Back to Contents Page

Configuring the iDRAC

Integrated Dell™ Remote Access Controller Firmware Version 1.2
User Guide

  Before You Begin

  Interfaces for Configuring the iDRAC

  Configuration Tasks

  Configuring Networking Using the CMC Web Interface

  Viewing FlexAddress Mezzanine Card Fabric Connections

  Updating the iDRAC Firmware


This section provides information about how to establish access to the iDRAC and to configure your management environment to use iDRAC.


Before You Begin

Gather the following items prior to configuring the iDRAC:


Interfaces for Configuring the iDRAC

You can configure the iDRAC using the iDRAC Configuration Utility, the iDRAC Web interface, the local RACADM CLI, or the SM-CLP CLI. The local RACADM CLI is available after you have installed the operating system and the Dell PowerEdge server management software on the managed server. Table 2-1 describes these interfaces.

For greater security, access to the iDRAC configuration through the iDRAC Configuration Utility or Local RACADM CLI can be disabled by means of a RACADM command (see RACADM Subcommand Overview) or from the GUI (see Enabling or Disabling Local Configuration Access).

NOTICE: Using more than one configuration interface at the same time may generate unexpected results.

Table 2-1. Configuration Interfaces 

Interface

Description

iDRAC Configuration
Utility

Accessed at boot time, the iDRAC Configuration utility is useful when installing a new PowerEdge server. Use it for setting up the network and basic security features and for enabling other features.

iDRAC Web Interface

The iDRAC Web interface is a browser-based management application that you can use to interactively manage the iDRAC and monitor the managed server. It is the primary interface for day-to-day tasks, such as monitoring system health, viewing the system event log, managing local iDRAC users, and launching the CMC Web interface and console redirection sessions.

CMC Web Interface

In addition to monitoring and managing the chassis, the CMC Web interface can be used to view the status of a managed server, configure iDRAC network settings, and to start, stop, or reset the managed server.

Chassis LCD Panel

The LCD panel on the chassis containing the iDRAC can be used to view the high-level status of the servers in the chassis. During initial configuration of the CMC, the configuration wizard allows you to enable DHCP configuration of iDRAC networking.

Local RACADM

The local RACADM command line interface runs on the managed server. It is accessed from either the iKVM or a console redirection session initiated from the iDRAC Web interface. RACADM is installed on the managed server when you install Dell OpenManage Server Administrator.

RACADM commands provide access to nearly all iDRAC features. You can inspect sensor data, system event log records, and the current status and configuration values maintained in the iDRAC. You can alter iDRAC configuration values, manage local users, enable and disable features, and perform power functions such as shutting down or rebooting the managed server.

iVM-CLI

The iDRAC Virtual Media Command Line Interface (iVM-CLI) provides the managed server access to media on the management station. It is useful for developing scripts to install operating systems on multiple managed servers.

SM-CLP

SM-CLP is the Server Management Workgroup Server Management-Command Line Protocol (SM-CLP) implementation incorporated in the iDRAC. The SM-CLP command line is accessed by logging into the iDRAC using telnet or SSH.

SM-CLP commands implement a useful subset of the local RACADM commands. The commands are useful for scripting since they can be executed from a management station command line. The output of commands can be retrieved in well-defined formats, including XML, facilitating scripting and integration with existing reporting and management tools.

See RACADM and SM-CLP Equivalencies for a comparison of the RACADM and SM-CLP commands.

IPMI

IPMI defines a standard way for embedded management subsystems such as the iDRAC to communicate with other embedded systems and management applications.

You can use the iDRAC Web interface, SM-CLP, or RACADM commands to configure IPMI Platform Event Filters (PEFs) and Platform Event Traps (PETs).

PEFs cause the iDRAC to perform selectable actions (for example, rebooting the managed server) when it detects a condition. PETs instruct the iDRAC to send e-mail or IPMI alerts when it detects specified events or conditions.

You can also use standard IPMI tools such as ipmitool and ipmishell with iDRAC when you enable IPMI Over LAN.


Configuration Tasks

This section is an overview of the configuration tasks for the management station, the iDRAC, and the managed server. The tasks to be performed include configuring the iDRAC so that it can be used remotely, configuring the iDRAC features you want to use, installing the operating system on the managed server, and installing management software on your management station and the managed server.

The configuration tasks that can be used to perform each task are listed beneath the task.

NOTE: Before performing configuration procedures in this guide, the CMC and I/O modules must be installed in the chassis and configured, and the PowerEdge server must be physically installed in the chassis.

Configure the Management Station

Set up a management station by installing the Dell OpenManage software, a Web browser, and other software utilities.

Configure iDRAC Networking

Enable the iDRAC network and configure IP, netmask, gateway, and DNS addresses.

NOTE: Access to the iDRAC configuration through the iDRAC Configuration Utility or Local RACADM CLI can be disabled by means of a RACADM command (see RACADM Subcommand Overview) or from the GUI (see Enabling or Disabling Local Configuration Access).
NOTE: Changing the iDRAC network settings terminates all current network connections to the iDRAC.
NOTE: The option to configure the server using the LCD panel is available only during the CMC initial configuration. Once the chassis is deployed, the LCD panel cannot be used to reconfigure the iDRAC.
NOTE: The LCD panel can be used to enable DHCP to configure the iDRAC network. If you want to assign static addresses, you must use the iDRAC Configuration Utility or the CMC Web interface.

Configure iDRAC Users

Set up the local iDRAC users and permissions. The iDRAC holds a table of sixteen local users in firmware. You can set usernames, passwords, and roles for these users.

Configure Active Directory

In addition to the local iDRAC users, you can use Microsoft® Active Directory® to authenticate iDRAC user logins.

Configure IP Filtering and IP Blocking

In addition to user authentication, you can prevent unauthorized access by rejecting connection attempts from IP addresses outside of a defined range and by temporarily blocking connections from IP addresses where authentication has failed multiple times within a configurable timespan.

Configure Platform Events

Platform events occur when the iDRAC detects a warning or critical condition from one of the managed server's sensors.

Configure Platform Event Filters (PEFs) to choose the events you want to detect, such as rebooting the managed server, when an event is detected.

Configure Platform Event Traps (PETs) to send alert notifications to an IP address, such as a management station with IPMI software or to send an e-mail to a specified e-mail address.

Enabling or Disabling Local Configuration Access

Access to critical configuration parameters, such as network configuration and user privileges, can be disabled. Once disabled, the setting remains persistent across reboots. Configuration write access is blocked for both the Local RACADM program and the iDRAC Configuration Utility (at boot). Web access to configuration parameters is unimpeded and configuration data is always available for viewing. For information about the iDRAC Web interface, see Enabling or Disabling Local Configuration Access. For cfgRac Tuning commands, see cfgRacTuning.

Configure Serial Over LAN

Serial Over LAN (SOL) is an IPMI feature that allows you to redirect the managed server's serial port I/O over the network. SOL enables the iDRAC console redirection feature.

Configure iDRAC Services

Enable or disable the iDRAC network services — such as telnet, SSH, and the Web server interface — and reconfigure ports and other service parameters.

Configure Secure Sockets Layer (SSL)

Configure SSL for the iDRAC web server.

Configure Virtual Media

Configure the virtual media feature so that you can install the operating system on the PowerEdge server. Virtual media allows the managed server to access media devices on the management station or ISO CD/DVD images on a network share as if they were devices on the managed server.

Install the Managed Server Software

Install the operating system on the PowerEdge server using virtual media and then install the Dell OpenManage software on the managed PowerEdge server and set up the last crash screen feature.

Configure the Managed Server for the Last Crash Screen Feature

Set up the managed server so that the iDRAC can capture the screen image after an operating system crash or freeze.


Configuring Networking Using the CMC Web Interface

NOTE: You must have Chassis Configuration Administrator privilege to set up iDRAC network settings from the CMC.
NOTE: The default CMC user is root and the default password is calvin.
NOTE: The CMC IP address can be found in the iDRAC Web interface by clicking System® Remote Access® CMC. You can also launch the CMC Web interface from this page.
  1. Use your web browser to log in to the CMC web user interface using a URL of the form https://<CMC-IP-address> or https://<CMC-DNS- name>.

  2. Enter the CMC username and password and click OK.

  3. Click the plus (+) symbol next to Chassis in the left column, then click Servers.

  4. Click Setup® Deploy Network.

  5. Enable the LAN for the server by checking the checkbox next to the server beneath the Enable Lan heading.

  6. Enable or disable IPMI over LAN by checking the or unchecking the checkbox next to the server beneath the Enable IPMI over LAN heading.

  7. Enable or disable DHCP for the server by checking or unchecking the checkbox next to the server under the DHCP Enabled heading.

  8. If DHCP is disabled, enter the static IP address, netmask, and default gateway for the server.

  9. Click Apply at the bottom of the page.


Viewing FlexAddress Mezzanine Card Fabric Connections

The M1000e includes FlexAddress, an advanced multilevel, multistandard networking system. FlexAddress allows the use of persistent, chassis-assigned World Wide Names and MAC addresses (WWN/MAC) for each managed server port connection.

NOTICE: In order to avoid errors that may lead to an inability to power on the managed server, you must have the correct type of mezzanine card installed for each port and fabric connection.

Configuration of the FlexAddress feature is performed using the CMC web interface. For more information on the FlexAddress feature and its configuration, see your Dell Chassis Management Controller Firmware Version 1.20 User Guide.

Once the FlexAddress feature has been enabled and configured for the cabinet, click System® Properties® WWN/MAC to view a list of installed mezzanine cards, the fabrics and ports to which they are connected, the fabric port location, type of fabric, and server-configured or chassis-assigned MAC addresses for each installed embedded Ethernet and optional mezzanine card port.

To view a list of installed mezzanine cards, the type of mezzanine cards installed, and if FlexAddress is configured, click System® Properties® Summary.


Updating the iDRAC Firmware

Updating the iDRAC firmware installs a new firmware image in the iDRAC flash memory. You can update the firmware using any of the following methods:

Downloading the Firmware or Update Package

Download the firmware from support.dell.com. The firmware image is available in several different formats to support the different update methods available.

To update the iDRAC firmware using the iDRAC Web interface or SM-CLP, or to recover the iDRAC using the CMC Web interface, download the binary image, packaged as a self-extracting archive.

To update the iDRAC firmware from the managed server, download the operating system-specific Dell Update Package (DUP) for the operating system running on the server whose iDRAC you are updating.

To update the iDRAC firmware using the DOS iDRAC Firmware update utility, download both the update utility and the binary image, which are packaged in self-extracting archive files.

Execute the Firmware Update

NOTE: When the iDRAC firmware update begins, all existing iDRAC sessions are disconnected and new sessions are not permitted until the update process is completed.
NOTE: The chassis fans run at 100% during the iDRAC firmware update. When the update is complete, normal fan speed regulation resumes. This is normal behavior, designed to protect the server from overheating during a time when it cannot send sensor information to the CMC.

To use a Dell Update Package for Linux or Microsoft Windows, execute the operating-specific DUP on the managed server.

When using the SM-CLP load command, place the firmware binary image in a directory where a Trivial File Transfer Protocol (TFTP) server can serve it to the iDRAC. See Updating the iDRAC Firmware Using SM-CLP.

When using the iDRAC Web interface or the CMC Web interface, place the firmware binary image on a disk that is accessible to the management station from which you are running the Web interface. See Updating the iDRAC Firmware.

NOTE: The iDRAC Web interface also allows you to reset the iDRAC configuration to the factory defaults.

You can use the CMC Web interface to update the firmware only when the CMC detects that the iDRAC firmware is corrupted, as could occur if the iDRAC firmware update progress is interrupted before it completes. See Recovering iDRAC Firmware Using the CMC.

NOTE: After the CMC updates the firmware of the iDRAC, the iDRAC generates new SHA1 and MD5 keys for the SSL certificate. Because the keys are different from those in the open Web browser, all browser windows that are connected to the iDRAC must be closed after the firmware update is complete. If the browser windows are not closed, an Invalid Certificate error message is displayed.
NOTE: If you are backdating your iDRAC firmware from version 1.20 to an earlier version, you must delete the existing Internet Explorer ActiveX browser plugin on any Windows-based Management Station to allow the firmware to install a compatible version of the ActiveX plugin. To delete the ActiveX plugin, navigate to c:\WINNT\Downloaded Program Files and delete the file DELL IMC KVM Viewer.

Using the DOS Update Utility

To update the iDRAC firmware using the DOS update utility, boot the managed server to DOS, and execute the idrac16d command. The syntax for the command is:

idrac16d [-f] [-i=<filename>] [-l=<logfile>]

When executed with no options, the idrac16d command updates the iDRAC firmware using the firmware image file firmimg.imc in the current directory.

The options are as follows:

-f — forces the update. The -f option can be used to downgrade the firmware to an earlier image.

-i=<filename> — specifies the filename image that contains the firmware image. This option is required if the firmware filename has been changed from the default name firmimg.imc.

-l=<logfile> — logs output from the update activity. This option is used for debugging.

NOTICE: If you enter incorrectly arguments to the idrac16d command, or supply the -h option, you may notice an additional option, -nopresconfig in the usage output. This option is used to update the firmware without preserving any configuration information. You should not use this option, since it deletes all of your existing iDRAC configuration information such as IP addresses, users, and passwords.

Verifying the Digital Signature

A digital signature is used to authenticate the identity of the signer of a file and to certify that the original content of the file has not been modified since it was signed.

If you do not already have it installed on your system, you must install the Gnu Privacy Guard (GPG) to verify a digital signature. To use the standard verification procedure, perform the following steps:

  1. Download the Dell Linux public GnuPG key, if you do not already have it, by navigating to lists.us.dell.com and clicking the Dell Public GPG key link. Save the file to your local system. The default name is linux-security- publickey.txt.

  2. Import the public key to your gpg trust database by running the following command:

gpg --import <Public Key Filename>

NOTE: You must have your private key to complete the process.
  1. To avoid a distrusted-key warning, change the trust level for the Dell Public GPG key.

    1. Type the following command:

gpg --edit-key 23B66A9D

    1. Within the GPG key editor, type fpr. The following message appears:

pub 1024D/23B66A9D 2001-04-16 Dell, Inc. (Product Group) <linux-security@dell.com>
Primary key fingerprint: 4172 E2CE 955A 1776 A5E6 1BB7 CA77 951D 23B6 6A9D

If the fingerprint of your imported key is the same as above, you have a correct copy of the key.

    1. While still in the GPG key editor, type trust. The following menu appears:

Please decide how far you trust this user to correctly verify other users' keys (by looking at passports, checking fingerprints from different sources, etc.)


  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision?

    1. Type 5 <Enter>. The following prompt appears:

Do you really want to set this key to ultimate trust? (y/N)

    1. Type y <Enter> to confirm your choice.

    2. Type quit <Enter> to exit the GPG key editor.

You must import and validate the public key only once.

  1. Obtain the package you need, for example the Linux DUP or self- extracting archive) and its associated signature file from the Dell Support website at support.dell.com/support/downloads.

NOTE: Each Linux Update Package has a separate signature file, which is shown on the same web page as the Update Package. You need both the Update Package and its associated signature file for verification. By default, the signature file is named the same as the DUP filename with a .sign extension. For example, if a Linux DUP is named PEM600_BIOS_LX_2.1.2.BIN, its signature filename is PEM600_BIOS_LX_2.1.2.BIN.sign. The iDRAC firmware image also has an associated .sign file, which is included in the self-extracting archive with the firmware image. To download the files, right-click on the download link and use the Save Target As... file option.
  1. Verify the Update Package:

gpg --verify <Linux Update Package signature filename> <Linux Update Package filename>

The following example illustrates the steps that you follow to verify a PowerEdge M600 BIOS Update Package:

  1. Download the following two files from support.dell.com:

  2. Import the public key by running the following command line:

gpg --import <linux-security-publickey.txt>

The following output message appears:

gpg: key 23B66A9D: "Dell Computer Corporation (Linux Systems Group) <linux-security@dell.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1

  1. Set the GPG trust level for the Dell public key. if you haven't done so previously.

    1. Typing the following command:

gpg --edit-key 23B66A9D

    1. At the command prompt, type the following commands:

fpr
trust

    1. Type 5 <Enter> to choose I trust ultimately from the menu.

    2. Type y <Enter> to confirm your choice.

    3. Type quit <Enter> to exit the GPG key editor.

This completes validation of the Dell public key.

  1. Verify the PEM600 BIOS package digital signature by running the following command:

gpg --verify PEM600_BIOS_LX_2.1.2.BIN.sign PEM600_BIOS_LX_2.1.2.BIN

The following output message appears:

gpg: Signature made Fri Jul 11 15:03:47 2008 CDT using DSA key ID 23B66A9D
gpg: Good signature from "Dell, Inc. (Product Group) <linux-security@dell.com>"

NOTE: If you have not validated the key as shown in step 3, you will receive additional messages:

gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 4172 E2CE 955A 1776 A5E6 1BB7 CA77 951D 23B6 6A9D

Clear Your Browser's Cache

To be able to use the features in the latest iDRAC, you must clear the browser's cache to remove/delete any old web pages that may be stored on the system.

Interent Explorer

  1. Start Internet Explorer.

  2. Click Tools, and then click Internet Options.

The Internet Options window appears.

  1. Click the General tab.

  2. Under Temporary Internet files, click Delete Files.

The Delete Files window appears.

  1. Click to check Delete all offline content, and then click OK.

  2. Click OK to close the Internet Options window.

Firefox

  1. Start Firefox.

  2. Click Edit® Preferences.

  3. Click the Privacy tab.

  4. Click the Clear Cache Now.

  5. Click Close.


Back to Contents Page