Users Guide
Monitoring iDRAC using other Systems
Management tools
You can discover and monitor iDRAC using Dell Management Console or Dell OpenManage Essentials. You can also use Dell Remote
Access Configuration Tool (DRACT) to discover iDRACs, update firmware, and set up Active Directory. For more information, see the
respective user’s guides.
Support Server Configuration Profile (SCP) —
Import and Export
Server Configuration Profile allows you to import and export server configuration files.
User can import and export from local management station, and from a Network Share via CIFS, NFS, HTTP or HTTPS. Using SCP, you
can select and import or export component level configurations for BIOS, NIC and RAID. You can import and export SCP to the local
management station or to a CIFS, NFS, HTTP, or HTTPS network share. You can either import and export individual profiles of iDRAC,
BIOS, NIC, and RAID, or all of them together as a single file.
User can specify preview import or export of the SCP where the job is running and configuration result is generated but none of the
configuration has applied.
A job is created once the import or export is initiated through the GUI. The status of the jobs can be viewed on the Job Queue page.
NOTE:
Only Host Name or IP Address are accepted for destination address.
NOTE: You can browse to a specific location to import the server configuration files. You need to select the correct
server configuration file that you want to import. For example, import.xml.
NOTE: Depending on the exported file format (that you selected), the extension is added automatically. For example,
export_system_config.xml.
Secure Boot Configuration from BIOS Settings
(F2)
UEFI Secure Boot is a technology that eliminates a major security void that may occur during a handoff between the UEFI firmware and
UEFI operating system (OS). In UEFI Secure Boot, each component in the chain is validated and authorized against a specific certificate
before it is allowed to load or run. Secure Boot removes the threat and provides software identity checking at every step of the boot—
Platform firmware, Option Cards, and OS BootLoader.
The Unified Extensible Firmware Interface (UEFI) Forum—an industry body that develops standards for pre-boot software—defines
Secure Boot in the UEFI specification. Computer system vendors, expansion card vendors, and operating system providers collaborate on
this specification to promote interoperability. As a portion of the UEFI specification, Secure Boot represents an industry-wide standard for
security in the pre-boot environment.
When enabled, UEFI Secure Boot prevents the unsigned UEFI device drivers from being loaded, displays an error message, and does not
allow the device to function. You must disable Secure Boot to load the unsigned device drivers.
On the Dell 14
th
generation and later versions of PowerEdge servers, you can enable or disable the Secure Boot feature by using different
interfaces (RACADM, WSMAN, REDFISH, and LC-UI).
Acceptable file formats
The Secure Boot policy contains only one key in PK, but multiple keys may reside in KEK. Ideally, either the platform manufacturer or
platform owner maintains the private key corresponding to the public PK. Third parties (such as OS providers and device providers)
maintain the private keys corresponding to the public keys in KEK. In this way, platform owners or third parties may add or remove entries
in the db or dbx of a specific system.
The Secure Boot policy uses db and dbx to authorize pre-boot image file execution. For an image file to get executed, it must associate
with a key or hash value in db, and not associate with a key or hash value in dbx. Any attempts to update the contents of db or dbx must
be signed by a private PK or KEK. Any attempts to update the contents of PK or KEK must be signed by a private PK.
Policy Component
Acceptable File Formats Acceptable File Extensions Max records allowed
Setting up managed system 75