Setup Guide

ManualsBrandsDell ManualsConverged InfrastructureSystems Management Solution Resources

Table Of Contents

1 Getting Started
- 1.1 What are Server Configuration Profiles?
- 1.2 Important Terms and Acronyms
- 1.3 CSIOR
- 1.4 SCP Export
- 1.5 SCP Import
- 1.6 SCP Import Preview
- 1.7 Jobs
- 1.8 iDRAC Lifecycle Logs
- 1.9 SCP Import / Preview Configuration Results
- 1.10 Available Interfaces
2 Template
- 2.1 Structure
- 2.2 XML Layout
- 2.3 JSON Layout
- 2.4 Golden Template (One to Many)
  - 2.4.1 Recommendations
  - 2.4.2 Active Directory Example
- 2.5 General Compatibility
3 SCP Export
- 3.1 Selective Export
- 3.2 Read Only Attributes
- 3.3 Include Password Hashes
  - 3.3.1 iDRAC User Passwords
  - 3.3.2 BIOS Password SHAs
- 3.4 Export Type - Clone and Replace
  - 3.4.1 Clone and Replace with passwords
  - 3.4.2 Clone and Replace with storage devices
- 3.5 Include Custom Telemetry
- 3.6 Available Interfaces
4 SCP Import
- 4.1 Host Reboot
  - 4.1.1 What will trigger a reboot?
- 4.2 Shutdown Type
- 4.3 End Host Power State
- 4.4 Dependencies
- 4.5 Backwards Compatibility
- 4.6 Selective Import
- 4.7 Available Interfaces
5 SCP Import Preview
- 5.1 Available Interfaces
6 iDRAC Configuration
- 6.1 Template Example
- 6.2 Creating and configuring an iDRAC User
- 6.3 Clearing an iDRAC User
- 6.4 SSHPublicKey
- 6.5 Certificates
- 6.6 Password Settings
- 6.7 AutoUpdate
7 LifecycleController
8 EventFilters
9 RAID / Storage Configuration and Operations
- 9.1 Create and initialize a virtual disk
- 9.2 RAIDresetConfig
- 9.3 RAIDdedicatedSpare
- 9.4 Cryptographic Erase
10 BIOS Configuration
- 10.1 Workload profiles
- 10.2 F1 / F2 Error Prompt
- 10.3 Changing the Boot Order
- 10.4 Enable or disable a boot order entry
- 10.5 System and setup passwords
- 10.6 PXE (Preboot Execution Environment)
11 NIC / FiberChannel / InfiniBand Configuration
- 11.1 LegacyBootProto and PXE
- 11.2 VirtualizationMode
- 11.3 InfiniBand modes
12 SupportAssist Operations
- 12.1 Registration
- 12.2 Configuration
13 RepositoryUpdates
- 13.1 Workflow
14 iDRAC Direct (SCP via USB)
- 14.1 Setup
- 14.2 Execution
15 OS Deployment
- 15.1 Attributes
- 15.2 Example
- 15.3 OS Deployment via USB
16 Telemetry Operations
- 16.1 Example
- 16.2 Custom Metric Report Definitions
- 16.3 Troubleshooting
17 Secure Enterprise Key Management Operations
- 17.1 Prerequisites
- 17.2 Example XML
- 17.3 Enabling SEKM settings on the iDRAC
- 17.4 Enable SEKM on a PERC device with a locked RAID volume
18 Auto Config – DHCP Provisioning
19 Troubleshooting
- 19.1 Configuration results and LCL
- 19.2 Known Limitations
- 19.3 Common Issues
20 Additional Resources
- 20.1 User’s Guides, Release Notes, API Guides
- 20.2 White Papers
  - 20.2.1 Using Server Configuration Profiles to Deploy Operating Systems to Dell EMC PowerEdge Servers:
  - 20.2.2 Server cloning by using Server Configuration Profiles on PowerEdge servers:
- 20.3 Default, Clone & Replace Tables

Server Configuration Profiles: User’s Guide

57 Server Configuration Profiles: Reference Guide | 456

17 Secure Enterprise Key Management Operations

Available in iDRAC9 version 4.00.00.00 and above.

Full details on the Secure Enterprise Key Management solution can be found in the

Enable OpenManage

Secure Enterprise Key Manager (SEKM) on Dell EMC PowerEdge Servers documentation. The focus of this

document will be on enabling and configuring SEKM via SCP Import.

17.1 Prerequisites

The example workflow below uses Gemalto KeySecure for the Key Management Server. Configuration of

SEKM via SCP will require a CSR generated and signed from Gemalto, and a Server CA also from Gemalto.

The contents of both can be imported using the CertType/CertData attributes (Certificates

17.2 Example XML

<Attribute Name="SEKM.1#IPAddressInCertificate">Disabled</Attribute>

<Attribute Name="SEKM.1#SEKMStatus">Enabled</Attribute>

<Attribute Name="SEKM.1#Rekey">False</Attribute>

<Attribute Name="KMS.1#iDRACUserName">idracuserG1FWHQ2</Attribute>

<Attribute Name="SEKMCert.1#CommonName">idracuserG1FWHQ2</Attribute>

<Attribute Name="SEKMCert.1#LocalityName">Round Rock</Attribute>

<Attribute Name="SEKMCert.1#StateName">Texas</Attribute>

<Attribute Name="SEKMCert.1#EmailAddress">tester@dell.com</Attribute>

<Attribute Name="SecurityCertificate.1#CertData">-----BEGIN CERTIFICATE-----

MIIEvzCCA6egAwIBAgIBADANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMx

DjAMBgNVBAgTBVRleGFzMRMwEQYDVQQHEwpSb3VuZCBSb2NrMREwDwYDVQQKEwhE

ZWxsIEVNQzEhMB8GA1UECxMYUHJvZHVjdCBHcm91cCBWYWxpZGF0aW9uMRAwDgYD

VQQDEwdEZWxsIENBMSQwIgYJKoZIhvcNAQkBFhV0ZXhhc19yb2VtZXJAZGVsbC5j

b20wHhcNMTkwMjE0MjA1NjQ4WhcNMjkwMjEyMjA1NjQ4WjCBoDELMAkGA1UEBhMC

VVMxDjAMBgNVBAgTBVRleGFzMRMwEQYDVQQHEwpSb3VuZCBSb2NrMREwDwYDVQQK

EwhEZWxsIEVNQzEhMB8GA1UECxMYUHJvZHVjdCBHcm91cCBWYWxpZGF0aW9uMRAw

DgYDVQQDEwdEZWxsIENBMSQwIgYJKoZIhvcNAQkBFhV0ZXhhc19yb2VtZXJAZGVs

bC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChyihz1suLIIzl

K+XxI9nh59J+yCNXsMpKzneX0CSr1Aiay1Yyd1Uy2lcifJbmuocP2wLQUEWTnR19

K0zbRKTMNty0fr9NhnwiRFVfUzUPiEGPwTyqR7w2WmHqu5jCnOodC9n+6w8lGnV9

3LzKLaJYdJ9TPGn63ffVrDeprhQ376EK6QjR1xlrTG7kUH2Hu9D1thwxQCykS2eQ