Starting iSM 3.5, host administrators have an option to launch iDRAC from within the host OS using IPv6.
iDRAC SSO launcher requires a desktop environment of the host OS.
NOTE Non-administrators cannot access this feature on the host OS.
The single sign-on (SSO) feature enables an authenticated OS administrator to directly access the iDRAC web interface without requiring login of separate iDRAC administrator credentials. On installing this feature, a
Program Menu shortcut that is called
Invoke-iDRACLauncher on Microsoft Windows operating systems is created. On the Linux operating system, iSM creates a shortcut under
Applications, where the user can double-click and launch the iDRAC dashboard. iSM provides a command-line interface that is called
Invoke-iDRACLauncher on Microsoft Windows operating systems and
Invoke-iDRACLauncher.sh on Linux operating systems.
Starting iSM 3.5, user can configure the iDRAC service module using IPv6 address. By default, the communication is established through IPv4. Upon failure, the communication is reattempted through IPv6. An error message is displayed, when the communication fails.
User can update the IPv6 address using
RACADM-passthrough commands and it accepts any valid IPv6 address. The single sign-on feature over IPv6 is valid only when IPv6 is configured within the below range:
fde1:53ba:e9a0:de12::/64
fde1:53ba:e9a0:de13::/64
fde1:53ba:e9a0:de14::/64
fde1:53ba:e9a0:de15::/64
fde1:53ba:e9a0:de16::/64
Users can choose from two types of privileges to log in to iDRAC.
- Read-Only user: An express or basic install of iSM installs
iDRAC SSO launcher, enabling the Administrator to log in to iDRAC as a
Read-Only user. Besides the ability to view component health status, logs, and inventory, few additional
SupportAssist operations that are required by the service personnel are enabled.
- Administrative user: Installing this feature by selecting the
Administrator privilege, enables the Host OS Administrator to log in to iDRAC as an Operator user. The user can perform all the operations as that of an iDRAC root user except configuring or deleting iDRAC users or clearing the Lifecycle Log.
NOTE Host OS users without administration rights cannot initiate iDRAC GUI launcher, if the iDRAC firmware version is 4.00.00.00 or later and the communication between iDRAC and iSM is not through IPv4.
NOTE See the
iDRAC 9 User's Guide for specific privileges that are granted to a
Read-only or
Operator user account.
Disable Single Sign-On into iDRAC from Host OS: The user can also opt to
Disable this feature completely. When iSM is installed by disabling this feature, launching
iDRAC GUI launcher launches the iDRAC login page with the default browser.
NOTE Invoke-iDRACLauncher is independent of the iSM service and can be invoked even if iSM service is stopped.
NOTE When browsers are not installed on the Host OS or
Invoke-iDRACLauncher is not able to launch iDRAC due to browser issue, a session is created in iDRAC already. An iDRAC admin user can log in to iDRAC and delete the sessions.
Following are the iDRAC GUI Launcher behavior with different
OS-to-iDRAC Passthrustates:
NOTE When an iDRAC SSO session is active on the Host OS, closing the related terminal closes the browser with SSO session as well.
NOTE Ensure to invoke
iDRAC GUI Launcher from a GUI supported and capable interface.
NOTE Single sign-on feature over IPv4 does not work when the user modifies the third octet in the USB-NIC IP Address.
NOTE This feature using IPv6 requires iDRAC9 firmware 4.00.00.00 or later.