Users Guide

• View boot and crash capture videos.

• Out-of-band monitor and alert the performance index of CPU, memory, and I/O modules.

• Configure warning threshold for inlet temperature and power consumption.

• Use iDRAC Service Module to:

– View operating system information.

– Replicate Lifecycle Controller logs to operating system logs.

– Automatic system recovery options.

– Populate Windows Management Instrumentation (WMI) information.

– Integrate with SupportAssist collection. This is applicable only if iDRAC Service Module Version 2.0

or later is installed. For more information, see Generating SupportAssist Collection.

– Prepare to remove NVMe PCIe SSD. For more information, see Preparing to remove PCIe SSD.

• Generate SupportAssist collection in the following ways:

– Automatic — Using iDRAC Service Module that automatically invokes the OS Collector tool.

– Manual — Using OS Collector tool.

Dell Best Practices regarding iDRAC

• iDRACs are intended to be on a separate management network; they are not designed nor intended

to be placed on or connected to the internet. Doing so could expose the connected system to

security and other risks for which Dell is not responsible.

• Along with locating iDRACs on a separate management subnet, users should isolate the management

subnet/vLAN with technologies such as firewalls, and limit access to the subnet/vLAN to authorized

server administrators.

Secure Connectivity

Securing access to critical network resources is a priority. iDRAC implements a range of security features

that includes:

• Custom signing certificate for Secure Socket Layer (SSL) certificate.

• Signed firmware updates.

• User authentication through Microsoft Active Directory, generic Lightweight Directory Access

Protocol (LDAP) Directory Service, or locally administered user IDs and passwords.

• Two-factor authentication using the Smart–Card logon feature. The two-factor authentication is

based on the physical smart card and the smart card PIN.

• Single Sign-On and Public Key Authentication.

• Role-based authorization, to configure specific privileges for each user.

• SNMPv3 authentication for user accounts stored locally in the iDRAC. It is recommended to use this,

but it is disabled by default.

• User ID and password configuration.

• Default login password modification.

• Set user passwords and BIOS passwords using one-way hash format for improved security.

• SMCLP and web interfaces that support 128 bit and 40-bit encryption (for countries where 128 bit is

not acceptable), using the TLS 1.2 standard.

• Session time-out configuration (in seconds).

• Configurable IP ports (for HTTP, HTTPS, SSH, Telnet, Virtual Console, and Virtual Media).