Users Guide

ManualsBrandsDell ManualsAlienwareOEMR R240

161

162

163

164

165

166

167

168

169

170

Table Of Contents

Integrated Dell Remote Access Controller 9 User's Guide
Contents
Overview of iDRAC
- Benefits of using iDRAC
- Key features
- New features added
  - Firmware version 5.00.00.00
- How to use this guide
- Supported web browsers
  - Supported OS and Hypervisors
- iDRAC licenses
- Licensed features in iDRAC9
- Interfaces and protocols to access iDRAC
- iDRAC port information
- Other documents you may need
- Contacting Dell
- Accessing documents from Dell support site
- Accessing Redfish API Guide
Logging in to iDRAC
- Force Change of Password (FCP)
- Logging into iDRAC using OpenID Connect
- Logging in to iDRAC as local user, Active Directory user, or LDAP user
- Logging in to iDRAC as a local user using a smart card
  - Logging in to iDRAC as an Active Directory user using a smart card
- Logging in to iDRAC using Single Sign-On
  - Logging in to iDRAC SSO using iDRAC web interface
  - Logging in to iDRAC SSO using CMC web interface
- Accessing iDRAC using remote RACADM
  - Validating CA certificate to use remote RACADM on Linux
- Accessing iDRAC using local RACADM
- Accessing iDRAC using firmware RACADM
- Simple 2-Factor Authentication (Simple 2FA)
- RSA SecurID 2FA
- Viewing system health
- Logging in to iDRAC using public key authentication
- Multiple iDRAC sessions
- Secure default password
  - Resetting default iDRAC password locally
  - Resetting default iDRAC password remotely
    - Remote — Provisioned system
    - Remote — Non-provisioned system
- Changing the default login password
  - Changing the default login password using web interface
  - Changing the default login password using RACADM
  - Changing the default login password using iDRAC settings utility
- Enabling or disabling default password warning message
- Password Strength Policy
- IP Blocking
- Enabling or disabling OS to iDRAC Pass-through using web interface
- Enabling or disabling alerts using RACADM
Setting up managed system
- Setting up iDRAC IP address
- Modifying local administrator account settings
- Setting up managed system location
- Optimizing system performance and power consumption
- Setting up management station
  - Accessing iDRAC remotely
- Configuring supported web browsers
- Updating device firmware
- Viewing and managing staged updates
  - Viewing and managing staged updates using iDRAC web interface
  - Viewing and managing staged updates using RACADM
- Rolling back device firmware
- Easy Restore
- Monitoring iDRAC using other Systems Management tools
- Support Server Configuration Profile — Import and Export
  - Importing server configuration profile using iDRAC web interface
  - Exporting server configuration profile using iDRAC web interface
- Secure Boot Configuration from BIOS Settings or F2
- BIOS recovery
Plugin Management
Configuring iDRAC
- Viewing iDRAC information
  - Viewing iDRAC information using web interface
  - Viewing iDRAC information using RACADM
- Modifying network settings
- Cipher suite selection
  - Configuring cipher suite selection using iDRAC web interface
  - Configuring cipher suite selection using RACADM
- FIPS mode
  - Enabling FIPS Mode
    - Enabling FIPS mode using web interface
    - Enabling FIPS mode using RACADM
  - Disabling FIPS mode
- Configuring services
- Using VNC client to manage remote server
- Configuring front panel display
  - Configuring LCD setting
  - Configuring system ID LED setting
    - Configuring system ID LED setting using web interface
    - Configuring system ID LED setting using RACADM
- Configuring time zone and NTP
  - Configuring time zone and NTP using iDRAC web interface
  - Configuring time zone and NTP using RACADM
- Setting first boot device
- Enabling or disabling OS to iDRAC Pass-through
- Obtaining certificates
- Configuring multiple iDRACs using RACADM
- Disabling access to modify iDRAC configuration settings on host system
Delegated Authorization using OAuth 2.0
Viewing iDRAC and managed system information
- Viewing managed system health and properties
- Configuring Asset Tracking
- Viewing system inventory
- Viewing sensor information
- Monitoring performance index of CPU, memory, and input output modules
  - Monitoring performance index of CPU, memory, and input output modules using web interface
  - Monitoring performance index for of CPU, memory, and input output modules using RACADM
- Idle Server Detection
- GPU (Accelerators) Management
- Checking the system for Fresh Air compliance
- Viewing historical temperature data
- Viewing network interfaces available on host OS
  - Viewing network interfaces available on host OS using web interface
- Viewing network interfaces available on host OS using RACADM
- Viewing FlexAddress mezzanine card fabric connections
- Viewing or terminating iDRAC sessions
  - Terminating iDRAC sessions using web interface
    - Terminating iDRAC sessions using RACADM
Setting up iDRAC communication
- Communicating with iDRAC through serial connection using DB9 cable
- Switching between RAC serial and serial console while using DB9 cable
  - Switching from serial console to RAC serial
  - Switching from RAC serial to serial console
- Communicating with iDRAC using IPMI SOL
- Communicating with iDRAC using IPMI over LAN
- Enabling or disabling remote RACADM
  - Enabling or disabling remote RACADM using web interface
  - Enabling or disabling remote RACADM using RACADM
- Disabling local RACADM
- Enabling IPMI on managed system
- Configuring Linux for serial console during boot in RHEL 6
  - Enabling login to the virtual console after boot
- Configuring serial terminal in RHEL 7
  - Controlling GRUB from serial console
- Supported SSH cryptography schemes
  - Using public key authentication for SSH
Configuring user accounts and privileges
- iDRAC user roles and privileges
- Recommended characters in user names and passwords
- Configuring local users
  - Configuring local users using iDRAC web interface
  - Configuring local users using RACADM
    - Adding iDRAC user using RACADM
    - Enabling iDRAC user with permissions
- Configuring Active Directory users
- Configuring generic LDAP users
System Configuration Lockdown mode
Configuring iDRAC for Single Sign-On or smart card login
- Prerequisites for Active Directory Single Sign-On or smart card login
  - Registering iDRAC on Domain name System
  - Creating Active Directory objects and providing privileges
- Configuring iDRAC SSO login for Active Directory users
- Enabling or disabling smart card login
- Configuring Smart Card Login
  - Configuring iDRAC smart card login for Active Directory users
  - Configuring iDRAC smart card login for local users
- Using Smart Card to Login
Configuring iDRAC to send alerts
- Enabling or disabling alerts
- Filtering alerts
  - Filtering alerts using iDRAC web interface
  - Filtering alerts using RACADM
- Setting event alerts
  - Setting event alerts using web interface
  - Setting event alerts using RACADM
- Setting alert recurrence event
  - Setting alert recurrence events using RACADM
  - Setting alert recurrence events using iDRAC web interface
- Setting event actions
  - Setting event actions using web interface
  - Setting event actions using RACADM
- Configuring email alert, SNMP trap, or IPMI trap settings
  - Configuring IP alert destinations
  - Configuring email alert settings
- Configuring WS Eventing
- Configuring Redfish Eventing
- Monitoring chassis events
  - Monitoring chassis events using the iDRAC web interface
  - Monitoring chassis events using RACADM
- Alerts message IDs
iDRAC 9 Group Manager
- Group Manager
- Summary View
- Network Configuration requirements
- Manage Logins
- Configure Alerts
- Export
- Discovered Servers View
- Jobs View
- Jobs Export
- Group Information Panel
- Group Settings
- Actions on a selected Server
- iDRAC Group Firmware Update
Managing logs
- Viewing System Event Log
- Viewing Lifecycle log
  - Viewing Lifecycle log using web interface
    - Filtering Lifecycle logs
    - Adding comments to Lifecycle logs
  - Viewing Lifecycle log using RACADM
- Exporting Lifecycle Controller logs
  - Exporting Lifecycle Controller logs using web interface
  - Exporting Lifecycle Controller logs using RACADM
- Adding work notes
- Configuring remote system logging
  - Configuring remote system logging using web interface
  - Configuring remote system logging using RACADM
Monitoring and managing power in iDRAC
- Monitoring power
  - Monitoring performance index of CPU, memory, and input output modules using web interface
  - Monitoring performance index for of CPU, memory, and input output modules using RACADM
- Setting warning threshold for power consumption
  - Setting warning threshold for power consumption using web interface
- Executing power control operations
  - Executing power control operations using web interface
  - Executing power control operations using RACADM
- Power capping
  - Power capping in Blade servers
  - Viewing and configuring power cap policy
- Configuring power supply options
- Enabling or disabling power button
- Multi-Vector Cooling
iDRAC Direct Updates
Inventorying, monitoring, and configuring network devices
- Inventorying and monitoring network devices
- Inventorying and monitoring FC HBA devices
  - Monitoring FC HBA devices using web interface
  - Monitoring FC HBA devices using RACADM
- Inventorying and monitoring SFP Transceiver devices
  - Monitoring SFP Transceiver devices using web interface
  - Monitoring SFP Transceiver devices using RACADM
- Telemetry Streaming
- Serial Data Capture
- Dynamic configuration of virtual addresses, initiator, and storage target settings
Managing storage devices
- Understanding RAID concepts
- Supported controllers
- Supported enclosures
- Summary of supported features for storage devices
- Inventorying and monitoring storage devices
- Viewing storage device topology
- Managing physical disks
- Managing virtual disks
- RAID Configuration Features
- Managing controllers
- Managing PCIe SSDs
- Managing enclosures or backplanes
- Choosing operation mode to apply settings
  - Choosing operation mode using web interface
  - Choosing operation mode using RACADM
- Viewing and applying pending operations
  - Viewing, applying, or deleting pending operations using web interface
  - Viewing and applying pending operations using RACADM
- Storage devices — apply operation scenarios
- Blinking or unblinking component LEDs
  - Blinking or unblinking component LEDs using web interface
  - Blinking or unblinking component LEDs using RACADM
- Warm reboot
BIOS Settings
- BIOS Live Scanning
- BIOS Recovery and Hardware Root of Trust (RoT)
Configuring and using virtual console
- Supported screen resolutions and refresh rates
- Configuring virtual console
  - Configuring virtual console using web interface
  - Configuring virtual console using RACADM
- Previewing virtual console
- Launching virtual console
- Using virtual console viewer
Using iDRAC Service Module
- Installing iDRAC Service Module
  - Installing iDRAC Service Module from iDRAC Express and Basic
  - Installing iDRAC Service Module from iDRAC Enterprise
- Supported operating systems for iDRAC Service Module
- iDRAC Service Module monitoring features
- Using iDRAC Service Module from iDRAC web interface
- Using iDRAC Service Module from RACADM
Using USB port for server management
- Accessing iDRAC interface over direct USB connection
- Configuring iDRAC using server configuration profile on USB device
  - Configuring USB management port settings
  - Importing Server Configuration Profile from USB device
Using Quick Sync 2
- Configuring iDRAC Quick Sync 2
- Using mobile device to view iDRAC information
Managing virtual media
- Supported drives and devices
- Configuring virtual media
- Accessing virtual media
- Setting boot order through BIOS
- Enabling boot once for virtual media
Managing vFlash SD card
- Configuring vFlash SD card
- Managing vFlash partitions
Using SMCLP
- System management capabilities using SMCLP
- Running SMCLP commands
- iDRAC SMCLP syntax
- Navigating the map address space
- Using show verb
- Usage examples
Deploying operating systems
- Deploying operating system using remote file share
- Deploying operating system using virtual media
  - Installing operating system from multiple disks
- Deploying embedded operating system on SD card
  - Enabling SD module and redundancy in BIOS
    - About IDSDM
Troubleshooting managed system using iDRAC
- Using diagnostic console
- Viewing post codes
- Viewing boot and crash capture videos
  - Configuring video capture settings
- Viewing logs
- Viewing last system crash screen
- Viewing System status
  - Viewing system front panel LCD status
  - Viewing system front panel LED status
- Hardware trouble indicators
- Viewing system health
- Checking server status screen for error messages
- Restarting iDRAC
- Reset to Custom Defaults (RTD)
  - Resetting iDRAC using iDRAC web interface
  - Resetting iDRAC using RACADM
- Erasing system and user data
- Resetting iDRAC to factory default settings
  - Resetting iDRAC to factory default settings using iDRAC web interface
  - Resetting iDRAC to factory default settings using iDRAC settings utility
SupportAssist Integration in iDRAC
- SupportAssist Registration
- Installing Service Module
- Server OS Proxy Information
- SupportAssist
- Service Request Portal
- Collection Log
- Generating SupportAssist Collection
  - Generating SupportAssist Collection manually using iDRAC web interface
- Settings
- Collection Settings
- Contact Information
Frequently asked questions
- System Event Log
- Custom sender email configuration for iDRAC alerts
- Network security
- Telemetry streaming
- Active Directory
- Single Sign-On
- Smart card login
- Virtual console
- Virtual media
- vFlash SD card
- SNMP authentication
- Storage devices
- GPU (Accelerators)
- iDRAC Service Module
- RACADM
- Permanently setting the default password to calvin
- Miscellaneous
Use case scenarios
- Troubleshooting an inaccessible managed system
- Obtaining system information and assess system health
- Setting up alerts and configuring email alerts
- Viewing and exporting System Event Log and Lifecycle Log
- Interfaces to update iDRAC firmware
- Performing graceful shutdown
- Creating new administrator user account
- Launching servers remote console and mounting a USB drive
- Installing bare metal OS using attached virtual media and remote file share
- Managing rack density
- Installing new electronic license
- Applying IO Identity configuration settings for multiple network cards in single host system reboot

Generating Kerberos keytab file

To support the SSO and smart card login authentication, iDRAC supports the configuration to enable itself as a kerberized

service on a Windows Kerberos network. The Kerberos configuration on iDRAC involves the same steps as configuring a non–

Windows Server Kerberos service as a security principal in Windows Server Active Directory.

The ktpass tool (available from Microsoft as part of the server installation CD/DVD) is used to create the Service Principal

Name (SPN) bindings to a user account and export the trust information into a MIT–style Kerberos keytab file, which

enables a trust relation between an external user or system and the Key Distribution Centre (KDC). The keytab file contains

a cryptographic key, which is used to encrypt the information between the server and the KDC. The ktpass tool allows

UNIX–based services that support Kerberos authentication to use the interoperability features provided by a Windows Server

Kerberos KDC service. For more information on the ktpass utility, see the Microsoft website at: technet.microsoft.com/

en-us/library/cc779157(WS.10).aspx

Before generating a keytab file, you must create an Active Directory user account for use with the -mapuser option of the

ktpass command. Also, you must have the same name as iDRAC DNS name to which you upload the generated keytab file.

To generate a keytab file using the ktpass tool:

1. Run the ktpass utility on the domain controller (Active Directory server) where you want to map iDRAC to a user account in

Active Directory.

2. Use the following ktpass command to create the Kerberos keytab file:

C:\> ktpass.exe -princ HTTP/idrac7name.domainname.com@DOMAINNAME.COM -mapuser

DOMAINNAME\username -mapop set -crypto AES256-SHA1 -ptype KRB5_NT_PRINCIPAL -pass

[password] -out c:\krbkeytab

The encryption type is AES256-SHA1. The principal type is KRB5_NT_PRINCIPAL. The properties of the user account to

which the Service Principal Name is mapped to must have Use AES 256 encryption types for this account property

enabled.

NOTE:

Use lowercase letters for the iDRACname and Service Principal Name. Use uppercase letters for the domain

name as shown in the example.

A keytab file is generated.

NOTE:

If you find any issues with iDRAC user for which the keytab file is created, create a new user and a new keytab

file. If the same keytab file which was initially created is again executed, it does not configure correctly.

Configuring iDRAC SSO login for Active Directory users using web

interface

To configure iDRAC for Active Directory SSO login:

NOTE: For information about the options, see the iDRAC Online Help.

1. Verify whether the iDRAC DNS name matches the iDRAC Fully Qualified Domain Name. To do this, in iDRAC Web interface,

go to iDRAC Settings > Network > Common Settings and refer to DNS iDRAC Name property.

2. While configuring Active Directory to setup a user account based on standard schema or extended schema, perform the

following two additional steps to configure SSO:

● Upload the keytab file on the Active Directory Configuration and Management Step 1 of 4 page.

● Select Enable Single Sign-On option on the Active Directory Configuration and Management Step 2 of 4 page.

Configuring iDRAC SSO login for Active Directory users using

RACADM

To enable SSO, complete the steps to configure Active Directory, and run the following command:

racadm set iDRAC.ActiveDirectory.SSOEnable 1

168

Configuring iDRAC for Single Sign-On or smart card login