtering and IP Blocking
- Configuring Platform Events
- Configuring IPMI Over LAN
- Adding and Configuring iDRAC6 Users
  - Public Key Authentication over SSH
- Securing iDRAC6 Communications Using SSL and Digital Certificates
- Configuring and Managing Microsoft Active Directory Certificates
  - Configuring Active Directory (Standard Schema and Extended Schema)
  - Viewing an Active Directory CA Certificate
- Enabling or Disabling Local Configuration Access
  - Enabling Local Configuration Access
  - Disabling Local Configuration Access
- Configuring iDRAC6 Services
- Updating iDRAC6 Firmware
  - Updating iDRAC6 Firmware Using CMC
  - iDRAC6 Firmware Rollback
Using iDRAC6 Directory Service
- Using iDRAC6 With Microsoft Active Directory
- Prerequisites for Enabling Active Directory Authentication for iDRAC6
  - Enabling SSL on a Domain Controller
- Supported Active Directory Authentication Mechanisms
- Extended Schema Active Directory Overview
- Configuring Extended Schema Active Directory to Access iDRAC6
- Standard Schema Active Directory Overview
  - Single Domain Versus Multiple Domain Scenarios
- Configuring Standard Schema Active Directory to Access iDRAC6
  - Configuring Active Directory With Standard Schema Using iDRAC6 Web Interface
  - Configuring Active Directory With Standard Schema Using RACADM
- Testing Your Configurations
- Using iDRAC6 with LDAP Directory Service
  - Login Syntax (Directory User versus Local User)
  - Configuring Generic LDAP Directory Service Using iDRAC6 Web-Based Interface
- Frequently Asked Questions
Configuring iDRAC6 for Single Sign- On and Smart Card Login
- About Kerberos Authentication
- Prerequisites for Active Directory SSO and Smart Card Authentication
- Using Active Directory SSO
  - Configuring iDRAC6 to Use SSO
  - Logging Into iDRAC6 Using SSO
- Configuring Smart Card Authentication
- Configuring Smart Card Login in iDRAC6
- Logging Into iDRAC6 Using Active Directory Smart Card Authentication
- Frequently Asked Questions About SSO
- Troubleshooting the Smart Card Logon in iDRAC6
Viewing the Configuration and Health of the Managed Server
- System Summary
- System Details
  - Main System Enclosure
  - Integrated Dell Remote Access Controller 6 - Enterprise
- WWN/MAC
- Server Health
Configuring and Using Serial Over LAN
- Enabling Serial Over LAN in the BIOS
- Configuring Serial Over LAN in iDRAC6 Web GUI
- Using Serial Over LAN (SOL)
- Operating System Configuration
  - Linux Enterprise Operating System
  - Windows 2003 Enterprise
Using GUI Virtual Console
- Overview
- Using Virtual Console
- Using the Video Viewer
  - Synchronizing the Mouse Pointers
  - Disabling or Enabling Local Console
- Launching Virtual Console and Virtual Media Remotely
  - URL Format
  - General Error Scenarios
- Frequently Asked Questions
Configuring the vFlash SD Card and Managing vFlash Partitions
- Installing a vFlash or Standard SD Card
  - Removing a vFlash or Standard SD Card
- Configuring vFlash or Standard SD Card Using RACADM
- Managing vFlash Partitions Using iDRAC6 Web Interface
- Managing vFlash Partitions Using RACADM
- Frequently Asked Questions
Configuring and Using Virtual Media
- Overview
  - Windows-Based Management Station
  - Linux-Based Management Station
- Configuring Virtual Media
- Running Virtual Media
- Frequently Asked Questions
Using the RACADM Command Line Interface
- RACADM Subcommands
- Using local RACADM Commands
- Using the RACADM Utility to Configure iDRAC6
- Remote and SSH/Telnet RACADM
  - Remote RACADM Usage
  - Remote RACADM Options
- Using an iDRAC6 Configuration File
- Configuring Multiple iDRAC6s
Power Monitoring and Power Management
- Configuring and Managing Power
- Power Monitoring
  - Viewing Power Monitoring
- Power Budgeting
- Power Control
  - Executing Power Control Operations on the Server
Using iDRAC6 Enterprise SM-CLP Command Line Interface
- System Management With SM-CLP
- iDRAC6 SM-CLP Support
  - How to start an SM-CLP session
- SM-CLP Features
- Navigating the MAP Address Space
  - Targets
- Using the Show Verb
- iDRAC6 SM-CLP Examples
Using the WS-MAN Interface
- WS-Management Features
- Supported CIM Profiles
Deploying Your Operating System Using iVMCLI
- Before You Begin
  - Remote System Requirements
  - Network Requirements
- Creating a Bootable Image File
  - Creating an Image File for Linux Systems
  - Creating an Image File for Windows Systems
- Preparing for Deployment
  - Configuring the Remote Systems
- Deploying the Operating System
- Using the Virtual Media Command Line Interface Utility
Using iDRAC6 Configuration Utility
- Overview
- Starting iDRAC6 Configuration Utility
- Using iDRAC6 Configuration Utility
Recovering and Troubleshooting the Managed System
- Safety First - For You and Your System
- Trouble Indicators
- Problem Solving Tools
- Troubleshooting and Frequently Asked Questions
Index

Configuring iDRAC6 for Single Sign-On and Smart Card

Configuring iDRAC6 for Single Sign-

On and Smart Card Login

This section provides information to configure iDRAC6 for Smart Card login

for local users and Active Directory users, and Single Sign-On (SSO) login for

Active Directory users.

iDRAC6 supports Kerberos based Active Directory authentication to support

Active Directory Smart Card and Single Sign-On (SSO) logins.

About Kerberos Authentication

Kerberos is a network authentication protocol that allows systems to

communicate securely over a non-secure network. It achieves this by allowing

the systems to prove their authenticity. To keep with the higher

authentication enforcement standards, iDRAC6 now supports Kerberos based

Active Directory authentication to support Active Directory Smart Card and

single sign-on (SSO) logins.

Microsoft Windows 2000, Windows XP, Windows Server 2003,

Windows Vista, and Windows Server 2008 use Kerberos as their default

authentication method.

iDRAC6 uses Kerberos to support two types of authentication mechanisms—

Active Directory single sign-on and Active Directory Smart Card logins. For

single-sign on login, iDRAC6 uses the user credentials cached in the

operating system after the user has logged in using a valid Active Directory

account.

For Active Directory smart card login, iDRAC6 uses smart card-based two

factor authentication (TFA) as credentials to enable an Active Directory

Kerberos authentication on iDRAC6 fails if iDRAC6 time differs from the

Domain Controller time. A maximum offset of 5 minutes is allowed. To

enable successful authentication, synchronize the server time with the

Domain Controller time and then reset iDRAC6.