Back to Contents Page

Configuring the iDRAC Using the Web Interface

Integrated Dell™ Remote Access Controller Firmware Version 1.2
User Guide

  Accessing the Web Interface

  Configuring the iDRAC NIC

  Configuring Platform Events

  Configuring IPMI

  Adding and Configuring iDRAC Users

  Securing iDRAC Communications Using SSL and Digital Certificates

  Configuring and Managing Active Directory Certificates

  Enabling or Disabling Local Configuration Access

  Configuring Serial Over LAN

  Configuring iDRAC Services

  Updating the iDRAC Firmware


The iDRAC provides a Web interface that enables you to configure the iDRAC properties and users, perform remote management tasks, and troubleshoot a remote (managed) system for problems. For everyday systems management, use the iDRAC Web interface. This chapter provides information about how to perform common systems management tasks with the iDRAC Web interface and provides links to related information.

Most Web interface configuration tasks can also be performed with local RACADM commands or with SM-CLP commands.

Local RACADM commands are executed from the managed server. For more information about local RACADM, see Using the Local RACADM Command Line Interface.

SM-CLP commands are executed in a shell that can be accessed remotely with a telnet or SSH connection. For more information about SM-CLP, see Using the iDRAC SM-CLP Command Line Interface.


Accessing the Web Interface

To access the iDRAC Web interface, perform the following steps:

  1. Open a supported Web browser window.

See Supported Web Browsers for more information.

  1. In the Address field, type https://<iDRAC-IP-address> and press <Enter>.

If the default HTTPS port number (port 443) has been changed, type:

https://<iDRAC-IP-address>:<port-number>

where iDRAC-IP-address is the IP address for the iDRAC and port-number is the HTTPS port number.

The iDRAC Login window appears.

Logging In

You can log in as either an iDRAC user or as a Microsoft® Active Directory® user. The default user name and password are root and calvin, respectively.

You must have been granted Login to iDRAC privilege by the administrator to log in to the iDRAC.

To log in, perform the following steps:

  1. In the Username field, type one of the following:

The user name for local users is case sensitive. Examples are root, it_user, or john_doe.

Active Directory names can be entered in any of the forms <domain>\<username>, <domain>/<username>, or <user>@<domain>. They are not case sensitive. Examples are dell.com\john_doe,or JOHN_DOE@DELL.COM.

  1. In the Password field, type your iDRAC user password or Active Directory user password. Passwords are case sensitive.

  2. Click OK or press <Enter>.

Logging Out

  1. In the upper-right corner of the main window, click Logout to close the session.

  2. Close the browser window.

NOTE: The Logout button does not appear until you log in.
NOTE: Closing the browser without gracefully logging out may cause the session to remain open until it times out. It is strongly recommended that you click the logout button to end the session; otherwise, the session may remain active until the session timeout is reached.
NOTE: Closing the iDRAC Web interface within Microsoft Internet Explorer using the close button ("x") at the top right corner of the window may generate an application error. To fix this issue, download the latest Cumulative Security Update for Internet Explorer from the Microsoft Support website, located at support.microsoft.com.

Using Multiple Bowser Tabs and Windows

Different versions of web browsers exhibit different behaviors when opening new tabs and windows. Each window is a new session, but each new tab is not. Microsoft Internet Explorer 6 does not support tabs; therefore, each browser window opened becomes a new iDRAC Web Interface session. Internet Explorer 7 has the option to open tabs as well as windows. Each tab inherits the characteristics of the most recently opened tab. For example, if a user logs in with Power User priveleges on one tab, and then logs in as Administrator on another tab, both open tabs then have Administrator privileges. Closing any one tab expires all iDRAC Web Interface tabs.

Tab and window behavior in Firefox is the same as Internet Explorer 7.


Configuring the iDRAC NIC

This section assumes that the iDRAC has already been configured and is accessible on the network. See Configure iDRAC Networking for help with the initial iDRAC network configuration.

Configuring the Network and IPMI LAN Settings

NOTE: You must have Configure iDRAC privilege to perform the following steps.
NOTE: Most DHCP servers require a server to store a client identifier token in its reservations table. The client (iDRAC, for example) must provide this token during DHCP negotiation. The iDRAC supplies the client identifier option using a one-byte interface number (0) followed by a six-byte MAC address.
  1. Click System® Remote Access® iDRAC.

  2. Click the Network/Security tab to open the Network Configuration page.

Table 5-1 and Table 5-2 describe the Network Settings and IPMI LAN Settings on the Network page.

  1. When you have completed entering the required settings, click Apply.

  2. Click the appropriate button to continue. See Table 5-3.

Table 5-1. Network Settings 

Setting

Description

Enable NIC

When checked, indicates that the NIC is enabled and activates the remaining controls in this group. When a NIC is disabled, all communication to and from the iDRAC via the network is blocked.

The default is off.

Media Access Control (MAC) Address

Displays the Media Access Control (MAC) address that uniquely identifies each node in a network. The MAC address cannot be changed.

Use DHCP (For NIC IP Address)

Prompts the iDRAC to obtain an IP address for the NIC from the Dynamic Host Configuration Protocol (DHCP) server. Also deactivates the Static IP Address, Static Subnet Mask, and Static Gateway controls.

The default is off.

Static IP Address

Allows you to enter or edit a static IP address for the iDRAC NIC. To change this setting, deselect the Use DHCP (For NIC IP Address) checkbox.

Static Subnet Mask

Allows you to enter or edit a subnet mask for the iDRAC NIC. To change this setting, first deselect the Use DHCP (For NIC IP Address) checkbox.

Static Gateway

Allows you to enter or edit a static gateway for the iDRAC NIC. To change this setting, first deselect the Use DHCP (For NIC IP Address) checkbox.

Use DHCP to obtain DNS server addresses

Enable DHCP to obtain DNS server addresses by selecting the Use DHCP to obtain DNS server addresses checkbox. When not using DHCP to obtain the DNS server addresses, provide the IP addresses in the Static Preferred DNS Server and Static Alternate DNS Server fields.

The default is off.

NOTE: When the Use DHCP to obtain DNS server addresses checkbox is selected, IP addresses cannot be entered into the Static Preferred DNS Server and Static Alternate DNS Server fields.

Static Preferred DNS Server

Allows the user to enter or edit a static IP address for the preferred DNS server. To change this setting, first deselect the Use DHCP to obtain DNS server addresses checkbox.

Static Alternate DNS Server

Uses the secondary DNS server IP address when Use DHCP to obtain DNS server addresses is not selected. Enter an IP address of 0.0.0.0 if there is no alternate DNS server.

Register iDRAC on DNS

Registers the iDRAC name on the DNS server.

The default is Disabled.

DNS iDRAC Name

Displays the iDRAC name only when Register iDRAC on DNS is selected. The default name is idrac-service_tag, where service_tag is the service tag number of the Dell server. For example: idrac-00002.

Use DHCP for DNS Domain Name

Uses the default DNS domain name. When the box is not selected and the Register iDRAC on DNS option is selected, modify the DNS domain name in the DNS Domain Name field.

The default is Disabled.

NOTE: To select the Use DHCP for DNS Domain Name checkbox, also select the Use DHCP (For NIC IP Address) checkbox.

DNS Domain Name

The default DNS Domain Name is blank. When the Use DHCP for DNS Domain Name checkbox is selected, this option is grayed out and the field cannot be modified.

Community String

Contains the community string to use in Simple Network Management Protocol (SNMP) alert traps sent from the iDRAC. SNMP alert traps are transmitted by the iDRAC when a platform event occurs. The default is public.

SMTP Server Address

The IP address of the Simple Mail Transfer Protocol (SMTP) server that the iDRAC communicates with to send e-mail alerts when a platform event occurs. The default is 127.0.0.1.

Table 5-2. IPMI LAN Settings

Setting

Description

Enable IPMI Over LAN

When checked, indicates that the IPMI LAN channel is enabled. The default is off.

Channel Privilege Level Limit

Configures the maximum privilege level, for the user, that can be accepted on the LAN channel. Select one of the following options: Administrator, Operator, or User. The default is Administrator.

Encryption Key

Configures the encryption key: 0 to 20 hexadecimal characters (with no blanks allowed). The default is blank.

Table 5-3. Network Configuration Page Buttons 

Button

Description

Advanced Settings

Opens the Network Security page, allowing the user to enter IP Range, and IP Blocking attributes.

Print

Prints the Network Configuration values that appear on the screen.

Refresh

Reloads the Network Configuration page.

Apply

Saves any new settings made to the network configuration page.

NOTE: Changes to the NIC IP address settings will close all user sessions and require users to reconnect to the iDRAC Web interface using the updated IP address settings. All other changes will require the NIC to be reset, which may cause a brief loss in connectivity.

Configuring IP Filtering and IP Blocking

NOTE: You must have Configure iDRAC permission to perform the following steps.
  1. Click System® Remote Access® iDRAC and then click the Network/Security tab to open the Network Configuration page.

  2. Click Advanced Settings to configure the network security settings.

Table 5-4 describes the Network Security page settings.

  1. When you have finished configuring the settings, click Apply.

  2. Click the appropriate button to continue. See Table 5-5.

Table 5-4. Network Security Page Settings 

Settings

Description

IP Range Enabled

Enables the IP Range checking feature, which defines a range of IP addresses that can access the iDRAC. The default is off.

IP Range Address

Determines the acceptable IP subnet address. The default is 192.168.1.0.

IP Range Subnet Mask

Defines the significant bit positions in the IP address. The subnet mask should be in the form of a netmask, where the more significant bits are all 1's with a single transition to all zeros in the lower-order bits. The default is 255.255.255.0.

IP Blocking Enabled

Enables the IP address blocking feature, which limits the number of failed login attempts from a specific IP address for a preselected time span. The default is off.

IP Blocking Fail Count

Sets the number of login failures attempted from an IP address before the login attempts are rejected from that address. The default is 10.

IP Blocking Fail Window

Determines the time span in seconds within which IP Block Fail Count failures must occur to trigger the IP Block Penalty Time. The default is 3600.

IP Blocking Penalty Time

The time span in seconds that login attempts from an IP address with excessive failures are rejected. The default is 3600.

Table 5-5. Network Security Page Buttons

Button

Description

Print

Prints the Network Security values that appear on the screen.

Refresh

Reloads the Network Security page.

Apply

Saves any new settings that you made to the Network Security page.

Go Back to Network Page

Returns to the Network page.


Configuring Platform Events

Platform event configuration provides a mechanism for configuring the iDRAC to perform selected actions on certain event messages. The actions include no action, reboot system, power cycle system, power off system, and generate an alert (Platform Event Trap [PET] and/or e-mail).

The filterable platform events are listed in Table 5-6.

Table 5-6. Filterable Platform Events  

Index

Platform Event

1

Battery Warning Assert

2

Battery Critical Assert

3

Discrete Voltage Critical Assert

4

Temperature Warning Assert

5

Temperature Critical Assert

6

Redundancy Degraded

7

Redundancy Lost

8

Processor Warning Assert

9

Processor Critical Assert

10

Processor Absent Assert

11

Event Log Critical Assert

12

Watchdog Critical Assert

When a platform event occurs (for example, a battery warning assert), a system event is generated and recorded in the System Event Log (SEL). If this event matches a platform event filter (PEF) that is enabled and you have configured the filter to generate an alert (PET or e-mail), then a PET or e-mail alert is sent to one or more configured destinations.

If the same platform event filter is also configured to perform an action (such as rebooting the system), the action is performed.

Configuring Platform Event Filters (PEF)

NOTE: Configure platform event filters before you configure the platform event traps or e-mail alert settings.
  1. Log in to the iDRAC Web interface. See Accessing the Web Interface.

  2. Click System and then the Alert Management tab.

  3. On the Platform Events page, enable Alert Generation for an event by clicking the corresponding Generate Alert checkbox for that event.

NOTE: You can enable or disable Alert Generation for all events by clicking the checkbox next to the Generate Alert column heading.
  1. Click the radio button below the action you would like to enable for each event. Only one action can be set for each event.

  2. Click Apply.

NOTE: Generate Alert must be enabled for an alert to be sent to any valid, configured destination (PET or e-mail).

Configuring Platform Event Traps (PET)

NOTE: You must have Configure iDRAC permission to add or enable/disable an SNMP alert. The following options will not be available if you do not have Configure iDRAC permission.
  1. Log in to the remote system using a supported Web browser. See Accessing the Web Interface.

  2. Ensure that you followed the procedures in Configuring Platform Event Filters (PEF).

  3. Configure your PET destination IP address:

    1. Click the Enable checkbox next to the Destination Number you would like to activate.

    1. Enter an IP address in the Destination IP Address box.

NOTE: The destination community string must be the same as the iDRAC community string.
    1. Click Apply.

NOTE: To successfully send a trap, configure the Community String value on the Network Configuration page. The Community String value indicates the community string to use in a Simple Network Management Protocol (SNMP) alert trap sent from the iDRAC. SNMP alert traps are transmitted by the iDRAC when a platform event occurs. The default setting for the Community String is Public.
    1. Click Send to test the configured alert (if desired).

    2. Repeat step a through step d for any remaining destination numbers.

Configuring E-Mail Alerts

  1. Log in to the remote system using a supported Web browser.

  2. Ensure that you followed the procedures in Configuring Platform Event Filters (PEF).

  3. Configure your e-mail alert settings.

    1. On the Alert Management tab, click Email Alert Settings.

  4. Configure your e-mail alert destination.

    1. In the Email Alert Number column, click a destination number. There are four possible destinations to receive alerts.

    1. Ensure that the Enabled checkbox is selected.

    2. In the Destination Email Address field, type a valid e-mail address.

    3. Click Apply.

NOTE: To successfully send a test e-mail, the SMTP Server Address must be configured on the Network Configuration page. The IP address of the SMTP Server communicates with the iDRAC to send e-mail alerts when a platform event occurs.
    1. Click Send to test the configured e-mail alert (if desired).

    2. Repeat step a through step e for any remaining e-mail alert settings.


Configuring IPMI

  1. Log in to the remote system using a supported Web browser.

  2. Configure IPMI over LAN.

    1. Click System® Remote Access® iDRAC, then click the Network/Security.

    1. In the Network Configuration page under IPMI LAN Settings, select Enable IPMI Over LAN.

    2. Update the IPMI LAN channel privileges, if required:

NOTE: This setting determines the IPMI commands that can be executed from the IPMI over LAN interface. For more information, see the IPMI 2.0 specifications.

Under IPMI LAN Settings, click the Channel Privilege Level Limit drop-down menu, select Administrator, Operator, or User and click Apply.

    1. Set the IPMI LAN channel encryption key, if required.

NOTE: The iDRAC IPMI supports the RMCP+ protocol.
NOTE: The encryption key must consist of an even number of hexadecimal characters with a maximum length of 20 characters.

Under IPMI LAN Settings in the Encryption Key field, type the encryption key.

    1. Click Apply.

  1. Configure IPMI Serial over LAN (SOL).

    1. Click System® Remote Access® iDRAC.

    1. Click the Network Security tab, then click Serial Over LAN.

    2. On the Serial Over LAN Configuration page, click the Enable Serial Over LAN checkbox to enable Serial over LAN.

    3. Update the IPMI SOL baud rate.

NOTE: To redirect the serial console over the LAN, ensure that the SOL baud rate is identical to your managed server's baud rate.

Click the Baud Rate drop-down menu to select a data speed of 19.2 kbps, 57.6 kbps or 115.2 kbps.

    1. Click Apply.


Adding and Configuring iDRAC Users

To manage your system with the iDRAC and maintain system security, create unique users with specific administrative permissions (or role-based authority).

To add and configure iDRAC users, perform the following steps:

NOTE: You must have Configure iDRAC permission to perform the following steps.
  1. Click System® Remote Access® iDRAC and then click the Network/Security tab.

  2. Open the Users page to configure users.

The Users page displays each user's User ID, State, Username, IPMI LAN Privileges, iDRAC Privileges, and Serial Over LAN.

NOTE: User-1 is reserved for the IPMI anonymous user and is not configurable.
  1. In the User ID column, click a user ID number.

  2. On the User Configuration page, configure the user's properties and privileges.

Table 5-7 describes the General settings for configuring an iDRAC user name and password.

Table 5-8 describes the IPMI LAN Privileges for configuring the user's LAN privileges.

Table 5-9 describes the User Group permissions for the IPMI LAN Privileges and the iDRAC User Privileges settings.

Table 5-10 describes the iDRAC Group permissions. If you add an iDRAC User Privilege to the Administrator, Power User, or Guest User, the iDRAC Group will change to the Custom group.

  1. When completed, click Apply.

  2. Click the appropriate button to continue. See Table 5-11.

Table 5-7. General Properties  

Property

Description

User ID

Contains one of 16 preset User ID numbers. This field cannot be edited.

Enable User

When checked, indicates that the user's access to the iDRAC is enabled. When unchecked, user access is disabled.

Username

Specifies an iDRAC user name with up to 16 characters. Each user must have a unique user name.

NOTE: User names on the iDRAC cannot include the / (forward slash) or . (period) characters.

NOTE: If the user name is changed, the new name will not appear in the user interface until the next user login.

Change Password

Enables the New Password and Confirm New Password fields. When unchecked, the user's Password cannot be changed.

New Password

Enables editing the iDRAC user's password. Enter a Password with up to 20 characters. The characters will not display.

Confirm New Password

Retype the iDRAC user's password to confirm.

Table 5-8. IPMI LAN User Privileges

Property

Description

Maximum LAN User Privilege Granted

Specifies the user's maximum privilege on the IPMI LAN channel to one of the following user groups: None, Administrator, Operator, or User.

Enable Serial Over LAN

Allows the user to use IPMI Serial Over LAN. When checked, this privilege is enabled.

Table 5-9. iDRAC User Privileges 

Property

Description

iDRAC Group

Specifies the user's maximum iDRAC user privilege as one of the following: Administrator, Power User, Guest User, Custom, or None.

See Table 5-10 for iDRAC Group permissions.

Login to iDRAC

Enables the user to log in to the iDRAC.

Configure iDRAC

Enables the user to configure the iDRAC.

Configure Users

Enables the user to allow specific users to access the system.

Clear Logs

Enables the user to clear the iDRAC logs.

Execute Server Control Commands

Enables the user to execute RACADM commands.

Access Console Redirection

Enables the user to run Console Redirection.

Access Virtual Media

Enables the user to run and use Virtual Media.

Test Alerts

Enables the user to send test alerts (e-mail and PET) to a specific user.

Execute Diagnostic Commands

Enables the user to run diagnostic commands.

Table 5-10. iDRAC Group Permissions

User Group

Permissions Granted

Administrator

Login to iDRAC, Configure iDRAC, Configure Users, Clear Logs, Execute Server Control Commands, Access Console Redirection, Access Virtual Media, Test Alerts, Execute Diagnostic Commands

Power User

Login to iDRAC, Clear Logs, Execute Server Control Commands, Access Console Redirection, Access Virtual Media, Test Alerts

Guest User

Login to iDRAC

Custom

Selects any combination of the following permissions: Login to iDRAC, Configure iDRAC, Configure Users, Clear Logs, Execute Server Action Commands, Access Console Redirection, Access Virtual Media, Test Alerts, Execute Diagnostic Commands

None

No assigned permissions

Table 5-11. User Configuration Page Buttons 

Button

Action

Print

Prints the User Configuration values that appear on the screen.

Refresh

Reloads the User Configuration page.

Apply

Saves any new settings made to the user configuration.

Go Back To Users Page

Returns to the Users Page.


Securing iDRAC Communications Using SSL and Digital Certificates

This section provides information about the following data security features that are incorporated in your iDRAC:

Secure Sockets Layer (SSL)

The iDRAC includes a Web server that is configured to use the industry-standard SSL security protocol to transfer encrypted data over a network. Built upon public-key and private-key encryption technology, SSL is a widely accepted technology for providing authenticated and encrypted communication between clients and servers to prevent eavesdropping across a network.

An SSL-enabled system can perform the following tasks:

The encryption process provides a high level of data protection. The iDRAC employs the 128-bit SSL encryption standard, the most secure form of encryption generally available for Internet browsers in North America.

The iDRAC Web server has a Dell self-signed SSL digital certificate (Server ID) by default. To ensure high security over the Internet, replace the Web server SSL certificate with a certificate signed by a well-known certificate authority. To initiate the process of obtaining a signed certificate, you can use the iDRAC Web interface to generate a Certificate Signing Request (CSR) with your company's information. You can then submit the generated CSR to a CA such as VeriSign or Thawte.

Certificate Signing Request (CSR)

A CSR is a digital request to a Certificate Authority (CA) for a secure server certificate. Secure server certificates allow clients of the server to trust the identity of the server they have connected to and to negotiate an encrypted session with the server.

A Certificate Authority is a business entity that is recognized in the IT industry for meeting high standards of reliable screening, identification, and other important security criteria. Examples of CAs include Thawte and VeriSign. After the CA receives a CSR, they review and verify the information the CSR contains. If the applicant meets the CA's security standards, the CA issues a digitally-signed certificate that uniquely identifies that applicant for transactions over networks and on the Internet.

After the CA approves the CSR and sends the certificate, upload the certificate to the iDRAC firmware. The CSR information stored on the iDRAC firmware must match the information contained in the certificate.

Accessing the SSL Main Menu

  1. Click System® Remote Access® iDRAC, then click the Network/Security tab.

  2. Click SSL to open the SSL Main Menu page.

Use the SSL Main Menu page to generate a CSR to send to a CA. The CSR information is stored on the iDRAC firmware.

Table 5-12 describes the options available when generating a CSR.

Table 5-13 describes the available buttons on the SSL Main Menu page.

Table 5-12. SSL Main Menu Options

Field

Description

Generate a New Certificate Signing Request (CSR)

Select the option and click Next to open the Generate Certificate Signing Request (CSR) page.

NOTE: Each new CSR overwrites any previous CSR on the firmware. For a CA to accept your CSR, the CSR in the firmware must match the certificate returned from the CA.

Upload Server Certificate

Select the option and click Next to open the Certificate Upload page and upload the certificate sent to you by the CA.

NOTE: Only X509, Base 64-encoded certificates are accepted by the iDRAC. DER-encoded certificates are not accepted.

View Server Certificate

Select the option and click Next to open the View Server Certificate page and view an existing server certificate.

Table 5-13. SSL Main Menu Buttons

Button

Description

Print

Prints the SSL Main Menu values that appear on the screen.

Refresh

Reloads the SSL Main Menu page.

Next

Processes the information on the SSL Main Menu page and continues to the next step.

Generating a New Certificate Signing Request

NOTE: Each new CSR overwrites any previous CSR data stored in the firmware. The CSR in the firmware must match the certificate returned from the CA. Otherwise, the iDRAC will not accept the certificate.
  1. On the SSL Main Menu page, select Generate a New Certificate Signing Request (CSR) and click Next.

  2. On the Generate Certificate Signing Request (CSR) page, enter a value for each CSR attribute.

Table 5-14 describes the Generate Certificate Signing Request (CSR) page options.

  1. Click Generate to create the CSR.

  2. Click Download to save the CSR file to your local computer.

  3. Click the appropriate button to continue. See Table 5-15.

Table 5-14. Generate Certificate Signing Request (CSR) Page Options 

Field

Description

Common Name

The exact name being certified (usually the Web server's domain name, for example, www.xyzcompany.com). Only alphanumeric characters, hyphens, underscores, and periods are valid. Spaces are not valid.

Organization Name

The name associated with this organization (for example, XYZ Corporation). Only alphanumeric characters, hyphens, underscores, periods and spaces are valid.

Organization Unit

The name associated with an organizational unit, such as a department (for example, Information Technology). Only alphanumeric characters, hyphens, underscores, periods, and spaces are valid.

Locality

The city or other location of the entity being certified (for example, Round Rock). Only alphanumeric characters and spaces are valid. Do not separate words using an underscore or other character.

State Name

The state or province where the entity who is applying for a certification is located (for example, Texas). Only alphanumeric characters and spaces are valid. Do not use abbreviations.

Country Code

The name of the country where the entity applying for certification is located.

Email

The e-mail address associated with the CSR. Type the company's e-mail address, or any e-mail address associated with the CSR. This field is optional.

Table 5-15. Generate Certificate Signing Request (CSR) Page Buttons 

Button

Description

Print

Prints the Generate Certificate Signing Request values that appear on the screen.

Refresh

Reloads the Generate Certificate Signing Request page.

Generate

Generates a CSR and then prompts the user to save it to a specified directory.

Download

Downloads the certificate to the local computer.

Go Back to SSL Main Menu

Returns the user to the SSL Main Menu page.

Uploading a Server Certificate

  1. In the SSL Main Menu page, select Upload Server Certificate and click Next.

The Certificate Upload page appears.

  1. In the File Path field, type the path to the certificate or click Browse to navigate to the certificate file.

NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension.
  1. Click Apply.

  2. Click the appropriate button to continue. See Table 5-16.

Table 5-16. Certificate Upload Page Buttons

Button

Description

Print

Prints the values that appear on the Certificate Upload page.

Refresh

Reloads the Certificate Upload page.

Apply

Applies the certificate to the iDRAC firmware.

Go Back to SSL Main Menu

Returns the user to the SSL Main Menu page.

Viewing a Server Certificate

  1. On the SSL Main Menu page, select View Server Certificate and click Next.

Table 5-17 describes the fields and associated descriptions listed in the Certificate window.

  1. Click the appropriate button to continue. See Table 5-18.

Table 5-17. Certificate Information 

Field

Description

Serial Number

Certificate serial number

Subject Information

Certificate attributes entered by the subject

Issuer Information

Certificate attributes returned by the issuer

Valid From

Issue date of the certificate

Valid To

Expiration date of the certificate

Table 5-18. View Server Certificate Page Buttons

Button

Description

Print

Prints the View Server Certificate values that appear on the screen.

Refresh

Reloads the View Server Certificate page.

Go Back to SSL Main Menu

Return to the SSL Main Menu page.


Configuring and Managing Active Directory Certificates

NOTE: You must have Configure iDRAC permission to configure Active Directory and upload, download, and view an Active Directory certificate.
NOTE: For more information about Active Directory configuration and how to configure Active Directory with the standard schema or an extended schema, see Using the iDRAC with Microsoft Active Directory.

To access the Active Directory Main Menu:

  1. Click System® Remote Access® iDRAC, and then click the Network/Security tab.

  2. Click Active Directory to open the Active Directory Main Menu page.

Table 5-19 lists the Active Directory Main Menu page options.

  1. Click the appropriate button to continue. See Table 5-20.

    Table 5-19. Active Directory Main Menu Page Options

    Field

    Description

    Configure Active Directory

    Configures the Active Directory ROOT Domain Name, Active Directory Authentication Timeout, Active Directory Schema Selection, iDRAC Name, iDRAC Domain Name, Role Groups, Group Name, and Group Domain settings.

    Upload Active Directory CA Certificate

    Uploads an Active Directory certificate to the iDRAC.

    Download iDRAC Server Certificate

    The Windows Download Manager downloads an iDRAC server certificate to the system.

    View Active Directory CA Certificate

    Displays an Active Directory Certificate that has been uploaded to the iDRAC.



Table 5-20. Active Directory Main Menu Page Buttons

Button

Definition

Print

Prints the Active Directory Main Menu values that appear on the screen.

Refresh

Reloads the Active Directory Main Menu page.

Next

Processes the information on the Active Directory Main Menu page and continues to the next step.

Configuring Active Directory (Standard Schema and Extended Schema)

  1. On the Active Directory Main Menu page, select Configure Active Directory and click Next.

  2. On the Active Directory Configuration page, enter the Active Directory settings.

Table 5-21 describes the Active Directory Configuration and Management page settings.

  1. Click Apply to save the settings.

  2. Click the appropriate button to continue. See Table 5-22.

  3. To configure the Role Groups for Active Directory Standard Schema, click on the individual Role Group (1-5). See Table 5-23 and Table 5-24.

NOTE: To save the settings on the Active Directory Configuration page, click Apply before proceeding to the Custom Role Group page.

Table 5-21. Active Directory Configuration Page Settings 

Setting

Description

Enable Active Directory

When checked, enables Active Directory. The default is disabled.

ROOT Domain Name

The Active Directory ROOT domain name. This default is blank.

The name must be a valid domain name consisting of x.y, where x is a 1-254 character ASCII string with no spaces between characters, and y is a valid domain type such as com, edu, gov, int, mil, net, or org. The default is blank.

Timeout

The time, in seconds, to wait for Active Directory queries to complete. Minimum value is equal to or greater than 15 seconds. The default value is 120.

Use Standard Schema

Uses standard schema with Active Directory.

Use Extended Schema

Uses the extended schema with Active Directory.

iDRAC Name

The name that uniquely identifies the iDRAC in Active Directory. This default is blank.

The name must be a 1-254 character ASCII string with no spaces between characters.

iDRAC Domain Name

The DNS name of the domain, where the Active Directory iDRAC object resides. This default is blank.

The name must be a valid domain name consisting of x.y, where x is a 1-254 character ASCII string with no spaces between characters, and y is a valid domain type such as com, edu, gov, int, mil, net, or org.

Role Groups

The list of role groups associated with the iDRAC.

To change the settings for a role group, click their role group number, in the role groups list.

Group Name

The name that identifies the role group in the Active Directory associated with the iDRAC. This default is blank.

Group Domain

The domain type where the Role Group resides.

Table 5-22. Active Directory Configuration Page Buttons

Button

Description

Print

Prints the Active Directory Configuration values that appear on the screen.

Refresh

Reloads the Active Directory Configuration page.

Apply

Saves any new settings made to the Active Directory Configuration page.

Go Back to Active Directory Main Menu

Returns to the Active Directory Main Menu page.

Table 5-23. Role Group Privileges 

Setting

Description

Role Group Privilege Level

Specifies the user's maximum iDRAC user privilege as one of the following: Administrator, Power User, Guest User, None, or Custom.

See Table 5-24 for Role Group permissions.

Login to iDRAC

Allows the group log in access to the iDRAC.

Configure iDRAC

Allows the group permission to configure the iDRAC.

Configure Users

Allows the group permission to configure users.

Clear Logs

Allows the group permission to clear logs.

Execute Server Control Commands

Allows the group permission to execute server control commands.

Access Console Redirection

Allows the group access to Console Redirection.

Access Virtual Media

Allows the group access to Virtual Media.

Test Alerts

Allows the group to send test alerts (e-mail and PET) to a specific user.

Execute Diagnostic Commands

Allows the group permission to execute diagnostic commands.

Table 5-24. Role Group Permissions 

Property

Description

Administrator

Login to iDRAC, Configure iDRAC, Configure Users, Clear Logs, Execute Server Control Commands, Access Console Redirection, Access Virtual Media, Test Alerts, Execute Diagnostic Commands

Power User

Login to iDRAC, Clear Logs, Execute Server Control Commands, Access Console Redirection, Access Virtual Media, Test Alerts

Guest User

Login to iDRAC

Custom

Selects any combination of the following permissions: Login to iDRAC, Configure iDRAC, Configure Users, Clear Logs, Execute Server Action Commands, Access Console Redirection, Access Virtual Media, Test Alerts, Execute Diagnostic Commands

None

No assigned permissions

Uploading an Active Directory CA Certificate

  1. On the Active Directory Main Menu page, select Upload Active Directory CA Certificate and click Next.

  2. On the Certificate Upload page, type the file path of the certificate in the File Path field, or click Browse to navigate to the certificate file.

NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name and file extension.

Ensure that the domain controller's SSL certificates have been signed by the same Certificate Authority and that this Certificate is available on the management station accessing the iDRAC.

  1. Click Apply.

  2. Click the appropriate button to continue. See Table 5-25.

Table 5-25. Certificate Upload Page Buttons

Button

Description

Print

Prints the Certificate Upload values that appear on the screen.

Refresh

Reloads the Certificate Upload page.

Apply

Applies the certificate to the iDRAC firmware.

Go Back to Active Directory Main Menu

Returns to the Active Directory Main Menu page.

Downloading an iDRAC Server Certificate

  1. On the Active Directory Main Menu page, select Download iDRAC Server Certificate and click Next.

  2. Save the file to a directory on your system.

  3. In the Download Complete window, click Close.

Viewing an Active Directory CA Certificate

Use the Active Directory Main Menu page to view a CA server certificate for your iDRAC.

  1. On the Active Directory Main Menu page, select View Active Directory CA Certificate and click Next.

Table 5-26 describes the fields and associated descriptions listed in the Certificate window.

  1. Click the appropriate button to continue. See Table 5-27.

Table 5-26. Active Directory CA Certificate Information

Field

Description

Serial Number

Certificate serial number.

Subject Information

Certificate attributes entered by the subject.

Issuer Information

Certificate attributes returned by the issuer.

Valid From

Certificate issue date.

Valid To

Certificate expiration date.

Table 5-27. View Active Directory CA Certificate Page Buttons

Button

Description

Print

Prints the Active Directory CA Certificate values that appear on the screen.

Refresh

Reloads the Active Directory CA Certificate page.

Go Back to Active Directory Main Menu

Returns the user to the Active Directory Main Menu page.


Enabling or Disabling Local Configuration Access

NOTE: The default setting for local configuration access is Enabled.

Enabling Local Configuration Access

  1. Click System® Remote Access® iDRAC® Network/Security.

  2. Under Local Configuration, click to uncheck Disable iDRAC local USER Configuration Updates to enable access.

  3. Click Apply.

  4. Click the appropriate button to continue.

Disabling Local Configuration Access

  1. Click System® Remote Access® iDRAC® Network/Security.

  2. Under Local Configuration, click to check Disable iDRAC local USER Configuration Updates to disable access.

  3. Click Apply.

  4. Click the appropriate button to continue.


Configuring Serial Over LAN

  1. Click System® Remote Access® iDRAC® Network/Security.

  2. Click Serial Over LAN to open the Serial Over LAN Configuration page.

Table 5-28 provides information about the Serial Over LAN Configuration page settings.

  1. Click Apply.

  2. Configure the advanced settings, if required. Otherwise, click the appropriate button to continue (see Table 5-29).

To configure the advanced settings, perform the following steps:

    1. Click Advanced Settings.

    1. On the Serial Over LAN Configuration Advanced Settings page, configure the advanced settings as required (see Table 5-30).

    2. Click Apply.

    3. Click the appropriate button to continue (see Table 5-31).

Table 5-28. Serial Over LAN Configuration Page Settings

Setting

Description

Enable Serial Over LAN

When checked, the checkbox indicates that Serial Over LAN is enabled.

Baud Rate

Indicates the data speed. Select a data speed of 19.2 kbps, 57.6 kbps, or 115.2 kbps.

Table 5-29. Serial Over LAN Configuration Page Buttons

Button

Description

Print

Prints the Serial Over LAN Configuration values that appear on the screen.

Refresh

Reloads the Serial Over LAN Configuration page.

Advanced Settings

Opens the Serial Over LAN Configuration Advanced Settings page.

Apply

Supplies any new settings that you make while viewing the Serial Over LAN Configuration page.

Table 5-30. Serial Over LAN Configuration Advanced Settings Page Settings

Setting

Description

Character Accumulate Interval

The amount of time that the iDRAC will wait before transmitting a partial SOL character data package. The time is measured in seconds.

Character Send Threshold

The iDRAC will send an SOL character data package containing the characters as soon as this number of characters (or greater) has been accepted. The threshold is measured in characters.

Table 5-31. Serial Over LAN Configuration Advanced Settings Page Buttons

Button

Description

Print

Prints the Serial Over LAN Configuration Advanced Settings values that appear on the screen.

Refresh

Reloads the Serial Over LAN Configuration Advanced Settings page.

Apply

Saves any new settings that you make while viewing the Serial Over LAN Configuration Advanced Settings page.

Go Back To Serial Over LAN Configuration Page

Returns the user to the Serial Over LAN Configuration page.


Configuring iDRAC Services

NOTE: To modify these settings, you must have Configure iDRAC permission.
NOTE: When you apply changes to services, the changes take effect immediately. Existing connections may be terminated without warning.
NOTE: There is a known issue with the Telnet client supplied with Microsoft Windows communicating with a BMU. Use another Telnet client such as HyperTerminal or PuTTY.
  1. Click System® Remote Access® iDRAC, and then click the Network/Security tab.

  2. Click Services to open the Services configuration page.

  3. Configure the following services, as required:

  4. Click Apply.

  5. Click the appropriate button to continue. See Table 5-36.

Table 5-32. Web Server Settings 

Setting

Description

Enabled

Enables or disables the iDRAC web server. When checked, the checkbox indicates that the web server is enabled. The default is enabled.

Max Sessions

The maximum number of simultaneous sessions allowed for this system. This field is not editable. There can be four simultaneous sessions.

Current Sessions

The number of current sessions on the system, less than or equal to the Max Sessions. This field is not editable.

Timeout

The time, in seconds, that a connection is allowed to remain idle. The session is cancelled when the timeout is reached. Changes to the timeout setting take affect immediately and will reset the web server. Timeout range is 60 to 1920 seconds. The default is 300 seconds.

HTTP Port Number

The port on which the iDRAC listens for a browser connection. The default is 80.

HTTPS Port Number

The port on which the iDRAC listens for a secure browser connection. The default is 443.

Table 5-33. SSH Settings 

Setting

Description

Enabled

Enables or disables SSH. When checked, the checkbox indicates that SSH is enabled.

Max Sessions

The maximum number of simultaneous sessions allowed for this system. Only one session is supported.

Active Sessions

The number of current sessions on the system.

Timeout

The secure shell idle timeout, in seconds. Timeout range is 60 to 1920 seconds. Enter 0 seconds to disable the Timeout feature. The default is 300.

Port Number

The port on which the iDRAC listens for an SSH connection. The default is 22.

Table 5-34. Telnet Settings

Setting

Description

Enabled

Enables or disables telnet. When checked, telnet is enabled.

Max Sessions

The maximum number of simultaneous sessions allowed for this system. Only one session is supported.

Active Sessions

The number of current sessions on the system.

Timeout

The telnet idle timeout, in seconds. Timeout range is 60 to 1920 seconds. Enter 0 seconds to disable the Timeout feature. The default is 0.

Port Number

The port on which the iDRAC listens for a telnet connection. The default is 23.

Table 5-35. Automated System Recovery Agent Setting

Setting

Description

Enabled

Enables the Automated System Recovery Agent.

Table 5-36. Services Page Buttons

Button

Description

Print

Prints the Services page.

Refresh

Refreshes the Services page.

Apply Changes

Applies the Services page settings.


Updating the iDRAC Firmware

NOTICE: If the iDRAC firmware becomes corrupted, as could occur if the iDRAC firmware update progress is interrupted before it completes, you can recover the iDRAC using the CMC. See your CMC Firmware User Guide for instructions.
NOTE: The firmware update, by default, retains the current iDRAC settings. During the update process, you have the option to reset the iDRAC configuration to the factory defaults. If you set the configuration to the factory defaults external network access will be disabled when the update completes. You must enable and configure the network using the iDRAC Configuration Utility or the CMC Web interface.
  1. Start the iDRAC Web interface.

  2. Click System® Remote Access® iDRAC, then click the Update tab.

NOTE: To update the firmware, the iDRAC must be placed in an update mode. Once in this mode, the iDRAC will automatically reset, even if you cancel the update process.
  1. On the Firmware Update page, click Next to start the update process.

  2. In the Firmware Update - Upload (page 1 of 4) window, click Browse, or type the path to the firmware image that you downloaded.

For example:

C:\Updates\V1.0\<image_name>.

The default firmware image name is firmimg.imc.

  1. Click Next.

OR

OR

NOTE: If you deselect the Preserve Configuration checkbox, the iDRAC will be reset to its default settings. In the default settings, the LAN is disabled. You will not be able to log in to the iDRAC Web interface. You will have to reconfigure the LAN settings using the CMC Web interface or iKVM using the iDRAC Configuration Utility during BIOS POST.
  1. By default the Preserve Configuration checkbox is checked, to preserve the current settings on the iDRAC after an upgrade. If you do not want the settings to be preserved, deselect the Preserve Configuration checkbox.

  2. Click Begin Update to start the upgrade process. Do not interrupt the upgrade process.

  3. In the Firmware Update - Updating (page 3 of 4) window, you will see the status of the upgrade. The progress of the firmware upgrade operation, measured in percentages, will appear in the Progress column.

  4. Once the firmware update is complete, the Firmware Update - Update Results (page 4 of 4) window will appear and the iDRAC will reset automatically. You must close the current browser window and reconnect to the iDRAC using a new browser window.

Recovering iDRAC Firmware Using the CMC

Typically, the iDRAC firmware is updated using iDRAC facilities such as the iDRAC Web interface, or operating system specific update packages downloaded from support.dell.com.

If the iDRAC firmware becomes corrupted, as could occur if the iDRAC firmware update progress is interrupted before it completes, you can use the CMC Web interface to update its firmware.

If the CMC detects the corrupted iDRAC firmware, the iDRAC is listed on the Updatable Components page in the CMC Web interface.

NOTE: See the CMC Firmware User Guide for instructions for using the CMC Web interface.

To update the iDRAC firmware, perform the following steps:

  1. Download the latest iDRAC firmware to your management computer from support.dell.com.

  2. Log in to the CMC Web-based interface.

  3. Click Chassis in the system tree.

  4. Click the Update tab. The Updatable Components page appears. The server with the recoverable iDRAC is included in the list if it is able to be recovered from the CMC.

  5. Click server-n, where n is the number of the server whose iDRAC you want to recover.

  6. Click Browse, to browse to the iDRAC firmware image you downloaded, and click Open.

  7. Click Begin Firmware Update.

After the firmware image file has been uploaded to the CMC, the iDRAC will update itself with the image.


Back to Contents Page