Dell® Auto-Discovery 2 Network Setup Specification 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 26 Document Number: DCIM2003 Document Type: Specification Document Status: Published Document Language: E Date: 2012-09-05 27 Version: 2.0.
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 THIS SPECIFICATION IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS PROVIDED AS IS, WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND. ABSENT A SEPARATE AGREEMENT BETWEEN YOU AND DELL™ WITH REGARD TO FEEDBACK TO DELL ON THIS SPECIFICATION, YOU AGREE ANY FEEDBACK YOU PROVIDE TO DELL REGARDING THIS SPECIFICATION WILL BE OWNED AND CAN BE FREELY USED BY DELL.
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 Table of Contents 1 2 3 4 5 6 7 8 9 10 11 12 Purpose ................................................................................................................................................. 5 Scope .................................................................................................................
121 122 123 124 125 126 13 12.3.7 DNS only using Default Host A record......................................................................... 29 SOAP Messages ................................................................................................................................. 30 13.1 getCredentials ........................................................................................................................... 30 13.2 getCredentialsResponse .........................................
Auto-Discovery Network Setup Specification 147 148 1 Purpose 149 150 151 152 153 154 155 156 157 158 159 The Dell Auto-Discovery Network Setup Specification (DCIM2003) was prepared by Dell Enterprise Product Group Engineering. The Auto-Discovery feature enables the remote provisioning of servers outof-the-box without the need for an individual setup of every server.
186 5 Acronyms 187 CA – Certificate Authority 188 CN – Common Name 189 iDRAC – Integrated Dell Remote Access Controller 190 WS-Man – or WS-Management – Web Services for Management (DMTF Standard) 191 DMTF – Distributed Management Task Force, Inc. 192 DHCP – Dynamic Host Configuration Protocol 193 DNS – Domain Name Service 194 SOAP – Simple Object Access Protocol 195 SSL – Secure Sockets Layer 196 TLS – Transport Layer Security (successor to SSL) 197 6 198 6.
217 6.3 Auto Discovery Workflow Target Server DHCP Server DNS Server Provisioning Server 218 219 Figure 1 - Auto Discovery Network Diagram 220 6.4 Basic Setup 221 222 The discovery of a management console (with an Auto-Discovery provisioning server) by a newly installed server consists of several alternatives. One of the following must be implemented for this feature to work: 223 Provisioning server address must manually be set in iDRAC settings.
233 234 235 236 237 238 239 240 241 When a Dell® PowerEdge server is ordered with the Auto-Discovery option enabled, the iDRAC will come from the factory with DHCP enabled and no default credentials for a remote login. Following the acquisition of an provisioning server address for the management console \with one of the above alternatives, the iDRAC uses the discovered address to initiate a TLS connection (the handshake) that receives a new username and password.
242 Discovery Process For Acquiring Provisioning Server iDRAC New Server Power Up with ethernet cable attached DHCP Server DNS Server DHCP Server set up with Vendor Specific Options containing Provisioning Server Information DNS Server set up with Provisioning Server information Provisioning Server Manually Set? Yes No Provide address (mandatory) with option 43 data (optional) iDRAC requests address via DHCP Provisioning Server Address Provided? Yes No Provisioning Server Name Provided? No Ye
iDRAC Handshake to Acquire Login Credentials for Remote Enablement iDRAC iDRAC powerd on iDRAC discovers console address(es) Connection Failure No TLS Success connection initiated iDRAC Credential Server (or Management Console) listening on specified port (4433 default) ClientHello Recieved Server Signed by Trusted CA Send Prov Server Certificate Yes Send iDRAC Certificate Validate iDRAC signed by trusted CA Failed TLS connection Allow or Deny TLS connection Success Get Credentials SOAP reques
248 7 Auto-Discovery Implementation Alternatives 249 250 If more than one discovery method is used simultaneously, the provisioning server address acquisition sequence is the following: 251 1. Provisioning Server Set in iDRAC settings 252 2. DHCP Vendor Scope Option 253 3. DNS SRV record 254 4. Default Host A record 255 7.
283 284 285 286 287 288 289 290 291 292 192.168.0.125:4433 (server IP address specified for DHCP with TCP port specified.) 192.168.0.126 (use specified server IP address, host name is ignored, no port specified, default TCP port will be used.) Provisioning,Provisioning2:4433,Provisioning3 (resolve using DNS for all, 2nd server has TCP port specified.) 192.168.0.
Windows Server 2003 Microsoft DHCP Version: 5.2.3790.3959 Configuration 1. Select the server name on left tree. 2. Click Action->Define Vendor Classes: a. Click Add. b. Display Name : LifecycleController c. Under ASCII: LifecycleController d. Click OK. e. Click Close. 3. Click Action->Set Predefined Options: a. Select LifecycleController in Option class dropdown. b. Click on Add for the following items: Name : LifecycleController Data type : String Code : 1 Click OK c. Click on OK 4.
Figure 6 – Linux DNS SRV Configuration 314 315 7.3.2 Windows DNS SRV Configuration 316 317 318 The following steps set up a service record on a Windows Server 2003 DNS Server Version:5.2.3790.3959 using the DNS snap-in to administer a DNS server: Windows Server 2003 DNS Server Version:5.2.3790.3959 Configuration 1) 2) 3) 4) 5) 6) 7) 8) 9) 10) 11) Under Server expand the forward lookup zone. Select the zone listed under the zone. Go to Actions (or right click). Select Other new records.
339 340 341 342 343 credentials. These iDRAC admin credentials are used for subsequent remote access and configuration using WS‐Man Web service requests or remote IPMI, CLI, and iDRAC GUI interfaces. The deployment console can optionally check the service tag against a pre‐approved list of service tags that are authorized to be provisioned. At this point in the process, the deployment console knows which service tags have come online.
379 8.3 380 381 382 383 384 After TLS authentication, it is the provisioning servers responsibility to create an account on the iDRAC that can be used to perform future configuration. The provisioning server only creates an account if the server service tag matches its list of service tags to provision. Note that the account that the provisioning server creates can be unique for each server, and that this account can be deleted or disabled once Active Directory or LDAP is configured. 385 8.
412 10 Trouble Shooting Auto-Discovery 413 10.1 414 10.1.1 Trouble Shoot With Physical Access to the System/iDRAC Auto Discovery Status on the LCD 415 Figure 8 – Auto Discovery LCD Status 416 417 418 Version 2.0.
419 Auto Discovery Progress Codes and Corrective Actions 420 421 The following codes are displayed on the Server LCD and in the iDRAC RACLOG Status Description Corrective action 0 stopped N/A 1 running see info 2 suspended see info 3 complete N/A Info Description Corrective action 1 Stopped (default) N/A 2 Started N/A 3 Auto Discovery disabled enable discovery 4 Blocked Admin Account Enabled disable all admin accounts 5 Blocked Active Directory Enabled disable active direc
423 424 425 426 427 428 429 430 10.1.2 Checking Auto-Discovery Settings through iDRAC Configuration (11th Generation Servers) 1) Reboot the system and enter CTRL-E during the system boot when the “Press CTRL-E for Remote Access Setup within 5 seconds….“ message appears to enter the iDRAC Configuration Utility. 2) Make sure the Auto-Discovery setting is Enabled and Account Access setting is Disabled. The following screenshot depicts the iDRAC Configuration settings needed.
434 435 436 3) Check that the iDRAC has an IP address leased from DHCP. The following screenshot depicts the iDRAC Configuration Utility settings needed. 437 Figure 11 - 11G iDRAC Configuration Utility – Lan Parameters 438 20 Version 2.0.
439 440 441 442 10.1.3 Checking Auto-Discovery Settings through system setup (12G) 1) Reboot the system and press F2. 2) Make sure the Auto-Discovery setting is Enabled 443 Figure 12 - 12G System Setup – iDRAC – Auto-Discovery 444 Version 2.0.
3) Make sure Account Access setting is Disabled 445 446 Figure 13 - 12G System Setup – iDRAC - User Config 447 22 Version 2.0.
448 4) Make sure iDRAC network settings are correct 449 450 Figure 14 - 12G System Setup - iDRAC - Network Version 2.0.
451 452 453 454 455 456 457 10.1.4 Checking Auto-Discovery Settings through Lifecycle Controller 1) Reboot the system and press F10 2) Start the iDRAC configuration wizard 3) The Auto-Discovery settings are in step 6 th This is a screen shot from the 11 generation server Lifecyle Controller. 458 th Figure 15 - Lifecycle Controller - iDRAC – Auto-Discovery (11 Generaton Server) 459 24 Version 2.0.
460 th This is a screen shot from the 12 generation server Lifecycle Controller. 461 th Figure 16 - Lifecycle Controller - iDRAC – Auto-Discovery (12 generation server) 462 463 10.2 464 465 466 467 468 10.2.1 469 470 471 472 10.2.2 473 474 475 476 477 478 Without Physical Access to the System/iDRAC Verify DHCP Lease Verify the iDRAC got a DHCP lease on the DCHP server.
479 nslookup DCIMCredentialServer..com 480 481 482 483 484 485 486 487 488 489 10.2.3 Checking the iDRAC RACLOG 490 11 Manual Configuration of iDRAC for Re-Initiating Auto-Discovery 491 492 493 For testing purposes, the iDRAC Auto-Discovery process can be re-initiated by physically visiting the server and manually configuring the iDRAC. The quickest way to manually configure a system to perform Auto-Discovery is to: If this is a modular system, enable the admin account from the CMC.
516 12.1 Simultaneous Auto-Discovery Methodologies 517 518 If more than one discovery methodology is used simultaneously, the provisioning server address acquisition sequence is the following: 519 1) Vendor Scope Option 520 2) DNS SRV record 521 3) Default Host A record. 522 523 The method selected to provision the server determines the appropriate iDRAC6 configuration utility settings (accessible during boot using Ctrl-E).
556 557 iDRAC6 Configuration Utility for Auto-Discovery to begin running. This does not apply if the feature is included in the server when it was ordered. 558 12.3.
596 12.3.5 597 The iDRAC6 Configuration Utility settings have the following fields set: 598 599 600 DHCP w/ DNS using Default Host A record 1) Domain Name from DHCP: On 2) iDRAC Source: DCHP 3) DNS Server IP Address: On 601 602 603 All settings for the above fields would be set to DHCP, or could be manually configured; but all fields would need to be configured. The provisioning server has a default host, but no Vendor Scope option. A record and DNS SRV are not set. 604 12.3.
620 13 SOAP Messages 621 13.1 622 623 624 625 626 627 628 PAGE 31652 13.3 653 654 655 656 657 658 659 ManualShelf © 2013-2024