Home > Dell > System > Dell Drac 5 User Guide

Dell Drac 5 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Dell Drac 5 User Guide. The Dell manuals for System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 211

    Page 211 Configuring Security Features211 12 Configuring Security Features The DRAC 5 provides the following security features: • Advanced Security options for the DRAC administrator: • The Console Redirection disable option allows the local system user to disable console redirection using the DRAC 5 Console Redirection feature. • The local configuration disable features allows the remote DRAC administrator to selectively disable the ability to configure the DRAC 5 from: – BIOS POST option-ROM – operating... 
    Configuring Security Features211
12
Configuring Security Features
The DRAC 5 provides the following security features:
• Advanced Security options for the DRAC administrator:
• The Console Redirection disable option allows the 
local system user 
to disable console redirection using the DRAC 5 Console 
Redirection feature. 
• The local configuration disable features allows the 
remote DRAC 
administrator to selectively disable the ability to configure the 
DRAC 5 from:
– BIOS POST option-ROM
– operating...

    Page 212

    Page 212 212Configuring Security Features Security Options for the DRAC Administrator Disabling the DRAC 5 Local Configuration Administrators can disable local configuration through the DRAC 5 graphical user interface (GUI) by selecting Remote Access Configuration Services. When the Disable the DRAC local Configuration using option ROM check box is selected, the Remote Access Configuration Utility— accessed by pressing Ctrl+E during system boot—operates in read-only mode, preventing local users from... 
    212Configuring Security Features
Security Options for the DRAC Administrator
Disabling the DRAC 5 Local Configuration
Administrators can disable local configuration through the DRAC 5 graphical 
user interface (GUI) by selecting Remote Access Configuration 
Services. When the Disable the DRAC local Configuration using option 
ROM check box is selected, the Remote Access Configuration Utility—
accessed by pressing Ctrl+E during system boot—operates in read-only 
mode, preventing local users from...

    Page 213

    Page 213 Configuring Security Features213 Disabling Local Configuration From Local racadm This feature disables the ability of the managed system’s user to configure the DRAC 5 using the local racadm or the Dell OpenManage Server Administrator utilities. racadm config -g cfgRacTune -o cfgRacTuneLocalConfigDisable 1 CAUTION: These features severely limit the ability of the local user to configure the DRAC 5 from the local system, including performing a reset to default of the configuration. Dell recommends... 
    Configuring Security Features213
Disabling Local Configuration From Local racadm
This feature disables the ability of the managed system’s user to configure the 
DRAC 5 using the local racadm or the Dell OpenManage Server 
Administrator utilities.
racadm config -g cfgRacTune -o 
cfgRacTuneLocalConfigDisable 1
 CAUTION: These features severely limit the ability of the local user to configure 
the DRAC 5 from the local system, including performing a reset to default of the 
configuration. Dell recommends...

    Page 214

    Page 214 214Configuring Security Features at a time to help avoid losing login privileges altogether. For example, if administrators have disabled all local DRAC 5 users and allow only Microsoft Active Directory directory service users to log in to the DRAC 5, and the Active Directory authentication infrastructure subsequently fails, the administrators may be unable to log in. Similarly, if administrators have disabled all local configuration and place a DRAC 5 with a static IP address on a network that... 
    214Configuring Security Features
at a time to help avoid losing login privileges altogether. For example, 
if administrators have disabled all local DRAC 5 users and allow only 
Microsoft Active Directory directory service users to log in to the DRAC 5, 
and the Active Directory authentication infrastructure subsequently fails, 
the administrators may be unable to log in. Similarly, if administrators have 
disabled all local configuration and place a DRAC 5 with a static IP address 
on a network that...

    Page 215

    Page 215 Configuring Security Features215 Several situations might call for disabling DRAC 5 remote vKVM. For example, administrators may not want a remote DRAC 5 user to view the BIOS settings that they configure on a system, in which case they can disable remote vKVM during the system POST by using the LocalConRedirDisable command. They may also want to increase security by automatically disabling remote vKVM every time an administrator logs in to the system, which they can do by executing the... 
    Configuring Security Features215
Several situations might call for disabling DRAC 5 remote vKVM. For 
example, administrators may not want a remote DRAC 5 user to view the 
BIOS settings that they configure on a system, in which case they can disable 
remote vKVM during the system POST by using the 
LocalConRedirDisable command. They may also want to increase 
security by automatically disabling remote vKVM every time an administrator 
logs in to the system, which they can do by executing the...

    Page 216

    Page 216 216Configuring Security Features An SSL-enabled system: • Authenticates itself to an SSL-enabled client • Allows the client to authenticate itself to the server • Allows both systems to establish an encrypted connection This encryption process provides a high level of data protection. The DRAC employs the 128-bit SSL encryption standard, the most secure form of encryption generally available for Internet browsers in North America. The DRAC Web server includes a Dell self-signed SSL digital certificate... 
    216Configuring Security Features
An SSL-enabled system:
• Authenticates itself to an SSL-enabled client
• Allows the client to authenticate itself to the server
• Allows both systems to establish an encrypted connection
This encryption process provides a high level of data protection. The DRAC 
employs the 128-bit SSL encryption standard, the most secure form of 
encryption generally available for Internet browsers in North America.
The DRAC Web server includes a Dell self-signed SSL digital certificate...

    Page 217

    Page 217 Configuring Security Features217 Use the SSL Main Menu page options (see Table 12-1) to generate a CSR to send to a CA. The CSR information is stored on the DRAC 5 firmware. Table 12-2 describes the buttons available on the SSL Main Menu page. Table 12-1. SSL Main Menu Options Field Description Generate a New Certificate Signing Request (CSR)Click Next to open the Certificate Signing Request Generation page that enables you to generate a CSR to send to a CA to request a secure Web certificate.... 
    Configuring Security Features217
Use the SSL Main Menu page options (see Table 12-1) to generate a CSR to 
send to a CA. The CSR information is stored on the DRAC 5 firmware. 
Table 12-2 describes the buttons available on the SSL Main Menu page.
Table 12-1. SSL Main Menu Options
Field Description
Generate a New 
Certificate Signing 
Request (CSR)Click Next to open the Certificate Signing Request 
Generation page that enables you to generate a CSR to send to 
a CA to request a secure Web certificate....

    Page 218

    Page 218 218Configuring Security Features Generating a New Certificate Signing Request NOTE: Each new CSR overwrites any previous CSR on the firmware. Before a certificate authority (CA) can accept your CSR, the CSR in the firmware must match the certificate returned from the CA. Otherwise, the DRAC 5 will not upload the certificate. 1In the SSL Main Menu page, select Generate a New Certificate Signing Request (CSR) and click Next. 2In the Generate Certificate Signing Request (CSR) page, type a value for... 
    218Configuring Security Features
Generating a New Certificate Signing Request
 NOTE: Each new CSR overwrites any previous CSR on the firmware. Before a 
certificate authority (CA) can accept your CSR, the CSR in the firmware must match the 
certificate returned from the CA. Otherwise, the DRAC 5 will not upload the certificate. 
1In the SSL Main Menu page, select Generate a New Certificate Signing 
Request (CSR)
 and click Next.
2In the Generate Certificate Signing Request (CSR) page, type a value for...

    Page 219

    Page 219 Configuring Security Features219 Uploading a Server Certificate 1In the SSL Main Menu page, select Upload Server Certificate and click Next. The Certificate Upload page appears. 2In the File Path field, type the path of the certificate in the Va l u e field or click Browse to navigate to the certificate file. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name... 
    Configuring Security Features219
Uploading a Server Certificate
1In the SSL Main Menu page, select Upload Server Certificate and click Next.
The 
Certificate Upload page appears.
2In the File Path field, type the path of the certificate in the Va l u e field or 
click 
Browse to navigate to the certificate file.
 NOTE: The File Path value displays the relative file path of the certificate you are 
uploading. You must type the absolute file path, which includes the full path and the 
complete file name...

    Page 220

    Page 220 220Configuring Security Features Viewing a Server Certificate 1In the SSL Main Menu page, select View Server Certificate and click Next. Table 12-5 describes the fields and associated descriptions listed in the Certificate window. 2Click the appropriate View Server Certificate page button to continue. Using the Secure Shell (SSH) Only four SSH sessions are supported at any given time. The session time-out is controlled by the cfgSsnMgtSshIdleTimeout property as described in the DRAC 5 Property... 
    220Configuring Security Features
Viewing a Server Certificate
1In the SSL Main Menu page, select View Server Certificate and click Next.
Table 12-5 describes the fields and associated descriptions listed in the 
Certificate window.
2Click the appropriate View Server Certificate page button to continue.
Using the Secure Shell (SSH)
Only four SSH sessions are supported at any given time. The session time-out 
is controlled by the cfgSsnMgtSshIdleTimeout property as described in 
the DRAC 5 Property...
    Start reading Dell Drac 5 User Guide

    Related Manuals for Dell Drac 5 User Guide

    All Dell manuals