Integrated Dell Remote Access Controller 9 Version 3.30.30.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2018 - 2019 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Overview.................................................................................................................................... 15 Benefits of using iDRAC with Lifecycle Controller...........................................................................................................15 Key features..........................................................................................................................................................................
Enabling or disabling OS to iDRAC Pass-through using web interface........................................................................40 Enabling or disabling alerts using RACADM..................................................................................................................... 40 3 Setting up managed system.........................................................................................................41 Setting up iDRAC IP address...............................................
Importing server profile.......................................................................................................................................................74 Importing server profile using iDRAC web interface................................................................................................. 75 Importing server profile using RACADM.....................................................................................................................
Supported operating systems for USB NIC................................................................................................................91 Enabling or disabling OS to iDRAC Pass-through using web interface.................................................................. 92 Enabling or disabling OS to iDRAC Pass-through using RACADM......................................................................... 93 Enabling or disabling OS to iDRAC Pass-through using iDRAC settings utility...........
Configuring IPMI over LAN using iDRAC settings utility..........................................................................................116 Configuring IPMI over LAN using RACADM..............................................................................................................116 Enabling or disabling remote RACADM............................................................................................................................
Configuring Smart Card Login.......................................................................................................................................... 151 Configuring iDRAC smart card login for Active Directory users............................................................................. 151 Configuring iDRAC smart card login for local users................................................................................................. 151 Using Smart Card to Login.....................
Viewing System Event Log...............................................................................................................................................170 Viewing System Event Log using web interface......................................................................................................170 Viewing System Event Log using RACADM.............................................................................................................
15 Managing storage devices........................................................................................................ 190 Understanding RAID concepts..........................................................................................................................................191 What is RAID..................................................................................................................................................................
Setting SGPIO mode................................................................................................................................................... 231 Set Enclosure Asset Tag............................................................................................................................................. 231 Set Enclosure Asset Name.........................................................................................................................................
Configuring iDRAC Quick Sync 2 settings using web interface.............................................................................261 Configuring iDRAC Quick Sync 2 settings using RACADM.................................................................................... 261 Configuring iDRAC Quick Sync 2 settings using iDRAC settings utility................................................................ 261 Using mobile device to view iDRAC information.................................................
System management capabilities using SMCLP........................................................................................................... 280 Running SMCLP commands............................................................................................................................................280 iDRAC SMCLP syntax.......................................................................................................................................................
Installing Service Module..................................................................................................................................................299 Server OS Proxy Information.......................................................................................................................................... 299 SupportAssist..........................................................................................................................................................
1 Overview The Integrated Dell Remote Access Controller (iDRAC) is designed to make you more productive as a system administrator and improve the overall availability of Dell EMC servers. iDRAC alerts you to system issues, helps you to perform remote management, and reduces the need for physical access to the system. iDRAC with Lifecycle Controller technology is part of a larger data center solution that increases availability of business critical applications and workloads.
Key features The key features of iDRAC include: NOTE: Some features are available only with iDRAC Enterprise license. For information on the features available for a license, see iDRAC licenses . Inventory and Monitoring • • • • • • • • • • • View managed server health. Inventory and monitor network adapters and storage subsystem (PERC and direct attached storage) without any operating system agents. View and export system inventory. View sensor information such as temperature, voltage, and intrusion.
• • • Set the backplane mode (unified or split mode). Blink or unblink component LEDs. Apply the device settings immediately, at next system reboot, at a scheduled time, or as a pending operation to be applied as a batch as part of the single job. Update • • • • • • • Manage iDRAC licenses. Update BIOS and device firmware for devices supported by Lifecycle Controller. Update or rollback iDRAC firmware and Lifecycle Controller firmware using a single firmware image. Manage staged updates.
• • • • Set user passwords and BIOS passwords using one-way hash format for improved security. FIPS 140-2 Level 1 capability. Support for TLS 1.2, 1.1, and 1.0. To enhance security, default setting is TLS 1.1 and higher. SMCLP and web interfaces that support 128 bit and 40-bit encryption (for countries where 128 bit is not acceptable), using the TLS 1.2 standard. NOTE: To ensure a secure connection, Dell recommends using TLS 1.1 and higher. • • Session time-out configuration (in seconds).
Supported web browsers iDRAC is supported on the following browsers: • • • • Internet Explorer/Edge Mozilla Firefox Google Chrome Safari For the list of supported versions, see the iDRAC Release Notes available at www.dell.com/idracmanuals.
NOTE: The default license available with PowerEdge C64XX systems is Basic Plus. The Basic Plus license was custom made for C64XX systems. NOTE: Express for Blades license is the default license for PowerEdge M6XX and MXXXX systems. Methods for acquiring licenses Use any of the following methods to acquire the licenses: • Dell Digital Locker / License Self-Service portal — The License Self Service portal allows you to view and manage your products, software, and licensing information in one location.
• • • Export — Exports the installed license. For more information, see the iDRAC Online Help. Delete — Deletes the license. For more information, see the iDRAC Online Help. Learn More — Learn more about an installed license, or the licenses available for a component installed in the server. NOTE: For the Learn More option to display the correct page, ensure that *.dell.com is added to the list of Trusted Sites in the Security Settings. For more information, see the Internet Explorer help documentation.
Feature iDRAC9 Basic iDRAC9 Express iDRAC9 Express for Blades iDRAC9 Enterprise Dynamic DNS Yes Yes Yes Yes OS pass-through Yes Yes Yes Yes iDRAC Direct -Front panel USB Yes Yes Yes Yes Connection View Yes Yes No Yes Role-based authority Yes Yes Yes Yes Local users Yes Yes Yes Yes SSL encryption Yes Yes Yes Yes IP blocking No Yes Yes Yes Directory services (AD, LDAP) No No No Yes Two-factor authentication (smart card) No No No Yes Single sign-On No No
Feature iDRAC9 Basic iDRAC9 Express iDRAC9 Express for Blades iDRAC9 Enterprise Virtual Flash partitions No No No Yes Group Manager No No No Yes HTTP / HTTPS support along with NFS/CIFS Yes Yes Yes Yes Real-time power meter Yes Yes Yes Yes Power thresholds and alerts No Yes Yes Yes Real-time power graphing No Yes Yes Yes Historical power counters No Yes Yes Yes Power capping No No No Yes Power Center integration No No No Yes Temperature monitoring Yes Yes
Feature iDRAC9 Basic iDRAC9 Express iDRAC9 Express for Blades iDRAC9 Enterprise Remote agent-free update1 Yes Yes Yes Yes Embedded update tools Yes Yes Yes Yes Update from repository (AutoUpdate) No No No Yes Schedule update from repository No No No Yes Improved PSU firmware updates Yes Yes Yes Yes Local configuration via F10 Yes Yes Yes Yes Embedded OS deployment tools Yes Yes Yes Yes Embedded configuration tools Yes Yes Yes Yes Auto-Discovery No Yes Yes Yes
Feature iDRAC9 Basic iDRAC9 Express iDRAC9 Express for Blades iDRAC9 Enterprise LCD screen (iDRAC9 requires optional) Yes Yes N/A Yes Quick Sync (require NFC bezel, 13G only) N/A N/A N/A N/A iDRAC Quick Sync 2 (BLE/Wi-Fi hardware) Yes Yes Yes Yes iDRAC Direct (front USB management port) Yes Yes Yes Yes iDRAC Service Module (iSM) embedded Yes Yes Yes Yes iSM to in-band alert forwarding to consoles Yes Yes Yes Yes SupportAssist Collection (embedded) Yes Yes Yes Yes Cras
Table 3. Interfaces and protocols to access iDRAC Interface or Protocol Description iDRAC Settings Utility (F2) Use the iDRAC Settings utility to perform pre-OS operations. It has a subset of the features that are available in iDRAC web interface along with other features. To access iDRAC Settings utility, press during boot and then click iDRAC Settings on the System Setup Main Menu page. Lifecycle Controller (F10) Use Lifecycle Controller to perform iDRAC configurations.
Interface or Protocol Description • • • iDRAC RESTful API and Redfish Remote RACADM is a client utility that runs on a management station. It uses the out-of-band network interface to run RACADM commands on the managed system and uses the HTTPs channel. The –r option runs the RACADM command over a network. Firmware RACADM is accessible by logging in to iDRAC using SSH or telnet. You can run the firmware RACADM commands without specifying the iDRAC IP, user name, or password.
Interface or Protocol Description SMCLP Use Server Management Workgroup Server Management-Command Line Protocol (SMCLP) to perform systems management tasks. This is available through SSH or Telnet. For more information about SMCLP, see Using SMCLP. NTLM iDRAC allows NTLM to provide authentication, integrity, and confidentiality to the users. NT LAN Manager (NTLM) is a suite of Microsoft security protocols and it works in a Windows network. SMB iDRAC9 supports the Server Message Block (SMB) Protocol.
Port number Type Function Configurable port Maximum Encryption Level 2049 TCP Network File System (NFS) No None 3269 TCP LDAPS for global catalog (GC) No 256-bit SSL 5353 UDP mDNS No None NOTE: When Group Manager is enabled, iDRAC uses mDNS to communicate through port 5353. However, when it is disabled, port 5353 is blocked by iDRAC's internal firewall and appears as open|filtered port in the port scans.
• • • • • For all Enterprise Systems Management and OpenManage Connections documents — www.dell.com/esmmanuals For OpenManage documents — www.dell.com/openmanagemanuals For iDRAC and Lifecycle Controller documents — www.dell.com/idracmanuals For Serviceability Tools documents — www.dell.com/serviceabilitytools For Client Command Suite Systems Management documents — www.dell.com/omconnectionsclient Accessing documents using the product search 1. Go to www.dell.com/support. 2.
2 Logging in to iDRAC You can log in to iDRAC as an iDRAC user, a Microsoft Active Directory user, or a Lightweight Directory Access Protocol (LDAP) user. You can also log in using OpenID Connect and Single Sign-On or Smart Card. To improve security, each system is shipped with a unique password for iDRAC, which is available on the system information tag. This unique password improves security of iDRAC and your server. The default user name is root.
• • • IP Blocking Enabling or disabling OS to iDRAC Pass-through using web interface Enabling or disabling alerts using RACADM Logging into iDRAC using OpenID Connect NOTE: This feature is only available in MX platforms. To log in to iDRAC using the OpenID Connect: 1. In a supported web browser, type https://[iDRAC-IP-address] and press Enter. The Login page is displayed. 2. Select OME Modular from the Log In with: menu. The console login page is displayed. 3. Enter the console User name and Password. 4.
Logging in to iDRAC as a local user using a smart card Before you log in as a local user using Smart Card, make sure to: • • Upload user smart card certificate and the trusted Certificate Authority (CA) certificate to iDRAC. Enable smart card logon. The iDRAC web interface displays the smart card logon page for users who are configured to use the smart card.
Logging in to iDRAC SSO using iDRAC web interface Before logging in to iDRAC using Single Sign-On, ensure that: • • You have logged in to your system using a valid Active Directory user account. Single Sign-On option is enabled during Active Directory configuration. To log in to iDRAC using web interface: 1. Log in to your management station using a valid Active Directory account. 2. In a web browser, type https://[FQDN address].
Accessing iDRAC using local RACADM For information to access iDRAC using local RACADM, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Accessing iDRAC using firmware RACADM You can use SSH or Telnet interfaces to access iDRAC and run firmware RACADM commands. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Viewing system health Before you perform a task or trigger an event, you can use RACADM to check if the system is in a suitable state.
where IP_address is the IP address of the iDRAC. Sending RACADM commands: ssh username@ racadm getversion ssh username@ racadm getsel Multiple iDRAC sessions The following table provides the number of iDRAC sessions that are possible using the various interfaces. Table 7.
WARNING: Resetting iDRAC to default all, resets the iDRAC to the factory defaults. To reset iDRAC using iDRAC Settings utility: 1. 2. 3. 4. 5. Reboot the server and press . In the System Setup page, click iDRAC Settings. Click Reset iDRAC configurations to defaults all. Click Yes to confirm, and then click Back. Click Finish. The server restarts after all iDRAC settings are set to default settings. Resetting default password using local RACADM 1. Log in to the host OS installed on the system. 2.
Remote — Non-provisioned system If there is no operating system installed on the server and if you have a PXE setup available, use PXE and then use RACADM to reset the password. Changing the default login password The warning message that allows you to change the default password is displayed if: • • • You log in to iDRAC with Configure User privilege. The default password warning feature is enabled. The default iDRAC user name and password are provided on the system information tag.
NOTE: For information on recommended characters for user names and passwords, see Recommended characters in user names and passwords. 3. Click Back, click Finish, and then click Yes. The details are saved. Enabling or disabling default password warning message You can enable or disable the display of the default password warning message. To do this, you must have Configure Users privilege.
Enabling or disabling OS to iDRAC Pass-through using web interface To enable OS to iDRAC Pass-through using Web interface: 1. Go to iDRAC Settings > Connectivity > Network > OS to iDRAC Pass-through. The OS to iDRAC Pass-through page is displayed. 2. Change the State to Enabled. 3. Select any of the following options for Pass-through Mode: • • LOM — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the LOM or NDC.
3 Setting up managed system If you need to run local RACADM or enable Last Crash Screen capture, install the following from the Dell Systems Management Tools and Documentation DVD: • • Local RACADM Server Administrator For more information about Server Administrator, see OpenManage Server Administrator User's Guide available at www.dell.com/ openmanagemanuals.
Setting up iDRAC IP using iDRAC settings utility To set up the iDRAC IP address: 1. Turn on the managed system. 2. Press during Power-on Self-test (POST). 3. In the System Setup Main Menu page, click iDRAC Settings. The iDRAC Settings page is displayed. 4. Click Network. The Network page is displayed. 5. Specify the following settings: • • • • • • Network Settings Common Settings IPv4 Settings IPv6 Settings IPMI Settings VLAN Settings 6. Click Back, click Finish, and then click Yes.
• • This option implies that iDRAC's dedicated network port routes its traffic separately from the server's LOM or NIC ports. The Dedicated option allows iDRAC to be assigned an IP address from the same subnet or different subnet in comparison to the IP addresses assigned to the Host LOM or NICs to manage the network traffic. For Quad port cards—LOM1-LOM16 For Dual port cards—LOM1, LOM2, LOM5, LOM6, LOM9, LOM10, LOM13, LOM14. 4. From the Failover Network drop-down menu, select one of the remaining LOMs.
To configure the IPv6 settings: 1. Select Enabled option under Enable IPv6. 2. For the DHCPv6 server to automatically assign the IP address, gateway, and subnet mask to iDRAC, select Enabled option under Enable Auto-configuration. NOTE: You can configure both static IP and DHCP IP at the same time. 3. In the Static IP Address 1 box, enter the static IPv6 address. 4. In the Static Prefix Length box, enter a value between 0 and 128. 5. In the Static Gateway box, enter the gateway address.
• • VLAN Settings Advanced Network Settings NOTE: For more information, see iDRAC Online Help. 7. To save the network information, click Apply. For more information, see the Chassis Management Controller User's Guide available at www.dell.com/cmcmanuals. Enabling provisioning server The provisioning server feature allows newly installed servers to automatically discover the remote management console that hosts the provisioning server.
HTTP and HTTPS file sharing options are supported for iDRAC firmware 3.00.00.00 or later. Details of the HTTP or HTTPS address need to be provided. In case the proxy is enabled on the server, the user needs to provide further proxy settings to allow HTTP or HTTPS to transfer information. The -s option flag is updated as: Table 9.
If all the Dell PowerEdge servers in the DHCP server pool are of the same model type and number, then a single SCP file (config.xml) is required. The config.xml file name is used as the default SCP file name. In addition to .xml file, .json files can also be used with 14G systems. The file can be config.json. The user can configure individual servers requiring different configuration files mapped using individual server Service Tags or server models.
5. In the Data Entry field, click anywhere in the area under ASCII and enter the IP address of the server that has the share location, which contains the SCP file. The value appears as you type it under the ASCII, but it also appears in binary to the left. 6. Click OK to save the configuration. Configuring option 60 on Windows To configure option 60 on Windows: 1. On the DHCP server, go to Start > Administration Tools > DHCP to open the DHCP server administration tool. 2.
NFS: -f system_config.xml -i 192.168.1.101 -n /nfs_share -s 0 -d 1 CIFS: -f system_config.xml -i 192.168.1.101 -n cifs_share -s 2 -u -p -d 1 -t 400 HTTP: -f system_config.json -i 192.168.1.101 -s 5 HTTP: -f http_share/system_config.xml -i 192.168.1.101 -s http HTTP: -f system_config.xml -i 192.168.1.101 -s http -n http_share HTTPS: -f system_config.json -i 192.168.1.101 -s https Configuring option 43 and option 60 on Linux Update the /etc/dhcpd.conf file.
fixed-address 192.168.0.211; option host-name "my_host"; option myname " -f r630_raid.xml -i 192.168.0.1 -n /nfs -s 0 -d 0 -t 300"; } NOTE: After editing the dhcpd.conf file, make sure to restart the dhcpd service to apply the changes. Prerequisites before enabling Auto Config Before enabling the Auto config feature, make sure that following are already set: • • • Supported network share (NFS, CIFS, HTTP and HTTPS) is available on the same subnet as the iDRAC and DHCP server.
You can generate the hash password with and without Salt using SHA256. You must have Server Control privileges to include and export hash passwords. If access to all accounts is lost, use iDRAC Settings Utility or local RACADM and perform reset iDRAC to default task. If the password of the iDRAC user account is set with the SHA256 password hash only and not the other hashes (SHA1v3Key or MD5v3Key or IPMIKey), then authentication through SNMP v3 and IPMI is not available.
Modifying local administrator account settings After setting the iDRAC IP address, you can modify the local administrator account settings (that is, user 2) using the iDRAC Settings utility. To do this: 1. In the iDRAC Settings utility, go to User Configuration. The iDRAC Settings User Configuration page is displayed. 2. Specify the details for User Name, LAN User Privilege, Serial Port User Privilege, and Change Password. For information about the options, see the iDRAC Settings Utility Online Help. 3.
• • • Set the maximum air exhaust temperature Increase airflow through a fan offset, if required Increase airflow through increasing minimum fan speed Modifying thermal settings using iDRAC web interface To modify the thermal settings: 1. In the iDRAC Web interface, go to Configuration > System Settings > Hardware Settings > Cooling Configuration. 2.
• • Set Maximum Exhaust Temperature Limit • Set Air Temperature Rise Limit Minimum Fan Speed in PWM (% of Max) — Select this option to fine tune the fan speed. Using this option, you can set a higher baseline system fan speed or increase the system fan speed if other custom fan speed options are not resulting in the required higher fan speeds. • • Default — Sets minimum fan speed to default value as determined by the system cooling algorithm.
Object Description Usage Example If a system does not support a particular air exhaust temperature limit, then when you run the following command: racadm set system.thermalsettin gs.AirExhaustTemp 0 The following error message is displayed: ERROR: RAC947: Invalid object value specified. Make sure to specify the value depending on the type of object. For more information, see RACADM help. To set the limit to the default value: racadm set system.thermalsettin gs.
Object Description FanSpeedMaxOffsetVal • • • Usage Values from 0-100 Getting this variable reads the fan speed offset value in %PWM for Max Fan Speed Offset setting. This value depends on the system. Use FanSpeedOffset to set this value using index value 3 Example racadm get system.thermalsettin gs FanSpeedMaxOffsetVal This returns a value such as “100”. This means that when you use the following command, it applies a fan speed offset of Max (meaning full speed, 100% PWM).
Object Description Usage Example MFSMinimumLimit Read Minimum limit for MFS Values from 0 to MFSMaximumLimit To display the lowest value that can be set using MinimumFanSpeed option. Default is 255 (means None) racadm get system.thermalsettin gs.MFSMinimumLimit MinimumFanSpeed • • • ThermalProfile • • Allows configuring the Minimum Fan speed that is required for the system to operate.
The settings are persistent, which means that once they are set and applied, they do not automatically change to the default setting during system reboot, power cycling, iDRAC, or BIOS updates. A few Dell servers may or may not support some or all of these custom user cooling options. If the options are not supported, they are not displayed or you cannot provide a custom value. 3. Click Back, click Finish, and then click Yes. The thermal settings are configured.
Configuring supported web browsers NOTE: For information about the supported browsers and their versions, see the Release Notes available at www.dell.com/idracmanuals. Most features of iDRAC web interface can be accessed using these browsers with default settings. For certain feature to work, you must change a few settings. These settings include disabling pop-up blockers, enabling Java, ActiveX, or HTML5 plug-in support and so on.
5. Click Close and click OK twice. Disabling Internet Explorer Enhanced Security Configuration To ensure that you can download log files and other local elements using the web interface, it is recommended to disable Internet Explorer Enhanced Security Configuration from Windows features. For information about disabling this feature on your version of Windows, see Microsoft's documentation.
For more information, see the MAC operating system documentation. Configuring Internet Explorer to use HTML5-based plug-in The HTML5 virtual console and virtual media APIs are created by using HTML5 technology. The following are the advantages of HTML5 technology: • • • • Installation is not required on the client workstation. Compatibility is based on browser and is not based on the operating system or installed components. Compatible with most of the desktops and mobile platforms.
NOTE: To use ActiveX plug-in on systems with Internet Explorer 9, before configuring Internet Explorer, ensure that you disable the Enhanced Security Mode in Internet Explorer or in the server manager in Windows Server operating systems. For ActiveX applications in Windows 7, Windows 2008, and Windows 10 configure the following Internet Explorer settings to use the ActiveX plug-in: 1. Clear the browser’s cache. 2. Add iDRAC IP or host name to the Local Internet site list. 3.
Clearing earlier Java versions To clear older versions of Java viewer in Windows or Linux, do the following: 1. At the command prompt, run javaws-viewer or javaws-uninstall. The Java Cache viewer is displayed. 2. Delete the items titled iDRAC Virtual Console Client. Importing CA certificates to management station When you launch Virtual Console or Virtual Media, prompts are displayed to verify the certificates.
Updating device firmware Using iDRAC, you can update the iDRAC, BIOS, and all device firmware that is supported by using Lifecycle Controller update such as: • • • • • • • • • • Fibre Channel (FC) cards Diagnostics Operating System Driver Pack Network Interface Card (NIC) RAID Controller Power Supply Unit (PSU) NVMe PCIe devices SAS/SATA hard drives Backplane update for internal and external enclosures OS Collector CAUTION: The PSU firmware update may take several minutes depending on the system configurat
.D9 Image iDRAC DUP Interface Supported Requires LC enabled Supported Requires LC enabled WSMan Yes Yes Yes Yes In-band OS DUP No N/A Yes No The following table provides information on whether a system restart is required when firmware is updated for a particular component: NOTE: When multiple firmware updates are applied through out-of-band methods, the updates are ordered in the most efficient possible manner to reduce unnecessary system restart. Table 12.
Component Name Firmware Rollback Supported? (Yes or No) Out-of-band — System In-band — System Restart Required? Restart Required? Lifecycle Controller GUI — Restart Required? Backplanes Yes Yes Yes Yes Enclosures Yes Yes No Yes NIC Yes Yes Yes Yes Power Supply Unit Yes Yes Yes Yes CPLD No Yes Yes Yes FC Cards Yes Yes Yes Yes NVMe PCIe SSD drives Yes No No No SAS/SATA hard drives No Yes Yes No OS Collector No No No No * Indicates that though a system restart i
Scheduling automatic firmware updates You can create a periodic recurring schedule for iDRAC to check for new firmware updates. At the scheduled date and time, iDRAC connects to the specified destination, checks for new updates, and applies or stages all applicable updates. A log file is created on the remote server, which contains information about server access and staged firmware updates.
• To schedule the start time and frequency of the firmware update: racadm AutoUpdateScheduler create -u username –p password –l [-f catalogfilename -pu -pp -po -pt ] -time < hh:mm> [-dom < 1 – 28,L,’*’> -wom <1-4,L,’*’> -dow ] -rp <1-366> -a For example, • To automatically update firmware using a CIFS share: racadm AutoUpdateScheduler create -u admin -p pwd -l //1.2.3.
3. Click Launch iDRAC Web interface and perform iDRAC Firmware Update. Updating firmware using DUP Before you update firmware using Dell Update Package (DUP), make sure to: • • Install and enable the IPMI and managed system drivers.
• • • Chassis with LCD must display a message indicating “update is in-progress”. Chassis without LCD must indicate the update progress using LED blinking pattern. During the update, chassis action power commands are disabled. The updates for components such as Programmable System-on-Chip (PSoC) of IOM that requires all the servers to be idle, the update is applied on the next chassis power-up cycle.
It is recommended to keep the firmware updated to ensure you have the latest features and security updates. You may need to rollback an update or install an earlier version if you encounter any issues after an update. To install an earlier version, use Lifecycle Controller to check for updates and select the version you want to install.
2. Go to iDRAC Settings > Settings > CMC. The Deploy iDRAC page is displayed. 3. Click Launch iDRAC and perform device firmware rollback as mentioned in the Rollback firmware using iDRAC web interface. Rollback firmware using RACADM 1. Check the rollback status and the FQDD using the swinventory command: racadm swinventory For the device for which you want to rollback the firmware, the Rollback Version must be Available. Also, note the FQDD. 2.
• Collect System Inventory On Reboot (CSIOR) option is enabled. If you initiate a back operation while CSIOR is disabled, the following message is displayed: System Inventory with iDRAC may be stale,start CSIOR for updated inventory • To perform backup on a vFlash SD card: • • vFlash SD card is inserted, enabled, and initialized. vFlash SD card has at least 100 MB free space to store the backup file.
The Backup and Export Server Profile page is displayed. 2. Select one of the following to save the backup file image: • • Network to save the backup file image on a CIFS or NFS share. HTTP or HTTPS to save the backup file image using HTTP/S file transfer. 3. Enter the backup File Name, Backup File Passphrase (optional) and Confirm Passphrase. 4. If Network is selected as the file location, enter the network settings.
Easy Restore After you replace the motherboard on your server, Easy Restore allows you to automatically restore the following data: • • • • • System Service Tag Asset Tag Licenses data UEFI Diagnostics application System configuration settings—BIOS, iDRAC, and NIC Easy Restore uses the Easy Restore flash memory to back up the data. When you replace the motherboard and power on the system, the BIOS queries the iDRAC and prompts you to restore the backed-up data.
3. Host system turns on. 4. Firmware and configuration restore process for the devices is completed. 5. Host system shuts down. 6. iDRAC firmware and configuration restore process is completed. 7. iDRAC restarts. 8. Restored host system turns on to resume normal operation. Monitoring iDRAC using other Systems Management tools You can discover and monitor iDRAC using Dell Management Console or Dell OpenManage Essentials.
3. Select the components listed in Import Components option. 4. Select the Shutdown type. 5. Select the Maximum wait time to specify the wait time before the system shuts down after the import is complete. 6. Click Import. Exporting server configuration profile using iDRAC web interface To export the server configuration profile: 1. Go to Configuration > Server Configuration Profile The Server Configuration Profile page is displayed. 2. Click Export. 3.
The Secure Boot policy uses db and dbx to authorize pre-boot image file execution. For an image file to get executed, it must associate with a key or hash value in db, and not associate with a key or hash value in dbx. Any attempts to update the contents of db or dbx must be signed by a private PK or KEK. Any attempts to update the contents of PK or KEK must be signed by a private PK. Table 14. Acceptable file formats Policy Component Acceptable File Formats Acceptable File Extensions PK X.
4 Configuring iDRAC iDRAC enables you to configure iDRAC properties, set up users, and set up alerts to perform remote management tasks. Before you configure iDRAC, make sure that the iDRAC network settings and a supported browser is configured, and the required licenses are updated. For more information about the licensable feature in iDRAC, see iDRAC licenses .
• • Configuring multiple iDRACs using RACADM Disabling access to modify iDRAC configuration settings on host system Viewing iDRAC information You can view the basic properties of iDRAC. Viewing iDRAC information using web interface In the iDRAC Web interface, go to iDRAC Settings > Overview to view the following information related to iDRAC. For information about the properties, see iDRAC Online Help.
Viewing iDRAC information using RACADM To view iDRAC information using RACADM, see getsysinfo or get sub-command details provided in the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals . Modifying network settings After configuring the iDRAC network settings using the iDRAC Settings utility, you can also modify the settings through the iDRAC Web interface, RACADM, Lifecycle Controller, Dell Deployment Toolkit, and Server Administrator (after booting to the operating system).
• IP filtering limits the IP address range of the clients accessing iDRAC. It compares the IP address of an incoming login to the specified range and allows iDRAC access only from a management station whose IP address is within the range. All other login requests are denied. When repeated login failures occur from a particular IP address, it prevents the address from logging in to iDRAC for a preselected time span.
The last byte of the range mask is set to 252, the decimal equivalent of 11111100b. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Cipher suite selection Cipher Suite Selection can be used to limit the ciphers in iDRAC or client communications and determine how secure the connection will be. It provides another level of filtering the effective in-use TLS Cipher Suite.
Difference between FIPS-mode supported and FIPSvalidated Software that has been validated by completing the Cryptographic Module Validation Program is referred to as FIPS-validated. Because of the time it takes to complete FIPS-validation, not all versions of iDRAC are validated. For information about the latest status of FIPSvalidation for iDRAC, see the Cryptographic Module Validation Program page on the NIST website.
Automated System Recovery Agent Enable Last System Crash Screen. VNC Server Enable VNC server with or without SSL encryption. Configuring services using web interface To configure the services using iDRAC Web interface: 1. In the iDRAC Web interface, go to iDRAC Settings > Services. The Services page is displayed. 2. Specify the required information and click Apply. For information about the various settings, see the iDRAC Online Help.
NOTE: To ensure a secure connection, Dell recommends using TLS 1.1 and higher. Configuring TLS using web interface 1. Go to iDRAC Settings > Services. 2. Click the Services tab and then click Web Server. 3. In the TLS Protocol drop-down, select the TLS version and click Apply. Configuring TLS using RACADM To check the version of TLS configured: racadm get idrac.webserver.tlsprotocol To set the version of TLS: racadm set idrac.webserver.
For information about the fields, see the iDRAC Online Help. 3. Click Apply. The VNC server is configured. Configuring VNC server using RACADM To configure the VNC server, use the set command with the objects in VNCserver. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals.
• • • • • • • • DRAC IPv4 Address DRAC IPv6 Address System Power Ambient Temperature System Model Host Name User Defined None If you select User Defined, enter the required message in the text box. If you select None, home message is not displayed on the server LCD front panel. 3. Enable Virtual Console indication (optional). If enabled, the Live Front Panel Feed section and the LCD panel on the server displays the Virtual console session active message when there is an active Virtual Console session. 4.
For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Configuring time zone and NTP You can configure the time zone on iDRAC and synchronize the iDRAC time using Network Time Protocol (NTP) instead of BIOS or host system times. You must have Configure privilege to configure time zone or NTP settings. Configuring time zone and NTP using iDRAC web interface To configure time zone and NTP using iDRAC web interface: 1.
3. To boot from the selected device only once on the next boot, select Boot Once. Thereafter, the system boots from the first boot device in the BIOS boot order. For more information about the options, see the iDRAC Online Help. Setting first boot device using RACADM • • To set the first boot device, use the iDRAC.ServerBoot.FirstBootDevice object. To enable boot once for a device, use the iDRAC.ServerBoot.BootOnce object.
If you are configuring the server using a Server Configuration Profile through RACADM, WSMan or Redfish and if the network settings are changed in this file, then you must wait for 15 seconds to either enable OS to iDRAC Pass-through feature or set the OS Host IP address. Before enabling OS to iDRAC Pass-through, make sure that: • • • • • iDRAC is configured to use dedicated NIC or shared mode (that is, NIC selection is assigned to one of the LOMs).
• • • • SLES 12 SP2 ESXi 6.0 U3 vSphere 2016 XenServer 7.1 For Linux operating systems, configure the USB NIC as DHCP on the host operating system before enabling USB NIC. For vSphere, you must install the VIB file before enabling USB NIC. NOTE: To configure USB NIC as DHCP in Linux operating system or XenServer, refer to the operating system or hypervisor documentation. Installing VIB file For vSphere operating systems, before enabling the USB NIC, you must install the VIB file.
The default value is 169.254.1.1. It is recommended to use the default IP address. However, if this IP address conflicts with an IP address of other interfaces of the host system or the local network, you must change it. Do not enter 169.254.0.3 and 169.254.0.4 IPs. These IPs are reserved for the USB NIC port on the front panel when a A/A cable is used. 6. Click Apply. 7.
Login Type Certificate Type How to Obtain SHA-2 certificates are also supported. Smart Card login as a local or Active Directory user • • User certificate Trusted CA certificate • • User Certificate — Export the smart card user certificate as Base64encoded file using the card management software provided by the smart card vendor. Trusted CA certificate — This certificate is issued by a CA. SHA-2 certificates are also supported.
an expiration date of seven years and one day and a start date of one day in the past (for different time zone settings on management stations and the iDRAC). The iDRAC Web server SSL certificate supports the asterisk character (*) as part of the left-most component of the Common Name when generating a Certificate Signing Request (CSR). For example, *.qa.com, or *.company.qa.com. This is called a wildcard certificate.
4. A pop-up message is displayed asking you to reset iDRAC immediately or at a later time. Click Reset iDRAC or Reset iDRAC Later as required. iDRAC resets and the new certificate is applied. The iDRAC is not available for a few minutes during the reset. NOTE: You must reset iDRAC to apply the new certificate. Until iDRAC is reset, the existing certificate is active. Uploading server certificate using RACADM To upload the SSL server certificate, use the sslcertupload command.
Uploading custom SSL certificate signing certificate using RACADM To upload the custom SSL certificate signing certificate using RACADM, use the sslcertupload command, and then use the racreset command to reset iDRAC. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Downloading custom SSL certificate signing certificate You can download the custom signing certificate using iDRAC Web interface or RACADM.
You can also use the System Configuration Profile (SCP) to configure multiple iDRACs using RACADM. SCP file contains the component configuration information. You can use this file to apply the configuration for BIOS, iDRAC, RAID, and NIC by importing the file into a target system. For more information, see XML Configuration Workflow white paper available at www.dell.com/manuals. To configure multiple iDRACs using the configuration file: 1.
5 Viewing iDRAC and managed system information You can view iDRAC and managed system health and properties, hardware and firmware inventory, sensor health, storage devices, network devices, and view and terminate user sessions. For blade servers, you can also view the Flex Address or Remote-Assigned Address (applicable only for MX platforms) .
• • • • • • • • • • • • • • • iDRAC RAID controller Batteries CPUs DIMMs HDDs Backplanes Network Interface Cards (integrated and embedded) Video card SD card Power Supply Units (PSUs) Fans Fibre Channel HBAs USB NVMe PCIe SSD devices The Firmware Inventory section displays the firmware version for the following components: • • • • • • • • • • • • • • • BIOS Lifecycle Controller iDRAC OS driver pack 32-bit diagnostics System CPLD PERC controllers Batteries Physical disks Power supply NIC Fibre Channel Bac
• • • • CPU — Indicates the health and state of the CPUs in the managed system. It also reports processor automatic throttling and predictive failure. Memory — Indicates the health and state of the Dual In-line Memory Modules (DIMMs) present in the managed system. Intrusion — Provides information about the chassis. Power Supplies (available only for rack and tower servers) — Provides information about the power supplies and the power supply redundancy status.
Monitoring performance index of CPU, memory, and input output modules In Dell’s 14th generation Dell PowerEdge servers, Intel ME supports Compute Usage Per Second (CUPS) functionality. The CUPS functionality provides real-time monitoring of CPU, memory, and I/O utilization and system-level utilization index for the system. Intel ME allows out-of-band (OOB) performance monitoring and does not consume CPU resources.
• • Provides the statistics for CPU, memory, IO utilization, and the system level CUPS index. If the host system is powered off, then the graph displays the power off line below 0 percent. • You can reset the peak utilization for a particular sensor. Click Reset Historical Peak. You must have Configure privilege to reset the peak value. Performance Metrics section: • • Displays status and present reading Displays or specifies the warning threshold utilization limit.
Viewing historical temperature data using iDRAC web interface To view historical temperature data: 1. In the iDRAC Web interface, go to System > Overview > Cooling > Temperature overview. The Temperature overview page is displayed. 2. See the System Board Temperature Historical Data section that provides a graphical display of the stored temperature (average and peak values) for the last day, last 30 days, and last year. For more information, see the iDRAC Online Help.
Viewing network interfaces available on host OS using web interface To view the network interfaces available on the host OS using Web interface: 1. Go to System > Host OS > Network Interfaces. The Network Interfaces page displays all the network interfaces that are available on the host operating system. 2. To view the list of network interfaces associated with a network device, from the Network Device FQDD drop-down menu, select a network device and click Apply.
CAUTION: With FlexAddress enabled, if you switch from a server–assigned MAC address to a chassis–assigned MAC address and vice–versa, iDRAC IP address also changes. Viewing or terminating iDRAC sessions You can view the number of users currently logged in to iDRAC and terminate the user sessions. Terminating iDRAC sessions using web interface The users who do not have administrative privileges must have Configure iDRAC privilege to terminate iDRAC sessions using iDRAC Web interface.
6 Setting up iDRAC communication You can communicate with iDRAC using any of the following modes: • • • • • • • iDRAC Web Interface Serial connection using DB9 cable (RAC serial or IPMI serial) — For rack and tower servers only IPMI Serial Over LAN IPMI Over LAN Remote RACADM Local RACADM Remote Services NOTE: To ensure that Local RACADM import or export commands work properly, ensure that the USB mass-storage host is enabled in the operating system.
• • • • • • • • • • Communicating with iDRAC through serial connection using DB9 cable Switching between RAC serial and serial console while using DB9 cable Communicating with iDRAC using IPMI SOL Communicating with iDRAC using IPMI over LAN Enabling or disabling remote RACADM Disabling local RACADM Enabling IPMI on managed system Configuring Linux for serial console during boot in RHEL 6 Configuring serial terminal in RHEL 7 Supported SSH cryptography schemes Communicating with iDRAC through serial conne
NOTE: This is applicable only for iDRAC on rack and tower servers. Enabling RAC serial connection using web interface To enable RAC serial connection: 1. In the iDRAC Web interface, go to iDRAC Settings > Network > Serial. The Serial page is displayed. 2. Under RAC Serial, select Enabled and specify the values for the attributes. 3. Click Apply. The RAC serial settings are configured.
Enabling serial connection IPMI serial settings using RACADM 1. Change the IPMI serial-connection mode to the appropriate setting using the command. racadm set iDRAC.Serial.Enable 0 2. Set the IPMI Serial baud rate using the command. racadm set iDRAC.IPMISerial.BaudRate Parameter Allowed values (in bps) 9600, 19200, 57600, and 115200. 3. Enable the IPMI serial hardware flow control using the command. racadm set iDRAC.IPMISerial.FlowContro 1 4.
For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Switching between RAC serial and serial console while using DB9 cable iDRAC supports Escape key sequences that allow switching between RAC Serial Interface communication and Serial Console on rack and tower servers. Switching from serial console to RAC serial To switch to RAC Serial Interface communication mode when in Serial Console Mode, press Esc+Shift, 9.
7. Press to exit System Setup. NOTE: BIOS sends the screen serial data in 25 x 80 format. The SSH window that is used to invoke the console com2 command must be set to 25 x 80. Then, the redirected screen appears correctly. NOTE: If the boot loader or operating system provides serial redirection such as GRUB or Linux, then the BIOS Redirection After Boot setting must be disabled. This is to avoid potential race condition of multiple components accessing the serial port.
4. Enable SOL for each user using the command. racadm set iDRAC.Users..SolEnable 2 Parameter Description Unique ID of the user NOTE: To redirect the serial console over LAN, ensure that the SOL baud rate is identical to the baud rate of the managed system. Enabling supported protocol The supported protocols are IPMI, SSH, and Telnet. Enabling supported protocol using web interface To enable SSH or Telnet, go to iDRAC Settings > Services and select Enabled for SSH or Telnet, respectively.
This command connected the management station to the managed system's serial port. 3. To quit a SOL session from IPMItool, press ~ and then . (period). NOTE: If a SOL session does not terminate, reset iDRAC and allow up to two minutes to complete booting. NOTE: IPMI SOL session may terminate while copying large input text from a client running Windows OS to a host running Linux OS. To avoid the session from getting terminated abruptly, convert any large text to a UNIX-based line ending.
NOTE: If required, you can change the default SSH or Telnet session time-out at iDRAC Settings > Services. 1. Start a shell. 2. Connect to iDRAC using the following command: • • For SSH: ssh -l For Telnet: telnet NOTE: If you have changed the port number for the Telnet service from the default (port 23), add the port number to the end of the Telnet command. 3.
Disconnecting SOL session in iDRAC command line console The commands to disconnect a SOL session are based on the utility. You can exit the utility only when a SOL session is completely terminated. To disconnect a SOL session, terminate the SOL session from the iDRAC command line console. • • To quit SOL redirection, press Enter, Esc, T. The SOL session closes. To quit a SOL session from Telnet on Linux, press and hold Ctrl+]. A Telnet prompt is displayed. Type quit to exit Telnet.
Parameter Privilege level = 3 Operator = 4 Administrator 3. Set the IPMI LAN channel encryption key ,if required. racadm set iDRAC.IPMILan.EncryptionKey Parameter Description 20-character encryption key in a valid hexadecimal format. NOTE: The iDRAC IPMI supports the RMCP+ protocol. For more information, see the IPMI 2.0 specifications at intel.com. Enabling or disabling remote RACADM You can enable or disable remote RACADM using the iDRAC Web interface or RACADM.
Configuring Linux for serial console during boot in RHEL 6 The following steps are specific to the Linux GRand Unified Bootloader (GRUB). Similar changes are required if a different boot loader is used. NOTE: When you configure the client VT100 emulation window, set the window or application that is displaying the redirected Virtual Console to 25 rows x 80 columns to make sure the correct text displays. Else, some text screens may be garbled. Edit the /etc/grub.conf file as follows: 1.
The following example shows a sample file with the new line. #inittab This file describes how the INIT process should set up #the system in a certain run-level. #Author:Miquel van Smoorenburg #Modified for RHS Linux by Marc Ewing and Donnie Barnes #Default runlevel.
tty1 tty2 tty3 tty4 tty5 tty6 tty7 tty8 tty9 tty10 tty11 ttyS1 Configuring serial terminal in RHEL 7 To configure serial terminal in RHEL 7: 1.
To configure GRUB to use serial console, comment out the splash image and add the serial and terminal options to grub.conf : [root@localhost ~]# cat /boot/grub/grub.conf # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/hda2 # initrd /initrd-version.
Scheme Type Algorithms Encryption chacha20-poly1305@openssh.com aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com MAC hmac-sha1 hmac-ripemd160 umac-64@openssh.com Compression None NOTE: If you enable OpenSSH 7.0 or later, DSA public key support is disabled. To ensure better security for iDRAC, Dell recommends not enabling DSA public key support. Using public key authentication for SSH iDRAC supports the Public Key Authentication (PKA) over SSH.
• • –b specifies the bit encryption size between 2048 and 4096. –C allows modifying the public key comment and is optional. NOTE: The options are case-sensitive. Follow the instructions. After the command executes, upload the public file. CAUTION: Keys generated from the Linux management station using ssh-keygen are in non-4716 format. Convert the keys into the 4716 format using ssh-keygen -e -f /root/.ssh/id_rsa.pub > std_rsa.pub. Do not change the permissions of the key file.
The Users Main Menu page is displayed. 3. Under SSH Key Configurations, select View/Remove SSH Key(s) and click Next. The View/Remove SSH Key(s) page is displayed with the key details. Deleting SSH keys Before deleting the public keys, make sure that you view the keys if they are set up, so that a key is not accidentally deleted. Deleting SSH keys using web interface To delete the SSH key(s): 1. In Web interface, go to iDRAC Settings > Users. The Local Users page is displayed. 2.
7 Configuring user accounts and privileges You can setup user accounts with specific privileges (role-based authority) to manage your system using iDRAC and maintain system security. By default iDRAC is configured with a local administrator account. The default iDRAC user name and password are provided with the system badge. As an administrator, you can setup user accounts to allow other users to access iDRAC. For more information see the documentation for the server.
Current Generation Prior Generation Description Access Virtual Console Access Virtual Console Enables the user to run Virtual Console. Redirection (for blade servers) Access Virtual Console (for rack and tower servers) Access Virtual Media Access Virtual Media Enables the user to run and use Virtual Media. System Operations Test Alerts Allows user initiated and generated events, and information is sent as an asynchronous notification and logged.
changed using any of the iDRAC secured interfaces (that is, web interface, RACADM or WSMan). You can also enable or disable SNMPv3 authentication for each user. Configuring local users using iDRAC web interface To add and configure local iDRAC users: NOTE: You must have Configure Users permission to create an iDRAC user. 1. In the iDRAC Web interface, go to iDRAC Settings > User. The Local Users page is displayed. 2. In the User ID column, select a user ID number and click Edit.
Adding iDRAC user using RACADM 1. Set the index and user name. racadm set idrac.users..username Parameter Description Unique index of the user User name 2. Set the password. racadm set idrac.users..password 3. Set the user privileges. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. 4. Enable the user. racadm set.idrac.users..enable 1 To verify, use the following command: racadm get idrac.users.
• Enabled the Secure Socket Layer (SSL) on all domain controllers that iDRAC connects to for authenticating to all the domain controllers. Enabling SSL on domain controller When iDRAC authenticates users with an Active Directory domain controller, it starts an SSL session with the domain controller. At this time, the domain controller must publish a certificate signed by the Certificate Authority (CA)—the root certificate of which is also uploaded into iDRAC.
To import iDRAC firmware SSL certificate to all domain controller trusted certificate lists: 1. Download iDRAC SSL certificate using the following RACADM command: racadm sslcertdownload -t 1 -f 2. On the domain controller, open an MMC Console window and select Certificates > Trusted Root Certification Authorities. 3. Right-click Certificates, select All Tasks and click Import. 4. Click Next and browse to the SSL certificate file. 5.
Role Groups Default Privilege Level Permissions Granted Bit Mask Commands, Access Virtual Console, Access Virtual Media, Test Alerts, Execute Diagnostic Commands Role Group 2 None Log in to iDRAC, Configure iDRAC, Execute Server Control Commands, Access Virtual Console, Access Virtual Media, Test Alerts, Execute Diagnostic Commands 0x000000f9 Role Group 3 None Log in to iDRAC 0x00000001 Role Group 4 None No assigned permissions 0x00000000 Role Group 5 None No assigned permissions 0x000000
5. Click Next. The Active Directory Configuration and Management Step 2 of 4 page is displayed. 6. Enable Active Directory and specify the location information about Active Directory servers and user accounts. Also, specify the time iDRAC must wait for responses from Active Directory during iDRAC login. NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the Global Catalog FQDN. Make sure that DNS is configured correctly under iDRAC Settings > Network. 7.
NOTE: If certificate validation is enabled, specify the Domain Controller Server addresses and the Global Catalog FQDN. Ensure that DNS is configured correctly under Overview > iDRAC Settings > Network. Using the following RACADM command may be optional. racadm sslcertdownload -t 1 -f 2. If DHCP is enabled on iDRAC and you want to use the DNS provided by the DHCP server, enter the following command: racadm set iDRAC.IPv4.DNSFromDHCP 1 3.
For each physical iDRAC device on the network that you want to integrate with Active Directory for authentication and authorization, create at least one association object and one iDRAC device object. You can create multiple association objects, and each association object can be linked to as many users, groups of users, or iDRAC device objects as required. The users and iDRAC user groups can be members of any domain in the enterprise.
Figure 3. Privilege accumulation for a user The figure shows two Association Objects—A01 and A02. User1 is associated to iDRAC2 through both association objects. Extended Schema Authentication accumulates privileges to allow the user the maximum set of privileges possible considering the assigned privileges of the different privilege objects associated to the same user. In this example, User1 has both Priv1 and Priv2 privileges on iDRAC2. User1 has Priv1 privileges on iDRAC1 only.
You can copy and run the Schema Extender or LDIF files from any location. Using Dell Schema Extender CAUTION: The Dell Schema Extender uses the SchemaExtenderOem.ini file. To make sure that the Dell Schema Extender utility functions properly, do not modify the name of this file. 1. In the Welcome screen, click Next. 2. Read and understand the warning and click Next. 3. Select Use Current Log In Credentials or enter a user name and password with schema administrator rights. 4.
Table 28. dellRAC4Privileges class OID 1.2.840.113556.1.8000.1280.1.1.1.3 Description Defines the privileges (Authorization Rights) for iDRAC Class Type Auxiliary Class SuperClasses None Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 29. dellPrivileges class OID 1.2.840.113556.1.8000.1280.1.1.1.
Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellIsLoginUser 1.2.840.113556.1.8000.1280.1.1.2.3 TRUE TRUE if the user has Login rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsCardConfigAdmin 1.2.840.113556.1.8000.1280.1.1.2.4 TRUE if the user has Card Configuration rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsUserConfigAdmin 1.2.840.113556.1.8000.1280.1.1.2.
Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued Link ID: 12071 Installing Dell extension to the Active Directory users and computers snap-in When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers Snap-in so the administrator can manage iDRAC devices, users and user groups, iDRAC associations, and iDRAC privileges.
4. Select the scope for the Association Object and click OK. 5. Provide access privileges to the authenticated users for accessing the created association objects. Providing user access privileges for association objects To provide access privileges to the authenticated users for accessing the created association objects: 1. Go to Administrative Tools > ADSI Edit. The ADSI Edit window is displayed. 2. In the right-pane, navigate to the created association object, right-click and select Properties. 3.
4. Specify the location information about Active Directory (AD) servers and user accounts. Also, specify the time iDRAC must wait for responses from AD during login process. NOTE: • If certificate validation is enabled, specify the Domain Controller Server addresses and the FQDN. Make sure that DNS is configured correctly under iDRAC Settings > Network • If the user and iDRAC objects are in different domains, then do not select the User Domain from Login option.
3. If DHCP is disabled in iDRAC or you want to manually input your DNS IP address, enter the following command: racadm set iDRAC.IPv4.DNSFromDHCP 0 racadm set iDRAC.IPv4.DNSFromDHCP.DNS1 racadm set iDRAC.IPv4.DNSFromDHCP.DNS2 4. If you want to configure a list of user domains so that you only need to enter the user name during log in to iDRAC web interface, use the following command: racadm set iDRAC.UserDomain..
The Generic LDAP Configuration and Management Step 1 of 3 page displays the current generic LDAP settings. 2. Optionally, enable certificate validation and upload the digital certificate used during initiation of SSL connections when communicating with a generic LDAP server. NOTE: In this release, non-SSL port based LDAP bind is not supported. Only LDAP over SSL is supported. 3. Click Next. The Generic LDAP Configuration and Management Step 2 of 3 page is displayed. 4.
Testing LDAP directory service settings using RACADM To test the LDAP directory service settings, use the testfeature command. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals.
8 System Lockdown mode System Lockdown mode helps in preventing unintended changes after a system is provisioned. This feature can help in protecting the system from unintentional or malicious changes. Lockdown mode is applicable to both configuration and firmware updates. When the system is locked down, any attempt to change the system configuration is blocked. If any attempts are made to change the critical system settings, an error message is displayed.
Disabled Remain functional • • • • • System power operations (power on, off, reset) Identify devices (chassis and PERC) ISM/OMSA settings (OS BMC enable, watchdog ping, OS name, OS version) Modular operations (FlexAddress or Remote-Assigned Address) Group Manager passcode NOTE: When lockdown mode is enabled, OpenID Connect login option is not displayed in iDRAC login page.
9 Configuring iDRAC for Single Sign-On or smart card login This section provides information to configure iDRAC for Smart Card login (for local users and Active Directory users), and Single Sign-On (SSO) login (for Active Directory users.) SSO and smart card login are licensed features. iDRAC supports Kerberos based Active Directory authentication to support Smart Card and SSO logins. For information on Kerberos, see the Microsoft website.
Creating Active Directory objects and providing privileges Logging in to Active Directory Standard schema based SSO Perform the following steps for Active Directory Standard schema based SSO login: 1. Create a User Group. 2. Create a User for Standard schema. NOTE: Use the existing AD User Group & AD User. Logging in to Active Directory Extended schema based SSO Perform the following steps for Active Directory Extended schema based SSO login: 1.
Generating Kerberos keytab file To support the SSO and smart card login authentication, iDRAC supports the configuration to enable itself as a kerberized service on a Windows Kerberos network. The Kerberos configuration on iDRAC involves the same steps as configuring a non–Windows Server Kerberos service as a security principal in Windows Server Active Directory.
Management Station Settings Perform the following steps after configuring SSO login for Active Directory users: 1. Set the DNS Server IP in Network properties and mention the preferred DNS Server IP. 2. Go to My Computer and add the tiger.com domain. 3. Add the Active Directory User to Administrator by navigating to: My Computer > Manage > Local User and Groups > Groups > Administrator and add the Active Directory User. 4. Logoff the system and login using the Active Directory User credential. 5.
Enabling or disabling smart card login using iDRAC settings utility To enable or disable the Smart Card logon feature: 1. In the iDRAC Settings utility, go to Smart Card. The iDRAC Settings Smart Card page is displayed. 2. Select Enabled to enable smart card logon. Else, select Disabled. For more information about the options, see iDRAC Settings Utility Online Help. 3. Click Back, click Finish, and then click Yes. The smart card logon feature is enabled or disabled based on the selection.
Requesting Certificate for smart card enrollment Follow these steps to request certificate for smart card enrollment: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Connect the smart card in the client system and install the required drivers & software. Verify the driver status in the Device Manager. Launch the smart card enrollment agent in the browser. Enter the Username & Password and click OK. Click Request Certificate. Click Advanced Certificate Request.
10 Configuring iDRAC to send alerts You can set alerts and actions for certain events that occur on the managed system. An event occurs when the status of a system component is greater than the pre-defined condition. If an event matches an event filter and you have configured this filter to generate an alert (e-mail, SNMP trap, IPMI alert, remote system logs, Redfish event, or WS events), then an alert is sent to one or more configured destinations.
• • Select the issue severity notification. Select the location where you would like to receive these notifications. 3. Click Apply to save the setting. NOTE: You must select at least one category, one severity, and one destination type to apply the configuration. All the alerts that are configured are displayed in total under Alerts Configuration Summary. Enabling or disabling alerts using RACADM Use the following command: racadm set iDRAC.IPMILan.
Filtering alerts using RACADM To filter the alerts, use the eventfilters command. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/ idracmanuals. Setting event alerts You can set event alerts such as e-mail alerts, IPMI alerts, SNMP traps, remote system logs, operating system logs, and WS events to be sent to configured destinations. Setting event alerts using web interface To set an event alert using the web interface: 1.
3. Click Apply. The alert recurrence settings are saved. Setting event actions You can set event actions such as perform a reboot, power cycle, power off, or perform no action on the system. Setting event actions using web interface To set an event action: 1. In iDRAC Web interface, go to Configuration > System Settings > Alert and Remote System Log Configuration. 2. From the Actions drop-down menu, for each event select an action: • • • • Reboot Power Cycle Power Off No Action 3. Click Apply.
For more information about the options, see the iDRAC Online Help. NOTE: The Community String value indicates the community string to use in a Simple Network Management Protocol (SNMP) alert trap sent from iDRAC. Make sure that the destination community string is the same as the iDRAC community string. The default value is Public. 5. To test whether the IP address is receiving the IPMI or SNMP traps, click Send under Test IPMI Trap and Test SNMP Trap respectively. 6. Click Apply.
5. To test the trap, if required: racadm testtrap -i For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Configuring IP alert destinations using iDRAC settings utility You can configure alert destinations (IPv4, IPv6, or FQDN) using the iDRAC Settings utility. To do this: 1. In the iDRAC Settings utility, go to Alerts. The iDRAC Settings Alerts page is displayed. 2.
2. To configure email settings: racadm set iDRAC.EmailAlert.Address.[index] [email-address] Parameter Description index Email destination index. Allowed values are 1 through 4. email-address Destination email address that receives the platform event alerts. 3. To configure a custom message: racadm set iDRAC.EmailAlert.CustomMsg.[index] [custom-message] Parameter Description index Email destination index. Allowed values are 1 through 4. custom-message Custom message 4.
Configuring Redfish Eventing The Redfish eventing protocol is used for a client service (subscriber) to register interest (subscription) with a server (event source) for receiving messages containing the Redfish events (notifications or event messages). Clients interested in receiving the Redfish eventing messages can subscribe with iDRAC and receive Lifecycle Controller job related events.
Message ID Description Description (For MX platforms) BAR Backup/Restore Backup/Restore BAT Battery Event Battery Event BIOS BIOS Management BIOS Management BOOT BOOT Control BOOT Control CBL Cable Cable CPU Processor Processor CPUA Proc Absent Proc Absent CTL Storage Contr Storage Contr DH Cert Mgmt Cert Mgmt DIS Auto-Discovery Auto-Discovery ENC Storage Enclosr Storage Enclosr FAN Fan Event Fan Event FSD Debug Debug HWC Hardware Config Hardware Config IPA DRAC
Message ID Description Description (For MX platforms) PSUA PSU Absent PSU Absent PWR Power Usage Power Usage RAC RAC Event RAC Event RDU Redundancy Redundancy RED FW Download FW Download RFL IDSDM Media IDSDM Media RFLA IDSDM Absent IDSDM Absent RFM FlexAddress SD Not Applicable RRDU IDSDM Redundancy IDSDM Redundancy RSI Remote Service Remote Service SEC Security Event Security Event SEL Sys Event Log Sys Event Log SRD Software RAID Software RAID SSD PCIe SSD PCIe
11 iDRAC 9 Group Manager iDRAC Group Manager feature is available for Dell's 14th generation servers to offer simplified basic management of iDRACs and associated servers on the associated servers on the local network using the iDRAC GUI. Group Manager allows 1XMany console experience without involving a separate application. It allows the users to view the details of a set of servers by permitting more powerful management than by inspecting servers visually for faults and other manual methods.
The iDRAC members self-select a new primary controller for the group if the current primary goes offline for a prolonged duration, but that does not have any impact on the end user. You can normally access the group manager from all iDRAC members by clicking group manager from the iDRAC index page. Summary View You need to have administrator privileges to access group manager pages. If a non-administrator user logs onto the iDRAC, the group manager section does not appear with their credentials.
NOTE: By default iDRAC is configured with a local administrator account. You can access further information for each parameter with local administrator account. For more information see, Configuring user accounts and privileges. Table 36. New User Options Option Description New User Information Allows you to provide the new user's information details. iDRAC Permissions Allows you to define the user's role for future usage.
NOTE: Any member iDRAC with system lockdown enabled, that is part of the same group returns an error that the user password was not updated. Export Use this section to export the Group Summary to the local system. The information can be exported to a csv file format. It contains data related to each individual system in the group. Export includes the following information in csv format.
Option Description Rescan Allows you to scan and generate the list of discovered servers at any time. Jobs View Jobs view allows the user to track the progress of a group job, helps with simple recovery steps to correct connectivity induced failures. It also shows the history of the last group actions that were performed as an audit log. The user can use the jobs view to track the progress of the action across the group or to cancel an action that is schedule to occur in the future.
Jobs Export You can export the log to the local system for further references. The jobs list can be exported to a csv file format. It contains all the data related to each job. NOTE: Exported CSV files are available only in English. Group Information Panel Group Information panel in the top right of group manager summary view shows a consolidated group summary. Current group configuration can be edited from the Group Settings page accessible by clicking Group Settings button.
Table 42. Actions on a selected Server Option Description Graceful Shutdown Shuts down the operating system and powers off the system. Cold Reboot Powers off, then reboots the system. Virtual Console Launches Virtual Console with single sign on a new browser window. NOTE: Disable Popup blocker from the browser to use this functionality. Group Manager Single Sign On All iDRACs in the group trust each other based on the shared passcode secret and shared group name.
12 Managing logs iDRAC provides Lifecycle log that contains events related to system, storage devices, network devices, firmware updates, configuration changes, license messages, and so on. However, the system events are also available as a separate log called System Event Log (SEL). The lifecycle log is accessible through iDRAC Web interface, RACADM, and WSMan interface. When the size of the lifecycle log reaches 800 KB, the logs are compressed and archived.
Viewing System Event Log using iDRAC settings utility You can view the total number of records in the System Event Log (SEL) using the iDRAC Settings Utility and clear the logs. To do this: 1. In the iDRAC Settings Utility, go to System Event Log. The iDRAC Settings.System Event Log displays the Total Number of Records. 2. To clear the records, select Yes. Else, select No. 3. To view the system events, click Display System Event Log. 4. Click Back, click Finish, and then click Yes.
• • • Select the severity level from the Severity drop-down list. Enter a keyword. Specify the date range. 2. Click Apply. The filtered log entries are displayed in Log Results. Adding comments to Lifecycle logs To add comments to the Lifecycle logs: 1. In the Lifecycle Log page, click the + icon for the required log entry. The Message ID details are displayed. 2. Enter the comments for the log entry in the Comment box. The comments are displayed in the Comment box.
NOTE: It is recommended not to use too many special characters. 3. Click Save. The work note is added to the log. For more information, see the iDRAC Online Help. Configuring remote system logging You can send lifecycle logs to a remote system. Before doing this, make sure that: • • There is network connectivity between iDRAC and the remote system. The remote system and iDRAC is on the same network. Configuring remote system logging using web interface To configure the remote syslog server settings: 1.
13 Monitoring and managing power You can use iDRAC to monitor and manage the power requirements of the managed system. This helps to protect the system from power outages by appropriately distributing and regulating the power consumption on the system. The key features are: • • • • Power Monitoring — View the power status, history of power measurements, the current averages, peaks, and so on for the managed system.
For information about the displayed properties, see the iDRAC Online Help. Monitoring performance index for of CPU, memory, and input output modules using RACADM Use the SystemPerfStatistics sub command to monitor performance index for CPU, memory, and I/O modules. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Setting warning threshold for power consumption You can set the warning threshold value for the power consumption sensor in the rack and tower systems.
• • • Graceful Shutdown Reset System (warm boot) Power Cycle System (cold boot) 3. Click Apply. For more information, see the iDRAC Online Help. Executing power control operations using RACADM To perform power actions, use the serveraction command. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals.
Configuring power cap policy using RACADM To view and configure the current power cap values, use the following objects with the set command: • • • • System.Power.Cap.Enable System.Power.Cap.Watts System.Power.Cap.Btuhr System.Power.Cap.Percent For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Configuring power cap policy using iDRAC settings utility To view and configure power policies: 1. In iDRAC Settings utility, go to Power Configuration.
Configuring power supply options using iDRAC settings utility To configure the power supply options: 1. In iDRAC Settings utility, go to Power Configuration. NOTE: The Power Configuration link is available only if the server power supply unit supports power monitoring. The iDRAC Settings Power Configuration page is displayed. 2. Under Power Supply Options: • • • • Enable or disable power supply redundancy. Enable or disable hot spare. Set the primary power supply unit.
• • • NOTE: It is important to note that with certain configurations and workloads, it may not be physically possible to reduce exhaust below a desired set point (e.g. Custom exhaust setting of 45C with a high inlet temp {e.g. 30C} and a loaded config {high system power consumption, low airflow}). 3. Sound Cap option is new in the 14th generation of PowerEdge server. It limits CPU power consumption and controls fan speed and acoustical ceiling.
14 Inventorying, monitoring, and configuring network devices You can inventory, monitor, and configure the following network devices: • • • • • Network Interface Cards (NICs) Converged Network Adapters (CNAs) LAN On Motherboards (LOMs) Network Daughter Cards (NDCs) Mezzanine cards (only for blade servers) Before you disable NPAR or an individual partition on CNA devices, ensure that you clear all I/O identity attributes (Example: IP address, virtual addresses, initiator, and storage targets) and partition
provide details of the physical mapping of switch ports to server’s network ports and iDRAC (integrated Dell Remote Access Controller) dedicated port connections. All supported network cards are visible in Connection View, irrespective of the brand. Instead of manually checking and troubleshooting the server's networking connections, you can view and manage network cable connections remotely.
Manufacturer Type Broadcom • • • • • • 57414 rNDC 25GE 57416/5720 rNDC 10GbE 57412/5720 rNDC 10GbE 57414 PCIe FH/LP 25GE 57412 PCIe FH/LP 10GbE 57416 PCIe FH/LP 10GbE Intel • • • • • • • • • X710 bNDC 10Gb X710 DP PCIe 10Gb X710 QP PCIe 10Gb X710 + I350 rNDC 10Gb+1Gb X710 rNDC 10Gb X710 bNDC 10Gb XL710 PCIe 40Gb XL710 OCP Mezz 10Gb X710 PCIe 10Gb Mellanox • • • MT27710 rNDC 40Gb MT27710 PCIe 40Gb MT27700 PCIe 100Gb QLogic • • • QL41162 PCIe 10GE 2P QL41112 PCIe 10GE 2P QL41262 PCIe 25GE 2P Inv
and also based on persistence policy setting for that power state. This provides more flexibility in deployments that need rapid reconfiguration of system workloads to another system. The virtual addresses are: • • • • • Virtual MAC Address Virtual iSCSI MAC Address Virtual FIP MAC Address Virtual WWN Virtual WWPN NOTE: When you clear the persistence policy, all the virtual addresses are reset to the default permanent address set at the factory.
Manufacturer Type • • X550 DP BT LP PCIe 2 x 10 Gb XXV710 Fab A/B Mezz 25 Gb (for MX platforms ) Mellanox • • • • • ConnectX-3 Pro 10G Mezz 10GB ConnectX-4 LX 25GE SFP DP rNDC 25GB ConnectX-4 LX 25GE DP FH PCIe 25GB ConnectX-4 LX 25GE DP LP PCIe 25GB ConnectX-4 LX Fab A/B Mezz 25GB (for MX platforms ) Qlogic • • • • • • • • • • • • • • • • • • 57810 PCIe 10GB 57810 bNDC 10GB 57810 Mezz 10GB 57800 rNDC 10GB+1GB 57840 rNDC 10GB 57840 bNDC 10GB QME2662 Mezz FC16 QLE 2692 SP FC16 Gen 6 HBA FH PCIe FC16
Table 44.
System behavior for FlexAddress and IO Identity Table 45.
Enabling or disabling IO Identity Optimization using RACADM To enable I/O Identity Optimization, use the command: racadm set idrac.ioidopt.IOIDOptEnable Enabled After enabling this feature, you must restart the system for the settings to take effect. To disable I/O Identity Optimization, use the command: racadm set idrac.ioidopt.IOIDOptEnable Disabled To view the I/O Identity Optimization setting, use the command: racadm get iDRAC.
NOTE: When a persistent policy is disabled and when you perform the action to lose the virtual address, re-enabling the persistent policy does not retrieve the virtual address. You must set the virtual address again after you enable the persistent policy.
iSCSI Initiator Default Values in IPv4 mode Default Values in IPv6 mode IscsiInitiatorIpv6PrimDns :: :: IscsiInitiatorSecDns 0.0.0.0 :: IscsiInitiatorIpv4SecDns 0.0.0.0 0.0.0.0 IscsiInitiatorIpv6SecDns :: :: IscsiInitiatorName Value Cleared Value Cleared IscsiInitiatorChapId Value Cleared Value Cleared IscsiInitiatorChapPwd Value Cleared Value Cleared IPVer Ipv4 Ipv6 Table 48.
15 Managing storage devices Starting with iDRAC 3.15.15.15 release, iDRAC supports Boot Optimized Storage Solution (BOSS) controller in the 14th generation of PowerEdge servers. BOSS controllers are designed specifically for booting the operating system of the server. These controllers support limited RAID features and the configuration is staged. NOTE: BOSS controllers support only RAID level1. iDRAC has expanded its agent-free management to include direct configuration of the PERC controllers.
Storage events from PERC are mapped to SNMP traps and WSMan events as applicable. Any changes to the storage configurations are logged in the Lifecycle Log. Table 49. PERC capability PERC Capability Real-time CEM configuration Capable Controller (PERC 9.1 or later) NOTE: For the 14th generation of PowerEdge servers, PERC 9 and PERC 10 controllers are supported. If there is no existing pending or scheduled jobs for the controller, then configuration is applied.
NOTE: The RAID Advisory Board (RAB) defines the specifications used to implement RAID. Although RAB defines the RAID levels, commercial implementation of RAID levels by different vendors may vary from the actual RAID specifications. An implementation of a particular vendor may affect the read and write performance and the degree of data redundancy. Hardware and software RAID RAID can be implemented with either hardware or software.
• • • Cost efficiency — Maintaining the redundant data or parity information associated with RAID volumes requires additional disk space. In situations where the data is temporary, easily reproduced, or non-essential, the increased cost of data redundancy may not be justified. Mean Time Between Failure (MTBF) — Using additional disks to maintain data redundancy also increases the chance of disk failure at any given moment.
RAID level 1 - mirroring RAID 1 is the simplest form of maintaining redundant data. In RAID 1, data is mirrored or duplicated on one or more physical disks. If a physical disk fails, data can be rebuilt using the data from the other side of the mirror. RAID 1 characteristics: • • • • • • Groups n + n disks as one virtual disk with the capacity of n disks. The controllers currently supported by Storage Management allow the selection of two disks when creating a RAID 1.
RAID 5 characteristics: • • • • • Groups n disks as one large virtual disk with a capacity of (n-1) disks. Redundant information (parity) is alternately stored on all disks. When a disk fails, the virtual disk still works, but it is operating in a degraded state. The data is reconstructed from the surviving disks. Better read performance, but slower write performance. Redundancy for protection of data.
RAID 50 characteristics: • • • • • Groups n*s disks as one large virtual disk with a capacity of s*(n-1) disks, where s is the number of spans and n is the number of disks within each span. Redundant information (parity) is alternately stored on all disks of each RAID 5 span. Better read performance, but slower write performance. Requires as much parity information as standard RAID 5. Data is striped across all spans. RAID 50 is more expensive in terms of disk space.
RAID 60 characteristics: • • • • • • Groups n*s disks as one large virtual disk with a capacity of s*(n-2) disks, where s is the number of spans and n is the number of disks within each span. Redundant information (parity) is alternately stored on all disks of each RAID 6 span. Better read performance, but slower write performance. Increased redundancy provides greater data protection than a RAID 50. Requires proportionally as much parity information as RAID 6. Two disks per span are required for parity.
RAID 10 characteristics: • • • • • Groups n disks as one large virtual disk with a capacity of (n/2) disks, where n is an even integer. Mirror images of the data are striped across sets of physical disks. This level provides redundancy through mirroring. When a disk fails, the virtual disk still works. The data is read from the surviving mirrored disk. Improved read performance and write performance. Redundancy for protection of data.
RAID Level Data Availability Read Performance Write Performance Rebuild Performance Minimum Disks Required Suggested Uses data intensive uses. RAID 6 Excellent Sequential reads: good. Transactional reads: Very good Fair, unless using writeback cache Poor N + 2 (N = at least two disks) Critical information. Databases and other read intensive transactional uses. RAID 60 Excellent Very Good Fair Poor X x (N + 2) (N = at least 2) Critical information.
NOTE: For iDRAC version 3.00.00.00, daisy chain of enclosures is not supported for H840. Only one enclosure per port is allowed. Summary of supported features for storage devices The following tables provide the features supported by the storage devices through iDRAC. Table 51.
Feature PERC 10 PERC 9 H740P Mini H740P Adapter H840 Adapter H330 Mini H330 Adapter H730P Mini H730P Adapter FD33xS Online Capacity Expansion Real-time Real-time Real-time Real-time Real-time Real-time Real-time Real-time RAID Level Migration Real-time Real-time Real-time Real-time Real-time Real-time Real-time Real-time Discard Preserved Cache Real-time Real-time Real-time Not applicable Not applicable Real-time Real-time Real-time Set Patrol Read Mode Real-time Real
Feature PERC 10 PERC 9 H740P Mini H740P Adapter H840 Adapter H330 Mini H330 Adapter H730P Mini H730P Adapter FD33xS Not applicable Not applicable Not applicable Not applicable Not applicable Not applicable Not applicable Not applicable Securely Not erase the applicable data for PCIe SSD Not applicable Not applicable Not applicable Not applicable Not applicable Not applicable Not applicable Configure Backplane mode (split/ unified) Real-time Real-time Real-time Real-time Real-
Feature PERC 10 PERC 9 H745P MX H730P MX RAID Level Migration Real-time Real-time Discard Preserved Cache Real-time Real-time Set Patrol Read Mode Real-time Real-time Manual Patrol Read Mode Real-time Real-time Patrol Read Unconfigured Areas Real-time Real-time (only in web interface) Check Consistency Mode Real-time Real-time Copyback Mode Real-time Real-time Load Balance Mode Real-time Real-time Check Consistency Rate Real-time Real-time Rebuild Rate Real-time Real-time
Inventorying and monitoring storage devices You can remotely monitor the health and view the inventory of the following Comprehensive Embedded Management (CEM) enabled storage devices in the managed system using iDRAC web interface: • • • • • RAID controllers, non-RAID controllers, BOSS controllers and PCIe extenders Enclosures that include Enclosure Management Modules (EMMs), power supply, fan probe, and temperature probe Physical disks Virtual disks Batteries The recent storage events and topology of st
Viewing storage device topology You can view the hierarchical physical containment view of the key storage components, that is, a list of controllers, enclosures connected to the controller and a link to the physical disk contained in each enclosure. The physical disks attached directly to the controller are also displayed. To view the storage device topology, go to Storage > Overview. The Overview page displays the hierarchical representation of the storage components in the system.
If a PD is already a global hot spares, user can still assign it again as a global hot spares. Assigning or unassigning global hot spare using web interface To assign or unassign a global hot spare for a physical disk drive: 1. In the iDRAC web interface, go to Configuration > Storage Configuration. The Storage Configuration page is displayed. 2. From the Controller drop-down menu, select the controller to view the associated physical disks. 3. Click Physical Disk Configuration.
• To convert to Non-RAID mode, use the racadm storage converttononraid command. NOTE: On the S140 controller, you can only use the RACADM interface to convert the drives from non-RAID to RAID mode. The supported Software RAID modes are Windows or Linux Mode. For more information about the commands, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Erasing physical disks The System Erase feature allows you to erase the contents of the physical drives.
• Cryptographic erase feature is supported for SEDs for 14th generation PowerEdge servers. Erasing SED device data using web interface To erase the data on the SED device: 1. In the iDRAC Web interface, go to Storage > Overview > Physical Disks. The Physical Disk page is displayed. 2. From the Controller drop-down menu, select the controller to view the associated SEDs. 3. From the drop-down menus, select Cryptographic Erase for one or more SEDs.
Cancel Rebuild can be used to cancel a rebuild that is in progress. If you cancel a rebuild, the virtual disk remains in a degraded state. The failure of an additional physical disk can cause the virtual disk to fail and may result in data loss. It is recommended to perform a rebuild on the failed physical disk at the earliest. In case, you cancel the rebuild of a physical disk that is assigned as a hot spare, reinitiate the rebuild on the same physical disk in order to restore the data.
Considerations before creating virtual disks Before creating virtual disks, consider the following: • • • • • Virtual disk names not stored on controller—The names of the virtual disks that you create are not stored on the controller. This means that if you reboot using a different operating system, the new operating system may rename the virtual disk using its own naming conventions.
The read policies indicate whether the controller must read sequential sectors of the virtual disk searching for data: • • • Adaptive Read Ahead — The controller initiates read ahead only if the two most recent reads requests accessed sequential sectors of the disk. If subsequent read requests access random sectors of the disk, the controller reverts to no read ahead policy.
Initializing virtual disks Initializing virtual disks erases the all the data on the disk but does not change the virtual disk configuration. You must initialize a virtual disk that is configured before it is used. NOTE: Do not initialize virtual disks when attempting to recreate an existing configuration. You can perform a fast initialization, a full Initialization, or cancel the initialization operation. NOTE: The cancel initialization is a real-time operation.
You can assign only 4K drives as hot spare to 4K virtual disks. If you have assigned a physical disk as a dedicated hot spare in Add to Pending Operation mode, the pending operation is created but a job is not created. Then, if you try to unassign the dedicated hot spare, the assign dedicated hot spare pending operation is cleared. If you have unassigned a physical disk as a dedicated hot spare in Add to Pending Operation mode, the pending operation is created but a job is not created.
Permitted operations when OCE or RLM is going on The following operations are allowed when OCE/RLM is going on: Table 55.
3. From Action drop-down menu, select an action. When you select an action, an additional Action window displayed. Select / enter the desired value. • • • Rename Delete Edit Cache Policy — You can change the cache policy for the following options: • Read Policy — Following values are available for selection: • • Adaptive Read Ahead — Indicates that for the given volume, the control uses the Read-Ahead cache policy if the two most recent disks accesses occurred in sequential sectors.
• To check consistency of virtual disks (not supported on RAID0): racadm storage ccheck: To cancel the consistency check: racadm storage cancelcheck: • To encrypt virtual disks: racadm storage encryptvd: • To assign or unassign dedicated hot spares: racadm storage hotspare: -assign
Unlock Foreign Configuration Import Foreign Configuration racadm storage unlock: -key -passwd racadm storage importconfig:RAID.Integrated.1-1 This feature is used to authenticate locked drives which have a different source controller encryption than the destination. Once unlocked, the drive can be successfully migrated from one controller to another. After a successful unlock the drives are still secured by the foreign controller key.
NOTE: Patrol read mode operations such as Start and Stop are not supported if there are no virtual disks available in the controller. Though you can invoke the operations successfully using the iDRAC interfaces, the operations fail when the associated job is started. Load balance The Load Balance property provides the ability to automatically use both controller ports or connectors connected to the same enclosure to route I/O requests. This property is available only on SAS controllers.
Based on the selected operation mode, the settings are applied. Configuring controller properties using RACADM • To set Patrol Read Mode: racadm set storage.controller..
NOTE: The task of importing foreign configuration imports all virtual disks residing on physical disks that have been added to the controller. If more than one foreign virtual disk is present, all the configurations are imported. PERC9 controller provides support for auto import of foreign configuration without requiring user interactions. The auto import can be enabled or disabled. If enabled, the PERC controller can auto import any foreign configuration detected without manual intervention.
The Controller Configuration page is displayed. 2. From the Controller drop-down menu, select the controller for which you want to clear the foreign configuration. NOTE: To clear foreign configuration on BOSS controllers, click "Reset Configuration". 3. Click Clear Configuration. 4. Click Apply Based on the selected operation mode, the virtual disks residing on the physical disk is erased.
• • • On system boot On controller reset When unconfigured disks are hot-inserted NOTE: Creating or importing RAID 5, 6, 50, or 60 virtual disks is not supported. Also, in enhanced HBA mode, non-RAID disks are enumerated first in ascending order, while RAID volumes are enumerated in descending order. Before you change the mode of the controller from RAID to HBA, ensure that: • • • • • • • • The RAID controller supports the controller mode change.
• To view the current mode of the controller: $ racadm get Storage.Controller.1.RequestedControllerMode[key=] The following output is displayed: RequestedControllerMode = NONE • To set the controller mode as HBA: $ racadm set Storage.Controller.1.
• • • Patrol read mode • Copyback mode • Controller boot mode • Enhanced auto import foreign configuration • Rebuild rate • Check consistency rate • Reconstruct rate • BGI rate • Enclosure or backplane mode • Patrol read unconfigured areas View all properties that are applicable to a RAID controller expect for virtual disks. Clear foreign configuration NOTE: If an operation is not supported in non-RAID mode, an error message is displayed.
In few of the 14th generation of PowerEdge servers, up to 32 NVMe SSDs are supported.
Preparing to remove PCIe SSD NOTE: This operation is not supported when PCIe SSD is configured using the S140 controller. PCIe SSDs support orderly hot swap allowing you to add or remove a device without halting or rebooting the system in which the devices are installed. To prevent data loss, you must use the Prepare to Remove operation before physically removing a device. Orderly hot swap is supported only when PCIe SSDs are installed in a supported system running a supported operating system.
To query the job ID returned: racadm jobqueue view -i For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Erasing PCIe SSD device data NOTE: This operation is not supported when PCIe SSD is configured using the S140 controller. Cryptographic Erase permanently erases all data present on the disk. Performing a Cryptographic Erase on an PCIe SSD overwrites all blocks and results in permanent loss of all data on the PCIe SSD.
Erasing PCIe SSD device data using RACADM To securely erase a PCIe SSD device: racadm storage secureerase: To create the target job after executing the secureerase command: racadm jobqueue create -s TIME_NOW -e To query the job ID returned: racadm jobqueue view -i For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals.
NOTE: • Warning messages are displayed when the setting is being changed as there is a possibility of data loss. • LC Wipe or iDRAC reset operations do not change the expander setting for this mode. • This operation is supported only in real-time and not staged. • You can change the backplane configuration multiple times. • The backplane splitting operation can cause data loss or foreign configuration if the drive association changes from one controller to another controller.
The output is: BackplaneRequestedMode=None 3. Run the following command to set the requested backplane mode to split mode: racadm set storage.enclosure.1.backplanerequestedmode "splitmode" The message is displayed indicating that the command is successful. 4. Run the following command to verify if the backplanerequestedmode attribute is set to split mode: racadm get storage.enclosure.1.backplanerequestedmode The output is: BackplaneRequestedMode=None (Pending=SplitMode) 5.
Viewing universal slots Some 14th generation PowerEdge server backplanes supports both SAS/SATA and PCIe SSD drives in the same slot. These slots are called universal slots and are wired to the primary storage controller (PERC) and a PCIe extender card. The backplane firmware provides information about the slots that support this feature. The backplane supports SAS/SATA disks or PCIe SSDs. Typically, the four higher number slots are universal.
Set Enclosure Asset Name Set Enclosure Asset Name allows the user to configure the Asset Name of a storage enclosure. The user can change the Asset Name property of the enclosure to identify enclosures easily. These fields are checked for invalid values and an error is displayed if an invalid value is entered. These fields are part of the enclosure firmware; the data initially shown are the values saved in the firmware. NOTE: Asset Name has a character limit of 32 that includes the null character.
For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Viewing and applying pending operations You can view and commit all pending operations for the storage controller. All the settings are either applied at once, during the next reboot, or at a scheduled time based on the selected options. You can delete all the pending operations for a controller. You cannot delete individual pending operations.
Storage devices — apply operation scenarios Case 1: selected an apply operation (apply now, at next reboot, or at scheduled time) and there are no existing pending operations If you have selected Apply Now, At Next Reboot, or At Scheduled Time and then clicked Apply, first the pending operation is created for the selected storage configuration operation. • • If the pending operation is successful and there are no prior existing pending operations, then the job is created.
• Only cases 1 and 2 are applicable for PCIe SSD. You cannot view the pending operations for PCIe SSDs and hence Add to Pending Operations option is not available. Use racadm command to clear the pending operations for PCIe SSDs. Blinking or unblinking component LEDs You can locate a physical disk, virtual disk drive and PCIe SSDs within an enclosure by blinking one of the Light Emitting Diodes (LEDs) on the disk. You must have Login privilege to blink or unblink an LED.
16 BIOS Settings You can view multiple attributes, which are being used for a specific server under the BIOS Settings. You can modify different parameters of each attribute from this BIOS configuration setting. Once you select one attribute, it shows different parameters which are related to that specific attribute. You can modify multiple parameters of an attribute and apply changes before modifying a different attribute.
Pending Value Configuration of a BIOS attribute via iDRAC is not applied immediately to BIOS. It requires a server reboot for the changes to take place. When you modify a BIOS attribute then Pending Value gets updated. If an attribute already has a pending value (and that has been configured) it is displayed on the GUI. Modifying Bios Configuration Modifying BIOS configuration results in audit log entries, which gets entered in LC logs.
17 Configuring and using virtual console You can use the virtual console to manage a remote system using the keyboard, video, and mouse on your management station to control the corresponding devices on a managed server. This is a licensed feature for rack and tower servers. It is available by default in blade servers. The key features are: • • A maximum of six simultaneous Virtual Console sessions are supported. All the sessions view the same managed server console simultaneously.
Supported screen resolutions and refresh rates The following table lists the supported screen resolutions and corresponding refresh rates for a Virtual Console session running on the managed server. Table 58. Supported screen resolutions and refresh rates Screen Resolution Refresh Rate (Hz) 720x400 70 640x480 60, 72, 75, 85 800x600 60, 70, 72, 75, 85 1024x768 60, 70, 72, 75, 85 1280x1024 60 1920x1200 60 It is recommended that you configure the monitor display resolution to 1920x1200 pixels.
Launching virtual console You can launch the virtual console using the iDRAC Web Interface or a URL. NOTE: Do not launch a Virtual Console session from a Web browser on the managed system. Before launching the Virtual Console, make sure that: • • • You have administrator privileges. Web browser is configured to use HTML5, Java, or ActiveX plug-ins. Minimum network bandwidth of one MB/sec is available.
Disabling warning messages while launching virtual console or virtual media using Java or ActiveX plug-in You can disable the warning messages while launching the Virtual Console or Virtual Media using Java plug-in. NOTE: You need Java 8 or later to use this feature and to launch iDRAC Virtual Console over an IPv6 network. 1. Initially, when you launch Virtual Console or Virtual Media using Java plug-in, the prompt to verify the publisher is displayed. Click Yes.
• From iDRAC login page, type https///console. This method is called as Direct Launch. In the HTML5 virtual console, the following menu options are available: • • • • • • • • • • Add Power Control Boot Order Chat Keyboard Screen Capture Refresh Full Screen Disconnect Viewer Console Control Virtual Media The Pass all keystrokes to server option is not supported on HTML5 virtual console. Use keyboard and keyboard macros for all the functional keys.
• • Alt+F12 • PrntScrn • Alt+PrntScrn • F1 • Pause • Tab • Ctrl+Enter • SysRq • Alt+SysRq • Win-P Aspect Ratio — The HTML5 virtual console video image automatically adjusts the size to make the image visible. The following configuration options are displayed as a drop-down list: • • Maintain Don’t Maintain Click Apply to apply the selected settings on the server. • Touch Mode — The HTML5 virtual console supports the Touch Mode feature.
acceleration settings are different from the mouse acceleration settings on the Virtual Console client. To resolve this, switch to single cursor or match the mouse acceleration on the managed system and the management station: • • To switch to single cursor, from the Tools menu, select Single Cursor. To set the mouse acceleration, go to Tools > Session Options > Mouse. Under Mouse Acceleration tab, select Windows or Linux based on the operating system.
• • • Browser Back Key • Browser Forward Key • Browser Refresh key • Browser Stop Key • Browser Search Key • Browser Favorites key • Browser Start and Home key • Volume mute key • Volume down key • Volume up key • Next track key • Previous track key • Stop Media key • Play/Pause media key • Start mail key • Select media key • Start Application 1 key • Start Application 2 key All the individual keys (not a combination of different keys, but a single key stroke) are always sent to the managed system.
The SOL session is activated. 2. After the server boots to the operating system, the localhost.localdomain login prompt appears. Log in using the operating system user name and password. 3. If SysRq is not enabled, enable using echo 1 >/proc/sys/kernel/sysrq. 4. Run break sequence ~B. 5. Use the SysRq magic key to enable the SysRq function.
18 Using iDRAC Service Module The iDRAC Service Module is a software application that is recommended to be installed on the server (it is not installed by default). It complements iDRAC with monitoring information from the operating system. It complements iDRAC by providing additional data to work with iDRAC interfaces such as the Web interface, Redfish, RACADM, and WSMan.
NOTE: The installer will be available to the host operating system for 30 minutes. If you do not start the installation within 30 minutes, you must restart the Service Module installation. Installing iDRAC Service Module from iDRAC Enterprise 1. On the SupportAssist Registration wizard, click Next. 2. On the iDRAC Service Module Setup page, click Install Service Module. 3. Click Launch Virtual Console and click Continue on the security warning dialog box. 4.
Replicate Lifecycle logs to OS log You can replicate the Lifecycle Controller Logs to the OS logs from the time when the feature is enabled in iDRAC. This is similar to the System Event Log (SEL) replication performed by OpenManage Server Administrator. All events that have the OS Log option selected as the target (in the Alerts page, or in the equivalent RACADM or WSMan interfaces) are replicated in the OS log using the iDRAC Service Module.
CIM Interface WinRM WMIC PowerShell SPComputerSystem +SystemName=systemmc Get associated instances of an instance Get references of an instance winrm e wmi/root/ cimv2/dcim/* dialect:association -filter: {object=DCIM_Account ? CreationClassName=DC IM_Account +Name=iDRAC.Embedded .1#Users.1+SystemCre ationClassName=DCIM_ SPComputerSystem +SystemName=systemmc } winrm e wmi/root/ cimv2/dcim/* dialect:association –associations filter: {object=DCIM_Account ? CreationClassName=DC IM_Account +Name=iDRAC.
• Using the Windows PowerShell script with force and without force: Invoke-iDRACHardReset –force Invoke-iDRACHardReset • Using the Program Menu shortcut: For simplicity, iSM provides a shortcut in the Program Menu of the Windows operating system. When you select the Remote iDRAC Hard Reset option, you are prompted for a confirmation to reset the iDRAC. After you confirm, the iDRAC is reset and the result of the operation is displayed.
NOTE: On Linux operating systems, this feature requires a master or OS SNMP enabled with SNMP multiplexing (SMUX) protocol. By default, this feature is disabled. Though the In-band SNMP alerting mechanism can coexist along with iDRAC SNMP alerting mechanism, the recorded logs may have redundant SNMP alerts from both the sources. It is recommended to either use the in-band or out-of-band option, instead of using both.
iDRAC access via Host OS By using this feature, you can configure and monitor the hardware parameters through iDRAC Web interface, WSMan, and RedFish interfaces using the host IP address without configuring the iDRAC IP address. You can use the default iDRAC credentials if the iDRAC server is not configured or continue to use the same iDRAC credentials if the iDRAC server was configured earlier.
Coexistence of OpenManage Server Administrator and iDRAC Service Module In a system, both OpenManage Server Administrator and the iDRAC Service Module can co-exist and continue to function correctly and independently. If you have enabled the monitoring features during the iDRAC Service Module installation, then after the installation is complete if the iDRAC Service Module detects the presence of OpenManage Server Administrator, it disables the set of monitoring features that overlap.
19 Using USB port for server management On the 14th generation servers, a dedicated micro USB port is available to configure iDRAC. You can perform the following functions using the micro USB port: • • Connect to the system using the USB network interface to access system management tools such as iDRAC web interface and RACADM. Configure a server by using SCP files that are stored on a USB drive.
For example, to access the iDRAC web interface, open a supported browser, and type the address 169.254.0.3 and press enter. 5. When iDRAC is using the USB port, the LED blinks indicating activity. The blink frequency is four per second. 6. After completing the desired actions, disconnect the USB cable from the system. The LED turns off. Configuring iDRAC using server configuration profile on USB device With the iDRAC USB management port, you can configure iDRAC at-the-server.
NOTE: iDRAC9 allows you to password protect the compressed file after you select Enabled only for compressed configuration files to compress the file before importing. You can enter a password to secure the file by using Password for Zip file option. 4. Click Apply to apply the settings. Configuring USB management port using RACADM To configure the USB management port, use the following RACADM sub commands and objects: • To view the USB port status: racadm get iDRAC.USB.
Configuration XML import Host control Instruction ShutdownType NoReboot Graceful,Forced,NoReboot Configuration XML import Host control Instruction TimeToWait 300 Minimum value is 300 -Maximum value is 3600 seconds.
For more details, see the results file on the USB device. LED blinking behavior The USB LED indicates the status of a server-configuration profile operation being performed using the USB port. The LED may not be available on all systems. • • • • Solid green — The server configuration profile is being copied from the USB device. Blinking green — The job is in progress. Blinking amber — The job has failed or completed with errors. Solid green — The job has completed successfully.
20 Using Quick Sync 2 With Dell OpenManage Mobile running on an Android or iOS mobile device, you can easily access server directly or through OpenManage Essentials or OpenManage Enterprise (OME) console. It allows you to review server details and inventory, view LC and System Event logs, get automatic notifications on mobile device from an OME console, assign IP address and modify iDRAC password, configure key BIOS attributes, and take remediation actions as needed.
An entry is logged to the Lifecycle Controller log when the configuration is modified. Configuring iDRAC Quick Sync 2 settings using web interface To configure iDRAC Quick Sync 2: 1. In the iDRAC web interface, go to Configuration > System Settings > Hardware Settings > iDRAC Quick Sync. 2. In the iDRAC Quick Sync section, from the Access menu, select one of the following to provide access to the Android or iOS mobile device: • • • Read-write Read-only Disabled 3. Enable the Timer. 4.
21 Managing virtual media Virtual media allows the managed server to access media devices on the management station or ISO CD/DVD images on a network share as if they were devices on the managed server. Using the Virtual Media feature, you can: • • • • Remotely access media connected to a remote system over the network Install applications Update drivers Install an operating system on the managed system This is a licensed feature for rack and tower servers. It is available by default for blade servers.
Table 61. Supported drives and devices Drive Supported Storage Media Virtual Optical Drives • • • • • Legacy 1.44 floppy drive with a 1.
Attached Media State System Response Auto-attach Media is mapped when Client View is opened and unmapped when Client View is closed. Server settings for viewing virtual devices in virtual media You must configure the following settings in the management station to allow visibility of empty drives. To do this, in Windows Explorer, from the Organize menu, click Folder and search options. On the View tab, deselect Hide empty drives in the Computer folder option and click OK.
NOTE: The virtual device drive letters on the managed system do not coincide with the physical drive letters on the management station. NOTE: The Virtual Media may not function correctly on systems running Windows operating system configured with Internet Explorer Enhanced Security. To resolve this issue, see the Microsoft operating system documentation or contact the system administrator.
Resetting USB To reset the USB device: 1. In the Virtual Console viewer, click Tools > Stats. The Stats window is displayed. 2. Under Virtual Media, click USB Reset. A message is displayed warning the user that resetting the USB connection can affect all the input to the target device including Virtual Media, keyboard, and mouse. 3. Click Yes. The USB is reset. NOTE: iDRAC Virtual Media does not terminate even after you log out of iDRAC Web interface session.
Displaying correct virtual drives for mapping On a Linux-based management station, the Virtual Media Client window may display removable disks and floppy disks that are not part of the management station. To make sure that the correct virtual drives are available to map, you must enable the port setting for the connected SATA hard drive. To do this: 1. Reboot the operating system on the management station. During POST, press to enter System Setup. 2. Go to SATA settings. The port details are displayed.
To enable the boot once option and boot the managed system from the Virtual Media: 1. In the iDRAC Web interface, go to Overview > Server > Attached Media. 2. Under Virtual Media, select the Enable Boot Once and click Apply. 3. Turn on the managed system and press during boot. 4. Change the boot sequence to boot from the remote Virtual Media device. 5. Reboot the server. The managed system boots once from the Virtual Media.
22 Installing and using VMCLI utility The Virtual Media Command Line Interface (VMCLI) utility is an interface that provides virtual media features from the management station to iDRAC on the managed system. Using this utility you can access virtual media features, including image files and physical drives, to deploy an operating system on multiple remote systems in a network.
• • vmcli -i — Enables an interactive method of starting VMCLI. It ensures that the user name and password are not visible when processes are examined by other users. vmcli -r -S -u -p c {< device-name > | < image-file >} — Indicates whether the iDRAC CA certificate is valid. If the certificate is not valid, a warning message is displayed when you run this command.
23 Managing vFlash SD card The vFlash SD card is a Secure Digital (SD) card that can be ordered and installed from the factory. You can use a card with a maximum of 16 GB capacity. After you insert the card, you must enable vFlash functionality to create and manage partitions. vFlash is a licensed feature. NOTE: There is no limitation of the size of SD card, you can open and replace the factory installed SD card with a higher capacity SD card.
• • • • • iDRAC.vflashsd.AvailableSize iDRAC.vflashsd.Health iDRAC.vflashsd.Licensed iDRAC.vflashsd.Size iDRAC.vflashsd.WriteProtect For more information about these objects, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Viewing vFlash SD card properties using iDRAC settings utility To view the vFlash SD card properties, in the iDRAC Settings Utility, go to Media and USB Port Settings. The Media and USB Port Settings page displays the properties.
2. Enable vFLASH and click Initialize. All existing contents are removed and the card is reformatted with the new vFlash system information. If any vFlash partition is attached, the initialize operation fails and an error message is displayed. Initializing vFlash SD card using RACADM To initialize the vFlash SD card using RACADM: racadm set iDRAC.vflashsd.Initialized 1 All existing partitions are deleted and the card is reformatted. For more information, see the iDRAC RACADM CLI Guide available at www.
Creating an empty partition An empty partition, when attached to the system, is similar to an empty USB flash drive. You can create empty partitions on a vFlash SD card. You can create partitions of type Floppy or Hard Disk. The partition type CD is supported only while creating partitions using images. Before creating an empty partition, make sure that: • • • • You have Access Virtual Media privilege. The card is initialized. The card is not write-protected.
Creating a partition using an image file using web interface To create a vFlash partition from an image file: 1. In iDRAC Web interface, go to Configuration > System Settings > Hardware Settings > vFlash > Create From Image. The Create Partition from Image File page is displayed. 2. Enter the required information and click Apply. For information about the options, see the iDRAC Online Help. A new partition is created. For CD emulation type, a read-only partition is created.
Viewing available partitions using web interface To view the available vFlash partitions, in the iDRAC Web interface, go to Configuration > System Settings > Hardware Settings > vFlash > Manage. The Manage Partitions page is displayed listing the available partitions and related information for each partition. For information on the partitions, see the iDRAC Online Help. Viewing available partitions using RACADM To view the available partitions and their properties using RACADM: 1.
• Using set command to specify the Emulation type: racadm set iDRAC.vflashpartition..EmulationType Attaching or detaching partitions When you attach one or more partitions, they are visible to the operating system and BIOS as USB mass storage devices. When you attach multiple partitions, based on the assigned index, they are listed in an ascending order in the operating system and the BIOS boot order menu.
Deleting existing partitions Before deleting existing partition(s), make sure that: • • • • The vFlash functionality is enabled. The card is not write-protected. The partition is not attached. An initialize operation is not being performed on the card. Deleting existing partitions using web interface To delete an existing partition: 1. In the iDRAC Web interface, go to Configuration > System Settings > Hardware Settings > vFlash > Manage. The Manage Partitions page is displayed. 2.
Before booting a partition, make sure that: • • • The vFlash partition contains a bootable image (in the .img or .iso format) to boot from the device. The vFlash functionality is enabled. You have Access Virtual Media privileges. Booting to a partition using web interface To set the vFlash partition as a first boot device, see Booting to a partition using web interface.
24 Using SMCLP The Server Management Command Line Protocol (SMCLP) specification enables CLI-based systems management. It defines a protocol for management commands transmitted over standard character oriented streams. This protocol accesses a Common Information Model Object Manager (CIMOM) using a human-oriented command set. The SMCLP is a sub-component of the Distributed Management Task Force (DMTF) SMASH initiative to streamline systems management across multiple platforms.
NOTE: Scripts using -$ can use these for yx1x systems, but starting with yx2x systems one script with admin-> can be used for blade, rack, and tower servers. iDRAC SMCLP syntax The iDRAC SMCLP uses the concept of verbs and targets to provide systems management capabilities through the CLI. The verb indicates the operation to perform, and the target determines the entity (or object) that runs the operation.
Target Definitions admin1/system1/logs1/log1 admin1/system1/logs1/log1/record* admin1/system1/settings1 admin1/system1/capacities1 admin1/system1/consoles1 admin1/system1/sp1 admin1/system1/sp1/timesvc1 admin1/system1/sp1/capabilities1 admin1/system1/sp1/capabilities1/clpcap1 admin1/system1/sp1/capabilities1/pwrmgtcap1 admin1/system1/sp1/capabilities1/acctmgtcap* admin1/system1/sp1/capabilities1/rolemgtcap* admin1/system1/sp1/capabilities1/elecap1 admin1/system1/sp1/settings1 admin1/system1/sp1/settings1/
Target admin1/system1/sp1/account1-16 admin1/sysetm1/sp1/account1-16/identity1 admin1/sysetm1/sp1/account1-16/identity2 admin1/sysetm1/sp1/account1-16/identity3 admin1/sysetm1/sp1/account1-16/identity4 admin1/system1/sp1/acctsvc2 admin1/system1/sp1/acctsvc3 admin1/system1/sp1/rolesvc1 admin1/system1/sp1/rolesvc1/Role1-16 admin1/system1/sp1/rolesvc1/Role1-16/ privilege1 admin1/system1/sp1/rolesvc2 admin1/system1/sp1/rolesvc2/Role1-3 admin1/system1/sp1/rolesvc2/Role4 admin1/system1/sp1/rolesvc3 admin1/system1
->cd /admin1/system1/logs1/log1/record3 Enter the cd verb with no target to find your current location in the address space. The .. and . abbreviations work as they do in Windows and Linux: .. refers to the parent level and . refers to the current level. Using show verb To learn more about a target use the show verb. This verb displays the target’s properties, sub-targets, associations, and a list of the SMCLP verbs that are allowed at that location.
The following message is displayed: • system1 has been started successfully To reboot the server: reset /system1 The following message is displayed: system1 has been reset successfully SEL management The following examples show how to use the SMCLP to perform SEL-related operations on the managed system.
LogName= IPMI SEL RecordID= 1 MessageTimeStamp= 20050620100512.000000-000 Description= FAN 7 RPM: fan sensor, detected a failure ElementName= IPMI SEL Record Commands: cd show help exit version Map target navigation The following examples show how to use the cd verb to navigate the MAP. In all examples, the initial default target is assumed to be /. Type the following commands at the SMCLP command prompt: • To navigate to the system target and reboot: • cd system1 reset The current default target is /.
25 Deploying operating systems You can use any of the following utilities to deploy operating systems to managed systems: • • Remote File Share Console Topics: • • • Deploying operating system using remote file share Deploying operating system using virtual media Deploying embedded operating system on SD card Deploying operating system using remote file share Before you deploy the operating system using Remote File Share (RFS), make sure that: • • Configure User and Access Virtual Media privileges for
The connection status for RFS is available in iDRAC log. Once connected, an RFS-mounted virtual drive does not disconnect even if you log out from iDRAC. The RFS connection is closed if iDRAC is reset or the network connection is dropped. The Web interface and command-line options are also available in CMC and iDRAC to close the RFS connection. The RFS connection from CMC always overrides an existing RFS mount in iDRAC. NOTE: • CIFS supports both IPv4 and IPv6 addresses and NFS supports only IPv4 address.
NOTE: The characters allowed in user names and passwords for network shares are determined by the networkshare type. iDRAC supports valid characters for network share credentials as defined by the share type, except <, >, and , (comma). 4. Click Apply and then click Connect. After the connection is established, the Connection Status displays Connected. NOTE: Even if you have configured remote file sharing, the Web interface does not display user credential information due to security reasons.
To deploy an operating system using Virtual Media: 1. Do one of the following: • • Insert the operating system installation CD or DVD into the management station CD or DVD drive. Attach the operating system image. 2. Select the drive on the management station with the required image to map it. 3. Use one of the following methods to boot to the required device: • • Set the boot order to boot once from Virtual Floppy or Virtual CD/DVD/ISO using the iDRAC Web interface.
26 Troubleshooting managed system using iDRAC You can diagnose and troubleshoot a remote managed system using: • • • • • • • • • Diagnostic console Post code Boot and crash capture videos Last system crash screen System event logs Lifecycle logs Front panel status Trouble indicators System health Topics: • • • • • • • • • • • • Using diagnostic console Viewing post codes Viewing boot and crash capture videos Viewing logs Viewing last system crash screen Viewing System status Hardware trouble indicators V
2. Click Continue. Scheduling remote automated diagnostics You can remotely invoke automated offline diagnostics on a server as a one-time event and return the results. If the diagnostics require a reboot, you can reboot immediately or stage it for a subsequent reboot or maintenance cycle (similar to updates). When diagnostics are run, the results are collected and stored in the internal iDRAC storage.
To view the Post Codes, go to Maintenance > Troubleshooting > Post Code. The Post Code page displays the system health indicator, a hexadecimal code, and a description of the code. Viewing boot and crash capture videos You can view the video recordings of: • • Last three boot cycles — A boot cycle video logs the sequence of events for a boot cycle. The boot cycle videos are arranged in the order of latest to oldest. Last crash video — A crash video logs the sequence of events leading to the failure.
1. Make sure that the last system crash screen feature is enabled. 2. In iDRAC Web interface, go to Overview > Server > Troubleshooting > Last Crash Screen. The Last Crash Screen page displays the last saved crash screen from the managed system. Click Clear to delete the last crash screen. NOTE: Once iDRAC is reset or an AC power cycle event occurs, then the crash capture data is cleared.
Hardware trouble indicators The hardware related problems are: • • • • • • Failure to power up Noisy fans Loss of network connectivity Hard drive failure USB media failure Physical damage Based on the problem, use the following methods to correct the problem: • • • • Reseat the module or component and restart the system In case of a blade server, insert the module into a different bay in the chassis Replace hard drives or USB flash drives Reconnect or replace the power and network cables If problem pers
Resetting iDRAC using RACADM To restart iDRAC, use the racreset command. For more information, see the Chassis Management Controller RACADM CLI Guide available at www.dell.com/cmcmanuals . Erasing system and user data NOTE: Erasing system and user data is not supported from iDRAC GUI.
1. Go to Maintenance > Diagnostics. The Diagnostics Console page is displayed. 2. Click Reset iDRAC to Default Settings. The completion status is displayed in percentage. iDRAC reboots and is restored to factory defaults. The iDRAC IP is reset and is not accessible. You can configure the IP using the front panel or BIOS. Resetting iDRAC to factory default settings using iDRAC settings utility To reset iDRAC to factory default values using the iDRAC Settings utility: 1.
27 SupportAssist Integration in iDRAC SupportAssist allows you to create SupportAssist collections and utilize other SupportAssist features to monitor your system and datacenter. iDRAC provides an application interfaces for gathering platform information that enables support services to resolve platform and system problems.
NOTE: Auto dispatch is enabled in systems with iDRAC Service Module (iSM) v3.4.0 for Windows. Future iSM releases will support auto dispatch for additional operating systems. Dispatch Address Enter an address and the preferred contact hours. End-user license agreement After providing all the required information, you need to accept the End User License Agreement (EULA) to complete the registration process. You have the option to print the EULA for further references.
• • • To a location on the management station (local). To a shared network location such as Common Internet File System (CIFS) or Network File Share (NFS). To export to a network share such as CIFS or NFS, direct network connectivity to the iDRAC shared or dedicated network port is required. To Dell EMC. The SupportAssist Collection is generated in the standard ZIP format.
Settings This page allows you to configure the collection log settings, and if registered, you can update the contact details, enable or disable email notifications, and change the language settings. Collection Settings You can save the collections to a preferred network location. Use Set Archive Directory to set the network location. You can save the collections to a preferred network location. Use Set Archive Directory to set the network location.
28 Frequently asked questions This section lists the frequently asked questions for the following: • • • • • • • • • • • • • System Event Log Network security Active Directory Single Sign On Smart card login Virtual console Virtual media vFlash SD card SNMP authentication Storage devices iDRAC Service Module RACADM Miscellaneous Topics: • • • • • • • • • • • • • • System Event Log Network security Active Directory Single Sign-On Smart card login Virtual console Virtual media vFlash SD card SNMP authentic
Network security While accessing the iDRAC Web interface, a security warning is displayed stating that the SSL certificate issued by the Certificate Authority (CA) is not trusted. iDRAC includes a default iDRAC server certificate to ensure network security while accessing through the Web-based interface and remote RACADM. This certificate is not issued by a trusted CA.
• Check the domain controller SSL certificates to make sure that the iDRAC time is within the valid period of the certificate. Active Directory login fails even if certificate validation is enabled. The test results display the following error message. Why does this occur and how to resolve this? ERROR: Can't contact LDAP server, error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed: Please check the correct Certificate Authority (CA) certificate has been uploaded to iDRAC.
The Active Directory is configured for a domain present in Windows Server 2008 Active Directory. A child or sub domain is present for the domain, the user and group is present in the same child domain, and the user is a member of that group. When trying to log in to iDRAC using the user present in the child domain, Active Directory Single Sign-On login fails. This may be because of the an incorrect group type.
The normal Active Directory Smart Card login normally takes less than 10 seconds, however it may take up to four minutes if you have specified the preferred DNS server and the alternate DNS server in the Network page, and the preferred DNS server has failed. DNS time-outs are expected when a DNS server is down. iDRAC logs you in using the alternate DNS server. ActiveX plug-in unable to detect the Smart Card reader. Make sure that the smart card is supported on the Microsoft Windows operating system.
Why does the mouse not synchronize under the Linux text console in Lifecycle Controller? Virtual Console requires the USB mouse driver, but the USB mouse driver is available only under the X-Window operating system. In the Virtual Console viewer, do any of the following: • • Go to Tools > Session Options > Mouse tab. Under Mouse Acceleration, select Linux. Under the Tools menu, select Single Cursor option.
The Dell BIOS is emulating the mouse driver as a PS/2 mouse. By design, the PS/2 mouse uses relative position for the mouse pointer, which causes the lag in syncing. iDRAC has a USB mouse driver that allows absolute position and closer tracking of the mouse pointer. Even if iDRAC passes the USB absolute mouse position to the Dell BIOS, the BIOS emulation converts it back to relative position and the behavior remains. To fix this problem, set the mouse mode to USC/Diags in the Configuration screen.
If you are installing the Windows operating system using the Dell Systems Management Tools and Documentation DVD and the network connection is slow, the installation procedure may require an extended amount of time to access iDRAC web interface due to network latency. The installation window does not indicate the installation progress. How to configure the virtual device as a bootable device? On the managed system, access BIOS Setup and go to the boot menu.
6. At the Linux prompt, run the following command: mount /dev/sdx /mnt/CD where: /dev/sdx is the device name found in step 4 and /mnt/floppy is the mount point. Why are the virtual drives attached to the server removed after performing a remote firmware update using the iDRAC web interface? Firmware updates cause the iDRAC to reset, drop the remote connection, and unmount the virtual drives. The drives reappear when iDRAC reset is complete.
When IT Assistant sends out a set request, the iDRAC agent generates the SNMP authentication error because it accepts requests only from community = public. To prevent SNMP authentication errors from being generated, you must enter community names that are accepted by the agent. Since the iDRAC only allows one community name, you must use the same get and set community name for IT Assistant discovery setup.
happen when the host operating system routing table has multiple entries for the same destination mask and the USB NIC destination is not listed as the first one in routing order. Table 66. Example of a routing order Destination Gateway Genmask Flags Metric Ref Use Iface default 10.94.148.1 0.0.0.0 UG 1024 0 0 em1 10.94.148.0 0.0.0.0 255.255.255.0 U 0 0 0 em1 link-local 0.0.0.0 255.255.255.0 U 0 0 0 em1 link-local 0.0.0.0 255.255.255.
To see the list of Linux-dependent packages, see the Linux Dependencies section in the iDRAC Service Module User's Guide available at www.dell.com/esmmanuals. RACADM After performing an iDRAC reset (using the racadm racreset command), if any command is issued, the following message is displayed. What does this indicate? ERROR: Unable to connect to RAC at specified IP address The message indicates that you must wait until the iDRAC completes the reset before issuing another command.
Miscellaneous When an OS is installed, hostname may or may not appear/ change automatically. There are two scenarios: • • Scenario 1: iDRAC is not showing the latest hostname once you install an OS. You need to install OMSA or iSM along with the iDRAC to get the hostname reflected. Scenario 2: iDRAC had a hostname for a specific OS and another different OS has been installed and still the hostname is appearing as the old hostname without overwriting the hostname.
• Go to iDRAC Settings > CMC. The CMC Summary page displays the CMC IP address. From the Virtual Console: Select the "Dell CMC" console in the OSCAR interface to log in to CMC through a local serial connection. CMC RACADM commands can be issued from this connection. $ racadm getniccfg -m NIC Enabled = DHCP Enabled = Static IP Address = Static Subnet Mask = Static Gateway = Current IP Address = Current Subnet Mask = Current Gateway = Speed = Duplex = chassis 1 1 192.168.0.120 255.255.255.0 192.168.0.1 10.
Shared LOM not functional after enabling Link Aggregation Control Protocol (LACP). The host OS driver for the network adapter must be loaded before LACP is enabled. However, if a passive LACP configuration is in use, the shared LOM may be functional before the host OS driver is loaded. See the switch documentation for LACP configuration. NOTE: Shared LOM IP of iDRAC is not accessible in pre-boot state when the switch is configured with LACP.
Unable to login to iDRAC web interface using Firefox browser on Linux or Ubuntu. Unable to enter the password. To resolve this issue, reinstall or upgrade the Firefox browser. Unable to access iDRAC through USB NIC in SLES and Ubuntu NOTE: In SLES, set the iDRAC interface to DHCP. In Ubuntu, use the Netplan utility to configure iDRAC interface into DHCP mode. To configure the DHCP: 1. Use /etc/netplan/01-netcfg.yaml. 2. Specify Yes for iDRAC DHCP. 3. Apply the configuration.
Figure 5.
29 Use case scenarios This section helps you in navigating to specific sections in the guide to perform typical use case scenarios.
• • • In iDRAC Web interface, go to Overview > Summary to view the system information and access various links on this page to asses system health. For example, you can check the health of the chassis fan. You can also configure the chassis locator LED and based on the color, assess the system health. If iDRAC Service Module is installed, the operating system host information is displayed. Setting up alerts and configuring email alerts To set up alerts and configure email alerts: 1. Enable alerts. 2.
Launching servers remote console and mounting a USB drive To launch the remote console and mount a USB drive: 1. Connect a USB flash drive (with the required image) to the management station. 2. Use the following method to launch virtual console through the iDRAC Web Interface: • Go to Dashboard > Virtual Console and click Launch Virtual Console. The Virtual Console Viewer is displayed. 3. From the File menu, click Virtual Media > Launch Virtual Media. 4.
