Users Guide
Table Of Contents
- Introduction
- Setup And Administration
- Role-Based Access Control
- Authentication
- Encryption
- Assigning User Privileges
- Adding Users To A Domain On Windows Operating Systems
- Creating Server Administrator Users For Supported Red Hat Enterprise Linux and SUSE Linux Enterprise Server Operating Systems
- Disabling Guest And Anonymous Accounts In Supported Windows Operating Systems
- Configuring The SNMP Agent
- Configuring The SNMP Agent On Systems Running Supported Windows Operating Systems
- Enabling SNMP Access On Remote Hosts (Windows Server 2003 Only)
- Changing The SNMP Community Name
- Configuring Your System To Send SNMP Traps To A Management Station
- Configuring The SNMP Agent On Systems Running Supported Red Hat Enterprise Linux
- SNMP Agent Access Control Configuration
- Server Administrator SNMP Agent Install Actions
- Changing The SNMP Community Name
- Configuring Your System To Send Traps To A Management Station
- Configuring The SNMP Agent On Systems Running Supported SUSE Linux Enterprise Server
- Sever Administrator SNMP Install Actions
- Enabling SNMP Access From Remote Hosts
- Changing The SNMP Community Name
- Configuring The SNMP Agent On Systems Running Supported VMware ESX 4.X Operating Systems To Proxy VMware MIBs
- Configuring The SNMP Agent On Systems Running Supported VMware ESXi 4.X And ESXi 5.X Operating Systems
- Configuring Your System To Send Traps To A Management Station
- Firewall Configuration On Systems Running Supported Red Hat Enterprise Linux Operating Systems And SUSE Linux Enterprise Server
- Using Server Administrator
- Logging In And Out
- Server Administrator Local System Login
- Server Administrator Managed System Login — Using the Desktop Icon
- Server Administrator Managed System Login — Using The Web Browser
- Central Web Server Login
- Using The Active Directory Login
- Single Sign-On
- Configuring Security Settings On Systems Running A Supported Microsoft Windows Operating System
- The Server Administrator Home Page
- Using The Online Help
- Using The Preferences Home Page
- Using The Server Administrator Command Line Interface
- Logging In And Out
- Server Administrator Services
- Working With Remote Access Controller
- Viewing Basic Information
- Configuring The Remote Access Device To Use A LAN Connection
- Configuring The Remote Access Device To Use A Serial Port Connection
- Configuring The Remote Access Device To Use A Serial Over LAN Connection
- Additional Configuration For iDRAC
- Configuring Remote Access Device Users
- Setting Platform Event Filter Alerts
- Server Administrator Logs
- Setting Alert Actions
- Setting Alert Actions For Systems Running Supported Red Hat Enterprise Linux And SUSE Linux Enterprise Server Operating Systems
- Setting Alert Actions In Microsoft Windows Server 2003 And Windows Server 2008
- Setting Alert Action Execute Application In Windows Server 2008
- BMC/iDRAC Platform Events Filter Alert Messages
- Troubleshooting
- Frequently Asked Questions
SSL_RSA_WITH_RC4_128_MD5
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
NOTE: The 128-bit or Higher option does not allow connections from browsers with lower SSL encryption
strength, such as 40 bit and 56 bit.
● Key Signing Algorithm (For Self Signed Certificate) — Allows you to select a supported signing algorithm. If you
select either SHA 512 or SHA 256, ensure that your operating system/browser supports this algorithm. If you select
one of these options without the requisite operating system/browser support, Server Administrator displays a cannot
display the webpage error. This field is meant only for Server Administrator auto-generated self-signed certificates.
The drop-down list is grayed out if you import or generate new certificates into Server Administrator.
● The Java Runtime Environment — Allows you to select the one of the following options:
● Bundled JRE — Enables use of the JRE provided along with the System Administrator.
● System JRE — Enables use of the JRE installed on the system. Select the required version from the drop-down list.
NOTE: If the JRE does not exist on the system on which Server Administrator is running, the JRE provided with the
Server Administrator is used.
NOTE: If the encryption level is set to 128-bit or Higher, you can access or modify the Server Administrator settings
using a browser with the same or higher encryption levels.
4. When you finish setting options in the Server Preferences window, click Apply.
NOTE: You must restart the Server Administrator web server for the changes to take effect.
X.509 Certificate Management
NOTE: You must be logged in with Administrator privileges to perform certificate management.
Web certificates are necessary to ensure the identity of a remote system and ensure that information exchanged with the
remote system are not viewed or changed by others. To ensure system security, it is recommended that:
● You generate a new X.509 certificate, reuse an existing X.509 certificate or import a certificate chain from a Certification
Authority (CA).
● All systems that have Server Administrator installed have unique host names.
To manage X.509 certificates through the Preferences home page, click General Settings, click the Web Server tab, and
click X.509 Certificate.
The following are the available options:
●
Generate a new certificate — Generates a new self-signed certificate used for SSL communication between the server
running Server Administrator and the browser.
NOTE:
When using a self-signed certificate, most web browsers display an untrusted warning as the self-signed
certificate is not signed by a Certificate Authority (CA) trusted by the operating system. Some secure browser settings
can also block the self-signed SSL certificates. The OMSA web GUI requires a CA-signed certificate for such secure
browsers.
● Certificate Maintenance — Allows you to generate a Certificate Signing Request (CSR) containing all the certificate
information about the host required by the CA to automate the creation of a trusted SSL web certificate. You can retrieve
the necessary CSR file either from the instructions on the Certificate Signing Request (CSR) page or by copying the entire
text in the text box on the CSR page and pasting it in the CA submit form. The text must be in the Base64–encoded format.
NOTE:
You also have an option to view the certificate information and export the certificate that is being used in the
Base64–encoded format, which can be imported by other web services.
● Import certificate chain — Allows you to import the certificate chain (in PKCS#7 format) signed by a trusted CA. The
certificate can be in DER or Base64-encoded format.
Using Server Administrator
31