Host administrators can launch iDRAC from within the host operating system using IPv6. iDRAC SSO launcher requires a desktop environment like GNOME or K Desktop Environment(KDE) on the host operating system.
.
NOTE Nonadministrators cannot access this feature on the host operating system.
The single sign-on (SSO) feature enables an authenticated operating system administrator to directly access the iDRAC web interface without requiring log in using separate iDRAC administrator credentials. After installing this feature, a
Program Menu shortcut called
Invoke-iDRACLauncher on Microsoft Windows operating systems is created. On the Linux operating system, iSM creates a shortcut under
Applications which you can double-click to launch the iDRAC dashboard. iSM provides a command-line interface that is called
Invoke-iDRACLauncher on Microsoft Windows operating systems and
Invoke-iDRACLauncher.sh on Linux operating systems.
You can configure the iDRAC Service Module using the IPv6 address. By default, communication is established through IPv4. Upon failure, the communication is reattempted over IPv6. An error message is audited when the communication fails.
You can update the IPv6 address using
RACADM-passthru commands. The SSO feature over IPv6 is valid only when IPv6 is configured with a valid Unique Local Address (ULA). For example:
fde1:53ba:e9a0:de12::/64
fde1:53ba:e9a0:de13::/64
fde1:53ba:e9a0:de14::/64
fde1:53ba:e9a0:de15::/64
fde1:53ba:e9a0:de16::/64
You can choose from two types of privileges to log in to iDRAC.
- Read-Only account: An express or basic install of iSM installs
iDRAC SSO launcher, enabling the administrator to log in to iDRAC as a
Read-Only account. In addition to the ability to view component health status, logs, and inventory, a few more
SupportAssist operations that are required by the service personnel are enabled.
- Administrative account: Installing this feature by selecting the
Administrator privilege enables the host operating system administrator to log in to iDRAC as an operator user. Using this account, you can perform all the operations that an iDRAC root user can perform, except configuring or deleting iDRAC users or clearing the Lifecycle Log.
NOTE Host operating system accounts without administration rights cannot initiate the iDRAC GUI Launcher if the iDRAC firmware version is 4.00.00.00 or later and the communication between iDRAC and iSM is not through IPv4.
NOTE See
iDRAC 9 User's Guide for specific privileges that are granted to a
Read-only or
Operator accounts.
Disable SSO to iDRAC from host operating system: You can also opt to
Disable this feature completely. When iSM is installed by disabling this feature, launching the
iDRAC GUI launcher launches the iDRAC log in page with the default browser.
Invoke-iDRACLauncher is independent of the iSM service and can be invoked even if iSM service is stopped.
When browsers are not installed on the host operating system or
Invoke-iDRACLauncher is not able to launch iDRAC due to a browser issue, a session is still created in iDRAC. Using an iDRAC administrator account, you can login to iDRAC and delete the sessions.
The iDRAC GUI Launcher behaves differently depending on the state of the
OS to iDRAC Pass-through setting.
When an iDRAC SSO session is active on the host operating system, closing the related terminal closes the browser with SSO session as well.
NOTE Ensure that you invoke the
iDRAC GUI Launcher from a UI-supported and UI-capable interface. SSO over IPv4 does not work when you modify the third octet in the USB-NIC IP address. Using this feature with IPv6 requires iDRAC9 firmware 4.00.00.00 or later.