Users Guide
Table Of Contents
- Dell Chassis Management Controller Version 3.3 for Dell EMC PowerEdge VRTX User's Guide
- Overview
- What is new in this release
- Key Features
- Chassis Overview
- Minimum CMC Version
- Supported Remote Access Connections
- Supported Platforms
- Supported web browsers
- Managing Licenses
- Viewing Localized Versions of the CMC Web Interface
- Supported Management Console Applications
- How to use this Guide
- Other Documents You May Need
- Accessing documents from the Dell EMC support site
- Installing and Setting Up CMC
- Before You Begin
- Installing CMC Hardware
- Installing Remote Access Software on a Management Station
- Configuring a Web Browser
- Setting Up Initial Access to CMC
- Interfaces and Protocols to Access CMC
- Downloading and Updating CMC Firmware
- Setting Chassis Physical Location and Chassis Name
- Setting Date and Time on CMC
- Configuring LEDs to Identify Components on the Chassis
- Configuring CMC Properties
- Configuring iDRAC Launch Method Using CMC Web Interface
- Configuring iDRAC Launch Method Using RACADM
- Configuring Login Lockout Policy Attributes Using CMC Web Interface
- Configuring Login Lockout Policy Attributes Using RACADM
- Understanding Redundant CMC Environment
- Configuring Front Panel
- Logging in to CMC
- Accessing CMC Web Interface
- Logging in to CMC as a Local User, Active Directory User, or LDAP User
- Logging in to CMC Using a Smart Card
- Logging in to CMC Using Single Sign-on
- Logging In To CMC Using Serial, Telnet, Or SSH Console
- Accessing CMC Using RACADM
- Logging in to CMC Using Public Key Authentication
- Multiple CMC Sessions
- Changing Default Login Password
- Enabling or Disabling Default Password Warning Message
- Forcing password change using web interface
- Use case scenarios
- Conversion of External Shared PERC 8 card High Availability to Non-High Availability Mode using Web Interface
- Conversion of External Shared PERC 8 card Non-High Availability to High Availability Mode using Web Interface
- Conversion of External Shared PERC 8 card High Availability to Non-High Availability Mode using RACADM
- Conversion of External Shared PERC 8 card Non-High Availability to High Availability Mode using RACADM
- Updating Firmware
- Downloading CMC Firmware
- Viewing Currently Installed Firmware Versions
- Updating the CMC Firmware
- Updating Chassis Infrastructure Firmware
- Updating Server iDRAC Firmware
- Updating Server Component Firmware
- Viewing Firmware Inventory
- Saving Chassis Inventory Report Using CMC Web Interface
- Configuring Network Share Using CMC Web Interface
- Lifecycle Controller Job Operations
- Rolling Back Server Component Firmware
- Upgrading Server Component Firmware
- Upgrading Server Component Firmware From File Using CMC Web Interface
- Server Component Single Click Update Using Network Share
- Pre-requisites for Using Network Share Update Mode
- Upgrading Server Component Firmware From Network Share Using CMC Web Interface
- Supported Firmware Versions for Server Component Update
- Deleting Scheduled Server Component Firmware Jobs
- Updating Storage Component Using CMC Web Interface
- Viewing Chassis Information and Monitoring Chassis and Component Health
- Viewing Chassis and Component Summaries
- Viewing Chassis Summary
- Viewing Chassis Controller Information and Status
- Viewing Information and Health Status of All Servers
- Viewing Health Status and Information for Individual Server
- Viewing Information and Health Status of the IOM
- Viewing Information and Health Status of Fans
- Viewing Front Panel Properties
- Viewing KVM Information and Health Status
- Viewing LCD Information and Health
- Viewing Information and Health Status of Temperature Sensors
- Viewing Storage Capacity and Status of the Storage Components
- Configuring CMC
- Viewing and Modifying CMC Network LAN Settings
- Viewing and Modifying CMC Network LAN Settings Using CMC Web Interface
- Viewing and Modifying CMC Network LAN Settings Using RACADM
- Enabling the CMC Network Interface
- Enabling or Disabling DHCP for the CMC Network Interface Address
- Enabling or Disabling DHCP for DNS IP Addresses
- Setting Static DNS IP addresses
- Configuring IPv4 and IPv6 DNS Settings
- Configuring Auto Negotiation, Duplex Mode, and Network Speed for IPv4 and IPv6
- Setting the Maximum Transmission Unit for IPv4 and IPv6
- Configuring CMC Network and Login Security Settings
- Configuring Virtual LAN Tag Properties for CMC
- Federal Information Processing Standards
- Configuring Services
- Configuring CMC Extended Storage Card
- Setting Up Chassis Group
- Adding Members To Chassis Group
- Removing a Member from the Leader
- Disbanding a Chassis Group
- Disabling an Individual Member at the Member Chassis
- Accessing the Web page of a Member Chassis or Server
- Propagating Leader Chassis Properties to Member Chassis
- Server Inventory for MCM group
- Saving Server Inventory Report
- Chassis Group Inventory and Firmware Version
- Viewing Chassis Group Inventory
- Viewing Selected Chassis Inventory Using Web Interface
- Viewing Selected Server Component Firmware Versions Using Web Interface
- Chassis Configuration Profiles
- Configuring Multiple CMCs Using RACADM
- Configuring Multiple CMCs through RACADM Using Chassis Configuration Profiles
- Viewing and Ending CMC Sessions
- Viewing and Modifying CMC Network LAN Settings
- Configuring Servers
- Configuring Slot Names
- Configuring iDRAC Network Settings
- Configuring iDRAC Virtual LAN Tag Settings
- Setting First Boot Device
- Configuring Server FlexAddress
- Configuring Remote File Share
- Configuring Profile Settings Using Server Configuration Replication
- Accessing Server Profiles Page
- Adding or Saving Profile
- Applying Profile
- Importing Profile
- Exporting Profile
- Editing Profile
- Deleting Profile
- Viewing Profile Settings
- Viewing Stored Profile Settings
- Viewing Profile Log
- Completion Status And Troubleshooting
- Quick Deploy of Profiles
- Assigning Server Profiles to Slots
- Boot Identity Profiles
- Saving Boot Identity Profiles
- Applying Boot Identity Profiles
- Clearing Boot Identity Profiles
- Viewing Stored Boot Identity Profiles
- Importing Boot Identity Profiles
- Exporting Boot Identity Profiles
- Deleting Boot Identity Profiles
- Managing Virtual MAC Address Pool
- Creating MAC Pool
- Adding MAC Addresses
- Removing MAC Addresses
- Deactivating MAC Addresses
- Launching iDRAC using Single Sign-On
- Launching Remote Console
- Configuring CMC To Send Alerts
- Configuring User Accounts and Privileges
- Types of Users
- Modifying Root User Administrator Account Settings
- Configuring Local Users
- Configuring Active Directory Users
- Supported Active Directory Authentication Mechanisms
- Standard Schema Active Directory Overview
- Configuring Standard Schema Active Directory
- Extended Schema Active Directory Overview
- Configuring Extended Schema Active Directory
- Configuring Generic LDAP Users
- Configuring CMC For Single Sign-On Or Smart Card Login
- Configuring CMC to Use Command Line Consoles
- Using FlexAddress and FlexAdress Plus
- About FlexAddress
- Configuring FlexAddress
- Viewing World Wide Name or Media Access Control Addresses
- Viewing WWN or MAC Address Information
- Viewing Basic WWN or MAC Address Information Using Web Interface
- Viewing Advanced WWN or MAC Address Information Using Web Interface
- Viewing WWN or MAC Address Information Using RACADM
- Command Messages
- FlexAddress DELL SOFTWARE LICENSE AGREEMENT
- Managing Fabrics
- Managing and Monitoring Power
- Redundancy Policies
- Dynamic Power Supply Engagement
- Default Redundancy Configuration
- Power Budgeting For Hardware Modules
- Server Slot Power Priority Settings
- Assigning Priority Levels To Servers
- Assigning Priority Levels To Servers Using CMC Web Interface
- Assigning Priority Levels To Servers Using RACADM
- Viewing Power Consumption Status
- Viewing Power Budget Status Using CMC Web Interface
- Redundancy Status and Overall Power Health
- Configuring power budget and redundancy
- Executing Power Control Operations
- Executing Power Control Operations on a Server
- Executing Power Control Operations for Multiple Servers Using CMC Web Interface
- Executing Power Control Operations on the IOM
- Managing Chassis Storage
- Viewing Status of the Storage Components
- Viewing the Storage Topology
- Viewing Fault-tolerant Troubleshooting Information of SPERC Using CMC Web Interface
- Assigning Virtual Adapters To Slots Using CMC Web Interface
- Fault-Tolerance in Storage Controllers
- Security Key Mismatch
- Viewing Controller Properties Using CMC Web Interface
- Viewing Controller Properties Using RACADM
- Importing or Clearing Foreign Configuration
- Configuring Storage Controller Settings
- Shared PERC Controllers
- Enabling or Disabling RAID Controller Using CMC Web Interface
- Enabling or Disabling RAID Controller Using RACADM
- Enabling or disabling fault tolerance of external RAID controller using RACADM
- Viewing Physical Disk Properties Using the CMC Web Interface
- Viewing Physical Disk Drives Properties Using RACADM
- Identifying Physical Disks and Virtual Disks
- Assigning Global Hot Spares Using CMC Web Interface
- Assigning Global Hot Spares Using RACADM
- Recovering Physical Disks
- Viewing Virtual Disk Properties Using CMC Web Interface
- Viewing Virtual Disk Properties Using RACADM
- Creating Virtual Disk Using CMC Web Interface
- Managing Encryption Keys
- Encrypting Virtual Disks
- Unlocking Foreign Configuration
- Cryptographic Erase
- Applying Virtual Adapter Access Policy To Virtual Disks
- Modifying Virtual Disk Properties Using CMC Web Interface
- Enclosure Management Module
- Viewing EMM Status and attributes
- Viewing Enclosure Status and Attributes
- Reporting up to two Enclosures per Connector
- Setting Asset Tag and Asset Name of the Enclosure
- Viewing Temperature Probe Status and attributes of the Enclosure
- Setting the Temperature Warning Threshold of the Enclosure
- Viewing Fan Status and attributes of the Enclosure
- Viewing Enclosure Properties Using CMC Web Interface
- Managing PCIe Slots
- Troubleshooting and Recovery
- Resetting Forgotten Administrative Password
- Gathering Configuration Information, Chassis Status, and Logs Using RACDUMP
- First Steps to Troubleshoot a Remote System
- Troubleshooting Alerts
- Viewing Event Logs
- Using Diagnostic Console
- Resetting Components
- Saving or Restoring Chassis Configuration
- Troubleshooting Network Time Protocol Errors
- Interpreting LED Colors and Blinking Patterns
- Troubleshooting Non-responsive CMC
- Troubleshooting Network Problems
- Troubleshooting Controller
- Hotplugging enclosures in fault-tolerant chassis
- Using LCD Panel Interface
- Frequently Asked Questions
NOTE: You must configure at least one of the three addresses. CMC attempts to connect to each of the configured
addresses one-by-one until it makes a successful connection. With Extended Schema, these are the FQDN or IP
addresses of the domain controllers where this CMC device is located.
To disable the certificate validation during an handshake (optional):
racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 0
NOTE: In this case, you do not have to upload a CA certificate.
To enforce the certificate validation during SSL handshake (optional):
racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 1
In this case, you must upload a CA certificate:
racadm sslcertupload -t 0x2 -f < ADS root CA certificate >
NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the FQDN. Make sure that
DNS is configured correctly under.
Using the following RACADM command may be optional:
racadm sslcertdownload -t 0x1 -f < RAC SSL certificate >
Configuring Generic LDAP Users
CMC provides a generic solution to support Lightweight Directory Access Protocol (LDAP)-based authentication. This feature does not
require any schema extension on your directory services.
A CMC administrator can now integrate the LDAP server user logins with CMC. This integration requires configuration on both LDAP
server and CMC. On the LDAP server, a standard group object is used as a role group. A user who has CMC access becomes a member
of the role group. Privileges are still stored on CMC for authorization similar to the working of the Standard Schema setup with Active
Directory support.
To enable the LDAP user to access a specific CMC card, the role group name and its domain name must be configured on the specific
CMC card. You can configure a maximum of five role groups in each CMC. A user has the option to be added to multiple groups within the
directory service. If a user is a member of multiple groups, then the user obtains the privileges of all their groups.
For information about the privileges level of the role groups and the default role group settings, see Types of Users.
Configuring the Generic LDAP Directory to Access CMC
The CMC's Generic LDAP implementation uses two phases in granting access to a user—user authentication, and then the user
authorization.
Authentication of LDAP Users
Some directory servers require a bind before a specific LDAP server can be searched for.
To authenticate a user:
1. Optionally bind to the Directory Service. The default is an anonymous bind.
NOTE:
The Windows-based directory servers do not allow anonymous login. Hence, enter the bind DN name and
password.
2. Search for the user on the basis of the user login. The default attribute is uid. If more than one object is found, then the process
returns an error.
3. Unbind and perform a bind with the user's DN and password. If the system is unable to bind, then the login will not be successful.
4. If these steps succeed, the user is authenticated.
Configuring User Accounts and Privileges
131