Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Dell OpenManage Integration with Microsoft Windows Admin Center Version 3.0 User’s Guide

Protect your infrastructure with infrastructure lock

Prerequisites:
  • Infrastructure lock is supported on:
    • Dell Integrated system for Microsoft Azure Stack HCI, Dell HCI Solutions for Microsoft Windows Server, PowerEdge Servers running supported Microsoft OS, and Failover clusters.
    • YX4X PowerEdge servers or above with firmware version above 4.40.
  • Enabling infrastructure lock requires an Enterprise License or Datacenter license at a minimum.
  • Users with Azure admin or local Windows Admin Center admin role privileges can enable or disable the infrastructure lock.

About infrastructure lock

Infrastructure lock (also known as iDRAC lockdown mode or system lockdown mode) helps in preventing unintended changes after a system is provisioned. Infrastructure lock is applicable to both hardware configuration and firmware updates. When the infrastructure is locked, any attempt to change the system configuration is blocked. If any attempts are made to change the critical system settings, an error message is displayed. Enabling infrastructure lock also blocks the server or cluster hardware updates using OpenManage Integration extension.

In the OpenManage extension dashboard, the icon left to the server or cluster title name indicates the infrastructure lock or unlock status. The following are the possible status:
  • : All nodes of the cluster are locked.
  • : All nodes of the cluster are unlocked.
  • : One or more nodes of the cluster are unlocked, so the infrastructure is partially locked. This is not a recommended infrastructure security state. Dell recommends either locking or unlocking your infrastructure completely. This state is not applicable for server.
  • : Unknown - Unable to connect to the cluster.
The following table lists the functional and nonfunctional features that are affected when the infrastructure lock is enabled:
Impacted featuresRemains functional
  • Full stack update on clusters
  • Individual server update and Cluster-Aware Updating on clusters
  • Managing CPU cores on servers and clusters
  • Integrated deploy and update clusters
  • Preparing nodes for cluster expansion
  • Secured core
  • HCP Compliance
  • Cluster Recommendation
  • Retrieving Health, inventory, and iDRAC details
  • Blinking and unblinking server LEDs.
  • Stand-alone prerequisite checks
  • Azure Integration
  • Expand storage

Enable or disable infrastructure lock

To enable or disable the Infrastructure lock in Dell OpenManage Integration extension, go to the Action tab, under SECURITY, select Infrastructure Lock. The Infrastructure Lock page appears. Click Enable or Disable. The Infrastructure Lock page can also be accessed from View > Security page.

To perform server or cluster management operations such as server update, CAU, full stack update, Manage CPU cores, and so on, the infrastructure lock needs to be disabled. If the lock is already enabled, the extension displays an error during the management operation and gives an option in the same window to disable the lock and proceed next. To allow the extension automatically locks the infrastructure after the operation is complete, select Allow OMIMSWAC to re-enable the infrastructure lock after the operation is complete. Automatic reenabling of the infrastructure lock is available on PowerEdge servers with iDRAC firmware version 4.40.00.00 and above.

In case of scheduled reboot, if the infrastructure lock is enabled during cluster reboot, the reboot operation fails. Ensure that the infrastructure lock is disabled before the schedule reboot begins for a successful update.

To disable the infrastructure lock during server or cluster management operation on PowerEdge servers with iDRAC version lower than 4.40.00.00, go to the Action tab, under SECURITY, select Infrastructure Lock, and then click Disable.

NOTE: OpenManage Integration extension does not allow enabling or disabling the infrastructure lock for servers that are part of a cluster to maintain cluster homogeneity.

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\