Home > Dell > Server > Dell Drac 5 User Manual

Dell Drac 5 User Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Dell Drac 5 User Manual. The Dell manuals for Server are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 201

    Page 201 Configuring Security Features201 NOTICE: These features severely limit the ability of the local user to configure the DRAC 5 from the local system, including performing a reset to default of the configuration. Dell recommends that you use these features with discretion and should disable only one interface at a time to help avoid losing login privileges altogether. NOTE: See the white paper on Disabling Local Configuration and Remote Virtual KVM in the DRAC on the Dell Support site at... 
    Configuring Security Features201
 NOTICE: These features severely limit the ability of the local user to configure the 
DRAC 5 from the local system, including performing a reset to default of the 
configuration. Dell recommends that you use these features with discretion and 
should disable only one interface at a time to help avoid losing login privileges 
altogether.
 
NOTE: See the white paper on Disabling Local Configuration and Remote Virtual 
KVM in the DRAC on the Dell Support site at...

    Page 202

    Page 202 202Configuring Security Features IP address to another device on the network, the resulting conflict may disable the out-of-band connectivity of the DRAC, requiring administrators to reset the firmware to its default settings through a serial connection. Disabling DRAC 5 Remote Virtual KVM Administrators can selectively disable the DRAC 5 remote KVM, providing a flexible, secure mechanism for a local user to work on the system without someone else viewing the user’s actions through console... 
    202Configuring Security Features
IP address to another device on the network, the resulting conflict may 
disable the out-of-band connectivity of the DRAC, requiring administrators 
to reset the firmware to its default settings through a serial connection.
Disabling DRAC 5 Remote Virtual KVM
Administrators can selectively disable the DRAC 5 remote KVM, providing a 
flexible, secure mechanism for a local user to work on the system without 
someone else viewing the user’s actions through console...

    Page 203

    Page 203 Configuring Security Features203 Securing DRAC 5 Communications Using SSL and Digital Certificates This subsection provides information about the following data security features that are incorporated in your DRAC 5: Secure Sockets Layer (SSL) Certificate Signing Request (CSR) Accessing the SSL Main Menu Generating a New Certificate Signing Request Uploading a Server Certificate Uploading a Server Certificate Secure Sockets Layer (SSL) The DRAC includes a Web server that is configured to use the... 
    Configuring Security Features203
Securing DRAC 5 Communications Using SSL and 
Digital Certificates
This subsection provides information about the following data security 
features that are incorporated in your DRAC 5:
 Secure Sockets Layer (SSL)
 Certificate Signing Request (CSR)
 Accessing the SSL Main Menu
 Generating a New Certificate Signing Request
 Uploading a Server Certificate
 Uploading a Server Certificate
Secure Sockets Layer (SSL)
The DRAC includes a Web server that is configured to use the...

    Page 204

    Page 204 204Configuring Security Features Certificate Signing Request (CSR) A CSR is a digital request to a Certificate Authority (CA) for a secure server certificate. Secure server certificates protect the identity of a remote system and ensure that information exchanged with the remote system cannot be viewed or changed by others. To ensure security for your DRAC, it is strongly recommended that you generate a CSR, submit the CSR to a CA, and upload the certificate returned from the CA. A CA is a business... 
    204Configuring Security Features
Certificate Signing Request (CSR)
A CSR is a digital request to a Certificate Authority (CA) for a secure server 
certificate. Secure server certificates protect the identity of a remote system 
and ensure that information exchanged with the remote system cannot be 
viewed or changed by others. To ensure security for your DRAC, it is strongly 
recommended that you generate a CSR, submit the CSR to a CA, and upload 
the certificate returned from the CA.
A CA is a business...

    Page 205

    Page 205 Configuring Security Features205 Generating a New Certificate Signing Request NOTE: Each new CSR overwrites any previous CSR on the firmware. Before a certificate authority (CA) can accept your CSR, the CSR in the firmware must match the certificate returned from the CA. Otherwise, the DRAC 5 will not upload the certificate. 1In the SSL Main Menu page, select Generate a New Certificate Signing Request (CSR) and click Next. 2In the Generate Certificate Signing Request (CSR) page, type a value for... 
    Configuring Security Features205
Generating a New Certificate Signing Request
 NOTE: Each new CSR overwrites any previous CSR on the firmware. Before a 
certificate authority (CA) can accept your CSR, the CSR in the firmware must match the 
certificate returned from the CA. Otherwise, the DRAC 5 will not upload the certificate. 
1In the SSL Main Menu page, select Generate a New Certificate Signing 
Request (CSR)
 and click Next.
2In the Generate Certificate Signing Request (CSR) page, type a value for...

    Page 206

    Page 206 206Configuring Security Features Table 11-3. Generate Certificate Signing Request (CSR) Page Options Field Description Common NameThe exact name being certified (usually the Web servers domain name, for example, www.xyzcompany.com). Only alphanumeric characters, hyphens, underscores, and periods are valid. Spaces are not valid. Organization NameThe name associated with this organization (for example, XYZ Corporation). Only alphanumeric characters, hyphens, underscores, periods and spaces are valid.... 
    206Configuring Security Features
Table 11-3. Generate Certificate Signing Request (CSR) Page Options
Field Description
Common NameThe exact name being certified (usually the Web servers 
domain name, for example, www.xyzcompany.com). Only 
alphanumeric characters, hyphens, underscores, and periods 
are valid. Spaces are not valid. 
Organization NameThe name associated with this organization (for example, XYZ 
Corporation). Only alphanumeric characters, hyphens, 
underscores, periods and spaces are valid....

    Page 207

    Page 207 Configuring Security Features207 Uploading a Server Certificate 1In the SSL Main Menu page, select Upload Server Certificate and click Next. The Certificate Upload page appears. 2In the File Path field, type the path of the certificate in the Va l u e field or click Browse to navigate to the certificate file. NOTE: The File Path value displays the relative file path of the certificate you are uploading. You must type the absolute file path, which includes the full path and the complete file name... 
    Configuring Security Features207
Uploading a Server Certificate
1In the SSL Main Menu page, select Upload Server Certificate and click Next.
The 
Certificate Upload page appears.
2In the File Path field, type the path of the certificate in the Va l u e field or 
click 
Browse to navigate to the certificate file.
 NOTE: The File Path value displays the relative file path of the certificate you are 
uploading. You must type the absolute file path, which includes the full path and the 
complete file name...

    Page 208

    Page 208 208Configuring Security Features You can change the SSH port with the command: racadm config -g cfgRacTuning -o cfgRacTuneSshPort For more information on cfgSerialSshEnable and cfgRacTuneSshPort properties, see DRAC 5 Property Database Group and Object Definitions. The DRAC 5 SSH implementation supports multiple cryptography schemes, as shown in Table 11-6. NOTE: SSHv1 is not supported. Table 11-6. Cryptography Schemes Scheme Type Scheme Asymmetric Cryptography Diffie-Hellman DSA/DSS 512-1024... 
    208Configuring Security Features
You can change the SSH port with the command:
racadm config -g cfgRacTuning -o cfgRacTuneSshPort 
 
For more information on cfgSerialSshEnable and 
cfgRacTuneSshPort properties, see DRAC 5 Property Database Group 
and Object Definitions.
The DRAC 5 SSH implementation supports multiple cryptography schemes, 
as shown in Table 11-6.
 NOTE: SSHv1 is not supported. Table 11-6. Cryptography Schemes
Scheme Type Scheme
Asymmetric Cryptography Diffie-Hellman DSA/DSS 512-1024...

    Page 209

    Page 209 Configuring Security Features209 Configuring Services NOTE: To modify these settings, you must have Configure DRAC 5 permission. Additionally, the remote RACADM command-line utility can only be enabled if the user is logged in as root. 1Expand the System tree and click Remote Access. 2Click the Configuration tab and then click Services. 3 Configure the following services as required: Local Configuration (Table 11-7) Web server (Table 11-8) SSH (Table 11-9) Telnet (Table 11-10) Remote RACADM... 
    Configuring Security Features209
Configuring Services
 NOTE: To modify these settings, you must have Configure DRAC 5 permission. 
Additionally, the remote RACADM command-line utility can only be enabled if the 
user is logged in as root.
1Expand the System tree and click Remote Access. 
2Click the Configuration tab and then click Services.
3
Configure the following services as required:
 Local Configuration (Table 11-7)
 Web server (Table 11-8)
 SSH (Table 11-9)
 Telnet (Table 11-10)
 Remote RACADM...

    Page 210

    Page 210 210Configuring Security Features Table 11-8. Web Server Settings Setting Description EnabledEnables or disables the Web server. Checked=Enabled; Unchecked=Disabled. Max SessionsThe maximum number of simultaneous sessions allowed for this system. Active SessionsThe number of current sessions on the system, less than or equal to the Max Sessions. TimeoutThe time in seconds that a connection is allowed to remain idle. The session is cancelled when the timeout is reached. Changes to the timeout setting... 
    210Configuring Security Features
Table 11-8. Web Server Settings
Setting Description
EnabledEnables or disables the Web server. Checked=Enabled; 
Unchecked=Disabled.
Max SessionsThe maximum number of simultaneous sessions allowed 
for this system.
Active SessionsThe number of current sessions on the system, less than 
or equal to the Max Sessions. 
TimeoutThe time in seconds that a connection is allowed to 
remain idle. The session is cancelled when the timeout is 
reached. Changes to the timeout setting...
    Start reading Dell Drac 5 User Manual

    Related Manuals for Dell Drac 5 User Manual

    All Dell manuals