- Notes, cautions, and warnings
- Overview
- Built in iDRAC and PowerEdge Security
- Securely Configuring iDRAC Web Server
- Securely Using TLS/SSL Certificate
- Federal Information Processing Standards (FIPS)
- Secure Shell (SSH)
- Network Security Configuration
- Interfaces and Protocols to Access iDRAC
- iDRAC Port Configuration
- IPMI and SNMP Security Best Practices
- Secure Enterprise Key Manager (SEKM) Security
- iDRAC9 Group Manager
- Virtual Console and Virtual Media Security
- VNC Security
- User Configuration and Access Control
- Configuring Local Users
- Disabling Access to Modify iDRAC Configuration Settings on Host System
- iDRAC User Roles and Privileges
- Superroot User
- Recommended Characters in Usernames and Passwords
- Password Strength Policy
- Secure Default Password
- Changing the Default Login Password using Web Interface
- Force Change of Password (FCP)
- Simple 2-Factor Authentication (Simple 2FA)
- RSA SecurID Two Factor Authentication (2FA) iDRAC9 Datacenter
- Active Directory
- LDAP
- Customizable Security Banner
- System Lockdown Mode
- Securely Configuring BIOS System Security
- Secure Boot Configuration
- Securely Erasing Data
- LCD Panel
- Server Inventory, Lifecycle Log, Server Profiles, and Licenses Import and Export
- Security Events Lifecycle Log
- Default Configuration Values
- Network Vulnerability Scanning
- Security Licensing
- Field Service Debug (FSD)
- Best Practices
- Appendix - White papers
iDRAC9 Security Configuration Guide
Create or Change SEKM Security Keys
When configuring the controller properties, you can create or change the security keys. The controller uses the encryption key to lock or unlock access to SED. You can create only one encryption key for each encryption-capable controller. The security key is managed using the following features:
- Local Key Management (LKM) System - LKM is used to generate the key ID and the password or key that is required to secure the virtual disk. If you are using LKM, you must create the encryption key by providing the Security Key Identifier and the Passphrase.
- Secure Enterprise Key Manager (SEKM) - This feature is used to generate the key using the Key Management Server (KMS). If you are using SEKM, you must configure iDRAC with KMS information and TLS/SSL related configuration.
NOTE:This task is not supported on PERC hardware controllers running in eHBA mode.
If you create the security key in 'Add to Pending Operation' mode and a job is not created, and then if you delete the security key, the create security key pending operation is cleared.
NOTE:For enabling SEKM, ensure that the supported PERC firmware is installed.
- Only TLS 1.2 is supported for SEKM.
- You cannot downgrade the PERC firmware to the previous version if SEKM is enabled. Downgrading of other PERC controller firmware in the same system which is not in SEKM mode may also fail. To downgrade the firmware for the PERC controllers that are not in SEKM mode, you can use OS DUP update method, or disable SEKM on the controllers and then retry the downgrade from iDRAC.
NOTE:When importing a hot plugged locked volume from one server to another, you see CTL entries for Controller attributes being applied in the LC Log.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\