Integrated Dell Remote Access Controller 9 Version 3.31.31.31 User's Guide April 2019 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2019 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents Chapter 1: Overview.....................................................................................................................15 Benefits of using iDRAC with Lifecycle Controller.................................................................................................... 15 Key features........................................................................................................................................................................ 16 New in this release........
Enabling or disabling OS to iDRAC Pass-through using web interface................................................................40 Enabling or disabling alerts using RACADM.................................................................................................................41 Chapter 3: Setting up managed system....................................................................................... 42 Setting up iDRAC IP address....................................................................
Importing server profile....................................................................................................................................................77 Importing server profile using iDRAC web interface...........................................................................................78 Importing server profile using RACADM................................................................................................................ 79 Restore operation sequence..............
Supported operating systems for USB NIC.......................................................................................................... 97 Enabling or disabling OS to iDRAC Pass-through using web interface.......................................................... 97 Enabling or disabling OS to iDRAC Pass-through using RACADM..................................................................98 Enabling or disabling OS to iDRAC Pass-through using iDRAC settings utility................................
Configuring IPMI over LAN using iDRAC settings utility.................................................................................. 124 Configuring IPMI over LAN using RACADM........................................................................................................124 Enabling or disabling remote RACADM...................................................................................................................... 125 Enabling or disabling remote RACADM using web interface............
Configuring Smart Card Login......................................................................................................................................160 Configuring iDRAC smart card login for Active Directory users.................................................................... 160 Configuring iDRAC smart card login for local users.......................................................................................... 160 Using Smart Card to Login..........................................
Viewing System Event Log........................................................................................................................................... 180 Viewing System Event Log using web interface................................................................................................180 Viewing System Event Log using RACADM........................................................................................................180 Viewing System Event Log using iDRAC settings utility..
Chapter 15: Managing storage devices....................................................................................... 201 Understanding RAID concepts.....................................................................................................................................202 What is RAID..............................................................................................................................................................
Setting SGPIO mode................................................................................................................................................ 245 Set Enclosure Asset Tag......................................................................................................................................... 246 Set Enclosure Asset Name.....................................................................................................................................
Configuring iDRAC Quick Sync 2.................................................................................................................................277 Configuring iDRAC Quick Sync 2 settings using web interface.....................................................................278 Configuring iDRAC Quick Sync 2 settings using RACADM.............................................................................278 Configuring iDRAC Quick Sync 2 settings using iDRAC settings utility................
Chapter 24: Using SMCLP......................................................................................................... 298 System management capabilities using SMCLP......................................................................................................298 Running SMCLP commands.........................................................................................................................................298 iDRAC SMCLP syntax..................................................
Chapter 27: SupportAssist Integration in iDRAC........................................................................ 316 SupportAssist Registration............................................................................................................................................316 Installing Service Module............................................................................................................................................... 317 Server OS Proxy Information...................
1 Overview The Integrated Dell Remote Access Controller (iDRAC) is designed to make you more productive as a system administrator and improve the overall availability of Dell EMC servers. iDRAC alerts you to system issues, helps you to perform remote management, and reduces the need for physical access to the system. iDRAC with Lifecycle Controller technology is part of a larger data center solution that increases availability of business critical applications and workloads.
Key features The key features of iDRAC include: NOTE: Some features are available only with iDRAC Enterprise license. For information on the features available for a license, see iDRAC licenses on page 19. Inventory and Monitoring ● View managed server health. ● Inventory and monitor network adapters and storage subsystem (PERC and direct attached storage) without any operating system agents. ● View and export system inventory. ● View sensor information such as temperature, voltage, and intrusion.
○ Blink or unblink component LEDs. ○ Apply the device settings immediately, at next system reboot, at a scheduled time, or as a pending operation to be applied as a batch as part of the single job. Update ● Manage iDRAC licenses. ● Update BIOS and device firmware for devices supported by Lifecycle Controller. ● Update or rollback iDRAC firmware and Lifecycle Controller firmware using a single firmware image. ● Manage staged updates. ● Back up and restore server profile.
● ● ● ● Set user passwords and BIOS passwords using one-way hash format for improved security. FIPS 140-2 Level 1 capability. Support for TLS 1.2, 1.1, and 1.0. To enhance security, default setting is TLS 1.1 and higher. SMCLP and web interfaces that support 128 bit and 40-bit encryption (for countries where 128 bit is not acceptable), using the TLS 1.2 standard. NOTE: To ensure a secure connection, Dell recommends using TLS 1.1 and higher. ● Session time-out configuration (in seconds).
● SuSe Linux Enterprise Server ● Canonical Ubuntu NOTE: For the list of supported versions, see the iDRAC Release Notes available at www.dell.com/idracmanuals. iDRAC licenses iDRAC features are available based on the type of the license. Depending on the system model, iDRAC Basic or iDRAC Express license is installed by default. iDRAC Enterprise license and iDRAC SEKM license are available as an upgrade and can be purchased anytime.
Acquiring license key from Dell Digital Locker To obtain the license key from your account, you must first register your product using the registration code that is sent in the order confirmation email. This code must be entered in the Product Registration tab after logging into Dell Digital Locker. From the left pane, click the Products or Order History tab to view the list of your products. Subscription-based products are listed under Billing accounts tab.
Licensed features in iDRAC9 The following table lists iDRAC9 features that are enabled based on the license purchased: Table 2. Licensed features in iDRAC9 Feature iDRAC9 Basic iDRAC9 Express iDRAC9 Express for Blades iDRAC9 Enterprise iDRAC RESTful API and Redfish Yes Yes Yes Yes IPMI 2.0 Yes Yes Yes Yes DCMI 1.
Table 2.
Table 2.
Table 2.
Table 2.
Interfaces and protocols to access iDRAC The following table lists the interfaces to access iDRAC. NOTE: Using more than one interface at the same time may generate unexpected results. Table 3. Interfaces and protocols to access iDRAC Interface or Protocol Description iDRAC Settings Utility (F2) Use the iDRAC Settings utility to perform pre-OS operations. It has a subset of the features that are available in iDRAC web interface along with other features.
Table 3. Interfaces and protocols to access iDRAC (continued) Interface or Protocol Description RACADM Use this command-line utility to perform iDRAC and server management. You can use RACADM locally and remotely. ● Local RACADM command-line interface runs on the managed systems that have Server Administrator installed. Local RACADM communicates with iDRAC through its in-band IPMI host interface.
Table 3. Interfaces and protocols to access iDRAC (continued) Interface or Protocol Description NOTE: Telnet is not a secure protocol and is disabled by default. Telnet transmits all data, including passwords in plain text. When transmitting sensitive information, use the SSH interface. VMCLI Use the Virtual Media Command Line Interface (VMCLI) to access a remote media through the management station and deploy operating systems on multiple managed systems.
Table 5.
● The Getting Started Guide provides an overview of system features, setting up your system, and technical specifications. ● The Installation and Service Manual provides information about system features and describes how to troubleshoot the system and install or replace system components. Contacting Dell NOTE: If you do not have an active Internet connection, you can find contact information on your purchase invoice, packing slip, bill, or Dell product catalog.
2 Logging in to iDRAC You can log in to iDRAC as an iDRAC user, a Microsoft Active Directory user, or a Lightweight Directory Access Protocol (LDAP) user. You can also log in using OpenID Connect and Single Sign-On or Smart Card. To improve security, each system is shipped with a unique password for iDRAC, which is available on the system information tag. This unique password improves security of iDRAC and your server. The default user name is root.
• • • • Enabling or disabling default password warning message IP Blocking Enabling or disabling OS to iDRAC Pass-through using web interface Enabling or disabling alerts using RACADM Logging into iDRAC using OpenID Connect NOTE: This feature is only available in MX platforms. To log in to iDRAC using the OpenID Connect: 1. In a supported web browser, type https://[iDRAC-IP-address] and press Enter. The Login page is displayed. 2. Select OME Modular from the Log In with: menu.
Logging in to iDRAC as a local user using a smart card Before you log in as a local user using Smart Card, make sure to: ● Upload user smart card certificate and the trusted Certificate Authority (CA) certificate to iDRAC. ● Enable smart card logon. The iDRAC web interface displays the smart card logon page for users who are configured to use the smart card.
Logging in to iDRAC SSO using iDRAC web interface Before logging in to iDRAC using Single Sign-On, ensure that: ● You have logged in to your system using a valid Active Directory user account. ● Single Sign-On option is enabled during Active Directory configuration. To log in to iDRAC using web interface: 1. Log in to your management station using a valid Active Directory account. 2. In a web browser, type https://[FQDN address].
For example, use the cat command: cat testcacert.pem >> cert.pem 4. Generate and upload the server certificate to iDRAC. Accessing iDRAC using local RACADM For information to access iDRAC using local RACADM, see the iDRAC RACADM CLI Guide available at www.dell.com/ idracmanuals. Accessing iDRAC using firmware RACADM You can use SSH or Telnet interfaces to access iDRAC and run firmware RACADM commands. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals.
Logging in: ssh username@ or ssh username@ where IP_address is the IP address of the iDRAC. Sending RACADM commands: ssh username@ racadm getversion ssh username@ racadm getsel Multiple iDRAC sessions The following table provides the number of iDRAC sessions that are possible using the various interfaces. Table 7.
Resetting default iDRAC password locally If you have physical access to the system, you can reset the password using the following: ● ● ● ● ● iDRAC Setting utility (System Setup) Local RACADM OpenManage Mobile Server management USB port USB-NIC Resetting default password using the iDRAC Settings utility You can access the iDRAC settings utility using the System Setup of your server. Using the iDRAC reset to defaults all feature, you can reset the iDRAC login credentials to default.
Changing default password using USB-NIC If you have access to a keyboard, mouse, and a display device, connect to the server using the USB-NIC to access the iDRAC interface and change the default password. 1. Connect the devices to the system. 2. Use a supported browser to access the iDRAC interface using the iDRAC IP. 3. Follow the instructions in Changing the default login password using web interface on page 38.
Changing the default login password using RACADM To change the password, run the following RACADM command: racadm set iDRAC.Users..Password where, is a value from 1 to 16 (indicates the user account) and is the new user defined password. NOTE: The index for the default account is 2. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals.
Table 8. Login Retry Restriction Properties Property iDRAC.IPBlocking.BlockEnable Definition Enables the IP blocking feature. When consecutive failures iDRAC.IPBlocking.FailCount from a single IP address are encountered within a specific amount of time iDRAC.IPBlocking.FailWindow all further attempts to establish a session from that address are rejected for a certain timespan iDRAC.IPBlocking.PenaltyTime iDRAC.IPBlocking.
7. Click Test Network Configuration to check if the IP is accessible and the link is established between the iDRAC and the host operating system. Enabling or disabling alerts using RACADM Use the following command: racadm set iDRAC.IPMILan.
3 Setting up managed system If you need to run local RACADM or enable Last Crash Screen capture, install the following from the Dell Systems Management Tools and Documentation DVD: ● Local RACADM ● Server Administrator For more information about Server Administrator, see OpenManage Server Administrator User's Guide available at www.dell.com/openmanagemanuals.
Setting up iDRAC IP using iDRAC settings utility To set up the iDRAC IP address: 1. Turn on the managed system. 2. Press during Power-on Self-test (POST). 3. In the System Setup Main Menu page, click iDRAC Settings. The iDRAC Settings page is displayed. 4. Click Network. The Network page is displayed. 5. Specify the following settings: ● ● ● ● ● ● Network Settings Common Settings IPv4 Settings IPv6 Settings IPMI Settings VLAN Settings 6. Click Back, click Finish, and then click Yes.
● Chassis (Dedicated): Enables the remote access device to use the dedicated network interface available on the Remote Access Controller (RAC). This interface is not shared with the host operating system and routes the management traffic to a separate physical network, enabling it to be separated from the application traffic. This option implies that iDRAC's dedicated network port routes its traffic separately from the server's LOM or NIC ports.
● Static IP Address ● Static Gateway ● Static Subnet Mask 3. Optionally, enable Use DHCP to obtain DNS server address, so that the DHCP server can assign the Static Preferred DNS Server and Static Alternate DNS Server. Else, enter the IP addresses for Static Preferred DNS Server and Static Alternate DNS Server. Configuring the IPv6 settings Based on the infrastructure setup, you can use IPv6 address protocol. To configure the IPv6 settings: 1. Select Enabled option under Enable IPv6. 2.
1. Log in to the CMC Web interface. 2. Go to iDRAC Settings > Settings > CMC. The Deploy iDRAC page is displayed. 3. Under iDRAC Network Settings, select Enable LAN and other network parameters as per requirements. For more information, see CMC online help. 4. For additional network settings specific to each blade server, go to Server Overview > . The Server Status page is displayed. 5. Click Launch iDRAC and go to iDRAC Settings > Connectivity > Network. 6.
Configuring servers and server components using Auto Config The Auto Config feature configures and provisions all the components in a server in a single operation. These components include BIOS, iDRAC, and PERC. Auto Config automatically imports a Server Configuration Profile (SCP) XML or JSON file containing all configurable parameters. The DHCP server that assigns the IP address also provides the details for accessing the SCP file. SCP files are created by configuring a gold configuration server.
For iDRAC firmware 3.00.00.00 or later, JSON format Profile files are supported. The following file names will be used if the Filename parameter is not present: ● -config.xml, Example: CDVH7R1-config.xml ● -config.xml, Example: R640-config.xml ● config.xml ● -config.json, Example:CDVH7R1-config.json ● -config.json, Example: R630-config.json ● config.
option vendor-class-identifier "iDRAC"; set vendor-string = option vendor-class-identifier; option myname "-f system_config.xml -i 192.168.0.130 -u user -p password -n cifs -s 2 -d 0 -t 500"; where, -i is the location of the Remote File Share and –f is the file name in the string along with the credentials to the Remote File Share. The DHCP Option 60 identifies and associates a DHCP client with a particular vendor.
For the option’s DATA entry, String Value setting, use a text parameter that has the following letter options and values: ● Filename (–f) — Indicates the name of the exported Server Configuration Profile(SCP) file. ● Sharename (-n) — Indicates the name of the network share. ● ShareType (-s) — Alongside supporting NFS and CIFS-based file sharing, iDRAC firmware 3.00.00.00 or later also supports accessing profile files by using HTTP and HTTPS.
NOTE: Example for Linux NFS, CIFS, HTTP, HTTPS share: ○ NFS: -f system_config.xml -i 192.168.0.130 -n /nfs -s 0 -d 0 -t 500 Ensure that you use NFS2 or NFS3 for NFS network share. ○ CIFS: -f system_config.xml -i 192.168.0.130 -n sambashare/config_files -s 2 -u user -p password -d 1 -t 400 ○ HTTP: -f system_config.xml -i 192.168.1.101 -s http -n http_share ○ HTTPS: -f system_config.json -i 192.168.1.101 -s https ● IPAddress (-i) — Indicates the IP address of the file share.
● Enable once after reset — After the iDRAC is reset, configures the components only once using the SCP file referenced by the DHCP server. After this, Auto Config is disabled. ● Disable — Disables the Auto Config feature. 3. Click Apply to apply the setting. The network page automatically refreshes. Enabling Auto Config using RACADM To enable Auto Config feature using RACADM, use the iDRAC.NIC.AutoConfig object. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals.
When importing server configuration profile, you can uncomment the existing password attribute or the new password hash attribute(s). If both are uncommented an error is generated and the password is not set. A commented attribute is not applied during an import. Generating hash password without SNMPv3 and IPMI authentication Hash password can be generated without SNMPv3 and IPMI authentication with or without salt. Both require SHA256. To generate hash password with salt: 1.
Setting up managed system location using web interface To specify the system location details: 1. In the iDRAC web interface, go to System > Details > System Details. The System Details page is displayed. 2. Under System Location, enter the location details of the managed system in the data center. For information about the options, see the iDRAC Online Help. 3. Click Apply. The system location details are saved in iDRAC.
■ Generally, higher fan speeds at idle and stress loads. ○ Minimum Power (Performance per Watt Optimized): ■ Optimized for lowest system power consumption based on optimum fan power state. ■ Generally, lower fan speeds at idle and stress loads. ○ Sound Cap — Sound Cap provides reduced acoustical output from a server at the expense of some performance.
The settings are persistent, which means that once they are set and applied, they do not automatically change to the default setting during system reboot, power cycling, iDRAC, or BIOS updates. The custom cooling options may not be supported on all servers. If the options are not supported, they are not displayed or you cannot provide a custom value. 3. Click Apply to apply the settings. The following message is displayed: It is recommended to reboot the system when a thermal profile change has been made.
Table 10. Thermal Settings (continued) Object Description Usage Example The following error message is displayed: ERROR: RAC947: Invalid object value specified. Make sure to specify the value depending on the type of object. For more information, see RACADM help. To set the limit to the default value: racadm set system.thermalsetti ngs.AirExhaustTemp 255 FanSpeedHighOffsetVal ● Getting this variable reads the fan speed offset value in %PWM for High Fan Speed Offset setting.
Table 10. Thermal Settings (continued) Object Description Usage FanSpeedMaxOffsetVal ● Getting this variable reads Values from 0-100 the fan speed offset value in %PWM for Max Fan Speed Offset setting. ● This value depends on the system. ● Use FanSpeedOffset to set this value using index value 3 Example racadm get system.thermalsetti ngs FanSpeedMaxOffsetVa l This returns a value such as “100”.
Table 10. Thermal Settings (continued) Object Description Usage Example Values from 1 — 100 To display the highest value that can be set using MinimumFanSpeed option: which the offsets are applied. MFSMaximumLimit Read Maximum limit for MFS racadm get system.thermalsetti ngs.MFSMaximumLimit MFSMinimumLimit Read Minimum limit for MFS Values from 0 to MFSMaximumLimit Default is 255 (means None) To display the lowest value that can be set using MinimumFanSpeed option. racadm get system.
Modifying thermal settings using iDRAC settings utility To modify the thermal settings: 1. In the iDRAC Settings utility, go to Thermal. The iDRAC Settings Thermal page is displayed. 2. Specify the following: ● ● ● ● Thermal Profile Maximum Exhaust Temperature Limit Fan Speed Offset Minimum Fan Speed The settings are persistent, which means that once they are set and applied, they do not automatically change to the default setting during system reboot, power cycling, iDRAC, or BIOS updates.
● SSH client ● TFTP ● Dell OpenManage Essentials Accessing iDRAC remotely To remotely access iDRAC Web interface from a management station, make sure that the management station is in the same network as iDRAC. For example: ● Blade servers — The management station must be on the same network as CMC and OME Modular. For more information on isolating CMC network from the managed system’s network, see the Chassis Management Controller User's Guide available at www.dell.com/cmcmanuals.
NOTE: When connecting to the iDRAC web interface with a certificate the browser does not trust, the browser's certificate error warning may display a second time after you acknowledge the first warning. To add iDRAC IP address to the trusted-sites list: 1. Click Tools > Internet Options > Security > Trusted sites > Sites. 2. Enter the iDRAC IP address to the Add this website to the zone. 3. Click Add, click OK, and then click Close. 4. Click OK and then refresh your browser.
2. In Filter, enter network.negotiate. 3. Add the domain name to network.negotiate-auth.trusted-uris (using comma separated list.) 4. Add the domain name to network.negotiate-auth.delegation-uris (using comma separated list.) Configuring web browsers to use virtual console To use Virtual Console on your management station: 1. Make sure that a supported version of the browser (Internet Explorer (Windows), or Mozilla Firefox (Windows or Linux), Google Chrome, Safari) is installed.
Configuring Microsoft Edge to use HTML5-based plug-in You must configure Edge settings before you launch and run HTML5 based virtual console and virtual media applications. To configure the browser settings: 1. Click Settings > View Advanced Settings and disable the Block pop-ups option. 2. Modify the IPv6 address as follows : https://2607:f2b1:f083:147::1eb.ipv6:literal.net/restgui to https://2607-f2b1f083-147--1eb.ipv6-literal.
NOTE: On systems with Internet Explorer 11, ensure that you add the iDRAC IP by clicking Tools > Compatibility View settings. NOTE: ● The varying versions of Internet Explorer share Internet Options. Therefore, after you add the server to the list of trusted sites for one browser the other browser uses the same setting. ● Before installing the ActiveX control, Internet Explorer may display a security warning.
The Certificates dialog box is displayed. 3. From the Certificate type drop-down menu, select Trusted Certificates. 4. Click Import, browse, select the CA certificate (in Base64 encoded format), and click Open. The selected certificate is imported to the Web start trusted certificate store. 5. Click Close and then click OK. The Java Control Panel window closes.
● OS Collector CAUTION: The PSU firmware update may take several minutes depending on the system configuration and PSU model. To avoid damaging the PSU, do not interrupt the update process or power on the system during PSU firmware update. You must upload the required firmware to iDRAC. After the upload is complete, the current version of the firmware installed on the device and the version being applied is displayed. If the firmware being uploaded is not valid, an error message is displayed.
NOTE: When multiple firmware updates are applied through out-of-band methods, the updates are ordered in the most efficient possible manner to reduce unnecessary system restart. Table 12.
Table 13. Firmware update — supported components (continued) Component Name Firmware Rollback Supported? (Yes or No) Out-of-band — System Restart Required? In-band — System Restart Required? Lifecycle Controller GUI — Restart Required? CPLD No Yes Yes Yes FC Cards Yes Yes Yes Yes NVMe PCIe SSD drives Yes No No No SAS/SATA hard drives No Yes Yes No OS Collector No No No No * Indicates that though a system restart is not required, iDRAC must be restarted to apply the updates.
Scheduling automatic firmware updates You can create a periodic recurring schedule for iDRAC to check for new firmware updates. At the scheduled date and time, iDRAC connects to the specified destination, checks for new updates, and applies or stages all applicable updates. A log file is created on the remote server, which contains information about server access and staged firmware updates.
● To schedule the start time and frequency of the firmware update: racadm AutoUpdateScheduler create -u username –p password –l [-f catalogfilename -pu -pp -po -pt ] -time < hh:mm> [-dom < 1 – 28,L,’*’> -wom <1-4,L,’*’> -dow ] -rp <1-366> -a For example, ○ To automatically update firmware using a CIFS share: racadm AutoUpdateScheduler create -u admin -p pwd -l //1.2.3.4/CIFS-share –f cat.
2. Go to iDRAC Settings > Settings > CMC. The Deploy iDRAC page is displayed. 3. Click Launch iDRAC Web interface and perform iDRAC Firmware Update. Updating firmware using DUP Before you update firmware using Dell Update Package (DUP), make sure to: ● Install and enable the IPMI and managed system drivers.
Updating CMC firmware from iDRAC In the PowerEdge FX2/FX2s chassis, you can update the firmware for the Chassis Management Controller and any component that can be updated by CMC and shared by the servers from iDRAC. Before applying the update, make sure that: ● Servers are not allowed to power-up by CMC. ● Chassis with LCD must display a message indicating “update is in-progress”. ● Chassis without LCD must indicate the update progress using LED blinking pattern.
Rolling back device firmware You can roll back the firmware for iDRAC or any device that Lifecycle Controller supports, even if the upgrade was previously performed using another interface. For example, if the firmware was upgraded using the Lifecycle Controller GUI, you can roll back the firmware using the iDRAC web interface. You can perform firmware rollback for multiple devices with one system reboot.
If Lifecycle Controller is disabled or in recovery state and you try to perform a firmware rollback for any device other than iDRAC, an appropriate warning message is displayed along with steps to enable Lifecycle Controller. Rollback firmware using CMC web interface To roll back using the CMC Web interface: 1. Log in to CMC Web interface. 2. Go to iDRAC Settings > Settings > CMC. The Deploy iDRAC page is displayed. 3.
backup operation also includes the hard disk configuration data, motherboard, and replaced parts. The backup creates a single file that you can save to a vFlash SD card or network share (CIFS, NFS, HTTP or HTTPS). You can also enable and schedule periodic backups of the firmware and server configuration based on a certain day, week, or month. NOTE: It is recommended not to reset iDRAC while server-profile backup or restore operation is in progress.
○ A Dell supported vFlash SD card is inserted, enabled, and initialized. ○ vFlash SD card has enough space to store the backup file. NOTE: IPv6 address is not supported for scheduling automatic backup server profile. Scheduling automatic backup server profile using web interface To schedule automatic backup server profile: 1. In the iDRAC Web interface, go to iDRAC Settings > Settings > Backup and Export Server Profile. The Backup and Export Server Profile page is displayed. 2.
backup file. If components are different or not in the same location, they are not modified and restore failures is logged to the Lifecycle Log. Before performing an import operation, make sure that Lifecycle Controller is enabled. If Lifecycle Controller is disabled, and if you initiate the import operation, the following message is displayed: Lifecycle Controller is not enabled, cannot create Configuration job.
The import server profile operation is initiated. Importing server profile using RACADM To import the server profile using RACADM, use the systemconfig restore command. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Restore operation sequence The restore operation sequence is: 1. Host system shuts down. 2. Backup file information is used to restore the Lifecycle Controller. 3. Host system turns on. 4.
Importing server configuration profile using iDRAC web interface To import the server configuration profile: 1. Go to Configuration > Server Configuration Profile The Server Configuration Profile page is displayed. 2. Select one of the following to specify the location type: ● Local to import the configuration file saved in a local drive. ● Network Share to import the configuration file from CIFS or NFS share. ● HTTP or HTTPS to import the configuration file from a local file using HTTP/HTTPS file transfer.
Acceptable file formats The Secure Boot policy contains only one key in PK, but multiple keys may reside in KEK. Ideally, either the platform manufacturer or platform owner maintains the private key corresponding to the public PK. Third parties (such as OS providers and device providers) maintain the private keys corresponding to the public keys in KEK. In this way, platform owners or third parties may add or remove entries in the db or dbx of a specific system.
BIOS recovery The BIOS recovery feature allows you to manually recover the BIOS from a stored image. The BIOS is checked when the system is powered-on and if a corrupt or compromised BIOS is detected, an error message is displayed. You can then initiate the process of BIOS recovery using RACADM. To perform a manual BIOS recovery, see the iDRAC RACADM Command Line Interface Reference Guide available at www.dell.com/idracmanuals.
4 Configuring iDRAC iDRAC enables you to configure iDRAC properties, set up users, and set up alerts to perform remote management tasks. Before you configure iDRAC, make sure that the iDRAC network settings and a supported browser is configured, and the required licenses are updated. For more information about the licensable feature in iDRAC, see iDRAC licenses on page 19.
• • Configuring multiple iDRACs using RACADM Disabling access to modify iDRAC configuration settings on host system Viewing iDRAC information You can view the basic properties of iDRAC. Viewing iDRAC information using web interface In the iDRAC Web interface, go to iDRAC Settings > Overview to view the following information related to iDRAC. For information about the properties, see iDRAC Online Help.
Viewing iDRAC information using RACADM To view iDRAC information using RACADM, see getsysinfo or get sub-command details provided in the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals . Modifying network settings After configuring the iDRAC network settings using the iDRAC Settings utility, you can also modify the settings through the iDRAC Web interface, RACADM, Lifecycle Controller, Dell Deployment Toolkit, and Server Administrator (after booting to the operating system).
Configuring IP filtering In addition to user authentication, use the following options to provide additional security while accessing iDRAC: ● IP filtering limits the IP address range of the clients accessing iDRAC. It compares the IP address of an incoming login to the specified range and allows iDRAC access only from a management station whose IP address is within the range. All other login requests are denied.
Examples for IP Filtering The following RACADM commands block all IP addresses except 192.168.0.57: racadm set iDRAC.IPBlocking.RangeEnable 1 racadm set iDRAC.IPBlocking.RangeAddr 192.168.0.57 racadm set iDRAC.IPBlocking.RangeMask 255.255.255.255 To restrict logins to a set of four adjacent IP addresses (for example, 192.168.0.212 through 192.168.0.215), select all but the lowest two bits in the mask: racadm set iDRAC.IPBlocking.RangeEnable 1 racadm set iDRAC.IPBlocking.RangeAddr 192.168.0.
For more information about these objects, see iDRAC RACADM Command Line Interface Reference Guide available at dell.com/ idracmanuals. FIPS mode FIPS is a computer security standard that United States government agencies and contractors must use. Starting from version iDRAC 2.40.40.40, iDRAC supports enabling FIPS mode. iDRAC will be officially certified to support FIPS mode in the future.
Configuring services You can configure and enable the following services on iDRAC: Local Configuration Disable access to iDRAC configuration (from the host system) using Local RACADM and iDRAC Settings utility. Web Server Enable access to iDRAC web interface. If you disable the web interface, remote RACADM also gets disabled. Use local RACADM to re-enable the web server and remote RACADM.
NOTE: If you are using a third party CA to sign the iDRAC CSR, ensure that the third party CA supports the value UID for User Name field in Client certificate. If it is not supported, use Common Name as the value for User Name field. Configuring services using RACADM To ● ● ● ● ● ● ● enable and configure services using RACADM, use the set command with the objects in the following object groups: iDRAC.LocalSecurity iDRAC.LocalSecurity iDRAC.SSH iDRAC.Webserver iDRAC.Telnet iDRAC.Racadm iDRAC.
Configuring TLS using RACADM To check the version of TLS configured: racadm get idrac.webserver.tlsprotocol To set the version of TLS: racadm set idrac.webserver.tlsprotocol =0 TLS 1.0 and Higher =1 TLS 1.1 and Higher =2 TLS 1.2 Only Using VNC client to manage remote server You can use a standard open VNC client to manage the remote server using both desktop and mobile devices such as Dell Wyse PocketCloud.
For information about the fields, see the iDRAC Online Help. 3. Click Apply. The VNC server is configured. Configuring VNC server using RACADM To configure the VNC server, use the set command with the objects in VNCserver. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals.
● ● ● ● ● ● ● ● ● ● ● Service Tag (default) Asset Tag DRAC MAC Address DRAC IPv4 Address DRAC IPv6 Address System Power Ambient Temperature System Model Host Name User Defined None If you select User Defined, enter the required message in the text box. If you select None, home message is not displayed on the server LCD front panel. 3. Enable Virtual Console indication (optional).
● Blink On 1 Month Timeout 3. Click Apply. The LED blinking on the front panel is configured. Configuring system ID LED setting using RACADM To configure system ID LED, use the setled command. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Configuring time zone and NTP You can configure the time zone on iDRAC and synchronize the iDRAC time using Network Time Protocol (NTP) instead of BIOS or host system times.
● BIOS Setup (F2), Lifecycle Controller (F10), and BIOS Boot Manager (F11) cannot be set as permanent boot device. ● The first boot device setting in iDRAC Web Interface overrides the System BIOS boot settings. Setting first boot device using web interface To set the first boot device using iDRAC Web interface: 1. Go to Configuration > System Settings > Hardware Settings > First Boot Device. The First Boot Device page is displayed. 2.
the host operating system through a shared LOM, a dedicated NIC, or through the USB NIC. This feature is available for iDRAC Enterprise license. NOTE: iDRAC Service Module (iSM) provides more features for managing iDRAC through the operating system. For more information, see the iDRAC Service Module User's Guide available at www.dell.com/idracservicemodule. When enabled through dedicated NIC, you can launch the browser in the host operating system and then access the iDRAC Web interface.
Supported operating systems for USB NIC The operating systems supported for USB NIC are: ● Server 2012 R2 Foundation Edition ● Server 2012 R2 Essentials Edition ● Server 2012 R2 Standard Edition ● Server 2012 R2 Datacenter Edition ● Server 2012 for Embedded Systems (Base and R2 w/ SP1) ● Server 2016 Essentials Edition ● Server 2016 Standard Edition ● Server 2016 Datacenter Edition ● RHEL 7.3 ● RHEL 6.9 ● SLES 12 SP2 ● ESXi 6.0 U3 ● vSphere 2016 ● XenServer 7.
● USB NIC — The OS to iDRAC pass-through link between the iDRAC and the host operating system is established through the internal USB bus. NOTE: If you set the pass-through mode to LOM, ensure that: ● OS and iDRAC are on the same subnet ● NIC selection in Network Settings is set to LOM 4. If you select LOM as the pass-through configuration, and if the server is connected using dedicated mode, enter the IPv4 address of the operating system.
5. Click Back, click Finish, and then click Yes. The details are saved. Obtaining certificates The following table lists the types of certificates based on the login type. Table 16. Types of certificate based on login type Login Type Certificate Type How to Obtain Single Sign-on using Active Directory Trusted CA certificate Generate a CSR and get it signed from a Certificate Authority SHA-2 certificates are also supported.
iDRAC Web server has a Dell self-signed unique SSL digital certificate by default. You can replace the default SSL certificate with a certificate signed by a well-known Certificate Authority (CA). A Certificate Authority is a business entity that is recognized in the Information Technology industry for meeting high standards of reliable screening, identification, and other important security criteria. Examples of CAs include Thawte and VeriSign.
Uploading server certificate After generating a CSR, you can upload the signed SSL server certificate to the iDRAC firmware. iDRAC must be reset to apply the certificate. iDRAC accepts only X509, Base 64 encoded Web server certificates. SHA-2 certificates are also supported. CAUTION: During reset, iDRAC is not available for a few minutes. Uploading server certificate using web interface To upload the SSL server certificate: 1.
Uploading custom signing certificate using web interface To upload the custom signing certificate using iDRAC web interface: 1. Go to iDRAC Settings > Connectivity > SSL. The SSL page is displayed. 2. Under Custom SSL Certificate Signing Certificate, click Upload Signing Certificate. The Upload Custom SSL Certificate Signing Certificate page is displayed. 3. Click Choose File and select the custom SSL certificate signing certificate file.
3. A pop-up message is displayed asking you to reset iDRAC immediately or at a later time. Click Reset iDRAC or Reset iDRAC Later as required. After iDRAC resets, a new self-signed certificate is generated. Deleting custom SSL certificate signing certificate using RACADM To delete the custom SSL certificate signing certificate using RACADM, use the sslcertdelete subcommand. Then, use the racreset command to reset iDRAC. For more information, see the iDRAC RACADM CLI Guide available at www.dell.
Disabling access to modify iDRAC configuration settings on host system You can disable access to modify the iDRAC configuration settings through Local RACADM or iDRAC Settings utility. However, you can view these configuration settings. To do this: 1. In iDRAC Web interface, go to iDRAC Settings > Services > Local Configurations. 2.
5 Viewing iDRAC and managed system information You can view iDRAC and managed system health and properties, hardware and firmware inventory, sensor health, storage devices, network devices, and view and terminate user sessions. For blade servers, you can also view the Flex Address or Remote-Assigned Address (applicable only for MX platforms) .
Viewing system inventory You can view information about the hardware and firmware components installed on the managed system. To do this, in iDRAC web interface, go to System > Inventories. For information about the displayed properties, see the iDRAC Online Help.
Viewing sensor information The following sensors help to monitor the health of the managed system: ● Batteries — Provides information about the batteries on the system board CMOS and storage RAID On Motherboard (ROMB). NOTE: The Storage ROMB battery settings are available only if the system has a ROMB with a battery. ● Fan (available only for rack and tower servers) — Provides information about the system fans — fan redundancy and fans list that display fan speed and threshold values.
Table 17.
NOTE: The CPU, memory, and I/O utilization indexes are aggregated over one minute. Therefore, if there are any instantaneous spikes in these indexes, they may be suppressed. They are indication of workload patterns not the amount of resource utilization. The IPMI, SEL, and SNMP traps are generated if the thresholds of the utilization indexes are reached and the sensor events are enabled. The sensor event flags are disabled by default. It can be enabled using the standard IPMI interface.
The data is collected and displayed for the duration when the system is powered on. You can track and store the monitored temperature for the last seven years. NOTE: You can track the temperature history even for systems that are not Fresh-Air compliant. However, the threshold limits and fresh air related warnings generated are based on fresh air supported limits. The limits are 42ºC for warning and 47ºC for critical. These values correspond to 40ºC and 45ºC fresh air limits with 2ºC margin for accuracy.
2. In the Temperature Probes section, for the System Board Inlet Temp, enter the minimum and maximum values for the Warning Threshold in Centigrade or Fahrenheit. If you enter the value in centigrade, the system automatically calculates and displays the Fahrenheit value. Similarly, if you enter Fahrenheit, the value for Centigrade is displayed. 3. Click Apply. The values are configured.
Viewing network interfaces available on host OS using RACADM Use the gethostnetworkinterfaces command to view the network interfaces available on the host operating systems using RACADM. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Viewing FlexAddress mezzanine card fabric connections In blade servers, FlexAddress allows the use of persistent, chassis-assigned World Wide Names and MAC addresses (WWN/ MAC) for each managed server port connection.
To view the current user sessions, use the getssninfo command. To terminate a user session, use the closessn command. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals.
6 Setting up iDRAC communication You can communicate with iDRAC using any of the following modes: ● iDRAC Web Interface ● Serial connection using DB9 cable (RAC serial or IPMI serial) — For rack and tower servers only ● IPMI Serial Over LAN ● IPMI Over LAN ● Remote RACADM ● Local RACADM ● Remote Services NOTE: To ensure that Local RACADM import or export commands work properly, ensure that the USB mass-storage host is enabled in the operating system.
Topics: • • • • • • • • • • Communicating with iDRAC through serial connection using DB9 cable Switching between RAC serial and serial console while using DB9 cable Communicating with iDRAC using IPMI SOL Communicating with iDRAC using IPMI over LAN Enabling or disabling remote RACADM Disabling local RACADM Enabling IPMI on managed system Configuring Linux for serial console during boot in RHEL 6 Configuring serial terminal in RHEL 7 Supported SSH cryptography schemes Communicating with iDRAC through seri
Enabling RAC serial connection After configuring serial connection in BIOS, enable RAC serial in iDRAC. NOTE: This is applicable only for iDRAC on rack and tower servers. Enabling RAC serial connection using web interface To enable RAC serial connection: 1. In the iDRAC Web interface, go to iDRAC Settings > Network > Serial. The Serial page is displayed. 2. Under RAC Serial, select Enabled and specify the values for the attributes. 3. Click Apply. The RAC serial settings are configured.
Enabling serial connection IPMI mode using RACADM To configure the IPMI mode, disable the RAC serial interface and then enable the IPMI mode. racadm set iDRAC.Serial.Enable 0 racadm set iDRAC.IPMISerial.ConnectionMode n=0 — Terminal Mode n=1 — Basic Mode Enabling serial connection IPMI serial settings using RACADM 1. Change the IPMI serial-connection mode to the appropriate setting using the command. racadm set iDRAC.Serial.Enable 0 2. Set the IPMI Serial baud rate using the command. racadm set iDRAC.
● ● ● ● ● ● Line editing Delete control Echo Control Handshaking control New line sequence Input new line sequences For information about the options, see the iDRAC Online Help. 5. Click Apply. The terminal mode settings are configured. 6. Make sure that the serial MUX (external serial connector) is set correctly to the remote access device in the BIOS Setup program to configure BIOS for serial connection.
Configuring BIOS for serial connection NOTE: This is applicable only for iDRAC on rack and tower servers. 1. Turn on or restart the system. 2. Press F2. 3. Go to System BIOS Settings > Serial Communication. 4. Specify the following values: ● Serial Communication — On With Console Redirection ● Serial Port Address — COM2. NOTE: You can set the serial communication field to On with serial redirection via com1 if serial device2 in the serial port address field is also set to com1.
2. Update the IPMI SOL minimum privilege level using the command. racadm set iDRAC.IPMISol.MinPrivilege Parameter Privilege level = 2 User = 3 Operator = 4 Administrator NOTE: To activate IPMI SOL, you must have the minimum privilege defined in IMPI SOL. For more information, see the IPMI 2.0 specification. 3. Update the IPMI SOL baud rate using the command. racadm set iDRAC.IPMISol.
To change the SSH port racadm set iDRAC.SSH.Port You can use tools such as: ● IPMItool for using IPMI protocol ● Putty/OpenSSH for using SSH or Telnet protocol SOL using IPMI protocol The IPMI-based SOL utility and IPMItool use RMCP+ delivered using UDP datagrams to port 623. The RMCP+ provides improved authentication, data integrity checks, encryption, and the ability to carry multiple types of payloads while using IPMI 2.0. For more information, see http://ipmitool.sourceforge.net/manpage.
3. Enable SSH or Telnet using iDRAC Web interface or RACADM. Telnet (port 23)/ SSH (port 22) client <−−> WAN connection <−−> iDRAC The IPMI-based SOL that uses SSH or Telnet protocol eliminates the need for an additional utility because the serial to network translation happens within iDRAC. The SSH or Telnet console that you use must be able to interpret and respond to the data arriving from the serial port of the managed system.
The default (and maximum) size of the history buffer is 8192 characters. You can set this number to a smaller value using the command: racadm set iDRAC.Serial.HistorySize 4. Quit the SOL session to close an active SOL session. Using Telnet virtual console Some Telnet clients on the Microsoft operating systems may not display the BIOS setup screen correctly when BIOS Virtual Console is set for VT100/VT220 emulation. If this issue occurs, change the BIOS console to ANSI mode to update the display.
Communicating with iDRAC using IPMI over LAN You must configure IPMI over LAN for iDRAC to enable or disable IPMI commands over LAN channels to any external systems. If IPMI over LAN is not configured, then external systems cannot communicate with the iDRAC server using IPMI commands. NOTE: IPMI also supports IPv6 address protocol for Linux-based operating systems. Configuring IPMI over LAN using web interface To configure IPMI over LAN: 1. In the iDRAC Web interface, go to iDRAC Settings > Connectivity.
NOTE: The iDRAC IPMI supports the RMCP+ protocol. For more information, see the IPMI 2.0 specifications at intel.com. Enabling or disabling remote RACADM You can enable or disable remote RACADM using the iDRAC Web interface or RACADM. You can run up to five remote RACADM sessions in parallel. NOTE: Remote RACADM is enabled by default. Enabling or disabling remote RACADM using web interface 1. In iDRAC Web interface, go to iDRAC Settings > Services. 2.
1. Locate the General Setting sections in the file and add the following: serial --unit=1 --speed=57600 terminal --timeout=10 serial 2. Append two options to the kernel line: kernel ............. console=ttyS1,115200n8r console=tty1 3. Disable GRUB's graphical interface and use the text-based interface. Else, the GRUB screen is not displayed in RAC Virtual Console. To disable the graphical interface, comment-out the line starting with splashimage. The following example provides a sample /etc/grub.
#5 - X11 #6 - reboot (Do NOT set initdefault to this) id:3:initdefault: #System initialization. si::sysinit:/etc/rc.d/rc.sysinit l0:0:wait:/etc/rc.d/rc 0 l1:1:wait:/etc/rc.d/rc 1 l2:2:wait:/etc/rc.d/rc 2 l3:3:wait:/etc/rc.d/rc 3 l4:4:wait:/etc/rc.d/rc 4 l5:5:wait:/etc/rc.d/rc 5 l6:6:wait:/etc/rc.d/rc 6 #Things to run in every runlevel.
Configuring serial terminal in RHEL 7 To configure serial terminal in RHEL 7: 1. Add, or update the following lines to /etc/default/grub: GRUB_CMDLINE_LINUX_DEFAULT="console=tty0 console=ttyS0,115200n8" GRUB_TERMINAL="console serial" GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1" GRUB_CMDLINE_LINUX_DEFAULT applies this configuration only to the default menu entry, use GRUB_CMDLINE_LINUX to apply it to all the menu entries.
To configure GRUB to use serial console, comment out the splash image and add the serial and terminal options to grub.conf : [root@localhost ~]# cat /boot/grub/grub.conf # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/hda2 # initrd /initrd-version.
Table 19. SSH cryptography schemes (continued) Scheme Type Algorithms diffie-hellman-group14-sha1 Encryption chacha20-poly1305@openssh.com aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com MAC hmac-sha1 hmac-ripemd160 umac-64@openssh.com Compression None NOTE: If you enable OpenSSH 7.0 or later, DSA public key support is disabled. To ensure better security for iDRAC, Dell recommends not enabling DSA public key support.
Generating public keys for Linux To use the ssh-keygen application to create the basic key, open a terminal window and at the shell prompt, enter ssh-keygen –t rsa –b 2048 –C testing where: ● -t is rsa. ● –b specifies the bit encryption size between 2048 and 4096. ● –C allows modifying the public key comment and is optional. NOTE: The options are case-sensitive. Follow the instructions. After the command executes, upload the public file.
Viewing SSH keys You can view the keys that are uploaded to iDRAC. Viewing SSH keys using web interface To view the SSH keys: 1. In Web interface, go to iDRAC Settings > Users. The Local Users page is displayed. 2. In the User ID column, click a user ID number. The Users Main Menu page is displayed. 3. Under SSH Key Configurations, select View/Remove SSH Key(s) and click Next. The View/Remove SSH Key(s) page is displayed with the key details.
7 Configuring user accounts and privileges You can setup user accounts with specific privileges (role-based authority) to manage your system using iDRAC and maintain system security. By default iDRAC is configured with a local administrator account. The default iDRAC user name and password are provided with the system badge. As an administrator, you can setup user accounts to allow other users to access iDRAC. For more information see the documentation for the server.
Table 21. iDRAC user privileges (continued) Current Generation Prior Generation Description System Control Control and configure system Allows power cycling the host system. Access Virtual Console Access Virtual Console Redirection (for blade servers) Enables the user to run Virtual Console. Access Virtual Console (for rack and tower servers) Access Virtual Media Access Virtual Media Enables the user to run and use Virtual Media.
Configuring local users You can configure up to 16 local users in iDRAC with specific access permissions. Before you create an iDRAC user, verify if any current users exist. You can set user names, passwords, and roles with the privileges for these users. The user names and passwords can be changed using any of the iDRAC secured interfaces (that is, web interface, RACADM or WSMan). You can also enable or disable SNMPv3 authentication for each user.
To enable SNMP v3 authentication for a user, use SNMPv3AuthenticationType, SNMPv3Enable, SNMPv3PrivacyType objects. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. If you use the Server Configuration Profile file to configure users, use the AuthenticationProtocol, ProtocolEnable, and PrivacyProtocol attributes to enable SNMPv3 authentication. Adding iDRAC user using RACADM 1. Set the index and user name. racadm set idrac.users..
You can configure user authentication through Active Directory to log in to the iDRAC. You can also provide role-based authority, which enables an administrator to configure specific privileges for each user. Prerequisites for using Active Directory authentication for iDRAC To use the Active Directory authentication feature of iDRAC, make sure that you have: ● Deployed an Active Directory infrastructure. See the Microsoft website for more information.
Importing iDRAC firmware SSL certificate iDRAC SSL certificate is the identical certificate used for iDRAC Web server. All iDRAC controllers are shipped with a default self-signed certificate. If the Active Directory Server is set to authenticate the client during an SSL session initialization phase, you need to upload iDRAC Server certificate to the Active Directory Domain controller.
Figure 1. Configuration of iDRAC with active directory standard schema In Active Directory, a standard group object is used as a role group. A user who has iDRAC access is a member of the role group. To give this user access to a specific iDRAC, the role group name and its domain name need to be configured on the specific iDRAC. The role and the privilege level are defined on each iDRAC and not in the Active Directory. You can configure up to five role groups in each iDRAC.
Configuring Standard schema Active Directory Before configuring the standard schema Active Directory, ensure that: ● You have the iDRAC enterprise license. ● The configuration is performed on a server that is used as the Domain Controller. ● The dat, time and time zone on the server are correct. ● The iDRAC network settings are configured, or in iDRAC web interface go to iDRAC Settings > Connectivity > Network > Common Settings to configure the network settings.
address of racadm set address of racadm set address of racadm set address of racadm set address of racadm set address of the domain controller> iDRAC.ActiveDirectory.DomainController2 iDRAC.ActiveDirectory.DomainController3 iDRAC.ActiveDirectory.GlobalCatalog1 iDRAC.ActiveDirectory.
Best practices for extended schema The extended schema uses Dell association objects to join iDRAC and permission. This allows you to use iDRAC based on the overall permissions granted. The default Access Control List (ACL) of Dell Association objects allows Self and Domain Administrators to manage the permissions and scope of iDRAC objects. By default, the Dell Association objects do not inherit all permissions from the parent Active Directory objects.
Figure 2. Typical setup for active directory objects You can create as many or as few association objects as required. However, you must create at least one Association Object, and you must have one iDRAC Device Object for each iDRAC device on the network that you want to integrate with Active Directory for Authentication and Authorization with iDRAC. The Association Object allows for as many or as few users and/or groups as well as iDRAC Device Objects.
The figure shows two Association Objects—A01 and A02. User1 is associated to iDRAC2 through both association objects. Extended Schema Authentication accumulates privileges to allow the user the maximum set of privileges possible considering the assigned privileges of the different privilege objects associated to the same user. In this example, User1 has both Priv1 and Priv2 privileges on iDRAC2. User1 has Priv1 privileges on iDRAC1 only. User2 has Priv1 privileges on both iDRAC1 and iDRAC2.
Classes and attributes Table 25. Class definitions for classes added to the active directory schema Class Name Assigned Object Identification Number (OID) delliDRACDevice 1.2.840.113556.1.8000.1280.1.7.1.1 delliDRACAssociation 1.2.840.113556.1.8000.1280.1.7.1.2 dellRAC4Privileges 1.2.840.113556.1.8000.1280.1.1.1.3 dellPrivileges 1.2.840.113556.1.8000.1280.1.1.1.4 dellProduct 1.2.840.113556.1.8000.1280.1.1.1.5 Table 26. DelliDRACdevice class OID 1.2.840.113556.1.8000.1280.1.7.1.
Table 28. dellRAC4Privileges class (continued) OID 1.2.840.113556.1.8000.1280.1.1.1.3 dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 29. dellPrivileges class OID 1.2.840.113556.1.8000.1280.1.1.1.4 Description Used as a container Class for the Dell Privileges (Authorization Rights). Class Type Structural Class SuperClasses User Attributes dellRAC4Privileges Table 30. dellProduct class OID 1.2.840.
Table 31. List of attributes added to the active directory schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued TRUE if the user has Card Configuration rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsUserConfigAdmin 1.2.840.113556.1.8000.1280.1.1.2.5 TRUE if the user has User Configuration rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) delIsLogClearAdmin 1.2.840.113556.1.8000.1280.1.1.2.
Installing Dell extension to the Active Directory users and computers snap-in When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers Snap-in so the administrator can manage iDRAC devices, users and user groups, iDRAC associations, and iDRAC privileges.
Providing user access privileges for association objects To provide access privileges to the authenticated users for accessing the created association objects: 1. Go to Administrative Tools > ADSI Edit. The ADSI Edit window is displayed. 2. In the right-pane, navigate to the created association object, right-click and select Properties. 3. In the Security tab, click Add. 4. Type Authenticated Users, click Check Names, and click OK. The authenticated users is added to the list of Groups and user names. 5.
3. Click Next. The Active Directory Configuration and Management Step 2 of 4 page is displayed. 4. Specify the location information about Active Directory (AD) servers and user accounts. Also, specify the time iDRAC must wait for responses from AD during login process. NOTE: ● If certificate validation is enabled, specify the Domain Controller Server addresses and the FQDN.
3. If DHCP is disabled in iDRAC or you want to manually input your DNS IP address, enter the following command: racadm set iDRAC.IPv4.DNSFromDHCP 0 racadm set iDRAC.IPv4.DNSFromDHCP.DNS1 racadm set iDRAC.IPv4.DNSFromDHCP.DNS2 4. If you want to configure a list of user domains so that you only need to enter the user name during log in to iDRAC web interface, use the following command: racadm set iDRAC.UserDomain..
Configuring generic LDAP directory service using iDRAC webbased interface To configure the generic LDAP directory service using Web interface: NOTE: For information about the various fields, see the iDRAC Online Help. 1. In the iDRAC Web interface, go to iDRAC Settings > Users > Directory Services > Generic LDAP Directory Service, click Edit. The Generic LDAP Configuration and Management Step 1 of 3 page displays the current generic LDAP settings. 2.
NOTE: When testing LDAP settings with Enable Certificate Validation checked, iDRAC requires that the LDAP server be identified by the FQDN and not an IP address. If the LDAP server is identified by an IP address, certificate validation fails because iDRAC is not able to communicate with the LDAP server. NOTE: When generic LDAP is enabled, iDRAC first tries to login the user as a directory user. If it fails, local user lookup is enabled. The test results and the test log are displayed.
8 System Lockdown mode System Lockdown mode helps in preventing unintended changes after a system is provisioned. This feature can help in protecting the system from unintentional or malicious changes. Lockdown mode is applicable to both configuration and firmware updates. When the system is locked down, any attempt to change the system configuration is blocked. If any attempts are made to change the critical system settings, an error message is displayed.
Table 32. Items affected by Lockdown mode Disabled Remain functional ● Identify devices (chassis and PERC) ● ISM/OMSA settings (OS BMC enable, watchdog ping, OS name, OS version) ● Modular operations (FlexAddress or Remote-Assigned Address) ● Group Manager passcode NOTE: When lockdown mode is enabled, OpenID Connect login option is not displayed in iDRAC login page.
9 Configuring iDRAC for Single Sign-On or smart card login This section provides information to configure iDRAC for Smart Card login (for local users and Active Directory users), and Single Sign-On (SSO) login (for Active Directory users.) SSO and smart card login are licensed features. iDRAC supports Kerberos based Active Directory authentication to support Smart Card and SSO logins. For information on Kerberos, see the Microsoft website.
Creating Active Directory objects and providing privileges Logging in to Active Directory Standard schema based SSO Perform the following steps for Active Directory Standard schema based SSO login: 1. Create a User Group. 2. Create a User for Standard schema. NOTE: Use the existing AD User Group & AD User. Logging in to Active Directory Extended schema based SSO Perform the following steps for Active Directory Extended schema based SSO login: 1.
Generating Kerberos keytab file To support the SSO and smart card login authentication, iDRAC supports the configuration to enable itself as a kerberized service on a Windows Kerberos network. The Kerberos configuration on iDRAC involves the same steps as configuring a non– Windows Server Kerberos service as a security principal in Windows Server Active Directory.
Configuring iDRAC SSO login for Active Directory users using RACADM To enable SSO, complete the steps to configure Active Directory, and run the following command: racadm set iDRAC.ActiveDirectory.SSOEnable 1 Management Station Settings Perform the following steps after configuring SSO login for Active Directory users: 1. Set the DNS Server IP in Network properties and mention the preferred DNS Server IP. 2. Go to My Computer and add the tiger.com domain. 3.
Enabling or disabling smart card login using RACADM To enable smart card login, use the set command with objects in the iDRAC.SmartCard group. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Enabling or disabling smart card login using iDRAC settings utility To enable or disable the Smart Card logon feature: 1. In the iDRAC Settings utility, go to Smart Card. The iDRAC Settings Smart Card page is displayed. 2. Select Enabled to enable smart card logon.
3. Set the option to Enable CRL Check for Smart Card Logon. 4. Click Apply. Uploading smart card user certificate using RACADM To upload smart card user certificate, use the usercertupload object. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Requesting Certificate for smart card enrollment Follow these steps to request certificate for smart card enrollment: 1. Connect the smart card in the client system and install the required drivers & software. 2.
10 Configuring iDRAC to send alerts You can set alerts and actions for certain events that occur on the managed system. An event occurs when the status of a system component is greater than the pre-defined condition. If an event matches an event filter and you have configured this filter to generate an alert (e-mail, SNMP trap, IPMI alert, remote system logs, Redfish event, or WS events), then an alert is sent to one or more configured destinations.
2. Under Quick Alert Configuration section: ● Select the alert category. ● Select the issue severity notification. ● Select the location where you would like to receive these notifications. 3. Click Apply to save the setting. NOTE: You must select at least one category, one severity, and one destination type to apply the configuration. All the alerts that are configured are displayed in total under Alerts Configuration Summary.
● Informational ● Warning ● Critical 4. Click Apply. The Alert Results section displays the results based on the selected category and severity. Filtering alerts using RACADM To filter the alerts, use the eventfilters command. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Setting event alerts You can set event alerts such as e-mail alerts, IPMI alerts, SNMP traps, remote system logs, operating system logs, and WS events to be sent to configured destinations.
Setting alert recurrence events using iDRAC web interface To set the alert recurrence value: 1. In iDRAC Web interface, go to Configuration > System Settings > Alert Recurrence. 2. In the Recurrence column, enter the alert frequency value for the required category, alert, and severity type(s). For more information, see the iDRAC Online help. 3. Click Apply. The alert recurrence settings are saved.
Configuring IP alert destinations using web interface To configure alert destination settings using Web interface: 1. In iDRAC Web interface, go to Configuration > System Settings > SNMP and E-mail Settings. 2. Select the State option to enable an alert destination (IPv4 address, IPv6 address, or Fully Qualified Domain Name (FQDN)) to receive the traps. You can specify up to eight destination addresses. For more information about the options, see the iDRAC Online Help. 3.
● Set the SNMP trap destination for SNMPv3: racadm set idrac.SNMP.Alert..DestAddr ● Set SNMPv3 users for trap destinations: racadm set idrac.SNMP.Alert..SNMPv3Username ● Enable SNMPv3 for a user: racadm set idrac.users..SNMPv3Enable Enabled 5. To test the trap, if required: racadm testtrap -i For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals.
Configuring email alert settings using RACADM 1. To enable email alert: racadm set iDRAC.EmailAlert.Enable.[index] [n] Parameter Description index Email destination index. Allowed values are 1 through 4. n=0 Disables email alerts. n=1 Enables email alerts. 2. To configure email settings: racadm set iDRAC.EmailAlert.Address.[index] [email-address] Parameter Description index Email destination index. Allowed values are 1 through 4.
5. Click Apply. The SMTP settings are configured. Configuring SMTP email server address settings using RACADM To configure the SMTP email server: racadm set iDRAC.RemoteHosts.SMTPServerIPAddress Configuring WS Eventing The WS Eventing protocol is used for a client service (subscriber) to register interest (subscription) with a server (event source) for receiving messages containing the server events (notifications or event messages).
4. Under the Chassis Management at Server section, ensure that Capability from iDRAC drop-down box is set to Enabled. Monitoring chassis events using RACADM This setting is applicable only for PowerEdge FX2/FX2s servers and if Chassis Management at Server mode is set to Monitor or Manage and Monitor in CMC. To monitor chassis events using iDRAC RACADM: racadm get system.chassiscontrol.chassismanagementmonitoring For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals.
Table 33.
Table 33.
11 iDRAC 9 Group Manager iDRAC Group Manager feature is available for Dell's 14th generation servers to offer simplified basic management of iDRACs and associated servers on the associated servers on the local network using the iDRAC GUI. Group Manager allows 1XMany console experience without involving a separate application. It allows the users to view the details of a set of servers by permitting more powerful management than by inspecting servers visually for faults and other manual methods.
iDRAC from where the group was created gets chosen as the primary controller of the group by default. The user does not define a dedicated group manager primary controller to control that group. The primary controller hosts the group manager web interface and provides the GUI based work flows. The iDRAC members self-select a new primary controller for the group if the current primary goes offline for a prolonged duration, but that does not have any impact on the end user.
Add a New User Use this section to create and add a new user profile on all the servers in that group. A group job would be created to add the user to all servers in that group. The status of group job can be found at GroupManager > Jobs page. NOTE: By default iDRAC is configured with a local administrator account. You can access further information for each parameter with local administrator account. For more information see, Configuring user accounts and privileges. Table 36.
Table 37. Configuring alerts options (continued) Option Description Email Addresses Allows you to configure multiple Email IDs to receive email notifications about system status change. You can send one test email to the configured account from the system. Alert Categories Allows you to select multiple alert categories to receive email notifications. NOTE: Any member iDRAC with system lockdown enabled, that is part of the same group returns an error that the user password was not updated.
Table 38. Group onboard options Option Description Onboard and Change Login Select a specific row and select the Onboard and Change Login option to get the newly discovered systems to the group. You must provide the admin logon credentials for the new systems to join the group. If the system has the default password, you need to change it while onboarding it to a group. Group onboarding allows you to apply the same group alert settings to the new systems.
NOTE: While an onboarding job is running no other Job can be scheduled. Jobs include: ● Add New User ● Change User Password ● Delete User ● Configure Alerts ● Onboard additional systems ● Change Group Passcode ● Change Group Name Attempting to invoke another Job while an Onboarding task is active, consequences GMGR0039 error code. Once the onboarding task has made its first attempt to onboard all the new systems, Jobs can be created at any point in time.
Table 41. Group setting actions (continued) Actions Description Change Passcode Allows you to change the existing group password by entering a New Group Passcode and validating that password by Reenter New Group Passcode. Remove Systems Allows you to remove multiple systems from the group at a time. Delete Group Allows you to delete the group. To use any feature of group manager, the user should have administrator privileges. Any pending jobs will be stopped in case the group is deleted.
12 Managing logs iDRAC provides Lifecycle log that contains events related to system, storage devices, network devices, firmware updates, configuration changes, license messages, and so on. However, the system events are also available as a separate log called System Event Log (SEL). The lifecycle log is accessible through iDRAC Web interface, RACADM, and WSMan interface. When the size of the lifecycle log reaches 800 KB, the logs are compressed and archived.
Viewing System Event Log using iDRAC settings utility You can view the total number of records in the System Event Log (SEL) using the iDRAC Settings Utility and clear the logs. To do this: 1. In the iDRAC Settings Utility, go to System Event Log. The iDRAC Settings.System Event Log displays the Total Number of Records. 2. To clear the records, select Yes. Else, select No. 3. To view the system events, click Display System Event Log. 4. Click Back, click Finish, and then click Yes.
1. In the Lifecycle Log page, under the Log Filter section, do any or all of the following: ● ● ● ● Select the Log Type from the drop-down list. Select the severity level from the Severity drop-down list. Enter a keyword. Specify the date range. 2. Click Apply. The filtered log entries are displayed in Log Results. Adding comments to Lifecycle logs To add comments to the Lifecycle logs: 1. In the Lifecycle Log page, click the + icon for the required log entry. The Message ID details are displayed. 2.
To add a work note: 1. In the iDRAC Web interface, go to Dashboard > Notes > add note. The Work Notes page is displayed. 2. Under Work Notes, enter the text in the blank text box. NOTE: It is recommended not to use too many special characters. 3. Click Save. The work note is added to the log. For more information, see the iDRAC Online Help. Configuring remote system logging You can send lifecycle logs to a remote system.
13 Monitoring and managing power You can use iDRAC to monitor and manage the power requirements of the managed system. This helps to protect the system from power outages by appropriately distributing and regulating the power consumption on the system. The key features are: ● Power Monitoring — View the power status, history of power measurements, the current averages, peaks, and so on for the managed system.
○ Displays or specifies the warning threshold utilization limit. You must have server configure privilege to set the threshold values. For information about the displayed properties, see the iDRAC Online Help. Monitoring performance index for of CPU, memory, and input output modules using RACADM Use the SystemPerfStatistics sub command to monitor performance index for CPU, memory, and I/O modules. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals.
1. In iDRAC web interface, go to Configuration > Power Management > Power Control. The Power Control options are displayed. 2. Select the required power operation: ● ● ● ● ● ● Power On System Power Off System NMI (Non-Masking Interrupt) Graceful Shutdown Reset System (warm boot) Power Cycle System (cold boot) 3. Click Apply. For more information, see the iDRAC Online Help. Executing power control operations using RACADM To perform power actions, use the serveraction command.
Configuring power cap policy using web interface To view and configure the power policies: 1. In iDRAC Web interface, go to Configuration > Power Management > Power Cap Policy. The current power policy limit is displayed under the Power Cap Limits section. 2. Select Enable under Power Cap. 3. Under Power Cap Limits section, enter the power limit within recommended range in Watts and BTU/hr or the maximum % of recommended system limit. 4. Click Apply to apply the values.
1. In iDRAC Web interface, go to Configuration > Power Management > Power Configuration. 2. Under Power Redundancy Policy, select the required options. For more information, see iDRAC Online Help. 3. Click Apply. The power supply options are configured. Configuring power supply options using RACADM To ● ● ● ● configure the power supply options, use the following objects with the get/set command: System.Power.RedundancyPolicy System.Power.Hotspare.Enable System.Power.Hotspare.PrimaryPSU System.Power.PFC.
● Accurate representation of slot by slot PCIe airflow in terms of LFM metric (Linear Feet per Minute - an accepted industry standard on how PCIe card airflow requirement is specified). Display of this metric in various iDRAC interfaces allows user to: 1. know the maximum LFM capability of each slot within the server. 2. know what approach is being taken for PCIe cooling for each slot (airflow controlled, temperature controlled). 3.
14 Inventorying, monitoring, and configuring network devices You can inventory, monitor, and configure the following network devices: ● Network Interface Cards (NICs) ● Converged Network Adapters (CNAs) ● LAN On Motherboards (LOMs) ● Network Daughter Cards (NDCs) ● Mezzanine cards (only for blade servers) Before you disable NPAR or an individual partition on CNA devices, ensure that you clear all I/O identity attributes (Example: IP address, virtual addresses, initiator, and storage targets) and partition-l
Connection View Manually checking and troubleshooting the servers’ networking connections is unmanageable in a datacenter environment. iDRAC9 streamlines the job with iDRAC Connection View. This feature allows you to remotely check and troubleshoot network connections from the same centralized GUI that you are using for deploying, updating, monitoring, and maintaining the servers.
Possible Connection View Data Description Stale Data Last known good data, either the Network controller port link is down or the system is powered off. Use the refresh option to refresh the connection view details to get the latest data. Valid Data Displays the Valid Switch Connection ID and the Switch Port Connection ID information. Connection View Supported Network Controllers Following cards or controllers support Connection View feature.
Monitoring FC HBA devices using RACADM To view the FC HBA device information using RACADM, use the hwinventory command. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Dynamic configuration of virtual addresses, initiator, and storage target settings You can dynamically view and configure the virtual address, initiator and storage target settings, and apply a persistence policy.
Table 43.
The following table provides the NIC firmware versions for the I/O identity optimization feature. Virtual or Remote assigned Address and Persistence Policy behavior when iDRAC is set to Remote-Assigned Address mode or Console mode The following table describes the Virtual Address Management (VAM) configuration and Persistence Policy behavior, and the dependencies. Table 44.
Table 44. Virtual/Remote-Assigned Address and Persistence Policy behavior (continued) Remote assigned Address Feature State in OME Modular Mode set in iDRAC IO Identity Feature State in iDRAC SCP Persistence Policy Clear Persistence Policy — Virtual Address Remote-Assigned Address disabled Console Mode Disabled Configured using the path provided in Lifecycle Controller Lifecycle Controller configuration persists for that cycle No persistence supported.
NOTE: Do not modify non I/O Identity Optimization attributes. Enabling or disabling IO Identity Optimization using web interface To enable or disable I/O Identity Optimization: 1. In the iDRAC Web interface, go to Configuration > System Settings > Hardware Settings > I/O Identity Optimization. The I/O Identity Optimization page is displayed. 2. Click the I/O Identity Optimization tab, select the Enable option to enable this feature. To disable, clear this option. 3. Click Apply to apply the setting.
Default values for persistence policy Table 46.
Table 47. iSCSI initiator —default values (continued) iSCSI Initiator Default Values in IPv4 mode Default Values in IPv6 mode IscsiInitiatorIpv4Addr 0.0.0.0 0.0.0.0 IscsiInitiatorIpv6Addr :: :: IscsiInitiatorSubnet 0.0.0.0 0.0.0.0 IscsiInitiatorSubnetPrefix 0 0 IscsiInitiatorGateway 0.0.0.0 :: IscsiInitiatorIpv4Gateway 0.0.0.0 0.0.0.0 IscsiInitiatorIpv6Gateway :: :: IscsiInitiatorPrimDns 0.0.0.0 :: IscsiInitiatorIpv4PrimDns 0.0.0.0 0.0.0.
Table 48.
15 Managing storage devices Starting with iDRAC 3.15.15.15 release, iDRAC supports Boot Optimized Storage Solution (BOSS) controller in the 14 th generation of PowerEdge servers. BOSS controllers are designed specifically for booting the operating system of the server. These controllers support limited RAID features and the configuration is staged. NOTE: BOSS controllers support only RAID level1. iDRAC has expanded its agent-free management to include direct configuration of the PERC controllers.
Storage events from PERC are mapped to SNMP traps and WSMan events as applicable. Any changes to the storage configurations are logged in the Lifecycle Log. Table 49. PERC capability PERC Capability Real-time CEM configuration Capable Controller (PERC 9.1 or later) NOTE: For the 14th generation of PowerEdge servers, PERC 9 and PERC 10 controllers are supported. If there is no existing pending or scheduled jobs for the controller, then configuration is applied.
RAID levels maintain redundant data, which means for some RAID levels lost data cannot be restored. The RAID level you choose depends on whether your priority is performance, protection, or storage capacity. NOTE: The RAID Advisory Board (RAB) defines the specifications used to implement RAID. Although RAB defines the RAID levels, commercial implementation of RAID levels by different vendors may vary from the actual RAID specifications.
● Availability or fault-tolerance — Availability or fault-tolerance refers to the ability of a system to maintain operations and provide access to data even when one of its components has failed. In RAID volumes, availability or fault-tolerance is achieved by maintaining redundant data. Redundant data includes mirrors (duplicate data) and parity information (reconstructing data using an algorithm).
RAID 0 characteristics: ● ● ● ● Groups n disks as one large virtual disk with a capacity of (smallest disk size) *n disks. Data is stored to the disks alternately. No redundant data is stored. When a disk fails, the large virtual disk fails with no means of rebuilding the data. Better read and write performance. RAID level 1 - mirroring RAID 1 is the simplest form of maintaining redundant data. In RAID 1, data is mirrored or duplicated on one or more physical disks.
RAID 5 characteristics: ● Groups n disks as one large virtual disk with a capacity of (n-1) disks. ● Redundant information (parity) is alternately stored on all disks. ● When a disk fails, the virtual disk still works, but it is operating in a degraded state. The data is reconstructed from the surviving disks. ● Better read performance, but slower write performance. ● Redundancy for protection of data.
● ● ● ● ● Redundant information (parity) is alternately stored on all disks. The virtual disk remains functional with up to two disk failures. The data is reconstructed from the surviving disks. Better read performance, but slower write performance. Increased redundancy for protection of data. Two disks per span are required for parity. RAID 6 is more expensive in terms of disk space. RAID level 50 - striping over RAID 5 sets RAID 50 is striping over more than one span of physical disks.
RAID 60 characteristics: ● Groups n*s disks as one large virtual disk with a capacity of s*(n-2) disks, where s is the number of spans and n is the number of disks within each span. ● Redundant information (parity) is alternately stored on all disks of each RAID 6 span. ● Better read performance, but slower write performance. ● Increased redundancy provides greater data protection than a RAID 50. ● Requires proportionally as much parity information as RAID 6. ● Two disks per span are required for parity.
RAID 10 characteristics: ● ● ● ● ● Groups n disks as one large virtual disk with a capacity of (n/2) disks, where n is an even integer. Mirror images of the data are striped across sets of physical disks. This level provides redundancy through mirroring. When a disk fails, the virtual disk still works. The data is read from the surviving mirrored disk. Improved read performance and write performance. Redundancy for protection of data.
Table 50. RAID level performance comparison (continued) RAID Level Data Availability Read Performance Write Performance Rebuild Performance Minimum Disks Required Suggested Uses RAID 50 Good Very Good Fair Fair N + 2 (N = at least 4) Medium sized transactional or data intensive uses. RAID 6 Excellent Sequential reads: good. Transactional reads: Very good Fair, unless using writeback cache Poor N + 2 (N = at least two disks) Critical information.
Supported enclosures iDRAC supports MD1400 and MD1420 enclosures. NOTE: Redundant Array of Inexpensive Disks (RBODS) that are connected to HBA controllers are not supported. NOTE: PERC H480 with version 10.1 or greater, firmware supports up to 4 enclosures per port. Summary of supported features for storage devices The following tables provide the features supported by the storage devices through iDRAC. Table 51.
Table 51.
Table 51.
Table 52.
Table 52. Supported features of storage controllers for MX platforms (continued) Feature PERC 10 PERC 9 H745P MX H730P MX Securely erase the data for PCIe SSD Not applicable Not applicable Configure Backplane mode (split/ unified) Not applicable Not applicable Blink or unblink component LEDs Real-time Real-time Switch Controller Mode Not applicable Staged T10PI Support for Virtual Disks Not applicable Not applicable Table 53.
Monitoring storage devices using web interface To view the storage device information using web interface: ● Go to Storage > Overview > Summary to view the summary of the storage components and the recently logged events. This page is automatically refreshed every 30 seconds. ● Go to Storage > Overview > Controllers to view the RAID controller information. The Controllers page is displayed. ● Go to Storage > Overview > Physical Disks to view physical disk information. The Physical Disks page is displayed.
● ● ● ● Blink or unblink the LED. Rebuild physical disk Cancel rebuild physical disk Cryptographic erase Assigning or unassigning physical disk as global hot spare A global hot spare is an unused backup disk that is part of the disk group. Hot spares remain in standby mode. When a physical disk that is used in a virtual disk fails, the assigned hot spare is activated to replace the failed physical disk without interrupting the system or requiring your intervention.
Depending on your requirement, you can also choose to apply At Next Reboot or At Scheduled Time. Based on the selected operation mode, the settings are applied. Assigning or unassigning global hot spare using RACADM Use the storage command and specify the type as global hot spare. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. Converting a physical disk to RAID or non-RAID mode Converting a physical disk to RAID mode enables the disk for all RAID operations.
The RACADM SystemErase sub-command includes options for the following categories: ● The SecureErasePD option cryptographically erases all the secure erase drives. ● The OverwritePD option overwrites data on all drives.
● At Next Reboot — Select this option to apply the actions during the next system reboot. ● At Scheduled Time — Select this option to apply the actions at a scheduled day and time: ○ Start Time and End Time — Click the calendar icons and select the days. From the drop-down menus, select the time. The action is applied between the start time and end time.
● ● ● ● ● ● ● ● ● ● ● Delete Edit policies Initialize Check consistency Cancel check consistency Encrypt virtual disks Assign or unassign dedicated hot spares Blink and unblink virtual disk Cancel background initialization Online capacity expansion RAID level migration NOTE: You can manage and monitor 240 virtual disks using iDRAC interfaces. To create VDs, use either Device Setup (F2), PERCCLI command line tool, or Dell OpenManage Server Administrator (OMSA).
● There are limitations on the number of physical disks that can be included in the virtual disk. These limitations depend on the controller. When creating a virtual disk, controllers support a certain number of stripes and spans (methods for combining the storage on physical disks). Because the number of total stripes and spans is limited, the number of physical disks that can be used is also limited.
● No Read Ahead — Selecting no read ahead policy indicates that the controller should not use read ahead policy. The write policies specify if the controller sends a write-request completion signal when the data is in the cache or after it has been written to the disk. ● Write Through — The controller sends a write-request completion signal only after the data is written to the disk.
NOTE: Do not initialize virtual disks when attempting to recreate an existing configuration. You can perform a fast initialization, a full Initialization, or cancel the initialization operation. NOTE: The cancel initialization is a real-time operation. You can cancel the initialization using only the iDRAC Web interface and not RACADM. Fast initialization The fast initialize operation initializes all physical disks included in the virtual disk.
You can assign only 4K drives as hot spare to 4K virtual disks. If you have assigned a physical disk as a dedicated hot spare in Add to Pending Operation mode, the pending operation is created but a job is not created. Then, if you try to unassign the dedicated hot spare, the assign dedicated hot spare pending operation is cleared. If you have unassigned a physical disk as a dedicated hot spare in Add to Pending Operation mode, the pending operation is created but a job is not created.
Table 54. Possible VD Layout (continued) Source VD Layout Possible target VD Layout with Disk Add Possible target VD Layout Without disk addition R1 R0/R5/R6 R0 R5 R0/R6 R0 R6 R0/R5 R0/R5 Permitted operations when OCE or RLM is going on The following operations are allowed when OCE/RLM is going on: Table 55.
Cancel Initialization This feature is the ability to cancel the background initialization on a virtual disk. On PERC controllers, the background initialization of redundant virtual disk starts automatically after a virtual disk is created. The background initialization of redundant virtual disk prepares the virtual disk for parity information and improves write performance. However, some processes such as creating a virtual disk cannot be run while the background initialization is in progress.
4. Click Apply Now to apply the changes immediately, At Next Reboot to apply the changes after next reboot, At Scheduled Time to apply the changes at a particular time, and Discard All Pending to discard the changes. Based on the selected operation mode, the settings are applied.
Table 56.
● BGI rate ● Reconstruct rate ● Enhanced auto import foreign configuration ● Create or change security keys ● Encryption mode (Local Key Management and Secure Enterprise key Manager) You must have Login and Server Control privilege to configure the controller properties. Patrol read mode considerations Patrol read identifies disk errors to avoid disk failures, data loss, or corruption. It runs automatically once a week on SAS and SATA HDDs.
Check consistency The Check Consistency task verifies the accuracy of the redundant (parity) information. This task only applies to redundant virtual disks. When necessary, the Check Consistency task rebuilds the redundant data. If the virtual disk is in a Failed Redundancy state, running a check consistency may be able to return the virtual disk to a Ready state.
NOTE: ● If configuration is successful, Edit SEKM and Rekey buttons will be displayed. If you cancel the configuration, Configure SEKM button will be displayed. ● When SEKM configuration is failed Edit SEKM and Rekey buttons will not be displayed. Then, select Secure Enterprise Key Manager from Security (Encryption) field.
● To create, modify, or delete security key to encrypt virtual drives: racadm storage createsecuritykey: -key -passwd racadm storage modifysecuritykey: -key -oldpasswd -newpasswd racadm storage deletesecuritykey: Importing or auto importing foreign configuration A foreign configuration is data residing on physical disks that have been moved from one controller to another.
Importing foreign configuration using web interface NOTE: If there is an incomplete foreign disk configuration in the system, then the state of one or more existing online virtual disks is also displayed as foreign. NOTE: Importing foreign configuration for BOSS controller is not supported. To import foreign configuration: 1. In the iDRAC web interface, go to Configuration > Storage Configuration;. 2. From the Controller drop-down menu, select the controller you want to import the foreign configuration to.
Resetting controller configuration You can reset the configuration for a controller. This operation deletes virtual disk drives and unassigns all hot spares on the controller. It does not erase any data other than removing the disks from the configuration. Reset configuration also does not remove any foreign configurations. The real-time support of this feature is available only in PERC 9.1 firmware. Reset configuration does not erase any data.
● The controller must not have preserved cache. ● You have server control privileges to switch the controller mode. NOTE: Ensure that you back up the foreign configuration, security key, virtual disks, and hot spares before you switch the mode as the data is deleted. NOTE: Ensure that a CMC license (not applicable for MX platforms) is available for PERC FD33xS and FD33xD storage sleds before you change the controller mode.
● To create a job and apply changes: $ racadm jobqueue create -s TIME_NOW -r pwrcycle For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. 12 Gbps SAS HBA adapter operations The non-RAID controllers are the HBAs that do not have few RAID capabilities. They do not support virtual disks. 14G iDRAC interface supports 12 Gbps SAS HBA controller, and HBA330 (integrated and adapter) controllers.
○ Patrol read unconfigured areas ● View all properties that are applicable to a RAID controller expect for virtual disks. ● Clear foreign configuration NOTE: If an operation is not supported in non-RAID mode, an error message is displayed. You cannot monitor the enclosure temperature probes, fans, and power supplies when the controller is in non-RAID mode.
● TTY logs reporting You can perform the following operations for SSDs: ● Drive status reporting such as Online, Failed, and Offline NOTE: Hot plug capability, prepare to remove, and blink or unblink the device LED is not applicable for HHHL PCIe SSD devices. NOTE: When NVMe devices are controlled behind S140, prepare to remove and cryptographic erase operations are not supported, blink and unblink are supported.
The Prepare to Remove operation is not supported for PCIe SSDs on the VMware vSphere (ESXi) systems and HHHL PCIe SSD devices. NOTE: Prepare to Remove operation is supported on systems with ESXi 6.0 with iDRAC Service Module version 2.1 or higher. The Prepare to Remove operation can be performed in real-time using iDRAC Service Module. The Prepare to Remove operation stops any background activity and any ongoing I/O activity so that device can be removed safely.
Erasing PCIe SSD device data NOTE: This operation is not supported when PCIe SSD is configured using the S140 controller. Cryptographic Erase permanently erases all data present on the disk. Performing a Cryptographic Erase on an PCIe SSD overwrites all blocks and results in permanent loss of all data on the PCIe SSD. During Cryptographic Erase, the host is unable to access the PCIe SSD. The changes are applied after system reboot.
Erasing PCIe SSD device data using RACADM To securely erase a PCIe SSD device: racadm storage secureerase: To create the target job after executing the secureerase command: racadm jobqueue create -s TIME_NOW -e To query the job ID returned: racadm jobqueue view -i For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals.
To modify the setting, you must have Server Control privilege. If any other RAID operations are in pending state or any RAID job is scheduled, you cannot change the backplane mode. Similarly, if this setting is pending, you cannot schedule other RAID jobs. NOTE: ● Warning messages are displayed when the setting is being changed as there is a possibility of data loss. ● LC Wipe or iDRAC reset operations do not change the expander setting for this mode.
2. Run the following command to view the requested mode: racadm get storage.enclosure.1.backplanerequestedmode The output is: BackplaneRequestedMode=None 3. Run the following command to set the requested backplane mode to split mode: racadm set storage.enclosure.1.backplanerequestedmode "splitmode" The message is displayed indicating that the command is successful. 4. Run the following command to verify if the backplanerequestedmode attribute is set to split mode: racadm get storage.enclosure.1.
The output is: BackplaneCurrentMode=SplitMode 12. Run the following command and verify that only 0–11 drives are displayed: racadm storage get pdisks For more information about the RACADM commands, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Viewing universal slots Some 14 th generation PowerEdge server backplanes supports both SAS/SATA and PCIe SSD drives in the same slot.
Set Enclosure Asset Tag Set Enclosure Asset Tag allows you to configure Asset Tag of a storage enclosure. User can change the Asset Tag property of the enclosure to identify enclosures. These fields are checked for invalid values and an error is displayed if an invalid value is entered. These fields are part of the enclosure firmware; the data initially shown are the values saved in the firmware. NOTE: Asset Tag has a character limit of 10 that includes the null character.
NOTE: ● The Add to Pending Operations option in not applicable for the Pending Operations page and for PCIe SSDs in the Physical Disks > Setup page. ● Only the Apply Now option is available on the Enclosure Setup page. 3. Click Apply. Based on the operation mode selected, the settings are applied. Choosing operation mode using RACADM To select the operation mode, use the jobqueue command. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals.
6. If the commit job is created successfully, a message indicating that the job ID is created for the selected controller is displayed. Click Job Queue to view the progress of the job in the Job Queue page. If the clear foreign configuration, import foreign configuration, security key operations, or encrypt virtual disk operations are in pending state, and if these are the only operations pending, then you cannot create a job from the Pending Operations page.
Case 4: selected add to pending operations and there are prior existing pending operations If you have selected Add to Pending Operations and then clicked Apply, first the pending operation is created for the selected storage configuration operation. ● If the pending operation is created successfully and if there are existing pending operations, then an information message is displayed: ○ Click OK to remain on the page to perform more storage configuration operations.
Blinking or unblinking component LEDs using RACADM To blink or unblink component LEDs, use the following commands: racadm storage blink: racadm storage unblink: For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals.
16 BIOS Settings You can view multiple attributes, which are being used for a specific server under the BIOS Settings. You can modify different parameters of each attribute from this BIOS configuration setting. Once you select one attribute, it shows different parameters which are related to that specific attribute. You can modify multiple parameters of an attribute and apply changes before modifying a different attribute.
modifications. In case, the request fails to remove the BIOS attributes, it throws an error with corresponding HTTP Response Status code mapped to SMIL API error or Job Creation error. An EEMI message is generated and displayed at that point. Pending Value Configuration of a BIOS attribute via iDRAC is not applied immediately to BIOS. It requires a server reboot for the changes to take place. When you modify a BIOS attribute then Pending Value gets updated.
17 Configuring and using virtual console You can use the virtual console to manage a remote system using the keyboard, video, and mouse on your management station to control the corresponding devices on a managed server. This is a licensed feature for rack and tower servers. It is available by default in blade servers. The key features are: ● A maximum of six simultaneous Virtual Console sessions are supported. All the sessions view the same managed server console simultaneously.
• • • Previewing virtual console Launching virtual console Using virtual console viewer Supported screen resolutions and refresh rates The following table lists the supported screen resolutions and corresponding refresh rates for a Virtual Console session running on the managed server. Table 58.
Previewing virtual console Before launching the Virtual Console, you can preview the state of the Virtual Console on the System > Properties > System Summary page. The Virtual Console Preview section displays an image showing the state of the Virtual Console. The image is refreshed every 30 seconds. This is a licensed feature. NOTE: The Virtual Console image is available only if you have enabled Virtual Console.
NOTE: Internet Explorer supports Local, Active Directory, LDAP, Smart Card (SC) and Single Sign-On (SSO) logins. Firefox supports Local, AD, and SSO logins on Windows-based operating system and Local, Active Directory, and LDAP logins on Linux-based operating systems. NOTE: If you do not have Access Virtual Console privilege but have Access Virtual Media privilege, then using this URL launches the Virtual Media instead of the Virtual Console.
HTML5 based virtual console NOTE: Check the release notes for the expanded OS support for HTML5. NOTE: While using HTML5 to access virtual console, the language must be consistent across client and target keyboard layout, OS, and browser. For example, all must be in English (US) or any of the supported languages. To launch the HTML5 virtual console, you must enable the virtual console feature from the iDRAC Virtual Console page and set the Virtual Console Type option to HTML5.
○ Alt+Enter ○ Alt+Hyphen ○ Alt+F1 ○ Alt+F2 ○ Alt+F3 ○ Alt+F4 ○ Alt+F5 ○ Alt+F6 ○ Alt+F7 ○ Alt+F8 ○ Alt+F9 ○ Alt+F10 ○ Alt+F11 ○ Alt+F12 ○ PrntScrn ○ Alt+PrntScrn ○ F1 ○ Pause ○ Tab ○ Ctrl+Enter ○ SysRq ○ Alt+SysRq ○ Win-P ● Aspect Ratio — The HTML5 virtual console video image automatically adjusts the size to make the image visible. The following configuration options are displayed as a drop-down list: ○ Maintain ○ Don’t Maintain Click Apply to apply the selected settings on the server.
NOTE: It is recommended to have Mac OS version 10.10.2 (or onward) installed in the system. For more details on supported browsers and versions, see the iDRAC Release Notes available at www.dell.com/idracmanuals. Synchronizing mouse pointers When you connect to a managed system through the Virtual Console, the mouse acceleration speed on the managed system may not synchronize with the mouse pointer on the management station and displays two mouse pointers in the Viewer window.
For MAC operating systems, enable the Enable access of assistive device option in Universal Access for the Pass all keystrokes to server feature to work. ● Operating system running on the management station and managed system. The key combinations that are meaningful to the operating system on the management station are not passed to the managed system. ● Virtual Console Viewer mode—Windowed or Full Screen. In Full Screen mode, Pass all keystrokes to server is enabled by default.
○ If SysRq is enabled on the management station, then or resets the management station irrespective of the system’s state. ○ If SysRq is disabled on the management station, then the or keys resets the operating system on the managed system. ○ Other SysRq key combinations (example, , , and so on) are passed to the managed system irrespective of the SysRq keys enabled or not on the management station.
● , , are not sent to the managed system and is interpreted by the operating system on the management station.
18 Using iDRAC Service Module The iDRAC Service Module is a software application that is recommended to be installed on the server (it is not installed by default). It complements iDRAC with monitoring information from the operating system. It complements iDRAC by providing additional data to work with iDRAC interfaces such as the Web interface, Redfish, RACADM, and WSMan.
NOTE: The installer will be available to the host operating system for 30 minutes. If you do not start the installation within 30 minutes, you must restart the Service Module installation. Installing iDRAC Service Module from iDRAC Enterprise 1. On the SupportAssist Registration wizard, click Next. 2. On the iDRAC Service Module Setup page, click Install Service Module. 3. Click Launch Virtual Console and click Continue on the security warning dialog box. 4.
iDRAC. By default, this monitoring feature is enabled. It is not disabled if OpenManage Server Administrator is installed on the host OS. In iSM version 2.0 or later, the operating system information feature is amended with the OS network interface monitoring. When iDRAC Service Module version 2.0 or later is used with iDRAC 2.00.00.00, it starts monitoring the operating system network interfaces. You can view this information using iDRAC web interface, RACADM, or WSMan.
Table 59. Examples of DCIM_account class (continued) CIM Interface WinRM WMIC PowerShell namespace root/ cimv2/dcim Get a specific instance of a class Get associated instances of an instance Get references of an instance winrm g wmi/root/ cimv2/dcim/ DCIM_Account? CreationClassName=D CIM_Account+Name=iD RAC.Embedded.1#User s.2+SystemCreationC lassName=DCIM_SPCom puterSystem+SystemN ame=systemmc wmic /namespace:\ \root\cimv2\dcim PATH dcim_account where Name="iDRAC.Embedde d.1#Users.
○ Using the local Windows Management Instrumentation (WMI): winrm i iDRACHardReset wmi/root/cimv2/dcim/DCIM_iSMService? InstanceID=”iSMExportedFunctions” ○ Using the remote WMI interface: winrm i iDRACHardReset wmi/root/cimv2/dcim/dcim_ismservice -u: p: -r: http:///wsman -a:Basic -encoding:utf-8 -skipCACheck –skipCNCheck ○ Using the Windows PowerShell script with force and without force: Invoke-iDRACHardReset –force Invoke-iDRACHardReset ○ Using the Progr
Table 60. Error Handling (continued) Result Description 4 iDRAC reset failed In-band Support for iDRAC SNMP Alerts By using iDRAC Service Module v2.3, you can receive SNMP alerts from the host operating system, which is similar to the alerts that are generated by iDRAC. You can also monitor the iDRAC SNMP alerts without configuring the iDRAC and manage the server remotely by configuring the SNMP traps and destination on the host OS. In iDRAC Service Module v2.
○ To disable this feature: Enable-iDRACSNMPTrap.sh 0 Enable-iDRACSNMPTrap.sh disable NOTE: The --force option configures the Net-SNMP to forward the traps. However, you must configure the trap destination. ● VMware ESXi operating system On all iSM supported ESXi operating systems, the iSM v2.3 supports a Common Management Programming Interface (CMPI) method provider to enable this feature remotely by using the WinRM remote commands. winrm i EnableInBandSNMPTraps http://schemas.dell.
Configuration by using iSM PowerShell cmdlet If this feature is disabled while installing iSM, you can enable the feature by using the following Windows PowerShell command provided by iSM: Enable-iDRACAccessHostRoute If the feature is already configured, you can disable or modify it by using the PowerShell command and the corresponding options. The available options are as follows: ● Status — This parameter is mandatory. The values are not case sensitive and the value can be true, false, or get.
Using iDRAC Service Module from iDRAC web interface To use the iDRAC Service Module from the iDRAC web interface: 1. Go to IDRAC Settings > Overview > iDRAC Service Module > Configure Service Module. The iDRAC Service Module Setup page is displayed. 2. You can view the following: ● Installed iDRAC Service Module version on the host operating system ● Connection status of the iDRAC Service Module with iDRAC. 3.
19 Using USB port for server management On the 14th generation servers, a dedicated micro USB port is available to configure iDRAC. You can perform the following functions using the micro USB port: ● Connect to the system using the USB network interface to access system management tools such as iDRAC web interface and RACADM. ● Configure a server by using SCP files that are stored on a USB drive.
3. Wait for the laptop to acquire IP address 169.254.0.4. It may take several seconds for the IP addresses to be acquired. iDRAC acquires the IP address 169.254.0.3. 4. Start using iDRAC network interfaces such as the web interface, RACADM, Redfish or WSMan. For example, to access the iDRAC web interface, open a supported browser, and type the address 169.254.0.3 and press enter. 5. When iDRAC is using the USB port, the LED blinks indicating activity. The blink frequency is four per second. 6.
For information about the fields, see the iDRAC Online Help. NOTE: iDRAC9 allows you to password protect the compressed file after you select Enabled only for compressed configuration files to compress the file before importing. You can enter a password to secure the file by using Password for Zip file option. 4. Click Apply to apply the settings.
Example of control.
LCD messages If the LCD panel is available, it displays the following messages in a sequence: 1. Importing – When the server configuration profile is being copied from the USB device. 2. Applying — When the job is in-progress. 3. Completed — When the job has completed successfully. 4. Completed with errors — When the job has completed with errors. 5. Failed — When the job has failed. For more details, see the results file on the USB device.
20 Using Quick Sync 2 With Dell OpenManage Mobile running on an Android or iOS mobile device, you can easily access server directly or through OpenManage Essentials or OpenManage Enterprise (OME) console. It allows you to review server details and inventory, view LC and System Event logs, get automatic notifications on mobile device from an OME console, assign IP address and modify iDRAC password, configure key BIOS attributes, and take remediation actions as needed.
You must have Server Control privilege to configure the settings. A server reboot is not required for the settings to take effect. once configured, you can activate the Quick Sync 2 button on the Left Control Panel. Make sure the Quick Sync light turns on. Then, access the Quick Sync Information via a mobile device. An entry is logged to the Lifecycle Controller log when the configuration is modified. Configuring iDRAC Quick Sync 2 settings using web interface To configure iDRAC Quick Sync 2: 1.
21 Managing virtual media Virtual media allows the managed server to access media devices on the management station or ISO CD/DVD images on a network share as if they were devices on the managed server. Using the Virtual Media feature, you can: ● Remotely access media connected to a remote system over the network ● Install applications ● Update drivers ● Install an operating system on the managed system This is a licensed feature for rack and tower servers. It is available by default for blade servers.
Table 61. Supported drives and devices Drive Supported Storage Media Virtual Optical Drives ● ● ● ● ● Virtual floppy drives ● CD-ROM/DVD image file in the ISO9660 format ● Floppy image file in the ISO9660 format USB flash drives ● USB CD-ROM drive with CD-ROM media ● USB Key image in the ISO9660 format Legacy 1.44 floppy drive with a 1.
Table 62. Attached media state and system response (continued) Attached Media State System Response Attach Media is mapped even when Client View is closed. Auto-attach Media is mapped when Client View is opened and unmapped when Client View is closed. Server settings for viewing virtual devices in virtual media You must configure the following settings in the management station to allow visibility of empty drives.
2. Click Launch Virtual Console. The following message is displayed: Virtual Console has been disabled. Do you want to continue using Virtual Media redirection? 3. Click OK. The Virtual Media window is displayed. 4. From the Virtual Media menu, click Map CD/DVD or Map Removable Disk. For more information, see Mapping virtual drive. NOTE: The virtual device drive letters on the managed system do not coincide with the physical drive letters on the management station.
1. Go to Configuration > Virtual Media. 2. Click Unmount Drivers. 3. Click OK on the pop-up window. NOTE: The Mount Drivers option may not be displayed if the driver pack is not available on the system. Ensure to download and install the latest driver pack from www.dell.com/support. Resetting USB To reset the USB device: 1. In the Virtual Console viewer, click Tools > Stats. The Stats window is displayed. 2. Under Virtual Media, click USB Reset.
For CD/DVD devices, this option is enabled by default and you cannot disable it. NOTE: The ISO and IMG files map as read-only files if you map these files by using the HTML5 virtual console. 5. Click Map Device to map the device to the host server. After the device/file is mapped, the name of its Virtual Media menu item changes to indicate the device name. For example, if the CD/DVD device is mapped to an image file named foo.iso, then the CD/DVD menu item on the Virtual Media menu is named foo.
Enabling boot once for virtual media You can change the boot order only once when you boot after attaching remote Virtual Media device. Before you enable the boot once option, make sure that: ● You have Configure User privilege. ● Map the local or virtual drives (CD/DVD, Floppy, or USB flash device) with the bootable media or image using the Virtual Media options ● Virtual Media is in Attached state for the virtual drives to appear in the boot sequence.
22 Installing and using VMCLI utility The Virtual Media Command Line Interface (VMCLI) utility is an interface that provides virtual media features from the management station to iDRAC on the managed system. Using this utility you can access virtual media features, including image files and physical drives, to deploy an operating system on multiple remote systems in a network. The VMCLI utility supports the following features: ● Manage removable devices or images that are accessible through virtual media.
To ensure security, it is recommended to use the following VMCLI parameters: ● vmcli -i — Enables an interactive method of starting VMCLI. It ensures that the user name and password are not visible when processes are examined by other users. ● vmcli -r -S -u -p -c {< device-name > | < image-file >} — Indicates whether the iDRAC CA certificate is valid.
For example, under a Linux operating system, the ampersand character (&) following the command causes the program to be spawned as a new background process. This technique is useful in script programs, as it allows the script to proceed after a new process is started for the VMCLI command (otherwise, the script blocks until the VMCLI program is terminated). When multiple VMCLI sessions are started, use the operating system-specific facilities for listing and terminating processes.
23 Managing vFlash SD card The vFlash SD card is a Secure Digital (SD) card that can be ordered and installed from the factory. You can use a card with a maximum of 16 GB capacity. After you insert the card, you must enable vFlash functionality to create and manage partitions. vFlash is a licensed feature. NOTE: There is no limitation of the size of SD card, you can open and replace the factory installed SD card with a higher capacity SD card.
Viewing vFlash SD card properties using RACADM To ● ● ● ● ● view the vFlash SD card properties using RACADM, use the get command with the following objects: iDRAC.vflashsd.AvailableSize iDRAC.vflashsd.Health iDRAC.vflashsd.Licensed iDRAC.vflashsd.Size iDRAC.vflashsd.WriteProtect For more information about these objects, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals.
The vFlash functionality is enabled or disabled based on the selection. Initializing vFlash SD card The initialize operation reformats the SD card and configures the initial vFlash system information on the card. NOTE: If the SD card is write-protected, then the Initialize option is disabled. Initializing vFlash SD card using web interface To initialize the vFlash SD card: 1. In the iDRAC Web interface, go to Configuration > System Settings > Hardware Settings > vFlash.
NOTE: An administrator can perform all operations on the vFlash partitions. Else, you must have Access Virtual Media privilege to create, delete, format, attach, detach, or copy the contents for the partition.
By default, an empty partition is created as read-write. Creating a partition using an image file You can create a new partition on the vFlash SD card using an image file (available in the .img or .iso format.) The partitions are of emulation types: Floppy (.img), Hard Disk (.img), or CD (.iso). The created partition size is equal to the image file size. Before creating a partition from an image file, make sure that: ● ● ● ● ● You have Access Virtual Media privilege. The card is initialized.
Formatting a partition You can format an existing partition on the vFlash SD card based on the type of file system. The supported file system types are EXT2, EXT3, FAT16, and FAT32. You can only format partitions of type Hard Disk or Floppy, and not CD. You cannot format read-only partitions. Before creating a partition from an image file, ensure that: ● You have Access Virtual Media privilege. ● The card is initialized. ● The card is not write-protected.
● You have Access Virtual Media privileges. NOTE: By default, a read-only partition is created. Modifying a partition using web interface To modify a partition: 1. In the iDRAC Web interface, go to Configuration > System Settings > Hardware Settings > vFlash > Manage. The Manage Partitions page is displayed. 2. In the Read-Only column: ● Select the checkbox for the partition(s) and click Apply to change to read-only. ● Clear the checkbox for the partition(s) and click Apply to change to read-write.
● Select the checkbox for the partition(s) and click Apply to attach the partition(s). ● Clear the checkbox for the partition(s) and click Apply to detach the partition(s). The partitions are attached or detached, based on the selections. Attaching or detaching partitions using RACADM To attach or detach partitions: 1. Log in to the system using telnet, SSH, or Serial console. 2. Use the following commands: ● To attach a partition: racadm set iDRAC.vflashpartition..
● To delete a partition: racadm vflashpartition delete -i 1 ● To delete all partitions, re-initialize the vFlash SD card. Downloading partition contents You can download the contents of a vFlash partition in the .img or .iso format to the: ● Managed system (where iDRAC is operated from) ● Network location mapped to a management station. Before downloading the partition contents, make sure that: ● You have Access Virtual Media privileges. ● The vFlash functionality is enabled.
24 Using SMCLP The Server Management Command Line Protocol (SMCLP) specification enables CLI-based systems management. It defines a protocol for management commands transmitted over standard character oriented streams. This protocol accesses a Common Information Model Object Manager (CIMOM) using a human-oriented command set. The SMCLP is a sub-component of the Distributed Management Task Force (DMTF) SMASH initiative to streamline systems management across multiple platforms.
NOTE: Scripts using -$ can use these for yx1x systems, but starting with yx2x systems one script with admin-> can be used for blade, rack, and tower servers. iDRAC SMCLP syntax The iDRAC SMCLP uses the concept of verbs and targets to provide systems management capabilities through the CLI. The verb indicates the operation to perform, and the target determines the entity (or object) that runs the operation.
Table 65.
Table 65.
Navigating the map address space Objects that can be managed with SM-CLP are represented by targets arranged in a hierarchical space called the Manageability Access Point (MAP) address space. An address path specifies the path from the root of the address space to an object in the address space. The root target is represented by a slash (/) or a backslash (\). It is the default starting point when you log in to iDRAC. Navigate down from the root using the cd verb. NOTE: The slash (/) and backslash (\) are i
● Map target navigation on page 304 Server power management The following examples show how to use SMCLP to perform power management operations on a managed system.
Commands: cd show help exit version ● To view the SEL record: show/system1/logs1/log1 The following output is displayed: /system1/logs1/log1/record4 Properties: LogCreationClassName= CIM_RecordLog CreationClassName= CIM_LogRecord LogName= IPMI SEL RecordID= 1 MessageTimeStamp= 20050620100512.
25 Deploying operating systems You can use any of the following utilities to deploy operating systems to managed systems: ● Remote File Share ● Console Topics: • • • Deploying operating system using remote file share Deploying operating system using virtual media Deploying embedded operating system on SD card Deploying operating system using remote file share Before you deploy the operating system using Remote File Share (RFS), make sure that: ● Configure User and Access Virtual Media privileges for iDRA
The connection status for RFS is available in iDRAC log. Once connected, an RFS-mounted virtual drive does not disconnect even if you log out from iDRAC. The RFS connection is closed if iDRAC is reset or the network connection is dropped. The Web interface and command-line options are also available in CMCOME Modular and iDRAC to close the RFS connection. The RFS connection from CMC always overrides an existing RFS mount in iDRAC.
NOTE: The characters allowed in user names and passwords for network shares are determined by the network-share type. iDRAC supports valid characters for network share credentials as defined by the share type, except <, >, and , (comma). 4. Click Apply and then click Connect. After the connection is established, the Connection Status displays Connected. NOTE: Even if you have configured remote file sharing, the Web interface does not display user credential information due to security reasons.
● If Virtual Media is in Auto Attached mode, the Virtual Media application must be launched before booting the system. ● Network share contains drivers and operating system bootable image file, in an industry standard format such as .img or .iso. To deploy an operating system using Virtual Media: 1. Do one of the following: ● Insert the operating system installation CD or DVD into the management station CD or DVD drive. ● Attach the operating system image. 2.
26 Troubleshooting managed system using iDRAC You can diagnose and troubleshoot a remote managed system using: ● Diagnostic console ● Post code ● Boot and crash capture videos ● Last system crash screen ● System event logs ● Lifecycle logs ● Front panel status ● Trouble indicators ● System health Topics: • • • • • • • • • • • • Using diagnostic console Viewing post codes Viewing boot and crash capture videos Viewing logs Viewing last system crash screen Viewing System status Hardware trouble indicators Vi
a. Discard all settings, but preserve user and network settings. b. Discard all settings and reset the default username to root and password to the shipping value (root/shipping value). c. Discard all settings and reset the default username to root and password to calvin (root/calvin). 2. Click Continue. Scheduling remote automated diagnostics You can remotely invoke automated offline diagnostics on a server as a one-time event and return the results.
Viewing post codes Post codes are progress indicators from the system BIOS, indicating various stages of the boot sequence from power-on-reset, and allows you to diagnose any faults related to system boot-up. The Post Codes page displays the last system post code prior to booting the operating system. To view the Post Codes, go to Maintenance > Troubleshooting > Post Code. The Post Code page displays the system health indicator, a hexadecimal code, and a description of the code.
Viewing last system crash screen The last crash screen feature captures a screenshot of the most recent system crash, saves, and displays it in iDRAC. This is a licensed feature. To view the last crash screen: 1. Make sure that the last system crash screen feature is enabled. 2. In iDRAC Web interface, go to Overview > Server > Troubleshooting > Last Crash Screen. The Last Crash Screen page displays the last saved crash screen from the managed system. Click Clear to delete the last crash screen.
● Solid amber — Managed system is in failsafe mode. ● Blinking amber — Errors present on managed system. When the system is operating normally (indicated by blue Health icon on the LED front panel), then both Hide Error and UnHide Error is grayed-out. You can hide or unhide the errors only for rack and tower servers. To view system ID LED status using RACADM, use the getled command. For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals.
Restarting iDRAC You can perform a hard or soft iDRAC restart without turning off the server: ● Hard restart — On the server, press and hold the LED button for 15 seconds. ● Soft restart — Using iDRAC Web interface or RACADM. Resetting iDRAC using iDRAC web interface To restart iDRAC, do one of the following in the iDRAC Web interface: ● Go to Maintenance > Diagnostics. Click Reset iDRAC. Resetting iDRAC using RACADM To restart iDRAC, use the racreset command.
● allapps — Clears all OS applications For more information, see the iDRAC RACADM CLI Guide available at www.dell.com/idracmanuals. NOTE: The Dell tech center link appears on the iDRAC GUI on Dell branded systems. If you erase system data by using WSMan command and want the link to appear again, reboot the host manually and wait for CSIOR to run. NOTE: After you run System Erase, the VDs may still appear. Run CSIOR after System Erase is completed and iDRAC is rebooted.
27 SupportAssist Integration in iDRAC SupportAssist allows you to create SupportAssist collections and utilize other SupportAssist features to monitor your system and datacenter. iDRAC provides an application interfaces for gathering platform information that enables support services to resolve platform and system problems.
must enter the Dispatch information during the SupportAssist registration process to enable auto dispatch workflow. If onsite support is required along with dispatch parts then select Parts Dispatch with Onsite Support. NOTE: Auto dispatch is enabled in systems with iDRAC Service Module (iSM) v3.4.0 for Windows. Future iSM releases will support auto dispatch for additional operating systems. Dispatch Address Enter an address and the preferred contact hours.
Generating SupportAssist Collection For generating the OS and Application logs: ● iDRAC Service Module must be installed and running in Host Operating System. ● OS Collector, which comes factory installed in iDRAC, if removed must be installed in iDRAC.
If Save to Network option is selected, the user provided network details is saved as defaults (if no prior network share location have been saved) for any future collections. 7. Click Collect to proceed with Collection generation. 8. If prompted, accept the End User Level Agreement (EULA) to continue.
28 Frequently asked questions This section lists the frequently asked questions for the following: ● System Event Log ● Network security ● Active Directory ● Single Sign On ● Smart card login ● Virtual console ● Virtual media ● vFlash SD card ● SNMP authentication ● Storage devices ● iDRAC Service Module ● RACADM ● Miscellaneous Topics: • • • • • • • • • • • • • • System Event Log Network security Active Directory Single Sign-On Smart card login Virtual console Virtual media vFlash SD card SNMP authentica
Network security While accessing the iDRAC Web interface, a security warning is displayed stating that the SSL certificate issued by the Certificate Authority (CA) is not trusted. iDRAC includes a default iDRAC server certificate to ensure network security while accessing through the Web-based interface and remote RACADM. This certificate is not issued by a trusted CA.
● Check the domain controller SSL certificates to make sure that the iDRAC time is within the valid period of the certificate. Active Directory login fails even if certificate validation is enabled. The test results display the following error message. Why does this occur and how to resolve this? ERROR: Can't contact LDAP server, error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed: Please check the correct Certificate Authority (CA) certificate has been uploaded to iDRAC.
The Active Directory Single Sign–On or Smart Card log in normally takes less than 10 seconds, but it may take up to four minutes to log in if you have specified the preferred DNS server and the alternate DNS server, and the preferred DNS server has failed. DNS time-outs are expected when a DNS server is down. iDRAC logs you in using the alternate DNS server. The Active Directory is configured for a domain present in Windows Server 2008 Active Directory.
Smart card login It takes up to four minutes to log into iDRAC using Active Directory Smart Card login. The normal Active Directory Smart Card login normally takes less than 10 seconds, however it may take up to four minutes if you have specified the preferred DNS server and the alternate DNS server in the Network page, and the preferred DNS server has failed. DNS time-outs are expected when a DNS server is down. iDRAC logs you in using the alternate DNS server.
Make sure that the management station’s monitor resolution is set to 1280 x 1024. Why is the Virtual Console Viewer window garbled on Linux operating system? The console viewer on Linux requires a UTF-8 character set. Check your locale and reset the character set if required. Why does the mouse not synchronize under the Linux text console in Lifecycle Controller? Virtual Console requires the USB mouse driver, but the USB mouse driver is available only under the X-Window operating system.
Why is the Virtual Console Viewer window blank? If you have Virtual Media privilege, but not Virtual Console privilege, you can start the viewer to access the virtual media feature, but the managed server’s console is not displayed. Why doesn’t the mouse synchronize in DOS when using Virtual Console? The Dell BIOS is emulating the mouse driver as a PS/2 mouse. By design, the PS/2 mouse uses relative position for the mouse pointer, which causes the lag in syncing.
If you change the CD in the client system, the new CD may have an autostart feature. In this case, the firmware can time out and the connection is lost if the client system takes too long to read the CD. If a connection is lost, reconnect from the GUI and continue the previous operation. If the Virtual Media configuration settings are changed in the iDRAC web interface or through local RACADM commands, any connected media is disconnected when the configuration change is applied.
3. At the Linux prompt, run the following command: grep "hh:mm:ss" /var/log/messages where, hh:mm:ss is the timestamp of the message returned by grep in step 1. 4. In step 3, read the result of the grep command and locate the device name that is given to the Dell Virtual CD. 5. Make sure that the Virtual CD Drive is attached and connected. 6. At the Linux prompt, run the following command: mount /dev/sdx /mnt/CD where: /dev/sdx is the device name found in step 4 and /mnt/floppy is the mount point.
The vFlash SD card is locked when an operation is in-progress. For example, during an initialize operation. SNMP authentication Why is the message 'Remote Access: SNMP Authentication Failure' displayed? As part of discovery, IT Assistant attempts to verify the get and set community names of the device. In IT Assistant, you have the get community name = public and the set community name = private. By default, the SNMP agent community name for iDRAC agent is public.
On iDRAC Service Module version 2.0 and earlier, while installing the iDRAC Service Module, an error message is displayed stating this is not a supported server. Consult the User Guide for additional information about the supported servers. How to resolve this error? Before installing the iDRAC Service Module, make sure that the server is a 12th generation PowerEdge server or later. Also, make sure that you have a 64-bit system.
Table 67. Lifecycle logs location (continued) Operating System Location NOTE: The location of the Lifecycle log can be configured using the iDRAC Service Module installer. You can configure the location while installing iDRAC Service Module or modifying the installer. Red Hat Enterprise Linux, SUSE Linux, CentOS, and Citrix XenServer /var/log/messages VMware ESXi /var/log/syslog.
This occurs because the create partition operation is in-progress. However, the partition is deleted after sometime and a message that the partition is deleted is displayed. If not, wait until the create partition operation is completed and then delete the partition. Permanently setting the default password to calvin If your system shipped with a unique default iDRAC password but you want to set calvin as the default password, you must use the jumpers available on the system board.
How to find an iDRAC IP address for a blade server ? NOTE: The OME-Modular web interface option is applicable only for MX platforms. ● Using OME-Modular web interface: Go to Devices > Compute. Select the computer sled and iDRAC IP is displayed as Management IP. ● Using OMM Application: see the Dell EMC OpenManage Mobile User's Guide available at www.dell.
On the physical server, use the LCD panel navigation buttons to view the iDRAC IP address. Go to Setup View > View > iDRAC IP > IPv4 or IPv6 > IP. ● From OpenManage Server Administrator: In the Server Administrator web interface, go to Modular Enclosure > System/Server Module > Main System Chassis/ Main System > Remote Access. iDRAC network connection is not working. For blade servers: ● Ensure that the LAN cable is connected to CMC.
iDRAC on blade server is not responding during boot. Remove and reinsert the server. Check CMC (not for MX platforms), and OME Modular (Applicable for MX platforms) web interface to see if iDRAC is displayed as an upgradable component. If it does, follow the instructions in Updating firmware using CMC web interface on page 71 update the firmware. NOTE: Update feature not applicable for MX platforms. If the problem persists, contact technical support.
Figure 5.
29 Use case scenarios This section helps you in navigating to specific sections in the guide to perform typical use case scenarios.
● In iDRAC Web interface, go to Overview > Summary to view the system information and access various links on this page to asses system health. For example, you can check the health of the chassis fan. ● You can also configure the chassis locator LED and based on the color, assess the system health. ● If iDRAC Service Module is installed, the operating system host information is displayed. Setting up alerts and configuring email alerts To set up alerts and configure email alerts: 1. Enable alerts. 2.
● Configuring active directory users ● Configuring generic LDAP users Launching servers remote console and mounting a USB drive To launch the remote console and mount a USB drive: 1. Connect a USB flash drive (with the required image) to the management station. 2. Use the following method to launch virtual console through the iDRAC Web Interface: ● Go to Dashboard > Virtual Console and click Launch Virtual Console. The Virtual Console Viewer is displayed. 3.
5. Import the SCP file to iDRAC.