Dell OpenManage™ Version 5.
Back to Contents Page Frequently Asked Questions Dell OpenManage™ Version 5.1 Installation and Security User's Guide General Microsoft® Windows® Red Hat® Enterprise Linux or SUSE® Linux Enterprise Server General Is the Dell™ PowerEdge™ Installation and Server Management CD a bootable CD? Yes, the CD is bootable. It boots into the Dell OpenManage™ Server Assistant operating system setup mode by default.
msiexec /i SysMgmt.msi /qb Reboot=ReallySuppress What is an MSP service pack file? Should I upgrade my Dell OpenManage 4.3 version with the MSP file? A Microsoft Service Pack (MSP) file stores only the differences between an old version and a new version. It is much smaller in size than the upgrade file. You can either use the MSP file or the new MSI file to upgrade your Dell OpenManage 4.3. Using the MSP file is a good idea as it is more efficient.
Yes, you can. You can run the MSI directly from the \Windows\SystemsManagement folder. In general, it is not a good idea to bypass the prerequisite information as there could be important information that you would not know otherwise. How do I know what version of systems management software is installed on the system? Go to Start® Settings® Control Panel® Add/Remove programs and select Dell OpenManage Server Administrator. Select the link for support information.
For SUSE Linux Enterprise Server, the dependent RPM files are captured in the following directory: /srvadmin/linux/RPMS/supportRPMS/SUSE9_x86_64 For instance, in the RH4_x86_64 subdirectory, execute the following command to install or update all the dependent RPM files: rpm –Uvh /srvadmin/linux/RPMS/supportRPMS/RH4_x86_64 You will then be able to continue with the Server Administrator installation.
provides the device drivers and libraries needed by systems management software to access information about the hardware on supported systems. srvadmin-ipmi srvadmin-isvc Server Administrator Instrumentation Service — Server Administrator provides a suite of systems management information for keeping supported systems on your network healthy.
add-openipmi-RHEL3 — Provides OpenIPMI support for Red Hat Enterprise Linux (version 3) dkms Dynamic Kernel Module Support Framework — This package contains the framework for the Dynamic Kernel Module Support (DKMS) method for installing module RPMS as originally developed by Dell Computer Corporation. openipmi Openipmi XX.Y.RHEL3 dkms package — Kernel modules for openipmi XX.Y.RHEL3 in a DKMS wrapper. dkms srvadmin-ipmi This RPM forces the proper install sequence for the DKMS, openipmi XX.Y.
For support of Server Administrator Storage Systems mptctl Device driver for LSI RAID Back to Contents Page
Back to Contents Page Glossary Dell OpenManage™ Version 5.1 Installation and Security User's Guide The following list defines technical terms, abbreviations, and acronyms used in your system documents. attribute As it relates to an attribute is a piece of information related to a component. Attributes can be combined to form groups. If an attribute is defined as readwrite, it may be defined by a management application.
CLI Abbreviation for command line interface. cm Abbreviation for centimeter(s). ConsoleOne Novell® ConsoleOne® is a Java-based foundation for graphical utilities that manage and administer network resources from different locations and platforms. ConsoleOne provides a single point of control for all Novell and external products.
DRAC III Acronym for Dell Remote Access Controller III. DRAC III/XT Acronym for Dell Remote Access Controller III/XT. DRAM Acronym for dynamic random-access memory. A system's RAM is usually made up entirely of DRAM chips. Because DRAM chips cannot store an electrical charge indefinitely, your system continually refreshes each DRAM chip in the system. ERA Abbreviation for embedded remote access. ERA/MC Abbreviation for embedded remote access modular computer. See modular system.
firmware Software (programs or data) that has been written onto read-only memory (ROM). Firmware can boot and operate a device. Each controller contains firmware which helps provide the controller's functionality. format To prepare a hard drive or diskette for storing files. An unconditional format deletes all data stored on the disk. FSMO Abbreviation for Flexible Single Master Operation. FTP Abbreviation for file transfer protocol. GB Abbreviation for gigabyte(s).
Abbreviation for HyperText Transmission Protocol, Secure. HTTPS is a variant of HTTP used by Web browsers for handling secure transactions. HTTPS is a unique protocol that is simply SSL underneath HTTP. You need to use "https://" for HTTP URLs with SSL, whereas you continue to use "http://" for HTTP URLs without SSL. ICES Abbreviation for Interface-Causing Equipment Standard (in Canada). ICMP Abbreviation for Internet Control Message Protocol.
ITE Abbreviation for information technology equipment. Java A cross-platform programming language developed by Sun Microsystems. JSSE Abbreviation for Java Secure Socket Extension. K Abbreviation for kilo-, indicating 1000. key combination A command requiring you to press multiple keys at the same time. For example, you can reboot your system by pressing the key combination. LAN Acronym for local area network.
Mb Abbreviation for megabit. MB Abbreviation for megabyte(s). The term megabyte means 1,048,576 bytes; however, when referring to hard drive storage, the term is often rounded to mean 1,000,000 bytes. memory A system can contain several different forms of memory, such as RAM, ROM, and video memory. Frequently, the word memory is used as a synonym for RAM; for example, an unqualified statement such as "a system with 16 MB of memory" refers to a system with 16 MB of RAM.
name The name of an object or variable is the exact string that identifies it in an SNMP Management Information Base (MIB) file or in a CIM Management Object File (MOF). NDS Abbreviation for Novell Directory Service. NIC Acronym for network interface card. noninterlaced A technique for decreasing screen flicker by sequentially refreshing each horizontal line on the screen. ns Abbreviation for nanosecond(s), one billionth of a second.
PC card A credit-card sized, removable module for portable computers standardized by PCMCIA. PC Cards are also known as "PCMCIA cards." PC Cards are 16-bit devices that are used to attach modems, network adapters, sound cards, radio transceivers, solid state disks and hard disks to a portable computer. The PC Card is a "plug and play" device, which is configured automatically by the Card Services software. PCI Abbreviation for Peripheral Component Interconnect.
often need its program diskette set.
supported Web browser. See managed system. ROM Acronym for read-only memory. Your system contains some programs essential to its operation in ROM code. Unlike RAM, a ROM chip retains its contents even after you turn off your system. Examples of code in ROM include the program that initiates your system's boot routine and the POST. RPM Abbreviation for Red Hat® Package Manager. SAN Acronym for storage area network. SAS Acronym for serial attached SCSI. SCA Abbreviation for single connector attachment.
A modular system component that functions as an individual system. To function as a system, a server module is inserted into a chassis which includes power supplies, fans, a system management module, and at least one network switch module. The power supplies, fans, system management module, and network switch module are shared resources of the server modules in the chassis. See modular system.
The rules that dictate how you must type a command or instruction so that the system understands it. A variable's syntax indicates its data type. system board As the main circuit board, the system board usually contains most of your system's integral components, such as the following: l Microprocessor l RAM l Controllers for standard peripheral devices, such as the keyboard l Various ROM chips Frequently used synonyms for system board are motherboard and logic board.
TFTP Abbreviation for Trivial File Transfer Protocol. TFTP is a version of the TCP/IP FTP protocol that has no directory or password capability. text mode A video mode that can be defined as x columns by y rows of characters. threshold values Systems are normally equipped with various sensors that monitor temperature, voltage, current, and fan speed.
URL Abbreviation for Uniform Resource Locator (formerly Universal Resource Locator). USB Abbreviation for Universal Serial Bus. A USB connector provides a single connection point for multiple USB-compliant devices, such as mice, keyboards, printers, and computer speakers. USB devices can also be connected and disconnected while the system is running. utility A program used to manage system resources—memory, disk drives, or printers, for example.
Video adapters normally support multiple text and graphics display modes. Character-based software displays in text modes that can be defined as x columns by y rows of characters. Graphics-based software displays in graphics modes that can be defined as x horizontal by y vertical pixels by z colors. video resolution Video resolution—800 x 600, for example—is expressed as the number of pixels across by the number of pixels up and down.
write-protected Read-only files are said to be write-protected. You can write-protect a 3.5-inch diskette by sliding its write-protect tab to the open position or by setting the write-protect feature in the System Setup program. WMI Acronym for Windows Management Instrumentation. WMI provides CIM Object Manager services. X.509 Certificate An X.509 certificate binds a public encryption key to the identity or other attribute of its principal.
Back to Contents Page Installing Managed System Software on Red Hat® Enterprise Linux and SUSE® Linux Operating Systems Dell OpenManage™ Version 5.1 Installation and Security User's Guide Overview Before You Begin Installation Requirements Installation Procedures Using Dell OpenManage with VMware® ESX Server™ Software Managed System Software Installation Using Third-Party Deployment Software Overview You can install managed systems software by one of two methods.
l SUSE Linux Enterprise Server (version 10) Gold, for Intel EM64T NOTE: See the Server Administrator readme file on the Dell PowerEdge Installation and Server Management CD or the Dell OpenManage Server Administrator Compatibility Guide on the Documentation CD for the latest detailed list of the Server Administrator services that are supported on each supported operating system. System Requirements Managed systems software must be installed on each system to be managed.
reconfigured and recompiled in such a way that none of the precompiled Server Administrator device drivers support the recompiled kernel, then Server Administrator may need to use its DKS feature to support the running kernel. If you see the following message during Server Administrator Device Drivers startup, then Server Administrator attempted to use its DKS feature, but was unable to use the feature because certain prerequisites were not met: Building using DKS...
Server Administrator builds a device driver for the kernel running on system A during startup. 3. Type uname -r on system A to determine the name of the running kernel. 4. Copy any dcdbas.* or dell_rbu.* files in the /lib/modules//kernel/drivers/firmware directory on system A to the /var/omsa/dks/ directory on system B, where is the kernel name returned by typing uname -r in step 3.
step. The instances are: l During custom installation of Server Administrator using the srvadmin-install.sh shell script. l During installation of Server Administrator using RPM. l At run-time when the Server Administrator Instrumentation Service is started. NOTE: SUSE Linux Enterprise Server (version 10) contains the required version of IPMI module in the default kernel itself. You do not need to install the IPMI RPM.
Degradation of Functionality When Server Administrator Instrumentation Service is Started After Server Administrator is installed, the Server Administrator Instrumentation Service will do a run-time check of the OpenIPMI device driver whenever it is started. The Server Administrator Instrumentation Service is started whenever you run either the srvadmin-services.sh start or srvadmin-services.
2. If necessary, use the command line to mount the CD using a command such as: mount /dev/cdrom /mnt/cdrom 3. When you have mounted the CD, you can navigate to it with cd /mnt/cdrom/srvadmin/linux/ 4. Get a listing of the directories with ls.
/srvadmin/linux/custom/add-openipmi-SLES9 IPMI RPM packages for SUSE Linux Enterprise Server (version 9) /srvadmin/linux/custom/add-openipmi-SLES10 IPMI RPM packages for SUSE Linux Enterprise Server (version 10) The following is an example of custom RPMs-based installation of Server Administrator, including the installation of the Storage Management Service components. 1.
or sh srvadmin-install.sh -s (these are short options) NOTE: Long options can be combined with short options, and vice-versa. NOTE: Just before the Server Administrator RPMs are installed, the srvadmin-install.sh shell script automatically calls the srvadmin-openipmi.sh shell script to ensure that a sufficient version of the OpenIPMI driver is currently installed on the system. If a sufficient version is not found, the srvadmin-install.sh shell script calls the srvadmin-openipmi.
Creating and Distributing the Express Unattended Installation Package The Express Install unattended installation option uses the /srvadmin/linux/supportscripts and the /srvadmin/linux/RPMS subdirectories of the Dell PowerEdge Installation and Server Management CD as the unattended installation package. RPM accesses the Dell PowerEdge Installation and Server Management CD to install all required Server Administrator components on selected remote systems.
Where is RHEL3 or RHEL4 or SLES9 or SLES10. Enter the appropriate directory name that applies to your system. 4. Upgrade the Red Hat Enterprise Linux or SUSE Linux Enterprise Server system using a single long command or individual RPMs. The single long command is a combination of RPMs and can be executed by typing just one command. Upgrade with the following command if you are upgrading from version 5.0: rpm -Uhv `rpm -q --queryformat "%{NAME}* " \`rpm -qa | grep srvadmin\`` If upgrading from 4.
rpm -ihv kernel*.rpm 3. Navigate to the srvadmin/linux/supportscripts directory. 4. Run the srvadmin-openipmi.sh shell script as shown below. This will build and install the OpenIPMI driver modules. sh srvadmin-openipmi.sh install Reattempt to upgrade the srvadmin-hapi RPM and any RPMs that failed to upgrade as they depend on the srvadmin-hapi RPM. Perform the steps described in page 113. Using the srvadmin-install Shell Script 1.
Custom Uninstallation of Specific Components Some individual components of Dell OpenManage can be uninstalled without uninstalling all of Dell OpenManage. Following are examples: To uninstall only the Web server, use the command: rpm –e `rpm -qa | grep srvadmin-iws` To uninstall storage, use the command: rpm –e `rpm -qa | grep srvadmin-storage` Using Dell OpenManage with VMware® ESX Server™ Software NOTE: Dell OpenManage installation with VMware ESX Server software requires special steps.
Back to Contents Page Installing Management Station Software Dell OpenManage™ Version 5.
Management Station Requirements Microsoft Software Installer (MSI) version 3.1 or later is required on your system. Dell OpenManage software detects the MSI version on your system. If the version is lower than 3.1, the Prerequisite Checker prompts you to upgrade to MSI version 3.1. IT Assistant Database Requirements A fresh installation of IT Assistant 8.0 prompts you to install Microsoft SQL Server™ 2005 Express Edition in the absence of a supported database on your system.
When you insert the Dell Systems Management Consoles CD in your system's CD drive, the setup program runs the Prerequisite Checker to provide information about your system's hardware and software that might affect installation and operation of the features. You can install all of the Management Station software products that are currently installed on your system by doing the following: 1. Launch the Management Station installation. 2.
8. Click Next to accept the selected software features for installation. The IT Assistant Custom Settings dialog box opens. NOTE: IT Assistant requires a default instance of a database to be installed on the system. IT Assistant cannot use a named instance of database. NOTE: Microsoft SQL Server 2005 Express requires Microsoft Data Access components 2.8 (MDAC 2.8) and .NET 2.0 Runtime to be installed. The prerequisite checker utility will prompt you to install MDAC 2.8, If MDAC 2.
2. Double-click Add/Remove Programs. 3. Click Dell OpenManage Management Station and click Change. The Welcome to the Install Wizard for Dell OpenManage Management Station dialog box opens. 4. Click Next. The Program Maintenance dialog box opens. 5. Select the Modify option and click Next. The Custom Setup dialog box opens. 6.
An installation cannot be rolled back once it has successfully completed. A transacted installation is intended as a safety net that protects the system during a given installation session. If you want to remove an installed application, for example, you should uninstall that application. When upgrading from Dell OpenManage software version 4.3 to version 5.x, an error will roll back the system to its previous state.
remote system. Creating and Distributing Custom Unattended Installation Packages To create a custom unattended installation package for distribution, simply copy the windows directory from the CD onto the system's hard drive. Create a batch script that will execute the installation using the Windows Installer Engine (msiexec.exe). For example: msiexec.exe /i MgmtSt.
/fc – This option reinstalls a product if a file is missing or the stored checksum value does not match the calculated value. /fa – This option forces all files to be reinstalled. /fu – This option rewrites all required user-specific registry entries. /fm – This option rewrites all required system-specific registry entries. /fs – This option overwrites all existing shortcuts. /fv – This option runs from the source and re-caches the local package.
4. Click Yes to confirm uninstallation of Management Station. The Uninstall Summary screen opens. Messages provide the status and progress of the software features being uninstalled. All Management Station features will be uninstalled. Performing an Unattended Uninstallation of Management Station Software The Dell Systems Management Consoles CD features a procedure for the unattended uninstallation of the Management Station software.
The REMOVE customization parameter can be included on the command line and assigned the feature ID (or IDs) of the software feature that you would like to uninstall. An example is msiexec.exe /i MgmtSt.msi REMOVE=RACMS /qb This command runs only the installation for Management Station and uninstalls Remote Access Controller Management Station, in an unattended and verbose mode. You can also choose to install, reinstall, and uninstall features with one execution of the msiexec.exe program.
Upgrading Management Station Software To upgrade the BMC Management Utility onto a management station, perform the following steps: 1. Log on as root to the system where you want to upgrade the Management Station features. 2. If necessary, mount the Dell Systems Management Consoles CD to a desired location using the mount command or a similar command. 3.
Back to Contents Page Using Server Assistant to Install an Operating System Dell OpenManage™ Version 5.1 Installation and Security User's Guide Overview Before You Begin Overview Dell OpenManage™ Server Assistant provides a streamlined and time-saving installation procedure by guiding you through an easy-to-follow, step-by-step process for installing the Microsoft® Windows®, Red Hat® Enterprise Linux, and SUSE® Linux Enterprise Server operating systems.
2. Select Server Setup on the Server Assistant main page. 3. Follow the step-by-step instructions to configure your hardware and to install your operating system. NOTE: Remove the CD when you restart the system, or Server Assistant will start again. For additional information about installing RAID, see Getting Started With RAID on the Documentation CD. You can use the Install Server Administrator icon to install Server Administrator without the installation CD.
Back to Contents Page Installing Managed System Software on Microsoft® Windows® Operating Systems Dell OpenManage™ Version 5.1 Installation and Security User's Guide Overview Before You Begin Installation Requirements Installation Procedures Managed System Software Installation Using Third-Party Deployment Software Overview You can install managed system software using several methods.
l Windows Server™ 2003 R2 (includes Standard and Enterprise editions) l Windows Server 2003 SP1 (Web Edition) l Windows Server 2003 Standard and Enterprise x64 R2 (except Remote Access Controller III and IT Assistant) l Windows Storage Server 2003 R2 (includes Express, Standard, Workgroup, and Enterprise editions) NOTE: The Dell OpenManage 5.
R2 IPMI driver instead of the internal IPMI support. If your system is running Windows Server 2003 R2 or Windows Storage Server R2, it is recommended that after you install or upgrade Server Administrator, you also install the optional Hardware Management component of R2. To install the Windows Server 2003 R2 IPMI driver on PowerEdge x8xx systems, perform the following additional step: l From a command shell, execute the following command: Rundll32 ipmisetp.
l Use the unattended installation method through the Windows Installer Engine msiexec.exe (see Table 6-1) to install Server Administrator and other managed system software on multiple systems. NOTE: For modular systems, you must install Server Administrator on each server module installed in the chassis. NOTE: You can go to Add/Remove Programs to find out what features are currently installed. NOTE: You can upgrade from Dell OpenManage software version 4.3 to 5.1 through a full MSI Installation only.
The Ready to Install the Program dialog box appears. NOTE: You can cancel the installation process by clicking Cancel. The installation rolls back the changes that you made. If you click Cancel after a certain point in the installation process, the installation may not roll back properly, leaving the system with an incomplete installation. See "System Recovery on Failed Installation." 9. Click Install to install the selected software features.
The Welcome to the Install Wizard for Dell OpenManage Server Administrator screen opens. This screen then switches to the Resuming the Install Wizard for Dell OpenManage Server Administrator screen. 3. Click Next. The Installing Dell OpenManage Server Administrator screen opens. Messages are displayed, stating the status and progress of the software features being installed or upgraded. After the selected features are installed or upgraded, the Install Wizard Completed dialog box opens. 4.
Custom Repair 1. Click the Start button, point to Settings® Control Panel. 2. Double-click Add/Remove Programs. 3. Click Dell Server Administrator and click Change. The Welcome to the Install Wizard for Dell OpenManage Server Administrator dialog box opens. 4. Click Next. The Program Maintenance dialog box opens. 5. Select the Repair option and click Next. The Ready to Repair the Program dialog box opens. 6. Click Install to install the selected software features.
v - Verbose output o - Out-of-disk-space messages i - Status messages c - Initial UI parameters e - All error messages w - Non-fatal warnings a - Startup of actions r - Action-specific records m - Out-of-memory or fatal exit information u - User requests p - Terminal properties + - Append to existing file ! - Flush each line to the log "*" - Wildcard, log all information except for the v option. To include the v option, specify "/l*v".
1. Share an image of the Dell PowerEdge Installation and Server Management CD with each remote system on which you want to install Server Administrator. You can accomplish this task by directly sharing the CD or by copying the entire CD to a drive and sharing the copy. 2. Create a script that maps a drive from the remote systems to the shared drive described in step 1. This script should execute msiexec.exe /i Mapped Drive\srvadmin\windows\SystemsManagement\SysMgmt.
Unattended installation provides the following features: l A set of optional command line settings to customize an unattended installation l Customization parameters to designate specific software features for installation l A Prerequisite Checker program that examines the dependency status of selected software features without having to perform an actual installation Optional Command Line Settings Table 6-1 shows the optional settings available for the msiexec.exe MSI installer.
ADDLOCAL, REINSTALL, and REMOVE customization CLI parameters provide a way to customize the exact software features to install, reinstall, or uninstall when running silently or unattended. With the customization parameters, you can selectively install, reinstall, or uninstall software features for different systems using the same unattended installation package.
NOTE: After you uninstall Server Administrator on PowerEdge 1650, 2650, and 4600 systems, you may be prompted to reboot your system if you have chosen to uninstall Storage Management Service. You may also be prompted for a reboot if any of the files being upgraded are under use. Uninstalling Managed System Software Using the Installation and Server Management CD 1. Insert the Dell PowerEdge Installation and Server Management CD into your system's CD drive.
For managed systems, use this command: msiexec.exe /x {89C7A9F7-2C31-4739-842D-F037B6C9B674} For management stations, use this command: msiexec.exe /x {DA60872C-9147-4A6E-9AEF-95BAB5EF3A3B} Performing an Unattended Uninstallation of Managed System Software The Dell PowerEdge Installation and Server Management CD features an unattended uninstallation procedure. Unattended uninstallation enables you simultaneously to uninstall managed systems software from multiple systems.
Back to Contents Page Introduction Dell OpenManage™ Version 5.1 Installation and Security User's Guide Overview Dell OpenManage Systems Management Software Components Other Documents You Might Need Obtaining Technical Assistance Overview This guide contains information to help you install Dell OpenManage™ software on management stations and their managed systems.
Dell OpenManage Systems Management Software Kit Contents The Dell OpenManage Systems Management Software Kit includes, but is not limited to, the following components: l Dell OpenManage Software Quick Installation Guide — Provides an overview of applications that you can install on your management station (console) and on your managed systems.
Windows, Red Hat Enterprise Linux, and SUSE Linux Enterprise Server operating systems by guiding you through an easy-to-follow, step-by-step process. In addition, Server Assistant provides the necessary tools for setting up and configuring PowerEdge systems and software. The tools permit discovery and configuration of Dell-provided RAID controllers and network adapters.
Active Directory Snap-in Utility The Microsoft Active Directory Snap-in utility provides an extension snap-in to the Microsoft Active Directory, which allows you to manage Dell-specific Active Directory objects. You can use this option when the Dell-specific schema classes have been added to the Active Directory schema.
The Dell PowerEdge Server Update Utility CD includes the Server Update Utility (SUU). SUU is a CD-based application for identifying and applying updates to your system. SUU is a dual-purpose application and is easy to use. You can use SUU to update your PowerEdge server or to view the updates available for any system listed in the Repository.
Back to Contents Page Using Microsoft® Active Directory® Dell OpenManage™ Version 5.1 Installation and Security User's Guide Controlling Access to Your Network Extending the Active Directory Schema Controlling Access to Your Network If you use Active Directory service software, you can configure it to control access to your network. Dell has modified the Active Directory database to support remote management authentication and authorization.
In addition, you can set up Active Directory objects in a single domain or in multiple domains. Setting up objects in a single domain does not vary, whether you are setting up RAC, Server Administrator, or IT Assistant objects. When multiple domains are involved, however, there are some differences. For example, you have two DRAC 4 cards (RAC1 and RAC2) and three existing Active Directory users (user1, user2, and user3).
Figure 8-3 shows how to setup the Active Directory objects in multiple domains for RAC. In this scenario, you have two DRAC 4 cards (RAC1 and RAC2) and three existing Active Directory users (User1, User2, and User3). User1 is in Domain1, but User2 and User3 are in Domain2. You want to give User1 and User2 Administrator privileges on both the RAC1 and the RAC2 card and give User3 a Login privilege on the RAC2 card. Figure 8-3.
2. Create two Association Objects, AO1 and AO2, in any domain. The figure shows the objects in Domain1. 3. Create two Server Administrator Products, sys1 and sys2, to represent the two systems. Sys1 is in Domain1 and sys2 is in Domain2. 4. Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all privileges (Administrator) and Priv2 has Login privileges. 5. Group sys2 into Group1. The group scope of Group1 must be universal. 6.
4. 5. Click Next to run the Dell Schema Extender. Click Finish. To verify the schema extension, use the Active Directory Schema Snap-in in the Microsoft Management Console (MMC) to verify the existence of the following classes (listed in Table 8-1, Table 8-6, Table 8-7, Table 8-9, Table 8-10, Table 8-11, and Table 8-12) and attributes (listed in Table 8-13, Table 8-14, and Table 8-15).
Description This class is used as a container Class for the Dell Privileges (Authorization Rights). Class Type Structural Class SuperClasses User Attributes dellRAC4Privileges dellRAC3Privileges dellOmsaAuxClass dellItaAuxClass Table 8-6. dellProduct Class OID 1.2.840.113556.1.8000.1280.1.1.1.5 Description This is the main class from which all Dell products are derived. Class Type Structural Class SuperClasses Computer Attributes dellAssociationMembers Table 8-7.
Table 8-12. General Attributes Added to the Active Directory Schema Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellPrivilegeMember 1.2.840.113556.1.8000.1280.1.1.2.1 FALSE List of dellPrivilege Objects that belong to this Attribute. Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.12) dellProductMembers 1.2.840.113556.1.8000.1280.1.1.2.2 List of dellRacDevices Objects that belong to this role.
Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellOMSAIsReadOnlyUser 1.2.840.113556.1.8000.1280.1.2.2.1 TRUE TRUE if the User has Read-Only rights in Server Administrator Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellOMSAIsReadWriteUser 1.2.840.113556.1.8000.1280.1.2.2.2 TRUE if the User has Read-Write rights in Server Administrator Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellOMSAIsAdminUser 1.2.840.113556.1.8000.1280.1.2.2.
NOTE: Server Administrator and IT Assistant users must use Universal-type Product Groups to span domains with their product objects. NOTE: When adding Universal-type Product Groups from separate domains, you have to create an Association object with Universal scope. The default Association objects created by the Dell Schema Extender utility are domain Local Groups and will not work with Universal-type Product Groups from other domains. In the Console Root (MMC) window, right-click a container. 1.
By using the Association Object Properties window, you can associate users or user groups, privilege objects, systems, RAC devices, and system or device groups. NOTE: RAC users must use Universal Groups to span domains with their users or RAC objects. You can add groups of Users and Products. You can create Dell-related groups in the same way that you created other groups. To add Users or User Groups: 1. Right-click the Association Object and select Properties. 2. Select the Users tab and click Add.
2. Click Start® Run. 3. Type mmc and click OK. 4. In the Console 1 (MMC) window, click File (or Console on Windows 2000 systems) and select Add/Remove Snap-in. 5. In the Add/Remove Snap-in window, click Add. 6. In the Standalone Snap-in window, select Certificates and click Add. 7. Select Computer account and click Next. 8. Select Local Computer and click Finish. 9. Click OK. 10.
changes. If the adproductname is not present in the productoem.ini file, a default name will be assigned. The default value will be system name-softwareproduct name, where system name is the name of the system running Server Administrator, and software-product name refers to the name of the software product defined in omprv32.ini (that is, computerName-omsa). NOTE: This command is applicable only on systems running the Windows operating system.
Using the following commands to configure the DRAC 4 Active Directory feature using the racadm CLI instead of the Web-based interface. 1. Open a command prompt and type the following racadm commands: racadm racadm racadm racadm racadm racadm 2.
Back to Contents Page Prerequisite Checker Dell OpenManage™ Version 5.1 Installation and Security User's Guide Command Line Operation of the Prerequisite Checker You can run the prerequisite check silently by executing runprereqchecks.exe /s from the \windows\PreReqChecker directory. After running the prerequisite check, an HTML file will be created in the %Temp% directory. The file is named omprereq.htm, and it contains the results of the prerequisite check. The Temp directory is not usually X:\Temp, but
RAC3 Remote Access Controller (DRAC III) RAC4 Remote Access Controller (DRAC 4) RAC5 Remote Access Controller (DRAC 5) SA Server Administrator Back to Contents Page
Back to Contents Page Dell OpenManage™ Security Dell OpenManage™ Version 5.1 Installation and Security User's Guide Security Features Built-in Security Features Security Management Security Features The Dell OpenManage systems management software components provide the following security features: l Authentication for users through hardware-stored user IDs and passwords, or by using the optional Microsoft® Active Directory®.
135 DCOM TCP 7.x None Out Event transmission via WMI No 162 SNMP UDP 6.x None Out Event transmission via SNMP No 1024-65535 (Dynamically assigned) DCOM TCP/UDP 6.x, 7.x None In/Out Monitoring and configuration via WMI > 32780 (Dynamically assigned) DMI TCP/UDP 6.x None In/Out Monitoring and configuration via DMI Varies from one system to another. Dell OpenManage IT Assistant 20 FTP TCP 6.x None In/Out Flash BIOS No 22 SSH TCP 7.
Dell Remote Access Controller (DRAC): DRAC III, DRAC III/XT, ERA, and ERA/O 21 FTP TCP 1.0 None In/Out Firmware update via FTP and certificate upload/download No 23 Telnet TCP 1.0 None In/Out Optional Telnet-based CLI management No 25 SMTP TCP 1.0 None In/Out Optional e-mail alert messages No 68 DHCP UDP 1.2 None In/Out DHCP assigned IP address No 69 TFTP UDP 1.0 None In/Out Firmware update via Trivial FTP. Remote floppy boot via TFTP No 80 HTTP TCP 1.
NOTE: If you are using a firewall, you must open all of the ports listed in Table 2-1 to ensure that IT Assistant and other Dell OpenManage applications function properly. Security Management Dell provides security and access administration through role-based access control (RBAC), authentication, and encryption, or through Active Directory for both the Web-based and command line interfaces.
P Power User A Administrator Authentication The Server Administrator authentication scheme ensures that the correct access types are assigned to the correct user privileges. Additionally, when you invoke the CLI, the Server Administrator authentication scheme validates the context within which the current process is running. This authentication scheme ensures that all Server Administrator functions, whether accessed through the Server Administrator home page or CLI, are properly authenticated.
Back to Contents Page Setup and Administration Dell OpenManage™ Version 5.1 Installation and Security User's Guide Before You Begin Installation Requirements Dependencies and Prerequisites Configuring a Supported Web Browser Assigning User Privileges Configuring the SNMP Agent Secure Port Server and Security Setup Before You Begin l Read the applicable instructions in this chapter. l Read the installation requirements to ensure that your system meets or exceeds the minimum requirements.
System Requirements Dell OpenManage Server Administrator software must be installed on each system to be managed. You can then manage each system running Server Administrator locally or remotely through a supported Web browser.
Upgrading from Dell OpenManage Software Versions 1.x, 2.x, and 3.x–4.2 Upgrades from Dell OpenManage software versions 1.x, 2.x, and 3.x through 4.2 are not supported. You must manually uninstall Dell OpenManage software versions 1.x, 2.x, and 3.x through 4.2 before launching the Dell OpenManage software installation. The installer will notify you if it detects Dell OpenManage software versions 1.x through 4.2 on the system. Another way of upgrading from these versions is to upgrade to version 4.
NOTE: For questions about creating users and assigning user group privileges, or for more detailed instructions, see your operating system documentation. 1. Click the Start button, right-click My Computer, and point to Manage. 2. In the console tree, expand Local Users and Groups, and then click Users. 3. Click Action, and then click New User. 4. Type the appropriate information in the dialog box, select or clear the appropriate check boxes, and then click Create.
2. In the console tree, right-click Users or right-click the container in which you want to add the new user, and then point to New® User. 3. Type the appropriate user name information in the dialog box, and then click Next. You must assign a password to every user account that can access Dell OpenManage software to protect access to your critical system components.
2. Type passwd username and press . 3. When prompted, enter a password for the new user. You must assign a password to every user account that can access Dell OpenManage software to protect access to your critical system components. The new user can now log in to Dell OpenManage software with User group privileges. Creating Users With Power User Privileges 1.
NOTE: Rebooting your system for change management functionality does not require SNMP Set operations. To enable a system running the Windows Server 2003 operating system to receive SNMP packets from a remote host, perform the following steps: 1. Click the Start button, right-click My Computer, and point to Manage. The Computer Management window appears. 2. Expand the Computer Management icon in the window, if necessary. 3. Expand the Services and Applications icon and click Services. 4.
2. Expand the Computer Management icon in the window, if necessary. 3. Expand the Services and Applications icon, and then click Services. 4. Scroll down the list of services until you find SNMP Service, right-click SNMP Service, and click Properties. The SNMP Service Properties window appears. 5. Click the Security tab to change the access rights for a community. 6. Select a community name in the Accepted Community Names list, and then click Edit. The SNMP Service Configuration window opens. 7.
Administrator or other systems management information outside of the MIB-II "system" branch. Server Administrator SNMP Agent Install Actions If Server Administrator detects the default SNMP configuration during installation, it attempts to modify the SNMP agent configuration to give read-only access to the entire MIB tree for the "public" community. Server Administrator modifies the /etc/snmp/snmpd.conf SNMP agent configuration file in two ways.
or access notConfigGroup "" any noauth exact all none none 2. Edit this line, replacing the first none with all. When edited, the new line should read: access publicgroup "" any noauth exact all all none or access notConfigGroup "" any noauth exact all all none 3.
name indicates that the entire interface will be opened. b. 6. To open the SNMP port on all network interfaces, tab to Other ports and type snmp:udp. Tab to OK and press . The Firewall Configuration screen opens. 7. Tab to OK and press . The Choose a Tool menu opens. 8. Tab to Quit and press .
3. To enable SNMP configuration changes, restart the SNMP agent by typing: /etc/init.d/snmpd restart Changing the SNMP Community Name Configuring the SNMP community name determines which systems are able to manage your system through SNMP. The SNMP community name used by management applications must match an SNMP community name configured on the Server Administrator system, so the management applications can retrieve management information from Server Administrator.
This section contains the following topics: l Setting User and Server Preferences l X.509 Certificate Management Setting User and Server Preferences You can set user and secure port server preferences for Server Administrator and IT Assistant from the respective Preferences Web page. Click General Settings and click either the User tab or Web Server tab. NOTE: You must be logged in with Administrator privileges to set or reset user or server preferences.
or import a root certificate or certificate chain from a Certification Authority (CA). NOTE: You must be logged in with Administrator privileges to perform certificate management. You can manage X.509 certificates for Server Administrator and IT Assistant from the respective Preferences Web page. Click General Settings, click the Web Server tab, and click X.509 Certificate. Use the X.509 certificate tool to either generate a new X.509 certificate, reuse an existing X.
Back to Contents Page Dell OpenManage™ Version 5.1 Installation and Security User's Guide Notes and Notices NOTE: A NOTE indicates important information that helps you make better use of your computer. NOTICE: A NOTICE indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. ____________________ Information in this document is subject to change without notice. © 2006 Dell Inc. All rights reserved.
