Integrated Dell™ Remote Access Controller 6 (iDRAC6) Version 1.0 User Guide w w w. d e l l . c o m | s u p p o r t . d e l l .
Notes and Cautions NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. ___________________ Information in this document is subject to change without notice. © 2009 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Contents ContentsContents 1 iDRAC6 Overview . . . . . . . . . . . . . . . . . . iDRAC6 Express Management Features iDRAC6 Enterprise . . . . . . . . . 27 . . . . . . . . . . . . . . . . . . . 29 iDRAC6 Security Features . Supported Platforms . . . . . . . . . . . . . . . 29 . . . . . . . . . . . . . . . . . . 29 Supported Operating Systems . Supported Web Browsers . . . . . . . . . . . . . . 30 . . . . . . . . . . . . . . . 31 Supported Remote Access Connections iDRAC6 Ports 27 . . . .
2 Getting Started With the iDRAC6 3 Basic Installation of the iDRAC6 Before You Begin . . . . . . 35 . . . . . . . 37 . . . . . . . . . . . . . . . . . . . . 37 Installing the iDRAC6 Express/Enterprise Hardware . . . . . . . . . . . . . . . . . . . . . . . . Configuring Your System to Use an iDRAC6 . . . . . . . Software Installation and Configuration Overview . . . 39 40 . . . . . . . . . . . . . .
Configuring a Supported Web Browser . . . . . . . . Configuring Your Web Browser to Connect to the iDRAC6 Web-Based Interface . List of Trusted Domains . . 45 . . . . . . . . . . . . . . 45 32-bit and 64-bit Web Browsers . . . . . . . . . . Viewing Localized Versions of the Web-Based Interface . . . . . . 4 . . . . . . . . . Configuring the iDRAC6 Using the Web Interface . . . . . . . . . . 46 46 . . . . . . . . 49 . . . . . . . . . . . . . . 50 . . . . . . . . . . . . . . . . . . . . .
. . . . . 67 . . . . . . . . . . . 69 Configuring and Managing Active Directory Certificates . . . . . . . . . . . . . . 71 Configuring iDRAC6 Services . . . . . . . . . . . . . . 74 Generating a Certificate Signing Request Uploading a Server Certificate Updating the iDRAC6 Firmware/System Services Recovery Image . . . . . . . . iDRAC6 Firmware Rollback 5 . . . . . . . . 77 . . . . . . . . . . . . . 79 Advanced Configuration of the iDRAC6 . . . . . . . . . . . . Before You Begin . . . . .
Configuring the Management Station Terminal Emulation Software . . . . . . . . . . . . . . 96 Configuring Linux Minicom for Serial Console Emulation . . . . . . . . . . . . . 97 Configuring HyperTerminal for Serial Console Redirection . . . . . . . . . . . . . 98 Configuring Serial and Terminal Modes . . . . . . . . Configuring IPMI and iDRAC6 Serial . Configuring Terminal Mode . . . . . . . 99 . . . . . . . . . . . . 101 Configuring the iDRAC6 Network Settings . . . . . . . 102 . . . . .
6 Adding and Configuring iDRAC6 Users . . . . . . . . . . . . . . . . . . . . Using the Web Interface to Configure iDRAC6 Users . . . . . . . . . . . . . . . . . . . . . . Adding and Configuring iDRAC6 Users . 121 . . . . . . . . 125 . . . . . . . . . . . . . . . . . . 126 Adding an iDRAC6 User 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 Enabling an iDRAC6 User With Permissions . . . . . . . . . . . . . . . . . . 128 Using the iDRAC6 With Microsoft Active Directory . . . .
Adding iDRAC Users and Privileges to Active Directory . . . . . . . . . . . . Configuring Active Directory With Extended Schema Using the iDRAC6 Web-Based Interface . . . . . . . . . . . . . . 142 . . . . . . . 144 Configuring Active Directory With Extended Schema Using RACADM . . . . . 146 . . . . . 149 . . . . . . . . . . 151 Standard Schema Active Directory Overview Single Domain Versus Multiple Domain Scenarios . . . . . . .
Configuring Active Directory Users for Smart Card Logon . . . . . . . . . . . Configuring Smart Card . . . . . . . . . 167 . . . . . . . . . . . . . . . . . 167 Logging Into the iDRAC6 Using the Smart Card . Logging Into the iDRAC6 Using Active Directory Smart Card Authentication . . . . . 169 . . . . . . . . . 170 Troubleshooting the Smart Card Logon in iDRAC6 9 Using GUI Console Redirection . Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using Console Redirection .
Supported Virtual Media Configurations Booting From Virtual Media . . . . . 187 . . . . . . . . . . . . 189 Installing Operating Systems Using Virtual Media . . . . . Using Virtual Media When the Server’s Operating System Is Running . . . . . Frequently Asked Questions . . . . . . 191 . . . . . . . . . . . . . . 192 11 Using the WS-MAN Interface Supported CIM Profiles . . . . . . . . iDRAC6 SM-CLP Support 198 . . . . . . . . . . 201 . . . . . . . . . . . . . . . . 201 . . . . . . . . . .
Preparing for Deployment . . . . . . . . . . . . . . . . . . . . . . . . . 210 . . . . . . . . . . . . 211 . . . . . . . . . . . . . . . . . 212 Configuring the Remote Systems . Deploying the Operating System Using the VMCLI Utility . . . . . . . . . . . . . 213 . . . . . . . . . . . . . . . 213 . . . . . . . . . . . . . . . . .
Virtual Media Configuration . . . . . . . . . . 232 . . . . . . . . . . . . . . . . . 232 System Services Configuration LCD Configuration . . . . . . . . . . . . . . 233 . . . . . . . . . . . . . . . . . . 234 LAN User Configuration Reset to Default 231 . . . . . . . . . . . . System Event Log Menu 235 . . . . . . . . . . . . . . Exiting the iDRAC Configuration Utility . 16 Monitoring and Alert Management . Configuring the Managed System to Capture the Last Crash Screen . . . 235 . . . .
Viewing System Information Main System Chassis . . . . . . . . . . . . . . . 248 . . . . . . . . . . . . . . . 248 Integrated Dell Remote Access Controller 6 Enterprise . . . . . . . . . . . 249 IPv4 Information . . . . . . . . . . . . . . . . . . 250 IPv6 Information . . . . . . . . . . . . . . . . . . 250 Using the System Event Log (SEL) . . . . . . . . . . . . 251 Using the Command Line to View System Log . . . . . . . . . . . . . . . . . . 252 . . . . . . . . . . . . . . .
Power Supplies Probes . . . . . . . . . . . . . . . 262 . . . . . . . . . . . . . . . . . . . 262 . . . . . . . . . . . . . . . . . . . . . 262 Power Monitoring Probes . Temperature Probe Voltage Probes 262 . . . . . . . . . . . . . . . . . 20 Power Monitoring and Management . . . . . . . . . . . . . . . . . . . . . Power Inventory, Power Budgeting, and Capping . . . . . . . . . . . . . Power Monitoring 265 . . . . . . . . . . 265 . . . . . . . . . . . . . . . . . . . .
21 Configuring Security Features . . . . . . . Security Options for the iDRAC6 Administrator . . . . . 276 . . . . . 276 . . . . . . 278 . . . . . . . . . . . 279 . . . . . . . . . . . . 279 Disabling the iDRAC6 Local Configuration Disabling iDRAC6 Remote Virtual KVM Securing iDRAC6 Communications Using SSL and Digital Certificates Secure Sockets Layer (SSL) . . . . . . . . . 279 . . . . . . . . . . 280 Certificate Signing Request (CSR) Accessing the SSL Main Menu . . . . . 281 . . . .
fwupdate . . . . . . . . . . . . . . . . . . . . . . . . . 304 getssninfo . . . . . . . . . . . . . . . . . . . . . . . . 306 getsysinfo . . . . . . . . . . . . . . . . . . . . . . . . 308 getractime . . . . . . . . . . . . . . . . . . . . . . . . 312 . . . . . . . . . . . . . . . . . . . . . . . . . 313 . . . . . . . . . . . . . . . . . . . . . . . . . . 313 . . . . . . . . . . . . . . . . . . . . . . . . . . . 314 ifconfig . netstat ping setniccfg . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 330 . . . . . . . . . . . . . . . . . . . . . . . 332 sslcertdownload . sslcertview sslkeyupload . . . . . . . . . . . . . . . . . . . . . . . 334 . . . . . . . . . . . . . . . . . . . . . . . . . 335 . . . . . . . . . . . . . . . . . . . . . . . . . . 336 testemail testtrap vmdisconnect vmkey . . . . . . . . . . . . . . . . . . . . . . 338 . . . . . . . . . . . . . . . . . . . . . . . . . . 339 usercertupload usercertview . . . . . . . . . . . . .
cfgNicVLanId (Read/Write) . . . . . . . . . . . . cfgNicVLanPriority (Read/Write) . . . . . . . . . 348 . . 348 . . . . . . . . 349 . . . . . . . . . . 349 cfgDNSDomainNameFromDHCP (Read/Write) cfgDNSDomainName (Read/Write) cfgDNSRacName (Read/Write) 348 cfgDNSRegisterRac (Read/Write) . . . . . . . . . 350 . . . . . 350 cfgDNSServer1 (Read/Write) . . . . . . . . . . . 350 cfgDNSServer2 (Read/Write) . . . . . . . . . . . 351 . . . . . . . . . . . .
cfgEmailAlert . . . . . . . . . . . . . . . . . . . . . . cfgEmailAlertIndex (Read Only) . . . . . . . . . . cfgEmailAlertEnable (Read/Write) . . . . . . . . . cfgEmailAlertAddress (Read/Write) . . . . . . . . 361 . . . . . 361 . . . . . . . . 361 . . . 362 . . . . . 362 . . . . . . 363 . . . . . . . . . . . . . . . . . . . . . . . . . 363 cfgSsnMgtWebserverTimeout (Read/Write) . cfgSsnMgtSshIdleTimeout (Read/Write) .
cfgRacTuning . . . . . . . . . . . . . . . . . . . . . . cfgRacTuneRemoteRacadmEnable (Read/Write) . . . . . . . . . . . . . . . . . . . . 369 . . . . . . . . . 369 . . . . . . . . . . 369 Enables or disables the Remote RACADM interface in the iDRAC . cfgRacTuneCtrlEConfigDisable 368 cfgRacTuneHttpPort (Read/Write) . . . . . . . . . cfgRacTuneHttpsPort (Read/Write) . . . . . . . . 369 370 . . . . . 370 cfgRacTuneIpRangeAddr (Read/Write) . . . . . .
cfgRacSecCsrStateName (Read/Write) . . . . . . . . . . . 378 . . . . . . 378 . . . . . . . . 379 . . . . . . . . . . . . . . . . . . . . . . 379 cfgRacSecCsrCountryCode (Read/Write) cfgRacSecCsrEmailAddr (Read/Write) . cfgRacSecCsrKeySize (Read/Write) cfgRacVirtual cfgVirMediaAttached (Read/Write) cfgVirtualBootOnce (Read/Write) . . . . . . . . 379 . . . . . . . . . 380 . . . . 380 . . . . . . . 381 . . . . . . . . . . . . . . . . . . .
cfgIpmiSolAccumulateInterval (Read/Write) . . . 389 . . . . . . 389 . . . . . . . . . . . . . . . . . . . . . . . 389 cfgIpmiSolSendThreshold (Read/Write) cfgIpmiLan . cfgIpmiLanEnable (Read/Write) . . . . . . . . . . . . . . . . 390 . . . . . . . 390 . . . . . . . . 391 cfgIpmiLanPrivilegeLimit (Read/Write) cfgIpmiLanAlertEnable (Read/Write) cfgIpmiEncryptionKey (Read/Write) . . . . 391 . . . . . . . . . . . . . . . . . . . . . 391 cfgIpmiPetCommunityName (Read/Write) . cfgIpmiPetIpv6 .
. . . . 397 . . . . . . . . . 398 cfgServerMaxPowerCapacity (Read Only) Represents the maximum server power capacity . . . . . . . . . . cfgServerPeakPowerConsumption (Read Only) . . . . . . . . . . . . . . . . . . . . . cfgServerPeakPowerConsumptionTimestamp (Read Only) . . . . . . . . . . . . . . . . . . . cfgServerPowerConsumptionClear (Write Only) . . . . . . . . . . . . . . . 398 . . . . . . . . 398 cfgServerPowerCapWatts (Read/Write) . . . . . .
cfgIPv6DNSServersFromDHCP6 (Read/Write) . . . . . . . . . . Description . . . . . . . . . . 402 . . . . . . . . . . . . . . . . . . . . . 402 . . . . . . . . . 403 . . . . . . . . . . . . . . . . . . . . . 403 cfgIPv6DNSServer1 (Read/Write) Description . . . . . . . . . 403 . . . . . . . . . . . . . . . . . . . . . 403 . . . . . . . . . . . . . . . . . . . . . . . 403 cfgIPv6DNSServer2 (Read/Write) Description cfgIPv6URL . . . . . . . . . . . 403 . . . . . . . . . . . . . . . . . . . . .
cfgNetTuning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409 . . . . . . . 409 cfgNetTuningNicAutoneg (Read/Write) cfgNetTuningNic100MB (Read/Write) . . . . . 410 . . . . . . . . 410 cfgNetTuningNicFullDuplex (Read/Write) cfgNetTuningNicMtu (Read/Write) . C Supported RACADM Interfaces 409 . . . . . . 411 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . 413 Index 26 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
iDRAC6 Overview The Integrated Dell™ Remote Access Controller6 (iDRAC6) is a systems management hardware and software solution that provides remote management capabilities, crashed system recovery, and power control functions for Dell PowerEdge™ systems. The iDRAC6 uses an integrated System-on-Chip microprocessor for the remote monitor/control system. The iDRAC6 co-exists on the system board with the managed PowerEdge server.
• Monitoring — Provides access to system information and status of components • Access to system logs — Provides access to the system event log, the iDRAC6 log, and the last crash screen of the crashed or unresponsive system, that is independent of the operating system state • Dell OpenManage™ software integration — Enables you to launch the iDRAC6 Web interface from Dell OpenManage Server Administrator or Dell OpenManage IT Assistant • iDRAC6 alert — Alerts you to potential managed node issues throu
iDRAC6 Enterprise Adds support for RACADM, virtual KVM, Virtual Media features, a dedicated NIC, and Virtual Flash (with an optional Dell vFlash Media card). For more information about iDRAC6 Enterprise, see your Hardware Owner’s Manual at support.dell.com\manuals.
For the latest supported platforms, check the iDRAC6 Readme file and the Dell OpenManage Server Administrator Compatibility Guide at support.dell.com\manuals and on the Dell Systems Management Tools and Documentation DVD that was included with your system. Supported Operating Systems Table 1-1 lists the operating systems that support the iDRAC6. For the latest information, see the Dell OpenManage Server Administrator Compatibility Guide located on the Dell Support website at support.dell.com\manuals and on
Table 1-1. Supported Managed Server Operating Systems (continued) Operating System Family Operating System Red Hat® Linux® Enterprise Linux 4.7 (x86_32, x86_64) Enterprise Linux 5 U2 (x86_32, x86_64) VMware® ESX 3.5 U4 ESXi 3.5 U4 Flash Supported Web Browsers Table 1-2 lists the Web browsers that are supported as iDRAC6 clients. See the iDRAC6 Readme file and the Dell OpenManage Server Administrator Compatibility Guide located on the Dell Support website at support.dell.com\manuals for the latest info
Supported Remote Access Connections Table 1-3 lists the connection features. Table 1-3.
Table 1-5. iDRAC6 Client Ports Port Number Function 25 SMTP 53 DNS 68 DHCP-assigned IP address 69 TFTP 162 SNMP trap 636 LDAPS 3269 LDAPS for global catalog (GC) Other Documents You May Need In addition to this User Guide, the following documents provide additional information about the setup and operation of the iDRAC6 in your system. The documents are available on the Dell Support website at support.dell.com\manuals.
The following system documents are also available to provide more information about the system in which your iDRAC6 is installed: • The Rack Installation Instructions included with your rack solution describe how to install your system into a rack. • The Getting Started Guide provides an overview of system features, setting up your system, and technical specifications.
Getting Started With the iDRAC6 The iDRAC6 enables you to remotely monitor, troubleshoot, and repair a Dell system even when the system is down. The iDRAC6 offers a rich set of features like console redirection, virtual media, virtual KVM, Smart Card authentication, and so on. The management station is the system from which an administrator remotely manages a Dell system that has an iDRAC6. The systems that are monitored in this way are called managed systems.
Getting Started With the iDRAC6
Basic Installation of the iDRAC6 This section provides information about how to install and set up your iDRAC6 hardware and software.
3 Configure the LOM. 38 a Use the arrow keys to select LAN Parameters and press . NIC Selection is displayed. b Use the arrow keys to select one of the following NIC modes: • Dedicated — Select this option to enable the remote access device to utilize the dedicated network interface available on the iDRAC Enterprise.
• Shared with Failover All LOMs — Select this option to share the network interface with the host operating system. The remote access device network interface is fully functional when the host operating system is configured for NIC teaming. The remote access device receives data through NIC 1, NIC 2, NIC 3, and NIC 4; but it transmits data only through NIC 1. If NIC 1 fails, the remote access device fails over all data transmission to NIC 2.
Installing Your iDRAC6 Software To install your iDRAC6 software: 1 Install the software on the managed system. See "Installing the Software on the Managed System." 2 Install the software on the management station. See "Installing the Software on the Managed System.
Installing the Software on the Managed System Installing software on the managed system is optional. Without the managed system software, you cannot use the RACADM locally, and the iDRAC6 cannot capture the last crash screen. To install the managed system software, install the software on the managed system using the Dell Systems Management Tools and Documentation DVD. For instructions about how to install this software, see your Quick Installation Guide available on the Dell Support website at support.
For information about Server Administrator, IT Assistant, and Unified Server Configurator, see the Server Administrator User's Guide, the IT Assistant User’s Guide, and the Unified Server Configurator User’s Guide available on the Dell Support website at support.dell.com\manuals. Installing and Removing RACADM on a Linux Management Station To use the remote RACADM functions, install RACADM on a management station running Linux.
Updating the iDRAC6 Firmware Use one of the following methods to update your iDRAC6 firmware.
Updating the iDRAC6 Firmware Using the Web-Based Interface For detailed information, see "Updating the iDRAC6 Firmware/System Services Recovery Image." Updating the iDRAC6 Firmware Using RACADM You can update the iDRAC6 firmware using the CLI-based RACADM tool. If you have installed Server Administrator on the managed system, use local RACADM to update the firmware. 1 Download the iDRAC6 firmware image from the Dell Support website at support.dell.com to the managed system. For example: C:\downloads\firmim
These errors are cosmetic in nature and should be ignored. These messages are caused due to reset of the USB devices during the firmware update process and are harmless. Clearing the Browser Cache After the firmware upgrade, clear the Web browser cache. See your Web browser’s online help for more information. Configuring a Supported Web Browser The following sections provide instructions for configuring the supported Web browsers.
32-bit and 64-bit Web Browsers The iDRAC6 Web-based interface is not supported on 64-bit Web browsers. If you open a 64-bit Browser, access the Console Redirection page, and attempt to install the plug-in, the installation procedure fails. If this error was not acknowledged and you repeat this procedure, the Console Redirect Page loads even though the plug-in installation fails during your first attempt.
Linux If you are running Console Redirection on a Red Hat® Enterprise Linux® (version 4) client with a Simplified Chinese GUI, the viewer menu and title may appear in random characters. This issue is caused by an incorrect encoding in the Red Hat Enterprise Linux (version 4) Simplified Chinese operating system. To fix this issue, access and modify the current encoding settings by performing the following steps: 1 Open a command terminal. 2 Type “locale” and press . The following output appears.
6 Log out and then log in to the operating system. 7 Relaunch the iDRAC6. When you switch from any other language to the Simplified Chinese language, ensure that this fix is still valid. If not, repeat this procedure. For advanced configurations of the iDRAC6, see "Advanced Configuration of the iDRAC6.
Configuring the iDRAC6 Using the Web Interface The iDRAC6 provides a Web interface that enables you to configure the iDRAC6 properties and users, perform remote management tasks, and troubleshoot a remote (managed) system for problems. For everyday systems management, use the iDRAC6 Web interface. This chapter provides information about how to perform common systems management tasks with the iDRAC6 Web interface and provides links to related information.
Accessing the Web Interface To access the iDRAC6 Web interface, perform the following steps: 1 Open a supported Web browser window. See "Supported Web Browsers" for more information. To access the Web interface using an IPv4 address, go to step 2. To access the Web interface using an IPv6 address, go to step 3. 2 Access the Web interface using an IPv4 address; you must have IPv4 enabled: In the browser Address bar, type: https:// Then, press .
Logging In You can log in as either an iDRAC6 user or as a Microsoft® Active Directory® user. The default user name and password for an iDRAC6 user are root and calvin, respectively. You must have been granted Login to iDRAC privilege by the administrator to log in to iDRAC6. To log in, perform the following steps: 1 In the Username field, type one of the following: • Your iDRAC6 user name. The user name for local users is case sensitive. Examples are root, it_user, or john_doe.
Logging Out 1 In the upper-right corner of the main window, click Logout to close the session. 2 Close the browser window. NOTE: The Logout button does not appear until you log in. NOTE: Closing the browser without gracefully logging out may cause the session to remain open until it times out. It is strongly recommended that you click the logout button to end the session; otherwise, the session may remain active until the session timeout is reached.
1 Click Remote Access→ Configuration→ Network. 2 On the Network page, you can enter Network Interface Card settings, Common iDRAC settings, IPv4 settings, IPv6 settings, IPMI settings, and VLAN settings. See Table 4-1, Table 4-2, Table 4-3, Table 4-4, Table 4-5, and Table 4-6 for descriptions of these settings. 3 When you have completed entering the required settings, click Apply Changes. 4 Click the appropriate button to continue. See Table 4-7. Table 4-1.
Table 4-2. Common iDRAC Settings Setting Description Register iDRAC on DNS Registers the iDRAC6 name on the DNS server. The default is Disabled. DNS iDRAC Name Displays the iDRAC6 name only when Register iDRAC on DNS is selected. The default name is idrac-service_tag, where service_tag is the service tag number of the Dell server, for example: idrac-00002. Use DHCP for DNS Domain Name Uses the default DNS domain name.
Table 4-3. IPv4 Settings (continued) Setting Description (continued) Use DHCP to obtain DNS server addresses Enable DHCP to obtain DNS server addresses by selecting the Use DHCP to obtain DNS server addresses checkbox. When not using DHCP to obtain the DNS server addresses, provide the IP addresses in the Preferred DNS Server and Alternate DNS Server fields. The default is off.
Table 4-4. IPv6 Settings (continued) Setting Description (continued) Link Local Address Specifies the IPv6 address for the iDRAC NIC. IP Address 2 Specifies the additional IPv6 address for the iDRAC NIC if one is available. Use DHCP to obtain DNS server addresses Enable DHCP to obtain DNS server addresses by selecting the Use DHCP to obtain DNS server addresses checkbox.
Table 4-6. Setting VLAN Settings Description Enable VLAN ID If enabled, only matched Virtual LAN (VLAN) ID traffic will be accepted. VLAN ID VLAN ID field of 802.1g fields. Enter a valid value for VLAN ID (must be a number from 1 to 4094). Priority Priority field of 802.1g fields. Enter a number from 0 to 7 to set the priority of the VLAN ID. Table 4-7. Network Configuration Page Buttons Button Description Print Prints the Network Configuration values that appear on the screen.
Table 4-8. Network Security Page Settings Settings Description IP Range Enabled Enables the IP Range checking feature, which defines a range of IP addresses that can access the iDRAC. The default is off. IP Range Address Determines the acceptable IP address bit pattern, depending on the 1's in the subnet mask. This value is bitwise AND’d with the IP Range Subnet Mask to determine the upper portion of the allowed IP address.
Table 4-9. Network Security Page Buttons (continued) Button Description Apply Changes Saves any new settings that you made to the Network Security page. Return to the Returns to the Network Configuration page. Network Configuration Page Configuring Platform Events Platform event configuration provides a mechanism for configuring the iDRAC6 to perform selected actions on certain event messages.
Table 4-10. Platform Event Filters Index Platform Event (continued) 15 Power Supply Absent 16 Event Log Critical Assert 17 Watchdog Critical Assert 18 System Power Warning Assert 19 System Power Critical Assert When a platform event occurs (for example, a battery warning assert), a system event is generated and recorded in the System Event Log (SEL).
7 Click Apply Changes. You are returned to the Platform Events page where the changes you applied are displayed in the Platform Event Filters List. 8 Repeat steps 4 through 7 to configure additional platform event filters. Configuring Platform Event Traps (PET) NOTE: You must have Configure iDRAC permission to add or enable/disable an SNMP alert. The following options will not be available if you do not have Configure iDRAC permission. 1 Log in to the remote system using a supported Web browser.
8 In the Community String field, enter the appropriate iDRAC SNMP community name. Click Apply Changes. NOTE: The destination community string must be the same as the iDRAC6 community string. 9 Repeat steps 4 through 7 to configure additional IPv4 or IPv6 destination numbers. Configuring E-Mail Alerts NOTE: E-Mail alerts support both IPv4 and IPv6 addresses. 1 Log in to the remote system using a supported Web browser. 2 Ensure that you followed the procedures in "Configuring Platform Event Filters (PEF).
Configuring IPMI 1 Log in to the remote system using a supported Web browser. 2 Configure IPMI over LAN. a In the System tree, click Remote Access. b Click the Configuration tab and click Network. c In the Network Configuration page under IPMI LAN Settings, select Enable IPMI Over LAN and click Apply Changes. d Update the IPMI LAN channel privileges, if required. NOTE: This setting determines the IPMI commands that can be executed from the IPMI over LAN interface.
f Update the Minimum Required Privilege. This property defines the minimum user privilege that is required to use the Serial Over LAN feature. Click the Channel Privilege Level Limit drop-down menu, select User, Operator, or Administrator. g Click Apply Changes. 4 Configure IPMI Serial. a In the Configuration tab, click Serial. b In the Serial Configuration menu, change the IPMI serial connection mode to the appropriate setting.
If IPMI serial is in terminal mode, you can configure the following additional settings: • Delete control • Echo control • Line edit • New line sequences • Input new line sequences For more information about these properties, see the IPMI 2.0 specification. For additional information about terminal mode commands, see the Dell OpenManage Baseboard Management Controller Utilities User’s Guide at support.dell.com\manuals\.
An SSL-enabled system can perform the following tasks: • Authenticate itself to an SSL-enabled client • Allow the client to authenticate itself to the server • Allow both systems to establish an encrypted connection The encryption process provides a high level of data protection. The iDRAC6 employs the 128-bit SSL encryption standard, the most secure form of encryption generally available for Internet browsers in North America.
Accessing SSL Through the Web-Based Interface 1 Click Remote Access→ Configuration. 2 Click SSL to open the SSL page. Use the SSL page to perform one of the following options: • Generate a Certificate Signing Request (CSR) to send to a CA. The CSR information is stored on the iDRAC6 firmware. • Upload a server certificate. • View a server certificate. Table 4-11 describes the above SSL page options. Table 4-11.
3 Click Generate to create the CSR and download it onto to your local computer. 4 Click the appropriate button to continue. See Table 4-13. Table 4-12. Generate Certificate Signing Request (CSR) Attributes Field Description Common Name The exact name being certified (usually the iDRAC’s domain name, for example, www.xyzcompany.com). Only alphanumeric characters, hyphens, underscores, and periods are valid. Spaces are not valid.
Table 4-13. Generate Certificate Signing Request (CSR) Page Buttons Button Description Print Prints the Generate Certificate Signing Request values that appear on the screen. Refresh Reloads the Generate Certificate Signing Request page. Generate Generates a CSR and then prompts the user to save it to a specified directory. Go Back to SSL Main Menu Returns the user to the SSL page. Uploading a Server Certificate 1 On the SSL page, select Upload Server Certificate and click Next.
Viewing a Server Certificate 1 On the SSL page, select View Server Certificate and click Next. The View Server Certificate page displays the server certificate that you uploaded to the iDRAC. Table 4-15 describes the fields and associated descriptions listed in the Certificate table. 2 Click the appropriate button to continue. See Table 4-16. Table 4-15.
Configuring and Managing Active Directory Certificates The page enables you to configure and manage Active Directory settings. NOTE: You must have Configure iDRAC permission to use or configure Active Directory. NOTE: Before configuring or using the Active Directory feature, ensure that your Active Directory server is configured to communicate with iDRAC6.
Table 4-17. Active Directory Configuration and Management Page Options Attribute Description (continued) Timeout Specifies the time in seconds to wait for Active Directory queries to complete. The default is 120 seconds. Domain Controller Server Address 1-3 (FQDN or IP) Specifies the fully qualified domain name (FQDN) of the Domain Controller or the IP address. At least one of the 3 addresses is required to be configured.
Table 4-17. Active Directory Configuration and Management Page Options Attribute Description (continued) Extended Schema Settings iDRAC Name: Specifies the name that uniquely identifies the iDRAC in Active Directory. This value is NULL by default. iDRAC Domain Name: The DNS name (string) of the domain where the Active Directory iDRAC object resides. This value is NULL by default.
Configuring iDRAC6 Services NOTE: To modify these settings, you must have Configure iDRAC permission. 1 Click Remote Access→ Configuration. Then, click the Services tab to display the Services configuration page. 2 Configure the following services, as required: • Local Configuration — see Table 4-19 • Web server — see Table 4-20 for Web server settings • SSH — see Table 4-21 for SSH settings • Telnet — see Table 4-22 for Telnet settings. • Remote RACADM — see Table 4-23 for Remote RACADM settings.
Table 4-20. Web Server Settings Setting Description Enabled Enables or disables the iDRAC6 Web server. When checked, the checkbox indicates that the Web server is enabled. The default is enabled. Max Sessions The maximum number of simultaneous sessions allowed for this system. This field is not editable. The maximum number of simultaneous sessions is five. Active Sessions The number of current sessions on the system, less than or equal to the value for Max Sessions. This field is not editable.
Table 4-22. Telnet Settings Setting Description Enabled Enables or disables telnet. When checked, telnet is enabled. Timeout The telnet idle timeout in seconds. Timeout range is 60 to 1920 seconds. Enter 0 seconds to disable the Timeout feature. The default is 300. Port Number The port on which the iDRAC6 listens for a telnet connection. The default is 23. Table 4-23. Remote RACADM Settings Setting Description Enabled Enables/disables Remote RACADM. When checked, Remote RACADM is enabled.
Table 4-26. Services Page Buttons Button Description Print Prints the Services page. Refresh Refreshes the Services page. Apply Changes Applies the Services page settings. Updating the iDRAC6 Firmware/System Services Recovery Image NOTE: If the iDRAC6 firmware becomes corrupted, as could occur if the iDRAC6 firmware update progress is interrupted before it completes, you can recover the iDRAC6 using the iDRAC6 Web interface.
4 Click Upload. The file will be uploaded to the iDRAC6. This process may take several minutes to complete. The following message will be displayed until the process is complete: File upload in progress... 5 On the Status (page 2 of 3) page, you will see the results of the validation performed on the image file you uploaded. • If the image file uploaded successfully and passed all verification checks, the image file name will be displayed.
iDRAC6 Firmware Rollback iDRAC6 has the provision to maintain two simultaneous firmware images. You can choose to boot from (or rollback to) the firmware image of your choice. 1 Open the iDRAC6 Web-based interface and log in to the remote system. Click System→ Remote Access, and then click the Update tab. 2 In the Upload/Rollback (Step 1 of 3) page, click Rollback. The current and the rollback firmware versions are displayed on the Status (Step 2 of 3) page.
Configuring the iDRAC6 Using the Web Interface
Advanced Configuration of the iDRAC6 This section provides information about advanced iDRAC6 configuration and is recommended for users with advanced knowledge of systems management and who want to customize the iDRAC6 environment to suit their specific needs. Before You Begin You should have completed the basic installation and setup of your iDRAC6 hardware and software. See "Basic Installation of the iDRAC6" for more information.
4 Set the Serial Communication screen options as follows: serial communication....On with serial redirection via com2 NOTE: You can set serial communication to On with serial redirection via com1 as long as the serial port address field, serial device2, is set to com1, also. serial port address....Serial device1 = com1, serial device2 = com2 external serial connector....Serial device 1 failsafe baud rate....115200 remote terminal type....vt100/vt220 redirection after boot....
Starting a Text Console Through Telnet or SSH After you have logged into the iDRAC6 through your management station terminal software with telnet or SSH, you can redirect the managed system text console by using console com2, which is a telnet/SSH command. Only one console com2 client is supported at a time.
Running Telnet Using Windows 2000 If your management station is running Windows 2000, you cannot access BIOS setup by pressing the key. To fix this issue, use the telnet client supplied with the Windows Services for UNIX® 3.5—a recommended free download from Microsoft. Go to www.microsoft.com/downloads/ and search for "Windows Services for UNIX 3.5.
To configure a Linux telnet session to use the key: 1 Open a command prompt and type: stty erase ^h 2 At the prompt, type: telnet Using the Secure Shell (SSH) It is critical that your system’s devices and device management are secure. Embedded connected devices are the core of many business processes. If these devices are compromised, your business may be at risk, which requires new security demands for command line interface (CLI) device management software.
The iDRAC6 SSH implementation supports multiple cryptography schemes, as shown in Table 5-1. Table 5-1.
Edit the /etc/grub.conf file as follows: 1 Locate the General Setting sections in the file and add the following two new lines: serial --unit=1 --speed=57600 terminal --timeout=10 serial 2 Append two options to the kernel line: kernel ............. console=ttyS1,57600 3 If the /etc/grub.conf contains a splashimage directive, comment it out. Table 5-2 provides a sample /etc/grub.conf file that shows the changes described in this procedure. Table 5-2. Sample File: /etc/grub.conf # grub.
Table 5-2. Sample File: /etc/grub.conf (continued) serial --unit=1 --speed=57600 terminal --timeout=10 serial title Red Hat Linux Advanced Server (2.4.9-e.3smp) root (hd0,0) kernel /boot/vmlinuz-2.4.9-e.3smp ro root= /dev/sda1 hda=ide-scsi console=ttyS0 console= ttyS1,57600 initrd /boot/initrd-2.4.9-e.3smp.img title Red Hat Linux Advanced Server-up (2.4.9-e.3) root (hd0,00) kernel /boot/vmlinuz-2.4.9-e.3 ro root=/dev/sda1 s initrd /boot/initrd-2.4.9-e.3.im When you edit the /etc/grub.
Table 5-3 shows a sample file with the new line. Table 5-3. Sample File: /etc/innitab # # inittab This file describes how the INIT process should set up # the system in a certain run-level. # # Author: Miquel van Smoorenburg # Modified for RHS Linux by Marc Ewing and Donnie Barnes # # Default runlevel.
Table 5-3. Sample File: /etc/innitab (continued) # Things to run in every runlevel. ud::once:/sbin/update # Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -t3 -r now # When our UPS tells us power has failed, assume we have a few # minutes of power left. Schedule a shutdown for 2 minutes from now. # This does, of course, assume you have power installed and your # UPS is connected and working correctly.
Edit the file /etc/securetty as follows: Add a new line with the name of the serial tty for COM2: ttyS1 Table 5-4 shows a sample file with the new line. Table 5-4.
To set up your system to use any of these interfaces, perform the following steps. Configure the BIOS to enable serial connection: 1 Turn on or restart your system. 2 Press immediately after you see the following message: = System Setup 3 Scroll down and select Serial Communication by pressing . 4 Set the Serial Communication screen as follows: external serial connector....remote access device Then, select Save Changes.
When you are connected serially with the previous settings, you should see a login prompt. Enter the iDRAC6 username and password (default values are root, calvin, respectively). From this interface, you can execute such features as RACADM.
Direct Connect Basic mode will enable you to use such tools as ipmish directly through the serial connection. For example, to print the System Event Log using ipmish via IPMI Basic mode, run the following command: ipmish -com 1 -baud 57600 sel get -flow cts -u root -p calvin Direct Connect Terminal mode will enable you to issue ASCII commands to the iDRAC6.
Switching Between Direct Connect Terminal Mode and Serial Console Redirection iDRAC6 supports Escape key sequences that allow switching between Direct Connect Terminal mode and Serial console redirection. To set your system to allow this behavior, follow these steps: 1 Turn on or restart your system. 2 Press immediately after you see the following message: = System Setup 3 Scroll down and select Serial Communication by pressing .
Connecting the DB-9 or Null Modem Cable for the Serial Console To access the managed system using a serial text console, connect a DB-9 null modem cable to the COM port on the managed system. In order for the connection to work with the NULL modem cable, the corresponding serial communications settings should be made in the CMOS setup. Not all DB-9 cables carry the pinout/signals necessary for this connection. The DB-9 cable for this connection must conform to the specification shown in Table 5-5.
Configuring Linux Minicom for Serial Console Emulation Minicom is the serial port access utility for Linux. The following steps are valid for configuring Minicom version 2.0. Other Minicom versions may differ slightly but require the same basic settings. Use the information in "Required Minicom Settings for Serial Console Emulation" to configure other versions of Minicom. Configuring Minicom Version 2.
16 At the command shell prompt, type minicom . 17 To expand the Minicom window to 80 x 25, drag the corner of the window. 18 Press , , to exit Minicom. NOTE: If you are using Minicom for serial text console redirection to configure the managed system BIOS, it is recommended to turn on color in Minicom. To turn on color, type the following command: minicom -c on Ensure that the Minicom window displays a command prompt.
3 Next to Connect using:, select the COM port on the management station (for example, COM2) to which you have connected the DB-9 null modem cable and click OK. 4 Configure the COM port settings as shown in Table 5-7. 5 Click OK. 6 Click File → Properties, and then click the Settings tab. 7 Set the Telnet terminal ID: to ANSI. 8 Click Terminal Setup and set Screen Rows to 26. 9 Set Columns to 80 and click OK. Table 5-7.
Table 5-8. IPMI Serial Settings Setting Description Connection Mode Setting • Direct Connect Basic Mode - IPMI Serial Basic Mode Baud Rate • Sets the data speed rate. Select 9600 bps, 19.2 kbps, 57.6 kbps, or 115.2 kbps. Flow Control • None — Hardware Flow Control Off • Direct Connect Terminal Mode - IPMI Serial Terminal Mode • RTS/CTS — Hardware Flow Control On Channel Privilege Level Limit • Administrator • Operator • User Table 5-9.
Table 5-10. Serial Configuration Page Settings Button Description Print Print the Serial Configuration page. Refresh Refresh the Serial Configuration page. Apply Changes Apply the IPMI and iDRAC6 serial changes. Terminal Mode Settings Opens the Terminal Mode Settings page. Configuring Terminal Mode 1 Expand the System tree and click Remote Access. 2 Click the Configuration tab and then click Serial. 3 In the Serial Configuration page, click Terminal Mode Settings.
Table 5-12. Terminal Mode Settings Page Buttons Button Description Print Print the Terminal Mode Settings page. Refresh Refresh the Terminal Mode Settings page. Go Back to Serial Port Return to the Serial Port Configuration page. Configuration Apply Changes Apply the terminal mode settings changes. Configuring the iDRAC6 Network Settings CAUTION: Changing your iDRAC6 Network settings may disconnect your current network connection.
Table 5-13 describes each iDRAC6 interface. Table 5-13. iDRAC6 Interfaces Interface Description Web-based interface Provides remote access to the iDRAC6 using a graphical user interface. The Web-based interface is built into the iDRAC6 firmware and is accessed through the NIC interface from a supported Web browser on the management station. For a list of supported Web browsers, see "Supported Web Browsers." RACADM Provides remote access to the iDRAC6 using a command line interface.
Table 5-13. iDRAC6 Interfaces (continued) Interface Description SSH Interface Provides the same capabilities as the telnet console using an encrypted transport layer for higher security. IPMI Interface Provides access through the iDRAC6 to the remote system’s basic management features. The interface includes IPMI over LAN, IPMI over Serial, and Serial over LAN. For more information, see the Dell OpenManage Baseboard Management Controller Utilities User’s Guide at support.dell.com\manuals.
Security Alert: Certificate is invalid - Name on Certificate is invalid or does not match site name Continuing execution. Use -S option for racadm to stop the execution on certificate-related errors. RACADM continues to execute the command. However, if you use the –S option, RACADM stops executing the command and displays the following message: Security Alert: Certificate is invalid - Name on Certificate is invalid or does not match site name Racadm not continuing execution of the command.
If the HTTPS port number of the iDRAC6 has been changed to a custom port other than the default port (443), the following syntax must be used: racadm -r : -u -p racadm -i -r : RACADM Options Table 5-14 lists the options for the RACADM command. Table 5-14. racadm Command Options Option Description -r Specifies the controller’s remote IP address.
racadm config -g cfgRacTuning -o cfgRacTuneRemoteRacadmEnable 1 To disable the remote capability, type: racadm config -g cfgRacTuning -o cfgRacTuneRemoteRacadmEnable 0 RACADM Subcommands Table 5-15 provides a description of each RACADM subcommand that you can run in RACADM. For a detailed listing of RACADM subcommands, including syntax and valid entries, see "RACADM Subcommand Overview." When entering a RACADM subcommand, prefix the command with racadm, for example: racadm help Table 5-15.
Table 5-15. RACADM Subcommands (continued) Command Description netstat Displays the routing table and the current connections. ping Verifies that the destination IP address is reachable from the iDRAC6 with the current routing-table contents. setniccfg Sets the IP configuration for the controller. getniccfg Displays the current IP configuration for the controller. getsvctag Displays service tags. racdump Dumps iDRAC6 status and state information for debug. racreset Resets the iDRAC6.
Frequently Asked Questions About RACADM Error Messages After performing an iDRAC6 reset (using the racadm racreset command), I issue a command and the following message is displayed: ERROR: Unable to connect to RAC at specified IP address What does this message mean? You must wait until the iDRAC6 completes the reset before issuing another command. When I use the racadm commands and subcommands, I get errors that I don’t understand.
To configure multiple iDRAC6 controllers, perform the following procedures: 1 Use RACADM to query the target iDRAC6 that contains the appropriate configuration. NOTE: The generated .cfg file does not contain user passwords. Open a command prompt and type: racadm getconfig -f myfile.cfg NOTE: Redirecting the iDRAC6 configuration to a file using getconfig -f is only supported with the local and remote RACADM interfaces. 2 Modify the configuration file using a simple text editor (optional).
The initial configuration file, racadm.cfg, is named by the user. In the following example, the configuration file is named myfile.cfg. To create this file, type the following at the command prompt: racadm getconfig -f myfile.cfg CAUTION: It is recommended that you edit this file with a simple text editor. The RACADM utility uses an ASCII text parser. Any formatting confuses the parser, which may corrupt the RACADM database. Creating an iDRAC6 Configuration File The iDRAC6 configuration file .
Use the following guidelines when you create a .cfg file: • If the parser encounters an indexed group, it is the value of the anchored object that differentiates the various indexes. The parser reads in all of the indexes from the iDRAC6 for that group. Any objects within that group are simple modifications when the iDRAC6 is configured. If a modified object represents a new index, the index is created on the iDRAC6 during configuration. • You cannot specify an index of your choice in a .cfg file.
Parsing Rules • All lines that start with '#' are treated as comments. A comment line must start in column one. A '#' character in any other column is treated as a '#' character. Some modem parameters may include # characters in its string. An escape character is not required. You may want to generate a .cfg from a racadm getconfig -f .cfg command, and then perform a racadm config -f .cfg command to a different iDRAC6, without adding escape characters.
• All parameters are specified as "object=value" pairs with no white space between the object, =, or value. White spaces that are included after the value are ignored. A white space inside a value string remains unmodified. Any character to the right of the '=' is taken as is (for example, a second '=', or a '#', '[', ']', and so forth). These characters are valid modem chat script characters. See the example in the previous bullet. • The .cfg parser ignores an index object entry.
Modifying the iDRAC6 IP Address When you modify the iDRAC6 IP address in the configuration file, remove all unnecessary =value entries. Only the actual variable group’s label with "[" and "]" remains, including the two =value entries pertaining to the IP address change. For example: # # Object Group "cfgLanNetworking" # [cfgLanNetworking] cfgNicIpAddress=10.35.10.110 cfgNicGateway=10.35.10.
Configuring iDRAC6 Network Properties To generate a list of available network properties, type the following: racadm getconfig -g cfgLanNetworking To use DHCP to obtain an IP address, use the following command to write the object cfgNicUseDhcp and enable this feature: racadm config -g cfgLanNetworking -o cfgNicUseDHCP 1 The commands provide the same configuration functionality as the iDRAC6 Configuration Utility at boot-up when you are prompted to type .
racadm config -g cfgLanNetworking -o cfgDNSDomainNameFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSDomainName MYDOMAIN NOTE: If cfgNicEnable is set to 0, the iDRAC6 LAN is disabled even if DHCP is enabled. iDRAC6 Modes The iDRAC6 can be configured in one of four modes: • Dedicated • Shared • Shared with Failover LOM2 • Shared with Failover All LOMs Table 5-16 provides a description of each mode. Table 5-16.
Frequently Asked Questions When accessing the iDRAC6 Web-based interface, I get a security warning stating the hostname of the SSL certificate does not match the hostname of the iDRAC6. The iDRAC6 includes a default iDRAC6 server certificate to ensure network security for the Web-based interface and remote RACADM features.
The iDRAC6 Web server is reset after the following occurrences: • When the network configuration or network security properties are changed using the iDRAC6 Web user interface • When the cfgRacTuneHttpsPort property is changed (including when a config -f changes it) • When racresetcfg is used • When the iDRAC6 is reset • When a new SSL server certificate is uploaded Why doesn’t my DNS server register my iDRAC6? Some DNS servers only register names of 31 characters or fewer.
Advanced Configuration of the iDRAC6
Adding and Configuring iDRAC6 Users To manage your system with the iDRAC6 and maintain system security, create unique users with specific administrative permissions (or role-based authority). For additional security, you can also configure alerts that are e-mailed to specific users when a specific system event occurs.
3 On the User Configuration page, configure the following: • The username, password, and access permissions for a new or existing iDRAC user. Table describes General User Settings. • The user’s IPMI privileges. Table 6-4 describes the IPMI User Privileges for configuring the user’s LAN privileges. • The iDRAC user privileges. Table 6-5 describes the iDRAC User Privileges. • The iDRAC Group access permissions. Table 6-6 describes the iDRAC Group Permissions. 4 When completed, click Apply Changes.
Table 6-2. Smart Card Configuration Options Option Description View User Certificate Displays the user certificate page that has been uploaded to the iDRAC. Upload Trusted CA Certificate Enables you to upload the trusted CA certificate to iDRAC and import it to the user profile. View Trusted CA Certificate Displays the trusted CA certificate that has been uploaded to the iDRAC. The trusted CA certificate is issued by the CA who is authorized to issue certificates to users. Table 6-3.
Table 6-5. iDRAC User Privileges Property Description Roles Specifies the user’s maximum iDRAC user privilege as one of the following: Administrator, Operator, Read Only, or None. See Table 6-6 for iDRAC Group Permissions. Login to iDRAC Enables the user to log in to the iDRAC. Configure iDRAC Enables the user to configure the iDRAC. Configure Users Enables the user to allow specific users to access the system. Clear Logs Enables the user to clear the iDRAC logs.
Table 6-7. User Configuration Page Buttons Button Action Print Prints the User Configuration values that appear on the screen. Refresh Reloads the User Configuration page. Go Back To Users Page Returns to the Users Page. Apply Changes Saves any new settings made to the user configuration. Using the RACADM Utility to Configure iDRAC6 Users NOTE: You must be logged in as user root to execute RACADM commands on a remote Linux system.
Before You Begin You can configure up to 16 users in the iDRAC6 property database. Before you manually enable an iDRAC6 user, verify if any current users exist. If you are configuring a new iDRAC6 or if you ran the racadm racresetcfg command, the only current user is root with the password calvin. The racresetcfg subcommand resets the iDRAC6 to the original default values. CAUTION: Use caution when using the racresetcfg command, as all configuration parameters are reset to their default values.
Adding an iDRAC6 User To add a new user to the RAC configuration, a few basic commands can be used. In general, perform the following procedures: 1 Set the user name. 2 Set the password. 3 Set the following user privileges: • iDRAC privilege • IPMI LAN privilege • IPMI Serial privilege • Serial Over LAN privilege 4 Enable the user. Example The following example describes how to add a new user named "John" with a "123456" password and LOGIN privileges to the RAC.
Removing an iDRAC6 User When using RACADM, users must be disabled manually and on an individual basis. Users cannot be deleted by using a configuration file. The following example illustrates the command syntax that can be used to delete a RAC user: racadm config -g cfgUserAdmin -o cfgUserAdminUserName -i "" A null string of double quote characters ("") instructs the iDRAC6 to remove the user configuration at the specified index and reset the user configuration to the original factory defaults.
Using the iDRAC6 With Microsoft Active Directory A directory service maintains a common database of all information needed for controlling users, computers, printers, etc. on a network. If your company already uses the Microsoft® Active Directory® service software, you can configure the software to provide access to iDRAC6, allowing you to add and control iDRAC6 user privileges to your existing users in your Active Directory software.
Prerequisites for Enabling Active Directory Authentication for the iDRAC6 To use the Active Directory authentication feature of the iDRAC6, you must have already deployed an Active Directory infrastructure. See the Microsoft website for information on how to set up an Active Directory infrastructure, if you don't already have one.
Extended Schema Active Directory Overview Using the extended schema solution requires the Active Directory schema extension, as described in the following section. Extending the Active Directory Schema Important: The schema extension for this product is different from the previous generations of Dell Remote Management products. You must extend the new schema and install the new Active Directory Users and Computers Microsoft Management Console (MMC) Snap-in on your directory.
Identifiers (OIDs) so that when companies add extensions to the schema, they can be guaranteed to be unique and not to conflict with each other. To extend the schema in Microsoft's Active Directory, Dell received unique OIDs, unique name extensions, and uniquely linked attribute IDs for our attributes and classes that are added into the directory service. Dell extension is: dell Dell base OID is: 1.2.840.113556.1.8000.
Figure 7-1 illustrates that the Association Object provides the connection that is needed for all of the Authentication and Authorization. Figure 7-1. Typical Setup for Active Directory Objects iDRAC Association Object User(s) Group(s) Privilege Object iDRAC Device Object(s) You can create as many or as few association objects as required.
Accumulating Privileges Using Extended Schema The Extended Schema Authentication mechanism supports Privilege Accumulation from different privilege objects associated with the same user through different Association Objects. In other words, Extended Schema Authentication accumulates privileges to allow the user the super set of all assigned privileges corresponding to the different privilege objects associated with the same user.
For example, Priv1 has these privileges: Login, Virtual Media, and Clear Logs and Priv2 has these privileges: Login to iDRAC, Configure iDRAC, and Test Alerts. As a result, User1 now has the privilege set: Login to iDRAC, Virtual Media, Clear Logs, Configure iDRAC, and Test Alerts, which is the combined privilege set of Priv1 and Priv2.
You can extend your schema using one of the following methods: • Dell Schema Extender utility • LDIF script file If you use the LDIF script file, the Dell organizational unit will not be added to the schema. The LDIF files and Dell Schema Extender are located on your Dell Systems Management Tools and Documentation DVD in the following respective directories: • DVD drive:\SYSMGMT\ManagementStation\support\OMActiveDirectory_ Tools\Remote_Management_Advanced\LDIF_Files • :\SYSMGMT\ManagementS
See your Microsoft documentation for details about using the MMC and the Active Directory Schema Snap-in. Table 7-2. Class Definitions for Classes Added to the Active Directory Schema Class Name Assigned Object Identification Number (OID) delliDRACDevice 1.2.840.113556.1.8000.1280.1.7.1.1 delliDRACAssociation 1.2.840.113556.1.8000.1280.1.7.1.2 dellRAC4Privileges 1.2.840.113556.1.8000.1280.1.1.1.3 dellPrivileges 1.2.840.113556.1.8000.1280.1.1.1.4 dellProduct 1.2.840.113556.1.8000.1280.1.1.1.
Table 7-5. dellRAC4Privileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.3 Description Used to define the privileges (Authorization Rights) for the iDRAC device. Class Type Auxiliary Class SuperClasses None Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 7-6. dellPrivileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.
Table 7-8. List of Attributes Added to the Active Directory Schema Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellPrivilegeMember 1.2.840.113556.1.8000.1280.1.1.2.1 FALSE List of dellPrivilege Objects that belong to this Attribute. Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) dellProductMembers 1.2.840.113556.1.8000.1280.1.1.2.2 FALSE List of dellRacDevice and Distinguished Name (LDAPTYPE_DN DelliDRACDevice Objects that 1.3.6.1.4.1.1466.115.
Table 7-8. List of Attributes Added to the Active Directory Schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellIsVirtualMediaUser 1.2.840.113556.1.8000.1280.1.1.2.9 TRUE TRUE if the user has Virtual Media rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsTestAlertUser 1.2.840.113556.1.8000.1280.1.1.2.10 TRUE if the user has Test Alert User rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.
Installing the Dell Extension to the Active Directory Users and Computers Snap-In When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers Snap-in so the administrator can manage iDRAC devices, Users and User Groups, iDRAC Associations, and iDRAC Privileges.
3 Click Add/Remove Snap-in. 4 Select the Active Directory Users and Computers Snap-in and click Add. 5 Click Close and click OK. Adding iDRAC Users and Privileges to Active Directory Using the Dell-extended Active Directory Users and Computers Snap-in, you can add iDRAC users and privileges by creating iDRAC, Association, and Privilege objects.
6 Right-click the privilege object that you created, and select Properties. 7 Click the Remote Management Privileges tab and select the privileges that you want the user to have. Creating an Association Object NOTE: The iDRAC Association Object is derived from Group and its scope is set to Domain Local. 1 In the Console Root (MMC) window, right-click a container. 2 Select New→ Dell Remote Management Object Advanced. This opens the New Object window. 3 Type a name for the new object.
Adding Privileges 1 Select the Privileges Object tab and click Add. 2 Type the Privilege Object name and click OK. Click the Products tab to add one iDRAC device connected to the network that is available for the defined users or user groups. Multiple iDRAC devices can be added to an Association Object. Adding iDRAC Devices To add iDRAC devices: 1 Select the Products tab and click Add. 2 Type the iDRAC device name and click OK. 3 In the Properties window, click Apply and click OK.
8 Click Upload. The certificate information for the Active Directory CA certificate that you uploaded appears. 9 Click Next to go to the Step 2 of 4 Active Directory Configuration and Management. 10 Click Enable Active Directory. 11 Click Add to enter the user domain name. 12 Type the user domain name in the prompt and click OK. Note that this step is optional. If you configure a list of user domains, the list will be available in the Web-based interface login screen.
19 Click Finish to save Active Directory Extended Schema settings. The iDRAC6 Web server automatically returns you to the Active Directory Configuration and Management page. 20 Click Test Settings to check the Active Directory Extended Schema settings. 21 Type your Active Directory user name and password. The test results and the test log are displayed. For additional information, see "Testing Your Configurations.
racadm config -g cfgActiveDirectory -o cfgDomainController3 NOTE: At least one of the three addresses is required to be configured. iDRAC attempts to connect to each of the configured addresses one-by-one until a successful connection is made. When the extended schema option is selected, these are the FQDN or IP addresses of the domain controllers where this iDRAC device is located.
2 If DHCP is enabled on the iDRAC and you want to use the DNS provided by the DHCP server, type the following RACADM command: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 1 3 If DHCP is disabled on the iDRAC or you want to manually input your DNS IP address, type following RACADM commands: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 racadm config -g cfgLanNetworking -o cfgDNSServer2
Standard Schema Active Directory Overview As shown in Figure 7-3, using standard schema for Active Directory integration requires configuration on both Active Directory and the iDRAC6. Figure 7-3. Configuration of iDRAC with Microsoft Active Directory and Standard Schema Configuration on Active Directory Side Role Group Configuration on iDRAC Side Role Group Name and Domain Name Role Definition User On the Active Directory side, a standard group object is used as a role group.
Table 7-9.
Single Domain Versus Multiple Domain Scenarios If all of the login users and role groups, as well as the nested groups, are in the same domain, then only the domain controllers’ addresses must be configured on iDRAC6. In this single domain scenario, any group type is supported. If all of the login users and role groups, or any of the nested groups, are from multiple domains, then Global Catalog server addresses are required to be configured on iDRAC6.
6 Under Certificate Settings, check Enable Certificate Validation if you want to validate the SSL certificate of your Active Directory servers; otherwise, go to step 9. 7 Under Upload Active Directory CA Certificate, type the file path of the certificate or browse to find the certificate file. NOTE: You must type the absolute file path, which includes the full path and the complete file name and file extension. 8 Click Upload.
18 Under Standard Schema Settings, type the Global Catalog server address to specify its location in Active Directory. You must configure the location of at least one Global Catalog server. NOTE: The FQDN or IP address that you specify in this field should match the Subject or Subject Alternative Name field of your domain controller certificate if you have certificate validation enabled.
Configuring Active Directory With Standard Schema Using RACADM Use the following commands to configure the iDRAC Active Directory Feature with Standard Schema using the RACADM CLI instead of the Web-based interface.
NOTE: At least one of the 3 addresses is required to be configured. iDRAC6 attempts to connect to each of the configured addresses one-by-one until a successful connection is made. With Standard Schema, these are the addresses of the domain controllers where the user accounts and the role groups are located.
Using the following RACADM command may be optional. See "Importing the iDRAC6 Firmware SSL Certificate" for additional information.
the test. Depending on your configuration, it may take some time for all of the test steps to complete and display the results of each step. A detailed test log will display at the bottom of the results page. If there is a failure in any step, examine the details in the test log to identify the problem and a possible solution. For most common errors, see "Frequently Asked Questions." If you need to make changes to your settings, click the Active Directory tab and change the configuration step-by-step.
Exporting the Domain Controller Root CA Certificate to the iDRAC NOTE: If your system is running Windows 2000, the following steps may vary. NOTE: If you are using a standalone CA, the following steps may vary. 1 Locate the domain controller that is running the Microsoft Enterprise CA service. 2 Click Start→ Run. 3 In the Run field, type mmc and click OK. 4 In the Console 1 (MMC) window, click File (or Console on Windows 2000 systems) and select Add/Remove Snap-in.
Importing the iDRAC6 Firmware SSL Certificate NOTE: If the Active Directory Server is set to authenticate the client during an SSL session initialization phase, you need to upload the iDRAC Server certificate to the Active Directory Domain controller as well. This additional step is not required if the Active Directory does not perform a client authentication during an SSL session’s initialization phase.
Using Active Directory to Log In to the iDRAC6 You can use Active Directory to log in to the iDRAC6 using one of the following methods: • Web-based interface • Remote RACADM • Serial or telnet console The login syntax is the same for all three methods: or \ or / where username is an ASCII string of 1–256 bytes. White space and special characters (such as \, /, or @) cannot be used in the user name or the domain name.
click Test Settings. Enter a test user name and password, and click Start Test. iDRAC6 runs the tests step-by-step and displays the result for each step. A detailed test result is also logged to help you resolve any problems. Click the Active Directory tab to return to the Active Directory Configuration and Management page. Scroll to the bottom of the page and click Configure Active Directory to change your configuration and run the test again until the test user passes the authorization step.
I'm using an IP address for a Domain Controller Address and I failed certificate validation. What's the problem? Please check the Subject or Subject Alternative Name field of your domain controller certificate. Usually Active Directory uses the hostname, not the IP address, of the domain controller in the Subject or Subject Alternative Name field of the domain controller certificate.
How does standard schema query work? iDRAC6 connects to the configured domain controller address(es) first, if the user and role groups are in that domain, the privileges will be saved. If Global Controller Address(es) is configured, iDRAC6 continues to query the Global Catalog. If additional privileges are retrieved from the Global Catalog, these privileges will be accumulated. Does iDRAC6 always use LDAP over SSL? Yes. All the transportation is over secure port 636 and/or 3269.
Most common issues are explained in this section; however, in general you should check the following: 1 Ensure that you use the correct user domain name during a login and not the NetBIOS name. 2 If you have a local iDRAC6 user account, log into the iDRAC6 using your local credentials. After you are logged in: a Ensure that you have checked the Enable Active Directory box on the iDRAC6 Active Directory Configuration and Management page.
Configuring Smart Card Authentication The iDRAC6 supports the Two-factor-authentication (TFA) feature by enabling Smart Card Logon. The traditional authentication schemes use user name and password to authenticate users. This provides minimal security.
NOTE: Dell recommends that the iDRAC6 administrator use the Enable with Remote Racadm setting only to access the iDRAC6 Web-based interface to run scripts using the remote RACADM commands. If the administrator does not need to use the remote RACADM, Dell recommends the Enabled setting for Smart Card logon. Also, ensure that the iDRAC6 local user configuration and/or Active Directory configuration is complete before enabling Smart Card Logon. • Disable Smart Card configuration (default).
NOTE: To log into the iDRAC6, the user name that you configure in the iDRAC6 should have the same case as the User Principal Name (UPN) in the Smart Card certificate. For example, in case the Smart Card certificate has been issued to the user, "sampleuser@domain.com," the username should be configured as "sampleuser.
Table 8-1. Smart Card Settings Setting Description Configure Smart Card Logon • Disabled — Disables Smart Card logon. Subsequent logins from the graphical user interface (GUI) display the regular login page. All command line out-of-band interfaces including secure shell (SSH), Telnet, Serial, and remote RACADM are set to their default state. • Enabled — Enables Smart Card logon. After applying the changes, logout, insert your Smart Card and then click Login to enter your Smart Card PIN.
Logging Into the iDRAC6 Using the Smart Card The iDRAC6 Web interface displays the Smart Card logon page for all users who are configured to use the Smart Card. NOTE: Ensure that the iDRAC6 local user and/or Active Directory configuration is complete before enabling the Smart Card Logon for the user. NOTE: Depending on your browser settings, you may be prompted to download and install the Smart Card reader ActiveX plug-in when using this feature for the first time. 1 Access the iDRAC6 Web page using https.
Logging Into the iDRAC6 Using Active Directory Smart Card Authentication 1 Log into the iDRAC6 using https. https:// If the default HTTPS port number (port 443) has been changed, type: https://: where IP address is the IP address for the iDRAC6 and port number is the HTTPS port number. The iDRAC6 Login page appears prompting you to insert the Smart Card. 2 Insert the Smart Card and click Login. The PIN pop-up dialog box appears. 3 Enter the PIN and click OK.
Incorrect Smart Card PIN Check to see if the Smart Card has been locked out due to too many attempts with an incorrect PIN. In such cases, the issuer of the Smart Card in the organization will be able to help you get a new Smart Card. Unable to Log into Local iDRAC6 If a local iDRAC6 user cannot log in, check if the username and the user certificates uploaded to the iDRAC6 have expired.
Configuring Smart Card Authentication
Using GUI Console Redirection This section provides information about using the iDRAC6 console redirection feature. Overview The iDRAC6 console redirection feature enables you to access the local console remotely in either graphic or text mode. Using console redirection, you can control one or more iDRAC6-enabled systems from one location. You do not have to sit in front of each server to perform all the routine maintenance.
The following rules apply to a console redirection session: • A maximum of four simultaneous console redirection sessions are supported. All sessions view the same managed server console simultaneously. • Only one session can be opened to a remote server (iDRAC6) from the same client console (management station). However, multiple sessions to multiple remote servers are possible from the same client. • A console redirection session should not be launched from a Web browser on the managed system.
3 It is recommended that you configure your monitor display resolution to 1280x1024 pixels or higher. NOTE: If you have an active console redirection session and a lower resolution monitor is connected to the iDRAC KVM, the server console resolution may reset if the server is selected on the local console. If the server is running a Linux operating system, an X11 console may not be viewable on the local monitor. Pressing at the iDRAC KVM will switch Linux to a text console.
Table 9-1. Console Redirection Configuration Properties (continued) Property Description Active Sessions Displays the number of Active Console sessions. This field is read-only. Remote Presence Port The network port number used for connecting to the Console Redirection Keyboard/Mouse option. This traffic is always encrypted. You may need to change this number if another program is using the default port. The default is 5900.
Opening a Console Redirection Session When you open a console redirection session, the Dell™ Virtual KVM Viewer Application starts and the remote system’s desktop appears in the viewer. Using the Virtual KVM Viewer Application, you can control the remote system’s mouse and keyboard functions from your local management station. To open a console redirection session in the Web interface, perform the following steps: 1 Click System→ Console/Media→ Configuration.
The buttons in Table 9-4 are available on the Console Redirection and Virtual Media page. Table 9-4. Console Redirection and Virtual Media Page Buttons Button Definition Refresh Reloads the Console Redirection Configuration page Launch Viewer Opens a console redirection session on the targeted remote system Print Prints the Console Redirection Configuration page 3 If a console redirection session is available, click Launch Viewer.
The Video Viewer provides various control adjustments such as mouse synchronization, snapshots, keyboard macros, and access to Virtual Media. For more information about these functions, click System→ Console/Media and click Help on the Console Redirection and Virtual Media page. When you start a console redirection session and the Video Viewer appears, you may need to synchronize the mouse pointers.
Frequently Asked Questions Table 9-5 lists frequently asked questions and answers. Table 9-5. Using Console Redirection: Frequently Asked Questions Question Answer Can a new remote console Yes. video session be started when the local video on the server is turned off? Why does it take 15 seconds It gives a local user an opportunity to take any action to turn off the local video on before the video is switched off.
Table 9-5. Using Console Redirection: Frequently Asked Questions (continued) Question Answer I cannot see the bottom of the system screen from the Console Redirection window. Ensure that the management station’s monitor resolution is set to 1280x1024. Try using the scroll bars on the iDRAC KVM client, as well. The console window is garbled. The console viewer on Linux requires a UTF-8 character set. Check your locale and reset the character set if needed.
Table 9-5. Using Console Redirection: Frequently Asked Questions (continued) Question Answer Why do multiple Session You are configuring a console redirection session from Viewer windows appear the local system. This is not supported. when I establish a console redirection session from the local host? If I am running a console No. If a local user accesses the system, both have redirection session and a control of the system.
Configuring and Using Virtual Media Overview The Virtual Media feature, accessed through the console redirection viewer, provides the managed server access to media connected to a remote system on the network. Figure 10-1 shows the overall architecture of Virtual Media. Figure 10-1.
Using Virtual Media, administrators can remotely boot their managed servers, install applications, update drivers, or even install new operating systems remotely from the virtual CD/DVD and diskette drives. NOTE: Virtual media requires a minimum available network bandwidth of 128 Kbps. Virtual media defines two devices for the managed server’s operating system and BIOS: a floppy disk device and an optical disk device. The management station provides the physical media or image file across the network.
Linux-Based Management Station To run the virtual media feature on a management station running the Linux operating system, install a supported version of Firefox. See "Supported Web Browsers" for more information. A Java Runtime Environment (JRE) is required to run the console redirection plugin. You can download a JRE from java.sun.com. JRE version 1.6 or above is recommended. Configuring Virtual Media 1 Log in to the iDRAC6 Web interface. 2 Select System→ Console/Media.
Table 10-2. Virtual Media Configuration Properties (continued) Attribute Value Virtual Media Encryption Enabled Select or deselect the checkbox to enable or disable encryption on Virtual Media connections. Selected enables encryption; deselected disables encryption. Floppy Emulation Indicates whether the Virtual Media appears as a floppy drive or as a USB key to the server. If Floppy Emulation is checked, the Virtual Media device appears as a floppy device on the server.
1 Add the following line to /ect/modprobe: options scsi_mod max_luns=256 cd /boot mkinitrd -f initrd-2.6.9.78ELsmp.img 2.6.3.78ELsmp 2 Reboot the server. 3 Run the following commands to see the Virtual CD/DVD and/or the Virtual Floppy: cat /proc/scsi/scsi NOTE: Using Virtual Media, you can virtualize only one floppy/USB drive/image/key and one optical drive from your management station to be available as a (virtual) drive on the managed server.
3 Select System→ Console/Media. The Console Redirection and Virtual Media page appears. If you want to change the values of any of the displayed attributes, see "Configuring Virtual Media." NOTE: The Floppy Image File under Floppy Drive (if applicable) may appear, as this device can be virtualized as a virtual floppy. You can select one optical drive and one floppy/USB flash drive at the same time to be virtualized.
Disconnecting Virtual Media 1 Click Tools→ Launch Virtual Media. 2 Uncheck the box next to the media you want to disconnect. The media is disconnected and the Status window is updated. 3 Click Exit to terminate the Media Redirection wizard. Booting From Virtual Media The system BIOS enables you to boot from virtual optical drives or virtual floppy drives. During POST, enter the BIOS setup window and verify that the virtual drives are enabled and listed in the correct order.
Installing Operating Systems Using Virtual Media This section describes a manual, interactive method to install the operating system on your management station that may take several hours to complete. A scripted operating system installation procedure using Virtual Media may take less than 15 minutes to complete. See "Deploying the Operating System" for more information. 1 Verify the following: • The operating system installation CD is inserted in the management station’s CD drive.
Using the Boot Once Feature 1 Power up the server and enter the BIOS Boot Manager. 2 Change the boot sequence to boot from the remote Virtual Media device. 3 Log in to the iDRAC6 through the Web interface and click System→ Console/Media→ Configuration. 4 Check the Boot Once Enabled option under Virtual Media. 5 Power cycle the server. The server boots from the remote Virtual Media device. The next time the server reboots, the remote Virtual Media connection is detached.
Frequently Asked Questions Table 10-4 lists frequently asked questions and answers. Table 10-4. Using Virtual Media: Frequently Asked Questions Question Answer Sometimes, I notice my Virtual Media client connection drop. Why? When a network timeout occurs, the iDRAC6 firmware drops the connection, disconnecting the link between the server and the Virtual Drive.
Table 10-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer An installation of the Windows If you are installing the Windows operating system operating system through vMedia using the Dell Systems Management Tools and seems to take too long. Why? Documentation DVD and a slow network connection, the installation procedure may require an extended amount of time to access the iDRAC6 Web interface due to network latency.
Table 10-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer I cannot locate my Virtual Floppy/Virtual CD device on a system running Red Hat Enterprise Linux or the SUSE® Linux operating system. My Virtual Media is attached and I am connected to my remote floppy. What should I do? Some Linux versions do not automount the Virtual Floppy Drive and the Virtual CD drive in a similar manner.
Table 10-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer I cannot locate my Virtual Floppy/Virtual CD device on a system running Red Hat® Enterprise Linux® or the SUSE® Linux operating system. My Virtual Media is attached and I am connected to my remote floppy. What should I do? (Answer Continued) To mount the Virtual CD drive, locate the device node that Linux assigns to the Virtual CD drive.
Table 10-4. Using Virtual Media: Frequently Asked Questions (continued) Question Answer Why are all my USB devices detached after I connect a USB device? Virtual Media devices and Virtual Flash devices are connected as a composite USB device to the Host USB BUS, and they share a common USB port.
Using the WS-MAN Interface The iDRAC6 firmware provides network accessible management using the Web Services for Management (WS-MAN) protocol. WS-MAN is a transport mechanism for information exchange. WS-MAN provides a universal language for devices to share data so they can be managed more easily. WS-MAN is an essential part of a remote system management solution, but it is not the only part. WS-MAN uses HTTPS to keep management traffic secure.
Supported CIM Profiles Table 11-1. Supported CIM Profiles Standard DMTF 1 Base Server Defines CIM classes for representing the host server. 2 Service Processor: Contains the definition of CIM classes for representing the iDRAC6. NOTE: The Base Server profile (above) and the Service Processor profile are autonomous in a sense that the objects they describe aggregate all the other CIM objects defined in component profiles.
Table 11-1. Supported CIM Profiles (continued) 12 Record Log Defines CIM classes for representing different type of logs. iDRAC6 uses this profile to represent the System Event Log (SEL) and iDRAC6 RAC Log. 13 Software Inventory Defines CIM classes for inventory of installed or available software. iDRAC6 uses this profile for inventory of currently installed iDRAC6 firmware versions through the TFTP protocol. 14 Role Based Authorization Defines CIM classes for representing roles.
Table 11-1. Supported CIM Profiles (continued) Dell Extensions 1 Dell™ Active Directory Client Version 2.0.0 Defines CIM and Dell extension classes for configuring iDRAC6 Active Directory client and the local privileges for Active Directory groups. 2 Dell Virtual Media Defines CIM and Dell extension classes for configuring iDRAC6 Virtual Media. Extends USB Redirection Profile. 3 Dell Ethernet Port Defines CIM and Dell extension classes for configuring NIC Side-Band interface for the iDRAC6 NIC.
Using the iDRAC6 SM-CLP Command Line Interface This section provides information about the Distributed Management Task Force (DMTF) Server Management-Command Line Protocol (SM-CLP) that is incorporated in the iDRAC6. NOTE: This section assumes that you are familiar with the Systems Management Architecture for Server Hardware (SMASH) Initiative and the SM-CLP specifications. For more information on these specifications, see the DMTF website at www.dmtf.org.
Below is an example of the SM-CLP command line syntax. [] [] [] During a typical SM-CLP session, you can perform operations using the verbs listed in Table 12-1. Table 12-1.
Table 12-2.
Table 12-2.
Table 12-2.
Table 12-2.
Table 12-2.
Table 12-2.
Deploying Your Operating System Using VMCLI The Virtual Media Command Line Interface (VMCLI) utility is a command-line interface that provides virtual media features from the management station to the iDRAC6 in the remote system. Using VMCLI and scripted methods, you can deploy your operating system on multiple remote systems in your network. This section provides information on integrating the VMCLI utility into your corporate network.
Creating a Bootable Image File Before you deploy your image file to the remote systems, ensure that a supported system can boot from the file. To test the image file, transfer the image file to a test system using the iDRAC6 Web user interface and then reboot the system. The following sections provide specific information for creating image files for Linux and Microsoft® Windows® systems.
When you create the image file, do the following: • Follow standard network-based installation procedures • Mark the deployment image as read only to ensure that each target system boots and executes the same deployment procedure 4 Perform one of the following procedures: • Integrate IPMItool and VMCLI into your existing operating system deployment application. Use the sample vm6deploy script as a guide to using the utility. • Use the existing vm6deploy script to deploy your operating system.
• is the path to an ISO9660 image of the operating system installation CD or DVD • is the path to the device containing the operating system installation CD , DVD, or Floppy • is the path to a valid floppy image The vm6deploy script passes its command line options to the VMCLI utility. See “Command Line Options” for details about these options. The script processes the -r option slightly differently than the vmcli -r option.
For Windows systems, you must have Power User privileges to run the VMCLI utility. For Linux systems, you can access the VMCLI utility without administrator privileges by using the sudo command. This command provides a centralized means of providing non-administrator access and logs all user commands. To add or edit users in the VMCLI group, the administrator uses the visudo command.
If the remote system accepts the commands and the iDRAC6 authorizes the connection, the command continues to run until either of the following occurs: • The VMCLI connection terminates for any reason. • The process is manually terminated using an operating system control. For example, in Windows, you can use the Task Manager to terminate the process.
Floppy/Disk Device or Image File -f { | } where is a valid drive letter (for Windows systems) or a valid device filename (for Linux systems); and is the filename and path of a valid image file. NOTE: Mount points are not supported for the VMCLI utility. This parameter specifies the device or file to supply the virtual floppy/disk media. For example, an image file is specified as: -f c:\temp\myfloppy.img (Windows system) -f /tmp/myfloppy.
4 Reboot the server. 5 Run the following command to confirm that support for multiple LUNs has been added for the number of LUNs that you specified in Step 1: cat /sys/modules/scsi_mod/max_luns If the device provides a write-protection capability, use this capability to ensure that Virtual Media will not write to the media. Omit this parameter from the command line if you are not virtualizing floppy media. If an invalid value is detected, an error message displays and the command terminates.
Version Display -v This parameter is used to display the VMCLI utility version. If no other non-switch options are provided, the command terminates without an error message. Help Display -h This parameter displays a summary of the VMCLI utility parameters. If no other non-switch options are provided, the command terminates without error.
The latter technique is useful in script programs, as it allows the script to proceed after a new process is started for the VMCLI command (otherwise, the script would block until the VMCLI program is terminated). When multiple VMCLI instances are started in this way, and one or more of the command instances must be manually terminated, use the operating system-specific facilities for listing and terminating processes.
Configuring Intelligent Platform Management Interface (IPMI) Configuring IPMI This section provides information about configuring and using the iDRAC6 IPMI interface. The interface includes the following: • IPMI over LAN • IPMI over Serial • Serial over LAN The iDRAC6 is fully IPMI 2.0 compliant.
Configuring IPMI Using the RACADM CLI 1 Login to the remote system using any of the RACADM interfaces. See "Using RACADM Remotely." 2 Configure IPMI over LAN. Open a command prompt, type the following command, and press : racadm config -g cfgIpmiLan -o cfgIpmiLanEnable 1 NOTE: This setting determines the IPMI commands that can be executed from the IPMI over LAN interface. For more information, see the IPMI 2.0 specifications. a Update the IPMI channel privileges.
3 Configure IPMI Serial over LAN (SOL). At the command prompt, type the following command and press : racadm config -g cfgIpmiSol -o cfgIpmiSolEnable 1 a Update the IPMI SOL minimum privilege level. NOTE: The IPMI SOL minimum privilege level determines the minimum privilege required to activate IPMI SOL. For more information, see the IPMI 2.0 specification.
c Enable SOL for an individual user. NOTE: SOL can be enabled or disabled for each individual user. At the command prompt, type the following command and press : racadm config -g cfgUserAdmin -o cfgUserAdminSolEnable -i 2 where is the user’s unique ID. 4 Configure IPMI Serial. a Change the IPMI serial connection mode to the appropriate setting.
d Set the IPMI serial channel minimum privilege level.
Using the IPMI Remote Access Serial Interface In the IPMI serial interface, the following modes are available: • IPMI terminal mode — Supports ASCII commands that are submitted from a serial terminal. The command set has a limited number of commands (including power control) and supports raw IPMI commands that are entered as hexadecimal ASCII characters.
Using the iDRAC Configuration Utility Overview The iDRAC Configuration Utility is a pre-boot configuration environment that allows you to view and set parameters for the iDRAC6 and for the managed server.
Starting the iDRAC Configuration Utility 1 Turn on or restart the server by pressing the power button on the front of the server. 2 When you see the Press for Remote Access Setup within 5 sec..... message, immediately press . NOTE: If your operating system begins to load before you press , allow the system to finish booting, then restart your server and try again. The iDRAC Configuration Utility displays.
iDRAC6 LAN Use , , and the spacebar to select between On and Off. The iDRAC6 LAN is enabled in the default configuration. The LAN must be enabled to permit the use of iDRAC6 facilities, such as the Web-based interface, telnet/SSH and RAC serial access to the SM-CLP command line interface, console redirection, and virtual media. If you choose to disable the LAN the following warning is displayed: iDRAC6 Out-of-Band interface will be disabled if the LAN Channel is OFF.
Table 15-1. LAN Parameters Item Description Common Settings NIC Selection Press , , and spacebar to switch between the modes. The available modes are Dedicated, Shared, Shared with Failover LOM2, and Shared with Failover All LOMs. These modes will allow the iDRAC6 to use the corresponding interface for communication to the outside world. 228 MAC Address This is the non-editable MAC address of the iDRAC6 network interface.
Table 15-1. LAN Parameters (continued) Item Description LAN Alert Enabled Select On to enable the PET LAN alert. Alert Policy Entry 1 Select Enable or Disable to activate the first alert destination. Alert Destination 1 if LAN Alert Enabled is set to On, enter the IP address where PET LAN alerts will be forwarded. IPv4 Settings Enable or disable support for the IPv4 connection. IPv4 Select Enabled or Disabled IPv4 protocol support.
Table 15-1. LAN Parameters (continued) Item Description DNS Servers from DHCP Select On to retrieve DNS server addresses from a DHCP service on the network. Select Off to specify the DNS server addresses below. DNS Server 1 If DNS Servers from DHCP is Off, enter the IP address of the first DNS server. DNS Server 2 If DNS Servers from DHCP is Off, enter the IP address of the second DNS server. IPv6 Settings IP Address Source Enable or disable support for the IPv6 connection.
Table 15-1. LAN Parameters (continued) Item Description DNS Server 1 If DNS Servers from DHCP is Off, enter the IP address of the first DNS server. DNS Server 2 If DNS Servers from DHCP is Off, enter the IP address of the first DNS server. Advanced LAN Configurations Auto-Negotiate If NIC Selection is set to Dedicated, select between Enabled and Disabled. When Enabled is selected, LAN Speed Setting and LAN Duplex Setting are configured automatically.
Virtual Flash Press to select Disabled or Enabled. Disable/Enable will cause a Detach and an Attach of all Virtual Media devices from the USB bus. Disable will cause the Virtual Flash to be removed and to become unavailable for use. NOTE: This field will be read-only if an SD card of a size larger than 256 MB is not present on the iDRAC6 Express card slot. Smart Card Logon Press to select Enabled or Disabled. This option configures the Smart Card Logon feature.
Table 15-2. LCD User Configuration LCD Line 1 Press , , and spacebar to switch between the options. This feature sets the Home display on the LCD to one of the following options: Ambient Temp, Asset Tag, Host Name, iDRAC6 IPv4 Address, iDRAC6 IPv6 Address, iDRAC6 MAC Address, Model Number, None, Service Tag, System Power, User-Defined String. LCD User-Defined String If LCD Line 1 is set to User-Defined String, view or enter the string to be displayed on the LCD.
Table 15-3. LAN User Configuration Item Description Account Access Select Enabled to enable the administrator account. Select Disabled to disable the administrator account. Account Privilege Select between Admin, User, Operator, and No Access. Account User Name Press to edit the user name and press when you have finished. The default user name is root. Enter Password Type the new password for the administrator account. The characters are not echoed on the display as you type them.
System Event Log Menu The System Event Log Menu allows you to view System Event Log (SEL) messages and to clear the log messages. Press to display the System Event Log Menu. The system counts the log entries and then displays the total number of records and the most recent message. The SEL retains a maximum of 512 messages. To view SEL messages, select View System Event Log and press .
Using the iDRAC Configuration Utility
Monitoring and Alert Management This section explains how to monitor the iDRAC6 and provides procedures to configure your system and the iDRAC6 to receive alerts. Configuring the Managed System to Capture the Last Crash Screen Before the iDRAC6 can capture the last crash screen, you must configure the managed system with the following prerequisites. 1 Install the managed system software. For more information about installing the managed system software, see the Server Administrator User's Guide.
Disabling the Windows Automatic Reboot Option To ensure that the iDRAC6 Web-based interface last crash screen feature works properly, disable the Automatic Reboot option on managed systems running the Microsoft Windows Server® 2008 and Windows Server 2003 operating systems. Disabling the Automatic Reboot Option in Windows 2008 Server 1 Open the Windows Control Panel and double-click the System icon. 2 Click Advanced System Settings under Tasks on the left. 3 Click the Advanced tab.
• Temperature Warning Assert Filter • Temperature Critical Assert Filter • Intrusion Critical Assert Filter • Redundancy Degraded Filter • Redundancy Lost Filter • Processor Warning Assert Filter • Processor Critical Assert Filter • Processor Absent Filter • Processor Supply Warning Assert Filter • Processor Supply Critical Assert Filter • Processor Supply Absent Assert Filter • Event Log Critical Assert Filter • Watchdog Critical Assert Filter • System Power Warning Assert Filter
Configuring PEF Using the RACADM CLI 1 Enable PEF. Open a command prompt, type the following command, and press : racadm config -g cfgIpmiPef -o cfgIpmiPefEnable -i 1 1 where 1 and 1 are the PEF index and the enable/disable selection, respectively. The PEF index can be a value from 1 through 19. The enable/disable selection can be set to 1 (Enabled) or 0 (Disabled).
Configuring PET Configuring PET Using the Web User Interface For detailed information, see "Configuring Platform Event Traps (PET)." Configuring PET Using the RACADM CLI 1 Enable your global alerts. Open a command prompt, type the following command, and press : racadm config -g cfgIpmiLan -o cfgIpmiLanAlertEnable 1 2 Enable PET.
3 Configure your PET policy. At the command prompt, type the following command and press : iPv4:racadm config -g cfgIpmiPet -o cfgIpmiPetAlertDestIPAddr -i 1 iPv6:racadm config -g cfgIpmiPetIpv6 -o cfgIpmiPetIPv6AlertDestIPAddr -i 1 where 1 is the PET destination index and and are the destination IP addresses of the system that receives the platform event alerts. 4 Configure the Community Name string.
where 1 and 1 are the e-mail destination index and the enable/disable selection, respectively. The e-mail destination index can be a value from 1 through 4. The enable/disable selection can be set to 1 (Enabled) or 0 (Disabled). For example, to enable e-mail with index 4, type the following command: racadm config -g cfgEmailAlert -o cfgEmailAlertEnable -i 4 1 3 Configure your e-mail settings.
Testing the RAC SNMP Trap Alert Feature The RAC SNMP trap alerting feature allows SNMP trap listener configurations to receive traps for system events that occur on the managed system. The following example shows how a user can test the SNMP trap alert feature of the RAC. racadm testtrap -i 2 Before you test the RAC SNMP trap alerting feature, ensure that the SNMP and trap settings are configured correctly. See "testtrap" and "sslkeyupload" subcommand descriptions to configure these settings.
To access/configure the iDRAC6 SNMP agent community name using the Web-based interface, go to Remote Access→ Configuration→ Services and click SNMP Agent. To prevent SNMP authentication errors from being generated, you must enter community names that will be accepted by the agent. Since the iDRAC6 only allows one community name, you must use the same get and set community name for IT Assistant discovery setup.
Monitoring and Alert Management
Recovering and Troubleshooting the Managed System This section explains how to perform tasks related to recovering and troubleshooting a crashed remote system using the iDRAC6 Web-based interface.
Selecting Power Control Actions from the iDRAC6 CLI Use the racadm serveraction command to perform power management operations on the host system. racadm serveraction The options for the string are: • powerdown — Powers down the managed system. • powerup — Powers up the managed system. • powercycle — Issues a power-cycle operation on the managed system. This action is similar to pressing the power button on the system’s front panel to power down and then power up the system.
Table 17-1. System Information Fields Field Description Description System description. BIOS Version System BIOS version. Service Tag System Service Tag number. Host Name Host system’s name. OS Name Operating system running on the system. Table 17-2. Auto Recovery Fields Field Description Recovery Action When a "system hang" is detected, the iDRAC6 can be configured to do one of the following actions: No Action, Hard Reset, Power Down, or Power Cycle.
IPv4 Information Table 17-4 describes the IPv4 properties. Table 17-4. IPv4 Information Fields Field Description Enabled Yes or No IP Address The 32-bit address that identifies the Network Interface Card (NIC) to a host. The value is in the dot separated format, such as 143.166.154.127. Subnet Mask The Subnet Mask identifies the parts of the IP Address that are the Extended Network Prefix and the Host Number. The value is in the dot separated format, such as 255.255.0.0.
Table 17-5. IPv6 Information Fields (continued) Field Description IP Address 2 Specifies the additional IPv6 address for the iDRAC NIC if one is available. Auto Config AutoConfig lets the Server Administrator obtain the IPv6 address for the iDRAC NIC from the Dynamic Host Configuration Protocol (DHCPv6) server. Also, deactivates and flushes out the Static IP Address, Prefix Length, and Static Gateway values.
Table 17-7. SEL Page Buttons Button Action Print Prints the SEL in the sort order that it appears in the window. Refresh Reloads the SEL page. Clear Log Clears the SEL. NOTE: The Clear Log button appears only if you have Clear Logs permission. Save As Opens a pop-up window that enables you to save the SEL to a directory of your choice.
3 Select the log number of the POST boot capture log, and click Play. The video of the logs is opened on a new screen. NOTE: You must close an open POST boot capture log video before you play another one. You cannot play two logs simultaneously. 4 Click Playback→ Play to start the POST boot capture log video. 5 Click STOP to stop the video. Viewing the Last System Crash Screen NOTE: The last crash screen feature requires the managed system with the Auto Recovery feature configured in Server Administrator.
Recovering and Troubleshooting the Managed System
Recovering and Troubleshooting the iDRAC6 This section explains how to perform tasks related to recovering and troubleshooting a crashed iDRAC6. You can use one of the following tools to troubleshoot your iDRAC6: • RAC Log • Diagnostic Console • Trace Log • racdump • coredump Using the RAC Log The RAC Log is a persistent log maintained in the iDRAC6 firmware. The log contains a list of user actions (such as log in, log out, and security policy changes) and alerts issued by the iDRAC6.
Table 18-1. RAC Log Page Information Field Description Date/ Time The date and time (for example, Dec 19 16:55:47). When the iDRAC6 initially starts and is unable to communicate with the managed system, the time will be displayed as System Boot. Source The interface that caused the event. Description A brief description of the event and the user name that logged into the iDRAC6. Using the RAC Log Page Buttons The RAC Log page provides the buttons listed in Table 18-2. Table 18-2.
Using the Command Line Use the getraclog command to view the RAC log entries. racadm getraclog -i The getraclog -i command displays the number of entries in the iDRAC6 log. racadm getraclog [options] NOTE: For more information, see "getraclog." You can use the clrraclog command to clear all entries from the RAC log.
Table 18-3. Diagnostic Commands Command Description arp Displays the contents of the Address Resolution Protocol (ARP) table. ARP entries may not be added or deleted. ifconfig Displays the contents of the network interface table. netstat Prints the content of the routing table.
The Trace Log tracks the following information: • DHCP — Traces packets sent to and received from a DHCP server. • IP — Traces IP packets sent and received. The trace log may also contain iDRAC6 firmware-specific error codes that are related to the internal iDRAC6 firmware, not the managed system’s operating system. NOTE: The iDRAC6 will not echo an ICMP (ping) with a packet size larger than 1500 bytes.
Recovering and Troubleshooting the iDRAC6
Sensors Hardware sensors or probes help you to monitor the systems on your network in a more efficient way by enabling you to take appropriate actions to prevent disasters, such as system instability or damage. You can use the iDRAC6 to monitor hardware sensors for batteries, fan probes, chassis intrusion, power supplies, power consumed, temperature, and voltages. Battery Probes The Battery probes provide information about the system board CMOS and storage RAM on motherboard (ROMB) batteries.
Power Supplies Probes The power supplies probes provides information on: • Status of the power supplies • Power supply redundancy, that is, the ability of the redundant power supply to replace the primary power supply if the primary power supply fails. NOTE: If there is only one power supply in the system, the Power Supply Redundancy will be set to Disabled. Power Monitoring Probes Power monitoring provides information about the real time consumption of power, in watts and amperes.
• System Board 5V PG • System Board Backplane PG • System Board CPU VTT • System Board Linear PG The voltage probes indicate whether the status of the probes is within the pre-set warning and critical threshold values.
Sensors
Power Monitoring and Management Dell™ PowerEdge™ systems incorporate many new and enhanced power management features. The entire platform, from hardware to firmware to systems management software, has been designed with a focus on power efficiency, power monitoring, and power management. The base hardware design has been optimized from a power perspective: • High efficiency power supplies and voltage regulators have been incorporated in to the design.
Power Monitoring The iDRAC6 monitors the power consumption in PowerEdge servers continuously.
Using the Web-Based Interface To view the health status of the power supply units: 1 Log in to the iDRAC6 Web-based interface. 2 Select Power Supplies in the system tree. The Power Supplies page displays and provides the following information: • Power Supplies Redundancy Status: The possible values are: – Full: Power supplies, PS1 and PS2, are of the same type and they are functioning properly. – Lost: Power supplies, PS1 and PS2, are of different types or one of them is malfunctioning.
– Maximum Wattage displays the maximum wattage of the power supply, which is the DC power available to the system. This value is used to confirm that sufficient power supply capacity is available for the system configuration. – Online Status indicates the power state of the power supplies: present and OK, input lost, absent, or predictive failure. – FW Version displays the firmware version of the power supply.
Maximum Potential Power Consumption displays the highest Power Budget Threshold value that you may specify. This value is also the current system configuration's absolute maximum power consumption. Using RACADM Open a Telnet/SSH text console to the iDRAC, log in, and type: racadm getconfig -g cfgServerPower NOTE: For more information about cfgServerPower, including output details, see "cfgServerPower.
4 Enter a value in Watts, BTU/hr, or percent in the Power Budget Threshold table. The value you specify in Watts or BTU/hr will be the power budget threshold limit value. If you specify a percentage value, it will be a percentage of the Maximum-to-Minimum Potential Power Consumption interval. For example, 100% Threshold means Maximum Potential Power Consumption while 0% means Minimum Potential Power Consumption.
The information provided on the Power Monitoring page is described below: Power Monitoring • Status: OK indicates that the power supply units are present and communicating with the server, Warning indicates that a warning alert was issued, and Severe indicates a failure alert was issued. • Probe Name: System Board System Level. This description indicates the probe is being monitored by its location in the system. • Reading: The current power consumption in Watts/BTU/hr.
• Start Time displays the date and time recorded when the system energy consumption value was last cleared and the new measurement cycle began. For Cumulative, you can reset this value with the Reset Cumulative button, but it will persist through a system reset or failover operation. For Max Peak Amps and Max Peak Watts, you can reset this value with the Reset Max Peaks button, but it will also persist through a system reset or failover operation.
Show Graph Clicking this button displays graphs showing the iDRAC6 Power and Current Consumption in Watts and Amperes, respectively, over the last hour. The user has the option to view these statistics up to a week before, using the drop down menu provided above the graphs. NOTE: Each data point plotted on the graphs represents the average of readings over a 5 minute period. As a result, the graphs may not reflect brief fluctuations in power or current consumption.
4 Click Apply. A dialog box appears requesting confirmation. 5 Click OK to perform the power management action you selected (for example, cause the system to reset). Using RACADM Open a Telnet/SSH text console to the server, log in, and type: racadm serveraction where is powerup, powerdown, powercycle, hardreset, or powerstatus.
Configuring Security Features The iDRAC6 provides the following security features: • Advanced Security options for the iDRAC6 administrator: • The Console Redirection disable option allows the local system user to disable console redirection using the iDRAC6 Console Redirection feature.
Security Options for the iDRAC6 Administrator Disabling the iDRAC6 Local Configuration Administrators can disable local configuration through the iDRAC6 graphical user interface (GUI) by selecting Remote Access→ Configuration→ Services. When the Disable the iDRAC Local Configuration using option ROM check box is selected, the iDRAC6 Configuration Utility—accessed by pressing during system boot—operates in read-only mode, preventing local users from configuring the device.
NOTE: See the white paper on Disabling Local Configuration and Remote Virtual KVM in the DRAC on the Dell Support site at support.dell.com for more information. Although administrators can set the local configuration options using local RACADM commands, for security reasons they can reset them only from an out-of-band iDRAC6 Web-based interface or command line interface.
Disabling iDRAC6 Remote Virtual KVM Administrators can selectively disable the iDRAC6 remote KVM, providing a flexible, secure mechanism for a local user to work on the system without someone else viewing the user’s actions through console redirection. Using this feature requires installing the iDRAC managed node software on the server.
Securing iDRAC6 Communications Using SSL and Digital Certificates This subsection provides information about the following data security features that are incorporated in your iDRAC6: • "Secure Sockets Layer (SSL)" • "Certificate Signing Request (CSR)" • "Accessing the SSL Main Menu" • "Generating a Certificate Signing Request" Secure Sockets Layer (SSL) The iDRAC6 includes a Web server that is configured to use the industrystandard SSL security protocol to transfer encrypted data over the Internet.
viewed or changed by others. To ensure security for your DRAC, it is strongly recommended that you generate a CSR, submit the CSR to a CA, and upload the certificate returned from the CA. A CA is a business entity that is recognized in the IT industry for meeting high standards of reliable screening, identification, and other important security criteria. Examples of CAs include Thawte and VeriSign. After the CA receives your CSR, they review and verify the information the CSR contains.
Table 21-2. SSL Main Menu Buttons Button Description Print Prints the SSL Main Menu page. Refresh Reloads the SSL Main Menu page. Next Navigates to the next page. Generating a Certificate Signing Request NOTE: Each CSR overwrites any previous CSR on the firmware. Before iDRAC can accept your signed CR, the CSR in the firmware must match the certificate returned from the CA. 1 On the SSL Main Menu, select Generate Certificate Signing Request (CSR) and click Next.
Table 21-3. Generate Certificate Signing Request (CSR) Page Options (continued) Field Description Locality The city or other location of the entity being certified (for example, Round Rock). Only alphanumeric characters and spaces are valid. Do not separate words using an underscore or some other character. State Name The state or province where the entity who is applying for a certification is located (for example, Texas). Only alphanumeric characters and spaces are valid. Do not use abbreviations.
Table 21-5. Certificate Information (continued) Field Description Issuer Information Certificate attributes returned by the issuer Valid From Issue date of the certificate Valid To Expiration date of the certificate Using the Secure Shell (SSH) For information about using SSH, see " Using the Secure Shell (SSH)." Configuring Services NOTE: To modify these settings, you must have Configure iDRAC permission.
Table 21-6. Local Configuration Settings Setting Description Disable the iDRAC local configuration using option ROM Disables local configuration of the iDRAC using option ROM. The option ROM prompts you to enter the setup module by pressing during system reboot. Disable the iDRAC local Disables local configuration of the iDRAC using configuration using RACADM local RACADM. Table 21-7. Web Server Settings Setting Description Enabled Enables or disables the Web server.
Table 21-8. Setting SSH Settings Description Enabled Enables or disable SSH. When checked, the checkbox indicates that SSH is enabled. Timeout The secure shell idle timeout, in seconds. The Timeout range is 60 to 1920 seconds. Enter 0 seconds to disable the Timeout feature. The default is 300. Port Number The port on which the iDRAC6 listens for an SSH connection. The default is 22. Table 21-9. Telnet Settings Setting Description Enabled Enables or disables telnet.
Table 21-11. SNMP Agent Settings Setting Description Enabled Enables or disables the SNMP agent. Checked=Enabled; Unchecked=Disabled. Community Name The name of the community that contains the IP address for the SNMP Alert destination. The Community Name can be up to 31 non-blank characters in length. The default setting is public. Table 21-12. Automated System Recovery Agent Setting Setting Description Enabled Enables the Automated System Recovery Agent. Table 21-13.
These features are disabled in the iDRAC6 default configuration. Use the following subcommand or the Web-based interface to enable these features: racadm config -g cfgRacTuning -o Additionally, use these features in conjunction with the appropriate session idle time-out values and a defined security plan for your network. The following subsections provide additional information about these features.
Table 21-14. IP Address Filtering (IpRange) Properties Property Description cfgRacTuneIpRangeEnable Enables the IP range checking feature. cfgRacTuneIpRangeAddr Determines the acceptable IP address bit pattern, depending on the 1’s in the subnet mask. This property is bitwise AND’d with cfgRacTuneIpRangeMask to determine the upper portion of the allowed IP address. Any IP address that contains this bit pattern in its upper bits is allowed to establish an iDRAC6 session.
To restrict logins to a small set of four adjacent IP addresses (for example, 192.168.0.212 through 192.168.0.215), select all but the lowest two bits in the mask, as shown below: racadm config -g cfgRacTuning -o cfgRacTuneIpRangeEnable 1 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeAddr 192.168.0.212 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.
As login failures accumulate from a specific IP address, they are "aged" by an internal counter. When the user logs in successfully, the failure history is cleared and the internal counter is reset. NOTE: When login attempts are refused from the client IP address, some SSH clients may display the following message: ssh exchange identification: Connection closed by remote host. See "iDRAC6 Property Database Group and Object Definitions" for a complete list of cfgRacTuning properties.
racadm config -g cfgRacTuning -o cfgRacTuneIpBlkFailCount 5 racadm config -g cfgRacTuning -o cfgRacTuneIpBlkFailWindows 60 racadm config -g cfgRacTuning -o cfgRacTuneIpBlkPenaltyTime 300 The following example prevents more than three failed attempts within one minute, and prevents additional login attempts for an hour.
Table 21-16. Network Security Page Settings Settings Description IP Range Enabled Enables the IP Range checking feature, which defines a specific range of IP addresses that can access the iDRAC6. IP Range Address Determines the acceptable IP address bit pattern, depending on the 1's in the subnet mask. This value is bitwise AND’d with the IP Range Subnet Mask to determine the upper portion of the allowed IP address.
Table 21-17. Network Security Page Buttons Button Description Print Prints the Network Security page Refresh Reloads the Network Security page Apply Changes Saves the changes made to the Network Security page. Go Back to Network Configuration Page Returns to the Network Configuration page.
Configuring Security Features
RACADM Subcommand Overview This section provides descriptions of the subcommands that are available in the RACADM command line interface. help NOTE: To use this command, you must have Login to iDRAC permission. Table A-1 describes the help command. Table A-1. Help Command Command Definition help Lists all of the subcommands available to use with RACADM and provides a short description for each.
Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh/serial RACADM arp NOTE: To use this command, you must have Execute Diagnostic Commands permission. Table A-2 describes the arp command. Table A-2. arp Command Command Definition arp Displays the contents of the ARP table. ARP table entries cannot be added or deleted. Synopsis racadm arp Supported Interfaces • Remote RACADM • telnet/ssh/serial RACADM clearasrscreen NOTE: To use this command, you must have Clear Logs permission.
Synopsis racadm clearasrscreen Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh/serial RACADM config NOTE: To use the getconfig command, you must have Log In iDRAC permission. Table A-4 describes the config and getconfig subcommands. Table A-4. config/getconfig Subcommand Definition config Configures the iDRAC6. getconfig Gets the iDRAC6 configuration data.
Input Table A-5 describes the config subcommand options. NOTE: The -f and -p options are not supported for the serial/telnet/ssh console. Table A-5. config Subcommand Options and Descriptions Option Description -f The -f option causes config to read the contents of the file specified by and configure the iDRAC6. The file must contain data in the format specified in "Parsing Rules.
Examples • racadm config -g cfgLanNetworking -o cfgNicIpAddress 10.35.10.100 Sets the cfgNicIpAddress configuration parameter (object) to the value 10.35.10.110. This IP address object is contained in the group cfgLanNetworking. • racadm config -f myrac.cfg Configures or reconfigures the iDRAC6. The myrac.cfg file may be created from the getconfig command. The myrac.cfg file may also be edited manually as long as the parsing rules are followed. NOTE: The myrac.
Table A-6. getconfig Subcommand Options Option Description -f The -f option directs getconfig to write the entire iDRAC6 configuration to a configuration file. This file can be used for batch configuration operations using the config subcommand. NOTE: The -f option does not create entries for the cfgIpmiPet and cfgIpmiPef groups. You must set at least one trap destination to capture the cfgIpmiPet group to the file.
If errors are not encountered, this subcommand displays the contents of the specified configuration. Examples • racadm getconfig -g cfgLanNetworking Displays all of the configuration properties (objects) that are contained in the group cfgLanNetworking. • racadm getconfig -f myrac.cfg Saves all group configuration objects from the iDRAC6 to myrac.cfg. • racadm getconfig -h Displays a list of the available configuration groups on the iDRAC6.
coredump NOTE: To use this command, you must have Execute Debug Commands permission. Table A-7 describes the coredump subcommand. Table A-7. coredump Subcommand Definition coredump Displays the last iDRAC6 core dump. Synopsis racadm coredump Description The coredump subcommand displays detailed information related to any recent critical issues that have occurred with the RAC. The coredump information can be used to diagnose these critical issues.
coredumpdelete NOTE: To use this command, you must have Clear Logs or Execute Debug Commands permission. Table A-8 describes the coredumpdelete subcommand. Table A-8. coredumpdelete Subcommand Definition coredumpdelete Deletes the core dump stored in the iDRAC6. Synopsis racadm coredumpdelete Description The coredumpdelete subcommand can be used to clear any currently resident coredump data stored in the RAC.
fwupdate NOTE: To use this command, you must have Configure iDRAC6 permission. NOTE: Before you begin your firmware update, see "Advanced Configuration of the iDRAC6" for additional information. Table A-9 describes the fwupdate subcommand. Table A-9.
Supported Interfaces • Local RACADM • telnet/ssh/serial RACADM Input Table A-10 describes the fwupdate subcommand options. NOTE: The -p option is only supported in local RACADM and is not supported with the remote or the serial/telnet/ssh console. Table A-10. fwupdate Subcommand Options Option Description -u The update option performs a checksum of the firmware update file and starts the actual update process. This option may be used along with the -g or -p options.
Examples • racadm fwupdate -g -u - a 143.166.154.143 -d In this example, the -g option tells the firmware to download the firmware update file from a location (specified by the -d option) on the TFTP server at a specific IP address (specified by the -a option). After the image file is downloaded from the TFTP server, the update process begins. When completed, the iDRAC6 is reset. • racadm fwupdate -s This option reads the current status of the firmware update.
Description The getssninfo command returns a list of users that are connected to the iDRAC6. The summary information provides the following information: • Username • IP address (if applicable) • Session type (for example, serial or telnet) • Consoles in use (for example, Virtual Media or Virtual KVM) Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh/serial RACADM Input Table A-12 describes the getssninfo subcommand options. Table A-12.
Examples • racadm getssninfo Table A-13 provides an example of output from the racadm getssninfo command. Table A-13. getssninfo Subcommand Output Example User IP Address Type Consoles root 192.168.0.10 Telnet Virtual KVM • racadm getssninfo -A "root" "143.166.174.19" "Telnet" "NONE" • racadm getssninfo -A -u * "root" "143.166.174.19" "Telnet" "NONE" "bob" "143.166.174.19" "GUI" "NONE" getsysinfo NOTE: To use this command, you must have Login to iDRAC permission.
Description The getsysinfo subcommand displays information related to the RAC, managed system, and watchdog configuration. Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh/serial RACADM Input Table A-15 describes the getsysinfo subcommand options. Table A-15.
Sample Output RAC Information: RAC Date/Time Firmware Version Firmware Build Last Firmware Update Hardware Version MAC Address = = = = = = Common settings: Register DNS RAC Name DNS RAC Name Current DNS Domain Domain Name from DHCP = 0 = iDRAC6 = = 0 IPv4 settings: Enabled Current IP Address Current IP Gateway Current IP Netmask DHCP Enabled Current DNS Server 1 Current DNS Server 2 DNS Servers from DHCP = = = = = = = = 1 192.168.0.120 192.168.0.1 255.255.255.0 0 0.0.0.0 0.0.0.
System Information: System Model System BIOS Version BMC Firmware Version Service Tag Host Name OS Name Power Status = = = = = = = PowerEdge R610 0.2.4 0.32 AC056 ON Watchdog Information: Recovery Action = None Present countdown value = 15 seconds Initial countdown value = 15 seconds Examples • racadm getsysinfo -A -s "System Information:" "PowerEdge 2900" "A08" "1.0" "EF23VQ-0023" "Hostname" "Microsoft Windows 2000 version 5.
Restrictions The Hostname and OS Name fields in the getsysinfo output display accurate information only if Dell™ OpenManage™ systems software is installed on the managed system. If OpenManage is not installed on the managed system, these fields may be blank or inaccurate. getractime NOTE: To use this command, you must have Login to iDRAC permission. Table A-16 describes the getractime subcommand. Table A-16.
Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh/serial RACADM ifconfig NOTE: To use this command, you must have Execute Diagnostic Commands or Configure iDRAC permission. Table A-17 describes the ifconfig subcommand. Table A-17. ifconfig Subcommand Definition ifconfig Displays the contents of the network interface table. Synopsis racadm ifconfig netstat NOTE: To use this command, you must have Execute Diagnostic Commands permission. Table A-18 describes the netstat subcommand.
Supported Interfaces • Remote RACADM • telnet/ssh/serial RACADM ping NOTE: To use this command, you must have Execute Diagnostic Commands or Configure iDRAC permission. Table A-19 describes the ping subcommand. Table A-19. ping Subcommand Definition ping Verifies that the destination IP address is reachable from the iDRAC6 with the current routing-table contents. A destination IP address is required. An ICMP echo packet is sent to the destination IP address based on the current routing-table contents.
Synopsis racadm setniccfg -d racadm setniccfg -d6 racadm setniccfg -s racadm setniccfg -s6 racadm setniccfg -o Description The setniccfg subcommand sets the controller IP address. • The -d option enables DHCP for the Ethernet management port (default is DHCP disabled). • The -d6 option enables AutoConfig for the Ethernet management port. It is enabled by default. • The -s option enables static IP settings.
getniccfg NOTE: To use the getniccfg command, you must have Login to iDRAC permission. Table A-21 describes the setniccfg and getniccfg subcommands. Table A-21. setniccfg/getniccfg Subcommand Definition getniccfg Displays the current IP configuration for the controller. Synopsis racadm getniccfg Description The getniccfg subcommand displays the current Ethernet management port settings. Sample Output The getniccfg subcommand will display an appropriate error message if the operation is not successful.
getsvctag NOTE: To use this command, you must have Login to iDRAC permission. Table A-22 describes the getsvctag subcommand. Table A-22. getsvctag Subcommand Definition getsvctag Displays a service tag. Synopsis racadm getsvctag Description The getsvctag subcommand displays the service tag of the host system. Example Type getsvctag at the command prompt. The output is displayed as follows: Y76TP0G The command returns 0 on success and nonzero on errors.
racdump NOTE: To use this command, you must have Debug permission. Table A-23 describes the racdump subcommand. Table A-23. racdump Subcommand Definition racdump Displays status and general iDRAC6 information. Synopsis racadm racdump Description The racdump subcommand provides a single command to get dump, status, and general iDRAC6 board information.
racreset NOTE: To use this command, you must have Configure iDRAC permission. Table A-24 describes the racreset subcommand. Table A-24. racreset Subcommand Definition racreset Resets the iDRAC6. NOTE: When you issue a racreset subcommand, the iDRAC6 may require up to one minute to return to a usable state. Synopsis racadm racreset [hard | soft] Description The racreset subcommand issues a reset to the iDRAC6. The reset event is written into the iDRAC6 log.
Examples • racadm racreset Start the iDRAC6 soft reset sequence. • racadm racreset hard Start the iDRAC6 hard reset sequence. Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh/serial RACADM racresetcfg NOTE: To use this command, you must have Configure iDRAC permission. Table A-26 describes the racresetcfg subcommand. Table A-26. racresetcfg Subcommand Definition racresetcfg Resets the entire iDRAC6 configuration to factory default values.
Description The racresetcfg command removes all database property entries that have been configured by the user. The database has default properties for all entries that are used to restore the card back to its original default settings. After resetting the database properties, the iDRAC6 resets automatically. NOTE: This command deletes your current iDRAC6 configuration and resets the iDRAC6 and serial configuration to the original default settings.
Table A-28. serveraction Subcommand Options String Definition Specifies the action. The options for the string are: • powerdown — Powers down the managed system. • powerup — Powers up the managed system. • powercycle — Issues a power-cycle operation on the managed system. This action is similar to pressing the power button on the system’s front panel to power down and then power up the system.
Synopsis racadm getraclog -i racadm getraclog [-A] [-o] [-c count] [-s startrecord] [-m] Description The getraclog -i command displays the number of entries in the iDRAC6 log. The following options allow the getraclog command to read entries: • -A — Displays the output with no headers or labels. • -c — Provides the maximum count of entries to be returned. • -m — Displays one screen of information at a time and prompts the user to continue (similar to the UNIX more command).
clrraclog NOTE: To use this command, you must have Clear Logs permission. Synopsis racadm clrraclog Description The clrraclog subcommand removes all existing records from the iDRAC6 log. A new single record is created to record the date and time when the log was cleared. getsel NOTE: To use this command, you must have Login to iDRAC permission. Table A-30 describes the getsel command. Table A-30. getsel Command Definition getsel -i Displays the number of entries in the System Event Log.
-s — Specifies the starting record used for the display -E — Places the 16 bytes of raw SEL at the end of each line of output as a sequence of hex values. -R — Only the raw data is printed. -m — Displays one screen at a time and prompts the user to continue (similar to the UNIX more command). NOTE: If no arguments are specified, the entire log is displayed. Output The default output display shows the record number, timestamp, severity, and description.
Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh/serial RACADM gettracelog NOTE: To use this command, you must have Login to iDRAC permission. Table A-31 describes the gettracelog subcommand. Table A-31. gettracelog Command Definition gettracelog -i Displays the number of entries in the iDRAC6 trace log. gettracelog Displays the iDRAC6 trace log.
Output The default output display shows the record number, timestamp, source, and description. The timestamp begins at midnight, January 1 and increases until the system boots. After the system boots, the system’s timestamp is used. For example: Record: 1 Date/Time: Dec Source: ssnmgrd[175] 8 08:21:30 Description: root from 143.166.157.
Description The sslcsrgen subcommand can be used to generate a CSR and download the file to the client’s local file system. The CSR can be used for creating a custom SSL certificate that can be used for SSL transactions on the RAC. Options NOTE: The -f option is not supported for the serial/telnet/ssh console. Table A-33 describes the sslcsrgen subcommand options. Table A-33. sslcsrgen Subcommand Options Option Description -g Generates a new CSR.
Examples racadm sslcsrgen -s or racadm sslcsrgen -g -f c:\csr\csrtest.txt Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh/serial RACADM sslcertupload NOTE: To use this command, you must have Configure iDRAC permission. Table A-34 describes the sslcertupload subcommand. Table A-34. sslcertupload Subcommand Description sslcertupload Uploads a custom SSL server or CA certificate from the client to the RAC.
The sslcertupload command returns 0 when successful and returns a nonzero number when unsuccessful. Restrictions The sslcertupload subcommand can only be executed from a local or remote RACADM client. The sslcsrgen subcommand cannot be used in the serial, telnet, or SSH interface. Example racadm sslcertupload -t 1 -f c:\cert\cert.txt Supported Interfaces • Local RACADM • Remote RACADM sslcertdownload NOTE: To use this command, you must have Configure iDRAC permission.
Options Table A-37 describes the sslcertdownload subcommand options. Table A-37. sslcertdownload Subcommand Options Option Description -t Specifies the type of certificate to download, either the Microsoft® Active Directory® certificate or server certificate. 1 = server certificate 2 = Microsoft Active Directory certificate -f Specifies the file name of the certificate to be uploaded. If the -f option or the filename is not specified, the sslcert file in the current directory is selected.
sslcertview NOTE: To use this command, you must have Configure iDRAC permission. Table A-38 describes the sslcertview subcommand. Table A-38. sslcertview Subcommand Description sslcertview Displays the SSL server or CA certificate that exists on the RAC. Synopsis racadm sslcertview -t [-A] Options Table A-39 describes the sslcertview subcommand options. Table A-39.
Organizational Unit (OU) Common Name (CN) : Remote Access Group : iDRAC6 default certificate Issuer Information: Country Code (CC) State (S) Locality (L) Organization (O) Organizational Unit (OU) Common Name (CN) : : : : : : Valid From Valid To : Jul : Jul US Texas Round Rock Dell Inc. Remote Access Group iDRAC6 default certificate 8 16:21:56 2005 GMT 7 16:21:56 2010 GMT racadm sslcertview -t 1 -A 00 US Texas Round Rock Dell Inc.
sslkeyupload NOTE: To use this command, you must have Configure iDRAC permission. Table A-40 describes the sslkeyupload subcommand. Table A-40. sslkeyupload Subcommand Description sslkeyupload Uploads SSL key from the client to the iDRAC6. Synopsis racadm sslkeyupload -t -f Options Table A-41 describes the sslkeyupload subcommand options. Table A-41. sslkeyupload Subcommand Options Option Description -t Specifies the key to upload.
testemail Table A-42 describes the testemail subcommand. Table A-42. testemail configuration Subcommand Description testemail Tests the RAC’s e-mail alerting feature. Synopsis racadm testemail -i Description Sends a test e-mail from the iDRAC6 to a specified destination. Prior to executing the test e-mail command, ensure that the specified index in the RACADM cfgEmailAlert group is enabled and configured properly. Table A-43 provides a list and associated commands for the cfgEmailAlert group.
Options Table A-44 describes the testemail subcommand options. Table A-44. testemail Subcommands Option Description -i Specifies the index of the e-mail alert to test. Output None. Supported Interfaces • Local RACADM • Remote RACADM • telnet/ssh/serial RACADM testtrap NOTE: To use this command, you must have Test Alerts permission. Table A-45 describes the testtrap subcommand. Table A-45. testtrap Subcommand Description testtrap Tests the RAC’s SNMP trap alerting feature.
Table A-46 provides a list and associated commands for the cfgIpmiPet group. Table A-46. cfgEmailAlert Commands Action Command Enable the alert racadm config -g cfgIpmiPet -o cfgIpmiPetAlertEnable -i 1 1 Set the destination e-mail IP address racadm config -g cfgIpmiPet -o cfgIpmiPetAlertDestIpAddr -i 1 192.168.0.110 View the current test trap settings racadm getconfig -g cfgIpmiPet -i where is a number from 1 to 4 Input Table A-47 describes the testtrap subcommand options.
vmdisconnect NOTE: To use this command, you must have Access Virtual Media permission. Table A-48 describes the vmdisconnect subcommand. Table A-48. vmdisconnect Subcommand Description vmdisconnect Closes all open iDRAC6 virtual media connections from remote clients. Synopsis racadm vmdisconnect Description The vmdisconnect subcommand allows a user to disconnect another user's virtual media session. Once disconnected, the Web-based interface will reflect the correct connection status.
vmkey NOTE: To use this command, you must have Access Virtual Media permission. Table A-49 describes the vmkey subcommand. Table A-49. vmkey Subcommand Description vmkey Performs virtual media key-related operations. Synopsis racadm vmkey If is configured as reset, the Virtual Flash memory is reset to the default size of 256 MB. Description When a custom virtual media key image is uploaded to the RAC, the key size becomes the image size.
Synopsis racadm usercertupload -t [-f ] -i Options Table A-51 describes the usercertupload subcommand options. Table A-51. usercertupload Subcommand Options Option Description -t Specifies the type of certificate to upload, either the CA certificate or server certificate. 1 = user certificate 2 = user CA certificate -f Specifies the file name of the certificate to be uploaded. If the file is not specified, the sslcert file in the current directory is selected.
usercertview NOTE: To use this command, you must have Configure iDRAC permission. Table A-52 describes the usercertview subcommand. Table A-52. usercertview Subcommand Description usercertview Displays the user certificate or user CA certificate that exists on the iDRAC6. Synopsis racadm sslcertview -t [-A] -i Options Table A-53 describes the sslcertview subcommand options. Table A-53.
localConRedirDisable NOTE: Only a local RACADM user can execute this command. Table A-54 describes the localConRedirDisable subcommand. Table A-54. localConRedirDisable Subcommand Description localConRedirDisable Disables console redirection to the management station. Synopsis racadm localConRedirDisable
iDRAC6 Property Database Group and Object Definitions The iDRAC6 property database contains the configuration information for the iDRAC6. Data is organized by associated object, and objects are organized by object group. The IDs for the groups and objects that the property database supports are listed in this section. Use the group and object IDs with the RACADM utility to configure the iDRAC6. The following sections describe each object and indicate whether the object is readable, writable, or both.
idRacProductInfo (Read Only) Legal Values A string of up to 63 ASCII characters Default Integrated Dell Remote Access Controller Description A text string that identifies the product idRacDescriptionInfo (Read Only) Legal Values A string of up to 255 ASCII characters Default This system component provides a complete set of remote management functions for Dell PowerEdge servers.
idRacBuildInfo (Read Only) Legal Values A string of up to 16 ASCII characters Default The current iDRAC6 firmware build version Description String containing the current product build version idRacName (Read Only) Legal Values A string of up to 15 ASCII characters Default iDRAC Description A user-assigned name to identify this controller idRacType (Read Only) Legal Values Product ID Default 10 Description Identifies the remote access controller type as the iDRAC6 iDRAC6 Property Database Group a
cfgLanNetworking This group contains parameters to configure the iDRAC6 NIC. One instance of the group is allowed. Some objects in this group may require the iDRAC6 NIC to be reset, which may cause a brief loss in connectivity. Objects that change the iDRAC6 NIC IP address settings will close all active user sessions and require users to reconnect using the updated IP address settings.
Table B-1. cfgNicSelection Supported Modes Mode Description Shared Used if the host server integrated NIC is shared with the RAC on the host server. This mode enables configurations to use the same IP address on the host server and the RAC for common accessibility on the network. Shared with Failover: LOM 2 Enables teaming capabilities between host server LOM2 integrated network interface controllers. Dedicated Specifies that the RAC NIC is used as the dedicated NIC for remote accessibility.
Description Enables or disables the VLAN capabilities of the RAC/BMC. cfgNicVLanId (Read/Write) Legal Values 1-4094 Default 1 Description Specifies the VLAN ID for the network VLAN configuration. This property is only valid if cfgNicVLanEnable is set to 1 (enabled). cfgNicVLanPriority (Read/Write) Legal Values 0–7 Default 0 Description Specifies the VLAN Priority for the network VLAN configuration. This property is only valid if cfgNicVLanEnable is set to 1 (enabled).
Description Specifies that the iDRAC6 DNS domain name should be assigned from the network DHCP server cfgDNSDomainName (Read/Write) Legal Values A string of up to 254 ASCII characters. At least one of the characters must be alphabetic. Characters are restricted to alphanumeric, '-', and '.'. NOTE: Microsoft® Active Directory® only supports Fully Qualified Domain Names (FQDN) of 64 bytes or fewer. Default Description This is the DNS domain name.
cfgDNSRegisterRac (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Registers the iDRAC6 name on the DNS server cfgDNSServersFromDHCP (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Specifies if the DNS server IPv4 addresses should be assigned from the DHCP server on the network cfgDNSServer1 (Read/Write) Legal Values String representing a valid IPv4 address. For example: 192.168.0.20. Default 0.0.0.
cfgDNSServer2 (Read/Write) Legal Values String representing a valid IPv4 address. For example: 192.168.0.20. Default 0.0.0.0 Description Retrieves the IPv4 address for DNS server 2 cfgNicEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables or disables the iDRAC6 network interface controller. If the NIC is disabled, the remote network interfaces to the iDRAC6 will no longer be accessible.
Description Specifies the IPv4 address assigned to the iDRAC6 cfgNicNetmask (Read/Write) NOTE: This parameter is only configurable if the cfgNicUseDhcp parameter is set to 0 (FALSE). Legal Values String representing a valid subnet mask. For example: 255.255.255.0. Default 255.255.255.0 Description The subnet mask used for the iDRAC6 IP address cfgNicGateway (Read/Write) NOTE: This parameter is only configurable if the cfgNicUseDhcp parameter is set to 0 (FALSE).
Default 0 Description Specifies whether DHCP is used to assign the iDRAC6 IPv4 address. If this property is set to 1 (TRUE), then the iDRAC6 IPv4 address, subnet mask, and gateway are assigned from the DHCP server on the network. If this property is set to 0 (FALSE), the user can configure the cfgNicIpAddress, cfgNicNetmask, and cfgNicGateway properties. cfgNicMacAddress (Read Only) Legal Values String representing the iDRAC6 NIC MAC address Default The current MAC address of the iDRAC6 NIC.
Description Enables or disables the iDRAC6 firmware update from a network TFTP server cfgRhostsFwUpdateIpAddr (Read/Write) Legal Values A string representing a valid IPv4 address. For example, 192.168.0.61 Default 0.0.0.
Default 0.0.0.0 Description The IPv4 address of the network SMTP server or TFTP server. The SMTP server transmits e-mail alerts from the iDRAC6 if the alerts are configured and enabled. The TFTP server transfers files to and from the iDRAC6. cfgUserAdmin This group provides configuration information about the users who are allowed to access the iDRAC6 through the available remote interfaces. Up to 16 instances of the user group are allowed.
Default 4 (User 2) 15 (All others) Description The maximum privilege on the IPMI LAN channel cfgUserAdminPrivilege (Read/Write) Legal Values 0x00000000 to 0x000001ff, and 0x0 Default 0x00000000 Description This property specifies the role-based authority privileges allowed for the user. The value is represented as a bit mask that allows for any combination of privilege values. Table B-2 describes the user privilege bit values that can be combined to create bit masks. Table B-2.
Examples Table B-3 provides sample privilege bit masks for users with one or more privileges. Table B-3. Sample Bit Masks for User Privileges User Privilege(s) Privilege Bit Mask The user is not allowed to access the iDRAC. 0x00000000 The user may only login to the 0x00000001 iDRAC and view iDRAC and server configuration information. The user may login to the iDRAC 0x00000001 + 0x00000002 = 0x00000003 and change configuration.
cfgUserAdminPassword (Write Only) Legal Values A string of up to 20 ASCII characters Default ******** Description The password for this user. User passwords are encrypted and cannot be seen or displayed after the property is written.
Description Enables or disables Serial Over LAN (SOL) user access for the user cfgUserAdminIpmiSerialPrivilege (Read/Write) Legal Values 2 (User) 3 (Operator) 4 (Administrator) 15 (No access) Default 4 (User 2) 15 (All others) Description The maximum privilege on the IPMI LAN channel cfgEmailAlert This group contains parameters to configure the iDRAC6 e-mail alerting capabilities. The following subsections describe the objects in this group. Up to four instances of this group are allowed.
Description The unique index of an alert instance cfgEmailAlertEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the alert instance cfgEmailAlertAddress (Read/Write) Legal Values E-mail address format, with a maximum length of 64 ASCII characters Default Description Specifies the destination email address for email alerts, for example, user1@company.
Description Specifies a custom message that forms the subject of the alert cfgSessionManagement This group contains parameters to configure the number of sessions that can connect to the iDRAC6. One instance of the group is allowed. The following subsections describe the objects in this group. cfgSsnMgtRacadmTimeout (Read/Write) Legal Values 10 –1920 Default 60 Description Defines the idle timeout in seconds for the Remote RACADM interface.
cfgSsnMgtWebserverTimeout (Read/Write) Legal Values 60 – 10800 Default 1800 Description Defines the web server timeout. This property sets the amount of time in seconds that a connection is allowed to remain idle (there is no user input). The session is cancelled if the time limit set by this property is reached. Changes to this setting do not affect the current session; you must log out and log in again to make the new settings effective.
cfgSsnMgtTelnetTimeout (Read/Write) Legal Values 0 (No timeout) 60 – 1920 Default 300 Description Defines the telnet idle timeout. This property sets the amount of time in seconds that a connection is allowed to remain idle (there is no user input). The session is cancelled if the time limit set by this property is reached. Changes to this setting do not affect the current session (you must log out and log in again to make the new settings effective).
Description Sets the baud rate on the iDRAC6 serial port. cfgSerialConsoleEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the RAC serial console interface. cfgSerialConsoleQuitKey (Read/Write) Legal Values A string of up to 4 characters Default ^\ (<\>) NOTE: The "^" is the key.
Description This key or key combination terminates text console redirection when using the console com2 command.
Description Enables or disables the RAC serial console login authentication. cfgSerialConsoleCommand (Read/Write) Legal Values A string of up to 128 characters Default Description Specifies a serial command that is executed after a user logs into the serial console interface. cfgSerialHistorySize (Read/Write) Legal Values 0 – 8192 Default 8192 Description Specifies the maximum size of the serial history buffer.
Description Enables or disables the console for COM 2 port redirection. cfgSerialSshEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables or disables the secure shell (SSH) interface on the iDRAC6 cfgSerialTelnetEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the telnet console interface on the iDRAC6 cfgOobSnmp This group contains parameters to configure the SNMP agent and trap capabilities of the iDRAC6.
cfgOobSnmpAgentCommunity (Read/Write) Legal Values A string of up to 31 characters Default public Description Specifies the SNMP Community Name used for SNMP traps cfgOobSnmpAgentEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the SNMP agent in the iDRAC6 cfgRacTuning This group is used to configure various iDRAC6 configuration properties, such as valid ports and security port restrictions.
Description Specifies the port to be used for keyboard, mouse, video, and virtual media traffic to the RAC.
Default 80 Description Specifies the port number to use for HTTP network communication with the iDRAC6 cfgRacTuneHttpsPort (Read/Write) Legal Values 1 – 65535 Default 443 Description Specifies the port number to use for HTTPS network communication with the iDRAC6 cfgRacTuneIpRangeEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the IPv4 Address Range validation feature of the iDRAC6 cfgRacTuneIpRangeAddr (Read/Write) Legal Values An IPv4 address forma
Default 192.168.1.1 Description Specifies the acceptable IPv4 address bit pattern in positions determined by the "1"s in the range mask property (cfgRacTuneIpRangeMask) cfgRacTuneIpRangeMask (Read/Write) Legal Values An IPv4 address formatted string, for example, 255.255.255.0 Default 255.255.255.0 Description Standard IP mask values with left-justified bits. For example, 255.255.255.0.
Default 5 Description The maximum number of login failures to occur within the window (cfgRacTuneIpBlkFailWindow) before login attempts from the IP address are rejected cfgRacTuneIpBlkFailWindow (Read/Write) Legal Values 10 – 65535 Default 60 Description Defines the time span in seconds that the failed attempts are counted. When failure attempts age beyond this limit, they are dropped from the count.
Default 22 Description Specifies the port number used for the iDRAC6 SSH interface cfgRacTuneTelnetPort (Read/Write) Legal Values 1 – 65535 Default 23 Description Specifies the port number used for the iDRAC6 telnet interface cfgRacTuneConRedirEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables console redirection cfgRacTuneConRedirEncryptEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) iDRAC6 Property Database Group and Object Definitions 373
Default 1 Description Encrypts the video in a console redirection session cfgRacTuneAsrEnable (Read/Write) NOTE: This object requires an iDRAC6 reset before it becomes active. Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the iDRAC6 last crash screen capture feature cfgRacTuneLocalServerVideo (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables (switches on) or disables (switches off) the local server video.
Legal Values 0 (TRUE) 1 (FALSE) Default 0 Description Disables write access to iDRAC6 configuration data by setting to 1 cfgRacTuneWebserverEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables or disables the iDRAC6 web server. If this property is disabled, the iDRAC6 will not be accessible using client web browsers. This property has no effect on the telnet/SSH or RACADM interfaces.
Default Description The host name of the managed server ifcRacMnOsOsName (Read Only) Legal Values A string of up to 255 characters Default Description The operating system name of the managed server cfgRacSecurity This group is used to configure settings related to the iDRAC6 SSL certificate signing request (CSR) feature. The properties in this group must be configured before generating a CSR from the iDRAC6.
cfgRacSecCsrOrganizationName (Read/Write) Legal Values A string of up to 254 characters Default Description Specifies the CSR Organization Name (O) cfgRacSecCsrOrganizationUnit (Read/Write) Legal Values A string of up to 254 characters Default Description Specifies the CSR Organization Unit (OU) cfgRacSecCsrLocalityName (Read/Write) Legal Values A string of up to 254 characters Default Description Specifies the CSR Locality (L) iDRAC6 Property Database Group and Object De
cfgRacSecCsrStateName (Read/Write) Legal Values A string of up to 254 characters Default Description Specifies the CSR State Name (S) cfgRacSecCsrCountryCode (Read/Write) Legal Values A string of up to 2 characters Default Description Specifies the CSR Country Code (CC) cfgRacSecCsrEmailAddr (Read/Write) Legal Values A string of up to 254 characters Default Description Specifies the CSR Email Address 378 iDRAC6 Property Database Group and Object Definitions
cfgRacSecCsrKeySize (Read/Write) Legal Values 1024 2048 4096 Default 1024 Description Specifies the SSL asymmetric key size for the CSR cfgRacVirtual This group contains parameters to configure the iDRAC6 virtual media feature. One instance of the group is allowed. The following subsections describe the objects in this group.
are attached you then can connect to the virtual devices remotely using the iDRAC6 Web interface or the CLI. Setting this object to 0 will cause the devices to detach from the USB bus. cfgVirtualBootOnce (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the Virtual Boot Once feature of the iDRAC6 cfgVirMediaFloppyEmulation (Read/Write) NOTE: Virtual Media has to be reattached (using cfgVirMediaAttached) for this change to take effect.
cfgVirMediaKeyEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the virtual media key feature of the RAC cfgActiveDirectory This group contains parameters to configure the iDRAC6 Active Directory feature.
Description Name of iDRAC6 as recorded in the Active Directory forest cfgADEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables Active Directory user authentication on the iDRAC6. If this property is disabled, only local iDRAC6 authentication is used for user logins.
Default Description The iDRAC6 uses the value you specify to search the LDAP server for user names. cfgADDomainController3 (Read/Write) Legal Values A string of up to 254 ASCII characters representing a valid IP address or a fully qualified domain name (FQDN) Default Description The iDRAC6 uses the value you specify to search the LDAP server for user names.
cfgADType (Read/Write) Legal Values 1 (Extended schema) 2 (Standard schema) Default 1 Description Determines the schema type to use with Active Directory cfgADGlobalCatalog1 (Read/Write) Legal Values A string of up to 254 ASCII characters representing a valid IP address or a fully qualified domain name (FQDN) Default Description iDRAC6 uses the value you specify to search the Global Catalog server for user names.
Description iDRAC6 uses the value you specify to search the Global Catalog server for user names. cfgADGlobalCatalog3 (Read/Write) Legal Values A string of up to 254 ASCII characters representing a valid IP address or a fully qualified domain name (FQDN) Default Description iDRAC6 uses the value you specify to search the Global Catalog server for user names.
cfgSSADRoleGroupIndex (Read Only) Legal Values An integer between 1 and 5 Default Description Index of the Role Group as recorded in the Active Directory cfgSSADRoleGroupName (Read/Write) Legal Values Any printable text string of up to 254 characters, with no white space Default Description Name of the Role Group as recorded in the Active Directory forest cfgSSADRoleGroupDomain (Read/Write) Legal Values Any printable text string of up to 254 characters, with no white space Defaul
cfgSSADRoleGroupPrivilege (Read/Write) Legal Values 0x00000000 to 0x000001ff Default Description Use the bit mask numbers in Table B-4 to set role-based authority privileges for a Role Group. Table B-4.
cfgIpmiSolEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables or disables SOL cfgIpmiSolBaudRate (Read/Write) Legal Values 9600, 19200, 57600, 115200 Default 115200 Description The baud rate for serial communication over LAN cfgIpmiSolMinPrivilege (Read/Write) Legal Values 2 (User) 3 (Operator) 4 (Administrator) Default 4 Description Specifies the minimum privilege level required for SOL access 388 iDRAC6 Property Database Group and Object Definitions
cfgIpmiSolAccumulateInterval (Read/Write) Legal Values 1 – 255 Default 10 Description Specifies the typical amount of time that the iDRAC6 waits before transmitting a partial SOL character data packet. This value is 1-based 5ms increments. cfgIpmiSolSendThreshold (Read/Write) Legal Values 1 – 255 Default 255 Description The SOL threshold limit value. Specifies the maximum number of bytes to buffer before sending an SOL data packet.
Default 0 Description Enables or disables the IPMI over LAN interface cfgIpmiLanPrivilegeLimit (Read/Write) Legal Values 2 (User) 3 (Operator) 4 (Administrator) Default 4 Description Specifies the maximum privilege level allowed for IPMI over LAN access cfgIpmiLanAlertEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables global e-mail alerting. This property overrides all individual e-mail alerting enable/disable properties.
cfgIpmiEncryptionKey (Read/Write) Legal Values A string of hexadecimal digits from 0 to 40 characters with no spaces. Only an even amount of digits is allowed. Default 00000000000000000000 Description The IPMI encryption key. cfgIpmiPetCommunityName (Read/Write) Legal Values A string of up to 18 characters Default public Description The SNMP community name for traps cfgIpmiPetIpv6 This group is used to configure IPv6 platform event traps on the managed server.
Description Unique identifier for the index corresponding to the trap cfgIpmiPetIPv6AlertDestIpAddr Legal Values IPv6 address Default Description Configures the IPv6 alert destination IP address for the trap cfgIpmiPetIPv6AlertEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables the IPv6 alert destination for the trap cfgIpmiPef This group is used to configure the platform event filters available on the managed server.
cfgIpmiPefName (Read Only) Legal Values A string of up to 255 characters Default The name of the index filter Description Specifies the name of the platform event filter cfgIpmiPefIndex (Read/Write) Legal Values 1 – 19 Default The index value of a platform event filter object Description Specifies the index of a specific platform event filter cfgIpmiPefAction (Read/Write) Legal Values 0 (None) 1 (Power Down) 2 (Reset) 3 (Power Cycle) Default 0 iDRAC6 Property Database Group and Object Definitions
Description Specifies the action that is performed on the managed server when the alert is triggered cfgIpmiPefEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables or disables a specific platform event filter cfgIpmiPet This group is used to configure platform event traps on the managed server.
Default 0.0.0.0 Description Specifies the destination IPv4 address for the trap receiver on the network. The trap receiver receives an SNMP trap when an event is triggered on the managed server. cfgIpmiPetAlertEnable (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Enables or disables a specific trap cfgUserDomain This group is used to configure the Active Directory user domain names. A maximum of 40 domain names can be configured at any given time.
cfgUserDomainName (Read Only) Legal Values A string of up to 255 ASCII characters Default Description Specifies the Active Directory user domain name cfgServerPower This group provides several power management features.
Default Description Represents the available allocated power supply for server usage cfgServerActualPowerConsumption (Read Only) Legal Values A string of up to 32 characters Default Description Represents the power consumed by the server at the current time cfgServerMinPowerCapacity (Read Only) Legal Values A string of up to 32 characters Default Description Represents the minimum server power capacity cfgServerMaxPowerCapacity (Read Only) Legal Values A string of up to 3
Description Represents the maximum server power capacity cfgServerPeakPowerConsumption (Read Only) Legal Values A string of up to 32 characters Default Description Represents the maximum power consumed by the server until the current time cfgServerPeakPowerConsumptionTimestamp (Read Only) Legal Values A string of up to 32 characters Default Maximum power consumption timestamp Description Time when the maximum power consumption was recorded cfgServerPowerCons
Description Resets the cfgServerPeakPowerConsumption (Read/Write) property to 0 and the cfgServerPeakPowerConsumptionTimestamp property to the current iDRAC time.
Description Represents the server power threshold in percentage cfgIPv6LanNetworking This group is used to configure the IPv6 over LAN networking capabilities.
Default :: Description The iDRAC6 gateway IPv6 address cfgIPv6PrefixLength (Read/Write) Legal Values 1-128 Default 64 Description The prefix length for iDRAC6 IPv6 address 1 cfgIPv6AutoConfig (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 1 Description Enables or disables the IPv6 Auto Config option cfgIPv6LinkLocalAddress (Read Only) Legal Values A string representing a valid IPv6 entry iDRAC6 Property Database Group and Object Definitions 401
Default :: Description The iDRAC6 IPv6 link local address cfgIPv6Address2 (Read Only) Legal Values A string representing a valid IPv6 entry Default :: Description An iDRAC6 IPv6 address cfgIPv6DNSServersFromDHCP6 (Read/Write) Legal Values 1 (TRUE) 0 (FALSE) Default 0 Description Specifies whether cfgIPv6DNSServer1 and cfgIPv6DNSServer2 are static or DHCP IPv6 addresses 402 iDRAC6 Property Database Group and Object Definitions
cfgIPv6DNSServer1 (Read/Write) Legal Values A string representing a valid IPv6 entry Default :: Description An IPv6 DNS server address cfgIPv6DNSServer2 (Read/Write) Legal Values A string representing a valid IPv6 entry Default :: Description An IPv6 DNS server address cfgIPv6URL This group specifies properties used to configure the iDRAC6 IPv6 URL.
Default Description The iDRAC6 IPv6 URL cfgIpmiSerial This group specifies properties used to configure the IPMI serial interface of the BMC. cfgIpmiSerialConnectionMode (Read/Write) Legal Values 0 (Terminal) 1 (Basic) Default 1 Description When the iDRAC6 cfgSerialConsoleEnable property is set to 0 (disabled), the iDRAC6 serial port becomes the IPMI serial port. This property determines the IPMI defined mode of the serial port.
Default 57600 Description Specifies the baud rate for a serial connection over IPMI cfgIpmiSerialChanPrivLimit (Read/Write) Legal Values 2 (User) 3 (Operator) 4 (Administrator) Default 4 Description Specifies the maximum privilege level allowed on the IPMI serial channel cfgIpmiSerialFlowControl (Read/Write) Legal Values 0 (None) 1 (CTS/RTS) 2 (XON/XOFF) Default 1 Description Specifies the flow control setting for the IPMI serial port iDRAC6 Property Database Group and Object Definitions 405
cfgIpmiSerialHandshakeControl (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables the IPMI terminal mode handshake control cfgIpmiSerialLineEdit (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables line editing on the IPMI serial interface cfgIpmiSerialEchoControl (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 1 Description Enables or disables echo control on the IPMI serial interface 406 iDRAC6 Property Database Group an
cfgIpmiSerialDeleteControl (Read/Write) Legal Values 0 (FALSE) 1 (TRUE) Default 0 Description Enables or disables delete control on the IPMI serial interface cfgIpmiSerialNewLineSequence (Read/Write) Legal Values 0 (None) 1 (CR-LF) 2 (NULL) 3 () 4 () 5 () Default 1 Description Specifies the newline sequence specification for the IPMI serial interface cfgIpmiSerialInputNewLineSequence (Read/Write) Legal Values 0 () 1 (NULL) iDRAC6 Property Database Group and Object Definitions
Default 1 Description Specifies the input newline sequence specification for the IPMI serial interface cfgSmartCard This group specifies properties used to support access to iDRAC6 using a smart card.
Description Enables or disables the Certificate Revocation List (CRL) cfgNetTuning This group enables users to configure the advanced network interface parameters for the RAC NIC. When configured, the updated settings may take up to a minute to become active. CAUTION: Use extra precaution when modifying properties in this group. Inappropriate modification of the properties in this group can result in your RAC NIC become inoperable.
Description Specifies the speed to use for the RAC NIC. This property is not used if the cfgNetTuningNicAutoNeg is set to 1 (enabled). cfgNetTuningNicFullDuplex (Read/Write) Legal Values 0 (Half Duplex) 1 (Full Duplex) Default 1 Description Specifies the duplex setting for the RAC NIC. This property is not used if the cfgNetTuningNicAutoNeg is set to 1 (enabled).
Supported RACADM Interfaces The following table provides an overview of RACADM subcommands and their corresponding interface support. Table C-1.
Table C-1.
Glossary Active Directory Active Directory is a centralized and standardized system that automates network management of user data, security, and distributed resources, and enables interoperation with other directories. Active Directory is designed especially for distributed networking environments. ARP Acronym for Address Resolution Protocol, which is a method for finding a host’s Ethernet address from its Internet address.
CA A certificate authority is a business entity that is recognized in the IT industry for meeting high standards of reliable screening, identification, and other important security criteria. Examples of CAs include Thawte and VeriSign. After the CA receives your CSR, they review and verify the information the CSR contains.
DLL Abbreviation for Dynamic Link Library, which is a library of small programs, any of which can be called when needed by a larger program that is running in the system. The small program that lets the larger program communicate with a specific device such as a printer or scanner is often packaged as a DLL program (or file). DDNS Abbreviation for Dynamic Domain Name System. DMTF Abbreviation for Distributed Management Task Force. DNS Abbreviation for Domain Name System.
GRUB Acronym for GRand Unified Bootloader, a new and commonly-used Linux loader. GUI Abbreviation for graphical user interface, which refers to a computer display interface that uses elements such as windows, dialog boxes, and buttons as opposed to a command prompt interface, in which all user interaction is displayed and typed in text. hardware log Records events generated by the iDRAC6.
IPMI Abbreviation for Intelligent Platform Management Interface, which is a part of systems management technology. Kbps Abbreviation for kilobits per second, which is a data transfer rate. LAN Abbreviation for local area network. LDAP Abbreviation for Lightweight Directory Access Protocol. LED Abbreviation for light-emitting diode. LOM Abbreviation for Local area network On Motherboard. LUN Acronym for logical unit.
MAP Abbreviation for Manageability Access Point. Mbps Abbreviation for megabits per second, which is a data transfer rate. MIB Abbreviation for management information base. MII Abbreviation for Media Independent Interface. NAS Abbreviation for network attached storage. NIC Abbreviation for network interface card. An adapter circuit board installed in a computer to provide a physical connection to a network. OID Abbreviation for Object Identifiers.
RAM disk A memory-resident program which emulates a hard drive. The iDRAC6 maintains a RAM disk in its memory. RAC Abbreviation for remote access controller. ROM Acronym for read-only memory, which is memory from which data may be read, but to which data cannot be written. rollback To revert back to a previous software or firmware version.
SMTP Abbreviation for Simple Mail Transfer Protocol, which is a protocol used to transfer electronic mail between systems, usually over an Ethernet. SMWG Abbreviation for Systems Management Working Group. SNMP trap A notification (event) generated by the iDRAC6 that contains information about state changes on the managed server or about potential hardware problems. SSH Abbreviation for Secure Shell. SSL Abbreviation for secure sockets layer.
USB Abbreviation for Universal Serial Bus. USC Abbreviation for Unified Server Configurator. UTC Abbreviation for Universal Coordinated Time. See GMT. VLAN Abbreviation for Virtual Local Area Network. VNC Abbreviation for virtual network computing. VT-100 Abbreviation for Video Terminal 100, which is used by the most common terminal emulation programs. WAN Abbreviation for wide area network. WS-MAN Abbreviation for Web Services for Management (WS-MAN) protocol.
Glossary
Index A C accessing SSL with web interface, 65 Certificate Signing Request CSR, 65 Active Directory adding iDRAC6 users, 142 configure, 35 configuring access to iDRAC6, 135 logging in to the iDRAC6, 160 managing certificates, 71 objects, 132 schema extensions, 131 using with extended schema, 131 using with iDRAC6, 129 using with standard schema, 149 Certificate Signing Request (CSR) about, 279 generating a new certificate, 281 ASR configuring with web interface, 74 configure alerts, 35 authenticatin
Configuring iDRAC Direct Connect Basic Mode and Direct Connect Terminal Mode, 93 configuring idrac6 serial connection, 91 Configuring iDRAC6 NIC, 52 configuring iDRAC6 services, 74 ASR, 74 local configuration, 74 remote RACADM, 74 SNMP agent, 74 SSH, 74 telnet, 74 web server, 74 configuring LAN user, 233 configuring Local iDRAC6 users for Smart Card logon, 166 configuring PEF with web interface, 60 configuring PET with web interface, 61 configuring platform events, 59 configuring Smart Card Login, 165 confi
exporting Smart Card certificate, 166 extended schema Active Directory overview, 131 F fan probe, 261 firmware downloading, 43 recovering via web interface, 77 firmware/system services recovery image updating with web interface, 77 frequently asked questions, 118 using console redirection, 180 using iDRAC6 with Active Directory, 160 using Virtual Media, 192 H hardware installing, 37 iDRAC6 accessing through a network, 102 adding and configuring users, 121 configuring, 40 configuring Active Directory with
installing and configuring iDRAC6 software, 39 installing Dell extensions Active Directory Users and Computers snap-in, 141 integrated System-on-Chip microprocessor, 27 IP blocking about, 289 configuring with web interface, 57 enabling, 290 IP Filtering about, 287 enabling, 288 IP filtering and blocking, 57 IPMI configuring, 219 configuring LAN settings, 52 configuring using the RACADM CLI, 220 configuring using web interface, 63, 219 IPMI anonymous user User 1, 121 IPMI Over LAN, 227 IPMI Settings, 56 IPMI
NIC mode dedicated, 38 shared, 38 shared with Failover All LOMs, 39 platforms supported, 29 NIC modes shared with failover LOM2, 38 power capping, 265 O power monitoring, 262, 265 operating system installing (manual method), 190 P password-level security management, 28 PEF configuring, 239 configuring using RACACM CLI, 240 configuring using web interface, 239 PET configuring, 241 configuring using RACADM CLI, 241 configuring using web interface, 241 POST log using, 252 power inventory and budgeting,
R sslcertview, 332 sslcsrgen, 327 testemail, 335 testtrap, 336 usercertupload, 339 userertview, 341 vmdisconnect, 338 vmkey, 339 RACADM adding an iDRAC6 user, 127 installing and removing, 42 removing an iDRAC6 user, 128 supported interfaces, 411 RACADM subcommands arp, 296 clearasrscreen, 296 clrraclog, 324 clrsel, 325 config, 297 coredump, 302 coredumpdelete, 303 fwupdate, 304 getconfig, 180, 299 getniccfg, 316 getraclog, 322 getractime, 312 getsel, 324 getssninfo, 306 getsvctag, 317 getsysinfo, 308 gett
SEL managing with iDRAC6 configuration utility, 235 supported CIM profiles, 198 serial console connecting the DB-9 cable, 96 Switching Between Direct Connect Terminal Mode and Serial Console Redirection, 95 serial mode configuring, 99 system configuring to use iDRAC6, 37 Serial Over LAN (SOL) configuring, 224 System Services Configuration Unified Server Configurator, 232 server certificate uploading, 69 viewing, 70, 282 T Server Management Command Line Protocol (SM-CLP) about, 201 support, 201 ser
updating the iDRAC6 firmware/system services recovery image, 77 preserve configuration, 78 upload/rollback, 77 running, 186 Virtual Media Command Line Interface Utility, 209 VLAN Settings, 57 USB flash drive emulation type, 231 vm6deploy script, 211 user configuration, 121 general user settings, 122 iDRAC group permissions, 122 IPMI user privileges, 122 VMCLI Utility installation, 213 usercertupload, 339 users adding and configuring with web interface, 65, 121 using RACADM to configure iDRAC6 Users, 1