Dell EMC OpenManage Server Administrator Version 9.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2019 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Introduction....................................................................................................................................................6 Installation........................................................................................................................................................................... 6 What is new in this release..............................................................................................................................
The Server Administrator home page........................................................................................................................... 29 Server Administrator user interface differences across modular and non-modular systems............................ 31 Global Navigation Bar.................................................................................................................................................31 System Tree.....................................................
7 Setting Alert Actions....................................................................................................................................67 Setting Alert Actions For Systems Running Supported Red Hat Enterprise Linux And SUSE Linux Enterprise Server Operating Systems........................................................................................................................... 67 Setting Alert actions in Windows Server to Execute Applications.....................................
1 Introduction Server Administrator provides a comprehensive, one-to-one systems management solution in two ways: from an integrated, web browserbased graphical user interface (GUI) and from a command line interface (CLI) through the operating system. Server Administrator enables system administrators to manage systems locally and remotely on a network. It enables system administrators to focus on managing their entire network by providing comprehensive one-to-one systems management.
What is new in this release The release highlights of OpenManage Server Administrator are: • Support for the following operating systems: – Red Hat Enterprise Linux 7.6 – VMware ESXi 6.7 U1 – Ubuntu 18.04.2 – • NOTE: Citrix XenServer operating system support has been dropped for Server Administrator and Storage Management. Client OS support: – Win 10RS5 Pro, RHEL 7.5 workstation. • Support for the following browsers: – Google Chrome - 67, 68 – Safari - 11.
Storage Management Service The Storage Management Service provides storage management information in an integrated graphical view. NOTE: For more information about the Storage Management Service, see the Dell EMC Server Administrator Storage Management User's Guide at dell.com/openmanagemanuals.
The following table shows the systems management standards that are available for each supported operating system. Table 1.
• The Integrated Dell Remote Access Controller 6 (iDRAC6) User Guide provides complete information about configuring and using an iDRAC6 for 11G tower and rack servers to remotely manage and monitor your system and its shared resources through a network. • The Dell Online Diagnostics User's Guide provides complete information on installing and using Online Diagnostics on your system.
Obtaining Technical Assistance If at any time you do not understand a procedure described in this guide or if your product does not perform as expected, help tools are available to assist you. For more information about these help tools, see Getting Help in your system's Hardware Owner’s Manual. Additionally, Enterprise Training and Certification is available; see dell.com/training for more information. This service may not be offered in all locations.
2 Setup And Administration Server Administrator provides security through role- based access control (RBAC), authentication, and encryption for both the Web-based and command line interfaces. Topics: • Role-Based Access Control • Authentication • Encryption • Assigning User Privileges Role-Based Access Control RBAC manages security by determining the operations that can be executed by persons in particular roles.
Server Administrator grants read-only access to users logged in with User privileges, read and write access to users logged in with Power User privileges, and read, write, and administrator access to users logged in with Administrator and Elevated Administrator privileges. Table 3.
Encryption Server Administrator is accessed over a secure HTTPS connection using secure socket layer (SSL) technology to ensure and protect the identity of the system being managed. Java Secure Socket Extension (JSSE) is used by supported Microsoft Windows, Red Hat Enterprise Linux, and SUSE Linux Enterprise Server operating systems to protect the user credentials and other sensitive data that is transmitted over the socket connection when a user accesses the Server Administrator home page.
NOTE: You must have the useradd utility installed on your system to perform the procedures. Related Links • Creating Users With User Privileges • Creating Users With Power User Privileges Creating Users With User Privileges 1 Run the following command from the command line: useradd -d -g where is not root. NOTE: If does not exist, create it by using the groupadd command. 2 Type passwd and press .
The following table lists the examples for adding the role definition to the omarolemap file. Table 5. Examples for adding the role definition in Server Administrator 3 Bob Ahost Poweruser + root Bhost Administrator + root Chost Administrator Bob *.aus.amer.com Poweruser Mike 192.168.2.3 Poweruser Save and close the file.
Disabling Guest And Anonymous Accounts In Supported Windows Operating Systems NOTE: You must be logged in with Administrator privileges. 1 Open the Computer Management window. 2 In the console tree, expand Local Users and Groups and click Users. 3 Double-click Guest or IUSR_system name user account to see the Properties for those users, or right-click the Guest or IUSR_system name user account and then select Properties. 4 Select Account is disabled and click OK.
NOTE: For additional details on SNMP configuration, see the operating system documentation. Changing the SNMP community name NOTE: You cannot set the SNMP community name from Server Administrator. Set the community name using operating system SNMP tools. Configuring the SNMP community names determines which systems are able to manage your system through SNMP.
Configuring The SNMP Agent On Systems Running Supported Red Hat Enterprise Linux Server Administrator uses the SNMP services provided by the net-snmp SNMP agent. You can configure the SNMP agent to change the community name, and send traps to a management station. To configure your SNMP agent for proper interaction with management applications such as OpenManage Essentials, perform the procedures described in the following sections.
NOTE: For IPv6, find the line com2sec6 notConfigUser default public. Also, add the text agentaddress udp6:161 in the file. 3 Edit this line, replacing public with the new SNMP community name. When edited, the new line should read: com2sec publicsec default community_name or com2sec notConfigUser default community_name. 4 To enable SNMP configuration changes, restart the SNMP agent by typing: systemctl restart snmpd .
To enable SNMP access from a specific remote host to a system running Server Administrator, edit the SNMP agent configuration file, /etc/snmp/snmpd.conf, and perform the following steps: 1 Find the line that reads: rocommunity public 127.0.0.1. 2 Edit or copy this line, replacing 127.0.0.1 with the remote host IP address. When edited, the new line should read: rocommunity public IP_address.
Changing The SNMP Community Name Configuring the SNMP community name determines which management stations are able to manage your system through SNMP. The SNMP community name used by management applications must match the SNMP community name configured on the system running Server Administrator, so the management applications can retrieve the management information from Server Administrator.
Firewall Configuration On Systems Running Supported Red Hat Enterprise Linux Operating Systems And SUSE Linux Enterprise Server If you enable firewall security while installing Red Hat Enterprise Linux/SUSE Linux, the SNMP port on all external network interfaces is closed by default. To enable SNMP management applications such as OpenManage Essentials to discover and retrieve information from Server Administrator, the SNMP port on at least one external network interface must be open.
4 Press to move the cursor to the TCP Ports text box. 5 Type snmp in the text box. 6 Press to go to the next screen. 7 Press to accept and apply the changes.
3 Using Server Administrator To start a Server Administrator session, double-click the Server Administrator icon on your desktop. The Server Administrator Log in screen is displayed. The default port for Server Administrator is 1311. You can change the port, if required. For instructions on setting up your system preferences, see Systems Management Server Administration Connection Service and Security Setup.
Server Administrator Managed System Login — Using the Desktop Icon This login is available only if the Server Administrator Web Server component is installed on the system. To log in to Server Administrator to manage a remote system: 1 Double-click the Server Administrator icon on your desktop. 2 Type the managed system's IP Address or system name or Fully Qualified Domain Name (FQDN).
NOTE: When you launch Server Administrator using either Mozilla Firefox or Microsoft Internet Explorer, an intermediate warning page may appear displaying a problem with security certificate. To ensure system security, it is recommended that you generate a new X.509 certificate, reuse an existing X.509 certificate, or import a certificate chain from a Certification Authority (CA). To avoid encountering such warning messages about the certificate, the certificate used must be from a trusted CA.
Server Administrator has also been extended to allow other products (such as Dell EMC OpenManage Essentials) to directly access Server Administrator web pages without going through the login page (if you are currently logged in and have the appropriate privileges).
4 Under Enable Javascript for, make sure that Navigator is selected. Ensure that the Navigator check box is selected under Enable JavaScript for. 5 Click OK to save the new settings. 6 Close the browser. 7 Log in to Server Administrator. The Server Administrator home page NOTE: Do not use your web browser toolbar buttons (such as Back and Refresh) while using Server Administrator. Use only the Server Administrator navigation tools.
Figure 1. Sample Server Administrator home page — Non-Modular System The following figure shows a sample Server Administrator home page layout for a user logged in with administrator privileges on a modular system. Figure 2. Sample Server Administrator home page — Modular System Clicking an object in the system tree opens a corresponding action window for that object.
Server Administrator user interface differences across modular and non-modular systems The following table lists the availability of Server Administrator features across modular and non-modular systems. Table 8.
• Click About to display Server Administrator version and copyright information. • Click Log Out to end the current Server Administrator program session. System Tree The system tree appears on the left side of the Server Administrator home page and lists the components of your system that are viewable. The system components are categorized by component type.
Description Icon The component's health status is unknown. Task Buttons Most windows opened from the Server Administrator home page contain at least five task buttons: Print, Export, Email, Help and Refresh. Other task buttons are included on specific Server Administrator windows. The Log window, for example, also contain Save As and Clear Log task buttons. • Clicking Print ( ) prints a copy of the open window to your default printer.
Figure 3. Gauge Indicator Using The Online Help Context-sensitive online help is available for every window of the Server Administrator home page. Clicking Help opens an independent help window that contains detailed information about the specific window you are viewing. The online help is designed to guide you through the specific actions required to perform all aspects of the Server Administrator services.
• Select the format of alert messages • Enables the Automatic Backup and clear ESM log entries. NOTE: The possible formats are traditional and enhanced. The default format is traditional, which is the legacy format. By default, the feature is disabled. Enabling the feature allows you to create an automatic backup of ESM Logs. After the backup is created, ESM logs of the Server Administrator and the SEL entries of iDRAC/BMC are cleared. The process is repeated whenever the logs are full.
The Preferences home page is displayed. 2 Click General Settings. 3 To add a preselected email recipient, type the email address of your designated service contact in the Mail To: field, and click Apply. NOTE: Click E-mail ( ) in any window to send an e-mail message with an attached HTML file of the window to the designated email address. NOTE: The Web Server URL is not retained if you restart Server Administrator service or the system where Server Administrator is installed.
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_A
• All systems that have Server Administrator installed have unique host names. To manage X.509 certificates through the Preferences home page, click General Settings, click the Web Server tab, and click X.509 Certificate. The following are the available options: • Generate a new certificate — Generates a new self-signed certificate used for SSL communication between the server running Server Administrator and the browser.
Server Administrator Web Server Action Tabs The following are the action tabs that are displayed when you log in to manage the Server Administrator web server: • Properties • Shutdown • Logs • Alert Management • Session Management Upgrading web server CAUTION: Factory reset is not possible after a web server update. For a factory reset, reinstall the Server Administrator.
4 Server Administrator services Server Administrator Instrumentation Service monitors the health of a system and provides rapid access to detailed fault and performance information gathered by industry-standard systems management agents. The reporting and viewing features allow retrieval of the overall health status for each chassis that includes your system. At the subsystem level, you can view information about the voltages, temperatures, fan rpm, and memory function at key points in the system.
Managing system or server module tree objects The Server Administrator system or server module tree displays all visible system objects based on the software and hardware groups that Server Administrator discovers on the managed system and on the user's access privileges. The system components are categorized by component type.
Accessing And Using Chassis Management Controller To launch the Chassis Management Controller Log in window from the Server Administrator home page: 1 Click the Modular Enclosure object 2 Click the CMC Information tab, and then click Launch the CMC Web Interface. The CMC Log in window appears. You can monitor and manage your modular enclosure after connecting to the CMC.
Shutdown Subtabs: Remote Shutdown | Thermal Shutdown | Web Server Shutdown Under the Shutdown tab, you can: • Configure the operating system shutdown and remote shutdown options • Set the thermal shutdown severity level to shut down your system in case a temperature sensor returns a warning or failure value. NOTE: A thermal shutdown occurs only when the temperature reported by the sensor goes preceding the temperature threshold.
• View current SNMP trap alert thresholds and set the alert threshold levels for instrumented system components. The selected traps are triggered if the system generates a corresponding event at the selected severity level. – SNMP Test Trap sends the trap to the selected destination from the configured destinations list displayed. The Server Administrator SNMP component should be installed for sending the test trap.
• Processors • Remote Access • Removable Flash Media • Slots • Temperatures • Voltages NOTE: The Power Supplies option is not available in PowerEdge 1900. Power Supply Monitoring and Power Monitoring features are available only for systems that have two or more redundant, hot-swappable power supplies installed. These features are unavailable for permanently installed, non-redundant power supplies that lack power management circuitry.
• • View detailed information about the field-replaceable units (FRUs) installed in your system (under the System Components (FRU) sub tab). Enable or disable the managed system's front panel buttons, namely Power button and Non-Masking Interrupt (NMI) button (if present on the system). Also, select the managed system’s LCD Security Access level. The managed system’s LCD information can be selected from the drop-down menu. You can also enable Indication of Remote KVM session from the Front Panel sub tab.
On the 12th generation PowerEdge and later systems, the configurable BIOS features are grouped as specific categories. The categories include Debug Menu, System Information, Memory Settings, Processor Settings, SATA Settings, Boot Settings, Boot Option Settings, OneTime Boot, Network Settings, Integrated Devices, Slot Disablement, Serial Communication, System Profile Settings, System Security, and Miscellaneous Settings.
Fans Click the Fans object to manage your system fans. Server Administrator monitors the status of each system fan by measuring fan RPMs. Fan probes report RPMs to the Server Administrator Instrumentation Service. When you select Fans from the device tree, details appear in the data area in the right-side pane of the Server Administrator home page. The Fans object action window can have the following tabs, depending on the user's group privileges: Properties and Alert Management.
Table 10. Possible Values For Status And Cause Of A Probe Status Values Cause Values Degraded User Configuration Insufficient Power Capacity Unknown Reason Normal [N/A] Intrusion Click the Intrusion object to manage your system's chassis intrusion status. Server Administrator monitors chassis intrusion or drive bay status as a security measure to prevent unauthorized access to your system's critical components.
Subtabs: Alert Actions | SNMP Traps Under the Alert Management tab, you can: • View the current alert actions settings and set the alert actions that you want to be performed in case a memory module returns a warning or failure value. • View the current SNMP trap alert thresholds and set the alert threshold levels for memory modules. The selected traps are triggered if the system generates a corresponding event at the selected severity level.
Power Management NOTE: Power Supply Monitoring and Power Monitoring features are available only for systems that have two or more redundant, hot-swappable powers supplies installed. These features are unavailable for permanently installed, nonredundant power supplies that lack power management circuitry. Monitoring Subtabs: Consumption | Statistics Under the Consumption tab you can view and manage your system’s Power Consumption information in Watts and BTU/hr. BTU/hr = Watt X 3.
Under the Properties tab, you can: • View information about your power supply redundancy attributes. • Check the status of individual power supply elements, including the Firmware Version of the power supply, and Maximum Output Wattage. • Check the status of individual power supply elements, including the Firmware Version of the power supply, Rated Input Wattage, and Maximum Output Wattage. The Rated Input Wattage attribute is displayed only on PMBus systems starting 11G.
The Remote Access object action window can have the following tabs, depending on the user's group privileges:Properties, Configuration, and Users. Subtab: Information Properties Under the Properties tab, you can view general information on the remote access device. You can also view the attributes of the IPv4 and IPv6 addresses. Click Reset to Defaults to reset all the attributes to their system default values.
Alert management is common for Internal SD modules and vFlash. Configuring alert actions/SNMP/PEF for either the SD modules or vFlash automatically configures it for the other. Slots Click the Slots object to manage the connectors or sockets on your system board that accept printed circuit boards, such as expansion cards. The Slots object action window has a Properties tab. Properties Subtab: Information Under the Properties tab, you can view information about each slot and installed adapter.
NOTE: Some voltage probe fields differ according to the type of firmware your system has, such as BMC or ESM. Some threshold values are not editable on BMC-based systems. Alert Management Subtabs: Alert Actions | SNMP Traps Under the Alert Management tab, you can: • View the current alert actions settings and set the alert actions that you want to be performed in case a system voltage sensor returns a warning or failure value.
Under the Properties tab, you can view the health or status of attached storage components and sensors such as array subsystems and operating system disks. Managing Preferences Home Page Configuration Options The left pane of the Preferences home page (where the system tree is displayed on the Server Administrator home page) displays all available configuration options in the system tree window. The options displayed are based on the systems management software installed on the managed system.
5 Server Administrator logs Server Administrator allows you to view and manage hardware, alert, and command logs. All users can access logs and print reports from either the Server Administrator home page or from its command line interface. Users must be logged in with Administrator privileges to clear logs or must be logged in with Administrator or Power User privileges to email logs to their designated service contact.
• • • Hardware Log Alert Log Command Log Hardware log On the 11th generation PowerEdge systems, use the hardware log to look for potential problems with your system's hardware components. The hardware log status indicator changes to critical status ( ) when the log file reaches 100 percent capacity. There are two available hardware logs, depending on your system: the Embedded System Management (ESM) log and the System Event Log (SEL).
ID for a specific event source category and an event message that describes the event. The event ID and message uniquely describe the severity and cause of the event and provide other relevant information such as the location of the event and the monitored component's previous state. To access the Alert log, click System, click the Logs tab, and click Alert.
6 Working with remote access controller The systems baseboard management controller (BMC)/Integrated Dell Remote Access Controller (iDRAC) monitors the system for critical events by communicating with various sensors on the system board and sends alerts and log events when certain parameters exceed their preset thresholds. The BMC/iDRAC supports the industry-standard Intelligent Platform Management Interface (IPMI) specification, enabling you to configure, monitor, and recover systems remotely.
Server Administrator allows remote, in-band access to event logs, power control, and sensor status information and provides the ability to configure the BMC/iDRAC. To manage BMC/iDRAC and DRAC through the Server Administrator graphical user interface (GUI), click the Remote Access object, which is a subcomponent of the Main System Chassis/Main System group.
IPv4 Address • IP Address Source • IP Address • IP Subnet • IP Gateway IPv6 Address • IP Address Source • IPv6 Address 1 • Default Gateway • IPv6 Address 2 • Link Local Address • DNS Address Source • Preferred DNS Server • Alternate DNS Server NOTE: You can view IPv4 and IPv6 address details only if you enable the IPv4 and IPv6 address properties under Additional Configuration in the Remote Access tab.
For 12G systems, the Primary Network options for Remote Management (iDRAC7) NIC are: LOM1, LOM2, LOM3, LOM4, and Dedicated. The Failover Network options are: LOM1, LOM2, LOM3, LOM4, All LOMs, and None. NOTE: The Dedicated option is available when the iDRAC7 Enterprise License is present and valid.The number of LOMs varies based on the system or hardware configuration.
• Flow Control 5 • Channel Privilege Level Limit Click Apply Changes. 6 Click Terminal Mode Settings. In the Terminal Mode Settings window, you can configure terminal mode settings for the serial port. Terminal mode is used for Intelligent Platform Interface Management (IPMI) messaging over the serial port using printable ASCII characters. Terminal mode also supports a limited number of text commands to support legacy, text-based environments.
NOTE: For information about license management, see the Dell License Manager User’s Guide available at dell.com/ openmanagemanuals. Configuring Remote Access Device Users To configure Remote Access Device users using the Remote Access page: 1 Click the Modular Enclosure > System/Server Module > Main System Chassis/Main System > Remote Access object. 2 Click the Users tab. The Remote Access Users window displays information about users that can be configured as BMC/iDRAC users.
The Set Platform Events window allows you to specify the actions to be taken if the system is to be shut down in response to a platform event. 5 Select one of the following actions: • None • Reboot System Shuts down the operating system and initiates system startup, performing BIOS checks and reloading the operating system. • Power Off System Turns off the electrical power to the system.
7 Setting Alert Actions Setting Alert Actions For Systems Running Supported Red Hat Enterprise Linux And SUSE Linux Enterprise Server Operating Systems When you set alert actions for an event, you can specify the action to display an alert on the server. To perform this action, Server Administrator sends a message to /dev/console. If the Server Administrator system is running an X Window System, the messsage is not displayed.
2 Navigate to HKLM\SYSTEM\CurrentControlSet\Control\Windows\. 3 Right-click NoIteractiveServices and then click Modify. 4 In Value Data enter 0 and click OK. 5 Close Regedit 6 To add the user to a group, select the group name from the Group drop-down menu and click Add. 7 Click OK. 2 Enabling the Interactive Service Detection 8 Open Services.msc. 9 Navigate to Interactive Service Detection. 10 Right-click Interactive Service Detection and then click Properties.
Event Description Hardware log is full or emptied Either an empty or a full hardware log requires administrator attention. Automatic System Recovery The system is hung or is not responding and is taking an action configured by Automatic System Recovery. System Power Probe Warning The power consumption is approaching the failure threshold. System Power Probe Failure The power consumption has crossed the highest acceptable limit and has resulted in a failure.
8 Troubleshooting Connection Service Failure On Red Hat Enterprise Linux, when SELinux is set to enforced mode, the Systems Management Server Administrator (SM SA) Connection service fails to start. Perform one of the following steps and start this service: • Set SELinux to Disabled mode or to Permissivemode. • Change the SELinux allow_execstack property to ON state. Run the following command: setsebool allow_execstack on • Change the security context for the SM SA connection service.
Fixing A Faulty Server Administrator Installation On Supported Windows Operating Systems You can fix a faulty installation by forcing a reinstall and then performing an uninstall of Server Administrator. To force a reinstall: 1 Check the version of Server Administrator that was previously installed. 2 Download the installation package for that version from support.dell.com. 3 Locate SysMgmt.msi in the srvadmin\windows\SystemsManagement directory.
Service Name Description Impact of Failure Recovery Mechanism Severity NOTE: Inventory Collector is required to update Dell consoles using Dell Update packages. NOTE: Some of the Inventory Collector features are not supported on Server Administrator (64–bit). Windows: SM SA Data Manager Linux: dsm_sa_datamgrd (hosted under dataeng service) (This service runs on the managed system.
9 Frequently Asked Questions This section lists the frequently asked questions about Server Administrator. NOTE: The following questions are not specific to this release of Server Administrator. 1 What is the minimum permission level required to install Server Administrator? To install Server Administrator, you must have Administrator level privileges. Power Users and Users do not have permission to install Server Administrator.
As Server Administrator is not installed on Clients/Workstations, so CIM discovery is used when the target is running the OpenManage Client Instrumentation. For many other devices such as network printers, SNMP is the standard to communicate with (primarily discover) the device. Devices such as EMC storage have proprietary protocols. Some information about this environment can be gathered from looking at the ports used. 8 Are there any plans for SNMP v3 support? No, there are no plans for SNMP v3 support.
