- Notes, cautions, and warnings
- Overview
- Built in iDRAC and PowerEdge Security
- Securely Configuring iDRAC Web Server
- Securely Using TLS/SSL Certificate
- Federal Information Processing Standards (FIPS)
- Secure Shell (SSH)
- Network Security Configuration
- Interfaces and Protocols to Access iDRAC
- iDRAC Port Configuration
- IPMI and SNMP Security Best Practices
- Secure Enterprise Key Manager (SEKM) Security
- iDRAC9 Group Manager
- Virtual Console and Virtual Media Security
- VNC Security
- User Configuration and Access Control
- Configuring Local Users
- Disabling Access to Modify iDRAC Configuration Settings on Host System
- iDRAC User Roles and Privileges
- Superroot User
- Recommended Characters in Usernames and Passwords
- Password Strength Policy
- Secure Default Password
- Changing the Default Login Password using Web Interface
- Force Change of Password (FCP)
- Simple 2-Factor Authentication (Simple 2FA)
- RSA SecurID Two Factor Authentication (2FA) iDRAC9 Datacenter
- Active Directory
- LDAP
- Customizable Security Banner
- System Lockdown Mode
- Securely Configuring BIOS System Security
- Secure Boot Configuration
- Securely Erasing Data
- LCD Panel
- Server Inventory, Lifecycle Log, Server Profiles, and Licenses Import and Export
- Security Events Lifecycle Log
- Default Configuration Values
- Network Vulnerability Scanning
- Security Licensing
- Field Service Debug (FSD)
- Best Practices
- Appendix - White papers
Bienvenue
Bienvenue dans l’univers Dell
Mon compte
- Passer des commandes rapidement et facilement
- Afficher les commandes et suivre l’état de votre expédition
- Profitez de récompenses et de remises réservées aux membres
- Créez et accédez à une liste de vos produits
- Gérer vos sites, vos produits et vos contacts au niveau des produits Dell EMC à l’aide de la rubrique Gestion des informations de l’entreprise.
iDRAC9 Security Configuration Guide
BIOS Recovery and Hardware Root of Trust (RoT)
For PowerEdge server, it is mandatory to recover from corrupted or damaged BIOS image which may have resulted from malicious modification of data, power surges damaging files, or any other unforeseeable events. An alternate reserve of BIOS image would be necessary to recover BIOS in order to bring the PowerEdge server back to functional mode from unbootable mode. This alternative/recovery BIOS is stored in a 2nd serial peripheral interface (SPI) (MUX'ed with primary BIOS SPI).
The recovery sequence can be initiated through any of the following approaches with iDRAC as the main orchestrator of the BIOS recovery task:
- Auto recovery of BIOS primary image / recovery image - BIOS image is recovered automatically during the host boot process after the BIOS corruption is detected by BIOS itself.
- Forced recovery of BIOS Primary/recovery image - User initiates an out-of-band (OOB) request to update BIOS either because they have a new updated BIOS or BIOS fails to boot or crashes.
- Primary BIOS ROM update - The single Primary ROM is split into Data ROM and Code ROM. iDRAC has full access/control over Code ROM. It switches MUX to access Code ROM whenever needed.
- BIOS Hardware Root of Trust (RoT) - During every host boot (only cold boot or A/C cycle, not during warm reboot), iDRAC ensues that RoT is performed. RoT runs automatically and user cannot initiate it using any interfaces. This iDRAC boot first policy verifies host BIOS ROM contents on every AC cycle and host DC cycle. This process ensures secure boot of BIOS and further secures the host boot process.
Veuillez attribuer une note (1 à 5 étoiles).
Veuillez attribuer une note (1 à 5 étoiles).
Veuillez attribuer une note (1 à 5 étoiles).
Veuillez indiquer si l’article a été utile ou non.
Les commentaires ne doivent pas contenir les caractères spéciaux : <>()\