Page 1: User Guide
Integrated Dell Remote Access Controller 6 (iDRAC6) Version 1.5 User Guide...
Page 2 Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.
Page 3: Table Of Contents
Before You Begin Installing the iDRAC6 Express/Enterprise Hardware Configuring Your System to Use an iDRAC6 Software Installation and Configuration Overview Installing iDRAC6 Software ....
Page 4 Linux Management Station Installing RACADM Uninstalling RACADM Updating the iDRAC6 Firmware Before You Begin Downloading the iDRAC6 Firmware Updating the iDRAC6 Firmware Using the Web-Based Interface Updating the iDRAC6 Firmware Using RACADM Updating the iDRAC6 Firmware Using Dell Update Packages for...
Page 5 Logging Out ..... Using Multiple Browser Tabs and Windows Configuring the iDRAC6 NIC Configuring the Network and IPMI LAN Settings .
Page 6 Internal Dual SD Module Viewing Internal Dual SD Module Status Using GUI Advanced iDRAC6 Configuration Before You Begin Configuring iDRAC6 for Viewing Serial Output Remotely Over SSH/Telnet Configuring the iDRAC6 Settings to Enable SSH/Telnet Starting a Text Console Through Telnet or SSH...
Page 7 Configuring Serial and Terminal Modes Configuring IPMI and iDRAC6 Serial Configuring Terminal Mode Configuring the iDRAC6 Network Settings Accessing the iDRAC6 Through a Network Using RACADM Remotely RACADM Synopsis RACADM Options Enabling and Disabling the RACADM Remote Capability RACADM Subcommands...
Page 8 Removing an iDRAC6 User Enabling an iDRAC6 User With Permissions Using the iDRAC6 Directory Service Using iDRAC6 With Microsoft Active Directory Prerequisites for Enabling Microsoft Active Directory Authentication for iDRAC6 Enabling SSL on a Domain Controller Exporting the Domain Controller Root...
Page 9 Configuring Extended Schema Active Directory to Access Your iDRAC6 Extending the Active Directory Schema Installing Dell Extension to Microsoft Active Directory Users and Computers Snap-In ....
Page 10 Using GUI Virtual Console Overview Using Virtual Console Contents Configuring iDRAC6 to Use SSO Logging Into iDRAC6 Using SSO Configuring Local iDRAC6 Users for Smart Card Logon ....
Page 11 Refresh Rates Configuring Virtual Console in the iDRAC6 Web Interface Opening a Virtual Console Session Virtual Console Preview Using iDRAC6 Virtual Console (Video Viewer) Disabling or Enabling Local Server Video Launching Virtual Console and Virtual Media Remotely URL Format...
Page 12 12 Deploying Your Operating System Using VMCLI Before You Begin Creating a Bootable Image File Preparing for Deployment Deploying the Operating System Using the VMCLI Utility 13 Configuring Intelligent Platform Management Interface (IPMI) Configuring IPMI Using Web-Based Interface Configuring IPMI Using the RACADM CLI Using the IPMI Remote Access Serial Interface Configuring Serial Over LAN Using...
Page 13 Frequently Asked Questions about Virtual Media 15 Configuring vFlash SD Card and Managing vFlash Partitions Configuring vFlash or Standard SD Card Using iDRAC6 Web Interface Configuring vFlash or Standard SD Card Using RACADM Displaying the vFlash or Standard SD Card Properties...
Page 14 Managing vFlash Partitions Using iDRAC6 Web Interface Managing vFlash Partitions Using RACADM Frequently Asked Questions 16 Power Monitoring and Management Power Inventory, Power Budgeting, and Capping Power Monitoring Configuring and Managing Power Viewing the Health Status of the Power Supply Units Contents .
Page 15 ..... . . Using the Web Interface Using RACADM 17 Using the iDRAC6 Configuration Utility ......
Page 16 System Event Log Menu ... . . Exiting the iDRAC6 Configuration Utility ........
Page 17 Selecting Power Control Actions from the iDRAC6 CLI Viewing System Information Main System Chassis Remote Access Controller Using the System Event Log (SEL) Using the Command Line to View System Log Using the POST Boot Logs Viewing the Last System Crash Screen...
Page 18 Removable Flash Media Probes Power Monitoring Probes Temperature Probe Voltage Probes 22 Configuring Security Features Security Options for the iDRAC6 Administrator Securing iDRAC6 Communications Using SSL and Digital Certificates Using the Secure Shell (SSH) Configuring Services Enabling Additional iDRAC6 Security Options Index .
Page 19: Idrac6 Overview
Management Protocol (SNMP) trap alert for warnings or errors. To help you diagnose the probable cause of a system crash, iDRAC6 can log event data and capture an image of the screen when it detects that the system has crashed.
Page 20 • Access to system logs — Provides access to the system event log, the iDRAC6 log, and the last crash screen of the crashed or unresponsive system, that is independent of the operating system state • Dell OpenManage software integration — Enables you to launch the...
Page 21: Idrac6 Enterprise And Vflash Media
Enterprise and vFlash Media Adds support for RACADM, Virtual Console, Virtual Media features, a dedicated NIC, and vFlash (with an optional Dell vFlash Media card). vFlash allows you to store emergency boot images and diagnostic tools on the vFlash Media.
Page 22 Table 1-1. iDRAC6 Feature List Feature Connectivity Shared/Failover Network Modes IPv4 VLAN Tagging IPv6 Dynamic DNS Dedicated NIC Security and Authentication Role-based Authority Local Users SSL Encryption Active Directory Generic LDAP Support Two-factor Authentication Single sign-on PK Authentication (for SSH)
Page 23 Table 1-1. iDRAC6 Feature List Feature Serial-over-LAN (with proxy) Serial-over-LAN (no proxy) Power Capping Last Crash Screen Capture Boot Capture Virtual Media Virtual Console Virtual Console Sharing Remote Virtual Console Launch vFlash Monitoring Sensor Monitoring and Alerting Real-time Power Monitoring...
Page 24 The Unified Server Configurator available through BMC is limited to operating system installation and diagnostics only. = Supported; =Not Supported The iDRAC6 provides the following security features: • Single Sign-on, Two-Factor Authentication, and Public Key Authentication • User authentication through Active Directory (optional), LDAP authentication (optional) or hardware-stored user IDs and passwords •...
Page 25: Supported Platforms
Login failure limits per IP address, with login blocking from the IP address when the limit is exceeded • Ability to limit the IP address range for clients connecting to the iDRAC6 Supported Platforms For the latest supported platforms, see the iDRAC6 Readme file and the Dell Systems Software Support Matrix available at support.dell.com/manuals.
Page 26: Supported Remote Access Connections
Ports Table 1-3 lists the ports iDRAC6 listens on for connections. Table 1-4 identifies the ports that the iDRAC6 uses as a client. This information is required when opening firewalls for remote access to an iDRAC6. Table 1-3. iDRAC6 Server Listening Ports...
Page 27: Other Documents You May Need
In addition to this guide, the following documents available on the Dell Support website at support.dell.com/manuals provide additional information about the setup and operation of the iDRAC6 in your system. On the Manuals page, click SoftwareSystems Management. Click on the appropriate product link on the right-side to access the documents.
Page 28 Server Administrator. • See the Dell Update Packages User’s Guide for information about obtaining and using Dell Update Packages as part of your system update strategy. • See the Dell OpenManage Baseboard Management Controller Utilities User’s Guide for information about the iDRAC6 and the IPMI interface.
Page 29 Always read the updates first because they often supersede information in other documents. • Release notes or readme files may be included to provide last-minute updates to the system or documentation or advanced technical reference material intended for experienced users or technicians. iDRAC6 Overview...
Page 30 Overview...
Page 31: Getting Started With The Idrac6
Getting Started With the iDRAC6 The iDRAC6 enables you to remotely monitor, troubleshoot, and repair a Dell system even when the system is down. The iDRAC6 offers features like Virtual Console, Virtual Media, Smart Card authentication, and Single Sign- On (SSO).
Page 32 Getting Started With the iDRAC6...
Page 33: Basic Installation Of The Idrac6
The iDRAC6 Express/Enterprise may be preinstalled on your system, or available separately. To get started with the iDRAC6 that is installed on your system, see "Software Installation and Configuration Overview" on page 36. If an iDRAC6 Express/Enterprise is not installed on your system, see your platform Hardware Owner’s Manual for hardware installation instructions.
Page 34: Configuring Your System To Use An Idrac6
Configuring Your System to Use an iDRAC6 To configure your system to use an iDRAC6, use the iDRAC6 Configuration Utility. To run the iDRAC6 Configuration Utility: 1 Turn on or restart your system. 2 Press <Ctrl><E> when prompted during POST.
Page 35 NIC 1, but only if the original NIC 1 failure has been corrected. This option may not be available on iDRAC6 Enterprise. 4 Configure the network controller LAN parameters to use DHCP or a Static IP address source.
Page 36: Software Installation And Configuration Overview
37. Installing iDRAC6 Software To install iDRAC6 software: 1 Install the iDRAC6 software on the managed system. See "Installing the Software on the Managed System" on page 37. 2 Install the iDRAC6 software on the management station. See "Installing the Software on the Management Station"...
Page 37: Installing The Software On The Managed System
Installing the Software on the Managed System Installing software on the managed system is optional. Without the managed system software, you cannot use the RACADM locally, and the iDRAC6 cannot capture the last crash screen. To install the managed system software, install the software on the managed system using the Dell Systems Management Tools and Documentation DVD.
Page 38: Installing Racadm
Installing RACADM 1 Log on as root to the system where you want to install the management station components. 2 If necessary, mount the Dell Systems Management Tools and Documentation DVD using the following command or a similar command: mount /media/cdrom 3 Navigate to the /linux/rac directory and execute the following command: rpm -ivh *.rpm...
Page 39: Updating The Idrac6 Firmware
2 If your system is running a Windows operating system, enable and start the Windows Management Instrumentation (WMI) service. 3 If you are using iDRAC6 Enterprise and your system is running SUSE Linux Enterprise Server (version 10) for Intel EM64T, start the Raw service.
Page 40: Updating The Idrac6 Firmware Using The Web-Based Interface
You can update the iDRAC6 firmware using the CLI-based RACADM tool. If you have installed Server Administrator on the managed system, use local RACADM to update the firmware. 1 Download the iDRAC6 firmware image from the Dell Support website at support.dell.com to the managed system. For example: C:\downloads\firmimg.d6...
Page 41: Configuring A Supported Web Browser
List of Trusted Domains When you access the iDRAC6 Web-based interface through the Web browser, you are prompted to add the iDRAC6 IP address to the list of trusted domains if the IP address is missing from the list. When completed, click Refresh or relaunch the Web browser to reestablish a connection to the iDRAC6 Web-based interface.
Page 42: Viewing Localized Versions Of The Web-Based Interface
• Japanese • Simplified Chinese To view a localized version of the iDRAC6 Web-based interface in Internet Explorer: 1 Click the Tools menu and select Internet Options. 2 In the Internet Options window, click Languages. 3 In the Language Preference window, click Add.
Page 43 When you switch from any other language to the Simplified Chinese language, ensure that this fix is still valid. If not, repeat this procedure. For advanced configurations of the iDRAC6, see "Advanced iDRAC6 Configuration" on page 87. Basic Installation of the iDRAC6...
Page 44 Basic Installation of the iDRAC6...
Page 45: Configuring The Idrac6 Using The Web Interface
Configuring the iDRAC6 Using the Web Interface The iDRAC6 provides a Web interface that enables you to configure the iDRAC6 properties and users, perform remote management tasks, and troubleshoot a remote (managed) system for problems. For everyday systems management, use the iDRAC6 Web interface. This chapter provides information about how to perform common systems management tasks with the iDRAC6 Web interface and provides links to related information.
Page 46: Accessing The Web Interface
Accessing the Web Interface To access the iDRAC6 Web interface, perform the following steps: 1 Open a supported Web browser window. To access the Web interface using an IPv4 address, go to step 2. To access the Web interface using an IPv6 address, go to step 3.
Page 47: Logging In
Logging In You can log in as either an iDRAC6 user or as a Microsoft Active Directory user. The default user name and password for an iDRAC6 user are root and calvin, respectively. You must have been granted Login to iDRAC privilege by the administrator to log in to iDRAC6.
Page 48: Logging Out
Closing any one tab expires all iDRAC6 Web interface tabs. Also, if a user logs in with Power User privileges on one tab, and then logs in as Administrator on another tab, both open tabs have Administrator privileges.
Page 49: Configuring The Idrac6 Nic
Microsoft IE7 and IE8 Firefox 2 and Firefox 3 Configuring the iDRAC6 NIC This section assumes that the iDRAC6 has already been configured and is accessible on the network. See "Configuring iDRAC6" on page 36 for help with the initial iDRAC6 network configuration.
Page 50 When checked, indicates that the NIC is enabled and activates the remaining controls in this group. When a NIC is disabled, all communication to and from the iDRAC6 via the network is blocked. The default is On. Configuring the iDRAC6 Using the Web Interface...
Page 51 Registers the iDRAC6 name on the DNS server. on DNS The default is Disabled. DNS iDRAC Name Displays the iDRAC6 name only when Register iDRAC on DNS is selected. The default name is idrac-service_tag, where service_tag is the service tag number of the Dell server, for example: idrac-00002.
Page 52 The default is off. IP Address Specifies the iDRAC6 NIC IP address. Subnet Mask Allows you to enter or edit a static IP address for the iDRAC6 NIC. To change this setting, deselect the Use DHCP (For NIC IP Address) checkbox. Gateway The address of a router or switch.
Page 53 If the checkbox is selected, IPv6 is enabled. If the checkbox is not selected, IPv6 is disabled. The default is disabled. Autoconfiguration Check this box to allow the iDRAC6 to obtain the IPv6 address Enable for the iDRAC6 NIC from the Dynamic Host Configuration Protocol (DHCPv6) server.
Page 54 VLAN ID field of 802.1g fields. Enter a valid value for VLAN ID (must be a number from 1 to 4094). Priority Priority field of 802.1g fields. Enter a number from 0 to 7 to set the priority of the VLAN ID. Configuring the iDRAC6 Using the Web Interface (continued)
Page 55: Configuring Ip Filtering And Ip Blocking
Saves any new settings made to the Network page. NOTE: sessions and require users to reconnect to the iDRAC6 Web interface using the updated IP address settings. All other changes will require the NIC to be reset, which may cause a brief loss in connectivity.
Page 56 IP Range Subnet Mask to determine the upper portion of the allowed IP address. Any IP address that contains this bit pattern in its upper bits is allowed to establish an iDRAC6 session. Logins from IP addresses that are outside this range will fail.
Page 57: Configuring Platform Events
Configuring Platform Events Platform event configuration provides a mechanism for configuring the iDRAC6 to perform selected actions on certain event messages. The actions include no action, reboot system, power cycle system, power off system, and generate an alert (Platform Event Trap [PET] and/or e-mail).
Page 58 If the same platform event filter is also configured to perform an action (such as rebooting the system), the action is performed. Configuring the iDRAC6 Using the Web Interface (continued)
Page 59: Configuring Platform Event Filters (Pef)
1 Log in to the remote system using a supported Web browser. 2 Ensure that you have performed the procedures in "Configuring Platform Event Filters (PEF)" on page 59. 3 Click SystemAlertsTraps Settings. Configuring the iDRAC6 Using the Web Interface...
Page 60: Configuring E-Mail Alerts
Destination List. 5 In the Community String field, enter the iDRAC SNMP community name. NOTE: The destination community string must be the same as the iDRAC6 community string. 6 Click Apply. The settings are saved. NOTE: If you disable a Platform Event Filter, the trap associated with that sensor going "bad"...
Page 61: Configuring Ipmi Using Web Interface
To successfully send a test e-mail, the SMTP (email) Server IP Address must be configured on the Email Alert Settings page. The SMTP Server uses the set IP address to communicate with the iDRAC6 to send e-mail alerts when a platform event occurs.
Page 62 Set the IPMI Serial baud rate. Click the Baud Rate drop-down menu, select the appropriate baud rate, and click Apply. Set the Channel Privilege Level Limit and Flow Control. Click Apply. Configuring the iDRAC6 Using the Web Interface...
Page 63: Configuring Idrac6 Users
For additional information about terminal mode commands, see the Dell OpenManage Baseboard Management Controller Utilities User’s Guide at support.dell.com/manuals. Configuring iDRAC6 Users See "Adding and Configuring iDRAC6 Users" on page 129 for detailed information. Configuring the iDRAC6 Using the Web Interface...
Page 64: Securing Idrac6 Communications Using Ssl And Digital Certificates
Viewing a server certificate Secure Sockets Layer (SSL) The iDRAC6 includes a Web server that is configured to use the industry-standard SSL security protocol to transfer encrypted data over a network. Built upon public-key and private-key encryption technology, SSL is a widely accepted technology for providing authenticated and encrypted communication between clients and servers to prevent eavesdropping across a network.
Page 65: Certificate Signing Request (Csr)
Internet. After the CA approves the CSR and sends the certificate, upload the certificate to the iDRAC6 firmware. The CSR information stored on the iDRAC6 firmware must match the information contained in the certificate.
Page 66: Generating A Certificate Signing Request
3 Click Generate to create the CSR and download it onto to your local computer. 4 Click the appropriate button to continue. See Table 4-14. Configuring the iDRAC6 Using the Web Interface Description This option enables you to upload an existing certificate that your company has title to and uses to control access to the iDRAC6.
Page 67 The name of the country where the entity applying for certification is located. The e-mail address associated with the CSR. Type the company’s e-mail address, or any e-mail address associated with the CSR. This field is optional. Configuring the iDRAC6 Using the Web Interface...
Page 68: Uploading A Server Certificate
Button Print Go Back to SSL Main Menu Apply Configuring the iDRAC6 Using the Web Interface Description Prints the Generate Certificate Signing Request values that appear on the screen. Reloads the Generate Certificate Signing Request page. Generates a CSR and then prompts the user to save it to a specified directory.
Page 69 Table 4-17. View Server Certificate Page Buttons Button Description Print Prints the View Server Certificate values that appear on the screen. Refresh Reloads the View Server Certificate page. Go Back to SSL Main Returns to the SSL page. Menu Configuring the iDRAC6 Using the Web Interface...
Page 70: Configuring And Managing Active Directory
Specifies whether Active Directory is enabled or disabled. Specifies whether single sign–on is enabled or disabled. If enabled, you can log into iDRAC6 without entering your domain user authentication credentials, such as user name and password. Values are Yes and No.
Page 71 IP address. At least one of the 3 (FQDN or IP) addresses is required to be configured. iDRAC6 attempts to connect to each of the configured addresses one-by-one until it makes a successful connection. If extended schema...
Page 72 Specifies the fully qualified domain name (FQDN) or the IP address of the Global Catalog server(s). At least one of the 3 addresses is required to be configured. iDRAC6 attempts to connect to each of the configured addresses one-by-one until it makes a successful connection.
Page 73: Configuring And Managing Generic Ldap
143 for details on using the Test Settings option. Configuring and Managing Generic LDAP iDRAC6 provides a generic solution to support Lightweight Directory Access Protocol (LDAP)-based authentication. This feature does not require any schema extension on your directory services. For information on configuring generic LDAP Directory Service, see "Generic LDAP Directory Service"...
Page 74 <Ctrl+E>. Disables local configuration of iDRAC using local RACADM. Description Enables or disables the iDRAC6 Web server. When checked, the checkbox indicates that the Web server is enabled. The default is enabled. The maximum number of simultaneous Web server sessions allowed for this system.
Page 75 Description The port on which the iDRAC6 listens for a browser connection. The default is 80. The port on which the iDRAC6 listens for a secure browser connection. The default is 443. Description Enables or disable SSH. When checked, SSH is enabled.
Page 76 The Telnet idle timeout in seconds. Timeout range is 60 to 10800 seconds. Enter 0 seconds to disable the Timeout feature. The default is 1800. The port on which the iDRAC6 listens for a Telnet connection. The default is 23. Description Enables/disables remote RACADM.
Page 77: Updating The Idrac6 Firmware/System Services Recovery Image
NOTE: The firmware update, by default, retains the current iDRAC6 settings. During the update process, you have the option to reset the iDRAC6 configuration to the factory defaults. If you set the configuration to the factory defaults, you must configure the network using the iDRAC6 Configuration Utility.
Page 78 In the default settings, LAN is enabled with a static IPv4 address. You may not be able to log in to the iDRAC6 Web interface. You must reconfigure the LAN settings using the iDRAC6 Configuration Utility during BIOS POST.
Page 79: Idrac6 Firmware Rollback
If you clear the Preserve Configuration checkbox, iDRAC6 is reset to its default settings. In the default settings, LAN is enabled. You may not be able to log in to the iDRAC6 Web interface. You must reconfigure the LAN settings using the iDRAC6 Configuration Utility during BIOS POST or the RACADM command (available locally on the server).
Page 80 The Remote Syslog entries are User Datagram Protocol (UDP) packets sent to the Remote Syslog server’s syslog port. If network failures occur, iDRAC6 does not send the same log again. The remote logging happens real and when the logs are recorded in iDRAC6 Remote Syslog can be enabled through the remote Web interface: 1 Open a supported Web browser window.
Page 81: First Boot Device
Boot Once. The system boots from the selected device on the next and subsequent reboots and remains as the first boot device in the BIOS boot order, until it is changed again either from the iDRAC6 GUI or from the BIOS Boot sequence.
Page 82: Remote File Share
Remote File Share iDRAC6 Remote File Share (RFS) feature allows you to specify an ISO or IMG image file located on a network share and make it available to the managed server’s operating system as a virtual drive by mounting it as a CD/DVD or Floppy using a Network File System (NFS) or Common Internet File System (CIFS).
Page 83 To enable remote file sharing through the iDRAC6 Web interface, do the following: 1 Open a supported Web browser window. 2 Log in to iDRAC6 Web interface. 3 Select the SystemRemote File Share tab. The Remote File Share screen is displayed.
Page 84: Internal Dual Sd Module
IDSDM writes will go to both cards, but reads will occur only from SD1. At any time if SD1 fails or is removed, SD2 will automatically become the active (master) card. The vFlash SD card is disabled in Mirror Mode. Configuring the iDRAC6 Using the Web Interface...
Page 85: Viewing Internal Dual Sd Module Status Using Gui
Location — Location of the SD cards. – Online Status — SD1, SD2, and vFlash cards can be in one of the states listed in Table 4-32. SD2 Card Active Inactive Configuring the iDRAC6 Using the Web Interface vFlash SD Card Inactive Active...
Page 86 Protected vFlash Active Absent Configuring the iDRAC6 Using the Web Interface Description The controller is powering up. The card receives all SD writes and is used for SD reads. The card is the secondary card. It is receiving a copy of the all the SD reads.
Page 87: Advanced Idrac6 Configuration
33 for more information. Configuring iDRAC6 for Viewing Serial Output Remotely Over SSH/Telnet You can configure the iDRAC6 for remote serial console by performing the following steps: First, configure the BIOS to enable serial console: 1 Turn on or restart your system.
Page 88: Configuring The Idrac6 Settings To Enable Ssh/Telnet
Setup program configuration. Configuring the iDRAC6 Settings to Enable SSH/Telnet Next, configure the iDRAC6 settings to enable ssh/Telnet, which you can do either through RACADM or the iDRAC6 Web interface. To configure iDRAC6 settings to enable ssh/Telnet using RACADM, run the...
Page 89: Using A Telnet Console
Running Telnet Using Microsoft Windows XP or Windows 2003 If your management station is running Windows XP or Windows 2003, you may experience an issue with the characters in an iDRAC6 Telnet session. This issue may occur as a frozen login where the return key does not respond and the password prompt does not appear.
Page 90 Open a command prompt, type the following, and press <Enter>: telnet <IP address>:<port number> where IP address is the IP address for the iDRAC6 and port number is the Telnet port number (if you are using a new port). Configuring the Backspace Key For Your Telnet Session Depending on the Telnet client, using the <Backspace>...
Page 91: Using The Secure Shell (Ssh)
When an error occurs during the login procedure, the secure shell client issues an error message. The message text is dependent on the client and is not controlled by the iDRAC6. NOTE: OpenSSH should be run from a VT100 or ANSI terminal emulator on Windows.
Page 92: Configuring Linux For Serial Console During Boot
Edit the /etc/grub.conf file as follows: 1 Locate the General Setting sections in the file and add the following two new lines: serial --unit=1 --speed=57600 terminal --timeout=10 serial Advanced iDRAC6 Configuration Scheme NIST specification • AES256-CBC • RIJNDAEL256-CBC • AES192-CBC •...
Page 93 # to this file # NOTICE: You do not have a /boot partition. means that all kernel and initrd paths are relative to /, e.g. root (hd0,0) kernel /boot/vmlinuz-version ro root= /dev/sdal initrd /boot/initrd-version.img #boot=/dev/sda default=0 timeout=10 #splashimage=(hd0,2)/grub/splash.xpm.gz Advanced iDRAC6 Configuration This...
Page 94 Table 5-2 shows console=ttyS1,57600 added to only the first option. Enabling Login to the Virtual Console After Boot Edit the file /etc/inittab as follows: Add a new line to configure agetty on the COM2 serial port: co:2345:respawn:/sbin/agetty -h -L 57600 ttyS1 ansi Advanced iDRAC6 Configuration (continued)
Page 95 3 - Full multiuser mode 4 - unused 5 - X11 6 - reboot (Do NOT set initdefault to this) id:3:initdefault: # System initialization. si::sysinit:/etc/rc.d/rc.sysinit l0:0:wait:/etc/rc.d/rc 0 l1:1:wait:/etc/rc.d/rc 1 l2:2:wait:/etc/rc.d/rc 2 l3:3:wait:/etc/rc.d/rc 3 l4:4:wait:/etc/rc.d/rc 4 l5:5:wait:/etc/rc.d/rc 5 l6:6:wait:/etc/rc.d/rc 6 Advanced iDRAC6 Configuration...
Page 96 # Run gettys in standard runlevels co:2345:respawn:/sbin/agetty -h -L 57600 ttyS1 ansi 1:2345:respawn:/sbin/mingetty tty1 2:2345:respawn:/sbin/mingetty tty2 3:2345:respawn:/sbin/mingetty tty3 4:2345:respawn:/sbin/mingetty tty4 5:2345:respawn:/sbin/mingetty tty5 6:2345:respawn:/sbin/mingetty tty6 # Run xdm in runlevel 5 # xdm is now a separate service x:5:respawn:/etc/X11/prefdm -nodaemon Advanced iDRAC6 Configuration...
Page 97: Configuring Idrac6 For Serial Connection
Configuring iDRAC6 for Serial Connection You can use any of the following interfaces for connecting to the iDRAC6 via serial connection: • iDRAC6 CLI • Direct Connect Basic mode • Direct Connect Terminal mode...
Page 98 See "Configuring the Management Station Terminal Emulation Software" on page 103. 4 Configure the iDRAC6 settings to enable serial connections, which you can do either through RACADM or the iDRAC6 Web interface. To configure iDRAC6 settings to enable serial connections using RACADM,...
Page 99: Configuring Idrac For Direct Connect Basic Mode And Direct Connect Terminal Mode
When you are connected serially with the previous settings, you should see a login prompt. Enter the iDRAC6 username and password (default values are root, calvin, respectively). From this interface, you can execute such features as RACADM. For example, to print out the System Event Log, enter the following RACADM...
Page 100 -com 1 -baud 57600 sel get Direct Connect Terminal mode will enable you to issue ASCII commands to the iDRAC6. For example, to power on/off the server via Direct Connect Terminal mode: 1 Connect to iDRAC6 via terminal emulation software...
Page 101: Switching Between Rac Serial Interface Communication Mode And Serial Console
Switching Between RAC Serial Interface Communication Mode and Serial Console iDRAC6 supports Escape key sequences that allow switching between RAC Serial Interface communication and Serial Console. To set your system to allow this behavior, do the following: 1 Turn on or restart your system.
Page 102: Connecting The Db-9 Or Null Modem Cable For The Serial Console
RTS (Request To Send) CTS (Clear To Send) SG (Signal Ground) DSR (Data Set Ready) CD (Carrier Detect) DTR (Data Terminal Ready) Advanced iDRAC6 Configuration RAC Serial mode) or to the " " " DB-9 Pin (server pin) DB-9 Pin (workstation pin) –...
Page 103: Configuring The Management Station Terminal Emulation Software
Configuring the Management Station Terminal Emulation Software iDRAC6 supports a serial or Telnet text console from a management station running one of the following types of terminal emulation software: • Linux Minicom in an Xterm • Hilgraeve’s HyperTerminal Private Edition (version 6.3) •...
Page 104 Required Minicom Settings for Serial Console Emulation Use Table 5-6 to configure any version of Minicom. Table 5-6. Minicom Settings for Serial Console Emulation Setting Description Bps/Par/Bits Hardware flow control Software flow control Advanced iDRAC6 Configuration minicom -c on Required Setting 57600 8N1...
Page 105: Configuring Hyperterminal For Serial Console
8 Click Terminal Setup and set Screen Rows to 26. 9 Set Columns to 80 and click OK. Required Setting ANSI Clear the init, reset, connect, and hangup settings so that they are blank 80 x 25 (to resize, drag the corner of the window) Advanced iDRAC6 Configuration (continued)
Page 106: Configuring Serial And Terminal Modes
See Table 5-8 for description of the IPMI serial settings. 4 Configure the iDRAC6 serial settings. See Table 5-9 for description of the iDRAC6 serial settings. 5 Click Apply Changes. 6 Click the appropriate Serial page button to continue. See Table 5-10 for description of the serial configuration page settings.
Page 107 The size of the serial history buffer, which holds the last characters written to the Virtual Console. The maximum and default = 8192 characters. Login Command The iDRAC6 command line to be executed upon valid login. Table 5-10. Serial Page Settings Button Print...
Page 108: Configuring Terminal Mode
Input New Line Sequence Table 5-12. Terminal Mode Settings Page Buttons Button Print Refresh Advanced iDRAC6 Configuration Description Enables or disables line editing. Select one of the following: • iDRAC outputs a <bksp><sp><bksp> character when <bksp> or <del> is received —...
Page 109: Configuring The Idrac6 Network Settings
Configuration Utility — See "Configuring Your System to Use an iDRAC6" on page 34 NOTE: If you are deploying the iDRAC6 in a Linux environment, see "Installing RACADM" on page 38. Accessing the iDRAC6 Through a Network After you configure the iDRAC6, you can remotely access the managed system using one of the following interfaces: •...
Page 110 Table 5-13 describes each iDRAC6 interface. Table 5-13. iDRAC6 Interfaces Interface Web-based interface Provides remote access to the iDRAC6 using a graphical user RACADM Telnet Console Advanced iDRAC6 Configuration Description interface. The Web-based interface is built into the iDRAC6 firmware and is accessed through the NIC interface from a supported Web browser on the management station.
Page 111: Using Racadm Remotely
NOTE: Configure the IP address on your iDRAC6 before using the RACADM remote capability. For more information about setting up your iDRAC6 and a list of related documents, see "Basic Installation of the iDRAC6" on page 33. RACADM provides a remote capability option ( to the managed system and execute RACADM subcommands from a remote Virtual Console or management station.
Page 112 NOTE: If the system from where you are accessing the remote system does not have an iDRAC6 certificate in its default certificate store, a message is displayed when you type a RACADM command. For more information about iDRAC6 certificates, see "Securing iDRAC6 Communications Using SSL and Digital Certificates"...
Page 113: Racadm Synopsis
-r 192.168.0.120 -u root -p calvin getsysinfo racadm -i -r 192.168.0.120 getsysinfo If the HTTPS port number of the iDRAC6 has been changed to a custom port other than the default port (443), the following syntax must be used: racadm -r <iDRAC6 IP Address>:<port>...
Page 114: Enabling And Disabling The Racadm Remote Capability
Table 5-15 provides a description of each RACADM subcommand that you can run in RACADM. For a detailed listing of RACADM subcommands, including syntax and valid entries, see the iDRAC6 Administrator Reference Guide available on the Dell Support website at support.dell.com/manuals.
Page 115 Clears the last ASR (crash) screen (last blue screen). clrraclog Clears the iDRAC6 log. A single entry is made to indicate the user and time that the log was cleared. config Configures the iDRAC6.
Page 116 Views a CA certificate or server certificate in the iDRAC6. sslkeyupload Uploads SSL key from the client to the iDRAC6. testtrap Forces the iDRAC6 to send a test SNMP trap over the iDRAC6 NIC to check the trap configuration. vmdisconnect Forces a Virtual Media connection to close.
Page 117: Frequently Asked Questions About Racadm Error Messages
— Problems such as incorrect IP Address, RACADM incorrect username, or incorrect password. When I ping the iDRAC6 IP address from my system and then switch my iDRAC6 between Dedicated and Shared modes during the ping response, I do not receive a response.
Page 118: Configuring Multiple Idrac6 Controllers
When you query a specific iDRAC6 controller using its group ID and object ID, RACADM creates the racadm.cfg configuration file from the retrieved information. By exporting the file to one or more iDRAC6, you can configure your controllers with identical properties in a minimal amount of time.
Page 119: Creating An Idrac6 Configuration File
(similar to an .ini file) and configure the iDRAC6 from this file. You may use any file name, and the file does not require a .cfg extension (although it is referred to by that extension name in this subsection).
Page 120 CAUTION: Use the racresetcfg subcommand to reset the database and the iDRAC6 NIC settings to the original default settings and remove all users and user configurations. While the root user is available, other users’ settings are also reset to the default settings.
Page 121: Parsing Rules
Objects that do not include an associated group name generate an error. The configuration data is organized into groups as defined in the iDRAC6 Administrator Reference Guide available on the Dell Support website at support.dell.com/manuals. The following example displays a group name, object, and the object’s property value.
Page 122: Modifying The Idrac6 Ip Address
.cfg file. Modifying the iDRAC6 IP Address When you modify the iDRAC6 IP address in the configuration file, remove all unnecessary <variable>=value entries. Only the actual variable group’s label with "[" and "]" remains, including the two <variable>=value entries pertaining to the IP address change.
Page 123: Configuring Idrac6 Network Properties
The commands provide the same configuration functionality as the iDRAC6 Configuration Utility at boot-up when you are prompted to type <Ctrl><E>. For more information about configuring network properties with the iDRAC6 Configuration Utility, see "Configuring Your System to Use an iDRAC6" on page 34. Advanced iDRAC6 Configuration...
Page 124 -g cfgLanNetworking -o cfgDNSRacName RAC-EK00002 racadm config -g cfgLanNetworking -o cfgDNSDomainNameFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSDomainName MYDOMAIN NOTE: If cfgNicEnable is set to 0, the iDRAC6 LAN is disabled even if DHCP is enabled. Advanced iDRAC6 Configuration...
Page 125: Frequently Asked Questions About Network Security
(for example, the IP address). To address this security concern, upload a iDRAC6 server certificate issued to the IP address or the iDRAC name of the iDRAC6. When generating the certificate signing request (CSR) to be used for issuing the certificate, ensure that the common name (CN) of the CSR matches the IP address features.
Page 126 (if certificate issued to IP) of the iDRAC6 (for example, 192.168.0.120) or the registered DNS iDRAC6 name (if certificate issued to iDRAC registered name). To ensure that the CSR matches the registered DNS iDRAC6 name: 1 In the System tree, click Remote Access.
Page 127 When accessing the iDRAC6 Web-based interface, I get a security warning stating the SSL certificate was issued by a certificate authority (CA) that is not trusted. iDRAC6 includes a default iDRAC6 server certificate to ensure network security for the Web-based interface and remote RACADM features.
Page 128 Advanced iDRAC6 Configuration...
Page 129: Adding And Configuring Idrac6 Users
Adding and Configuring iDRAC6 Users To manage your system with the iDRAC6 and maintain system security, create unique users with specific administrative permissions (or role-based authority). For additional security, you can also configure alerts that are e-mailed to specific users when a specific system event occurs.
Page 130 Displays the login state of the user: Enabled or Disabled. (Disabled is the default.) NOTE: User 2 is enabled by default. Displays the login name of the user. Specifies an iDRAC6 user name with up to 16 characters. Each user must have a unique user name. NOTE: If the user name is changed, the new name will not appear in the user interface until the next user login.
Page 131 Table 6-2. Smart Card Configuration Options Option Upload User Certificate Enables the user to upload the user certificate to iDRAC6 View User Certificate Upload Trusted CA Certificate View Trusted CA Certificate Table 6-3. General User Settings User ID One of 16 preset User ID numbers.
Page 132 Enable Serial Over LAN Table 6-5. iDRAC User Privileges Property Roles Login to iDRAC Adding and Configuring iDRAC6 Users Enter a Password with up to 20 characters. The characters will not be displayed and are masked. The following characters are supported: • 0-9 •...
Page 133 Enables the user to run Virtual Console. Enables the user to run and use Virtual Media. Enables the user to send test alerts (e-mail and PET) to a specific user. Enables the user to run diagnostic commands. Adding and Configuring iDRAC6 Users...
Page 134: Public Key Authentication Over Ssh
When adding new public keys, ensure that the existing keys are not already at the index where the new key is added. iDRAC6 does not perform checks to ensure previous keys are deleted before a new one is added. As soon as a new key is added, it is automatically in effect as long as the SSH interface is enabled.
Page 135 Generating Public Keys for Windows Before adding an account, a public key is required from the system that will access the iDRAC6 over SSH. There are two common ways to generate the public/private key pair: using PuTTY Key Generator application for clients running Windows or ssh-keygen CLI for clients running Linux.
Page 136: Uploading, Viewing, And Deleting Ssh Keys Using The Idrac6 Web-Based Interface
Logging in Using Public Key Authentication After the public keys are uploaded, you can log into the iDRAC6 over SSH without entering a password. You also have the option of sending a single RACADM command as a command line argument to the SSH application.
Page 137 ’Configure Users’ user privilege. This privilege allows user(s) to configure another user's SSH key. You should grant this privilege carefully. For more information on user privileges, see "Adding and Configuring iDRAC6 Users" on page 129. Table 6-8. SSH Key Configurations...
Page 138: Uploading, Viewing, And Deleting Ssh Keys Using Racadm
-i <2 to 16> -k <1 to 4> -t <key-text> Example: Upload a valid key to the iDRAC6 User 2 in the first key space using a file: $ racadm sshpkauth -i 2 -k 1 -f pkkey.key PK SSH Authentication Key file successfully uploaded to the RAC.
Page 139: Using The Racadm Utility To Configure Idrac6 Users
You can configure up to 16 users in the iDRAC6 property database. Before you manually enable an iDRAC6 user, verify if any current users exist. If you are configuring a new iDRAC6 or if you ran the racadm racresetcfg command, the only current user is root with the password calvin.
Page 140: Adding An Idrac6 User
NOTE: You can also type racadm getconfig -f <myfile.cfg> and view or edit the myfile.cfg file, which includes all iDRAC6 configuration parameters. Several parameters and object IDs are displayed with their current values. Two objects of interest are: # cfgUserAdminIndex=XX...
Page 141: Removing An Idrac6 User
-g cfgUserAdmin -o cfgUserAdminUserName -i <index> "" A null string of double quote characters ("") instructs the iDRAC6 to remove the user configuration at the specified index and reset the user configuration to the original factory defaults.
Page 142 NOTE: For a list of valid bit mask values for specific user privileges, see the Administrator Reference Guide support.dell.com/manuals. The default privilege value is 0, which indicates the user has no privileges enabled. racadm config -g cfgUserAdmin -o cfgUserAdminPrivilege -i <index> <user privilege bitmask value>...
Page 143: Using The Idrac6 Directory Service
Microsoft Active Directory or the LDAP Directory Service software, you can configure the software to provide access to iDRAC6, allowing you to add and control iDRAC6 user privileges to your existing users in your directory service. Using iDRAC6 With Microsoft Active Directory...
Page 144 Privilege Test Alerts Execute Diagnostic Commands Enables the user to run diagnostic commands You can use Active Directory to log in to the iDRAC6 using one of the following methods: • Web-based interface • Remote RACADM • Serial or Telnet console The login syntax is the same for all three methods: <username@domain>...
Page 145: Prerequisites For Enabling Microsoft Active Directory Authentication For Idrac6
Prerequisites for Enabling Microsoft Active Directory Authentication for iDRAC6 To use the Active Directory authentication feature of the iDRAC6, you must have already deployed an Active Directory infrastructure. See the Microsoft website for information on how to set up an Active Directory infrastructure, if you do not already have one.
Page 146: Exporting The Domain Controller Root Ca Certificate To The Idrac6
Click Next and click Finish. Exporting the Domain Controller Root CA Certificate to the iDRAC6 NOTE: If your system is running Windows 2000 or if you are using a standalone CA, the following steps may vary. 1 Locate the domain controller that is running the Microsoft Enterprise CA service.
Page 147: Importing The Idrac6 Firmware Ssl Certificate
If your system is running Windows 2000, the following steps may vary. NOTE: If the iDRAC6 firmware SSL certificate is signed by a well-known CA and the certificate of that CA is already in the domain controller's Trusted Root Certificate Authority list, you are not required to perform the steps in this section.
Page 148: Supported Active Directory Authentication Mechanisms
Supported Active Directory Authentication Mechanisms You can use Active Directory to define user access on the iDRAC6 through two methods: you can use the extended schema solution, which Dell has customized to add Dell-defined Active Directory objects. Or, you can use the standard schema solution, which uses Active Directory group objects only.
Page 149: Overview Of The Idrac Schema Extensions
Overview of the iDRAC Schema Extensions To provide the greatest flexibility in the multitude of customer environments, Dell provides a group of properties that can be configured by the user depending on the desired results. Dell has extended the schema to include an Association, Device, and Privilege property.
Page 150 The Dell extension to the Active Directory Users and Computers MMC Snap-in only allows associating the Privilege Object and iDRAC Objects from the same domain with the Association Object. The Dell extension does not allow a group or an iDRAC object from other domains to be added as a product member of the Association Object.
Page 151: Accumulating Privileges Using Extended Schema
The figure shows two Association Objects—iA01 and iA02. User1 is associated to iDRAC2 through both association objects. Therefore, User1 has accumulated privileges that are the result of combining the privileges set for objects Priv1 and Priv2 on iDRAC2. Using the iDRAC6 Directory Service...
Page 152: Configuring Extended Schema Active Directory To Access Your Idrac6
Dell Extension to Microsoft Active Directory Users and Computers Snap- In" on page 159.) 3 Add iDRAC6 users and their privileges to Active Directory (see "Adding iDRAC Users and Privileges to Microsoft Active Directory" on page 160.) 4 Configure the iDRAC6 Active Directory properties using either the iDRAC6 Web-based interface or the RACADM (see "Configuring...
Page 153: Extending The Active Directory Schema
Dell Schema Extender utility • LDIF script file If you use the LDIF script file, the Dell organizational unit will not be added to the schema. The LDIF files and Dell Schema Extender are located on your Dell Systems Management Tools and Documentation DVD in the following respective directories: •...
Page 154 Using the Dell Schema Extender NOTE: The Dell Schema Extender uses the SchemaExtenderOem.ini file. To ensure that the Dell Schema Extender utility functions properly, do not modify the name of this file. 1 In the Welcome screen, click Next. 2 Read and understand the warning and click Next.
Page 155 Table 7-3. dellRacDevice Class 1.2.840.113556.1.8000.1280.1.7.1.1 Description Represents the Dell iDRAC device. The iDRAC device must be configured as delliDRACDevice in Active Directory. This configuration enables the iDRAC to send Lightweight Directory Access Protocol (LDAP) queries to Active Directory. Class Type...
Page 156 Table 7-6. dellPrivileges Class 1.2.840.113556.1.8000.1280.1.1.1.4 Description Used as a container Class for the Dell Privileges (Authorization Rights). Class Type Structural Class SuperClasses User Attributes dellRAC4Privileges Table 7-7. dellProduct Class 1.2.840.113556.1.8000.1280.1.1.1.5 Description The main class from which all Dell products are derived.
Page 157 1.3.6.1.4.1.1466.115.121.1.12) 1.2.840.113556.1.8000.1280.1.1.2.3 Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) 1.2.840.113556.1.8000.1280.1.1.2.4 Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) 1.2.840.113556.1.8000.1280.1.1.2.5 Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) 1.2.840.113556.1.8000.1280.1.1.2.6 Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) 1.2.840.113556.1.8000.1280.1.1.2.7 Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) 1.2.840.113556.1.8000.1280.1.1.2.8 Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) Using the iDRAC6 Directory Service Single Valued FALSE FALSE TRUE TRUE TRUE TRUE TRUE TRUE...
Page 158 List of dellAssociationObjectMembers that belong to this Product. This attribute is the backward link to the dellProductMembers linked attribute. Link ID: 12071 Using the iDRAC6 Directory Service Assigned OID/Syntax Object Identifier 1.2.840.113556.1.8000.1280.1.1.2.9 Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) 1.2.840.113556.1.8000.1280.1.1.2.10 Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) 1.2.840.113556.1.8000.1280.1.1.2.11...
Page 159: Installing Dell Extension To Microsoft Active Directory Users And Computers Snap-In
Users and User Groups, iDRAC Associations, and iDRAC Privileges. When you install your systems management software using the Dell Systems Management Tools and Documentation DVD, you can install the Snap-in by selecting the Active Directory Users and Computers Snap-in option during the installation procedure.
Page 160: Adding Idrac Users And Privileges To Microsoft Active Directory
5 Click Close and click OK. Adding iDRAC Users and Privileges to Microsoft Active Directory Using the Dell-extended Active Directory Users and Computers Snap-in, you can add iDRAC users and privileges by creating iDRAC, Association, and Privilege objects. To add each object type, perform the following procedures: •...
Page 161 Using the Association Object Properties window, you can associate users or user groups, privilege objects, and iDRAC devices. You can add groups of Users. The procedure for creating Dell-related groups and non-Dell-related groups is identical. Adding Users or User Groups 1 Right-click the Association Object and select Properties.
Page 162: Configuring Microsoft Active Directory With Extended Schema Using The Idrac6 Web-Based Interface
Configuring Microsoft Active Directory With Extended Schema Using the iDRAC6 Web-Based Interface 1 Open a supported Web browser window. 2 Log in to the iDRAC6 Web-based interface. 3 Go to Remote Access Network/Security tab Directory Service tab Microsoft Active Directory.
Page 163 DNS lookup with the domain name of the login user. Else, select Specify a Domain and enter the domain name to use on the DNS lookup. iDRAC6 attempts to connect to each of the addresses (first 4 addresses returned by the DNS look up) one by one until it makes a successful connection.
Page 164: Configuring Microsoft Active Directory With Extended Schema Using Racadm
Domain in which iDRAC Object is created. 19 Click Finish to save Active Directory Extended Schema settings. The iDRAC6 Web server automatically returns you to the Active Directory Configuration and Management page. 20 Click Test Settings to check the Active Directory Extended Schema settings.
Page 165 -g cfgActiveDirectory -o cfgADDcSRVLookupEnable=1 • To perform the DNS lookup with the domain name of the login user: racadm config -g cfgActiveDirectory -o cfgADDcSRVLookupbyUserdomain=1 • To specify the domain name to use on the DNS lookup: Using the iDRAC6 Directory Service...
Page 166 1 racadm sslcertupload -t 0x2 -f <ADS root CA certificate> Using the following RACADM command may be optional. See "Importing the iDRAC6 Firmware SSL Certificate" on page 147 for additional information. racadm sslcertdownload -t 0x1 -f <RAC SSL certificate>...
Page 167 <secondary DNS IP address> 5 If you want to configure a list of user domains so that you only need to enter the user name during login to the iDRAC6 Web-based interface, type the following command: racadm config -g cfgUserDomain -o cfgUserDomainName -i <index>...
Page 168: Standard Schema Active Directory Overview
On the Active Directory side, a standard group object is used as a role group. A user who has iDRAC6 access will be a member of the role group. To give this user access to a specific iDRAC6, the role group name and its domain name need to be configured on the specific iDRAC6.
Page 169: Single Domain Versus Multiple Domain Scenarios
If all the login users and role groups, or any of the nested groups, are from multiple domains, then Global Catalog server addresses are required to be configured on iDRAC6. In this multiple domain scenario, all the role groups and the nested groups, if any, must be a Universal Group type.
Page 170: Configuring Standard Schema Microsoft Active Directory To Access Idrac6
2 Create a group or select an existing group. Add the Active Directory user as a member of the Active Directory group to access the iDRAC6. 3 Configure the name of the group and the domain name on iDRAC6 using either the Web-based interface or RACADM. For more information, see "Configuring Microsoft Active Directory With Standard Schema Using...
Page 171 9 Click Next. The Active Directory Configuration and Management Step 2 of 4 page is displayed. 10 Select Enable Active Directory. 11 Select Enable Single Sign-On if you want to log into iDRAC6 without entering your domain user authentication credentials, such as user name and password.
Page 172 Root Domain Name to use on a DNS lookup to obtain the Active Directory Global Catalog Servers. Global Catalog Server Addresses 1-3 are ignored. iDRAC6 attempts to connect to each of the addresses (first 4 addresses returned by the DNS lookup) one by one until it makes a successful connection.
Page 173 Level. For example, if you select Administrator, all the privileges are selected for that level of permission. 24 Click Apply to save the role group settings. The iDRAC6 Web server automatically returns you to the Step 4a of 4 Active Directory Configuration and Management page where your settings are displayed.
Page 174: Configuring Microsoft Active Directory With Standard Schema Using Racadm
NOTE: For Bit Mask Number values, see the Guide available on the Dell Support website at support.dell.com/manuals. racadm config -g cfgActiveDirectory -o cfgADDomainController1 <fully qualified domain name or IP address of the domain controller> racadm config -g cfgActiveDirectory -o cfgADDomainController2 <fully qualified domain name...
Page 175 NOTE: At least one of the 3 addresses is required to be configured. iDRAC6 attempts to connect to each of the configured addresses one-by-one until it makes a successful connection. With Standard Schema, these are the addresses of the domain controllers where the user accounts and the role groups are located.
Page 176 (AD) queries to complete before timing out, type the following command: racadm config -g cfgActiveDirectory -o cfgADAuthTimeout <time in seconds> 3 If DHCP is enabled on the iDRAC6 and you want to use the DNS provided by the DHCP server, type the following RACADM commands: racadm config -g cfgLanNetworking -o...
Page 177: Testing Your Configurations
4 If DHCP is disabled on the iDRAC6 or you want manually to input your DNS IP address, type the following RACADM commands: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 0 racadm config -g cfgLanNetworking -o cfgDNSServer1 <primary DNS IP address>...
Page 178: Generic Ldap Directory Service
When generic LDAP is enabled, iDRAC6 first tries to login the user as a directory user. If it fails, local user lookup is enabled.
Page 179 Ensure that CN = open LDAP FQDN is set (for example, CN= openldap.lab) in the subject field of the LDAP server certificate during certificate generation. The LDAP server address field in iDRAC6 should be set to match the same FQDN address for certificate validation to work.
Page 180 (FQDN) or the IP address of the LDAP server. To specify multiple redundant LDAP servers that serve the same domain, provide the list of all servers separated by commas. iDRAC6 tries to connect to each server in turn, until it makes a successful connection.
Page 181 Administrator, all of the privileges are selected for that level of permission. 13 Click Apply to save role group settings. The iDRAC6 Web server automatically returns you to the Generic LDAP Configuration and Management Step 3a of 3 page where your Role Group settings are displayed.
Page 182: Configuring Generic Ldap Directory Service Using Racadm
-g cfgldap racadm getconfig -g cfgldaprolegroup -i 1 Use RACADM to confirm whether login is possible racadm -r <iDRAC6–IP> -u user.1 -p password getractime Additional settings to test BindDN option racadm config -g cfgldap -o cfgLdapBindDN "cn= idrac_admin,ou=iDRAC_admins,ou=People,dc=common,dc= com"...
Page 183: Frequently Asked Questions About Active Directory
The most common reasons for failing certification validation are: 1 The iDRAC6 date is not within the valid period of the server certificate or CA certificate. Please check your iDRAC6 time and the valid period of your certificate.
Page 184 2 The domain controller addresses configured in iDRAC6 do not match the Subject or Subject Alternative Name of the directory server certificate. If you are using an IP address, please read the following question and answer. If you are using FQDN, please make sure you are using the FQDN of the domain controller, not the domain, for example, servername.example.com instead of example.com.
Page 185 1 Ensure that you use the correct user domain name during a login and not the NetBIOS name. 2 If you have a local iDRAC6 user account, log into the iDRAC6 using your local credentials. After you are logged in: Ensure that you have checked the Enable Active Directory option on the iDRAC6 Active Directory Configuration and Management page.
Page 186 Ensure that you have uploaded the right Active Directory root CA certificate to the iDRAC6 if you enabled certificate validation. Ensure that the iDRAC6 time is within the valid period of the CA certificate. If you are using the Extended Schema, ensure that the iDRAC6 Name and iDRAC6 Domain Name match your Active Directory environment configuration.
Page 187: Configuring Idrac6 For Single Sign-On Or Smart Card Login
The iDRAC6 uses Kerberos to support two types of authentication mechanisms—Active Directory SSO and Active Directory Smart Card logins. For Active Directory SSO login, iDRAC6 uses the user credentials cached in the operating system after the user has logged in using a valid Active Directory account.
Page 188: Prerequisites For Active Directory Sso And Smart Card Authentication
Windows Server Kerberos KDC service. The keytab obtained from the ktpass utility is made available to the iDRAC6 as a file upload and is enabled to be a kerberized service on the network. Configuring iDRAC6 for Single Sign-On or Smart Card Login...
Page 189 Since the iDRAC6 is a device with a non-Windows operating system, run the ktpass utility—part of Microsoft Windows—on the domain controller (Active Directory server) where you want to map the iDRAC6 to a user account in Active Directory. For example, use the following ktpass command to create the Kerberos keytab file: C:\>ktpass -princ...
Page 190 2 In the address bar, enter about:config. 3 In Filter, enter network.negotiate. 4 Add the iDRAC name to network.negotiate-auth.trusted-uris (using comma separated list). 5 Add the iDRAC name to network.negotiate-auth.delegation-uris (using comma separated list). Configuring iDRAC6 for Single Sign-On or Smart Card Login...
Page 191: Using Microsoft Active Directory Sso
Using Microsoft Active Directory SSO The SSO feature enables you to log into the iDRAC6 directly after logging into your workstation without entering your domain user authentication credentials, such as user name and password. To log into the iDRAC6 using this feature, you should have already logged into your system using a valid Active Directory user account.
Page 192: Logging Into Idrac6 Using Sso
Management Step 4 of 4 page is displayed. 8 Click Finish to apply the settings. Using RACADM: You can upload the keytab file to iDRAC6 using the following CLI racadm command: racadm krbkeytabupload -f <filename> where <filename> is the name of the keytab file. The racadm command is supported by both local and remote racadm.
Page 193: Configuring Smart Card Authentication
Configuring Local iDRAC6 Users for Smart Card Logon You can configure the local iDRAC6 users to log into the iDRAC6 using the Smart Card. Click Remote Access Network/Security Users. However, before the user can log into the iDRAC6 using the Smart Card, you must upload the user's Smart Card certificate and the trusted Certificate Authority (CA) certificate to the iDRAC6.
Page 194: Configuring Active Directory Users For Smart Card Logon
NOTE: To log into the iDRAC6, the user name that you configure in the iDRAC6 should have the same case as the User Principal Name (UPN) in the Smart Card certificate. For example, in case the Smart Card certificate has been issued to the user, "sampleuser@domain.com,"...
Page 195 Smart Card logon during any subsequent logon attempts using the Web-based interface. It is recommended that the iDRAC6 administrator use the Enable with Remote Racadm setting only to access the iDRAC6 Web-based interface to run scripts using the remote RACADM commands.
Page 196: Logging Into The Idrac6 Using The Smart Card
Enable CRL check for Smart Card Logon Logging Into the iDRAC6 Using the Smart Card The iDRAC6 Web interface displays the Smart Card logon page for all users who are configured to use the Smart Card. NOTE: Ensure that the iDRAC6 local user and/or Active Directory configuration is complete before enabling the Smart Card Logon for the user.
Page 197: Logging Into The Idrac6 Using Active Directory Smart Card Authentication
If you are an Active Directory user for whom the Enable CRL check for Smart Card Logon is selected, iDRAC6 attempts to download the CRL and checks the CRL for the user's certificate. The login through Active Directory fails if the certificate is listed as revoked in the CRL or if the CRL cannot be downloaded for any reason.
Page 198: Troubleshooting The Smart Card Logon In Idrac6
Smart Card. Unable to Log into Local iDRAC6 If a local iDRAC6 user cannot log in, check if the username and the user certificates uploaded to the iDRAC6 have expired. The iDRAC6 trace logs may provide important log messages regarding the errors;...
Page 199 Unable to Log into iDRAC6 as an Active Directory User • If you cannot log into the iDRAC6 as an Active Directory user, try to log into the iDRAC6 without enabling the Smart Card logon. If you have enabled the CRL check, try the Active Directory logon without enabling the CRL check.
Page 200: Frequently Asked Questions About Sso
<offset value in minutes>. For example, if the system time is GMT -6 (US CST) and time is 2PM, set the iDRAC6 time to GMT time of 18:00 which would require you to enter 360 in the above command for the offset.
Page 201 9 In the right-pane, right-click and select NewDWORD (32-bit) Value. 10 Name the new key as SuppressExtendedProtection. 11 Right-click SuppressExtendedProtection and click Modify. 12 In the Value data field, type 1 and click OK. Configuring iDRAC6 for Single Sign-On or Smart Card Login...
Page 202 Ensure that the iDRAC IP address is listed in the ToolsInternet OptionsSecurityTrusted sites. If it is not listed, SSO fails and you are prompted to enter your user name and password. Click Cancel and proceed. Configuring iDRAC6 for Single Sign-On or Smart Card Login...
Page 203: Using Gui Virtual Console
If a Virtual Console session is already open from the management station to the iDRAC6, an attempt to open a new session from the same management station to that iDRAC6 will result in the existing session becoming active. A new session will not be generated.
Page 204: Configuring Your Management Station
A minimum available network bandwidth of 1 MB/sec is required. • The first Virtual Console session to the iDRAC6 is a full access session. If a second user requests a Virtual Console session, the first user is notified and is given the option (approve, reject, or allow as read-only) to send a sharing request to the second user.
Page 205 Internet Explorer browser, an ActiveX control is provided for the console viewer. You can also use the Java console viewer with Firefox if you install a JRE and configure the console viewer in iDRAC6 Web interface before you launch the viewer.
Page 206: Clear Your Browser's Cache
To clear older versions of Java viewer in Windows or Linux, do the following: 1 At the command prompt, run javaws-viewer or javaws-uninstall 2 The Java Cache viewer is displayed. 3 Delete the items titled iDRAC6 Virtual Console Client. Using GUI Virtual Console down menu. ons windows.
Page 207: Internet Explorer Browser Configurations For Activex Based Virtual Console And Virtual Media Applications
Internet Explorer Browser Configurations for ActiveX based Virtual Console and Virtual Media Applications This section provides information about the Internet Explorer browser settings required to launch and run ActiveX based Virtual Console and Virtual Media applications. NOTE: Clear the browser’s cache and then perform the browser configuration settings.
Page 208: Supported Screen Resolutions And Refresh Rates
800x600 1024x768 1280x1024 Configuring Virtual Console in the iDRAC6 Web Interface To configure Virtual Console in the iDRAC6 Web interface, perform the following steps: 1 Click System Console/MediaConfiguration to configure iDRAC6 Virtual Console settings. 2 Configure the Virtual Console properties. Table 9-2 describes the settings for Virtual Console.
Page 209 Virtual Console is launched may disconnect all your existing Virtual Console sessions. Checked indicates that output to the iDRAC6 Virtual Console monitor is disabled during Virtual Console. This ensures that the tasks you perform using Virtual Console will not be visible on the managed server’s local...
Page 210: Opening A Virtual Console Session
Apply Opening a Virtual Console Session When you open a Virtual Console session, the Dell Virtual Console Viewer Application starts and the remote system’s desktop is displayed in the viewer. Using the Virtual Console Viewer Application, you can control the remote system’s mouse and keyboard functions from your local management station.
Page 211 If you want to reconfigure any of the property values displayed, see "Configuring Virtual Console in the iDRAC6 Web Interface" on page 208. Table 9-4. Virtual Console Property Virtual Console Enabled Video Encryption Enabled Yes/No (checked\unchecked) Max Sessions Active Sessions...
Page 212: Virtual Console Preview
4 Two mouse pointers appear in the viewer window: one for the remote system and one for your local system. You can change to a single cursor by selecting the Single Cursor option under Tools in the iDRAC6 Virtual Console menu.
Page 213: Using Idrac6 Virtual Console (Video Viewer)
When you connect to the remote system, the iDRAC6 Virtual Console starts in a separate window. NOTE: You must have administrator privileges to launch a iDRAC6 Virtual Console (Video Viewer). NOTE: If the remote server is powered off, the message, No Signal, will be displayed.
Page 214 Console/Mediaand click Help on the Virtual Console and Virtual Media GUI page. When you start a Virtual Console session and the iDRAC6 Virtual Console is displayed, you may need to synchronize the mouse pointers. Table 9-7 describes the menu options that are available for use in the viewer.
Page 215 When you have finished using the Console and have logged out (using the remote system's log out procedure), select Exit from the File menu to close the iDRAC6 Virtual Console window. Refreshes the view of the Video Virtual Console. The Virtual Console requests a reference video frame from the server.
Page 216 Table 9-7. Viewer Menu Bar Selections Menu Item Item Macros • Alt+Ctrl+Del • Alt+Tab • Alt+Esc • Ctrl+Esc • Alt+Space • Alt+Enter • Alt+Hyphen • Alt+F4 • PrtScrn • Alt+PrtScrn • F1 • Pause • Tab • Ctrl+Enter • SysRq •...
Page 217 Table 9-7. Viewer Menu Bar Selections Menu Item Item Tools Session Options Single Cursor Stats (continued) Description The Sessions Options window provides additional session viewer control adjustments. This window has the General and Mouse tabs. You can control the Keyboard pass through mode from the General tab.
Page 218: Disabling Or Enabling Local Server Video
NOTE: By disabling (turning off) the local video on the server, the monitor, keyboard, and mouse connected to the iDRAC6 Virtual Console are still enabled. To disable or enable the local console, perform the following procedure: 1 On your management station, open a supported Web browser and log into the iDRAC6.
Page 219: Launching Virtual Console And Virtual Media Remotely
Remotely You can launch Virtual Console/Virtual Media by entering a single URL on a supported browser instead of launching it from the iDRAC6 Web GUI. Depending on your system configuration, you will either go through the manual authentication process (login page) or will be directed to the Virtual Console/Virtual Media viewer automatically.
Page 220: General Error Scenarios
Same behavior when https://<IP> is specified and login fails. The iDRAC6 Virtual Console viewer is not launched. Redirects to the iDRAC6 GUI home page. The iDRAC6 Virtual Console viewer is not launched and you are redirected to the Console/Media configuration GUI page.
Page 221: Frequently Asked Questions On Virtual Console
It gives a local user an opportunity to take any action before the video is switched off. No, after a local video turn ON request is received by iDRAC6, the video is turned on instantly. When the local console is disabled, the local user cannot turn off the video.
Page 222 Ensure that the correct mouse is selected for your operating system before starting a Virtual Console session. Ensure that the Single Cursor option under Tools in the iDRAC6 Virtual Console menu is selected on the iDRAC6 Virtual Console client. The default is two cursor mode. (continued)
Page 223 Virtual Console in the BIOS before installing an operating system remotely. When accessed through the iDRAC6, the Num Lock indicator on the management station does not necessarily coincide with the state of the Num Lock on the remote server.
Page 224 The management station requires an Intel Pentium III 500 MHz processor with at least 256 MB of RAM. You may see this message because the iDRAC6 Virtual Console plugin is not receiving the remote server desktop video. Generally, this behavior may occur when the remote server is powered off.
Page 225: Using The Ws-Man Interface
Additionally, Dell has defined a number of model and profile extensions that provide interfaces for additional capabilities. The data available through WS-MAN is provided by the iDRAC6 instrumentation interface mapped to the following DMTF profiles and Dell extension profiles: Supported CIM Profiles Table 10-1.
Page 226 Defines CIM classes for representing CLP’s configuration. iDRAC6 uses this profile for its own implementation of CLP . Power State Management Defines CIM classes for power control operations. iDRAC6 uses this profile for the host server’s power control operations. Power Supply (version 1.1) Defines CIM classes for representing power supplies.
Page 227 Defines CIM classes for representing identities. iDRAC6 uses this profile for configuring iDRAC6 accounts. USB Redirection Defines CIM classes for representing the remote redirection of local USB ports. iDRAC6 uses this profile in conjunction with the Virtual Media Profile to configure Virtual Media. (continued) Using the WS-MAN Interface...
Page 228 Dell Job Control Defines CIM and Dell extension classes for managing configuration jobs. Dell LC Management Profile Defines CIM and Dell extension classes for the configuration attributes of the Dell Lifecycle Controller such as discovery and handshake. Dell Persistent Storage Defines CIM and Dell extension classes for managing the partitions on the vFlash SD card of Dell platforms.
Page 229 Defines CIM and Dell extension classes to represent the host platform's inventory information. Dell PCI Device Profile Defines CIM and Dell extension classes to represent the host's PCI device inventory information. Dell Video Profile Defines CIM and Dell extension classes to represent the host's video card inventory information.
Page 230 There are additional implementation guides, white papers, profile, and code samples available in the Dell Enterprise Technology Center at www.delltechcenter.com. For more information, see the following: • DMTF Web site: www.dmtf.org/standards/profiles/ • WS–MAN release notes or readme file. Using the WS-MAN Interface...
Page 231: Using The Idrac6 Sm-Clp
For more information on these specifications, see the DMTF website at www.dmtf.org. The iDRAC6 SM-CLP is a protocol that provides standards for systems management CLI implementations. The SM-CLP is a subcomponent of the DMTF SMASH initiative to streamline server management across multiple platforms.
Page 232: Sm-Clp Features
Moves a binary image to a specified target address from a URL Using SM-CLP SSH (or Telnet) in to the iDRAC6 with correct credentials. The SMCLP prompt (/admin1->) is displayed. SM-CLP Targets Table 11-2 provides a list of targets provided through the SM-CLP to support the operations described in Table 11-1 above.
Page 233 Virtual Media USB redirection SAP Using the iDRAC6 SM-CLP Command Line Interface Definitions admin domain Registered profiles in iDRAC6 Hardware Managed system target Power supply Managed system power supply Managed system sensors...
Page 234 Using the iDRAC6 SM-CLP Command Line Interface (continued) Definitions Virtual Media destination USB redirection SAP Service Processor Service Processor time service Service processor capabilities SMASH collection CLP service capabilities Power state management service...
Page 235 Using the iDRAC6 SM-CLP Command Line Interface (continued) Definitions Metric service capabilities Multi-factor Authentication capabilities LAN (Ethernet port) endpoint capabilities Service Processor logs collection System record log System log entry...
Page 236 Using the iDRAC6 SM-CLP Command Line Interface (continued) Definitions IP interface configuration service IP interface protocol endpoint IP interface gateway DHCP client protocol endpoint DNS client protocol endpoint DNS client server...
Page 237 Role1-3 admin1/system1/sp1/rolesvc3/ Role1-3/privilege1 admin1/system1/sp1/ pwrutilmgtsvc1 admin1/system1/sp1/ pwrutilmgtsvc1/pwrcurr1 Using the iDRAC6 SM-CLP Command Line Interface (continued) Definitions MFA account management service IPMI account management service CLP account management service Active Directory group Active Directory identity Active Directory service Local Role Base Authorization (RBA)
Page 238 /admin1/system1/sp1/metricsvc1 /loamd1/loamv* /admin1/system1/sp1/metricsvc1 /hiamd1 /admin1/system1/sp1/metricsvc1 /hiamd1/hiamv* /admin1/system1/sp1/metricsvc1 /avgamd1 /admin1/system1/sp1/metricsvc1 /avgamd1/avgamv* Using the iDRAC6 SM-CLP Command Line Interface (continued) Definitions Metric service Cumulative base metric definition Cumulative base metric value Cumulative watt aggregation metric definition Cumulative watt aggregation metric value Cumulative amp aggregation metric...
Page 239: Deploying Your Operating System Using Vmcli
The Virtual Media Command Line Interface (VMCLI) utility is a command-line interface that provides Virtual Media features from the management station to the iDRAC6 in the remote system. Using VMCLI and scripted methods, you can deploy your operating system on multiple remote systems in your network.
Page 240: Creating A Bootable Image File
Before you deploy your image file to the remote systems, ensure that a supported system can boot from the file. To test the image file, transfer the image file to a test system using the iDRAC6 Web user interface and then reboot the system.
Page 241: Deploying The Operating System
The following procedure provides a high-level overview for deploying the operating system on targeted remote systems. 1 List the iDRAC6 IPv4 or IPv6 addresses of the remote systems that will be deployed in the ip.txt text file, one IPv4 or IPv6 address per line.
Page 242: Using The Vmcli Utility
IPv4 or IPv6 addresses from the specified file and runs the VMCLI utility once for each line. If the argument to the -r option is not a filename, then it should be the address of a single iDRAC6. In this case, the -r works as described for the VMCLI utility.
Page 243: Installing The Vmcli Utility
Users without administrator privileges can add the sudo command as a prefix to the VMCLI command line (or to the VMCLI script) to obtain access to the iDRAC6 in the remote system and run the utility. Installing the VMCLI Utility...
Page 244: Vmcli Parameters
This parameter provides the iDRAC6 IPv4 or IPv6 address and SSL port, which the utility needs to establish a Virtual Media connection with the target iDRAC6. If you enter an invalid IPv4 or IPv6 address or DDNS name, an error message is displayed and the command is terminated.
Page 245 User Password -p <iDRAC-user-password> This parameter provides the password for the specified iDRAC6 user. If iDRAC6 authentication fails, an error message displays and the command terminates. Floppy/Disk Device or Image File -f {<floppy-device> or <floppy-image>} and/or -c {<CD-DVD-device> or <CD-DVD-image>} where <floppy-device>...
Page 246 2 Get the name for the kernel image by typing the following command at the command line: uname -r 3 Go to the /boot directory and delete the kernel image file, whose name you determined in Step 2: mkinitrd /boot/initrd-’uname -r’.img ‘uname -r’ 4 Reboot the server.
Page 247: Vmcli Operating System Shell Options
When this parameter is included in the command line, VMCLI will use an SSL-encrypted channel to transfer data between the management station and the iDRAC6 in the remote system. If this parameter is not included in the command line, the data transfer is not encrypted.
Page 248 • Background execution — By default, the VMCLI utility runs in the foreground. Use the operating system's command shell features to cause the utility to run in the background. For example, under a Linux operating system, the ampersand character (&) following the command causes the program to be spawned as a new background process.
Page 249: Configuring Intelligent Platform
• IPMI over LAN • IPMI over Serial • Serial over LAN The iDRAC6 is fully IPMI 2.0 compliant. You can configure the iDRAC6 IPMI using: • iDRAC6 GUI from your browser • An open source utility, such as IPMItool •...
Page 250 -g cfgIpmiLan -o cfgIpmiLanPrivilegeLimit 2 Set the IPMI LAN channel encryption key, if required. NOTE: The iDRAC6 IPMI supports the RMCP+ protocol. See the IPMI 2.0 specifications for more information. At the command prompt, type the following command and press <Enter>: racadm config -g cfgIpmiLan -o cfgIpmiEncryptionKey <key>...
Page 251 racadm config -g cfgIpmiSol -o cfgIpmiSolEnable 1 Update the IPMI SOL minimum privilege level. NOTE: The IPMI SOL minimum privilege level determines the minimum privilege required to activate IPMI SOL. For more information, see the IPMI 2.0 specification. At the command prompt, type the following command and press <Enter>: racadm config -g cfgIpmiSol -o cfgIpmiSolMinPrivilege <level>...
Page 252 NOTE: SOL can be enabled or disabled for each individual user. At the command prompt, type the following command and press <Enter>: racadm config -g cfgUserAdmin -o cfgUserAdminSolEnable -i <id> 2 where <id> is the user’s unique ID. 4 Configure IPMI Serial. Change the IPMI serial connection mode to the appropriate setting.
Page 253 Set the IPMI serial channel minimum privilege level. At the command prompt, type the following command and press <Enter>: racadm config -g cfgIpmiSerial -o cfgIpmiSerialChanPrivLimit <level> where <level> is one of the following: • 2 (User) • 3 (Operator) • 4 (Administrator) For example, to set the IPMI serial channel privileges to 2 (User), type the following command:...
Page 254: Using The Ipmi Remote Access Serial Interface
For detailed information, see "Configuring IPMI Using Web Interface" on page 61. NOTE: You can use Serial Over LAN with the following Dell OpenManage tools: SOLProxy and IPMItool. For more information, see the Baseboard Management Controller Utilities User’s Guide support.dell.com\manuals.
Page 255: Configuring And Using
Configuring and Using Virtual Media Overview The Virtual Media feature, accessed through the Virtual Console viewer, provides the managed server access to media connected to a remote system on the network. Figure 14-1 shows the overall architecture of Virtual Media. Figure 14-1.
Page 256: Windows-Based Management Station
Using Virtual Media, administrators can remotely boot their managed servers, install applications, update drivers, or even install new operating systems remotely from the virtual CD/DVD and diskette drives. NOTE: Virtual media requires a minimum available network bandwidth of 128 Kbps. Virtual media defines two devices for the managed server’s operating system and BIOS: a floppy disk device and an optical disk device.
Page 257: Linux-Based Management Station
Virtual Media. On Windows, the package may be included in the .NET framework package. Configuring Virtual Media 1 Log in to the iDRAC6 Web interface. 2 Select SystemConsole/Media tabConfiguration Virtual Media to configure the Virtual Media settings.
Page 258 Table 14-2. Virtual Media Configuration Properties Attribute Virtual Media Encryption Enabled Floppy Emulation Connection Status Enable Boot Once Table 14-3. Configuration Page Buttons Button Description Print Prints the Configuration values that appear on the screen. Refresh Reloads the Configuration page. Apply Saves any new settings on the Configuration page.
Page 259: Running Virtual Media
Perform the following steps to run Virtual Media: 1 Open a supported Web browser on your management station. 2 Start the iDRAC6 Web interface. See "Accessing the Web Interface" on page 46 for more information. Configuring and Using Virtual Media...
Page 260 JRE installation directory. The iDRAC6 Virtual Console application launches in a separate window. 6 Click Virtual Media Launch Virtual Media. The Virtual Media Session wizard is displayed.
Page 261: Booting From Virtual Media
Disconnecting Virtual Media 1 Click Tools Launch Virtual Media. 2 Uncheck the box next to the media you want to disconnect. The media is disconnected and the Status window is updated. 3 Click Exit to terminate the Virtual Media Session wizard. NOTE: Whenever a Virtual Media session is initiated or a vFlash is connected, an extra drive named "LCDRIVE"...
Page 262: Installing Operating Systems Using Virtual Media
Virtual Media device. This feature is used in conjunction with Virtual Media, generally while installing operating systems. NOTE: You must have Configure iDRAC6 privilege to use this feature. NOTE: Remote devices must be redirected using Virtual Media to use this feature.
Page 263: Using Virtual Media When The Server's Operating System Is Running
To use the Boot Once Feature, do the following: 1 Log in to the iDRAC6 through the Web interface and click System Console/Media Configuration. 2 Select the Enable Boot Once option under Virtual Media. 3 Power up the server and enter the BIOS Boot Manager.
Page 264: Frequently Asked Questions About Virtual Media
Virtual Drive. If the Virtual Media configuration settings are changed in the iDRAC6 Web-based interface or by local RACADM commands, any connected media is disconnected when the configuration change is applied.
Page 265 Dell Systems Management Tools and Documentation DVD and a slow network connection, the installation procedure may require an extended amount of time to access the iDRAC6 Web interface due to network latency. While the installation window does not indicate the installation progress, the installation procedure is in progress.
Page 266 1. In step 3, read the result of the grep command and locate the device name that is given to the Dell Virtual Floppy. Ensure that you are attached and connected to the Virtual Floppy Drive.
Page 267 1. In step 3, read the result of the grep command and locate the device name that is given to the Dell Virtual CD. Ensure that you are attached and connected to the Virtual CD Drive.
Page 268 Table 14-4. Using Virtual Media: Frequently Asked Questions Question Why are all my USB devices detached after I connect a USB device? What does the USB Reset button do? How do I get the maximum performance from Virtual Media? Configuring and Using Virtual Media Answer Virtual Media devices and vFlash devices are connected as a composite USB device to the Host...
Page 269: Configuring Vflash Sd Card And Managing Vflash Partitions
Ensure that you only insert a vFlash SD card or standard SD card in the iDRAC6 Enterprise card slot. If you insert a card in any other format (example, Multi- Media Card (MMC)), the following error message is displayed when you initialize An error has occurred while initializing SD card.
Page 270: Configuring Vflash Or Standard Sd Card Using Idrac6 Web Interface
You must have Configure iDRAC permission to enable or disable vFlash, or to initialize the card. If the card is not available in the system's iDRAC6 Enterprise card slot, the following error message is displayed. SD card not detected. Please insert an SD card of size 256MB or greater.
Page 271 Table 15-1. SD Card Properties Attribute Description Available Space Displays the unused space on the vFlash SD card in MB. This space is available to create more partitions on the vFlash SD card. If the inserted vFlash SD card is uninitialized, then the available space displays that the card is uninitialized.
Page 272: Configuring Vflash Or Standard Sd Card Using Racadm
If you click any option on the vFlash pages when an application such as WSMAN provider, iDRAC6 Configuration Utility, or RACADM is using vFlash, or if you navigate to some other page in the GUI, iDRAC6 may display the following message vFlash is currently in use by another process.
Page 273: Enabling Or Disabling The Vflash Or Standard Sd Card
Enabling or Disabling the vFlash or Standard SD Card Open a telnet/SSH/Serial console to the server, log in, and enter the following commands: • To enable vFlash or standard SD card: racadm config -g cfgvFlashsd -o cfgvflashSDEnable • To disable vFlash or standard SD card: racadm config -g cfgvFlashsd -o cfgvflashSDEnable NOTE: The RACADM command functions only if a vFlash or standard SD card is...
Page 274: Managing Vflash Partitions Using Idrac6 Web Interface
For more information about vflashsd, see the iDRAC6 Administrator Reference Guide available on the Dell Support website at support.dell.com/manuals. NOTE: racadm vmkey reset onwards. The functionality of this command is now covered by . While execution of the initialize successful, it is recommended to use the command.
Page 275 An initialize operation is not already being performed on the card. To create an empty vFlash partition: 1 On the iDRAC6 Web interface, select SystemvFlash tabCreate Empty Partition subtab. The Create Empty Partition page is displayed. 2 Enter the information mentioned in Table 15-2.
Page 276: Creating A Partition Using An Image File
Table 15-2. Create Empty Partition Page Options Field Emulation Type Size Creating a Partition Using an Image File You can create a new partition on the vFlash or standard SD card using an image file (available in the .img or .iso format.) You can create a partition of type Floppy, Hard Disk, or CD.
Page 277 Hard Disk, then the BIOS will not be able to boot from this image. To create a vFlash partition using an image file: 1 On the iDRAC6 Web interface, select SystemvFlash tabCreate From Image subtab. The Create Partition from Image File page is displayed.
Page 278: Formatting A Partition
Table 15-3. Create Partition from Image File Page Options Field Index Label Emulation Type Image Location Formatting a Partition You can format an existing partition on the vFlash SD card based on the type of file system. The supported file system types are EXT2, EXT3, FAT16, and FAT32.
Page 279: Viewing Available Partitions
To format vFlash partition: 1 On the iDRAC6 Web interface, select SystemvFlash tabFormat subtab. The Format Partition page is displayed. 2 Enter the information mentioned in Table 15-4. 3 Click Apply. A warning message indicating that all the data on the partition will be erased is displayed.
Page 280 Table 15-5. Viewing Available Partitions Field Index Label Size Read-Only Attached Type Status Configuring vFlash SD Card and Managing vFlash Partitions Description Partitions are indexed from 1 to 16. The partition index is unique for a particular partition. It is specified when the partition is created.
Page 281: Modifying A Partition
Ensure that the card is enabled to modify the partition. You can change a read-only partition to read-write or vice-versa. To do this: 1 On the iDRAC6 Web interface, select SystemvFlash tabManage subtab. The Manage Partitions page is displayed. 2 In the Read-Only column, select the checkbox for the partition(s) that you want to change to read-only or clear the checkbox for the partition(s) that you want to change to read-write.
Page 282: Deleting Existing Partitions
To attach or detach partitions: 1 On the iDRAC6 Web interface, select SystemvFlash tabManage subtab. The Manage Partitions page is displayed. 2 In the Attached column, select the checkbox for the partition(s) that you want to attach or clear the checkbox for the partition(s) that you want to detach.
Page 283: Downloading Partition Contents
You can download the contents of a vFlash partition to a local or remote location as an image file in the .img or .iso format. Local location is on your management system where iDRAC6 Web interface is operated from. Remote location is a network location mapped onto the management station.
Page 284: Booting To A Partition
Booting to a Partition You can set an attached vFlash partition as the boot device for the next boot operation. The vFlash partition must contain a bootable image (in the .img or .iso format) to set it as a boot device. Ensure that the card is enabled to set a partition as a boot device and to perform the boot operation.
Page 285 Options only valid with the create action: -o <label> Label that is shown when the partition is mounted on the operating system. <label> must be a string up to six alphanumeric characters and must not contain spaces. -e <type> Emulation type for the partition. <type> must be floppy, cddvd, or HDD.
Page 286: Creating A Partition
Creating a Partition • To create a 20MB empty partition: racadm vflashpartition create -i 1 -o drive1 -t empty -e HDD -f fat16 -s 20 • To create a partition using an image file on a remote system: racadm vflashpartition create –i 1 –o drive1 –e HDD –t image –l //myserver/sharedfolder/foo.iso –u root –p mypassword NOTE:...
Page 287: Booting To A Partition
Booting to a Partition • To list the available devices in the boot list: racadm getconfig –g cfgServerInfo –o cfgServerFirstBootDevice If it is a vFlash SD card, the label names of the attached partitions appears in the boot list. If it is a standard SD card and if the partition is attached, then VFLASH appears in the boot list.
Page 288: Frequently Asked Questions
For more information about the RACADM subcommands and the iDRAC6 property database group and object definitions, see the iDRAC6 Administrator Reference Guide available on the Dell Support website at support.dell.com/manuals. Frequently Asked Questions When is the vFlash or standard SD card locked? The virtual flash media is locked by iDRAC when the operation it is performing needs exclusive access to the media.
Page 289: Power Monitoring And Management
Power Capping: Systems can be throttled to maintain a specified power cap. • Power Monitoring: The iDRAC6 polls the power supplies to gather power measurements. The iDRAC6 collects a history of power measurements and calculates running averages, and peaks. Using the iDRAC6 Web-based interface, you can view the information, which is displayed on the Power Monitoring page.
Page 290: Power Inventory, Power Budgeting, And Capping
Power consumption (also shown in graphs in the Web-based interface) Configuring and Managing Power You can use the iDRAC6 Web-based interface and RACADM command line interface (CLI) to manage and configure power controls on the PowerEdge system. Specifically, you can: •...
Page 291: Viewing The Health Status Of The Power Supply Units
Using the Web-Based Interface To view the health status of the power supply units: 1 Log in to the iDRAC6 Web-based interface. 2 Select Power Supplies in the system tree. The Power Supplies page displays and provides the following information: •...
Page 292: Using Racadm
• Severe indicates at least one failure alert has been issued. Failure status indicates a power failure on the server, and corrective action must be taken immediately. – Location displays the name of the power supply unit: PS-n, where n is the power supply number.
Page 293: Viewing Power Budget
Using the Web Interface NOTE: To perform power management actions, you must have Administrative privilege. 1 Log in to the iDRAC6 Web-based interface. 2 Click the Power tab. 3 Select the Power Budget option. 4 The Power Budget Information page displays.
Page 294: Power Budget Threshold
525W. Using the Web-Based Interface 1 Log in to the iDRAC6 Web-based interface. 2 Click the Power tab. 3 Select the Power Budget option. The Power Budget Information page displays.
Page 295: Using Racadm
Viewing Power Monitoring Using the Web Interface To view the power monitoring data: 1 Log in to the iDRAC6 Web interface. 2 Select Power Monitoring in the system tree. The Power Monitoring page displays. The information provided on the Power Monitoring page is described below: Power Monitoring •...
Page 296 • Warning Threshold: Displays the acceptable power consumption (in Watts and BTU/hr) recommended for system operation. Power consumption that exceeds this value results in warning events. • Failure Threshold: Displays the highest acceptable power consumption (in Watts and BTU/hr) required for system operation. Power consumption that exceeds this value results in critical/failure events.
Page 297 Show Graph Click Show Graph to display graphs showing the iDRAC6 Power and Current Consumption in Watts and Amperes, respectively, over the last hour. The user has the option to view these statistics up to a week before, using the drop down menu provided above the graphs.
Page 298: Using Racadm
NOTE: To perform power management actions, you must have Chassis Control Administrator privilege. The iDRAC6 enables you to remotely perform several power management actions, such as an orderly shutdown. Using the Web Interface 1 Log in to the iDRAC6 Web interface.
Page 299: Using Racadm
– Power Cycle System (cold boot) powers off and then reboots the system. This option is disabled if the system is already powered OFF. 4 Click Apply. A dialog box is displayed requesting confirmation. 5 Click OK to perform the power management action you selected (for example, cause the system to reset).
Page 300 Power Monitoring and Management...
Page 301: Using The Idrac6 Configuration
Utility Overview The iDRAC6 Configuration Utility is a pre-boot configuration environment that allows you to view and set parameters for the iDRAC6 and for the managed server. Specifically, you can: • View the firmware revision numbers for the iDRAC6 and Primary Backplane firmware •...
Page 302: Starting The Idrac6 Configuration Utility
If your operating system begins to load before you press <Ctrl><E>, allow the system to finish booting, then restart your server and try again. The iDRAC6 Configuration Utility window is displayed. The first two lines provide information about the iDRAC6 firmware and primary backplane firmware revisions.
Page 303: Idrac6 Lan
Use <Left Arrow>, <Right Arrow>, and the spacebar to select between On and Off. The iDRAC6 LAN is enabled in the default configuration. The LAN must be enabled to permit the use of iDRAC6 facilities, such as the Web-based interface, Telnet/SSH, Virtual Console, and Virtual Media.
Page 304: Lan Parameters
Register iDRAC6 Select On to register the iDRAC6 name in the DNS service. Name Select Off if you do not want users to locate the iDRAC6 name in DNS. iDRAC6 Name If Register iDRAC Name is set to On, press <Enter> to edit the Current DNS iDRAC Name text field.
Page 305 Ethernet IP Address If the IP Address Source is set to DHCP , this field displays the IP address obtained from DHCP . If the IP Address Source is set to Static, enter the IP address you want to assign to the iDRAC6. The default is 192.168.0.120. Subnet Mask If the IP Address Source is set to DHCP , this field displays the subnet mask address obtained from DHCP .
Page 306 If the IP Address Source is set to Static, enter the IP address of the default gateway. IPv6 Link-local This is the non-editable IPv6 Link-local Address of the Address iDRAC6 network interface. This is the non-editable IPv6 Address 2 of the iDRAC6 IPv6 Address 2 network interface. Using the iDRAC6 Configuration Utility (continued)
Page 307: Virtual Media Configuration
Drive Emulation Type must be set to Hard disk in the BIOS Setup Utility. The BIOS Setup Utility is accessed by pressing <F2> during server start-up. If the USB Flash Drive Emulation Type is set to Auto, the Flash Drive will appear as a floppy drive to the system. (continued) Using the iDRAC6 Configuration Utility...
Page 308 Name - Displays the name of the vFlash SD card inserted into the server's vFlash SD card slot. If it is a Dell SD card, it displays vFlash SD Card. If it is a non-Dell SD card, it displays SD Card.
Page 309: Smart Card Logon
When you select Enabled or Enabled with RACADM, IPMI Over LAN will be switched off and blocked for editing. System Services Configuration System Services Press <Enter> to select Enabled or Disabled. See the Dell Lifecycle Controller User Guide available on the Dell Support Website at support.dell.com/manuals for more information. NOTE: Modifying this option will restart the server when you Save and Exit to apply the new settings.
Page 310: Lcd Configuration
Collect System Inventory on Restart Select Enabled to allow the collection of inventory during boot. See the Dell Lifecycle Controller User Guide available on the Dell Support Website at support.dell.com/manuals for more information. NOTE: Modifying this option restarts the server after you have saved your settings and exited from the iDRAC6 Configuration Utility.
Page 311: Lan User Configuration
Reset to Default Use the Reset to Default menu item to reset all of the iDRAC6 configuration items to the factory defaults. This may be required, for example, if you have forgotten the administrative user password or if you want to reconfigure the iDRAC6 from the default settings.
Page 312 The remote provisioning server sends the user credentials to have iDRAC6 create a user account with these credentials. Once the user account is created, a remote console can establish WS-MAN...
Page 313 Table 17-3. LAN User Configuration Item Description Auto–Discovery Before adding your Dell system to the network and using the (continued...) auto–discovery feature, ensure that: • Dynamic Host Configuration Protocol (DHCP) • Provisioning Web services is installed, configured, and Provisioning Server This field is used to configure the provisioning server.
Page 314: System Event Log Menu
Some of the settings cannot be applied — Displayed when few settings cannot be applied. • Select Discard Changes and Exit and press <Enter> to ignore any changes you made. • Select Return to Setup and press <Enter> to return to the iDRAC6 Configuration Utility. Using the iDRAC6 Configuration Utility...
Page 315: Monitoring And Alert Management
Configuring the Managed System to Capture the Last Crash Screen Before the iDRAC6 can capture the last crash screen, you must configure the managed system with the following prerequisites. 1 Install the managed system software. For more information about installing the managed system software, see the Server Administrator User's Guide.
Page 316: Disabling The Windows Automatic Reboot Option
Disabling the Windows Automatic Reboot Option To ensure that the iDRAC6 Web-based interface last crash screen feature works properly, disable the Automatic Reboot option on managed systems running the Microsoft Windows Server 2008 and Windows Server 2003 operating systems. Disabling the Automatic Reboot Option in Windows 2008 Server 1 Open the Windows Control Panel and double-click the System icon.
Page 317: Configuring Platform Event Filters (Pef)
• Temperature Warning Assert Filter • Temperature Critical Assert Filter • Intrusion Critical Assert Filter • Redundancy Degraded Filter • Redundancy Lost Filter • Processor Warning Assert Filter • Processor Critical Assert Filter • Processor AbsentCritical Assert Filter • Power Supply Warning Assert Filter •...
Page 318 Configuring PEF Using the Web-Based Interface For detailed information, see "Configuring Platform Event Filters (PEF)" on page 59. Configuring PEF Using the RACADM CLI 1 Enable PEF. Open a command prompt, type the following command, and press <Enter>: racadm config -g cfgIpmiPef -o cfgIpmiPefEnable -i where 1 and 1 are the PEF index and the enable/disable selection, respectively.
Page 319: Configuring Pet
Configuring PET Configuring PET Using the Web User Interface For detailed information, see "Configuring Platform Event Traps (PET)" on page 59. Configuring PET Using the RACADM CLI 1 Enable your global alerts. Open a command prompt, type the following command, and press <Enter>: racadm config -g cfgIpmiLan -o cfgIpmiLanAlertEnable 1...
Page 320: Configuring E-Mail Alerts
3 Configure your PET policy. At the command prompt, type the following command and press <Enter>: iPv4:racadm config -g cfgIpmiPet -o cfgIpmiPetAlertDestIPAddr -i 1 <IPv4_address> iPv6:racadm config -g cfgIpmiPetIpv6 -o cfgIpmiPetIPv6AlertDestIPAddr -i 1 <IPv6_address> where 1 is the PET destination index and <IPv4_address> and <IPv6_address>...
Page 321: Testing E-Mail Alerting
where 1 and 1 are the e-mail destination index and the enable/disable selection, respectively. The e-mail destination index can be a value from 1 through 4. The enable/disable selection can be set to 1 (Enabled) or 0 (Disabled). For example, to enable e-mail with index 4, type the following command: racadm config -g cfgEmailAlert -o cfgEmailAlertEnable -i 4 1 3 Configure your e-mail settings.
Page 322: Testing The Rac Snmp Trap Alert Feature
In IT Assistant, you have the get community name = public and the set community name = private. By default, the community name for the iDRAC6 agent is public. When IT Assistant sends out a set request, the iDRAC6 agent generates the SNMP authentication error because it will only accept requests from community = public.
Page 323 To prevent SNMP authentication errors from being generated, you must enter community names that will be accepted by the agent. Since the iDRAC6 only allows one community name, you must use the same get and set community name for IT Assistant discovery setup.
Page 324 Monitoring and Alert Management...
Page 325: Recovering And Troubleshooting The Managed System
Recovering and Troubleshooting the Managed System This section explains how to perform tasks related to recovering and troubleshooting a crashed remote system using the iDRAC6 Web-based interface. • "First Steps to Troubleshoot a Remote System" on page 325 • "Managing Power on a Remote System" on page 326 •...
Page 326: Managing Power On A Remote System
Viewing System Information The System Summary page allows you to view your system's health and other basic iDRAC6 information at a glance and provides you with links to access the system health and information pages. Also, you can quickly launch common tasks from this page and view recent events logged in the System Event Log (SEL).
Page 327: Main System Chassis
To access the System Details page, expand the System tree and click PropertiesSystem Details tab. Main System Chassis NOTE: To receive Host Name and OS Name information, you must have iDRAC6 services installed on the managed system. Table 19-1. System Information Field...
Page 328: Remote Access Controller
Remote Access Controller Table 19-4. RAC Information Field Description Name iDRAC6 Product Integrated Dell Remote Access Controller 6 – Enterprise Information Date/Time Current time in the form: Day Month DD HH:MM:SS:YYYY Firmware Version iDRAC6 firmware version Firmware Updated Date the firmware was last flashed in the form:...
Page 329 Indicates whether IPv6 stack is enabled. IP Address 1 Specifies the IPv6 address/prefix length for the iDRAC6 NIC. The prefix length is combined with the IP Address 1. This is an integer specifying the prefix length of the IPv6 address. It can be a value between 1 and 128.
Page 330: Using The System Event Log (Sel)
Table 19-6. IPv6 Information Fields Field Autoconfig Enabled Use DHCPv6 to obtain DNS server Addresses Preferred DNS Server Indicates the static IPv6 address for the preferred DNS server. Alternate DNS Server Indicates the static IPv6 address for the alternate DNS server. Using the System Event Log (SEL) The SEL page displays system-critical events that occur on the managed system.
Page 331: Using The Command Line To View System Log
If no arguments are specified, the entire log is displayed. NOTE: For more information on the options you can use, see getsel subcommand in the iDRAC6 Administrator Reference Guide available on the Dell Support website at support.dell.com/manuals. The clrsel command removes all existing records from the SEL.
Page 332: Using The Post Boot Logs
Tools Internet OptionsAdvanced tab and deselect the option encrypted pages to disk The iDRAC6 Express Card is bonded to the iDRAC6 when you enter the Unified Server Configurator (USC) application by pressing F10 during boot. If bonding is successful, the following message is logged in the SEL and LCD—iDRAC6 Upgrade Successful.
Page 333: Viewing The Last System Crash Screen
The last crash screen feature requires the managed system with the Auto Recovery feature configured in Server Administrator. In addition, ensure that the Automated System Recovery feature is enabled using the iDRAC6. Navigate to the Services page under the Network/Security tab in the Remote Access section to enable this feature.
Page 334 Recovering and Troubleshooting the Managed System...
Page 335: Recovering And Troubleshooting
Using the RAC Log The RAC Log is a persistent log maintained in the iDRAC6 firmware. The log contains a list of user actions (such as log in, log out, and security policy changes) and alerts issued by the iDRAC6. The oldest entries are overwritten when the log becomes full.
Page 336 Table 20-1. iDRAC Log Page Information Field Description Date/ Time The date and time (for example, Dec 19 16:55:47). When the iDRAC6 initially starts and is unable to communicate with the managed system, the time will be displayed as System Boot. Source The interface that caused the event.
Page 337: Using The Command Line
Using the Command Line Use the getraclog command to view the iDRAC6 log entries. racadm getraclog [options] racadm getraclog -i The getraclog -i command displays the number of entries in the iDRAC6 log. NOTE: For more information, see getraclog in the Guide available on the Dell Support website at support.dell.com/manuals.
Page 338: Diagnostic Commands
(ICMP) echo packet is sent to the destination IP address based on the current routing-table contents. gettracelog Displays the iDRAC6 trace log. For more information, see gettracelog in the iDRAC6 Administrator Reference Guide available on the Dell Support website at support.dell.com/manuals.
Page 339: Using The Trace Log
NOTE: The iDRAC6 will not echo an ICMP (ping) with a packet size larger than 1500 bytes. Using the racdump The racadm racdump command provides a single command to get dump, status, and general iDRAC6 board information.
Page 340: Using The Coredump
The racadm coredumpdelete command can be used to clear any currently resident coredump data stored in the RAC. For more information, see the coredump and coredumpdelete subcommands in the iDRAC6 Administrator Reference Guide available on the Dell Support website at support.dell.com/manuals.
Page 341: Sensors
You can use the iDRAC6 to monitor hardware sensors for batteries, fan probes, chassis intrusion, power supplies, power consumed, temperature, and voltages.
Page 342: Power Supplies Probes
You can also view a graphical representation of the consumption of power for the last minute, last hour, last day, or last week from the current time set in the iDRAC6. Temperature Probe The temperature sensor provides information about the system board ambient temperature.
Page 343: Voltage Probes
Voltage Probes The following are typical voltage probes. Your system may have these and/or others present. • CPU [n] VCORE • System Board 0.9V PG • System Board 1.5V ESB2 PG • System Board 1.5V PG • System Board 1.8V PG •...
Page 344 Sensors...
Page 345: Configuring Security Features
Advanced Security options for the iDRAC6 administrator: • The Virtual Console disable option allows the local system user to disable Virtual Console using the iDRAC6 Virtual Console feature. The local configuration disable features allows the remote iDRAC6 • administrator to selectively disable the ability to configure the iDRAC6 from: –...
Page 346: Security Options For The Idrac6 Administrator
1 NOTE: This option is supported only on the iDRAC6 Configuration Utility. To upgrade to this version, upgrade your BIOS using the BIOS update package from the Dell Support website at support.dell.com. Disabling Local Configuration From Local RACADM This feature disables the ability of the managed system’s user to configure the iDRAC6 using the local RACADM or the Dell OpenManage Server Administrator utilities.
Page 347 CAUTION: These features severely limit the ability of the local user to configure the iDRAC6 from the local system, including performing a reset to default of the configuration. It is recommended that you use these features with discretion. Disable only one interface at a time to help avoid losing login privileges altogether.
Page 348: Disabling Idrac6 Virtual Console
LocalConRedirDisable 0 Several situations might call for disabling iDRAC6 Virtual Console. For example, administrators may not want a remote iDRAC6 user to view the BIOS settings that they configure on a system, in which case they can disable Virtual Console during the system POST by using the LocalConRedirDisable command.
Page 349: Securing Idrac6 Communications Using Ssl And Digital Certificates
The iDRAC6 Web server includes a Dell self-signed SSL digital certificate (Server ID). To ensure high security over the Internet, replace the Web server SSL certificate by submitting a request to the iDRAC6 to generate a new Certificate Signing Request (CSR).
Page 350: Accessing The Ssl Main Menu
Internet. After the CA approves the CSR and sends you a certificate, you must upload the certificate to the iDRAC6 firmware. The CSR information stored on the iDRAC6 firmware must match the information contained in the certificate.
Page 351: Generating A Certificate Signing Request
Table 22-2. SSL Main Menu Buttons Button Description Print Prints the SSL Main Menu page. Refresh Reloads the SSL Main Menu page. Next Navigates to the next page. Generating a Certificate Signing Request NOTE: Each CSR overwrites any previous CSR on the firmware. Before iDRAC can accept your signed CSR, the CSR in the firmware must match the certificate returned from the CA.
Page 352: Viewing A Server Certificate
Table 22-3. Generate Certificate Signing Request (CSR) Page Options Field Description Locality The city or other location of the entity being certified (for example, Round Rock). Only alphanumeric characters and spaces are valid. Do not separate words using an underscore or some other character. State Name The state or province where the entity who is applying for a certification is located (for example, Texas).
Page 353: Using The Secure Shell (Ssh)
Server Administrator must be installed with its Auto Recovery feature activated by setting the Action to either: Reboot System, Power Off System, or Power Cycle System, for the Last Crash Screen to function in the iDRAC6. 4 Click Apply Changes.
Page 354 5 Click the appropriate Services page button to continue. See Table 22-13. Table 22-6. Local Configuration Settings Setting Disable the iDRAC local configuration using option Disable the iDRAC local configuration using RACADM Table 22-7. Web Server Settings Setting Enabled Max Sessions Active Sessions Timeout HTTP Port Number...
Page 355 The Telnet idle timeout in seconds. Timeout range is 60 to 1920 seconds. Enter 0 seconds to disable the Timeout feature. The default is 300. Port Number The port on which the iDRAC6 listens for a Telnet connection. The default is 23. Table 22-10. Remote RACADM Settings Setting...
Page 356 Table 22-11. SNMP Agent Settings Setting Enabled Community Name Table 22-12. Automated System Recovery Agent Setting Setting Enabled Table 22-13. Services Page Buttons Button Print Refresh Apply Changes Configuring Security Features Description Enables or disables the SNMP agent. Checked=Enabled; Unchecked=Disabled. The name of the community that contains the IP address for the SNMP Alert destination.
Page 357: Enabling Additional Idrac6 Security Options
IP address and to the cfgRacTuneIpRangeAddr properties. If the results of both properties are identical, the incoming login request is allowed to access the iDRAC6. Logins from IP addresses outside this range receive an error. The login proceeds if the following expression equals zero: cfgRacTuneIpRangeMask &...
Page 358 See the iDRAC6 Administrator Reference Guide available on the Dell Support website at support.dell.com/manuals for a complete list of cfgRacTuning properties. Table 22-14. IP Address Filtering (IpRange) Properties Property cfgRacTuneIpRangeEnable Enables the IP range checking feature. cfgRacTuneIpRangeAddr cfgRacTuneIpRangeMask Enabling IP Filtering Below is an example command for IP filtering setup.
Page 359 IP blocking dynamically determines when excessive login failures occur from a particular IP address and blocks (or prevents) the address from logging into the iDRAC6 for a preselected time span. The IP blocking parameter uses cfgRacTuning group features that include: •...
Page 360 When login attempts are refused from the client IP address, some SSH clients may display the following message: ssh exchange identification: Connection closed by remote host. See the iDRAC6 Administrator Reference Guide available on the Dell Support website at support.dell.com/manuals for a complete list of cfgRacTuning properties.
Page 361: Configuring The Network Security Settings Using The Idrac6 Gui
3600 Configuring the Network Security Settings Using the iDRAC6 GUI NOTE: You must have Configure iDRAC6 permission to perform the following steps. 1 In the System tree, click Remote Access. 2 Click the Network/Security tab and then click Network.
Page 362 IP Range Subnet Mask to determine the upper portion of the allowed IP address. Any IP address that contains this bit pattern in its upper bits is allowed to establish an iDRAC6 session. Logins from IP addresses that are outside this range will fail.
Page 363: Index
Index accessing SSL with web interface, 64 Active Directory adding iDRAC6 users, 160 configure, 31 configuring access to iDRAC6, 152 managing certificates, 70 objects, 149 schema extensions, 148 using with extended schema, 148 using with iDRAC6, 143 using with standard schema, 168...
Page 364 Interface, 178 Configuring iDRAC Direct Connect Basic Mode and Direct Connect Terminal Mode, 99 configuring idrac6 serial connection, 97 Configuring iDRAC6 NIC, 49 configuring iDRAC6 services, 73 ASR, 74 local configuration, 73 remote RACADM, 73 SNMP agent, 73 SSH, 73...
Page 365 77 firmware/system services recovery image updating with web interface, 77 Format Partition, 278 frequently asked questions, 125 using console redirection, 221 using iDRAC6 with Active Directory, 183 using Virtual Media, 264 hardware installing, 33 Identify Server, 338 iDRAC KVM...
Page 366 79 iDRAC6 LAN, 303 iDRAC6 ports, 26 iDRAC6 serial configuring, 106 iDRAC6 services configuring, 73 iDRAC6 user enabling permissions, 141 Image File, 276 installing and configuring iDRAC6 software, 36 installing Dell extensions Active Directory Users and Computers snap-in, 159...
Page 367 289 power inventory and budgeting, 289 power monitoring, 289, 342 power supplies probe, 342 RACADM adding an iDRAC6 user, 140 installing and removing, 37 removing an iDRAC6 user, 141 RACADM subcommands getconfig, 222 racadm utility parsing rules, 121...
Page 368 Smart Card Logon, 193 SSL encryption, 20 Standard Schema Active Directory Overview, 168 supported CIM profiles, 225 Switching Between Direct Connect Terminal Mode and Serial Console Redirection, 101 system configuring to use iDRAC6, 34 System Services Configuration Unified Server Configurator, 309 telnet...
Page 369 TFA, 193 Unified Server Configurator, 27, 309-310 System Services, 309-310 system services, 27 updating the firmware iDRAC6, 39 updating the iDRAC6 firmware/system services recovery image, 77 preserve configuration, 78 upload/rollback, 77 USB flash drive emulation type, 307 USB Flash Key, 269...
Page 370 247 parameters, 244 return codes, 248 syntax, 244 using, 242 voltage probe, 343 web browser configuring, 41 supported, 25 web interface accessing, 46 for configuring iDRAC6, 45 logging in, 47 logging out, 48 WS-MAN protocol, 20 Index...