Manualshelf

Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureSecurity Solution Resources
11121314151617181920
Technical support and resources
ID 483
3.5 Hardware Security
Hardware security is an integral part of any comprehensive security solution. Some customers want to limit
access to ports of entry, such as USB. A server chassis need not be opened in general after it has been put
into production, except for a part failure. Customers want to track and log any hardware security activities.
The goal is to alert on any unwanted physical intrusion.
3.5.1 Chassis Intrusion Alert
PowerEdge servers provide hardware intrusion detection and logging, with detection working even when no
AC power is available. Sensors on the chassis detect when anyone opens or tampers with the chassis, even
during transit. A server that has been opened while in transit generates an entry in the iDRAC Lifecycle log
after power is supplied.
3.5.2 Dynamic USB Port Management
For more security, all USB ports can be programmatically disabled. There is also an option to disable only the
USB ports on the front of the server. For example, USB ports can be disabled for production use and then
temporarily enabled to grant access to a crash cart for debugging purposes.
3.5.3 iDRAC Direct
iDRAC Direct is a special USB port that is hardwired to the iDRAC service processor. iDRAC Direct uses one
cable to connect to a data center crash cart. It allows a user to attach a standard Micro-AB USB cable to this
port and the other end (Type A) to a laptop. A standard web browser can then access iDRAC UI for extensive
debugging and management of the server. If iDRAC Enterprise or Datacenter license is installed, the user can
also access the operating system using the iDRAC Virtual Console feature.
iDRAC Direct requires valid credentials and works as a secure crash cart with the advantage of extensive
hardware management and service diagnostics. For added physical security in remote locations, host USB
ports and VGA outputs can be disabled, while iDRAC Direct remains functional.
3.5.4 iDRAC Connection View with Geolocation
Connection View provides the ability for iDRAC to report the external switches and ports that are connected to
Server I/O. It is a feature on select networking devices and requires Link Layer Discovery Protocol (LLDP) be
enabled on the switches connected.
Some of the benefits of Connection View are:
o Remotely and quickly check if server I/O modules (LOMs, NDCs, and add-in PCIe cards) are
connected to the correct switches and ports
o Avoid costly remote dispatch of technicians to remediate wiring errors
o No more tracing of cables in the server room hot aisles
o Can be done using the UI, or RACADM commands can provide information for all 14G connections
Beyond the obvious time and monetary savings, there is an additional benefit Connection View provides
providing real time geolocation of a physical server or virtual machine. IT admins can iDRAC Connection View
to pinpoint which switch and port a server is connected to. This detail helps in securing servers from being
connected to networks and devices that do not comply with corporate security guidelines or best practices.