iDRAC10 Security Configuration Guide

PDF

Interfaces and Protocols to Access iDRAC

Table 1. Interfaces and protocols to access iDRACThe following table lists the interfaces to access iDRAC:
Interface or Protocol	Description
iDRAC Settings Utility (F2)	Use the iDRAC Settings utility to perform pre-OS operations. It has a subset of the features that are available in the iDRAC web interface along with other features. To access the iDRAC Settings utility, press <F2> during boot and then click iDRAC Settings on the System Setup Main Menu page.
Lifecycle Controller (F10)	Use Lifecycle Controller to perform iDRAC configurations. To access Lifecycle Controller, press <F10> during boot and go to System Setup > Advanced Hardware Configuration > iDRAC Settings. For more information, see the Lifecycle Controller User’s Guide..
iDRAC Web Interface	Use the iDRAC web interface to manage iDRAC and monitor the managed system. The browser connects to the web server through the HTTPS port. Data streams are encrypted using 128-bit/168-bit/256-bit TLS/SSL to provide privacy and integrity. Any connection to the HTTP port is redirected to HTTPS if the https redirect feature is enabled. Administrators can upload their own webserver certificate.
RACADM	Use this command-line utility to perform iDRAC and server management. You can use RACADM locally and remotely. The local RACADM command-line interface runs on the managed systems that have Server Administrator installed. Local RACADM communicates with iDRAC through its in-band IPMI host interface. Since it is installed on the local managed system, users are required to log in to the operating system to run this utility. A user must have a full administrator privilege or be a root user to use this utility. Remote RACADM is a client utility that runs on a management station. It uses the out-of-band network interface to run RACADM commands on the managed system and uses the HTTPs channel. The –r option runs the RACADM command over a network. Firmware RACADM is accessible by logging in to iDRAC using SSH. You can run the firmware RACADM commands without specifying the iDRAC IP, username, or password. You do not have to specify the iDRAC IP, username, or password to run the firmware RACADM commands. After you enter the RACADM prompt, you can directly run the commands without the RACADM prefix.
iDRAC RESTful API and Redfish	The Redfish Scalable Platforms Management API is a standard that is defined by the Distributed Management Task Force (DMTF). Redfish is a next-generation systems management interface standard, which enables scalable, secure, and open server management. It is a new interface that uses RESTful interface semantics to access data that is defined in model format to perform out-of-band systems management. It is suitable for a wide range of servers ranging from stand-alone servers to rackmount and bladed environments and for large-scale cloud environments. Redfish provides the following benefits over existing server management methods: Increased simplicity and usability High data security Programmable interface that can be easily scripted. Follows widely used standards. For more information, see the iDRAC Redfish API Guide available on the iDRAC page.
Virtual Console and Virtual Media	Virtual Console provides a mechanism for iDRAC user to remotely view the host’s console and perform operations such as power cycle, change boot order, attach virtual media, and so on.
SSH	Use SSH to run RACADM commands. It provides the same capabilities as the Telnet console using an encrypted transport layer for higher security. The SSH service is enabled by default on iDRAC. The SSH service can be disabled in iDRAC. iDRAC only supports SSH version 2 with the RSA host key algorithm. A unique 1024-bit RSA host key is generated when you power-up iDRAC for the first time.
IPMITool	Use the IPMITool to access the remote system’s basic management features through iDRAC. The interface includes local IPMI, IPMI over LAN, IPMI over Serial, and Serial over LAN. For more information about IPMITool, see the Dell OpenManage Baseboard Management Controller User's Guide available on the Baseboard Management Controller page. NOTE:IPMI version 1.5 is not supported.
NTLM	iDRAC10 allows NTLM to provide authentication, integrity, and confidentiality to the users. NT LAN Manager (NTLM) is a suite of Microsoft security protocols, and it works in a Windows network.
SMB	iDRAC10 supports the Server Message Block (SMB) Protocol. This is a network file sharing protocol and the default minimum SMB version supported is 2.0.
NFS	iDRAC10 supports Network File System (NFS). This is a distributed file system protocol that enables users to mount remote directories on the servers.
SNMP	iDRAC10 supports Simple Network Management Protocol (SNMP) v2 and v3 for GETs and TRAPs.