Concept Guide
Configuring advanced security using hash password
You can set user passwords and BIOS passwords using a one-way hash format in iDRAC available on the 13th generation Dell PowerEdge
servers. The user authentication mechanism is not affected (except for SNMPv3 and IPMI) and you can provide the password in plain
text format.
With the new password hash feature, you can:
• Generate your own SHA256 hashes to set iDRAC user passwords and BIOS passwords. New attributes are created to represent the
hash representation of the password.
• Export the Server Configuration Profiles file with the password that has the hash values. Use the ExportSystemConfiguration method
and include the password hash values that should be exported to the IncludeInExport parameter.
The hash password can be generated with and without Salt using SHA256. Whether the Salt string is used or null, it should always be set
along with the SHA256SystemPassword.
NOTE: If the iDRAC user account’s password is set with the SHA256 password hash (SHA256Password) only and not
the other hashes (SHA1v3Key, MD5v3Key), authentication through SNMPv3 is lost. Authentication through IPMI is
always lost when hash is used to set the user account’s password.
For more information on using hash password, see the iDRAC Card and BIOS and BootManagement profile documents available at
en.community.dell.com/techcenter/systems-management/w/wiki/1906.dcim-library-profile.aspx.
Configuring USB management port
On the 13th generation of PowerEdge servers monitored by iDRAC, you can perform the following functions on a USB port and USB drive:
• Manage the status of the server’s USB management port. If the status is disabled, iDRAC does not process a USB device or host
connected to the managed USB port.
• Configure the USB Management Port Mode to determine whether the USB port is used by iDRAC or the operating system.
• View the overcurrent alert generated when a device exceeds the power requirement permitted by USB specification. Configure the
overcurrent alert to generate the WS-Events.
• View the inventory of the USB device such as FQDD, device description, protocol, vendor ID, product ID, and so on, when the device
is connected.
• Configure a server by using files stored on a USB drive that is inserted in to a USB port, which is monitored by an iDRAC. This
configuration allows creation of a job to track progress and logging the results in the Lifecycle log. The rules for discovering the Server
Configuration profile and naming are the same as DHCP provisioning. For more information, see en.community.dell.com/techcenter/
extras/m/white_papers.
NOTE:
The USB configuration setting controls whether the configuration of the system is allowed from a USB drive.
The default setting only applies the configuration from the USB when the iDRAC user password and BIOS are still
default.
For more information about the USB device management, see the USB device profile document available at en.community.dell.com/
techcenter/systems-management/w/wiki/1906.dcim-library-profile.aspx.
Monitor
Using various Lifecycle Controller-Remote Services capabilities, you can monitor a system throughout its lifecycle. Current and factory-
shipped hardware inventory, Lifecycle Log, System Event Log, Firmware Inventory are some of the features that help you monitor the
system.
Collecting system inventory
When Collect System Inventory On Restart (CSIOR) is set to enabled, Lifecycle Controller performs an inventory and collects the
configuration information for all hardware on every system restart. Also, the system inventory collection also detects any changes in
hardware. If the Part Replacement feature is enabled and CSIOR detects that the managed hardware is replaced, Lifecycle Controller
restores the previous configuration and firmware on the newly installed device based on the inventory collected during the previous
system restart.
The CSIOR setting is enabled by default and it can be disabled locally by using Lifecycle Controller or remotely with RACADM, WS-MAN,
or iDRAC RESTful API with Redfish. You can change the settings to one of the following:
14
Remote Services Features