Users Guide
Table Of Contents
- Integrated Dell Remote Access Controller 9 (iDRAC9) Version 3.00.00.00 User's Guide
- Overview
- Benefits of using iDRAC with Lifecycle Controller
- Key features
- New in this release
- How to use this guide
- Supported web browsers
- iDRAC licenses
- Licensed features in iDRAC9
- Interfaces and protocols to access iDRAC
- iDRAC port information
- Other documents you may need
- Contacting Dell
- Accessing documents from Dell support site
- Logging in to iDRAC
- Logging in to iDRAC as local user, Active Directory user, or LDAP user
- Logging in to iDRAC as a local user using a smart card
- Logging in to iDRAC using Single Sign-On
- Accessing iDRAC using remote RACADM
- Accessing iDRAC using local RACADM
- Accessing iDRAC using firmware RACADM
- Viewing system health
- Logging in to iDRAC using public key authentication
- Multiple iDRAC sessions
- Accessing iDRAC using SMCLP
- Secure default password
- Changing the default login password
- Enabling or disabling default password warning message
- IP Blocking
- Enabling or disabling OS to iDRAC Pass-through using web interface
- Enabling or disabling alerts using RACADM
- Setting up managed system
- Setting up iDRAC IP address
- Modifying local administrator account settings
- Setting up managed system location
- Optimizing system performance and power consumption
- Setting up management station
- Configuring supported web browsers
- Configuring Internet Explorer
- Configuring Mozilla Firefox
- Configuring web browsers to use virtual console
- Viewing localized versions of web interface
- Updating device firmware
- Updating firmware using iDRAC web interface
- Updating device firmware using RACADM
- Scheduling automatic firmware updates
- Updating firmware using CMC web interface
- Updating firmware using DUP
- Updating firmware using remote RACADM
- Updating firmware using Lifecycle Controller Remote Services
- Updating CMC firmware from iDRAC
- Viewing and managing staged updates
- Rolling back device firmware
- Backing up server profile
- Importing server profile
- Monitoring iDRAC using other Systems Management tools
- Support Server Configuration Profile (SCP) — Import and Export
- Secure Boot Configuration from BIOS Settings (F2)
- Configuring iDRAC
- Viewing iDRAC information
- Modifying network settings
- FIPS mode
- Configuring services
- Configuring TLS
- Using VNC client to manage remote server
- Configuring front panel display
- Configuring time zone and NTP
- Setting first boot device
- Enabling or disabling OS to iDRAC Pass-through
- Obtaining certificates
- Configuring multiple iDRACs using RACADM
- Disabling access to modify iDRAC configuration settings on host system
- Viewing iDRAC and managed system information
- Viewing managed system health and properties
- Viewing system inventory
- Viewing sensor information
- Monitoring performance index of CPU, memory, and input output modules
- Checking the system for Fresh Air compliance
- Viewing historical temperature data
- Viewing network interfaces available on host OS
- Viewing network interfaces available on host OS using RACADM
- Viewing FlexAddress mezzanine card fabric connections
- Viewing or terminating iDRAC sessions
- Setting up iDRAC communication
- Communicating with iDRAC through serial connection using DB9 cable
- Configuring BIOS for serial connection
- Enabling RAC serial connection
- Enabling IPMI serial connection basic and terminal modes
- Switching between RAC serial and serial console while using DB9 cable
- Communicating with iDRAC using IPMI SOL
- Communicating with iDRAC using IPMI over LAN
- Enabling or disabling remote RACADM
- Disabling local RACADM
- Enabling IPMI on managed system
- Configuring Linux for serial console during boot in RHEL 6
- Supported SSH cryptography schemes
- Communicating with iDRAC through serial connection using DB9 cable
- Configuring user accounts and privileges
- Recommended characters in user names and passwords
- Configuring local users
- Configuring Active Directory users
- Prerequisites for using Active Directory authentication for iDRAC
- Supported Active Directory authentication mechanisms
- Standard schema Active Directory overview
- Configuring Standard schema Active Directory
- Extended schema Active Directory overview
- Configuring Extended schema Active Directory
- Extending Active Directory schema
- Installing Dell extension to the Active Directory users and computers snap-in
- Adding iDRAC users and privileges to Active Directory
- Configuring Active Directory with Extended schema using iDRAC web interface
- Configuring Active Directory with Extended schema using RACADM
- Testing Active Directory settings
- Configuring generic LDAP users
- System Lockdown mode
- Configuring iDRAC for Single Sign-On or smart card login
- Prerequisites for Active Directory Single Sign-On or smart card login
- Configuring iDRAC SSO login for Active Directory users
- Configuring iDRAC smart card login for local users
- Configuring iDRAC smart card login for Active Directory users
- Enabling or disabling smart card login
- Configuring iDRAC to send alerts
- Enabling or disabling alerts
- Filtering alerts
- Setting event alerts
- Setting alert recurrence event
- Setting event actions
- Configuring email alert, SNMP trap, or IPMI trap settings
- Configuring WS Eventing
- Configuring Redfish Eventing
- Monitoring chassis events
- Alerts message IDs
- iDRAC 9 Group Manager
- Managing logs
- Monitoring and managing power
- Inventorying, monitoring, and configuring network devices
- Inventorying and monitoring network devices
- Inventorying and monitoring FC HBA devices
- Dynamic configuration of virtual addresses, initiator, and storage target settings
- Supported cards for IO Identity Optimization
- Supported NIC firmware versions for IO Identity Optimization
- Virtual or Flex Address and Persistence Policy behavior when iDRAC is set to Flex Address mode or Console mode
- System behavior for FlexAddress and IO Identity
- Enabling or disabling IO Identity Optimization
- Configuring persistence policy settings
- Managing storage devices
- Understanding RAID concepts
- Supported controllers
- Supported enclosures
- Summary of supported features for storage devices
- Inventorying and monitoring storage devices
- Viewing storage device topology
- Managing physical disks
- Managing virtual disks
- Managing controllers
- Configuring controller properties
- Importing or auto importing foreign configuration
- Clearing foreign configuration
- Resetting controller configuration
- Switching the controller mode
- 12 Gbps SAS HBA adapter operations
- Monitoring predictive failure analysis on drives
- Controller operations in non-RAID mode or HBA mode
- Running RAID configuration jobs on multiple storage controllers
- Manage Preserved cache
- Managing PCIe SSDs
- Managing enclosures or backplanes
- Choosing operation mode to apply settings
- Viewing and applying pending operations
- Storage devices — apply operation scenarios
- Blinking or unblinking component LEDs
- BIOS Settings
- Configuring and using virtual console
- Supported screen resolutions and refresh rates
- Configuring virtual console
- Previewing virtual console
- Launching virtual console
- Using virtual console viewer
- HTML5 based virtual console
- Synchronizing mouse pointers
- Passing all keystrokes through virtual console for Java or ActiveX plug-in
- Using iDRAC Service Module
- Using USB port for server management
- Using Quick Sync 2
- Managing virtual media
- Installing and using VMCLI utility
- Managing vFlash SD card
- Configuring vFlash SD card
- Managing vFlash partitions
- Using SMCLP
- Deploying operating systems
- Troubleshooting managed system using iDRAC
- Using diagnostic console
- Viewing post codes
- Viewing boot and crash capture videos
- Viewing logs
- Viewing last system crash screen
- Viewing System status
- Hardware trouble indicators
- Viewing system health
- Checking server status screen for error messages
- Restarting iDRAC
- Erasing system and user data
- Resetting iDRAC to factory default settings
- SupportAssist Integration in iDRAC
- Frequently asked questions
- Use case scenarios
- Troubleshooting an inaccessible managed system
- Obtaining system information and assess system health
- Setting up alerts and configuring email alerts
- Viewing and exporting System Event Log and Lifecycle Log
- Interfaces to update iDRAC firmware
- Performing graceful shutdown
- Creating new administrator user account
- Launching servers remote console and mounting a USB drive
- Installing bare metal OS using attached virtual media and remote file share
- Managing rack density
- Installing new electronic license
- Applying IO Identity configuration settings for multiple network cards in single host system reboot
Monitoring iDRAC using other Systems Management
tools
You can discover and monitor iDRAC using Dell Management Console or Dell OpenManage Essentials. You can also use Dell
Remote Access Configuration Tool (DRACT) to discover iDRACs, update firmware, and set up Active Directory. For more
information, see the respective user’s guides.
Support Server Configuration Profile (SCP) — Import
and Export
Server Configuration Profile allows you to import and export server configuration files.
User can import and export from local management station, and from a Network Share via CIFS, NFS, HTTP or HTTPS. Using
SCP, you can select and import or export component level configurations for BIOS, NIC and RAID. You can import and export
SCP to the local management station or to a CIFS, NFS, HTTP, or HTTPS network share. You can either import and export
individual profiles of iDRAC, BIOS, NIC, and RAID, or all of them together as a single file.
User can specify preview import or export of the SCP where the job is running and configuration result is generated but none of
the configuration has applied.
A job is created once the import or export is initiated through the GUI. The status of the jobs can be viewed on the Job Queue
page.
NOTE: Only Host Name or IP Address are accepted for destination address.
NOTE: You can browse to a specific location to import the server configuration files. You need to select the correct server
configuration file that you want to import. For example, import.xml.
NOTE: Depending on the exported file format (that you selected), the extension is added automatically. For example,
export_system_config.xml.
Secure Boot Configuration from BIOS Settings (F2)
UEFI Secure Boot is a technology that eliminates a major security void that may occur during a handoff between the UEFI
firmware and UEFI operating system (OS). In UEFI Secure Boot, each component in the chain is validated and authorized
against a specific certificate before it is allowed to load or run. Secure Boot removes the threat and provides software identity
checking at every step of the boot—Platform firmware, Option Cards, and OS BootLoader.
The Unified Extensible Firmware Interface (UEFI) Forum—an industry body that develops standards for pre-boot software
—defines Secure Boot in the UEFI specification. Computer system vendors, expansion card vendors, and operating system
providers collaborate on this specification to promote interoperability. As a portion of the UEFI specification, Secure Boot
represents an industry-wide standard for security in the pre-boot environment.
When enabled, UEFI Secure Boot prevents the unsigned UEFI device drivers from being loaded, displays an error message, and
does not allow the device to function. You must disable Secure Boot to load the unsigned device drivers.
On the Dell 14
th
generation and later versions of PowerEdge servers, you can enable or disable the Secure Boot feature by using
different interfaces (RACADM, WSMAN, REDFISH, and LC-UI).
Acceptable file formats
The Secure Boot policy contains only one key in PK, but multiple keys may reside in KEK. Ideally, either the platform
manufacturer or platform owner maintains the private key corresponding to the public PK. Third parties (such as OS providers
and device providers) maintain the private keys corresponding to the public keys in KEK. In this way, platform owners or third
parties may add or remove entries in the db or dbx of a specific system.
The Secure Boot policy uses db and dbx to authorize pre-boot image file execution. For an image file to get executed, it must
associate with a key or hash value in db, and not associate with a key or hash value in dbx. Any attempts to update the contents
of db or dbx must be signed by a private PK or KEK. Any attempts to update the contents of PK or KEK must be signed by a
private PK.
78
Setting up managed system