Lockdown mode in the VMware ESXi operating system protects the system from unintentional or malicious changes. Lockdown mode helps to prevent unintended changes after a system has been initially configured. If you attempt to change any critical system settings, an error message will be displayed. In lockdown mode, operations must be performed through vCenter Server by default. For more information, see //www.dell.com/idracmanuals.
In this video, you will learn how iDRAC Service Module 4.1.0.0 supports VMWare ESXi operating system on the Normal Lockdown mode. To enable normal lockdown mode on VMWare ESXi operating system, log in to the VMware ESXi vSphere using your credentials. Now, click Manage from the Navigator menu. To add a user, from the Security and users tab click Users. Click Add user and enter the Username, Description, and Password fields.
Click Add to complete the process. Now click Host from the Navigator menu. Click Actions from the Host tab and select Permissions from the drop-down list. In the Manage permissions tab, click Add user. Select lockdown and Administrator from the drop-down lists. Click the Add user icon to complete the process. You can now see that the user lockdown is added with administrator privileges.
Now, log out from the current user account. To log in as the lockdown user, enter your credentials in the VMware ESXi vSphere login page. Now, click Manage from the Navigator menu. From the Security and users tab, click Lockdown mode. Click Add user exception and enter the username lockdown to add the user as an exception. After the user is added, click Edit settings and select Normal lockdown and click Change.
Only the user created with exception for the lockdown mode will have the privileges to access the remote console. In the command line interface, log in as the lockdown user. To check the lockdown mode status, type the command: vim [HYPHEN] cmd [SPACE] [HYPHEN] U [SPACE] dcui [SPACE] vimsvc [FORWARD SLASH] auth [FORWARD SLASH] lockdown [UNDER SCORE] is [UNDER SCORE] enabled and press enter.
Now, to check the user permission, type the command: e-s-x-c-l-i [SPACE] system [SPACE] permission [SPACE] list Press enter and notice that the user lockdown as an Admin is granted full access. To install the iDRAC Service Module offline bundle, type the command: e-s-x-c-l-i [SPACE] software [SPACE] v-i-b [SPACE] install [SPACE] [HYPHEN] d [SPACE] [FORWARD SLASH] var [FORWARD SLASH] log [FORWARD SLASH] vmware [FORWARD SLASH] I-S-M [HYPHEN] Dell [HYPHEN] Web [HYPHEN] 4.1.0.0 [HYPHEN] 2-4-1-0 [DOT] V-I-B [DASH] E-S-X-7-i [HYPHEN] Live [DOT] z-i-p Press enter and notice that the operation finished successfully message is displayed.
To get the iSM package details, type the command: e-s-x-c-l-i [SPACE] software [SPACE] v-i-b [SPACE] get [SPACE] [HYPHEN] n [SPACE] d-c-i-s-m Press Enter Now, to check the iSM running status, type the command: [FORWARD SLASH] e-t-c [FORWARD SLASH] i-n-i-t [DOT] d [FORWARD SLASH] d-c-i-s-m [HYPHEN] netmon [HYPHEN] watchdog [SPACE] status Press enter and notice that the i-S-M is active and running. Log in to the iDRAC home page using your credentials. To view the iSM version and verify that the i-S-M is running, go to iDRAC Settings, click Settings from the drop-down list, and then expand the iDRAC Service Module Setup.
To check the lockdown mode status, at the command line interface type the command: v-i-m [HYPHEN] c-m-d [SPACE] [HYPHEN] U [SPACE] d-c-u-i [SPACE] v-i-m-s-v-c [FORWARD SLASH] auth [FORWARD SLASH] lockdown [UNDER SCORE] is [UNDER SCORE] enabled and press enter. Now, to remove the iSM package, type the command: e-s-x-c-l-i [SPACE] software [SPACE] v-i-b [SPACE] remove [SPACE] [HYPHEN] n [SPACE] d-c-i-s-m Press enter and notice that the operation finished successfully message is displayed.
All the features supported by iDRAC Service Module on Normal mode are also supported in the lockdown mode. For more information on iDRAC Service Module, see: dell.com/idracmanuals.