Configuring iDRAC6 Enterprise Using the Web Interface: Integrated Dell Remote Access Controller 6 (iDRAC6) Enterprise for Blade Servers Version 2.2 User Guide
iDRAC6 provides a Web interface that enables you to configure iDRAC6 properties and users, perform remote management tasks, and troubleshoot a remote (managed) system for problems. You would typically use the Web interface to perform your daily system management tasks. This chapter provides information about how to perform common systems management tasks with iDRAC6 Web interface and provides links to related information.
Most configuration tasks for which you would use the web interface could also be performed with local or remote RACADM commands or with SM-CLP commands.
Local RACADM commands are executed from the managed server. Remote RACADM is a client utility run on a management station, and makes use of the out-of-band interface to communicate with the managed server. This utility is used with the –r option to execute commands over a network. For more information about RACADM, see "Using the RACADM Command Line Interface."
SM-CLP commands are executed in a shell that can be accessed remotely with a Telnet or Secure Shell (SSH) connection. For more information about SM-CLP, see "Using iDRAC6 Enterprise SM-CLP Command Line Interface."
Accessing the Web Interface
To access iDRAC6 Web interface, perform the following steps:
Open a supported Web browser window.
In the Address field, enter https://<iDRAC6-IP-address> and
press <Enter>.
If the default HTTPS port number (port 443) has been changed, enter:
https://<iDRAC6-IP-address>:<port-number>
where iDRAC6-IP-address is the IP address for iDRAC6 and port-numberis the HTTPS port number.
iDRAC6 Log in window appears.
Logging In
You can log in as either an iDRAC6 user, a Microsoft® Active Directory® user, or an LDAP user. The default user name and password are root and calvin, respectively.
You must have been granted Login to iDRAC privilege by the administrator to log in to iDRAC6.
To log in, perform the following steps:
In the Username field, enter one of the following:
Your iDRAC6 user name.
NOTE: The user name for local users is case-sensitive. Examples are root, it_user, IT_user, or john_doe.
Your Active Directory (AD) user name. The AD domain name can also be selected from the drop-down menu.
You can use any of the following forms for Active Directory names: <domain>\<username>, <domain>/<username>, or <user>@<domain>. They are not case-sensitive. Examples are dell.com\john_doe, orJOHN_DOE@DELL.COM. Alternatively, you can enter the domain in the Domain field.
LDAP user name (with no domain name).
In the Password field, enter either your iDRAC6 user password, Active
Directory user password, or LDAP password. Passwords are case-sensitive.
Click OK or press <Enter>.
Logging Out
In the upper-right corner of the main window, click Log out to close the
session.
Close the browser window.
NOTE: The Log out button does not appear until you log in.
NOTE: Closing the browser without gracefully logging out may cause the session to remain active until the session timeout is reached. It is recommended that you click the Log out button to end a session.
NOTE: Closing iDRAC6 Web interface within Internet Explorer® using the close button ("x") at the top right corner of the window may generate an application error. To fix this issue, download the latest Cumulative Security Update for Internet Explorer from the Microsoft Support website, located at support.microsoft.com.
CAUTION: If you have opened multiple Web GUI sessions either through <Ctrl+T> or <Ctrl+N> to access the same iDRAC6 from the same management station, and then log out of any one session, all the Web GUI sessions will be terminated.
Using Multiple Browser Tabs and Windows
Different versions of Web browsers exhibit different behaviors when opening new tabs and windows. Microsoft Internet Explorer 6 does not support tabs; therefore, each browser window opened becomes a new iDRAC6 Web interface session. Internet Explorer (IE) 7 and IE 8 have the option to open tabs as well as windows. Each tab inherits the characteristics of the most recently opened tab. Press <Ctrl–T> to open a new tab and <Ctrl–N> to open a new browser window from the active session. You will be logged in with your already authenticated credentials. Closing any one tab expires all iDRAC6 Web interface tabs. Also, if a user logs in with Power User privileges on one tab, and then logs in as Administrator on another tab, both open tabs then have Administrator privileges.
Tab behavior in Firefox 2 and Firefox 3 is the same as IE 7 and IE 8; new tabs are new sessions. Window behavior in Firefox is different. Firefox windows will operate with the same privileges as the latest window opened. For example, if one Firefox window is open with a Power User logged in and another window is opened with Administrator privileges, both users will now have Administrator privileges.
Table 5-1. User Privilege Behavior in Supported Browsers
Browser
Tab Behavior
Window Behavior
Microsoft Internet Explorer 6
Not applicable
New session
Microsoft IE7 and IE8
From latest session opened
New session
Firefox 2 and Firefox 3
From latest session opened
From latest session opened
Configuring iDRAC6 NIC
This section assumes that iDRAC6 has already been configured and is accessible on the network. See "Configure iDRAC6 Networking" for help with the initial iDRAC6 network configuration.
Configuring the Network, IPMI and VLAN Settings
NOTE: You must have Configure iDRAC6 privilege to perform the following steps.
NOTE: Most DHCP servers require a server to store a client identifier token in its reservations table. The client (iDRAC6, for example) must provide this token during DHCP negotiation. iDRAC6 supplies the client identifier option using a one-byte interface number (0) followed by a six-byte MAC address.
Click System®Remote Access®iDRAC6.
Click the Network/Security tab.
The Network screen appears.
Configure the Network, IPMI, and VLAN settings as needed. See
Table 5-2, Table 5-3, and Table 5-4 for descriptions of the Network, IPMI,
and VLAN Settings options.
Click Apply.
Click the appropriate button to continue.
Table 5-2. Network Settings
Setting
Description
Network Interface Card Settings
MAC Address
Displays the Media Access Control (MAC) address that uniquely identifies each node in a network. The MAC address cannot be changed.
Enable NIC
When checked, indicates that the NIC is enabled and activates the remaining controls in this group. When a NIC is disabled, all communication to and from iDRAC6 through the network is blocked.
The default is Unchecked.
Common Settings
Register iDRAC6 on DNS
Registers iDRAC6 name on the DNS server.
The default is Unchecked.
DNS iDRAC6 Name
Displays iDRAC6 name. The default name is idrac-service_tag, where service_tagis the service tag number of the Dell server. For example: iDRAC-HM8912S.
Use DHCP for DNS Domain Name
Checked: Enable acquisition of DNS from DHCP.
Unchecked: Disable acquisition of DNS from DHCP.
DNS Domain Name
The default DNS Domain Name is blank. When the Use DHCP for DNS Domain Name check box is selected, this option is grayed out and the field cannot be modified.
IPv4 Settings
Enabled
Enables (Checked) or disables (Unchecked) IPv4 protocol support. The Enable NIC option should be checked to activate this setting.
DHCP Enable
If Checked, the Server Administrator obtains the IP address for iDRAC6 NIC from the DHCP server. It also deactivates the IP Address, Subnet Mask, and Gateway fields.
IP Address
Allows you to enter or edit a static IP address for iDRAC6 NIC. To change this setting, deselect the DHCP Enable option.
Subnet Mask
Allows you to enter or edit a subnet mask for iDRAC6 NIC. To change this setting, deselect the DHCP Enable option.
Gateway
Allows you to enter or edit a static IPv4 gateway for iDRAC6 NIC. To change this setting, deselect the DHCP Enable option.
Use DHCP to obtain DNS server addresses
Select the DHCP Enable option to obtain DNS server addresses by selecting the Use DHCP to obtain DNS server addresses check box. When not using DHCP to obtain the DNS server addresses, provide the IP addresses in the Preferred DNS Server and Alternate DNS Server fields.
Preferred DNS Server
Allows you to enter or edit a static IP address for the preferred DNS server. To change this setting, first deselect the Use DHCP to obtain DNS server addresses option.
Alternate DNS Server
Uses the secondary DNS server IP address when Use DHCP to obtain DNS server addresses is not selected. Enter an IP address of 0.0.0.0 if there is no alternate DNS server.
IPv6 Settings
Enabled
If the check box is Checked, IPv6 is enabled. If the check box is Unchecked, IPv6 is disabled. The default is Unchecked.
Autoconfiguration Enable
Selecting this option allows iDRAC6 to obtain the IPv6 address for iDRAC6 NIC from the Dynamic Host Configuration Protocol (DHCPv6) server. Enabling Autoconfiguration Enable also deactivates and flushes out the static values for IPv6 Address, Prefix Length, and Gateway.
IPv6 Address
Configures the IPv6 address for iDRAC6 NIC. To change this setting, you must first disable Autoconfiguration Enable by deselecting the associated check box.
NOTE: Only two IPv6 addresses (Link Local address and the global address) are displayed if your network setup has IPv6 DHCP configured and all sixteen IPv6 addresses are displayed if you have configured your network router to send Router Advertisement messages.
NOTE: iDRAC6 does not allow you to save the settings if you enter an IPv6 Address consisting of more than eight groups.
Prefix Length
Configures the prefix length of the IPv6 address. It can be a value between 1 and 128 inclusive. To change this setting, you must first disable Autoconfiguration Enable by deselecting the associated check box.
Gateway
Configures the static IPv6 gateway for iDRAC6 NIC. To change this setting, you must first disable Autoconfiguration Enable by deselecting the associated check box.
Use DHCPv6 to obtain DNS Server addresses
Enable DHCP to obtain IPv6 DNS server addresses by selecting the Use DHCPv6 to obtain DNS Server addresses check box. When not using DHCP to obtain the DNS server addresses, provide the IP addresses in the Preferred DNS Server and Alternate DNS Server fields. The default value is Unchecked.
NOTE: When the Use DHCPv6 to obtain DNS Server addresses check box is selected, IP addresses cannot be entered into the Preferred DNS Server and Alternate DNS Server fields.
Preferred DNS Server
Configures the static IPv6 address for the preferred DNS server. To change this setting, deselect Use DHCPv6 to obtain DNS Server Addresses.
Alternate DNS Server
Configures the static IPv6 address for the alternate DNS server. To change this setting, deselect Use DHCPv6 to obtain DNS Server Addresses.
Table 5-3. IPMI Settings
Setting
Description
Enable IPMI Over LAN
When selected, indicates that the IPMI LAN channel is enabled. The default is Unchecked.
Channel Privilege Level Limit
Configures the maximum privilege level for the user that can be accepted on the LAN channel. Select one of the following options: Administrator, Operator, or User. The default is Administrator.
Encryption Key
Configures the encryption key. The encryption key must consist of an even number of hexadecimal characters with a maximum of 40 characters with no spaces. The default IPMI encryption key is all zeros.
Table 5-4. VLAN Settings
Button
Description
Enable VLAN ID
Yes—Enabled. No—Disabled. If enabled, only matched Virtual LAN (VLAN) ID traffic is accepted.
NOTE: The VLAN settings can only be configured through CMC Web Interface. iDRAC6 only displays the current enablement status; you can not modify the settings on this screen.
VLAN ID
VLAN ID field of 802.1g fields. Displays a value from 1 to 4094 except 4001 to 4020.
Priority
Priority field of 802.1g fields. This is used to identify the priority of the VLAN ID and displays a value from 0 to 7 for the VLAN Priority.
Table 5-5. Network Configuration Buttons
Button
Description
Advanced Settings
Displays the Network Security screen, allowing you to enter the IP Range and IP Blocking attributes.
Print
Prints the Network configuration values that appear on the screen.
Refresh
Reloads the Network screen.
Apply
Saves any new settings made to the network configuration screen.
NOTE: Changes to the NIC IP address settings close all user sessions and require users to reconnect to iDRAC6 Web interface using the updated IP address settings. All other changes require the NIC to be reset, which may cause a brief loss in connectivity.
Configuring IP Filtering and IP Blocking
NOTE: You must have Configure iDRAC6 privilege to perform the following steps.
Click System®Remote Access®iDRAC6.
Click the Network/Security tab.
The Network screen appears.
Click Advanced Settings.
The Network Security screen appears.
Configure IP filtering and blocking settings as needed. See Table 5-6 for
descriptions of the IP filtering and blocking settings.
Click Apply.
Click the appropriatebutton to continue. See Table 5-7.
Table 5-6. IP Filtering and Blocking Settings
Settings
Description
IP Range Enabled
Enables the IP Range checking feature, which defines a range of IP addresses that can access iDRAC6. The default is Disabled.
IP Range Address
Determines the acceptable IP subnet address. The default is 192.168.1.0.
IP Range Subnet Mask
Defines the significant bit positions in the IP address. The subnet mask should be in the form of a netmask, where the more significant bits are all 1's with a single transition to all zeros in the lower-order bits. The default is 255.255.255.0.
IP Blocking Enabled
Enables the IP address blocking feature, which limits the number of failed login attempts from a specific IP address for a preselected time span. The default is Disabled.
IP Blocking Fail Count
Sets the number of login failures attempted from an IP address before the login attempts are rejected from that address. The default is 10.
IP Blocking Fail Window
Determines the time span in seconds within which IP Block Fail Count failures must occur to trigger the IP Block Penalty Time. The default is 3600.
IP Blocking Penalty Time
The time span in seconds that login attempts from an IP address with excessive failures are rejected. The default is 3600.
Table 5-7. Network Security Buttons
Button
Description
Print
Prints the Network Security values that appear on the screen.
Refresh
Reloads the Network Security screen.
Apply
Saves any new settings that you made to the Network Security screen.
Go Back to Network Configuration Page
Returns to the Network screen.
Configuring Platform Events
Platform event configuration provides a mechanism for configuring iDRAC6 to perform selected actions on certain event messages. The actions include no action, reboot system, power cycle system, power off system, and generate an alert (Platform Event Trap [PET] and/or e-mail).
The filterable platform events are listed in Table 5-8.
Table 5-7. Network Security Buttons
Index
Platform Event
1
Battery Probe Warning
2
Battery Probe Failure
3
Discrete Voltage Probe Failure
4
Temperature Probe Warning
5
Temperature Probe Failure
6
Processor Failure
7
Processor Absent
8
Hardware Log Failure
9
Automatic System Recovery
10
SD Card Failure
11
Redundancy Lost
When a platform event occurs (for example, a Battery Probe Warning), a system event is generated and recorded in the System Event Log (SEL). If this event matches a platform event filter (PEF) that is enabled and you have configured the filter to generate an alert (PET or e-mail), then a PET or e-mail alert is sent to one or more configured destinations.
If the same platform event filter is also configured to perform an action (such as rebooting the system), the action is performed.
Configuring Platform Event Filters (PEF)
NOTE: Configure platform event filters before you configure the platform event traps or e-mail alert settings.
Log in to iDRAC6 Web interface.
Click System, and then click the Alert Management tab.
The Platform Eventsscreen appears.
Select the Generate Alertoption beside each event for which you want an
alert to be generated.
NOTE: You may enable or disable alert generation for all events by selecting or deselecting the check box next to the Generate Alert column heading.
Select the radio button below the action you would like to enable for each
event. You can only select one action for each event.
Click Apply.
NOTE: The event's Generate Alert check box must be selected in order for an alert to be sent for that event.
Configuring Platform Event Traps (PET)
NOTE: You must have Configure iDRAC permission to add or enable/disable an SNMP alert. The following options will not be available if you do not have Configure iDRAC permission.
Click System, and then click the Alert Management tab.
The Platform Eventsscreen appears.
Click Trap Settings.
The Trap Settingsscreen is displayed.
Configure your PET destination IP address:
Select the Enabled check box next to the Destination Number you
would like to activate.
Enter an IP address in the appropriate IPv4 or IPv6 Destination IP
Address box.
NOTE: The destination community string must be the same as iDRAC6 community string.
Click Apply.
NOTE: To successfully send a trap, configure the Community String value. The Community Stringvalue indicates the community string to use in a Simple Network Management Protocol (SNMP) alert trap sent from iDRAC6. SNMP alert traps are transmitted by iDRAC6 when a platform event occurs. The default setting for the Community String is Public.
To test the configured alert, click Send.
To add an additional destination IP address, repeat step a through step
d. You may specify up to four IPv4 and four IPv6 destination
addresses.
Click System, and then click the Alert Management tab.
The Platform Eventsscreen appears.
Click Email Alert Settings.
The Email Alert Settingsscreen appears.
Configure your e-mail alert destination.
Select the Enabled check box for the first undefined e-mail alert.
Enter a valid e-mail address in the Destination Email Address field.
Click Apply.
NOTE: To successfully send a test e-mail, the SMTP (Email) Server must be configured in the SMTP (Email) Server Address Settings section of the Email Alert Settings screen. Specify an SMTP server in the field provided using either the dot separated format (for example, 192.168.1.1) or the DNS name. The IP address of the SMTP Server communicates with iDRAC6 to send e-mail alerts when a platform event occurs.
In the Modify Source Email Name field, enter the originator e-mail
for the alert, or leave it blank to use the default e-mail originator. The
default is blade_slot@iDRAC6 IP Address.
If the Modify Source Email Name field is blank, iDRAC6 host name is configured, and DNS Domain Name is active, then the source e-mail address is:<iDRAC6 host name>@<DNS Domain name>.
If the field is blank, iDRAC6 host name is blank, and the DNS Domain Name is active, then the source e-mail address is :<iDRAC6 Slotx>@<DNS Domain name>.
If the field is blank, iDRAC6 host name is blank, and the DNS Domain Name is blank, then the source e-mail address is: <iDRAC6 Slotx>@<iDRAC6 IP Address>.
If the field is "a string without @", and DNS Domain Name is active, then the source e-mail address is: <a string without @>@<DNS Domain name>.
If the field is "a string without @", and DNS Domain Name is blank, then the source e-mail address is :<a string without @>@<iDRAC6 IP Address>.
If the field is "a string with @", and DNS Domain Name is active, then the source e-mail address is:<a string with @>@<DNS Domain name>.
If the field is "a string with @", and the DNS Domain Name is blank, then the source e-mail address is:<a string with @>@<iDRAC6 IP Address>.
Click Send to test the configured e-mail alert (if desired).
To add an additional e-mail alert destination, repeat step a through
step e. You may specify up to four e-mail alert destinations.
Configuring IPMI Over LAN
Log in to iDRAC6 Web interface.
Configure IPMI over LAN:
Click System®Remote Access®iDRAC6, and then click the
Network/Security tab.
The Networkscreen appears.
Click IPMI Settings.
Select the Enable IPMI Over LAN check box.
Update the Channel Privilege Level Limit, if required:
NOTE: This setting determines the IPMI commands that can be executed from the IPMI over LAN interface. For more information, see the IPMI 2.0 specifications.
Under IPMI Settings, click the Channel Privilege Level Limit drop-down menu, select Administrator, Operator, or User, and then click Apply.
Set the IPMI LAN channel encryption key, if required.
NOTE: iDRAC6 IPMI supports the RMCP+ protocol.
Under IPMI Settings in the Encryption Key field, enter the encryption key.
Click Apply.
Configure IPMI Serial over LAN (SOL):
Click System®Remote Access®iDRAC6, and then click the
Network/Security tab.
The Networkscreen appears.
Click the Serial Over LAN tab.
Select Enable Serial Over LAN.
Update the IPMI SOL Baud Rate, if needed, by selecting a data speed
from the Baud Rate drop-down menu.
NOTE: To redirect the serial console over the LAN, ensure that the SOL Baud Rate is identical to your managed server's baud rate.
Click Apply.
Configure IP filtering and blocking settings as needed in the
Advanced Settings page.
Adding and Configuring iDRAC6 Users
To manage your system with iDRAC6 and maintain system security, create unique users with specific administrative permissions (or role-based authority).
To add and configure iDRAC6 users, perform the following steps:
NOTE: You must have Configure iDRAC permission to perform the following steps.
The Users screen displays each user's User ID, State, User Name, IPMI LAN Privileges, iDRAC6 Privileges, and Serial Over LAN capability.
NOTE: User-1 is reserved for the IPMI anonymous user and is not configurable.
In the User ID column, click a user ID number.
On the User Main Menu page (see Table 5-9, Table 5-10, and Table 5-11),
you can either configure a user, upload a SSH public key file, or view or
delete a specified SSH key or all SSH keys.
Public Key Authentication over SSH
iDRAC6 supports the Public Key Authentication (PKA) over SSH. This authentication method improves SSH scripting automation by removing the need to embed or prompt for a user ID/password.
Before you Begin
You can configure up to 4 public keys per user that can be used over an SSH interface. Before adding or deleting public keys, ensure that you use the view command to see what keys are already set up, so a key is not accidentally overwritten or deleted. When the PKA over SSH is set up and used correctly, you do not have to enter the password when logging into iDRAC6. This can be very useful for setting up automated scripts to perform various functions.
When getting ready to set up this functionality, be aware of the following:
You can manage this feature with RACADM and also from the GUI.
When adding new public keys, ensure that the existing keys are not already at the index where the new key is added. iDRAC6 does not perform checks to ensure previous keys are deleted before a new one is added. As soon as a new key is added, it is automatically in effect as long as the SSH interface is enabled.
Generating Public Keys for Windows
Before adding an account, a public key is required from the system that will access iDRAC6 over SSH. There are two ways to generate the public/private key pair: using PuTTY Key Generator application for clients running Windows or ssh-keygen CLI for clients running Linux. The ssh-keygen CLI utility comes by default on all standard installations.
This section describes simple instructions to generate a public/private key pair for both applications. For additional or advanced usage of these tools, see the application Help.
To use the PuTTY Key Generator for Windows clients to create the basic key:
Start the application and select either SSH-2 RSA or SSH-2 DSA for the
type of key to generate. SSH-1 is not supported.
Enter the number of bits for the key. The supported key generation
algorithms are RSA and DSA only. The number must be between 768 and
4096 bits for RSA and 1024 bits for DSA.
Click Generate and move the mouse in the window as directed. After the
key is created, you can modify the key comment field. You can also enter a
passphrase to make the key secure. Ensure that you save the private key.
You can save the public key to a file using the Save public key option to
upload it later. All uploaded keys must be in RFC 4716 or openSSH
formats. If not, you must convert the same into those formats.
Generating Public Keys for Linux
The ssh-keygen application for Linux clients is a command line tool with no graphical user interface.
Open a terminal window and at the shell prompt, enter:
ssh-keygen –t rsa –b 1024 –C testing
NOTE: The options are case-sensitive.
where,
-t can be either dsa or rsa.
–b specifies the bit encryption size between 768 and 4096.
–C allows modifying the public key comment and is optional.
After the command executes, upload the public file.
NOTE: Keys generated from the Linux management station using ssh-keygen are not in RFC4716 but openSSH format. The openSSH public keys can be uploaded to iDRAC6. iDRAC6 public key algorithm validates both the openSSH and RFC4716 keys, internally converts the RFC4716 keys to the openSSH format, and then internally stores the keys.
NOTE: iDRAC6 does not support ssh-agent forward of keys.
Logging in Using Public Key Authentication
After the public keys are uploaded, you can log into iDRAC6 over SSH without entering a password. You also have the option of sending a single RACADM command as a command line argument to the SSH application. The command line options behave like remote RACADM since the session ends after the command is completed.
Allows the local user to upload a SSH public key file. If a key is uploaded, the content of the key file is displayed in a non-editable text box on the User Configuration page.
View/Remove SSH Key(s)
Allows the local user to view or delete a specified SSH key or all SSH keys.
The Upload SSH Key(s) page allows you to upload a SSH public key file. If a key is uploaded, the contents of the key file is displayed in a non-editable text box on the View/Remove SSH Key(s) page.
Table 5-10. Upload SSH Key(s)
Option
Description
File/Text
Select the File option and type the path where the key is located. You can also select the Text option and paste the contents of the key file in the box. You can upload new key(s) or overwrite existing key(s). To upload a key file, click Browse, select the file, and then click the Apply button.
NOTE: The Key text paste option is supported for public keys in the openSSH format. Text paste option for the RFC4716 format key is not supported.
Browse
Click this button to locate the full path and file name of the key.
The View/Remove SSH Key(s) page enables you to view or remove the user's SSH public keys.
Table 5-11. View/Remove SSH Key(s)
Option
Description
Remove
The uploaded key is displayed in the box. Select the Remove option and click Apply to delete the existing key.
If you select Configure Userand clickNext,theUser Configurationpage
is displayed.
On the User Configuration screen, configure the user's properties and
privileges.
Table 5-12 describes the General settings for configuring an iDRAC6 user name and password.
Table 5-13 describes the IPMI LAN Privileges for configuring the user's LAN privileges.
Table 5-14 describes the User Group permissions for the IPMI LAN Privileges and iDRAC6User Privileges settings.
Table 5-15 describes iDRAC6 Group permissions. If you add an iDRAC6 User Privilege to the Administrator, Power User, or Guest User, iDRAC6 Group will change to the Custom group.
When completed, click Apply.
Click the appropriate button to continue. See Table 5-16.
Table 5-12. General Properties
Property
Description
User ID
Contains one of 16 preset User ID numbers. This field cannot be edited.
Enable User
When Checked, indicates that the user's access to iDRAC6 is enabled. When Unchecked, user access is disabled.
User Name
Specifies an iDRAC6 user name with up to 16 characters. Each user must have a unique user name.
NOTE: User names on iDRAC6 cannot include the @,#,$,%,/,. characters and are case-sensitive.
NOTE: If the user name is changed, the new name will not appear in the user interface until the next user login.
Change Password
Enables the New Password and Confirm New Password fields. When deselected, the user's Password cannot be changed.
New Password
Enables editing iDRAC6 user's password. Enter a Password with up to 20 characters. The characters will not display.
NOTE: Special characters like <, >, and \ are not allowed and are blocked while creating user passwords.
Confirm New Password
Re-enter iDRAC6 user's password to confirm.
Table 5-13. IPMI LAN Privilege
Property
Description
Maximum LAN User Privilege Granted
Specifies the user's maximum privilege on the IPMI LAN channel to one of the following user groups: None, Administrator, Operator, or User.
Enable Serial Over LAN
Allows the user to use IPMI Serial Over LAN. When Checked, this privilege is enabled.
Table 5-14. Other Privilege
Property
Description
iDRAC6 Group
Specifies the user's maximum iDRAC6 user privilege as one of the following: Administrator, Power User, Guest User, Custom, or None.
Enables the user to allow specific users to access the system.
CAUTION: The capability to upload, view, and/ or delete SSH keys is based on the "Configure Users" user privilege. This privilege allows user(s) to configure any other user's SSH key. Given the importance of SSH Keys, grant this privilege very carefully.
Clear Logs
Enables the user to clear iDRAC6 logs.
Execute Server Control Commands
Enables the user to execute RACADM commands.
Access Console Redirection
Enables the user to run Console Redirection.
Access Virtual Media
Enables the user to run and use Virtual Media.
Test Alerts
Enables the user to send test alerts (e-mail and PET) to all currently configured alert recipients.
Execute Diagnostic Commands
Enables the user to run diagnostic commands.
Table 5-15. iDRAC6 Group Permissions
User Group
Permissions Granted
Administrator
Login to iDRAC6, Configure iDRAC6, Configure Users, Clear Logs, Execute Server Control Commands, Access Console Redirection, Access Virtual Media, Test Alerts, Execute Diagnostic Commands
Power User
Login to iDRAC6, Clear Logs, Execute Server Control Commands, Access Console Redirection, Access Virtual Media, Test Alerts
Guest User
Login to iDRAC6
Custom
Selects any combination of the following permissions: Login to iDRAC6, Configure iDRAC6, Configure Users, Clear Logs, Execute Server Control Commands, Access Console Redirection, Access Virtual Media, Test Alerts, Execute Diagnostic Commands
None
No assigned permissions
Table 5-16. User Configuration Buttons
Button
Action
Print
Prints the User Configuration values that appear on the screen.
Refresh
Reloads the User Configuration screen.
Apply
Saves any new settings made to the user configuration.
Go Back To Users Page
Returns to the Users screen.
Securing iDRAC6 Communications Using SSL and
Digital Certificates
This section provides information about the following data security features that are incorporated in iDRAC6:
Secure Sockets Layer (SSL)
Certificate Signing Request (CSR)
Accessing the SSL main menu
Generating a new CSR
Uploading a server certificate
Viewing a server certificate
Secure Sockets Layer (SSL)
iDRAC6 includes a Web server that is configured to use the industry-standard SSL security protocol to transfer encrypted data over a network. Built upon public-key and private-key encryption technology, SSL is a widely accepted technology for providing authenticated and encrypted communication between clients and servers to prevent eavesdropping across a network.
An SSL-enabled system can perform the following tasks:
Authenticate itself to an SSL-enabled client
Allow the client to authenticate itself to the server
Allow both systems to establish an encrypted connection
The encryption process provides a high level of data protection. iDRAC6 employs the 128-bit SSL encryption standard, the most secure form of encryption generally available for Internet browsers in North America.
iDRAC6 Web server has a Dell self-signed SSL digital certificate (Server ID) by default. To ensure high security over the Internet, replace the Web server SSL certificate with a certificate signed by a well-known Certificate Authority (CA). A Certificate Authority is a business entity that is recognized in the IT industry for meeting high standards of reliable screening, identification, and other important security criteria. Examples of CAs include Thawte® and VeriSign®. To initiate the process of obtaining a signed certificate, you can use iDRAC6 Web interface to generate a Certificate Signing Request (CSR) with your company's information. You can then submit the generated CSR to a CA such as VeriSign or Thawte.
Certificate Signing Request (CSR)
A CSR is a digital request to a Certificate Authority (CA) for a secure server certificate. Secure server certificates allow clients of the server to trust the identity of the server and to negotiate an encrypted session with the server.
After the CA receives a CSR, they review and verify the information the CSR contains. If the applicant meets the CA's security standards, the CA issues a digitally-signed certificate that uniquely identifies that applicant for transactions over networks and on the Internet.
After the CA approves the CSR and sends the certificate, upload the certificate to iDRAC6 firmware. The CSR information stored on iDRAC6 firmware must match the information contained in the certificate, that is, the certificate must have been generated in response to the CSR created by iDRAC6.
Table 5-17 describes the options available when generating a CSR.
Table 5-18 describes the available buttons on the SSL Main Menu screen.
Table 5-17. SSL Main Menu Options
Field
Description
Generate a New Certificate Signing Request (CSR)
Select the option and click Next to open the GenerateCertificate Signing Request (CSR) screen.
NOTE: Each new CSR overwrites the previous CSR on the firmware. For a CA to accept your CSR, the CSR in the firmware must match the certificate returned from the CA.
Upload Server Certificate
Select the option and click Next to open the Certificate Upload screen and upload the certificate sent to you by the CA.
NOTE: Only X509, Base 64-encoded certificates are accepted by iDRAC6. DER-encoded certificates are not accepted.
View Server Certificate
Select the option and click Next to open the View Server Certificate screen and view the existing server certificate.
Table 5-18. SSL Main Menu Buttons
Button
Description
Print
Prints the SSL values that appear on the screen.
Refresh
Reloads the SSL screen.
Next
Processes the information on the SSL screen and continues to the next step.
Generating a New Certificate Signing Request
NOTE: Each new CSR overwrites any previous CSR data stored in the firmware. The CSR in the firmware must match the certificate returned from the CA. Otherwise, iDRAC6 will not accept the certificate.
On the SSL screen, select Generate a New Certificate Signing Request
(CSR) and click Next.
On the Generate Certificate Signing Request (CSR) screen, enter a value
for each CSR attribute.
The exact name being certified (usually the Web server's domain name, for example, www.xyzcompany.com). Only alphanumeric characters, spaces, hyphens, underscores, and periods are valid.
Organization Name
The name associated with this organization (for example, XYZ Corporation). Only alphanumeric characters, hyphens, underscores, periods, and spaces are valid.
Organization Unit
The name associated with an organizational unit, such as a department (for example, Information Technology). Only alphanumeric characters, hyphens, underscores, periods, and spaces are valid.
Locality
The city or other location of the entity being certified (for example, Round Rock). Only alphanumeric characters and spaces are valid. Do not separate words using an underscore or other character.
State Name
The state or province where the entity who is applying for a certification is located (for example, Texas). Only alphanumeric characters and spaces are valid. Do not use abbreviations.
Country Code
The name of the country where the entity applying for certification is located.
Email
The e-mail address associated with the CSR. Enter the company's e-mail address, or any e-mail address associated with the CSR. This field is optional.
Key Size
The size of the Certificate Signing Request (CSR) Key to be generated. The size may be 1024 KB or 2048 KB.
Prints the Generate Certificate Signing Request (CSR) values that appear on the screen.
Refresh
Reloads the Generate Certificate Signing Request (CSR) screen.
Generate
Generates a CSR and then prompts the user to save it to a specified directory.
Download
Downloads the certificate to the local computer.
Go Back to SSL Main Menu
Returns the user to the SSL screen.
Uploading a Server Certificate
In the SSL screen, select Upload Server Certificate and click Next.
The Certificate Upload screen appears.
In the File Path field, enter the path to the certificate or click Browse to
navigate to the certificate file on the management station.
NOTE: The File Path value displays the file path of the certificate you are uploading. You must enter the file path, which includes the full path and the complete file name and file extension.
Click Apply.
Click the appropriate button to continue. See Table 5-21.
Table 5-21. Certificate Upload Buttons
Button
Description
Print
Prints the values that appear on the Certificate Upload screen
Refresh
Reloads the Certificate Upload screen
Apply
Applies the certificate to iDRAC6 firmware
Go Back to SSL Main Menu
Returns the user to the SSL Main Menu screen
Viewing a Server Certificate
On the SSL screen, select View Server Certificate and click Next.
Table 5-22 describes the fields and associated descriptions listed in the View Server Certificate window.
Click the appropriate button to continue. See Table 5-23.
Table 5-22. View Server Certificate Information
Field
Description
Serial Number
Certificate serial number
Subject Information
Certificate attributes entered by the subject
Issuer Information
Certificate attributes returned by the issuer
Valid From
Issue date of the certificate
Valid To
Expiration date of the certificate
Table 5-23. View Server Certificate Buttons
Button
Description
Print
Prints the View Server Certificate values that appear on the screen.
Refresh
Reloads the View Server Certificate screen.
Go Back to SSL Main Menu
Return to the SSL Main Menu screen.
Configuring and Managing Microsoft Active
Directory Certificates
NOTE: You must have Configure iDRAC permission to configure Active Directory and upload, download, and view an Active Directory certificate.
NOTE: For more information about Active Directory configuration and how to configure Active Directory with the standard schema or an extended schema, see "Using iDRAC6 Directory Service."
To access the Microsoft Active Directory summary screen, click System®Remote Access® iDRAC6®Network/Security tab®Directory Service®Microsoft Active Directory.
Table 5-24 lists the Active Directory summary options. Click the appropriate button to continue.
Table 5-24. Active Directory Options
Field
Description
Common Settings
Displays commonly configured Active Directory settings.
Active Directory CA Certificate
Displays the certificate of the CA that signs all the domain controller's SSL server certificates.
Standard Schema Settings/Extended Schema Settings
Depending on the current Active Directory configuration, Extended Schema Settings or Standard Schema Settings are displayed.
Configure Active Directory
Click this option to configure Step 1 of 4 in Active Directory Settings. The Step 1 of 4 Active Directory page allows you to upload an Active Directory CA certificate to iDRAC6, view the current Active Directory CA Certificate that has been uploaded to iDRAC6, or enable certificate validation.
Test Settings
Click this option to test the Active Directory configuration using the settings you specified.
Kerberos Keytab Upload
Click this option to upload the Kerberos Keytab to iDRAC6. For information on how to create a keytab file, see "Enabling Kerberos Authentication".
Table 5-25. Active Directory Buttons
Button
Definition
Print
Prints the Active Directory values that appear on the screen.
Refresh
Reloads the Active Directory screen.
Configuring Active Directory (Standard Schema and Extended Schema)
On the Active Directory summary screen, click Configure Active
Directory.
On the Step 1 of 4 Active Directory screen, you can either enable
certificate validation, upload the Active Directory CA certificate in
iDRAC6, or view the current Active Directory CA certificate.
Table 5-26 describes the settings and selections for each step in the Active Directory Configuration and Management process. Click the appropriate button to continue.
Table 5-26. Active Directory Configuration Settings
Setting
Description
Step 1 of 4 Active Directory Configuration and Management
Certificate Validation Enabled
Specifies whether Certificate validation is enabled or disabled. If Checked, Certificate Validation is enabled. iDRAC6 uses LDAP over Secure Socket Layer (SSL) while connecting to Active Directory. By default, iDRAC6 provides strong security by using the CA certificate loaded in iDRAC6 to validate the SSL server certificate of the domain controllers during SSL handshake. Certificate validation can be disabled for testing purposes.
Upload Active Directory CA Certificate
To upload an Active Directory CA certificate, click Browse, select the file, and click Upload. Ensure that the domain controller's SSL certificates have been signed by the same CA and that this Certificate is available on the management station accessing iDRAC6. The File Path value displays the file path of the certificate you are uploading. If you choose not to browse to the certificate, enter the file path which includes the full path and the complete file name and file extension.
Current Active Directory CA Certificate
Displays the Active Directory CA Certificate that was uploaded to iDRAC6.
Step 2 of 4 Active Directory Configuration and Management
Active Directory Enabled
Select this option if you want to enable Active Directory.
Enable Smart–Card Login
Select this option to enable Smart Card login. You are prompted for a Smart Card logon during any subsequent logon attempts using the GUI.
NOTE: The Smart Card based Two Factor Authentication (TFA) and Single Sign–on are supported only in Microsoft Windows operating systems with Internet Explorer. Also, Terminal Services (Remote Desktop) under Windows XP® does not support Smart Card operation. However, Windows Vista® supports such usage.
Enable Single Sign-on
Select this option if you want to log into iDRAC6 without entering your domain user authentication credentials, such as user name and password. If you enable Single Sign-on (SSO) and then logout, you can log back in using SSO. If you are already logged in using SSO and then logout or if SSO fails, the normal login webpage is displayed.
NOTE: Enabling Smart–Card logon or Single Sign-on does not disable any command line out–of–band interfaces including SSH, Telnet, remote RACADM, and IPMI over LAN.
NOTE: The Smart Card based Two Factor Authentication (TFA) and the single sign-on (SSO) features are not supported if the Active directory is configured for Extended schema.
User Domain Name
Enter the User Domain Name entries. If configured, a list of user domain names appears on the login page as a drop-down menu. If not configured, Active Directory users can still log in by entering the user name in the format user_name@domain_name or domain_name\user_name. Add: Adds a new User Domain Name entry to the list. Edit: Modifies an existing User Domain Name entry. Delete: Deletes a User Domain Name entry from the list.
Timeout
Enter the maximum time (in seconds) to wait for Active Directory queries to complete.
Look Up Domain Controllers with DNS
Select the Look Up Domain Controllers with DNS option to obtain the Active Directory domain controllers from a DNS lookup. When this option is selected, Domain Controller Server Addresses 1-3 are ignored. Select User Domain from Login to perform the DNS lookup with the domain name of the login user. Otherwise, select Specify a Domain and enter the domain name to use on the DNS lookup. iDRAC6 attempts to connect to each of the addresses (first 4 addresses returned by the DNS look up) one by one until it makes a successful connection.
If Extended Schema is selected, the domain controllers are where iDRAC6 device object and the Association objects are located. If Standard Schema is selected, the domain controllers are where the user accounts and the role groups are located.
Specify Domain Controller Addresses
Select the Specify Domain Controller Addresses option to allow iDRAC6 to use the Active Directory Domain Controller server addresses that are specified. When this option is selected, DNS lookup is not performed. Specify the IP address or the Fully Qualified Domain Name (FQDN) of the domain controllers. When the Specify Domain Controller Addresses option is selected, at least one of the three addresses is required to be configured. iDRAC6 attempts to connect to each of the configured addresses one by one until it makes a successful connection.
If Standard Schema is selected, these are the addresses of the domain controllers where the user accounts and the role groups are located. If Extended Schema is selected, these are the addresses of the domain controllers where iDRAC6 device object and the Association objects are located.
Step 3 of 4 Active Directory Configuration and Management
Extended Schema Selection
Select this option if you want to use Extended Schema with Active Directory.
Click Next to display the Step 4 of 4 Active Directory Configuration and Management page.
iDRAC6 Name: Specifies the name that uniquely identifies iDRAC6 in Active Directory. This value is NULL by default.
iDRAC6 Domain Name: The DNS name (string) of the domain where the Active Directory iDRAC object resides. This value is NULL by default.
These settings are displayed only if iDRAC6 has been configured for use with an Extended Active Directory Schema.
Standard Schema Selection
Select this option if you want to use Standard Schema with Active Directory.
Click Next to display the Step 4a of 4 Active Directory page.
Select the Look Up Global Catalog Servers with DNS option and enter the Root Domain Name to use on a DNS lookup to obtain the Active Directory Global Catalog Servers. When this option is selected, Global Catalog Server Addresses 1-3 are ignored. iDRAC6 attempts to connect to each of the addresses (first 4 addresses returned by the DNS lookup) one by one until it makes a successful connection. A Global Catalog server is required only for Standard Schema in the case that the user accounts and the role groups are in different domains.
Select the Specify Global Catalog Server Addresses option and enter the IP address or the FQDN of the Global Catalog server(s). When this option is selected, DNS lookup is not performed. At least one of the three addresses must be configured. iDRAC6 attempts to connect to each of the configured addresses one by one until it makes a successful connection. Global Catalog server is required only for Standard Schema in the case that the user accounts and the role groups are in different domains.
Role Groups: Specifies the list of role groups associated with iDRAC6.
Group Name: Specifies the name that identifies the role group in the Active Directory associated with iDRAC6.
Group Domain: Specifies the group domain type where the Role Group resides.
Role Group Privileges: Specifies the group privilege level. (see Table 5-27)
These settings are displayed only if iDRAC6 has been configured for use with a Standard Active Directory Schema.
Table 5-27. Role Group Privileges
Setting
Description
Role Group Privilege Level
Specifies the user's maximum iDRAC6 user privilege as one of the following: Administrator, Power User, Guest User, None, or Custom.
Allows the group permission to execute server control commands.
Access Console Redirection
Allows the group access to Console Redirection.
Access Virtual Media
Allows the group access to Virtual Media.
Test Alerts
Allows the group to send test alerts (e-mail and PET) to a specific user.
Execute Diagnostic Commands
Allows the group permission to execute diagnostic commands.
Table 5-28. Role Group Permissions
Property
Description
Administrator
Login to iDRAC6, Configure iDRAC6, Configure Users, Clear Logs, Execute Server Control Commands, Access Console Redirection, Access Virtual Media, Test Alerts, Execute Diagnostic Commands
Power User
Login to iDRAC6, Clear Logs, Execute Server Control Commands, Access Console Redirection, Access Virtual Media, Test Alerts
Guest User
Login to iDRAC6
Custom
Selects any combination of the following permissions: Login to iDRAC6, Configure iDRAC6, Configure Users, Clear Logs, Execute Server Control Commands, Access Console Redirection, Access Virtual Media, Test Alerts, Execute Diagnostic Commands
None
No assigned permissions
Viewing an Active Directory CA Certificate
On the Active Directory summary page, click Configure Active Directory and then click Next. The Current Active Directory CA Certificate section is displayed. See Table 5-29.
Table 5-29. Active Directory CA Certificate Information
Field
Description
Serial Number
Certificate serial number.
Subject Information
Certificate attributes entered by the subject.
Issuer Information
Certificate attributes returned by the issuer.
Valid From
Certificate issue date.
Valid To
Certificate expiration date.
Enabling or Disabling Local Configuration Access
NOTE: The default setting for local configuration access is Enabled.
Automated System Recovery Agent — see Table 5-33 for Automated System Recovery Agent settings
Click Apply.
Table 5-30. Web Server Settings
Setting
Description
Enabled
Enables or disables iDRAC6 Web server. When Checked, indicates that the Web server is enabled. The default value is Checked.
Max Sessions
The maximum number of simultaneous web server sessions allowed for this system. This field is not editable. There can be 4 simultaneous web server sessions.
Active Sessions
The number of current sessions on the system, less than or equal to the Max Sessions. This field is not editable.
Timeout
The time, in seconds, that a connection is allowed to remain idle. The session is cancelled when the timeout is reached. Changes to the timeout setting take affect immediately and will reset the Web server. Timeout range is 60 to 10800 seconds. The default is 1800 seconds.
HTTP Port Number
The port on which iDRAC6 listens for a browser connection. The default is 80.
HTTPS Port Number
The port on which iDRAC6 listens for a secure browser connection. The default is 443.
Table 5-31. SSH Settings
Setting
Description
Enabled
Enables or disables SSH. When Checked, the check box indicates that SSH is enabled.
Max Sessions
The maximum number of simultaneous SSH sessions allowed for this system. 4 simultaneous SSH sessions are supported. You can not edit this field.
Active Sessions
The number of current sessions on the system. You can not edit this field.
Timeout
The secure shell idle timeout, in seconds. Timeout range is 60 to 10800 seconds. Enter 0 seconds to disable the Timeout feature. The default is 1800.
Port Number
The port on which iDRAC6 listens for an SSH connection. The default is 22.
Table 5-32. Telnet Settings
Setting
Description
Enabled
Enables or disables Telnet. When Checked, Telnet is enabled. The default value is Unchecked.
Max Sessions
The maximum number of simultaneous Telnet sessions allowed for this system. 4 simultaneous Telnet sessions are supported. You can not edit this field.
Active Sessions
The number of current Telnet sessions on the system. You can not edit this field.
Timeout
The Telnet idle timeout, in seconds. Timeout range is 60 to 10800 seconds. Enter 0 seconds to disable the Timeout feature. The default is 1800.
Port Number
The port on which iDRAC6 listens for a Telnet connection. The default is 23.
Table 5-33. Automated System Recovery Agent
Setting
Description
Enabled
Enables the Automated System Recovery Agent.
Updating iDRAC6 Firmware
NOTE: If iDRAC6 firmware becomes corrupted, as could occur if iDRAC6 firmware update is interrupted before it completes, you can recover iDRAC6 using CMC. See your CMC Firmware User Guide for instructions.
NOTE: The firmware update, by default, retains the current iDRAC6 settings. During the update process, you have the option to reset iDRAC6 configuration to the factory defaults. If you set the configuration to the factory defaults, external network access will be disabled when the update completes. You must enable and configure the network using iDRAC6 Configuration Utility or CMC Web interface.
Start iDRAC6 Web interface.
Click System®Remote Access® iDRAC6, and then click the Update tab.
NOTE: To update the firmware, iDRAC6 must be placed in an update mode. Once in this mode, iDRAC6 will automatically reset, even if you cancel the update process.
In the Firmware Update - Upload (page 1 of 4) window, click Browse and
select the firmware image.
For example:
C:\Updates\V2.2\<image_name>.
The default firmware image name is firmimg.imc.
Click Upload. The file will be uploaded to iDRAC6. This may take several
minutes to complete.
In the Upload (Step 2 of 4) page, you will see the results of the validation
performed on the image file you uploaded.
If the image file is uploaded successfully and passed all verification checks, a message will appear indicating that the firmware image has been verified.
If the image did not upload successfully, or it did not pass the verification checks, reset iDRAC6, close the current session, and then try updating again.
NOTE: If you uncheck the Preserve Configuration check box, iDRAC6 resets to its default settings. In the default settings, the LAN is disabled. You will not be able to log in to iDRAC6 Web interface. You will have to reconfigure the LAN settings using CMC Web interface or iKVM using iDRAC6 Configuration Utility during BIOS POST.
By default the Preserve Configuration check box is Checked to preserve
the current settings on iDRAC6 after an upgrade. If you do not want the
settings to be preserved, uncheck the Preserve Configuration check box.
In the Updating (step 3 of 4) window, you will see the status of the
upgrade. The progress of the firmware upgrade operation, measured in
percent, will appear in the Progress column.
Once the firmware update is complete, the Firmware Update - Update
Results (page 4 of 4) window will appear and iDRAC6 will reset
automatically. To continue accessing iDRAC6 through the web interface,
close the current browser window and reconnect to iDRAC6 using a new
browser window.
Updating iDRAC6 Firmware Using CMC
Typically, iDRAC6 firmware is updated using iDRAC6 utilities, such as iDRAC6 Web interface or operating system specific update packages downloaded from support.dell.com.
You can use CMC Web interface or RACADM to update iDRAC6 firmware. This feature is available both when iDRAC6 firmware is in Normal mode, as well as when it is corrupted.
NOTE: See the Chassis Management Controller Firmware User Guide for instructions for using CMC Web interface.
To update iDRAC6 firmware, perform the following steps:
Download the latest iDRAC6 firmware to your management station from
support.dell.com.
Log in to CMC Web interface.
Click Chassis in the system tree.
Click the Update tab. The Firmware Updatescreen appears.
Select iDRAC6 or multiple iDRAC6s of the same model to update by
selecting the Update Targets check box.
Click Browse, browse to iDRAC6 firmware image you downloaded, and
click Open.
Click Begin Firmware Update.
After the firmware image file has been uploaded to CMC, iDRAC6 updates itself with the image.
iDRAC6 Firmware Rollback
iDRAC6 has the provision to maintain two simultaneous firmware images. You can choose to boot from (or rollback to) the firmware image of your choice.
Open iDRAC6 Web interface and log in to the remote system.
Click System® Remote Access® iDRAC6, and then click the Update tab.
Click Rollback. The current and the rollback firmware versions are
displayed on the Rollback (Step 2 of 3) page.
Click Next to start the firmware rollback process.
On the Rollback (Step 3 of 3) page, you see the status of the rollback operation. On successful completion, it shows that the process completed successfully.
If the firmware rollback is successful, iDRAC6 will reset automatically. To continue working with iDRAC6 through the web interface, close the current browser and reconnect to iDRAC6 using a new browser window. An appropriate error message is displayed if an error occurs.
NOTE: The Preserve Configuration feature does not work if you want to rollback iDRAC6 firmware from version 2.2 to version 2.1.
