New In This Release - Dell iDRAC 8 User Manual

– Manual — Using OS Collector tool.
Dell Best Practices regarding iDRAC
• iDRACs are intended to be on a separate management network; they are not designed nor intended to be placed on or
connected to the internet. Doing so could expose the connected system to security and other risks for which Dell is not
responsible.
• Along with locating iDRACs on a separate management subnet, users should isolate the management subnet/vLAN with
technologies such as firewalls, and limit access to the subnet/vLAN to authorized server administrators.
Secure Connectivity
Securing access to critical network resources is a priority. iDRAC implements a range of security features that includes:
• Custom signing certificate for Secure Socket Layer (SSL) certificate.
• Signed firmware updates.
• User authentication through Microsoft Active Directory, generic Lightweight Directory Access Protocol (LDAP) Directory
Service, or locally administered user IDs and passwords.
• Two-factor authentication using the Smart–Card logon feature. The two-factor authentication is based on the physical smart
card and the smart card PIN.
• Single Sign-On and Public Key Authentication.
• Role-based authorization, to configure specific privileges for each user.
• SNMPv3 authentication for user accounts stored locally in the iDRAC. It is recommended to use this, but it is disabled by
default.
• User ID and password configuration.
• Default login password modification.
• Set user passwords and BIOS passwords using one-way hash format for improved security.
• FIPS 140-2 Level 1 capability.
• Support for TLS 1.2, 1.1, and 1.0. To enhance security, default setting is TLS 1.1 and higher.
• SMCLP and web interfaces that support 128 bit and 40-bit encryption (for countries where 128 bit is not acceptable), using the
TLS 1.2 standard.
NOTE: To ensure a secure connection, Dell recommends using TLS 1.1 and higher.
• Session time-out configuration (in seconds).
• Configurable IP ports (for HTTP, HTTPS, SSH, Telnet, Virtual Console, and Virtual Media).
NOTE: Telnet does not support SSL encryption and is disabled by default.
• Secure Shell (SSH) that uses an encrypted transport layer for higher security.
• Login failure limits per IP address, with login blocking from that IP address when the limit is exceeded.
• Limited IP address range for clients connecting to iDRAC.
• Dedicated Gigabit Ethernet adapter available on rack and tower servers (additional hardware may be required).

New in this release

• Added support for Redfish 1.0.2, a RESTful Application Programming Interface (API), which is standardized by the Distributed
Management Task Force (DMTF). It provides a scalable and secured systems management interface. To get the IPv6 and VLAN
information, install iDRAC Service Module (iSM).
• Added support for Server Configuration Profile using Redfish interface.
• Added support to disable TLS 1.0. Option to select TLS 1.0 and higher, 1.1 and higher, or 1.2 only.
• FIPS 140-2 Level 1 capability.
• Added support for LDAP authentication with OpenDS.
• Added support of Amulet card on PowerEdge M830.
• Added additional information in LC logs for some configuration jobs initiated using remote RACADM or the web interface.
• Added Dell Tech Center link on the login page.
18