Integrated Dell Remote Access Controller 9 User's Guide June 2021 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2021 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents Chapter 1: Overview of iDRAC......................................................................................................16 Benefits of using iDRAC................................................................................................................................................... 16 Key features........................................................................................................................................................................
Changing the default login password using RACADM........................................................................................43 Changing the default login password using iDRAC settings utility..................................................................44 Enabling or disabling default password warning message ..................................................................................... 44 Password Strength Policy........................................................................
Recovering iDRAC....................................................................................................................................................... 84 Easy Restore.......................................................................................................................................................................84 Monitoring iDRAC using other Systems Management tools..................................................................................
Enabling or disabling OS to iDRAC Pass-through using web interface........................................................ 105 Enabling or disabling OS to iDRAC Pass-through using RACADM................................................................ 106 Enabling or disabling OS to iDRAC Pass-through using iDRAC settings utility.......................................... 106 Obtaining certificates.................................................................................................................
Configuring iDRAC to use SOL...............................................................................................................................130 Enabling supported protocol.................................................................................................................................... 131 Communicating with iDRAC using IPMI over LAN...................................................................................................
Enabling or disabling smart card login........................................................................................................................ 169 Enabling or disabling smart card login using web interface.............................................................................169 Enabling or disabling smart card login using RACADM.....................................................................................169 Enabling or disabling smart card login using iDRAC settings utility...
Group Information Panel................................................................................................................................................190 Group Settings................................................................................................................................................................. 190 Actions on a selected Server.....................................................................................................................................
Monitoring FC HBA devices using RACADM......................................................................................................207 Inventorying and monitoring SFP Transceiver devices..........................................................................................207 Monitoring SFP Transceiver devices using web interface..............................................................................208 Monitoring SFP Transceiver devices using RACADM........................................
Clearing foreign configuration................................................................................................................................254 Resetting controller configuration........................................................................................................................ 255 Switching the controller mode...............................................................................................................................
Chapter 21: Using iDRAC Service Module...................................................................................287 Installing iDRAC Service Module................................................................................................................................. 287 Installing iDRAC Service Module from iDRAC Express and Basic................................................................. 287 Installing iDRAC Service Module from iDRAC Enterprise.......................................
Creating an empty partition.................................................................................................................................... 312 Creating a partition using an image file................................................................................................................ 313 Formatting a partition...............................................................................................................................................
Checking server status screen for error messages................................................................................................335 Restarting iDRAC............................................................................................................................................................ 336 Reset to Custom Defaults (RTD)................................................................................................................................
Creating new administrator user account.................................................................................................................362 Launching servers remote console and mounting a USB drive........................................................................... 363 Installing bare metal OS using attached virtual media and remote file share.................................................. 363 Managing rack density....................................................................
1 Overview of iDRAC The Integrated Dell Remote Access Controller (iDRAC) is designed to make you more productive as a system administrator and improve the overall availability of Dell EMC servers. iDRAC alerts you to system issues, helps you to perform remote management, and reduces the need for physical access to the system. iDRAC technology is part of a larger data center solution that increases availability of business critical applications and workloads.
Key features The key features of iDRAC include: NOTE: Some features are available only with iDRAC Enterprise or Datacenter license. For information on the features available for a license, see iDRAC licenses on page 20. Inventory and Monitoring ● Telemetry data streaming. ● View managed server health. ● Inventory and monitor network adapters and storage subsystem (PERC and direct attached storage) without any operating system agents. ● View and export system inventory.
○ Set the backplane mode (unified or split mode). ○ Blink or unblink component LEDs. ○ Apply the device settings immediately, at next system reboot, at a scheduled time, or as a pending operation to be applied as a batch as part of the single job. Update ● Manage iDRAC licenses. ● Update BIOS and device firmware for devices supported by Lifecycle Controller. ● Update or rollback iDRAC firmware and Lifecycle Controller firmware using a single firmware image. ● Manage staged updates.
● SNMPv3 authentication for user accounts stored locally in the iDRAC. It is recommended to use this, but it is disabled by default. ● User ID and password configuration. ● Default login password modification. ● Set user passwords and BIOS passwords using one-way hash format for improved security. ● FIPS 140-2 Level 1 capability. ● Session time-out configuration (in seconds). ● Configurable IP ports (for HTTP, HTTPS, SSH, Virtual Console, and Virtual Media).
How to use this guide The contents of this user's guide enable you to perform various tasks using: ● iDRAC web interface — Only the task-related information is provided here. For information about the fields and options, see the iDRAC Online Help that you can access from the web interface. ● RACADM — The RACADM command or the object that you must use is provided here. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals.
iDRAC Basic License iDRAC Express License ● ● ● ● ● ● ● ● ● ● iDRAC Enterprise License iDRAC Datacenter License PowerEdge R6XX PowerEdge R64XX PowerEdge R7XX PowerEdge R74XXd PowerEdge R74XX PowerEdge R8XX PowerEdge R9XX PowerEdge R9XX PowerEdge T6XX Dell Precision Rack R7920 Table 1.
3. Click the product that you want to view. 4. Click the product name. 5. On theProduct management page, click Get Key. 6. Follow the instructions on the screen to obtain the license key. NOTE: If you do not have a Dell Digital Locker account, create an account using the email address provided during your purchase.
Table 2. Licensed features in iDRAC9 Feature iDRAC iDRAC9 9 Basic Express iDRAC9 Express for Blades iDRAC9 Enterprise iDRAC9 Datacenter iDRAC RESTful API and Redfish Yes Yes Yes Yes Yes IPMI 2.0 Yes Yes Yes Yes Yes DCMI 1.
Table 2.
Table 2. Licensed features in iDRAC9 (continued) Feature iDRAC iDRAC9 9 Basic Express iDRAC9 Express for Blades iDRAC9 Enterprise iDRAC9 Datacenter NOTE: vFlash is not available in iDRAC9 for PowerEdge Rx5xx/Cx5xx.
Table 2.
Table 2.
Table 2.
Table 3. Interfaces and protocols to access iDRAC (continued) Interface or Protocol Description To access iDRAC Settings utility, press during boot and then click iDRAC Settings on the System Setup Main Menu page. Lifecycle Controller (F10) Use Lifecycle Controller to perform iDRAC configurations. To access Lifecycle Controller, press during boot and go to System Setup > Advanced Hardware Configuration > iDRAC Settings.
Table 3. Interfaces and protocols to access iDRAC (continued) Interface or Protocol Description ● Remote RACADM is a client utility that runs on a management station. It uses the out-of-band network interface to run RACADM commands on the managed system and uses the HTTPs channel. The –r option runs the RACADM command over a network. ● Firmware RACADM is accessible by logging in to iDRAC using SSH. You can run the firmware RACADM commands without specifying the iDRAC IP, user name, or password.
iDRAC port information The following table lists the ports that are required to remotely access iDRAC through firewall. These are the default ports iDRAC listens to for connections. Optionally, you can modify most of the ports. To modify ports, see Configuring services on page 96. Table 4.
Table 5. Ports iDRAC uses as client (continued) Port number Type Function Configurable port Maximum Encryption Level NOTE: When node initiated discovery or Group Manager is enabled, iDRAC uses mDNS to communicate through port 5353. However, when both are disabled, port 5353 is blocked by iDRAC's internal firewall and appears as open|filtered port in the port scans.
Accessing documents from Dell support site You can access the required documents in one of the following ways: ● Using the following links: ○ For all Enterprise Systems Management and OpenManage Connections documents — https://www.dell.com/ esmmanuals ○ For OpenManage documents — https://www.dell.com/openmanagemanuals ○ For iDRAC and Lifecycle Controller documents — https://www.dell.com/idracmanuals ○ For Serviceability Tools documents — https://www.dell.
2 Logging in to iDRAC You can log in to iDRAC as an iDRAC user, a Microsoft Active Directory user, or a Lightweight Directory Access Protocol (LDAP) user. You can also log in using OpenID Connect and Single Sign-On or Smart Card. To improve security, each system is shipped with a unique password for iDRAC, which is available on the system information tag. This unique password improves security of iDRAC and your server. The default user name is root.
• • • • • • • Secure default password Changing the default login password Enabling or disabling default password warning message Password Strength Policy IP Blocking Enabling or disabling OS to iDRAC Pass-through using web interface Enabling or disabling alerts using RACADM Force Change of Password (FCP) The 'Force Change of Password' feature prompts you to change the factory default password of the device. The feature can be enabled as part of factory configuration.
NOTE: RSA feature can be configured and enabled for LDAP user, but the RSA does not support if the LDAP is configured on Microsoft active directory. Hence LDAP user login fails. RSA is supported only for OpenLDAP. To log in to iDRAC as local user, Active Directory user, or LDAP user: 1. Open a supported web browser. 2. In the Address field, type https://[iDRAC-IP-address] and press Enter.
Logging in to iDRAC as an Active Directory user using a smart card Before you log in as an Active Directory user using smart card, ensure that you: ● Upload a Trusted Certificate Authority (CA) certificate (CA-signed Active Directory certificate) to iDRAC. ● Configure the DNS server. ● Enable Active Directory login. ● Enable smart card login. To log in to iDRAC as an Active Directory user using smart card: 1. Log in to iDRAC using the link https://[IP address].
If the server is removed from the chassis, iDRAC IP address is changed, or there is a problem in iDRAC network connection, the option to Launch iDRAC is grayed-out in the CMC web interface. For more information, see the Chassis Management Controller User's Guide available at https://www.dell.com/cmcmanuals. Accessing iDRAC using remote RACADM You can use remote RACADM to access iDRAC using RACADM utility. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals.
● The 2FA code expires after 10 minutes or is invalidated if it is already consumed before expiry. ● If a user attempts to login from another location with a different IP-Address while a pending 2FA challenge for the original IP-Address is still outstanding, the same token will be sent for login attempt from the new IP address. ● The feature is supported with iDRAC Enterprise or Datacenter license.
You get the Next Token from RSA SecurID Token app by clicking on Options. Check Next Token, and the next passcode is available. Time is critical in this step. Otherwise, iDRAC may fail the verification of the next token. If the iDRAC user login session times out, it requires another attempt to log in If a wrong passcode is entered, the RSA AM server will challenge the user to provide the "Next Token." This challenge happens even though the user may have later entered the correct passcode.
where IP_address is the IP address of the iDRAC. Sending RACADM commands: ssh username@ racadm getversion ssh username@ racadm getsel Multiple iDRAC sessions The following table provides the number of iDRAC sessions that are possible using the various interfaces. Table 7. Multiple iDRAC sessions Interface Number of Sessions iDRAC Web Interface 8 Remote RACADM 4 Firmware RACADM SSH - 4 Serial - 1 iDRAC allows multiple sessions for the same user.
Resetting default password using the iDRAC Settings utility You can access the iDRAC settings utility using the System Setup of your server. Using the iDRAC reset to defaults all feature, you can reset the iDRAC login credentials to default. WARNING: Resetting iDRAC to default all, resets the iDRAC to the factory defaults. To reset iDRAC using iDRAC Settings utility: 1. 2. 3. 4. 5. Reboot the server and press . In the System Setup page, click iDRAC Settings.
Resetting default iDRAC password remotely If you do not have physical access to the system, you can reset the default password remotely. Remote — Provisioned system If you have an operating system installed on the system, use a remote desktop client to log in to the server. After you log into the server, use any of the local interfaces such as RACADM or web interface to change the password.
NOTE: For information on recommended characters for user names and passwords, see Recommended characters in user names and passwords on page 144. Changing the default login password using iDRAC settings utility To change the default login password using iDRAC settings utility: 1. In the iDRAC Settings utility, go to User Configuration. The iDRAC Settings User Configuration page is displayed. 2. In the Change Password field, enter the new password.
As consecutive login failures accumulate from a specific IP address, they are tracked by an internal counter. When the user logs in successfully, the failure history is cleared and the internal counter is reset. NOTE: When consecutive login attempts are refused from the client IP address, some SSH clients may display the following message: ssh exchange identification: Connection closed by remote host . NOTE: IP blocking feature supports upto 5 IP ranges. You can see / set these only via RACADM. Table 8.
NOTE: If the VLAN is enabled on the iDRAC, the LOM-Passthrough will only function in shared LOM mode with VLAN tagging configured on the host. NOTE: ● When Pass-through mode is set to LOM, it is not possible to launch iDRAC from host OS after cold boot. ● We have purposefully removed the LOM Pass-through using Dedicated mode feature. 5. If you select USB NIC as the pass-through configuration, enter the IP address of the USB NIC. The default value is 169.254.1.1.
3 Setting up managed system If you need to run local RACADM or enable Last Crash Screen capture, install the following from the Dell Systems Management Tools and Documentation DVD: ● Local RACADM ● Server Administrator For more information about Server Administrator, see OpenManage Server Administrator User's Guide available at https:// www.dell.com/openmanagemanuals.
Setting up iDRAC IP using iDRAC settings utility To set up the iDRAC IP address: 1. Turn on the managed system. 2. Press during Power-on Self-test (POST). 3. In the System Setup Main Menu page, click iDRAC Settings. The iDRAC Settings page is displayed. 4. Click Network. The Network page is displayed. 5. Specify the following settings: ● ● ● ● ● ● Network Settings Common Settings IPv4 Settings IPv6 Settings IPMI Settings VLAN Settings 6. Click Back, click Finish, and then click Yes.
● Chassis (Dedicated): Enables the remote access device to use the dedicated network interface available on the Remote Access Controller (RAC). This interface is not shared with the host operating system and routes the management traffic to a separate physical network, enabling it to be separated from the application traffic. This option implies that iDRAC's dedicated network port routes its traffic separately from the server's LOM or NIC ports.
Configuring the IPv4 settings To configure the IPv4 settings: 1. Select Enabled option under Enable IPv4. NOTE: In the 14th generation of the PowerEdge servers, DHCP is enabled by default. 2. Select Enabled option under Enable DHCP, so that DHCP can automatically assign the IP address, gateway, and subnet mask to iDRAC. Else, select Disabled and enter the values for: ● Static IP Address ● Static Gateway ● Static Subnet Mask 3.
3. In the Encryption Key box, enter the encryption key in the format 0 to 40 hexadecimal characters (without any blanks characters.) The default value is all zeros. VLAN settings You can configure iDRAC into the VLAN infrastructure. To configure VLAN settings, perform the following steps: NOTE: On blade servers that are set as Chassis (Dedicated), the VLAN settings are read-only and can be changed only using CMC. If the server is set in shared mode, you can configure VLAN settings in shared mode in iDRAC.
DHCP, DNS server, or the default DNS host name discovers the provisioning server. If DNS is specified, the provisioning server IP is retrieved from DNS and the DHCP settings are not required. If the provisioning server is specified, discovery is skipped so neither DHCP nor DNS is required. Auto-discovery can be enabled using the following ways: 1.
2.
To enable provisioning server using iDRAC Settings utility: 1. Turn on the managed system. 2. During POST, press F2, and go to iDRAC Settings > Remote Enablement. The iDRAC Settings Remote Enablement page is displayed. 3. Enable auto-discovery, enter the provisioning server IP address, and click Back. NOTE: Specifying the provisioning server IP is optional. If it is not set, it is discovered using DHCP or DNS settings (step 7). 4. Click Network. The iDRAC Settings Network page is displayed. 5. Enable NIC.
-u (Username): username that has access to network share. This is a mandatory field for CIFS. -p (Password): user password that has access to network share. This is a mandatory field for CIFS. -d (ShutdownType): either 0 for graceful or 1 for forced (default setting: 0). This is an optional field. -t (Timetowait): time to wait for the host to shutdown (default setting: 300). This is an optional field. -e (EndHostPowerState): either 0 for OFF or 1 for ON (default setting 1). This is an optional field.
5. The DHCP server matches the vendor class to the vendor option in the dhcpd.conf file and sends the SCP file location and, if specified the SCP file name to the iDRAC. 6. The iDRAC processes the SCP file and configures all the attributes listed in the file. DHCP options DHCPv4 allows many globally defined parameters to be passed to the DHCP clients. Each parameter is known as a DHCP option. Each option is identified with an option tag, which is a 1-byte value.
5. In the Display name: field, type iDRAC. 6. In the Description: field, type Vendor Class. 7. Click in the ASCII: section and type iDRAC. 8. Click OK and then Close. 9. On the DHCP window, right-click IPv4 and select Set Predefined Options. 10. From the Option class drop-down menu, select iDRAC (created in step 4) and click Add. 11. In the Option Type dialog box, enter the following information: ● ● ● ● Name — iDRAC Data Type — String Code — 060 Description — Dell vendor class identifier 12.
2. Set the option 43 and use the name vendor class identifier for option 60. option myname code 43 = text; subnet 192.168.0.0 netmask 255.255.0.0 { #default gateway option routers 192.168.0.1; option subnet-mask 255.255.255.0; option nis-domain "domain.org"; option domain-name "domain.org"; option domain-name-servers 192.168.1.1; option time-offset -18000; # Eastern Standard Time option vendor-class-identifier "iDRAC"; set vendor-string = option vendor-class-identifier; option myname "-f system_config.
Prerequisites before enabling Auto Config Before enabling the Auto config feature, make sure that following are already set: ● Supported network share (NFS, CIFS, HTTP and HTTPS) is available on the same subnet as the iDRAC and DHCP server. Test the network share to ensure that it can be accessed and that the firewall and user permissions are set correctly. ● Server configuration profile is exported to the network share.
If the password of the iDRAC user account is set with the SHA256 password hash only and not the other hashes (SHA1v3Key or MD5v3Key or IPMIKey), then authentication through SNMP v3 and IPMI is not available. Hash password using RACADM To set hash passwords, use the following objects with the set command: ● iDRAC.Users.SHA256Password ● iDRAC.Users.SHA256PasswordSalt NOTE: SHA256Password and SHA256PasswordSalt fields are reserved for XML import and do not set them using command line tools.
NOTE: If you wish to clear a previously salted password, then ensure that the password-salt is explicitly set to an empty string i.e. set iDRAC.Users.4.SHA256Password ca74e5fe75654735d3b8d04a7bdf5dcdd06f1c6c2a215171a24e5a9dcb28e7a2 set iDRAC.Users.4.SHA256PasswordSalt 4. After setting the password, the normal plain text password authentication works except that SNMP v3 and IPMI authentication fails for the iDRAC user accounts that had passwords updated with hash.
Optimizing system performance and power consumption The power required to cool a server can contribute a significant amount to the overall system power. Thermal control is the active management of system cooling through fan speed and system power management to make sure that the system is reliable while minimizing system power consumption, airflow, and system acoustic output. You can adjust the thermal control settings and optimize against the system performance and performance-per-Watt requirements.
○ ○ ○ ○ ○ Low Fan Speed — Drives fan speeds to a moderate fan speed. Medium Fan Speed — Drives fan speeds close to medium. High Fan Speed — Drives fan speeds close to full speed. Max Fan Speed — Drives fan speeds to full speed. Off — Fan speed offset is set to off. This is the default value. When set to off, the percentage does not display. The default fan speed is applied with no offset. Conversely, the maximum setting will result in all fans running at maximum speed.
Modifying thermal settings using RACADM To modify the thermal settings, use the objects in the system.thermalsettings group with the set sub command as provided in the following table. Table 10. Thermal Settings Object Description Usage Example AirExhaustTemp Allows you to set the maximum air exhaust temperature limit. To check the existing setting Set to any of the following values (based on the system): on the system: ● 0 — Indicates 40°C racadm get ● 1 — Indicates 45°C system.
Table 10. Thermal Settings (continued) Object Description Usage Example To set the limit to the default value: racadm set system.thermalsetti ngs.AirExhaustTemp 255 FanSpeedHighOffsetVal ● Getting this variable reads the fan speed offset value in %PWM for High Fan Speed Offset setting. ● This value depends on the system. ● Use FanSpeedOffset object to set this value using index value 1. Values from 0-100 racadm get system.
Table 10. Thermal Settings (continued) Object Description Usage Example fan speed increasing to full speed. racadm set system.thermalsetti ngs FanSpeedOffset 3 FanSpeedMediumOffsetV al ● Getting this variable reads the fan speed offset value in %PWM for Medium Fan Speed Offset setting. ● This value depends on the system. ● Use FanSpeedOffset object to set this value using index value 2 Values from 0-100 racadm get system.thermalsetti ngs FanSpeedMediumOffse tVal This returns a value such as “47”.
Table 10. Thermal Settings (continued) Object Description Usage Example MFSMinimumLimit Read Minimum limit for MFS Values from 0 to MFSMaximumLimit To display the lowest value that can be set using MinimumFanSpeed option. Default is 255 (means None) racadm get system.thermalsetti ngs.MFSMinimumLimit MinimumFanSpeed ThermalProfile ● Allows configuring the Minimum Fan speed that is required for the system to operate.
The settings are persistent, which means that once they are set and applied, they do not automatically change to the default setting during system reboot, power cycling, iDRAC, or BIOS updates. A few Dell servers may or may not support some or all of these custom user cooling options. If the options are not supported, they are not displayed or you cannot provide a custom value. 3. Click Back, click Finish, and then click Yes. The thermal settings are configured.
● Rack and tower servers — Set the iDRAC NIC to Dedicated or LOM1 and make sure that the management station is on the same network as iDRAC. To access the managed system’s console from a management station, use Virtual Console through iDRAC Web interface. Configuring supported web browsers NOTE: For information about the supported browsers and their versions, see the Release Notes available at https:// www.dell.com/idracmanuals.
Configuring Internet Explorer to enable Active Directory SSO To configure the browser settings for Internet Explorer: 1. In Internet Explorer, navigate to Local Intranet and click Sites. 2. Select the following options only: ● Include all local (intranet) sites not listed on other zones. ● Include all sites that bypass the proxy server. 3. Click Advanced. 4. Add all relative domain names that will be used for iDRAC instances that is part of the SSO configuration (for example, myhost.example.com.) 5.
1. Make sure that a supported version of the browser (Internet Explorer (Windows), or Mozilla Firefox (Windows or Linux), Google Chrome, Safari) is installed. For more information about the supported browser versions, see the Release Notes available at https://www.dell.com/ idracmanuals. 2. To use Internet Explorer, set IE to Run As Administrator. 3. Configure the Web browser to use ActiveX, Java, or HTML5 plug-in. ActiveX viewer is supported only with Internet Explorer.
Configuring the web browser to use Java plug-in Install a Java Runtime Environment (JRE) if you are using Firefox or IE and want to use the Java Viewer. NOTE: Install a 32-bit or 64-bit JRE version on a 64-bit operating system or a 32-bit JRE version on a 32-bit operating system. To configure IE to use Java plug-in: ● Disable automatic prompting for file downloads in Internet Explorer. ● Disable Enhanced Security Mode in Internet Explorer.
● If you get the error Unknown Publisher while launching Virtual Console, it may be caused because of the change to the code-signing certificate path. To resolve this error, you must download an addition key. Use a search engine to search for Symantec SO16958 and, from the search results, follow the instructions on the Symantec website.
Importing CA certificate to ActiveX trusted certificate store You must use the OpenSSL command line tool to create the certificate Hash using Secure Hash Algorithm (SHA). It is recommended to use OpenSSL tool 1.0.x and later since it uses SHA by default. The CA certificate must be in Base64 encoded PEM format. This is one-time process to import each CA certificate. To import the CA certificate to the ActiveX trusted certificate store: 1. Open the OpenSSL command prompt. 2.
● While performing a PSU firmware update through the host OS in the 15 th Generation PowerEdge servers, ensure that you perform a cold reboot to apply the update. When updating the PSU firmware for PowerEdge C series servers, ensure that all servers in the same chassis are powered OFF first. If any of the other servers in the chassis are powered ON, the update process fails. Upload the required firmware to iDRAC.
Table 11. Image file types and dependencies (continued) .D9 Image iDRAC DUP Interface Supported Requires LC enabled Supported Requires LC enabled Redfish Yes N/A Yes N/A The following table provides information about whether a system restart is required when firmware is updated for a particular component: NOTE: When multiple firmware updates are applied through out-of-band methods, the updates are ordered in the most efficient possible manner to reduce unnecessary system restart. Table 12.
● When stacking TPM firmware update with BIOS update (unsupported TPM version), TPM update fails. ● Once iDRAC is flashed or TPM is inserted, first-time host reboot with POST completion is required to fetch the TPM details from BIOS and detect TPM in software inventory. ● Latest BIOS version is needed for TPM firmware updates to be supported using iDRAC interfaces. Recommended to update BIOS first before updating iDRAC.
To update single device firmware using iDRAC web interface: 1. Go to Maintenance > System Update. The Firmware Update page is displayed. 2. On the Update tab, select Local as the Location Type. NOTE: If you select Local, ensure that you download the firmware image to a location on the local system. Select one file to be staged to iDRAC for update. You can select additional files one file at a time, for uploading to iDRAC.
2. Click the Automatic Update tab. 3. Select the Enable Automatic Update option. 4. Select any of the following options to specify if a system reboot is required after the updates are staged: ● Schedule Updates — Stage the firmware updates but do not reboot the server. ● Schedule Updates and reboot Server — Enables server reboot after the firmware updates are staged. 5.
● To clear the schedule details: racadm AutoUpdateScheduler clear Updating device firmware using RACADM To update device firmware using RACADM, use the update subcommand. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. Examples: ● Upload the update file from a remote HTTP share: racadm update -f -u admin -p mypass -l http://1.2.3.
Consider a server that has one or more devices from each of Groups A, B, and C. If the DUPs are used one at a time they should be successful. Using NDT09 by itself updates the devices in group A and group B. Using 8J1P7 by itself updates devices in group B and group C. However, if you try to use both DUPs at the same time that may attempt to create two updates for the Group B devices at the same time. That may fail with a valid error: "Job for this device is already present".
The updates for components such as Programmable System-on-Chip (PSoC) of IOM that requires all the servers to be idle, the update is applied on the next chassis power-up cycle. CMC settings to update CMC firmware from iDRAC In the PowerEdge FX2/FX2s chassis, before performing the firmware update from iDRAC for CMC and its shared components, do the following: 1. Launch the CMC Web interface 2. Go to iDRAC Settings > Settings > CMC. The Deploy iDRAC page is displayed. 3.
It is recommended to keep the firmware updated to ensure you have the latest features and security updates. You may need to rollback an update or install an earlier version if you encounter any issues after an update. To install an earlier version, use Lifecycle Controller to check for updates and select the version you want to install.
Rollback firmware using CMC web interface To roll back using the CMC Web interface: 1. Log in to CMC Web interface. 2. Go to iDRAC Settings > Settings > CMC. The Deploy iDRAC page is displayed. 3. Click Launch iDRAC and perform device firmware rollback as mentioned in the Rollback firmware using iDRAC web interface on page 83. Rollback firmware using RACADM 1.
NOTE: ● System configurations settings are backed-up only when Collect System Inventory On Reboot (CSIOR) is enabled. Ensure that Lifecycle Controller and CSIOR are enabled. ● System Erase does not clear the data from the Easy Restore flash memory. ● Easy Restore does not back up other data such as firmware images, vFlash data, or add-in cards data.
● SCP applies the full configuration in a single job with minimal number of reboots. However, in a few system configurations some attributes change the operation mode of a device or may create subdevices with new attributes. When this occurs, SCP may be unable to apply all settings during a single job. Review the ConfigResult entries for the job to resolve any pending configuration settings. SCP allows you to perform OS deployment (OSD) using a single xml/json file across multiple systems.
5. Select the Export type, following are the options: ● Basic ● Replacement Export ● Clone Export 6. Select an Export file format. 7. Select Additional export items. 8. Click Export. Secure Boot Configuration from BIOS Settings or F2 UEFI Secure Boot is a technology that eliminates a major security void that may occur during a handoff between the UEFI firmware and UEFI operating system (OS).
Table 14. Acceptable file formats (continued) Policy Component Acceptable File Formats Acceptable File Extensions 3. .crt 4. .efi Max records allowed The Secure Boot Settings feature can be accessed by clicking System Security under System BIOS Settings. To go to System BIOS Settings, press F2 when the company logo is displayed during POST. ● By default, Secure Boot is Disabled and the Secure Boot policy is set to Standard. To configure the Secure Boot Policy, you must enable Secure Boot.
4 Plugin Management A plugin is individually packaged in a DUP. Plugins do not get removed on iDRAC reboot, reset, or AC cycles, they can only be removed by iDRAC sanitize operation or LC wipe operation. You can enable or disable the plugins. When enabled, plugins are only installed but not started. To manage plugins from iDRAC GUI, go to iDARC Settings > Settings > Plugins. NOTE: You must have Login privilege and Control and Configure Privilege to install, update, and remove the plugins.
5 Configuring iDRAC iDRAC enables you to configure iDRAC properties, set up users, and set up alerts to perform remote management tasks. Before you configure iDRAC, make sure that the iDRAC network settings and a supported browser is configured, and the required licenses are updated. For more information about the licensable feature in iDRAC, see iDRAC licenses on page 20.
• Disabling access to modify iDRAC configuration settings on host system Viewing iDRAC information You can view the basic properties of iDRAC. Viewing iDRAC information using web interface In the iDRAC Web interface, go to iDRAC Settings > Overview to view the following information related to iDRAC. For information about the properties, see iDRAC Online Help.
Viewing iDRAC information using RACADM To view iDRAC information using RACADM, see getsysinfo or get sub-command details provided in the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals . Modifying network settings After configuring the iDRAC network settings using the iDRAC Settings utility, you can also modify the settings through the iDRAC Web interface, RACADM, Lifecycle Controller, and Server Administrator (after booting to the operating system).
Configuring IP filtering In addition to user authentication, use the following options to provide additional security while accessing iDRAC: ● IP filtering limits the IP address range of the clients accessing iDRAC. It compares the IP address of an incoming login to the specified range and allows iDRAC access only from a management station whose IP address is within the range. All other login requests are denied.
Bitwise exclusive-OR Examples for IP Filtering The following RACADM commands block all IP addresses except 192.168.0.57: racadm set iDRAC.IPBlocking.RangeEnable 1 racadm set iDRAC.IPBlocking.RangeAddr 192.168.0.57 racadm set iDRAC.IPBlocking.RangeMask 255.255.255.255 To restrict logins to a set of four adjacent IP addresses (for example, 192.168.0.212 through 192.168.0.215), select all but the lowest two bits in the mask: racadm set iDRAC.IPBlocking.RangeEnable 1 racadm set iDRAC.IPBlocking.RangeAddr 192.
● ● ● ● ● ● ● ● TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) TLS_RSA_WITH_IDEA_CBC_SHA (rsa 2048) TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) TLS_RSA_WITH_RC4_128_SHA (rsa 2048) TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048) TLSv1.
Enabling FIPS Mode CAUTION: Enabling FIPS mode resets iDRAC to factory-default settings. If you want to restore the settings, back up the server configuration profile (SCP) before you enable FIPS mode, and restore the SCP after iDRAC restarts. NOTE: If you reinstall or upgrade iDRAC firmware, FIPS mode gets disabled. Enabling FIPS mode using web interface 1. On the iDRAC web interface, navigate to iDRAC Settings > Connectivity > Network > Network Settings > Advanced Network Settings. 2.
VNC Server Enable VNC server with or without SSL encryption. Configuring services using web interface To configure the services using iDRAC Web interface: 1. In the iDRAC Web interface, go to iDRAC Settings > Services. The Services page is displayed. 2. Specify the required information and click Apply. For information about the various settings, see the iDRAC Online Help. NOTE: Do not select the Prevent this page from creating additional dialogs check-box.
For more information about these objects, see iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. SEKM Functionalities Following are the SEKM functionalities available in iDRAC: 1. SEKM Key Purge Policy — iDRAC provides a policy setting that allows you to configure iDRAC to purge old unused keys at the Key Management Server (KMS) when Rekey operation is performed.
To view the status of the HTTP to HTTPS redirection: racadm get iDRAC.Webserver.HttpsRedirection Using VNC client to manage remote server You can use a standard open VNC client to manage the remote server using both desktop and mobile devices such as Dell Wyse PocketCloud. When servers in data centers stop functioning, the iDRAC or the operating system sends an alert to the console on the management station.
Setting up VNC viewer with SSL encryption While configuring the VNC server settings in iDRAC, if the SSL Encryption option was enabled, then the SSL tunnel application must be used along with the VNC Viewer to establish the SSL encrypted connection with iDRAC VNC server. NOTE: Most of the VNC clients do not have built-in SSL encryption support. To configure the SSL tunnel application: 1. Configure SSL tunnel to accept connection on :. For example, 127.0.0.1:5930. 2.
● None If you select User Defined, enter the required message in the text box. If you select None, home message is not displayed on the server LCD front panel. 3. Enable Virtual Console indication (optional). If enabled, the Live Front Panel Feed section and the LCD panel on the server displays the Virtual console session active message when there is an active Virtual Console session. 4. Click Apply. The server LCD front panel displays the configured home message.
Configuring time zone and NTP You can configure the time zone on iDRAC and synchronize the iDRAC time using Network Time Protocol (NTP) instead of BIOS or host system times. You must have Configure privilege to configure time zone or NTP settings. Configuring time zone and NTP using iDRAC web interface To configure time zone and NTP using iDRAC web interface: 1. Go to iDRAC Settings > Settings > Time zone and NTP Settings. The Time zone and NTP page is displayed. 2.
1. Go to Configuration > System Settings > Hardware Settings > First Boot Device. The First Boot Device page is displayed. 2. Select the required first boot device from the drop-down list, and click Apply. The system boots from the selected device for subsequent reboots. 3. To boot from the selected device only once on the next boot, select Boot Once. Thereafter, the system boots from the first boot device in the BIOS boot order. For more information about the options, see the iDRAC Online Help.
If you are configuring the server using a Server Configuration Profile through RACADM, WSMan or Redfish and if the network settings are changed in this file, then you must wait for 15 seconds to either enable OS to iDRAC Pass-through feature or set the OS Host IP address. Before enabling OS to iDRAC Pass-through, make sure that: ● iDRAC is configured to use dedicated NIC or shared mode (that is, NIC selection is assigned to one of the LOMs).
● ● ● ● SLES 12 SP2 ESXi 6.0 U3 vSphere 2016 XenServer 7.1 For Linux operating systems, configure the USB NIC as DHCP on the host operating system before enabling USB NIC. For vSphere, you must install the VIB file before enabling USB NIC. NOTE: To configure USB NIC as DHCP in Linux operating system or XenServer, refer to the operating system or hypervisor documentation. Installing VIB file For vSphere operating systems, before enabling the USB NIC, you must install the VIB file.
● We have purposefully removed the LOM Pass-through using Dedicated mode feature. 5. If you select USB NIC as the pass-through configuration, enter the IP address of the USB NIC. The default value is 169.254.1.1. It is recommended to use the default IP address. However, if this IP address conflicts with an IP address of other interfaces of the host system or the local network, you must change it. Do not enter 169.254.0.3 and 169.254.0.4 IPs.
Obtaining certificates The following table lists the types of certificates based on the login type. Table 16. Types of certificate based on login type Login Type Certificate Type How to Obtain Single Sign-on using Active Directory Trusted CA certificate Generate a CSR and get it signed from a Certificate Authority SHA-2 certificates are also supported.
company’s information. Then, submit the generated CSR to a CA such as VeriSign or Thawte. The CA can be a root CA or an intermediate CA. After you receive the CA-signed SSL certificate, upload this to iDRAC. For each iDRAC to be trusted by the management station, that iDRAC’s SSL certificate must be placed in the management station’s certificate store. Once the SSL certificate is installed on the management stations, supported browsers can access iDRAC without certificate warnings.
Automatic Certificate Enrollment In iDRAC, Automatic certificate enrollment feature enables you for automatic installation and renewal of certificates used by the web server. When this feature is enabled, the existing web server certificate is replaced by a new certificate. NOTE: ● Automatic certificate enrollment is a licensed feature and requires Datacenter license. ● Valid NDES (Network Device Enrollment Service) setup is required for issuing the server certificate.
4. Run the racadm racreset command to reset iDRAC. iDRAC resets and the new certificate is applied. The iDRAC is not available for a few minutes during the reset. NOTE: You must reset iDRAC to apply the new certificate. Until iDRAC is reset, the existing certificate is active. Viewing server certificate You can view the SSL server certificate that is currently being used in iDRAC.
Downloading custom signing certificate To download the custom signing certificate using iDRAC Web interface: 1. Go to iDRAC Settings > Connectivity > SSL. The SSL page is displayed. 2. Under Custom SSL Certificate Signing Certificate, select Download Custom SSL Certificate Signing Certificate and click Next. A pop-up message is displayed that allows you to save the custom signing certificate to a location of your choice.
1. Query the target iDRAC that contains the required configuration using the following command:. racadm get -f .xml -t xml -c iDRAC.Embedded.1 The command requests the iDRAC configuration and generates the configuration file. NOTE: Redirecting the iDRAC configuration to a file using get -f is only supported with the local and remote RACADM interfaces. NOTE: The generated configuration file does not contain user passwords.
6 Delegated Authorization using OAuth 2.0 The Delegated Authorization feature allows a user or console to access iDRAC API using OAuth 2.0 JSON Web Tokens (JWT) that the user or console first obtains from an Authorization Server. Once an OAuth JWT has been retrieved, the user or console may use it to invoke iDRAC API. This circumvents the need for specifying username and password to access the API. NOTE: This feature is only available for DataCenter license.
7 Viewing iDRAC and managed system information You can view iDRAC and managed system health and properties, hardware and firmware inventory, sensor health, storage devices, network devices, and view and terminate user sessions. For blade servers, you can also view the Flex Address or Remote-Assigned Address (applicable only for MX platforms) .
Viewing system inventory You can view information about the hardware and firmware components installed on the managed system. To do this, in iDRAC web interface, go to System > Inventory. For information about the displayed properties, see the iDRAC Online Help.
navigate to the System Inventory page to view the details. It may take up to 5 minutes for the information to be available depending on the hardware installed on the server. NOTE: CSIOR option is enabled by default. NOTE: Configuration changes and firmware updates that are made within the operating system may not reflect properly in the inventory until you perform a server restart. Click Export to export the hardware inventory in an XML format and save it to a location of your choice.
Table 17. Sensor information using web interface and RACADM (continued) View sensor information For Using web interface Using RACADM For power supplies, you can also use the System.Power.Supply command with the get subcommand. For more information, see the iDRAC RACADM CLI Guide available at https:// www.dell.com/idracmanuals.
● CPU Utilization — Data from RMCs for each CPU core is aggregated to provide cumulative utilization of all the cores in the system. This utilization is based on time spent in active and inactive states. A sample of RMC is taken every six seconds. ● Memory Utilization — RMCs measure memory traffic occurring at each memory channel or memory controller instance. Data from these RMCs is aggregated to measure the cumulative memory traffic across all the memory channels on the system.
Idle Server Detection iDRAC provides out-of-band performance monitoring index of server components like CPU, memory, and I/O. The history data of the server level CUPS index is used to monitor whether the server is utilized or running idle for long time. If the server is underutilized below certain threshold for a defined span of interval (in hours), then it will be reported as idle server. This feature is only supported on Intel platforms with CUPS ability.
GPU Properties Datacenter License Enterprise License Minimum GPU HW Slowdown Temperature Yes No GPU Shutdown Temperature Yes No Maximum Memory Operating temperature Yes No Maximum GPU Operating Temperature Yes No Thermal Alert State Yes No Power Brake State Yes No Power Supply Status Yes No Board Power Supply Status Yes No Yes No Power Metrics Telemetry All Telemetry reports data NOTE: GPU properties will not be listed for Embedded GPU cards and the Status is marked as Unknown
● Navigate to System > Overview > Accelerators. You can see both GPU and FPGA sections. ● Expand the specific FPGA component to see the following sensor information: ○ Power consumption ○ Temperature details NOTE: You must have iDRAC Login privilege to access FPGA information. NOTE: Power consumption sensors are available only for the supported FPGA cards and is available only with Datacenter license.
Viewing historical temperature data using iDRAC web interface To view historical temperature data: 1. In the iDRAC Web interface, go to System > Overview > Cooling > Temperature overview. The Temperature overview page is displayed. 2. See the System Board Temperature Historical Data section that provides a graphical display of the stored temperature (average and peak values) for the last day, last 30 days, and last year. For more information, see the iDRAC Online Help.
iDRAC can display the IPv4 and IPv6 addresses for all the interfaces configured on the Host OS. Depending on how the Host OS detects the DHCP server, the corresponding IPv4 or IPv6 DHCP server address may not be displayed. Viewing network interfaces available on host OS using web interface To view the network interfaces available on the host OS using Web interface: 1. Go to System > Host OS > Network Interfaces.
If ● ● ● CMC enables chassis–assigned MAC addresses, iDRAC displays the MAC address on any of the following pages: System > Details > iDRAC Details. System > Server > WWN/MAC. iDRAC Settings > Overview > Current Network Settings. CAUTION: With FlexAddress enabled, if you switch from a server–assigned MAC address to a chassis–assigned MAC address and vice–versa, iDRAC IP address also changes.
8 Setting up iDRAC communication You can communicate with iDRAC using any of the following modes: ● iDRAC Web Interface ● Serial connection using DB9 cable (RAC serial or IPMI serial) — For rack and tower servers only ● IPMI Serial Over LAN ● IPMI Over LAN ● Remote RACADM ● Local RACADM ● Remote Services NOTE: To ensure that Local RACADM import or export commands work properly, ensure that the USB mass-storage host is enabled in the operating system.
• • • • • • Enabling or disabling remote RACADM Disabling local RACADM Enabling IPMI on managed system Configuring Linux for serial console during boot in RHEL 6 Configuring serial terminal in RHEL 7 Supported SSH cryptography schemes Communicating with iDRAC through serial connection using DB9 cable You can use any of the following communication methods to perform systems management tasks through serial connection to rack and tower servers: ● RAC Serial ● IPMI Serial — Direct Connect Basic mode and Direc
NOTE: This is applicable only for iDRAC on rack and tower servers. Enabling RAC serial connection using web interface To enable RAC serial connection: 1. In the iDRAC Web interface, go to iDRAC Settings > Network > Serial. The Serial page is displayed. 2. Under RAC Serial, select Enabled and specify the values for the attributes. 3. Click Apply. The RAC serial settings are configured.
n=1 — Basic Mode Enabling serial connection IPMI serial settings using RACADM 1. Change the IPMI serial-connection mode to the appropriate setting using the command. racadm set iDRAC.Serial.Enable 0 2. Set the IPMI Serial baud rate using the command. racadm set iDRAC.IPMISerial.BaudRate Parameter Allowed values (in bps) 9600, 19200, 57600, and 115200. 3. Enable the IPMI serial hardware flow control using the command. racadm set iDRAC.IPMISerial.FlowContro 1 4.
5. Click Apply. The terminal mode settings are configured. 6. Make sure that the serial MUX (external serial connector) is set correctly to the remote access device in the BIOS Setup program to configure BIOS for serial connection. Configuring additional settings for IPMI serial terminal mode using RACADM To configure the Terminal Mode settings, use the set command with the objects in the idrac.ipmiserial group. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.
● Serial Communication — On With Console Redirection ● Serial Port Address — COM2. NOTE: You can set the serial communication field to On with serial redirection via com1 if serial device2 in the serial port address field is also set to com1. ● External serial connector — Serial device 2 ● Failsafe Baud Rate — 115200 ● Remote Terminal Type — VT100/VT220 ● Redirection After Boot — Enabled 5. Click Back and then click Finish. 6. Click Yes to save the changes. 7. Press to exit System Setup.
NOTE: To activate IPMI SOL, you must have the minimum privilege defined in IMPI SOL. For more information, see the IPMI 2.0 specification. 3. Update the IPMI SOL baud rate using the command. racadm set iDRAC.IPMISol.BaudRate NOTE: To redirect the serial console over LAN, make sure that the SOL baud rate is identical to the managed system’s baud rate. Parameter Allowed values (in bps) 9600, 19200, 57600, and 115200. 4. Enable SOL for each user using the command. racadm set iDRAC.
The RMCP+ uses a 40-character hexadecimal string (characters 0-9, a-f, and A-F) encryption key for authentication. The default value is a string of 40 zeros. An RMCP+ connection to iDRAC must be encrypted using the encryption key (Key Generator Key). You can configure the encryption key using the iDRAC web interface or iDRAC Settings utility. To start SOL session using IPMItool from a management station: NOTE: If required, you can change the default SOL time-out at iDRAC Settings > Services. 1.
from the serial port of the managed system. The serial port usually attaches to a shell that emulates an ANSI- or VT100/ VT220–terminal. The serial console is automatically redirected to the SSH. Using SOL from PuTTY on Windows NOTE: If required, you can change the default SSH time-out at iDRAC Settings > Services. To start IPMI SOL from PuTTY on a Windows management station: 1. Run the following command to connect to iDRAC putty.
Disconnecting SOL session in iDRAC command line console The commands to disconnect a SOL session are based on the utility. You can exit the utility only when a SOL session is completely terminated. To disconnect a SOL session, terminate the SOL session from the iDRAC command line console. ● To quit SOL redirection, press Enter, Esc, T. The SOL session closes. If a SOL session is not terminated completely in the utility, other SOL sessions may not be available.
Parameter Privilege level = 2 User = 3 Operator = 4 Administrator 3. Set the IPMI LAN channel encryption key ,if required. racadm set iDRAC.IPMILan.EncryptionKey Parameter Description 20-character encryption key in a valid hexadecimal format. NOTE: The iDRAC IPMI supports the RMCP+ protocol. For more information, see the IPMI 2.0 specifications at intel.com.
Configuring Linux for serial console during boot in RHEL 6 The following steps are specific to the Linux GRand Unified Bootloader (GRUB). Similar changes are required if a different boot loader is used. NOTE: When you configure the client VT100 emulation window, set the window or application that is displaying the redirected Virtual Console to 25 rows x 80 columns to make sure the correct text displays. Else, some text screens may be garbled. Edit the /etc/grub.conf file as follows: 1.
co:2345:respawn:/sbin/agetty -h -L 57600 ttyS1 ansi The following example shows a sample file with the new line. #inittab This file describes how the INIT process should set up #the system in a certain run-level. #Author:Miquel van Smoorenburg #Modified for RHS Linux by Marc Ewing and Donnie Barnes #Default runlevel.
vc/10 vc/11 tty1 tty2 tty3 tty4 tty5 tty6 tty7 tty8 tty9 tty10 tty11 ttyS1 Configuring serial terminal in RHEL 7 To configure serial terminal in RHEL 7: 1.
To configure GRUB to use serial console, comment out the splash image and add the serial and terminal options to grub.conf : [root@localhost ~]# cat /boot/grub/grub.conf # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/hda2 # initrd /initrd-version.
Table 19. SSH cryptography schemes (continued) Scheme Type Algorithms diffie-hellman-group14-sha1 Encryption chacha20-poly1305@openssh.com aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com MAC hmac-sha1 hmac-ripemd160 umac-64@openssh.com Compression None NOTE: If you enable OpenSSH 7.0 or later, DSA public key support is disabled. To ensure better security for iDRAC, Dell recommends not enabling DSA public key support.
Generating public keys for Linux To use the ssh-keygen application to create the basic key, open a terminal window and at the shell prompt, enter ssh-keygen –t rsa –b 2048 –C testing where: ● -t is rsa. ● –b specifies the bit encryption size between 2048 and 4096. ● –C allows modifying the public key comment and is optional. NOTE: The options are case-sensitive. Follow the instructions. After the command executes, upload the public file.
Viewing SSH keys You can view the keys that are uploaded to iDRAC. Viewing SSH keys using web interface To view the SSH keys: 1. In Web interface, go to iDRAC Settings > Users. The Local Users page is displayed. 2. In the User ID column, click a user ID number. The Users Main Menu page is displayed. 3. Under SSH Key Configurations, select View/Remove SSH Key(s) and click Next. The View/Remove SSH Key(s) page is displayed with the key details.
9 Configuring user accounts and privileges You can setup user accounts with specific privileges (role-based authority) to manage your system using iDRAC and maintain system security. By default iDRAC is configured with a local administrator account. The default iDRAC user name and password are provided with the system badge. As an administrator, you can setup user accounts to allow other users to access iDRAC. For more information see the documentation for the server.
Table 21. iDRAC user privileges (continued) Current Generation Prior Generation Description System Control Control and configure system Allows power cycling the host system. Access Virtual Console Access Virtual Console Redirection (for blade servers) Enables the user to run Virtual Console. Access Virtual Console (for rack and tower servers) Access Virtual Media Access Virtual Media Enables the user to run and use Virtual Media.
Configuring local users You can configure up to 16 local users in iDRAC with specific access permissions. Before you create an iDRAC user, verify if any current users exist. You can set user names, passwords, and roles with the privileges for these users. The user names and passwords can be changed using any of the iDRAC secured interfaces (that is, web interface, RACADM or WSMan). You can also enable or disable SNMPv3 authentication for each user.
and view or edit the myfile.cfg file, which includes all iDRAC configuration parameters. To enable SNMP v3 authentication for a user, use SNMPv3AuthenticationType, SNMPv3Enable, SNMPv3PrivacyType objects. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. If you use the Server Configuration Profile file to configure users, use the AuthenticationProtocol, ProtocolEnable, and PrivacyProtocol attributes to enable SNMPv3 authentication.
Configuring Active Directory users If your company uses the Microsoft Active Directory software, you can configure the software to provide access to iDRAC, allowing you to add and control iDRAC user privileges to your existing users in your directory service. This is a licensed feature. You can configure user authentication through Active Directory to log in to the iDRAC. You can also provide role-based authority, which enables an administrator to configure specific privileges for each user.
10. Locate and right-click the root CA certificate, select All Tasks, and click Export.... 11. In the Certificate Export Wizard, click Next, and select No do not export the private key. 12. Click Next and select Base-64 encoded X.509 (.cer) as the format. 13. Click Next and save the certificate to a directory on your system. 14. Upload the certificate you saved in step 13 to iDRAC. Importing iDRAC firmware SSL certificate iDRAC SSL certificate is the identical certificate used for iDRAC Web server.
Figure 1. Configuration of iDRAC with active directory standard schema In Active Directory, a standard group object is used as a role group. A user who has iDRAC access is a member of the role group. To give this user access to a specific iDRAC, the role group name and its domain name need to be configured on the specific iDRAC. The role and the privilege level are defined on each iDRAC and not in the Active Directory. You can configure up to 15 role groups in each iDRAC.
Configuring Standard schema Active Directory Before configuring the standard schema Active Directory, ensure that: ● You have the iDRAC Enterprise or Datacenter license. ● The configuration is performed on a server that is used as the Domain Controller. ● The dat, time and time zone on the server are correct. ● The iDRAC network settings are configured, or in iDRAC web interface go to iDRAC Settings > Connectivity > Network > Common Settings to configure the network settings.
address of racadm set address of racadm set address of racadm set address of racadm set address of racadm set address of the domain controller> iDRAC.ActiveDirectory.DomainController2 iDRAC.ActiveDirectory.DomainController3 iDRAC.ActiveDirectory.GlobalCatalog1 iDRAC.ActiveDirectory.
Best practices for extended schema The extended schema uses Dell association objects to join iDRAC and permission. This allows you to use iDRAC based on the overall permissions granted. The default Access Control List (ACL) of Dell Association objects allows Self and Domain Administrators to manage the permissions and scope of iDRAC objects. By default, the Dell Association objects do not inherit all permissions from the parent Active Directory objects.
Figure 2. Typical setup for active directory objects You can create as many or as few association objects as required. However, you must create at least one Association Object, and you must have one iDRAC Device Object for each iDRAC device on the network that you want to integrate with Active Directory for Authentication and Authorization with iDRAC. The Association Object allows for as many or as few users and/or groups as well as iDRAC Device Objects.
The figure shows two Association Objects—A01 and A02. User1 is associated to iDRAC2 through both association objects. Extended Schema Authentication accumulates privileges to allow the user the maximum set of privileges possible considering the assigned privileges of the different privilege objects associated to the same user. In this example, User1 has both Priv1 and Priv2 privileges on iDRAC2. User1 has Priv1 privileges on iDRAC1 only. User2 has Priv1 privileges on both iDRAC1 and iDRAC2.
Classes and attributes Table 25. Class definitions for classes added to the active directory schema Class Name Assigned Object Identification Number (OID) delliDRACDevice 1.2.840.113556.1.8000.1280.1.7.1.1 delliDRACAssociation 1.2.840.113556.1.8000.1280.1.7.1.2 dellRAC4Privileges 1.2.840.113556.1.8000.1280.1.1.1.3 dellPrivileges 1.2.840.113556.1.8000.1280.1.1.1.4 dellProduct 1.2.840.113556.1.8000.1280.1.1.1.5 Table 26. DelliDRACdevice class OID 1.2.840.113556.1.8000.1280.1.7.1.
Table 28. dellRAC4Privileges class (continued) OID 1.2.840.113556.1.8000.1280.1.1.1.3 dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 29. dellPrivileges class OID 1.2.840.113556.1.8000.1280.1.1.1.4 Description Used as a container Class for the Dell Privileges (Authorization Rights). Class Type Structural Class SuperClasses User Attributes dellRAC4Privileges Table 30. dellProduct class OID 1.2.840.
Table 31. List of attributes added to the active directory schema (continued) Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued TRUE if the user has Card Configuration rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsUserConfigAdmin 1.2.840.113556.1.8000.1280.1.1.2.5 TRUE if the user has User Configuration rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) delIsLogClearAdmin 1.2.840.113556.1.8000.1280.1.1.2.
Installing Dell extension to the Active Directory users and computers snap-in When you extend the schema in Active Directory, you must also extend the Active Directory Users and Computers Snap-in so the administrator can manage iDRAC devices, users and user groups, iDRAC associations, and iDRAC privileges.
Providing user access privileges for association objects To provide access privileges to the authenticated users for accessing the created association objects: 1. Go to Administrative Tools > ADSI Edit. The ADSI Edit window is displayed. 2. In the right-pane, navigate to the created association object, right-click and select Properties. 3. In the Security tab, click Add. 4. Type Authenticated Users, click Check Names, and click OK. The authenticated users is added to the list of Groups and user names. 5.
3. Click Next. The Active Directory Configuration and Management Step 2 of 4 page is displayed. 4. Specify the location information about Active Directory (AD) servers and user accounts. Also, specify the time iDRAC must wait for responses from AD during login process. NOTE: ● If certificate validation is enabled, specify the Domain Controller Server addresses and the FQDN.
3. If DHCP is disabled in iDRAC or you want to manually input your DNS IP address, enter the following command: racadm set iDRAC.IPv4.DNSFromDHCP 0 racadm set iDRAC.IPv4.DNSFromDHCP.DNS1 racadm set iDRAC.IPv4.DNSFromDHCP.DNS2 4. If you want to configure a list of user domains so that you only need to enter the user name during log in to iDRAC web interface, use the following command: racadm set iDRAC.UserDomain..
Configuring generic LDAP directory service using iDRAC webbased interface To configure the generic LDAP directory service using Web interface: NOTE: For information about the various fields, see the iDRAC Online Help. 1. In the iDRAC Web interface, go to iDRAC Settings > Users > Directory Services > Generic LDAP Directory Service, click Edit. The Generic LDAP Configuration and Management Step 1 of 3 page displays the current generic LDAP settings. 2.
NOTE: When testing LDAP settings with Enable Certificate Validation checked, iDRAC requires that the LDAP server be identified by the FQDN and not an IP address. If the LDAP server is identified by an IP address, certificate validation fails because iDRAC is not able to communicate with the LDAP server. NOTE: When generic LDAP is enabled, iDRAC first tries to login the user as a directory user. If it fails, local user lookup is enabled. The test results and the test log are displayed.
10 System Configuration Lockdown mode System Configuration Lockdown mode helps in preventing unintended changes after a system is provisioned. Lockdown mode is applicable to both configuration and firmware updates. When the system is locked down, any attempt to change the system configuration is blocked. If any attempts are made to change the critical system settings, an error message is displayed. Enabling System lockdown mode blocks the firmware update of third party I/O cards using the vendor tools.
Table 32. Items affected by Lockdown mode Disabled Remains functional ● All Vendor tools that have direct access to the device ● NVMe ○ DTK-RAIDCFG ○ F2/Ctrl+R ● BOSS-S1 ○ Marvell CLI ○ F2/Ctrl+R ● ISM/OMSA settings (OS BMC enable, watchdog ping, OS name, OS version) NOTE: When lockdown mode is enabled, OpenID Connect login option is not displayed in iDRAC login page.
11 Configuring iDRAC for Single Sign-On or smart card login This section provides information to configure iDRAC for Smart Card login (for local users and Active Directory users), and Single Sign-On (SSO) login (for Active Directory users.) SSO and smart card login are licensed features. iDRAC supports Kerberos based Active Directory authentication to support Smart Card and SSO logins. For information on Kerberos, see the Microsoft website.
Creating Active Directory objects and providing privileges Logging in to Active Directory Standard schema based SSO Perform the following steps for Active Directory Standard schema based SSO login: 1. Create a User Group. 2. Create a User for Standard schema. NOTE: Use the existing AD User Group & AD User. Logging in to Active Directory Extended schema based SSO Perform the following steps for Active Directory Extended schema based SSO login: 1.
Generating Kerberos keytab file To support the SSO and smart card login authentication, iDRAC supports the configuration to enable itself as a kerberized service on a Windows Kerberos network. The Kerberos configuration on iDRAC involves the same steps as configuring a non– Windows Server Kerberos service as a security principal in Windows Server Active Directory.
Management Station Settings Perform the following steps after configuring SSO login for Active Directory users: 1. Set the DNS Server IP in Network properties and mention the preferred DNS Server IP. 2. Go to My Computer and add the *domain.tld domain. 3. Add the Active Directory User to Administrator by navigating to: My Computer > Manage > Local User and Groups > Groups > Administrator and add the Active Directory User. 4. Logoff the system and login using the Active Directory User credential. 5.
Configuring Smart Card Login NOTE: For Active Directory Smart Card Configuration, iDRAC must be configured either with Standard or Extended Schema SSO Login. Configuring iDRAC smart card login for Active Directory users Before configuring iDRAC Smart Card login for Active Directory users, make sure that you have completed the required prerequisites. To configure iDRAC for smart card login: 1.
6. Click Advanced Certificate Request. 7. Click Request a certificate for a smart card on behalf of another user by using the smart card certificate enrollment station. 8. Select user to enroll by clicking Select User button. 9. Click Enroll and enter the smart card credential. 10. Enter the smart card PIN and click on Submit. Uploading trusted CA certificate for smart card Before you upload the CA certificate, make sure that you have a CA-signed certificate.
12 Configuring iDRAC to send alerts You can set alerts and actions for certain events that occur on the managed system. An event occurs when the status of a system component is greater than the pre-defined condition. If an event matches an event filter and you have configured this filter to generate an alert (e-mail, SNMP trap, IPMI alert, remote system logs, Redfish event, or WS events), then an alert is sent to one or more configured destinations.
2. Under Quick Alert Configuration section: ● Select the alert category. ● Select the issue severity notification. ● Select the location where you would like to receive these notifications. 3. Click Apply to save the setting. NOTE: You must select at least one category, one severity, and one destination type to apply the configuration. All the alerts that are configured are displayed in total under Alerts Configuration Summary.
● Informational ● Warning ● Critical 4. Click Apply. The Alert Results section displays the results based on the selected category and severity. Filtering alerts using RACADM To filter the alerts, use the eventfilters command. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals.
Setting alert recurrence events using iDRAC web interface To set the alert recurrence value: 1. In iDRAC Web interface, go to Configuration > System Settings > Alert Recurrence. 2. In the Recurrence column, enter the alert frequency value for the required category, alert, and severity type(s). For more information, see the iDRAC Online help. 3. Click Apply. The alert recurrence settings are saved.
Configuring IP alert destinations using web interface To configure alert destination settings using Web interface: 1. In iDRAC Web interface, go to Configuration > System Settings > SNMP and E-mail Settings. 2. Select the State option to enable an alert destination (IPv4 address, IPv6 address, or Fully Qualified Domain Name (FQDN)) to receive the traps. You can specify up to eight destination addresses. For more information about the options, see the iDRAC Online Help. 3.
● Set the SNMP trap destination for SNMPv3: racadm set idrac.SNMP.Alert..DestAddr ● Set SNMPv3 users for trap destinations: racadm set idrac.SNMP.Alert..SNMPv3Username ● Enable SNMPv3 for a user: racadm set idrac.users..SNMPv3Enable Enabled 5. To test the trap, if required: racadm testtrap -i For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals.
○ No Encryption — port 25 (default) ○ SSL — Port 465 ● Connection Encryption — When you do not have an email server in your premises, you can use cloud based email servers or SMTP Relays. To configure cloud email server, you can set this feature to any of the following values from the drop down: ○ None — No encryption on the connection to the SMTP server. It is the default value. ○ SSL — Runs SMTP protocol over SSL NOTE: ○ This feature is not configurable via Group Manager.
Parameter Description custom-message Custom message 5. To test the configured email alert, if required: racadm testemail -i [index] Parameter Description index Email destination index to be tested. Allowed values are 1 through 4. For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals. Configuring SMTP email server address settings You must configure the SMTP server address for email alerts to be sent to specified destinations.
Monitoring chassis events On the PowerEdge FX2/FX2s chassis, you can enable the Chassis Management and Monitoring setting in iDRAC to perform chassis management and monitoring tasks such as monitoring chassis components, configuring alerts, using iDRAC RACADM to pass CMC RACADM commands, and updating the chassis management firmware. This setting allows you to manage the servers in the chassis even if the CMC is not on the network. You can set the value to Disabled to forward the chassis events.
Table 33.
Table 33.
Table 33.
13 iDRAC 9 Group Manager Group Manager enables user to have multiple console experience and offers simplified basic iDRAC management. iDRAC Group Manager feature is available for Dell's 14th generation servers to offer simplified basic management of iDRACs and associated servers on the local network using the iDRAC GUI. Group Manager allows 1XMany console experience without involving a separate application.
Once the group manager feature is enabled, that iDRAC allows you the option to create or join an iDRAC local group. More than one iDRAC group can be setup in the local network but an individual iDRAC can only be a member of one group at a time. To change group (join a new group) the iDRAC must first leave its current group and then join the new group. The iDRAC from where the group was created gets chosen as the primary controller of the group by default.
Group Manager uses mDNS to discover other iDRACs on the network and sends encrypted packets for normal inventorying, monitoring and management of the group using the link local IP address. Using IPv6 link local networking means that the Group Manager ports and packets will never leave the local network or be accessible to external networks.
Group jobs including Manage Logins are one time configurations of the servers. Group manager uses SCP and jobs to make any changes. Every iDRAC in the group owns an individual job in its job queue for each Group Manager job. Group Manager does not detect changes on member iDRACs or lock member configurations. NOTE: Group jobs does not configure or override the lockdown mode for any specific iDRAC. Leaving a group does not change local user or change settings on a member iDRAC.
Table 37. Configuring alerts options Option Description SMTP (Email) Server Address Settings Allows you to configure Server IP Address, SMTP Port Number and enable the authentication. In case you are enabling authentication, you need to provide username and password. Email Addresses Allows you to configure multiple Email IDs to receive email notifications about system status change. You can send one test email to the configured account from the system.
the iDRAC and select the group you would like to onboard from the drop down list to join that group. You can access the GroupManager welcome screen from iDRAC index page. Table 38. Group onboard options Option Description Onboard and Change Login Select a specific row and select the Onboard and Change Login option to get the newly discovered systems to the group. You must provide the admin logon credentials for the new systems to join the group.
● Change group passcode and name NOTE: Group jobs complete quickly as long as all members are online and accessible. It may take 10 minutes from job start to job complete. A job will wait and retry for up to 10 hours for the systems that are not accessible. NOTE: While an onboarding job is running no other Job can be scheduled.
Table 41. Group setting actions Actions Description Change Name Allows you to change the Current Group Name with a New Group Name. Change Passcode Allows you to change the existing group password by entering a New Group Passcode and validating that password by Reenter New Group Passcode. Remove Systems Allows you to remove multiple systems from the group at a time. Delete Group Allows you to delete the group. To use any feature of group manager, the user should have administrator privileges.
● No user configuration or involvement required. iDRAC Group Firmware Update For iDRAC group firmware update, from the DUP file from a local directory, perform the following steps: 1. 2. 3. 4. Access group manager console essential view and click Update iDRAC Firmware under summary view. From the firmware update dialog box displayed, browse and select the local iDRAC DUP file to be installed. Click Upload. File is uploaded to iDRAC and verified for integrity. Confirm the firmware update.
14 Managing logs iDRAC provides Lifecycle log that contains events related to system, storage devices, network devices, firmware updates, configuration changes, license messages, and so on. However, the system events are also available as a separate log called System Event Log (SEL). The lifecycle log is accessible through iDRAC Web interface, RACADM, and WSMan interface. When the size of the lifecycle log reaches 800 KB, the logs are compressed and archived.
Viewing System Event Log using iDRAC settings utility You can view the total number of records in the System Event Log (SEL) using the iDRAC Settings Utility and clear the logs. To do this: 1. In the iDRAC Settings Utility, go to System Event Log. The iDRAC Settings.System Event Log displays the Total Number of Records. 2. To clear the records, select Yes. Else, select No. 3. To view the system events, click Display System Event Log. 4. Click Back, click Finish, and then click Yes.
● ● ● ● Select the Log Type from the drop-down list. Select the severity level from the Severity drop-down list. Enter a keyword. Specify the date range. 2. Click Apply. The filtered log entries are displayed in Log Results. Adding comments to Lifecycle logs To add comments to the Lifecycle logs: 1. In the Lifecycle Log page, click the + icon for the required log entry. The Message ID details are displayed. 2. Enter the comments for the log entry in the Comment box.
1. In the iDRAC Web interface, go to Dashboard > Notes > add note. The Work Notes page is displayed. 2. Under Work Notes, enter the text in the blank text box. NOTE: It is recommended not to use too many special characters. 3. Click Save. The work note is added to the log. For more information, see the iDRAC Online Help. Configuring remote system logging You can send lifecycle logs to a remote system. Before doing this, make sure that: ● There is network connectivity between iDRAC and the remote system.
15 Monitoring and managing power in iDRAC You can use iDRAC to monitor and manage the power requirements of the managed system. This helps to protect the system from power outages by appropriately distributing and regulating the power consumption on the system. The key features are: ● Power Monitoring — View the power status, history of power measurements, the current averages, peaks, and so on for the managed system.
○ You can reset the peak utilization for a particular sensor. Click Reset Historical Peak. You must have Configure privilege to reset the peak value. ● Performance Metrics section: ○ Displays status and present reading ○ Displays or specifies the warning threshold utilization limit. You must have server configure privilege to set the threshold values. For information about the displayed properties, see the iDRAC Online Help.
Executing power control operations using web interface To perform power control operations: 1. In iDRAC web interface, go to Configuration > Power Management > Power Control. The Power Control options are displayed. 2. Select the required power operation: ● ● ● ● ● ● Power On System Power Off System NMI (Non-Masking Interrupt) Graceful Shutdown Reset System (warm boot) Power Cycle System (cold boot) 3. Click Apply. For more information, see the iDRAC Online Help.
When setting the power cap threshold in BTU/hr, the conversion to Watts is rounded off to the nearest integer. When the power cap threshold are read from the system, the Watts to BTU/hr conversion is also rounded off. Because of the rounding off, the actual values may slightly differ. Configuring power cap policy using web interface To view and configure the power policies: 1. In iDRAC Web interface, go to Configuration > Power Management > Power Cap Policy.
Configuring power supply options using web interface To configure the power supply options: 1. In iDRAC Web interface, go to Configuration > Power Management > Power Configuration. 2. Under Power Redundancy Policy, select the required options. For more information, see iDRAC Online Help. 3. Click Apply. The power supply options are configured. Configuring power supply options using RACADM To ● ● ● ● configure the power supply options, use the following objects with the get/set command: System.Power.
● Using fan zone mapping, cooling can be initiated for the components when it requires. Thus, it results maximum performance without compromising the efficiency of power utilization. ● Accurate representation of slot by slot PCIe airflow in terms of LFM metric (Linear Feet per Minute - an accepted industry standard on how PCIe card airflow requirement is specified). Display of this metric in various iDRAC interfaces allows user to: 1. know the maximum LFM capability of each slot within the server. 2.
16 iDRAC Direct Updates iDRAC provides out of band ability to update the firmware of various components of a PowerEdge server. iDRAC direct update helps in eliminating staged jobs during updates. This is supported only for iDRAC releases 5.00.00.00 and above. Only SEP(passive) backplanes are supported for direct updates. iDRAC used to have staged updates to initiate firmware update of the components. From this release, Direct updates have been applied to PSU and Backplane.
17 Inventorying, monitoring, and configuring network devices You can inventory, monitor, and configure the following network devices: ● Network Interface Cards (NICs) ● Converged Network Adapters (CNAs) ● LAN On Motherboards (LOMs) ● Network Daughter Cards (NDCs) ● Mezzanine cards (only for blade servers) Before you disable NPAR or an individual partition on CNA devices, ensure that you clear all I/O identity attributes (Example: IP address, virtual addresses, initiator, and storage targets) and partition-l
Connection View Manually checking and troubleshooting the servers’ networking connections is unmanageable in a datacenter environment. iDRAC9 streamlines the job with iDRAC Connection View. This feature allows you to remotely check and troubleshoot network connections from the same centralized GUI that you are using for deploying, updating, monitoring, and maintaining the servers.
Refresh Connection View Use Refresh Connection View to get the latest information of Switch Connection ID and Switch Port Connection ID. NOTE: If iDRAC has switch connection and switch port connection information for server network port or iDRAC network port and due to some reason, the switch connection and switch port connection information is not refreshed for 5min, then the switch connection and switch port connection information is shown as stale (last known good data) data for all user interfaces.
Inventorying and monitoring FC HBA devices You can remotely monitor the health and view the inventory of the Fibre Channel Host Bus Adapters (FC HBA) devices in the managed system. The Emulex and QLogic FC HBAs are supported. For each FC HBA device, you can view the following information for the ports: ● FC storage target information ● NVMe storage target information ● Port Properties ● Receive and Transmit Statistics NOTE: Emulex FC8 HBAs are not supported.
Monitoring SFP Transceiver devices using web interface To view the SFP Transceiver device information using Web interface, go to System > Overview > Network Devices and click on particular device. For more information about the displayed properties, see iDRAC Online Help. The page name also displays the slot number where the transceiver device is available under Port statistics. Monitoring data for SFP devices is only available for active SFPs.
Type Metric Group Inventory Sensor Statistics Configuration Metrics Accelerators GPUs No No Yes No Yes To know about the field descriptions of Telemetry section, see iDRAC Online Help. NOTE: ● StorageDiskSMARTDATA is only supported on SSD drives with SAS/SATA bus protocol and behind the BOSS controller. ● StorageSensor data is reported only for the drives in Ready / Online / Non-RAID mode and not behind the BOSS controller.
The purpose of Serial Data Capture feature is to capture the system serial data and store it so that the customer can later retrieve it for debugging purpose. You can enable or disable a serial data capture using RACADM, Redfish, iDRAC interfaces. When this attribute is enabled, iDRAC will capture serial traffic received on Host Serial Device2 irrespective of serial Mux mode settings.
Supported cards for IO Identity Optimization The following table provides the cards that support the I/O Identity Optimization feature. Table 43.
Table 43.
Table 44. Virtual/Remote-Assigned Address and Persistence Policy behavior (continued) Remote assigned Address Feature State in OME Modular Mode set in iDRAC IO Identity Feature State in iDRAC SCP Persistence Policy Clear Persistence Policy — Virtual Address Remote-Assigned Address disabled RemoteAssigned Address Mode Disabled Configured using the path provided in Lifecycle Controller Lifecycle Controller configuration persists for that cycle No persistence supported.
Table 45.
SSD Wear Threshold iDRAC provides you the ability to configure thresholds of Remaining Rated Write Endurance for all SSD's and Available Spare of NVMe PCIe SSDs. When SSD Remaining Rated Write Endurance and NVMe PCIe SSD Available Spare values are less than the threshold, then iDRAC logs this event in the LC log and depending on the alert type selection, iDRAC also performs Email alert, SNMP Trap, IPMI Alert, Logging in Remote Syslog, WS Eventing and OS log.
Events are logged to the Lifecycle Controller log when: ● I/O Identity Optimization is enabled or disabled. ● Persistence policy is changed. ● Virtual address, initiator and target values are set based on the policy. A single log entry is logged for the configured devices and the values that are set for those devices when the policy is applied. Event actions are enabled for SNMP, email, or WS-eventing notifications. Logs are also included in the remote syslogs.
iSCSI initiator and storage target default values The following tables provide the list of default values for iSCSI initiator and storage targets when the persistence policies are cleared. Table 47. iSCSI initiator —default values iSCSI Initiator Default Values in IPv4 mode Default Values in IPv6 mode IscsiInitiatorIpAddr 0.0.0.0 :: IscsiInitiatorIpv4Addr 0.0.0.0 0.0.0.0 IscsiInitiatorIpv6Addr :: :: IscsiInitiatorSubnet 0.0.0.0 0.0.0.
Table 48. ISCSI storage target attributes — default values (continued) iSCSI Storage Target Attributes Default Values in IPv4 mode Default Values in IPv6 mode FirstTgtChapPwd Value Cleared Value Cleared FirstTgtIpVer Ipv4 ConnectSecondTgt Disabled Disabled SecondTgtIpAddress 0.0.0.
18 Managing storage devices Starting with iDRAC 3.15.15.15 release, iDRAC supports Boot Optimized Storage Solution (BOSS) controller in the 14 th generation of PowerEdge servers. BOSS controllers are designed specifically for booting the operating system of the server. These controllers support limited RAID features and the configuration is staged. Starting with iDRAC 4.30.30.30 release, iDRAC supports PERC 11, HBA 11, and BOSS 1.5 for AMD systems. NOTE: BOSS controllers support only RAID level1.
In addition to managing the physical disks contained in the enclosure, you can monitor the status of the fans, power supply, and temperature probes in an enclosure. You can hot-plug enclosures. Hot-plugging is defined as adding of a component to a system while the operating system is still running. The physical devices connected to the controller must have the latest firmware. For the latest supported firmware, contact your service provider.
What is RAID RAID is a technology for managing the storage of data on the physical disks that reside or are attached to the system. A key aspect of RAID is the ability to span physical disks so that the combined storage capacity of multiple physical disks can be treated as a single, extended disk space. Another key aspect of RAID is the ability to maintain redundant data which can be used to restore data in the event of a disk failure.
Organizing data storage for availability and performance RAID provides different methods or RAID levels for organizing the disk storage. Some RAID levels maintain redundant data so that you can restore data after a disk failure. Different RAID levels also entail an increase or decrease in the I/O (read and write) performance of a system. Maintaining redundant data requires the use of additional physical disks. The possibility of a disk failure increases with an increase in the number of disks.
RAID 0 characteristics: ● ● ● ● Groups n disks as one large virtual disk with a capacity of (smallest disk size) *n disks. Data is stored to the disks alternately. No redundant data is stored. When a disk fails, the large virtual disk fails with no means of rebuilding the data. Better read and write performance. RAID level 1 - mirroring RAID 1 is the simplest form of maintaining redundant data. In RAID 1, data is mirrored or duplicated on one or more physical disks.
● Redundancy for protection of data. ● RAID 1 is more expensive in terms of disk space since twice the number of disks are used than required to store the data without redundancy. RAID level 5 or striping with distributed parity RAID 5 provides data redundancy by using data striping in combination with parity information. Rather than dedicating a physical disk to parity, the parity information is striped across all physical disks in the disk group.
RAID 6 characteristics: ● ● ● ● ● ● Groups n disks as one large virtual disk with a capacity of (n-2) disks. Redundant information (parity) is alternately stored on all disks. The virtual disk remains functional with up to two disk failures. The data is reconstructed from the surviving disks. Better read performance, but slower write performance. Increased redundancy for protection of data. Two disks per span are required for parity. RAID 6 is more expensive in terms of disk space.
RAID 50 characteristics: ● Groups n*s disks as one large virtual disk with a capacity of s*(n-1) disks, where s is the number of spans and n is the number of disks within each span. ● Redundant information (parity) is alternately stored on all disks of each RAID 5 span. ● Better read performance, but slower write performance. ● Requires as much parity information as standard RAID 5. ● Data is striped across all spans. RAID 50 is more expensive in terms of disk space.
RAID 60 characteristics: ● Groups n*s disks as one large virtual disk with a capacity of s*(n-2) disks, where s is the number of spans and n is the number of disks within each span. ● Redundant information (parity) is alternately stored on all disks of each RAID 6 span. ● Better read performance, but slower write performance. ● Increased redundancy provides greater data protection than a RAID 50. ● Requires proportionally as much parity information as RAID 6. ● Two disks per span are required for parity.
RAID 10 characteristics: ● ● ● ● ● Groups n disks as one large virtual disk with a capacity of (n/2) disks, where n is an even integer. Mirror images of the data are striped across sets of physical disks. This level provides redundancy through mirroring. When a disk fails, the virtual disk still works. The data is read from the surviving mirrored disk. Improved read performance and write performance. Redundancy for protection of data.
Table 50. RAID level performance comparison (continued) RAID Level Data Redundancy Read Performance Write Performance Rebuild Performance Minimum Disks Required Suggested Uses RAID 50 Good Very Good Fair Fair N + 2 (N = at least 4) Medium sized transactional or data intensive uses. RAID 6 Excellent Sequential reads: good. Transactional reads: Very good Fair, unless using writeback cache Poor N + 2 (N = at least two disks) Critical information.
Supported enclosures iDRAC supports MD1400 and MD1420 enclosures. NOTE: Redundant Array of Inexpensive Disks (RBODS) that are connected to HBA controllers are not supported. NOTE: PERC H480 with version 10.1 or greater, firmware supports up to 4 enclosures per port. Summary of supported features for storage devices The following tables provide the features supported by the storage devices through iDRAC. Table 51.
Table 51.
Table 51.
Table 51.
Table 52.
Table 52. Supported features of storage controllers for MX platforms (continued) Features PERC 11 PERC 10 PERC 9 H755 MX H745P MX H730P MX Switch Controller Mode Not applicable Not applicable Staged T10PI Support for Virtual Disks Not applicable Not applicable Not applicable NOTE: H745P MX supports eHBA mode with PERC 10.2 and higher. Table 53.
● Physical disks in system with multiple backplanes may be listed under a different backplane. Use the blink function to identify the disks. ● FQDD of certain Backplanes may not be same in Software Inventory and Hardware Inventory. ● Lifecycle log for PERC controller is not available when the past PERC controller events are being processed and this does not affect the functionality.
● Virtual Disks ● Enclosures Click the links to view the respective component details. Managing physical disks You can perform the following for physical disks: ● View physical disk properties. ● Assign or unassign physical disk as a global hot-spare. ● Convert to RAID capable disk. ● Convert to non-RAID disk. ● Blink or unblink the LED.
Assigning or unassigning global hot spare using web interface To assign or unassign a global hot spare for a physical disk drive: 1. In the iDRAC web interface, go to Configuration > Storage Configuration. The Storage Configuration page is displayed. 2. From the Controller drop-down menu, select the controller to view the associated physical disks. 3. Click Physical Disk Configuration. All the physical disks associated to the controller are displayed. 4.
● To convert to RAID mode, use the racadm storage converttoraid command. ● To convert to Non-RAID mode, use the racadm storage converttononraid command. NOTE: On the S140 controller, you can only use the RACADM interface to convert the drives from non-RAID to RAID mode. The supported Software RAID modes are Windows or Linux Mode. For more information about the commands, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals.
unable to access the supported device. SED/ISE device erase can be performed either in real time or be applied after a system reboot. If the system reboot or experiences a power loss during cryptographic erase, the operation is canceled. You must reboot the system and restart the process. Before erasing SED/ISE device data, ensure that: ● Lifecycle Controller is enabled. ● You have Server Control and Login privileges. ● Selected supported drive is not part of a virtual disk.
To create the target job after executing the cryptographicerase command: racadm jobqueue create -s TIME_NOW -realtime To create the target staged job after executing the cryptographicerase command: racadm jobqueue create -s TIME_NOW -e To query the job ID returned: racadm jobqueue view -i For more information, see the iDRAC RACADM CLI Guide available at https://www.dell.com/idracmanuals.
You cannot create a virtual disk if: ● Physical disk drives are not available for virtual disk creation. Install additional physical disk drives. ● Maximum number of virtual disks that can be created on the controller has been reached. You must delete at least one virtual disk and then create a new virtual disk. ● Maximum number of virtual disks supported by a drive group has been reached. You must delete one virtual disk from the selected group and then create a new virtual disk.
RAID 60. If you have selected RAID 10 and if the controller supports uneven RAID 10, then the span count value is not displayed. The controller automatically sets the appropriate value. For RAID 50 and RAID 60, this field is not displayed when minimum number of disks are used to create RAID. It can be changed if more disks are used. 3. In the Select Physical Disks section, select the number of physical disks. For more information about the fields, see the iDRAC Online Help 4.
Therefore, depending upon the PERC, the policy value is set. Deleting virtual disks Deleting a virtual disk destroys all information including file systems and volumes residing on the virtual disk and removes the virtual disk from the controller’s configuration. When deleting virtual disks, all assigned global hot spares may be automatically unassigned when the last virtual disk associated with the controller is deleted.
A fast initialization on a virtual disk overwrites the first and last 8 MB of the virtual disk, clearing any boot records or partition information. The operation takes only 2-3 seconds to complete and is recommended when you are recreating virtual disks. A background initialization starts five minutes after the Fast Initialization is completed. Full or slow initialization The full initialization (also called slow initialize) operation initializes all physical disks included in the virtual disk.
Edit Disk capacity Online Capacity Expansion (OCE) allows you to increase the storage capacity of selected RAID levels while the system remains online. The controller redistributes the data on the array(called Reconfiguration), placing new space available at the end of each RAID array.
Table 55.
● Edit Cache Policy — You can change the cache policy for the following options: ○ Read Policy — Following values are available for selection: ■ Adaptive Read Ahead — Indicates that for the given volume, the control uses the Read-Ahead cache policy if the two most recent disks accesses occurred in sequential sectors. If the read requests are random, the controller returns to No Read Ahead mode. ■ No Read Ahead — Indicates that for the given volume, no read ahead policy is used.
To cancel the consistency check: racadm storage cancelcheck: ● To encrypt virtual disks: racadm storage encryptvd: ● To assign or unassign dedicated hot spares: racadm storage hotspare: -assign
Table 56. RAID Configuration Features (continued) Feature RACADM Command FQDD> -vd Unlock Foreign Configuration racadm storage unlock: -key -passwd Description redundancy is selected as the boot device, and also has the operating system installed on it. This feature is used to authenticate locked drives which have a different source controller encryption than the destination.
● The physical disk is included in a virtual disk that is undergoing one of the following: ○ A rebuild ○ A reconfiguration or reconstruction ○ A background initialization ○ A check consistency In addition, the Patrol Read operation suspends during heavy I/O activity and resumes when the I/O is complete. NOTE: For more information on how often the Patrol Read operation runs when in auto mode, see the respective controller documentation.
1. Local Key Management (LKM) System - LKM is used to generate the key ID and the password or key required to secure the virtual disk. If you are using LKM, you must create the encryption key by providing the Security Key Identifier and the Passphrase. 2. Secure Enterprise Key Manager (SEKM) - This feature is used to generate the key using the Key Management Server (KMS). If you are using SEKM, you must configure iDRAC with KMS information as well as SSL related configuration.
● To specify the percentage of the controller's resources dedicated to perform the background initialization (BGI) of a virtual disk after it is created, useStorage.Controller.BackgroundInitializationRate object ● To specify the percentage of the controller's resources dedicated to reconstruct a disk group after adding a physical disk or changing the RAID level of a virtual disk residing on the disk group, use Storage.Controller.
● The drive state of a physical disk can change from the time the foreign configuration is scanned to when the actual import occurs. The foreign import occurs only on drives that are in the Unconfigured Good state. ● Drives in the failed or offline state cannot be imported. ● The firmware does not allow you to import more than eight foreign configurations.
Clearing foreign configuration using RACADM To clear foreign configuration: racadm storage clearconfig: For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals. Resetting controller configuration You can reset the configuration for a controller. This operation deletes virtual disk drives and unassigns all hot spares on the controller. It does not erase any data other than removing the disks from the configuration.
○ On controller reset ○ When unconfigured disks are hot-inserted NOTE: Creating or importing RAID 5, 6, 50, or 60 virtual disks is not supported. Also, in enhanced HBA mode, non-RAID disks are enumerated first in ascending order, while RAID volumes are enumerated in descending order. Before you change the mode of the controller from RAID to HBA, ensure that: ● The RAID controller supports the controller mode change.
Switching the controller mode using RACADM To switch the controller mode using RACADM, run the following commands. ● To view the current mode of the controller: $ racadm get Storage.Controller.1.RequestedControllerMode[key=] The following output is displayed: RequestedControllerMode = NONE ● To set the controller mode as HBA: $ racadm set Storage.Controller.1.
SMART performs predictive failure analysis on each disk and sends alerts if a disk failure is predicted. The controllers check physical disks for failure predictions and, if found, pass this information to iDRAC. iDRAC immediately logs an alert. Controller operations in non-RAID mode or HBA mode If ● ● ● the controller is in non-RAID mode (HBA mode), then: Virtual disks or hot spares are not available. Security state of the controller is disabled. All physical disks are in non-RAID mode.
Managing PCIe SSDs Peripheral Component Interconnect Express (PCIe) solid-state device (SSD) is a high-performance storage device designed for solutions requiring low latency, high Input Output Operations per Second (IOPS), and enterprise class storage reliability and serviceability. The PCIe SSD is designed based on Single Level Cell (SLC) and Multi-Level Cell (MLC) NAND flash technology with a high-speed PCIe 2.0, PCIe 3.0, or PCIe 4.0 compliant interface.
Inventorying and monitoring PCIe SSDs using RACADM Use the racadm storage get controllers: command to inventory and monitor PCIe SSDs. To view all PCIe SSD drives: racadm storage get pdisks To view PCIe extender cards: racadm storage get controllers To view PCIe SSD backplane information: racadm storage get enclosures NOTE: For all the mentioned commands, PERC devices are also displayed. For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.
NOTE: Ensure that iSM is installed and running to perform the preparetoremove operation. 4. From the Apply Operation Mode drop-down menu, select Apply Now to apply the actions immediately. If there are jobs to be completed, then this option is grayed-out. NOTE: For PCIe SSD devices, only the Apply Now option is available. This operation is not supported in staged mode. 5. Click Apply. If the job is not created, a message indicating that the job creation was not successful is displayed.
2. From the Controller drop-down menu, select the controller to view the associated PCIe SSDs. 3. From the drop-down menus, select Cryptographic Erase for one or more PCIe SSDs. If you have selected Cryptographic Erase and you want to view the other options in the drop-down menu, then select Action and then click the drop-down menu to view the other options. 4.
controllers. In this mode, virtual disk creation only displays the drives connected to a particular controller. There are no licensing requirements for this feature. This feature is supported only on a few systems. Backplane supports the following modes: ● Unified mode —This is the default mode. The primary PERC controller has access to all the drives connected to the backplane even if a second PERC controller is installed.
● Split Mode 8:16 ● Split Mode 16:8 ● Split Mode 20:4 NOTE: For C6420, the available modes are: Split Mode and Split Mode-6:6:6:6. Few values may be only supported on certain platforms. For R740xd and R940, power cycle of the server is needed to apply the new backplane zone and for C6420, A/C cycle (of the blade chassis) to apply the new backplane zone. 5. Click Add to Pending Operations. A job ID is created. 6. Click Apply Now. 7.
where, JID_xxxxxxxx is the job ID from step 6. The status is displayed as Pending. Continue to query the job ID until you view the Completed status (this process may take up to three minutes). 8. Run the following command to view the backplanerequestedmode attribute value: racadm get storage.enclosure.1.backplanerequestedmode The output is: BackplaneRequestedMode=SplitMode 9. Run the following command to cold reboot the server: racadm serveraction powercycle 10.
Setting SGPIO mode The storage controller can connect to the backplane in I2C mode (default setting for Dell backplanes) or Serial General Purpose Input/Output (SGPIO) mode. This connection is required for blinking LEDs on the drives. Dell PERC controllers and backplane support both these modes. To support certain channel adapters, the backplane mode must be changed SGPIO mode. The SGPIO mode is only supported for passive backplanes.
Choosing operation mode using web interface To select the operation mode to apply the settings: 1. You can select the operation mode on when you are on any of the following pages: ● ● ● ● Storage Storage Storage Storage > > > > Physical Disks . Virtual Disks Controllers Enclosures 2. Select one of the following from the Apply Operation Mode drop-down menu: ● Apply Now — Select this option to apply the settings immediately. This option is available for PERC 9 controllers only.
NOTE: ● Pending operations are created for import foreign configuration, clear foreign configuration, security key operations, and encrypt virtual disks. But, they are not displayed in the Pending Operations page and in the Pending Operations pop-up message. ● Jobs for PCIe SSD cannot be created from the Pending Operations page 3. To delete the pending operations for the selected controller, click Delete All Pending Operations. 4.
○ Click the View Pending Operations link to view the pending operations for the device. ○ Click Create Job to create job for the selected device. If the job is created successfully, a message indicating that the job ID is created for the selected device is displayed. Click Job Queue to view the progress of the job in the Job Queue page. If the job is not created, a message indicating that the job creation was not successful is displayed. Also, the message ID and the recommended response action is displayed.
1. In the iDRAC Web interface, go to any of the following pages as per your requirement: ● Storage > Overview > Physical Disks > Status– Displays the identified Physical Disks page where you can blink or unblink the physical disks and PCIe SSDs. ● Storage > Overview > Virtual Disks > Status- Displays the identified Virtual Disks page where you can blink or unblink the virtual disks. 2.
19 BIOS Settings You can view multiple attributes, which are being used for a specific server under the BIOS Settings. You can modify different parameters of each attribute from this BIOS configuration setting. Once you select one attribute, it shows different parameters which are related to that specific attribute. You can modify multiple parameters of an attribute and apply changes before modifying a different attribute.
Delete All Pending Values Delete All pending Values button is enabled only when there are pending values based on the recent configuration changes. In case, user decides not to apply the configuration changes, user can click Delete All Pending Values button to terminate all the modifications. In case, the request fails to remove the BIOS attributes, it throws an error with corresponding HTTP Response Status code mapped to SMIL API error or Job Creation error.
BIOS Recovery and Hardware Root of Trust (RoT) For PowerEdge server, it is mandatory to recover from corrupted or damaged BIOS image either due to malicious attack or power surges or any other unforeseeable events. An alternate reserve of BIOS image would be necessary to recover BIOS in order to bring the PowerEdge server back to functional mode from unbootable mode. This alternative/recovery BIOS is stored in a 2nd SPI (mux'ed with primary BIOS SPI).
20 Configuring and using virtual console iDRAC has added an enhanced HTML5 option in vConsole which allows vKVM (virtual Keyboard, Video, and Mouse) over standard VNC client. You can use the virtual console to manage a remote system using the keyboard, video, and mouse on your management station to control the corresponding devices on a managed server. This is a licensed feature for rack and tower servers. It is available by default in blade servers.
Table 57. Keyboard Macros Supported by ActiveX and Java plug-ins (continued) MAC Client Win Client Linux Client Alt-SysRq - - SysRq - - PrtScrn - - Alt-PrtScrn - - Pause - - NOTE: For keyboard macros supported in HTML plug-in, see the section HTML5 based virtual console. NOTE: The number of active virtual-console sessions displayed in the web interface is only for active web-interface sessions. This number does not include sessions from other interfaces such as SSH and RACADM.
console supports 1920x1200 resolution. If the monitor attached supports lower max resolution (like many KVMs), the virtual console max resolution is limited. Maximum virtual console resolutions based on monitor display ratio: ● 16:10 monitor: 1920x1200 will be the max resolution ● 16:9 monitor: 1920x1080 will be the max resolution When a physical monitor is not connected to either VGA port on the server, the OS installed will dictate the available resolutions for virtual console.
Before launching the Virtual Console, make sure that: ● You have administrator privileges. ● Web browser is configured to use HTML5, eHTML5, Java, or ActiveX plug-ins. ● Minimum network bandwidth of 1 MB/sec is available. NOTE: If the embedded video controller is disabled in BIOS and if you launch the Virtual Console, the Virtual Console Viewer is blank.
Disabling warning messages while launching virtual console or virtual media using Java or ActiveX plug-in You can disable the warning messages while launching the Virtual Console or Virtual Media using Java plug-in. NOTE: You need Java 8 or later to use this feature and to launch iDRAC Virtual Console over an IPv6 network. 1. Initially, when you launch Virtual Console or Virtual Media using Java plug-in, the prompt to verify the publisher is displayed. Click Yes.
● From iDRAC Virtual Console page, click Start the Virtual Console link. ● From iDRAC login page, type https///console. This method is called as Direct Launch. In ● ● ● ● ● ● ● ● ● ● the eHTML5 virtual console, the following menu options are available: Power Boot Chat Keyboard Screen Capture Refresh Full Screen Disconnect Viewer Console Controls Virtual Media The Pass all keystrokes to server option is not supported on eHTML5 virtual console.
■ - SysRq - Alt+SysRq - Win-P Aspect Ratio — The eHTML5 virtual console video image automatically adjusts the size to make the image visible. The following configuration options are displayed as a drop-down list: - Maintain - Don’t Maintain Click Apply to apply the selected settings on the server. ■ Touch Mode — The eHTML5 virtual console supports the Touch Mode feature.
● Safari 13.1.1 NOTE: It is recommended to have Mac OS version 10.10.2 (or onward) installed in the system. For more details on supported browsers and versions, see the iDRAC Release Notes available at https://www.dell.com/ idracmanuals. HTML5 based virtual console NOTE: While using HTML5 to access virtual console, the language must be consistent across client and target keyboard layout, OS, and browser. For example, all must be in English (US) or any of the supported languages.
■ Alt+F4 ■ Alt+F5 ■ Alt+F6 ■ Alt+F7 ■ Alt+F8 ■ Alt+F9 ■ Alt+F10 ■ Alt+F11 ■ Alt+F12 ■ PrntScrn ■ Alt+PrntScrn ■ F1 ■ Pause ■ Tab ■ Ctrl+Enter ■ SysRq ■ Alt+SysRq ■ Win-P ○ Aspect Ratio — The HTML5 virtual console video image automatically adjusts the size to make the image visible. The following configuration options are displayed as a drop-down list: ■ Maintain ■ Don’t Maintain Click Apply to apply the selected settings on the server.
○ Relative, no acceleration ○ Relative (RHEL, earlier versions of Linux) ○ Linux RHEL 6.x and SUSE Linux Enterprise Server 11 or later Click Apply to apply the selected settings on the server. ● Virtual Media — Click Connect Virtual Media option to start the virtual media session. when the virtual media is connected, you can see the options like Map CD/DVD, Map Removable Disk, and Reset USB. NOTE: For security reasons read/write access is disabled while accessing virtual console in HTML5.
Passing all keystrokes through virtual console for Java or ActiveX plug-in You can enable the Pass all keystrokes to server option and send all keystrokes and key combinations from the management station to the managed system through the Virtual Console Viewer. If it is disabled, it directs all the key combinations to the management station where the Virtual Console session is running.
managed system. However, if Pass All Keys is enabled, then the Start menu is opened only on the managed system and not on the management station. ● When Pass All Keys is disabled, the behavior depends on the key combinations pressed and the special combinations interpreted by the operating system on the management station.
5. Use the magic key to enable the SysRq function. For example, the following command reboots the server: echo b > /proc/sysrq-trigger NOTE: You do not have to run break sequence before using the magic SysRq keys.
21 Using iDRAC Service Module The iDRAC Service Module is a software application that is recommended to be installed on the server (it is not installed by default). It complements iDRAC with monitoring information from the operating system. It complements iDRAC by providing additional data to work with iDRAC interfaces such as the Web interface, Redfish, RACADM, and WSMan.
NOTE: The installer will be available to the host operating system for 30 minutes. If you do not start the installation within 30 minutes, you must restart the Service Module installation. Installing iDRAC Service Module from iDRAC Enterprise 1. On the SupportAssist Registration wizard, click Next. 2. On the iDRAC Service Module Setup page, click Install Service Module. 3. Click Launch Virtual Console and click Continue on the security warning dialog box. 4.
iDRAC. By default, this monitoring feature is enabled. It is not disabled if OpenManage Server Administrator is installed on the host OS. In iSM version 2.0 or later, the operating system information feature is amended with the OS network interface monitoring. When iDRAC Service Module version 2.0 or later is used with iDRAC 2.00.00.00, it starts monitoring the operating system network interfaces. You can view this information using iDRAC web interface, RACADM, or WSMan.
AttributeName WSMAN-Class Privilege License Read Privileges:Login Password DCIM_iDRACCardS Write Privileges: tring ConfigUsers, Login DCIM_iDRACCardI nteger Write Privileges: ConfigUsers, Login Supported Operation Users.1#UserName to Users.16#UserNam e Basic Users.1#Password Enum, Get, Invoke to Users.16#Password Basic Users.1#Password Enum, Get, Invoke to Users.
NOTE: A provider, ismserviceprovider, has been registered in the Windows Management Instrumentation namespace Root\CIMV2\DCIM to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. ● Linux iSM provides an executable command on all iSM supported Linux operating system. You can run this command by logging into the operating system by using SSH or equivalent.
○ Using the remote WMI interface: winrm i EnableInBandSNMPTraps wmi/root/cimv2/dcim/DCIM_iSMService? InstanceID="iSMExportedFunctions" @{state="[0/1]"} -u: -p: -r:http:///WSMan -a:Basic -encoding:utf-8 -skipCACheck –skipCNCheck ● Linux operating system On all iSM supported Linux operating system, iSM provides an executable command. You can run this command by logging into the operating system by using SSH or equivalent. Beginning with iSM 2.4.
You can install this feature by using the web-pack. This feature is disabled on a typical iSM installation. If enabled, the default listening port number is 1266. You can modify this port number within the range 1024 through 65535. iSM redirects the connection to the iDRAC. iSM then creates an inbound firewall rule, OS2iDRAC. The listening port number is added to the OS2iDRAC firewall rule in the host operating system, which allows incoming connections.
IP range in format. Example: 10.95.146.98/24 Coexistence of OpenManage Server Administrator and iDRAC Service Module In a system, both OpenManage Server Administrator and the iDRAC Service Module can co-exist and continue to function correctly and independently.
22 Using USB port for server management On the 14th generation servers, a dedicated micro USB port is available to configure iDRAC. You can perform the following functions using the micro USB port: ● Connect to the system using the USB network interface to access system management tools such as iDRAC web interface and RACADM. ● Configure a server by using SCP files that are stored on a USB drive.
3. Wait for the laptop to acquire IP address 169.254.0.4. It may take several seconds for the IP addresses to be acquired. iDRAC acquires the IP address 169.254.0.3. 4. Start using iDRAC network interfaces such as the web interface, RACADM, Redfish or WSMan. For example, to access the iDRAC web interface, open a supported browser, and type the address 169.254.0.3 and press enter. 5. When iDRAC is using the USB port, the LED blinks indicating activity. The blink frequency is four per second. 6.
For information about the fields, see the iDRAC Online Help. NOTE: iDRAC9 allows you to password protect the compressed file after you select Enabled only for compressed configuration files to compress the file before importing. You can enter a password to secure the file by using Password for Zip file option. 4. Click Apply to apply the settings.
Example of control.
LCD messages If the LCD panel is available, it displays the following messages in a sequence: 1. Importing – When the server configuration profile is being copied from the USB device. 2. Applying — When the job is in-progress. 3. Completed — When the job has completed successfully. 4. Completed with errors — When the job has completed with errors. 5. Failed — When the job has failed. For more details, see the results file on the USB device.
23 Using Quick Sync 2 With Dell OpenManage Mobile running on an Android or iOS mobile device, you can easily access server directly or through OpenManage Essentials or OpenManage Enterprise (OME) console. It allows you to review server details and inventory, view LC and System Event logs, get automatic notifications on mobile device from an OME console, assign IP address and modify iDRAC password, configure key BIOS attributes, and take remediation actions as needed.
You must have Server Control privilege to configure the settings. A server reboot is not required for the settings to take effect. once configured, you can activate the Quick Sync 2 button on the Left Control Panel. Make sure the Quick Sync light turns on. Then, access the Quick Sync Information via a mobile device. An entry is logged to the Lifecycle Controller log when the configuration is modified. Configuring iDRAC Quick Sync 2 settings using web interface To configure iDRAC Quick Sync 2: 1.
24 Managing virtual media iDRAC provides virtual media with HTML5 based client with local ISO and IMG file, remote ISO and IMG file support. Virtual media allows the managed server to access media devices on the management station or ISO CD/DVD images on a network share as if they were devices on the managed server. You need iDRAC Configure privilege to modify the configuration.
• • • • • Supported drives and devices Configuring virtual media Accessing virtual media Setting boot order through BIOS Enabling boot once for virtual media Supported drives and devices The following table lists the drives supported through virtual media. Table 60.
Attached media state and system response The following table describes the system response based on the Attached Media setting. Table 61. Attached media state and system response Attached Media State System Response Detach Cannot map an image to the system. Attach Media is mapped even when Client View is closed. Auto-attach Media is mapped when Client View is opened and unmapped when Client View is closed.
1. In the iDRAC web Interface, go to Configuration > Virtual Media. 2. Click Connect Virtual Media. Alternatively, you can also launch the Virtual Media by following these steps: 1. Go to Configuration > Virtual Console. 2. Click Launch Virtual Console. The following message is displayed: Virtual Console has been disabled. Do you want to continue using Virtual Media redirection? 3. Click OK. The Virtual Media window is displayed. 4. From the Virtual Media menu, click Map CD/DVD or Map Removable Disk.
1. On the iDRAC web interface, go to Configuration > Virtual Media. 2. Click Mount Drivers. 3. Select the OS from the pop-up window and click Mount Drivers. NOTE: The Expose duration is 18 hours by default. To unmount the drivers post completion of the mount: 1. Go to Configuration > Virtual Media. 2. Click Unmount Drivers. 3. Click OK on the pop-up window. NOTE: The Mount Drivers option may not be displayed if the driver pack is not available on the system.
If image is created in a different location, when you select Map Removable Disk, the created image is not available for selection in the drop-down menu. Click Browse to specify the image. NOTE: ● Read only option will be grayed out in ehtml5 based JAVA removable media. ● Floppy emulation is not supported in ehtml5 plugin. 4. Select Read-only to map writable devices as read-only. For CD/DVD devices, this option is enabled by default and you cannot disable it.
5. Click OK, navigate back to System BIOS Settings page, and click Finish. 6. Click Yes to save the changes and exit. The managed system reboots. The managed system attempts to boot from a bootable device based on the boot order. If the virtual device is connected and a bootable media is present, the system boots to the virtual device. Otherwise, the system overlooks the device—similar to a physical device without bootable media.
25 Managing vFlash SD card NOTE: vFlash is supported on AMD platform servers. The vFlash SD card is a Secure Digital (SD) card that can be ordered and installed from the factory. You can use a card with a maximum of 16 GB capacity. After you insert the card, you must enable vFlash functionality to create and manage partitions. vFlash is a licensed feature. NOTE: There is no limitation of the size of SD card, you can open and replace the factory installed SD card with a higher capacity SD card.
Viewing vFlash SD card properties using web interface To view the vFlash SD card properties, in the iDRAC Web interface, go to Configuration > System Settings > Hardware Settings > vFlash. The Card Properties page is displayed. For information about the displayed properties, see the iDRAC Online Help. Viewing vFlash SD card properties using RACADM To ● ● ● ● ● view the vFlash SD card properties using RACADM, use the get command with the following objects: iDRAC.vflashsd.AvailableSize iDRAC.vflashsd.
Enabling or disabling vFlash functionality using iDRAC settings utility To enable or disable the vFlash functionality: 1. In the iDRAC Settings utility, go to Media and USB Port Settings. The iDRAC Settings . Media and USB Port Settings page is displayed. 2. In the vFlash Media section, select Enabled to enable vFlash functionality or select Disabled to disable the vFlash functionality. 3. Click Back, click Finish, and then click Yes. The vFlash functionality is enabled or disabled based on the selection.
4. To get the last status of a particular partition, use command:racadm vflashpartition status -i (index) NOTE: If iDRAC is reset, the status of the last partition operation is lost. Managing vFlash partitions You can perform the following using the iDRAC Web interface or RACADM: NOTE: An administrator can perform all operations on the vFlash partitions. Else, you must have Access Virtual Media privilege to create, delete, format, attach, detach, or copy the contents for the partition.
Creating an empty partition using RACADM To create an empty partition: 1. Log in to the system using SSH or Serial console. 2. Enter the command: racadm vflashpartition create -i 1 -o drive1 -t empty -e HDD -f fat16 -s [n] where [n] is the partition size. By default, an empty partition is created as read-write. If the share is not configured using Username / Password, you need to specify the parameters as -u anonymous -p anonymous .
1. Log in to the system using SSH or Serial console. 2. Enter the command racadm vflashpartition create –i 1 –o drive1 –e HDD –t image –l //myserver/ sharedfolder/foo.iso –u root –p mypassword By default, the created partition is read-only. This command is case sensitive for the image file name extension. If the file name extension is in upper case, for example FOO.ISO instead of FOO.iso, then the command returns a syntax error. NOTE: This feature is not supported in local RACADM.
2. Enter the following commands: ● To list all existing partitions and its properties: racadm vflashpartition list ● To get the status of operation on partition 1: racadm vflashpartition status -i 1 ● To get the status of all existing partitions: racadm vflashpartition status -a NOTE: The -a option is valid only with the status action. Modifying a partition You can change a read-only partition to read-write or vice-versa.
Attaching or detaching partitions When you attach one or more partitions, they are visible to the operating system and BIOS as USB mass storage devices. When you attach multiple partitions, based on the assigned index, they are listed in an ascending order in the operating system and the BIOS boot order menu. If you detach a partition, it is not visible in the operating system and the BIOS boot order menu. When you attach or detach a partition, the USB bus in the managed system is reset.
● ● ● ● The vFlash functionality is enabled. The card is not write-protected. The partition is not attached. An initialize operation is not being performed on the card. Deleting existing partitions using web interface To delete an existing partition: 1. In the iDRAC Web interface, go to Configuration > System Settings > Hardware Settings > vFlash > Manage. The Manage Partitions page is displayed. 2. In the Delete column, click the delete icon for the partition that you want to delete.
● The vFlash partition contains a bootable image (in the .img or .iso format) to boot from the device. ● The vFlash functionality is enabled. ● You have Access Virtual Media privileges. Booting to a partition using web interface To set the vFlash partition as a first boot device, see Booting to a partition using web interface on page 318. NOTE: If the attached vFlash partition(s) are not listed in the First Boot Device drop-down menu, make sure that the BIOS is updated to the latest version.
26 Using SMCLP NOTE: SMCLP is only supported in iDRAC versions earlier than 4.00.00.00. The Server Management Command Line Protocol (SMCLP) specification enables CLI-based systems management. It defines a protocol for management commands transmitted over standard character oriented streams. This protocol accesses a Common Information Model Object Manager (CIMOM) using a human-oriented command set.
where, y is an alpha-numeric character such as M (for blade servers), R (for rack servers), and T (for tower servers) and x is a number. This indicates the generation of Dell PowerEdge servers. NOTE: Scripts using -$ can use these for yx1x systems, but starting with yx2x systems one script with admin-> can be used for blade, rack, and tower servers. iDRAC SMCLP syntax The iDRAC SMCLP uses the concept of verbs and targets to provide systems management capabilities through the CLI.
Table 63.
Table 63.
Table 63. SMCLP targets (continued) Target admin1/system1/sp1/rolesvc3/Role1-3/ privilege1 Definitions CLP role privilege Navigating the map address space Objects that can be managed with SM-CLP are represented by targets arranged in a hierarchical space called the Manageability Access Point (MAP) address space. An address path specifies the path from the root of the address space to an object in the address space. The root target is represented by a slash (/) or a backslash (\).
show -l all -output format=clpxml /admin1/system1/logs1/log1 Usage examples This section provides use case scenarios for SMCLP: ● Server power management on page 324 ● SEL management on page 324 ● Map target navigation on page 325 Server power management The following examples show how to use SMCLP to perform power management operations on a managed system.
EnabledState = 2 OperationalState = 2 HealthState = 2 Caption = IPMI SEL Description = IPMI SEL ElementName = IPMI SEL Commands: cd show help exit version ● To view the SEL record: show/system1/logs1/log1 The following output is displayed: /system1/logs1/log1/record4 Properties: LogCreationClassName= CIM_RecordLog CreationClassName= CIM_LogRecord LogName= IPMI SEL RecordID= 1 MessageTimeStamp= 20050620100512.
type cd . ● To move up one level: type cd ..
27 Deploying operating systems You can use any of the following utilities to deploy operating systems to managed systems: ● Remote File Share ● Console Topics: • • • Deploying operating system using remote file share Deploying operating system using virtual media Deploying embedded operating system on SD card Deploying operating system using remote file share Before you deploy the operating system using Remote File Share (RFS), make sure that: ● Configure User and Access Virtual Media privileges for iDRA
The connection status for RFS is available in iDRAC log. Once connected, an RFS-mounted virtual drive does not disconnect even if you log out from iDRAC. The RFS connection is closed if iDRAC is reset or the network connection is dropped. The Web interface and command-line options are also available in CMCOME Modular and iDRAC to close the RFS connection. The RFS connection from CMC always overrides an existing RFS mount in iDRAC. NOTE: ● CIFS and NFS supports both IPv4 and IPv6 addresses.
NOTE: The characters allowed in user names and passwords for network shares are determined by the network-share type. iDRAC supports valid characters for network share credentials as defined by the share type, except <, >, and , (comma). 4. Click Apply and then click Connect. After the connection is established, the Connection Status displays Connected. NOTE: Even if you have configured remote file sharing, the Web interface does not display user credential information due to security reasons.
● If Virtual Media is in Auto Attached mode, the Virtual Media application must be launched before booting the system. ● Network share contains drivers and operating system bootable image file, in an industry standard format such as .img or .iso. To deploy an operating system using Virtual Media: 1. Do one of the following: ● Insert the operating system installation CD or DVD into the management station CD or DVD drive. ● Attach the operating system image. 2.
28 Troubleshooting managed system using iDRAC You can diagnose and troubleshoot a remote managed system using: ● Diagnostic console ● Post code ● Boot and crash capture videos ● Last system crash screen ● System event logs ● Lifecycle logs ● Front panel status ● Trouble indicators ● System health Topics: • • • • • • • • • • • • • Using diagnostic console Viewing post codes Viewing boot and crash capture videos Viewing logs Viewing last system crash screen Viewing System status Hardware trouble indicators
● Click Reset iDRAC to Default Settings to reset the iDRAC to the default settings. After you click Reset iDRAC to Default Settings,Reset iDRAC to factory default window is displayed. This action reset the iDRAC to the factory defaults. Chose any of the following options: a. Preserve user and network settings. b. Discard all settings and reset users to the shipping value (root/shipping value). c. Discard all settings and reset username and password. 2. A warning message is displayed.
Viewing post codes Post codes are progress indicators from the system BIOS, indicating various stages of the boot sequence from power-on-reset, and allows you to diagnose any faults related to system boot-up. The Post Codes page displays the last system post code prior to booting the operating system. To view the Post Codes, go to Maintenance > Troubleshooting > Post Code. The Post Code page displays the system health indicator, a hexadecimal code, and a description of the code.
Viewing last system crash screen The last crash screen feature captures a screenshot of the most recent system crash, saves, and displays it in iDRAC. This is a licensed feature. To view the last crash screen: 1. Make sure that the last system crash screen feature is enabled. 2. In iDRAC Web interface, go to Overview > Server > Troubleshooting > Last Crash Screen. The Last Crash Screen page displays the last saved crash screen from the managed system. Click Clear to delete the last crash screen.
● ● ● ● Solid blue — No errors present on the managed system. Blinking blue — Identify mode is enabled (regardless of managed system error presence). Solid amber — Managed system is in failsafe mode. Blinking amber — Errors present on managed system. When the system is operating normally (indicated by blue Health icon on the LED front panel), then both Hide Error and UnHide Error is grayed-out. You can hide or unhide the errors only for rack and tower servers.
Restarting iDRAC You can perform a hard or soft iDRAC restart without turning off the server: ● Hard restart — On the server, press and hold the LED button for 15 seconds. ● Soft restart — Using iDRAC Web interface or RACADM. Reset to Custom Defaults (RTD) You can use Reset to Custom Defaults feature to upload a custom config file and RTD to the settings. The new settings are applied on top of preserving users and network settings.
Erasing system and user data NOTE: Erasing system and user data is not supported from iDRAC GUI.
Resetting iDRAC to factory default settings You can reset iDRAC to the factory default settings using the iDRAC Settings utility or the iDRAC Web interface. Resetting iDRAC to factory default settings using iDRAC web interface To reset iDRAC to factory default settings using the iDRAC Web interface: 1. Go to Maintenance > Diagnostics. The Diagnostics Console page is displayed. 2. Click Reset iDRAC to Default Settings. The completion status is displayed in percentage.
29 SupportAssist Integration in iDRAC SupportAssist allows you to create SupportAssist collections and utilize other SupportAssist features to monitor your system and datacenter. iDRAC provides an application interfaces for gathering platform information that enables support services to resolve platform and system problems.
Auto dispatch When a critical event is reported to Dell-EMC through iDRAC that is registered for SupportAssist, auto dispatch workflow may be initiated. This workflow is based on the event being forwarded and registered device SupportAssist warranty level. You must enter the Dispatch information during the SupportAssist registration process to enable auto dispatch workflow. If onsite support is required along with dispatch parts then select Parts Dispatch with Onsite Support.
Generating SupportAssist Collection For generating the OS and Application logs: ● iDRAC Service Module must be installed and running in Host Operating System. ● OS Collector, which comes factory installed in iDRAC, if removed must be installed in iDRAC. NOTE: SupportAssist Collection takes more than 10 minutes to complete when performed from OS/iDRAC while OMSA 10.1.0.0 is running with it.
NOTE: If Save to Network is selected, and no default location is available, the provided network details will be saved as default location for future collections. If default location already exist, then the collection will use the details specified once only. If Save to Network option is selected, the user provided network details is saved as defaults (if no prior network share location have been saved) for any future collections. 7. Click Collect to proceed with Collection generation. 8.
30 Frequently asked questions This section lists the frequently asked questions for the following: ● System Event Log ● Network security ● Active Directory ● Single Sign On ● Smart card login ● Virtual console ● Virtual media ● vFlash SD card ● SNMP authentication ● Storage devices ● iDRAC Service Module ● RACADM ● Miscellaneous Topics: • • • • • • • • • • • • • • • • • System Event Log Custom sender email configuration for iDRAC alerts Network security Telemetry streaming Active Directory Single Sign-On
Custom sender email configuration for iDRAC alerts Alert generated email is not from Custom sender email set on Cloud based email service. You need to register your cloud email through this process : Support.google.com. Network security While accessing the iDRAC Web interface, a security warning is displayed stating that the SSL certificate issued by the Certificate Authority (CA) is not trusted.
To diagnose the problem, on the Active Directory Configuration and Management page, click Test Settings. Review the test results and fix the problem. Change the configuration and run the test until the test user passes the authorization step. In general, check the following: ● While logging in, make sure that you use the correct user domain name and not the NetBIOS name. If you have a local iDRAC user account, log into iDRAC using the local credentials.
If Global Controller Address(es) is configured, iDRAC continues to query the Global Catalog. If additional privileges are retrieved from the Global Catalog, these privileges are accumulated. Does iDRAC always use LDAP over SSL? Yes. All the transportation is over secure port 636 and/or 3269. During test setting, iDRAC does a LDAP CONNECT only to isolate the problem, but it does not do an LDAP BIND on an insecure connection.
3. 4. 5. 6. 7. 8. 9. 10. 11. 12. Select Allow all, click OK, and close the Local Group Policy Editor window. Go to Start and run cmd. The command prompt window is displayed. Run the command gpupdate /force. The group policies are updated. Close the command prompt window. Go to Start and run regedit. The Registry Editor window is displayed. Navigate to HKEY_LOCAL_MACHINE > System > CurrentControlSet > Control > LSA . In the right-pane, right-click and select New > DWORD (32-bit) Value.
What privileges are required for an iDRAC user to turn on or turn off the local server video? Any user with iDRAC configuration privileges can turn on or turn off the local console. How to get the current status of the local server video? The status is displayed on the Virtual Console page. To display the status of the object iDRAC.VirtualConsole.AttachState, use the following command: racadm get idrac.virtualconsole.
You may see this message because the iDRAC Virtual Console plug-in is not receiving the remote server desktop video. Generally, this behavior may occur when the remote server is turned off. Occasionally, the message may be displayed due to a remote server desktop video reception malfunction. Why does Virtual Console Viewer window sometimes display an Out of Range message? You may see this message because a parameter necessary to capture video is beyond the range for which the iDRAC can capture the video.
Protocol (STP) enabled. In this case, it is recommended to enable "portfast" for the switch port connected to the server. In most cases, the Virtual Console restores itself. Launching Virtual Console with Java plug-in fails after the iDRAC firmware was updated. Delete the Java cache and then launch the virtual console. To enable console redirection using the web server port (443) racadm>>set iDRAC.VirtualConsole.
where, x: is the USB key that is required to be set as a bootable device. The Virtual Media is attached and connected to the remote floppy. But, cannot locate the Virtual Floppy/Virtual CD device on a system running Red Hat Enterprise Linux or the SUSE Linux operating system. How to resolve this? Some Linux versions do not auto-mount the virtual floppy drive and the virtual CD drive in the same method. To mount the virtual floppy drive, locate the device node that Linux assigns to the virtual floppy drive.
NOTE: In this case, the data transfer between managed server and iDRAC for Virtual Media and Virtual Console will not be secured. ● If you are using any Windows server operating systems, stop the Windows service named Windows Event Collector. To do this, go to Start > Administrative Tools > Services. Right-click Windows Event Collector and click Stop.
GPU (Accelerators) Accelerators section under CPU/Accelerators in iDRAC GUI is grayed out. Few pages in GUI may not show expected response when respective attribute is disabled in Redfish. iDRAC Service Module iSM details are missing / not updated correctly in iDRAC GUI page of some PowerEdge servers When a user adds SUB NIC under teaming, the configuration is invalid. This causes iSM to not to communicate with iDRAC properly.
Table 64. Example of a routing order (continued) Destination Gateway Genmask Flags Metric Ref Use Iface link-local 0.0.0.0 255.255.255.0 U 0 0 0 em1 link-local 0.0.0.0 255.255.255.0 U 0 0 0 enp0s20u12u3 In the example enp0s20u12u3 is the USB NIC interface. The link-local destination mask is repeated and the USB NIC is not the first one in the order. This results in the connectivity issue between iDRAC Service Module and iDRAC over the OS to iDRAC Pass-through.
Under Processor Settings, set NPS to 4 and CCX to auto Minimum 1 DIMM per channel IOmmu=passthrough on Linux OS RACADM After performing an iDRAC reset (using the racadm racreset command), if any command is issued, the following message is displayed. What does this indicate? ERROR: Unable to connect to RAC at specified IP address The message indicates that you must wait until the iDRAC completes the reset before issuing another command. When using RACADM commands and subcommands, some errors are not clear.
For information about the jumper location and the procedure, see the documentation for your server at https://www.dell.com/ support. Miscellaneous Upgrade fails when upgrading to the latest version. NOTE: 3.30.30.30 is the minimum iDRAC version required to upgrade to 4.00.00.00 / 4.10.10.10 of later build . After an iDRAC reset, iDRAC GUI may not display all the values.
How to find an iDRAC IP address for a blade server ? NOTE: The OME-Modular web interface option is applicable only for MX platforms. ● Using OME-Modular web interface: Go to Devices > Compute. Select the computer sled and iDRAC IP is displayed as Management IP. ● Using OMM Application: see the Dell EMC OpenManage Mobile User's Guide available at https://www.dell.
On the physical server, use the LCD panel navigation buttons to view the iDRAC IP address. Go to Setup View > View > iDRAC IP > IPv4 or IPv6 > IP. ● From OpenManage Server Administrator: In the Server Administrator web interface, go to Modular Enclosure > System/Server Module > Main System Chassis/ Main System > Remote Access. iDRAC network connection is not working. For blade servers: ● Ensure that the LAN cable is connected to CMC.
iDRAC on blade server is not responding during boot. Remove and reinsert the server. Check CMC (not for MX platforms), and OME Modular (Applicable for MX platforms) web interface to see if iDRAC is displayed as an upgradable component. If it does, follow the instructions in Updating firmware using CMC web interface on page 80 update the firmware. NOTE: Update feature not applicable for MX platforms. If the problem persists, contact technical support.
Figure 5. Configuring iDRAC interface to DHCP mode in Ubuntu Model, Manufacturer and other properties are not listing for Embedded Network Adapters in Redfish FRU details for embedded devices will not be displayed. There will not be any FRU object for devices which are embedded on Motherboard. Hence dependent property will not be there.
31 Use case scenarios This section helps you in navigating to specific sections in the guide to perform typical use case scenarios.
● In iDRAC Web interface, go to Overview > Summary to view the system information and access various links on this page to asses system health. For example, you can check the health of the chassis fan. ● You can also configure the chassis locator LED and based on the color, assess the system health. ● If iDRAC Service Module is installed, the operating system host information is displayed. Setting up alerts and configuring email alerts To set up alerts and configure email alerts: 1. Enable alerts. 2.
● Configuring active directory users ● Configuring generic LDAP users Launching servers remote console and mounting a USB drive To launch the remote console and mount a USB drive: 1. Connect a USB flash drive (with the required image) to the management station. 2. Use the following method to launch virtual console through the iDRAC Web Interface: ● Go to Dashboard > Virtual Console and click Launch Virtual Console. The Virtual Console Viewer is displayed. 3.
5. Import the SCP file to iDRAC.