Manuals

Manuals
Configuring the iDRAC6 Using the Web Interface: Controller 6 (iDRAC6) Version 1.0 User Guide<br>

Back to Contents Page

Configuring the iDRAC6 Using the Web Interface

Integrated Dell™ Remote Access Controller 6 (iDRAC6) Version 1.0 User Guide

  Accessing the Web Interface

  Configuring the iDRAC6 NIC

  Configuring Platform Events

  Configuring iDRAC6 Users

  Securing iDRAC6 Communications Using SSL and Digital Certificates

  Configuring and Managing Active Directory Certificates

  Configuring iDRAC6 Services

  Updating the iDRAC6 Firmware/System Services Recovery Image


The iDRAC6 provides a Web interface that enables you to configure the iDRAC6 properties and users, perform remote management tasks, and troubleshoot a remote (managed) system for problems. For everyday systems management, use the iDRAC6 Web interface. This chapter provides information about how to perform common systems management tasks with the iDRAC6 Web interface and provides links to related information.

Most Web interface configuration tasks can also be performed with RACADM commands or with Server Management-Command Line Protocol (SM-CLP) commands.

Local RACADM commands are executed from the managed server.

SM-CLP and SSH/Telnet RACADM commands are executed in a shell that can be accessed remotely with a telnet or SSH connection. For more information about SM-CLP, see "Using the iDRAC6 SM-CLP Command Line Interface." For more information about RACADM commands see "RACADM Subcommand Overview" and "iDRAC6 Property Database Group and Object Definitions".


Accessing the Web Interface

To access the iDRAC6 Web interface, perform the following steps:

  1. Open a supported Web browser window.

See "Supported Web Browsers" for more information.

To access the Web interface using an IPv4 address, go to step 2.

To access the Web interface using an IPv6 address, go to step 3.

  1. Access the Web interface using an IPv4 address; you must have IPv4 enabled:

In the browser Address bar, type:

https://<iDRAC-IPv4-address>

Then, press <Enter>.

  1. Access the Web interface using an IPv6 address; you must have IPv6 enabled.

In the browser Address bar, type:

https://[<iDRAC-IPv6-address>]

Then, press <Enter>.

  1. If the default HTTPS port number, port 443, has been changed, type:

https://<iDRAC-IP-address>:<port-number>

where iDRAC-IP-address is the IP address for the iDRAC6 and port-number is the HTTPS port number.

  1. In the Address field, type https://<iDRAC-IP-address> and press <Enter>.

If the default HTTPS port number (port 443) has been changed, type:

https://<iDRAC-IP-address>:<port-number>

where iDRAC-IP-address is the IP address for the iDRAC6 and port-number is the HTTPS port number.

The iDRAC6 Login window appears.

Logging In

You can log in as either an iDRAC6 user or as a Microsoft® Active Directory® user. The default user name and password for an iDRAC6 user are root and calvin, respectively.

You must have been granted Login to iDRAC privilege by the administrator to log in to iDRAC6.

To log in, perform the following steps:

  1. In the Username field, type one of the following:

    • Your iDRAC6 user name.

The user name for local users is case sensitive. Examples are root, it_user, or john_doe.

    • Your Active Directory user name.

Active Directory names can be entered in any of the forms <username>, <domain>\<username>, <domain>/<username>, or <user>@<domain>. They are not case sensitive. Examples are dell.com\john_doe,or JOHN_DOE@DELL.COM.

  1. In the Password field, type your iDRAC6 user password or Active Directory user password. Passwords are case sensitive.

  2. From the Domain drop-down box, select This iDRAC for logging in as an iDRAC6 user, or select any of the available domains for logging in as a Active Directory user.

NOTE: For Active Directory users, if you have specified the domain name as a part of the Username, select This iDRAC from the drop down menu.
  1. Click OK or press <Enter>.

Logging Out

  1. In the upper-right corner of the main window, click Logout to close the session.

  2. Close the browser window.

NOTE: The Logout button does not appear until you log in.
NOTE: Closing the browser without gracefully logging out may cause the session to remain open until it times out. It is strongly recommended that you click the logout button to end the session; otherwise, the session may remain active until the session timeout is reached.
NOTE: Closing the iDRAC6 Web interface within Microsoft Internet Explorer using the close button ("x") at the top right corner of the window may generate an application error. To fix this issue, download the latest Cumulative Security Update for Internet Explorer from the Microsoft Support website, located at support.microsoft.com.

Configuring the iDRAC6 NIC

This section assumes that the iDRAC6 has already been configured and is accessible on the network. See "Configuring Your iDRAC6" for help with the initial iDRAC6 network configuration.

Configuring the Network and IPMI LAN Settings

NOTE: You must have Configure iDRAC permission to perform the following steps.
NOTE: Most DHCP servers require a server to store a client identifier token in its reservations table. The client (iDRAC, for example) must provide this token during DHCP negotiation. The iDRAC6 supplies the client identifier option using a one-byte interface number (0) followed by a six-byte MAC address.
NOTE: If you are running with Spanning Tree Protocol (STP) enabled, ensure that you also have PortFast or a similar technology turned on as follows:
  • On the ports for the switch connected to iDRAC6

  • On the ports connected to the management station running an iDRAC KVM session

  • NOTE: You may see the following message if the system halts during POST: Strike the F1 key to continue, F2 to run the system setup program
    One possible reason for the error is a network storm event, which causes you to lose communication with the iDRAC6. After the network storm subsides, restart the system.
    1. Click Remote Access® Configuration® Network.

    2. On the Network page, you can enter Network Interface Card settings, Common iDRAC settings, IPv4 settings, IPv6 settings, IPMI settings, and VLAN settings. See Table 4-1, Table 4-2, Table 4-3, Table 4-4,
      Table 4-5, and Table 4-6 for descriptions of these settings.

    3. When you have completed entering the required settings, click Apply Changes.

    4. Click the appropriate button to continue. See Table 4-7.

    Table 4-1. Network Interface Card Settings   

    Setting

    Description

    NIC Selection

    Configures the current mode out of the four possible modes:

    · Dedicated (iDRAC NIC)

    NOTE: This option is only available on iDRAC6 Enterprise.

    · Shared (LOM1)

    · Shared with Failover LOM2

    · Shared with Failover All LOMs

    MAC Address

    Displays the Media Access Control (MAC) address that uniquely identifies each node in a network.

    Enable NIC

    When checked, indicates that the NIC is enabled and activates the remaining controls in this group. When a NIC is disabled, all communication to and from the iDRAC6 via the network is blocked.

    The default is On.

    Auto Negotiation

    If set to On, displays the Network Speed and Mode by communicating with the nearest router or hub. If set to Off, allows you to set the Network Speed and Duplex Mode manually (Off).

    If NIC Selection is not set to Dedicated, Auto Negotiation setting will always be enabled (On).

    Network Speed

    Enables you to set the Network Speed to 100 Mb or 10 Mb to match your network environment. This option is not available if Auto Negotiation is set to On.

    Duplex Mode

    Enables you to set the Duplex Mode to full or half to match your network environment. This option is not available if Auto Negotiation is set to On.

    Table 4-2. Common iDRAC Settings 

    Setting

    Description

    Register iDRAC on DNS

    Registers the iDRAC6 name on the DNS server.

    The default is Disabled.

    DNS iDRAC Name

    Displays the iDRAC6 name only when Register iDRAC on DNS is selected. The default name is idrac-service_tag, where service_tag is the service tag number of the Dell server, for example: idrac-00002.

    Use DHCP for DNS Domain Name

    Uses the default DNS domain name. When the checkbox is not selected and the Register iDRAC on DNS option is selected, modify the DNS domain name in the DNS Domain Name field.

    The default is Disabled.

    NOTE: To select the Use DHCP for DNS Domain Name checkbox, also select the Use DHCP (For NIC IP Address) checkbox.

    DNS Domain Name

    The default DNS Domain Name is blank. When the Use DHCP for DNS Domain Name checkbox is selected, this option is grayed out and the field cannot be modified.

    Table 4-3. IPv4 Settings 

    Setting

    Description 

    Enabled

    If NIC is enabled, this selects IPv4 protocol support and sets the other fields in this section to be enabled.

    Use DHCP (For NIC IP Address)

    Prompts the iDRAC6 to obtain an IP address for the NIC from the Dynamic Host Configuration Protocol (DHCP) server. The default is off.

    IP Address

    Specifies the IP address for the iDRAC NIC.

    Subnet Mask

    Allows you to enter or edit a static IP address for the iDRAC6 NIC. To change this setting, deselect the Use DHCP (For NIC IP Address) checkbox.

    Gateway

    The address of a router or switch. The value is in the "dot separated" format, such as 192.168.0.1.

    Use DHCP to obtain DNS server addresses

    Enable DHCP to obtain DNS server addresses by selecting the Use DHCP to obtain DNS server addresses checkbox. When not using DHCP to obtain the DNS server addresses, provide the IP addresses in the Preferred DNS Server and Alternate DNS Server fields.

    The default is off.

    NOTE: When the Use DHCP to obtain DNS server addresses checkbox is selected, IP addresses cannot be entered into the Preferred DNS Server and Alternate DNS Server fields.

    Preferred DNS Server

    DNS Server IP address.

    Alternate DNS Server

    Alternate IP address.

    Table 4-4. IPv6 Settings 

    Setting

    Description 

    Enabled

    If the checkbox is selected, IPv6 is enabled. If the checkbox is not selected, IPv6 is disabled. The default is disabled.

    Auto Config

    Checking this box allows the iDRAC6 to obtain the IPv6 address for the iDRAC6 NIC from the Dynamic Host Configuration Protocol (DHCPv6) server. Enabling Auto Config also deactivates and flushes out the static values for IP Address 1, Prefix Length, and IP Gateway.

    IP Address 1

    Configures the IPv6 address for the iDRAC NIC. To change this setting, you must first disable AutoConfig by deselecting the associated checkbox.

    Prefix Length

    Configures the prefix length of the IPv6 address. It can be a value between 1 and 128 inclusive. To change this setting, you must first disable AutoConfig by deselecting the associated checkbox.

    IP Gateway

    Configures the static gateway for the iDRAC NIC. To change this setting, you must first disable AutoConfig by deselecting the associated checkbox.

    Link Local Address

     

    Specifies the IPv6 address for the iDRAC NIC.

    IP Address 2

    Specifies the additional IPv6 address for the iDRAC NIC if one is available.

    Use DHCP to obtain DNS server addresses

    Enable DHCP to obtain DNS server addresses by selecting the Use DHCP to obtain DNS server addresses checkbox. When not using DHCP to obtain the DNS server addresses, provide the IP addresses in the Preferred DNS Server and Alternate DNS Server fields.

    The default is Off. Check review copy

    NOTE: When the Use DHCP to obtain DNS server addresses checkbox is selected, IP addresses cannot be entered into the Preferred DNS Server and Alternate DNS Server fields.

    Preferred DNS Server

    Configures the static IPv6 address for the preferred DNS server. To change this setting, you must first uncheck Use DHCP to obtain DNS Server Addresses.

    Alternate DNS Server

    Configures the static IPv6 address for the alternate DNS server. To change this setting, you must first uncheck Use DHCP to obtain DNS Server Addresses.

    Table 4-5. IPMI Settings

    Setting

    Description

    Enable IPMI Over LAN

    When checked, indicates that the IPMI LAN channel is enabled. The default is Off.

    Channel Privilege Level Limit

    Configures the minimum privilege level, for the user, that can be accepted on the LAN channel. Select one of the following options: Administrator, Operator, or User. The default is Administrator.

    Encryption Key

    Configures the encryption key: 0 to 20 hexadecimal characters (with no blanks allowed). The default is blank.

    Table 4-6. VLAN Settings

    Setting

    Description

    Enable VLAN ID

    If enabled, only matched Virtual LAN (VLAN) ID traffic will be accepted.

    VLAN ID

    VLAN ID field of 802.1g fields. Enter a valid value for VLAN ID (must be a number from 1 to 4094).

    Priority

    Priority field of 802.1g fields. Enter a number from 0 to 7 to set the priority of the VLAN ID.

    Table 4-7. Network Configuration Page Buttons 

    Button

    Description

    Print

    Prints the Network Configuration values that appear on the screen.

    Refresh

    Reloads the Network Configuration page.

    Advanced Settings

    Opens the Network Security page, allowing the user to enter IP Range and IP Blocking attributes.

    Apply Changes

    Saves any new settings made to the network configuration page.

    NOTE: Changes to the NIC IP address settings will close all user sessions and require users to reconnect to the iDRAC6 Web interface using the updated IP address settings. All other changes will require the NIC to be reset, which may cause a brief loss in connectivity.

    Configuring IP Filtering and IP Blocking

    NOTE: You must have Configure iDRAC permission to perform the following steps.
    1. Click Remote Access® Configuration and then click the Network tab to open the Network page.

    2. Click Advanced Settings to configure the network security settings.

    Table 4-8 describes the Network Security Page Settings. When you have finished configuring the settings, click Apply.

    1. Click the appropriate button to continue. See Table 4-9.

    Table 4-8. Network Security Page Settings 

    Settings

    Description

    IP Range Enabled

    Enables the IP Range checking feature, which defines a range of IP addresses that can access the iDRAC. The default is off.

    IP Range Address

    Determines the acceptable IP address bit pattern, depending on the 1's in the subnet mask. This value is bitwise AND'd with the IP Range Subnet Mask to determine the upper portion of the allowed IP address. Any IP address that contains this bit pattern in its upper bits is allowed to establish an iDRAC6 session. Logins from IP addresses that are outside this range will fail. The default values in each property allow an address range from 192.168.1.0 to 192.168.1.255 to establish an iDRAC6 session.

    IP Range Subnet Mask

    Defines the significant bit positions in the IP address. The subnet mask should be in the form of a netmask, where the more significant bits are all 1's with a single transition to all zeros in the lower-order bits. The default is 255.255.255.0.

    IP Blocking Enabled

    Enables the IP address blocking feature, which limits the number of failed login attempts from a specific IP address for a preselected time span. The default is off.

    IP Blocking Fail Count

    Sets the number of login failures attempted from an IP address before the login attempts are rejected from that address. The default is 10.

    IP Blocking Fail Window

    Determines the time span in seconds within which IP Block Fail Count failures must occur to trigger the IP Block Penalty Time. The default is 3600.

    IP Blocking Penalty Time

    The time span in seconds that login attempts from an IP address with excessive failures are rejected. The default is 3600.

    Table 4-9. Network Security Page Buttons 

    Button

    Description

    Print

    Prints the Network Security values that appear on the screen.

    Refresh

    Reloads the Network Security page.

    Apply Changes

    Saves any new settings that you made to the Network Security page.

    Return to the Network Configuration Page

    Returns to the Network Configuration page.


    Configuring Platform Events

    Platform event configuration provides a mechanism for configuring the iDRAC6 to perform selected actions on certain event messages. The actions include no action, reboot system, power cycle system, power off system, and generate an alert (Platform Event Trap [PET] and/or e-mail).

    The filterable platform events are listed in Table 4-10.

    Table 4-10. Platform Event Filters

    Index

    Platform Event 

    1

    Fan Critical Assert

    2

    Battery Warning Assert

    3

    Battery Critical Assert

    4

    Discrete Voltage Critical Assert

    5

    Temperature Warning Assert

    6

    Temperature Critical Assert

    7

    Intrusion Critical Assert

    8

    Fan Redundancy Degraded

    9

    Fan Redundancy Lost

    10

    Processor Warning Assert

    11

    Processor Critical Assert

    12

    Processor Absent

    13

    Power Supply Warning Assert

    14

    Power Supply Critical Assert

    15

    Power Supply Absent

    16

    Event Log Critical Assert

    17

    Watchdog Critical Assert

    18

    System Power Warning Assert

    19

    System Power Critical Assert

    .

    When a platform event occurs (for example, a battery warning assert), a system event is generated and recorded in the System Event Log (SEL). If this event matches a platform event filter (PEF) that is enabled and you have configured the filter to generate an alert (PET or e-mail), then a PET or e-mail alert is sent to one or more configured destinations.

    If the same platform event filter is also configured to perform an action (such as rebooting the system), the action is performed.

    Configuring Platform Event Filters (PEF)

    NOTE: Configure platform event filters before you configure the platform event traps or e-mail alert settings.
    1. Log in to the remote system using a supported Web browser. See "Accessing the Web Interface."

    2. Click System® Alert Management® Platform Events.

    3. In the first table, select the Enable Platform Event Filter Alerts checkbox and then click Apply Changes.

    NOTE: Enable Platform Event Filter Alerts must be enabled for an alert to be sent to any valid, configured destination (PET or e-mail).
    1. In the next table, Platform Event Filters List, click the filter that you want to configure.

    2. In the Set Platform Events page, select the appropriate Shutdown Action or select None.

    3. Select or deselect Generate Alert to enable or disable this action.

    NOTE: Generate Alert must be enabled for an alert to be sent to any valid, configured destination (PET or e-mail).
    1. Click Apply Changes.

    You are returned to the Platform Events page where the changes you applied are displayed in the Platform Event Filters List.

    1. Repeat steps 4 through 7 to configure additional platform event filters.

    Configuring Platform Event Traps (PET)

    NOTE: You must have Configure iDRAC permission to add or enable/disable an SNMP alert. The following options will not be available if you do not have Configure iDRAC permission.
    1. Log in to the remote system using a supported Web browser. See "Accessing the Web Interface."

    2. Ensure that you followed the procedures in "Configuring Platform Event Filters (PEF)."

    3. Click System® Alert Management® Traps Settings.

    4. In either the IPv4 Destination List or the IPv6 Destination List, click a destination number to configure your IPv4 or IPv6 SNMP alert destination.

    5. On the Set Platform Event Alert Destination page, select or deselect Enable Destination. A checked box indicates that the IP address is enabled to receive the alerts. An unchecked box means that the IP address is disabled for receiving alerts.

    6. Enter a valid Platform Event Trap destination IP address and click Apply Changes.

    7. Click Send Test Trap to test the configured alert, or click Go Back to the Platform Event Destination Page.

    NOTE: Your user account must have Test Alerts permission to send a test trap. See Table 6-6, "iDRAC Group Permissions," for more information.

    On the Platform Event Alert Destinations page, the changes you applied are displayed in either the IPv4 or IPv6 Destination List.

    1. In the Community String field, enter the appropriate iDRAC SNMP community name. Click Apply Changes.

    NOTE: The destination community string must be the same as the iDRAC6 community string.
    1. Repeat steps 4 through 7 to configure additional IPv4 or IPv6 destination numbers.

    Configuring E-Mail Alerts

    NOTE: E-Mail alerts support both IPv4 and IPv6 addresses.
    1. Log in to the remote system using a supported Web browser.

    2. Ensure that you followed the procedures in "Configuring Platform Event Filters (PEF)."

    3. Click System® Alert Management® Email Alert Settings.

    4. In the table under Destination Email Addresses, click the Email Alert Number for which you want to configure a destination address.

    5. On the Set Email Alert page, select or deselect Enable E-mail Alert. A checked box indicates that the email address is enabled to receive the alerts. An unchecked box means that the email address is disabled for receiving alert messages.

    6. In the Destination E-mail Address field, type a valid e-mail address.

    7. In the E-mail Description field, type a short description to be displayed in the e-mail.

    8. Click Apply Changes.

    9. If you want to test the configured e-mail alert, click Send Test Email. If not, click Go Back to the E-mail Alert Destination Page.

    10. Click Go Back to the E-mail Alert Destination Page and enter a valid SMTP IP address in the SMTP (e-mail) Server IP Address field.

    NOTE: To successfully send a test e-mail, the SMTP (email) Server IP Address must be configured on the E-mail Alert Settings page. The SMTP Server uses the set IP address to communicate with the iDRAC6 to send e-mail alerts when a platform event occurs.
    1. Click Apply Changes.

    2. Repeat steps 4 through 9 to configure additional e-mail alert destinations.

    Configuring IPMI

    1. Log in to the remote system using a supported Web browser.

    2. Configure IPMI over LAN.

      1. In the System tree, click Remote Access.

      1. Click the Configuration tab and click Network.

      2. In the Network Configuration page under IPMI LAN Settings, select Enable IPMI Over LAN and click Apply Changes.

      3. Update the IPMI LAN channel privileges, if required.

    NOTE: This setting determines the IPMI commands that can be executed from the IPMI over LAN interface. For more information, see the IPMI 2.0 specifications.

    Under IPMI LAN Settings, click the Channel Privilege Level Limit drop-down menu, select Administrator, Operator, or User and click Apply Changes.

      1. Set the IPMI LAN channel encryption key, if required.

    NOTE: iDRAC6 IPMI supports the RMCP+ protocol.

    Under IPMI LAN Settings in the Encryption Key field, type the encryption key and click Apply Changes.

    NOTE: The encryption key must consist of an even number of hexadecimal characters with a maximum of 40 characters.
    1. Configure IPMI Serial over LAN (SOL).

      1. In the System tree, click Remote Access.

      1. In the Configuration tab, click Serial Over LAN.

      2. In the Serial Over LAN Configuration page, select Enable Serial Over LAN.

      3. Update the IPMI SOL baud rate.

    NOTE: To redirect the serial console over LAN, ensure that the SOL baud rate is identical to your managed system's baud rate.
      1. Click the Baud Rate drop-down menu, select the appropriate baud rate, and click Apply Changes.

      2. Update the Minimum Required Privilege. This property defines the minimum user privilege that is required to use the Serial Over LAN feature.

    Click the Channel Privilege Level Limit drop-down menu, select User, Operator, or Administrator.

      1. Click Apply Changes.

    1. Configure IPMI Serial.

      1. In the Configuration tab, click Serial.

      1. In the Serial Configuration menu, change the IPMI serial connection mode to the appropriate setting.

    Under IPMI Serial, click the Connection Mode Setting drop-down menu, select the appropriate mode.

      1. Set the IPMI Serial baud rate.

    Click the Baud Rate drop-down menu, select the appropriate baud rate, and click Apply Changes.

      1. Set the Channel Privilege Level Limit.

    Click the Channel Privilege Level Limit drop-down menu, select Administrator, Operator, or User.

      1. Click Apply Changes.

      2. Ensure that the serial MUX is set correctly in the managed system's BIOS Setup program.

        • Restart your system.

        • During POST, press <F2> to enter the BIOS Setup program.

        • Navigate to Serial Communication.

        • In the Serial Connection menu, ensure that External Serial Connector is set to Remote Access Device.

        • Save and exit the BIOS Setup program.

        • Restart your system.

    If IPMI serial is in terminal mode, you can configure the following additional settings:

      • Delete control

      • Echo control

      • Line edit

      • New line sequences

      • Input new line sequences

    For more information about these properties, see the IPMI 2.0 specification. For additional information about terminal mode commands, see the Dell OpenManage Baseboard Management Controller Utilities User's Guide at support.dell.com\manuals\.


    Configuring iDRAC6 Users

    See "Adding and Configuring iDRAC6 Users" for detailed information.


    Securing iDRAC6 Communications Using SSL and Digital Certificates

    This section provides information about the following data security features that are incorporated in your iDRAC:

    • Secure Sockets Layer (SSL)

    • Certificate Signing Request (CSR)

    • Accessing SSL through the Web-based Interface

    • Generating a CSR

    • Uploading a server certificate

    • Viewing a server certificate

    Secure Sockets Layer (SSL)

    The iDRAC6 includes a Web server that is configured to use the industry-standard SSL security protocol to transfer encrypted data over a network. Built upon public-key and private-key encryption technology, SSL is a widely accepted technology for providing authenticated and encrypted communication between clients and servers to prevent eavesdropping across a network.

    An SSL-enabled system can perform the following tasks:

    • Authenticate itself to an SSL-enabled client

    • Allow the client to authenticate itself to the server

    • Allow both systems to establish an encrypted connection

    The encryption process provides a high level of data protection. The iDRAC6 employs the 128-bit SSL encryption standard, the most secure form of encryption generally available for Internet browsers in North America.

    The iDRAC6 Web server has a Dell self-signed SSL digital certificate (Server ID) by default. To ensure high security over the Internet, replace the Web server SSL certificate with a certificate signed by a well-known certificate authority. To initiate the process of obtaining a signed certificate, you can use the iDRAC6 Web interface to generate a Certificate Signing Request (CSR) with your company's information. You can then submit the generated CSR to a Certificate Authority (CA) such as VeriSign or Thawte.

    Certificate Signing Request (CSR)

    A CSR is a digital request to a CA for a secure server certificate. Secure server certificates allow clients of the server to trust the identity of the server they have connected to and to negotiate an encrypted session with the server.

    A Certificate Authority is a business entity that is recognized in the IT industry for meeting high standards of reliable screening, identification, and other important security criteria. Examples of CAs include Thawte and VeriSign. After the CA receives a CSR, they review and verify the information the CSR contains. If the applicant meets the CA's security standards, the CA issues a digitally-signed certificate that uniquely identifies that applicant for transactions over networks and on the Internet.

    After the CA approves the CSR and sends the certificate, upload the certificate to the iDRAC6 firmware. The CSR information stored on the iDRAC6 firmware must match the information contained in the certificate.

    Accessing SSL Through the Web-Based Interface

    1. Click Remote Access® Configuration.

    2. Click SSL to open the SSL page.

    Use the SSL page to perform one of the following options:

    • Generate a Certificate Signing Request (CSR) to send to a CA. The CSR information is stored on the iDRAC6 firmware.

    • Upload a server certificate.

    • View a server certificate.

    Table 4-11 describes the above SSL page options.

    Table 4-11.

    Field

    Description

    Generate Certificate Signing Request (CSR)

    This option enables you to generate a CSR to send to a CA to request a secure Web certificate.

    NOTE: Each new CSR overwrites any previous CSR on the firmware. For a CA to accept your CSR, the CSR in the firmware must match the certificate returned from the CA.

    Upload Server Certificate

    This option enables you to upload an existing certificate that your company has title to and uses to control access to the iDRAC6.

    NOTE: Only X509, Base 64 encoded certificates are accepted by theiDRAC6. DER-encoded certificates are not accepted. Upload a new certificate to replace the default certificate you received with your iDRAC6.

    View Server Certificate

    This option allows you to view an existing server certificate.

    SSL Page Options

    Generating a Certificate Signing Request

    NOTE: Each new CSR overwrites any previous CSR data stored on the firmware. Before iDRAC can accept your signed CSR, the CSR in the firmware should match the certificate returned from the CA.
    1. On the SSL page, select Generate Certificate Signing Request (CSR) and click Next.

    2. On the Generate Certificate Signing Request (CSR) page, enter a value for each CSR attribute. Table 4-12 describes the CSR attributes.

    3. Click Generate to create the CSR and download it onto to your local computer.

    4. Click the appropriate button to continue. See Table 4-13.

    Table 4-12. Generate Certificate Signing Request (CSR) Attributes 

    Field

    Description

    Common Name

    The exact name being certified (usually the iDRAC's domain name, for example, www.xyzcompany.com). Only alphanumeric characters, hyphens, underscores, and periods are valid. Spaces are not valid.

    Organization Name

    The name associated with this organization (for example, XYZ Corporation). Only alphanumeric characters, hyphens, underscores, periods, and spaces are valid.

    Organization Unit

    The name associated with an organizational unit, such as a department (for example, Information Technology). Only alphanumeric characters, hyphens, underscores, periods, and spaces are valid.

    Locality

    The city or other location of the entity being certified (for example, Round Rock). Only alphanumeric characters and spaces are valid. Do not separate words using an underscore or other character.

    State Name

    The state or province where the entity who is applying for a certification is located (for example, Texas). Only alphanumeric characters and spaces are valid. Do not use abbreviations.

    Country Code

    The name of the country where the entity applying for certification is located.

    Email

    The e-mail address associated with the CSR. Type the company's e-mail address, or any e-mail address associated with the CSR. This field is optional.

    Table 4-13. Generate Certificate Signing Request (CSR) Page Buttons 

    Button

    Description

    Print

    Prints the Generate Certificate Signing Request values that appear on the screen.

    Refresh

    Reloads the Generate Certificate Signing Request page.

    Generate

    Generates a CSR and then prompts the user to save it to a specified directory.

    Go Back to SSL Main Menu

    Returns the user to the SSL page.

    Uploading a Server Certificate

    1. On the SSL page, select Upload Server Certificate and click Next.

    The Upload Server Certificate page appears.

    1. In the File Path field, type the path of the certificate in the Value field or click Browse to navigate to the certificate file.

    NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension
    1. Click Apply.

    2. Click the appropriate page button to continue. See Table 4-14.

    Table 4-14. Certificate Upload Page Buttons

    Button

    Description

    Print

    Print the Certificate Upload page.

    Go Back to SSL Main Menu

    Return to the SSL Main Menu page.

    Apply

    Apply the certificate to the iDRAC6 firmware.

    Viewing a Server Certificate

    1. On the SSL page, select View Server Certificate and click Next.

    The View Server Certificate page displays the server certificate that you uploaded to the iDRAC.

    Table 4-15 describes the fields and associated descriptions listed in the Certificate table.

    1. Click the appropriate button to continue. See Table 4-16.

    Table 4-15. Certificate Information 

    Field

    Description

    Serial Number

    Certificate serial number

    Subject Information

    Certificate attributes entered by the subject

    Issuer Information

    Certificate attributes returned by the issuer

    Valid From

    Issue date of the certificate

    Valid To

    Expiration date of the certificate

    Table 4-16. View Server Certificate Page Buttons

    Button

    Description

    Print

    Prints the View Server Certificate values that appear on the screen.

    Refresh

    Reloads the View Server Certificate page.

    Go Back to SSL Main Menu

    Returns to the SSL page.


    Configuring and Managing Active Directory Certificates

    The page enables you to configure and manage Active Directory settings.

    NOTE: You must have Configure iDRAC permission to use or configure Active Directory.
    NOTE: Before configuring or using the Active Directory feature, ensure that your Active Directory server is configured to communicate with iDRAC6.
    NOTE: For detailed information about Active Directory configuration and how to configure Active Directory with Extended Schema or Standard Schema, see "Using the iDRAC6 With Microsoft Active Directory."

    To access the Active Directory Configuration and Management page:

    1. Click Remote Access® Configuration.

    2. Click Active Directory to open the Active Directory Configuration and Management page.

    Table 4-17 lists the Active Directory Configuration and Management page options.

    1. Click the appropriate button to continue. See Table 4-18.

      Table 4-17. Active Directory Configuration and Management Page Options

      Attribute

      Description 

      Common Settings

       

      Active Directory Enabled

      Specifies whether Active Directory is enabled or disabled

      Schema Selection

      Specifies whether Standard schema or Extended schema is in use with Active Directory

      User Domain Name

      This value holds up to 40 User Domain entries. If configured, the list of user domain names will appear in the login page as a pull-down menu for the login user to choose from. If not configured, Active Directory users are still able to log in by entering the user name in the format of user_name@domain_name, domain_name/user_name, or domain_name\user_name.

      Timeout

      Specifies the time in seconds to wait for Active Directory queries to complete. The default is 120 seconds.

      Domain Controller Server Address 1-3 (FQDN or IP)

      Specifies the fully qualified domain name (FQDN) of the Domain Controller or the IP address. At least one of the 3 addresses is required to be configured. iDRAC attempts to connect to each of the configured addresses one-by-one until a successful connection is made. If extended schema is selected, these are the addresses of the domain controllers where the iDRAC device object and the Association objects are located. If standard schema is selected, these are the addresses of the domain controllers where the user accounts and the role groups are located.

      Certificate Validation Enabled

      iDRAC always uses Lightweight Directory Access Protocol (LDAP) over Security Socket Layer (SSL) while connecting Active Directory. By default, iDRAC uses the CA certificated loaded in iDRAC to validate the Security Socket Layer (SSL) server certificate of the domain controllers during Security Socket Layer (SSL) handshake and provides strong security. The certificate validation can be disabled for testing purpose or the system Administrator chooses to trust the domain controllers in the security boundary without validating their Security Socket Layer (SSL) certificates. This option specifies whether Certificate validation is enabled or disabled.

      Active Directory CA Certificate

       

      Certificate

      The certificate of the Certificate Authority that signs all the domain controllers' Security Socket Layer (SSL) server certificate.

      Extended Schema Settings

       

       

      iDRAC Name: Specifies the name that uniquely identifies the iDRAC in Active Directory. This value is NULL by default.

      iDRAC Domain Name: The DNS name (string) of the domain where the Active Directory iDRAC object resides. This value is NULL by default.

      Standard Schema Settings

      Global Catalog Server Address 1-3 (FQDN or IP): Specifies the fully qualified domain name (FQDN) or the IP address of the Global Catalog server(s). At least one of the 3 addresses is required to be configured. iDRAC attempts to connect to each of the configured addresses one-by-one until a successful connection is made. The Global Catalog server is required for standard schema only in the case that the user accounts and the role groups are in different domains.

      Role Groups: Specifies the list of role groups associated with iDRAC6.

      Group Name: Specifies the name that identifies the role group in the Active Directory associated with iDRAC6.

      Group Domain: Specifies the domain of the group.

      Group Privilege: Specifies the privilege level for the group.



    Table 4-18. Active Directory Configuration and Management Page Buttons

    Button

    Definition

    Print

    Prints the values that are displayed on the Active Directory Configuration and Management page.

    Refresh

    Reloads the Active Directory Configuration and Management page.

    Configure Active Directory

    Enables you to configure Active Directory. See "Using the iDRAC6 With Microsoft Active Directory" for detailed configuration information.

    Test Settings

    Allows you to test the Active Directory configuration using the settings you specified. See "Using the iDRAC6 With Microsoft Active Directory" for details on using the Test Settings option.


    Configuring iDRAC6 Services

    NOTE: To modify these settings, you must have Configure iDRAC permission.
    1. Click Remote Access® Configuration. Then, click the Services tab to display the Services configuration page.

    2. Configure the following services, as required:

      • Local Configuration — see Table 4-19

      • Web server — see Table 4-20 for Web server settings

      • SSH — see Table 4-21 for SSH settings

      • Telnet — see Table 4-22 for Telnet settings.

      • Remote RACADM — see Table 4-23 for Remote RACADM settings.

      • SNMP Agent — see Table  for SNMP settings.

      • Automated System Recovery (ASR) Agent — see Table 4-25 for ASR Agent settings.

    3. Click Apply.

    4. Click the appropriate button to continue. See Table 4-26.

    Table 4-19. Local Configuration

    Setting

    Description

    Disable iDRAC Local Configuration using option ROM

     

    Disables local configuration of iDRAC using option ROM. Option ROM resides in the BIOS and provides a user interface engine that allows BMC and iDRAC configuration. The option ROM prompts you to enter the setup module by pressing <Ctrl+E>.

    Disable iDRAC Local Configuration using RACADM

    Disables local configuration of iDRAC using local RACADM.

    Table 4-20. Web Server Settings 

    Setting

    Description

    Enabled

    Enables or disables the iDRAC6 Web server. When checked, the checkbox indicates that the Web server is enabled. The default is enabled.

    Max Sessions

    The maximum number of simultaneous sessions allowed for this system. This field is not editable. The maximum number of simultaneous sessions is five.

    Active Sessions

    The number of current sessions on the system, less than or equal to the value for Max Sessions. This field is not editable.

    Timeout

    The time, in seconds, that a connection is allowed to remain idle. The session is cancelled when the timeout is reached. Changes to the timeout setting take affect immediately and terminate the current Web interface session. The web server will also be reset. Please wait for a few minutes before opening a new Web interface session. The timeout range is 60 to 10800 seconds. The default is 1800 seconds.

    HTTP Port Number

    The port on which the iDRAC6 listens for a browser connection. The default is 80.

    HTTPS Port Number

    The port on which the iDRAC6 listens for a secure browser connection. The default is 443.

    Table 4-21. SSH Settings 

    Setting

    Description

    Enabled

    Enables or disable SSH. When checked, the checkbox indicates that SSH is enabled.

    Timeout

    The secure shell idle timeout, in seconds. The Timeout range is 60 to 1920 seconds. Enter 0 seconds to disable the Timeout feature. The default is 300.

    Port Number

    The port on which the iDRAC6 listens for an SSH connection. The default is 22.

    Table 4-22. Telnet Settings

    Setting

    Description 

    Enabled

    Enables or disables telnet. When checked, telnet is enabled.

    Timeout

    The telnet idle timeout in seconds. Timeout range is 60 to 1920 seconds. Enter 0 seconds to disable the Timeout feature. The default is 300.

    Port Number

    The port on which the iDRAC6 listens for a telnet connection. The default is 23.

    Table 4-23. Remote RACADM Settings

    Setting

    Description

    Enabled

    Enables/disables Remote RACADM. When checked, Remote RACADM is enabled.

    Active Sessions

    The number of current sessions on the system.

    Table 4-24. SNMP Settings

    Setting

    Description

    Enabled

    Enables/disables SNMP. When checked, SNMP is enabled.

    SNMP Community Name

    Enables/disables the SNMP Community Name. When checked, the SNMP Community Name is enabled. The name of the community that contains the IP address for the SNMP Alert destination. The Community Name may be up to 31 nonblank characters in length. The default is public.

    Table 4-25. Automated System Recovery Agent Setting

    Setting

    Description

    Enabled

    Enables/disables the Automated System Recovery Agent. When checked, the Automated System Recovery Agent is enabled.

    Table 4-26. Services Page Buttons

    Button

    Description

    Print

    Prints the Services page.

    Refresh

    Refreshes the Services page.

    Apply Changes

    Applies the Services page settings.


    Updating the iDRAC6 Firmware/System Services Recovery Image

    NOTE: If the iDRAC6 firmware becomes corrupted, as could occur if the iDRAC6 firmware update progress is interrupted before it completes, you can recover the iDRAC6 using the iDRAC6 Web interface.
    NOTE: The firmware update, by default, retains the current iDRAC6 settings. During the update process, you have the option to reset the iDRAC6 configuration to the factory defaults. If you set the configuration to the factory defaults, you must configure the network using the iDRAC6 Configuration Utility.
    1. Open the iDRAC6 Web-based interface and log in to the remote system.

    2. Click Remote Access, and then click the Update tab.

    3. In the Upload/Rollback (Step 1 of 3) page, click Browse, or type the path to the firmware image that you downloaded from support.dell.com or the System Services recovery image.

    NOTE: If you are running Firefox, the text cursor does not appear in the Firmware Image field.

    For example:

    C:\Updates\V1.0\<image_name>.

    OR

    \\192.168.1.10\Updates\V1.0\<image_name>

    The default firmware image name is firmimg.d6.

    1. Click Upload.

    The file will be uploaded to the iDRAC6. This process may take several minutes to complete.

    The following message will be displayed until the process is complete:

    File upload in progress...

    1. On the Status (page 2 of 3) page, you will see the results of the validation performed on the image file you uploaded.

      • If the image file uploaded successfully and passed all verification checks, the image file name will be displayed. If a firmware image was uploaded, the current and the new firmware versions will be displayed.

    OR

      • If the image did not upload successfully, or it did not pass the verification checks, an appropriate error message is displayed, and the update will return to the Upload/Rollback (Step 1 of 3) page. You can attempt to update the iDRAC6 again or click Cancel to reset the iDRAC6 to normal operating mode.

    1. In the case of a firmware image, Preserve Configuration provides you with the option to preserve or clear the existing iDRAC6 configuration. This option is selected by default.

    NOTE: If you deselect the Preserve Configuration checkbox, the iDRAC6 will be reset to its default settings. In the default settings, the LAN is enabled. You may not be able to log in to the iDRAC6 Web interface. You will have to reconfigure the LAN settings using the iDRAC6 Configuration Utility during BIOS POST.
    1. Click Update to start the update process.

    2. In the Updating (Step 3 of 3) page, you will see the status of the update. The progress of the update, measured in percentages, will appear in the Progress column.

    NOTE: While in the update mode, the update process will continue in the background even if you navigate away from this page.

    If the firmware update is successful, the iDRAC6 will reset automatically. You should close the current browser window and reconnect to the iDRAC6 using a new browser window. An appropriate error message is displayed if an error occurs.

    If the System Services Recovery update succeeds/fails, an appropriate status message is displayed.

    iDRAC6 Firmware Rollback

    iDRAC6 has the provision to maintain two simultaneous firmware images. You can choose to boot from (or rollback to) the firmware image of your choice.

    1. Open the iDRAC6 Web-based interface and log in to the remote system.

    Click System® Remote Access, and then click the Update tab.

    1. In the Upload/Rollback (Step 1 of 3) page, click Rollback. The current and the rollback firmware versions are displayed on the Status (Step 2 of 3) page.

    Preserve Configuration provides you with the option to preserve or clear the existing iDRAC6 configuration. This option is selected by default.

    NOTE: If you deselect the Preserve Configuration checkbox, the iDRAC6 will be reset to its default settings. In the default settings, the LAN is enabled. You may not be able to log in to the iDRAC6 Web interface. You will have to reconfigure the LAN settings using the iDRAC6 Configuration Utility during BIOS POST or the racadm command (available locally on the server).
    1. Click Update to start the firmware update process.

    On the Updating (Step 3 of 3) page, you see the status of the rollback operation. The progress, measured in percentages, appear in the Progress column.

    NOTE: While in the update mode, the update process will continue in the background even if you navigate away from this page.

    If the firmware update is successful, the iDRAC6 will reset automatically. You should close the current browser window and reconnect to the iDRAC6 using a new browser window. An appropriate error message is displayed if an error occurs.


    Back to Contents Page

     

snWEB8