Manualshelf

User guide

ManualsBrandsReach ManualsComputer equipmentDSS-ENC
11121314151617181920
17
Redirection server. Administrators can replace the iDRAC6 server SSL certificate using the following
steps:
Generate the CSR and the Private Key from iDRAC6. 1024-bit, 2048-bit and 4096-bit RSAkey are
supported.
NOTE: Dell strongly recommends having CSR CN (common name) set to be the same as your
iDRAC6 RAC name to avoid a host name mismatch complaint during SSL connection from
browsers.
Certificate asymmetric key size (RSA key size) can affect iDRAC 6 performance.
Microsoft PKI best practices suggest using 1024-bit to secure your web server application.
Sign the CSR by a trusted CA.
Upload the signed CSR (Certificate) to iDRAC6.
Types of iDRAC6 Sessions
The level of security for the different interfaces to iDRAC6 is described in this section. All of these
interfaces involve connecting to iDRAC6 remotely through a network connection except for the local
RACADM command line interface.
Web Browser
The browser connects to the web server via the HTTPS port. Data streams are encrypted using 128-bit
SSL to provide privacy and integrity. Any connection to the HTTP port will be redirected to HTTPS.
Administrators can upload their own SSL certificate via an SSL CSR generation process to secure the web
server. The default HTTP and HTTPS ports can be changed. iDRAC6 ensures that user access is restricted
by user privileges.
Remote CLI
The Remote RACADM utility is a CLI tool that can be used to configure and manage a IDRAC 6. This
scriptable utility can be installed on a management station. The RACADM installed on a management
station is referred to as Remote RACADM. Remote RACADM communicates with IDRAC 6 through its
network interface, and it uses an HTTPS channel to communicate with iDRAC6. A user must successfully
pass his user authentication and must have sufficient privileges to be able to execute the desired
command. Since Remote RACADM uses an HTTPS channel, all the command data and return data are
encrypted by SSL. The encryption ciphers supported are the same as the web GUI interface.
Local CLI
The Local RACADM utility is a CLI tool that can be used to configure and manage iDRAC6 from the host
server. This scriptable utility can only be installed on the managed system. The RACADM installed on a
local managed system is called Local RACADM. Local RACADM communicates with iDRAC6 through its
in-band IPMI host interface. Since it is installed on the local managed system, users are required to log in
to the operating system to run this utility. The Local RACADM utility requires that a user must have a full
administrator privilege or be a root user to use this utility. On a Microsoft Windows
® system, a user must
have the administrator privilege on the system to run the Local RACADM utility. If the user does not