- Notes, cautions, and warnings
- Overview
- Built in iDRAC and PowerEdge Security
- Securely Configuring iDRAC Web Server
- Securely Using TLS/SSL Certificate
- Federal Information Processing Standards (FIPS)
- Secure Shell (SSH)
- Network Security Configuration
- Interfaces and Protocols to Access iDRAC
- iDRAC Port Configuration
- IPMI and SNMP Security Best Practices
- Secure Enterprise Key Manager (SEKM) Security
- iDRAC9 Group Manager
- Virtual Console and Virtual Media Security
- VNC Security
- User Configuration and Access Control
- Configuring Local Users
- Disabling Access to Modify iDRAC Configuration Settings on Host System
- iDRAC User Roles and Privileges
- Superroot User
- Recommended Characters in Usernames and Passwords
- Password Strength Policy
- Secure Default Password
- Changing the Default Login Password using Web Interface
- Force Change of Password (FCP)
- Simple 2-Factor Authentication (Simple 2FA)
- RSA SecurID Two Factor Authentication (2FA) iDRAC9 Datacenter
- Active Directory
- LDAP
- Customizable Security Banner
- System Lockdown Mode
- Securely Configuring BIOS System Security
- Secure Boot Configuration
- Securely Erasing Data
- LCD Panel
- Server Inventory, Lifecycle Log, Server Profiles, and Licenses Import and Export
- Security Events Lifecycle Log
- Default Configuration Values
- Network Vulnerability Scanning
- Security Licensing
- Field Service Debug (FSD)
- Best Practices
- Appendix - White papers
iDRAC9 Security Configuration Guide
OS to iDRAC Pass-through
In servers that have Network Daughter Card (NDC) or embedded LAN On Motherboard (LOM) devices, you can enable the OS to iDRAC Pass-through feature. This feature provides a high-speed bi-directional in-band communication between iDRAC and the host operating system through a shared LOM, a dedicated NIC, or through the USB NIC. The OS-BMC lom-p2p (i.e., "LOM-PT") interface uses the OS-to-BMC passthrough capability of the Shared NDC or LOM hardware. This feature only must be enabled if the iDRAC is in Shared LOM mode and the external switch does not support "hairpin" mode. When the iDRAC has LOM-PT enabled, traffic between the server and iDRAC is not sent externally to the network.
The OS-BMC usb-p2p (i.e. "USB-NIC") interface uses hardware on the server motherboard to enable point-to-point connectivity between the server and the iDRAC. This interface can be used to isolate host-to iDRAC traffic from external networks. If server to iDRAC connectivity is needed, USB-NIC is a preferred secure method because it can be used in combination with iDRAC’s dedicated NIC. However, as a security best practice, unused interfaces should be disabled if they are not needed. Disable USB-NIC if host-to-iDRAC communication is not needed and iDRAC Service Module (iSM) software is not installed on the server.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\