OpenManage Server Administrator now has two login screens because of the
separation of the Server Administrator Web server from the managed system. One
is for managing a remote system, and the other to manage the Server
Administrator Web server.
Managing a Remote System
To log in to Server Administrator to manage a remote system:
Method 1
Click on the Dell™
OpenManage™
Server Administrator icon on your desktop.
Type your preassigned Hostname/IP Address, Username and
Password of the VMware® ESXi 3.5 system in
the appropriate fields on the Remote Management Log in window. If
required, you can also enter the machine name or its Fully Qualified Domain Name
(FQDN) in the
Hostname/IP Address field.
Select the Ignore Certificate Warnings
check box, if you are using an Intranet connection.
Method 2
Open your Web browser and type one of the following in the address field and
press <Enter>:
https://hostname:1311
where hostname is the assigned name for the
managed node system and 1311 is the default
port number
or
https://IP
address:1311
where IP address is the IP address for the
managed system and 1311 is the default port number
You should type https:// (and not
http://) in the address field to receive a valid response in
your browser.
NOTE: You must have
preassigned user rights to log in to Server Administrator. See "Setup
and Administration" for instructions on setting up new users.
Using the Ignore Certificate Option
The login screen has an "Ignore certificate warnings check box".
CAUTION: You should use the "Ignore certificate warnings" option
with discretion. It is highly recommended that you use it only in trusted
Intranet environments. To ensure system
security, Dell strongly recommends that you import a root certificate or
certificate chain from a Certification Authority (CA). See the VMware
documentation for details.
NOTE: If the
certificate authority on the managed system is valid and if the Server
Administrator web server still reports an untrusted certificate error, you can
still make the managed system’s CA as trusted by using the certutil.exe.
Refer to your operating system documentation for details on accessing this
.exe. On supported Windows operating systems, you can also use the
certificates snap in option to import certificates.
Managing Server Administrator Web Server
To manage the OpenManage Server Administrator Web server:
Click on the Dell OpenManage Server Administrator icon on
your desktop. The remote login page is displayed.
Click on the Manage Web Server Link, located at the top
right corner of the screen.
Enter the User Name, Password and Domain name
(If you are accessing Server Administrator from a defined domain) and click
OK.
NOTE: The
Application drop-down menu will appear as a non-selectable field for systems
that can only access one Dell OpenManage Server Administrator
component. The drop-down menu is only functional when two or more Dell
OpenManage Server Administrator components are available on the managed system.
Select the Active
Directory Login check box to log in using Microsoft® Active Directory®.
Due to the separation of the Server Administrator Web server from the managed
system, the following options will display only when you log in to the Server
Administrator Web server, using the Manage Web Server link:
Web Server Preferences
Session Management
Web Server shutdown
X.509 Certificate Management
These options will not be displayed when you log in to a remote system.
For more information on accessing these features, refer to 'Server
Administrator Services.'
To end your Server Administrator session, click Log Out on the "Global
Navigation Bar." The Log Out button is located in the upper-right
corner of each Server Administrator home page.
NOTE: When you launch
Server Administrator using Internet Explorer� version 7.0, an intermediate
warning page may appear displaying the problem with security certificate. To
ensure system security, it is strongly recommended that you generate a new X.509
certificate, reuse an existing X.509 certificate, or import a root certificate
or certificate chain from a Certification Authority (CA). To avoid encountering
such warning messages about the certificate, the certificate used must be from a
trusted CA. For more information on X.509 Certificate Management, see "X.509
Certificate Management."
Single Sign-On
Server Administrator does not support login by default from the desktop icon.
For local machine access, you must have an account on the machine with the
appropriate privileges (Administrator). Other users are authenticated against
the Microsoft Active Directory.
NOTE: Single Sign-On is
available only for Server Administrator Web server management.
However, you can launch Server Administrator using Single Sign-On
authentication against Microsoft Active Directory. The following parameters must
also be passed in:
To launch Server Administrator using Single Sign-On authentication against
the local machine user accounts, the following parameters must also be passed
in:
NOTE: See the Knowledge
Base article at
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q258063 for
more information on Single Sign-On.
Security Settings for Microsoft Windows Server 2003
You must configure the security settings for your browser to log in to Server
Administrator from a remote management system that is running a supported
Microsoft Windows Server® 2003 operating system.
The security settings for your browser might prevent the execution of
client-side scripts that are used by Server Administrator. To enable the use of
client-side scripting, perform the following steps on the remote management
system.
NOTE: If you have not
configured your browser to enable the use of client-side scripting, you might
receive a blank screen when logging in to Server Administrator. In this case, an
error message will appear instructing you to configure your browser settings.
Internet Explorer
Start your browser.
Click Tools�
Internet Options�
Security.
Click the Trusted Sites icon.
Click Sites.
Copy the Web address used to access the remote managed system from
the browser’s address bar and paste it onto the Add this Web Site to the Zone
field.
Click Custom Level.
For Windows 2003:
Under Miscellaneous,
select the Allow Meta Refresh radio button.
Under Active Scripting, select the
Enable radio button.
Under Active Scripting, select the
Allow scripting of Internet
Explorer web browser controls radio button.
Click OK to save the new settings.
Close the browser.
Log in to Server Administrator.
To allow Single Sign-On for Server Administrator without prompts for user
credentials, perform the following steps:
Start your browser.
Click Tools�
Internet Options�
Security.
Click the Trusted Sites icon.
Click Sites.
Copy the Web address used to access the remote managed system from
the browser’s address bar and paste it onto the Add this Web Site to the Zone
field.
Click Custom Level.
Under User Authentication, select the Automatic Logon
with current username and password radio button.
Click OK to save the new settings.
Close the browser.
Log in to Server Administrator.
Mozilla
Start your browser.
Click Edit�
Preferences.
Click Advanced�
Scripts and Plugins.
Ensure that the Navigator check box is selected under
Enable JavaScript for.
Click OK to save the new settings.
Close the browser.
Log in to Server Administrator.
The Server Administrator Home
Page
NOTE: Do not use your
Web browser toolbar buttons (such as Back and Refresh) while using
Server Administrator. Use only the Server Administrator navigation tools.
With only a few exceptions, the Server Administrator home page has three main
areas:
The System Tree displays all visible
system objects based on the user's access privileges.
The Action Window displays the available
management actions for the selected system tree object based on the user's
access privileges. The action window contains three functional areas:
The action tabs display the primary actions or categories of actions
that are available for the selected object based on the user's access
privileges.
The
action tabs are divided into subcategories of all available secondary
options for the action tabs based on the user's access privileges.
The Data Area displays information
for the selected system tree object, action tab, and subcategory based
on the user's access privileges.
Additionally, when logged in to the Server Administrator home page, the
system model, the assigned name of the system, and the current user's user name
and User Privileges
are displayed in the top-right corner of the window.
Table 4-1 lists the GUI field names and
the applicable system, when Server Administrator is installed on the system.
Table 4-1. System
Availability for the Following GUI Field Names
GUI Field Name
Applicable System
Modular Enclosure
Modular System
Server module
Modular System
Main System
Modular System
System
Non-Modular System
Main system Chassis
Non-Modular System
BMC
Dell PowerEdge x8xx and x9xx
Systems
iDRAC
Dell xx0x Systems
Figure 4-1 shows a sample Server
Administrator home page layout for a user logged in with
administrator privileges on a non-modular system.
Figure 4-1. Sample
Server Administrator Home Page — Non-Modular System
Figure 4-2 shows a sample Server
Administrator home page layout for a user logged in with
administrator privileges on a modular system.
Figure 4-2. Sample
Server Administrator Home Page — Modular System
Clicking an object in the system tree opens a corresponding action window for
that object. You can navigate in the action window by clicking action tabs to
select major categories and clicking the action tab subcategories to access more
detailed information or more focused actions. The information displayed in the
data area of the action window can range from system logs to status indicators
to system probe gauges. Underlined items in the data area of the action window
indicate a further level of functionality. Clicking an underlined item creates a
new data area in the action window that contains a greater level of detail. For
example, clicking Main System Chassis/Main System under the Health
subcategory of the Properties action tab lists the health status of all
the components contained in the Main System Chassis/Main System object that are
monitored for health status.
NOTE: Administrator or
Power User privileges are required to view most of the system tree objects,
system components, action tabs, and data area features that are configurable.
Additionally, only users logged in with Administrator privileges can access
critical system features such as the shutdown functionality included under the
Shutdown tab.
Global Navigation Bar
The global navigation bar and its links are available to all user levels in
the program.
Clicking
Support connects you to the Dell Support website.
Clicking Help
opens the context-sensitive online help window. See "Using
the Online Help."
Clicking
About displays Server Administrator version and copyright information.
Clicking Log Out ends your current Server Administrator program
session.
System Tree
The system tree appears on the left side of the Server Administrator home
page and lists the components of your system that are viewable. The system
components are categorized by component type. When you expand the main object
known as Modular Enclosure�
System/Server Module, the major categories of system/server module
components that may appear are Main System Chassis/Main System,
Software, and Storage.
To expand a branch of the tree, click the plus sign (
) to the left of an object, or double-click the object. A minus sign (
) indicates an expanded entry that cannot be expanded further.
Action Window
When you click an item on the system tree, details about the component or
object appear in the data area of the action window. Clicking an action tab
displays all available user options as a list of subcategories.
Clicking an object on the system/server module tree opens that component's
action window, displaying the available action tabs. The data area defaults to a
preselected subcategory of the first action tab for the selected object.
The preselected subcategory is usually the first option. For example,
clicking the Main System Chassis/Main System object opens an action
window in which the Properties action tab and Health subcategory
are displayed in the window's data area.
Data Area
The data area is located below the action tabs on the right side of the
home page. The data area is where you perform tasks or view details about system
components. The content of the window depends on the system tree object and
action tab that are currently selected. For example, when you select BIOS from
the system tree, the Properties tab is selected by default and the
version information for the system BIOS appears in the data area. The data area
of the action window contains many common features, including status indicators,
task buttons, underlined items, and gauge indicators.
System/Server Module Component Status Indicators
The icons that appear next to component names show the status of that
component (as of the latest page refresh).
Table 4-2.
System/Server Module Component Status Indicators
A green check mark indicates that a
component is healthy (normal).
A yellow triangle containing an
exclamation point indicates that a component has a warning (noncritical)
condition. A warning condition occurs when a probe or other monitoring tool
detects a reading for a component that falls within certain minimum and
maximum values. A warning condition requires prompt attention.
A red X indicates that a component has a
failure (critical) condition. A critical condition occurs when a probe or
other monitoring tool detects a reading for a component that falls within
certain minimum and maximum values. A critical condition requires immediate
attention.
A blank space indicates that a component's
health status is unknown.
Task Buttons
Most windows opened from the Server Administrator home page contain at least
four task buttons: Print, Export, Email, and Refresh.
Other task buttons are included on specific Server Administrator windows. Log
windows, for example, also contain Save As and Clear Log task
buttons. For specific information about individual task buttons, click Help
on any Server Administrator home page window to view detailed information about
the specific window you are viewing.
Clicking Print prints a copy of the open
window to your default printer.
Clicking Export generates a text file that lists the values for each
data field on the open window. The export file is saved to a location you
specify. See "Setting User and System
Preferences" for instructions on customizing the delimiter separating
the data field values.
Clicking Email creates an e-mail message addressed to your designated
e-mail recipient. See "Setting User and
System Preferences" for instructions on setting up your e-mail server
and default e-mail recipient.
Clicking Refresh reloads the system component status information in
the action window data area.
Clicking
Save As saves an HTML file of the action window in a .zip file.
Clicking Clear Log erases all events from the log displayed in the
action window data area.
NOTE: The Export,
Email, Save As, and Clear Log buttons are only visible for
users logged in with Power User or Administrator privileges.
Underlined Items
Clicking an underlined item in the action window data area displays
additional details about that item.
Gauge Indicators
Temperature probes, fan probes, and voltage probes are each represented by a
gauge indicator. For example, Figure 4-3
shows readings from a system's CPU fan probe.
Figure 4-3. Gauge
Indicator
Using the Online Help
Context-sensitive online help is available for every window of the Server
Administrator home page. Clicking Help on the global navigation bar opens
an independent help window that contains detailed information about the specific
window you are viewing. The online help is designed to help guide you through
the specific actions required to perform all aspects of the Server Administrator
services. Online help is available for all windows you can view, based on the
software and hardware groups that Server Administrator discovers on your system
and your user privilege level.
Using the Preferences Home Page
The left-hand pane of the Preferences home page (where the system tree
is displayed on the Server Administrator home page) displays all available
configuration options in the system tree window.
See Table 4-3 for available Preferences
home page configuration options.
Table 4-3. Preferences
Home Page Configuration Options
General Settings
Server Administrator
You can view the Preferences tab after you log in to manage a remote system.
This tab is also available when you log in to manage the Server Administrator
Web server.
Like the Server Administrator home page, the Preferences home page has
three main areas:
The global navigation bar provides links to
general services.
Clicking Back to Server Administrator returns you to the Server
Administrator home page.
The
left-hand pane of the Preferences home page (where the system tree is
displayed on the Server Administrator home page) displays the preference
categories for the managed system or the Server Administrator Web server.
The action window displays the available settings and preferences for the
managed system or the Server Administrator Web Server.
Figure 4-4 shows a typical Preferences home page layout.
Figure 4-4. Sample
Preferences Home Page
Managed System Preferences
When you log in to a remote system, the Preferences home page defaults
to the Node Configuration window under the Preferences tab.
Click the Server Administrator object to enable or disable access to
users with User or Power User privileges. Depending on the user’s group
privileges, the Server Administrator object action window can have the
Preferences tab.
Under the Preferences tab, you can:
Enable or disable access to users with User or
Power User privileges.
Configure the
Command Log Size.
Server Administrator Web Server Preferences
When you log in to manage the Server Administrator Web server, the Preferences
home page defaults to the User Preferences window under the
Preferences tab.
Dell Systems Management Server Administration Connection Service and
Security Setup
You can set user and system preferences and manage X.509 certificates when
you are logged in to the Server Administrator Web server. See "Managing
Server Administrator Web Server"
for details. Once you log in to manage the Server Administrator Web server, you
can perform the following:
You set user and secure port system preferences from the Preferences
home page.
NOTE: You must be
logged in with Administrator privileges to set or reset user or system
preferences.
Log in to the Server Administrator Web server. Perform the following steps to
set up your user preferences:
Click Preferences on the global navigation bar.
The Preferences home page appears.
Click General Settings.
To add a preselected e-mail recipient, type the e-mail address of
your designated service contact in the Mail To: field, and click Apply
Changes.
NOTE: Clicking
Email in any window sends an e-mail message with an attached HTML file of
the window to the designated e-mail address.
To change the home page appearance, select an alternative value in
the
skin or scheme fields and click Apply Changes.
Perform the following steps to set up your secure port system preferences:
Log in to the Server Administrator Web server. Click
Preferences on the global navigation bar.
The Preferences home page appears.
Click General Settings, and the Web Server tab.
In the Server Preferences
window, set options as necessary.
The Session Timeout feature can
set a limit on the amount of time that a Server Administrator session can
remain active. Select the Enable radio button to allow Server
Administrator to time out if there is no user interaction for a specified
number of minutes. Users whose session times out must log in again to
continue. Select the Disable radio button to disable the Server
Administrator session timeout feature.
The HTTPS Port field specifies the secure port for Server
Administrator. The default secure port for Server Administrator is 1311.
NOTE: Changing the port
number to an invalid or in-use port number might prevent other applications or
browsers from accessing Server Administrator on the managed system. See the
Dell OpenManage Installation and Security User's Guide for the list of
default ports.
The IP Address to Bind to
field specifies the IP address(es) for the managed system that Server
Administrator binds to when starting a session. Select the All radio
button to bind to all IP addresses applicable for your system. Select the
Specific radio button to bind to a specific IP address.
NOTE: Changing the
IP Address to Bind to value to a value other than
All may prevent other applications or browsers from accessing Server
Administrator on the managed system.
The SMTP Server name and
DNS Suffix for SMTP Server fields specify your company or organization's
Simple Mail Transfer Protocol (SMTP) and domain name server (DNS) suffix. To
enable Server Administrator to send e-mails, you must type the IP address
and DNS suffix for the SMTP Server for your company or organization in the
appropriate fields.
NOTE: For security
reasons, your company or organization might not allow e-mails to be sent through
the SMTP server to outside accounts.
The Support Link field
specifies the URL for the business entity that provides support for your
managed system.
The
Custom Delimiter field specifies the character used to separate the data
fields in the files created using the Export button. The ;
character is the default delimiter. Other options are !, @,
#, $, %, ^, *, ~, ?, :,|,
and ,.
The SSL
Encryption field specifies the encryption levels for the secured HTTPS
sessions. The available encryption levels include Auto Negotiate and
128-bit or higher.
Auto Negotiate: To allow connection from browser with any encryption
strength. The browser auto negotiates with the Server Administrator web
server and uses the highest available encryption level for the session.
Legacy browsers with weaker encryption can connect to the Server
Administrator.
128-bit or higher: To allow connections from browsers with 128-bit
or higher encryption strength. One of the following cipher suites will
be applicable based upon the browser for any established sessions:
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_MD5
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
NOTE: 128-bit or
higher option does not allow connections from browsers with lower SSL
encryption strength, such as 40 bit, 56 bit.
NOTE: Restart the
Server Administrator web server for the changes to take effect.
NOTE: If the encryption
level is set to 128-bit or higher, you
can access or modify the Server Administrator settings using a browser with the
same or higher encryption levels.
When you finish setting options in the Server Preferences
window, click
Apply Changes.
X.509 Certificate Management
Web certificates are necessary to ensure the identity of a remote system and
ensure that information exchanged with the remote system cannot be viewed or
changed by others. To ensure system security, it is strongly recommended that:
You generate a new X.509 certificate, reuse an
existing X.509 certificate, or import a root certificate or certificate
chain from a Certification Authority (CA).
All systems that have Server Administrator installed have unique host names.
NOTE: You must be
logged in with Administrator privileges to perform certificate management.
To manage X.509 certificates through the Preferences home page, log in to the
Server Administrator Web server, click General Settings, click the
Web Server tab, and click X.509 Certificate.
You can use this option to:
Generate a new X.509 certificate - Use this
option to create a certificate for access to Server Administrator.
Reuse an existing X.509 certificate - This option selects an existing
certificate that your company has title to, and uses this certificate to
control access to Server Administrator.
Import a root certificate - This option allows you to import the root
certificate, as well as the certificate response (in PKCS#7 format),
received from the trusted certificate authority.
Import certificate chain from a CA - This option allows you to import
the certificate response (in PKCS#7 format) from the trusted certificate
authority. Some of the reliable certificate authorities are Verisign,
Thawte, and Entrust.
Controlling Server
Administrator
Server Administrator Web Server automatically starts each time you reboot the
managed system. To manually start, stop, or restart Server Administrator Web
Server, use the following instructions.
NOTE: To control Server
Administrator Web Server, you must be logged in with administrator privileges.
Starting Server Administrator Web Server
Supported Microsoft Windows Operating Systems
To start Server Administrator Web Server on systems running a supported
Microsoft Windows operating system, perform the following steps:
Open the Services window.
Right-click the Dell Systems Management Server Administration
(DSM SA) Connection Service icon.
Click Start.
Stopping Server Administrator Web Server
Supported Microsoft Windows Operating Systems
To stop Server Administrator Web Server, perform the following steps:
Open the Services window.
Right-click the DSM SA Connection Service icon.
Click Stop.
Restarting Server Administrator Web Server
Supported Microsoft Windows Operating Systems
To restart Server Administrator Web Server, perform the following steps:
) to the left of an object, or double-click the object. A minus sign (
) indicates an expanded entry that cannot be expanded further.
