Dell Drac 5 User Guide
Here you can view all the pages of manual Dell Drac 5 User Guide. The Dell manuals for System are available online for free. You can easily download all the documents as PDF.
Page 211
Configuring Security Features211 12 Configuring Security Features The DRAC 5 provides the following security features: • Advanced Security options for the DRAC administrator: • The Console Redirection disable option allows the local system user to disable console redirection using the DRAC 5 Console Redirection feature. • The local configuration disable features allows the remote DRAC administrator to selectively disable the ability to configure the DRAC 5 from: – BIOS POST option-ROM – operating...
Page 212
212Configuring Security Features Security Options for the DRAC Administrator Disabling the DRAC 5 Local Configuration Administrators can disable local configuration through the DRAC 5 graphical user interface (GUI) by selecting Remote Access Configuration Services. When the Disable the DRAC local Configuration using option ROM check box is selected, the Remote Access Configuration Utility— accessed by pressing Ctrl+E during system boot—operates in read-only mode, preventing local users from...
Page 213
Configuring Security Features213 Disabling Local Configuration From Local racadm This feature disables the ability of the managed system’s user to configure the DRAC 5 using the local racadm or the Dell OpenManage Server Administrator utilities. racadm config -g cfgRacTune -o cfgRacTuneLocalConfigDisable 1 CAUTION: These features severely limit the ability of the local user to configure the DRAC 5 from the local system, including performing a reset to default of the configuration. Dell recommends...
Page 214
214Configuring Security Features at a time to help avoid losing login privileges altogether. For example, if administrators have disabled all local DRAC 5 users and allow only Microsoft Active Directory directory service users to log in to the DRAC 5, and the Active Directory authentication infrastructure subsequently fails, the administrators may be unable to log in. Similarly, if administrators have disabled all local configuration and place a DRAC 5 with a static IP address on a network that...
Page 215
Configuring Security Features215 Several situations might call for disabling DRAC 5 remote vKVM. For example, administrators may not want a remote DRAC 5 user to view the BIOS settings that they configure on a system, in which case they can disable remote vKVM during the system POST by using the LocalConRedirDisable command. They may also want to increase security by automatically disabling remote vKVM every time an administrator logs in to the system, which they can do by executing the...
Page 216
216Configuring Security Features An SSL-enabled system: • Authenticates itself to an SSL-enabled client • Allows the client to authenticate itself to the server • Allows both systems to establish an encrypted connection This encryption process provides a high level of data protection. The DRAC employs the 128-bit SSL encryption standard, the most secure form of encryption generally available for Internet browsers in North America. The DRAC Web server includes a Dell self-signed SSL digital certificate...
Page 217
Configuring Security Features217 Use the SSL Main Menu page options (see Table 12-1) to generate a CSR to send to a CA. The CSR information is stored on the DRAC 5 firmware. Table 12-2 describes the buttons available on the SSL Main Menu page. Table 12-1. SSL Main Menu Options Field Description Generate a New Certificate Signing Request (CSR)Click Next to open the Certificate Signing Request Generation page that enables you to generate a CSR to send to a CA to request a secure Web certificate....
Page 218
218Configuring Security Features Generating a New Certificate Signing Request NOTE: Each new CSR overwrites any previous CSR on the firmware. Before a certificate authority (CA) can accept your CSR, the CSR in the firmware must match the certificate returned from the CA. Otherwise, the DRAC 5 will not upload the certificate. 1In the SSL Main Menu page, select Generate a New Certificate Signing Request (CSR) and click Next. 2In the Generate Certificate Signing Request (CSR) page, type a value for...
Page 219
Configuring Security Features219 Uploading a Server Certificate 1In the SSL Main Menu page, select Upload Server Certificate and click Next. The Certificate Upload page appears. 2In the File Path field, type the path of the certificate in the Va l u e field or click Browse to navigate to the certificate file. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name...
Page 220
220Configuring Security Features Viewing a Server Certificate 1In the SSL Main Menu page, select View Server Certificate and click Next. Table 12-5 describes the fields and associated descriptions listed in the Certificate window. 2Click the appropriate View Server Certificate page button to continue. Using the Secure Shell (SSH) Only four SSH sessions are supported at any given time. The session time-out is controlled by the cfgSsnMgtSshIdleTimeout property as described in the DRAC 5 Property...