Users Guide
• Along with locating iDRACs on a separate management subnet, users should isolate the management subnet/vLAN with
technologies such as firewalls, and limit access to the subnet/vLAN to authorized server administrators.
Secure Connectivity
Securing access to critical network resources is a priority. iDRAC implements a range of security features that includes:
• Custom signing certificate for Secure Socket Layer (SSL) certificate.
• Signed firmware updates.
• User authentication through Microsoft Active Directory, generic Lightweight Directory Access Protocol (LDAP) Directory
Service, or locally administered user IDs and passwords.
• Two-factor authentication using the Smart–Card logon feature. The two-factor authentication is based on the physical smart
card and the smart card PIN.
• Single Sign-On and Public Key Authentication.
• Role-based authorization, to configure specific privileges for each user.
• SNMPv3 authentication for user accounts stored locally in the iDRAC. It is recommended to use this, but it is disabled by
default.
• User ID and password configuration.
• Default login password modification.
• Set user passwords and BIOS passwords using one-way hash format for improved security.
• FIPS 140-2 Level 1 capability.
• Support for TLS 1.2, 1.1, and 1.0. To enhance security, default setting is TLS 1.1 and higher.
• SMCLP and web interfaces that support 128 bit and 40-bit encryption (for countries where 128 bit is not acceptable), using the
TLS 1.2 standard.
NOTE: To ensure a secure connection, Dell recommends using TLS 1.1 and higher.
• Session time-out configuration (in seconds).
• Configurable IP ports (for HTTP, HTTPS, SSH, Telnet, Virtual Console, and Virtual Media).
NOTE: Telnet does not support SSL encryption and is disabled by default.
• Secure Shell (SSH) that uses an encrypted transport layer for higher security.
• Login failure limits per IP address, with login blocking from that IP address when the limit is exceeded.
• Limited IP address range for clients connecting to iDRAC.
• Dedicated Gigabit Ethernet adapter available on rack and tower servers (additional hardware may be required).
New in this release
• Added support for Redfish 1.0.2, a RESTful Application Programming Interface (API), which is standardized by the Distributed
Management Task Force (DMTF). It provides a scalable and secured systems management interface. To get the IPv6 and VLAN
information, install iDRAC Service Module (iSM).
• Added support for Server Configuration Profile using Redfish interface.
• Added support to disable TLS 1.0. Option to select TLS 1.0 and higher, 1.1 and higher, or 1.2 only.
• FIPS 140-2 Level 1 capability.
• Added support for LDAP authentication with OpenDS.
• Added support of Amulet card on PowerEdge M830.
• Added additional information in LC logs for some configuration jobs initiated using remote RACADM or the web interface.
• Added Dell Tech Center link on the login page.
How to use this user's guide
The contents of this User's Guide enable you to perform the tasks by using:
• iDRAC web interface — Only the task-related information is provided here. For information about the fields and options, see the
iDRAC Online Help that you can access from the web interface.
18