DellメーカーIDRAC6の使用説明書/サービス説明書
ページ先へ移動 of 370
Integrated Dell Remote Access Controller 6 (iDRAC6) V ersion 1.5 User Guide.
Notes and Cautions NOTE: A NOTE indicates important information that helps you make b etter use of your computer . CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. ___________________ Information in this publication is subject to change without notice.
Contents 3 Contents 1 iDRAC6 Overview . . . . . . . . . . . . . . . . . . . 19 iDRAC6 Express Management Features . . . . . . . . . 19 iDRAC6 Enterprise and vFlash Media . . . . . . . . . . 21 Supported Platforms . . . . . . . . . . . . . . . . . . . 25 Supported Operating Sy stems .
4 Contents Configuring iDRAC6 . . . . . . . . . . . . . . . . . 36 Installing the Software on the Managed Sy stem . . . . 37 Installing the Software on the Management Station . . . . . . . . . . . . . . . . . . . 37 Installing and Removing RACADM on a Linux Management Station .
Contents 5 Logging Out . . . . . . . . . . . . . . . . . . . . . 48 Using Multiple Browser T abs and Windows . . . . 48 Configuring the iDRAC6 NIC . . . . . . . . . . . . . . . 49 Configuring the Network and IPMI LAN Settings . . . . . . . . . . . . .
6 Contents Remote File Share . . . . . . . . . . . . . . . . . . . . 82 Internal Dual SD Module . . . . . . . . . . . . . . . . . 84 Viewing Inte rnal Dual SD Modu le Status Using GUI . . . . . . . . . . . . . . . . . . 85 5 Advanced iDRAC6 Configuration .
Contents 7 Configuring Serial and T erminal Modes . . . . . . . . 106 Configuring IPMI and iDRAC6 Serial . . . . . . . . 106 Configuring T erminal Mode . . . . . . . . . . . . . 108 Configuring the iDRA C6 Network Settings . . . . . . . 109 Accessing the iDRA C6 Through a Network .
8 Contents Uploading, Viewing, and Dele ting SSH Key s Using the iDRAC6 W eb-Based Interface . . . . . . . . . . . . . . . 136 Uploading, Viewing, and Dele ting SSH Key s Using RACADM . . . . . . . . . . . . 138 Using the RACADM Utility to Configure iDRAC6 Users .
Contents 9 Configuring Extended Schema Active Directory to Access Y our iDRAC6 . . . . . . . . . . . . 152 Extending the Active Directory Schema . . . . . . 153 Installing Dell Extension to Microsoft Active Directory Users and Computers Snap-In . . . .
10 Contents 8 Configuring iDRAC6 for Single Sign-On or Smart Card Login . . . . . . . . 187 About Kerberos Authentication . . . . . . . . . . . . 187 Prerequisites for Active Directory SSO and Smart Card Authentication . . . . . . . . . . 188 Using Microsoft Active Directory SSO .
Contents 11 Internet Explorer Browser Configurations for ActiveX based V irtual Console and Virtual Media Applications . . . . . . . . . . . . . 207 Supported Screen Resolutions and Refresh Rates . . . . . . . . . . . . . . . . . 208 Configuring V irtual Console in the iDRAC6 W eb Interface .
12 Contents 12 Deploying Y our Operating Sy stem Using VMCLI . . . . . . . . . . . . . . . 239 Before Y ou Begin . . . . . . . . . . . . . . . . . . . . 239 Remote Sy stem Requirements . . . . . . . . . . 239 Network Requirements . . . . . . . . . . .
Contents 13 14 Configuring and Using V irtual Media . . . . . . . . . . . . . . . . . . . . 255 Overview . . . . . . . . . . . . . . . . . . . . . . . . . 255 Windows-Based Management Station . . . . . . 256 Linux-Based Management Station . . . . . . .
14 Contents Managing vFlash Partitions Using iDRAC6 W eb Interface . . . . . . . . . . . . . . . . . 274 Creating an Empty Partition . . . . . . . . . . . . 274 Creating a Partition Using an Image File . . . . . 276 Formatting a Partition . . . . . . .
Contents 15 Using the W eb-Based Interface . . . . . . . . . . 291 Using RACADM . . . . . . . . . . . . . . . . . . . 292 Viewing Power Budget . . . . . . . . . . . . . . . . . 293 Using the W eb Interface . . . . . . . . . . . . . . 293 Using RACADM .
16 Contents LAN User Configuration . . . . . . . . . . . . . . 311 Reset to Default . . . . . . . . . . . . . . . . . . 311 Sy stem Event Log Menu . . . . . . . . . . . . . 314 Exiting the iDRAC6 Configuration Utility . . . . . 314 18 Monitoring and Alert Management .
Contents 17 Selecting Power Control Actions from the iDRAC6 CLI . . . . . . . . . . . . . . . . 326 Viewing Sy stem Information . . . . . . . . . . . . . . . 326 Main Sy stem Chassis . . . . . . . . . . . . . . . . 327 Remote Access Controller . . . .
18 Contents Chassis Intrusion Probes . . . . . . . . . . . . . . . 341 Power Supplies Probes . . . . . . . . . . . . . . . . 342 Removable Flash Media Probes . . . . . . . . . . . . 342 Power Monitoring Probes . . . . . . . . . . . . . . . 342 T emperature Probe .
iDRAC6 Overview 19 1 iDRAC6 Overview Integrated Dell Remote Access Co ntroller6 (iDRAC6) is a systems ma n ag em e nt ha rd wa re an d so ft wa re so lu t io n th at p ro v id es rem o t e management capabilities , crashed system r ecovery , and power control functions for the Dell P owerEdge systems.
20 iDRAC6 Overview • P rovides support for Microsoft Ac tive Dir ectory authentication — Centralizes iDRA C6 user IDs and pass words in Active Directory using an extended schema or a standard sche.
iDRAC6 Overview 21 •S M - C L P s u p p o r t — A d d s Server Manageme nt-Com mand Line Protocol (SM-CLP) support, which provides standards for systems management CLI implementations. • F irmwar e rollback and recovery — Allows you to boot from (or rollback to) the firmware image of your choice.
22 iDRAC6 Overview Connectivity Shared/F ailover Network Modes IPv4 VLAN T ag ging IPv6 Dynamic DNS Dedicated NIC Securit y and Authentic ation Role-based Authority Loca l Us er s SSL Encryption Activ.
iDRAC6 Overview 23 Serial-over-LAN (with proxy) Serial-over-LAN (no proxy) P ower Capping Last Crash Sc reen Capture Boot Captur e Vir tu a l M ed i a 3 Virtual Console 3 Virtual Console Sharing 3 Rem.
24 iDRAC6 Overview The iDRA C6 provides the fo llowing security featur es: • Single Sign-on, T w o-F actor Authentication, and Public K ey Authentication • User authentication through Active Dir e.
iDRAC6 Overview 25 • Configurable IP ports (where applicable) NOTE: T elnet does not support SSL encryption. • SSH, which uses an encrypted tr ansport layer for higher security • Login failure l.
26 iDRAC6 Overview Supported Remote Access Connections T able 1-2 lists the connection features. iDRAC6 Port s T able 1-3 lists the ports iDR AC6 li stens on for connections. T able 1-4 identif ies the ports t hat the iDRAC6 us es as a client. Thi s information is required when opening fir ewalls for remote access to an iDRA C6.
iDRAC6 Overview 27 Other Documents Y ou May Need In addition to this guide, the foll owing documents available on the Dell Support website at support.dell.com/manu als provide additional informati on about the setup and operation of the iDR A C6 in your system.
28 iDRAC6 Overview •T h e Dell OpenManage Management Stat ion Software Installation Guide contains instructions to help you install Dell OpenMana ge management station software that includes B aseboard Management Utility , DR AC T ools, and Active Directory Snap-In.
iDRAC6 Overview 29 • Documentation for any components you purch ased separately pr ovides information to configure and install these options. • Updates are sometimes included with the system to describe changes to the system, software, and/or documentation.
30 iDRAC6 Overview.
Getting Started With the iDRAC6 31 2 Getting Started With the iDRAC6 The iDRA C6 enables you to remotely monitor , troubleshoot, and repair a Dell system even when the system is down. The iDRAC6 offers features like Virtual Console, V irtual Media, Smart Car d authentication, and Single Sign- On (SSO).
32 Getting Started With the iDRAC6.
Basic Instal lation of the iDRAC6 33 3 Basic Installation of the iDRAC6 This section provide s information ab out h ow to install and set up your iD RAC 6 h ard w are a nd s of t wa re .
34 Basic Installation of the iDRAC6 Configuring Y our Sy stem to Use an iDRAC6 T o configure your system to use an iDR AC6, use the iDR A C6 Configuration Utility . T o run the iDRA C6 Configuration Utility : 1 T ur n on or restart your system. 2 P ress <C trl><E> when prompted during POST .
Basic Instal lation of the iDRAC6 35 • Shared with F ailover LOM2 — Select this option to share the network interface with the host operating system. The remote access device network interface is fully functional when the host operating system is configured for NIC teaming.
36 Basic Installation of the iDRAC6 Software Installation and Configuration Overview This section provides a high-l evel overvi ew of the iDR AC6 softwar e installation and configuration process. F or more information on the iDR A C6 softwar e components, se e "Installing the Softwar e on the Manage d System" on page 37.
Basic Instal lation of the iDRAC6 37 Installing the Software on the Managed Sy stem Installing softwar e on the managed sy stem is optional. W ithout the managed system software , you cannot use the R ACADM locally , and the iDR A C6 cannot capture the last crash scr een.
38 Basic Installation of the iDRAC6 NOTE: When you run Set up on the Dell Sy stems Management T ools and Documentation DVD, the RACADM utility for al l supported operating sy stems is installed on your management station. Installing RACADM 1 Log on as root to the system where you want to install the management station components.
Basic Instal lation of the iDRAC6 39 Updating the iDRAC6 Firmware Use one of the followi ng methods to update your iDRAC6 firmwar e. • W eb-based Interface (see "Updating the iDRA C6 F irmware .
40 Basic Installation of the iDRAC6 Updating the iDRAC6 Firmware Using the W eb-Based Interface F or detailed information, see "Updating the iDR AC6 F irmwar e/System Services Recovery Image" on page 7 7. Updating the iDRAC6 Firmware Using RACADM Y ou can update the iDRA C6 firmwar e using the CLI-based RA CADM tool.
Basic Instal lation of the iDRAC6 41 usb 5-2: device descriptor not accepting address 2, error -71 These errors ar e cos metic in natur e and sho uld be ignor ed. These messages are caused due to reset of the USB devices during the firmwar e update process and are harmless.
42 Basic Installation of the iDRAC6 Viewing Localized Versions of the Web-Based Interface Windows The iDRA C6 W eb-based interface is supported on the following W indows operating system langua ges: .
Basic Instal lation of the iDRAC6 43 LANG=zh_CN.UTF-8 LC_CTYPE="zh_CN.UTF-8" LC_NUMERIC="zh_CN.UTF-8" LC_TIME="zh_CN.UTF-8" LC_COLLATE="zh_CN.UTF-8" LC_MONETARY="zh_CN.UTF-8" LC_MESSAGES="zh_CN.UTF-8" LC_PAPER="zh_CN.
44 Basic Installation of the iDRAC6.
Configuring the iDRAC6 Using the W eb Interface 45 4 Configuring the iDRAC6 Using the W eb Interface The iDRA C6 provides a W e b interface that enables you to configur e the iDRA C6 properties and users, perform r emote management tasks, and troubleshoot a remote (managed) system for problems.
46 Configuring the iDRAC6 Using the Web Interfa ce Accessing the W eb Interface T o access the iDRA C6 W eb interface, perform the following steps: 1 Open a supported W eb browser window . T o access the W e b interface using an IPv4 address, go to step 2.
Configuring the iDRAC6 Using the W eb Interface 47 Logging In Y ou can log in as either a n iDRA C6 user or as a M icrosoft Active Directory user . The default user name and password for an iDR A C6 user ar e root and calvin , respect ively . Y ou must have been granted Log in t o iD R AC privilege by the administrator to log in to iDRAC6.
48 Configuring the iDRAC6 Using the Web Interfa ce Logging Out 1 In the upper -right corner of the main window , click Log o u t to close the session. 2 Close the browser window .
Configuring the iDRAC6 Using the W eb Interface 49 Configuring the iDRAC6 NIC This section assumes that the iDRA C6 has already been configured and is accessible on the network. See "Con fi guring iDRAC6" on page 36 for help with the initial iDRA C6 network configuration.
50 Configuring the iDRAC6 Using the Web Interfa ce 4 Click the appropriate button to continue. See T able 4-8. T able 4-2. Network Settings Setting Description NIC Select ion Configures the curr ent m.
Configuring the iDRAC6 Using the W eb Interface 51 Aut o Negotiation If set to On , displays the Network Speed and Mode by communicating with the near est router or hub. If set to Off , allows you to set the Network Speed and Duplex Mode manually . If NIC Selection is not set to Dedicated , Au to Negotiation setting will always be enabled ( On) .
52 Configuring the iDRAC6 Using the Web Interfa ce DNS Domain Name The default DNS Domain Name is blank. When the Aut o Config Domain Name checkbox is selected, this option is disabled .
Configuring the iDRAC6 Using the W eb Interface 53 T able 4-5. IPv6 Settings Setting Description Enable IPv6 If the checkbox is selected, IPv6 is enabled.
54 Configuring the iDRAC6 Using the Web Interfa ce P referred DNS Server Configures the stat ic IPv6 address for the pr eferr ed DNS server . T o change this setting, you must first uncheck U se DHCP to obtain DNS Server Addresses . Alternate DNS Server Configures the stat ic IPv6 addre ss for the alternate DNS server .
Configuring the iDRAC6 Using the W eb Interface 55 Configuring IP Filtering and IP Blocking NOTE: Y ou must have Configure iDRAC permission to perform the following steps. 1 Click Remote Access Network/Security and then click the Network tab to open the Network page.
56 Configuring the iDRAC6 Using the Web Interfa ce T able 4-9. Network Security Page Settings Settings Description IP Range En abled Enables the IP Range checking feature , which defines a range of IP addr esses that can access the iDR A C. The default is off .
Configuring the iDRAC6 Using the W eb Interface 57 Configuring Platform Events Platform event configuration provid es a mechanism for configuring th e iDRA C6 to perform selected actions on certain ev ent messages.
58 Configuring the iDRAC6 Using the Web Interfa ce When a platform event occurs (for example, a battery warning assert), a system event i s generated and r ecor ded in the S ystem Event Log (SEL).
Configuring the iDRAC6 Using the W eb Interface 59 Configuring Platform Event Filters (PEF) NOTE: Configure platform event filters befo re you configure the platform event traps or e-mail alert settings. 1 Log in to the remote system using a supported W eb browser .
60 Configuring the iDRAC6 Using the Web Interfa ce 4 In the IPv4 Destination List or the IPv6 Destination List , do the follo wing for the Destination Number to configure the IPv4 or IPv6 SN MP alert destination: a Select or clear the State checkbox. A selected ch eckbox indicates that the IP address is enabled to rece ive the alerts.
Configuring the iDRAC6 Using the W eb Interface 61 3 Click System Alerts Email Alert Settings . 4 In the Destination Email Addresses table, do the following to configure a destination address for the Email Alert Number : a Select or clear the State checkbox.
62 Configuring the iDRAC6 Using the Web Interfa ce Under IPMI LAN Settings in the Encryption K ey field, type the encryption key a nd click Apply . NOTE: The encryption key must consist of an even number of hexadecimal characters with a maximum of 40 characters.
Configuring the iDRAC6 Using the W eb Interface 63 f Ensur e that the serial MUX is set correctly in the managed system’s BIOS Setup program. • Restart your system. • During POST , pr ess <F2> to enter the BIOS Setup program. • Navigate to Serial Communication .
64 Configuring the iDRAC6 Using the Web Interfa ce Securing iDRAC6 Communi cations Using SSL and Digital Certificates This section provides info rmation about the following data security features that.
Configuring the iDRAC6 Using the W eb Interface 65 Certificate Signing Request (CSR) A CSR is a digital request to a CA f or a se cure server certificate. Secur e server certificates allow clients of the server to trust the identity of the server the y have connected to and to negotiate an encrypted session with the server .
66 Configuring the iDRAC6 Using the Web Interfa ce Generating a Certificate Sign ing Request NOTE: Each new CSR overwrites any previous CSR data stored on the firmw are. Before iDRAC can accept your signed CSR, the CSR in the firmware should match the certificate returned from the CA.
Configuring the iDRAC6 Using the W eb Interface 67 T able 4-13. Generate Certificate Signing Request (CSR) Attributes Field Description Common Name The exact name being certified (usually the iDR AC’s domain name, for example, www .xyzcompany .com ).
68 Configuring the iDRAC6 Using the Web Interfa ce Uploading a Server Certificate 1 On the SSL page, select Upload Server Certificate and click Next . The Upload Server Certificate page is displa yed. 2 In the Fi l e Pa t h field, type the path of the certifica te in the Va l u e field or click Browse to navigate to the certificate file.
Configuring the iDRAC6 Using the W eb Interface 69 Viewing a Server Certificate 1 On the SSL page, select V iew Ser ver Certificate and click Next . The V iew Ser ver Certificate page displays the server certific ate that you uploaded to the iDRAC. T able 4-16 describ es the fields and associated desc riptions listed in the Certifica te table.
70 Configuring the iDRAC6 Using the Web Interfa ce Configuring and Managing Active Directory The page enable s you to conf igur e an d manage Active Directory settings. NOTE: Y ou must have Configure iDRAC permission to use or configure Active Directory .
Configuring the iDRAC6 Using the W eb Interface 71 User Domain Name This value holds up to 40 User Domain entries. If configur ed, the list of user domain names will appear in the login page as a pull-down menu for the login user to choose from.
72 Configuring the iDRAC6 Using the Web Interfa ce Active Directory CA Certificate Certif icate The certificate of the Certificate A uthority that signs all the domain controllers’ Security Sock et Layer (SSL ) server certificate. Extended Schema Settings iDRA C Name : Specifies t he name that uniquely identifies the iDR AC in Act ive Directory .
Configuring the iDRAC6 Using the W eb Interface 73 Configuring and Managing Generic LDAP iDRA C6 provides a generic solution to support Lightweight Directory Access P rotocol (LD AP)-based authentication . This feature does not r equir e any schema extension on your dir ectory se rvices.
74 Configuring the iDRAC6 Using the Web Interfa ce • A utomated System Recovery (ASR) Agent — see T able 4-26 for ASR Agent settings. 3 Click Apply .
Configuring the iDRAC6 Using the W eb Interface 75 HTTP Port Number The port on which the iDRA C6 listens for a browser connection. The default is 80 . HTTPS Po rt Number The port on which the iDRA C6 listens for a secur e browser connection. The default is 443 .
76 Configuring the iDRAC6 Using the Web Interfa ce T imeout The T elnet idle timeout in seconds. Timeout range is 60 to 10800 seconds. Enter 0 seconds to disable the Timeout feature. The default is 1800 . Po r t N u m b e r The port on which the iDR AC6 listens for a T elnet connection.
Configuring the iDRAC6 Using the W eb Interface 77 Updating the iDRAC6 Firm ware/Sy stem Services Recovery Image NOTE: If the iDRAC6 firmware becomes co rrupted, as could occur if the iDRAC6 firmware update progress is interrupted before it completes, you can recover the iDRAC6 using the iDRAC6 Web interface.
78 Configuring the iDRAC6 Using the Web Interfa ce The following message will be displayed until the process is complete: File upload in progress... 5 On the Status (page 2 of 3) page, you will see the results of the validation performed on the image file you uploaded.
Configuring the iDRAC6 Using the W eb Interface 79 iDRAC6 Firmware Rollback iDRA C6 has the provision to maintain two simultaneous firmware images. Y ou can choose to boot from (or rollback to) the firmware image of your choice. 1 Open the iDRA C6 W eb-based interface and log in to the remote system.
80 Configuring the iDRAC6 Using the Web Interfa ce The Remote Syslog entries are User Datagram P rotocol (UDP) packets sent to the Remote Syslog server ’s syslog po rt.
Configuring the iDRAC6 Using the W eb Interface 81 racadm config –g cfgRemoteHosts –o cfgRhostsSyslogServer2 < servername2 >; default is blank racadm config –g cfgRemoteHosts –o cfgRhost.
82 Configuring the iDRAC6 Using the Web Interfa ce Remote File Share iDRA C6 Remote F ile Share (RF S) featur e allows you to specify an ISO or IMG image file located on a network shar e and make it a.
Configuring the iDRAC6 Using the W eb Interface 83 T o enable remote file sharing throug h the iDR AC6 W eb interf ace, do the follo wing: 1 Open a supported W eb browser window . 2 Log in to iDRA C6 W eb interface. 3 Select the System Rem ot e F il e S ha r e tab.
84 Configuring the iDRAC6 Using the Web Interfa ce • –l <image_location> ; image location on the network share; use double quotes around the location • –s ; display current status NOTE: The maximum number of characters supported for User Name and Password is 40 and for Image File Path it is 511.
Configuring the iDRAC6 Using the W eb Interface 85 Using iDRA C you can view the status, health, and availability o f IDSDM. The SD car d r edundancy status and fa ilur e events ar e log ged to SEL, displayed on LCD, and PET alerts are generated if alerts are enabled.
86 Configuring the iDRAC6 Using the Web Interfa ce T able 4-32. SD Card States SD Card State Description SD1 and SD2 Boot The controller is powering up. Active The car d receives all SD writes and is used for SD reads. Standby The card is the secondary card.
Advanced iDRAC6 Configuration 87 5 Advanced iDRAC6 Configuration This section provide s information ab out advanced iDRAC6 configuration and is recommended for users with advanced knowledge of systems management and who want to cust omize the iDRAC6 environment to suit their specific needs.
88 Advanced iDRAC6 Configuration failsafe baud rate....115200 remote terminal type....vt100/vt220 redirection after boot....Enabled Then, select Save Changes . 5 P ress <Esc> to e xit the System Setup program and complete the System Setup program configuration.
Advanced iDRAC6 Configuration 89 console com2 The console -h com2 command displays the contents of the serial history buffer before waiting for input from the k eyboard or new characters from the serial port. The default (and maximum) size of the history buffer is 8192 characters.
90 Advanced iDRAC6 Configuration NOTE: When you configure the client VT10 0 emulation window , set the window or application that is displaying the redirected Virtual Console to 25 rows x 80 columns to ensure proper text display; otherwise, some text screens may be garbled.
Advanced iDRAC6 Configuration 91 Using the Secure Shell (SSH) It is critical that your system’s de vices and device mana geme nt are secur e. Embedded connected devices ar e the co r e of many business processes.
92 Advanced iDRAC6 Configuration NOTE: SSHv1 is not supported. Configuring Linux for Serial Console During Boot The following steps are specific to th e Linux GRand Unifie d Bootloader (GRUB). Similar changes would be necessary if you use a differ ent boot loader .
Advanced iDRAC6 Configuration 93 2 Append two options to the kernel line: kernel ............. console=ttyS1,115200n8r console=tty1 3 If the /etc/grub.conf contains a splashimage directive, comment it out. T able 5-2 provides a sample /etc/grub.conf file that shows the changes described in this procedure.
94 Advanced iDRAC6 Configuration When you edit th e /etc/grub.co nf file, use the following guidelines: 1 Disable GRUB's graphical interface and use the text-based interface; ot he r wi se , t he G RU B s cre e n w il l n o t b e d is pl a ye d i n RAC Vi rt ua l Co ns ol e.
Advanced iDRAC6 Configuration 95 T able 5-3 shows a sample file with the new line. T able 5-3. Sample File: /etc/innitab # # inittab This file describes how the INIT process should set up # the system in a certain run-level. # # Author: Miquel van Smoorenburg # Modified for RHS Linux by Marc Ewing and Donnie Barnes # # Default runlevel.
96 Advanced iDRAC6 Configuration # Things to run in every runlevel. ud::once:/sbin/update # Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -t3 -r now # When our UPS tells us power has failed, assume we have a few # minutes of power left. Schedule a shutdown for 2 minutes from now.
Advanced iDRAC6 Configuration 97 Edit the file /etc/securetty as follows: Add a new line wi th the name of th e serial tty for COM2: ttyS1 T able 5-4 shows a sample file with the new line.
98 Advanced iDRAC6 Configuration T o set up your system to use any of these interfaces, perform the following steps. 1 Configure the BIOS to enable serial connection: a T ur n on or restart your system.
Advanced iDRAC6 Configuration 99 When you are connected serially with the previous settings, you should see a login prompt. Enter the iDR AC6 username and pass word (default values are root , calvin , r espectively). F rom this interface, you can e xecute such featur es as RA CADM.
100 Advanced iDRAC6 Configuration 4 Click Apply Changes . F or more information about Direct Connect Basic and Direct Connect T ermin al modes, see " Configuring Serial and T erminal Modes" on page 106. Direct Connect Basic mode will enable you to use such tools as ipmish directly through the serial connection.
Advanced iDRAC6 Configuration 101 Switching Between R AC Serial Interface Communication Mode a nd Serial Console iDRA C6 supports Escape key sequences that allow switching between R AC Serial Interface communica tion and Serial Console. T o set your system to allo w th is behavior , do the following: 1 T urn on or restart your system.
102 Advanced iDRAC6 Configuration T o switch to RA C Serial Interface Communication Mode when in Serial Console Mode, us e the following key s equence: <Esc> +<Shift> <9> The key seq.
Advanced iDRAC6 Configuration 103 Configuring the Management Station T erminal Emulation Software iDRA C6 supports a serial or T elnet te xt console from a management station running one of the following types of terminal emulation softwar e: • Linux Minicom in an Xterm • Hilgraeve’s HyperT erminal Private Edition (version 6.
104 Advanced iDRAC6 Configuration 7 P ress <e> and set the Bps/P ar/Bits option to 57600 8N1 . 8 Pre s s < f > a n d s e t Hardware Flow Control to Ye s and set Software Flow Control to No . 9 To e x i t t h e Serial P ort Setup menu, press <Enter>.
Advanced iDRAC6 Configuration 105 Configuring HyperT erminal for Serial Console HyperT erminal is the Microsoft W i ndows se rial port access utility . T o set the size of your Virtual Console scr e en appropriately , use H ilgraeve’s HyperT erminal Private Edition version 6.
106 Advanced iDRAC6 Configuration Configuring Serial and T erminal Modes Configuring IPMI and iDRAC6 Serial 1 Expand th e System tree and click Remote Access . 2 Click the Network/Security tab and then click Serial . 3 Configure the IPMI serial settings.
Advanced iDRAC6 Configuration 107 Flow Control • None — Ha rdwar e Flow Contro l Off • RTS/ CTS — H ard wa re F lo w Co nt ro l O n Channel P rivilege Lev el Li m it • Administrat or •O p e r a t o r •U s e r T able 5-9. iDRAC6 Serial Settings Setting Description Enabled Enables or disables the iDRA C6 serial console.
108 Advanced iDRAC6 Configuration Configuring T erminal Mode 1 Expand th e System tree and click Remote Access . 2 Click the Network/Security tab and then click Serial . 3 In the Serial page, click T erminal Mode Settings . 4 Configure the terminal mode settings.
Advanced iDRAC6 Configuration 109 Configuring the iDRAC6 Network Settings CAUTION: Changing your iDRAC6 Network setti ngs may disconnect your current network connection.
110 Advanced iDRAC6 Configuration T able 5-13 describes each iDR A C6 interface. T able 5-13. iDRAC6 Interfaces Interface Description W eb-based interface P rovides remote access to the iDR AC6 using a graphical user interface.
Advanced iDRAC6 Configuration 111 NOTE: The iDRAC6 default user name is root and the default password is calvin . Y ou can access the iDRA C6 W eb-ba sed interface through the iDR AC6 NIC by using a supported W eb browser , or through Server Administrator or IT Assistant.
112 Advanced iDRAC6 Configuration NOTE: If the sy stem from where you are accessing the remote sy stem does not have an iDRAC6 certificate in its default cer tificate store, a message is displayed when you type a RACADM command .
Advanced iDRAC6 Configuration 113 RACADM Synopsis racadm -r <iDRAC6 IP Address> -u <username> -p <password> <subcommand> <subcommand options> racadm -i -r <iDRAC6 IP Address> <subcommand> <subcommand options> Fo r e x a m p l e : racadm -r 192.
114 Advanced iDRAC6 Configuration Enabling and Disabling the RACADM Remote Capability NOTE: It is recommended that you run t hese commands on your local sy stem.
Advanced iDRAC6 Configuration 115 T able 5-15. RACADM Subcommands Command Description help Lists iDRA C6 subcommands. help <subcommand> Lists usage statement for the specified subcommand. arp Displays the contents of the AR P table. ARP table entries may not be added or deleted.
116 Advanced iDRAC6 Configuration getracl og Displays the iDR AC6 log. clrsel Clears the System Event Log entries. gettracelog Displays the iDRA C6 trace log. If used w ith -i , the command displays the number of entries in the iDR A C6 trace log. sslcsrgen Generates and downloads the SSL CSR.
Advanced iDRAC6 Configuration 117 Frequently Asked Que stions About RACADM Error M essages After performing an iDRAC6 reset (u sing the racadm ra creset command), I issue a command and th e follow ing.
118 Advanced iDRAC6 Configuration Configuring Multiple iDRAC6 Controllers Using RA CADM, you can configure one or more iDR AC6 controllers with identical properties. Whe n you query a specific iDR AC6 controller using it s group ID and object ID, R ACADM creates the racadm.
Advanced iDRAC6 Configuration 119 • Display all configuration properties in a gr oup (specified by group name and inde x) • Display all configuration properties for a us er by user name The config subcommand loads the inform ation into the other iDRAC6.
120 Advanced iDRAC6 Configuration error is found in the .cfg file. The user must corr ect all errors befor e any configuration can take place. The - c option may b e used i n the config subcommand, which verifies syntax only and does not perform a write operation to the iDR AC6.
Advanced iDRAC6 Configuration 121 Parsing Rules • All lines that start with '#' are treated as comments. A comment line must start in column one. A '#' char acter in any other column is treated as a '#' character . Some modem parameters may include # characters in its string.
122 Advanced iDRAC6 Configuration • All parameters are specified as "objec t=value" pairs with no white space between the object, =, or value. White spaces that are included after the value a re i gnor ed. A wh ite spac e inside a value string remains unmodified.
Advanced iDRAC6 Configuration 123 cfgNicGateway=10.35.10.1 This file will be updated as follows: # # Object Group " cfgLanNetworking " # [cfgLanNetworking] cfgNicIpAddress=10.35.9.143 # comment, the rest of this line is ignored cfgNicGateway=10.
124 Advanced iDRAC6 Configuration The following is a n example of how th e command may be used to configure desired LAN network pr operties. racadm config -g cfgLanNetworking -o cfgNicEnable 1 racadm config -g cfgLanNetworking -o cfgNicIpAddress 192.168.
Advanced iDRAC6 Configuration 125 iDRAC6 Modes The iDRA C6 can be configur ed in one of four modes: •D e d i c a t e d •S h a r e d • Shared with F ailover LOM2 • Shared with F a ilover All LOMs T able 5-16 provides a description of each mode.
126 Advanced iDRAC6 Configuration ( if certificate issued to IP ) of the iDRAC6 (for example, 192.168.0.120) or the r egister ed DNS iDR A C6 name ( if certificate issued to iD R AC registered name ). T o ensure that the CSR matches the registered DNS iDR A C6 name: 1 In the System tree, click Remote Access .
Advanced iDRAC6 Configuration 127 When accessing the iDRA C6 W eb-based interface, I get a security warning stating the SSL cer tificate was i ssued by a certificate author ity (CA) that is not trusted. iDRA C6 includes a default iDR AC6 se rver cert ificate to ensure network security for the W eb-based interf ace an d remote R ACADM featur es.
128 Advanced iDRAC6 Configuration.
Adding and Config uring iDRAC6 Users 129 6 Adding and Configuring iDRAC6 Users T o manage your system with th e iDRA C6 and maintain syste m security , create unique users with sp ecific ad ministrative permissions (or role-based authority ).
130 Adding and Configuring iDRAC6 Users • The username, password, and access permiss ions for a new or existing iDRA C user . T a ble 6-3 describes General User Settings . • The user ’s IPMI privileges. T able 6-4 describes the IPMI User P rivileges for configuring the user ’s LAN privilege s.
Adding and Config uring iDRAC6 Users 131 T able 6-2. Smart Card Configuration Options Option Descriptio n Upload User Ce rtificate Enables the user to upload the user certificate to iDR AC6 and import it to the user profile. V i ew User Certif icate Displays the user certificate page that has been uploaded to the iDR AC.
132 Adding and Configuring iDRAC6 Users New P assword Enter a P assword with up to 20 characters. The charact ers will not be displayed and ar e masked. The following characters are supported: •0 - 9 •A - Z •a - z • Special characters: +&? > -} | .
Adding and Config uring iDRAC6 Users 133 Configure iDRA C Enables the user to configur e the iDRA C. Configure Users Enables the user to allow specific users to access the system. CAUTION: This privilege is normally reserved for users who are members of the Admi nistrator role on iDRAC.
134 Adding and Configuring iDRAC6 Users Public Key Authentication over SSH iDR AC6 supports the Public K ey A uth entication (PK A) over SSH. This authentication method improves SSH sc ripting autom ation by removing t he need to embed or prompt for a user ID/passwor d.
Adding and Config uring iDRAC6 Users 135 Generating Public Key s for Windows Before adding an account, a public key is r equir ed from the system that will access the iDRA C6 over SSH.
136 Adding and Configuring iDRAC6 Users CAUTION: Key s generated from the Linux management station using ssh-keygen are in non - 4716 format. Convert the key s into the 4716 format using ssh- keygen -e -f /root/.ssh/id_rsa.pub > std_rsa.pub. Do not change the permissions of the key file.
Adding and Config uring iDRAC6 Users 137 CAUTION: The capability to upload, vi ew , and/ or delete SSH key s is based on the ’Configure Users’ user priv ilege. This privilege allows user(s) to configure another user's SSH key . Y ou should grant this pr ivilege carefully.
138 Adding and Configuring iDRAC6 Users Uploading, Viewing, and Deleting SSH Key s Using RACADM Upload The uplo ad mode allo ws you to upload a keyfile or to copy the key te xt on the command line.
Adding and Config uring iDRAC6 Users 139 Using the RACADM Utility to Configure iDRAC6 Users NOTE: Y ou must be logged in as user root to execute RACADM commands on a remote Linux sy stem. Single or multiple i DRA C6 users can be configur ed using the R ACADM command line that is installed with the i DRAC6 a ge nts on the managed system.
140 Adding and Configuring iDRAC6 Users NOTE: Y ou can also type racadm getconfig -f <myfile.cfg> and view or edit the myfile.cfg file, which includes all iD RAC6 configuration parameters. Several parameters and ob ject IDs ar e displayed wi th their curr ent values.
Adding and Config uring iDRAC6 Users 141 racadm config -g cfgUserAdmin -o cfgUserAdminPassword -i 2 123456 racadm config -g cfgUserAdmin -i 2 -o cfgUserAdminPrivilege 0x00000001 racadm config -g cfgUs.
142 Adding and Configuring iDRAC6 Users NOTE: For a list of valid bit mask values for specific user privileges, see the iDRAC6 Administrator Reference Guide available on the Dell Support website at support.dell.com/manuals . The default privilege value is 0, which indicates the user has no privileges enabled.
Using the iDRAC6 Directory Service 143 7 Using the iDRAC6 Directory Service A dir ectory service maintains a common database for stori ng information about users, computers, printers, etc.
144 Using the iDRAC6 Directory Service Y ou can use Active Direct ory to log in to the iDR AC6 using one of the following methods: • W eb-based interface • Remote R ACADM • Serial or T eln et co.
Using the iDRAC6 Directory Service 145 Prerequisites for Enabling Microsoft Active Directory Authentication for iDRAC6 T o use the Active Directory authentica tion featur e of the iDR AC6, you must have already deployed an Active Dire ctory infrastruct ure.
146 Using the iDRAC6 Directory Service d Click Next and clic k Fi n i s h . Exporting the Domain Controller Root CA Certificate to the iDRAC6 NOTE: If your sy stem is runnin g Windows 200 0 or if you are using a standalone CA, the following steps may vary.
Using the iDRAC6 Directory Service 147 Directory W ith Standard Schema Using the iDRA C6 W eb-Based Interface" on page 170. Importing the iDRAC6 Firmware SSL Certificate NOTE: If the Active Direc.
148 Using the iDRAC6 Directory Service Supported Active Directory Authentication Mechanisms Y ou can use Active Direct ory to define user acce ss on the iDR A C6 through two methods: you can use the extended schema solution, which Dell has customized to add Dell-def ined Active Dir ectory objects.
Using the iDRAC6 Directory Service 149 Identifiers (OIDs) so that when comp anies add extensions to the schema, they can be guaranteed to be unique an d not to conflict with each other .
150 Using the iDRAC6 Directory Service F igur e 7-1 illustrates that th e Associ ation Object provides the connection that is needed for all of the A uthentication and A uthorization. Figure 7-1. T ypical Setup for Active Directory Objects Y ou can create as many or as few associatio n objects as requir ed.
Using the iDRAC6 Directory Service 151 Accumulating Privileges Using Extended Schema The Extended Schema Authenticati on mechanism supports P rivilege Accumulation from different privilege ob jects associated with the same user through diffe rent Association Objec ts.
152 Using the iDRAC6 Directory Service F or example, P riv1 has these privileg es: Login, Virtual Media, and C lear Logs and P riv2 has these privileges: Login to iDRA C, Configur e iDR AC, and T est Alerts.
Using the iDRAC6 Directory Service 153 Extending the Active Directory Schema Important: The schema extension for this product is different from the pr evious generations of Dell Remote Management products.
154 Using the iDRAC6 Directory Service NOTE: The Remote_Management folder is for extending the Schema on older remote access products like DRAC 4 and DRAC 5, and the Remote_Management_Advanced folder is for extending the Schema on iDRAC6. T o use the LDIF files, s ee the instructio ns in the r eadme included in t he LDIF_F iles directo ry .
Using the iDRAC6 Directory Service 155 T able 7-3. dellRacDevice Class OID 1.2.840.11355 6.1.8000.1280.1.7.1.1 Description Represents the Dell iDRA C device.
156 Using the iDRAC6 Directory Service Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsV irtualMediaUser dellIsT estAlertUser dellIsDebugCommandAdmin T able 7-6.
Using the iDRAC6 Directory Service 157 T able 7-8. List of Attributes A dded to the Active Directory Schema Attribute Name/Descrip tion Assigned OID/Syntax Ob ject Identifier Single V alued dellP rivilegeMember List of dellPrivilege Objects that belong to this Attribute.
158 Using the iDRAC6 Directory Service dellIsV irtualMed iaUser TRUE if the user has Virtual Media rights on the device . 1.2.840.113556.1.8000.1280.1.1.2.9 Boolean (LDAPTY PE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) TRUE dellIsT e stAlertUser TRUE if the u ser has T est Alert User rights on the device.
Using the iDRAC6 Directory Service 159 Installing Dell Extension to Micr osoft Active Directory Users and Computers Snap-In When you extend the schema in Active Directory , you must also extend the Ac.
160 Using the iDRAC6 Directory Service 3 Click Add/Remove Snap-in . 4 Select the Active Directory Users and Computers Snap-in and click Add . 5 Click Close and click OK .
Using the iDRAC6 Directory Service 161 5 Click OK . 6 Right-click the privilege object that you created, and select P roperties . 7 Click the Remote Management P rivileges tab and select the pri vileges that you want the user to have.
162 Using the iDRAC6 Directory Service Click the P roducts tab to add one iDR AC device connected to the netw ork that is available for the defined users or user groups. M ultiple iDR AC devices can be added to an Association Object. Adding iDRAC Devices T o add iDRAC devices: 1 Select the Pr o d u c t s tab and click Add.
Using the iDRAC6 Directory Service 163 9 Click Next . The Active Directory Con figuration and Management Step 2 of 4 page is displaye d. 10 Select Enable Active Directory . CAUTION: In this release, the Smart Card based T w o Factor Authentication (TFA) feature is not supported if the Acti ve directory is configu red for Extended schema.
164 Using the iDRAC6 Directory Service NOTE: The FQDN or IP address that you specify in the Domain Controll er Server Address field should match the Subject or Subject Alternative Name field of your domain controller certificat e if you have certificate validation enabled.
Using the iDRAC6 Directory Service 165 racadm config -g cf gActiveDire ctory -o cfgADRacNam e <RAC comm on name> racadm config -g cfgActiveDirectory -o cfgADRacDomain < fully qualified rac do.
166 Using the iDRAC6 Directory Service racadm config -g cfgActiveDirectory -o cfgADDcSRVLookupDomainName <domain name to use on the DNS lookup> If you want to disable the certificate validation .
Using the iDRAC6 Directory Service 167 4 If DHCP is disabled on the iDRA C or you want to manu ally input your DNS IP address, type following RAC A D M commands: racadm config -g cfgLanNetworking -o c.
168 Using the iDRAC6 Directory Service Standard Schema Active Directory Overview As shown in F igure 7-3, usin g standar d schema for Active Dir ectory integration requires configuration on both Active Directory and iDR AC6.
Using the iDRAC6 Directory Service 169 NOTE: The Bit Mask values are used only when setting Standard Schema using RACADM. Single Domain V ersus Multiple Domain Scenarios If all the login users and role groups, and the nested groups, are in the same domain, then only the domain controlle rs’ addres ses must be configur ed on iDR AC6.
170 Using the iDRAC6 Directory Service Configuring Standard Schema Microsoft Active Directory to Access iDRAC6 Y ou must perform the follo wing steps to configure Active Directory befor e an Active Directory user c an access iDRA C6: 1 On an Active Directory server (domain controller), open the Active Directory Users and Computers Snap-in.
Using the iDRAC6 Directory Service 171 The certificate information for the valid Active Directory CA certificate is displayed. 8 Under U pl o a d Ke r b e ro s Ke y t a b , type the path of the k eytab file or browse to locate the file. Click Upload .
172 Using the iDRAC6 Directory Service Standard Schema , these are the addr esses of the domain controllers where the user accounts and th e role groups are located.
Using the iDRAC6 Directory Service 173 The Active Directory Configurati on and Management Step 4b of 4 page is displayed. 21 Specify the Rol e Group Name . The Rol e Group Name identifies the role group in Active Directory associated with the iDRA C. 22 Specify the Rol e Group Domain , which is the domain of the Role Gr oup.
174 Using the iDRAC6 Directory Service Configuring Microsoft Ac tive Directory With S tandard Schema Using RACADM Use the following commands to configur e the iDR AC Active Dir ectory F e ature with Standar d Schema usin g the R ACADM CLI instead of the W e b-based interface.
Using the iDRAC6 Directory Service 175 NOTE: At least one of the 3 addresses is required to be configured. iDRAC6 attempts to connect to each of the configured addresses one-by-one until it makes a successful connection. With Standard Schema, these are the addresses of the domain controllers where the user accounts and the role groups are located.
176 Using the iDRAC6 Directory Service racadm config -g cfgActiveDirectory -o cfgADGcSRVLookupEnable=1 racadm config -g cfgActiveDirectory -o cfgADGcRootDomain If you want to disable the certificate v.
Using the iDRAC6 Directory Service 177 4 If DHCP is disabled on the iDRA C6 or you want ma nually to input your DNS IP address, type the following RAC AD M commands: racadm config -g cfgLanNetworking .
178 Using the iDRAC6 Directory Service Generic LDAP Directory Service iDR AC6 provides a generic solution to support Lightweight Directory Access P rotocol (LD AP)-bas ed authentication. This feat ur e does not r equir e any schema extension on yo ur directory services.
Using the iDRAC6 Directory Service 179 The Generic LD AP Configuration and Mana gement Step 1 of 3 page is displayed. Use this page to configure the digital certificate used during initiation of SSL connections when communicating with a generic LDAP server .
180 Using the iDRAC6 Directory Service 8 Enter the followinf information: • Select Enable Generic LD AP . NOTE: In this release, nested group is not supported. The firmware searches for the direct member of the group to match the user DN. Also, only single domain is supported.
Using the iDRAC6 Directory Service 181 •I n t h e Search F i lter field, enter a valid LDAP search filter . Use the filter if the user attribute cannot uniquely identify the login user within the chosen Base DN. If not specified, the value defaults to objectClass=* , which searches for all objects in the tree.
182 Using the iDRAC6 Directory Service 17 Enter the user name and password of a dir ectory user that is chosen to test the LD AP settings. The format depends on what Attribute of User L ogin is used and the user name entered mu st match the value of the chosen attribute.
Using the iDRAC6 Directory Service 183 NOTE: Configure iDRAC6 to use a Domain Na me Server , which resolves the LDAP server hostname that iDRAC6 is configured to use in the LDAP server address. The hostname must match the " CN " or " Subject " in the LDAP server's certificate.
184 Using the iDRAC6 Directory Service 2 The domain controller addresses configured in iDRA C6 do not match the Subject or Subject Alternative Name of the directory server certificate. If you are using an IP addr ess, please r ead the following question and answer .
Using the iDRAC6 Directory Service 185 If Global Controller Addr ess(es) is configured, iDR A C6 continues to query the Global Catalo g. If additional priv ileges are r etrieved from the Global Catalog, thes e privileges will be accumul ated. Does iDRA C6 always use LD AP over SSL? Y es.
186 Using the iDRAC6 Directory Service c Ensure that you have uploaded the right Active Directory root CA certificate to the iDRAC6 if you enabled certificate validation.
Configuring iDRAC6 for Sin gle Sign-On or Smart Card Login 8 Configuring iDRAC6 for Single Sign- On or Smart Card Login This section provides in formation to configure iDR AC6 for Smart Car d login for local users and Active Dir ectory user s, and Single Sign-On (SSO) login for Active Directory users.
188 Configuring iDRAC6 for Single Sign-On or Smart Card Login Prerequisites for Active Directory SSO and Smart Card Authentication The pre-r equisites for both Active Dir ectory SSO and Smart Car d authentication are: • Configure the iDR AC6 for Active Dir ectory login.
Configuring iDRAC6 for Single Sign-On or Smart Card Login 189 Since the iDR A C6 is a device with a non- W indows operatin g system, run the ktpass utility—part of Microsoft W ind ows—on the domain controller (Active Directory server) where you want to map the iDR A C6 to a user account in Active Directory .
190 Configuring iDRAC6 for Single Sign-On or Smart Card Login Browser Settings to Enable Active Directory SSO T o configure the browser settings for Internet Expl orer : 1 Open Internet Explorer W eb browser 2 Select T ools Internet Options Security Loc a l I n t ra n e t .
Configuring iDRAC6 for Single Sign-On or Smart Card Login 191 Using Microsoft Active Directory SSO The SSO featur e enables yo u to log into the iDR AC6 dire ctly after logging into your workstation wi thout entering your doma in user authenticati on credentials, such as user name and pa sswor d.
192 Configuring iDRAC6 for Single Sign-On or Smart Card Login 7 Click Next until the last page is displayed. If Active Directory is configured to use standard schema, then Active Directory Configurati on and Management Step 4a of 4 page is displayed.
Configuring iDRAC6 for Single Sign-On or Smart Card Login 193 • Y ou are configured in the iDRA C6 for Active Directory login. • The iDR AC6 is enabled for K erberos Active Directory authentication. Configuring Smart Card Authentication The iDR AC6 supports t he T wo F actor A uthentication (TF A) feature by enabling Smart Card L ogon .
194 Configuring iDRAC6 for Single Sign-On or Smart Card Login NOTE: T o log into the iDRAC6, the user name that you configure in the iDRAC6 should have the same case as the User Princip al Name (UPN) in the Smart Card certificate. F or example, in case the Sm art Card ce rtificate has been issued to the user , "sampleuser@domain.
Configuring iDRAC6 for Single Sign-On or Smart Card Login 195 T able 8-1. Smart Card Settings Setting Description Configure Smart Car d Log on • Disabled — Disables Smart Card logon. Subseq uent logins from the graphical use r interface (GUI) display the r egular login page.
196 Configuring iDRAC6 for Single Sign-On or Smart Card Login Logging Into the iDRAC6 Using the Smart Card The iDRA C6 W eb interfa ce displays the Sm art Card logon pa ge for all user s who are configured to use the Sm art Card.
Configuring iDRAC6 for Single Sign-On or Smart Card Login 197 https://< IP address> :< port number > where IP address is the IP address for the iDR AC6 and port number is the HTTPS port number . The iDR AC6 Login page is displayed prompting you to insert the Smart Card.
198 Configuring iDRAC6 for Single Sign-On or Smart Card Login 4 Enter the user ’s Active Directory pass word to authenticate the user and click OK . Y ou are logged into the iDRA C6 with your credentials as set in Active Directory .
Configuring iDRAC6 for Single Sign-On or Smart Card Login 199 Unable to Log into iDRAC6 as an Active Directory Us er • If you cannot log into the iDRAC6 as an Active Directory user , try to log into the iDRA C6 without enabling the Smart Card logon.
200 Configuring iDRAC6 for Single Sign-On or Smart Card Login Access P roperties iDR AC Information page, and the domai n controller time by right clicking on the time in the bottom right hand corner of the screen. The timezone offset is displayed in th e pop up display .
Configuring iDRAC6 for Single Sign-On or Smart Card Login 201 SSO login fails with AD users on W i ndows 7 and Windows Server 2008 R2. What should I do to resolve this? Y ou must enable the encryption types for W indows 7 and W indows Server 2008 R2.
202 Configuring iDRAC6 for Single Sign-On or Smart Card Login 13 Close the Reg is t ry Ed it o r window . Y ou can now log in to iDR A C using SSO . If you have enabled SSO for iDRA C and you are using Internet Explorer to log in to iDR A C, SSO fails and you ar e prompt ed to enter your user name and password.
Using GUI Virtual Console 203 9 Using GUI V irtual Console This section provides information about using the iDRA C6 Virtual Console feature. Overview The iDR A C6 V irtual Co nsole featur e ena b les you to access the local console remot ely in either graphic or te xt mode.
204 Using GUI Virtual Console The following rules apply to a V irtual Console session: • A maximum of four simultaneous Virtual Console sessions are supported.
Using GUI Virtual Console 205 2 If you are using F ir efox or want to use the Java Viewer with Internet Explorer , install a Java Runtime En vironment (JRE). If you use the Internet Explorer browser , an ActiveX control is pr ovided for the console viewer .
206 Using GUI Virtual Console Clear Y our Browser’ s Cache If you encounter issues when operatin g the Virtual Console, (out of range errors, synchronization issues, and so on ) clear the browser’s cache to remove or delete any o ld versions of t he viewer that may be stor ed on t he system and try again.
Using GUI Virtual Console 207 Internet Explor er Browser Configur ations for ActiveX based V irtual Console and V irtua l Media Appli cations This section provide s information ab out the Internet Explorer browser settings requir ed to launch and run ActiveX based V irtual Console and Virtual Media applications.
208 Using GUI Virtual Console 2 Ensure that the Enable P rotected Mode option is not selected for T rusted Sites zone. Alternatively , you can ad d the iDR AC addr ess to sites in the Intranet zone. By default, protected mode is turned off for sites in Intranet Zone and T rusted Sites zone.
Using GUI Virtual Console 209 T able 9-2. Virtual Consol e Configuration Properties Property Description Enabled Click to enable or disable Virtual Console . If this option is check ed, it indicate s that V irtual Console is enabled. The default option is enabled .
210 Using GUI Virtual Console NOTE: For information about using V irt ual Media with V irtual Console, see "Configuring and Using Virtual Media" on page 255.
Using GUI Virtual Console 211 If you want to reconfigure any of the property values displayed, see "Configuring Virtual Console in the iDRA C6 W eb Interface" on page 208. NOTE: For information about using V irtual Media with Virtual Console, see "Configuring and Using Virtual Media" on page 255.
212 Using GUI Virtual Console 3 If a Virtual Console session is available, click Launch V irtual Console . NOTE: Multiple message boxes may appear after yo u launch the application. T o prevent unauthorized access to the application, navigate through these message boxes within th ree mi nutes.
Using GUI Virtual Console 213 Using iDRAC6 Vi rtual Console (Video V iewer) The iDRA C6 V irtual Console (Video Viewer) provides a user interface between the management station and th e managed server , allowing you to see the managed server ’s desktop and control its mo use and keyboar d functions from your mana gement station.
214 Using GUI Virtual Console The iDRA C6 V irtual Console provides various control adju stments such as mouse synchronizatio n, snapshots, keyboard macros, and access to V irtual Media.
Using GUI Virtual Console 215 Fi l e C a p t u r e t o Fi l e Captures the curr ent r emote system scr een to a .bmp file on W indows or a .png file on Linux. A dialog box is displayed that allows you to save the file to a specified location. NOTE: .bmp file format on Windows or .
216 Using GUI Virtual Console Macros • Alt+Ctrl+D el •A l t + T a b • Alt+Esc • Ctrl+Esc •A l t + S p a c e • Alt+Enter •A l t + H y p h e n •A l t + F 4 • P rtScrn • Alt+P rtScrn .
Using GUI Virtual Console 217 T ools Session Options The Sessions Options window provides additional session viewer control adjustments. This window has the General and Mouse tabs.
218 Using GUI Virtual Console Disabling or Enabli ng Local Server V ideo Y ou can configure the iDR AC6 to disallow iDR A C6 Virtual Console connections using the iDRA C6 W eb interface.
Using GUI Virtual Console 219 3 T o disable (tur n off) local video on the server , uncheck the Loc a l Se rv e r Vi d e o E n a b l e d checkbox on the Configura tion page, and then click Apply . The default value is OFF . NOTE: If the local server video is turned ON, it will take 15 seconds to turn OFF .
220 Using GUI Virtual Console General Error Scenarios T able 9-8 lists general error scenarios, the reasons for those errors, and the iDR AC6 behavi or . T able 9-8. Error Scenarios Error Scenarios Reason Behavior Login failed Y ou have entered either an invalid user name or an incorrect password.
Using GUI Virtual Console 221 Frequently Asked Questi ons on V irtual Console T able 9-9 lists fr equently asked questions and answers. T able 9-9. Using Virtu al Cons ole: Frequently Asked Questions Question Answer Virtual Console fails to log out when the out–of–band We b G U I i s l o g g e d o u t .
222 Using GUI Virtual Console How can I get the current status of the local server video? The status is displayed on the Vi r t u a l C o n s o l e Configuration page of the iDRA C6 W eb interface. The RA CADM CLI command racadm getconfig –g cfgRacTuning displays the status in the object cfgRacT u neLoc alSer verV ideo .
Using GUI Virtual Console 223 Why can't I use a keyboar d or mouse while installing a Microsoft operating system remotely by using iDR A C6 Virtual Console? When you remotely install a supported .
224 Using GUI Virtual Console What are the minimum system requir ements for my management station to run Vir tu al C on s ol e? The manageme nt station r equires a n Intel P entium III 500 MHz processor with at least 256 MB of RAM.
Using the WS-MAN Interface 225 10 Using the WS-MAN Interface W eb Se rvices for Management (W S–MAN) is a Simple Object Access P rotocol (SOAP)–based protocol used for systems managem ent. WS–MAN provides an interoperable protocol fo r devic es to share and e x change data across networks.
226 Using the WS-MAN Interface 3 Physical Asset: Defines CIM classes for r epr esenting the ph ysical aspect of the mana ged elements. iDR A C6 uses this profile to r eprese n t the host server ’s FRU informatio n. 4 SM CLP Ad min Domai n Defines CIM classes for r epr esenting CLP’s configuration.
Using the WS-MAN Interface 227 16 SMASH Collection Defines CIM classes for representing CLP’s c onfigurat ion. iDRA C6 uses this profi le for its own im plementa tion of CLP . 17 Pr o f i l e R e g i s t r a t i o n Defines CIM classes for advertising the prof ile implementations.
228 Using the WS-MAN Interface Dell Extensions 1 Dell Active Dir ectory Client V ersion 2.0.0 Defines CIM and Dell extension classes fo r configur ing iDRA C6 Active Di rectory client and the loc al privileges for Active D irectory groups. 2 Dell V irtual Media Defines CIM and Dell extension classes fo r configur ing iDRA C6 Virtual Media.
Using the WS-MAN Interface 229 The iDRA C6 WS–MAN implementation uses SSL on port 443 for transport security , and supports basic and di gest authentication.
230 Using the WS-MAN Interface There ar e additional implementation gui des, white papers, profile, and code samples availa ble in the Dell En terprise T echnolo gy Center at www .delltechcenter .com . F or mor e information, see the following: •D M T F W e b s i t e : www .
Using the iDRAC6 SM-CLP Command Line Interface 231 11 Using the iDRAC6 SM-CLP Command Line Interface This section provide s information ab out the Distributed Management T ask F o rce (DMTF) Server Management-C ommand Line P rotocol (SM-CLP) that is incorporate d in the iDRA C6.
232 Using the iDRAC6 SM-CLP Command Line Interface SM-CLP Features The SM-CLP promotes th e concept of verbs and targets to provide system managem ent c apabil itie s through the CLI. The verb indicates the operation to perform, and the target determines the entity (or object) that runs the operation.
Using the iDRAC6 SM-CLP Command Line Interface 233 T able 11-2. SM-CLP T argets T arget Definitions admin1 admin domain admin1/profiles1 Register ed profiles in iDR AC6 admin1/hdwr1 Hard ware admin1/s.
234 Using the iDRAC6 SM-CLP Command Line Interface admin1/system1/usbredirectsap1 /remotesap1 Virtual Media destination USB red i rec t i on S A P admin1/system1/sp1 Service P rocessor admin1/system1/.
Using the iDRAC6 SM-CLP Command Line Interface 235 admin1/system1/sp1/capabilitie s/metriccap1 Metric service capabilities admin1/system1/sp1/capabilitie s1/elecap1 Multi-factor Authenticat ion capabi.
236 Using the iDRAC6 SM-CLP Command Line Interface admin1/system1/sp1/ipcfgsvc1 I P interface configuration service admin1/system1/sp1/ipendpt1 IP inte rface protocol endpoint admin1/system1/sp1/ ipen.
Using the iDRAC6 SM-CLP Command Line Interface 237 admin1/system1/sp1/acctsvc1 MF A account management service admin1/system1/sp1/acctsvc2 IPMI account management service admin1/system1/sp1/acctsvc3 C.
238 Using the iDRAC6 SM-CLP Command Line Interface admin1/system1/sp1/metricsvc1 Me tric service /admin1/system1/sp1/metricsvc1 /cumbmd1 Cumulative base metric definition /admin1/system1/sp1/metricsvc.
Deploying Y our Operating Sy stem Using VMCLI 239 12 Deploying Y our Operating Sy stem Using VMCLI The Virtual Media Command Line Interface (VMCLI) utility is a command-line interface that provides Virtual Media featur es from the management station to the iDRA C6 in the remote system.
240 Deploying Y our Operatin g Sy stem Using VMCLI Creating a Bootable Image File Before you deploy your image file to the remote systems, ensure that a supported system can boot from the file . T o test the image file, transfer the image file to a test system using th e iDRA C6 W eb user interface and then reboot the sy stem.
Deploying Y our Operating Sy stem Using VMCLI 241 When you create the imag e file, do the foll owing: • F ollow standard network-based installation procedur es • Mark the deployment image as rea d.
242 Deploying Y our Operatin g Sy stem Using VMCLI •< iso9660-img > is the path to an ISO9660 image of the operating system installation CD or D VD •- f { < floppy-device >} is the pat.
Deploying Y our Operating Sy stem Using VMCLI 243 If your operating system supports admi nistrator privileges or an operating system-specific privil ege or group membership, admini strator privileg es are also re quired to run the VMCLI command.
244 Deploying Y our Operatin g Sy stem Using VMCLI The VMCLI comman d format is as follows: VMCLI [parameter] [operating_system_shell_options] C o m m a n d - l i n e s y n t a x i s c a s e - sensitive. See "V MCLI P arameters" on page 244 for more information.
Deploying Y our Operating Sy stem Using VMCLI 245 iDRAC6 User Password -p <iDRAC-user-password> This parameter provides the passwor d for the specified iDRA C6 user . If iDRA C6 authentication fails, an error message displays and the command terminates.
246 Deploying Y our Operatin g Sy stem Using VMCLI 2 Get the name for the kernel image by typing the following command at the command line: uname -r 3 Go to the /boot directory and delete the k ernel image file, whose name you determined in Step 2: mkinitrd /boot/initrd-’uname -r’.
Deploying Y our Operating Sy stem Using VMCLI 247 Specify at least one medi a type (floppy or CD/DVD drive) with the command, unless only switch options ar e provided. Otherwise, an error message is displayed and the command terminates and generates an error .
248 Deploying Y our Operatin g Sy stem Using VMCLI • Background ex ecution — By default, the VMCLI util ity runs in the foreground. Use the operating system's command shell features to cause the utility to run in the background.
Configuring Intelligent Platform Management Interface 249 13 Configuring Intelligent Platform Management Interface This section provides information abo ut configuring and using the iDRA C6 IPMI interface. The interface includes the fol lowing: • IPMI over LAN • IPMI over Serial •S e r i a l o v e r L A N The iDRA C6 is fully IPMI 2.
250 Configuring Intelligent Platform Management Interface Open a command prompt, type th e following command, and press <Enter>: racadm config -g cfgIpmiLan -o cfgIpmiLanEnable 1 NOTE: This setting determines the IPMI commands that can be executed from the IPMI over LAN interface.
Configuring Intelligent Platform Management Interface 251 racadm config -g cfgIpmiSol -o cfgIpmiSolEnable 1 a Update the IPMI SOL minimum privilege level. NOTE: The IPMI SOL minimum privilege level determines the minimum privilege required to activat e IPMI SOL.
252 Configuring Intelligent Platform Management Interface NOTE: SOL can be enabled or disabled for each individual user . At the command prompt, type the following command and press <Enter>: racadm config -g cfgUserAdmin -o cfgUserAdminSolEnable -i <id> 2 wher e <id> is the user ’s unique ID.
Configuring Intelligent Platform Management Interface 253 d Set the IPMI serial channel minimum privilege level. At the command prompt, type the following command and press <Enter>: racadm confi.
254 Configuring Intelligent Platform Management Interface Using the IPMI Remote Access Serial Interface In the IPMI serial interface, the following modes ar e available: • IPMI terminal mo de — Supports ASCII commands that are submitted from a serial terminal.
Configuring and Using Virtual Media 255 14 Configuring and Using V irtual Media Overview The Vi r t u a l M e d i a feature, accessed through the Virtual Console viewer , provides the managed server access to media connected to a remote system on the network.
256 Configuring and Using Virtual Media Using V irtual Media , administrators can remo tely boot their managed servers, inst all applicatio ns, update driver s, or even i nstall new op erating systems remotely from the virtual CD/D VD and diskette drives.
Configuring and Using Virtual Media 257 Linux-Based Mana gement Station T o run the Virtual Media feature on a management station running the Linux operating system , in stall a supported version of F ire fox. A 32-bit Java R untime Environment (J RE) is requir ed to run the Virt ual Console plugin.
258 Configuring and Using Virtual Media V irtual Media Encryption Enabled Select or deselect the checkbox to enable or disable encryption on Vi r t u a l M e d i a connections.
Configuring and Using Virtual Media 259 Running Vi rtual Media CAUTION: Do not issue a racreset command when running a Virtual Media session. Otherwise, undesirable results may occur , including loss of data. NOTE: The Console V iewer window applicati on must remain active while you access the Virtual Med ia.
260 Configuring and Using Virtual Media 3 Select System Console/Media Vi r t u a l C o n s o l e and V irtual Media. 4 The Vi r t u a l C o n s o l e and V irtual Media page is displayed. If you want to change the values of an y of the displayed a ttributes, see "Configu ring Virtual Media" on page 257.
Configuring and Using Virtual Media 261 Disconnecting Virtual Media 1 Click T ools Launch V irtual Media . 2 Uncheck the box next to the media you want to discon nect. The media is disconnected and the Status window is up dated. 3 Click Exit to terminate the V irtual Media Sess ion wizard.
262 Configuring and Using Virtual Media Installing Operating Sy stems Using V irtual Media This section describes a manual, intera ctive method to install the operating system on your management station that may take several hours to complete.
Configuring and Using Virtual Media 263 T o use the Boot Once F eatur e, do the followi ng: 1 Log in to the iDRA C6 through the W eb interface and click System Console/Media Configuration . 2 Select the Enable Boot Once option under Vi r t u a l M e d i a .
264 Configuring and Using Virtual Media Frequently Asked Questions about V irtual Media T able 14-4 lists frequently ask ed questions and answers. T able 14-4. Using Virtual Media: Frequently Asked Questions Question Answer Sometimes, I notice my V irtual Media client connection drop.
Configuring and Using Virtual Media 265 An installation of the W indows operating system through Virtual Media seems to tak e too long. Why? If you are installi ng the W indows operating syst em using.
266 Configuring and Using Virtual Media I cannot locate my V irtual Floppy/Virtual CD devic e on a system running Red Hat Enterprise Linux or the SUSE Linux operating system.
Configuring and Using Virtual Media 267 I cannot locate my Virtual Floppy/Virtual CD device on a system running Red Hat Enterprise Linux or the SUSE Linux operating system.
268 Configuring and Using Virtual Media Why are all my USB devices detached after I c onnect aU S Bd e v i c e ? Virtual Media devices and vFlash devices are connected as a composite USB device to the Host USB BUS, and they share a common USB port.
Configuring vFlash SD Card and Managing vFlash Partitions 269 15 Configuring vFlash SD Card and Managing vFlash Partitions The vFlash SD card is a Secur e Digital (SD) car d that plugs into the optional iDRA C6 Enterprise car d slot at the ba ck of your system.
270 Configuring vFlash SD Card and Managing vFlash Partitions If you are an administrator , you can perform all operations on the vFlash partitions. If not, you must have Acce ss Virtual Media pr iv ilege to cr eate, delete, format, attach, de tach, or copy the contents for the partition.
Configuring vFlash SD Card and Managing vFlash Partitions 271 4 Click Apply to enable or disable the vFlash partition managemen t on the card. If any vFlash p artition is attached, you cannot d isable vFlash and an err or message is displayed. NOTE: If vFlash is disabled, only the SD Card Properties subtab is displayed.
272 Configuring vFlash SD Card and Managing vFlash Partitions If you click any opti on on the vFlash pages when an application such as WSMAN provider , iDRA C6 Configuration Utility , or RA CADM is us.
Configuring vFlash SD Card and Managing vFlash Partitions 273 Enabling or Disabling the vFlash or Standard SD Card Open a telnet/SSH/Serial console to the server , log in, and enter the following comm.
274 Configuring vFlash SD Card and Managing vFlash Partitions F or more informatio n about vflashsd , see the iDRA C6 Administrator Refer ence Guid e available on the Dell Support website at support.dell.com/ manuals . NOTE: The racadm vmkey reset command is deprecated from 1.
Configuring vFlash SD Card and Managing vFlash Partitions 275 Before cr eating an empty pa rtition, ensur e the following: • The car d is initialized. • The car d is not write-protected. • An initialize operation is not alr eady being performed on the card .
276 Configuring vFlash SD Card and Managing vFlash Partitions Creating a Partition Using an Image File Y ou can create a new partition on the vF lash or sta ndard SD card using an image file (availabl e in the .img or .iso format.) Y ou can create a partition of type Floppy , Har d Disk, or CD.
Configuring vFlash SD Card and Managing vFlash Partitions 277 Before creating a partition from an image file, ensure the following: • The car d is initialized. • The car d is not write-protected. • An initialize operation is not alr eady being performed on the card .
278 Configuring vFlash SD Card and Managing vFlash Partitions Formatting a Partition Y ou can format an existing partition on the vFlash SD card based on the type of file system. The supported file system types are EXT2, EX T3, F A T16, and F A T32. The standard SD car d with limi ted vFlash featur es supports only the FAT 3 2 f o r m a t .
Configuring vFlash SD Card and Managing vFlash Partitions 279 T o format vFlash partition: 1 On the iDR AC6 W eb interface, select System vFlash tab Fo r m a t subtab. The F ormat P artition page is displayed. 2 Enter the information mentioned in T able 1 5-4.
280 Configuring vFlash SD Card and Managing vFlash Partitions T able 15-5. Viewing Av ailable Partitions Field Description Index P artitions are index ed from 1 to 16. The partition index is unique for a particular partition. It is specified when the partition is created.
Configuring vFlash SD Card and Managing vFlash Partitions 281 Modifying a Partition Ensur e that the car d is enab led to modify the partition. Y ou can change a read-only partition to read-wr ite or vice-versa. T o do this: 1 On the iDR AC6 W eb interface, select System vFlash tab Manage subtab.
282 Configuring vFlash SD Card and Managing vFlash Partitions T o attach or detach partitions: 1 On the iDRA C6 W eb interface, select System vFlash tab Manage subtab.
Configuring vFlash SD Card and Managing vFlash Partitions 283 T o dele te existi ng partition(s): 1 On the iDR AC6 W eb interface, select System vFlash tab Manage subtab. The Manage P artitions page is displayed. 2 In the Delete column, click the delete icon for the partition(s) that you want to delete and click Apply .
284 Configuring vFlash SD Card and Managing vFlash Partitions Booting to a Partition Y ou can set an attached vFla sh partition as the boot device for the ne xt boot operation. The vFla sh partition must contain a bootable image (in the .img or .iso format) to set it as a boot device.
Configuring vFlash SD Card and Managing vFlash Partitions 285 Options only valid with the create act ion: Options only valid with the status ac tion: -o <label> Label that is shown wh en the part ition is mounted on the operating system. <label> must be a string up to six alphanumeric characters and must not contain spaces.
286 Configuring vFlash SD Card and Managing vFlash Partitions Creating a Partition • T o create a 20MB empty partition: racadm vflashpartition create -i 1 -o drive1 -t empty -e HDD -f fat16 -s 20 .
Configuring vFlash SD Card and Managing vFlash Partitions 287 Booting to a Partition • T o list the available devi ces in the boot list: racadm getconfig –g cfgServerInfo –o cfgServerFirstBootDevice If it is a vFlash SD card, the label na mes of the attached partitions appears in the boot list.
288 Configuring vFlash SD Card and Managing vFlash Partitions F or more informatio n about the RA CADM subcommands and the iDR AC6 property database group and object defi nitions, see the iDRA C6 Administrato r Reference Guide available on the Dell Support website at support.
Power Monitoring and M anagement 289 16 Power Monitoring and Management Dell P owerEdge systems incorporate many new and enhanced power management features. The entire platfo rm, from hardwar e to firmware to systems management software, has been designed with a focus on power efficiency , power monitori ng, and power ma nagement.
290 Power Monitoring and Management Power Inventory , Power Budgeting, and Capping F rom a usage perspective, you may have a limited amount of cooling at the rack level. W ith a user -defined power cap, you can allocate power as needed to meet your performa nce r equir ements.
Power Monitoring and M anagement 291 V iewing the Health Status of the Power Supply Units The Po w e r S u p p l i e s page displays the status an d rating of the power supply units installed in the server . Using the W eb- Based Interface T o view the health status of the power supply units: 1 Log in to the iDRA C6 W eb-based interface.
292 Power Monitoring and Management • Severe indicates at least one failure alert has been issued. F ailure status indicates a power failure on the server , and corrective action must be taken immediately . – Loc a ti o n displays the name of the power supply un it: PS-n, where n is the power suppl y number .
Power Monitoring and M anagement 293 Viewing Power Budget The server provides power budget status overviews of the power subsystem on the P ower Budget Information page. Using the W eb Interface NOTE: T o perform power managemen t actions, you must have Administrative privilege.
294 Power Monitoring and Management Power Budget Threshold Power Budget Threshold, if enabled, allo ws a power c apping limi t to be set f or the system. System perfor mance will be dynamically adjusted to maintain power consumption near the specified threshold.
Power Monitoring and M anagement 295 Using RACADM racadm config -g cfgServerPower -o cfgServerPowerCapWatts < power cap value in Watts > racadm config -g cfgServerPower -o cfgServerPowerCapBTUhr.
296 Power Monitoring and Management • W arning Threshold : Displays the accept able power consumption (in W atts and BTU/hr) r ecommended for system operation.
Power Monitoring and M anagement 297 Power Consumption data is not maintained across sy stem resets and so will reset back to zero on those occasions. The pow er values displayed are cumulative averages over the respective time interval (previous minute, ho ur , day and week).
298 Power Monitoring and Management Using RACADM Open a T elnet/SSH text console to the iDR A C, log in, and ty pe: racadm getconfig -g cfgServerPower F or more informatio n about cfgSer verP ower , including output details, see cfgSer verP ower in the iDRA C6 Administrator Reference Guide available on the Dell Support website at support.
Power Monitoring and M anagement 299 – P ower Cycle System (cold boot) powers off and then reboots the system. This option is dis abled if the system is already powered OFF . 4 Click Apply . A dialog box is d isplayed requesting confirmation. 5 Click OK to perform the power management action you selected (for example, cause the system to r eset).
300 Power Monitoring and Management.
Using the iDRAC6 Configuration Utility 301 17 Using the iDRAC6 Configuration Utility Overview The iDRA C6 Configuration Utility is a pre-boot configur ation environment that allows you to vie w and set pa rameters for the iDR AC6 and for the managed server .
302 Using the iDRAC6 C onfiguration Utility Starting the iDRAC6 Configuration Utility 1 T ur n on or restart the server by pressing the po wer button on the front of the server . 2 When you see the P ress <Ctrl-E> for Remote Access Setup within 5 sec.
Using the iDRAC6 Configuration Utility 303 The following sections describe the iDR A C6 Configuratio n Utility menu items. iDRAC6 LAN Use <Left Arrow>, <Right Arrow>, an d the spacebar to select between On and Off . The iDR AC6 LA N is enabled in the def a ult configuration.
304 Using the iDRAC6 C onfiguration Utility LAN Parameters P ress <Enter> to display the LAN P a ram eters submenu. When you have finished configuring the LAN paramete rs, press <Esc> to return to the previous menu.
Using the iDRAC6 Configuration Utility 305 Domain Name If Domain Name from DHCP is set to Off , press <Enter> to edit the Current Domain Name te xt field. Pr ess <Enter> when you have finished editing. Pr ess <Esc> to r eturn to the previous menu.
306 Using the iDRAC6 C onfiguration Utility Default Gateway If the IP Address Source is set to DHCP , this field displays the IP address of the default gateway obtained from DHCP . If the IP Address Source is set to Static , enter the IP addr ess of the default gateway .
Using the iDRAC6 Configuration Utility 307 Virtual Media Configuration Virtual Media P ress <Enter> to select Detached, Attached , or A uto-Attached . When you select Attached , the V irtual Media devices ar e attached to the USB bus, making them available fo r use during Vi r t u a l C o n s o l e sessions.
308 Using the iDRAC6 C onfiguration Utility vFlash P ress <Enter> to select Enabled or Disabled . • Enabled - vFlash is available for partition management. • Disabled - vFlash is not availab le for partition management . CAUTION: vFlash cannot be disabled if one or more partitions are in-use or is attached.
Using the iDRAC6 Configuration Utility 309 • W rite P rotected - Displays whether the vFlash SD car d is write-protected or not. • Health - Displays the overall health of the vFlas h SD card. This can be: –O K – W arning –C r i t i c a l P ress <Esc> to e xit.
310 Using the iDRAC6 C onfiguration Utility Collect Sy stem Inventory on Restart Select Enabled to allow the collection of inventory during boot. See the Dell Lifecycle Controlle r User Guide available on the Dell Support W ebsite at support.dell.com/ manuals for more information.
Using the iDRAC6 Configuration Utility 311 LAN User Configuration The LAN user is the iDRA C6 ad ministrator account, which is root by default. P r ess <Enter> to di splay the LAN User Configuration submenu. When you have finished configuring the LAN us er , press <Esc> to r eturn to the previous menu.
312 Using the iDRAC6 C onfiguration Utility T able 17-3. LAN User Configuration Item Description Auto-Discovery The auto-discovery feature enables automated discovery of unprovisioned systems on the ne twork; further , it secur ely establishes initial cr edentials so that these discover ed systems can be managed.
Using the iDRAC6 Configuration Utility 313 • F ailed to restor e settings to default values - Timeout. • Not able to send Reset command. Please try later - iDR AC is busy .
314 Using the iDRAC6 C onfiguration Utility Sy stem Event Log Menu The System Event Log Menu allows you to view System Event Log (SEL) messages and to clear the log message s.
Monitoring and Alert Management 315 18 Monitoring and Alert Management This section e xplains how to monitor th e iDR AC6 and provides procedur es to configure your syst em and the iDR AC6 to r eceive alerts.
316 Monitoring and Alert Management Disabling the Windows Automatic Reboot Option T o ensure that the iDR AC6 W eb-based interface last crash screen feature works properly , disable the Automatic R eboot option on managed systems running the Microsoft W i ndows Server 2008 and W indows Server 2003 operating syste ms.
Monitoring and Alert Management 317 • T emperature W arning Assert F ilter • T emperature Critical Assert Filter • Intrusion Critical Assert F ilter • Redundancy Degraded F ilter • Redundanc.
318 Monitoring and Alert Management Configuring PEF Using the Web-Based Interface F or detailed information, see "Configuri ng Platform Event F ilters (PEF)" on page 59.
Monitoring and Alert Management 319 Configuring PET Configuring PET Using the Web User Interface F o r detailed information, see "Configu ring Plat form Event T raps (PET)" on page 59. Configuring PET Using the RACADM CLI 1 Enable your global alerts.
320 Monitoring and Alert Management 3 Configure your PET policy . At the command prompt, type the following command and press <Enter>: iPv4:racadm config -g cfgIpmiPet -o cfgIpmiPetAlertDestIPAd.
Monitoring and Alert Management 321 where 1 and 1 are the e-mail destination inde x and the enable/disable selection, respectively . The e-mail destination index can be a value from 1 through 4. The enable/disable s election can be set to 1 (En abled) or 0 (Disabled).
322 Monitoring and Alert Management T esting the RAC SNMP T rap Alert Feature The R AC SNMP trap aler ting feat ure allows SNMP trap li stener configurations to receiv e traps for system events that occur on the manag ed syste m. The following exa mple show s how a user can test the SNMP trap alert feature of the RA C.
Monitoring and Alert Management 323 T o access/configure the iDR AC6 SNMP agent community name using the W eb-based interface, go to Remote Access Network/Security Services and click SNMP Agent . T o prevent SNMP authentication err o rs from being generated, you must enter community names that will be accept ed by the agent.
324 Monitoring and Alert Management.
Recovering and T roubleshooting the Managed Sy stem 325 19 Recovering and T roubleshooting the Managed Sy stem This section explains how to perform t asks related to recovering and troubleshooting a crashed remote system using the iDRA C6 W eb-based interface.
326 Recovering and T roubleshooting the Managed Sy stem Managing Power on a Remote Sy stem The iDRA C6 enables you to remotely perform several power management actions on the managed system so you can recover after a system crash or other system event.
Recovering and T roubleshooting the Managed Sy stem 327 The System Details page displays information about the following system components: • Main System Chassis • Remote Access Controller T o access the System Details page, expand the System tree and click P roperties System Details tab.
328 Recovering and T roubleshooting the Managed Sy stem Remote Access Controller T able 19-3. Embedded NIC MAC Addresses Field Description NIC 1 Displays the Media Access Control (MAC) addr ess(es) of the embedded Network Interface Controller (NIC) 1.
Recovering and T roubleshooting the Managed Sy stem 329 T able 19-5. IPv4 Information Field Description IPv4 Enabled Y es or No IP Address The 32-bit addr ess that identifies the Network Inte rface Card (NIC) to a host. The value is in the dot separated format, such as 143.
330 Recovering and T roubleshooting the Managed Sy stem Using the Sy stem Event Log (SEL) The SEL page displays system-critical ev e nts that occur on the manage d system. T o view the System Event L og: 1 In the System tree, click System . 2 Click the Log s tab and then click System Event Log .
Recovering and T roubleshooting the Managed Sy stem 331 Using the Command Line to V iew Sy stem Log racadm getsel -i The getsel -i com mand displays the numbe r of entries in the SEL. racadm getsel < options > NOTE: If no arguments are specified, the entire log is displayed.
332 Recovering and T roubleshooting the Managed Sy stem Using the POST Boot Logs NOTE: All logs are cleared afte r you reboot the iDRAC6. The Boot Capture page provides access to r eco r dings of up to the last thr ee available boot cycles. They ar e arranged in the order of latest to oldest.
Recovering and T roubleshooting the Managed Sy stem 333 V iewing the Last Sy stem Crash Screen NOTE: The last crash screen feature requires the managed sy stem with the Auto Recovery feature configured in Server Administrator . In addition, ensure that the Automated Sy stem Recovery feature is enabled using th e iDRAC6.
334 Recovering and T roubleshooting the Managed Sy stem.
Recovering and T roubleshooting the iDRAC6 335 20 Recovering and T roubleshooting the iDRAC6 This section explains ho w to perf orm tasks relate d to recovering a nd troubleshooting a crashed iD RA C6.
336 Recovering and T roubleshooting the iDRAC6 Using the iDRAC Log Page Buttons The iDRA C Lo g page provides the butto ns listed in T able 20-2. T able 20-1. iDRAC Log Page Information Field Description Date/ T ime The date and time (for example, Dec 19 16:55:47 ).
Recovering and T roubleshooting the iDRAC6 337 Using the Command Line Use the getraclog command to view the iDR AC6 log entries . racadm getraclog [options] racadm getraclog -i The getraclog -i command disp lays the number of entries in the iDRA C6 log.
338 Recovering and T roubleshooting the iDRAC6 Using Identify Server The Identify page allows you to enable th e system identification feature. T o identify the server : 1 Click System Remote Access T roubleshooting Identify .
Recovering and T roubleshooting the iDRAC6 339 If you entered 0 seco nds, follow t hese steps to disable it: 1 Click System Remote Access T roubleshooting Identify . 2 On the Identify screen, deselect the Identify Server optio n. Click Apply .
340 Recovering and T roubleshooting the iDRAC6 Using the coredump The racadm coredump command displays detailed information related to any recent critical issues that have occurr ed with the R AC. The cor edump information can be used to di agnose these critical issue s.
Sensors 341 21 Sensors Hardwar e sensors or probes help you to monitor the systems on your network in a more efficient way by enabling you to take appropriate actions to prevent disasters, such as system instability or damage.
342 Sensors Power Supplies Probes The power supplies probes provides information on: • Status of the power supplies • P ower supply redundancy , that is, the ability of the redundant power supply to r eplace the primary power supply if the primary power supply fails .
Sensors 343 V oltage Probes The following are typical voltage probes. Y our system may have these and/or others present. • CP U [n] VCORE • System Board 0.9V PG • System Board 1.5V ESB2 PG • System Board 1.5V PG • System Board 1.8V PG • System Board 3.
344 Sensors.
Configuring Security Features 345 22 Configuring Security Features The iDRA C6 provides the fo llowing security features: • Advanced Security options for the iDRA C6 administrator : • The Virtual C onsole disable option allows the local system user to disable Virtual Console using the iDR AC6 V irtual Console feature.
346 Configuring Security Features Security Options for the iDRAC6 Administrator Disabling the iDR AC6 Local Configur ation Administrators can d is a b l e l o c al c on f i g uration through the iDRAC6 graphical user interface (GUI) by selecting R emote Access Network/Security Ser vices .
Configuring Security Features 347 CAUTION: These features severely limit the ability of the local user to configure the iDRAC6 from the local sy ste m, including performing a reset to default of the configuration. It is recommended that you use these features with discretion.
348 Configuring Security Features IP address to another device on the network, the resulting conflict may disable the out-of-band connectivity of the DR A C, r equiring administrators to reset the firmware to its defaul t settings through a serial connection.
Configuring Security Features 349 Securing iDRAC6 Communi cations Using SSL and Digital Certificates This subsection provides informatio n about the following data security featur es that ar e incorpo.
350 Configuring Security Features viewed or changed by others. T o ensur e security for your DR AC, it is strongly recommended that you generate a CS R, submit the CSR to a CA, and upload the certificate r eturned from the CA.
Configuring Security Features 351 Generating a Certificate Signing Request NOTE: Each CSR overwrites any previous CS R on the firmware. Before iDRAC can accept your signed CSR, the CSR in t he firmware must matc h the certificate returned from the CA.
352 Configuring Security Features Viewing a Server Certificate 1 In the SSL Main Menu page, select V iew Ser ver Certificate and click Next . T able 22-5 d escribes the fields and asso ciated descriptions listed in the Certificate window . 2 Click the appropriate V iew Ser ver Certificate page button to contin ue.
Configuring Security Features 353 Using the Secure Shell (SSH) F o r information about usin g SSH, see "Using the Secur e Shell (SSH)" on page 91. Configuring Services NOTE: T o modify these se ttings, you must have Configure iDRAC permission.
354 Configuring Security Features 5 Click the appropriate Services page button to continue. See T able 22-13. T able 22-6. Local Configuration Settings Setting Description Disable the iDRA C local configuration using option ROM Disables local configuration of the iDR A C using option ROM.
Configuring Security Features 355 T able 22-8. SSH Settings Setting Description Enabled Enables or disable SSH. When checked, the checkbox indicates that SSH is enabled. T imeout The secure shell idle timeout, in seconds. The T imeout range is 60 to 1920 seconds.
356 Configuring Security Features T able 22-11. SNMP Agent Settings Setting Description Enabled Enables or disables the SNMP agent. Check ed=Enabled; Unchecked=Disabled. Community Name The name of the community that contains the IP addr ess for the SNMP Alert destination.
Configuring Security Features 357 Enabling Additional iDRAC6 Security Options T o prevent unauthorized access to your remote system, the iDRA C6 provides the following featur es: • IP address filtering (IPRange) — Define s a specific range of IP addresses that can access the iDRA C6.
358 Configuring Security Features See the iDR A C6 Administrator Refer ence Guide available on the Dell Support website at support.dell.com/ manuals for a complete list of cf gRacT uning properties. Enabling IP Filtering Below is an e xample command for IP filtering setup.
Configuring Security Features 359 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.255 T o restrict logins to a small set of four adjacent IP addresses (for example, 192.
360 Configuring Security Features As login failures accumulat e from a specific IP addr ess, they are aged by an internal counter . When the user logs in successfully , the failure history is cleared and the internal counter is r eset.
Configuring Security Features 361 Enabling IP Blocking The following example prevents a client IP address from establishing a session for five minutes if that client has failed its five login attempts i n a one-minute period of time.
362 Configuring Security Features T able 22-16. Network Security Page Settings Settings Description IP Range En abled Enables the IP Range checking fe atur e, which defin es a specific range of IP addresses that can access the iDRA C6. IP Range Address Determines the acceptable IP addr ess bit pattern, depending on the 1's in the subnet mask.
Index 363 Index A accessing SSL with web interface, 6 4 Active Directory adding iDR AC6 users, 1 6 0 configure, 3 1 configuring access to iDRA C6, 1 5 2 managing certificate s, 7 0 objects, 1 4 9 sche.
364 Index Configuring a VFlash Media Card for Use W ith iDR AC6, 2 69 configuring and mana ging power , 290 Configuring Generic LDAP Directory Service Using RAC A DM , 1 8 2 Configuring Generic LDAP D.
Index 365 configuring, 3 2 0 configuring using RA CADM C L I , 320 configuring using web interface, 3 2 0 configuring with web interface, 6 0 Empty P artition, 274 exporting Smart Car d certificate, 1.
366 Index preserve configuration, 7 9 iDR AC6 LAN, 303 iDR AC6 ports, 2 6 iDR AC6 serial configuring, 1 0 6 iDR AC6 services configuring, 7 3 iDR AC6 user enabling permissions, 1 4 1 Image F ile, 276 .
Index 367 N Network Interface Card Settings, 50 network properties configuring, 1 2 3 configuring manually , 1 2 3 Network Security P age Settings, 56 NIC mode dedicated, 3 4 shared, 3 4 shared w ith .
368 Index remote access connections supported, 2 6 remot e power managemen t, 20 remote system managing power , 3 2 6 troubleshooting, 3 2 5 role-based au thority , 20, 129 S screen r esolutions, supp.
Index 369 configuring iDRA C service, 7 3 temperature sensor , 342 terminal mode configuring, 1 0 6 , 1 0 8 testing your config urations, 177 troubleshooting a remote system, 32 5 troubleshooting tool.
370 Index VMCLI utility , 239 a b o u t , 239 deploying the operating system, 2 4 1 includes vm6deploy script, 2 4 1 operating system shell options, 2 4 7 parameters, 2 4 4 r e t u r n c o d e s , 248.
デバイスDell IDRAC6の購入後に(又は購入する前であっても)重要なポイントは、説明書をよく読むことです。その単純な理由はいくつかあります:
Dell IDRAC6をまだ購入していないなら、この製品の基本情報を理解する良い機会です。まずは上にある説明書の最初のページをご覧ください。そこにはDell IDRAC6の技術情報の概要が記載されているはずです。デバイスがあなたのニーズを満たすかどうかは、ここで確認しましょう。Dell IDRAC6の取扱説明書の次のページをよく読むことにより、製品の全機能やその取り扱いに関する情報を知ることができます。Dell IDRAC6で得られた情報は、きっとあなたの購入の決断を手助けしてくれることでしょう。
Dell IDRAC6を既にお持ちだが、まだ読んでいない場合は、上記の理由によりそれを行うべきです。そうすることにより機能を適切に使用しているか、又はDell IDRAC6の不適切な取り扱いによりその寿命を短くする危険を犯していないかどうかを知ることができます。
ですが、ユーザガイドが果たす重要な役割の一つは、Dell IDRAC6に関する問題の解決を支援することです。そこにはほとんどの場合、トラブルシューティング、すなわちDell IDRAC6デバイスで最もよく起こりうる故障・不良とそれらの対処法についてのアドバイスを見つけることができるはずです。たとえ問題を解決できなかった場合でも、説明書にはカスタマー・サービスセンター又は最寄りのサービスセンターへの問い合わせ先等、次の対処法についての指示があるはずです。
