iDRAC 8/7 v2.50.50.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2017 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Overview...................................................................................................................................................... 15 Benefits of using iDRAC with Lifecycle Controller....................................................................................................... 16 Key features......................................................................................................................................................................
IP Blocking........................................................................................................................................................................ 39 Invalid password credentials........................................................................................................................................... 39 3 Setting up managed system and management station..................................................................................
Easy Restore...............................................................................................................................................................80 Importing server profile using iDRAC web interface..............................................................................................80 Importing server profile using RACADM.................................................................................................................. 81 Restore operation sequence..........
SSL server certificates............................................................................................................................................ 100 Generating a new certificate signing request........................................................................................................ 101 Uploading server certificate.....................................................................................................................................
Configuring IPMI over LAN using RACADM......................................................................................................... 126 Enabling or disabling remote RACADM........................................................................................................................126 Enabling or disabling remote RACADM using web interface...............................................................................126 Enabling or disabling remote RACADM using RACADM...................
9 Configuring iDRAC to send alerts............................................................................................................... 163 Enabling or disabling alerts............................................................................................................................................ 164 Enabling or disabling alerts using web interface...................................................................................................
Monitoring power using web interface................................................................................................................... 181 Monitoring power using RACADM.......................................................................................................................... 181 Setting warning threshold for power consumption.....................................................................................................
Monitoring backplane using iDRAC settings utility...............................................................................................210 Viewing storage device topology..................................................................................................................................210 Managing physical disks................................................................................................................................................
Configuring virtual console........................................................................................................................................... 242 Configuring virtual console using web interface.................................................................................................. 242 Configuring virtual console using RACADM......................................................................................................... 242 Previewing virtual console...............
Creating an empty partition....................................................................................................................................265 Creating a partition using an image file.................................................................................................................266 Formatting a partition..............................................................................................................................................
21 Using iDRAC Quick Sync.......................................................................................................................... 296 Configuring iDRAC Quick Sync....................................................................................................................................296 Configuring iDRAC Quick Sync settings using web interface............................................................................ 297 Configuring iDRAC Quick Sync settings using RACADM........
Network security............................................................................................................................................................ 316 Active Directory.............................................................................................................................................................. 316 Single Sign-On..............................................................................................................................................
1 Overview The Integrated Dell Remote Access Controller (iDRAC) is designed to make server administrators more productive and improve the overall availability of Dell servers. iDRAC alerts administrators to server issues, helps them perform remote server management, and reduces the need for physical access to the server. iDRAC with Lifecycle Controller technology is part of a larger data center solution that helps keep business critical applications and workloads available always.
Benefits of using iDRAC with Lifecycle Controller The benefits include: • Increased Availability — Early notification of potential or actual failures that help prevent a server failure or reduce recovery time after failure. • Improved Productivity and Lower Total Cost of Ownership (TCO) — Extending the reach of administrators to larger numbers of distant servers can make IT staff more productive while driving down operational costs such as travel.
• Remotely configure storage devices attached to the system at run-time. • Perform the following operations for storage devices: • Physical disks: Assign or unassign physical disk as a global hot spare. • Virtual disks: • • • Create virtual disks. • Edit virtual disks cache policies. • Check virtual disk consistency. • Initialize virtual disks. • Encrypt virtual disks. • Assign or unassign dedicated hot spare. • Delete virtual disks. Controllers: • Configure controller properties.
• • View operating system information. • Replicate Lifecycle Controller logs to operating system logs. • Automatic system recovery options. • Remotely hard-reset iDRAC • Enable in-band iDRAC SNMP alerts • Access iDRAC using host OS (experimental feature) • Populate Windows Management Instrumentation (WMI) information. • Integrate with SupportAssist collection. This is applicable only if iDRAC Service Module Version 2.0 or later is installed.
New in this release • • • • • • • • • Added support for Redfish 1.0.2, a RESTful Application Programming Interface (API), which is standardized by the Distributed Management Task Force (DMTF). It provides a scalable and secured systems management interface. To get the IPv6 and VLAN information, install iDRAC Service Module (iSM). Added support for Server Configuration Profile using Redfish interface. IP blocking settings upgraded to match the options in previous releases.
OpenManage Server Administrator, and so on. Some features, such as dedicated NIC or vFlash requires iDRAC ports card. This is optional on 200-500 series servers. iDRAC license management and firmware update functionality is available through iDRAC Web interface and RACADM. Types of licenses The types of licenses offered are: • 30 day evaluation and extension — The license expires after 30 days and can be extended for 30 days.
For one-to-many license deployment, you can use Dell License Manager. For more information, see the Dell License Manager User’s Guide available at dell.com/support/manuals. Importing license after replacing motherboard You can use the Local iDRAC Enterprise License Installation Tool if you have recently replaced the motherboard and need to reinstall the iDRAC Enterprise license locally (with no network connectivity) and activate the dedicated NIC.
Table 2. Licensed features in iDRAC7 and iDRAC8 Feature Basic iDRAC8 Manage Basic ment (iDRAC7 ) iDRAC7 Express iDRAC8 Express iDRAC7 Express for Blades iDRAC8 Express for Blades iDRAC7 Enterprise iDRAC8 Enterprise IPMI 2.0 Yes Yes Yes Yes Yes Yes Yes Yes DCMI 1.
Feature Basic iDRAC8 Manage Basic ment (iDRAC7 ) iDRAC7 Express iDRAC8 Express iDRAC7 Express for Blades iDRAC8 Express for Blades iDRAC7 Enterprise iDRAC8 Enterprise Single sign-On (kerberos) No No No Yes No Yes Yes Yes PK authentication (for SSH) No No No Yes No Yes No Yes Power control Yes4 Yes Yes Yes Yes Yes Yes Yes Boot control No Yes No Yes No Yes No Yes Serial-over-LAN Yes Yes Yes Yes Yes Yes Yes Yes Virtual Media No No No No Yes Yes Yes Y
Feature Basic iDRAC8 Manage Basic ment (iDRAC7 ) iDRAC7 Express iDRAC8 Express iDRAC7 Express for Blades iDRAC8 Express for Blades iDRAC7 Enterprise iDRAC8 Enterprise Temperature monitoring No Yes No Yes No Yes No Yes Temperature graphing No No No Yes No Yes No Yes Full agent-free monitoring No Yes No Yes No Yes No Yes Predictive failure monitoring No Yes No Yes No Yes No Yes SNMPv1, v2, and v3 (traps and gets) No Yes Yes Yes Yes Yes Yes Yes Email Alertin
Feature Basic iDRAC8 Manage Basic ment (iDRAC7 ) iDRAC7 Express iDRAC8 Express iDRAC7 Express for Blades iDRAC8 Express for Blades iDRAC7 Enterprise iDRAC8 Enterprise Embedded OS deployment tools No Yes No Yes No Yes No Yes Embedded configuration tools (iDRAC Settings Utility) No Yes No Yes No Yes No Yes Embedded configuration wizards (Lifecycle Controller wizards) No Yes No Yes No Yes No Yes Auto-Discovery No Yes Yes Yes Yes Yes Yes Yes Remote OS deployment No
Feature Basic iDRAC8 Manage Basic ment (iDRAC7 ) iDRAC7 Express iDRAC8 Express iDRAC7 Express for Blades iDRAC8 Express for Blades iDRAC7 Enterprise iDRAC8 Enterprise iDRAC Direct (front USB management port) No Yes No Yes No Yes No Yes iDRAC Service Module (iSM) No Yes Yes Yes Yes Yes Yes Yes SupportAssist Collection (embedded) No Yes Yes Yes Yes Yes Yes Yes Crash screen capture5 No No Yes Yes Yes Yes Yes Yes Crash video capture5 No No No No No No Yes Yes
Table 3. Interfaces and protocols to access iDRAC Interface or Protocol Description iDRAC Settings Utility Use the iDRAC Settings utility to perform pre-OS operations. It has a subset of the features that are available in iDRAC web interface along with other features. To access iDRAC Settings utility, press during boot and then click iDRAC Settings on the System Setup Main Menu page. iDRAC web Interface Use the iDRAC web interface to manage iDRAC and monitor the managed system.
Interface or Protocol Description NOTE: Telnet is not a secure protocol and is disabled by default. Telnet transmits all data, including passwords in plain text. When transmitting sensitive information, use the SSH interface. SSH Use SSH to run RACADM and SMCLP commands. It provides the same capabilities as the Telnet console using an encrypted transport layer for higher security. The SSH service is enabled by default on iDRAC. The SSH service can be disabled in iDRAC.
Port Number Function 80* HTTP 443* HTTPS 623 RMCP/RMCP+ 161* SNMP 5900* Virtual Console keyboard and mouse redirection, Virtual Media, Virtual Folders, and Remote File Share 5901 VNC When VNC feature is enabled, the port 5901 opens. * Configurable port The following table lists the ports that iDRAC uses as a client. Table 5.
• The Systems Management Overview Guide provides brief information about the various software available to perform systems management tasks. • The Dell Lifecycle Controller Graphical User Interface For 12th and 13th Generation Dell PowerEdge Servers User’s Guide provides information on using Lifecycle Controller Graphical User Interface (GUI).
Accessing documents from the Dell EMC support site You can access the required documents using the following links: • For Dell EMC Enterprise Systems Management documents — Dell.com/SoftwareSecurityManuals • For Dell EMC OpenManage documents — Dell.com/OpenManageManuals • For Dell EMC Remote Enterprise Systems Management documents — Dell.com/esmmanuals • For iDRAC and Dell EMC Lifecycle Controller documents — Dell.
2 Logging in to iDRAC You can log in to iDRAC as an iDRAC user, as a Microsoft Active Directory user, or as a Lightweight Directory Access Protocol (LDAP) user. The default user name is root and the default password is calvin. You can also log in using Single Sign-On or Smart Card. NOTE: • You must have Login to iDRAC privilege to log in to iDRAC. • iDRAC GUI does not support browser buttons such as Back, Forward, or Refresh.
To log in to iDRAC as local user, Active Directory user, or LDAP user: 1 Open a supported web browser. 2 In the Address field, type https://[iDRAC-IP-address] and press . NOTE: If the default HTTPS port number (port 443) was changed, enter: https://[iDRAC-IP-address]:[portnumber] where, [iDRAC-IP-address] is the iDRAC IPv4 or IPv6 address and [port-number] is the HTTPS port number. The Login page is displayed.
To log in to iDRAC as a local user using smart card: 1 Access the iDRAC web interface using the link https://[IP address]. The iDRAC Login page is displayed prompting you to insert the smart card. NOTE: If the default HTTPS port number (port 443) has been changed, type: https://[IP address]:[port number] where, [IP address] is the IP address for the iDRAC and [port number] is the HTTPS port number. 2 Insert the Smart Card into the reader and click Login. A prompt is displayed for the Smart Card’s PIN.
Logging in to iDRAC using Single Sign-On When Single Sign-On (SSO) is enabled, you can log in to iDRAC without entering your domain user authentication credentials, such as user name and password. Related link Configuring iDRAC SSO login for Active Directory users Logging in to iDRAC SSO using iDRAC web interface Before logging in to iDRAC using Single Sign-On, make sure that: • You have logged in to your system using a valid Active Directory user account.
Validating CA certificate to use remote RACADM on Linux Before running remote RACADM commands, validate the CA certificate that is used for secure communications. To validate the certificate for using remote RACADM: 1 Convert the certificate in DER format to PEM format (using openssl command-line tool): openssl x509 -inform pem -in [yourdownloadedderformatcert.crt] –outform pem -out [outcertfileinpemformat.pem] –text 2 Find the location of the default CA certificate bundle on the management station.
Multiple iDRAC sessions The following table provides the list of multiple iDRAC sessions that are possible using the various interfaces. Table 6. Multiple iDRAC sessions Interface Number of Sessions iDRAC Web Interface 6 Remote RACADM 4 Firmware RACADM / SMCLP SSH - 2 Telnet - 2 Serial - 1 Changing default login password The warning message that allows you to change the default password is displayed if: • You log in to iDRAC with Configure User privilege.
Changing default login password using RACADM To change the password, run the following RACADM command: racadm set iDRAC.Users..Password where, is a value from 1 to 16 (indicates the user account) and is the new user—defined password. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. IP Blocking IP blocking dynamically determines when consecutive login failures occur from a particular IP address and blocks (or prevents) the address from logging into iDRAC for a preselected time span. The IP blocking includes: • The number of allowable login failures. • The timeframe in seconds when these failures must occur.
NOTE: The sign-errors and alerts, increased time interval for each incorrect login, and log entries are available using any of the iDRAC interfaces such as web interface, Telnet, SSH, Remote RACADM, WS-MAN, and VMCLI. Table 8.
3 Setting up managed system and management station To perform out-of-band systems management using iDRAC, you must configure iDRAC for remote accessibility, set up the management station and managed system, and configure the supported web browsers. NOTE: In case of blade servers, install CMC and I/O modules in the chassis and physically install the system in the chassis before performing the configurations. Both iDRAC Express and iDRAC Enterprise ship from the factory with a default static IP address.
Setting up iDRAC IP address You must configure the initial network settings based on your network infrastructure to enable the communication to and from iDRAC.
• 6 IPMI Settings • VLAN Settings Click Back, click Finish, and then click Yes. The network information is saved and the system reboots. Related link Network settings Common settings IPv4 settings IPv6 settings IPMI settings VLAN settings Network settings To configure the Network Settings: NOTE: For information about the options, see the iDRAC Settings Utility Online Help. 1 Under Enable NIC, select the Enabled option.
NOTE: Failover is not supported on shared LOM for the following Emulex rNDCs and bNDCs: • Emulex OCM14104-UX-D rNDC 10 Gbx • Emulex OCM14104-U1-D rNDC 10 Gb • Emulex OCM14104-N1-D rNDC 10 Gb • Emulex OCM14104B-N1-D rNDC 10 Gb • Emulex OCM14102-U2-D bNDC 10 Gb • Emulex OCM14102-U4-D bNDC 10 Gb • Emulex OCM14102-N6-D bNDC 10 Gb NOTE: On Dell PowerEdge FM120x4 and FX2 servers, Failover Network is not supported for the chassis sled configurations.
To configure the IPv6 settings: 1 Select Enabled option under Enable IPv6. 2 For the DHCPv6 server to automatically assign the IP address, gateway, and subnet mask to iDRAC, select Enabled option under Enable Auto-configuration. NOTE: You can configure both static IP and DHCP IP at the same time. 3 In the Static IP Address 1 box, enter the static IPv6 address. 4 In the Static Prefix Length box, enter a value between 0 and 128. 5 In the Static Gateway box, enter the gateway address.
4 For additional network settings specific to each blade server, go to Server Overview > . The Server Status page is displayed. 5 Click Launch iDRAC and go to Overview > iDRAC Settings > Network. 6 In the Network page, specify the following settings: • Network Settings • Common Settings • IPV4 Settings • IPV6 Settings • IPMI Settings • VLAN Settings NOTE: For more information, see iDRAC Online Help. 7 To save the network information, click Apply.
Configuring servers and server components using Auto Config The Auto Config feature configures and provisions all the components in a server in a single operation. These components include BIOS, iDRAC, and PERC. Auto Config automatically imports a Server Configuration Profile (SCP) XML file containing all configurable parameters. The DHCP server that assigns the IP address also provides the details for accessing the SCP file. SCP files are created by configuring a gold configuration server.
Auto Config sequence 1 Create or modify the SCP file that configures the attributes of Dell servers. 2 Place the SCP file in a share location that is accessible by the DHCP server and all the Dell servers that are assigned IP address from the DHCP server. 3 Specify the SCP file location in vendor-option 43 field of DHCP server. 4 The iDRAC as part of acquiring IP address advertises vendor class identifier iDRAC.
5 In the Data Entry field, click anywhere in the area under ASCII and enter the IP address of the server that has the share location, which contains the XML configuration file. The value appears as you type it under the ASCII, but it also appears in binary to the left. 6 Click OK to save the configuration. Configuring option 60 on Windows To configure option 60 on Windows: 1 On the DHCP server, go to Start > Administration Tools > DHCP to open the DHCP server administration tool.
• Timetowait (-t) — Indicates the time the host system waits before shutting down. The default setting is 300. • EndHostPowerState (-e) — Indicates the power state of the host. 0 indicates OFF and 1 indicates ON. The default setting is 1. NOTE: ShutdownType (-d), Timetowait (-t), and EndHostPowerState (-e) are optional attributes. NOTE: On DHCP servers running Windows the operating system with iDRAC version prior to 2.20.20.20, make sure that you add a space before the (–f). NFS: -f system_config.
• Timetowait (-t) — Indicates the time the host system waits before shutting down. The default setting is 300. • EndHostPowerState (-e) — Indicates the power state of the host. 0 indicates OFF and 1 indicates ON. The default setting is 1. NOTE: ShutdownType (-d), Timetowait (-t), and EndHostPowerState (-e) are optional attributes. The following is an example of a static DHCP reservation from a dhcpd.conf file: host my_host { hardware ethernet b8:2a:72:fb:e6:56; fixed-address 192.168.0.
For more information on the Auto Config feature, see the Zero-Touch Bare Metal Server Provisioning using Dell iDRAC with Lifecycle Controller Auto Config white paper available at the delltechcenter.com/idrac. Using hash passwords for improved security You can set user passwords and BIOS passwords using a one-way hash format. The user authentication mechanism is not affected (except for SNMPv3 and IPMI) and you can provide the password in plain text format.
Generating hash password without SNMPv3 and IPMI authentication To generate hash password without SNMPv3 and IPMI authentication: 1 For iDRAC user accounts, you must salt the password using SHA256. When you salt the password, a 16 byte binary string is appended. The Salt is required to be 16 bytes long, if provided. 2 Provide hash value and salt in the imported server configuration profile, RACADM commands, or WSMAN.
• Local RACADM • Server Administrator For more information about Server Administrator, see Dell OpenManage Server Administrator User’s Guide available at dell.com/support/ manuals. Related link Modifying local administrator account settings Modifying local administrator account settings After setting the iDRAC IP address, you can modify the local administrator account settings (that is, user 2) using the iDRAC Settings utility. To do this: 1 In the iDRAC Settings utility, go to User Configuration.
3 Click Back, click Finish, and then click Yes. The details are saved. Optimizing system performance and power consumption The power required to cool a server can contribute a significant amount to the overall system power. Thermal control is the active management of system cooling through fan speed and system power management to make sure that the system is reliable while minimizing system power consumption, airflow, and system acoustic output.
• Medium Fan Speed — Drives fan speeds close to medium. • High Fan Speed — Drives fan speeds close to full speed. • Max Fan Speed — Drives fan speeds to full speed. • Off — Fan speed offset is set to off. This is the default value. When set to off, the percentage does not display. The default fan speed is applied with no offset. Conversely, the maximum setting will result in all fans running at maximum speed. The fan speed offset is dynamic and based on the system.
Table 9. Thermal Settings Object Description Usage Example AirExhaustTemp Allows you to set the maximum air exhaust temperature limit. Set to any of the following values (based on the system): To check the existing setting on the system: racadm get system.thermalsettings.
Object Description Usage Example PWM) over the baseline fan speed racadm set system.thermalsettings FanSpeedOffset 1 FanSpeedLowOffsetVal • • • FanSpeedMaxOffsetVal • • • FanSpeedMediumOffsetVal • • • FanSpeedOffset • • • 58 Getting this variable reads the fan speed offset value in %PWM for Low Fan Speed Offset setting. This value depends on the system. Use FanSpeedOffset object to set this value using index value 0.
Object Description Usage Example Values from 1 — 100 To display the highest value that can be set using MinimumFanSpeed option: FanSpeedHighOffsetVa l, and FanSpeedMediumOffset Val objects (defined earlier) are the values at which the offsets are applied. MFSMaximumLimit Read Maximum limit for MFS racadm get system.thermalsettings.
Modifying thermal settings using iDRAC settings utility To modify the thermal settings: 1 In the iDRAC Settings utility, go to Thermal. The iDRAC Settings Thermal page is displayed. 2 Specify the following: • Thermal Profile • Maximum Exhaust Temperature Limit • Fan Speed Offset • Minimum Fan Speed For information about the fields, see the Modifying thermal settings using web interface.
Resetting Internet Explorer security settings Ensure that Internet Explorer (IE) settings are set to Microsoft-recommended defaults and customize the settings as described in this section. 1 Open IE as an administrator or using an administrator account. 2 Click Tools Internet Options Security Local Network or Local intranet. 3 Click Custom Level , select Medium-Low, and click Reset. Click OK to confirm.
To disable the whitelist feature and avoid unnecessary plug-in installations, perform the following steps: 1 Open a Firefox Web browser window. 2 In the address field, enter about:config and press . 3 In the Preference Name column, locate and double-click xpinstall.whitelist.required. The values for Preference Name, Status, Type, and Value change to bold text. The Status value changes to user set and the Value changes to false. 4 In the Preferences Name column, locate xpinstall.enabled.
• Compatible with most of the desktops and mobile platforms. • Quick deployment and the client is downloaded as part of a web page. You must configure Internet Explorer (IE) settings before you launch and run HTML5 based virtual console and virtual media applications. To configure the browser settings: 1 Disable pop-up blocker. To do this, click Tools > Internet Options > Privacy and clear the Turn on Pop-up Blocker check-box.
NOTE: Restart Internet Explorer for the Enable third-party browser extension setting to take effect. 5 Go to Tools > Internet Options > Security and select the zone you want to run the application. 6 Click Custom level. In the Security Settings window, do the following: • Select Enable for Automatic prompting for ActiveX controls. • Select Prompt for Download signed ActiveX controls. • Select Enable or Prompt for Run ActiveX controls and plugins.
Importing CA certificates to management station When you launch Virtual Console or Virtual Media, prompts are displayed to verify the certificates. If you have custom Web server certificates, you can avoid these prompts by importing the CA certificates to the Java or ActiveX trusted certificate store.
iDRAC Web interface is designed to work with localized keyboards for the supported language variants. Some features of iDRAC Web interface, such as Virtual Console, may require additional steps to access certain functions or letters. Other keyboards are not supported and may cause unexpected problems. NOTE: See the browser documentation on how to configure or setup different languages and view localized versions of iDRAC Web interface.
There are multiple tools and interfaces that can be used to update the iDRAC firmware. The following table is applicable only to iDRAC firmware. The table lists the supported interfaces, image-file types, and whether Lifecycle Controller must be in enabled state for the firmware to be updated. Table 10. Image file types and dependencies .D7 Image iDRAC DUP Interface Supported Requires LC enabled Supported Requires LC enabled BMCFW64.
** When iDRAC is updated from version 1.30.30 or later, a system restart is not necessary. However, firmware versions of iDRAC earlier than 1.30.30 require a system restart when applied by using the out-of-band interfaces. NOTE: Configuration changes and firmware updates that are made within the operating system may not reflect properly in the inventory until you perform a server restart.
NOTE: If you navigate away from the page without saving the updates, an error message is displayed and all the uploaded content is lost. Related link Updating device firmware Viewing and managing staged updates Updating firmware using repository A repository is a storage location where update packages can be stored and accessed. Dell Repository Manager (DRM) allows you to create and manage a repository that iDRAC can check for updates.
Related link Updating device firmware Viewing and managing staged updates Scheduling automatic firmware updates Updating firmware using FTP, TFTP, or HTTP You can setup an FTP, TFTP, or HTTP server and configure iDRAC to use it for performing firmware updates. You can use the Windowsbased update packages (DUPs) and a catalog file. NOTE: Lifecycle Controller must be enabled and you must have Server Control privilege to update firmware for devices other than iDRAC.
Scheduling automatic firmware updates You can create a periodic recurring schedule for iDRAC to check for new firmware updates. At the scheduled date and time, iDRAC connects to the specified destination, checks for new updates, and applies or stages all applicable updates. A log file is created on the remote server, which contains information about server access and staged firmware updates.
Scheduling automatic firmware update using RACADM To schedule automatic firmware update, use the following commands: • To enable automatic firmware update: racadm set lifecycleController.lcattributes.AutoUpdate.Enable 1 • To view the status of automatic firmware update: racadm get lifecycleController.lcattributes.
• If the system has ESX hypervisor installed, then for the DUP file to run, make sure that the "usbarbitrator" service is stopped using command: service usbarbitrator stop To update iDRAC using DUP: 1 Download the DUP based on the installed operating system and run it on the managed system. 2 Run the DUP. The firmware is updated. A system restart is not required after firmware update is complete. Updating firmware using remote RACADM 1 Download the firmware image to the TFTP or FTP server.
CMC settings to update CMC firmware from iDRAC In the PowerEdge FX2/FX2s chassis, before performing the firmware update from iDRAC for CMC and its shared components, do the following: 1 Launch the CMC Web interface 2 Navigate to Chassis Overview > Setup > General. 3 From the Chassis Management at Server Mode drop-down menu, select Manage and Monitor, and the click Apply.
Rolling back device firmware You can roll back the firmware for iDRAC or any device that Lifecycle Controller supports, even if the upgrade was previously performed using another interface. For example, if the firmware was upgraded using the Lifecycle Controller GUI, you can roll back the firmware using the iDRAC web interface. You can perform firmware rollback for multiple devices with one system reboot.
Rollback firmware using iDRAC web interface To roll back device firmware: 1 In the iDRAC Web interface, go to Overview > iDRAC Settings > Update and Rollback > Rollback. The Rollback page displays the devices for which you can rollback the firmware. You can view the device name, associated devices, currently installed firmware version, and the available firmware rollback version. 2 Select one or more devices for which you want to rollback the firmware.
Rollback firmware using Lifecycle Controller-Remote Services For information, see Lifecycle Controller Remote Services Quick Start Guide available at dell.com/idracmanuals. Recovering iDRAC iDRAC supports two operating system images to make sure a bootable iDRAC. In the event of an unforeseen catastrophic error and you lose both boot paths: • • • • • • • iDRAC bootloader detects that there is no bootable image. System Health and Identify LED is flashed at ~1/2 second rate.
• To perform backup on a vFlash SD card: • vFlash SD card is inserted, enabled, and initialized. • vFlash SD card has at least 100 MB free space to store the backup file. The backup file contains encrypted user sensitive data, configuration information, and firmware images that you can use for import server profile operation. Backup events are recorded in the Lifecycle Log.
• vFlash SD card has enough space to store the backup file. NOTE: IPv6 address is not supported for scheduling automatic backup server profile. Scheduling automatic backup server profile using web interface To schedule automatic backup server profile: 1 In the iDRAC Web interface, go to Overview > iDRAC Settings > Server Profile. The Backup and Export Server Profile page is displayed. 2 Click the Automatic Backup tab. 3 Select the Enable Automatic Backup option.
Import feature is not licensed. NOTE: For the restore operation, the system Service Tag and the Service Tag in the backup file must be identical. The restore operation applies to all system components that are same and present in the same location or slot as captured in the backup file. If components are different or not in the same location, they are not modified and restore failures is logged to the Lifecycle Log. Before performing an import operation, make sure that Lifecycle Controller is enabled.
4 If Network is selected as the file location, enter the network settings. NOTE: While specifying the network share settings, it is recommended to avoid special characters for user name and password or percent encode the special characters. For information about the fields, see the iDRAC Online Help.
4 Configuring iDRAC iDRAC enables you to configure iDRAC properties, set up users, and set up alerts to perform remote management tasks. Before you configure iDRAC, make sure that the iDRAC network settings and a supported browser is configured, and the required licenses are updated. For more information about the licensable feature in iDRAC, see Managing licenses.
• Using VNC client to manage remote server • Configuring front panel display • Configuring time zone and NTP • Setting first boot device • Enabling or disabling OS to iDRAC Pass-through • Obtaining certificates • Configuring multiple iDRACs using RACADM • Disabling access to modify iDRAC configuration settings on host system Related link Logging in to iDRAC Modifying network settings Configuring services Configuring front panel display Setting up managed system location Configuring time zone
Modifying network settings After configuring the iDRAC network settings using the iDRAC Settings utility, you can also modify the settings through the iDRAC Web interface, RACADM, Lifecycle Controller, Dell Deployment Toolkit, and Server Administrator (after booting to the operating system). For more information on the tools and privilege settings, see the respective user’s guides. To modify the network settings using iDRAC Web interface or RACADM, you must have Configure privileges.
Configuring IP filtering In addition to user authentication, use the following options to provide additional security while accessing iDRAC: • IP filtering limits the IP address range of the clients accessing iDRAC. It compares the IP address of an incoming login to the specified range and allows iDRAC access only from a management station whose IP address is within the range. All other login requests are denied.
The following RACADM commands block all IP addresses except 192.168.0.57: racadm set iDRAC.IPBlocking.RangeEnable 1 racadm set iDRAC.IPBlocking.RangeAddr 192.168.0.57 racadm set iDRAC.IPBlocking.RangeMask 255.255.255.255 To restrict logins to a set of four adjacent IP addresses (for example, 192.168.0.212 through 192.168.0.215), select all but the lowest two bits in the mask: racadm set iDRAC.IPBlocking.RangeEnable 1 racadm set iDRAC.IPBlocking.RangeAddr 192.168.0.212 racadm set iDRAC.IPBlocking.
Enabling FIPS mode using RACADM Use RACADM CLI to execute the following command: racadm set iDRAC.Security.FIPSMode Disabling FIPS mode To disable FIPS mode, you must reset iDRAC to the factory-default settings. Configuring services You can configure and enable the following services on iDRAC: Local Configuration Disable access to iDRAC configuration (from the host system) using Local RACADM and iDRAC Settings utility. Web Server Enable access to iDRAC web interface.
• iDRAC.Webserver • iDRAC.Telnet • iDRAC.Racadm • iDRAC.SNMP For more information about these objects, see iDRAC RACADM Command Line Interface Reference Guide available at dell.com/ idracmanuals.
TLS 1.0 and Higher TLS 1.1 and Higher TLS 1.2 Only =0 =1 =2 Using VNC client to manage remote server You can use a standard open VNC client to manage the remote server using both desktop and mobile devices such as Dell Wyse PocketCloud. When servers in data centers stop functioning, the iDRAC or the operating system sends an alert to the console on the management station.
Setting up VNC viewer with SSL encryption While configuring the VNC server settings in iDRAC, if the SSL Encryption option was enabled, then the SSL tunnel application must be used along with the VNC Viewer to establish the SSL encrypted connection with iDRAC VNC server. NOTE: Most of the VNC clients do not have built-in SSL encryption support. To configure the SSL tunnel application: 1 Configure SSL tunnel to accept connection on :. For example, 127.0.0.1:5930.
Configuring LCD setting using web interface To configure the server LCD front panel display: 1 In iDRAC Web interface, go to Overview > Hardware > Front Panel.
Configuring system ID LED setting To identify a server, enable or disable System ID LED blinking on the managed system. Configuring system ID LED setting using web interface To configure the System ID LED display: 1 In iDRAC Web interface, go to Overview > Hardware > Front Panel. The Front Panel page is displayed.
Setting first boot device You can set the first boot device for the next boot only or for all subsequent reboots. If you set the device to be used for all subsequent boots, it remains as the first boot device in the BIOS boot order until it is changed again either from the iDRAC web interface or from the BIOS boot sequence.
Setting first boot device using virtual console You can select the device to boot from as the server is being viewed in the Virtual Console viewer before the server runs through its bootup sequence. You can perform boot once to all the supported devices listed in Setting first boot device. To set the first boot device using Virtual Console: 1 Launch Virtual Console. 2 In the Virtual Console Viewer, from the Next Boot menu, set the required device as the first boot device.
If you are using the XML configuration file through RACADM or WS-MAN and if the network settings are changed in this file, then you must wait for 15 seconds to either enable OS to iDRAC Pass-through feature or set the OS Host IP address. Before enabling OS to iDRAC Pass-through, make sure that: • iDRAC is configured to use dedicated NIC or shared mode (that is, NIC selection is assigned to one of the LOMs). • Host operating system and iDRAC are in the same subnet and same VLAN.
Category Manufacturer Type Qlogic QMD8262 Blade NDC In-built LOM cards also support the OS to iDRAC pass-through feature. The following cards do not support the OS to iDRAC Pass-through feature: • Intel 10 GB NDC. • Intel rNDC with two controllers – 10G controllers does not support. • Qlogic bNDC • PCIe, Mezzanine, and Network Interface Cards.
For the following operating systems, if you install the Avahi and nss-mdns packages, then you can use https://idrac.local to launch the iDRAC from the host operating system. If these packages are not installed, use https://169.254.0.1 to launch the iDRAC. Table 13. Operating System details for USB NIC Operating System Firewall Status Avahi Package nss-mdns Package RHEL 5.9 32–bit Disable Install as a separate package (avahi-0.6.16-10.el5_6.i386.rpm) Install as a separate package (nssmdns-0.10-4.el5.
Enabling or disabling OS to iDRAC Pass-through using web interface To enable OS to iDRAC Pass-through using Web interface: 1 Go to Overview > iDRAC Settings > Network > OS to iDRAC Pass-through. The OS to iDRAC Pass-through page is displayed. 2 Select any of the following options to enable OS to iDRAC pass-through: • LOM — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the LOM or NDC.
NOTE: The LOM option can be selected only of the card supports OS to iDRAC pass-through capability. Else, this option is grayed-out. 3 If you select LOM as the pass-through configuration, and if the server is connected using dedicated mode, enter the IPv4 address of the operating system. NOTE: If the server is connected in shared LOM mode, then the OS IP Address field is disabled. 4 If you select USB NIC as the pass-through configuration, enter the IP address of the USB NIC. The default value is 169.254.
SSL server certificates iDRAC includes a web server that is configured to use the industry-standard SSL security protocol to transfer encrypted data over a network. An SSL encryption option is provided to disable weak ciphers. Built upon asymmetric encryption technology, SSL is widely accepted for providing authenticated and encrypted communication between clients and servers to prevent eavesdropping across a network.
Generating a new certificate signing request A CSR is a digital request to a Certificate Authority (CA) for a SSL server certificate. SSL server certificates allow clients of the server to trust the identity of the server and to negotiate an encrypted session with the server. After the CA receives a CSR, they review and verify the information the CSR contains.
Uploading server certificate using web interface To upload the SSL server certificate: 1 In the iDRAC Web interface, go to Overview > iDRAC Settings > Network > SSL, select Upload Server Certificate and click Next. The Certificate Upload page is displayed. 2 Under File Path, click Browse and select the certificate on the management station. 3 Click Apply. The SSL server certificate is uploaded to iDRAC. 4 A pop-up message is displayed asking you to reset iDRAC immediately or at a later time.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Uploading custom signing certificate You can upload a custom signing certificate to sign the SSL certificate. SHA-2 certificates are also supported. Uploading custom signing certificate using web interface To upload the custom signing certificate using iDRAC web interface: 1 Go to Overview > iDRAC Settings > Network > SSL. The SSL page is displayed.
Downloading custom SSL certificate signing certificate using RACADM To download the custom SSL certificate signing certificate, use the sslcertdownload subcommand. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Deleting custom SSL certificate signing certificate You can also delete an existing custom signing certificate using iDRAC Web interface or RACADM.
NOTE: Redirecting the iDRAC configuration to a file using get -f is only supported with the local and remote RACADM interfaces. NOTE: The generated configuration file does not contain user passwords. The get command displays all configuration properties in a group (specified by group name and index) and all configuration properties for a user. 2 Modify the configuration file using a text editor, if required. NOTE: It is recommended that you edit this file with a simple text editor.
5 Viewing iDRAC and managed system information You can view iDRAC and managed system’s health and properties, hardware and firmware inventory, sensor health, storage devices, network devices, and view and terminate user sessions. For blade servers, you can also view the flex address information.
The Hardware Inventory section displays the information for the following components available on the managed system: • iDRAC • RAID controller • Batteries • CPUs • DIMMs • HDDs • Backplanes • Network Interface Cards (integrated and embedded) • Video card • SD card • Power Supply Units (PSUs) • Fans • Fibre Channel HBAs • USB • NVMe PCIe SSD devices The Firmware Inventory section displays the firmware version for the following components: • BIOS • Lifecycle Controller • iD
Viewing sensor information The following sensors help to monitor the health of the managed system: • Batteries — Provides information about the batteries on the system board CMOS and storage RAID On Motherboard (ROMB). NOTE: The Storage ROMB battery settings are available only if the system has a ROMB with a battery. • Fan (available only for rack and tower servers) — Provides information about the system fans — fan redundancy and fans list that display fan speed and threshold values.
View sensor information For Using web interface Using RACADM For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/ idracmanuals.
measurement of the compute headroom available on the server. If the system has a large CUPS Index, then there is limited headroom to place more workload on that system. As the resource consumption decreases, the system’s CUPS index decreases. A low CUPS index indicates that there is a large compute headroom and the server can receive new workloads and the server is in a lower power state to reduce power consumption.
NOTE: Some servers or certain configurations of a server may not be fresh air compliant. See the specific server manual for details related to fresh air compliance or contact Dell for more details. To check the system for fresh air compliance: 1 In the iDRAC Web interface, go to Overview > Server > Power / Thermal > Temperatures. The Temperatures page is displayed. 2 See the Fresh Air section that indicates whether the server is fresh air compliant or not.
Viewing historical temperature data using RACADM To view historical data using RACADM, use the inlettemphistory command. For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals. Configuring warning threshold for inlet temperature You can modify the minimum and maximum warning threshold values for the system board inlet temperature sensor. If reset to default action is performed, the temperature thresholds are set to the default values.
Viewing network interfaces available on host OS using web interface To view the network interfaces available on the host OS using Web interface: 1 Go to Overview > Host OS > Network Interfaces. The Network Interfaces page displays all the network interfaces that are available on the host operating system. 2 To view the list of network interfaces associated with a network device, from the Network Device FQDD drop-down menu, select a network device and click Apply.
MAC address for iDRACs in a chassis. The chassis–assigned MAC address is stored in CMC non–volatile memory and is sent to iDRAC during an iDRAC boot or when CMC FlexAddress is enabled. If CMC enables chassis–assigned MAC addresses, iDRAC displays the MAC address on any of the following pages: • Overview > Server > Properties Details > iDRAC Information. • Overview > Server > Properties WWN/MAC. • Overview > iDRAC Settings > Properties iDRAC Information > Current Network Settings.
6 Setting up iDRAC communication You can communicate with iDRAC using any of the following modes: • iDRAC Web Interface • Serial connection using DB9 cable (RAC serial or IPMI serial) — For rack and tower servers only • IPMI Serial Over LAN • IPMI Over LAN • Remote RACADM • Local RACADM • Remote Services NOTE: To ensure that Local RACADM import or export commands work properly, ensure that the USB mass-storage host is enabled in the operating system.
Mode of Communication Remote Services 1 Supported Protocol Supported Commands Pre-requisite WS-MAN WinRM (Windows) WinRM is installed (Windows) or OpenWSMAN is installed (Linux) OpenWSMAN (Linux) Redfish Various browser plug-ins, CURL (Windows and Linux), Python request, and JSON modules Plug-ins, CURL, Python modules are installed [1] For more information, see the Lifecycle Controller Remote Services User’s Guide available at dell.com/idracmanuals.
• Hilgraeve’s HyperTerminal Private Edition (version 6.3) Based on where the managed system is in its boot process, you can see either the POST screen or the operating system screen. This is based on the configuration: SAC for Windows and Linux text mode screens for Linux. 4 Enable RAC serial or IPMI serial connections in iDRAC.
• IPMI basic mode — Supports a binary interface for program access, such as the IPMI shell (ipmish) that is included with the Baseboard Management Utility (BMU). For example, to print the System Event Log using ipmish via IPMI Basic mode, run the following command: ipmish -com 1 -baud 57600 -flow cts -u root -p calvin sel get • IPMI terminal mode — Supports ASCII commands that are sent from a serial terminal.
Additional settings for ipmi serial terminal mode This section provides additional configuration settings for IPMI serial terminal mode. Configuring additional settings for IPMI serial terminal mode using web interface To set the Terminal Mode settings: 1 In the iDRAC Web interface, go to Overview > iDRAC Settings > Network > Serial The Serial page is displayed. 2 Enable IPMI serial. 3 Click Terminal Mode Settings. The Terminal Mode Settings page is displayed.
When in terminal mode, to switch the connection to the Serial Console mode, press Esc+Shift, Q. To go back to the terminal mode use, when connected in Serial Console mode, press Esc+Shift, 9. Communicating with iDRAC using IPMI SOL IPMI Serial Over LAN (SOL) allows a managed system’s text-based console serial data to be redirected over iDRAC’s dedicated or shared out-of-band ethernet management network. Using SOL you can: • Remotely access operating systems with no time-out.
Configuring iDRAC to use SOL You can specify the SOL settings in iDRAC using Web interface, RACADM, or iDRAC Settings utility. Configuring iDRAC to use SOL using iDRAC web interface To configure IPMI Serial over LAN (SOL): 1 In the iDRAC Web interface, go to Overview > iDRAC Settings > Network > Serial Over LAN. The Serial over LAN page is displayed. 2 Enable SOL, specify the values, and click Apply. The IPMI SOL settings are configured.
NOTE: To redirect the serial console over LAN, ensure that the SOL baud rate is identical to the baud rate of the managed system. Enabling supported protocol The supported protocols are IPMI, SSH, and Telnet. Enabling supported protocol using web interface To enable SSH or Telnet, go to Overview > iDRAC Settings > Network > Services and select Enabled for SSH or Telnet, respectively. To enable IPMI, go to Overview > iDRAC Settings > Network and select Enable IPMI Over LAN.
For installation instructions, see the Software Quick Installation Guide. 2 At the command prompt (Windows or Linux), run the following command to start SOL from iDRAC: ipmitool -H -I lanplus -U -P sol activate This command connected the management station to the managed system's serial port. 3 To quit a SOL session from IPMItool, press ~ and then . (period).
• • ESC[n~ — F12 passes, but F2 cannot pass. In Windows, if the Emergency Management System (EMS) console is opened immediately after a host reboot, the Special Admin Console (SAC) terminal may get corrupted. Quit the SOL session, close the terminal, open another terminal, and start the SOL session using the same command.
To use Telnet virtual console: 1 Enable Telnet in Windows Component Services. 2 Connect to the iDRAC using the command telnet : Parameter Description IP address for the iDRAC Telnet port number (if you are using a new port) Configuring backspace key for your Telnet session Depending on the Telnet client, using the Backspace key may produce unexpected results. For example, the session may echo ^h.
For information about the options, see the iDRAC Online Help. The IPMI over LAN settings are configured. Configuring IPMI over LAN using iDRAC settings utility To configure IPMI over LAN: 1 In the iDRAC Settings Utility, go to Network. The iDRAC Settings Network page is displayed. 2 For IPMI Settings, specify the values. For information about the options, see the iDRAC Settings Utility Online Help. 3 Click Back, click Finish, and then click Yes. The IPMI over LAN settings are configured.
The remote RACADM is enabled or disabled based on the selection. Enabling or disabling remote RACADM using RACADM NOTE: It is recommended to run these commands on the local system. • • To disable remote RACADM: racadm set iDRAC.Racadm.Enable 0 To enable remote RACADM: racadm set iDRAC.Racadm.Enable 1 Disabling local RACADM The local RACADM is enabled by default. To disable, see Disabling access to modify iDRAC configuration settings on host system.
kernel /boot/vmlinuz-2.4.9-e.3smp ro root=/dev/sda1 hda=ide-scsi console=ttyS0 console=ttyS1,115200n8r initrd /boot/initrd-2.4.9-e.3smp.img title Red Hat Linux Advanced Server-up (2.4.9-e.3) root (hd0,00) kernel /boot/vmlinuz-2.4.9-e.3 ro root=/dev/sda1 s initrd /boot/initrd-2.4.9-e.3.
4:2345:respawn:/sbin/mingetty tty4 5:2345:respawn:/sbin/mingetty tty5 6:2345:respawn:/sbin/mingetty tty6 #Run xdm in runlevel 5 #xdm is now a separate service x:5:respawn:/etc/X11/prefdm -nodaemon In the file /etc/securetty add a new line with the name of the serial tty for COM2: ttyS1 The following example shows a sample file with the new line. NOTE: Use the Break Key Sequence (~B) to execute the Linux Magic SysRq key commands on serial console using IPMI Tool.
Scheme Type Algorithms ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group14-sha1 Encryption chacha20-poly1305@openssh.com aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com hmac-sha1 MAC hmac-ripemd160 umac-64@openssh.com Compression None NOTE: If you enable OpenSSH 7.0 or later, DSA public key support is disabled. To ensure better security for iDRAC, Dell recommends not enabling DSA public key support.
Generating public keys for Windows To use the PuTTY Key Generator application to create the basic key: 1 Start the application and select RSA for the key type. 2 Enter the number of bits for the key. The number of bits must be between 2048 and 4096 bits. 3 Click Generate and move the mouse in the window as directed. The keys are generated. 4 You can modify the key comment field. 5 Enter a passphrase to secure the key. 6 Save the public and private key.
4 Upload the SSH keys in one of the following ways: • Upload the key file. • Copy the contents of the key file into the text box For more information, see iDRAC Online Help. 5 Click Apply. Uploading SSH keys using RACADM To upload the SSH keys, run the following command: NOTE: You cannot upload and copy a key at the same time.
The Users page is displayed. 2 In the User ID column, click a user ID number. The Users Main Menu page is displayed. 3 Under SSH Key Configurations, select View/Remove SSH Key(s) and click Next. The View/Remove SSH Key(s) page displays the key details. 4 Select Remove for the key(s) you want to delete, and click Apply. The selected key(s) is deleted.
7 Configuring user accounts and privileges You can setup user accounts with specific privileges (role-based authority) to manage your system using iDRAC and maintain system security. By default iDRAC is configured with a local administrator account. This default user name is root and the password is calvin. As an administrator, you can setup user accounts to allow other users to access iDRAC.
Characters Length A-Z a-z '-!"#$%&()*,./:;?@[\]^_`{|}~+<=> NOTE: You may be able to create user names and passwords that include other characters. However, to ensure compatibility with all interfaces, Dell recommends using only the characters listed here. NOTE: The characters allowed in user names and passwords for network shares are determined by the network-share type. iDRAC supports valid characters for network share credentials as defined by the share type, except <, >, and , (comma).
• Use the RACADM examples in this section as a guide to create a batch file of RACADM commands and then execute the batch file on each managed system. • Create the iDRAC configuration file and execute the racadm set command on each managed system using the same configuration file. If you are configuring a new iDRAC or if you have used the racadm racresetcfg command, the only current user is root with the password calvin. The racadm racresetcfg command resets the iDRAC to the default values.
NOTE: The default privilege value is 0, which indicates the user has no privileges enabled. For a list of valid bit-mask values for specific user privileges, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
Current Generation Prior Generation Description Debug Execute Diagnostic Commands Enables the user to run diagnostic commands. Related link Prerequisites for using Active Directory authentication for iDRAC Supported Active Directory authentication mechanisms Prerequisites for using Active Directory authentication for iDRAC To use the Active Directory authentication feature of iDRAC, make sure that you have: • Deployed an Active Directory infrastructure. See the Microsoft website for more information.
Exporting domain controller root CA certificate to iDRAC NOTE: If your system is running Windows 2000 or if you are using standalone CA, the following steps may vary. To export the domain controller root CA certificate to iDRAC: 1 Locate the domain controller that is running the Microsoft Enterprise CA service. 2 Click Start > Run. 3 Enter mmc and click OK. 4 In the Console 1 (MMC) window, click File (or Console on Windows 2000 systems) and select Add/Remove Snap-in.
Supported Active Directory authentication mechanisms You can use Active Directory to define iDRAC user access using two methods: • Standard schema solution, which uses Microsoft’s default Active Directory group objects only. • Extended schema solution, which has customized Active Directory objects. All the access control objects are maintained in Active Directory. It provides maximum flexibility to configure user access on different iDRACs with varying privilege levels.
Role Groups Default Privilege Level Permissions Granted Bit Mask Test Alerts, Execute Diagnostic Commands Role Group 2 None Log in to iDRAC, Configure iDRAC, Execute Server Control Commands, Access Virtual Console, Access Virtual Media, Test Alerts, Execute Diagnostic Commands 0x000000f9 Role Group 3 None Log in to iDRAC 0x00000001 Role Group 4 None No assigned permissions 0x00000000 Role Group 5 None No assigned permissions 0x00000000 NOTE: The Bit Mask values are used only when setting
4 Optionally, enable certificate validation and upload the CA-signed digital certificate used during initiation of SSL connections when communicating with the Active Directory (AD) server. For this, the Domain Controllers and Global Catalog FQDN must be specified. This is done in the next steps. And hence the DNS should be configured properly in the network settings. 5 Click Next. The Active Directory Configuration and Management Step 2 of 4 page is displayed.
In this case, you must upload the CA certificate using the following command: racadm sslcertupload -t 0x2 -f NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the Global Catalog FQDN. Ensure that DNS is configured correctly under Overview > iDRAC Settings > Network. Using the following RACADM command may be optional.
• Base OID is: 1.2.840.113556.1.8000.1280 • RAC LinkID range is: 12070 to 12079 Overview of iDRAC schema extensions Dell has extended the schema to include an Association, Device, and Privilege property. The Association property is used to link together the users or groups with a specific set of privileges to one or more iDRAC devices.
Accumulating privileges using Extended Schema The Extended Schema Authentication mechanism supports Privilege Accumulation from different privilege objects associated with the same user through different Association Objects. In other words, Extended Schema Authentication accumulates privileges to allow the user the super set of all assigned privileges corresponding to the different privilege objects associated with the same user.
Extending Active Directory schema Extending your Active Directory schema adds a Dell organizational unit, schema classes and attributes, and example privileges and association objects to the Active Directory schema. Before you extend the schema, make sure that you have the Schema Admin privileges on the Schema Master Flexible Single Master Operation (FSMO) Role Owner of the domain forest. NOTE: Make sure to use the schema extension for this product is different from the previous generations of RAC products.
Class Name Assigned Object Identification Number (OID) dellPrivileges 1.2.840.113556.1.8000.1280.1.1.1.4 dellProduct 1.2.840.113556.1.8000.1280.1.1.1.5 Table 24. DelliDRACdevice class OID 1.2.840.113556.1.8000.1280.1.7.1.1 Description Represents the Dell iDRAC device. iDRAC must be configured as delliDRACDevice in Active Directory. This configuration enables iDRAC to send Lightweight Directory Access Protocol (LDAP) queries to Active Directory.
OID 1.2.840.113556.1.8000.1280.1.1.1.3 dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 27. dellPrivileges class OID 1.2.840.113556.1.8000.1280.1.1.1.4 Description Used as a container Class for the Dell Privileges (Authorization Rights). Class Type Structural Class SuperClasses User Attributes dellRAC4Privileges Table 28. dellProduct class OID 1.2.840.113556.1.8000.1280.1.1.1.
Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellIsCardConfigAdmin 1.2.840.113556.1.8000.1280.1.1.2.4 TRUE TRUE if the user has Card Configuration rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsUserConfigAdmin 1.2.840.113556.1.8000.1280.1.1.2.5 TRUE if the user has User Configuration rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) delIsLogClearAdmin 1.2.840.113556.1.8000.1280.1.1.2.
Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued Link ID: 12071 Installing Dell extension to the Active Directory users and computers snapin When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers Snap-in so the administrator can manage iDRAC devices, users and user groups, iDRAC associations, and iDRAC privileges.
The New Object window is displayed. 3 Enter a name for the new object. 4 Select Privilege Object and click OK. 5 Right-click the privilege object that you created, and select Properties. 6 Click the Remote Management Privileges tab and assign the privileges for the user or group. Creating association object To create association object: NOTE: iDRAC association object is derived from the group and its scope is set to Domain Local. 1 In the Console Root (MMC) window, right-click a container.
Adding privileges To add privileges: Click the Privilege Object tab to add the privilege object to the association that defines the user’s or user group’s privileges when authenticating to an iDRAC device. Only one privilege object can be added to an Association Object. 1 Select the Privileges Object tab and click Add. 2 Enter the privilege object name and click OK.
Configuring Active Directory with Extended schema using RACADM To configure Active Directory with Extended Schema using the RACADM: 1 Use the following commands: racadm set iDRAC.ActiveDirectory.Enable 1 racadm set iDRAC.ActiveDirectory.Schema 2 racadm set iDRAC.ActiveDirectory.RacName racadm set iDRAC.ActiveDirectory.RacDomain racadm set iDRAC.ActiveDirectory.
Testing Active Directory settings using iDRAC web interface To test the Active Directory settings: 1 In iDRAC Web Interface, go to Overview > iDRAC Settings > User Authentication > Directory Services > Microsoft Active Directory. The Active Directory summary page is displayed. 2 Click Test Settings. 3 Enter a test user's name (for example, username@domain.com) and password and click Start Test. A detailed test results and the test log displays.
3 Optionally, enable certificate validation and upload the digital certificate used during initiation of SSL connections when communicating with a generic LDAP server. 4 Click Next. NOTE: In this release, non-SSL port based LDAP bind is not supported. Only LDAP over SSL is supported. The Generic LDAP Configuration and Management Step 2 of 3 page is displayed. 5 Enable generic LDAP authentication and specify the location information about generic LDAP servers and user accounts.
NOTE: When testing LDAP settings with Enable Certificate Validation checked, iDRAC requires that the LDAP server be identified by the FQDN and not an IP address. If the LDAP server is identified by an IP address, certificate validation fails because iDRAC is not able to communicate with the LDAP server. NOTE: When generic LDAP is enabled, iDRAC first tries to login the user as a directory user. If it fails, local user lookup is enabled. The test results and the test log are displayed.
8 Configuring iDRAC for Single Sign-On or smart card login This section provides information to configure iDRAC for Smart Card login (for local users and Active Directory users), and Single Sign-On (SSO) login (for Active Directory users.) SSO and smart card login are licensed features. iDRAC supports Kerberos based Active Directory authentication to support Smart Card and SSO logins. For information on Kerberos, see the Microsoft website.
Related link Registering iDRAC as a computer in Active Directory root domain Generating Kerberos keytab file Creating Active Directory objects and providing privileges Registering iDRAC as a computer in Active Directory root domain To register iDRAC in Active Directory root domain: 1 Click Overview > iDRAC Settings > Network > Network. The Network page is displayed. 2 Provide a valid Preferred/Alternate DNS Server IP address. This value is a valid DNS server IP address that is part of the root domain.
NOTE: If you find any issues with iDRAC user for which the keytab file is created, create a new user and a new keytab file. If the same keytab file which was initially created is again executed, it does not configure correctly. Creating Active Directory objects and providing privileges Perform the following steps for Active Directory Extended schema based SSO login: 1 Create the device object, privilege object, and association object in the Active Directory server.
Configuring iDRAC SSO login for Active Directory users using RACADM To enable SSO, complete the steps to configure Active Directory, and run the following command: racadm set iDRAC.ActiveDirectory.SSOEnable 1 Configuring iDRAC smart card login for local users To configure iDRAC local user for smart card login: 1 Upload the smart card user certificate and trusted CA certificate to iDRAC. 2 Enable smart card login.
Uploading trusted CA certificate for smart card Before you upload the CA certificate, make sure that you have a CA-signed certificate. Related link Obtaining certificates Uploading trusted CA certificate for smart card using web interface To upload trusted CA certificate for smart card login: 1 In iDRAC Web interface, go to Overview > iDRAC Settings > Network > User Authentication > Local Users. The Users page is displayed. 2 In the User ID column, click a user ID number.
• You have configure iDRAC permissions. • iDRAC local user configuration or Active Directory user configuration with the appropriate certificates is complete. NOTE: If smart card login is enabled, then SSH, Telnet, IPMI Over LAN, Serial Over LAN, and remote RACADM are disabled. Again, if you disable smart card login, the interfaces are not enabled automatically.
9 Configuring iDRAC to send alerts You can set alerts and actions for certain events that occur on the managed system. An event occurs when the status of a system component is greater than the pre-defined condition. If an event matches an event filter and you have configured this filter to generate an alert (e-mail, SNMP trap, IPMI alert, remote system logs, Redfish event, or WS events), then an alert is sent to one or more configured destinations.
Enabling or disabling alerts For sending an alert to configured destinations or to perform an event action, you must enable the global alerting option. This property overrides individual alerting or event actions that is set. Related link Filtering alerts Configuring email alert, SNMP trap, or IPMI trap settings Enabling or disabling alerts using web interface To enable or disable generating alerts: 1 2 In iDRAC Web interface, go to Overview > Server > Alerts. The Alerts page is displayed.
Filtering alerts using iDRAC web interface To filter the alerts based on category and severity: NOTE: Even if you are a user with read-only privileges, you can filter the alerts. 1 In iDRAC Web interface, go to Overview > Server > Alerts. The Alerts page is displayed.
4 • Email Alert • SNMP Trap • IPMI Alert • Remote System Log • OS Log • WS Eventing Click Apply. The setting is saved. 5 Under Alerts section, select the Enable option to send alerts to configured destinations. 6 Optionally, you can send a test event. In the Message ID to Test Event field, enter the message ID to test if the alert is generated and click Test. For the list of message IDs, see the Event Messages Guide available at dell.com/support/manuals.
Setting event actions using web interface To set an event action: 1 In iDRAC Web interface, go to Overview > Server > Alerts. The Alerts page is displayed. 2 Under Alerts Results, from the Actions drop-down menu, for each event select an action: 3 • Reboot • Power Cycle • Power Off • No Action Click Apply. The setting is saved. Setting event actions using RACADM To configure an event action, use the eventfilters command.
Configuring IP alert destinations using web interface To configure alert destination settings using Web interface: 1 Go to Overview > Server > Alerts > SNMP and E-mail Settings. 2 Select the State option to enable an alert destination (IPv4 address, IPv6 address, or Fully Qualified Domain Name (FQDN)) to receive the traps. You can specify up to eight destination addresses. For more information about the options, see the iDRAC Online Help.
4 5 To configure SNMP destination: • Set the SNMP trap destination for SNMPv3: racadm set idrac.SNMP.Alert..DestAddr • Set SNMPv3 users for trap destinations: racadm set idrac.SNMP.Alert..SNMPv3Username • Enable SNMPv3 for a user: racadm set idrac.users..SNMPv3Enable Enabled To test the trap, if required: racadm testtrap -i For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
Configuring email alert settings using RACADM 1 2 3 4 To enable email alert: racadm set iDRAC.EmailAlert.Enable.[index] [n] Parameter Description index Email destination index. Allowed values are 1 through 4. n=0 Disables email alerts. n=1 Enables email alerts. To configure email settings: racadm set iDRAC.EmailAlert.Address.[index] [email-address] Parameter Description index email-address Email destination index. Allowed values are 1 through 4.
Configuring SMTP email server address settings using RACADM To configure the SMTP email server: racadm set iDRAC.RemoteHosts.SMTPServerIPAddress Configuring WS Eventing The WS Eventing protocol is used for a client service (subscriber) to register interest (subscription) with a server (event source) for receiving messages containing the server events (notifications or event messages).
Monitoring chassis events using RACADM This setting is applicable only for PowerEdge FX2/FX2s servers and if Chassis Management at Server mode is set to Monitor or Manage and Monitor in CMC. To monitor chassis events using iDRAC RACADM: racadm get system.chassiscontrol.chassismanagementmonitoring For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
Message ID Description JCP Job Control LC Lifecycle Controller LIC Licensing LNK Link Status LOG Log event MEM Memory NDR NIC OS Driver NIC NIC Config OSD OS Deployment OSE OS Event PCI PCI Device PDR Physical Disk PR Part Exchange PST BIOS POST PSU Power Supply PSUA PSU Absent PWR Power Usage RAC RAC Event RDU Redundancy RED FW Download RFL IDSDM Media RFLA IDSDM Absent RFM FlexAddress SD RRDU IDSDM Redundancy RSI Remote Service SEC Security Event SEL
Message ID Description SSD PCIe SSD STOR Storage SUP FW Update Job SWC Software Config SWU Software Change SYS System Info TMP Temperature TST Test Alert UEFI UEFI Event USR User Tracking VDR Virtual Disk VF vFlash SD card VFL vFlash Event VFLA vFlash Absent VLT Voltage VME Virtual Media VRM Virtual Console WRK Work Note 174 Configuring iDRAC to send alerts
10 Managing logs iDRAC provides Lifecycle log that contains events related to system, storage devices, network devices, firmware updates, configuration changes, license messages, and so on. However, the system events are also available as a separate log called System Event Log (SEL). The lifecycle log is accessible through iDRAC Web interface, RACADM, and WS-MAN interface. When the size of the lifecycle log reaches 800 KB, the logs are compressed and archived.
After the SEL is cleared, an entry is logged in the Lifecycle Controller log. The log entry includes the user name and the IP address from where the SEL was cleared. Viewing System Event Log using RACADM To view the SEL: racadm getsel If no arguments are specified, the entire log is displayed. To display the number of SEL entries: racadm getsel -i To clear the SEL entries: racadm clrsel For more information, see iDRAC RACADM Command Line Interface Reference Guide available at dell.
• Virtual console • Virtual media You can view and filter logs based on the category and severity level. You can also export and add a work note to a log event. NOTE: Lifecycle logs for Personality Mode change is generated only during the warm boot of the host. If you initiate configuration jobs using RACADM CLI or iDRAC web interface, the Lifecycle log contains information about the user, interface used, and the IP address of the system from which you initiate the job.
Exporting Lifecycle Controller logs You can export the entire Lifecycle Controller log (active and archived entries) in a single zipped XML file to a network share or to the local system. The zipped XML file extension is .xml.gz. The file entries are ordered sequentially based on their sequence numbers, ordered from the lowest sequence number to the highest.
• There is network connectivity between iDRAC and the remote system. • The remote system and iDRAC is on the same network. Configuring remote system logging using web interface To configure the remote syslog server settings: 1 In the iDRAC Web interface, go to Overview > Server > Logs > Settings. The Remote Syslog Settings page is displayed 2 Enable remote syslog, specify the server address, and the port number. For information about the options, see the iDRAC Online Help. 3 Click Apply.
11 Monitoring and managing power You can use iDRAC to monitor and manage the power requirements of the managed system. This helps to protect the system from power outages by appropriately distributing and regulating the power consumption on the system. The key features are: • Power Monitoring — View the power status, history of power measurements, the current averages, peaks, and so on for the managed system.
Monitoring power using web interface To view the power monitoring information, in iDRAC Web interface, go to Overview > Server > Power/Thermal > Power Monitoring. The Power Monitoring page is displayed. For more information, see the iDRAC Online Help. Monitoring power using RACADM To view the power-monitoring information, use the get command with the objects in the System.Power group. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
Executing power control operations using web interface To perform power control operations: 1 In iDRAC web interface, go to Overview > Server > Power/Thermal > Power Configuration > Power Control. The Power Control page is displayed. 2 Select the required power operation: 3 • Power On System • Power Off System • NMI (Non-Masking Interrupt) • Graceful Shutdown • Reset System (warm boot) • Power Cycle System (cold boot) Click Apply. For more information, see the iDRAC Online Help.
Viewing and configuring power cap policy When power cap policy is enabled, it enforces user-defined power limits for the system. If not, it uses the hardware power protection policy that is implemented by default. This power protection policy is independent of the user defined policy. The system performance is dynamically adjusted to maintain power consumption close to the specified threshold.
NOTE: The Power Configuration link is available only if the server power supply unit supports power monitoring. The iDRAC Settings Power Configuration page is displayed. 2 Select Enabled to enable the Power Cap Policy Else, select Disabled. 3 Use the recommended settings, or under User Defined Power Cap Policy, enter the required limits. For more information about the options, see the iDRAC Settings Utility Online Help. 4 Click Back, click Finish, and then click Yes.
Configuring power supply options using iDRAC settings utility To configure the power supply options: 1 In iDRAC Settings utility, go to Power Configuration. NOTE: The Power Configuration link is available only if the server power supply unit supports power monitoring. The iDRAC Settings Power Configuration page is displayed. 2 3 Under Power Supply Options: • Enable or disable power supply redundancy. • Enable or disable hot spare. • Set the primary power supply unit.
12 Inventorying, monitoring, and configuring network devices You can inventory, monitor, and configure the following network devices: • Network Interface Cards (NICs) • Converged Network Adapters (CNAs) • LAN On Motherboards (LOMs) • Network Daughter Cards (NDCs) • Mezzanine cards (only for blade servers) Before you disable NPAR or an individual partition on CNA devices, ensure that you clear all I/O identity attributes (Example: IP address, virtual addresses, initiator, and storage targets) and p
Monitoring network devices using web interface To view the network device information using Web interface, go to Overview > Hardware > Network Devices. The Network Devices page is displayed. For more information about the displayed properties, see iDRAC Online Help. NOTE: If the OS Driver State displays the state as Operational, it indicates the operating system driver state or the UEFI driver state.
• Virtual MAC Address • Virtual iSCSI MAC Address • Virtual FIP MAC Address • Virtual WWN • Virtual WWPN NOTE: When you clear the persistence policy, all the virtual addresses are reset to the default permanent address set at the factory. NOTE: Some cards with the virtual FIP, virtual WWN, and virtual WWPN MAC attributes, the virtual WWN and virtual WWPN MAC attributes are automatically configured when you configure virtual FIP.
Manufacturer Type • 5720 bNDC 1 GB Intel • • • • • • • • • • i350 Mezz 1Gb x520+i350 rNDC 10Gb+1Gb I350 bNDC 1Gb x540 PCIe 10Gb x520 PCIe 10Gb i350 PCIe 1Gb x540+i350 rNDC 10Gb+1Gb i350 rNDC 1Gb x520 bNDC 10Gb 40G 2P XL710 QSFP+ rNDC Mellanox • • • • • • ConnectX-3 10G ConnectX-3 40G ConnectX-3 10G ConnectX-3 Pro 10G ConnectX-3 Pro 40G ConnectX-3 Pro 10G Qlogic • • • QME2662 Mezz FC16 QLE2660 PCIe FC16 QLE2662 PCIe FC16 Emulex • • • • • • • • • • • • • • • • • • • LPM16002 Mezz FC16 LPe16000 P
The following table provides the NIC firmware versions for the I/O identity optimization feature. Virtual or Flex Address and Persistence Policy behavior when iDRAC is set to Flex Address mode or Console mode The following table describes the Virtual address management (VAM) configuration and Persistence Policy behavior depending on Flex Address feature state in CMC, mode set in iDRAC, I/O Identity feature state in iDRAC, and XML configuration. Table 32.
Flex Address Feature State in CMC Mode set in iDRAC Flex Address enabled Console Mode IO Identity Feature State in iDRAC XML Configuration Persistence Policy Clear Persistence Policy — Virtual Address Disabled VAM not configured Set to hardware MAC address Set to hardware MAC address System behavior for FlexAddress and IO Identity Table 33.
For the list of I/O Identity Optimization attributes that you can modify in the XML configuration file, see the NIC Profile document available at delltechcenter.com/idrac. NOTE: Do not modify non I/O Identity Optimization attributes. Enabling or disabling IO Identity Optimization using web interface To enable or disable I/O Identity Optimization: 1 In the iDRAC Web interface, go to Overview > Hardware > Network Devices. The Network Devices page is displayed.
• Persistence policy is changed. • Virtual address, initiator and target values are set based on the policy. A single log entry is logged for the configured devices and the values that are set for those devices when the policy is applied. Event actions are enabled for SNMP, email, or WS-eventing notifications. Logs are also included in the remote syslogs. Table 34.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. iSCSI initiator and storage target default values The following tables provide the list of default values for iSCSI initiator and storage targets when the persistence policies are cleared. Table 35. iSCSI initiator —default values iSCSI Initiator Default Values in IPv4 mode Default Values in IPv6 mode IscsiInitiatorIpAddr 0.0.0.0 :: IscsiInitiatorIpv4Addr 0.0.0.0 0.0.0.
iSCSI Storage Target Attributes Default Values in IPv4 mode Default Values in IPv6 mode FirstTgtBootLun 0 0 FirstTgtIscsiName Value Cleared Value Cleared FirstTgtChapId Value Cleared Value Cleared FirstTgtChapPwd Value Cleared Value Cleared FirstTgtIpVer Ipv4 ConnectSecondTgt Disabled Disabled SecondTgtIpAddress 0.0.0.
13 Managing storage devices Beginning with iDRAC 2.00.00.00 release, iDRAC expands its agent-free management to include direct configuration of the new PERC9 controllers. It enables you to remotely configure the storage components attached to your system at run-time. These components include RAID and non-RAID controllers and the channels, ports, enclosures, and disks attached to them.
Table 37. PERC Capability PERC Capability CEM configuration Capable Controller (PERC 9.1 or later) CEM configuration Non-capable Controller (PERC 9.0 and lower) Real-time If there is no existing pending or scheduled jobs for the controller, then configuration is applied. If there are pending or scheduled jobs for that controller, then the jobs have to be cleared or you must wait for the jobs to be completed before applying the configuration at run-time.
Understanding RAID concepts Storage Management uses the Redundant Array of Independent Disks (RAID) technology to provide Storage Management capability. Understanding Storage Management requires an understanding of RAID concepts, as well as some familiarity with how the RAID controllers and operating system view disk space on your system. RAID RAID is a technology for managing the storage of data on the physical disks that reside or are attached to the system.
• Span — A span is a RAID technique used to combine storage space from groups of physical disks into a RAID 10, 50, or 60 virtual disk. RAID levels Each RAID level uses some combination of mirroring, striping, and parity to provide data redundancy or improved read and write performance. For specific information on each RAID level, see Choosing raid levels. Organizing data storage for availability and performance RAID provides different methods or RAID levels for organizing the disk storage.
RAID level 0 - striping RAID 0 uses data striping, which is writing data in equal-sized segments across the physical disks. RAID 0 does not provide data redundancy. RAID 0 characteristics: • Groups n disks as one large virtual disk with a capacity of (smallest disk size) *n disks. • Data is stored to the disks alternately. • No redundant data is stored. When a disk fails, the large virtual disk fails with no means of rebuilding the data. • Better read and write performance.
RAID 1 characteristics: • Groups n + n disks as one virtual disk with the capacity of n disks. The controllers currently supported by Storage Management allow the selection of two disks when creating a RAID 1. Because these disks are mirrored, the total storage capacity is equal to one disk. • Data is replicated on both the disks. • When a disk fails, the virtual disk still works. The data is read from the mirror of the failed disk. • Better read performance, but slightly slower write performance.
RAID 5 characteristics: • Groups n disks as one large virtual disk with a capacity of (n-1) disks. • Redundant information (parity) is alternately stored on all disks. • When a disk fails, the virtual disk still works, but it is operating in a degraded state. The data is reconstructed from the surviving disks. • Better read performance, but slower write performance. • Redundancy for protection of data.
RAID 50 characteristics: • Groups n*s disks as one large virtual disk with a capacity of s*(n-1) disks, where s is the number of spans and n is the number of disks within each span. • Redundant information (parity) is alternately stored on all disks of each RAID 5 span. • Better read performance, but slower write performance. • Requires as much parity information as standard RAID 5. • Data is striped across all spans. RAID 50 is more expensive in terms of disk space.
RAID 60 characteristics: • Groups n*s disks as one large virtual disk with a capacity of s*(n-2) disks, where s is the number of spans and n is the number of disks within each span. • Redundant information (parity) is alternately stored on all disks of each RAID 6 span. • Better read performance, but slower write performance. • Increased redundancy provides greater data protection than a RAID 50. • Requires proportionally as much parity information as RAID 6.
RAID 10 characteristics: • Groups n disks as one large virtual disk with a capacity of (n/2) disks, where n is an even integer. • Mirror images of the data are striped across sets of physical disks. This level provides redundancy through mirroring. • When a disk fails, the virtual disk still works. The data is read from the surviving mirrored disk. • Improved read performance and write performance. • Redundancy for protection of data.
RAID Level Data Availability Read Performance Write Performance Rebuild Performance Minimum Disks Required Suggested Uses transactional uses. RAID 10 Excellent Very Good Fair Good 2N x X Data intensive environments (large records). RAID 50 Good Very Good Fair Fair N + 2 (N = at least 4) Medium sized transactional or data intensive uses. RAID 6 Excellent Sequential reads: good.
• PERC FD33xD NOTE: For more information on configuring and changing the controller mode on the PERC FD33xS and PERC FD33xD controllers, see the Dell Chassis Management Controller Version 1.2 for PowerEdge FX2/FX2s User's Guide available at dell.com/ support/manuals. Supported non-RAID controllers The iDRAC interface supports 12 Gbps SAS HBA external controller, HBA330 internal controller, and supports SATA drives only for HBA330 internal controller.
Feature Name PERC 9 Controllers PERC 8 Controllers PCIe SSD H830 H730 P H730 H330 FD33xS FD33x D H810 H710P H710 H310 Encrypt virtual disks Realtime Realtime Realtime Realtime Realtime Realtime Staged Staged Staged Staged Not applicabl e Assign or unassign dedicated hot spare Realtime Realtime Realtime Realtime Realtime Realtime Staged Staged Staged Staged Not applicabl e Delete virtual disks Realtime Realtime Realtime Realtime Realtime Realtime Staged Staged St
Feature Name PERC 9 Controllers PERC 8 Controllers PCIe SSD H830 H730 P H730 H330 FD33xS FD33x D H810 H710P H710 H310 Auto-import foreign configuration Realtime Realtime Realtime Realtime Realtime Realtime Staged Staged Staged Staged Not applicabl e Clear foreign configuration Realtime Realtime Realtime Realtime Realtime Realtime Staged Staged Staged Staged Not applicabl e Reset controller configuration Realtime Realtime Realtime Realtime Realtime Realtime Staged
Alerts and SNMP traps are generated for storage events. The events are logged in the Lifecycle Log. NOTE: If you enumerate the enclosure view's WSMAN command on a system while one PSU-cable is removed, the primary status of the enclosure view is reported as Healthy instead of Warning. Monitoring storage devices using web interface To view the storage device information using Web interface: • Go to Overview > Storage > Summary to view the summary of the storage components and the recently logged events.
• Convert to non-RAID disk. • Blink or unblink the LED. Related link Inventorying and monitoring storage devices Assigning or unassigning physical disk as global hot spare Assigning or unassigning physical disk as global hot spare A global hot spare is an unused backup disk that is part of the disk group. Hot spares remain in standby mode.
6 Click Apply. Based on the selected operation mode, the settings are applied. Related link Choosing operation mode using web interface Assigning or unassigning global hot spare using RACADM Use the storage command and specify the type as global hot spare. For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals.
• To convert to RAID mode, use the racadm storage converttoraid command. • To convert to Non-RAID mode, use the racadm storage converttononraid command. For more information about the commands, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals.
• Physical disk is in non-RAID mode. You must convert to RAID mode using iDRAC interfaces such as iDRAC web interface, RACADM, WS-MAN, or . NOTE: If you create a virtual disk in Add to Pending Operation mode and a job is not created, and then if you delete the Virtual disk, then the create pending operation for the virtual disk is cleared.
Creating virtual disks using RACADM Use the racadm storage createvd command. For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals. Editing virtual disk cache policies You can change the read, write, or disk cache policy of a virtual disk. NOTE: Some of the controllers do not support all read or write policies. Therefore, when a policy is applied, an error message is displayed.
Deleting virtual disks Deleting a virtual disk destroys all information including file systems and volumes residing on the virtual disk and removes the virtual disk from the controller’s configuration. When deleting virtual disks, all assigned global hot spares may be automatically unassigned when the last virtual disk associated with the controller is deleted. When deleting the last virtual disk of a disk group, all assigned dedicated hot spares automatically become global hot spares.
The fast initialize task does not write zeroes to the disk blocks on the physical disks. It is because the Fast Initialize task does not perform a write operation, it causes less degradation to the disk. A fast initialization on a virtual disk overwrites the first and last 8 MB of the virtual disk, clearing any boot records or partition information. The operation takes only 2-3 seconds to complete and is recommended when you are recreating virtual disks.
NOTE: While the log export operation is in progress, you cannot view information about dedicated hot spares on the Manage Virtual Disks page. After the log export operation is complete, reload or refresh the Manage Virtual Disks page to view the information. Managing virtual disks using web interface 1 In the iDRAC web interface, go to Overview > Storage > Virtual Disks > Manage. The Manage Virtual Disks page is displayed.
Based on the selected operation mode, the settings are applied.
• Copyback mode • Load balance mode • Check consistency rate • Rebuild rate • BGI rate • Reconstruct rate • Enhanced auto import foreign configuration • Create or change security keys You must have Login and Server Control privilege to configure the controller properties. Patrol read mode considerations Patrol read identifies disk errors to avoid disk failures, data loss, or corruption.
to complete, and is the setting with the least impact to system performance. A background initialization rate of 0% does not mean that the background initialization is stopped or paused. At 100%, the background initialization is the highest priority for the controller. The background initialization time is minimized and is the setting with the most impact to system performance. Check consistency The Check Consistency task verifies the accuracy of the redundant (parity) information.
NOTE: Patrol read mode operations such as Start and Stop are not supported if there are no virtual disks available in the controller. Though you can invoke the operations successfully using the iDRAC interfaces, the operations will fail when the associated job is started. • To specify the Check Consistency Mode, use Storage.Controller.CheckConsistencyMode object. • To enable or disable the Copyback Mode, use Storage.Controller.CopybackMode object.
PERC9 controller provides support for auto import of foreign configuration without requiring user interactions. The auto import can be enabled or disabled. If enabled, the PERC controller can auto import any foreign configuration detected without manual intervention. If disabled the PERC does not auto import any foreign configuration. You must have Login and Server Control privilege to import foreign configurations. This task is not supported on PERC hardware controllers running in HBA mode.
the physical disk state. If the physical disk state is Foreign, then the physical disk contains all or some portion of a virtual disk. You can clear or erase the virtual disk information from the newly attached physical disks. The Clear Foreign Configuration operation permanently erases all data residing on the physical disks that are added to the controller. If more than one foreign virtual disk is present, all the configurations are erased.
Resetting controller configuration using RACADM To reset the controller configuration: racadm storage resetconfig: For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals. Switching the controller mode On PERC 9.1 and later controllers, you can change the personality of the controller by switching the mode from RAID to HBA. The controller operates similar to a HBA controller where the drivers are passed through the operating system.
• When the PERC controller is in HBA mode, if you run import preview on export xml which is edited to change controller mode to RAID, and try creating a VD, the virtual disk creation fails. Import preview does not support validating stacking RAID operations with changing controller mode. Switching the controller mode using the iDRAC web interface To switch the controller mode, perform the following steps: 1 In the iDRAC web interface, click Overview > Storage > Controllers.
Related link Inventorying and monitoring storage devices Viewing system inventory Updating device firmware Monitoring predictive failure analysis on drives Blinking or unblinking component LEDs Monitoring predictive failure analysis on drives Storage management supports Self Monitoring Analysis and Reporting Technology (SMART) on physical disks that are SMART-enabled. SMART performs predictive failure analysis on each disk and sends alerts if a disk failure is predicted.
• Run the jobs on each controller individually. Wait for each job to complete before starting the configuration and job creation on the next controller. • Schedule multiple jobs to run at a later time using the scheduling options.
If the system has a dedicated PCIe backplane, two FQDDs are displayed. One FQDD is for regular drives and the other is for SSDs. If the backplane is shared (universal), only one FQDD is displayed. • Software inventory includes only the firmware version for the PCIe SSD. Inventorying and monitoring PCIe SSDs using web interface To inventory and monitor PCIe SSD devices, in the iDRAC web interface, go to Overview > Storage > Physical Disks. The Properties page is displayed.
Preparing to remove PCIe SSD using web interface To prepare the PCIe SSD for removal: 1 In the iDRAC Web interface, go to Overview > Storage > Physical Disks > Setup. The Setup Physical Disk page is displayed. 2 From the Controller drop-down menu, select the extender to view the associated PCIe SSDs. 3 From the drop-down menus, select Prepare to Remove for one or more PCIe SSDs.
• You have Server Control and Login privileges. NOTE: • Erasing PCIe SSDs can only be performed as a staged operation. • After the drive is erased, it displays in the operating system as online but it is not initialized. You must initialize and format the drive before using it again. • After you hot-plug a PCIe SSD, it may take several seconds to appear on the web interface. • Secure erase feature is not supported for hot-plugged PCIe SSDs.
To query the job ID returned: racadm jobqueue view -i For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals.
NOTE: • Warning messages are displayed when the setting is being changed as there is a possibility of data loss. • LC Wipe or iDRAC reset operations do not change the expander setting for this mode. • This operation is supported only in real-time and not staged. • You can change the backplane configuration multiple times. • The backplane splitting operation can cause data loss or foreign configuration if the drive association changes from one controller to another controller.
3 Run the following command to set the requested backplane mode to split mode: racadm set storage.enclosure.1.backplanerequestedmode "splitmode" The message is displayed indicating that the command is successful. 4 Run the following command to verify if the backplanerequestedmode attribute is set to split mode: racadm get storage.enclosure.1.
The roll-up health status for the enclosure provides the combined health status for all the drives in the enclosure. The enclosure link on the Topology page displays the entire enclosure information irrespective of which controller it is associated with. Because two storage controllers (PERC and PCIe extender) can be connected to the same backplane, only the backplane associated with the PERC controller is displayed in System Inventory page.
Choosing operation mode using web interface To select the operation mode to apply the settings: 1 2 You can select the operation mode on when you are on any of the following pages: • Overview > Storage > Physical Disks > Setup.
Pending Operations are created on the selected components (controllers, enclosures, physical disks, and virtual disks). Configuration jobs are created only on controller. In case of PCIe SSD, job is created on PCIe SSD disk and not on the PCIe Extender. Viewing, applying, or deleting pending operations using web interface 1 In the iDRAC web interface, go to Overview > Storage > Pending Operations. The Pending Operations page is displayed.
For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals. Storage devices — apply operation scenarios Case 1: selected an apply operation (apply now, at next reboot, or at scheduled time) and there are no existing pending operations If you have selected Apply Now, At Next Reboot, or At Scheduled Time and then clicked Apply, first the pending operation is created for the selected storage configuration operation.
• If the pending operation is not created successfully and if there are existing pending operations, then an error message is displayed. • Click OK to remain on the page to perform more storage configuration operations. • Click Pending Operations to view the pending operations for the device.
Blinking or unblinking component LEDs using RACADM To blink or unblink component LEDs, use the following commands: racadm storage blink: racadm storage unblink: For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals.
14 Configuring and using virtual console You can use the virtual console to manage a remote system using the keyboard, video, and mouse on your management station to control the corresponding devices on a managed server. This is a licensed feature for rack and tower servers. It is available by default in blade servers. The key features are: • A maximum of six simultaneous Virtual Console sessions are supported. All the sessions view the same managed server console simultaneously.
Table 40. Supported screen resolutions and refresh rates Screen Resolution Refresh Rate (Hz) 720x400 70 640x480 60, 72, 75, 85 800x600 60, 70, 72, 75, 85 1024x768 60, 70, 72, 75, 85 1280x1024 60 It is recommended that you configure your monitor display resolution to 1280x1024 pixels or higher.
NOTE: The Virtual Console image is available only if you have enabled Virtual Console. Launching virtual console You can launch the virtual console using the iDRAC Web Interface or a URL. NOTE: Do not launch a Virtual Console session from a Web browser on the managed system. Before launching the Virtual Console, make sure that: • You have administrator privileges. • Web browser is configured to use HTML5, Java, or ActiveX plug-ins. • Minimum network bandwidth of one MB/sec is available.
Two mouse pointers may appear in the viewer window: one for the managed server and another for your management station. To synchronize the cursors, see Synchronizing mouse pointers.
• For rack and tower servers: , , User: , • For blade servers: , , , User: , Sometimes the Virtual Console Viewer may display low quality video. This is due to slow network connectivity that leads to loss of one or two video frames when you start the Virtual Console session.
• • Ctrl+Alt+Del • Alt+Tab • Alt+ESC • Ctrl+ESC • Alt+Space • Alt+Enter • Alt+Hyphen • Alt+F4 • PrntScrn • Alt+PrntScrn • F1 • Pause • Tab • Ctrl+Enter • SysRq • Alt+SysRq Aspect Ratio — The HTML5 virtual console video image automatically adjusts the size to make the image visible. The following configuration options are displayed as a drop-down list: • Maintain • Don’t Maintain Click Apply to apply the selected settings on the server.
Synchronizing mouse pointers When you connect to a managed system through the Virtual Console, the mouse acceleration speed on the managed system may not synchronize with the mouse pointer on the management station and displays two mouse pointers in the Viewer window. When using Red Hat Enterprise Linux or Novell SUSE Linux, configure the mouse mode for Linux before you launch the Virtual Console viewer.
For the ActiveX client, the native library must be loaded for Pass all keystrokes to server function to work. If the native libraries are not loaded, the Pass all keystrokes to server option is deselected. If you attempt to select this option, an error message is displayed indicating that the feature is not supported For MAC operating systems, enable the Enable access of assistive device option in Universal Access for the Pass all keystrokes to server feature to work.
Java based virtual console session running on Linux operating system The behavior mentioned for Windows operating system is also applicable for Linux operating system with the following exceptions: • When Pass all keystrokes to server is enabled, is passed to the operating system on the managed system. • Magic SysRq keys are key combinations interpreted by the Linux Kernel.
5 Use the magic key to enable the SysRq function. For example, the following command reboots the server: echo b > /proc/sysrq-trigger NOTE: You do not have to run break sequence before using the magic SysRq keys.
15 Managing virtual media Virtual media allows the managed server to access media devices on the management station or ISO CD/DVD images on a network share as if they were devices on the managed server. Using the Virtual Media feature, you can: • Remotely access media connected to a remote system over the network • Install applications • Update drivers • Install an operating system on the managed system This is a licensed feature for rack and tower servers.
• Accessing virtual media • Setting boot order through BIOS • Enabling boot once for virtual media Supported drives and devices The following table lists the drives supported through virtual media. Table 41. Supported drives and devices Drive Supported Storage Media Virtual Optical Drives Virtual floppy drives USB flash drives • • • • • Legacy 1.44 floppy drive with a 1.
Configuring virtual media using iDRAC settings utility You can attach, detach, or auto-attach virtual media using the iDRAC Settings utility. To do this: 1 In the iDRAC Settings utility, go to Media and USB Port Settings. The iDRAC Settings Media and USB Port Settings page is displayed. 2 In the Virtual Media section, select Detach, Attach, or Auto attach based on the requirement. For more information about the options, see iDRAC Settings Utility Online Help.
• Virtual Console is enabled. • System is configured to not hide empty drives — In Windows Explorer, navigate to Folder Options, clear the Hide empty drives in the Computer folder option, and click OK. To access Virtual Media using Virtual Console: 1 In the iDRAC web interface, go to Overview > Server > Virtual Console. The Virtual Console page is displayed. 2 Click Launch Virtual Console. The Virtual Console Viewer is launched.
Related link Configuring virtual media Disabling warning messages while launching virtual console or virtual media using Java or ActiveX plug-in Adding virtual media images You can create a media image of the remote folder and mount it as a USB attached device to the server’s operating system. To add Virtual Media images: 1 Click Virtual Media > Create Image.... 2 In the Source Folder field, click Browse and browse to the folder or directory to be used as the source for the image file.
Mapping virtual drive To map the virtual drive: NOTE: While using ActiveX-based Virtual Media, you must have administrative privileges to map an operating system DVD or a USB flash drive (that is connected to the management station). To map the drives, launch IE as an administrator or add the iDRAC IP address to the list of trusted sites. 1 To establish a Virtual Media session, from the Virtual Media menu, click Connect Virtual Media.
Displaying correct virtual drives for mapping On a Linux-based management station, the Virtual Media Client window may display removable disks and floppy disks that are not part of the management station. To make sure that the correct virtual drives are available to map, you must enable the port setting for the connected SATA hard drive. To do this: 1 Reboot the operating system on the management station. During POST, press to enter System Setup. 2 Go to SATA settings.
Enabling boot once for virtual media You can change the boot order only once when you boot after attaching remote Virtual Media device. Before you enable the boot once option, make sure that: • You have Configure User privilege. • Map the local or virtual drives (CD/DVD, Floppy, or USB flash device) with the bootable media or image using the Virtual Media options • Virtual Media is in Attached state for the virtual drives to appear in the boot sequence.
16 Installing and using VMCLI utility The Virtual Media Command Line Interface (VMCLI) utility is an interface that provides virtual media features from the management station to iDRAC on the managed system. Using this utility you can access virtual media features, including image files and physical drives, to deploy an operating system on multiple remote systems in a network. NOTE: VMCLI supports only the TLS 1.0 security protocol.
VMCLI [parameter] [operating_system_shell_options] For example, vmcli -r iDRAC-IP-address:iDRAC-SSL-port The parameter enables VMCLI to connect to the specified server, access iDRAC, and map to the specified virtual media. NOTE: VMCLI syntax is case-sensitive. To ensure security, it is recommended to use the following VMCLI parameters: • • vmcli -i — Enables an interactive method of starting VMCLI. It ensures that the user name and password are not visible when processes are examined by other users.
• stderr/stdout redirection — Redirects any printed utility output to a file. For example, using the greater-than character (>) followed by a filename overwrites the specified file with the printed output of the VMCLI utility. NOTE: The VMCLI utility does not read from standard input (stdin). Hence, stdin redirection is not required. • Background execution — By default, the VMCLI utility runs in the foreground. Use the operating system's command shell features for the utility to run in the background.
17 Managing vFlash SD card The vFlash SD card is a Secure Digital (SD) card that plugs into the vFlash SD card slot in the system. You can use a card with a maximum of 16 GB capacity. After you insert the card, you must enable vFlash functionality to create and manage partitions. vFlash is a licensed feature. If the card is not available in the system's vFlash SD card slot, the following error message is displayed in the iDRAC Web interface at Overview > Server > vFlash: SD card not detected.
Viewing vFlash SD card properties After vFlash functionality is enabled, you can view the SD card properties using iDRAC Web interface or RACADM. Viewing vFlash SD card properties using web interface To view the vFlash SD card properties, in the iDRAC Web interface, go to Overview > Server > vFlash. The SD Card Properties page is displayed. For information about the displayed properties, see the iDRAC Online Help.
Disabled Enabled n=0 n=1 NOTE: The RACADM command functions only if a vFlash SD card is present. If a card is not present, the following message is displayed: ERROR: SD Card not present. Enabling or disabling vFlash functionality using iDRAC settings utility To enable or disable the vFlash functionality: 1 In the iDRAC Settings utility, go to Media and USB Port Settings. The iDRAC Settings . Media and USB Port Settings page is displayed.
4 Click Back and navigate to the same iDRAC Settings . Media and USB Port Settings page to view the successful message. All existing contents are removed and the card is reformatted with the new vFlash system information. Getting the last status using RACADM To get the status of the last initialize command sent to the vFlash SD card: 1 Open a telnet, SSH, or Serial console to the system and log in. 2 Enter the command: racadm vFlashsd status The status of commands sent to the SD card is displayed.
Creating an empty partition using the web interface To create an empty vFlash partition: 1 In iDRAC Web interface, go to Overview > Server > vFlash > Create Empty Partition. The Create Empty Partition page is displayed. 2 Specify the required information and click Apply. For information about the options, see the iDRAC Online Help. A new unformatted empty partition is created that is read-only by default. A page indicating the progress percentage is displayed.
Creating a partition using an image file using web interface To create a vFlash partition from an image file: 1 In iDRAC Web interface, go to Overview > Server > vFlash > Create From Image. The Create Partition from Image File page is displayed. 2 Enter the required information and click Apply. For information about the options, see the iDRAC Online Help. A new partition is created. For CD emulation type, a read-only partition is created.
3 Click OK. The selected partition is formatted to the specified file system type. An error message is displayed if: • The card is write-protected. • An initialize operation is already being performed on the card. Viewing available partitions Make sure that the vFlash functionality is enabled to view the list of available partitions. Viewing available partitions using web interface To view the available vFlash partitions, in the iDRAC Web interface, go to Overview > Server > vFlash > Manage.
• Clear the checkbox for the partition(s) and click Apply to change to read-write. The partitions are changed to read-only or read-write, based on the selections. NOTE: If the partition is of type CD, the state is read-only. You cannot change the state to read-write. If the partition is attached, the check box is grayed-out. Modifying a partition using RACADM To view the available partitions and their properties on the card: 1 Log in to the system using telnet, SSH, or Serial console.
Attaching or detaching partitions using RACADM To attach or detach partitions: 1 Log in to the system using telnet, SSH, or Serial console. 2 Use the following commands: • To attach a partition: racadm set iDRAC.vflashpartition..AttachState 1 • To detach a partition: racadm set iDRAC.vflashpartition..
Deleting existing partitions using RACADM To delete partitions: 1 Open a telnet, SSH, or Serial console to the system and log in. 2 Enter the following commands: • To delete a partition: racadm vflashpartition delete -i 1 • To delete all partitions, re-initialize the vFlash SD card. Downloading partition contents You can download the contents of a vFlash partition in the .img or .iso format to the: • Managed system (where iDRAC is operated from) • Network location mapped to a management station.
NOTE: If the attached vFlash partition(s) are not listed in the First Boot Device drop-down menu, make sure that the BIOS is updated to the latest version. Booting to a partition using RACADM To set a vFlash partition as the first boot device, use the iDRAC.ServerBoot object. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. NOTE: When you run this command, the vFlash partition label is automatically set to boot once (iDRAC.ServerBoot.
18 Using SMCLP The Server Management Command Line Protocol (SMCLP) specification enables CLI-based systems management. It defines a protocol for management commands transmitted over standard character oriented streams. This protocol accesses a Common Information Model Object Manager (CIMOM) using a human-oriented command set. The SMCLP is a sub-component of the Distributed Management Task Force (DMTF) SMASH initiative to streamline systems management across multiple platforms.
Running SMCLP commands You can run the SMCLP commands using SSH or Telnet interface. Open an SSH or Telnet interface and log in to iDRAC as an administrator. The SMCLP prompt (admin ->)is displayed. SMCLP prompts: • yx1x blade servers use -$. • yx1x rack and tower servers use admin->. • yx2x blade, rack, and tower servers use admin->. where, y is an alpha-numeric character such as M (for blade servers), R (for rack servers), and T (for tower servers) and x is a number.
Table 45.
Target Definitions admin1/system1/sp1/clpsvc1/tcpendpt* CLP service protocol TCP endpoint admin1/system1/sp1/jobq1 CLP service protocol job queue admin1/system1/sp1/jobq1/job* CLP service protocol job admin1/system1/sp1/pwrmgtsvc1 Power state management service admin1/system1/sp1/account1-16 Local user account admin1/sysetm1/sp1/account1-16/identity1 Local user identity account admin1/sysetm1/sp1/account1-16/identity2 IPMI identity (LAN) account admin1/sysetm1/sp1/account1-16/identity3 IPMI
NOTE: The slash (/) and backslash (\) are interchangeable in SM-CLP address paths. However, a backslash at the end of a command line continues the command on the next line and is ignored when the command is parsed. For example to navigate to the third record in the System Event Log (SEL), enter the following command: ->cd /admin1/system1/logs1/log1/record3 Enter the cd verb with no target to find your current location in the address space. The .. and . abbreviations work as they do in Windows and Linux: ..
• Sel management • Map target navigation Server power management The following examples show how to use SMCLP to perform power management operations on a managed system.
InstanceID = IPMI:BMC1 SEL Log MaxNumberOfRecords = 512 CurrentNumberOfRecords = 5 Name = IPMI SEL EnabledState = 2 OperationalState = 2 HealthState = 2 Caption = IPMI SEL Description = IPMI SEL ElementName = IPMI SEL Commands: cd show help exit version • To view the SEL record: show/system1/logs1/log1 The following output is displayed: /system1/logs1/log1/record4 Properties: LogCreationClassName= CIM_RecordLog CreationClassName= CIM_LogRecord LogName= IPMI SEL RecordID= 1 MessageTimeStamp= 20050620100512.
show help exit version • To clear the SEL: delete /system1/logs1/log1/record* The following output is displayed: All records deleted successfully Map target navigation The following examples show how to use the cd verb to navigate the MAP. In all examples, the initial default target is assumed to be /. Type the following commands at the SMCLP command prompt: • To navigate to the system target and reboot: cd system1 reset The current default target is /.
19 Using iDRAC Service Module The iDRAC Service Module is a software application that is recommended to be installed on the server (it is not installed by default). It complements iDRAC with monitoring information from the operating system. It complements iDRAC by providing additional data to work with iDRAC interfaces such as the Web interface, RACADM, and WSMAN. You can configure the features monitored by the iDRAC Service Module to control the CPU and memory consumed on the server’s operating system.
• Redfish profile support for network attributes • iDRAC Hard Reset • iDRAC access via Host OS (Experimental Feature) • In-band iDRAC SNMP alerts • View operating system (OS) information • Replicate Lifecycle Controller logs to operating system logs • Perform automatic system recovery options • Populate Windows Management Instrumentation (WMI) Management Providers • Integrate with SupportAssist Collection. This is applicable only if iDRAC Service Module version 2.0 or later is installed.
NOTE: On Microsoft Windows, if iSM events get logged under System logs instead of Application logs, restart the Windows Event Log service or restart the host OS. Automatic system recovery options The Automatic system recovery feature is a hardware-based timer. If a hardware failure occurs, the Health Monitor may not be called, but the server is reset as if the power switch was activated. ASR is implemented using a "heartbeat" timer that continuously counts down.
CIM Interface Get references of an instance WinRM WMIC PowerShell Account +Name=iDRAC.Embedded. 1#Users. 1+SystemCreationClassNa me=DCIM_SPComputerSyste m+SystemName=systemmc} 2',SystemCreationClassN ame='DCIM_SPComputerSys tem',SystemName='system mc'}" -namespace root/ cimv2/dcim winrm e wmi/root/cimv2/ Not applicable dcim/* dialect:association – associations -filter: {object=DCIM_Account? CreationClassName=DCIM_ Account +Name=iDRAC.Embedded. 1#Users.
NOTE: The following warning message appears in the Event Viewer under the Application Logs category. This warning does not require any further action. A provider, ismserviceprovider, has been registered in the Windows Management Instrumentation namespace Root\CIMV2\DCIM to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
By default, this feature is disabled. Though the In-band SNMP alerting mechanism can coexist along with iDRAC SNMP alerting mechanism, the recorded logs may have redundant SNMP alerts from both the sources. It is recommended to either use the in-band or out-of-band option, instead of using both. Command usage This section provides the command usages for Windows, Linux, and ESXi operating systems.
iDRAC access via Host OS (Experimental Feature) By using this feature, you can configure and monitor the hardware parameters through iDRAC Web interface, WS-MAN, and Redfish interfaces using the host IP address without configuring the iDRAC IP address. You can use the default iDRAC credentials if the iDRAC server is not configured or continue to use the same iDRAC credentials if the iDRAC server was configured earlier.
You can install this feature by using the setup.sh file that is available with the Web pack. This feature is disabled on a default or typical iSM installation. To get the status of this feature, use the following command: Enable-iDRACAccessHostRoute get-status To install, enable, and configure this feature, use the following command: .
• Power Off System • Power Cycle System This option is disabled if OpenManage Server Administrator is installed on the system. Using iDRAC Service Module from RACADM To use the iDRAC Service Module from RACADM, use the objects in the ServiceModule group. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Using iDRAC Service Module on Windows Nano OS For installation instructions, see the iDRAC Service Module Installation Guide.
20 Using USB port for server management In Dell PowerEdge 12th generation servers, all USB ports are dedicated to the server. With the 13th generation of servers, one of the front panel USB port is used by iDRAC for management purposes such as pre-provisioning and troubleshooting. The port has an icon to indicate that it is a management port. All 13th generation servers with LCD panel support this feature. This port is not available in a few of the 200-500 model variations without the LCD panel.
3 Connect a Type A/A cable from the laptop to iDRAC’s USB port. Management LED, if present, turns green and remains ON for two seconds. 4 Wait for the laptop and iDRAC to acquire IP address 169.254.0.4 and 169.254.0.3. It may take several seconds for the IP addresses to be acquired. 5 Start using iDRAC network interfaces such as the web interface, RACADM, or WSMan. 6 When iDRAC is using the USB port, the LED blinks indicating activity. The blink frequency is four per second.
When a device exceeds its power requirements as allowed by USB specification, the device is detached and an over-current event is generated with the following properties: • Category : System Health • Type: USB device • Severity: Warning • Allowed notifications: Email, SNMP trap, remote syslog and WS-Eventing. • Actions: None. An error message is displayed and logged to Lifecycle Controller log when: • You try to configure the USB management port without the Server Control user privilege.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Configuring USB management port using iDRAC settings utility To configure the USB port: 1 In the iDRAC Settings Utility, go to Media and USB Port Settings. The iDRAC Settings Media and USB Port Settings page is displayed. 2 From the USB Management Port Mode drop-down menu, do the following: • Automatic — USB Port is used by iDRAC or the server’s operating system.
To import the server configuration profile from the USB device to iDRAC: 1 Configure the USB management port: • 2 3 4 Set USB Management Port Mode to Automatic or iDRAC. • Set iDRAC Managed: USB XML Configuration to Enabled with default credentials or Enabled. Insert the USB key (that has the configuration.xml and the control.xml file) to the iDRAC USB port.
A Result file named Results.xml is updated or created in the subdirectory with the following information: • Service tag – Data is recorded after the import operation has either returned a job ID or returned an error. • Job ID – Data is recorded after the import operation has returned a job ID. • Start Date and Time of Job - Data is recorded after the import operation has returned a job ID. • Status – Data is recorded when the import operation returns an error or when the job results are available.
21 Using iDRAC Quick Sync A few Dell 13th generation PowerEdge servers have the Quick Sync bezel that supports the Quick Sync feature. This feature enables atthe-server management with a mobile device. This allows you to view inventory and monitoring information and configure basic iDRAC settings (such as root credential setup and configuration of the first boot device) using the mobile device. You can configure iDRAC Quick Sync access for your mobile device (example, OpenManage Mobile) in iDRAC.
• • • Read-write access – Allows you to configure the basic iDRAC settings. • Read-only access – Allows you to view inventory and monitoring information. • Disabled access – Does not allow you to view information and configure settings. Time-out — You can enable or disable iDRAC Quick Sync inactivity timer: • If enabled, you can specify a time after which the Quick Sync mode is turned off. To turn on, press the activation button again.
Using mobile device to view iDRAC information To view iDRAC information from the mobile device, see the OpenManage Mobile User’s Guide available at dell.com/support/manuals for the steps.
22 Deploying operating systems You can use any of the following utilities to deploy operating systems to managed systems: • Remote File Share • Virtual Media Console Topics: • Deploying operating system using remote file share • Deploying operating system using virtual media • Deploying embedded operating system on SD card Related link Deploying operating system using remote file share Deploying operating system using virtual media Deploying operating system using remote file share Before you dep
Remote file share supports only .img and .iso image file formats. A .img file is redirected as a virtual floppy and a .iso file is redirected as a virtual CDROM. You must have Virtual Media privileges to perform an RFS mounting. NOTE: If ESXi is running on the managed system and if you mount a floppy image (.img) using RFS, the connected floppy image is not available to the ESXi operating system. RFS and Virtual Media features are mutually exclusive.
4 Click Apply and then click Connect. After the connection is established, the Connection Status displays Connected. NOTE: Even if you have configured remote file sharing, the Web interface does not display user credential information due to security reasons. For Linux distributions, this feature may require a manual mount command when operating at runlevel init 3.
To deploy an operating system using Virtual Media: 1 Do one of the following: • Insert the operating system installation CD or DVD into the management station CD or DVD drive. 2 • Attach the operating system image. Select the drive on the management station with the required image to map it. 3 Use one of the following methods to boot to the required device: • 4 Set the boot order to boot once from Virtual Floppy or Virtual CD/DVD/ISO using the iDRAC Web interface.
About IDSDM Internal Dual SD Module (IDSDM) is available only on applicable platforms. IDSDM provides redundancy on the hypervisor SD card by using another SD card that mirrors the first SD card’s content. Either of the two SD cards can be the master. For example, if two new SD cards are installed in the IDSDM, SD1 is active (master) card and SD2 is the standby card. The data is written on both the cards, but the data is read from SD1.
23 Troubleshooting managed system using iDRAC You can diagnose and troubleshoot a remote managed system using: • Diagnostic console • Post code • Boot and crash capture videos • Last system crash screen • System event logs • Lifecycle logs • Front panel status • Trouble indicators • System health Topics: • Using diagnostic console • Viewing post codes • Viewing boot and crash capture videos • Viewing logs • Viewing last system crash screen • Viewing front panel status • Hardwa
Using diagnostic console iDRAC provides a standard set of network diagnostic tools that are similar to the tools included with Microsoft Windows or Linux-based systems. Using iDRAC Web interface, you can access the network debugging tools. To access Diagnostics Console: 1 In the iDRAC Web interface, go to Overview > Server > Troubleshooting > Diagnostics. 2 In the Command text box, enter a command and click Submit. For information about the commands, see the iDRAC Online Help.
• Lifecycle Controller is enabled. • You have Login and Server Control privileges.
3 • Disable — Boot capture is disabled. • Capture until buffer full — Boot sequence is captured until the buffer size has reached. • Capture until end of POST — Boot sequence is captured until end of POST. Click Apply to apply the settings. Viewing logs You can view System Event Logs (SELs) and Lifecycle logs. For more information, see Viewing System Event Log and Viewing Lifecycle log .
To view LCD front panel status using RACADM, use the objects in the System.LCD group. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Related link Configuring LCD setting Viewing system front panel LED status To view the current system ID LED status, in iDRAC web interface, go to Overview > Hardware > Front Panel.
• Batteries • Chassis Controller Status • Fans • Intrusion • Power Supplies • Removable Flash Media • Temperatures • Voltages • CPU In iDRAC Web interface, go to Overview > Server > System Summary > Server Health section. To view CPU health, go to Overview > Hardware > CPU. The system health indicators are: • — Indicates a normal status. • — Indicates a warning status. • — Indicates a failure status. • — Indicates an unknown status.
Each time the data collection is performed, an event is recorded in the Lifecycle Controller log. The event includes information such as the interface used, the date and time of export, and iDRAC user name. You can generate the OS Application and Logs report in two ways: • Automatic — Using iDRAC Service Module that automatically invokes the OS Collector tool. • Manual — By manually executing the OS Collector executable from the server OS.
5 Specify the location to save the SupportAssist collection. Generating SupportAssist Collection manually When iSM is not installed, you can manually run the OS collector tool to generate the SupportAssist collection. You must run OS Collector tool on the server OS to export the OS and application data. A virtual USB device labeled DRACRW appears in the server operating system. This device contains the OS Collector file that is specific for the host operating system.
The SupportAssist page is displayed. 2 Select options for which you want to collect the data: • • Hardware to export the report to a location on the local system OS and Application Data to export the report to a network share and specify the network settings. • NOTE: While specifying the network share settings, it is recommended to avoid special characters for user name and password or percent encode the special characters.
• Go to Overview > Server > Summary. Under Quick Launch Tasks, click Reset iDRAC. • Go to Overview > Server > Troubleshooting > Diagnostics. Click Reset iDRAC. Resetting iDRAC using RACADM To restart iDRAC, use the racreset command. For more information, see the RACADM Reference Guide for iDRAC and CMC available at dell.com/support/manuals. Erasing system and user data You can erase system component(s) and user data for those components.
Resetting iDRAC to factory default settings using iDRAC web interface To reset iDRAC to factory default settings using the iDRAC Web interface: 1 Go to Overview > Server > Troubleshooting > Diagnostics. The Diagnostics Console page is displayed. 2 Click Reset iDRAC to Default Settings. The completion status is displayed in percentage. iDRAC reboots and is restored to factory defaults. The iDRAC IP is reset and is not accessible. You can configure the IP using the front panel or BIOS.
24 Frequently asked questions This section lists the frequently asked questions for the following: • System Event Log • Network security • Active Directory • Single Sign On • Smart card login • Virtual console • Virtual media • vFlash SD card • SNMP authentication • Storage devices • iDRAC Service Module • RACADM • Miscellaneous Topics: • System Event Log • Network security • Active Directory • Single Sign-On • Smart card login • Virtual console • Virtual media • vFl
• Automatic prompting for file downloads (if this option is available) • File download CAUTION: To make sure that the computer used to access iDRAC is safe, under Miscellaneous, do not enable the Launching applications and unsafe files option. Network security While accessing the iDRAC Web interface, a security warning appears stating that the SSL certificate issued by the Certificate Authority (CA) is not trusted.
• • The Group Name and Group Domain Name matches the Active Directory configuration if you are using standard schema. • If the user and the iDRAC object is in different domain, then do not select the User Domain from Login option. Instead select Specify a Domain option and enter the domain name where the iDRAC object resides. Check the domain controller SSL certificates to make sure that the iDRAC time is within the valid period of the certificate.
Yes. All the transportation is over secure port 636 and/or 3269. During test setting, iDRAC does a LDAP CONNECT only to isolate the problem, but it does not do an LDAP BIND on an insecure connection. Why does iDRAC enable certificate validation by default? iDRAC enforces strong security to ensure the identity of the domain controller that iDRAC connects to. Without certificate validation, a hacker can spoof a domain controller and hijack the SSL connection.
5 Enable all the options. 6 Click OK. You can now log in to iDRAC using SSO. Perform the following additional settings for Extended Schema: 1 In the Local Group Policy Editor window, navigate to Local Computer Settings > Windows Settings > Security Settings > Local Policies > Security Options . 2 Right-click Network Security: Restrict NTLM: Outgoing NTLM traffic to remote server and select Properties. 3 Select Allow all, click OK, and close the Local Group Policy Editor window.
Yes. Why does it take 15 seconds to turn off the local video on the server after requesting to turn off the local video? It gives a local user an opportunity to take any action before the video is switched off. Is there a time delay when turning on the local video? No, after a local video turn ON request is received by iDRAC, the video is turned on instantly. Can the local user also turn off or turn on the video? When the local console is disabled, the local user cannot turn off or turn on the video.
Make sure that the Single Cursor option under Tools in the iDRAC Virtual Console menu is selected on iDRAC Virtual Console client. The default is two cursor mode. Can a keyboard or mouse be used while installing a Microsoft operating system remotely through the Virtual Console? No. When you remotely install a supported Microsoft operating system on a system with Virtual Console enabled in the BIOS, an EMS Connection Message is sent that requires that you select OK remotely.
Why is the Virtual Console Viewer window blank? If you have Virtual Media privilege, but not Virtual Console privilege, you can start the viewer to access the virtual media feature, but the managed server’s console is not displayed. Why doesn’t the mouse synchronize in DOS when using Virtual Console? The Dell BIOS is emulating the mouse driver as a PS/2 mouse. By design, the PS/2 mouse uses relative position for the mouse pointer, which causes the lag in syncing.
Virtual media Why does the Virtual Media client connection sometimes drop? • When a network time-out occurs, iDRAC firmware drops the connection, disconnecting the link between the server and the virtual drive. • When the Virtual Console is disabled, it may disconnect the Virtual Media session. Disabling the TLS certificate revocation check avoids any disconnection. To disable the TLS certification revocation check: a Launch the Java Control Panel. b Click the Advanced tab.
1 Open a Linux command prompt and run the following command: grep "Virtual Floppy" /var/log/messages 2 Locate the last entry to that message and note the time. 3 At the Linux prompt, run the following command: grep "hh:mm:ss" /var/log/messages where, hh:mm:ss is the time stamp of the message returned by grep in step 1. 4 In step 3, read the result of the grep command and locate the device name that is given to the Virtual Floppy.
• If you are using any Windows server operating systems, stop the Windows service named Windows Event Collector. To do this, go to Start > Administrative Tools > Services. Right-click Windows Event Collector and click Stop. While viewing the contents of a floppy drive or USB key, a connection failure message is displayed if the same drive is attached through the virtual media? Simultaneous access to virtual floppy drives is not allowed.
• On systems running Windows: Open the Control Panel, verify if iDRAC Service Module is listed in the list of installed programs displayed. • On systems running Linux: Run the command rpm —qi dcism. If the iDRAC Service Module is installed, the status displayed is installed. NOTE: To check if the iDRAC Service Module is installed on Red Hat Enterprise Linux 7, use the systemctl status dcismeng.service command instead of the init.d command.
While installing iDRAC Service Module VIB on a VMware ESXi server, iDRAC Service Module creates the vSwtich and Portgroup to communicate with iDRAC over the OS to iDRAC Pass-through in USB NIC mode. After the uninstallation, the virtual switch vSwitchiDRACvusb and the port group iDRAC Network are not deleted. To delete it manually, perform one of the following steps: • Go to vSphere Client Configuration wizard and delete the entries.
Clear the ARP table on your system. Remote RACADM fails to connect to iDRAC from SUSE Linux Enterprise Server (SLES) 11 SP1. Make sure that the official openssl and libopenssl versions are installed. Run the following command to install the RPM packages: rpm -ivh --force < filename > where, filename is the openssl or libopenssl rpm package file. For example: rpm -ivh --force openssl-0.9.8h-30.22.21.1.x86_64.rpm rpm -ivh --force libopenssl0_9_8-0.9.8h-30.22.21.1.x86_64.
How to find the CMC IP address related to the blade server? • From iDRAC web interface: Go to Overview > iDRAC Settings > CMC. The CMC Summary page displays the CMC IP address. • From the Virtual Console: Select the "Dell CMC" console in the OSCAR to log in to CMC through a local serial connection. CMC RACADM commands can be issued from this connection.
• Ensure that NIC settings, IPv4 and IPv6 settings and either Static or DHCP is enabled for your network. Inserted the blade server into the chassis and pressed the power switch, but it did not power on. • iDRAC requires up to two minutes to initialize before the server can power on. • Check CMC power budget. The chassis power budget may have exceeded. How to retrieve an iDRAC administrative user name and password? You must restore iDRAC to its default settings.
25 Use case scenarios This section helps you in navigating to specific sections in the guide to perform typical use case scenarios.
• Generate Tech Support report and view the collected data.
Interfaces to update iDRAC firmware Use the following interfaces to update the iDRAC firmware: • iDRAC Web interface • RACADM CLI (iDRAC and CMC) • Dell Update Package (DUP) • CMC Web interface • Lifecycle Controller–Remote Services • Lifecycle Controller • Dell Remote Access Configuration Tool (DRACT) Performing graceful shutdown To perform graceful shutdown, in iDRAC Web interface, go to one of the following locations: • Overview > Server > Power/Thermal > Power Configuration > Power Contro
5 Select the drive to map it. The image on the USB flash drive is mapped to the managed system. Installing bare metal OS using attached virtual media and remote file share To do this, see Deploying operating system using remote file share. Managing rack density Suppose two servers are installed in a rack. To add two additional servers, need to determine how much capacity is left in the rack.
