Manualshelf

Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureSecurity Solution Resources
21222324252627282930
Technical support and resources
ID 483
4 Detect
It is critical to have a detection capability that provides complete visibility into the configuration, health status,
and change events within a server system. This visibility must also detect malicious or other changes to
BIOS, firmware, and Option ROMs within the boot and operating system runtime process. Proactive polling
must be coupled with the ability to send alerts for any events within the system. Logs must provide complete
information about access and changes to the server. Most importantly, the server must extend these
capabilities to all components.
4.1 Comprehensive Monitoring using iDRAC
Rather than depending upon operating system agents to communicate with managed resources in a server,
iDRAC employs a direct side-band path to each device. Dell EMC uses industry standard protocols such as
MCTP, NC-SI, and NVMe- MI. These protocols communicate to peripheral devices such as PERC RAID
controllers, Ethernet NICs, Fibre Channel HBAs, SAS HBAs, and NVMe drives. This architecture is the result
of lengthy, multi-year partnerships with industry-leading vendors to provide agent-free device management in
PowerEdge servers. Configuration and firmware update operations also leverage the powerful UEFI and HII
features that Dell EMC and partners support.
With this capability, iDRAC can monitor the system for configuration events, intrusion events (such as chassis
intrusion detection mentioned earlier in this paper), and health changes. Configuration events are tied directly
to the identity of the user that initiated the change, whether it is from a UI, API, or console.
4.1.1 Lifecycle Log
Lifecycle log is a collection of events that occur in a server over a period. Lifecycle log provides a description
of events with timestamps, severity, user ID or source, and recommended actions. This technical information
aids in security tracking and other hardware alerts.
The following are the various types of information that is recorded in the Lifecycle Log (LCL) are:
o Configuration Changes on the system hardware components
o iDRAC, BIOS, NIC, and RAID configuration changes
o Logs of all the remote operations
o Firmware update history based on device, version, and date
o Information about replaced parts
o Information about failed parts
o Event and error message IDs
o Host power-related events
o POST errors
o User login events
o Sensor state change events